Cross Reference: /illumos-gate/usr/src/pkgdefs/SUNWcnetr/postinstall

	postinstall revision 6ba597c56d749c61b4f783157f63196d7b2445f0
1051N/A#
1051N/A# CDDL HEADER START
1051N/A#
1051N/A# The contents of this file are subject to the terms of the
1051N/A# Common Development and Distribution License (the "License").
1051N/A# You may not use this file except in compliance with the License.
1051N/A#
1051N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1051N/A# or http://www.opensolaris.org/os/licensing.
1051N/A# See the License for the specific language governing permissions
1051N/A# and limitations under the License.
1051N/A#
1051N/A# When distributing Covered Code, include this CDDL HEADER in each
1051N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1051N/A# If applicable, add the following below this CDDL HEADER, with the
1051N/A# fields enclosed by brackets "[]" replaced with your own identifying
1051N/A# information: Portions Copyright [yyyy] [name of copyright owner]
1051N/A#
1051N/A# CDDL HEADER END
1051N/A#
1051N/A# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
1051N/A# Use is subject to license terms.
1051N/A#
1051N/A
1051N/A#
1051N/A# Convert datalink configuration into a series of dladm(1M) commands and
1051N/A# keep them in an upgrade script. This script will then be run in the
1051N/A# network-physical service.
1051N/A#
1051N/A# Note that we cannot use the /var/svc/profile/upgrade script because
1051N/A# that script is run during manifest-import which is too late for
1051N/A# datalink configuration.
1051N/A#
1051N/AUPGRADE_SCRIPT=/var/svc/profile/upgrade_datalink
1051N/A
1051N/AAGGR_CONF=/etc/aggregation.conf
1051N/AORIG=$BASEDIR/$AGGR_CONF
1051N/Aif [ ! -f "${ORIG}" ]; then
2976N/A	# Try the alternate location.
2976N/A	AGGR_CONF=/etc/dladm/aggregation.conf
2976N/A	ORIG=$BASEDIR/$AGGR_CONF
1051N/Afi
1051N/A
2976N/A# Now upgrade aggregation.conf to the new format.
2976N/Aif [ -f "${ORIG}" ]; then
2976N/A	# Strip off comments, then each remaining line defines an
2976N/A	# aggregation the admnistrator configured on the old system.
2976N/A	# Each line corresponds to one dladm command that is appended
2976N/A	# to the upgrade script.
2650N/A	cat $ORIG | grep '^[^#]' | while read line; do
2976N/A		echo $line | while read aggr_index rest
2650N/A		do
2650N/A			policy=`echo $rest | /usr/bin/awk '{print $1}'`
2976N/A			nports=`echo $rest | /usr/bin/awk '{print $2}'`
2976N/A			ports=`echo $rest | /usr/bin/awk '{print $3}'`
2976N/A			mac=`echo $rest | /usr/bin/awk '{print $4}'`
2976N/A			lacp_mode=`echo $rest | /usr/bin/awk '{print $5}'`
2976N/A			lacp_timer=`echo $rest | /usr/bin/awk '{print $6}'`
2976N/A			dladm_string="dladm create-aggr -P $policy -l \
2976N/A			    $lacp_mode -T $lacp_timer"
2976N/A			# A fixed MAC address
2976N/A			if [ "${mac}" != "auto" ]; then
1051N/A				dladm_string="$dladm_string -u $mac"
1051N/A			fi
1105N/A			i=1
1105N/A			while [ $i -le "${nports}" ]; do
1105N/A				device=`echo $ports | cut -d, -f$i`
1105N/A				# Older aggregation.conf files have the format
1105N/A				# of device_name/port_number.  We don't need
1051N/A				# the port number, so get rid of it if it is
1051N/A				# there.
1051N/A				device=`echo $device | cut -d/ -f1`
1051N/A				i=`expr $i + 1`
1051N/A				dladm_string="$dladm_string -d $device"
1051N/A			done
2976N/A			dladm_string="$dladm_string $aggr_index"
2976N/A			echo $dladm_string >> \
2976N/A			    ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT
2976N/A		done
2976N/A	done
2976N/A	# no longer needed, get rid of it.
1051N/A	rm -f $ORIG
2976N/A	removef $PKGINST $AGGR_CONF > /dev/null
1051N/A	removef -f $PKGINST > /dev/null 2>&1
1051N/Afi
1247N/A
1105N/A# Upgrade linkprop.conf
1247N/AORIG=$BASEDIR/etc/dladm/linkprop.conf
1105N/A
1114N/Aif [ -f "${ORIG}" ]; then
1345N/A	# Strip off comments, then each remaining line lists properties
1345N/A	# the administrator configured for a particular interface.
1345N/A	# Each line includes several properties, but we can only set
1345N/A	# one property per dladm invocation.
1345N/A	cat $ORIG | grep '^[^#]' | while read line; do
1345N/A		echo $line | while read link rest
1345N/A		do
1345N/A			while [ -n "${rest}" ]; do
1345N/A				linkprop=`echo $rest | cut -d";" -f1`
1345N/A				rest=`echo $rest | cut -d";" -f2-`
2324N/A				echo dladm set-linkprop -p $linkprop $link >> \
2324N/A				    ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT
2324N/A			done
2324N/A		done
2324N/A	done
2324N/A	# no longer needed, get rid of it
2324N/A	rm -f $ORIG
2976N/A	removef $PKGINST /etc/dladm/linkprop.conf > /dev/null
1777N/A	removef -f $PKGINST > /dev/null 2>&1
2324N/Afi
1345N/A
1265N/A# Convert (hostname|hostname6|dhcp).xxx and zonecfg vlan entries
1345N/A
1345N/Afor iftype in hostname hostname6 dhcp
1345N/Ado
1345N/A	interface_names="`echo $rootprefix/etc/$iftype.*[0-9] 2>/dev/null`"
1265N/A	if [ "$interface_names" != "$rootprefix/etc/$iftype.*[0-9]" ]; then
1345N/A		ORIGIFS="$IFS"
1265N/A		IFS="$IFS."
1345N/A		set -- $interface_names
2976N/A		IFS="$ORIGIFS"
2324N/A		while [ $# -ge 2 ]; do
2324N/A			shift
2324N/A			if [ $# -gt 1 -a \
2324N/A			    "$2" != "$rootprefix/etc/$iftype" ]; then
2324N/A				while [ $# -gt 1 -a \
2324N/A				    "$1" != "$rootprefix/etc/$iftype" ]; do
2324N/A					shift
2324N/A				done
2324N/A			else
2324N/A				host_ifs="$host_ifs $1"
2324N/A				shift
2324N/A			fi
2324N/A		done
2324N/A	fi
2324N/Adone
2324N/A
2324N/Azones=`zoneadm list -c | grep -v global`
2976N/Afor zone in $zones
2324N/Ado
1777N/A	zonecfg -z $zone info ip-type | grep exclusive >/dev/null
1777N/A	if [ $? -eq 0 ]; then
1777N/A		zif=`zonecfg -z $zone info net | grep physical | \
1777N/A		    nawk '{print $2}'`
2324N/A		zone_ifs="$zone_ifs $zif"
2324N/A	fi
2324N/Adone
2324N/A
1345N/AORIG=$BASEDIR/etc/dladm/datalink.conf
2324N/Afor ifname in $host_ifs $zone_ifs
1516N/Ado
1105N/A	grep $ifname $ORIG >/dev/null
	if [ $? != 0 ]; then
		phys=`echo $ifname | sed "s/[0-9]*$//"`
		devnum=`echo $ifname | sed "s/$phys//g"`
		if [ "$phys$devnum" != $ifname -o \
		    -n "`echo $devnum | tr -d '[0-9]'`" ]; then
			echo "skipping invalid interface $ifname"
			continue
		fi

		vid=`expr $devnum / 1000`
		inst=`expr $devnum % 1000`

		if [ "$vid" != "0" ]; then
			echo dladm create-vlan -l $phys$inst -v $vid \
			    $ifname >> ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT
			if [ "$vid" != "1" ]; then
				continue
			fi
			# If default PVID VLAN 1 is in use then warn
			# the user and force PVID to zero.
			echo "Warning: default VLAN tag set to 0 on $ifname"
			echo dladm set-linkprop -p default_tag=0 \
			    $ifname >> ${PKG_INSTALL_ROOT}/$UPGRADE_SCRIPT
		fi
	fi
done

#
# Change permissions of public IKE certificates and CRLs
# that may have been incorrectly created as private
# PKCS#11 hints files must be left root-only readable.
# Make sure this files starts with "30 82"
#
for file in `ls ${PKG_INSTALL_ROOT}/etc/inet/ike/crls/* \
    ${PKG_INSTALL_ROOT}/etc/inet/ike/publickeys/* 2>/dev/null`; do
	if dd if=$file count=2 bs=1 2>/dev/null | cat -v | \
	    grep "0M-^B" >/dev/null 2>&1
	then
	    chmod 644 $file
	fi
done

#
# Change group and permissions of /etc/dladm/*.conf config files.
# secobj.conf changes permissions and group.  The rest only change the group.
#
DLADM_PATH="${PKG_INSTALL_ROOT}/etc/dladm"
DLADM_FILES="${DLADM_PATH}/datalink.conf ${DLADM_PATH}/flowadm.conf \
    ${DLADM_PATH}/flowprop.conf ${DLADM_PATH}/secobj.conf"
chgrp netadm ${DLADM_FILES}
chmod 660 ${DLADM_PATH}/secobj.conf

exit 0