postinstall revision 959788eb27e88e794c39aa0fca840343de5725e9
5cd4555ad444fd391002ae32450572054369fd42Rob Austein# CDDL HEADER START
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# The contents of this file are subject to the terms of the
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06Mark Andrews# Common Development and Distribution License, Version 1.0 only
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# (the "License"). You may not use this file except in compliance
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# with the License.
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# or http://www.opensolaris.org/os/licensing.
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# See the License for the specific language governing permissions
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# and limitations under the License.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# When distributing Covered Code, include this CDDL HEADER in each
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# If applicable, add the following below this CDDL HEADER, with the
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# fields enclosed by brackets "[]" replaced with your own identifying
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews# information: Portions Copyright [yyyy] [name of copyright owner]
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews# CDDL HEADER END
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# Use is subject to license terms.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# ident "%Z%%M% %I% %E% SMI"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# This postinstall script "clones" the policy for aes/arcfour/blowfish to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# encryption kit aes256, arcfour2048, and blowfish448 modules.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# Because we want to do the policy cloning and only have one of the kernel
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# providers enabled we can't use the i.kcfconf class action script.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein# We can't run cryptoadm(1m) here because it might not be available yet.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinif [ ! -r $kcfconf ]; then
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein echo "/etc/crypto/kcf.conf not found, this may be an attempt to \c"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein echo "install this package on an incorrect release of Solaris"
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews# No release that has kcf.conf does NOT have ipsecalgs, so no need to check.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeincp $kcfconf ${kcfconf}.tmp
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinsed -e 's/^aes:/aes256:/' -e 's/^blowfish:/blowfish448:/' -e \
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein 's/^arcfour:/arcfour2048:/' \
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein $kcfconf > ${kcfconf}.tmp
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinmv -f ${kcfconf}.tmp $kcfconf
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeincp $ipsecalgs ${ipsecalgs}.tmp
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinsed -e 's/_CBC|128\/32-128,8/_CBC|128\/32-448,8/' \
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein -e 's/AES_CBC|128|/AES_CBC|128\/128-256,64|/' \
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein $ipsecalgs > ${ipsecalgs}.tmp
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinmv -f ${ipsecalgs}.tmp $ipsecalgs
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinif [ -z "$BASEDIR" ]; then
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein [ -x /usr/sbin/cryptoadm ] && /usr/sbin/cryptoadm refresh