postinstall revision 959788eb27e88e794c39aa0fca840343de5725e9
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# This postinstall script "clones" the policy for aes/arcfour/blowfish to the
# encryption kit aes256, arcfour2048, and blowfish448 modules.
# Because we want to do the policy cloning and only have one of the kernel
# providers enabled we can't use the i.kcfconf class action script.
# We can't run cryptoadm(1m) here because it might not be available yet.
kcfconf=$BASEDIR/etc/crypto/kcf.conf
ipsecalgs=$BASEDIR/etc/inet/ipsecalgs
if [ ! -r $kcfconf ]; then
echo "/etc/crypto/kcf.conf not found, this may be an attempt to \c"
echo "install this package on an incorrect release of Solaris"
exit 2
fi
# No release that has kcf.conf does NOT have ipsecalgs, so no need to check.
cp $kcfconf ${kcfconf}.tmp
sed -e 's/^aes:/aes256:/' -e 's/^blowfish:/blowfish448:/' -e \
's/^arcfour:/arcfour2048:/' \
$kcfconf > ${kcfconf}.tmp
mv -f ${kcfconf}.tmp $kcfconf
cp $ipsecalgs ${ipsecalgs}.tmp
sed -e 's/_CBC|128\/32-128,8/_CBC|128\/32-448,8/' \
-e 's/AES_CBC|128|/AES_CBC|128\/128-256,64|/' \
$ipsecalgs > ${ipsecalgs}.tmp
mv -f ${ipsecalgs}.tmp $ipsecalgs
if [ -z "$BASEDIR" ]; then
[ -x /usr/sbin/cryptoadm ] && /usr/sbin/cryptoadm refresh
[ -x /usr/sbin/ipsecalgs ] && /usr/sbin/ipsecalgs -s
fi
exit 0