preremove revision b8bf75cb74c7cf11bde9dc90fb021429968d7654
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# This preremove script "clones" the policy for aes256/arcfour2048/blowfish448
# to the back to the base aes, arcfour, and blowfish modules.
# Because we want to do the policy cloning and only have one of the modules's
# enabled we can't used the i.kcfconf class action script.
# We can't run cryptoadm(1m) here because it might not be available.
kcfconf=$BASEDIR/etc/crypto/kcf.conf
ipsecalgs=$BASEDIR/etc/inet/ipsecalgs
if [ ! -r $kcfconf ]; then
echo "/etc/crypto/kcf.conf not found, this may be an attempt to \c"
echo "install this package on an incorrect release of Solaris"
exit 2
fi
# No release that has kcf.conf does NOT have ipsecalgs, so no need to check.
cp $kcfconf ${kcfconf}.tmp
sed -e 's/^aes256:/aes:/' -e 's/^blowfish448:/blowfish:/' -e \
's/^arcfour2048:/arcfour:/' \
$kcfconf > ${kcfconf}.tmp
mv -f ${kcfconf}.tmp $kcfconf
cp $ipsecalgs ${ipsecalgs}.tmp
sed -e 's/_CBC|128\/32-448,8/_CBC|128\/32-128,8/' \
-e 's/AES_CBC|128\/128-256,64|/AES_CBC|128|/' \
$ipsecalgs > ${ipsecalgs}.tmp
mv -f ${ipsecalgs}.tmp $ipsecalgs
if [ ${BASEDIR:="/"} = "/" ]; then
[ -x /usr/sbin/cryptoadm ] && /usr/sbin/cryptoadm refresh
[ -x /usr/sbin/ipsecalgs ] && /usr/sbin/ipsecalgs -s
fi
exit 0