b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync#

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# CDDL HEADER START

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync#

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# The contents of this file are subject to the terms of the

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# Common Development and Distribution License (the "License").

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# You may not use this file except in compliance with the License.

e64031e20c39650a7bc902a3e1aba613b9415deevboxsync#

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# or http://www.opensolaris.org/os/licensing.

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# See the License for the specific language governing permissions

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# and limitations under the License.

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync#

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# When distributing Covered Code, include this CDDL HEADER in each

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# file and include the License file at usr/src/OPENSOLARIS.LICENSE.

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# If applicable, add the following below this CDDL HEADER, with the

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# fields enclosed by brackets "[]" replaced with your own identifying

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# information: Portions Copyright [yyyy] [name of copyright owner]

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync#

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# CDDL HEADER END

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync#

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsync# Copyright 2008 Sun Microsystems, Inc. All rights reserved.

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsync# Use is subject to license terms.

d35bc16bb4e4d1795110172a6f4afb9a29d0d0cdvboxsync#

d35bc16bb4e4d1795110172a6f4afb9a29d0d0cdvboxsyncBASEPREFIX=`echo $BASEDIR | sed "s/\//_/g"`

d35bc16bb4e4d1795110172a6f4afb9a29d0d0cdvboxsync#

d35bc16bb4e4d1795110172a6f4afb9a29d0d0cdvboxsync# Clear sysidtool which may have gone into maintenance due to a dependency

d35bc16bb4e4d1795110172a6f4afb9a29d0d0cdvboxsync# cycle with milestone/single-user, when upgrading to a system that

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync# introduces milestone/sysconfig.

80096fb54d147045204dcc7e3ff273158de03f81vboxsync#

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsynccat >> $BASEDIR/var/svc/profile/upgrade <<\_CLRSYSID

80096fb54d147045204dcc7e3ff273158de03f81vboxsync /usr/sbin/svcadm clear svc:/system/sysidtool:net

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync /usr/sbin/svcadm clear svc:/system/sysidtool:system

80096fb54d147045204dcc7e3ff273158de03f81vboxsync_CLRSYSID

80096fb54d147045204dcc7e3ff273158de03f81vboxsync

80096fb54d147045204dcc7e3ff273158de03f81vboxsyncif [ -f $BASEDIR/etc/inet/ipnodes.hostsmerge ]; then

80096fb54d147045204dcc7e3ff273158de03f81vboxsync rm -f $BASEDIR/etc/inet/ipnodes.hostsmerge

315856d1cef638b31ac9f73fe6ca4831701f5223vboxsyncfi

80096fb54d147045204dcc7e3ff273158de03f81vboxsync

315856d1cef638b31ac9f73fe6ca4831701f5223vboxsyncif [ -h $BASEDIR/var/mail.ABCsavedXYZ ] ; then

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync rmdir $BASEDIR/var/mail/:saved >/dev/null 2>&1

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync if [ $? = 0 ] ; then

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync rmdir $BASEDIR/var/mail >/dev/null 2>&1

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync if [ $? = 0 ] ; then

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsync mv $BASEDIR/var/mail.ABCsavedXYZ $BASEDIR/var/mail

80096fb54d147045204dcc7e3ff273158de03f81vboxsync fi

80096fb54d147045204dcc7e3ff273158de03f81vboxsync fi

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync rm -fr $BASEDIR/var/mail.ABCsavedXYZ

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsyncfi

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsyncif [ -h $BASEDIR/var/news.ABCsavedXYZ ] ; then

80096fb54d147045204dcc7e3ff273158de03f81vboxsync rmdir $BASEDIR/var/news >/dev/null 2>&1

80096fb54d147045204dcc7e3ff273158de03f81vboxsync if [ $? = 0 ] ; then

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync mv $BASEDIR/var/news.ABCsavedXYZ $BASEDIR/var/news

80096fb54d147045204dcc7e3ff273158de03f81vboxsync fi

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsync rm -fr $BASEDIR/var/news.ABCsavedXYZ

b1ae8b1c40ec6bb82e7984b72712df5661332e2cvboxsyncfi

80096fb54d147045204dcc7e3ff273158de03f81vboxsync

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsyncPMTAB=$BASEDIR/etc/saf/tcp/_pmtab

7b1a1a5dea048e6a23a740ed5b5ef456f3958a0avboxsyncif [ -f $PMTAB ] ; then

80096fb54d147045204dcc7e3ff273158de03f81vboxsync sed -e 's/\\x00020ACE......../\\x00020ACE00000000/' \

-e 's/\\x00020203......../\\x0002020300000000/' $PMTAB >/tmp/t.$$

cp /tmp/t.$$ $PMTAB

fi

AUTH_ATTR=$BASEDIR/etc/security/auth_attr

if [ -f $AUTH_ATTR ] ; then

sed '/^solaris\.\*/d' $AUTH_ATTR > /tmp/a.$$

cp /tmp/a.$$ $AUTH_ATTR

rm -f /tmp/a.$$

fi

EXEC_ATTR=$BASEDIR/etc/security/exec_attr

if [ -f $EXEC_ATTR ] ; then

sed -e '/^Network Security.*sbin\/ipsec.*/ D' \

-e '/^Network Security.*sbin\/ike.*/ D' \

-e '/^Network Security.*inet\/in\.iked.*/ D' \

-e '/^Network Security.*inet\/cert.*/ D' $EXEC_ATTR > /tmp/e.$$

cp /tmp/e.$$ $EXEC_ATTR

rm -f /tmp/e.$$

fi

INITTAB=$BASEDIR/etc/inittab

if [ -f $INITTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \

"$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then

sed -e '/^ap:/d' -e '/^sp:/d' $INITTAB > /tmp/i.$$

cp /tmp/i.$$ $INITTAB

rm -f /tmp/i.$$

fi

VFSTAB=$BASEDIR/etc/vfstab

if [ -f $VFSTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \

"$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then

sed '/^\/devices[ ]/d' $VFSTAB > /tmp/v.$$

cp /tmp/v.$$ $VFSTAB

rm -f /tmp/v.$$

fi

#

# Get rid of obsolete BIND 8 server instance

#

cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_BIND8

obs_se=/usr/sbin/in.named

cur_se=`svcprop -p start/exec svc:/network/dns/server 2>/dev/null`

if [ "$obs_se" = "$cur_se" ]; then

svcadm disable -s svc:/network/dns/server:default

svccfg delete svc:/network/dns/server:default

# If this was the only instance, delete the service also

svcs network/dns/server >/dev/null 2>&1 || \

svccfg delete svc:/network/dns/server

fi

_DEL_BIND8

#

# Get rid of obsolete DARPA trivial name server (Death to IEN-116!)

#

cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_TNAME

svcs svc:/network/tname > /dev/null 2>&1

if [ "$?" = 0 ]; then

svccfg delete -f svc:/network/tname

fi

_DEL_TNAME

#

# Remove stale GLD services

#

SVCCFG_REPOSITORY=$PKG_INSTALL_ROOT/etc/svc/repository.db

export SVCCFG_REPOSITORY

if [ -x /usr/sbin/svcadm -a -x /usr/sbin/svccfg -a \

-f $PKG_INSTALL_ROOT/var/svc/manifest/network/datalink.xml ]; then

if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then

#

# Local package install. Need to disable the services first

# before deleting.

#

svcadm disable -s svc:/network/aggregation >/dev/null 2>&1

svcadm disable -s svc:/network/datalink-init >/dev/null 2>&1

svcadm disable -s svc:/network/datalink >/dev/null 2>&1

fi

svccfg delete svc:/network/aggregation >/dev/null 2>&1

svccfg delete svc:/network/datalink-init >/dev/null 2>&1

svccfg delete svc:/network/datalink >/dev/null 2>&1

fi

# The ipsecalgs and policy services are delivered enabled.

# The ike and manual-key services are delivered disabled. The

# system administrator will need to enable them after creating

# the config file(s). If the system has been upgraded and the

# config files exist, enable the services on first boot.

# The file in /tmp indicates that this system had already been

# upgraded. The service will only be enabled on first upgrade.

IKEMANIFEST=`echo ike.xml"$BASEPREFIX" | cut -c 1-256`

if [ ! -f /tmp/${IKEMANIFEST} ]; then

cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD

if [ -f /etc/inet/ike/config ]; then

/usr/sbin/svcadm enable svc:/network/ipsec/ike:default

fi

_IPSECUPGRD

else

rm /tmp/${IKEMANIFEST}

fi

MANKEYMANIFEST=`echo manual-key.xml"$BASEPREFIX" | cut -c 1-256`

if [ ! -f /tmp/${MANKEYMANIFEST} ]; then

cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD

if [ -f /etc/inet/secret/ipseckeys ]; then

/usr/sbin/svcadm enable svc:/network/ipsec/manual-key:default

fi

_IPSECUPGRD

else

rm /tmp/${MANKEYMANIFEST}

fi

#

# If the eeprom service is present, remove it. We can't use

# /var/svc/profile/upgrade as it runs before manifest-import.

#

/usr/sbin/svccfg -s svc:/platform/i86pc/eeprom:default end >/dev/null 2>&1

if [ "$?" = 0 ]; then

if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then

svcadm disable -s svc:/platform/i86pc/eeprom:default \

>/dev/null 2>&1

fi

svccfg delete svc:/platform/i86pc/eeprom >/dev/null 2>&1

rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform_i86pc.xml

rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform.xml

fi

#

# svc:/network/rpc/keyserv is expected to be off on systems that don't

# set domainname. On systems that do define a default domain, leave the

# setting as previously set.

#

cat >> $BASEDIR/var/svc/profile/upgrade <<\_CSVC_UPGRADE_2

if [ ! -f /etc/defaultdomain ]; then

svcadm disable network/rpc/keyserv

fi

_CSVC_UPGRADE_2

if [ "$UPDATE" != yes ]; then

#

# On initial install, default to ns_files.xml. The installer will

# customize, if appropriate.

#

ln -s ns_files.xml $BASEDIR/var/svc/profile/name_service.xml

elif [ ! -r $BASEDIR/var/svc/profile/name_service.xml ] || \

[ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then

#

# Associate name service profile, if none present.

#

grep ldap $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1

is_ldap=$?

grep nisplus $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1

is_nisplus=$?

grep nis $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1

is_nis=$?

if [ $is_ldap = 0 ]; then

ns_profile=ns_ldap.xml

elif [ $is_nisplus = 0 ]; then

ns_profile=ns_nisplus.xml

elif [ $is_nis = 0 ]; then

ns_profile=ns_nis.xml

else

ns_profile=ns_files.xml

fi

# Remove stale copy of name_service.xml, if it is not a symlink.

if [ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then

/usr/bin/rm -f $BASEDIR/var/svc/profile/name_service.xml

fi

ln -s $ns_profile $BASEDIR/var/svc/profile/name_service.xml

grep dns $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1

if [ $? = 0 ]; then

echo "/usr/sbin/svcadm enable network/dns/client" >> \

$BASEDIR/var/svc/profile/upgrade

fi

fi

#

# Associate correct inetd services profile.

#

rm -f $BASEDIR/var/svc/profile/inetd_services.xml

if [ "$UPDATE" = yes ]; then

ln -s inetd_upgrade.xml $BASEDIR/var/svc/profile/inetd_services.xml

# Ensure inetd-upgrade is run post-upgrade

echo "/usr/sbin/svcadm enable network/inetd-upgrade" >> \

$BASEDIR/var/svc/profile/upgrade

else

ln -s inetd_generic.xml $BASEDIR/var/svc/profile/inetd_services.xml

fi

#

# /etc/svc/repository.db was previously packaged but it is now generated

# from one of the seed repositories and then updated by svccfg(1M).

# Therefore, removef(1M) is used to remove the packaging database entry

# although the repository itself is preserved.

#

/usr/sbin/removef $PKGINST /etc/svc/repository.db >/dev/null 2>&1

/usr/sbin/removef -f $PKGINST >/dev/null 2>&1

PROFILEDIR=$BASEDIR/var/svc/profile

GENERICXML=${PROFILEDIR}/generic.xml

if [ -f $BASEDIR/var/SUNWcsr-apply-limited-net ]; then

UPGRADEFILE=${PROFILEDIR}/upgrade

ln -sf ./generic_limited_net.xml ${GENERICXML}

cat >> ${UPGRADEFILE} <<\_ENABLE_LIMITED_NET

#

# apply the generic_limit_net profile selected at install

# time, and set the accompanying properties since they can't

# be readily set in the profile as of yet.

#

apply_limited_net()

{

/usr/sbin/netservices limited

}

# apply_limited_net as last action of this upgrade script

trap apply_limited_net 0

_ENABLE_LIMITED_NET

rm -f $BASEDIR/var/SUNWcsr-apply-limited-net

else

#

# This is not an initial (zone-)install: we are upgrading.

#

# If we have a previous version of generic.xml, keep that.

# Otherwise (upgrade from pre-SMF filesystem) take the default

# action, i.e., sym-link to ./generic_open.xml

#

if [ ! -h $GENERICXML -a ! -f $GENERICXML ]; then

ln -s ./generic_open.xml $GENERICXML

fi

fi

# generic.xml is now dynamically maintained at install/upgrade time

# and no longer delivered by any package. We therefore removef(1)

# any reference to it in the package database.

removef $PKGINST /var/svc/profile/generic.xml >/dev/null 2>&1

removef -f $PKGINST >/dev/null 2>&1

# Solaris audit's internal "enable/disable" state is maintained by

# c2audit; if c2audit accepts the auditconfig query, then auditing is

# enabled. If that is the case, then SMF should always enable auditd

# in the global zone and also in a non-global zone if perzone auditing

# is in use.

cat >> $BASEDIR/var/svc/profile/upgrade <<\_ENABLE_AUDIT

/usr/sbin/auditconfig -getcond 2> /dev/null

if [ $? -eq 0 ]; then

if [ `/sbin/zonename` = global ]; then

/usr/sbin/svcadm enable system/auditd

else

echo `/usr/sbin/auditconfig -getpolicy` | grep perzone > /dev/null

if [ $? -eq 0 ]; then

/usr/sbin/svcadm enable system/auditd

fi

fi

fi

_ENABLE_AUDIT

# if platform/sun4u/mpxio-upgrade service exists, then

# delete the service on boot after upgrading.

if [ "$UPDATE" = yes ]; then

cat >> $BASEDIR/var/svc/profile/upgrade <<\_MPXIOUPGRD

/usr/bin/svcs platform/sun4u/mpxio-upgrade > /dev/null 2>&1

if [ "$?" = 0 ]; then

/usr/sbin/svccfg delete svc:/platform/sun4u/mpxio-upgrade

fi

_MPXIOUPGRD

fi

#

# Add nwam to sysidconfig app list so sys-unconfig does the right thing

#

cat >> $BASEDIR/var/svc/profile/upgrade <<\_NWAM_SYSID

/usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" -l |\

/usr/bin/grep -s net-nwam >/dev/null

if [ $? -ne 0 ]; then

/usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" \

-a /lib/svc/method/net-nwam

fi

_NWAM_SYSID

#

# Migrate /etc/acctadm.conf settings to smf(5) repository. Enable the instance

# if the configuration differs from the default configuration.

#

cat >> $BASEDIR/var/svc/profile/upgrade <<\_ACCTADM

if [ -f /etc/acctadm.conf ]; then

. /etc/acctadm.conf

fmri="svc:/system/extended-accounting:flow"

svccfg -s $fmri setprop config/file = \

${ACCTADM_FLOW_FILE:="none"}

svccfg -s $fmri setprop config/tracked = \

${ACCTADM_FLOW_TRACKED:="none"}

svccfg -s $fmri setprop config/untracked = \

${ACCTADM_FLOW_UNTRACKED:="extended"}

if [ ${ACCTADM_FLOW_ENABLE:="no"} = "yes" ]; then

svccfg -s $fmri setprop config/enabled = "true"

else

svccfg -s $fmri setprop config/enabled = "false"

fi

if [ $ACCTADM_FLOW_ENABLE = "yes" -o $ACCTADM_FLOW_FILE != "none" -o \

$ACCTADM_FLOW_TRACKED != "none" ]; then

svcadm enable $fmri

fi

fmri="svc:/system/extended-accounting:process"

svccfg -s $fmri setprop config/file = \

${ACCTADM_PROC_FILE:="none"}

svccfg -s $fmri setprop config/tracked = \

${ACCTADM_PROC_TRACKED:="none"}

svccfg -s $fmri setprop config/untracked = \

${ACCTADM_PROC_UNTRACKED:="extended,host"}

if [ ${ACCTADM_PROC_ENABLE:="no"} = "yes" ]; then

svccfg -s $fmri setprop config/enabled = "true"

else

svccfg -s $fmri setprop config/enabled = "false"

fi

if [ $ACCTADM_PROC_ENABLE = "yes" -o $ACCTADM_PROC_FILE != "none" -o \

$ACCTADM_PROC_TRACKED != "none" ]; then

svcadm enable $fmri

fi

fmri="svc:/system/extended-accounting:task"

svccfg -s $fmri setprop config/file = \

${ACCTADM_TASK_FILE:="none"}

svccfg -s $fmri setprop config/tracked = \

${ACCTADM_TASK_TRACKED:="none"}

svccfg -s $fmri setprop config/untracked = \

${ACCTADM_TASK_UNTRACKED:="extended"}

if [ ${ACCTADM_TASK_ENABLE:="no"} = "yes" ]; then

svccfg -s $fmri setprop config/enabled = "true"

else

svccfg -s $fmri setprop config/enabled = "false"

fi

if [ $ACCTADM_TASK_ENABLE = "yes" -o $ACCTADM_TASK_FILE != "none" -o \

$ACCTADM_TASK_TRACKED != "none" ]; then

svcadm enable $fmri

fi

rm /etc/acctadm.conf

fi

_ACCTADM

# Preinstall script will create this file if vtdaemon service was

# already installed, in which case we preserve current service state,

# be it enabled or disabled.

if [ -f $PKG_INSTALL_ROOT/var/tmp/vtdaemon_installed.tmp ]; then

rm -f $PKG_INSTALL_ROOT/var/tmp/vtdaemon_installed.tmp

elif [ "${PKG_INSTALL_ROOT:-/}" = "/" ]; then

# live system

/usr/sbin/svcadm enable svc:/system/vtdaemon:default

/usr/sbin/svcadm enable svc:/system/console-login:vt2

/usr/sbin/svcadm enable svc:/system/console-login:vt3

/usr/sbin/svcadm enable svc:/system/console-login:vt4

/usr/sbin/svcadm enable svc:/system/console-login:vt5

/usr/sbin/svcadm enable svc:/system/console-login:vt6

else

# upgrade

cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<-EOF

/usr/sbin/svcadm enable svc:/system/vtdaemon:default

/usr/sbin/svcadm enable svc:/system/console-login:vt2

/usr/sbin/svcadm enable svc:/system/console-login:vt3

/usr/sbin/svcadm enable svc:/system/console-login:vt4

/usr/sbin/svcadm enable svc:/system/console-login:vt5

/usr/sbin/svcadm enable svc:/system/console-login:vt6

EOF

fi

exit 0