bfu.sh revision 22defd952063f38887d1d2f9ddb11d93c91f00f5
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# Upgrade a machine from a cpio archive area in about 5 minutes.
# By Roger Faulkner and Jeff Bonwick, April 1993.
#
# Usage: bfu [-f] <archive_dir> [root-dir] # for normal machines
# bfu -c [-f] <archive_dir> <exec-dir> # for diskless clients
#
# The -f flag is to override the built-in safety check which requires
# that the starting-point OS be a least a certain revision.
#
# You have to be super-user. It's safest to run this from the
# system console, although I've run it under OW and even via
# remote login with no problems.
#
# You will have to reboot the system when the upgrade is complete.
#
# You should add any administrative files you care about to this list.
# Warning: there had better be no leading '/' on any of these filenames.
#
# The CDPATH variable causes ksh's `cd' builtin to emit messages to stdout
# under certain circumstances, which can really screw things up; unset it.
#
unset CDPATH
export LC_ALL="C"
if [ -z "$GATEPATH" ]; then
fi
if [ -z "$ARCHIVEPATH" ]; then
fi
export ARCHIVE=${ARCHIVEPATH}
#
# NOTE: Entries in *_files must expand to either the exact files required,
# or to directories that will be scoured for files. Any directories
# (and subdirectories) resulting from a wildcard expansion will be
# include all files in any of its directories, as well as any files in
#
# First list: files to be saved in global and non-global zones.
#
etc/.login
"
#
# Second list: files to be saved in the global zone only.
#
"
#
# Third list: files extracted from generic.root but which belong in the global
# zone only: they are superfluous (and some even harmful) in local zones.
#
# they are added to smf_obsolete_rc_files, below)
#
devices
kernel
"
#
# files to be preserved, ie unconditionally restored to "child" versions
#
"
"
print "$*" >& 2
print "bfu aborting" >& 2
prun 1
exit 1
}
if [ $1 = "global" ]; then
fi
#
# Force cpio to return non-zero by printing an error message
# to stdout that it won't be able to lstat().
#
echo 'filelist: sort failed'
fail "sort failed"
}
}
}
100134
100150
100155
100229
100230
100234
100242
100422
chargen
comsat
daytime
discard
echo
eklogin
exec
finger
ftp
gssd
klogin
krb5_prop
kshell
ktkt_warnd
login
metad
metamedd
metamhd
name
ocfserv
printer
rexd
rquotad
rstatd
rusersd
shell
smserverd
sprayd
sun-dr
talk
telnet
time
uucp
walld
"
[ $? = 0 ] || echo "warning: unable to temporarily disable $1"
[ $? = 0 ] || echo "warning: unable to enable $1 for next boot"
fi
}
echo "s:^[ ]*$i[ /]:#SMFbfu# &:"
}
}
# BFU previously commented out, put it back in place
# No entry, append to end
# TFTPD - tftp server (primarily used for booting)
#tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
EOF
fi
}
# Since inetd.conf is updated by SUNWmdr's postinstall script,
# we will update the actual inetd.conf here to reflect the postinstall
# changes.
#
# only change inetd.conf if the rpc.metad entry is out of date
#
# Grab existing rpc entries for rpc.metad
# and convert spaces to tabs within the rpc entry, as well as
# the transport method;
# or add a new entry in case there was none.
else
fi
print "Updating inet.conf metad entry ... \c"
print "done."
else
print "failed."
fi
fi
fi
#
# only change inetd.conf if the rpc.mdcommd entry is out of date
#
# Grab existing rpc entries for rpc.mdcommd
# and convert spaces to tabs within the rpc entry,
# or add a new entry in case there was none.
else
fi
print "Updating inetd.conf rpc.mdcommd entry ... \c"
print "done."
else
print "failed."
fi
fi
fi
}
# update /etc/security/policy.conf with the default
# Solaris crypt(3c) policy.
if [ $? = 1 ] ; then
print "Updating entries for crypt(3c), see policy.conf(4)"
# crypt(3c) Algorithms Configuration
#
# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
# be used for new passwords. This is enforced only in crypt_gensalt(3c).
#
CRYPT_ALGORITHMS_ALLOW=1,2a,md5
# To deprecate use of the traditional unix algorithm, uncomment below
# and change CRYPT_DEFAULT= to another algorithm. For example,
# CRYPT_DEFAULT=1 for BSD/Linux MD5.
#
#CRYPT_ALGORITHMS_DEPRECATE=__unix__
# The Solaris default is the traditional UNIX algorithm. This is not
# listed in crypt.conf(4) since it is internal to libc. The reserved
# name __unix__ is used to refer to it.
#
CRYPT_DEFAULT=__unix__
EOM
fi
if [ $? = 1 ]; then
echo "Updating entries for privileges(5)," \
"see policy.conf(4) for details."
#
# These settings determine the default privileges users have. If not set,
# the default privileges are taken from the inherited set.
# There are two different settings; PRIV_DEFAULT determines the default
# set on login; PRIV_LIMIT defines the Limit set on login.
# Individual users can have privileges assigned or taken away through
# user_attr. Privileges can also be assigned to profiles in which case
# the users with those profiles can use those privileges through pfexec(1m).
# For maximum future compatibility, the specifications should
# always include "basic" or "all"; privileges should then be removed using
# the negation. E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
# sys_linkdir privilege, regardless of future additional privileges.
# Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
# file_link_any privilege from the basic privilege set; only that notation
# is immune from a future addition of currently unprivileged operations to
# the basic privilege set.
# NOTE: removing privileges from the the Limit set requires EXTREME care
# as any set-uid root program may suddenly fail because it lacks certain
# privilege(s).
#
#PRIV_DEFAULT=basic
#PRIV_LIMIT=all
EOM
fi
}
#
# Cleanup nfsmapid configuration before extracting
# root bits. Remove if they exist:
# nfsmapid entry in inetd.conf
#
# Going forward neither should exist, but no harm if services entry exists
# Going way backwards (pre-04/28/2004), inetd.conf must exist but will
# be a conflict that should be merged in
#
tmpinetcf=/tmp/inetd.conf.$$
-e "/^[# ]*100166\/1/d" \
tmpservices=/tmp/services.$$
cp -pf ${services} ${tmpservices}
${tmpservices} > ${services} 2>&1
rm -f ${tmpservices}
cp -pf ${services} ${tmpservices}
${tmpservices} > ${services} 2>&1
rm -f ${tmpservices}
cp -pf ${services} ${tmpservices}
${tmpservices} > ${services} 2>&1
rm -f ${tmpservices}
}
# Define global variables
#
#
# List of SDS commands that must be deleted.
#
growfs
metaclear
metadb
metadetach
metahs
metainit
metaoffline
metaonline
metaparam
metarename
metareplace
metaroot
metaset
metastat
metasync
metattach
"
#
# List of SDS configuration files that must be deleted.
#
lock
devpath
"
#
# List of rc scripts that must be deleted.
#
RCLIST="
"
#
# List of flashprom-related files that must be deleted.
#
"
#
#
< ${SYSTEM_FILE} > /tmp/system.$$
cp /tmp/system.$$ ${SYSTEM_FILE} || \
}
#
# Add entries in md.conf for bootlist
#
grep mddb_bootlist >> /tmp/md.conf.$$
}
#
# add_devid_destroy(filename)
# returns contents in filename
# md_devid_destroy property is required when upgrading
# from pre SVM to SVM releases or when the device ID returned from
# the driver changes.
# It is specifically placed between
# # Begin MDD database info and # End MDD database info because
# on the subsequent reboot, this line will be removed automatically when
# metadevadm is run in rc2.d.
#
if ( $2 == "End" && $4 == "database") {
print "md_devid_destroy=1;"
}
print $0
}' >> /tmp/t$$
}
#
# smf(5) "Greenline" doesn't install the init.d or rc*.d scripts for
# converted services. Clean up previous scripts for such services.
#
"
# Obsolete smf manifests
"
# smf services whose manifests have been renamed
"
# Obsolete smf methods
"
(
cd $root;
print "Removing obsolete rc.d scripts ... \c"
print "done."
)
}
print "Clearing platform profile hash ..."
# platform_SUNW,Sun-Fire.xml (and other new and
# corrected platforms) were delivered in Build 68.
if [ ! -f \
]; then
none \
svccfg -f - <<EOF
select smf/manifest
delpg ${pfx}ar_svc_profile_platform_${plname}_xml
exit
EOF
done
done
fi
}
#
# Detect, prior to extraction the arrival of new,
# default-enabled-in-profile services. If so, add a command
# such that they are enabled.
#
fi
fi
! -f $rootprefix/var/svc/profile/system/filesystem/volfs.xml ]]; then
fi
! -f $rootprefix/var/svc/manifest/system/scheduler.xml ]]; then
fi
}
if [[ ! -f $mymfs ]] || ! cmp -s $manifest_src/$1 $mymfs ; then
cp $manifest_src/$1 $mymfs ||
echo "bfu: could not copy $manifest_src/$1"
fi
}
cp $manifest_src/$1 $rootprefix/lib/svc/method ||
echo "bfu: could not copy $manifest_src/$1"
}
rm -f $rootprefix/etc/rc?.d/[SK]??$1
}
(
mfst=$1
cd $root
[ -f $mfst ] || return;
if [ -r /etc/svc/volatile/repository_door ]; then
done
fi
)
}
(
cd $root;
)
}
(
cd $root;
)
}
"
"
(
for f in $smf_gldv3_manifests; do
done
cd $root;
)
}
}
[[ -f $rootprefix/$repository ]] || return
if [[ ! -x $sqlite ]]; then
echo "no sqlite binary: skipped integrity check" >&2
return
fi
rm -f /tmp/bfurepo.db;
if [[ $? -eq 0 ]]; then
echo "integrity check failed:" >&2
echo >&2
if [[ $force_override = no ]]; then
cat >&2 <<EOF
Reseed the repository (see http://greenline.eng/quickstart.shtml#newrep)
before BFUing (or use the -f flag to force BFU to continue). Re-seeding
will lose all smf(5) customizations.
EOF
echo >&2
exit 2;
else
echo "driving on anyway" >&2
fi
else
echo "passed integrity check" >&2;
fi
}
print ""
print "*************************************************************"
print " WARNING: BFU'ing $1 backwards across 5090532."
print " Fixes have been made but the services cannot be refreshed"
print " on the $1's inactive repository. Next boot for the"
print " $1 will probably result in maintenance mode due to"
print " dependency cycles. If so, at the $1's console, run:"
print ""
print " /usr/sbin/svcadm clear milestone/single-user"
print ""
print " to resolve."
print " To avoid these problems, reseed the zone's repository."
print " See http://greenline.eng/quickstart.shtml#newrep ."
print " Note: Re-seeding will lose all smf(5) customization."
print "*************************************************************"
print ""
}
#
# Return success if going to post-5090532, i.e. post-sysconfig bits
#
# By now, we're going to post-smf bits - so multi-user.xml must
# exist (since it was introduced by first SMF putback).
#
# Function return status is return status of last command executed.
# So, no need to check return status from grep below.
}
#
# Check if bfu'ing back from post-5090532 to pre-5090532 bits.
#
if [[ -f $rootprefix/var/svc/manifest/milestone/sysconfig.xml ]] &&
! smf_is_sysconfig ; then
return 0
fi
return 1
}
#
# Perform the necessary corrections when bfu'ing backwards
# from post-5090532 to pre-5090532 bits.
#
# Get the pre-5090532 non-ON manifests, and issue minimal fixes
# to the repository, to enable re-boot.
#
fi
#
# Now, remove sysidtool:{system, net}'s dependency on
# single-user and filesystem-local.
#
# If $rootprefix is not empty, this could be the global zone,
# with an alternate root BFU, or a non-global zone. For either
# case, the repository to be updated is not the live one: use
# SVCCFG_REPOSITORY to point to the repository to be updated.
#
# Note that in the alternate-root case, doing this seems better
# than forcing the user to re-seed, or to dis-allow it. The
# issue of svccfg and the repository not matching seems remote,
# given that from initial SMF integration (on10_64) to on10_74,
# there was no mismatch. In the remote possibility that there is a
# mis-match (in the future) causing these calls to be suspect,
# the user is already being advised, via the warning message, to
# reseed the repository in case of trouble. If a mis-match is ever
# introduced, code such as this would have to be fixed, so this
# aspect of the warning is useful only during the interim period.
#
# NOTE that this is not an issue for non-global zones'
# repositories - they couldn't be out-of-sync with
#
if [[ -n $rootprefix ]]; then
smf_bkbfu_warning "alternate root"
else
smf_bkbfu_warning "zone"
fi
fi
#
# Using the newer "-s" option to svccfg in the following is OK
# since its introduction preceded 5090532 (and this routine wouldn't
# be called unless the machine is running post-5090532 bits).
#
#
# On a live system, issue the refresh; For alternate root or non-global
# zone, the user was asked to issue the refreshes and "clear"s in the
# message above after a post-bfu reboot.
#
if [[ -z $rootprefix ]]; then
fi
#
# Now, reset SVCCFG_REPOSITORY, if it was set
#
[[ -n $rootprefix ]] && unset SVCCFG_REPOSITORY
#
# Remove the sysconfig.xml manifest when going back. So backward
# bfu check continues to work, and all manifests are correct.
#
rm -f /var/svc/manifest/milestone/sysconfig.xml
EOF
}
#
# Go thru the original manifests and move any that were unchanged
# (or are not system-provided) back to their proper location. This
# will avoid superfluous re-import on reboot, as the inode and mtime
# are both part of the hash.
#
if [ -d $rootprefix/$old_mfst_dir ]; then
for f in `cd $rootprefix/$old_mfst_dir ; find . -type f`
do
if [ ! -f $new ]; then
continue
fi
done
fi
if [ -f $rootprefix/etc/init.d/inetd ]; then
#
# BFUing to non-SMF system -- undo our previous changes,
# run an old hack, and skip the remainder of this function.
#
# Update inetd.conf only if we find rpc.metad file.
return
fi
#
# At this point, the archive in question is a SMF version. If
# the smf(5) repository does not yet exist, create it by copying
# the appropriate seed repository. Since updating of non-global
# zones only occurs when the live system is bfu'ed, the
# appropriate seed is guaranteed to exist under the /lib
# directory.
#
if [ ! -f $repository ]; then
print "Initializing service configuration repository ..."
else
fi
chmod 0600 $repository
fi
print "Removing obsolete smf services ..."
for f in $smf_obsolete_manifests; do
done
if [ $need_datalink = no ]; then
fi
print "Disabling unneeded inetd.conf entries ..."
print "Connecting platform and name service profiles ..."
grep ldap $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
is_ldap=$?
grep nisplus $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
is_nisplus=$?
grep nis $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
is_nis=$?
if [ $is_ldap = 0 ]; then
elif [ $is_nisplus = 0 ]; then
elif [ $is_nis = 0 ]; then
else
fi
print "Marking converted services as enabled ..."
[ -f $rootprefix/etc/resolv.conf ] && smf_enable network/dns/client
[ -f $rootprefix/etc/rcap.conf ] && smf_enable system/rcap
[ -f $rootprefix/etc/inet/dhcpsvc.conf ] && \
if [ -f $rootprefix/etc/dfs/dfstab ] &&
fi
else
fi
[ -f $rootprefix/etc/inet/ntp.conf ] && smf_enable network/ntp
# Determining whether we're a NIS master requires
# looking through the maps.
# Determine whether we are a YP master.
domain=`/usr/bin/domainname`
if [ -f /var/yp/NISLDAPmapping ]; then
master=`/usr/sbin/makedbm -u /var/yp/\$domain/LDAP_passwd.byname | grep YP_MASTER_NAME | nawk '{ print $2 }'`
else
master=`/usr/sbin/makedbm -u /var/yp/\$domain/passwd.byname | grep YP_MASTER_NAME | nawk '{ print $2 }'`
fi
fi
# If we are the master server, enable appropriate services.
if [ ! -f /var/yp/NISLDAPmapping ]; then
fi
fi
fi
# Check if mddbs don't exist on the image. If so, disable SVM services.
if [ -f $rootprefix/kernel/drv/md.conf ]; then
MDDB_STATUS=$?
fi
if [ $MDDB_STATUS -ne 0 ]; then
done
done
fi
# are configured.
done
[[ -d $manifest_src ]] ||
[[ -d $manifest_src ]] || manifest_src=/net/greenline.eng/meta0/smf
if smf_bkbfu_past_sysconfig ; then
echo "BFU'ing backwards across 5090532! Now repairing..."
fi
#
# corresponding non-ON manifests - sysidtool and kdmconfig.
#
if smf_is_sysconfig ; then
if [[ ! -f $sysidmfst ]]; then
#
# if WOS build on machine is pre-greenline, and
# we're bfu'ing to the sysconfig bits.
#
fi
else
#
# If sysidtool.xml already exists, update it
# if necessary. Future updates of sysidtool.xml
# must occur in the dir: $manifest_src/post-5090532
#
fi
if [[ ! -f $kdmmfst ]]; then
#
# if WOS build on machine is pre-greenline, and
# we're bfu'ing to the sysconfig bits.
#
echo "(post-5090532)"
else
#
# If kdmconfig.xml already exists, update
# it if necessary. Future updates of
# kdmconfig.xml must occur in the dir:
#
fi
fi
else
if [[ ! -f $sysidmfst ]]; then
fi
fi
then
fi
fi
# If we've still got the old dtlogin manifest delivered by earlier
# versions of bfu, delete it, as it was broken and should have
# never been delivered. A new version delivered by the CDE
# consolidation should be left alone.
if [[ -f $rootprefix/var/svc/manifest/application/dtlogin.xml &&
$rootprefix/var/svc/manifest/application/dtlogin.xml` -gt 0 &&
# Delete the obsolete manifest.
# Delete the service from repository, then use dtconfig -e to
# revert to whatever the WOS bits are using if dtlogin was
# enabled.
if /usr/bin/svcprop -q application/cde-login; then
if [ \`/usr/bin/svcprop -p general/enabled \
application/cde-login:default\` = "true" ]; then
do_dtconfig=1;
else
do_dtconfig=0;
fi
/usr/sbin/svccfg delete -f application/cde-login
type instance_refresh 2>&1 > /dev/null
if [ \$? = 0 ]; then
instance_refresh system/console-login
else
/usr/sbin/svcadm refresh system/console-login
fi
if [ \$do_dtconfig -eq 1 -a -x /usr/dt/bin/dtconfig ]; then
/usr/dt/bin/dtconfig -e
fi
fi
EOFA
fi
# Enable the inetd-upgrade service to convert any changes to inetd.conf
# If global zone, and bfu'ing from smf, and the inetd-upgrade
# service has an obsolete dependency, then add a clear of inetd
# and inetd-upgrade to the upgrade file as either may drop into
# maintenance due to a dependency loop resulting from the new
# inetd manifest
if [[ $? = 0 ]]; then
fi
fi
# If we're in the global zone, and using an alternate root, see if
# we are in an smf root. If so, import pfil and name-service-cache.
# If we're not bfu'ing an alternate root, and we're post-smf,
# import pfil and name-service-cache. This is to get pfil and
# name-service-cache(with correct dependencies) in the repository
# before reboot. If we're bfu'ing from pre-smf, this isn't an
# issue, as pfil is in the seed repository, and name-service-cache
# will be installed with correct dependencies.
if [[ -n $rootprefix ]]; then
else
echo "Warning: This system does not have SMF, so I"
echo "cannot ensure the pre-import of pfil and"
echo "name-service-cache. If ipfilter or name-service-"
echo "cache do not work, reboot your alternate root to"
echo "fix it."
fi
fi
fi
# Remove pfil from the non-global repository.
svcprop -q -p start/exec network/pfil
if [[ \$? = 0 ]]; then
/usr/sbin/svccfg delete -f network/pfil
fi
EOF
fi
# If we're in the global zone, and using an alternate root, see if
# we are in an smf root. If so, import datalink and aggregation svcs.
# If we're not bfu'ing an alternate root, and we're post-smf,
# import datalink and aggregation. This is to get them
# in the repository before reboot. If we're bfu'ing from pre-smf,
# this isn't an issue, as they are in the seed repository.
-f $rootprefix/var/svc/manifest/network/datalink.xml ]]; then
if [[ -n $rootprefix ]]; then
else
echo "Warning: This system does not have SMF, so I"
echo "cannot ensure the pre-import of datalink and"
echo "network aggregation. If they do not work"
echo "reboot your alternate root to fix it."
fi
/var/svc/manifest/network/aggregation.xml | \
/var/svc/manifest/network/datalink.xml | \
fi
#
# Make sure the services are enabled after reboot.
#
fi
# Enable new NFS status and nlockmgr services if client is enabled
cl="svc:/network/nfs/client:default"
if [ \`/usr/bin/svcprop -p general/enabled \$cl\` = "true" ]; then
/usr/sbin/svcadm enable svc:/network/nfs/status:default
/usr/sbin/svcadm enable svc:/network/nfs/nlockmgr:default
fi
EOF
if grep svc-kdc.slave $kpmani > /dev/null 2>&1; then
# We are deleting and reimporting kpropd's manifest, because we
# need to change the restarter.
kpfmri="svc:/network/security/krb5_prop"
kkfmri="svc:/network/security/krb5kdc:default"
lkpmani="/var/svc/manifest/network/security/krb5_prop.xml"
restarter=\`svcprop -c -p general/restarter \$kpfmri 2>&1\`
case \$restarter in
*network/inetd:default)
kken=\`svcprop -c -p general/enabled \$kkfmri\`
svccfg delete -f \$kpfmri
svccfg import \$lkpmani
# Enable kpropd if krb5kdc is enabled, since
# krb5kdc would have run kpropd
if [ \$kken = "true" ]; then
svcadm enable \$kpfmri
fi
;;
esac
EOF
fi
# Enable print server if there are local queues
queues=`echo $rootprefix/etc/lp/printers/*/configuration`
fi
# Enable rarpd and bootparamd if they would have been running pre-SMF
if [ -d $rootprefix/tftpboot ] || [ -d $rootprefix/rplboot ]; then
fi
# To handle the transition from pre-smf ipfilter to smf-aware ipfilter,
# check if ipfilter had been enabled with at least one rule, and if so
# enable the smf instance.
fi
# We are deleting and reimporting dcs's manifest, because we
# need to change the restarter.
dcsfmri="svc:/platform/sun4u/dcs:default"
dcsmani="/var/svc/manifest/platform/sun4u/dcs.xml"
restarter=\`svcprop -c -p general/restarter \$dcsfmri 2>&1\`
case \$restarter in
*network/inetd:default)
en=\`svcprop -c -p general/enabled \$dcsfmri\`
svccfg delete -f \$dcsfmri
svccfg import \$dcsmani
if [ \$en = "true" ]; then
svcadm enable \$dcsfmri
fi
;;
esac
EOF
}
rm -f $EXTRACT_LOG
echo error $* >> $EXTRACT_LOG
}
#
# Make a local copy of bfu in /tmp and execute that instead.
# to the original copy that might occur during execution.
#
cd .
print "Copying $abspath to $localpath"
chmod +x $localpath
print "Executing $localpath $*\n"
exec $localpath $*
fi
echo "Usage:"
echo " bfu [-fh] <archive_dir> [root-dir]"
echo "\tUpdate a single machine by loading archives on root-dir."
echo "\troot-dir defaults to / (a live bfu).\n"
echo " bfu -c [-fh] <archive_dir> <exec-dir>"
echo "\tUpdate all diskless clients by loading archives on each client"
echo "\tthat mounts exec-dir as /usr. <exec-dir> must start with"
echo "\t-f force bfu to continue even if it doesn't seem safe"
fail "\t-h|-help print this usage message and exit\n"
}
while [ $# -gt 0 ]; do
case $1 in
-f) force_override=yes;;
*) break;;
esac
shift
done
# We prefer to use ppriv, as it is a more accurate test, and also
# has the benefit of preventing use from within a local zone.
fail "bfu requires all privileges"
else
# Fall back to old id check if system does not yet have ppriv.
[ "$uid" = "uid=0(root)" ] || \
fail "You must be super-user to run this script."
fi
cpiodir=$1
fi
cd $cpiodir
case `echo generic.root*` in
*) fail "generic.root missing or in unknown compression format";;
esac
root=${2:-/}
# Make sure we extract the sun4u-us3 libc_psr.so.1
then
fi
else
fi
else
fi
fi
fi
then
cd $cpiodir
#
# Look through all the archives we build and match
# the names of built archives with the names of
# directories installed on this machine. We assume
# here that we can get the names of all architectures
# by pattern matching the names of .root archives - so
# if we ever had a case where we had only a .usr archive
# we wouldn't find that archive.
#
do
continue;
fi
rootarchs="${rootarchs} ${platname}"
fi
usrarchs="${usrarchs} ${platname}"
fi
fi
fi
done
fi
else
usrroot=$2
case $2 in
*sparc*)
target_isa=sparc ;;
*i386*)
target_isa=i386 ;;
esac
cd $cpiodir
# XXX Pick karch as last available root arch
# XXX Pick plat as first available root arch
rootlist=""
do
done
print "Loading $cpiodir root archives on:"
do
print "\t$root"
done
fi
nss_lib64="$usr/lib/mps/64/libnss3.so"
rpath_msg="(RPATH from file ${nss_lib})"
if [ "$force_override" = yes ]; then
else
fail "Install the SUNWtoo package."
fi
fi
if [ $valid_rpath != "$nss_rpath" ]; then
if [ "$force_override" = yes ]; then
echo "$nss_lib is not valid but -f is set; continuing."
else
echo "$nss_lib is not valid."
fail "Run $update_script to update the SUNWtls package."
fi
fi
echo "$nss_lib64 does not exist."
fail "Run $update_script to update the NSS packages."
fi
if [ "$force_override" = yes ]; then
echo "BIND 9 has not been installed, but -f is set; continuing."
else
echo "BIND 8 has been removed from ON; BIND 9 is available from SFW."
fail "Run $update_script to migrate to BIND 9."
fi
fi
# CE version 1.148 or later is required
if [ "$cever" = "BAD" ]; then
fail "You must run $update_script to upgrade your ce driver."
fi
fi
if [ $? -ne 0 ]; then
echo "biosdev cannot be run on this machine."
echo "Transitioning from classic to multiboot requires a"
echo "bootconf which is compatible with biosdev."
echo "bfu to onnv_12 first, then to a build with multiboot."
fail ""
fi
fi
fi
print "\nCreating bfu execution environment ..."
#
# Save off a few critical libraries and commands, so that bfu will
# continue to function properly even in the face of major
#
bfucmd="
"
#
# Scripts needed by BFU. These must be modified to use the interpreters in
# libraries in the archives being extracted.
#
bfuscr="
"
#
# basename and dirname may be ELF executables, not shell scripts;
# make sure they go into the right list.
#
fi
fi
set $bfucmd
while [ $# -gt 0 ]
do
dir=${1%/*}
cd $dir
shift
done
#
# Optional commands. We warn, but do not abort, if we are crossing a
# feature boundary (where a command is not present in the parent).
# Clauses requiring these commands must explicitly test for their
#
"
set $bfuoptcmd
while [ $# -gt 0 ]
do
dir=${1%/*}
cd $dir
shift
done
#
# set up installgrub and friends if transitioning to multiboot
# do this now so ldd can determine library dependencies
#
"
if [ $multiboot_archives = yes ]; then
do
if [ -f $cmd ]; then
else
if [ ! -d $MULTIBOOT_BIN_DIR ]; then
echo "$MULTIBOOT_BIN_DIR: not found"
elif [ ! -f $MULTIBOOT_BIN_DIR/$file ]; then
echo "$MULTIBOOT_BIN_DIR/$file: not found"
fi
if [ $copying_mboot_cmds = no ]; then
echo "installing files from $MULTIBOOT_BIN_DIR"
fi
fi
done
fi
#
# If available, use ldd to determine which libraries bfu depends on.
# Otherwise, just make an educated guess.
#
else
bfulib="
"
fi
# add dlopen()'ed stuff
bfulib="
"
# add libc_psr.so.1, if available and not empty
bfulib="
"
fi
#
# Create 64 bit directory structure and determine 64 bit arch name.
#
then
#
# Copy libraries to proper directories
#
do
*/64/* | */$link/*)
*)
esac
done
#
# Private 64 bit runtime linker.
#
else
fi
do
sed -e 's/\/usr\/bin\//\/tmp\/bfubin\//g' \
done
#
# scripts used together with multiboot
#
"
if [ $multiboot_archives = yes ]; then
do
if [ -f $cmd ]; then
else
if [ ! -d $MULTIBOOT_BIN_DIR ]; then
echo "$MULTIBOOT_BIN_DIR: not found"
fail ""
fi
if [ ! -f $MULTIBOOT_BIN_DIR/$file ]; then
echo "$MULTIBOOT_BIN_DIR/$file: not found"
fail ""
fi
echo "copying $file from $MULTIBOOT_BIN_DIR"
fi
sed 's/\/usr\/bin\//\/tmp\/bfubin\//g' \
done
fi
{
# /etc/datalink.conf needs to be populated.
drivers="bge rge xge"
if [ ! -f $conf ]; then
# nothing to do if we bfu'ed from an archive that doesn't
# provide /etc/datalink.conf
return
fi
do
while read ifname
do
echo "skipping invalid interface $ifname"
continue
fi
if [ $? -ne 0 ]; then
# An entry for that interface does not exist
printf \
>> $conf
fi
done
done
}
{
# names begin with [SK][0-9][0-9]. Additionally, in case an S or K
# file was previously delivered as a symbolic link or the hard link
# [SK][0-9][0-9] followed by the basename of the file we're going
print "Removing init.d links ... \c"
fi
print "done."
}
#
# Remove the old 5.005_03 version of perl.
#
{
# Packages to remove.
typeset -r perl_pkgs='SUNWopl5m SUNWopl5p SUNWopl5u'
typeset -r pkgroot=${rootprefix:+-R $rootprefix}
typeset pkg
#
# First, attempt to remove the packages cleanly if possible.
#
printf 'Removing perl 5.005_03 packages'
for pkg in $perl_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
printf '\n'
#
# Remove any remaining 5.005_03 files,
#
# Directories.
}
#
#
{
# Packages to remove
typeset -r bind8_pkg='SUNWinamd'
typeset -r pkgroot=${rootprefix:+-R $rootprefix}
typeset pkg
#
# We cann't pkgrm SUNWinamd at this time as the BIND 9 binaries are
# Remove BIND 8 packages from $rootprefix/var/sadm/install/contents
#
for pkg in $bind8_pkgs
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
# Cleanup any BIND 8 specific files, symlinks.
#
# files and symlinks.
rm -f $usr/sbin/named-xfer
rm -f $usr/lib/nslookup.help
rm -f $usr/sbin/named-bootconf
printf 'done.\n'
}
#
# Remove the 5.8.3 version of perl.
#
{
#
# Copy perl 5.8.3 into the new 5.8.4 locations. This will preserve
# any add-on modules that might have been installed, and any 5.8.3
# core files that get copied over will be replaced by the new 5.8.4
# versions when the cpio archives are subsequently extracted.
#
printf 'Preserving user-installed perl modules...\n'
mkdir -p $usr/perl5/vendor_perl/5.8.4
cp -rp $usr/perl5/vendor_perl/5.8.3/* \
$usr/perl5/vendor_perl/5.8.4
#
# to 5.8.4 instead of 5.8.3. Take care to edit only scripts.
#
typeset script
sed -e \
fi
done
#
# Packages to remove.
#
typeset -r perl_pkgs='SUNWperl583man SUNWperl583usr SUNWperl583root'
typeset -r pkgroot=${rootprefix:+-R $rootprefix}
#
# First, attempt to remove the packages cleanly if possible.
#
typeset pkg
printf 'Removing perl 5.8.3 packages'
for pkg in $perl_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
printf '\n'
#
# Remove any remaining 5.8.3 files,
# and fix up the symlinks if necessary.
#
# Directories.
rm -rf $usr/perl5/vendor_perl/5.8.3
# bin symlink.
# pod symlink.
#
# man symlink. In earlier S10 builds the man symlink mistakenly points
# to the 5.6.1 manpages, instead of 5.8.3. Fix to point to 5.8.4.
#
}
#
#
{
# Packages to remove
typeset -r fns_pkgs='SUNWfnx5x SUNWfnsx5 SUNWfnsx SUNWfns'
typeset -r pkgroot=${rootprefix:+-R $rootprefix}
typeset pkg
#
# First, attempt to remove the packages cleanly if possible.
#
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
#
# directories.
rm -rf $rootprefix/etc/fn
rm -rf $rootprefix/var/fn
# files and symlinks.
rm -f $rootprefix/etc/fn.conf
rm -f $usr/sbin/fncreate_fs
rm -f $usr/lib/libfn_p.so
rm -f $usr/lib/libfn_p.so.1
rm -f $usr/lib/libfn_spf.so
rm -f $usr/lib/libfn_spf.so.1
rm -f $usr/lib/libxfn.so.1
rm -f $usr/lib/libxfn.so.2
rm -f $usr/lib/sparcv9/libfn_p.so
rm -f $usr/lib/sparcv9/libfn_p.so.1
rm -f $usr/lib/sparcv9/libfn_spf.so
rm -f $usr/lib/sparcv9/libxfn.so.1
rm -f $usr/lib/sparcv9/libxfn.so.2
}
# Packages to remove
typeset -r face_pkgs='SUNWfac'
typeset -r pkgroot=${rootprefix:+-R $rootprefix}
typeset pkg
printf 'Removing AT&T FACE... '
#
# First, attempt to remove the packages cleanly if possible.
#
for pkg in $face_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
# Remove FACE from $rootprefix/var/sadm/install/contents
#
for pkg in $face_pkgs
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
# Cleanup any remaining FACE files, symlinks, and directories.
#
}
#
# Remove obsolete smartii setprop from bootenv.rc
#
# Don't touch bootenv.rc unless it contains obsolete property
res=$?
if [ -f $srcbootenvrc -a $res -eq 0 ]; then
fi
rm -f $tmpbootenvrc
}
{
# This is a "copy" of the SUNWcry* postinstall scripts.
# We enable the encryption kit aes256, arcfour2048, and blowfish448 modules.
# This is needed to ensure bfu users continue to have the full strength of
# cryptographic algorithms they use.
print "Simulating SUNWcry* installation...\c"
's/^arcfour:/arcfour2048:/'\
cp $ipsecalgs ${ipsecalgs}.tmp
$ipsecalgs > ${ipsecalgs}.tmp
mv -f ${ipsecalgs}.tmp $ipsecalgs
# Since we do that for the kernel we do it for userland as well.
# "Clone" the policy for pkcs11_softtoken to the encryption kit version
# and "disable" pkcs11_softoken.
$pkcs11conf > ${pkcs11conf}.tmp
mv -f ${pkcs11conf}.tmp $pkcs11conf
print "\n"
}
#
# Add metaslot configuration to pkcs11.conf if it doesn't already exist
#
{
if [ $? != 0 ] ; then
print "Adding cryptographic framework's meta slot feature"
export metaslot_config=\
"metaslot:metaslot_status=enabled;metaslot_auto_key_migrate=enabled;"\
"metaslot_token=Sun Software PKCS#11 softtoken;"\
"metaslot_slot=Sun Crypto Softtoken"
nawk '/^# End SUNWcsr/ \
{ print ENVIRON["metaslot_config"] } \
{ print } \
' ${pkcs11conf} > ${pkcs11conf}.tmp
mv -f ${pkcs11conf}.tmp $pkcs11conf
print "\n"
fi
}
{
#
# This checks to see if the old 'gl' and 'do' directories
# for the Kerberos GSS-API mechanisms can be deleted.
# subdirs may be deleted.
#
print "Cleaning up old Kerberos GSS-API mechanisms...\c"
if [ -f $usr/lib/gss/mech_krb5.so.1 ]; then
#
# There is a mech in the "new" location, so
# the old stuff can be deleted.
#
fi
fi
fi
if [ -f $usr/lib/sparcv9/gss/mech_krb5.so.1 ]; then
fi
fi
fi
#
# Cleanup kernel mechanisms from default location
#
if [ -f $rootprefix/$kerneldir/kmech_krb5 ]; then
if [ -f $rootprefix/$kerneldir/gl_kmech_krb5 ]; then
fi
if [ -f $rootprefix/$kerneldir/do_kmech_krb5 ]; then
fi
fi
#
# For SPARC, cleanup from 2 locations.
#
#
if [ -f $rootprefix/$kerneldir_sparc/kmech_krb5 ]; then
if [ -f $rootprefix/$kerneldir_sparc/gl_kmech_krb5 ]; then
fi
if [ -f $rootprefix/$kerneldir_sparc/do_kmech_krb5 ]; then
fi
fi
#
#
if [ -f $rootprefix/$kerneldir_sparc/kmech_krb5 ]; then
if [ -f $rootprefix/$kerneldir_sparc/gl_kmech_krb5 ]; then
fi
if [ -f $rootprefix/$kerneldir_sparc/do_kmech_krb5 ]; then
fi
fi
#
# Make sure the GSS mechanism configuration file is correct
#
$gssmechconf > ${gssmechconf}.tmp
if [ $? -eq 0 ]; then
mv -f ${gssmechconf}.tmp $gssmechconf
else
echo "WARNING: update of $gssmechconf failed."
return 1
fi
fi
print "\n"
}
mpxiodisableno='^[ ]*mpxio-disable[ ]*=[ ]*"no"[ ]*;'
mpxiodisableyes='^[ ]*mpxio-disable[ ]*=[ ]*"yes"[ ]*;'
#
# disable mpxio on fp(7D) ports using fp.conf
#
{
test -f $conffile || return
print "To preserve device names, disabled mpxio on fp(7D) ports by"
> $tmpfile
print "changing the value of mpxio-disable to \"yes\" in" \
else
print "adding mpxio-disable=\"yes\" entry to $conffile"
fi
}
#
# enable mpxio in scsi_vhci
#
{
#
# depending on whether the bfu restored the child's or parent's version
# of scsi_vhci.conf file, we may already have the file with the change
# we need in place. So make the change only if necessary.
#
print "To preserve device names, restored your current mpxio" \
"configuration by"
tmpfile=/tmp/scsi_vhci.conf.$$
> $tmpfile
print "changing the value of mpxio-disable to \"no\" in" \
else
print "adding mpxio-disable=\"no\" entry to $conffile"
fi
}
#
#
{
# if scsi_vhci.conf doesn't exist return
test -f $conffile || return
#
# Determine the mpxio setting in the child. If the system was bfued
# before and running with mpxio on by deafult bits, can't rely on the
# mpxio-disable entry in the child's scsi_vhci.conf file as it may
# contain stale left over entries.
#
if [ -f $ancestorconffile ]; then
#
# prior to the bfu the system was running with
# mpxio off by default bits.
#
fi
else
fi
# these bits require explicit enabling of mpxio at in scsi_vhci
if [ $mpxio_child -eq 1 ]; then
$rootprefix/kernel/drv/fp.conf || \
fi
else
#
# these bits have mpxio enabled by default in scsi_vhci.
# if mpxio is disabled in the child, disable mpxio on all
# fp(7D) ports using fp.conf.
#
[ $mpxio_child -eq 0 ] && disable_mpxio_using_fpconf
fi
}
#
# Check to see if root in $1 has a mounted boot, and that
# it's mounted at the right place for bfu to handle it.
#
# Returns 0 (true) if bfu can handle the upgrade; fails if not
#
{
ROOT=$1
# find out if, and where, boot is mounted
else
BOOTMNT="/boot"
fi
cat << BOOTMOUNTERR
${ROOT} refers to an x86 boot partition, but it's not mounted
at ${ROOT}/boot.
BOOTMOUNTERR
fail "Mount ${ROOT}s bootpart at ${ROOT}/boot.\n\n"
fi
fi
return 0
}
# update the realmode boot programs at $1 (root)
{
PBOOT=$1
BOOTBLK=$2
DEVICE=$3
if [ ! -f $PBOOT ]; then
echo "$PBOOT: File not found"
return 1
fi
if [ ! -f $BOOTBLK ]; then
echo "$BOOTBLK: File not found"
return 1
fi
if [ ! -c $DEVICE ]; then
echo "$DEVICE: Not a character device"
return 1
fi
if [ ! -w $DEVICE ]; then
echo "$DEVICE: Not writeable"
return 1
fi
# pboot at block 0, label at blocks 1 and 2, bootblk from block 3 on
return 0
}
{
ROOT=$1
# go get new versions of boot files into TMPDIR
OLD_PWD=$(pwd)
cd $TMPDIR
# i86pc.boot archive
# i86pc.usr archive
cd $OLD_PWD
if [ $? -eq 0 ] ; then
echo 'Updating /boot on x86 boot partition.'
if [ ! -f ${TMPDIR}/$f ]; then
fail "Missing $f, aborting."
fi
done
TMP_FDFILE1=${TMPDIR}/fdfile1.$$
# Obtain the disk table; it will look something like the following:
#
# * Id Act Bhead Bsect Bcyl Ehead Esect Ecyl Rsect Numsect
# 130 128 27 28 0 242 9 553 1728 8897472
#
# Delete all blank lines, and all lines that begin with *,
# leaving only actual fdisk entries that we can scan
# looking for the X86BOOT partition
num=1
do
# Ignore entry if not X86 /boot partition
# ID '190' is the X86BOOT partition (see man fdisk(1M))
continue
fi
# Found X86 boot partition - save contents to $DDCOPY
echo "Boot device is <${BOOTPART}>"
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to save copy of <${BOOTPART}>."
fi
# mount copy of old /boot partition
if [ $? -ne 0 ] ; then
[ -n "${LOBOOTDEV}" ] && echo "${LOBOOTDEV}"
fail "Unable to make lo-device <${DDCOPY}>"
fi
SOURCE_BOOT_DEV="${TMPDIR}/tmpbootdev.$$"
${SOURCE_BOOT_DEV})
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount lo-device <${LOBOOTDEV}>."
fi
# recreate existing boot partition with updated
# boot files
# umount ${ROOT}'s /boot if mounted
if [ -n "${BOOTMOUNTPT}" ] ; then
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to umount X86 boot device."
fi
fi
echo "Making new pcfs file system on ${DISKID}"
if [ $? -ne 0 ] ; then
echo "Unable to make pcfs:"
fail ""
fi
echo "Copying x86 boot partition contents back\c"
echo " to new /boot fs."
OLD_PWD=$(pwd)
echo "Remounting freshened /boot partition"
if [ -z "${BOOTMOUNTPT}" ] ; then
# boot ptn wasn't mounted
else
fi
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount X86 boot device."
fi
# copy old /boot contents
cd ${SOURCE_BOOT_DEV}
if [ $? -ne 0 ] ; then
fail "Unable to copy boot partition contents."
fi
cd ${OLD_PWD}
# unmount and rm our boot mount, if we created it
if [ -z "${BOOTMOUNTPT}" ] ; then
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
fi
# unmount, un-lofi, and rm SOURCE_BOOT_DEV
ERRMSG=$(umount ${SOURCE_BOOT_DEV} 2>&1)
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
rm -rf ${SOURCE_BOOT_DEV}
done < ${TMP_FDFILE1}
rm ${TMP_FDFILE1} ${LOGFILE} ${DDCOPY}
else
# non boot-partition: use installboot to get pboot and bootblk
echo "Updating /boot on Solaris partition."
if [ -z "${ROOTRAWDEV}" ] ; then
[ -n "${ROOTRAWDEV}" && echo "${ROOTRAWDEV}" ]
fail "${SEARCH} must be a mounted filesystem"
fi
echo "Updating Solaris partition ${ROOTRAWDEV} with installboot"
REQFILES="pboot bootblk"
if [ ! -f ${TMPDIR}/$f ]; then
fail "Missing $f, aborting."
fi
done
if [ $? -ne 0 ] ; then
fi
fi
}
print "Verifying archives ..."
do
done
old_style_archives="true"
"missing;\npossible mkbfu version mismatch: pre-zones" \
"style archives with zones files."
fi
do
done
do
if [ -f $prologue ]; then
print "Executing $prologue"
fi
done
print "Performing basic sanity checks ..."
do
done
if [ "$karch" = "sun4u" ] &&
then
if [ "$force_override" = "no" ] &&
then
print "\n\nERROR: You are upgrading to a 64-bit-only OS. " \
"Your frame buffer does not have a 64-bit driver and " \
"will not work after reboot. To proceed you must run " \
"bfu with the -f flag.";
exit;
fi;
fi;
[ "$force_override" = "no" ];
then
print "\nERROR: These archives do not have Ultra-1 platform support." \
"\nProceeding with this BFU may render this machine unbootable." \
"\nTo proceed anyway, you must run bfu with the -f flag.\n";
exit;
fi;
do
rootprefix=${root%/}
done
#
# Perform additional sanity checks if we are upgrading the live system.
#
if [ "$rootlist" = "/" ]
then
#
# Disallow from older releases
#
fail "Cannot bfu from pre-Solaris $MINIMUM_OS_REV"
fi
#
# Filesystem space checks
#
while [ $# -gt 0 ]
do
fail "Less than $2 MB free on $1 -- bfu not safe."
shift 2
done
#
# Disable kernel module unloading
#
print "Disabling kernel module unloading ... \c"
#
# Load modules and drivers here not to reload them when you access
# /devices or its subdirectories later.
#
do
done
#
# Stop init(1M) so extraction/manipulation of inittab is safe.
#
print "Quiescing init ..."
pstop 1
then
fi
# umount /platform/$PLAT/lib/libc_psr.so.1 if necessary
then
print "Unmounting /platform/$PLAT/lib/libc_psr.so.1 ..."
else
# umount /platform/$ARCH/lib/libc_psr.so.1 if necessary
then
print "Unmounting /platform/$ARCH/lib/libc_psr.so.1 ..."
fi
fi
# umount /platform/$PLAT/lib/sparcv9/libc_psr.so.1 if necessary
then
print "Unmounting /platform/$PLAT/lib/sparcv9/libc_psr.so.1 ..."
else
# umount /platform/$ARCH/lib/sparcv9/libc_psr.so.1 if necessary
then
print "Unmounting \c"
print "/platform/$ARCH/lib/sparcv9/libc_psr.so.1 ..."
fi
fi
# umount /platform/sun4u-us3/lib/libc_psr.so.1 if necessary
then
print "Unmounting /platform/sun4u-us3/lib/libc_psr.so.1 ..."
fi
# umount /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1 if necessary
then
print "Unmounting /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1 ..."
fi
#
# Stop any running zones: the init script will print a
# message if needed.
#
#
# Calling the zone service method directly is
# the most straightforward way to block until
# all zones are halted. Finding a way that
# works once zones are made restartable is an
# exercise left to the reader.
#
fi
fail "zone(s) failed to halt"
#
# Determine the installed zones, which we will want to do
# after we're done with the global zone. This is done now
# rather than later in case bfu'ing the global zone causes
# the zone configuration to become unreadable (e.g., via a
# DTD flag day).
#
if ($3 == "installed") {
printf "%s %s\n", $2, $4
}
fi
#
# Stop sendmail so that mail doesn't bounce during the interval
#
# remains post-smf(5) because it is a public interface.)
#
print "Disabling sendmail temporarily ..."
else
print "Killing sendmail ..."
fi
print "Disabling remote logins ..."
#
# Stop syslogd so it doesn't interfere with saving preserved files.
#
print "Killing syslogd ..."
print "Disabling syslog temporarily ..."
fi
#
# Stop apache so it doesn't get upset when the entire world changes
# out from underneath it.
#
print "Killing httpd ..."
print "Disabling httpd temporarily ..."
fi
#
# Kill off fmd so it doesn't get upset when the entire world changes
# out from underneath it.
#
print "Killing fmd ..."
print "Disabling fmd temporarily ..."
fi
#
# Stop nscd so it doesn't interfere with stuff.
#
print "Killing nscd ..."
print "Disabling nscd temporarily ..."
fi
then
fi
else
#
#
fail "Cannot bfu from pre-Solaris $MINIMUM_OS_REV"
fi
fi
then
fi
# turn off auxiliary filters, since they can cause objects to be loaded
# from outside of the protected environment.
export LD_NOAUXFLTR=1
#
# Since we've turned off auxiliary filters, libc_psr will normally not
# be loaded at all. But libc_psr was overriding broken code in libc
# for over a week before the fix for 6324631, so we need to explicitly
# LD_PRELOAD it to allow users to bfu from the broken libc. This can be
# removed once there are no sun4u machines bfued to Nevada bits between
# 9/7/2005 and 9/15/2005.
#
fi
print "Turning on delayed i/o ..."
#
# The "| tee -a $EXTRACT_LOG" following do_extraction() is not pulled into the
# function itself because it interferes with the cpio exit status detection.
# pcfs boot is an exception, since its cpio exit status is expected to be bad,
# so a heuristic must be employed to infer whether or not any errors occurred.
#
shift
$ZCAT $compressed_archive | cpio -idmucB $* 2>&1 \
|| extraction_error "extracting archive $1"
}
egrep -s -v blocks $PCFS_BOOT_LOG
if [ $? -eq 0 ]; then
extraction_error "extracting archive $1 ... see $PCFS_BOOT_LOG"
else
rm -f $PCFS_BOOT_LOG
fi
}
#
# Usage: extract_archives (root|usr|lib|sbin|kernel) arch-list
#
base=$1
shift
do
| tee -a $EXTRACT_LOG
[ -f etc/svc/repository.db ] &&
[ -e etc/repository_door ] &&
tee -a $EXTRACT_LOG
else
| tee -a $EXTRACT_LOG
fi
done
cd $root
}
base=$1
shift
cd $root
do
continue
fi
| tee -a $EXTRACT_LOG
if [ $boot_is_pcfs = yes ]; then
else
tee -a $EXTRACT_LOG
fi
if [ "$?" = "0" ]; then
fi
done
cd $root
}
#
# Classic boot pboot and bootblk compatibility with old archives
#
{
# they should already be there, but...
print "Installing pboot from $NEWPBOOTDIR"
fi
if [ -f $NEWBOOTBLK -a ! -f $BOOTBLK ]; then
print "Installing bootblk from $NEWPBOOTDIR"
fi
print "Updating pboot from $NEWPBOOT"
fi
fi
if [ -f $NEWBOOTBLK -a -f $BOOTBLK ]; then
print "Updating bootblk from $NEWBOOTBLK"
fi
fi
print "Installing boot block."
( cd $PBOOTDIR ;
install_boot_i386 ./pboot ./bootblk ${rootslice%??}s2 )
fi
#
# exists.
#
if [ ! -h ${OLDBOOTDIR} -a -f ${OLDBOOTBIN} ] ;
then
print "Removing old boot.bin."
rm -rf ${OLDBOOTBIN}
fi
}
#
# Multiboot support
#
"
#
# transition from multiboot to dca
#
{
fi
if [ $is_pcfs_boot = yes ]; then
if [ $? -eq 0 ]; then
# save configurable files from /boot
# before remounting /stubboot.
# files are relative to /boot.
for file in $saved_boot_files
do
done
echo "unmount $bootdev at $rootprefix/stubboot"
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to umount $bootdev on $rootprefix/stubboot."
fi
# adjust vfstab
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount $bootdev on $rootprefix/boot."
fi
fi
fi
}
{
# ensure bootpath is in $rootprefix/boot/solaris/bootenv.rc
# It's ok to put a meta device path in there
if [ $? != 0 ]; then
fi
fi
if [ ! -f $rootprefix/boot/mdboot ]; then
return
fi
rm -f $rootprefix/boot/mdboot
}
#
# Detect SVM root and return the list of raw devices under the mirror
#
{
rootdevlist=`metastat -p $metavol |\
fi
for rootdev in $rootdevlist
do
done
}
#
# Done once per transition from classic (dca) to multi boot
#
{
if [[ -n $bootdev ]] ; then
# Remount boot partition as /stubboot, set up new /boot
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount $bootdev on $rootprefix/stubboot."
fi
mkdir -p $rootprefix/boot
cp -r $rootprefix/stubboot/* $rootprefix/boot
sed <$rootprefix/etc/vfstab \
-e "s/[ ]\/boot[ ]/ \/stubboot /" | \
sed -n >$rootprefix/etc/vfstab+ '
/p0:boot/ {
s/[ ]no/ yes/
}
p
'
fi
}
#
# multiboot: install grub on the boot slice
#
{
if [ $is_pcfs_boot = no ]; then
get_rootdev_list | while read rootdev
do
print "Install grub on $rootdev"
done
else
# copy /boot grub & solaris to /stubboot
# Adjust grub paths relative to pcfs filesystem
#
# Run installgrub after copying stubboot to avoid overwriting
#
print "Install grub on $rbootdev"
fi
fi
}
{
rootdev=$1
#
# Use biosdev to get the bios disk number
#
}
#
# multiboot: set up initial grub menu
#
{
grubhd=$1
#
# Append some useful entries to the existing menu
#
echo "GRUB menu entry 'Solaris' boots to eeprom(1m) settings"
if [ -f ${rootprefix}/boot/multiboot ] &&
[ -f ${rootprefix}/boot/x86.miniroot-safe ] ; then
${rootprefix}/boot/solaris/bootenv.rc | cut -f 2 -d \'`
if [ -z "${TTY}" ] ; then
${rootprefix}/boot/solaris/bootenv.rc | \
cut -f 2 -d \'`
fi
if [ "${TTY}" = "ttya" ] || [ "${TTY}" = "ttyb" ] ; then
FS_CONSOLE="-B console=${TTY}"
fi
>> $MENU
fi
}
{
if [ ! -f /boot/multiboot -o ! -f /boot/x86.miniroot-safe ] && \
[ -x ${GATEPATH}/public/bin/update_failsafe ] ; then
fi
}
{
get_rootdev_list | while read rootdev
do
#
# Wallow through fdisk to get the active partition number
# Partition numbering is zero-based
#
part=0
do
# Find solaris partition, either older 130 or 191
break
fi
done
grubhd="(hd${biosdisk},${part},${gslice})"
#
# update the grub menu if it doesn't exist or
# doesn't have usable boot entries
#
if [ -f $MENU ]; then
if [ $? -eq 1 ]; then
fi
else
fi
done
}
#
# Build the multiboot boot archive
#
{
echo "Create ${rootprefix}/platform/i86pc/boot_archive"
#
# We should be able to run bootadm here but that's a
# little more complicated than one would think
#bootadm_args=${rootprefix:+-R $rootprefix}
cr_args=${rootprefix:+ -R $rootprefix}
#
# Disable the boot-archive service on the first boot
# to silence complaints about new files
# svccfg -s system/boot-archive setprop start/exec = true
cat >$rootprefix/lib/svc/method/boot-archive <<"EOF"
exit 0
cat >$rootprefix/etc/rc2.d/S99postbfu <<EOF
#!/bin/sh
#
case "\$1" in
'start')
cp /bfu.conflicts/lib/svc/method/boot-archive /lib/svc/method/boot-archive
chmod +x /lib/svc/method/boot-archive
rm -f /etc/rc2.d/S99postbfu
;;
*)
echo "usage: \$0 start"
exit 1
;;
esac
exit 0
EOF
}
{
cat >$rootprefix/lib/svc/method/boot-archive <<EOF
#!/sbin/sh
. /lib/svc/share/smf_include.sh
. /lib/svc/share/fs_include.sh
exit 0
EOF
}
typeset pkgroot
typeset pkg
root=$1
zone=$2
# If the archives being installed contain i86pc.boot,
# check to see if it contains strap.com, one of the
# four possibly-required booters. If i86pc.boot does,
# try to upgrade the realmode booters from the current
# archive set.
#
# Don't bother doing the upgrade for diskless bfu, as the boot
# will be done with floppy or PXE, which must match the build
# anyway (floppy must match or add_install_client must be
# rerun), and in any event we can't touch the boot bits
# for diskless boot from here. Also don't do this for
# any zone but 'global'.
rootprefix=${root%/}
then
if boot_is_upgradeable $root && \
[ -f $cpiodir/i86pc.boot$ZFIX ] && \
print "\nUpdating realmode boot loaders\n"
fi
if [ $multiboot_archives = yes ]; then
if [ $is_pcfs_boot = yes ]; then
fi
fi
fi
SECONDS=0 # time each iteration
print "\nSaving configuration files in $rootprefix/bfu.child ... \c"
cd $root
rm -rf bfu.default bfu.restore # historical
fail 'failed to save config files'
#
# If the var/sadm/system/admin/INST_RELEASE file still exists,
# this system has never been bfu'd before. Therefore, the
# can be used to determine whether files have been modified
# since installation (the bfu.ancestors directory serves this
# purpose for systems that have already been bfu'd.)
#
if [ -f var/sadm/system/admin/INST_RELEASE ] ; then
else
fi
#
# bfu'ed systems are not upgradeable; prevent suninstall from
# even *presenting* the upgrade option by removing INST_RELEASE.
#
#
# Hacks to work around minor annoyances and make life more pleasant.
# Part 1 of 2: pre-archive-extraction stuff
#
#
# Do not remove remove_initd_links, since this makes sure things
# work properly when init scripts are shuffled around.
#
#
# Remove rc.d scripts and things made superfluous by smf.
# Backwards BFUs will resurrect them from the archives.
#
#
# New, enabled-by-default services need to be checked for, such
# that their enabled status is not flipped by BFU after their
# initial arrival.
#
#
# Remove obsolete Sun-Fire-880 (daktari) FMA Fault Tree directory
# and file. Backwards BFUs will resurrect them from the archives.
#
if [ $target_isa = sparc ]; then
fi
#
# Remove old FMA dictionary files
#
rm -f $usr/lib/fm/SUN4U.dict
rm -f $usr/lib/fm/SUNOS.dict
#
# Remove old FMA .eft files and directories
#
#
# Remove obsolete buildmnttab script. Backwards BFUs will
# resurrect it by extracting it from the archives.
#
rm -f $root/etc/init.d/buildmnttab
#
# Break-up of inetsvc, inetinit & network -- remove both the old
# and new init scripts. The correct ones will be extracted from
# the archives whether bfu'ing backwards or forwards.
#
# old: need to remove going forwards:
#
rm -f $root/etc/rc0.d/K42inetsvc
rm -f $root/etc/rc1.d/K42inetsvc
rm -f $root/etc/rcS.d/K42inetsvc
rm -f $root/etc/rcS.d/S29network.sh
#
# new: need to remove going backwards:
#
rm -f $root/etc/init.d/domainname
rm -f $root/etc/rc2.d/S69domainname
rm -f $root/etc/rcS.d/S28network.sh
#
# Remove Zones init scripts: they will be extracted properly
# going forwards; after going backwards, they will be gone,
# thus preventing scary warnings on subsequent bfu's.
#
#
# Remove <inet>6 STREAMS modules; these no longer exist (and
# should never have existed in the first place).
#
#
# Remove old ZFS binaries (back when it was three modules)
#
rm -f $root/kernel/drv/zpool.conf
rm -f $root/kernel/drv/zpool.cache
#
# Remove /usr/lib/old_libthread since support for it has
# been removed from the kernel in Solaris 10. If this is
# a backwards BFU, it will all be extracted again by cpio.
# Remove libconfig
rm -f $usr/lib/drv/config_md.so.1
rm -f $usr/include/config_md.h
# remove libssd
rm -f $usr/lib/libssd.so.1
# remove libap
rm -f $usr/lib/libap_dmd.a
rm -f $usr/lib/libap_dmd.so.1
# remove libintpos
rm -f $usr/lib/libintpos.a
rm -f $usr/lib/libintpos.so.1
# Remove obsolete abi subdirectories
fi
#
# Remove old stuff related to libthread now that libthread has
# been folded into libc and libthread_db has been renamed libc_db.
# In addition, all the apptrace's tracing libraries (i.e., abi_*.so*)
# are no longer needed, should be removed.
rm -f \
#
# /lib is now a real directory in the root filesystem.
# Remove all of the old static libraries and commands now
# that we no longer build them. If this is a backwards
# BFU, all this will all be extracted again by cpio.
rm -f \
$usr/ccs/lib/libpanel.a \
#
# Remove other obsolete files, too
rm -f \
#
# libc_psr.so.1 and libmd5_psr.so.1 have been moved
# Remove the old files and their containing directories
rm -f $usr/platform/*/lib/libc_psr.so.1
rm -f $usr/platform/*/lib/libmd5_psr.so.1
#
# Remove obsolete profile libc symlinks
#
# Remove Legacy DR files, now obsolete due to NGDR Phase II putback
#
STARFIRE_PLAT=platform/SUNW,Ultra-Enterprise-10000
rm -f \
# Solstice Enterprise Agent(SEA) : mib-II subagent mibiisa
# needs to be disabled during startup. SMA(System Management Agent)
# has the capability to support mib-II requests.
# The correct ones will be extracted from
# the archives whether bfu'ing backwards or forwards.
#
# old: need to remove going forwards:
#
# new: need to remove going backwards:
# remove old terminal emulator module:
# (renamed from 'terminal-emulator' to 'tem')
#
# old: need to remove going forwards:
#
# new: need to remove going backwards:
#
# if any.
#
fi
fi
#
# Remove the snowbird sbin and include symlinks
#
if [[ -h $usr/platform/SUNW,Netra-CP2300/sbin ]] ; then
fi
if [[ -h $usr/platform/SUNW,Netra-CP2300/include ]] ; then
fi
# If we still have the old lp(7D) driver, remove it and its symlinks
# and header file. (If driver already gone, don't trample new symlinks.)
#
fi
#
# Remove V880 CPU DR files, program cancelled
#
DAKTARI_PLAT=platform/SUNW,Sun-Fire-880
rm -f \
#
# Remove crash(1M), now obsoleted by mdb(1). If this is a backwards
# BFU, it will be extracted again by cpio.
#
#
# Remove kadb(1M), now obsoleted by kmdb(1M)
#
#
# Remove old platform dmod symlinks
#
done
#
# Remove ADB macros
#
done
#
# Remove the SGENV driver from the Sun-Fire directory structure.
# If this is a backwards BFU, it will be extracted again by cpio.
#
#
# Remove sun4m
#
if [ $target_isa = sparc ]; then
fi
rm -f $usr/include/sys/openprom.h
#
# Remove perl 5.005_03. If this is a backwards bfu,
# it will be extracted again by cpio.
#
fi
#
# Remove perl 5.8.3, but only if the generic.usr archive contains 5.8.4.
# If this is a backwards bfu, 5.8.3 will be extracted again by cpio.
#
fi
#
# be laying around. This check may be removed when a sufficient time
# has lapsed between the FMA putback as to ensure that no test machines
# still have development FMA bits.
#
[[ -h $platdir ]] && continue
done
# Remove pam_unix
#
rm -f $usr/lib/security/pam_unix.so
#
# Remove libldap.so.3
#
rm -f $usr/lib/libldap.so.3
rm -f $usr/lib/sparcv9/libldap.so.3
#
# Remove nss XFN support no longer used by printing
#
$rootprefix/bfu.child/etc/nsswitch.conf > /tmp/nssw.$$
rm -f $usr/lib/nss_xfn.so.1
rm -f $usr/lib/sparcv9/nss_xfn.so.1
#
#
if [ -d $rootprefix/etc/fn -o \
-d $rootprefix/var/fn ]; then
fi
#
# Remove AT&T FACE
#
fi
#
# Remove BIND 8, but only if the generic.usr archive doesn't contains
# be extracted again by cpio.
#
fi
#
# Remove any sendmailvars: line from /etc/nsswitch.conf
#
#
# Remove SUNWcoff package
#
pkgroot=${rootprefix:+-R $rootprefix}
if [ $target_isa = i386 ]; then
fi
# In case that did not work, do it manually.
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
fi
#
# Remove GMT* zoneinfo files
#
# Remove stc(7d)-related files
# Remove old CPC adb macros.
if [ $target_isa = sparc ]; then
fi;
# Remove obsolete DTrace demos
# Remove flashprom-related files.
if [ $target_isa = sparc ]; then
for x in $FLASHPROMLIST
do
done
fi;
if [ $RM_32BIT_KERNEL -eq 1 -a $zone = global ];
then
print "Removing 32-bit commands and kernel binaries ... \c";
$usr/lib/mdb/kvm/genunix.so \
$usr/lib/mdb/kvm/ufs_log.so \
print "done.";
fi;
#
# Remove kmdbmod from /kernel
#
#
# code reorg
#
#
# Remove the IPsec encryption and authentication modules.
# IPsec now uses the Kernel Crypto Framework for crypto.
#
#
# Remove obsolete SSA utility, firmware and fcode.
#
#
# Remove seg_drv, seg_mapdev driver
#
rm -f $root/kernel/misc/seg_mapdev
#
# Remove mpxio module
#
#
#
if [ $target_isa = sparc -a $zone = global ]; then
rm -f $usr/lib/adb/mdi_client
rm -f $usr/lib/adb/mdi_pathinfo
rm -f $usr/lib/adb/scsi_vhci_pkt
fi
#
# new: need to remove going backwards:
#
# Diskless clients have already extracted /usr so don't delete this
# Non-global zones never extracts /usr so don't delete these
#
fi
rm -f $root/lib/mpxio/stmsboot_util
#
# Remove rpcib misc module (converted to driver)
#
#
# Remove old smartcard header files
#
rm -f \
#
# Remove smartcard libraries that should not have been shipped.
#
#
# Remove external smartcard reader driver
#
#
# Remove old internal smartcard reader driver
#
#
# Remove Smart OS
#
#
# Remove drivers & header files for EOL of soc & pln drivers
# as per PSARC/2003/233
#
#
# PSARC/2003/629 Common Solaris Target Disk Driver
# remove adb macro "scsi_disk" for the x86 platform
#
if [ $target_isa = i386 ]; then
fi
# Remove CPCv1 API header per PSARC/2004/648
rm -f $usr/include/sys/cpc_event.h
# Remove headers per PSARC/2005/561
rm -f $usr/include/sys/nexusintr.h
# attempt to migrate any user-added files, which primarily live
# ship under that directory, then move any that remain to the
# new location, which we will `mkdir -p` just to be safe.
# If the zone in question is non-global, then skip all this.
#
# -d follow sym-links: make sure it's not a link.
# bfu'ing backwards does not merit such migration.
fi
fi
#
# Remove drivers and header files for EOF of Lance Ethernet
# driver(le) as per PSARC/2003/335.
#
#
# Remove drivers and header files for EOF of ieef driver as
# per PSARC/2003/009
#
#
# Remove drivers and header files for EOF of elx driver as
# per PSARC/2003/770
#
#
# Remove drivers for EOF of pe driver as per PSARC/2004/051
#
#
# Remove drivers for EOF of Compaq NCR, Compaq SMART2, AMI Mega
# PSARC/2004/207
#
rm -f $root/kernel/drv/cpqncr.conf
#
# Remove eisa nexus driver and header files for EOF of EISA
# support as per PSARC/2003/650
#
#
#
#
# Remove junk headers
#
#
# Remove obsolete x86 hat layer and associated adb scripts
#
#
# Remove drivers for EOF of chs as per PSARC/2005/581
#
#
# Remove drivers & header files for EOF of dbri as per PSARC 2005/582
#
#
# Remove drivers for EOF of pcscsi as per PSARC/2005/003
#
rm -f $root/kernel/drv/pcscsi.conf
#
# Remove drivers for EOF of dpt as per PSARC/2003/701
#
#
# Remove drivers for EOF of mlx driver as per PSARC/2003/701
#
#
# Remove snlb
#
#
# Remove objmgr
#
rm -f $root/kernel/drv/objmgr.conf
#
# Remove Floating Point Emulator for EOF as per PSARC/2003/651
#
#
# Remove 64-bit adp, cadp and cpqhpc
#
#
# Remove 64-bit i2o_bs, i2o_msg, i2o_scsi, pci_to_i2o, mscsi, ncrs,
# msm, spwr, bscv, bscbus
#
# Remove obsolete atomic_prim.h file.
#
# Remove sc_nct binary and the corresponding symlink to sc_nct from the
# Montecarlo platform specific directories (Reference: PSARC 2003/606).
# To be specific, the following binary will be removed.
# Also, the following symlink will be removed.
#
fi
#
# In case of bfu to an older release, remove traces of "new"
# Kerberos mechanisms. Kerberos libraries and paths are corrected
# after extraction is complete.
#
#
# Diskless clients have already extracted /usr so don't delete these
# Non-global zones never extracts /usr so don't delete these
#
rm -f $usr/lib/gss/mech_krb5.so
rm -f $usr/lib/gss/mech_krb5.so.1
fi
# Remove old OpenSSL stuff from SUNWwbint
#Remove ufs logging module - now merged into ufs module
#Remove diskmgtd. If backward BFU, will get re-installed from
#archive.
#
# Remove old ia64 cruft
#
if [ $target_isa = i386 ]; then
fi
#
# Remove machpage-related stuff
#
#
# Remove old cacheos
#
rm -f $root/etc/init.d/cachefs.root
rm -f $root/etc/rcS.d/S35cacheos.sh
#
# Remove unneeded nfsmapid entries
#
#
# Move the original manifests aside; later we will restore
# unchanged originals to avoid superfluous re-import on reboot.
# (First blow away the old dir path just to be safe.)
#
[ -d $root/$new_mfst_dir ] && mv $root/$new_mfst_dir $root/$old_mfst_dir
#
# Remove obsolete sum.h
#
#
# Remove obsolete std.h
#
#
#
#
# Remove acpi_intp module
#
if [ $target_isa = i386 ]; then
fi
#
# Remove obsolete librac
#
rm -f $usr/lib/llib-lrac.ln
rm -f $usr/lib/amd64/llib-lrac.ln
rm -f $usr/lib/sparcv9/llib-lrac.ln
rm -f $usr/lib/librac.so.1
rm -f $usr/lib/amd64/librac.so.1
rm -f $usr/lib/sparcv9/librac.so.1
# End of pre-archive extraction hacks.
print "Extracting ufs modules for boot block ... \c" | \
tee -a $EXTRACT_LOG
tee -a $EXTRACT_LOG
case $target_isa in
print "Installing boot block on $rootslice."
fi
;;
i386)
;;
*)
;; # unknown ISA
esac
fi
archlist=""
do
done
fi
if [ $target_isa = i386 ]; then
fi
else
fi
if [ $target_isa = i386 ]; then
#
# The assumption here is that if boot
# archives exist at all, they only exist
# for architectures where we also have
# .root archives.
#
fi
else
fi
fi
#
# UltraSparc III platforms have aes module in platform directory
#
fi
print "\nRemoving duplicate kernel binaries ..."
#
# First, find all regular files underneath the */kernel
# directories we extracted, and mark them as older or newer
# than our reference file -- if newer, they were extracted
# during the bfu.
#
# delete old files which have new counterparts.
#
dirs="$rootprefix/kernel $usr/kernel"
for plat in $archlist $rootarchs $usrarchs; do
done
while read f; do
if [[ $f = $time_ref ]] then
else
echo $age $f
fi
done |
/^new/ { lastname = $3 }
/^old/ { if (lastname == $3) { print $2 "/" $3 } }
' | while read x; do
echo rm $x
rm $x
done
fi
echo
# Simulate installation of SUNWcry* - these are in the bfu archives.
if [ -f $rootprefix/etc/crypto/kcf.conf -a \
-f $rootprefix/etc/crypto/pkcs11.conf ]; then
fi
# Add uCF's metaslot feature
if [ -f $rootprefix/etc/crypto/pkcs11.conf ] ; then
fi
# Cleanup old Kerberos mechanisms
# Fix network datalink configuration
if [ $zone = global -a $need_datalink = yes ]; then
fi
print "\nRestoring configuration files.\n"
cd $root
test -d bfu.parent && mv bfu.parent bfu.ancestor
filelist $zone | cpio -pdmu bfu.parent 2>>$EXTRACT_LOG || \
extraction_error "restoring configuration files"
if [ $multiboot_archives = no ]; then
if [ $have_realmode = yes ]; then
if [ -d bfu.realmode ]; then
( cd bfu.realmode ; realmode_filelist | \
cpio -pdmu ../bfu.ancestor 2>/dev/null )
fi
( cd bfu.parent ; realmode_filelist | \
cpio -pdmu ../bfu.realmode 2>/dev/null )
else
for file in $realmode_files
do
done
fi
fi
fi
cd bfu.child
do
# parent: freshly-BFUed version
# child: pre-BFU version
# ancestor: installed from archives the last time you BFUed
# actual: in the root filesystem at this moment (same as parent)
# if a superfluous-to-local-zones file was blown away, skip it
[ -f $actual ] || continue
# if there's been no change by the BFU, skip it
# if the file was not installed by the BFU, skip it
[ -f $parent ] || continue
# if this is a file which should never be updated by BFU,
# preserve the original (child) version
if (echo $preserve_files | grep $file >/dev/null 2>&1)
then
print " preserve: $file"
continue
fi
# if the file was accepted from the parent on the last BFU,
# then accept it again this time without argument. Or, if
# this is the first bfu after an standard Solaris install
# or upgrade, compare the file to one installed from packages.
# If it hasn't been modified since installation, accept
# the file from the parent.
if [ -f $ancestor ] ; then
print " update: $file"
continue
fi
print " update: $file"
continue
fi
fi
fi
# if the BFU'ed file is the same as the beginning of the
# pre-BFUed file, assume the user has added lines to the
# end, and restore the pre-BFUed version
print " restore: $file"
continue
fi
# if the new version is the same as it was the last time
# BFU was run, but still different than the pre-BFU version,
# this is an "old" conflict; otherwise, it's a "NEW"
# conflict. Old conflicts can usually be safely ignored.
print "old \c"
else
print "NEW \c"
print $file >>$rootprefix/bfu.conflicts/NEW
fi
print "conflict: $file"
# for all conflicts, restore the pre-BFU version and let
# the user decide what to do.
done
#
# correct permissions using /etc/minor_perm from the parent and
# child, prefer parent.
#
if [ -f $pmperm ]
then
fi
#
# Devices with changed permissions should be added here much
# like in i.minorperm. The "ssm" devices are special in that
# they have no /dev links associated with them.
#
do (
if [ ! -z "$2" ]
then
fi
) done <<-EOF
ssm:* ../devices/ssm*:*
cpc:shared ../devices/pseudo/cpc*
icmp:icmp icmp
icmp6:icmp6 icmp6
ip:ip ip
ip6:ip6 ip6
rts:rts rts
keysock:keysock keysock
ipsecah:ipsecah ipsecah
ipsecesp:ipsecesp ipsecesp
spdsock:spdsock spdsock
sad:admin sad/admin
fssnap:ctl fssnapctl
fssnap:* fssnap/*
clone:ce ce
clone:eri eri
clone:ge ge
clone:hme hme
clone:le le
clone:qfe qfe
clone:bge bge
bge:* bge*
clone:dmfe dmfe
dmfe:* dmfe*
clone:pcelx pcelx
pcelx:* pcelx*
clone:dnet dnet
dnet:* dnet*
clone:elxl elxl
elxl:* elxl*
clone:iprb iprb
iprb:* iprb*
clone:spwr spwr
spwr:* spwr*
EOF
if [ $target_isa = i386 ] && [[ $rootslice = /dev/rdsk/* || \
$rootslice = /dev/md/rdsk/* ]]; then
if [ $multiboot_archives = yes ]; then
if [ $dca_to_multi = yes ]; then
fi
else
fi
fi
fi
print "\nFor each file in conflict, your version has been restored."
print "The new versions are under $rootprefix/bfu.conflicts."
print "\nMAKE SURE YOU RESOLVE ALL CONFLICTS BEFORE REBOOTING.\n"
if [ $multiboot_archives = yes ]; then
print "To install resolved changes required for reboot in the boot"
print "archive, invoke 'bootadm update-archive${cr_args}'\n"
fi
print "Resolve conflicts in the global zone first. Many of"
print "the conflicts in non-global zones can be resolved by"
print "copying the corresponding file from the global zone.\n"
else
fi
cd $root
#
# Hacks to work around minor annoyances and make life more pleasant.
# Part 2 of 2: post-archive-extraction stuff
#
do
done
if [ -f $epilogue ]; then
print "Executing $epilogue"
fi
else
fi
#
# Do logging in the background so that if the automounter is gone,
# bfu doesn't wedge at this point.
#
}
#
# make sure the time reference is older than anything extracted
#
do
done
if [ -s $local_zone_info_file ]; then
print "\nNow for zone $zone..."
done
fi
print "Turning off delayed i/o and syncing filesystems ..."
if [ $? -eq 0 ]; then
print "\nWARNING: archive extraction errors occurred.\n"
print "See $EXTRACT_LOG for details.\n"
fi
lastrootprefix=${lastroot%/}
if [ -t 0 -a -t 1 -a -t 2 ]; then
print "\nEntering post-bfu protected environment (shell: ksh)."
print "Edit configuration files as necessary, then reboot.\n"
fi
print "Exiting post-bfu protected environment. To reenter, type:"
# Allow init(1M) to continue, if we're leaving.
print "Reactivating init ..."
prun 1
exit 0