bfu.sh revision 58bc78c7a7ad65c04aaa3ef379a396df23988691
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# Upgrade a machine from a cpio archive area in about 5 minutes.
# By Roger Faulkner and Jeff Bonwick, April 1993.
#
# Usage: bfu [-f] <archive_dir> [root-dir] # for normal machines
# bfu -c [-f] <archive_dir> <exec-dir> # for diskless clients
#
# The -f flag is to override the built-in safety check which requires
# that the starting-point OS be a least a certain revision.
#
# You have to be super-user. It's safest to run this from the
# system console, although I've run it under OW and even via
# remote login with no problems.
#
# You will have to reboot the system when the upgrade is complete.
#
# You should add any administrative files you care about to this list.
# Warning: there had better be no leading '/' on any of these filenames.
#
# The CDPATH variable causes ksh's `cd' builtin to emit messages to stdout
# under certain circumstances, which can really screw things up; unset it.
#
unset CDPATH
export LC_ALL="C"
if [ -z "$GATEPATH" ]; then
fi
#
# NOTE: Entries in *_files must expand to either the exact files required,
# or to directories that will be scoured for files. Any directories
# (and subdirectories) resulting from a wildcard expansion will be
# include all files in any of its directories, as well as any files in
#
# These lists should really be generated automatically from the
# pkgmap(4) metadata.
#
#
# First list: files to be saved in global and non-global zones.
#
etc/.login
"
#
# Second list: files to be saved in the global zone only.
#
"
#
# Third list: files extracted from generic.root but which belong in the global
# zone only: they are superfluous (and some even harmful) in nonglobal zones.
#
# they are added to smf_obsolete_rc_files, below)
#
devices
kernel
platform/*/kernel
"
#
# Fourth list: files to be preserved, ie unconditionally restored to
# "child" versions
#
"
"
print "$*" >& 2
print "bfu aborting" >& 2
rm -f "$bfu_zone_list"
exit 1
}
if [ $1 = "global" ]; then
fi
#
# Force cpio to return non-zero by printing an error message
# to stdout that it won't be able to lstat().
#
echo 'filelist: sort failed'
fail "sort failed"
}
}
}
100134
100150
100155
100229
100230
100234
100242
100422
chargen
comsat
daytime
discard
echo
eklogin
exec
finger
ftp
gssd
klogin
krb5_prop
kshell
ktkt_warnd
login
metad
metamedd
metamhd
name
ocfserv
printer
rexd
rquotad
rstatd
rusersd
shell
smserverd
sprayd
sun-dr
talk
telnet
time
uucp
walld
"
[ $? = 0 ] || echo "warning: unable to temporarily disable $1"
[ $? = 0 ] || echo "warning: unable to enable $1 for next boot"
fi
}
#
# If we're in the global zone, import the manifest for the specified service.
# Note that we will need to see whether we are in an smf root if we are using
# an alternate root. If so, import the service directly; otherwise, print the
# warning messages.
#
# $2: the service name - specified only if the service is enabled after reboot.
#
if [[ -n $rootprefix && -x /usr/sbin/svccfg ]]; then
elif [[ -n $rootprefix ]]; then
echo "Warning: This system does not have SMF, so I"
echo "cannot ensure the pre-import of $1. If it does"
echo "not work, reboot your alternate root to fix it."
if [[ "${2}a" == a ]]; then
else
#
# Make sure the service is enabled after reboot.
#
fi
fi
fi
}
echo "s:^[ ]*$i[ /]:#SMFbfu# &:"
}
}
# BFU previously commented out, put it back in place
# No entry, append to end
# TFTPD - tftp server (primarily used for booting)
#tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
EOF
fi
}
# Since inetd.conf is updated by SUNWmdr's postinstall script,
# we will update the actual inetd.conf here to reflect the postinstall
# changes.
#
# only change inetd.conf if the rpc.metad entry is out of date
#
# Grab existing rpc entries for rpc.metad
# and convert spaces to tabs within the rpc entry, as well as
# the transport method;
# or add a new entry in case there was none.
else
fi
print "Updating inet.conf metad entry ... \c"
print "done."
else
print "failed."
fi
fi
fi
#
# only change inetd.conf if the rpc.mdcommd entry is out of date
#
# Grab existing rpc entries for rpc.mdcommd
# and convert spaces to tabs within the rpc entry,
# or add a new entry in case there was none.
else
fi
print "Updating inetd.conf rpc.mdcommd entry ... \c"
print "done."
else
print "failed."
fi
fi
fi
}
# Since aggregation.conf and linkprop.conf are upgraded by
# SUNWcnetr's postinstall script, put the relevant portions of the
# postinstall script here, modified to rename the old files instead
# of removing them.
#
# Convert datalink configuration into a series of dladm(1M) commands
# and keep them in an upgrade script. This script will then be run
# in the network-physical service.
#
# that script is run in the manifest-import service which is too late
# for the datalink configuration.
#
if [[ ! -f $ORIG ]]; then
# Try the alternate location.
fi
if [[ -f $ORIG ]]; then
# Strip off comments, then each remaining line defines
# an aggregation the administrator configured on the old
# system. Each line corresponds to one dladm command
# that is appended to the upgrade script.
echo $line | while read aggr_index rest
do
'{print $5}'`
lacp_timer=`echo $rest | /usr/bin/awk \
'{print $6}'`
dladm_string="dladm create-aggr -P $policy -l \
# A fixed MAC address
fi
i=1
# Older aggregation.conf files have the
# format of device_name/port_number.
# We don't need the port number, so get
# rid of it if it is there.
((i = i + 1))
dladm_string="$dladm_string -d \
done
echo $dladm_string >> \
done
done
fi
# Upgrade linkprop.conf
if [[ -f $ORIG ]]; then
# Strip off comments, then each remaining line lists
# properties the administrator configured for a
# particular interface. Each line includes several
# properties, but we can only set one property per
# dladm invocation.
do
done
done
done
fi
}
# update x86 version mpt.conf for property tape
mpttapeprop='[ ]*tape[ ]*=[ ]*"sctp"[ ]*;'
{
test -f $conffile || return
if [ $? -ne 0 ] ; then
fi
}
# which makes xpv_psm a non-default psm module
{
test -f $etc_mach || return
if [ $? -ne 0 ] ; then
fi
}
# check and update driver class for scsi-self-identifying
{
drvname=$1
classentry="^$drvname[ ].*scsi-self-identifying"
[ -f $drvclassfile ] || return
[ -f $name2majorfile ] || return
grep -w $drvname $name2majorfile > /dev/null 2>&1 || return
if [ $? -ne 0 ]; then
fi
}
{
}
# update /etc/security/policy.conf with the default
# Solaris crypt(3c) policy.
if [ $? = 1 ] ; then
print "Updating entries for crypt(3c), see policy.conf(4)"
# crypt(3c) Algorithms Configuration
#
# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
# be used for new passwords. This is enforced only in crypt_gensalt(3c).
#
CRYPT_ALGORITHMS_ALLOW=1,2a,md5
# To deprecate use of the traditional unix algorithm, uncomment below
# and change CRYPT_DEFAULT= to another algorithm. For example,
# CRYPT_DEFAULT=1 for BSD/Linux MD5.
#
#CRYPT_ALGORITHMS_DEPRECATE=__unix__
# The Solaris default is the traditional UNIX algorithm. This is not
# listed in crypt.conf(4) since it is internal to libc. The reserved
# name __unix__ is used to refer to it.
#
CRYPT_DEFAULT=__unix__
EOM
fi
if [ $? = 1 ]; then
echo "Updating entries for privileges(5)," \
"see policy.conf(4) for details."
#
# These settings determine the default privileges users have. If not set,
# the default privileges are taken from the inherited set.
# There are two different settings; PRIV_DEFAULT determines the default
# set on login; PRIV_LIMIT defines the Limit set on login.
# Individual users can have privileges assigned or taken away through
# user_attr. Privileges can also be assigned to profiles in which case
# the users with those profiles can use those privileges through pfexec(1m).
# For maximum future compatibility, the specifications should
# always include "basic" or "all"; privileges should then be removed using
# the negation. E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
# sys_linkdir privilege, regardless of future additional privileges.
# Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
# file_link_any privilege from the basic privilege set; only that notation
# is immune from a future addition of currently unprivileged operations to
# the basic privilege set.
# NOTE: removing privileges from the the Limit set requires EXTREME care
# as any set-uid root program may suddenly fail because it lacks certain
# privilege(s).
#
#PRIV_DEFAULT=basic
#PRIV_LIMIT=all
EOM
fi
}
#
# Cleanup nfsmapid configuration before extracting
# root bits. Remove if they exist:
# nfsmapid entry in inetd.conf
#
# Going forward neither should exist, but no harm if services entry exists
# Going way backwards (pre-04/28/2004), inetd.conf must exist but will
# be a conflict that should be merged in
#
tmpinetcf=/tmp/inetd.conf.$$
-e "/^[# ]*100166\/1/d" \
tmpservices=/tmp/services.$$
cp -pf ${services} ${tmpservices}
${tmpservices} > ${services} 2>&1
rm -f ${tmpservices}
cp -pf ${services} ${tmpservices}
${tmpservices} > ${services} 2>&1
rm -f ${tmpservices}
cp -pf ${services} ${tmpservices}
${tmpservices} > ${services} 2>&1
rm -f ${tmpservices}
}
#
# Define global variables
#
#
# List of SDS commands that must be deleted.
#
growfs
metaclear
metadb
metadetach
metahs
metainit
metaoffline
metaonline
metaparam
metarename
metareplace
metaroot
metaset
metastat
metasync
metattach
"
#
# List of SDS configuration files that must be deleted.
#
lock
devpath
"
#
# List of rc scripts that must be deleted.
#
RCLIST="
"
#
# List of flashprom-related files that must be deleted.
#
"
#
#
< ${SYSTEM_FILE} > /tmp/system.$$
cp /tmp/system.$$ ${SYSTEM_FILE} || \
}
#
# Add entries in md.conf for bootlist
#
grep mddb_bootlist >> /tmp/md.conf.$$
}
#
# add_devid_destroy(filename)
# returns contents in filename
# md_devid_destroy property is required when upgrading
# from pre SVM to SVM releases or when the device ID returned from
# the driver changes.
# It is specifically placed between
# # Begin MDD database info and # End MDD database info because
# on the subsequent reboot, this line will be removed automatically when
# metadevadm is run in rc2.d.
#
if ( $2 == "End" && $4 == "database") {
print "md_devid_destroy=1;"
}
print $0
}' >> /tmp/t$$
}
#
#
PROFILE_UPGRADE="${rootprefix}/var/svc/profile/upgrade"
PG="config"
&& NF == 3 {print $3}' $RCAP_CONF`
&& NF == 3 {print $3}' $RCAP_CONF`
NF == 3 {print $3}' $RCAP_CONF`
NF == 3 {print $3}' $RCAP_CONF`
NF == 3 {print $3}' $RCAP_CONF`
# Blindly update default configuration values with
# pre-existing values
#
echo "# Migrating pre-existing rcap configuration" >> \
}
#
# Migrate an existing extended accounting configuration from /etc/acctadm.conf
# to the smf(5) repository upon reboot. Enable the instance if the
# configuration differs from the default configuration.
#
{
if [ -f /etc/acctadm.conf ]; then
. /etc/acctadm.conf
fmri="svc:/system/extended-accounting:flow"
else
fi
fi
fmri="svc:/system/extended-accounting:process"
else
fi
fi
fmri="svc:/system/extended-accounting:task"
else
fi
fi
fi
}
#
# smf(5) "Greenline" doesn't install the init.d or rc*.d scripts for
# converted services. Clean up previous scripts for such services.
#
"
# Obsolete smf manifests
"
# smf services whose manifests have been renamed
"
# Obsolete smf methods
"
(
cd $root;
print "Removing obsolete rc.d scripts ... \c"
print "done."
)
}
print "Clearing platform profile hash ..."
# platform_SUNW,Sun-Fire.xml (and other new and
# corrected platforms) were delivered in Build 68.
if [ ! -f \
]; then
none \
svccfg -f - <<EOF
select smf/manifest
delpg ${pfx}ar_svc_profile_platform_${plname}_xml
exit
EOF
done
done
fi
}
#
# Detect, prior to extraction the arrival of new,
# default-enabled-in-profile services. If so, add a command
# such that they are enabled.
#
fi
fi
! -f $rootprefix/var/svc/manifest/system/scheduler.xml ]]; then
fi
fi
! -f $rootprefix/var/svc/manifest/system/filesystem/rmvolmgr.xml ]]; then
fi
! -f $rootprefix/var/svc/manifest/network/ipsec/manual-key.xml &&
-f $rootprefix/etc/inet/secret/ipseckeys ]]; then
fi
-f $rootprefix/etc/inet/ike/config ]]; then
fi
-f $rootprefix/etc/pooladm.conf ]]; then
fi
}
if [[ ! -f $mymfs ]] || ! cmp -s $manifest_src/$1 $mymfs ; then
cp $manifest_src/$1 $mymfs ||
echo "bfu: could not copy $manifest_src/$1"
fi
}
cp $manifest_src/$1 $rootprefix/lib/svc/method ||
echo "bfu: could not copy $manifest_src/$1"
}
rm -f $rootprefix/etc/rc?.d/[SK]??$1
}
(
mfst=$1
cd $root
[[ -f $mfst ]] || return;
if [ -r /etc/svc/volatile/repository_door ]; then
export SVCCFG_REPOSITORY
fi
unset SVCCFG_REPOSITORY
fi
done
fi
)
}
(
cd $root;
)
}
(
cd $root;
)
}
(
#
# Delete the service instance, then refresh all its dependents in the
# cases of alternative root and zones.
#
export SVCCFG_REPOSITORY=$root/etc/svc/repository.db
unset SVCCFG_REPOSITORY
fi
cd $root
rm -f lib/svc/method/svc-dlmgmtd
rm -f etc/.dlmgmt_door
)
}
}
[[ -f $rootprefix/$repository ]] || return
if [[ ! -x $sqlite ]]; then
echo "no sqlite binary: skipped integrity check" >&2
return
fi
rm -f /tmp/bfurepo.db;
if [[ $? -eq 0 ]]; then
echo "integrity check failed:" >&2
echo >&2
if [[ $force_override = no ]]; then
cat >&2 <<EOF
Reseed the repository (see http://greenline.eng/quickstart.shtml#newrep)
before BFUing (or use the -f flag to force BFU to continue). Re-seeding
will lose all smf(5) customizations.
EOF
echo >&2
exit 2;
else
echo "driving on anyway" >&2
fi
else
echo "passed integrity check" >&2;
fi
}
print ""
print "*************************************************************"
print " WARNING: BFU'ing $1 backwards across 5090532."
print " Fixes have been made but the services cannot be refreshed"
print " on the $1's inactive repository. Next boot for the"
print " $1 will probably result in maintenance mode due to"
print " dependency cycles. If so, at the $1's console, run:"
print ""
print " /usr/sbin/svcadm clear milestone/single-user"
print ""
print " to resolve."
print " To avoid these problems, reseed the zone's repository."
print " See http://greenline.eng/quickstart.shtml#newrep ."
print " Note: Re-seeding will lose all smf(5) customization."
print "*************************************************************"
print ""
}
#
# Return success if going to post-5090532, i.e. post-sysconfig bits
#
# By now, we're going to post-smf bits - so multi-user.xml must
# exist (since it was introduced by first SMF putback).
#
# Function return status is return status of last command executed.
# So, no need to check return status from grep below.
}
#
# Check if bfu'ing back from post-5090532 to pre-5090532 bits.
#
if [[ -f $rootprefix/var/svc/manifest/milestone/sysconfig.xml ]] &&
! smf_is_sysconfig ; then
return 0
fi
return 1
}
#
# Perform the necessary corrections when bfu'ing backwards
# from post-5090532 to pre-5090532 bits.
#
# Get the pre-5090532 non-ON manifests, and issue minimal fixes
# to the repository, to enable re-boot.
#
fi
#
# Now, remove sysidtool:{system, net}'s dependency on
# single-user and filesystem-local.
#
# If $rootprefix is not empty, this could be the global zone,
# with an alternate root BFU, or a non-global zone. For either
# case, the repository to be updated is not the live one: use
# SVCCFG_REPOSITORY to point to the repository to be updated.
#
# Note that in the alternate-root case, doing this seems better
# than forcing the user to re-seed, or to dis-allow it. The
# issue of svccfg and the repository not matching seems remote,
# given that from initial SMF integration (on10_64) to on10_74,
# there was no mismatch. In the remote possibility that there is a
# mis-match (in the future) causing these calls to be suspect,
# the user is already being advised, via the warning message, to
# reseed the repository in case of trouble. If a mis-match is ever
# introduced, code such as this would have to be fixed, so this
# aspect of the warning is useful only during the interim period.
#
# NOTE that this is not an issue for non-global zones'
# repositories - they couldn't be out-of-sync with
#
if [[ -n $rootprefix ]]; then
smf_bkbfu_warning "alternate root"
else
smf_bkbfu_warning "zone"
fi
fi
#
# Using the newer "-s" option to svccfg in the following is OK
# since its introduction preceded 5090532 (and this routine wouldn't
# be called unless the machine is running post-5090532 bits).
#
#
# On a live system, issue the refresh; For alternate root or non-global
# zone, the user was asked to issue the refreshes and "clear"s in the
# message above after a post-bfu reboot.
#
if [[ -z $rootprefix ]]; then
fi
#
# Now, reset SVCCFG_REPOSITORY, if it was set
#
[[ -n $rootprefix ]] && unset SVCCFG_REPOSITORY
#
# Remove the sysconfig.xml manifest when going back. So backward
# bfu check continues to work, and all manifests are correct.
#
rm -f /var/svc/manifest/milestone/sysconfig.xml
EOF
}
#
# Return true if $file exists in $archive. $file may also be a pattern.
#
{
archive=$1
file=$2
}
#
# extract one or more files from an archive into a temporary directory
# provided by the caller. The caller is responsible for checking to
# to see whether the desired file or files were extracted
#
# $1 - archive
# $2 - temporary dir
# remaining args: file(s) to be extracted.
#
tdir=$2
shift
shift
if [ ! -d $tdir ] ; then
return
fi
(cd $tdir; $ZCAT $compressed_archive | cpio -idmucB $* 2>&1 )
}
#
# If we're no longer delivering the eeprom service, remove it from the system,
# as eeprom -I is removed as well.
#
return
fi
fi
if [ ! -f $rootprefix/$mfst ]; then
return
fi
return
fi
rm -f $rootprefix/$mfst
#
# we must disable via svccfg directly, as manifest-import runs after
# this service tries to run
#
}
#
# Go thru the original manifests and move any that were unchanged
# (or are not system-provided) back to their proper location. This
# will avoid superfluous re-import on reboot, as the inode and mtime
# are both part of the hash.
#
if [ -d $rootprefix/$old_mfst_dir ]; then
for f in `cd $rootprefix/$old_mfst_dir ; find . -type f`
do
if [ ! -f $new ]; then
continue
fi
done
fi
if [ -f $rootprefix/etc/init.d/inetd ]; then
#
# BFUing to non-SMF system -- undo our previous changes,
# run an old hack, and skip the remainder of this function.
#
# Update inetd.conf only if we find rpc.metad file.
return
fi
#
# At this point, the archive in question is a SMF version. If
# the smf(5) repository does not yet exist, create it by copying
# the appropriate seed repository. Since updating of non-global
# zones only occurs when the live system is bfu'ed, the
# appropriate seed is guaranteed to exist under the /lib
# directory.
#
if [ ! -f $repository ]; then
print "Initializing service configuration repository ..."
else
fi
chmod 0600 $repository
fi
print "Removing obsolete smf services ..."
for f in $smf_obsolete_manifests; do
done
if [[ $dlmgmtd_status = cleanup ]]; then
fi
print "Disabling unneeded inetd.conf entries ..."
print "Connecting platform and name service profiles ..."
grep ldap $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
is_ldap=$?
grep nisplus $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
is_nisplus=$?
grep nis $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
is_nis=$?
if [ $is_ldap = 0 ]; then
elif [ $is_nisplus = 0 ]; then
elif [ $is_nis = 0 ]; then
else
fi
print "Marking converted services as enabled ..."
[ -f $rootprefix/etc/resolv.conf ] && smf_enable network/dns/client
[ -f $rootprefix/etc/inet/dhcpsvc.conf ] && \
# configuration parameters if rcap.conf exists
#
if [ -f $rootprefix/etc/rcap.conf ]; then
fi
if [ -f $rootprefix/etc/dfs/dfstab ] &&
fi
else
fi
[ -f $rootprefix/etc/inet/ntp.conf ] && smf_enable network/ntp
# Determining whether we're a NIS master requires
# looking through the maps.
# Determine whether we are a YP master.
domain=`/usr/bin/domainname`
if [ -f /var/yp/NISLDAPmapping ]; then
master=`/usr/sbin/makedbm -u /var/yp/\$domain/LDAP_passwd.byname | grep YP_MASTER_NAME | nawk '{ print $2 }'`
else
master=`/usr/sbin/makedbm -u /var/yp/\$domain/passwd.byname | grep YP_MASTER_NAME | nawk '{ print $2 }'`
fi
fi
# If we are the master server, enable appropriate services.
if [ ! -f /var/yp/NISLDAPmapping ]; then
fi
fi
fi
# Check if mddbs don't exist on the image. If so, disable SVM services.
if [ -f $rootprefix/kernel/drv/md.conf ]; then
MDDB_STATUS=$?
fi
if [ $MDDB_STATUS -ne 0 ]; then
done
done
fi
# are configured.
done
[[ -d $manifest_src ]] ||
[[ -d $manifest_src ]] || manifest_src=/net/greenline.eng/meta0/smf
if smf_bkbfu_past_sysconfig ; then
echo "BFU'ing backwards across 5090532! Now repairing..."
fi
#
# corresponding non-ON manifests - sysidtool and kdmconfig.
#
if smf_is_sysconfig ; then
if [[ ! -f $sysidmfst ]]; then
#
# if WOS build on machine is pre-greenline, and
# we're bfu'ing to the sysconfig bits.
#
fi
else
#
# If sysidtool.xml already exists, update it
# if necessary. Future updates of sysidtool.xml
# must occur in the dir: $manifest_src/post-5090532
#
fi
if [[ ! -f $kdmmfst ]]; then
#
# if WOS build on machine is pre-greenline, and
# we're bfu'ing to the sysconfig bits.
#
echo "(post-5090532)"
else
#
# If kdmconfig.xml already exists, update
# it if necessary. Future updates of
# kdmconfig.xml must occur in the dir:
#
fi
fi
else
if [[ ! -f $sysidmfst ]]; then
fi
fi
then
fi
fi
# If we've still got the old dtlogin manifest delivered by earlier
# versions of bfu, delete it, as it was broken and should have
# never been delivered. A new version delivered by the CDE
# consolidation should be left alone.
if [[ -f $rootprefix/var/svc/manifest/application/dtlogin.xml &&
$rootprefix/var/svc/manifest/application/dtlogin.xml` -gt 0 &&
# Delete the obsolete manifest.
# Delete the service from repository, then use dtconfig -e to
# revert to whatever the WOS bits are using if dtlogin was
# enabled.
if /usr/bin/svcprop -q application/cde-login; then
if [ \`/usr/bin/svcprop -p general/enabled \
application/cde-login:default\` = "true" ]; then
do_dtconfig=1;
else
do_dtconfig=0;
fi
/usr/sbin/svccfg delete -f application/cde-login
type instance_refresh 2>&1 > /dev/null
if [ \$? = 0 ]; then
instance_refresh system/console-login
else
/usr/sbin/svcadm refresh system/console-login
fi
if [ \$do_dtconfig -eq 1 -a -x /usr/dt/bin/dtconfig ]; then
/usr/dt/bin/dtconfig -e
fi
fi
EOFA
fi
# Enable the inetd-upgrade service to convert any changes to inetd.conf
# If global zone, and bfu'ing from smf, and the inetd-upgrade
# service has an obsolete dependency, then add a clear of inetd
# and inetd-upgrade to the upgrade file as either may drop into
# maintenance due to a dependency loop resulting from the new
# inetd manifest
if [[ $? = 0 ]]; then
fi
fi
#
# Import the name-service-cache service. This is to get the service
# (with correct dependencies) in the repository before reboot.
#
#
# Import the datalink-management service.
#
#
# (with correct dependencies) in the repository before reboot.
#
# Enable new NFS status and nlockmgr services if client is enabled
cl="svc:/network/nfs/client:default"
if [ \`/usr/bin/svcprop -p general/enabled \$cl\` = "true" ]; then
/usr/sbin/svcadm enable svc:/network/nfs/status:default
/usr/sbin/svcadm enable svc:/network/nfs/nlockmgr:default
fi
EOF
if grep svc-kdc.slave $kpmani > /dev/null 2>&1; then
# We are deleting and reimporting kpropd's manifest, because we
# need to change the restarter.
kpfmri="svc:/network/security/krb5_prop"
kkfmri="svc:/network/security/krb5kdc:default"
lkpmani="/var/svc/manifest/network/security/krb5_prop.xml"
restarter=\`svcprop -c -p general/restarter \$kpfmri 2>&1\`
case \$restarter in
*network/inetd:default)
kken=\`svcprop -c -p general/enabled \$kkfmri\`
svccfg delete -f \$kpfmri
svccfg import \$lkpmani
# Enable kpropd if krb5kdc is enabled, since
# krb5kdc would have run kpropd
if [ \$kken = "true" ]; then
svcadm enable \$kpfmri
fi
;;
esac
EOF
fi
# Enable print server if there are local queues
queues=`echo $rootprefix/etc/lp/printers/*/configuration`
fi
# Enable rarpd and bootparamd if they would have been running pre-SMF
if [ -d $rootprefix/tftpboot ] || [ -d $rootprefix/rplboot ]; then
fi
# To handle the transition from pre-smf ipfilter to smf-aware ipfilter,
# check if ipfilter had been enabled with at least one rule, and if so
# enable the smf instance.
fi
# We are deleting and reimporting dcs's manifest, because we
# need to change the restarter.
dcsfmri="svc:/platform/sun4u/dcs:default"
dcsmani="/var/svc/manifest/platform/sun4u/dcs.xml"
restarter=\`svcprop -c -p general/restarter \$dcsfmri 2>&1\`
case \$restarter in
*network/inetd:default)
en=\`svcprop -c -p general/enabled \$dcsfmri\`
svccfg delete -f \$dcsfmri
svccfg import \$dcsmani
if [ \$en = "true" ]; then
svcadm enable \$dcsfmri
fi
;;
esac
EOF
}
#
# If a lbl_edition file is found it's a likely sign that old unbundled
# Trusted Extensions packages are installed and TX is active. Update
#
if [ $? -eq 0 ]; then
return
fi
if [ $? -ne 0 ]; then
echo "cannot set sys_labeling in $rootprefix/bfu.child/etc/system"
return
fi
fi
}
#
# Emit a warning message if bfu'ing a Trusted Extensions-enabled system
# backwards to pre TX-merge bits. In this case, unbundled packages must
# be reinstalled to complete restoration of old TX bits.
#
# This check is only needed in global zone
return
fi
# No warning needed if TX is not currently enabled
if [ $? -ne 0 ]; then
return
fi
if [ ! -f $bsmconv ]; then
return
fi
if [ $? != 0 ]; then
return
fi
print ""
print "*************************************************************"
print " WARNING: BFU'ing TX backwards across 6533113."
print " Must re-install unbundled TX packages to remain Trusted."
print "*************************************************************"
print ""
}
#
# The directboot putback moved the console property from
#
{
menu_console=`eeprom console 2>/dev/null | \
fi
}
rm -f $EXTRACT_LOG
echo error $* >> $EXTRACT_LOG
}
#
# Make a local copy of bfu in /tmp and execute that instead.
# to the original copy that might occur during execution.
#
cd .
print "Copying $abspath to $localpath"
chmod +x $localpath
print "Executing $localpath $*\n"
exec $localpath $*
fi
echo "Usage:"
echo " bfu [-fh] <archive_dir> [root-dir]"
echo "\tUpdate a single machine by loading archives on root-dir."
echo "\troot-dir defaults to / (a live bfu).\n"
echo " bfu -c [-fh] <archive_dir> <exec-dir>"
echo "\tUpdate all diskless clients by loading archives on each client"
echo "\tthat mounts exec-dir as /usr. <exec-dir> must start with"
echo "\t-f force bfu to continue even if it doesn't seem safe"
fail "\t-h|-help print this usage message and exit\n"
}
while [ $# -gt 0 ]; do
case $1 in
-f) force_override=yes;;
*) break;;
esac
shift
done
# Variables for x86 platforms
# Set when moving to either directboot or multiboot
#
# Shows which type of archives we have, which type of system we are
# running on (before the bfu), and what the failsafe archives are
# (again, before the bfu). failsafe_type is only needed on diskful
# bfu's, so it's not set in the diskless case.
# Possible values: unknown, dca, multiboot, directboot, xpv
#
# We prefer to use ppriv, as it is a more accurate test, and also
# has the benefit of preventing use from within a nonglobal zone.
fail "bfu requires all privileges"
else
# Fall back to old id check if system does not yet have ppriv.
[ "$uid" = "uid=0(root)" ] || \
fail "You must be super-user to run this script."
fi
cpiodir=$1
fi
cd $cpiodir
case `echo generic.root*` in
*) fail "generic.root missing or in unknown compression format";;
esac
#
# Determine what kind of archives we're installing, using the following rules:
#
# 1. If i86xpv archives exist, the archives are xpv
# 2. If strap.com is present, the archives are pre-multiboot
# 3. If symdef is present, the archives are directboot
# 4. Otherwise, the archives are multiboot
#
if [ $target_isa = i386 ]; then
else
fi
fi
root=${2:-/}
if [ "$rootfstype" = "zfs" ]; then
if grep '^readswapdev' \
fi
fi
if [ "$archive_has_zfs_root_support" = "no" ] ; then
fail "Cannot bfu a system with zfs root to an archive with no zfs root support"
fi
fi
# Make sure we extract the sun4u-us3 libc_psr.so.1
then
fi
if [ $target_isa = i386 ]; then
if [ $archive_type = xpv ]; then
#
# On i386, we want to apply the archives for both
# platforms (i86pc and i86xpv) if they exist. We
# force the platform to i86xpv so that both will be
# applied.
#
fi
fi
fi
else
fi
else
fi
fi
fi
then
cd $cpiodir
#
# Look through all the archives we build and match
# the names of built archives with the names of
# directories installed on this machine. We assume
# here that we can get the names of all architectures
# by pattern matching the names of .root archives - so
# if we ever had a case where we had only a .usr archive
# we wouldn't find that archive.
#
do
continue;
fi
rootarchs="${rootarchs} ${platname}"
fi
usrarchs="${usrarchs} ${platname}"
fi
fi
fi
done
fi
if [ "$rootfstype" = "ufs" ] ; then
fi
else
usrroot=$2
case $2 in
*sparc*)
target_isa=sparc ;;
*i386*)
target_isa=i386 ;;
esac
cd $cpiodir
#
# On i386, we want to apply the archives for both platforms
# (i86pc and i86xpv) if they exist. We force the platform
# to i86xpv so that both will be applied.
#
else
# XXX Pick karch as last available root arch
# XXX Pick plat as first available root arch
fi
rootlist=""
do
done
print "Loading $cpiodir root archives on:"
do
print "\t$root"
done
fi
echo "Cannot BFU a system with the mountroot version"\
"of zfs boot support."
echo "For information on how to transition this system to the new"
echo "zfs boot support, see:"
fail ""
fi
nss_lib64="$usr/lib/mps/64/libnss3.so"
rpath_msg="R(UN)?PATH from file ${nss_lib}\)"
if [ "$force_override" = yes ]; then
else
fail "Install the SUNWtoo package."
fi
fi
update_script="${GATE}/public/bin/update_nsspkgs"
if [ $valid_rpath != "$nss_rpath" ]; then
if [ "$force_override" = yes ]; then
echo "$nss_lib is not valid but -f is set; continuing."
else
echo "$nss_lib is not valid."
fail "Run $update_script to update the SUNWtls package."
fi
fi
echo "$nss_lib64 does not exist."
fail "Run $update_script to update the NSS packages."
fi
update_script="${GATE}/public/bin/migrate_bind9"
if [ "$force_override" = yes ]; then
echo "BIND 9 has not been installed, but -f is set; continuing."
else
echo "BIND 8 has been removed from ON; BIND 9 is available from SFW."
fail "Run $update_script to migrate to BIND 9."
fi
fi
update_script="${GATE}/public/bin/update_ce"
# CE version 1.148 or later is required
if [ "$cever" = "BAD" ]; then
fail "You must run $update_script to upgrade your ce driver."
fi
fi
update_script="${GATE}/public/bin/update_dbus"
fail "Run $update_script to update D-Bus."
fi
#
# We need biosdev if we're moving from pre-multiboot to multiboot or directboot
# kernels. If we already have an i86xpv kernel, then we must already be a
# directboot kernel, and can therefore skip the check.
#
echo "biosdev cannot be run on this machine."
echo "Transitioning from classic to multiboot requires a"
echo "bootconf which is compatible with biosdev."
echo "bfu to onnv_12 first, then to a build with multiboot."
fail ""
fi
fi
#
# Check whether the archives have a datalink-management services; this is
# later used to determine whether we need to upgrade the existing datalink
# configuration and if the datalink-management service needs to be removed.
#
dlmgmtd_exists=true
else
dlmgmtd_exists=false
fi
#
# Set the value of dlmgmtd_status based on the existence of the
#
fi
#
# later used to determine if aggregation.conf needs to be moved.
#
fi
#
# Check whether the build is boot-archive or ufsboot sparc
# boot based on the existence of a generic.boot archive
#
fi
print "\nCreating bfu execution environment ..."
#
# Save off a few critical libraries and commands, so that bfu will
# continue to function properly even in the face of major
#
bfucmd="
"
#
# Scripts needed by BFU. These must be modified to use the interpreters in
# libraries in the archives being extracted.
#
bfuscr="
"
#
# basename and dirname may be ELF executables, not shell scripts;
# make sure they go into the right list.
#
fi
fi
set $bfucmd
while [ $# -gt 0 ]
do
dir=${1%/*}
cd $dir
shift
done
#
# Optional commands. We warn, but do not abort, if we are crossing a
# feature boundary (where a command is not present in the parent).
# Clauses requiring these commands must explicitly test for their
#
"
set $bfuoptcmd
while [ $# -gt 0 ]
do
dir=${1%/*}
cd $dir
shift
done
#
# set up installgrub and friends if transitioning to multiboot or directboot
# do this now so ldd can determine library dependencies
#
# We split the binaries into two groups: the type where we want to make any
# effort to get the newest version (like symdef and bootadm), and the type
# where any old version will do (like installgrub and biosdev).
#
# If we're bfu'ing across the directboot/multiboot boundary, we need the new
# bootadm and symdef to properly handle menu.lst changes. If the system is
# directboot, we can use the local copies. If the system is multiboot but
# the archives are directboot, we extract the binaries early. Otherwise,
# we're not crossing the boundary, and which one we use doesn't matter.
#
# NB - if bootadm or symdef is ever changed to require a new library, the
# early extraction will blow up horribly.
#
# For testing purposes, a user can set DIRECTBOOT_BIN_DIR in the environment,
# and we'll use that instead.
#
dboot_image; then
else
fi
#
# A comma-separated list of the command and the archive it's in
#
"
if [ $multi_or_direct = yes ]; then
do
if [ -n "$DIRECTBOOT_BIN_DIR" ] && \
[ -f $DIRECTBOOT_BIN_DIR/$file ]; then
else
if [[ $root_is_xpv = yes ||
$root_is_directboot = yes &&
$archive_type = multiboot ]]; then
elif [ $archive_type = directboot ] || \
[ $archive_type = xpv ]; then
trap "rm -rf $DBOOT_TMPDIR" EXIT
OLD_PWD=$(pwd)
if [ -x $cmd ]; then
fi
cd $OLD_PWD
trap - EXIT
fi
fi
#
# If all else fails, grab the local version
#
fi
done
fi
fi
"
if [ $multi_or_direct = yes ]; then
do
if [ -f $cmd ]; then
elif [ -n "$DIRECTBOOT_BIN_DIR" ] &&
[ -d $DIRECTBOOT_BIN_DIR ] &&
[ -x $DIRECTBOOT_BIN_DIR/$file ]; then
else
if [ ! -d $MULTIBOOT_BIN_DIR ]; then
echo "$MULTIBOOT_BIN_DIR: not found"
elif [ ! -f $MULTIBOOT_BIN_DIR/$file ]; then
echo "$MULTIBOOT_BIN_DIR/$file: not found"
fi
if [ $copying_mboot_cmds = no ]; then
echo "installing files from $MULTIBOOT_BIN_DIR"
fi
fi
done
fi
#
# If available, use ldd to determine which libraries bfu depends on.
# Otherwise, just make an educated guess.
#
else
bfulib="
"
fi
# add dlopen()'ed stuff
bfulib="
"
# add libc_psr.so.1, if available and not empty
bfulib="
"
fi
#
# Create 64 bit directory structure and determine 64 bit arch name.
#
then
#
# Copy libraries to proper directories
#
do
*/64/* | */$link/*)
*)
esac
done
#
# Private 64 bit runtime linker.
#
else
fi
do
sed -e 's/\/usr\/bin\//\/tmp\/bfubin\//g' \
done
#
# scripts used together with multiboot
#
"
if [ $multi_or_direct = yes ]; then
do
if [ -f $cmd ]; then
else
if [ ! -d $MULTIBOOT_BIN_DIR ]; then
echo "$MULTIBOOT_BIN_DIR: not found"
fail ""
fi
if [ ! -f $MULTIBOOT_BIN_DIR/$file ]; then
echo "$MULTIBOOT_BIN_DIR/$file: not found"
fail ""
fi
echo "copying $file from $MULTIBOOT_BIN_DIR"
fi
#
# We do two substitutions here to replace references to
#
sed -e 's/\/usr\/bin\//\/tmp\/bfubin\//g' \
-e 's/\/bin\//\/tmp\/bfubin\//g' \
done
fi
#
# overwritten, which could cause a mis-match with the failsafe
# miniroot. Extract unix from the miniroot and save it off for now.
#
if gunzip -c "$root/boot/x86.miniroot-safe" \
else
# Shouldn't happen? See if someone already unzipped it.
fi
if [ -n "$lofidev" ]; then
if [ -f $unix ]; then
then
fi
fi
fi
{
nawk '
/^[ \t]*#/ || /^[ \t]*$/ || $4 ~ "/0" {
print;
next;
}
{
OFS="\t";
gsub(/[^,]*/, "&/0", $4);
print;
}
{
# names begin with [SK][0-9][0-9]. Additionally, in case an S or K
# file was previously delivered as a symbolic link or the hard link
# [SK][0-9][0-9] followed by the basename of the file we're going
print "Removing init.d links ... \c"
fi
print "done."
}
#
# Remove the old 5.005_03 version of perl.
#
{
# Packages to remove.
typeset -r perl_pkgs='SUNWopl5m SUNWopl5p SUNWopl5u'
typeset pkg
#
# First, attempt to remove the packages cleanly if possible.
#
printf 'Removing perl 5.005_03 packages'
for pkg in $perl_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
printf '\n'
#
# Remove any remaining 5.005_03 files,
#
# Directories.
}
#
# Remove Wildcat (aka Sun Fire Link)
#
{
# Packages to remove
typeset -r wildcat_pkgs='SUNWwrsa SUNWwrsd SUNWwrsu SUNWwrsm'
typeset pkg
#
# First, attempt to remove the packages cleanly if possible.
# Use a custom "admin" file to specify that removal scripts
# in the packages being removed should be run even if they
# will run as root.
#
printf 'Removing Wildcat packages...'
for pkg in $wildcat_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
for pkg in $wildcat_pkgs
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
printf '\n'
#
# Cleanup any remaining Wildcat files, symlinks, and directories.
#
}
#
# Remove ASET
#
{
# Packages to remove
typeset -r aset_pkgs='SUNWast'
typeset pkg
printf 'Removing ASET... '
#
# First, attempt to remove the packages cleanly if possible.
#
for pkg in $aset_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
# Remove ASET from $rootprefix/var/sadm/install/contents
#
for pkg in $aset_pkgs
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
# Cleanup any remaining ASET files, symlinks, and directories.
#
}
#
#
{
# Packages to remove
typeset -r bind8_pkg='SUNWinamd'
typeset pkg
#
# We cann't pkgrm SUNWinamd at this time as the BIND 9 binaries are
# Remove BIND 8 packages from $rootprefix/var/sadm/install/contents
#
for pkg in $bind8_pkgs
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
# Cleanup any BIND 8 specific files, symlinks.
#
# files and symlinks.
rm -f $usr/sbin/named-xfer
rm -f $usr/lib/nslookup.help
rm -f $usr/sbin/named-bootconf
printf 'done.\n'
}
#
# Remove the 5.8.3 version of perl.
#
{
#
# Copy perl 5.8.3 into the new 5.8.4 locations. This will preserve
# any add-on modules that might have been installed, and any 5.8.3
# core files that get copied over will be replaced by the new 5.8.4
# versions when the cpio archives are subsequently extracted.
#
printf 'Preserving user-installed perl modules...\n'
mkdir -p $usr/perl5/vendor_perl/5.8.4
cp -rp $usr/perl5/vendor_perl/5.8.3/* \
$usr/perl5/vendor_perl/5.8.4
#
# to 5.8.4 instead of 5.8.3. Take care to edit only scripts.
#
typeset script
sed -e \
fi
done
#
# Packages to remove.
#
typeset -r perl_pkgs='SUNWperl583man SUNWperl583usr SUNWperl583root'
#
# First, attempt to remove the packages cleanly if possible.
#
typeset pkg
printf 'Removing perl 5.8.3 packages'
for pkg in $perl_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
printf '\n'
#
# Remove any remaining 5.8.3 files,
# and fix up the symlinks if necessary.
#
# Directories.
rm -rf $usr/perl5/vendor_perl/5.8.3
# bin symlink.
# pod symlink.
#
# man symlink. In earlier S10 builds the man symlink mistakenly points
# to the 5.6.1 manpages, instead of 5.8.3. Fix to point to 5.8.4.
#
}
#
#
{
# Packages to remove
typeset -r fns_pkgs='SUNWfnx5x SUNWfnsx5 SUNWfnsx SUNWfns'
typeset pkg
#
# First, attempt to remove the packages cleanly if possible.
#
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
#
# directories.
rm -rf $rootprefix/etc/fn
rm -rf $rootprefix/var/fn
# files and symlinks.
rm -f $rootprefix/etc/fn.conf
rm -f $usr/sbin/fncreate_fs
rm -f $usr/lib/libfn_p.so
rm -f $usr/lib/libfn_p.so.1
rm -f $usr/lib/libfn_spf.so
rm -f $usr/lib/libfn_spf.so.1
rm -f $usr/lib/libxfn.so.1
rm -f $usr/lib/libxfn.so.2
rm -f $usr/lib/sparcv9/libfn_p.so
rm -f $usr/lib/sparcv9/libfn_p.so.1
rm -f $usr/lib/sparcv9/libfn_spf.so
rm -f $usr/lib/sparcv9/libxfn.so.1
rm -f $usr/lib/sparcv9/libxfn.so.2
}
# Packages to remove
typeset -r face_pkgs='SUNWfac'
typeset pkg
printf 'Removing AT&T FACE... '
#
# First, attempt to remove the packages cleanly if possible.
#
for pkg in $face_pkgs
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
# Remove FACE from $rootprefix/var/sadm/install/contents
#
for pkg in $face_pkgs
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
# Cleanup any remaining FACE files, symlinks, and directories.
#
}
# Packages to remove
typeset -r dmi_pkgs='SUNWsadmi'
typeset pkg
printf 'Removing DMI... '
#
# First, attempt to remove the packages cleanly if possible.
#
do
fi
done
printf '\n'
#
# In case that didn't work, do it manually.
# Remove DMI from $rootprefix/var/sadm/install/contents
#
do
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
done
#
# Cleanup any remaining DMI files, symlinks, and directories.
#
rm -f $usr/lib/libdmici.so
rm -f $usr/lib/libdmimi.so
rm -f $usr/lib/libdmi.so.1
rm -f $usr/lib/libdmici.so.1
rm -f $usr/lib/libdmimi.so.1
rm -f $usr/lib/sparcv9/libdmici.so
rm -f $usr/lib/sparcv9/libdmimi.so
rm -f $usr/lib/sparcv9/libdmi.so.1
rm -f $usr/lib/amd64/libdmici.so
rm -f $usr/lib/amd64/libdmimi.so
rm -f $usr/lib/amd64/libdmi.so.1
rm -f $usr/lib/amd64/libdmici.so.1
rm -f $usr/lib/amd64/libdmimi.so.1
rm -f $rootprefix/etc/rc0.d/K07dmi
rm -f $rootprefix/etc/rc1.d/K07dmi
rm -f $rootprefix/etc/rc2.d/K07dmi
rm -f $rootprefix/etc/rcS.d/K07dmi
rm -f $rootprefix/etc/rc3.d/S77dmi
}
#
# Remove vold
#
{
printf 'Removing vold... '
printf '\n'
}
#
# Remove the obsolete Mobile IP packages
#
typeset -r mip_pkgs='SUNWmipr SUNWmipu'
typeset pkg
printf 'Removing Mobile IP... '
do
fi
done
# In case that did not work, do it manually.
if [[ -d $rootprefix/var/sadm/pkg/SUNWmipr ]]; then
rm -f "$rootprefix/etc/init.d/mipagent"
rm -f "$rootprefix/etc/rc0.d/K06mipagent"
rm -f "$rootprefix/etc/rc1.d/K06mipagent"
rm -f "$rootprefix/etc/rc2.d/K06mipagent"
rm -f "$rootprefix/etc/rc3.d/S80mipagent"
rm -f "$rootprefix/etc/rcS.d/K06mipagent"
rm -f "$rootprefix/etc/snmp/conf/mipagent.acl"
rm -f "$rootprefix/etc/snmp/conf/mipagent.reg"
fi
if [[ -d $rootprefix/var/sadm/pkg/SUNWmipu ]]; then
rm -f "$rootprefix/usr/sbin/mipagentconfig"
rm -f "$rootprefix/usr/sbin/mipagentstat"
fi
printf '\n'
}
#
# Remove obsolete smartii setprop from bootenv.rc
#
# Don't touch bootenv.rc unless it contains obsolete property
res=$?
if [ -f $srcbootenvrc -a $res -eq 0 ]; then
fi
rm -f $tmpbootenvrc
}
{
# This is a copy of the RBAC portions of the SUNWcsr postinstall
# We need to ensure that the RBAC profiles are self-consistent
# as refinements are made that add granularity to the profiles
print "Cleaning up old RBAC profiles... \c"
if [ -f $auth_attr ]; then
cp /tmp/a.$$ $auth_attr
fi
if [ -f $exec_attr ]; then
-e '/^Network Security.*sbin\/ike.*/ D' \
-e '/^Network Security.*inet\/in\.iked.*/ D' \
cp /tmp/e.$$ $exec_attr
fi
print "\n"
}
{
# This clean up of ipsecalgs is not directly related to the EOF
# of SUNWcry and SUWNcryr, but due to mistakes in this file seen
# in earlier builds. The following lines will have no effect on
# most machines.
cp $ipsecalgs ${ipsecalgs}.tmp
$ipsecalgs > ${ipsecalgs}.tmp
mv -f ${ipsecalgs}.tmp $ipsecalgs
# Packages to remove.
typeset -r sunwcry_pkgs='SUNWcry SUNWcryr'
typeset pkg
#
# First, attempt to remove the packages cleanly if possible.
# Use a custom "admin" file to specify that removal scripts
# in the packages being removed should be run even if they
# will run as root.
typeset -r admfile='/tmp/sunwcry_eof.$$'
mail=
instance=overwrite
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default
EOF
printf ' Removing packages...'
for pkg in $sunwcry_pkgs
do
fi
done
printf '\n'
# care of them.
# The userland modules, kernel modules and OpenSSL filter libs
print "\n"
}
#
# Add metaslot configuration to pkcs11.conf if it doesn't already exist
#
{
if [ $? != 0 ] ; then
print "Adding cryptographic framework's meta slot feature"
export metaslot_config=\
"metaslot:metaslot_status=enabled;metaslot_auto_key_migrate=enabled;"\
"metaslot_token=Sun Software PKCS#11 softtoken;"\
"metaslot_slot=Sun Crypto Softtoken"
nawk '/^# End SUNWcsr/ \
{ print ENVIRON["metaslot_config"] } \
{ print } \
' ${pkcs11conf} > ${pkcs11conf}.tmp
mv -f ${pkcs11conf}.tmp $pkcs11conf
print "\n"
fi
}
{
#
# This checks to see if the old 'gl' and 'do' directories
# for the Kerberos GSS-API mechanisms can be deleted.
# subdirs may be deleted.
#
print "Cleaning up old Kerberos GSS-API mechanisms...\c"
if [ -f $usr/lib/gss/mech_krb5.so.1 ]; then
#
# There is a mech in the "new" location, so
# the old stuff can be deleted.
#
fi
fi
fi
if [ -f $usr/lib/sparcv9/gss/mech_krb5.so.1 ]; then
fi
fi
fi
#
# Cleanup kernel mechanisms from default location
#
if [ -f $rootprefix/$kerneldir/kmech_krb5 ]; then
if [ -f $rootprefix/$kerneldir/gl_kmech_krb5 ]; then
fi
if [ -f $rootprefix/$kerneldir/do_kmech_krb5 ]; then
fi
fi
#
# For SPARC, cleanup from 2 locations.
#
#
if [ -f $rootprefix/$kerneldir_sparc/kmech_krb5 ]; then
if [ -f $rootprefix/$kerneldir_sparc/gl_kmech_krb5 ]; then
fi
if [ -f $rootprefix/$kerneldir_sparc/do_kmech_krb5 ]; then
fi
fi
#
#
if [ -f $rootprefix/$kerneldir_sparc/kmech_krb5 ]; then
if [ -f $rootprefix/$kerneldir_sparc/gl_kmech_krb5 ]; then
fi
if [ -f $rootprefix/$kerneldir_sparc/do_kmech_krb5 ]; then
fi
fi
#
# Make sure the GSS mechanism configuration file is correct
#
$gssmechconf > ${gssmechconf}.tmp
if [ $? -eq 0 ]; then
mv -f ${gssmechconf}.tmp $gssmechconf
else
echo "WARNING: update of $gssmechconf failed."
return 1
fi
fi
print "\n"
}
mpxiodisableno='^[ ]*mpxio-disable[ ]*=[ ]*"no"[ ]*;'
mpxiodisableyes='^[ ]*mpxio-disable[ ]*=[ ]*"yes"[ ]*;'
#
# fix up audit permissions
#
{
chmod 644 $root/etc/security/audit_user
}
#
# disable mpxio on fp(7D) ports using fp.conf
#
{
test -f $conffile || return
print "To preserve device names, disabled mpxio on fp(7D) ports by"
> $tmpfile
print "changing the value of mpxio-disable to \"yes\" in" \
else
print "adding mpxio-disable=\"yes\" entry to $conffile"
fi
}
#
# enable mpxio in scsi_vhci
#
{
#
# depending on whether the bfu restored the child's or parent's version
# of scsi_vhci.conf file, we may already have the file with the change
# we need in place. So make the change only if necessary.
#
print "To preserve device names, restored your current mpxio" \
"configuration by"
tmpfile=/tmp/scsi_vhci.conf.$$
> $tmpfile
print "changing the value of mpxio-disable to \"no\" in" \
else
print "adding mpxio-disable=\"no\" entry to $conffile"
fi
}
#
#
{
# if scsi_vhci.conf doesn't exist return
test -f $conffile || return
#
# Determine the mpxio setting in the child. If the system was bfued
# before and running with mpxio on by deafult bits, can't rely on the
# mpxio-disable entry in the child's scsi_vhci.conf file as it may
# contain stale left over entries.
#
if [ -f $ancestorconffile ]; then
#
# prior to the bfu the system was running with
# mpxio off by default bits.
#
fi
else
fi
# these bits require explicit enabling of mpxio at in scsi_vhci
if [ $mpxio_child -eq 1 ]; then
$rootprefix/kernel/drv/fp.conf || \
fi
else
#
# these bits have mpxio enabled by default in scsi_vhci.
# if mpxio is disabled in the child, disable mpxio on all
# fp(7D) ports using fp.conf.
#
[ $mpxio_child -eq 0 ] && disable_mpxio_using_fpconf
fi
}
#
# Check to see if root in $1 has a mounted boot, and that
# it's mounted at the right place for bfu to handle it.
#
# Returns 0 (true) if bfu can handle the upgrade; fails if not
#
{
ROOT=$1
# find out if, and where, boot is mounted
else
BOOTMNT="/boot"
fi
cat << BOOTMOUNTERR
${ROOT} refers to an x86 boot partition, but it's not mounted
at ${ROOT}/boot.
BOOTMOUNTERR
fail "Mount ${ROOT}s bootpart at ${ROOT}/boot.\n\n"
fi
fi
return 0
}
# update the realmode boot programs at $1 (root)
{
PBOOT=$1
BOOTBLK=$2
DEVICE=$3
if [ ! -f $PBOOT ]; then
echo "$PBOOT: File not found"
return 1
fi
if [ ! -f $BOOTBLK ]; then
echo "$BOOTBLK: File not found"
return 1
fi
if [ ! -c $DEVICE ]; then
echo "$DEVICE: Not a character device"
return 1
fi
if [ ! -w $DEVICE ]; then
echo "$DEVICE: Not writeable"
return 1
fi
# pboot at block 0, label at blocks 1 and 2, bootblk from block 3 on
return 0
}
{
ROOT=$1
# go get new versions of boot files into TMPDIR
OLD_PWD=$(pwd)
cd $TMPDIR
# i86pc.boot archive
# i86pc.usr archive
cd $OLD_PWD
if [ $? -eq 0 ] ; then
echo 'Updating /boot on x86 boot partition.'
if [ ! -f ${TMPDIR}/$f ]; then
fail "Missing $f, aborting."
fi
done
TMP_FDFILE1=${TMPDIR}/fdfile1.$$
# Obtain the disk table; it will look something like the following:
#
# * Id Act Bhead Bsect Bcyl Ehead Esect Ecyl Rsect Numsect
# 130 128 27 28 0 242 9 553 1728 8897472
#
# Delete all blank lines, and all lines that begin with *,
# leaving only actual fdisk entries that we can scan
# looking for the X86BOOT partition
num=1
do
# Ignore entry if not X86 /boot partition
# ID '190' is the X86BOOT partition (see man fdisk(1M))
continue
fi
# Found X86 boot partition - save contents to $DDCOPY
echo "Boot device is <${BOOTPART}>"
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to save copy of <${BOOTPART}>."
fi
# mount copy of old /boot partition
if [ $? -ne 0 ] ; then
[ -n "${LOBOOTDEV}" ] && echo "${LOBOOTDEV}"
fail "Unable to make lo-device <${DDCOPY}>"
fi
SOURCE_BOOT_DEV="${TMPDIR}/tmpbootdev.$$"
${SOURCE_BOOT_DEV})
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount lo-device <${LOBOOTDEV}>."
fi
# recreate existing boot partition with updated
# boot files
# umount ${ROOT}'s /boot if mounted
if [ -n "${BOOTMOUNTPT}" ] ; then
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to umount X86 boot device."
fi
fi
echo "Making new pcfs file system on ${DISKID}"
if [ $? -ne 0 ] ; then
echo "Unable to make pcfs:"
fail ""
fi
echo "Copying x86 boot partition contents back\c"
echo " to new /boot fs."
OLD_PWD=$(pwd)
echo "Remounting freshened /boot partition"
if [ -z "${BOOTMOUNTPT}" ] ; then
# boot ptn wasn't mounted
else
fi
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount X86 boot device."
fi
# copy old /boot contents
cd ${SOURCE_BOOT_DEV}
if [ $? -ne 0 ] ; then
fail "Unable to copy boot partition contents."
fi
cd ${OLD_PWD}
# unmount and rm our boot mount, if we created it
if [ -z "${BOOTMOUNTPT}" ] ; then
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
fi
# unmount, un-lofi, and rm SOURCE_BOOT_DEV
ERRMSG=$(umount ${SOURCE_BOOT_DEV} 2>&1)
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
rm -rf ${SOURCE_BOOT_DEV}
done < ${TMP_FDFILE1}
rm ${TMP_FDFILE1} ${LOGFILE} ${DDCOPY}
else
# non boot-partition: use installboot to get pboot and bootblk
echo "Updating /boot on Solaris partition."
if [ -z "${ROOTRAWDEV}" ] ; then
[ -n "${ROOTRAWDEV}" && echo "${ROOTRAWDEV}" ]
fail "${SEARCH} must be a mounted filesystem"
fi
echo "Updating Solaris partition ${ROOTRAWDEV} with installboot"
REQFILES="pboot bootblk"
if [ ! -f ${TMPDIR}/$f ]; then
fail "Missing $f, aborting."
fi
done
if [ $? -ne 0 ] ; then
fi
fi
}
print "Verifying archives ..."
do
done
old_style_archives="true"
"missing;\npossible mkbfu version mismatch: pre-zones" \
"style archives with zones files."
fi
do
done
do
if [ -f $prologue ]; then
print "Executing $prologue"
fi
done
print "Performing basic sanity checks ..."
do
done
if [ "$karch" = "sun4u" ] &&
then
if [ "$force_override" = "no" ] &&
then
print "\n\nERROR: You are upgrading to a 64-bit-only OS. " \
"Your frame buffer does not have a 64-bit driver and " \
"will not work after reboot. To proceed you must run " \
"bfu with the -f flag.";
exit;
fi;
fi;
[ "$force_override" = "no" ];
then
print "\nERROR: These archives do not have Ultra-1 platform support." \
"\nProceeding with this BFU may render this machine unbootable." \
"\nTo proceed anyway, you must run bfu with the -f flag.\n";
exit;
fi;
do
rootprefix=${root%/}
done
#
# Perform additional sanity checks if we are upgrading the live system.
#
if [ "$rootlist" = "/" ]
then
#
# Disallow from older releases
#
fail "Cannot bfu from pre-Solaris $MINIMUM_OS_REV"
fi
fail "This version of bfu cannot run on pre-Greenline " \
"(s10_64) systems"
fi
#
# Filesystem space checks
#
while [ $# -gt 0 ]
do
fail "Less than $2 MB free on $1 -- bfu not safe."
shift 2
done
#
# Disable kernel module unloading
#
print "Disabling kernel module unloading ... \c"
#
# Load modules and drivers here not to reload them when you access
# /devices or its subdirectories later.
#
do
done
then
fi
# umount /platform/$PLAT/lib/libc_psr.so.1 if necessary
then
print "Unmounting /platform/$PLAT/lib/libc_psr.so.1 ..."
else
# umount /platform/$ARCH/lib/libc_psr.so.1 if necessary
then
print "Unmounting /platform/$ARCH/lib/libc_psr.so.1 ..."
fi
fi
# umount /platform/$PLAT/lib/sparcv9/libc_psr.so.1 if necessary
then
print "Unmounting /platform/$PLAT/lib/sparcv9/libc_psr.so.1 ..."
else
# umount /platform/$ARCH/lib/sparcv9/libc_psr.so.1 if necessary
then
print "Unmounting \c"
print "/platform/$ARCH/lib/sparcv9/libc_psr.so.1 ..."
fi
fi
# umount /platform/sun4u-us3/lib/libc_psr.so.1 if necessary
then
print "Unmounting /platform/sun4u-us3/lib/libc_psr.so.1 ..."
fi
# umount /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1 if necessary
then
print "Unmounting /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1 ..."
fi
#
# The libpiclsbl.so.1 library has been moved from
# /usr/platform/SUNW,Sun-Fire-T200/lib/... to
# symbolic link to T200's libpiclsbl.so.1. Therefore check
# if library is present in T200's directory and then remove
# it and the symbolic links.
if [ -a \
then
print "Removing libpiclsbl.so library ..."
fi
#
# Stop any running zones: the init script will print a
# message if needed.
#
#
# We need all zones to be down before proceeding.
# We can't accomplish this by just disabling the
# zones service, since it might already be disabled.
# So we pretend to be SMF, and invoke the stop method.
#
# When zones are someday independently managed as
# service instances, this will need to be revised.
#
unset SMF_FMRI
fi
fail "zone(s) failed to halt"
#
# Determine the installed zones, which we will want to do
# after we're done with the global zone. This is done now
# rather than later in case bfu'ing the global zone causes
# the zone configuration to become unreadable (e.g., via a
# DTD flag day).
#
rm -f $bfu_zone_list
if ($3 == "installed" &&
($6 == "native" || $6 == "" || $6 == "sn1")) {
printf "%s %s\n", $2, $4
}
}' > $bfu_zone_list
fi
#
# Stop sendmail so that mail doesn't bounce during the interval
#
# remains post-smf(5) because it is a public interface.)
#
print "Disabling sendmail temporarily ..."
else
print "Killing sendmail ..."
fi
print "Disabling remote logins ..."
#
# Stop syslogd so it doesn't interfere with saving preserved files.
#
print "Killing syslogd ..."
print "Disabling syslog temporarily ..."
fi
#
# Stop apache so it doesn't get upset when the entire world changes
# out from underneath it.
#
print "Killing httpd ..."
print "Disabling httpd temporarily ..."
fi
#
# Kill off fmd so it doesn't get upset when the entire world changes
# out from underneath it.
#
print "Killing fmd ..."
print "Disabling fmd temporarily ..."
fi
#
# Stop nscd so it doesn't interfere with stuff.
#
print "Killing nscd ..."
print "Disabling nscd temporarily ..."
fi
then
fi
else
#
#
fail "Cannot bfu from pre-Solaris $MINIMUM_OS_REV"
fi
fail "This version of bfu cannot run on pre-Greenline " \
"(s10_64) systems"
fi
fi
then
fi
# turn off auxiliary filters, since they can cause objects to be loaded
# from outside of the protected environment.
export LD_NOAUXFLTR=1
#
# Since we've turned off auxiliary filters, libc_psr will normally not
# be loaded at all. But libc_psr was overriding broken code in libc
# for over a week before the fix for 6324631, so we need to explicitly
# LD_PRELOAD it to allow users to bfu from the broken libc. This can be
# removed once there are no sun4u machines bfued to Nevada bits between
# 9/7/2005 and 9/15/2005.
#
fi
print "Turning on delayed i/o ..."
#
# The "| tee -a $EXTRACT_LOG" following do_extraction() is not pulled into the
# function itself because it interferes with the cpio exit status detection.
# pcfs boot is an exception, since its cpio exit status is expected to be bad,
# so a heuristic must be employed to infer whether or not any errors occurred.
#
shift
$ZCAT $compressed_archive | cpio -idmucB $* 2>&1 \
|| extraction_error "extracting archive $1"
}
egrep -s -v blocks $PCFS_BOOT_LOG
if [ $? -eq 0 ]; then
extraction_error "extracting archive $1 ... see $PCFS_BOOT_LOG"
else
rm -f $PCFS_BOOT_LOG
fi
}
#
# Usage: extract_archives (root|usr|lib|sbin|kernel) arch-list
#
base=$1
shift
do
| tee -a $EXTRACT_LOG
#
# We don't want to overwrite the sharetab if
# it is a mount-point. We assume it is a
# mount-point if it is not writable.
#
fi
fi
[ -f etc/svc/repository.db ] &&
[ -e etc/repository_door ] &&
tee -a $EXTRACT_LOG
else
| tee -a $EXTRACT_LOG
fi
done
cd $root
}
base=$1
shift
cd $root
do
continue
fi
| tee -a $EXTRACT_LOG
if [ $boot_is_pcfs = yes ]; then
else
tee -a $EXTRACT_LOG
fi
if [ "$?" = "0" ]; then
fi
done
cd $root
}
#
# Classic boot pboot and bootblk compatibility with old archives
#
{
# they should already be there, but...
print "Installing pboot from $NEWPBOOTDIR"
fi
if [ -f $NEWBOOTBLK -a ! -f $BOOTBLK ]; then
print "Installing bootblk from $NEWPBOOTDIR"
fi
print "Updating pboot from $NEWPBOOT"
fi
fi
if [ -f $NEWBOOTBLK -a -f $BOOTBLK ]; then
print "Updating bootblk from $NEWBOOTBLK"
fi
fi
#
# This function will never be called when upgrading a zfs root,
# so it's safe to assume a value for rootslice here.
#
print "Installing boot block."
( cd $PBOOTDIR ;
install_boot_i386 ./pboot ./bootblk ${rootslice%??}s2 )
fi
#
# exists.
#
if [ ! -h ${OLDBOOTDIR} -a -f ${OLDBOOTBIN} ] ;
then
print "Removing old boot.bin."
rm -rf ${OLDBOOTBIN}
fi
}
#
# Multiboot support
#
"
#
# transition from multiboot to dca
#
{
fi
if [ $is_pcfs_boot = yes ]; then
if [ $? -eq 0 ]; then
# save configurable files from /boot
# before remounting /stubboot.
# files are relative to /boot.
for file in $saved_boot_files
do
done
echo "unmount $bootdev at $rootprefix/stubboot"
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to umount $bootdev on $rootprefix/stubboot."
fi
# adjust vfstab
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount $bootdev on $rootprefix/boot."
fi
fi
fi
}
{
fi
if [ $system_type != dca ]; then
return
fi
# ensure bootpath is in $rootprefix/boot/solaris/bootenv.rc
# It's ok to put a meta device path in there
if [ $? != 0 ]; then
fi
rm -f $rootprefix/boot/mdboot
}
#
# Figure out the boot architecture of the current system:
# 1. If an i86xpv kernel exists, it's a xpv system
# 2. If dboot_image is in unix, it's a dboot system
# 3. Otherwise, if multiboot is present, it's a multiboot system
# 4. Otherwise, it's a pre-multiboot system
#
# This is called before we lay down the new archives.
#
{
dboot_image; then
else
fi
}
#
# Detect SVM root and return the list of raw devices under the mirror
#
{
if [ -f $rootprefix/etc/lu/GRUB_slice ]; then
else
echo "$dev"
fi
return
else
rootdevlist=`metastat -p $metavol |\
fi
fi
for rootdev in $rootdevlist
do
done
}
#
# Done once per transition from classic (dca) to multi boot
#
{
if [[ -n $bootdev ]] ; then
# Remount boot partition as /stubboot, set up new /boot
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fi
if [ $? -ne 0 ] ; then
[ -n "${ERRMSG}" ] && echo "${ERRMSG}"
fail "Unable to mount $bootdev on $rootprefix/stubboot."
fi
mkdir -p $rootprefix/boot
cp -r $rootprefix/stubboot/* $rootprefix/boot
sed <$rootprefix/etc/vfstab \
-e "s/[ ]\/boot[ ]/ \/stubboot /" | \
sed -n >$rootprefix/etc/vfstab+ '
/p0:boot/ {
s/[ ]no/ yes/
}
p
'
fi
}
#
# multiboot: install grub on the boot slice
#
{
if [ -x $rootprefix/boot/solaris/bin/update_grub ]; then
-R $root
elif [ $is_pcfs_boot = no ]; then
get_rootdev_list | while read rootdev
do
print "Install grub on $rootdev"
done
else
# copy /boot grub & solaris to /stubboot
# Adjust grub paths relative to pcfs filesystem
#
# Run installgrub after copying stubboot to avoid overwriting
#
print "Install grub on $rbootdev"
fi
fi
}
#
# We check for several possibilites of a bootenv.rc line:
#
# 1. setprop name 'value'
# 2. setprop name "value"
# 3. setprop name value
#
{
line=$1
fi
fi
echo $value
}
{
# Note: the big space below is actually a space and tab
fi
fi
fi
fi
if [ -n "boot_args" ]; then
fi
# If args starts with a -B, remove it and add a comma instead
else
fi
else
args_line=""
fi
fi
if [ $bootenvrc_updated = 1 ]; then
fi
}
{
rootdev=$1
#
# Use biosdev to get the bios disk number
#
}
#
# multiboot: set up initial grub menu
#
{
grubhd=$1
if [ $archive_type = multiboot ]; then
BOOT_ARCHIVE="module /platform/i86pc/boot_archive"
else
#
# directboot archives
#
BOOT_ARCHIVE="module\$ /platform/i86pc/\$ISADIR/boot_archive"
fi
#
# The failsafe archives may be different than the boot archives
#
else
fi
#
# Append some useful entries to the existing menu
#
echo "GRUB menu entry 'Solaris' boots to eeprom(1m) settings"
if [ -f ${rootprefix}/$BOOT_FAILSAFE_FILE ] &&
[ -f ${rootprefix}/boot/x86.miniroot-safe ] ; then
${rootprefix}/boot/solaris/bootenv.rc | cut -f 2 -d \'`
if [ -z "${TTY}" ] ; then
${rootprefix}/boot/solaris/bootenv.rc | \
cut -f 2 -d \'`
fi
if [ "${TTY}" = "ttya" ] || [ "${TTY}" = "ttyb" ] ; then
FS_CONSOLE="-B console=${TTY}"
fi
title Solaris failsafe
root $grubhd
kernel $BOOT_FAILSAFE_FILE $BOOT_FAILSAFE_SUFFIX $FS_CONSOLE -s
module /boot/x86.miniroot-safe
EOF
fi
}
{
[ -f /boot/x86.miniroot-safe ] || \
[ ! -x ${GATE}/public/bin/update_failsafe ]; then
#
# Either we're not bfu'ing /, or the failsafe archives were
# already installed, or update_failsafe is not available.
# If the old failsafe archives were multiboot, clear out the
# directboot kernel.
#
if [ $failsafe_type = multiboot ]; then
elif [ $failsafe_type = directboot ]; then
fi
else
echo "Updating failsafe archives"
# Force bootadm to update the failsafe entry
bootadm_f_flag="-f"
fi
}
#
# setup_grub_menu is only called when upgrading from a system
# with a dca boot. This cannot happen on systems with zfs root,
# so this function need not take care of the case where the root
# file system type is zfs
#
{
get_rootdev_list | while read rootdev
do
#
# Wallow through fdisk to get the active partition number
# Partition numbering is zero-based
#
part=0
do
# Find solaris partition, either older 130 or 191
break
fi
done
grubhd="(hd${biosdisk},${part},${gslice})"
#
# update the grub menu if it doesn't exist or
# doesn't have usable boot entries
#
if [ -f $MENU ]; then
if [ $? -eq 1 ]; then
fi
else
fi
done
}
#
# Build the multiboot boot archive
#
{
#
# We should be able to run bootadm here but that's a
# little more complicated than one would think
#bootadm_args=${rootprefix:+-R $rootprefix}
cr_args=${rootprefix:+ -R $rootprefix}
#
# Disable the boot-archive service on the first boot
# to silence complaints about new files
# svccfg -s system/boot-archive setprop start/exec = true
cat >$rootprefix/lib/svc/method/boot-archive <<"EOF"
exit 0
cat >$rootprefix/etc/rc2.d/S99postbfu <<EOF
#!/bin/sh
#
case "\$1" in
'start')
cp /bfu.conflicts/lib/svc/method/boot-archive /lib/svc/method/boot-archive
chmod +x /lib/svc/method/boot-archive
rm -f /etc/rc2.d/S99postbfu
;;
*)
echo "usage: \$0 start"
exit 1
;;
esac
exit 0
EOF
}
#
# Install failsafe archive on a sparc machine if not present.
# Use a well-known server for the archive if we need it.
#
{
# check if failsafe already installed
if [ -f $rootprefix/platform/$karch/failsafe ]; then
return
fi
fi
fi
fs_wos_image="/net/${FAILSAFE_SERVER}/${FAILSAFE_IMAGE}"
fs_archive="${fs_wos_image}/boot/sparc.miniroot"
if [ ! -d $fs_wos_image ] || [ ! -f $fs_archive ]; then
# XXX Remove this fallback to a known good archive once real
# XXX images with boot archives become available.
fs_archive="${fs_wos_image}/boot/sparc.miniroot"
fi
if [ -d $fs_wos_image ] || [ ! -f $fs_archive ]; then
echo "Installing failsafe archive from $fs_wos_image"
fi
}
{
cat >$rootprefix/lib/svc/method/boot-archive <<EOF
#!/sbin/sh
. /lib/svc/share/smf_include.sh
. /lib/svc/share/fs_include.sh
exit 0
EOF
}
dir=$1
}
{
if [ $multi_or_direct = yes ]; then
if [ $archive_type != $system_type ]; then
[ $system_type = dca ] && setup_grub_menu
if [ $have_new_bootadm = yes ] ||
dboot_or_multiboot ); then
if [[ -z $rootprefix ]]; then
else
-m upgrade -R $rootprefix \
fi
[ $archive_type = directboot ] && update_bootenv
else
cat >&2 <<EOF
WARNING: Cannot find new bootadm. If bfu'ing across the multiboot/directboot
boundary, you will need to manually change menu.lst. See
http://www.sun.com/msg/SUNOS-8000-CF for details.
EOF
fi
#
# If we're going backwards, we need to remove the
# symdef binary.
#
if [ -f $rootprefix/boot/solaris/bin/symdef ] && \
[ $archive_type = multiboot ]
then
fi
elif [ $failsafe_type = multiboot ]; then
elif [ $failsafe_type = directboot ]; then
fi
else
fi
}
typeset pkgroot
typeset pkg
root=$1
zone=$2
fi
# If the archives being installed contain i86pc.boot,
# check to see if it contains strap.com, one of the
# four possibly-required booters. If i86pc.boot does,
# try to upgrade the realmode booters from the current
# archive set.
#
# Don't bother doing the upgrade for diskless bfu, as the boot
# will be done with floppy or PXE, which must match the build
# anyway (floppy must match or add_install_client must be
# rerun), and in any event we can't touch the boot bits
# for diskless boot from here. Also don't do this for
# any zone but 'global'.
rootprefix=${root%/}
pkgroot=${rootprefix:+-R $rootprefix}
then
if boot_is_upgradeable $root && \
[ $archive_type = dca ]; then
print "\nUpdating realmode boot loaders\n"
fi
if [ $multi_or_direct = yes ]; then
if [ $is_pcfs_boot = yes ]; then
fi
fi
fi
# before we save away driver_aliases, remove any obsolete entries
if [ $target_isa = i386 ]; then
# need to remove old pci5853,1 entry for xpv. The correct
# entry going forward is pci5853,1.1 which is now in
fi
fi
SECONDS=0 # time each iteration
print "\nSaving configuration files in $rootprefix/bfu.child ... \c"
cd $root
rm -rf bfu.default bfu.restore # historical
fail 'failed to save config files'
#
# If the var/sadm/system/admin/INST_RELEASE file still exists,
# this system has never been bfu'd before. Therefore, the
# can be used to determine whether files have been modified
# since installation (the bfu.ancestors directory serves this
# purpose for systems that have already been bfu'd.)
#
if [ -f var/sadm/system/admin/INST_RELEASE ] ; then
else
fi
#
# bfu'ed systems are not upgradeable; prevent suninstall from
# even *presenting* the upgrade option by removing INST_RELEASE.
#
#
# Hacks to work around minor annoyances and make life more pleasant.
# Part 1 of 2: pre-archive-extraction stuff
#
#
# Do not remove remove_initd_links, since this makes sure things
# work properly when init scripts are shuffled around.
#
#
# Remove rc.d scripts and things made superfluous by smf.
# Backwards BFUs will resurrect them from the archives.
#
#
# New, enabled-by-default services need to be checked for, such
# that their enabled status is not flipped by BFU after their
# initial arrival.
#
#
# Handle unbundled TX conversion if needed
#
# Reflect SUNWcsr's pre-install change, ensures
# the i.hosts action script works during 'acr'
if [[ -f $rootprefix/etc/inet/ipnodes && \
! -h $rootprefix/etc/inet/ipnodes ]]; then
cp -p $rootprefix/etc/inet/ipnodes \
fi
#
# Remove obsolete disassembler module
#
if [ $target_isa = sparc ]; then
fi
#
# Remove obsolete Sun-Fire-880 (daktari) FMA Fault Tree directory
# and file. Backwards BFUs will resurrect them from the archives.
#
if [ $target_isa = sparc ]; then
fi
#
#
#
# Remove old FMA dictionary files
#
rm -f $usr/lib/fm/SUN4U.dict
rm -f $usr/lib/fm/SUNOS.dict
# Remove unused SMF dictionary
#
# Remove old FMA .eft files and directories
#
#
# Remove old FMA LDOMS files
#
#
# Remove old topology data
#
#
# Remove old prtopo and obsoleted include file.
#
#
# Remove fm driver
#
#
# Remove old AMD cpu module, to be replaced by extended cpu.generic
# with AMD-specific support layered on top as a model-specific module.
# Also remove the corresponding mdb and kmdb support. Backwards BFU
# will reintroduce these files.
# Remove cpu.generic from i86xpv platform
#
# Remove obsolete buildmnttab script. Backwards BFUs will
# resurrect it by extracting it from the archives.
#
rm -f $root/etc/init.d/buildmnttab
#
# Break-up of inetsvc, inetinit & network -- remove both the old
# and new init scripts. The correct ones will be extracted from
# the archives whether bfu'ing backwards or forwards.
#
# old: need to remove going forwards:
#
rm -f $root/etc/rc0.d/K42inetsvc
rm -f $root/etc/rc1.d/K42inetsvc
rm -f $root/etc/rcS.d/K42inetsvc
rm -f $root/etc/rcS.d/S29network.sh
#
# new: need to remove going backwards:
#
rm -f $root/etc/init.d/domainname
rm -f $root/etc/rc2.d/S69domainname
rm -f $root/etc/rcS.d/S28network.sh
#
# Remove Zones init scripts: they will be extracted properly
# going forwards; after going backwards, they will be gone,
# thus preventing scary warnings on subsequent bfu's.
#
#
# Remove <inet>6 STREAMS modules; these no longer exist (and
# should never have existed in the first place).
#
#
# Remove old ZFS binaries (back when it was three modules)
#
rm -f $root/kernel/drv/zpool.conf
rm -f $root/kernel/drv/zpool.cache
#
# Remove /usr/lib/old_libthread since support for it has
# been removed from the kernel in Solaris 10. If this is
# a backwards BFU, it will all be extracted again by cpio.
# Remove libconfig
rm -f $usr/lib/drv/config_md.so.1
rm -f $usr/include/config_md.h
# remove libssd
rm -f $usr/lib/libssd.so.1
# remove libap
rm -f $usr/lib/libap_dmd.a
rm -f $usr/lib/libap_dmd.so.1
# remove libintpos
rm -f $usr/lib/libintpos.a
rm -f $usr/lib/libintpos.so.1
# Remove obsolete abi subdirectories
fi
#
# Remove old stuff related to libthread now that libthread has
# been folded into libc and libthread_db has been renamed libc_db.
# In addition, all the apptrace's tracing libraries (i.e., abi_*.so*),
# spec2map and spec2trace are no longer needed, should be removed.
rm -f \
$usr/lib/abi/spec2trace \
#
# /lib is now a real directory in the root filesystem.
# Remove all of the old static libraries and commands now
# that we no longer build them. If this is a backwards
# BFU, all this will all be extracted again by cpio.
rm -f \
$usr/ccs/lib/libpanel.a \
#
# Remove other obsolete files, too
rm -f \
#
# libc_psr.so.1 and libmd5_psr.so.1 have been moved
# Remove the old files and their containing directories
rm -f $usr/platform/*/lib/libc_psr.so.1
rm -f $usr/platform/*/lib/libmd5_psr.so.1
#
# libmd5_psr.so.1 and symlinks to it have been replaced
# by libmd_psr.so.1 and thus need to be removed
rm -f $root/platform/*/lib/libmd5_psr.so.1
#
# Remove obsolete profile libc symlinks
#
# Remove Legacy DR files, now obsolete due to NGDR Phase II putback
#
STARFIRE_PLAT=platform/SUNW,Ultra-Enterprise-10000
rm -f \
# Remove obsolete OPL platform links.
# Solstice Enterprise Agent(SEA) : mib-II subagent mibiisa
# needs to be disabled during startup. SMA(System Management Agent)
# has the capability to support mib-II requests.
# The correct ones will be extracted from
# the archives whether bfu'ing backwards or forwards.
#
# old: need to remove going forwards:
#
# new: need to remove going backwards:
# remove old terminal emulator module:
# (renamed from 'terminal-emulator' to 'tem')
#
# old: need to remove going forwards:
#
# new: need to remove going backwards:
#
# if any.
#
fi
fi
#
# Remove the snowbird sbin and include symlinks
#
if [[ -h $usr/platform/SUNW,Netra-CP2300/sbin ]] ; then
fi
if [[ -h $usr/platform/SUNW,Netra-CP2300/include ]] ; then
fi
# If we still have the old lp(7D) driver, remove it and its symlinks
# and header file. (If driver already gone, don't trample new symlinks.)
#
fi
#
# Remove V880 CPU DR files, program cancelled
#
DAKTARI_PLAT=platform/SUNW,Sun-Fire-880
rm -f \
#
# Remove crash(1M), now obsoleted by mdb(1). If this is a backwards
# BFU, it will be extracted again by cpio.
#
#
# Remove kadb(1M), now obsoleted by kmdb(1M)
#
#
# Remove old platform dmod symlinks
#
done
#
# Remove ADB macros
#
done
#
# Remove the SGENV driver from the Sun-Fire directory structure.
# If this is a backwards BFU, it will be extracted again by cpio.
#
#
# Remove sun4m
#
if [ $target_isa = sparc ]; then
fi
rm -f $usr/include/sys/openprom.h
#
# Remove perl 5.005_03. If this is a backwards bfu,
# it will be extracted again by cpio.
#
fi
#
# Remove perl 5.8.3, but only if the generic.usr archive contains 5.8.4.
# If this is a backwards bfu, 5.8.3 will be extracted again by cpio.
#
fi
#
# be laying around. This check may be removed when a sufficient time
# has lapsed between the FMA putback as to ensure that no test machines
# still have development FMA bits.
#
[[ -h $platdir ]] && continue
done
#
# Clean up legacy versions of x4500 FMA modules which may be still
# be laying around. This check may be removed when a sufficient time
# has lapsed between the FMA putback as to ensure that no test machines
# still have development FMA bits.
#
# Remove pam_unix
#
rm -f $usr/lib/security/pam_unix.so
#
# Remove pam_projects
rm -f $usr/lib/security/64/pam_projects.so.1
rm -f $usr/lib/security/64/pam_projects.so
#
# Remove libldap.so.3
#
rm -f $usr/lib/libldap.so.3
rm -f $usr/lib/sparcv9/libldap.so.3
#
# Remove nss XFN support no longer used by printing
#
$rootprefix/bfu.child/etc/nsswitch.conf > /tmp/nssw.$$
rm -f $usr/lib/nss_xfn.so.1
rm -f $usr/lib/sparcv9/nss_xfn.so.1
#
#
if [ -d $rootprefix/etc/fn -o \
-d $rootprefix/var/fn ]; then
fi
#
# Remove AT&T FACE
#
fi
#
# Remove DMI
#
-d $rootprefix/etc/dmi -o \
-d $rootprefix/var/dmi ]; then
fi
#
# Remove Wildcat
#
if [ -f $rootprefix/platform/SUNW,Sun-Fire-15000/kernel/misc/sparcv9/gptwo_wci -o \
-f $rootprefix/platform/sun4u/kernel/drv/wrsmd.conf -o \
-d $rootprefix/etc/wrsm -o \
fi
#
# Remove ASET
#
fi
#
# Remove BIND 8, but only if the generic.usr archive doesn't contains
# be extracted again by cpio.
#
fi
#
# Remove any sendmailvars: line from /etc/nsswitch.conf
#
#
# Remove vold
#
fi
#
# Remove obsolete Mobile IP software
#
if [[ -f $rootprefix/etc/init.d/mipagent || \
-f $rootprefix/usr/lib/inet/mipagent ]]; then
fi
#
# Remove SUNWcoff package
#
if [ $target_isa = i386 ]; then
fi
# In case that did not work, do it manually.
if [ -d $rootprefix/var/sadm/pkg/$pkg ]; then
fi
fi
#
# Remove GMT* zoneinfo files
#
# Remove stc(7d)-related files
# Remove old CPC adb macros.
if [ $target_isa = sparc ]; then
fi;
# Remove obsolete DTrace demos
# Remove flashprom-related files.
if [ $target_isa = sparc ]; then
for x in $FLASHPROMLIST
do
done
fi;
# Remove pt_chmod - obsoleted by new /dev filesystem
fi
if [ $RM_32BIT_KERNEL -eq 1 -a $zone = global ];
then
print "Removing 32-bit commands and kernel binaries ... \c";
$usr/lib/mdb/kvm/genunix.so \
$usr/lib/mdb/kvm/ufs_log.so \
print "done.";
fi;
# Remove pre dboot krtld as well as obsolete boot blocks
#
fi
#
# Remove kmdbmod from /kernel
#
#
# code reorg
#
#
# Remove the IPsec encryption and authentication modules.
# IPsec now uses the Kernel Crypto Framework for crypto.
#
#
# Remove the now-obsolete "nattymod" STREAMS module.
#
#
# Remove obsolete SSA utility, firmware and fcode.
#
#
# Remove seg_drv, seg_mapdev driver
#
rm -f $root/kernel/misc/seg_mapdev
#
# Remove mpxio module
#
#
#
if [ $target_isa = sparc -a $zone = global ]; then
rm -f $usr/lib/adb/mdi_client
rm -f $usr/lib/adb/mdi_pathinfo
rm -f $usr/lib/adb/scsi_vhci_pkt
fi
#
# Remove platform specific dmfe driver ... its common now
if [ $target_isa = sparc ]; then
fi
#
# Remove EOF sbpro driver and supporting header file
# (Note that .conf file may also appear in /platform)
#
if [ $target_isa = i386 ]; then
rm -f $root/kernel/drv/sbpro.conf
fi
#
# Diskless clients have already extracted /usr so don't delete this
# Non-global zones never extracts /usr so don't delete these
#
fi
rm -f $root/lib/mpxio/stmsboot_util
#
# Remove rpcib misc module (converted to driver)
#
#
# Remove old smartcard header files
#
rm -f \
#
# Remove smartcard libraries that should not have been shipped.
#
#
# Remove external smartcard reader driver
#
#
# Remove old internal smartcard reader driver
#
#
# Remove Smart OS
#
#
# Remove drivers & header files for EOL of soc & pln drivers
# as per PSARC/2003/233
#
#
# PSARC/2003/629 Common Solaris Target Disk Driver
# remove adb macro "scsi_disk" for the x86 platform
#
if [ $target_isa = i386 ]; then
fi
# Remove CPCv1 API header per PSARC/2004/648
rm -f $usr/include/sys/cpc_event.h
# Remove headers per PSARC/2005/561
rm -f $usr/include/sys/nexusintr.h
# attempt to migrate any user-added files, which primarily live
# ship under that directory, then move any that remain to the
# new location, which we will `mkdir -p` just to be safe.
# If the zone in question is non-global, then skip all this.
#
# -d follow sym-links: make sure it's not a link.
# bfu'ing backwards does not merit such migration.
fi
fi
# local.cf no longer needed with the advent of sendmail -bl
#
# Remove drivers and header files for EOF of Lance Ethernet
# driver(le) as per PSARC/2003/335.
#
#
# Remove drivers and header files for EOF of ieef driver as
# per PSARC/2003/009
#
#
# Remove drivers and header files for EOF of elx driver as
# per PSARC/2003/770
#
#
# Remove drivers for EOF of pe driver as per PSARC/2004/051
#
#
# Remove drivers for EOF of Compaq NCR, Compaq SMART2, AMI Mega
# PSARC/2004/207
#
rm -f $root/kernel/drv/cpqncr.conf
#
# Remove eisa nexus driver and header files for EOF of EISA
# support as per PSARC/2003/650
#
#
#
#
# Remove junk headers
#
#
# Remove obsolete x86 hat layer and associated adb scripts
#
#
# Remove drivers for EOF of chs as per PSARC/2005/581
#
#
# Remove drivers & header files for EOF of dbri as per PSARC 2005/582
#
#
# Remove drivers for EOF of pcscsi as per PSARC/2005/003
#
rm -f $root/kernel/drv/pcscsi.conf
#
# Remove drivers for EOF of dpt as per PSARC/2003/701
#
#
# Remove drivers for EOF of mlx driver as per PSARC/2003/701
#
#
# Remove snlb
#
#
# Remove objmgr
#
rm -f $root/kernel/drv/objmgr.conf
#
# Remove other unused headers
#
#
# Remove Floating Point Emulator for EOF as per PSARC/2003/651
#
#
# Remove 64-bit adp, cadp and cpqhpc
#
#
# Remove 64-bit i2o_bs, i2o_msg, i2o_scsi, pci_to_i2o, mscsi, ncrs,
# msm, spwr, bscv, bscbus
#
# Remove obsolete pfil modules, binaries, and configuration files
# Remove obsolete atomic_prim.h file.
#
# Remove sc_nct binary and the corresponding symlink to sc_nct from the
# Montecarlo platform specific directories (Reference: PSARC 2003/606).
# To be specific, the following binary will be removed.
# Also, the following symlink will be removed.
#
fi
#
# In case of bfu to an older release, remove traces of "new"
# Kerberos mechanisms. Kerberos libraries and paths are corrected
# after extraction is complete.
#
#
# Diskless clients have already extracted /usr so don't delete these
# Non-global zones never extracts /usr so don't delete these
#
rm -f $usr/lib/gss/mech_krb5.so
rm -f $usr/lib/gss/mech_krb5.so.1
fi
# Remove old OpenSSL stuff from SUNWwbint
#Remove ufs logging module - now merged into ufs module
rm -f $rootprefix/usr/lib/mdb/kvm/ufs_log.so
rm -f $rootprefix/usr/lib/mdb/kvm/amd64/ufs_log.so
#Remove diskmgtd. If backward BFU, will get re-installed from
#archive.
#
# Remove old ia64 cruft
#
if [ $target_isa = i386 ]; then
fi
#
# Remove machpage-related stuff
#
#
# Remove old cacheos
#
rm -f $root/etc/init.d/cachefs.root
rm -f $root/etc/rcS.d/S35cacheos.sh
#
# Remove unneeded nfsmapid entries
#
#
# Nuke the nfsauth headers when we're working with the 'global'
# or a fully populated nonglobal zone. The cpio archive will lay the
#
dir_is_inherited usr 2>/dev/null;
rm -f ${rootprefix}/usr/include/rpcsvc/nfsauth_prot.x
rm -f ${rootprefix}/usr/include/rpcsvc/nfsauth_prot.h
fi
#
# Move the original manifests aside; later we will restore
# unchanged originals to avoid superfluous re-import on reboot.
# (First blow away the old dir path just to be safe.)
#
[ -d $root/$new_mfst_dir ] && mv $root/$new_mfst_dir $root/$old_mfst_dir
#
# Remove obsolete sum.h
#
#
# Remove obsolete std.h
#
#
#
#
# Remove acpi_intp module
#
if [ $target_isa = i386 ]; then
fi
#
# Remove nxge module (moved to a generic location to support xVM)
#
if [ $target_isa = i386 ]; then
# We're doing a backward bfu.
fi
#
# Remove obsolete librac
#
rm -f $usr/lib/llib-lrac.ln
rm -f $usr/lib/amd64/llib-lrac.ln
rm -f $usr/lib/sparcv9/llib-lrac.ln
rm -f $usr/lib/librac.so.1
rm -f $usr/lib/amd64/librac.so.1
rm -f $usr/lib/sparcv9/librac.so.1
#
# PSARC/2006/248, and along with this came a syntax change to the
# /etc/aggregation.conf file. After archives have been extracted,
# we're doing a backward bfu and need to convert the syntax of the
# /etc/aggregation.conf file to its old format.
#
else
fi
rm -f $root/lib/libcmd.so.1
rm -f $root/lib/amd64/libcmd.so.1
rm -f $root/lib/sparcv9/libcmd.so.1
rm -f $root/lib/llib-lcmd.ln
rm -f $root/lib/amd64/llib-lcmd.ln
#
# Remove xmemfs altogether.
#
#
# Remove obsolete libmacadm, liblaadm and libwladm. If this is
# a backwards BFU, they will be extracted by cpio.
#
rm -f $root/lib/libmacadm.so.1
rm -f $root/lib/liblaadm.so.1
rm -f $root/lib/libwladm.so.1
#
# Remove PCI hotplug devlinks. Their format has changed,
# and the old devlinks will interfere with the new ones.
#
#
# remove the architecture-specific sn1_brand module since it's being
# replaced with platform-specific modules.
#
#
# Remove I2O.
#
rm -f $root/kernel/drv/i2o_bs.conf
rm -f $root/kernel/drv/pci_to_i2o
#
#
rm -f $usr/ccs/bin/gprof.flat.blurb
#
# Remove us driver header.
#
#
# Remove device private and legacy sun headers we don't need
#
rm -f $usr/include/sys/eri_common.h
#
# Remove new files in order to go backward.
#
#
# Remove libtopo platform XML files that have been replaced by propmap
# files.
#
# End of pre-archive extraction hacks.
# for compatibility with older bootblk delivery
tee -a $EXTRACT_LOG
tee -a $EXTRACT_LOG
case $target_isa in
"zfs boot block installation ... \c" |
tee -a $EXTRACT_LOG
tee -a $EXTRACT_LOG
get_rootdev_list | while read physlice
do
print "Installing bootblk on $physlice."
$usr/sbin/installboot -F zfs ./bootblk \
done
print "Installing boot block on $rootslice."
print "Detected SVM root."
get_rootdev_list | while read physlice
do
print "Installing bootblk on $physlice."
done
fi
;;
i386)
print "Extracting grub for boot " \
tee -a $EXTRACT_LOG
;;
*)
;; # unknown ISA
esac
fi
archlist=""
do
done
fi
if [ $target_isa = i386 ]; then
elif [ $newboot_sparc = yes ]; then
fi
else
fi
if [ $target_isa = i386 ]; then
#
# The assumption here is that if boot
# archives exist at all, they only exist
# for architectures where we also have
# .root archives.
#
elif [ $newboot_sparc = yes ]; then
fi
else
fi
fi
#
# UltraSparc III platforms have aes module in platform directory
#
fi
#
# remove platform specific rsa module obsoleted by the bignum module
#
print "\nRemoving duplicate kernel binaries ..."
#
# First, find all regular files underneath the */kernel
# directories we extracted, and mark them as older or newer
# than our reference file -- if newer, they were extracted
# during the bfu.
#
# delete old files which have new counterparts.
#
dirs="$rootprefix/kernel $usr/kernel"
for plat in $archlist $rootarchs $usrarchs; do
done
while read f; do
if [[ $f = $time_ref ]] then
else
echo $age $f
fi
done |
/^new/ { lastname = $3 }
/^old/ { if (lastname == $3) { print $2 "/" $3 } }
' | while read x; do
echo "rm $x"
rm $x
done
fi
echo
#
# Change permissions of public IKE certificates and CRLs
# that may have been incorrectly created as private
# PKCS#11 hints files must be left root-only readable.
# Make sure this files starts with "30 82"
#
$rootprefix/etc/inet/ike/publickeys/* 2>/dev/null`; do
then
fi
done
#
# Add uCF's metaslot feature
if [ -f $rootprefix/etc/crypto/pkcs11.conf ] ; then
fi
# Cleanup old Kerberos mechanisms
# Cleanup old RBAC profiles
# Obsolete GLDv3 /etc/datalink.conf file".
if [[ $zone = global && -f $rootprefix/etc/datalink.conf ]]; then
fi
#
# Force xVM privilege fixups to occur on next boot.
#
print "\nRestoring configuration files.\n"
cd $root
test -d bfu.parent && mv bfu.parent bfu.ancestor
filelist $zone | cpio -pdmu bfu.parent 2>>$EXTRACT_LOG || \
extraction_error "restoring configuration files"
if [ $multi_or_direct = no ]; then
if [ $have_realmode = yes ]; then
if [ -d bfu.realmode ]; then
( cd bfu.realmode ; realmode_filelist | \
cpio -pdmu ../bfu.ancestor 2>/dev/null )
fi
( cd bfu.parent ; realmode_filelist | \
cpio -pdmu ../bfu.realmode 2>/dev/null )
else
for file in $realmode_files
do
done
fi
fi
cd bfu.child
do
# parent: freshly-BFUed version
# child: pre-BFU version
# ancestor: installed from archives the last time you BFUed
# actual: in the root filesystem at this moment (same as parent)
# if a superfluous-to-local-zones file was blown away, skip it
[ -f $actual ] || continue
# if there's been no change by the BFU, skip it
# if the file was not installed by the BFU, skip it
[ -f $parent ] || continue
# if this is a file which should never be updated by BFU,
# preserve the original (child) version
if (echo $preserve_files | grep $file >/dev/null 2>&1)
then
print " preserve: $file"
continue
fi
# if the file was accepted from the parent on the last BFU,
# then accept it again this time without argument. Or, if
# this is the first bfu after an standard Solaris install
# or upgrade, compare the file to one installed from packages.
# If it hasn't been modified since installation, accept
# the file from the parent.
if [ -f $ancestor ] ; then
print " update: $file"
continue
fi
print " update: $file"
continue
fi
fi
fi
# if the BFU'ed file is the same as the beginning of the
# pre-BFUed file, assume the user has added lines to the
# end, and restore the pre-BFUed version
print " restore: $file"
continue
fi
# if the new version is the same as it was the last time
# BFU was run, but still different than the pre-BFU version,
# this is an "old" conflict; otherwise, it's a "NEW"
# conflict. Old conflicts can usually be safely ignored.
print "old \c"
else
print "NEW \c"
print $file >>$rootprefix/bfu.conflicts/NEW
fi
print "conflict: $file"
# for all conflicts, restore the pre-BFU version and let
# the user decide what to do.
done
#
# correct permissions using /etc/minor_perm from the parent and
# child, prefer parent.
#
if [ -f $pmperm ]
then
fi
#
# Devices with changed permissions should be added here much
# like in i.minorperm. The "ssm" devices are special in that
# they have no /dev links associated with them.
#
do (
if [ ! -z "$2" ]
then
fi
) done <<-EOF
ssm:* ../devices/ssm*:*
cpc:shared ../devices/pseudo/cpc*
icmp:icmp icmp
icmp6:icmp6 icmp6
ip:ip ip
ip6:ip6 ip6
rts:rts rts
keysock:keysock keysock
ipsecah:ipsecah ipsecah
ipsecesp:ipsecesp ipsecesp
spdsock:spdsock spdsock
sad:admin sad/admin
fssnap:ctl fssnapctl
fssnap:* fssnap/*
clone:ce ce
clone:eri eri
clone:ge ge
clone:hme hme
clone:qfe qfe
clone:bge bge
bge:* bge*
clone:dmfe dmfe
dmfe:* dmfe*
clone:pcelx pcelx
pcelx:* pcelx*
clone:dnet dnet
dnet:* dnet*
clone:elxl elxl
elxl:* elxl*
clone:iprb iprb
iprb:* iprb*
clone:spwr spwr
spwr:* spwr*
clone:afe afe
afe:* afe*
clone:mxfe mxfe
mxfe:* mxfe*
clone:rtls rtls
rtls:* rtls*
nsmb:* nsmb*
EOF
if [ $target_isa = i386 ] && [[ $rootfstype = zfs || \
$rootslice = /dev/rdsk/* || \
$rootslice = /dev/md/rdsk/* ]]; then
fi
#
# update boot archives for new boot sparc
#
if [ $newboot_sparc = yes ] && \
[[ $rootfstype = zfs || $rootslice = /dev/rdsk/* ||
$rootslice = /dev/md/rdsk/* ]]; then
fi
# Check for damage due to CR 6379341. This was actually fixed
# back in snv_24, but users BFUing from an S10 build up to
# Nevada can still encounter it.
if [ -f $rzi ]; then
# Look for duplicated UUIDs. If there are any, then
# just wipe them out.
if nawk -F: '
/^\#/ || NF != 4 { print $0; next; }
{
if (flags[$4])
sub(/:[-0-9a-z]*$/,":");
print $0;
flags[$4]=1;
}
else
fi
else
fi
fi
if [[ $dlmgmtd_status = new ]]; then
# Upgrade existing /etc/aggregation.conf (or
# /etc/dladm/aggregation.conf) and linkprop.conf
else
# Move existing /etc/aggregation.conf entries to
# /etc/dladm/aggregation.conf; or, if bfu'ing
# backwards, move aggregation.conf back to /etc
if [[ $new_dladm = yes ]]; then
if [[ -f $aggr_old ]]; then
# owner+group of dest
fi
elif [[ -f $aggr_new ]]; then
fi
fi
# during install so that processes can access it early in boot
# before devfsadm is run.
if [ ! -L $rootprefix/dev/dld ]; then
fi
fi
# Fix up audit permissions
print "\nFor each file in conflict, your version has been restored."
print "The new versions are under $rootprefix/bfu.conflicts."
print "\nMAKE SURE YOU RESOLVE ALL CONFLICTS BEFORE REBOOTING.\n"
if [ $multi_or_direct = yes ]; then
print "To install resolved changes required for reboot in the boot"
print "archive, invoke 'bootadm update-archive${cr_args}'\n"
fi
print "Resolve conflicts in the global zone first. Many of"
print "the conflicts in non-global zones can be resolved by"
print "copying the corresponding file from the global zone.\n"
else
#
# If we're bfuing backward across PSARC/2006/248, then
# revert the /etc/aggregation.conf to its old format.
#
if [ -f $rootprefix/etc/aggregation.conf -a \
! -d $rootprefix/kernel/mac -a \
$from_new_aggrconf = 1 ]; then
fi
fi
cd $root
if [ $target_isa = i386 ]; then
fi
if [ $target_isa = i386 ]; then
fi
fi
#
# Hacks to work around minor annoyances and make life more pleasant.
# Part 2 of 2: post-archive-extraction stuff
#
do
done
if [ -f $epilogue ]; then
print "Executing $epilogue"
fi
else
fi
#
# Do logging in the background so that if the automounter is gone,
# bfu doesn't wedge at this point.
#
}
#
# make sure the time reference is older than anything extracted
#
do
done
if [ -s "$bfu_zone_list" ]; then
print "\nNow for zone $zone..."
done
#
# Normally we would clean up $bfu_zone_list but instead we leave it
# behind for ACR to locate and use inside the BFU alternate reality.
#
fi
print "Turning off delayed i/o and syncing filesystems ..."
if [ $? -eq 0 ]; then
print "\nWARNING: archive extraction errors occurred.\n"
print "See $EXTRACT_LOG for details.\n"
fi
lastrootprefix=${lastroot%/}
if [ -t 0 -a -t 1 -a -t 2 ]; then
print "\nEntering post-bfu protected environment (shell: ksh)."
print "Edit configuration files as necessary, then reboot.\n"
fi
print "Exiting post-bfu protected environment. To reenter, type:"
exit 0