bfu.sh revision 5a44cca936d722ba0da8ad634653e04b93747ecc
1345N/A# The contents of this file are subject to the terms of the 1345N/A# Common Development and Distribution License (the "License"). 1345N/A# You may not use this file except in compliance with the License. 1345N/A# See the License for the specific language governing permissions 1345N/A# and limitations under the License. 1345N/A# When distributing Covered Code, include this CDDL HEADER in each 1345N/A# If applicable, add the following below this CDDL HEADER, with the 1351N/A# fields enclosed by brackets "[]" replaced with your own identifying 1345N/A# information: Portions Copyright [yyyy] [name of copyright owner] 1345N/A# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 1345N/A# Use is subject to license terms. 1345N/A# Upgrade a machine from a cpio archive area in about 5 minutes. 1345N/A# By Roger Faulkner and Jeff Bonwick, April 1993. 1345N/A# Usage: bfu [-f] <archive_dir> [root-dir] # for normal machines 1345N/A# bfu -c [-f] <archive_dir> <exec-dir> # for diskless clients 1345N/A# The -f flag is to override the built-in safety check which requires 1345N/A# that the starting-point OS be a least a certain revision. 1345N/A# You have to be super-user. It's safest to run this from the 1345N/A# system console, although I've run it under OW and even via 1345N/A# remote login with no problems. 1345N/A# You will have to reboot the system when the upgrade is complete. 1345N/A# You should add any administrative files you care about to this list. 1345N/A# Warning: there had better be no leading '/' on any of these filenames. 1345N/A# The CDPATH variable causes ksh's `cd' builtin to emit messages to stdout 1345N/A# under certain circumstances, which can really screw things up; unset it. 1345N/A# NOTE: Entries in *_files must expand to either the exact files required, 1345N/A# or to directories that will be scoured for files. Any directories 1351N/A# (and subdirectories) resulting from a wildcard expansion will be 1345N/A# include all files in any of its directories, as well as any files in 1351N/A# These lists should really be generated automatically from the 1345N/A# First list: files to be saved in global and non-global zones. # Second list: files to be saved in the global zone only. # Third list: files extracted from generic.root but which belong in the global # zone only: they are superfluous (and some even harmful) in nonglobal zones. # (note: as /etc/init.d scripts are converted to smf(5) "Greenline" services, # they (and their /etc/rc?.d hardlinks) should be removed from this list when # they are added to smf_obsolete_rc_files, below) # Fourth list: files to be preserved, ie unconditionally restored to # script. The files below are managed by build class and its build script. # as part of conflict resolution. print "bfu aborting" >& 2 if [ $1 = "global" ]; then # Force cpio to return non-zero by printing an error message # to stdout that it won't be able to lstat(). echo 'filelist: sort failed' [ $? = 0 ] || echo "warning: unable to temporarily disable $1" [ $? = 0 ] || echo "warning: unable to enable $1 for next boot" # If we're in the global zone, import the manifest for the specified service. # Note that we will need to see whether we are in an smf root if we are using # an alternate root. If so, import the service directly; otherwise, print the # $1: the path of the xml file (the related path to /var/svc/manifest) # $2: the service name - specified only if the service is enabled after reboot. echo "Warning: This system does not have SMF, so I" echo "cannot ensure the pre-import of $1. If it does" echo "not work, reboot your alternate root to fix it." if [[ "${2}a" == a ]]; then # Make sure the service is enabled after reboot. echo "s:^[ ]*$i[ /]:#SMFbfu# &:" # BFU previously commented out, put it back in place # No entry, append to end # TFTPD - tftp server (primarily used for booting) #tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot # Since inetd.conf is updated by SUNWmdr's postinstall script, # we will update the actual inetd.conf here to reflect the postinstall # and convert spaces to tabs within the rpc entry, as well as # or add a new entry in case there was none. echo '# METAD - SVM metadb Daemon' > $inettmp print "Updating inet.conf metad entry ... \c" # and convert spaces to tabs within the rpc entry, # or add a new entry in case there was none. echo '# MDMN_COMMD - SVM Multi node communication daemon' >$inettmp # SUNWcnetr's postinstall script, put the relevant portions of the # postinstall script here, modified to rename the old files instead # Convert datalink configuration into a series of dladm(1M) commands # and keep them in an upgrade script. This script will then be run # in the network-physical service. # that script is run in the manifest-import service which is too late # for the datalink configuration. if [[ ! -f $ORIG ]]; then # Try the alternate location. # Strip off comments, then each remaining line defines # an aggregation the administrator configured on the old # system. Each line corresponds to one dladm command # that is appended to the upgrade script. if [[ $mac != "auto" ]]; then # We don't need the port number, so get # rid of it if it is there. # Strip off comments, then each remaining line lists # properties the administrator configured for a # particular interface. Each line includes several # properties, but we can only set one property per # Convert hostname.*** and zonecfg vlan configurations echo "skipping invalid interface $ifname" if [ "$vid" != "0" ]; then # Update aac.conf for set legacy-name-enable properly # Already using autoenumeration mode, return # Else enable legacy mode # The PF_PACKET module may need to be added to the configuration # When being added to the system, the socket itself will remain # inactive until the next reboot when soconfig is run. When being # removed, the kernel configuration stays active until the system # is rebooted and the sockets will continue to work until it is # unloaded from the kernel, after which applications will fail. ${xgrep} -v -E '^ 32 [14] 0 sockpfp' \ # update x86 version mpt.conf for property tape # update x86 etc/mach file after xVM_uppc is added, # which makes xpv_psm a non-default psm module # check and update driver class for scsi-self-identifying # Solaris crypt(3c) policy. print "Updating entries for crypt(3c), see policy.conf(4)" # crypt(3c) Algorithms Configuration # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to # be used for new passwords. This is enforced only in crypt_gensalt(3c). CRYPT_ALGORITHMS_ALLOW=1,2a,md5 # To deprecate use of the traditional unix algorithm, uncomment below # and change CRYPT_DEFAULT= to another algorithm. For example, # CRYPT_DEFAULT=1 for BSD/Linux MD5. #CRYPT_ALGORITHMS_DEPRECATE=__unix__ # The Solaris default is the traditional UNIX algorithm. This is not # listed in crypt.conf(4) since it is internal to libc. The reserved # name __unix__ is used to refer to it. echo "Updating entries for privileges(5)," \ # These settings determine the default privileges users have. If not set, # the default privileges are taken from the inherited set. # There are two different settings; PRIV_DEFAULT determines the default # set on login; PRIV_LIMIT defines the Limit set on login. # Individual users can have privileges assigned or taken away through # user_attr. Privileges can also be assigned to profiles in which case # the users with those profiles can use those privileges through pfexec(1m). # For maximum future compatibility, the specifications should # always include "basic" or "all"; privileges should then be removed using # the negation. E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the # sys_linkdir privilege, regardless of future additional privileges. # Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the # file_link_any privilege from the basic privilege set; only that notation # is immune from a future addition of currently unprivileged operations to # the basic privilege set. # NOTE: removing privileges from the the Limit set requires EXTREME care # as any set-uid root program may suddenly fail because it lacks certain # Cleanup nfsmapid configuration before extracting # root bits. Remove if they exist: # nfsmapid entry in /etc/net/ti*/services # Going forward neither should exist, but no harm if services entry exists # Going way backwards (pre-04/28/2004), inetd.conf must exist but will # be a conflict that should be merged in sed -e "/^#[# ]*NFSv4/d" \ -e "/^[# ]*100166\/1/d" \ sed -e "/^[# ]*nfsmapid/d" \ sed -e "/^[# ]*nfsmapid/d" \ sed -e "/^[# ]*nfsmapid/d" \ # Detect Boomer audio framework; used to emit a notice at the end of BFU # telling the user to run update_audio to complete the upgrade. # Define global variables # List of SDS commands that must be deleted. # List of SDS configuration files that must be deleted. # List of rc scripts that must be deleted. # List of flashprom-related files that must be deleted. # delete the entries associated with bootlist from /etc/system sed -e /"Begin MDD database info"/,/"End MDD database info"/d \ echo "copy error: /tmp/system.$$ to ${SYSTEM_FILE}" # Add entries in md.conf for bootlist echo "# Begin MDD database info (do not edit)" >> /tmp/md.conf.$$ echo "# End MDD database info (do not edit)" >> /tmp/md.conf.$$ # add_devid_destroy(filename) # returns contents in filename # md_devid_destroy property is required when upgrading # from pre SVM to SVM releases or when the device ID returned from # It is specifically placed between # # Begin MDD database info and # End MDD database info because # on the subsequent reboot, this line will be removed automatically when # metadevadm is run in rc2.d. if ( $2 == "End" && $4 == "database") { print "md_devid_destroy=1;" # Reads existing configuration values in /etc/rcap.conf and puts pressure=`awk '$1 == "RCAPD_MEMORY_CAP_ENFORCEMENT_PRESSURE" \ # Blindly update default configuration values with echo "# Migrating pre-existing rcap configuration" >> \ "setprop ${PG}/walk_interval = $walk_int" >> \ # Migrate an existing extended accounting configuration from /etc/acctadm.conf # to the smf(5) repository upon reboot. Enable the instance if the # configuration differs from the default configuration. # smf(5) "Greenline" doesn't install the init.d or rc*.d scripts for # converted services. Clean up previous scripts for such services. # smf services whose manifests have been renamed print "Removing obsolete rc.d scripts ... \c" print "Clearing platform profile hash ..." # corrected platforms) were delivered in Build 68. delpg ${pfx}ar_svc_profile_platform_${plname}_xml # Detect, prior to extraction the arrival of new, # default-enabled-in-profile services. If so, add a command # such that they are enabled. [[ -f $mfst ]] || return; # Delete the service instance, then refresh all its dependents in the # cases of alternative root and zones. echo "no sqlite binary: skipped integrity check" >&2 echo "integrity check failed:" >&2 Reseed the repository (see http://greenline.eng/quickstart.shtml#newrep) before BFUing (or use the -f flag to force BFU to continue). Re-seeding will lose all smf(5) customizations. echo "driving on anyway" >&2 echo "passed integrity check" >&2; print "*************************************************************" print " WARNING: BFU'ing $1 backwards across 5090532." print " Fixes have been made but the services cannot be refreshed" print " on the $1's inactive repository. Next boot for the" print " $1 will probably result in maintenance mode due to" print " dependency cycles. If so, at the $1's console, run:" print " To avoid these problems, reseed the zone's repository." print " Note: Re-seeding will lose all smf(5) customization." print "*************************************************************" # Return success if going to post-5090532, i.e. post-sysconfig bits # exist (since it was introduced by first SMF putback). # Function return status is return status of last command executed. # So, no need to check return status from grep below. # Check if bfu'ing back from post-5090532 to pre-5090532 bits. # Perform the necessary corrections when bfu'ing backwards # from post-5090532 to pre-5090532 bits. # Get the pre-5090532 non-ON manifests, and issue minimal fixes # to the repository, to enable re-boot. # Now, remove sysidtool:{system, net}'s dependency on # single-user and filesystem-local. # If $rootprefix is not empty, this could be the global zone, # with an alternate root BFU, or a non-global zone. For either # case, the repository to be updated is not the live one: use # SVCCFG_REPOSITORY to point to the repository to be updated. # Note that in the alternate-root case, doing this seems better # than forcing the user to re-seed, or to dis-allow it. The # issue of svccfg and the repository not matching seems remote, # given that from initial SMF integration (on10_64) to on10_74, # there was no mismatch. In the remote possibility that there is a # mis-match (in the future) causing these calls to be suspect, # the user is already being advised, via the warning message, to # reseed the repository in case of trouble. If a mis-match is ever # introduced, code such as this would have to be fixed, so this # aspect of the warning is useful only during the interim period. # NOTE that this is not an issue for non-global zones' # repositories - they couldn't be out-of-sync with # Using the newer "-s" option to svccfg in the following is OK # since its introduction preceded 5090532 (and this routine wouldn't # be called unless the machine is running post-5090532 bits). # On a live system, issue the refresh; For alternate root or non-global # zone, the user was asked to issue the refreshes and "clear"s in the # message above after a post-bfu reboot. # Now, reset SVCCFG_REPOSITORY, if it was set # bfu check continues to work, and all manifests are correct. rm -f /var/svc/manifest/milestone/sysconfig.xml # Return true if $file exists in $archive. $file may also be a pattern. # extract one or more files from an archive into a temporary directory # provided by the caller. The caller is responsible for checking to # to see whether the desired file or files were extracted # remaining args: file(s) to be extracted. # If we're no longer delivering the eeprom service, remove it from the system, # as eeprom -I is removed as well. if [ ! "$karch" = "i86pc" ]; then # we must disable via svccfg directly, as manifest-import runs after # this service tries to run # If the new system doesn't support the templates DTD extensions # (due to backwards bfu), the global.xml manifest should be deleted. # Go thru the original manifests and move any that were unchanged # (or are not system-provided) back to their proper location. This # will avoid superfluous re-import on reboot, as the inode and mtime # are both part of the hash. # BFUing to non-SMF system -- undo our previous changes, # run an old hack, and skip the remainder of this function. # At this point, the archive in question is a SMF version. If # the smf(5) repository does not yet exist, create it by copying # the appropriate seed repository. Since updating of non-global # zones only occurs when the live system is bfu'ed, the # appropriate seed is guaranteed to exist under the /lib print "Initializing service configuration repository ..." print "Removing obsolete smf services ..." # When doing backwards BFU, if the target does not contain # vtdaemon manifest, delete it and delete all the additional # console-login service instances which were used to provide # additional console sessions. # Remove the Boomer audio service when BFUing to legacy audio bits print "Connecting platform and name service profiles ..." print "Marking converted services as enabled ..." # configuration parameters if rcap.conf exists # Determining whether we're a NIS master requires # looking through the maps. # Determine whether we are a YP master. # If we are the master server, enable appropriate services. # Check if mddbs don't exist on the image. If so, disable SVM services. # Workaround inetd's handling of "tcp6/udp6" when no IPv6 interfaces echo "BFU'ing backwards across 5090532! Now repairing..." # corresponding non-ON manifests - sysidtool and kdmconfig. # if WOS build on machine is pre-greenline, and # we're bfu'ing to the sysconfig bits. # if WOS build on machine is pre-greenline, and # we're bfu'ing to the sysconfig bits. # it if necessary. Future updates of # If we've still got the old dtlogin manifest delivered by earlier # versions of bfu, delete it, as it was broken and should have # never been delivered. A new version delivered by the CDE # consolidation should be left alone. # Delete the obsolete manifest. # Delete the service from repository, then use dtconfig -e to # revert to whatever the WOS bits are using if dtlogin was if /usr/bin/svcprop -q application/cde-login; then if [ \`/usr/bin/svcprop -p general/enabled \ application/cde-login:default\` = "true" ]; then /usr/sbin/svccfg delete -f application/cde-login type instance_refresh 2>&1 > /dev/null instance_refresh system/console-login /usr/sbin/svcadm refresh system/console-login if [ \$do_dtconfig -eq 1 -a -x /usr/dt/bin/dtconfig ]; then # Enable the inetd-upgrade service to convert any changes to inetd.conf # If global zone, and bfu'ing from smf, and the inetd-upgrade # service has an obsolete dependency, then add a clear of inetd # and inetd-upgrade to the upgrade file as either may drop into # maintenance due to a dependency loop resulting from the new # Import the name-service-cache service. This is to get the service # (with correct dependencies) in the repository before reboot. # Import the datalink-management service. # Import the ldap/client service. This is to get the service # (with correct dependencies) in the repository before reboot. # Enable new NFS status and nlockmgr services if client is enabled cl="svc:/network/nfs/client:default" if [ \`/usr/bin/svcprop -p general/enabled \$cl\` = "true" ]; then /usr/sbin/svcadm enable svc:/network/nfs/status:default /usr/sbin/svcadm enable svc:/network/nfs/nlockmgr:default # We are deleting and reimporting kpropd's manifest, because we # need to change the restarter. kpfmri="svc:/network/security/krb5_prop" kkfmri="svc:/network/security/krb5kdc:default" lkpmani="/var/svc/manifest/network/security/krb5_prop.xml" restarter=\`svcprop -c -p general/restarter \$kpfmri 2>&1\` kken=\`svcprop -c -p general/enabled \$kkfmri\` eval $BFUSVCCFG delete -f \$kpfmri eval $BFUSVCCFG import \$lkpmani # Enable kpropd if krb5kdc is enabled, since # krb5kdc would have run kpropd if [ \$kken = "true" ]; then # Enable print server if there are local queues # Enable rarpd and bootparamd if they would have been running pre-SMF # We are deleting and reimporting dcs's manifest, because we # need to change the restarter. dcsfmri="svc:/platform/sun4u/dcs:default" dcsmani="/var/svc/manifest/platform/sun4u/dcs.xml" restarter=\`svcprop -c -p general/restarter \$dcsfmri 2>&1\` en=\`svcprop -c -p general/enabled \$dcsfmri\` eval $BFUSVCCFG delete -f \$dcsfmri eval $BFUSVCCFG import \$dcsmani if [ \$en = "true" ]; then # If a lbl_edition file is found it's a likely sign that old unbundled # Trusted Extensions packages are installed and TX is active. Update # etc/system if needed, to complete enabling of the bundled TX. # Emit a warning message if bfu'ing a Trusted Extensions-enabled system # backwards to pre TX-merge bits. In this case, unbundled packages must # be reinstalled to complete restoration of old TX bits. # This check is only needed in global zone # No warning needed if TX is not currently enabled print "*************************************************************" print " WARNING: BFU'ing TX backwards across 6533113." print " Must re-install unbundled TX packages to remain Trusted." print "*************************************************************" # The directboot putback moved the console property from # Make a local copy of bfu in /tmp and execute that instead. # This makes us immune to loss of networking and/or changes # to the original copy that might occur during execution. echo " bfu [-fh] <archive_dir> [root-dir]" echo "\tUpdate a single machine by loading archives on root-dir." echo "\troot-dir defaults to / (a live bfu).\n" echo " bfu -c [-fh] <archive_dir> <exec-dir>" echo "\tUpdate all diskless clients by loading archives on each client" echo "\tthat mounts exec-dir as /usr. <exec-dir> must start with" echo "\t-f force bfu to continue even if it doesn't seem safe" fail "\t-h|-help print this usage message and exit\n" # Variables for x86 platforms # Set when moving to either directboot or multiboot # Shows which type of archives we have, which type of system we are # running on (before the bfu), and what the failsafe archives are # (again, before the bfu). failsafe_type is only needed on diskful # bfu's, so it's not set in the diskless case. # Possible values: unknown, dca, multiboot, directboot, xpv # We prefer to use ppriv, as it is a more accurate test, and also # has the benefit of preventing use from within a nonglobal zone. fail "bfu requires all privileges" # Fall back to old id check if system does not yet have ppriv. [
"$uid" =
"uid=0(root)" ] || \
fail "You must be super-user to run this script." [[
"$cpiodir" = /* ]] ||
fail "archive-dir must be an absolute path"# Determine what kind of archives we're installing, using the following rules: # 1. If i86xpv archives exist, the archives are xpv # 2. If strap.com is present, the archives are pre-multiboot # 3. If symdef is present, the archives are directboot # 4. Otherwise, the archives are multiboot [[
"$root" = /* ]] ||
fail "root-dir must be an absolute path" fail "Cannot bfu a system with zfs root to an archive with no zfs root support" # On i386, we want to apply the archives for both # platforms (i86pc and i86xpv) if they exist. We # force the platform to i86xpv so that both will be # Look through all the archives we build and match # the names of built archives with the names of # directories installed on this machine. We assume # here that we can get the names of all architectures # by pattern matching the names of .root archives - so # if we ever had a case where we had only a .usr archive # we wouldn't find that archive. # On i386, we want to apply the archives for both platforms # (i86pc and i86xpv) if they exist. We force the platform # to i86xpv so that both will be applied. # XXX Pick karch as last available root arch # XXX Pick plat as first available root arch print "Loading $cpiodir root archives on:" echo "Cannot BFU a system with the mountroot version"\
echo "For information on how to transition this system to the new" echo "zfs boot support, see:" rpath_msg=
"R(UN)?PATH from file ${nss_lib}\)" echo "/usr/bin/ldd is missing but -f is set; continuing." fail "Install the SUNWtoo package." echo "$nss_lib is not valid but -f is set; continuing." echo "BIND 9 has not been installed, but -f is set; continuing." echo "BIND 8 has been removed from ON; BIND 9 is available from SFW." # CE version 1.148 or later is required nawk '{ if ($1 < 148) print "BAD"; else print $1 }'` # We need biosdev if we're moving from pre-multiboot to multiboot or directboot # kernels. If we already have an i86xpv kernel, then we must already be a # directboot kernel, and can therefore skip the check. echo "biosdev cannot be run on this machine." echo "Transitioning from classic to multiboot requires a" echo "bootconf which is compatible with biosdev." echo "bfu to onnv_12 first, then to a build with multiboot." # Check whether the archives have a datalink-management services; this is # later used to determine whether we need to upgrade the existing datalink # configuration and if the datalink-management service needs to be removed. # Set the value of dlmgmtd_status based on the existence of the # Check whether the archives have an etc/dladm directory; this is # The Clearview IP Tunneling project changes the format of the # dlmgmtd daemon, so there is no backwards conversion when bfu'ing # backwards. The solution is to have bfu save the old file away when # bfu'ing across this project, and restore it when bfu'ing back. # Check whether the build is boot-archive or ufsboot sparc print "\nCreating bfu execution environment ..." # Save off a few critical libraries and commands, so that bfu will # continue to function properly even in the face of major # Scripts needed by BFU. These must be modified to use the interpreters in # libraries in the archives being extracted. # Tools which may be either scripts or ELF binaries, # so we need to check them before adding to either $bfucmd or $bfuscr. # This does not handle compiled shell scripts yet. if [[
"$(file "${chameleon}")" == *
ELF* ]] ;
then bfucmd=
"${bfucmd} ${chameleon}" bfuscr=
"${bfuscr} ${chameleon}" # Optional commands. We warn, but do not abort, if we are crossing a # feature boundary (where a command is not present in the parent). # Clauses requiring these commands must explicitly test for their # set up installgrub and friends if transitioning to multiboot or directboot # do this now so ldd can determine library dependencies # We split the binaries into two groups: the type where we want to make any # effort to get the newest version (like symdef and bootadm), and the type # where any old version will do (like installgrub and biosdev). # bootadm and symdef to properly handle menu.lst changes. If the system is # directboot, we can use the local copies. If the system is multiboot but # the archives are directboot, we extract the binaries early. Otherwise, # we're not crossing the boundary, and which one we use doesn't matter. # NB - if bootadm or symdef is ever changed to require a new library, the # early extraction will blow up horribly. # For testing purposes, a user can set DIRECTBOOT_BIN_DIR in the environment, # and we'll use that instead. # A comma-separated list of the command and the archive it's in # If all else fails, grab the local version # If available, use ldd to determine which libraries bfu depends on. # Otherwise, just make an educated guess. # Create 64 bit directory structure and determine 64 bit arch name. # Copy libraries to proper directories # Private 64 bit runtime linker. sed -e
's/\/usr\/bin\//\/tmp\/bfubin\//g' \
# scripts used together with multiboot # We do two substitutions here to replace references to sed -e
's/\/usr\/bin\//\/tmp\/bfubin\//g' \
-e
's/\/bin\//\/tmp\/bfubin\//g' \
# overwritten, which could cause a mis-match with the failsafe # miniroot. Extract unix from the miniroot and save it off for now. # Shouldn't happen? See if someone already unzipped it. /^[ \t]*#/ || /^[ \t]*$/ || $4 ~ "/0" { gsub(/[^,]*/, "&/0", $4); # If we're delivering a new version of an existing /etc/init.d script, # remove all hard links to the existing file in /etc/rc?.d whose # names begin with [SK][0-9][0-9]. Additionally, in case an S or K # file was previously delivered as a symbolic link or the hard link # was broken, remove any file in /etc/rc?.d whose name is # [SK][0-9][0-9] followed by the basename of the file we're going print "Removing init.d links ... \c" nawk '{ print "-inum " $1 " -o " }'` nawk -F/ '{ print "-name [SK][0-9][0-9]" $NF }'` # Remove Wildcat (aka Sun Fire Link) typeset -r wildcat_pkgs='SUNWwrsa SUNWwrsd SUNWwrsu SUNWwrsm' # First, attempt to remove the packages cleanly if possible. # Use a custom "admin" file to specify that removal scripts # in the packages being removed should be run even if they printf 'Removing Wildcat packages...' # In case that didn't work, do it manually. # Cleanup any remaining Wildcat files, symlinks, and directories. # First, attempt to remove the packages cleanly if possible. # In case that didn't work, do it manually. # Cleanup any remaining ASET files, symlinks, and directories. # We cann't pkgrm SUNWinamd at this time as the BIND 9 binaries are # Cleanup any BIND 8 specific files, symlinks. # Remove the 5.6.1 version of perl. typeset -r perl_pkgs='SUNWpl5m SUNWpl5p SUNWpl5u SUNWpl5v' # First, attempt to remove the packages cleanly if possible. printf 'Removing perl 5.6.1 packages' # In case that didn't work, do it manually. # Remove any remaining 5.6.1 files, typeset -r fns_pkgs='SUNWfnx5x SUNWfnsx5 SUNWfnsx SUNWfns' # First, attempt to remove the packages cleanly if possible. # In case that didn't work, do it manually. # Cleanup if any remaining FNS/XFN files, symlinks, and directories. printf 'Removing AT&T FACE... ' # First, attempt to remove the packages cleanly if possible. # In case that didn't work, do it manually. # Cleanup any remaining FACE files, symlinks, and directories. # First, attempt to remove the packages cleanly if possible. # In case that didn't work, do it manually. # Cleanup any remaining DMI files, symlinks, and directories. # Remove the obsolete Mobile IP packages printf 'Removing Mobile IP... ' # In case that did not work, do it manually. # Remove EOF Smartcard framework typeset -r smartcard_pkg='SUNWjcom SUNWkib SUNWocf SUNWocfd SUNWocfh SUNWocfr SUNWpamsc SUNWscmhdlr' printf 'Removing EOF Smartcard... ' # Remove smartcard headers, libraries, Old readers and the # parts delivered from other consolidations # that no longer work with the ON parts removed. # Don't touch bootenv.rc unless it contains obsolete property egrep -v "target-driver-for-smartii"\ # This is a copy of the RBAC portions of the SUNWcsr postinstall # We need to ensure that the RBAC profiles are self-consistent # as refinements are made that add granularity to the profiles print "Cleaning up old RBAC profiles... \c" sed -e '/^Network Security.*sbin\/ipsec.*/ D' \ -e '/^Network Security.*sbin\/ike.*/ D' \ -e '/^Network Security.*inet\/in\.iked.*/ D' \ # This function will remove no longer needed cryptography # This clean up of ipsecalgs is not directly related to the EOF # of SUNWcry and SUWNcryr, but due to mistakes in this file seen # in earlier builds. The following lines will have no effect on sed -e 's/_CBC|128\/32-128,8/_CBC|128\/32-448,8/' \ -e 's/AES_CBC|128|/AES_CBC|128\/128-256,64|/' \ # First, attempt to remove the packages cleanly if possible. # Use a custom "admin" file to specify that removal scripts # in the packages being removed should be run even if they printf ' Removing packages...' # The userland modules, kernel modules and OpenSSL filter libs # Remove old limited use certificates # Remove old fips-140 entry from kcf.conf if it is found print "Removing obsolete fips-140 entry from kcf.conf" # Add metaslot configuration to pkcs11.conf if it doesn't already exist print "Adding cryptographic framework's meta slot feature" "metaslot:metaslot_status=enabled;metaslot_auto_key_migrate=enabled;"\ "metaslot_token=Sun Software PKCS#11 softtoken;"\ "metaslot_slot=Sun Crypto Softtoken" { print ENVIRON["metaslot_config"] } \ # This checks to see if the old 'gl' and 'do' directories # for the Kerberos GSS-API mechanisms can be deleted. # If the mechanism exists in /usr/lib/gss, then the old # subdirs may be deleted. print "Cleaning up old Kerberos GSS-API mechanisms...\c" # There is a mech in the "new" location, so # the old stuff can be deleted. # Cleanup kernel mechanisms from default location # For SPARC, cleanup from 2 locations. # Make sure the GSS mechanism configuration file is correct # fix up audit permissions # fix up /etc/inet config file permissions INETFILES="hosts networks netmasks protocols services \ # disable mpxio on fp(7D) ports using fp.conf print "To preserve device names, disabled mpxio on fp(7D) ports by" print "changing the value of mpxio-disable to \"yes\" in" \ print "adding mpxio-disable=\"yes\" entry to $conffile" # enable mpxio in scsi_vhci # depending on whether the bfu restored the child's or parent's version # of scsi_vhci.conf file, we may already have the file with the change # we need in place. So make the change only if necessary. print "To preserve device names, restored your current mpxio" \ print "changing the value of mpxio-disable to \"no\" in" \ print "adding mpxio-disable=\"no\" entry to $conffile" # restore the pre-bfu MPxIO on/off setting to the post-bfued configuration # Determine the mpxio setting in the child. If the system was bfued # before and running with mpxio on by deafult bits, can't rely on the # contain stale left over entries. # prior to the bfu the system was running with # mpxio off by default bits. # these bits require explicit enabling of mpxio at in scsi_vhci # these bits have mpxio enabled by default in scsi_vhci. # if mpxio is disabled in the child, disable mpxio on all # bfu forwards, just return # remove the pciclass,060100 entry for isa when going backwards # Check to see if root in $1 has a mounted boot, and that # it's mounted at the right place for bfu to handle it. # Returns 0 (true) if bfu can handle the upgrade; fails if not grep "[ ]/boot[ ]*pcfs[ ]" | \ # find out if, and where, boot is mounted ${ROOT} refers to an x86 boot partition, but it's not mounted fail "Mount ${ROOT}s bootpart at ${ROOT}/boot.\n\n" # update the realmode boot programs at $1 (root) echo "$DEVICE: Not a character device" # pboot at block 0, label at blocks 1 and 2, bootblk from block 3 on # go get new versions of boot files into TMPDIR echo 'Updating /boot on x86 boot partition.' if [ ! -f ${TMPDIR}/$f ]; then fail "Missing $f, aborting." grep "[ ]/boot[ ]*pcfs[ ]" |\ awk '{print $1}' | sed -e 's:p0\:boot::g')" # Obtain the disk table; it will look something like the following: # * Id Act Bhead Bsect Bcyl Ehead Esect Ecyl Rsect Numsect # 130 128 27 28 0 242 9 553 1728 8897472 # Delete all blank lines, and all lines that begin with *, # leaving only actual fdisk entries that we can scan # looking for the X86BOOT partition # Ignore entry if not X86 /boot partition # ID '190' is the X86BOOT partition (see man fdisk(1M)) if [ $id -ne "190" ] ; then # Found X86 boot partition - save contents to $DDCOPY echo "Boot device is <${BOOTPART}>" [ -n "${ERRMSG}" ] && echo "${ERRMSG}" fail "Unable to save copy of <${BOOTPART}>." # mount copy of old /boot partition [ -n "${LOBOOTDEV}" ] && echo "${LOBOOTDEV}" fail "Unable to make lo-device <${DDCOPY}>" [ -n "${ERRMSG}" ] && echo "${ERRMSG}" fail "Unable to mount lo-device <${LOBOOTDEV}>." # recreate existing boot partition with updated # umount ${ROOT}'s /boot if mounted if [ -n "${BOOTMOUNTPT}" ] ; then echo "unmounting /dev/dsk/${DISKID}p0:boot" [ -n "${ERRMSG}" ] && echo "${ERRMSG}" fail "Unable to umount X86 boot device." echo "Making new pcfs file system on ${DISKID}" echo "Unable to make pcfs:" echo "Copying x86 boot partition contents back\c" echo "Remounting freshened /boot partition" if [ -z "${BOOTMOUNTPT}" ] ; then # boot ptn wasn't mounted [ -n "${ERRMSG}" ] && echo "${ERRMSG}" fail "Unable to mount X86 boot device." # copy old /boot contents fail "Unable to copy boot partition contents." # unmount and rm our boot mount, if we created it if [ -z "${BOOTMOUNTPT}" ] ; then [ -n "${ERRMSG}" ] && echo "${ERRMSG}" # unmount, un-lofi, and rm SOURCE_BOOT_DEV [ -n "${ERRMSG}" ] && echo "${ERRMSG}" fail "Cannot umount lo-device <${LOBOOTDEV}>." [ -n "${ERRMSG}" ] && echo "${ERRMSG}" fail "Cannot remove lo-device <${LOBOOTDEV}>." # non boot-partition: use installboot to get pboot and bootblk echo "Updating /boot on Solaris partition." if [ -z "${ROOT}" ] ; then SEARCH="/"; else SEARCH="${ROOT}"; fi awk '{print $3}' | sed 's;/dsk;/rdsk;') if [ -z "${ROOTRAWDEV}" ] ; then [ -n "${ROOTRAWDEV}" && echo "${ROOTRAWDEV}" ] fail "${SEARCH} must be a mounted filesystem" echo "Updating Solaris partition ${ROOTRAWDEV} with installboot" if [ ! -f ${TMPDIR}/$f ]; then fail "Missing $f, aborting." fail "Unable to installboot to <${ROOTRAWDEV}>." print "Verifying archives ..." "missing;\npossible mkbfu version mismatch: pre-zones" \
"style archives with zones files." print "Performing basic sanity checks ..." print "\n\nERROR: You are upgrading to a 64-bit-only OS. " \
"Your frame buffer does not have a 64-bit driver and " \
"will not work after reboot. To proceed you must run " \
print "\nERROR: These archives do not have Ultra-1 platform support." \
"\nProceeding with this BFU may render this machine unbootable." \
"\nTo proceed anyway, you must run bfu with the -f flag.\n";
# Perform additional sanity checks if we are upgrading the live system. # Disallow from older releases fail "This version of bfu cannot run on pre-Greenline " \
# Filesystem space checks test "`df -b $1 | tail -1 | nawk '{ print $2 }'`" -
ge ${
2}
000 ||
fail "Less than $2 MB free on $1 -- bfu not safe." # Disable kernel module unloading print "Disabling kernel module unloading ... \c" # Load modules and drivers here not to reload them when you access # /devices or its subdirectories later. # if library is present in T200's directory and then remove # it and the symbolic links. # Stop any running zones: the init script will print a # We need all zones to be down before proceeding. # We can't accomplish this by just disabling the # zones service, since it might already be disabled. # So we pretend to be SMF, and invoke the stop method. # When zones are someday independently managed as # service instances, this will need to be revised. fail "zone(s) failed to halt" # Determine the installed zones, which we will want to do # after we're done with the global zone. This is done now # rather than later in case bfu'ing the global zone causes # the zone configuration to become unreadable (e.g., via a ($6 == "native" || $6 == "" || $6 == "sn1")) { # save vlans associated with zones to be upgraded # to the new dladm based format # Stop sendmail so that mail doesn't bounce during the interval # remains post-smf(5) because it is a public interface.) print "Disabling sendmail temporarily ..." print "Killing sendmail ..." print "Disabling remote logins ..." echo "bfu in progress -- remote logins disabled" >/
etc/
nologin # Stop syslogd so it doesn't interfere with saving preserved files. print "Killing syslogd ..." print "Disabling syslog temporarily ..." # Stop apache so it doesn't get upset when the entire world changes # out from underneath it. print "Killing httpd ..." print "Disabling httpd temporarily ..." # Kill off fmd so it doesn't get upset when the entire world changes # out from underneath it. print "Disabling fmd temporarily ..." # Stop nscd so it doesn't interfere with stuff. print "Disabling nscd temporarily ..." # Check ${root}/etc/motd for SunOS value to get `uname -r` awk '{print $1}' | sed -e s/5.//` fail "This version of bfu cannot run on pre-Greenline " \
# turn off auxiliary filters, since they can cause objects to be loaded # from outside of the protected environment. # Since we've turned off auxiliary filters, libc_psr will normally not # be loaded at all. But libc_psr was overriding broken code in libc # for over a week before the fix for 6324631, so we need to explicitly # LD_PRELOAD it to allow users to bfu from the broken libc. This can be # removed once there are no sun4u machines bfued to Nevada bits between # 9/7/2005 and 9/15/2005. print "Turning on delayed i/o ..." # The "| tee -a $EXTRACT_LOG" following do_extraction() is not pulled into the # function itself because it interferes with the cpio exit status detection. # pcfs boot is an exception, since its cpio exit status is expected to be bad, # so a heuristic must be employed to infer whether or not any errors occurred. grep -v "cpio: Cannot chown()" | \ # Usage: extract_archives (root|usr|lib|sbin|kernel) arch-list # We don't want to overwrite the sharetab if # it is a mount-point. We assume it is a # mount-point if it is not writable. # Classic boot pboot and bootblk compatibility with old archives # they should already be there, but... # This function will never be called when upgrading a zfs root, # so it's safe to assume a value for rootslice here. print "Installing boot block." # transition from multiboot to dca # save configurable files from /boot # before remounting /stubboot. # files are relative to /boot. [ -n "${ERRMSG}" ] && echo "${ERRMSG}" sed -e "s/[ ]\/stubboot[ ]/ \/boot /" \ [ -n "${ERRMSG}" ] && echo "${ERRMSG}" # It's ok to put a meta device path in there # Figure out the boot architecture of the current system: # 1. If an i86xpv kernel exists, it's a xpv system # 2. If dboot_image is in unix, it's a dboot system # 3. Otherwise, if multiboot is present, it's a multiboot system # 4. Otherwise, it's a pre-multiboot system # This is called before we lay down the new archives. # Detect SVM root and return the list of raw devices under the mirror egrep -v "mirror|spare|replacing" | sed -n -e '/--/q' -e p | awk '{print $1}'` # Done once per transition from classic (dca) to multi boot # Remount boot partition as /stubboot, set up new /boot [ -n "${ERRMSG}" ] && echo "${ERRMSG}" [ -n "${ERRMSG}" ] && echo "${ERRMSG}" -e "s/[ ]\/boot[ ]/ \/stubboot /" | \ # multiboot: install grub on the boot slice # copy /boot grub & solaris to /stubboot # Adjust grub paths relative to pcfs filesystem # Run installgrub after copying stubboot to avoid overwriting grep "[ ]/stubboot[ ]" | nawk '{print $1}'` # We check for several possibilites of a bootenv.rc line: # 1. setprop name 'value' # 2. setprop name "value" # Note: the big space below is actually a space and tab if [ -n "boot_args" ]; then # If args starts with a -B, remove it and add a comma instead elif [ -n "$cons" ]; then elif [ -n "$args" ]; then sed -e "s/\.\.\/\.\.\/devices//" -e "s/:[abcdefgh],raw//"` # Use biosdev to get the bios disk number nawk '{print $1}' | sed -e "s/0x8//"` # multiboot: set up initial grub menu # The failsafe archives may be different than the boot archives # Append some useful entries to the existing menu [ $? = 0 ] || echo "default=0" >> $MENU [ $? = 0 ] || echo "timeout=10" >> $MENU echo "#serial --unit=0 --speed=9600" >> $MENU echo "#terminal serial" >> $MENU echo "title Solaris" >> $MENU echo " ${BOOT_PROG}" >> $MENU echo " ${BOOT_ARCHIVE}" >> $MENU echo "GRUB menu entry 'Solaris' boots to eeprom(1m) settings" TTY=`grep "^setprop input-device" \ if [ -z "${TTY}" ] ; then if [ "${TTY}" = "ttya" ] || [ "${TTY}" = "ttyb" ] ; then kernel $BOOT_FAILSAFE_FILE $BOOT_FAILSAFE_SUFFIX $FS_CONSOLE -s module /boot/x86.miniroot-safe if [ "$root" != "/" ] || \ # Either we're not bfu'ing /, or the failsafe archives were # already installed, or update_failsafe is not available. # If the old failsafe archives were multiboot, clear out the echo "Updating failsafe archives" # Force bootadm to update the failsafe entry # setup_grub_menu is only called when upgrading from a system # with a dca boot. This cannot happen on systems with zfs root, # so this function need not take care of the case where the root # file system type is zfs sed -e "s/\.\.\/\.\.\/devices//"` # Wallow through fdisk to get the active partition number # Partition numbering is zero-based # Find solaris partition, either older 130 or 191 grubhd="(hd${biosdisk},${part},${gslice})" # update the grub menu if it doesn't exist or # doesn't have usable boot entries # Build the multiboot boot archive # We should be able to run bootadm here but that's a # little more complicated than one would think #bootadm_args=${rootprefix:+-R $rootprefix} # Disable the boot-archive service on the first boot # to silence complaints about new files cp /bfu.conflicts/lib/svc/method/boot-archive /lib/svc/method/boot-archive chmod +x /lib/svc/method/boot-archive rm -f /etc/rc2.d/S99postbfu # Install failsafe archive on a sparc machine if not present. # Use a well-known server for the archive if we need it. # check if failsafe already installed # XXX Remove this fallback to a known good archive once real # XXX images with boot archives become available. . /lib/svc/share/smf_include.sh . /lib/svc/share/fs_include.sh [ "$3" = "/$dir" ] && return 0 || return 1 WARNING: Cannot find new bootadm. If bfu'ing across the multiboot/directboot boundary, you will need to manually change menu.lst. See http://www.sun.com/msg/SUNOS-8000-CF for details. # If we're going backwards, we need to remove the # If the archives being installed contain i86pc.boot, # check to see if it contains strap.com, one of the # four possibly-required booters. If i86pc.boot does, # try to upgrade the realmode booters from the current # Don't bother doing the upgrade for diskless bfu, as the boot # will be done with floppy or PXE, which must match the build # anyway (floppy must match or add_install_client must be # rerun), and in any event we can't touch the boot bits # for diskless boot from here. Also don't do this for print "\nUpdating realmode boot loaders\n" # before we save away driver_aliases, remove any obsolete entries # need to remove old pci5853,1 entry for xpv. The correct # entry going forward is pci5853,1.1 which is now in fail 'failed to save config files' # this system has never been bfu'd before. Therefore, the # can be used to determine whether files have been modified # purpose for systems that have already been bfu'd.) # bfu'ed systems are not upgradeable; prevent suninstall from # even *presenting* the upgrade option by removing INST_RELEASE. # Hacks to work around minor annoyances and make life more pleasant. # Part 1 of 2: pre-archive-extraction stuff # Do not remove remove_initd_links, since this makes sure things # work properly when init scripts are shuffled around. # Remove rc.d scripts and things made superfluous by smf. # Backwards BFUs will resurrect them from the archives. # New, enabled-by-default services need to be checked for, such # that their enabled status is not flipped by BFU after their # Handle unbundled TX conversion if needed # Reflect SUNWcsr's pre-install change, ensures # the i.hosts action script works during 'acr' # Remove obsolete disassembler module # Remove obsolete Sun-Fire-880 (daktari) FMA Fault Tree directory # and file. Backwards BFUs will resurrect them from the archives. # Remove old ndpd header (moved to /usr/include per 6509782) # Remove old FMA dictionary files # Remove unused SMF dictionary # Remove old FMA .eft files and directories # Remove old FMA LDOMS files # Remove old topology data # Remove old prtopo and obsoleted include file. # Remove old AMD cpu module, to be replaced by extended cpu.generic # with AMD-specific support layered on top as a model-specific module. # Also remove the corresponding mdb and kmdb support. Backwards BFU # will reintroduce these files. # Remove pcbe drivers for AMD # old: need to remove going forwards: # new: need to remove going backwards: # Remove obsolete buildmnttab script. Backwards BFUs will # resurrect it by extracting it from the archives. # Break-up of inetsvc, inetinit & network -- remove both the old # and new init scripts. The correct ones will be extracted from # the archives whether bfu'ing backwards or forwards. # old: need to remove going forwards: # new: need to remove going backwards: # Remove Zones init scripts: they will be extracted properly # going forwards; after going backwards, they will be gone, # thus preventing scary warnings on subsequent bfu's. # Remove <inet>6 STREAMS modules; these no longer exist (and # should never have existed in the first place). # Remove old ZFS binaries (back when it was three modules) # been removed from the kernel in Solaris 10. If this is # a backwards BFU, it will all be extracted again by cpio. # Remove obsolete abi subdirectories # Remove old stuff related to libthread now that libthread has # been folded into libc and libthread_db has been renamed libc_db. # In addition, all the apptrace's tracing libraries (i.e., abi_*.so*), # spec2map and spec2trace are no longer needed, should be removed. # Remove the old symlink /lib => usr/lib, if necessary. # /lib is now a real directory in the root filesystem. # Remove all of the old static libraries and commands now # that we no longer build them. If this is a backwards # BFU, all this will all be extracted again by cpio. # Remove other obsolete files, too # Remove the old files and their containing directories # Remove obsolete profile libc symlinks # Remove Legacy DR files, now obsolete due to NGDR Phase II putback # Remove obsolete OPL platform links. # Solstice Enterprise Agent(SEA) : mib-II subagent mibiisa # needs to be disabled during startup. SMA(System Management Agent) # has the capability to support mib-II requests. # The correct ones will be extracted from # the archives whether bfu'ing backwards or forwards. # old: need to remove going forwards: # new: need to remove going backwards: # remove old terminal emulator module: # (renamed from 'terminal-emulator' to 'tem') # old: need to remove going forwards: # new: need to remove going backwards: # Remove the snowbird sbin and include symlinks # If we still have the old lp(7D) driver, remove it and its symlinks # and header file. (If driver already gone, don't trample new symlinks.) # Remove V880 CPU DR files, program cancelled # Remove crash(1M), now obsoleted by mdb(1). If this is a backwards # BFU, it will be extracted again by cpio. # Remove kadb(1M), now obsoleted by kmdb(1M) # Remove old platform dmod symlinks # Remove the SGENV driver from the Sun-Fire directory structure. # If this is a backwards BFU, it will be extracted again by cpio. # Clean up legacy versions of the FMA CPU/Mem DE which may be still # be laying around. This check may be removed when a sufficient time # has lapsed between the FMA putback as to ensure that no test machines # still have development FMA bits. # Clean up legacy versions of x4500 FMA modules which may be still # be laying around. This check may be removed when a sufficient time # has lapsed between the FMA putback as to ensure that no test machines # still have development FMA bits. # Remove nss XFN support no longer used by printing # Remove EOF Smartcard support # Remove BIND 8, but only if the generic.usr archive doesn't contains # BIND 8 named server/tools. If this is a backwards bfu, BIND 8 will # be extracted again by cpio. # Remove obsolete Mobile IP software # Remove SUNWcoff package # In case that did not work, do it manually. # Remove mii private header # Remove GMT* zoneinfo files # Remove stc(7d)-related files # Remove old CPC adb macros. # Remove obsolete DTrace demos # Remove flashprom-related files. # Remove pt_chmod - obsoleted by new /dev filesystem print "Removing 32-bit commands and kernel binaries ... \c"; # Remove pre dboot krtld as well as obsolete boot blocks # Remove kmdbmod from /kernel # Remove obsolete drivers/header files as a result of sun4v source # Remove the IPsec encryption and authentication modules. # IPsec now uses the Kernel Crypto Framework for crypto. # Remove the now-obsolete "nattymod" STREAMS module. # Remove obsolete SSA utility, firmware and fcode. # Remove seg_drv, seg_mapdev driver # Remove platform specific dmfe driver ... its common now # Remove EOF sbpro driver and supporting header file # (Note that .conf file may also appear in /platform) # Remove obsolete audio bits. The SADA modules are removed as # no driver uses them any more. We don't ship certain device # private headers anymore, as well as headers for the now # obsolete (and never documented) legacy audio driver API. # But we only remove the SADA modules if we are delivering Boomer # with the BFU. We don't want BFU to be toxic when used with older # Determine whether to emit update_audio notice or not # Cleanup audio devlinks when bfu'ing back to legacy audio bits. # We also cleanup devlinks the first time when upgrading from legacy # to Boomer bits in the update_audio script # If updating to a BFU where austr is removed, make sure we # remove the driver from kernel state, and clean up the binaries. # Diskless clients have already extracted /usr so don't delete this # Non-global zones never extracts /usr so don't delete these # Remove rpcib misc module (converted to driver) # Remove drivers & header files for EOL of soc & pln drivers # PSARC/2003/629 Common Solaris Target Disk Driver # remove adb macro "scsi_disk" for the x86 platform # Remove CPCv1 API header per PSARC/2004/648 # Remove headers per PSARC/2005/561 # attempt to migrate any user-added files, which primarily live # under usr/lib/mail/cf . Blow away the seven files which we # ship under that directory, then move any that remain to the # new location, which we will `mkdir -p` just to be safe. # If the zone in question is non-global, then skip all this. if [ $zone = "global" ]; then # -d follow sym-links: make sure it's not a link. # Only do this if usr/lib/mail is still a directory; # bfu'ing backwards does not merit such migration. # local.cf no longer needed with the advent of sendmail -bl # Remove drivers and header files for EOF of Lance Ethernet # driver(le) as per PSARC/2003/335. # Remove drivers and header files for EOF of ieef driver as # Remove drivers and header files for EOF of elx driver as # Remove drivers for EOF of pe driver as per PSARC/2004/051 # Remove drivers for EOF of Compaq NCR, Compaq SMART2, AMI Mega # Remove eisa nexus driver and header files for EOF of EISA # support as per PSARC/2003/650 # Remove obsolete x86 hat layer and associated adb scripts # Remove drivers for EOF of chs as per PSARC/2005/581 # Remove drivers & header files for EOF of dbri as per PSARC 2005/582 # Remove drivers for EOF of pcscsi as per PSARC/2005/003 # Remove drivers for EOF of dpt as per PSARC/2003/701 # Remove drivers for EOF of mlx driver as per PSARC/2003/701 # Remove other unused headers # Remove Floating Point Emulator for EOF as per PSARC/2003/651 # Remove 64-bit adp, cadp and cpqhpc # Remove 64-bit i2o_bs, i2o_msg, i2o_scsi, pci_to_i2o, ncrs, # Remove obsolete bus mice drivers # Remove obsolete pfil modules, binaries, and configuration files # Remove nsmb and smbfs modules from old locations # Also remove new locations of moved stuff for BFU # from newer to older build ("backward BFU"). # These will be reinstalled from the archive. # Remove sc_nct binary and the corresponding symlink to sc_nct from the # Montecarlo platform specific directories (Reference: PSARC 2003/606). # To be specific, the following binary will be removed. # Also, the following symlink will be removed. # In case of bfu to an older release, remove traces of "new" # Kerberos mechanisms. Kerberos libraries and paths are corrected # after extraction is complete. # Diskless clients have already extracted /usr so don't delete these # Non-global zones never extracts /usr so don't delete these # Remove old OpenSSL stuff from SUNWwbint #Remove ufs logging module - now merged into ufs module #Remove ufs_log mdb/kmdb modules - now merged in to ufs module #Remove diskmgtd. If backward BFU, will get re-installed from # Remove machpage-related stuff # Remove unneeded nfsmapid entries # Nuke the nfsauth headers when we're working with the 'global' # or a fully populated nonglobal zone. The cpio archive will lay the # right one to match mountd(1m)'s comm method w/the kernel (via # Move the original manifests aside; later we will restore # unchanged originals to avoid superfluous re-import on reboot. # (First blow away the old dir path just to be safe.) # Remove acpi_intp module # Remove nxge module (moved to a generic location to support xVM) # We're doing a backward bfu. # Remove /kernel/mac. This directory was introduced by # PSARC/2006/248, and along with this came a syntax change to the # we check for the existance of the /kernel/mac directory to see if # we're doing a backward bfu and need to convert the syntax of the # Remove xmemfs altogether. # Remove obsolete libmacadm, liblaadm and libwladm. If this is # a backwards BFU, they will be extracted by cpio. # Remove PCI hotplug devlinks. Their format has changed, # and the old devlinks will interfere with the new ones. # remove the architecture-specific sn1_brand module since it's being # replaced with platform-specific modules. # Remove px_pci, pxb_plx, pxb_bcm, pcie_pci # Remove /usr/ccs/bin dependency files that now live in # Remove us driver header. # Remove device private and legacy sun headers we don't need # Remove new files in order to go backward. # Remove obsolete tunneling STREAMS modules # Remove libtopo platform XML files that have been replaced by propmap # Remove old SVVS lo driver and related files. It was renamed to # svvslo. The renamed files will be extracted using their new names. # Remove ucblinks 4.x dev names generator # Remove old amd_iommu driver # old: need to remove going forwards: # new: need to remove going backwards: # Remove the UCB headers and lint libraries # Remove ucb plotting bits # Remove legacy pcmcia bits # The pkg* commands should not be used after this point and before # Remove old OpenSSL from /usr/sfw. # Listing the man pages individually would add about 1000 # lines so it's simpler to pull them out of the package db. '/usr\/sfw\/share\/man.* [fs] .*SUNWopenssl-man/ {print $1}' \ # End of pre-archive extraction hacks. # for compatibility with older bootblk delivery print "Extracting platform $rootfstype modules for boot " \ "zfs boot block installation ... \c" | print "Detected SVM root." print "Extracting grub for boot " \ # The assumption here is that if boot # archives exist at all, they only exist # for architectures where we also have # UltraSparc III platforms have aes module in platform directory # remove platform specific rsa module obsoleted by the bignum module print "\nRemoving duplicate kernel binaries ..." # First, find all regular files underneath the */kernel # directories we extracted, and mark them as older or newer # than our reference file -- if newer, they were extracted # part, sort by post-/kernel part and age (new first), and # delete old files which have new counterparts. /^old/ { if (lastname == $3) { print $2 "/" $3 } } # Change permissions of public IKE certificates and CRLs # that may have been incorrectly created as private # PKCS#11 hints files must be left root-only readable. # Make sure this files starts with "30 82" # Remove EOF Crypto packages # Add uCF's metaslot feature # Cleanup old Kerberos mechanisms # Cleanup old RBAC profiles # Force xVM privilege fixups to occur on next boot. print "\nRestoring configuration files.\n" print "Restoring configuration files ... \c" >> $EXTRACT_LOG # parent: freshly-BFUed version # ancestor: installed from archives the last time you BFUed # actual: in the root filesystem at this moment (same as parent) # if a superfluous-to-local-zones file was blown away, skip it # if there's been no change by the BFU, skip it # if the file was not installed by the BFU, skip it # if this is a file which should never be updated by BFU, # preserve the original (child) version # if the file was accepted from the parent on the last BFU, # then accept it again this time without argument. Or, if # this is the first bfu after an standard Solaris install # or upgrade, compare the file to one installed from packages. # If it hasn't been modified since installation, accept # the file from the parent. # if the BFU'ed file is the same as the beginning of the # pre-BFUed file, assume the user has added lines to the # end, and restore the pre-BFUed version # if the new version is the same as it was the last time # BFU was run, but still different than the pre-BFU version, # this is an "old" conflict; otherwise, it's a "NEW" # conflict. Old conflicts can usually be safely ignored. # for all conflicts, restore the pre-BFU version and let # the user decide what to do. # Add build_class_script_files to NEW # Don't add the file to bfu.conflict since the private script from # the pkg takes care of the update. # Devices with changed permissions should be added here much # like in i.minorperm. The "ssm" devices are special in that # they have no /dev links associated with them. cpc:shared ../devices/pseudo/cpc* ipsecesp:ipsecesp ipsecesp # update boot archives for new boot sparc # Check for damage due to CR 6379341. This was actually fixed # back in snv_24, but users BFUing from an S10 build up to # Nevada can still encounter it. # Look for duplicated UUIDs. If there are any, then /^\#/ || NF != 4 { print $0; next; } # use cat instead of cp/mv to keep # upgrade hostname and zones based vlans to dladm # The global zone needs to have its /dev/dld symlink created # during install so that processes can access it early in boot # Fix up audit & /etc/inet config file permissions # Remove bsmrecord. Renamed to auditrecord. # Remove old fips-140 entry from kcf.conf print "\nFor each file in conflict, your version has been restored." print "\nMAKE SURE YOU RESOLVE ALL CONFLICTS BEFORE REBOOTING.\n" print "To install resolved changes required for reboot in the boot" print "archive, invoke 'bootadm update-archive${cr_args}'\n" print "Resolve conflicts in the global zone first. Many of" print "the conflicts in non-global zones can be resolved by" print "copying the corresponding file from the global zone.\n" # If we're bfuing backward across PSARC/2006/248, then # Hacks to work around minor annoyances and make life more pleasant. # Part 2 of 2: post-archive-extraction stuff # Emit notice about upgrading the audio sub-system print "NOTICE: you must run the 'update_audio' script (from" print "${GATE}/public/bin) to complete the upgrade of " print "the audio sub-system" # Do logging in the background so that if the automounter is gone, # bfu doesn't wedge at this point. # make sure the time reference is older than anything extracted print "\nNow for zone $zone..." # Normally we would clean up $bfu_zone_list but instead we leave it # behind for ACR to locate and use inside the BFU alternate reality. print "Turning off delayed i/o and syncing filesystems ..." print "\nWARNING: archive extraction errors occurred.\n" if [ -t
0 -a -t
1 -a -t
2 ];
then print "\nEntering post-bfu protected environment (shell: ksh)." print "Edit configuration files as necessary, then reboot.\n" print "Exiting post-bfu protected environment. To reenter, type:"