svc-pkg-depot revision 1475
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# Load SMF constants and functions
if [[ -z "$SMF_FMRI" ]]; then
echo "this script can only be invoked by smf(5)"
exit $SMF_EXIT_ERR_NOSMF
fi
case "$1" in
'start')
# Handles depot startup
# boolean_props are properties which are communicated to the depot
# via a flag being present or absent on the command line.
boolean_props="mirror readonly"
set -A boolean_cmd_line "mirror" "readonly"
# short_option_props are properties which are communicated to the depot
# via a single character flag which takes an argument.
short_option_props="inst_root port threads socket_timeout"
set -A short_option_cmd_line "d" "p" "s" "t"
# short_option_props are properties which are communicated to the depot
# via a long option flag which takes an argument.
long_option_props="cfg_file content_root debug log_access log_errors \
proxy_base sort_file_max_size ssl_cert_file ssl_dialog ssl_key_file \
writable_root"
set -A long_option_cmd_line "cfg-file" "content-root" "debug" \
"log-access" "log-errors" "proxy-base" "sort-file-max-size" \
"ssl-cert-file" "ssl-dialog" "ssl-key-file" "writable-root"
bool_ops=""
option_props=""
# Go through each property in boolean_props and, if its value is set
# to true in SMF, add the appropriate command line flag to the string.
cnt=0
for b in $boolean_props; do
if [[ $? -ne 0 ]]; then
echo "service property pkg/$b not defined for" \
"service: $SMF_FMRI"
exit $SMF_EXIT_ERR_CONFIG
fi
# If the property is set to true, add the flag.
if [[ $val == 'true' ]]; then
fi
done
# Go through each property in short_option_props and, if its value is
# set to something other than "", add the appropriate command line
# flag and argument to the string.
cnt=0
for o in $short_option_props; do
if [[ $? -ne 0 ]]; then
echo "service property pkg/$o not defined for" \
"service: $SMF_FMRI"
exit $SMF_EXIT_ERR_CONFIG
fi
# If the SMF property is set to something other than 'none', add
# the flag and its argument to the command.
if [[ $val != '""' ]]; then
option_ops="$option_ops -${short_option_cmd_line[$cnt]} $val"
fi
done
# Go through each property in long_option_props and, if its value is
# set to something other than "", add the appropriate command line
# flag and argument to the string.
cnt=0
for o in $long_option_props; do
if [[ $? -ne 0 ]]; then
echo "service property pkg/$o not defined for" \
"service: $SMF_FMRI"
exit $SMF_EXIT_ERR_CONFIG
fi
# If the SMF property is set to something other than 'none', add
# the flag and its argument to the command.
option_ops="$option_ops --${long_option_cmd_line[$cnt]}=smf:$SMF_FMRI"
elif [[ $val != '""' ]]; then
option_ops="$option_ops --${long_option_cmd_line[$cnt]}=$val"
fi
done
#
# Determine if fork and exec are needed.
#
need_forkexec="true"
if [[ $bool_ops == *'--readonly'* ]]; then
need_forkexec="false"
echo "option_ops: [$option_ops]"
"$option_ops" == *'--ssl-key-file='* && \
"$option_ops" != *'--ssl-key-file=none'* ]]; then
need_forkexec="true"
fi
if [[ "$option_ops" == *'--writable-root='* ]]; then
need_forkexec="true"
fi
fi
#
# If we don't need them, drop fork and exec.
#
forkexec=""
if [[ $need_forkexec == 'false' ]]; then
echo "Dropping fork(2) and exec(2) privileges."
forkexec=",-proc_fork,-proc_exec"
fi
#
# If this process has net_privaddr, then we pass it along.
# If not, we ensure that we don't specify it, since that will
# cause ppriv to throw an error.
#
privaddr=""
if [[ $? == 0 ]]; then
echo "Dropping net_privaddr privilege."
privaddr=",net_privaddr"
fi
#
# We build up the privileges available starting with "basic".
# This provides some protection even when the depot runs as root.
#
# Build the command to start pkg.depotd with the specified options.
# Echo the command so that the log contains the command used to start
# the depot.
echo $cmd
exec $cmd
;;
'stop')
#
# Strategy: First, try shutting down depot using polite kill. Use up
# as much as possible of the allotted timeout period waiting for polite
# kill to take effect. As time runs out, try a more aggressive kill.
#
if [[ $? -ne 0 ]]; then
echo "service property stop/timeout_seconds not defined" \
"for service: $SMF_FMRI"
exit $SMF_EXIT_ERR_CONFIG
fi
#
# Note that we're working around an oddity in smf_kill_contract: it
# waits in 5 second chunks and can overshoot the specified timeout
# by as many as 4 seconds. Example: a specified wait of 6 will result
# in a wait of 10 seconds in reality. Since we may potentially do a
# first kill and then a second, we must ensure that at least 8 seconds
# of slop is left in reserve. To be paranoid, we go for 10.
#
ret=$?
# '2' indicates timeout with non-empty contract.
echo "Gentle contract kill timed out after"
"$POLITE seconds, trying SIGKILL." >&2
#
# Again, despite the specified timeout, this will
# take a minimum of 5 seconds to complete.
#
exit $SMF_EXIT_ERR_FATAL
fi
fi
else
# If the timeout is too short, we just try once, politely.
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit $SMF_EXIT_ERR_CONFIG
;;
esac
exit $SMF_EXIT_OK