Cross Reference: /pkg/src/svc/svc-pkg-depot

	svc-pkg-depot revision 1902
0N/A#!/usr/bin/ksh -p
1545N/A#
0N/A# CDDL HEADER START
0N/A#
0N/A# The contents of this file are subject to the terms of the
0N/A# Common Development and Distribution License (the "License").
0N/A# You may not use this file except in compliance with the License.
0N/A#
0N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
0N/A# or http://www.opensolaris.org/os/licensing.
0N/A# See the License for the specific language governing permissions
0N/A# and limitations under the License.
0N/A#
0N/A# When distributing Covered Code, include this CDDL HEADER in each
0N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
0N/A# If applicable, add the following below this CDDL HEADER, with the
0N/A# fields enclosed by brackets "[]" replaced with your own identifying
0N/A# information: Portions Copyright [yyyy] [name of copyright owner]
0N/A#
0N/A# CDDL HEADER END
0N/A#
0N/A# Copyright (c) 2009, 2010 Oracle and/or its affiliates.  All rights reserved.
0N/A#
0N/A
0N/A# Load SMF constants and functions
0N/A. /lib/svc/share/smf_include.sh
0N/A
0N/Aif [[ -z "$SMF_FMRI" ]]; then
0N/A    echo "this script can only be invoked by smf(5)"
0N/A    exit $SMF_EXIT_ERR_NOSMF
0N/Afi
0N/A
0N/Acase "$1" in
0N/A'start')
0N/A    # Handles depot startup
0N/A
0N/A    # boolean_props are properties which are communicated to the depot
0N/A    # via a flag being present or absent on the command line.
0N/A    boolean_props="mirror readonly"
0N/A    set -A boolean_cmd_line "mirror" "readonly"
0N/A
0N/A    # short_option_props are properties which are communicated to the depot
0N/A    # via a single character flag which takes an argument.
0N/A    short_option_props="inst_root port threads socket_timeout"
0N/A    set -A short_option_cmd_line "d" "p" "s" "t"
0N/A
0N/A    # short_option_props are properties which are communicated to the depot
0N/A    # via a long option flag which takes an argument.
0N/A    long_option_props="cfg_file content_root debug file_root log_access \
0N/A        log_errors proxy_base sort_file_max_size ssl_cert_file \
0N/A        ssl_dialog ssl_key_file writable_root"
0N/A
0N/A    set -A long_option_cmd_line "cfg-file" "content-root" "debug" \
0N/A        "file-root" "log-access" "log-errors" "proxy-base" \
0N/A        "sort-file-max-size" "ssl-cert-file" "ssl-dialog" "ssl-key-file" \
0N/A        "writable-root"
0N/A
0N/A    bool_ops=""
0N/A    option_props=""
0N/A
0N/A    # retrieve the pkg_root property. If the variable is left empty
0N/A    # pkg_root is /
1667N/A    pkg_root=$(svcprop -p pkg/pkg_root $SMF_FMRI)
1667N/A    if [[ $? -ne 0 ]]; then
1667N/A        echo "service property pkg/pkg_root not defined for" \
1667N/A            "service: $SMF_FMRI"
1667N/A        exit $SMF_EXIT_ERR_CONFIG
1667N/A    fi
1667N/A
1667N/A    # make sure pkg_root ends with a /
1667N/A    echo $pkg_root | grep /$ >/dev/null
0N/A    if [[ $? -ne 0 ]]; then
0N/A        pkg_root="${pkg_root}/"
0N/A    fi
0N/A
0N/A    # adjust the PYTHONPATH to point to the current environment
0N/A    # we need to make sure to adjust the PYTHONPATH accordingly
    # to a Python 2.4 or 2.6 environment
    python_ver=$(head -1 ${pkg_root}usr/lib/pkg.depotd 2>/dev/null |
        awk -F/ '{print $NF}')
    if [[ $python_ver != *python* ]]; then
        echo "invalid python version $python_ver found in"
        echo "${pkg_root}usr/lib/pkg.depotd"
        exit $SMF_EXIT_ERR_FATAL
    fi

    PYTHONPATH=${pkg_root}usr/lib/${python_ver}/vendor-packages/:$PYTHONPATH

    export PYTHONPATH

    # Go through each property in boolean_props and, if its value is set
    # to true in SMF, add the appropriate command line flag to the string.
    cnt=0
    for b in $boolean_props; do
        val=$(svcprop -p pkg/$b $SMF_FMRI)
        if [[ $? -ne 0 ]]; then
            echo "service property pkg/$b not defined for" \
                "service: $SMF_FMRI"
            exit $SMF_EXIT_ERR_CONFIG
        fi
        # If the property is set to true, add the flag.
        if [[ $val == 'true' ]]; then
            bool_ops="$bool_ops --${boolean_cmd_line[$cnt]}"
        fi
        cnt=$(($cnt + 1))
    done

    # Go through each property in short_option_props and, if its value is
    # set to something other than "", add the appropriate command line
    # flag and argument to the string.
    cnt=0
    for o in $short_option_props; do
        val=$(svcprop -p pkg/$o $SMF_FMRI)
        if [[ $? -ne 0 ]]; then
            echo "service property pkg/$o not defined for" \
                    "service: $SMF_FMRI"
            exit $SMF_EXIT_ERR_CONFIG
        fi
        # If the SMF property is set to something other than 'none', add
        # the flag and its argument to the command.
        if [[ $val != '""' ]]; then
            option_ops="$option_ops -${short_option_cmd_line[$cnt]} $val"
        fi
        cnt=$(($cnt + 1))
    done

    # Go through each property in long_option_props and, if its value is
    # set to something other than "", add the appropriate command line
    # flag and argument to the string.
    cnt=0
    for o in $long_option_props; do
        val=$(svcprop -p pkg/$o $SMF_FMRI)
        if [[ $? -ne 0 ]]; then
            echo "service property pkg/$o not defined for" \
                    "service: $SMF_FMRI"
            exit $SMF_EXIT_ERR_CONFIG
        fi
        # check if content_root is a relative or absolute path, if
        # relative append to pkg_root
        if [[ $o == 'content_root' ]]; then
            echo $val | grep ^/ >/dev/null
            if [[ $? -ne 0 ]]; then
                # pkg_root has been checked to end with a slash
                val="${pkg_root}$val"
            fi
        fi
        # If the SMF property is set to something other than 'none', add
        # the flag and its argument to the command.
        if [[ $o == 'ssl_dialog' && $val == 'smf' ]]; then
            option_ops="$option_ops --${long_option_cmd_line[$cnt]}=smf:$SMF_FMRI"
        elif [[ $val != '""' ]]; then
            option_ops="$option_ops --${long_option_cmd_line[$cnt]}=$val"
        fi
        cnt=$(($cnt + 1))
    done

    #
    # Determine if fork and exec are needed.
    #
    need_forkexec="true"
    if [[ $bool_ops == *'--readonly'* ]]; then
        need_forkexec="false"
        echo "option_ops: [$option_ops]"
        if [[ "$option_ops" == *--ssl-dialog=@(smf|exec):* && \
            "$option_ops" == *'--ssl-key-file='* && \
            "$option_ops" != *'--ssl-key-file=none'* ]]; then
            need_forkexec="true"
        fi
        if [[ "$option_ops" == *'--writable-root='* ]]; then
            need_forkexec="true"
        fi

    fi

    #
    # If we don't need them, drop fork and exec.
    #
    forkexec=""
    if [[ $need_forkexec == 'false' ]]; then
        echo "Dropping fork(2) and exec(2) privileges."
        forkexec=",-proc_fork,-proc_exec"
    fi

    #
    # If this process has net_privaddr, then we pass it along.
    # If not, we ensure that we don't specify it, since that will
    # cause ppriv to throw an error.
    #
    privaddr=""
    ppriv -v $$ | grep 'E: ' | grep net_privaddr > /dev/null 2>&1
    if [[ $? == 0 ]]; then
        echo "Dropping net_privaddr privilege."
        privaddr=",net_privaddr"
    fi
    #
    # We build up the privileges available starting with "basic".
    # This provides some protection even when the depot runs as root.
    #
    wrapper="ppriv -s A=basic,-file_link_any,-proc_info,-proc_session$privaddr$forkexec -e"

    # Build the command to start pkg.depotd with the specified options.
    cmd="$wrapper ${pkg_root}usr/lib/pkg.depotd $bool_ops $option_ops"
    # Echo the command so that the log contains the command used to start
    # the depot.
    echo $cmd

    exec $cmd

    ;;

'stop')
    #
    # Strategy: First, try shutting down depot using polite kill.  Use up
    # as much as possible of the allotted timeout period waiting for polite
    # kill to take effect.  As time runs out, try a more aggressive kill.
    #
    SVC_TIMEOUT=`svcprop -p stop/timeout_seconds $SMF_FMRI`
    if [[ $? -ne 0 ]]; then
        echo "service property stop/timeout_seconds not defined" \
            "for service: $SMF_FMRI"
        exit $SMF_EXIT_ERR_CONFIG
    fi

    #
    # Note that we're working around an oddity in smf_kill_contract: it
    # waits in 5 second chunks and can overshoot the specified timeout
    # by as many as 4 seconds.  Example: a specified wait of 6 will result
    # in a wait of 10 seconds in reality.  Since we may potentially do a
    # first kill and then a second, we must ensure that at least 8 seconds
    # of slop is left in reserve.  To be paranoid, we go for 10.
    #
    ((POLITE=$SVC_TIMEOUT - 10))
    if [[ $POLITE -gt 0 ]]; then
        smf_kill_contract $2 TERM 1 $POLITE
        ret=$?
        # '2' indicates timeout with non-empty contract.
        if [[ $ret -eq 2 ]]; then
            echo "Gentle contract kill timed out after"
                    "$POLITE seconds, trying SIGKILL." >&2
            #
            # Again, despite the specified timeout, this will
            # take a minimum of 5 seconds to complete.
            #
            smf_kill_contract $2 KILL 1 1
            if [[ $ret -ne 0 ]]; then
                exit $SMF_EXIT_ERR_FATAL
            fi
        fi
    else
        # If the timeout is too short, we just try once, politely.
        smf_kill_contract $2 TERM
    fi
    ;;

*)
    echo "Usage: $0 { start | stop }"
    exit $SMF_EXIT_ERR_CONFIG
    ;;

esac
exit $SMF_EXIT_OK