1 # 2 # CDDL HEADER START 3 # 4 # The contents of this file are subject to the terms of the 5 # Common Development and Distribution License (the "License"). 6 # You may not use this file except in compliance with the License. 7 # 8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 # or http://www.opensolaris.org/os/licensing. 10 # See the License for the specific language governing permissions 11 # and limitations under the License. 12 # 13 # When distributing Covered Code, include this CDDL HEADER in each 14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 # If applicable, add the following below this CDDL HEADER, with the 16 # fields enclosed by brackets "[]" replaced with your own identifying 17 # information: Portions Copyright [yyyy] [name of copyright owner] 18 # 19 # CDDL HEADER END 20 # 21 # Copyright 2008 Sun Microsystems, Inc. All rights reserved. 22 # Use is subject to license terms. 23 # 24 BASEPREFIX=`echo $BASEDIR | sed "s/\//_/g"` 25 # 26 # Clear sysidtool which may have gone into maintenance due to a dependency 27 # cycle with milestone/single-user, when upgrading to a system that 28 # introduces milestone/sysconfig. 29 # 30 cat >> $BASEDIR/var/svc/profile/upgrade <<\_CLRSYSID 31 /usr/sbin/svcadm clear svc:/system/sysidtool:net 32 /usr/sbin/svcadm clear svc:/system/sysidtool:system 33 _CLRSYSID 34 35 if [ -f $BASEDIR/etc/inet/ipnodes.hostsmerge ]; then 36 rm -f $BASEDIR/etc/inet/ipnodes.hostsmerge 37 fi 38 39 if [ -h $BASEDIR/var/mail.ABCsavedXYZ ] ; then 40 rmdir $BASEDIR/var/mail/:saved >/dev/null 2>&1 41 if [ $? = 0 ] ; then 42 rmdir $BASEDIR/var/mail >/dev/null 2>&1 43 if [ $? = 0 ] ; then 44 mv $BASEDIR/var/mail.ABCsavedXYZ $BASEDIR/var/mail 45 fi 46 fi 47 rm -fr $BASEDIR/var/mail.ABCsavedXYZ 48 fi 49 50 if [ -h $BASEDIR/var/news.ABCsavedXYZ ] ; then 51 rmdir $BASEDIR/var/news >/dev/null 2>&1 52 if [ $? = 0 ] ; then 53 mv $BASEDIR/var/news.ABCsavedXYZ $BASEDIR/var/news 54 fi 55 rm -fr $BASEDIR/var/news.ABCsavedXYZ 56 fi 57 58 PMTAB=$BASEDIR/etc/saf/tcp/_pmtab 59 if [ -f $PMTAB ] ; then 60 sed -e 's/\\x00020ACE......../\\x00020ACE00000000/' \ 61 -e 's/\\x00020203......../\\x0002020300000000/' $PMTAB >/tmp/t.$$ 62 cp /tmp/t.$$ $PMTAB 63 fi 64 65 AUTH_ATTR=$BASEDIR/etc/security/auth_attr 66 if [ -f $AUTH_ATTR ] ; then 67 sed '/^solaris\.\*/d' $AUTH_ATTR > /tmp/a.$$ 68 cp /tmp/a.$$ $AUTH_ATTR 69 rm -f /tmp/a.$$ 70 fi 71 72 EXEC_ATTR=$BASEDIR/etc/security/exec_attr 73 if [ -f $EXEC_ATTR ] ; then 74 sed -e '/^Network Security.*sbin\/ipsec.*/ D' \ 75 -e '/^Network Security.*sbin\/ike.*/ D' \ 76 -e '/^Network Security.*inet\/in\.iked.*/ D' \ 77 -e '/^Network Security.*inet\/cert.*/ D' $EXEC_ATTR > /tmp/e.$$ 78 cp /tmp/e.$$ $EXEC_ATTR 79 rm -f /tmp/e.$$ 80 fi 81 82 INITTAB=$BASEDIR/etc/inittab 83 if [ -f $INITTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \ 84 "$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then 85 sed -e '/^ap:/d' -e '/^sp:/d' $INITTAB > /tmp/i.$$ 86 cp /tmp/i.$$ $INITTAB 87 rm -f /tmp/i.$$ 88 fi 89 90 VFSTAB=$BASEDIR/etc/vfstab 91 if [ -f $VFSTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \ 92 "$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then 93 sed '/^\/devices[ ]/d' $VFSTAB > /tmp/v.$$ 94 cp /tmp/v.$$ $VFSTAB 95 rm -f /tmp/v.$$ 96 fi 97 98 # 99 # Get rid of obsolete BIND 8 server instance 100 # 101 cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_BIND8 102 obs_se=/usr/sbin/in.named 103 cur_se=`svcprop -p start/exec svc:/network/dns/server 2>/dev/null` 104 if [ "$obs_se" = "$cur_se" ]; then 105 svcadm disable -s svc:/network/dns/server:default 106 svccfg delete svc:/network/dns/server:default 107 # If this was the only instance, delete the service also 108 svcs network/dns/server >/dev/null 2>&1 || \ 109 svccfg delete svc:/network/dns/server 110 fi 111 _DEL_BIND8 112 113 # 114 # Get rid of obsolete DARPA trivial name server (Death to IEN-116!) 115 # 116 cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_TNAME 117 svcs svc:/network/tname > /dev/null 2>&1 118 if [ "$?" = 0 ]; then 119 svccfg delete -f svc:/network/tname 120 fi 121 _DEL_TNAME 122 123 # 124 # Remove stale GLD services 125 # 126 SVCCFG_REPOSITORY=$PKG_INSTALL_ROOT/etc/svc/repository.db 127 export SVCCFG_REPOSITORY 128 if [ -x /usr/sbin/svcadm -a -x /usr/sbin/svccfg -a \ 129 -f $PKG_INSTALL_ROOT/var/svc/manifest/network/datalink.xml ]; then 130 if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then 131 # 132 # Local package install. Need to disable the services first 133 # before deleting. 134 # 135 svcadm disable -s svc:/network/aggregation >/dev/null 2>&1 136 svcadm disable -s svc:/network/datalink-init >/dev/null 2>&1 137 svcadm disable -s svc:/network/datalink >/dev/null 2>&1 138 fi 139 svccfg delete svc:/network/aggregation >/dev/null 2>&1 140 svccfg delete svc:/network/datalink-init >/dev/null 2>&1 141 svccfg delete svc:/network/datalink >/dev/null 2>&1 142 fi 143 144 # The ipsecalgs and policy services are delivered enabled. 145 # The ike and manual-key services are delivered disabled. The 146 # system administrator will need to enable them after creating 147 # the config file(s). If the system has been upgraded and the 148 # config files exist, enable the services on first boot. 149 # The file in /tmp indicates that this system had already been 150 # upgraded. The service will only be enabled on first upgrade. 151 IKEMANIFEST=`echo ike.xml"$BASEPREFIX" | cut -c 1-256` 152 if [ ! -f /tmp/${IKEMANIFEST} ]; then 153 cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD 154 if [ -f /etc/inet/ike/config ]; then 155 /usr/sbin/svcadm enable svc:/network/ipsec/ike:default 156 fi 157 _IPSECUPGRD 158 else 159 rm /tmp/${IKEMANIFEST} 160 fi 161 MANKEYMANIFEST=`echo manual-key.xml"$BASEPREFIX" | cut -c 1-256` 162 if [ ! -f /tmp/${MANKEYMANIFEST} ]; then 163 cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD 164 if [ -f /etc/inet/secret/ipseckeys ]; then 165 /usr/sbin/svcadm enable svc:/network/ipsec/manual-key:default 166 fi 167 _IPSECUPGRD 168 else 169 rm /tmp/${MANKEYMANIFEST} 170 fi 171 172 # 173 # If the eeprom service is present, remove it. We can't use 174 # /var/svc/profile/upgrade as it runs before manifest-import. 175 # 176 /usr/sbin/svccfg -s svc:/platform/i86pc/eeprom:default end >/dev/null 2>&1 177 if [ "$?" = 0 ]; then 178 if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then 179 svcadm disable -s svc:/platform/i86pc/eeprom:default \ 180 >/dev/null 2>&1 181 fi 182 svccfg delete svc:/platform/i86pc/eeprom >/dev/null 2>&1 183 rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform_i86pc.xml 184 rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform.xml 185 fi 186 187 # 188 # svc:/network/rpc/keyserv is expected to be off on systems that don't 189 # set domainname. On systems that do define a default domain, leave the 190 # setting as previously set. 191 # 192 cat >> $BASEDIR/var/svc/profile/upgrade <<\_CSVC_UPGRADE_2 193 if [ ! -f /etc/defaultdomain ]; then 194 svcadm disable network/rpc/keyserv 195 fi 196 _CSVC_UPGRADE_2 197 198 if [ "$UPDATE" != yes ]; then 199 # 200 # On initial install, default to ns_files.xml. The installer will 201 # customize, if appropriate. 202 # 203 ln -s ns_files.xml $BASEDIR/var/svc/profile/name_service.xml 204 elif [ ! -r $BASEDIR/var/svc/profile/name_service.xml ] || \ 205 [ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then 206 # 207 # Associate name service profile, if none present. 208 # 209 grep ldap $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 210 is_ldap=$? 211 grep nisplus $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 212 is_nisplus=$? 213 grep nis $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 214 is_nis=$? 215 216 if [ $is_ldap = 0 ]; then 217 ns_profile=ns_ldap.xml 218 elif [ $is_nisplus = 0 ]; then 219 ns_profile=ns_nisplus.xml 220 elif [ $is_nis = 0 ]; then 221 ns_profile=ns_nis.xml 222 else 223 ns_profile=ns_files.xml 224 fi 225 226 # Remove stale copy of name_service.xml, if it is not a symlink. 227 if [ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then 228 /usr/bin/rm -f $BASEDIR/var/svc/profile/name_service.xml 229 fi 230 231 ln -s $ns_profile $BASEDIR/var/svc/profile/name_service.xml 232 233 grep dns $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 234 if [ $? = 0 ]; then 235 echo "/usr/sbin/svcadm enable network/dns/client" >> \ 236 $BASEDIR/var/svc/profile/upgrade 237 fi 238 fi 239 240 # 241 # Associate correct inetd services profile. 242 # 243 rm -f $BASEDIR/var/svc/profile/inetd_services.xml 244 if [ "$UPDATE" = yes ]; then 245 ln -s inetd_upgrade.xml $BASEDIR/var/svc/profile/inetd_services.xml 246 # Ensure inetd-upgrade is run post-upgrade 247 echo "/usr/sbin/svcadm enable network/inetd-upgrade" >> \ 248 $BASEDIR/var/svc/profile/upgrade 249 else 250 ln -s inetd_generic.xml $BASEDIR/var/svc/profile/inetd_services.xml 251 fi 252 253 # 254 # /etc/svc/repository.db was previously packaged but it is now generated 255 # from one of the seed repositories and then updated by svccfg(1M). 256 # Therefore, removef(1M) is used to remove the packaging database entry 257 # although the repository itself is preserved. 258 # 259 /usr/sbin/removef $PKGINST /etc/svc/repository.db >/dev/null 2>&1 260 /usr/sbin/removef -f $PKGINST >/dev/null 2>&1 261 262 PROFILEDIR=$BASEDIR/var/svc/profile 263 GENERICXML=${PROFILEDIR}/generic.xml 264 if [ -f $BASEDIR/var/SUNWcsr-apply-limited-net ]; then 265 UPGRADEFILE=${PROFILEDIR}/upgrade 266 ln -sf ./generic_limited_net.xml ${GENERICXML} 267 cat >> ${UPGRADEFILE} <<\_ENABLE_LIMITED_NET 268 # 269 # apply the generic_limit_net profile selected at install 270 # time, and set the accompanying properties since they can't 271 # be readily set in the profile as of yet. 272 # 273 apply_limited_net() 274 { 275 /usr/sbin/netservices limited 276 } 277 278 # apply_limited_net as last action of this upgrade script 279 trap apply_limited_net 0 280 281 _ENABLE_LIMITED_NET 282 rm -f $BASEDIR/var/SUNWcsr-apply-limited-net 283 else 284 # 285 # This is not an initial (zone-)install: we are upgrading. 286 # 287 # If we have a previous version of generic.xml, keep that. 288 # Otherwise (upgrade from pre-SMF filesystem) take the default 289 # action, i.e., sym-link to ./generic_open.xml 290 # 291 if [ ! -h $GENERICXML -a ! -f $GENERICXML ]; then 292 ln -s ./generic_open.xml $GENERICXML 293 fi 294 fi 295 296 # generic.xml is now dynamically maintained at install/upgrade time 297 # and no longer delivered by any package. We therefore removef(1) 298 # any reference to it in the package database. 299 removef $PKGINST /var/svc/profile/generic.xml >/dev/null 2>&1 300 removef -f $PKGINST >/dev/null 2>&1 301 302 # Solaris audit's internal "enable/disable" state is maintained by 303 # c2audit; if c2audit accepts the auditconfig query, then auditing is 304 # enabled. If that is the case, then SMF should always enable auditd 305 # in the global zone and also in a non-global zone if perzone auditing 306 # is in use. 307 308 cat >> $BASEDIR/var/svc/profile/upgrade <<\_ENABLE_AUDIT 309 /usr/sbin/auditconfig -getcond 2> /dev/null 310 if [ $? -eq 0 ]; then 311 if [ `/sbin/zonename` = global ]; then 312 /usr/sbin/svcadm enable system/auditd 313 else 314 echo `/usr/sbin/auditconfig -getpolicy` | grep perzone > /dev/null 315 if [ $? -eq 0 ]; then 316 /usr/sbin/svcadm enable system/auditd 317 fi 318 fi 319 fi 320 _ENABLE_AUDIT 321 322 # if platform/sun4u/mpxio-upgrade service exists, then 323 # delete the service on boot after upgrading. 324 if [ "$UPDATE" = yes ]; then 325 cat >> $BASEDIR/var/svc/profile/upgrade <<\_MPXIOUPGRD 326 /usr/bin/svcs platform/sun4u/mpxio-upgrade > /dev/null 2>&1 327 if [ "$?" = 0 ]; then 328 /usr/sbin/svccfg delete svc:/platform/sun4u/mpxio-upgrade 329 fi 330 _MPXIOUPGRD 331 fi 332 333 # 334 # Add nwam to sysidconfig app list so sys-unconfig does the right thing 335 # 336 cat >> $BASEDIR/var/svc/profile/upgrade <<\_NWAM_SYSID 337 /usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" -l |\ 338 /usr/bin/grep -s net-nwam >/dev/null 339 340 if [ $? -ne 0 ]; then 341 /usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" \ 342 -a /lib/svc/method/net-nwam 343 fi 344 _NWAM_SYSID 345 346 # 347 # Migrate /etc/acctadm.conf settings to smf(5) repository. Enable the instance 348 # if the configuration differs from the default configuration. 349 # 350 cat >> $BASEDIR/var/svc/profile/upgrade <<\_ACCTADM 351 if [ -f /etc/acctadm.conf ]; then 352 . /etc/acctadm.conf 353 354 fmri="svc:/system/extended-accounting:flow" 355 svccfg -s $fmri setprop config/file = \ 356 ${ACCTADM_FLOW_FILE:="none"} 357 svccfg -s $fmri setprop config/tracked = \ 358 ${ACCTADM_FLOW_TRACKED:="none"} 359 svccfg -s $fmri setprop config/untracked = \ 360 ${ACCTADM_FLOW_UNTRACKED:="extended"} 361 if [ ${ACCTADM_FLOW_ENABLE:="no"} = "yes" ]; then 362 svccfg -s $fmri setprop config/enabled = "true" 363 else 364 svccfg -s $fmri setprop config/enabled = "false" 365 fi 366 if [ $ACCTADM_FLOW_ENABLE = "yes" -o $ACCTADM_FLOW_FILE != "none" -o \ 367 $ACCTADM_FLOW_TRACKED != "none" ]; then 368 svcadm enable $fmri 369 fi 370 371 fmri="svc:/system/extended-accounting:process" 372 svccfg -s $fmri setprop config/file = \ 373 ${ACCTADM_PROC_FILE:="none"} 374 svccfg -s $fmri setprop config/tracked = \ 375 ${ACCTADM_PROC_TRACKED:="none"} 376 svccfg -s $fmri setprop config/untracked = \ 377 ${ACCTADM_PROC_UNTRACKED:="extended,host"} 378 if [ ${ACCTADM_PROC_ENABLE:="no"} = "yes" ]; then 379 svccfg -s $fmri setprop config/enabled = "true" 380 else 381 svccfg -s $fmri setprop config/enabled = "false" 382 fi 383 if [ $ACCTADM_PROC_ENABLE = "yes" -o $ACCTADM_PROC_FILE != "none" -o \ 384 $ACCTADM_PROC_TRACKED != "none" ]; then 385 svcadm enable $fmri 386 fi 387 388 fmri="svc:/system/extended-accounting:task" 389 svccfg -s $fmri setprop config/file = \ 390 ${ACCTADM_TASK_FILE:="none"} 391 svccfg -s $fmri setprop config/tracked = \ 392 ${ACCTADM_TASK_TRACKED:="none"} 393 svccfg -s $fmri setprop config/untracked = \ 394 ${ACCTADM_TASK_UNTRACKED:="extended"} 395 if [ ${ACCTADM_TASK_ENABLE:="no"} = "yes" ]; then 396 svccfg -s $fmri setprop config/enabled = "true" 397 else 398 svccfg -s $fmri setprop config/enabled = "false" 399 fi 400 if [ $ACCTADM_TASK_ENABLE = "yes" -o $ACCTADM_TASK_FILE != "none" -o \ 401 $ACCTADM_TASK_TRACKED != "none" ]; then 402 svcadm enable $fmri 403 fi 404 405 rm /etc/acctadm.conf 406 fi 407 _ACCTADM 408 409 # Preinstall script will create this file if vtdaemon service was 410 # already installed, in which case we preserve current service state, 411 # be it enabled or disabled. 412 if [ -f $PKG_INSTALL_ROOT/var/tmp/vtdaemon_installed.tmp ]; then 413 rm -f $PKG_INSTALL_ROOT/var/tmp/vtdaemon_installed.tmp 414 elif [ "${PKG_INSTALL_ROOT:-/}" = "/" ]; then 415 # live system 416 /usr/sbin/svcadm enable svc:/system/vtdaemon:default 417 /usr/sbin/svcadm enable svc:/system/console-login:vt2 418 /usr/sbin/svcadm enable svc:/system/console-login:vt3 419 /usr/sbin/svcadm enable svc:/system/console-login:vt4 420 /usr/sbin/svcadm enable svc:/system/console-login:vt5 421 /usr/sbin/svcadm enable svc:/system/console-login:vt6 422 else 423 # upgrade 424 cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<-EOF 425 /usr/sbin/svcadm enable svc:/system/vtdaemon:default 426 /usr/sbin/svcadm enable svc:/system/console-login:vt2 427 /usr/sbin/svcadm enable svc:/system/console-login:vt3 428 /usr/sbin/svcadm enable svc:/system/console-login:vt4 429 /usr/sbin/svcadm enable svc:/system/console-login:vt5 430 /usr/sbin/svcadm enable svc:/system/console-login:vt6 431 EOF 432 fi 433 434 exit 0 435
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.