Home | History | Annotate | Download | only in scripts
      1 #!/bin/ksh
      2 #
      3 # CDDL HEADER START
      4 #
      5 # The contents of this file are subject to the terms of the
      6 # Common Development and Distribution License (the "License").
      7 # You may not use this file except in compliance with the License.
      8 #
      9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10 # or http://www.opensolaris.org/os/licensing.
     11 # See the License for the specific language governing permissions
     12 # and limitations under the License.
     13 #
     14 # When distributing Covered Code, include this CDDL HEADER in each
     15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16 # If applicable, add the following below this CDDL HEADER, with the
     17 # fields enclosed by brackets "[]" replaced with your own identifying
     18 # information: Portions Copyright [yyyy] [name of copyright owner]
     19 #
     20 # CDDL HEADER END
     21 #
     22 
     23 #
     24 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     25 # Use is subject to license terms.
     26 #
     27 # Upgrade a machine from a cpio archive area in about 5 minutes.
     28 # By Roger Faulkner and Jeff Bonwick, April 1993.
     29 # (bfu == Bonwick/Faulkner Upgrade, a.k.a. Blindingly Fast Upgrade)
     30 #
     31 # Usage: bfu    [-f] <archive_dir> [root-dir]	# for normal machines
     32 #        bfu -c [-f] <archive_dir> <exec-dir>	# for diskless clients
     33 #
     34 # The -f flag is to override the built-in safety check which requires
     35 # that the starting-point OS be a least a certain revision.
     36 #
     37 # You have to be super-user.  It's safest to run this from the
     38 # system console, although I've run it under OW and even via
     39 # remote login with no problems.
     40 #
     41 # You will have to reboot the system when the upgrade is complete.
     42 #
     43 # You should add any administrative files you care about to this list.
     44 # Warning: there had better be no leading '/' on any of these filenames.
     45 
     46 #
     47 # The CDPATH variable causes ksh's `cd' builtin to emit messages to stdout
     48 # under certain circumstances, which can really screw things up; unset it.
     49 #
     50 unset CDPATH
     51 
     52 export LC_ALL="C"
     53 
     54 if [ -z "$GATEPATH" ]; then
     55 	GATEPATH=/ws/onnv-gate
     56 	test -d $GATEPATH || GATEPATH=/net/onnv.eng/export/onnv-gate
     57 fi
     58 export GATE=${GATEPATH}
     59 export ARCHIVE=${ARCHIVEPATH:-${GATEPATH}}
     60 
     61 #
     62 # NOTE:	Entries in *_files must expand to either the exact files required,
     63 #	or to directories that will be scoured for files.  Any directories
     64 #	(and subdirectories) resulting from a wildcard expansion will be
     65 #	fully recursed by BFU's searching for files.  (E.g. /etc/inet/* will
     66 #	include all files in any of its directories, as well as any files in
     67 #	/etc/inet/ itself.
     68 #
     69 #	These lists should really be generated automatically from the
     70 #	pkgmap(4) metadata.
     71 #
     72 
     73 #
     74 # First list: files to be saved in global and non-global zones.
     75 #
     76 all_zones_files="
     77 	etc/.login
     78 	etc/acct/holidays
     79 	etc/auto_*
     80 	etc/cron.d/at.deny
     81 	etc/cron.d/cron.deny
     82 	etc/crypto/pkcs11.conf
     83 	etc/default/*
     84 	etc/dev/reserved_devnames
     85 	etc/dfs/dfstab
     86 	etc/dumpdates
     87 	etc/ftpd/*
     88 	etc/ftpusers
     89 	etc/group
     90 	etc/gss/gsscred.conf
     91 	etc/gss/mech
     92 	etc/gss/qop
     93 	etc/inet/*
     94 	etc/init.d/*
     95 	etc/inittab
     96 	etc/ipf/ipf.conf
     97 	etc/iu.ap
     98 	etc/krb5/kadm5.acl
     99 	etc/krb5/kdc.conf
    100 	etc/krb5/kpropd.acl
    101 	etc/krb5/krb5.conf
    102 	etc/krb5/warn.conf
    103 	etc/ksh.kshrc
    104 	etc/logadm.conf
    105 	etc/logindevperm
    106 	etc/lp/Systems
    107 	etc/mail/*.cf
    108 	etc/mail/*.hf
    109 	etc/mail/*.rc
    110 	etc/mail/aliases
    111 	etc/mail/helpfile
    112 	etc/mail/local-host-names
    113 	etc/mail/trusted-users
    114 	etc/named.conf
    115 	etc/net/*/services
    116 	etc/netconfig
    117 	etc/nfs/nfslog.conf
    118 	etc/nfssec.conf
    119 	etc/nscd.conf
    120 	etc/nsswitch.*
    121 	etc/pam.conf
    122 	etc/passwd
    123 	etc/policy.conf
    124 	etc/printers.conf
    125 	etc/profile
    126 	etc/project
    127 	etc/publickey
    128 	etc/remote
    129 	etc/resolv.conf
    130 	etc/rmmount.conf
    131 	etc/rpc
    132 	etc/rpld.conf
    133 	etc/saf/_sactab
    134 	etc/saf/_sysconfig
    135 	etc/saf/zsmon/_pmtab
    136 	etc/security/audit_class
    137 	etc/security/audit_control
    138 	etc/security/audit_event
    139 	etc/security/audit_startup
    140 	etc/security/audit_user
    141 	etc/security/audit_warn
    142 	etc/security/auth_attr
    143 	etc/security/crypt.conf
    144 	etc/security/exec_attr
    145 	etc/security/policy.conf
    146 	etc/security/prof_attr
    147 	etc/sfw/openssl/openssl.cnf
    148 	etc/shadow
    149 	etc/skel/.profile
    150 	etc/skel/local.*
    151 	etc/ssh/ssh_config
    152 	etc/ssh/sshd_config
    153 	etc/syslog.conf
    154 	etc/ttydefs
    155 	etc/ttysrch
    156 	etc/user_attr
    157 	etc/uucp/[A-Z]*
    158 	etc/vfstab
    159 	var/smb/*
    160 	var/spool/cron/crontabs/*
    161 	var/yp/Makefile
    162 	var/yp/aliases
    163 	var/yp/nicknames
    164 "
    165 
    166 #
    167 # Second list: files to be saved in the global zone only.
    168 #
    169 global_zone_only_files="
    170 	boot/grub/menu.lst
    171 	boot/solaris/bootenv.rc
    172 	boot/solaris/devicedb/master
    173 	boot/solaris/filelist.ramdisk
    174 	etc/aggregation.conf
    175 	etc/bootrc
    176 	etc/crypto/kcf.conf
    177 	etc/devlink.tab
    178 	etc/dladm/*
    179 	etc/driver_aliases
    180 	etc/driver_classes
    181 	etc/lvm/devpath
    182 	etc/lvm/lock
    183 	etc/lvm/md.cf
    184 	etc/lvm/md.ctlrmap
    185 	etc/lvm/md.tab
    186 	etc/lvm/mddb.cf
    187 	etc/lvm/runtime.cf
    188 	etc/mach
    189 	etc/minor_perm
    190 	etc/name_to_major
    191 	etc/name_to_sysnum
    192 	etc/nca/nca.if
    193 	etc/nca/ncakmod.conf
    194 	etc/nca/ncalogd.conf
    195 	etc/nca/ncaport.conf
    196 	etc/openwin/server/etc/OWconfig
    197 	etc/path_to_inst
    198 	etc/power.conf
    199 	etc/ppp/chap-secrets
    200 	etc/ppp/options
    201 	etc/ppp/pap-secrets
    202 	etc/security/device_policy
    203 	etc/security/extra_privs
    204 	etc/security/tsol/devalloc_defaults
    205 	etc/security/tsol/label_encodings
    206 	etc/security/tsol/relabel
    207 	etc/security/tsol/tnrhdb
    208 	etc/security/tsol/tnrhtp
    209 	etc/security/tsol/tnzonecfg
    210 	etc/system
    211 	etc/zones/index
    212 	kernel/drv/aac.conf
    213 	kernel/drv/elxl.conf
    214 	kernel/drv/emlxs.conf
    215 	kernel/drv/fp.conf
    216 	kernel/drv/iscsi.conf
    217 	kernel/drv/md.conf
    218 	kernel/drv/mpt.conf
    219 	kernel/drv/mpt_sas.conf
    220 	kernel/drv/options.conf
    221 	kernel/drv/pmcs.conf
    222 	kernel/drv/qlc.conf
    223 	kernel/drv/ra.conf
    224 	kernel/drv/scsa2usb.conf
    225 	kernel/drv/scsi_vhci.conf
    226 	kernel/drv/sd.conf
    227 	kernel/drv/ssd.conf
    228 	platform/*/kernel/drv/*ppm.conf
    229 	platform/i86pc/kernel/drv/aha.conf
    230 	platform/i86pc/kernel/drv/asy.conf
    231 	platform/sun4u/boot.conf
    232 "
    233 
    234 #
    235 # Third list: files extracted from generic.root but which belong in the global
    236 # zone only: they are superfluous (and some even harmful) in nonglobal zones.
    237 #
    238 # (note: as /etc/init.d scripts are converted to smf(5) "Greenline" services,
    239 # they (and their /etc/rc?.d hardlinks) should be removed from this list when
    240 # they are added to smf_obsolete_rc_files, below)
    241 #
    242 superfluous_nonglobal_zone_files="
    243 	dev/dsk
    244 	dev/fd
    245 	dev/pts
    246 	dev/rdsk
    247 	dev/rmt
    248 	dev/stderr
    249 	dev/stdin
    250 	dev/stdout
    251 	dev/swap
    252 	dev/term
    253 	dev/vt
    254 	devices
    255 	etc/dacf.conf
    256 	etc/dat
    257 	etc/default/metassist.xml
    258 	etc/default/power
    259 	etc/flash/postdeployment/svm.cleanup
    260 	etc/flash/predeployment/svm.save
    261 	etc/inet/ipqosconf.1.sample
    262 	etc/inet/ipqosconf.2.sample
    263 	etc/inet/ipqosconf.3.sample
    264 	etc/inet/sock2path
    265 	etc/init.d/devlinks
    266 	etc/init.d/dodatadm.udaplt
    267 	etc/init.d/drvconfig
    268 	etc/init.d/llc2
    269 	etc/init.d/ncakmod
    270 	etc/init.d/ncalogd
    271 	etc/init.d/pcmcia
    272 	etc/init.d/pppd
    273 	etc/init.d/wrsmcfg
    274 	etc/llc2
    275 	etc/lvm
    276 	etc/nca
    277 	etc/openwin
    278 	etc/ppp
    279 	etc/rc0.d/K34ncalogd
    280 	etc/rc0.d/K50pppd
    281 	etc/rc0.d/K52llc2
    282 	etc/rc1.d/K34ncalogd
    283 	etc/rc1.d/K50pppd
    284 	etc/rc1.d/K52llc2
    285 	etc/rc2.d/S40llc2
    286 	etc/rc2.d/S42ncakmod
    287 	etc/rc2.d/S47pppd
    288 	etc/rc2.d/S81dodatadm.udaplt
    289 	etc/rc2.d/S94ncalogd
    290 	etc/rcS.d/K34ncalogd
    291 	etc/rcS.d/K44wrsmcfg
    292 	etc/rcS.d/K50pppd
    293 	etc/rcS.d/K52llc2
    294 	etc/rcS.d/S29wrsmcfg
    295 	etc/rcm
    296 	etc/sock2path
    297 	etc/usb
    298 	etc/wrsm
    299 	etc/zones
    300 	kernel
    301 	lib/libmeta.so
    302 	lib/libmeta.so.1
    303 	lib/svc/method/devices-audio
    304 	lib/svc/method/fc-fabric
    305 	lib/svc/method/iscsi-initiator
    306 	lib/svc/method/ldoms-agents
    307 	lib/svc/method/npivconfig
    308 	lib/svc/method/sf880dr
    309 	lib/svc/method/svc-cvcd
    310 	lib/svc/method/svc-dcs
    311 	lib/svc/method/svc-drd
    312 	lib/svc/method/svc-dscp
    313 	lib/svc/method/svc-dumpadm
    314 	lib/svc/method/svc-fcoei
    315 	lib/svc/method/svc-fcoet
    316 	lib/svc/method/svc-intrd
    317 	lib/svc/method/svc-hal
    318 	lib/svc/method/svc-labeld
    319 	lib/svc/method/svc-mdmonitor
    320 	lib/svc/method/svc-metainit
    321 	lib/svc/method/svc-metasync
    322 	lib/svc/method/svc-oplhpd
    323 	lib/svc/method/svc-poold
    324 	lib/svc/method/svc-pools
    325 	lib/svc/method/svc-power
    326 	lib/svc/method/svc-resource-mgmt
    327 	lib/svc/method/svc-rmvolmgr
    328 	lib/svc/method/svc-scheduler
    329 	lib/svc/method/svc-sckmd
    330 	lib/svc/method/svc-stmf
    331 	lib/svc/method/svc-syseventd
    332 	lib/svc/method/svc-tnctl
    333 	lib/svc/method/svc-tnd
    334 	lib/svc/method/svc-vntsd
    335 	lib/svc/method/svc-zones
    336 	lib/svc/method/vtdaemon
    337 	platform/*/kernel
    338 	platform/SUNW,Sun-Fire-15000/lib/cvcd
    339 	platform/SUNW,Ultra-Enterprise-10000/lib/cvcd
    340 	platform/i86pc/biosint
    341 	platform/i86pc/multiboot
    342 	platform/sun4u/cprboot
    343 	platform/sun4u/lib/libwrsmconf.so
    344 	platform/sun4u/lib/libwrsmconf.so.1
    345 	platform/sun4u/lib/sparcv9/libwrsmconf.so
    346 	platform/sun4u/lib/sparcv9/libwrsmconf.so.1
    347 	platform/sun4u/sbin
    348 	platform/sun4u/wanboot
    349 	platform/sun4v/wanboot
    350 	sbin/metadb
    351 	sbin/metadevadm
    352 	sbin/metainit
    353 	sbin/metarecover
    354 	sbin/metastat
    355 	usr/include/sys/dcam
    356 	usr/lib/devfsadm/linkmod/SUNW_dcam1394_link.so
    357 	usr/lib/ldoms
    358 	usr/platform/SUNW,SPARC-Enterprise/lib/dscp.ppp.options
    359 	usr/platform/SUNW,SPARC-Enterprise/lib/libdscp.so
    360 	usr/platform/SUNW,SPARC-Enterprise/lib/libdscp.so.1
    361 	usr/platform/SUNW,SPARC-Enterprise/lib/llib-ldscp.ln
    362 	usr/platform/SUNW,SPARC-Enterprise/sbin/prtdscp
    363 	var/adm/pool
    364 	var/log/pool
    365 	var/svc/manifest/network/iscsi/iscsi-initiator.xml
    366 	var/svc/manifest/network/npiv_config.xml
    367 	var/svc/manifest/network/rpc/mdcomm.xml
    368 	var/svc/manifest/network/rpc/meta.xml
    369 	var/svc/manifest/network/rpc/metamed.xml
    370 	var/svc/manifest/network/rpc/metamh.xml
    371 	var/svc/manifest/network/tnctl.xml
    372 	var/svc/manifest/network/tnd.xml
    373 	var/svc/manifest/platform/i86pc/eeprom.xml
    374 	var/svc/manifest/platform/sun4u/dcs.xml
    375 	var/svc/manifest/platform/sun4u/dscp.xml
    376 	var/svc/manifest/platform/sun4u/efdaemon.xml
    377 	var/svc/manifest/platform/sun4u/oplhpd.xml
    378 	var/svc/manifest/platform/sun4u/sckmd.xml
    379 	var/svc/manifest/platform/sun4u/sf880drd.xml
    380 	var/svc/manifest/platform/sun4v
    381 	var/svc/manifest/system/cvc.xml
    382 	var/svc/manifest/system/device/devices-audio.xml
    383 	var/svc/manifest/system/device/devices-fc-fabric.xml
    384 	var/svc/manifest/system/dumpadm.xml
    385 	var/svc/manifest/system/fcoe_initiator.xml
    386 	var/svc/manifest/system/fcoe_target.xml
    387 	var/svc/manifest/system/filesystem/rmvolmgr.xml
    388 	var/svc/manifest/system/fmd.xml
    389 	var/svc/manifest/system/hal.xml
    390 	var/svc/manifest/system/intrd.xml
    391 	var/svc/manifest/system/labeld.xml
    392 	var/svc/manifest/system/mdmonitor.xml
    393 	var/svc/manifest/system/metainit.xml
    394 	var/svc/manifest/system/metasync.xml
    395 	var/svc/manifest/system/picl.xml
    396 	var/svc/manifest/system/poold.xml
    397 	var/svc/manifest/system/pools.xml
    398 	var/svc/manifest/system/power.xml
    399 	var/svc/manifest/system/resource-mgmt.xml
    400 	var/svc/manifest/system/scheduler.xml
    401 	var/svc/manifest/system/stmf.xml
    402 	var/svc/manifest/system/sysevent.xml
    403 	var/svc/manifest/system/vtdaemon.xml
    404 	var/svc/manifest/system/zones.xml
    405 "
    406 
    407 #
    408 # Fourth list: files to be preserved, ie unconditionally restored to
    409 # "child" versions
    410 #
    411 preserve_files="
    412 	etc/hostid
    413 	kernel/misc/amd64/sysinit
    414 	kernel/misc/amd64/usbs49_fw
    415 	kernel/misc/sparcv9/usbs49_fw
    416 	kernel/misc/sysinit
    417 	kernel/misc/usbs49_fw
    418 	var/adm/aculog
    419 	var/adm/spellhist
    420 	var/adm/utmpx
    421 	var/adm/wtmpx
    422 	var/log/authlog
    423 	var/log/syslog
    424 	var/saf/zsmon/log
    425 "
    426 
    427 realmode_files="
    428 	boot/solaris/bootenv.rc
    429 	boot/solaris/devicedb/master
    430 "
    431 
    432 #
    433 # /usr/sadm/install/scripts/i.build class runs class client provided
    434 # script. The files below are managed by build class and its build script.
    435 # They are added /bfu.conflict/NEW and the acr.sh process runs the script
    436 # as part of conflict resolution. 
    437 #
    438 build_class_script_files="
    439 	etc/mpapi.conf
    440 	etc/hba.conf
    441 	etc/ima.conf
    442 "
    443 
    444 fail() {
    445 	print "$*" >& 2
    446 	print "bfu aborting" >& 2
    447 	rm -f "$bfu_zone_list"
    448 	exit 1
    449 }
    450 
    451 filelist() {
    452 	files="$all_zones_files $preserve_files"
    453 	if [ $1 = "global" ]; then
    454 		files="$global_zone_only_files $files"
    455 	fi
    456 	find $files -depth -type f ! -name core -print 2>/dev/null | sort -u || {
    457 		#
    458 		# Force cpio to return non-zero by printing an error message
    459 		# to stdout that it won't be able to lstat().
    460 		#
    461 		echo 'filelist: sort failed'
    462 		fail "sort failed"
    463 	}
    464 }
    465 
    466 realmode_filelist() {
    467 	find $realmode_files -depth -type f ! -name core -print 2>/dev/null | sort
    468 }
    469 
    470 smf_inetd_conversions="
    471 	100134
    472 	100150
    473 	100155
    474 	100229
    475 	100230
    476 	100234
    477 	100242
    478 	100422
    479 	chargen
    480 	comsat
    481 	daytime
    482 	discard
    483 	echo
    484 	eklogin
    485 	exec
    486 	finger
    487 	ftp
    488 	gssd
    489 	klogin
    490 	krb5_prop
    491 	kshell
    492 	ktkt_warnd
    493 	login
    494 	metad
    495 	metamedd
    496 	metamhd
    497 	name
    498 	printer
    499 	rexd
    500 	rquotad
    501 	rstatd
    502 	rusersd
    503 	shell
    504 	smserverd
    505 	sprayd
    506 	sun-dr
    507 	talk
    508 	telnet
    509 	time
    510 	uucp
    511 	walld
    512 "
    513 
    514 enable_next_boot () {
    515 	if [ -x /tmp/bfubin/svccfg ]; then
    516 	    svcadm disable -t $1
    517 	    [ $? = 0 ] || echo "warning: unable to temporarily disable $1"
    518 	    eval $BFUSVCCFG -s $1 setprop general/enabled = true
    519 	    [ $? = 0 ] || echo "warning: unable to enable $1 for next boot"
    520 	fi
    521 }
    522 
    523 #
    524 # If we're in the global zone, import the manifest for the specified service.
    525 # Note that we will need to see whether we are in an smf root if we are using
    526 # an alternate root. If so, import the service directly; otherwise, print the
    527 # warning messages.
    528 #
    529 # $1: the path of the xml file (the related path to /var/svc/manifest)
    530 # $2: the service name - specified only if the service is enabled after reboot.
    531 #
    532 smf_import_service() {
    533 	if [[ $zone = global && -f $rootprefix/var/svc/manifest/$1 ]]; then
    534 		if [[ -n $rootprefix && -x /usr/sbin/svccfg ]]; then
    535 			SVCCFG_REPOSITORY=$rootprefix/etc/svc/repository.db \
    536 			/usr/sbin/svccfg import $rootprefix/var/svc/manifest/$1
    537 		elif [[ -n $rootprefix ]]; then
    538 			echo "Warning: This system does not have SMF, so I"
    539 			echo "cannot ensure the pre-import of $1. If it does"
    540 			echo "not work, reboot your alternate root to fix it."
    541 		elif [[ -x /tmp/bfubin/svccfg ]]; then
    542 			if [[ "${2}a" == a ]]; then
    543 				eval $BFUSVCCFG import /var/svc/manifest/$1
    544 			else
    545 				tmpfile=/tmp/`echo "$1" | tr / :`.$$
    546 				sed -e "s/enabled='true'/enabled='false'/" \
    547 				    /var/svc/manifest/$1 > "$tmpfile"
    548 				eval $BFUSVCCFG import "$tmpfile"
    549 				#
    550 				# Make sure the service is enabled after reboot.
    551 				#
    552 				enable_next_boot $2
    553 			fi
    554 		fi
    555 	fi
    556 }
    557 
    558 smf_inetd_disable() {
    559 	inetconf=$rootprefix/etc/inet/inetd.conf
    560 	inettmp=/tmp/inetd.tmp.$$
    561 
    562 	sed "$(for i in $smf_inetd_conversions; do 
    563 		echo "s:^[ 	]*$i[ 	/]:#SMFbfu# &:"
    564 	done)" $inetconf > $inettmp && ! cmp -s $inettmp $inetconf &&
    565 	    cp $inettmp $inetconf
    566 
    567 	rm -f -- $inettmp
    568 }
    569 
    570 smf_inetd_reenable() {
    571 	inetconf=$rootprefix/etc/inet/inetd.conf
    572 	inettmp=/tmp/inetd.tmp.$$
    573 
    574 	sed 's/^#SMFbfu# //' $inetconf > $inettmp && cp $inettmp $inetconf
    575 
    576 	rm -f -- $inettmp
    577 }
    578 
    579 smf_tftp_reinstall() {
    580 	inetconf=$rootprefix/etc/inet/inetd.conf
    581 	inettmp=/tmp/inetd.tmp.$$
    582 
    583 	if grep '^#SMFbfu# tftp' $inetconf >/dev/null ; then
    584 		# BFU previously commented out, put it back in place
    585 	    	sed 's/^#SMFbfu# tftp/tftp/' $inetconf > $inettmp &&
    586 		    cp $inettmp $inetconf
    587 	elif ! grep '^[#	 ]*tftp' $inetconf >/dev/null; then
    588 		# No entry, append to end
    589 		cat >>$inetconf <<EOF
    590 # TFTPD - tftp server (primarily used for booting)
    591 #tftp	dgram	udp6	wait	root	/usr/sbin/in.tftpd	in.tftpd -s /tftpboot
    592 EOF
    593 	fi
    594 
    595 	rm -f -- $inettmp
    596 }
    597 
    598 inetd_conf_svm_hack() {
    599 	# Since inetd.conf is updated by SUNWmdr's postinstall script,
    600 	# we will update the actual inetd.conf here to reflect the postinstall
    601 	# changes.
    602 
    603 	inetconf=$rootprefix/etc/inet/inetd.conf
    604 	inettmp=/tmp/inetd.tmp.$$
    605 	inetnew=/tmp/inetd.new.$$
    606 
    607 	#
    608 	# only change inetd.conf if the rpc.metad entry is out of date
    609 	#
    610 
    611 	if ! grep "^[# 	]*100229/1-2" $inetconf > /dev/null ; then
    612 
    613 		# Grab existing rpc entries for rpc.metad
    614 		# and convert spaces to tabs within the rpc entry, as well as
    615 		# the transport method; 
    616 		# or add a new entry in case there was none.
    617 		if grep "^[# 	]*100229/1" $inetconf > /dev/null ; then
    618 			grep "^# METAD - SLVM metadb" $inetconf > $inettmp
    619 			grep "^[# 	]*100229/1" $inetconf | \
    620 			    sed -e 's/[ 	][ 	]*/	/g' \
    621 				-e 's?100229/1?100229/1-2?' >> $inettmp
    622 		else
    623 			echo '# METAD - SVM metadb Daemon' > $inettmp
    624 			echo "100229/1-2\ttli\trpc/tcp\twait\troot\t/usr/sbin/rpc.metad\trpc.metad" >> $inettmp
    625 		fi
    626 
    627 		grep -v '^# METAD - SLVM metadb' $inetconf | \
    628 		    grep -v '^[# 	]*100229/1' > $inetnew
    629 		cat $inettmp >> $inetnew
    630 
    631 		if ! diff $inetnew $inetconf > /dev/null ; then
    632 			print "Updating inet.conf metad entry ... \c"
    633 			if cp $inetnew $inetconf ; then
    634 				print "done."
    635 			else
    636 				print "failed."
    637 			fi
    638 		fi
    639 		rm -f $inettmp $inetnew
    640 	fi
    641 
    642 	#
    643 	# only change inetd.conf if the rpc.mdcommd entry is out of date
    644 	#
    645 
    646 	if ! grep "^[# 	]*100422/1" $inetconf > /dev/null ; then
    647 
    648 		# Grab existing rpc entries for rpc.mdcommd
    649 		# and convert spaces to tabs within the rpc entry,
    650 		# or add a new entry in case there was none.
    651 		if grep "^[#    ]*100422/1" $inetconf > /dev/null ; then
    652 			grep "^# MDMN_COMMD - SVM Multi node" $inetconf > $inettmp
    653 			grep "^[#       ]*100422/1" $inetconf | \
    654 				sed -e 's/[         ][      ]*/     /g' >> $inettmp 
    655 		else
    656 			echo '# MDMN_COMMD - SVM Multi node communication daemon' >$inettmp
    657 			echo '100422/1\ttli\trpc/tcp\twait\troot\t/usr/sbin/rpc.mdcommd\trpc.mdcommd' >> $inettmp
    658 		fi
    659 
    660 		grep -v '^# MDMN_COMMD - SVM Multi node' $inetconf | \
    661 		grep -v '^[#        ]*100422/1' > $inetnew
    662 		cat $inettmp >> $inetnew
    663 
    664 		if ! diff $inetnew $inetconf > /dev/null ; then
    665 			print "Updating inetd.conf rpc.mdcommd entry ... \c"
    666 			if cp $inetnew $inetconf; then
    667 				print "done."
    668 			else
    669 				print "failed."
    670 			fi
    671 		fi
    672 
    673 		rm -f $inettmp $inetnew
    674 	fi
    675 }
    676 
    677 upgrade_aggr_and_linkprop () {
    678 	# Since aggregation.conf and linkprop.conf are upgraded by 
    679 	# SUNWcnetr's postinstall script, put the relevant portions of the
    680 	# postinstall script here, modified to rename the old files instead
    681 	# of removing them.
    682 
    683 	#
    684 	# Convert datalink configuration into a series of dladm(1M) commands
    685 	# and keep them in an upgrade script. This script will then be run
    686 	# in the network-physical service.
    687 	#
    688 	# Note that we cannot use the /var/svc/profile/upgrade script because
    689 	# that script is run in the manifest-import service which is too late
    690 	# for the datalink configuration.
    691 	#
    692 	UPGRADE_SCRIPT=/var/svc/profile/upgrade_datalink
    693 
    694 	AGGR_CONF=/etc/aggregation.conf
    695 	ORIG=$rootprefix$AGGR_CONF
    696 	if [[ ! -f $ORIG ]]; then
    697 		# Try the alternate location.
    698 		AGGR_CONF=/etc/dladm/aggregation.conf
    699 		ORIG=$rootprefix$AGGR_CONF
    700 	fi
    701 
    702 	if [[ -f $ORIG ]]; then
    703 		# Strip off comments, then each remaining line defines
    704 		# an aggregation the administrator configured on the old
    705 		# system.  Each line corresponds to one dladm command
    706 		# that is appended to the upgrade script.
    707 		cat $ORIG | grep '^[^#]' | while read line; do
    708 			echo $line | while read aggr_index rest
    709 			do
    710 				policy=`echo $rest | /usr/bin/awk '{print $1}'`
    711 				nports=`echo $rest | /usr/bin/awk '{print $2}'`
    712 				ports=`echo $rest | /usr/bin/awk '{print $3}'`
    713 				mac=`echo $rest | /usr/bin/awk '{print $4}'`
    714 				lacp_mode=`echo $rest | /usr/bin/awk \
    715 				    '{print $5}'`
    716 				lacp_timer=`echo $rest | /usr/bin/awk \
    717 				    '{print $6}'`
    718 				dladm_string="dladm create-aggr -P $policy -l \
    719 				    $lacp_mode -T $lacp_timer"
    720 				# A fixed MAC address
    721 				if [[ $mac != "auto" ]]; then
    722 					dladm_string="$dladm_string -u $mac"
    723 				fi
    724 				i=1
    725 				while [ $i -le $nports ]; do
    726 					device=`echo $ports | cut -d, -f$i`
    727 					# Older aggregation.conf files have the
    728 					# format of device_name/port_number.
    729 					# We don't need the port number, so get
    730 					# rid of it if it is there.
    731 					device=`echo $device | cut -d/ -f1`
    732 					((i = i + 1))
    733 					dladm_string="$dladm_string -d \
    734 					    $device"
    735 				done
    736 				dladm_string="$dladm_string $aggr_index"
    737 				echo $dladm_string >> \
    738 					$rootprefix$UPGRADE_SCRIPT
    739 			done
    740 		done
    741 		mv $ORIG $ORIG.bak
    742 	fi
    743 
    744 	# Upgrade linkprop.conf
    745 	ORIG=$rootprefix/etc/dladm/linkprop.conf
    746 
    747 	if [[ -f $ORIG ]]; then
    748 		# Strip off comments, then each remaining line lists
    749 		# properties the administrator configured for a	
    750 		# particular interface.  Each line includes several
    751 		# properties, but we can only set one property per
    752 		# dladm invocation.
    753 		cat $ORIG | grep '^[^#]' | while read line; do
    754 			echo $line | while read link rest
    755 			do
    756 				while [ -n "$rest" ]; do
    757 					linkprop=`echo $rest | cut -d";" -f1`
    758 					rest=`echo $rest | cut -d";" -f2-`
    759 					echo dladm set-linkprop -p $linkprop \
    760 					    $link >> $rootprefix$UPGRADE_SCRIPT
    761 				done
    762 			done
    763 		done
    764 		mv $ORIG $ORIG.bak
    765 	fi
    766 }
    767 
    768 upgrade_vlan () {
    769 	# Convert hostname.*** and zonecfg vlan configurations
    770 	UPGRADE_SCRIPT=/var/svc/profile/upgrade_datalink
    771 
    772 	for ifname in $host_ifs $zone_ifs
    773 	do
    774 		phys=`echo $ifname | sed "s/[0-9]*$//"`
    775 		devnum=`echo $ifname | sed "s/$phys//g"`
    776 		if [ "$phys$devnum" != $ifname -o \
    777 		    -n "`echo $devnum | tr -d '[0-9]'`" ]; then
    778 			echo "skipping invalid interface $ifname"
    779 			continue
    780 		fi
    781 
    782 		vid=`expr $devnum / 1000`
    783 		inst=`expr $devnum % 1000`
    784 
    785 		if [ "$vid" != "0" ]; then
    786 			echo dladm create-vlan -l $phys$inst -v $vid $ifname \
    787 			    >> $rootprefix$UPGRADE_SCRIPT
    788 		fi
    789 	done
    790 }
    791 
    792 # Update aac.conf for set legacy-name-enable properly
    793 update_aac_conf()
    794 {
    795 	conffile=$rootprefix/kernel/drv/aac.conf
    796 	childconffile=$rootprefix/bfu.child/kernel/drv/aac.conf
    797 
    798 	# Already using autoenumeration mode, return
    799 	egrep -s "legacy-name-enable" $childconffile && \
    800 	    grep "legacy-name-enable" $childconffile | egrep -s "no" && return
    801 
    802 	# Else enable legacy mode
    803 	sed -e 's/legacy-name-enable="no"/legacy-name-enable="yes"/g' \
    804 	    < $conffile > /tmp/aac.conf.$$
    805 	mv -f /tmp/aac.conf.$$ $conffile
    806 }
    807 
    808 update_etc_inet_sock2path()
    809 {
    810 	#
    811 	# The PF_PACKET module may need to be added to the configuration
    812 	# file socket sockets.
    813 	#
    814 	# When being added to the system, the socket itself will remain
    815 	# inactive until the next reboot when soconfig is run. When being
    816 	# removed, the kernel configuration stays active until the system
    817 	# is rebooted and the sockets will continue to work until it is
    818 	# unloaded from the kernel, after which applications will fail.
    819 	#
    820 	sockfile=$rootprefix/etc/inet/sock2path
    821 	xgrep=/usr/xpg4/bin/grep
    822 
    823 	${ZCAT} ${cpiodir}/generic.usr$ZFIX | cpio -it 2>/dev/null |
    824 	    ${xgrep} -q sockpfp
    825 	if [ $? -eq 1 ] ; then
    826 		${xgrep} -v -E '^	32	[14]	0	sockpfp' \
    827 		    ${sockfile} > /tmp/sock2path.tmp.$$
    828 		cp /tmp/sock2path.tmp.$$ ${sockfile}
    829 	else
    830 		if ! ${xgrep} -q -E \
    831 		    '^	31	[14]	0	sockpfp' ${sockfile}; then
    832 			echo '' >> ${sockfile}
    833 			echo '	32	1	0	sockpfp' >> ${sockfile}
    834 			echo '	32	4	0	sockpfp' >> ${sockfile}
    835 		fi
    836 	fi
    837 }
    838 
    839 # update x86 version mpt.conf for property tape
    840 mpttapeprop='[ 	]*tape[ 	]*=[ 	]*"sctp"[ 	]*;'
    841 update_mptconf_i386()
    842 {
    843 	conffile=$rootprefix/kernel/drv/mpt.conf
    844 	test -f $conffile || return
    845 	egrep -s "$mpttapeprop" $conffile
    846 	if [ $? -ne 0 ] ; then
    847 	    echo 'tape="sctp";' >> $conffile
    848 	fi
    849 }
    850 
    851 # update x86 etc/mach file after xVM_uppc is added,
    852 # which makes xpv_psm a non-default psm module
    853 update_etc_mach_i386()
    854 {
    855 	etc_mach=$rootprefix/etc/mach
    856 	test -f $etc_mach || return
    857 	grep -w "xpv_psm" $etc_mach > /dev/null 2>&1
    858 	if [ $? -ne 0 ] ; then
    859 	    echo 'xpv_psm' >> $etc_mach
    860 	fi
    861 }
    862 
    863 # check and update driver class for scsi-self-identifying
    864 chk_update_drv_class()
    865 {
    866 
    867     drvclassfile=$rootprefix/etc/driver_classes
    868     name2majorfile=$rootprefix/etc/name_to_major
    869     drvname=$1
    870     classentry="^$drvname[ 	].*scsi-self-identifying"
    871 
    872     [ -f $drvclassfile ] || return
    873     [ -f $name2majorfile ] || return
    874 
    875     grep -w $drvname $name2majorfile > /dev/null 2>&1 || return
    876 
    877     egrep -s "$classentry" $drvclassfile
    878     if [ $? -ne 0 ]; then
    879 	echo "$drvname	scsi-self-identifying" >> $drvclassfile
    880     fi
    881 }
    882 
    883 update_drvclass_i386()
    884 {
    885     chk_update_drv_class ahci
    886     chk_update_drv_class si3124
    887     chk_update_drv_class marvell88sx
    888     chk_update_drv_class nv_sata
    889 }
    890 
    891 update_policy_conf() {
    892 	# update /etc/security/policy.conf with the default
    893 	# Solaris crypt(3c) policy.
    894 	
    895 	dest=$rootprefix/etc/security/policy.conf
    896 
    897 	grep 'CRYPT_' $dest > /dev/null 2>&1
    898 	if [ $? = 1 ] ; then
    899 		print "Updating entries for crypt(3c), see policy.conf(4)"
    900 	cat >> $dest <<EOM
    901 
    902 # crypt(3c) Algorithms Configuration
    903 #
    904 # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
    905 # be used for new passwords.  This is enforced only in crypt_gensalt(3c).
    906 #
    907 CRYPT_ALGORITHMS_ALLOW=1,2a,md5
    908 
    909 # To deprecate use of the traditional unix algorithm, uncomment below
    910 # and change CRYPT_DEFAULT= to another algorithm.  For example,
    911 # CRYPT_DEFAULT=1 for BSD/Linux MD5.
    912 #
    913 #CRYPT_ALGORITHMS_DEPRECATE=__unix__
    914 
    915 # The Solaris default is the traditional UNIX algorithm.  This is not
    916 # listed in crypt.conf(4) since it is internal to libc.  The reserved
    917 # name __unix__ is used to refer to it.
    918 #
    919 CRYPT_DEFAULT=__unix__
    920 EOM
    921 	fi
    922 	grep PRIV_ $dest >/dev/null 2>&1
    923 	if [ $? = 1 ]; then
    924 		echo "Updating entries for privileges(5)," \
    925 		     "see policy.conf(4) for details."
    926 cat >> $dest <<EOM
    927 #
    928 # These settings determine the default privileges users have.  If not set,
    929 # the default privileges are taken from the inherited set.
    930 # There are two different settings; PRIV_DEFAULT determines the default
    931 # set on login; PRIV_LIMIT defines the Limit set on login.
    932 # Individual users can have privileges assigned or taken away through
    933 # user_attr.  Privileges can also be assigned to profiles in which case
    934 # the users with those profiles can use those privileges through pfexec(1m).
    935 # For maximum future compatibility, the specifications should
    936 # always include "basic" or "all"; privileges should then be removed using
    937 # the negation.  E.g., PRIV_LIMIT=all,!sys_linkdir takes away only the
    938 # sys_linkdir privilege, regardless of future additional privileges.
    939 # Similarly, PRIV_DEFAULT=basic,!file_link_any takes away only the
    940 # file_link_any privilege from the basic privilege set; only that notation
    941 # is immune from a future addition of currently unprivileged operations to
    942 # the basic privilege set.
    943 # NOTE: removing privileges from the the Limit set requires EXTREME care
    944 # as any set-uid root program may suddenly fail because it lacks certain
    945 # privilege(s).
    946 #
    947 #PRIV_DEFAULT=basic
    948 #PRIV_LIMIT=all
    949 EOM
    950 	fi
    951 
    952 }
    953 
    954 #
    955 # Cleanup nfsmapid configuration before extracting
    956 # root bits.  Remove if they exist:
    957 #	nfsmapid entry in inetd.conf
    958 #	nfsmapid entry in /etc/net/ti*/services
    959 #
    960 # Going forward neither should exist, but no harm if services entry exists
    961 # Going way backwards (pre-04/28/2004), inetd.conf must exist but will
    962 # be a conflict that should be merged in
    963 #
    964 nfsmapid_cfg() {
    965 	inetdconf=$rootprefix/etc/inet/inetd.conf
    966 	tmpinetcf=/tmp/inetd.conf.$$
    967 	cp -pf ${inetdconf} ${tmpinetcf}
    968 	cat /dev/null > ${inetdconf} 2>&1
    969        	sed -e "/^#[#	 ]*NFSv4/d"		\
    970 	    -e "/^[#	 ]*100166\/1/d"		\
    971 	    ${tmpinetcf} > ${inetdconf} 2>&1
    972 	rm -f ${tmpinetcf}
    973 
    974 	tmpservices=/tmp/services.$$
    975 
    976 	services=$rootprefix/etc/net/ticotsord/services
    977 	cp -pf ${services} ${tmpservices}
    978 	cat /dev/null > ${services} 2>&1
    979        	sed -e "/^[#	 ]*nfsmapid/d"		\
    980 	    ${tmpservices} > ${services} 2>&1
    981 	rm -f ${tmpservices}
    982 
    983 	services=$rootprefix/etc/net/ticots/services
    984 	cp -pf ${services} ${tmpservices}
    985 	cat /dev/null > ${services} 2>&1
    986        	sed -e "/^[#	 ]*nfsmapid/d"		\
    987 	    ${tmpservices} > ${services} 2>&1
    988 	rm -f ${tmpservices}
    989 
    990 	services=$rootprefix/etc/net/ticlts/services
    991 	cp -pf ${services} ${tmpservices}
    992 	cat /dev/null > ${services} 2>&1
    993        	sed -e "/^[#	 ]*nfsmapid/d"		\
    994 	    ${tmpservices} > ${services} 2>&1
    995 	rm -f ${tmpservices}
    996 }
    997 
    998 #
    999 # Detect Boomer audio framework; used to emit a notice at the end of BFU
   1000 # telling the user to run update_audio to complete the upgrade.
   1001 #
   1002 BOOMER_PRESENT_SYS=false
   1003 BOOMER_PRESENT_BFU=false
   1004 BOOMER_DRIVERS="audio"
   1005 AUSTR_PRESENT_SYS=false
   1006 AUSTR_PRESENT_BFU=false
   1007 
   1008 check_boomer_sys() {
   1009 	typeset root=$1
   1010 	typeset n2m=$root/etc/name_to_major
   1011 	typeset drv
   1012 
   1013 	for drv in $BOOMER_DRIVERS; do
   1014 		if ! grep -w $drv $n2m > /dev/null 2>&1; then
   1015 			return 1
   1016 		fi
   1017 	done
   1018 
   1019 	return 0
   1020 }
   1021 
   1022 check_boomer_bfu() {
   1023 	$ZCAT $cpiodir/generic.root$ZFIX | cpio -it 2>/dev/null |
   1024 	    grep devices-audio.xml > /dev/null 2>&1
   1025 }
   1026 
   1027 check_austr_sys() {
   1028 	typeset root=$1
   1029 	typeset n2m=$root/etc/name_to_major
   1030 	typeset drv
   1031 
   1032 	if ! grep -w austr $n2m > /dev/null 2>&1; then
   1033 		return 1
   1034 	fi
   1035 	return 0
   1036 }
   1037 
   1038 check_austr_bfu() {
   1039 	$ZCAT $cpiodir/generic.kernel$ZFIX | cpio -it 2>/dev/null |
   1040 	    grep austr > /dev/null 2>&1
   1041 }
   1042 
   1043 #
   1044 #
   1045 # Define global variables
   1046 #
   1047 CALL_DEVID_DESTROY=""
   1048 #
   1049 # List of SDS commands that must be deleted.
   1050 #
   1051 SDSCMDLIST="
   1052 growfs
   1053 metaclear
   1054 metadb
   1055 metadetach
   1056 metahs
   1057 metainit
   1058 metaoffline
   1059 metaonline
   1060 metaparam
   1061 metarename
   1062 metareplace
   1063 metaroot
   1064 metaset
   1065 metastat
   1066 metasync
   1067 metattach
   1068 rpc.metad
   1069 rpc.metamhd
   1070 "
   1071 #
   1072 # List of SDS configuration files that must be deleted.
   1073 #
   1074 SDSCONFIGLIST="
   1075 lock
   1076 md.cf
   1077 mddb.cf
   1078 md.tab
   1079 devpath
   1080 md.ctlrmap
   1081 "
   1082 #
   1083 # List of rc scripts that must be deleted.
   1084 #
   1085 RCLIST="
   1086 etc/init.d/SUNWmd.init
   1087 etc/init.d/SUNWmd.sync
   1088 etc/init.d/lvm.init
   1089 etc/init.d/lvm.sync
   1090 etc/rcS.d/S35SUNWmd.init
   1091 etc/rcS.d/S35lvm.init
   1092 etc/rc2.d/S95SUNWmd.sync
   1093 etc/rc2.d/S95lvm.sync
   1094 etc/rcS.d/S35slvm.init
   1095 etc/rc2.d/S95slvm.sync
   1096 etc/init.d/slvm.init
   1097 etc/init.d/slvm.sync
   1098 etc/init.d/init.mdlogd
   1099 etc/rc3.d/S25mdlogd
   1100 "
   1101 #
   1102 # List of flashprom-related files that must be deleted.
   1103 #
   1104 FLASHPROMLIST="
   1105 etc/rc2.d/S75flashprom
   1106 etc/init.d/flashprom
   1107 usr/platform/SUNW,Ultra-2/lib/flash-update.sh
   1108 usr/platform/SUNW,Ultra-4/lib/flash-update.sh
   1109 usr/platform/SUNW,Ultra-Enterprise/lib/flash-update.sh
   1110 usr/platform/sun4u/doc/flashupdate.txt
   1111 usr/platform/sun4u/lib/flash-update.sh
   1112 usr/platform/sun4u/lib/prom/SUNW,Ultra-2
   1113 usr/platform/sun4u/lib/prom/SUNW,Ultra-4
   1114 usr/platform/sun4u/lib/prom/SUNW,Ultra-Enterprise
   1115 "
   1116 
   1117 #
   1118 # delete the entries associated with bootlist from /etc/system
   1119 #
   1120 
   1121 delete_system_bootlist() {
   1122 	sed -e /"Begin MDD database info"/,/"End MDD database info"/d \
   1123 	    < ${SYSTEM_FILE} > /tmp/system.$$
   1124 	cp /tmp/system.$$ ${SYSTEM_FILE} || \
   1125 	    echo "copy error: /tmp/system.$$ to ${SYSTEM_FILE}"
   1126 }
   1127 
   1128 #
   1129 # Add entries in md.conf for bootlist
   1130 #
   1131 
   1132 fix_mdconf() {
   1133 	cp ${mdconf} /tmp/md.conf.$$
   1134 	echo >> /tmp/md.conf.$$
   1135 	echo "# Begin MDD database info (do not edit)" >> /tmp/md.conf.$$
   1136 	sed -e 's/^set md://' -e 's/$/;/' ${SYSTEM_FILE} | \
   1137 	    grep mddb_bootlist >> /tmp/md.conf.$$
   1138 	echo "# End MDD database info (do not edit)" >> /tmp/md.conf.$$
   1139 	cp /tmp/md.conf.$$ ${mdconf} || \
   1140 	    echo "copy error: /tmp/md.conf.$$ to ${mdconf}"
   1141 }
   1142 
   1143 #
   1144 # add_devid_destroy(filename)
   1145 # returns contents in filename
   1146 # md_devid_destroy property is required when upgrading
   1147 # from pre SVM to SVM releases or when the device ID returned from
   1148 # the driver changes.
   1149 # It is specifically placed between
   1150 # # Begin MDD database info and # End MDD database info because
   1151 # on the subsequent reboot, this line will be removed automatically when
   1152 # metadevadm is run in rc2.d.
   1153 #
   1154 add_devid_destroy() {
   1155 	cat $1 | awk '{
   1156 		if ( $2 == "End" && $4 == "database") {
   1157 			print "md_devid_destroy=1;"
   1158 		}
   1159 		print $0
   1160 	}' >> /tmp/t$$
   1161 	mv /tmp/t$$ $1
   1162 }
   1163 
   1164 #
   1165 # Reads existing configuration values in /etc/rcap.conf and puts 
   1166 # them in repository upon reboot(via /var/svc/profile/upgrade).
   1167 #
   1168 migrate_rcap_conf() {
   1169 	RCAP_CONF="${rootprefix}/etc/rcap.conf"
   1170 	PROFILE_UPGRADE="${rootprefix}/var/svc/profile/upgrade"
   1171 	SVCCFG="/usr/sbin/svccfg"
   1172 	RCAP_FMRI="svc:/system/rcap:default"
   1173 	PG="config"
   1174 
   1175 	pressure=`awk '$1 == "RCAPD_MEMORY_CAP_ENFORCEMENT_PRESSURE" \
   1176 	    && NF == 3 {print $3}' $RCAP_CONF`
   1177 
   1178 	reconfig_int=`awk '$1 == "RCAPD_RECONFIGURATION_INTERVAL" \
   1179 	    && NF == 3 {print $3}' $RCAP_CONF`
   1180 
   1181 	walk_int=`awk '$1 == "RCAPD_PROC_WALK_INTERVAL" && \
   1182 	    NF == 3 {print $3}' $RCAP_CONF`
   1183 
   1184 	report_int=`awk '$1 == "RCAPD_REPORT_INTERVAL" && \
   1185 	    NF == 3 {print $3}' $RCAP_CONF`
   1186 
   1187 	rss_sample_int=`awk '$1 == "RCAPD_RSS_SAMPLE_INTERVAL" && \
   1188 	    NF == 3 {print $3}' $RCAP_CONF`
   1189 
   1190 	# Blindly update default configuration values with
   1191 	# pre-existing values
   1192 	#
   1193 	echo "# Migrating pre-existing rcap configuration" >> \
   1194 	    $PROFILE_UPGRADE
   1195 
   1196 	echo "$SVCCFG -s $RCAP_FMRI setprop ${PG}/pressure = " \
   1197 	    "$pressure" >> $PROFILE_UPGRADE
   1198 
   1199 	echo "$SVCCFG -s $RCAP_FMRI " \
   1200 	    "setprop ${PG}/reconfig_interval = $reconfig_int" >> \
   1201 	    $PROFILE_UPGRADE
   1202 
   1203 	echo "$SVCCFG -s $RCAP_FMRI " \
   1204 	    "setprop ${PG}/walk_interval = $walk_int" >> \
   1205 	    $PROFILE_UPGRADE
   1206 
   1207 	echo "$SVCCFG -s $RCAP_FMRI " \
   1208 	    "setprop ${PG}/report_interval = $report_int" >> \
   1209 	    $PROFILE_UPGRADE
   1210 
   1211 	echo "$SVCCFG -s $RCAP_FMRI " \
   1212 	    "setprop ${PG}/rss_sample_interval = $rss_sample_int" >> \
   1213 	    $PROFILE_UPGRADE
   1214 
   1215 	echo "/usr/sbin/svcadm refresh $RCAP_FMRI" >> \
   1216 	    $PROFILE_UPGRADE
   1217 
   1218 	echo "rm /etc/rcap.conf" >> \
   1219 	    $PROFILE_UPGRADE
   1220 }
   1221 
   1222 #
   1223 # Migrate an existing extended accounting configuration from /etc/acctadm.conf
   1224 # to the smf(5) repository upon reboot.  Enable the instance if the 
   1225 # configuration differs from the default configuration.
   1226 #
   1227 migrate_acctadm_conf()
   1228 {
   1229 	cat >> $rootprefix/var/svc/profile/upgrade <<\_EOF
   1230 	if [ -f /etc/acctadm.conf ]; then 
   1231 		. /etc/acctadm.conf
   1232 
   1233 		fmri="svc:/system/extended-accounting:flow"
   1234 		eval $BFUSVCCFG -s $fmri setprop config/file = \
   1235 		    ${ACCTADM_FLOW_FILE:="none"}
   1236 		eval $BFUSVCCFG -s $fmri setprop config/tracked = \
   1237 		    ${ACCTADM_FLOW_TRACKED:="none"}
   1238 		eval $BFUSVCCFG -s $fmri setprop config/untracked = \
   1239 		    ${ACCTADM_FLOW_UNTRACKED:="extended"}
   1240 		if [ ${ACCTADM_FLOW_ENABLE:="no"} = "yes" ]; then
   1241 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "true"
   1242 		else
   1243 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "false"
   1244 		fi
   1245 		if [ $ACCTADM_FLOW_ENABLE = "yes" -o \
   1246 		    $ACCTADM_FLOW_FILE != "none" -o \
   1247 		    $ACCTADM_FLOW_TRACKED != "none" ]; then
   1248 			svcadm enable $fmri
   1249 		fi
   1250 
   1251 		fmri="svc:/system/extended-accounting:process"
   1252 		eval $BFUSVCCFG -s $fmri setprop config/file = \
   1253 		    ${ACCTADM_PROC_FILE:="none"}
   1254 		eval $BFUSVCCFG -s $fmri setprop config/tracked = \
   1255 		    ${ACCTADM_PROC_TRACKED:="none"}
   1256 		eval $BFUSVCCFG -s $fmri setprop config/untracked = \
   1257 		    ${ACCTADM_PROC_UNTRACKED:="extended"}
   1258 		if [ ${ACCTADM_PROC_ENABLE:="no"} = "yes" ]; then
   1259 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "true"
   1260 		else
   1261 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "false"
   1262 		fi
   1263 		if [ $ACCTADM_PROC_ENABLE = "yes" -o \
   1264 		    $ACCTADM_PROC_FILE != "none" -o \
   1265 		    $ACCTADM_PROC_TRACKED != "none" ]; then
   1266 			svcadm enable $fmri
   1267 		fi
   1268 
   1269 		fmri="svc:/system/extended-accounting:task"
   1270 		eval $BFUSVCCFG -s $fmri setprop config/file = \
   1271 		    ${ACCTADM_TASK_FILE:="none"}
   1272 		eval $BFUSVCCFG -s $fmri setprop config/tracked = \
   1273 		    ${ACCTADM_TASK_TRACKED:="none"}
   1274 		eval $BFUSVCCFG -s $fmri setprop config/untracked = \
   1275 		    ${ACCTADM_TASK_UNTRACKED:="extended"}
   1276 		if [ ${ACCTADM_TASK_ENABLE:="no"} = "yes" ]; then
   1277 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "true"
   1278 		else
   1279 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "false"
   1280 		fi
   1281 		if [ $ACCTADM_TASK_ENABLE = "yes" -o \
   1282 		    $ACCTADM_TASK_FILE != "none" -o \
   1283 		    $ACCTADM_TASK_TRACKED != "none" ]; then
   1284 			svcadm enable $fmri
   1285 		fi
   1286 
   1287 		fmri="svc:/system/extended-accounting:net"
   1288 		eval $BFUSVCCFG -s $fmri setprop config/file = \
   1289 		    ${ACCTADM_NET_FILE:="none"}
   1290 		eval $BFUSVCCFG -s $fmri setprop config/tracked = \
   1291 		    ${ACCTADM_NET_TRACKED:="none"}
   1292 		eval $BFUSVCCFG -s $fmri setprop config/untracked = \
   1293 		    ${ACCTADM_NET_UNTRACKED:="extended"}
   1294 		if [ ${ACCTADM_NET_ENABLE:="no"} = "yes" ]; then
   1295 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "true"
   1296 		else
   1297 			eval $BFUSVCCFG -s $fmri setprop config/enabled = "false"
   1298 		fi
   1299 		if [ $ACCTADM_NET_ENABLE = "yes" -o \
   1300 		    $ACCTADM_NET_FILE != "none" -o \
   1301 		    $ACCTADM_NET_TRACKED != "none" ]; then
   1302 			svcadm enable $fmri
   1303 		fi
   1304 
   1305 		rm /etc/acctadm.conf
   1306 	fi
   1307 _EOF
   1308 }
   1309 
   1310 #
   1311 # smf(5) "Greenline" doesn't install the init.d or rc*.d scripts for
   1312 # converted services.  Clean up previous scripts for such services.
   1313 #
   1314 smf_obsolete_rc_files="
   1315 	etc/init.d/ANNOUNCE
   1316 	etc/init.d/MOUNTFSYS
   1317 	etc/init.d/RMTMPFILES
   1318 	etc/init.d/acctadm
   1319 	etc/init.d/audit
   1320 	etc/init.d/autofs
   1321 	etc/init.d/boot.server
   1322 	etc/init.d/coreadm
   1323 	etc/init.d/cron
   1324 	etc/init.d/cryptosvc
   1325 	etc/init.d/cvc
   1326 	etc/init.d/devfsadm
   1327 	etc/init.d/dhcp
   1328 	etc/init.d/dhcpagent
   1329 	etc/init.d/domainname
   1330 	etc/init.d/efcode
   1331 	etc/init.d/inetd
   1332 	etc/init.d/inetinit
   1333 	etc/init.d/inetsvc
   1334 	etc/init.d/initboot
   1335 	etc/init.d/ipfboot
   1336 	etc/init.d/kdc
   1337 	etc/init.d/kdc.master
   1338 	etc/init.d/keymap
   1339 	etc/init.d/ldap.client
   1340 	etc/init.d/libc.mount
   1341 	etc/init.d/network
   1342 	etc/init.d/nfs.client
   1343 	etc/init.d/nodename
   1344 	etc/init.d/nscd
   1345 	etc/init.d/perf
   1346 	etc/init.d/picld
   1347 	etc/init.d/power
   1348 	etc/init.d/rcapd
   1349 	etc/init.d/rootusr
   1350 	etc/init.d/rpc
   1351 	etc/init.d/savecore
   1352 	etc/init.d/sckm
   1353 	etc/init.d/sf880dr
   1354 	etc/init.d/slpd
   1355 	etc/init.d/sshd
   1356 	etc/init.d/standardmounts
   1357 	etc/init.d/svm.init
   1358 	etc/init.d/svm.sync
   1359 	etc/init.d/sysid.net
   1360 	etc/init.d/sysid.sys
   1361 	etc/init.d/syslog
   1362 	etc/init.d/utmpd
   1363 	etc/init.d/volmgt
   1364 	etc/init.d/xntpd
   1365 	etc/init.d/zones
   1366 	etc/rc0.d/K00ANNOUNCE
   1367 	etc/rc0.d/K01zones
   1368 	etc/rc0.d/K03sshd
   1369 	etc/rc0.d/K05volmgt
   1370 	etc/rc0.d/K07snmpdx
   1371 	etc/rc0.d/K10rcapd
   1372 	etc/rc0.d/K21dhcp
   1373 	etc/rc0.d/K27boot.server
   1374 	etc/rc0.d/K28kdc
   1375 	etc/rc0.d/K28kdc.master
   1376 	etc/rc0.d/K28nfs.server
   1377 	etc/rc0.d/K32cryptosvc
   1378 	etc/rc0.d/K33audit
   1379 	etc/rc0.d/K33efcode
   1380 	etc/rc0.d/K34svm.sync
   1381 	etc/rc0.d/K36sendmail
   1382 	etc/rc0.d/K36utmpd
   1383 	etc/rc0.d/K37power
   1384 	etc/rc0.d/K40cron
   1385 	etc/rc0.d/K40inetd
   1386 	etc/rc0.d/K40nscd
   1387 	etc/rc0.d/K40sf880dr
   1388 	etc/rc0.d/K40slpd
   1389 	etc/rc0.d/K40syslog
   1390 	etc/rc0.d/K40xntpd
   1391 	etc/rc0.d/K41autofs
   1392 	etc/rc0.d/K41ldap.client
   1393 	etc/rc0.d/K41nfs.client
   1394 	etc/rc0.d/K41rpc
   1395 	etc/rc0.d/K42sckm
   1396 	etc/rc0.d/K43inet
   1397 	etc/rc0.d/K68picld
   1398 	etc/rc0.d/K83devfsadm
   1399 	etc/rc0.d/K90dhcpagent
   1400 	etc/rc1.d/K00ANNOUNCE
   1401 	etc/rc1.d/K01zones
   1402 	etc/rc1.d/K03sshd
   1403 	etc/rc1.d/K05volmgt
   1404 	etc/rc1.d/K07snmpdx
   1405 	etc/rc1.d/K10rcapd
   1406 	etc/rc1.d/K21dhcp
   1407 	etc/rc1.d/K27boot.server
   1408 	etc/rc1.d/K28kdc
   1409 	etc/rc1.d/K28kdc.master
   1410 	etc/rc1.d/K28nfs.server
   1411 	etc/rc1.d/K33audit
   1412 	etc/rc1.d/K33efcode
   1413 	etc/rc1.d/K34svm.sync
   1414 	etc/rc1.d/K36sendmail
   1415 	etc/rc1.d/K36utmpd
   1416 	etc/rc1.d/K37power
   1417 	etc/rc1.d/K40cron
   1418 	etc/rc1.d/K40inetd
   1419 	etc/rc1.d/K40nscd
   1420 	etc/rc1.d/K40sf880dr
   1421 	etc/rc1.d/K40slpd
   1422 	etc/rc1.d/K40syslog
   1423 	etc/rc1.d/K40xntpd
   1424 	etc/rc1.d/K41autofs
   1425 	etc/rc1.d/K41ldap.client
   1426 	etc/rc1.d/K41rpc
   1427 	etc/rc1.d/K42sckm
   1428 	etc/rc1.d/K43inet
   1429 	etc/rc1.d/K99libc.mount
   1430 	etc/rc1.d/S01MOUNTFSYS
   1431 	etc/rc2.d/K01zones
   1432 	etc/rc2.d/K03sshd
   1433 	etc/rc2.d/K05volmgt
   1434 	etc/rc2.d/K07snmpdx
   1435 	etc/rc2.d/K21dhcp
   1436 	etc/rc2.d/K27boot.server
   1437 	etc/rc2.d/K28kdc
   1438 	etc/rc2.d/K28kdc.master
   1439 	etc/rc2.d/K28nfs.server
   1440 	etc/rc2.d/S01MOUNTFSYS
   1441 	etc/rc2.d/S05RMTMPFILES
   1442 	etc/rc2.d/S21perf
   1443 	etc/rc2.d/S30sysid.net
   1444 	etc/rc2.d/S65ipfboot
   1445 	etc/rc2.d/S69domainname
   1446 	etc/rc2.d/S69inet
   1447 	etc/rc2.d/S70sckm
   1448 	etc/rc2.d/S71ldap.client
   1449 	etc/rc2.d/S71rpc
   1450 	etc/rc2.d/S71sysid.sys
   1451 	etc/rc2.d/S72inetsvc
   1452 	etc/rc2.d/S72slpd
   1453 	etc/rc2.d/S73nfs.client
   1454 	etc/rc2.d/S74autofs
   1455 	etc/rc2.d/S74syslog
   1456 	etc/rc2.d/S74xntpd
   1457 	etc/rc2.d/S75cron
   1458 	etc/rc2.d/S75savecore
   1459 	etc/rc2.d/S76nscd
   1460 	etc/rc2.d/S77inetd
   1461 	etc/rc2.d/S77sf880dr
   1462 	etc/rc2.d/S85power
   1463 	etc/rc2.d/S88sendmail
   1464 	etc/rc2.d/S88utmpd
   1465 	etc/rc2.d/S95svm.sync
   1466 	etc/rc2.d/S98efcode
   1467 	etc/rc2.d/S98libc.mount
   1468 	etc/rc2.d/S99audit
   1469 	etc/rc2.d/S99rcapd
   1470 	etc/rc3.d/S13kdc.master
   1471 	etc/rc3.d/S14kdc
   1472 	etc/rc3.d/S15nfs.server
   1473 	etc/rc3.d/S16boot.server
   1474 	etc/rc3.d/S34dhcp
   1475 	etc/rc3.d/S76snmpdx
   1476 	etc/rc3.d/S81volmgt
   1477 	etc/rc3.d/S89sshd
   1478 	etc/rc3.d/S99zones
   1479 	etc/rcS.d/K01zones
   1480 	etc/rcS.d/K03sshd
   1481 	etc/rcS.d/K05volmgt
   1482 	etc/rcS.d/K07snmpdx
   1483 	etc/rcS.d/K10rcapd
   1484 	etc/rcS.d/K21dhcp
   1485 	etc/rcS.d/K27boot.server
   1486 	etc/rcS.d/K28kdc
   1487 	etc/rcS.d/K28kdc.master
   1488 	etc/rcS.d/K28nfs.server
   1489 	etc/rcS.d/K33audit
   1490 	etc/rcS.d/K33efcode
   1491 	etc/rcS.d/K34svm.sync
   1492 	etc/rcS.d/K36sendmail
   1493 	etc/rcS.d/K36utmpd
   1494 	etc/rcS.d/K37power
   1495 	etc/rcS.d/K40cron
   1496 	etc/rcS.d/K40inetd
   1497 	etc/rcS.d/K40nscd
   1498 	etc/rcS.d/K40sf880dr
   1499 	etc/rcS.d/K40slpd
   1500 	etc/rcS.d/K40syslog
   1501 	etc/rcS.d/K40xntpd
   1502 	etc/rcS.d/K41autofs
   1503 	etc/rcS.d/K41ldap.client
   1504 	etc/rcS.d/K41rpc
   1505 	etc/rcS.d/K42sckm
   1506 	etc/rcS.d/K43inet
   1507 	etc/rcS.d/K99libc.mount
   1508 	etc/rcS.d/S10cvc
   1509 	etc/rcS.d/S28network.sh
   1510 	etc/rcS.d/S29nodename.sh
   1511 	etc/rcS.d/S30rootusr.sh
   1512 	etc/rcS.d/S33keymap.sh
   1513 	etc/rcS.d/S35svm.init
   1514 	etc/rcS.d/S40standardmounts.sh
   1515 	etc/rcS.d/S42coreadm
   1516 	etc/rcS.d/S45initboot
   1517 	etc/rcS.d/S50devfsadm
   1518 	etc/rcS.d/S72cryptosvc
   1519 	etc/rcS.d/S95picld
   1520 "
   1521 
   1522 # Obsolete smf manifests
   1523 smf_obsolete_manifests="
   1524 	var/svc/manifest/application/print/cleanup.xml
   1525 	var/svc/manifest/network/tftp.xml
   1526 	var/svc/manifest/network/lp.xml
   1527 	var/svc/manifest/system/filesystem/volfs.xml
   1528 	var/svc/manifest/network/pfil.xml
   1529 	var/svc/manifest/platform/sun4u/mpxio-upgrade.xml
   1530 	var/svc/manifest/network/tname.xml
   1531 	var/svc/manifest/network/aggregation.xml
   1532 	var/svc/manifest/network/datalink.xml
   1533 	var/svc/manifest/network/datalink-init.xml
   1534 	var/svc/manifest/network/iscsi_initiator.xml
   1535 	var/svc/manifest/network/fcoe_config.xml
   1536 	var/svc/manifest/network/rpc/ocfserv.xml
   1537 "
   1538 
   1539 # smf services whose manifests have been renamed
   1540 smf_renamed_manifests="
   1541 	var/svc/manifest/milestone/name-service.xml
   1542 	var/svc/manifest/system/filesystem/boot-archive.xml
   1543 "
   1544 
   1545 # Obsolete smf methods
   1546 smf_obsolete_methods="
   1547 	lib/svc/method/print-cleanup
   1548 	lib/svc/method/print-server
   1549 	lib/svc/method/svc-volfs
   1550 	lib/svc/method/pfil
   1551 	lib/svc/method/aggregation
   1552 	lib/svc/method/datalink
   1553 	lib/svc/method/datalink-init
   1554 	lib/svc/method/svc-kdc
   1555 	lib/svc/method/svc-kdc.master
   1556 	lib/svc/method/svc-kdc.slave
   1557 	lib/svc/share/krb_include.sh
   1558 	lib/svc/method/iscsid
   1559 	lib/svc/method/fcoeconfig
   1560 "
   1561 
   1562 smf_cleanup () {
   1563 	(
   1564 		cd $root;
   1565 		print "Removing obsolete rc.d scripts ... \c"
   1566 		rm -f $smf_obsolete_rc_files
   1567 		print "done."
   1568 	)
   1569 }
   1570 
   1571 smf_new_profiles () {
   1572 	[[ "$bfu_isa" = "sparc" ]] || return 0
   1573 
   1574 	[[ -x /tmp/bfubin/svccfg ]] || return 0
   1575 
   1576 	print "Clearing platform profile hash ..."
   1577 
   1578 	# platform_SUNW,Sun-Fire.xml (and other new and
   1579 	# corrected platforms) were delivered in Build 68.
   1580 	if [ ! -f \
   1581 		$rootprefix/var/svc/profile/platform_SUNW,Sun-Fire.xml \
   1582 		]; then
   1583 		for pfx in " " "v"; do
   1584 			for plname in \
   1585 			    none \
   1586 			    SUNW_Sun_Fire_880 \
   1587 			    SUNW_Sun_Fire_V890 \
   1588 			    SUNW_Sun_Fire_15000 \
   1589 			    SUNW_UltraEnterprise_10000; do
   1590 				eval $BFUSVCCFG -f - <<EOF
   1591 select smf/manifest
   1592 delpg ${pfx}ar_svc_profile_platform_${plname}_xml
   1593 exit
   1594 EOF
   1595 			done
   1596 		done
   1597 	fi
   1598 }
   1599 
   1600 smf_handle_new_services () {
   1601 	#
   1602 	# Detect, prior to extraction the arrival of new,
   1603 	# default-enabled-in-profile services.  If so, add a command
   1604 	# such that they are enabled.
   1605 	#
   1606 	if [ ! -f $rootprefix/var/svc/profile/system/sac.xml ]; then
   1607 		echo /usr/sbin/svcadm enable system/sac >> \
   1608 		    $rootprefix/var/svc/profile/upgrade
   1609 	fi
   1610 	if [[ $zone = global &&
   1611             ! -f $rootprefix/var/svc/manifest/system/intrd.xml ]]; then
   1612 		echo /usr/sbin/svcadm enable system/intrd >> \
   1613 		    $rootprefix/var/svc/profile/upgrade
   1614 	fi
   1615 	if [[ $zone = global &&
   1616 	    ! -f $rootprefix/var/svc/manifest/system/scheduler.xml ]]; then
   1617 		echo /usr/sbin/svcadm enable system/scheduler >> \
   1618 		    $rootprefix/var/svc/profile/upgrade
   1619 	fi
   1620 	if [[ $zone = global &&
   1621 	    ! -f $rootprefix/var/svc/manifest/system/hal.xml ]]; then
   1622 		echo /usr/sbin/svcadm enable system/hal >> \
   1623 		    $rootprefix/var/svc/profile/upgrade
   1624 	fi
   1625 	if [[ $zone = global &&
   1626 	    ! -f $rootprefix/var/svc/manifest/system/filesystem/rmvolmgr.xml ]]; then
   1627 		echo /usr/sbin/svcadm enable system/filesystem/rmvolmgr >> \
   1628 		    $rootprefix/var/svc/profile/upgrade
   1629 	fi
   1630 	if [[ $zone = global &&
   1631 	    ! -f $rootprefix/var/svc/manifest/network/ipsec/manual-key.xml &&
   1632 	    -f $rootprefix/etc/inet/secret/ipseckeys ]]; then
   1633 		smf_enable svc:/network/ipsec/manual-key:default
   1634 	fi
   1635 	if [[ $zone = global &&
   1636 	    ! -f $rootprefix/var/svc/manifest/network/ipsec/ike.xml &&
   1637 	    -f $rootprefix/etc/inet/ike/config ]]; then
   1638 		smf_enable svc:/network/ipsec/ike:default
   1639 	fi
   1640 	if [[ $zone = global &&
   1641 	    ! -f $rootprefix/var/svc/manifest/system/pools.xml &&
   1642 	    -f $rootprefix/etc/pooladm.conf ]]; then
   1643 		smf_enable svc:/system/pools:default
   1644 	fi
   1645 	if [[ $zone = global && $karch = sun4v &&
   1646 	    ! -f $rootprefix/var/svc/manifest/platforms/sun4v/ldoms-agents.xml ]]; then
   1647 		smf_enable svc:/ldoms/agents:default
   1648 	fi
   1649 }
   1650 
   1651 smf_copy_manifest() {
   1652 	mfstbase=`basename $1`
   1653 	mymfs=$rootprefix/var/svc/manifest/$2/$mfstbase
   1654 	if [[ ! -f $mymfs ]] || ! cmp -s $manifest_src/$1 $mymfs ; then
   1655 		cp $manifest_src/$1 $mymfs ||
   1656 		    echo "bfu: could not copy $manifest_src/$1"
   1657 	fi
   1658 }
   1659 
   1660 smf_copy_method() {
   1661 	cp $manifest_src/$1 $rootprefix/lib/svc/method ||
   1662 	    echo "bfu: could not copy $manifest_src/$1"
   1663 }
   1664 
   1665 smf_cleanup_initd() {
   1666 	rm -f $rootprefix/etc/rc?.d/[SK]??$1
   1667 }
   1668 
   1669 smf_delete_manifest() {
   1670 (
   1671 	mfst=$1
   1672 	cd $root
   1673 	[[ -f $mfst ]] || return;
   1674 	if [ -r /etc/svc/volatile/repository_door ]; then
   1675 		ENTITIES=`eval $BFUSVCCFG inventory $mfst`
   1676 		for fmri in $ENTITIES; do
   1677 			if [[ -n $root && $root != "/" ]]; then
   1678 				SVCCFG_REPOSITORY=$root/etc/svc/repository.db
   1679 				export SVCCFG_REPOSITORY
   1680 			fi
   1681 			eval $BFUSVCCFG delete -f $fmri >/dev/null 2>&1
   1682 			if [[ -n $root && $root != "/" ]]; then
   1683 				unset SVCCFG_REPOSITORY
   1684 			fi
   1685 		done
   1686 	fi
   1687 	rm $mfst
   1688 )
   1689 }
   1690 
   1691 smf_delete_methods() {
   1692 (
   1693 	cd $root;
   1694 	rm -f $smf_obsolete_methods
   1695 )
   1696 }	
   1697 
   1698 smf_delete_renamed_manifests() {
   1699 (
   1700 	cd $root;
   1701 	rm -f $smf_renamed_manifests
   1702 )
   1703 }
   1704 
   1705 smf_cleanup_dlmgmtd() {
   1706 (
   1707 	#
   1708 	# Delete the service instance, then refresh all its dependents in the
   1709 	# cases of alternative root and zones.
   1710 	#
   1711 	smf_delete_manifest "var/svc/manifest/network/dlmgmt.xml"
   1712 
   1713 	if [[ -n $root && $root != "/" ]]; then
   1714 		export SVCCFG_REPOSITORY=$root/etc/svc/repository.db
   1715 		eval $BFUSVCCFG -s svc:/network/physical:nwam refresh
   1716 		eval $BFUSVCCFG -s svc:/network/physical:default refresh
   1717 		eval $BFUSVCCFG -s svc:/system/device/local:default refresh
   1718 		unset SVCCFG_REPOSITORY
   1719 	fi
   1720 	cd $root
   1721 	rm -f lib/svc/method/svc-dlmgmtd
   1722 	rm -f etc/.dlmgmt_door
   1723 	rm -f sbin/dlmgmtd
   1724 )
   1725 }
   1726 
   1727 smf_cleanup_vt() {
   1728 	(
   1729 		smf_delete_manifest var/src/manifest/system/vtdaemon.xml
   1730 		cd $root
   1731 		rm -f lib/svc/method/vtdaemon
   1732 
   1733 		vt_conslogin_instances=`/tmp/bfubin/svcs -o FMRI | \
   1734 		    grep console-login:vt`
   1735 		for i in $vt_conslogin_instances; do
   1736 			eval $BFUSVCCFG delete -f $i
   1737 		done
   1738 	)
   1739 }
   1740 
   1741 smf_cleanup_boomer() {
   1742 	(
   1743 		smf_delete_manifest var/src/manifest/system/devices-audio.xml
   1744 		cd $root
   1745 		rm -f lib/svc/method/devices-audio
   1746 
   1747 		/tmp/bfubin/svccfg delete -f svc:/system/device/audio
   1748 	)
   1749 }
   1750 
   1751 old_mfst_dir="var/svc/manifest.orig"
   1752 new_mfst_dir="var/svc/manifest"
   1753 
   1754 smf_enable() {
   1755 	echo "svcadm enable $*" >> $rootprefix/var/svc/profile/upgrade
   1756 }
   1757 
   1758 smf_check_repository() {
   1759 	repository=etc/svc/repository.db
   1760 	[[ -f $rootprefix/$repository ]] || return
   1761 
   1762 	print -n "$rootprefix/$repository: " >&2
   1763 
   1764 	sqlite="${SQLITEBIN-$GATE/public/bin/$bfu_isa/sqlite}"
   1765 	[[ -x $sqlite ]] || sqlite=/lib/svc/bin/sqlite
   1766 	if [[ ! -x $sqlite ]]; then
   1767 		echo "no sqlite binary: skipped integrity check" >&2
   1768 		return
   1769 	fi
   1770 
   1771 	rm -f /tmp/bfurepo.db;
   1772 	cp $rootprefix/$repository /tmp/bfurepo.db
   1773 	bad_errors=`echo "PRAGMA integrity_check;" |
   1774 	    $sqlite /tmp/bfurepo.db 2>&1 | grep -v '^ok$'`
   1775 	if [[ $? -eq 0 ]]; then
   1776 		echo "integrity check failed:" >&2
   1777 		echo "$bad_errors" >&2
   1778 		echo >&2
   1779 		if [[ $force_override = no ]]; then
   1780 			cat >&2 <<EOF
   1781 Reseed the repository (see http://greenline.eng/quickstart.shtml#newrep)
   1782 before BFUing (or use the -f flag to force BFU to continue).  Re-seeding
   1783 will lose all smf(5) customizations.
   1784 EOF
   1785 			echo >&2
   1786 			exit 2;
   1787 		else
   1788 			echo "driving on anyway" >&2
   1789 		fi
   1790 	else
   1791 		echo "passed integrity check" >&2;
   1792 	fi
   1793 }
   1794 
   1795 smf_bkbfu_warning() {
   1796 	print ""
   1797 	print "*************************************************************"
   1798 	print " WARNING: BFU'ing $1 backwards across 5090532."
   1799 	print " Fixes have been made but the services cannot be refreshed"
   1800 	print " on the $1's inactive repository. Next boot for the"
   1801 	print " $1 will probably result in maintenance mode due to"
   1802 	print " dependency cycles. If so, at the $1's console, run:"
   1803 	print ""
   1804 	print " /usr/sbin/svcadm refresh system/sysidtool:system"
   1805 	print " /usr/sbin/svcadm refresh system/sysidtool:net"
   1806 	print " /usr/sbin/svcadm clear milestone/single-user"
   1807 	print " /usr/sbin/svcadm clear system/sysidtool:system"
   1808 	print " /usr/sbin/svcadm clear system/sysidtool:net"
   1809 	print ""
   1810 	print " to resolve."
   1811 	print " To avoid these problems, reseed the zone's repository."
   1812 	print " See http://greenline.eng/quickstart.shtml#newrep ."
   1813 	print " Note: Re-seeding will lose all smf(5) customization."
   1814 	print "*************************************************************"
   1815 	print ""
   1816 }
   1817 
   1818 smf_is_sysconfig() {
   1819 	#
   1820 	# Return success if going to post-5090532, i.e. post-sysconfig bits
   1821 	#
   1822 	# By now, we're going to post-smf bits - so multi-user.xml must
   1823 	# exist (since it was introduced by first SMF putback).
   1824 	# 
   1825 	# Function return status is return status of last command executed.
   1826 	# So, no need to check return status from grep below.
   1827 
   1828 	grep sysconfig $rootprefix/var/svc/manifest/milestone/multi-user.xml \
   1829 		>/dev/null 2>&1
   1830 }
   1831 
   1832 smf_bkbfu_past_sysconfig() {
   1833 	#
   1834 	# Check if bfu'ing back from post-5090532 to pre-5090532 bits.
   1835 	#
   1836 	if [[ -f $rootprefix/var/svc/manifest/milestone/sysconfig.xml ]] &&
   1837 	    ! smf_is_sysconfig ; then
   1838 		return 0
   1839 	fi
   1840 	return 1
   1841 }
   1842 
   1843 smf_bkbfu_repair_sysconfig() {
   1844 	#
   1845 	# Perform the necessary corrections when bfu'ing backwards
   1846 	# from post-5090532 to pre-5090532 bits.
   1847 	#
   1848 	# Get the pre-5090532 non-ON manifests, and issue minimal fixes
   1849 	# to the repository, to enable re-boot.
   1850 	#
   1851 	smf_copy_manifest pre-5090532/sysidtool.xml system
   1852 	if [[ $zone = global && $karch = i86pc ]]; then
   1853 		smf_copy_manifest pre-5090532/kdmconfig.xml platform/i86pc
   1854 	fi
   1855 	#
   1856 	# Now, remove sysidtool:{system, net}'s dependency on
   1857 	# single-user and filesystem-local.
   1858 	#
   1859 	# If $rootprefix is not empty, this could be the global zone,
   1860 	# with an alternate root BFU, or a non-global zone. For either
   1861 	# case, the repository to be updated is not the live one: use
   1862 	# SVCCFG_REPOSITORY to point to the repository to be updated.
   1863 	#
   1864 	# Note that in the alternate-root case, doing this seems better
   1865 	# than forcing the user to re-seed, or to dis-allow it. The
   1866 	# issue of svccfg and the repository not matching seems remote,
   1867 	# given that from initial SMF integration (on10_64) to on10_74,
   1868 	# there was no mismatch. In the remote possibility that there is a
   1869 	# mis-match (in the future) causing these calls to be suspect,
   1870 	# the user is already being advised, via the warning message, to
   1871 	# reseed the repository in case of trouble. If a mis-match is ever
   1872 	# introduced, code such as this would have to be fixed, so this
   1873 	# aspect of the warning is useful only during the interim period.
   1874 	#
   1875 	# NOTE that this is not an issue for non-global zones'
   1876 	# repositories - they couldn't be out-of-sync with
   1877 	# /tmp/bfubin/svccfg.
   1878 	#
   1879 	if [[ -n $rootprefix ]]; then
   1880 		export SVCCFG_REPOSITORY=$rootprefix/etc/svc/repository.db
   1881 		if [[ $zone = global ]]; then
   1882 			smf_bkbfu_warning "alternate root"
   1883 		else
   1884 			smf_bkbfu_warning "zone"
   1885 		fi
   1886 	fi
   1887 	#
   1888 	# Using the newer "-s" option to svccfg in the following is OK
   1889 	# since its introduction preceded 5090532 (and this routine wouldn't
   1890 	# be called unless the machine is running post-5090532 bits).
   1891 	#
   1892 	eval $BFUSVCCFG -s system/sysidtool:net delpg single-user
   1893 	eval $BFUSVCCFG -s system/sysidtool:system delpg single-user
   1894 	eval $BFUSVCCFG -s system/sysidtool:net delpg filesystem_local
   1895 	eval $BFUSVCCFG -s system/sysidtool:system delpg filesystem_local
   1896 
   1897 	#
   1898 	# On a live system, issue the refresh; For alternate root or non-global
   1899 	# zone, the user was asked to issue the refreshes and "clear"s in the
   1900 	# message above after a post-bfu reboot.
   1901 	#
   1902 	if [[ -z $rootprefix ]]; then
   1903 		/tmp/bfubin/svcadm refresh system/sysidtool:system \
   1904 		    system/sysidtool:net
   1905 	fi
   1906 
   1907 	#
   1908 	# Now, reset SVCCFG_REPOSITORY, if it was set
   1909 	#
   1910 	[[ -n $rootprefix ]] && unset SVCCFG_REPOSITORY
   1911 
   1912 	#
   1913 	# Remove the sysconfig.xml manifest when going back.  So backward
   1914 	# bfu check continues to work, and all manifests are correct.
   1915 	#
   1916 	cat >> $rootprefix/var/svc/profile/upgrade <<-EOF
   1917 	rm -f /var/svc/manifest/milestone/sysconfig.xml
   1918 	EOF
   1919 }
   1920 
   1921 #
   1922 # Return true if $file exists in $archive.  $file may also be a pattern.
   1923 #
   1924 archive_file_exists()
   1925 {
   1926 	archive=$1
   1927 	file=$2
   1928 
   1929 	$ZCAT $cpiodir/${archive}${ZFIX} | cpio -it 2>/dev/null | \
   1930 	    egrep -s "$file"
   1931 }
   1932 
   1933 #
   1934 # extract one or more files from an archive into a temporary directory
   1935 # provided by the caller.  The caller is responsible for checking to
   1936 # to see whether the desired file or files were extracted
   1937 #
   1938 # $1 - archive
   1939 # $2 - temporary dir
   1940 # remaining args: file(s) to be extracted.
   1941 #
   1942 archive_file_peek() {
   1943 	compressed_archive=`pwd`/$1
   1944 	tdir=$2
   1945 	shift
   1946 	shift
   1947 	if [ ! -d $tdir ] ; then
   1948 		return
   1949 	fi
   1950 	(cd $tdir; $ZCAT $compressed_archive | cpio -idmucB $* 2>&1 )
   1951 }
   1952 
   1953 #
   1954 # If we're no longer delivering the eeprom service, remove it from the system,
   1955 # as eeprom -I is removed as well.
   1956 #
   1957 smf_fix_i86pc_profile () {
   1958 	mfst="var/svc/manifest/platform/i86pc/eeprom.xml"
   1959 	profile="var/svc/profile/platform_i86pc.xml"
   1960 
   1961 	if [ ! "$karch" = "i86pc" ]; then
   1962 		return
   1963 	fi
   1964 
   1965 	if ! archive_file_exists generic.root "^$profile"; then
   1966 		rm -f $rootprefix/$profile
   1967 		rm -f $rootprefix/var/svc/profile/platform.xml
   1968 	fi
   1969 
   1970 	if [ ! -f $rootprefix/$mfst ]; then
   1971 		return
   1972 	fi
   1973 
   1974 	if archive_file_exists generic.root "^$mfst"; then
   1975 		return
   1976 	fi
   1977 
   1978 	rm -f $rootprefix/$mfst
   1979 
   1980 	#
   1981 	# we must disable via svccfg directly, as manifest-import runs after
   1982 	# this service tries to run
   1983 	#
   1984 	[[ -n "$rootprefix" ]] &&
   1985 	    export SVCCFG_REPOSITORY=$rootprefix/etc/svc/repository.db
   1986 	eval $BFUSVCCFG delete -f platform/i86pc/eeprom
   1987 	[[ -n "$rootprefix" ]] && unset SVCCFG_REPOSITORY
   1988 }
   1989 
   1990 #
   1991 # If the new system doesn't support the templates DTD extensions
   1992 # (due to backwards bfu), the global.xml manifest should be deleted.
   1993 #
   1994 smf_bkbfu_templates() {
   1995 	mfst="var/svc/manifest/system/svc/global.xml"
   1996 
   1997 	grep "pg_pattern" \
   1998 	    $rootprefix/usr/share/lib/xml/dtd/service_bundle.dtd.1> \
   1999 	    /dev/null 2>&1
   2000 	if [ $? -eq 1 ]; then
   2001 		rm -f $rootprefix/$mfst
   2002 	fi
   2003 
   2004 }
   2005 
   2006 smf_apply_conf () {
   2007 	#
   2008 	# Go thru the original manifests and move any that were unchanged
   2009 	# (or are not system-provided) back to their proper location.  This
   2010 	# will avoid superfluous re-import on reboot, as the inode and mtime
   2011 	# are both part of the hash.
   2012 	#
   2013 	if [ -d $rootprefix/$old_mfst_dir ]; then
   2014 		for f in `cd $rootprefix/$old_mfst_dir ; find . -type f`
   2015 		do
   2016 			old=$rootprefix/$old_mfst_dir/$f
   2017 			new=$rootprefix/$new_mfst_dir/$f
   2018 			if [ ! -f $new ]; then
   2019 				mkdir -m 0755 -p `dirname $new`
   2020 				mv $old $new
   2021 				continue
   2022 			fi
   2023 			cmp -s $old $new && mv $old $new
   2024 		done
   2025 		rm -rf $rootprefix/$old_mfst_dir
   2026 	fi
   2027 
   2028 	if [ -f $rootprefix/etc/init.d/inetd ]; then
   2029 		#
   2030 		# BFUing to non-SMF system -- undo our previous changes,
   2031 		# run an old hack, and skip the remainder of this function.
   2032 		#
   2033 		smf_inetd_reenable
   2034 		smf_tftp_reinstall
   2035 
   2036 		# Update inetd.conf only if we find rpc.metad file.
   2037 		[ -f $usr/sbin/rpc.metad ] &&
   2038 		    inetd_conf_svm_hack
   2039 
   2040 		return
   2041 	fi
   2042 
   2043 	#
   2044 	# At this point, the archive in question is a SMF version.  If
   2045 	# the smf(5) repository does not yet exist, create it by copying
   2046 	# the appropriate seed repository.  Since updating of non-global
   2047 	# zones only occurs when the live system is bfu'ed, the
   2048 	# appropriate seed is guaranteed to exist under the /lib
   2049 	# directory.
   2050 	#
   2051 	repository=$rootprefix/etc/svc/repository.db
   2052 	if [ ! -f $repository ]; then
   2053 		print "Initializing service configuration repository ..."
   2054 		if [ $zone = global ]; then
   2055 			cp $rootprefix/lib/svc/seed/global.db $repository
   2056 		else
   2057 			cp /lib/svc/seed/nonglobal.db $repository
   2058 		fi
   2059 		chmod 0600 $repository
   2060 		chown root:sys $repository
   2061 	fi
   2062 
   2063 	print "Removing obsolete smf services ..."
   2064 	for f in $smf_obsolete_manifests; do
   2065 		smf_delete_manifest $f
   2066 	done
   2067 	smf_delete_methods
   2068 	smf_delete_renamed_manifests
   2069 
   2070 	if [[ $dlmgmtd_status = cleanup ]]; then
   2071 		smf_cleanup_dlmgmtd
   2072 	fi
   2073 
   2074 	#
   2075 	# When doing backwards BFU, if the target does not contain
   2076 	# vtdaemon manifest, delete it and delete all the additional
   2077 	# console-login service instances which were used to provide
   2078 	# additional console sessions.
   2079 	#
   2080 	if ((! $ZCAT $cpiodir/generic.root$ZFIX | cpio -it 2>/dev/null | \
   2081 	    grep vtdaemon.xml > /dev/null 2>&1) && [ $zone = global ]); then
   2082 		smf_cleanup_vt
   2083 	fi
   2084 
   2085 	#
   2086 	# Remove the Boomer audio service when BFUing to legacy audio bits
   2087 	#
   2088 	if ! check_boomer_bfu && [ $zone = global ]; then
   2089 		smf_cleanup_boomer
   2090 	fi
   2091 
   2092 	print "Disabling unneeded inetd.conf entries ..."
   2093 	smf_inetd_disable
   2094 	smf_tftp_reinstall
   2095 
   2096 	print "Connecting platform and name service profiles ..."
   2097 
   2098 	rm -f $rootprefix/var/svc/profile/name_service.xml
   2099 
   2100 	grep ldap $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
   2101 	is_ldap=$?
   2102 	grep nisplus $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
   2103 	is_nisplus=$?
   2104 	grep nis $rootprefix/etc/nsswitch.conf >/dev/null 2>&1
   2105 	is_nis=$?
   2106 
   2107 	if [ $is_ldap  = 0 ]; then
   2108 		ns_profile=ns_ldap.xml
   2109 	elif [ $is_nisplus = 0  ]; then
   2110 		ns_profile=ns_nisplus.xml
   2111 	elif [ $is_nis = 0 ]; then
   2112 		ns_profile=ns_nis.xml
   2113 	else
   2114 		ns_profile=ns_files.xml
   2115 	fi
   2116 
   2117 	ln -s $ns_profile $rootprefix/var/svc/profile/name_service.xml
   2118 
   2119 	rm -f $rootprefix/var/svc/profile/inetd_services.xml
   2120 	ln -s inetd_upgrade.xml $rootprefix/var/svc/profile/inetd_services.xml
   2121 
   2122 	print "Marking converted services as enabled ..."
   2123 
   2124 	[ -f $rootprefix/etc/resolv.conf ] && smf_enable network/dns/client
   2125 	[ -f $rootprefix/etc/inet/dhcpsvc.conf ] && \
   2126 	    smf_enable network/dhcp-server
   2127   
   2128 	# Not concerned about enabling/disabling rcap but will migrate
   2129 	# configuration parameters if rcap.conf exists
   2130 	#
   2131 	if [ -f $rootprefix/etc/rcap.conf ]; then
   2132 		migrate_rcap_conf
   2133 	fi
   2134 
   2135 	migrate_acctadm_conf
   2136 
   2137 	if [ $zone = global ]; then
   2138 		if [ -f $rootprefix/etc/dfs/dfstab ] &&
   2139 		    grep '^[ 	]*[^# 	]' $rootprefix/etc/dfs/dfstab \
   2140 		    > /dev/null; then
   2141 		    	smf_enable network/nfs/server
   2142 		fi
   2143 	else
   2144 		echo "/usr/sbin/svcadm disable network/nfs/server" >> \
   2145 		    $rootprefix/var/svc/profile/upgrade
   2146 	fi
   2147 
   2148 	[ -f $rootprefix/etc/inet/ntp.conf ] && smf_enable network/ntp
   2149 
   2150 
   2151 	domainname=`cat $rootprefix/etc/defaultdomain 2>/dev/null`
   2152         if [ ! -z "$domainname" -a -d $rootprefix/var/yp/$domainname ]; then
   2153 		smf_enable network/nis/server
   2154 
   2155 		# Determining whether we're a NIS master requires
   2156 		# looking through the maps.
   2157 		cat >>$rootprefix/var/svc/profile/upgrade <<\_EOF
   2158 # Determine whether we are a YP master.
   2159 domain=`/usr/bin/domainname`
   2160 hostname=`uname -n | cut -d. -f1 | tr '[A-Z]' '[a-z]'`
   2161 
   2162 if [ -x /usr/sbin/makedbm ]; then
   2163 	if [ -f /var/yp/NISLDAPmapping ]; then
   2164 		master=`/usr/sbin/makedbm -u /var/yp/\$domain/LDAP_passwd.byname | grep YP_MASTER_NAME | nawk '{ print $2 }'`
   2165 	else
   2166 		master=`/usr/sbin/makedbm -u /var/yp/\$domain/passwd.byname | grep YP_MASTER_NAME | nawk '{ print $2 }'`
   2167 	fi
   2168 fi
   2169 
   2170 # If we are the master server, enable appropriate services.
   2171 if [ "$master" = "$hostname" -a "$YP_SERVER" = "TRUE" ]; then
   2172 	/usr/sbin/svcadm enable network/nis/xfr
   2173 	/usr/sbin/svcadm enable network/nis/passwd
   2174 
   2175 	if [ ! -f /var/yp/NISLDAPmapping ]; then
   2176 		[ -f /var/yp/updaters ] && \
   2177 		    /usr/svc/svcadm enable network/nis/update
   2178 	fi
   2179 fi
   2180 _EOF
   2181 	fi
   2182 
   2183 	# Check if mddbs don't exist on the image.  If so, disable SVM services.
   2184 	MDDB_STATUS=1
   2185 	if [ -f $rootprefix/kernel/drv/md.conf ]; then
   2186 		sed -e 's/#.*$//' $rootprefix/kernel/drv/md.conf | \
   2187 		    egrep '^[        ]*mddb_bootlist' >/dev/null 2>&1
   2188 		MDDB_STATUS=$?
   2189 	fi
   2190 
   2191 	if [ $MDDB_STATUS -ne 0 ]; then
   2192 		for svc in metainit mdmonitor; do
   2193 		    echo "/usr/sbin/svcadm disable system/$svc:default" >> \
   2194 			$rootprefix/var/svc/profile/upgrade
   2195 		done
   2196 
   2197 		for svc in meta mdcomm metamed metamh; do
   2198 		    echo "/usr/sbin/svcadm disable network/rpc/$svc:default" \
   2199 			>> $rootprefix/var/svc/profile/upgrade
   2200 		done
   2201 	fi
   2202 
   2203 	# Workaround inetd's handling of "tcp6/udp6" when no IPv6 interfaces
   2204 	# are configured.
   2205 	for svc in meta mdcomm metamed metamh; do
   2206 	    echo "/usr/sbin/inetadm -m network/rpc/$svc:default proto=tcp" \
   2207 		">/dev/null 2>&1" >> $rootprefix/var/svc/profile/upgrade
   2208 	done
   2209 
   2210 	manifest_src=${MANIFEST_SRC-$GATE/public/smf}
   2211 	[[ -d $manifest_src ]] ||
   2212 	    manifest_src=${GATE}/public/smf
   2213 	[[ -d $manifest_src ]] || manifest_src=/net/greenline.eng/meta0/smf
   2214 
   2215 	if smf_bkbfu_past_sysconfig ; then
   2216 		echo "BFU'ing backwards across 5090532! Now repairing..."
   2217 		smf_bkbfu_repair_sysconfig
   2218 	fi
   2219 
   2220 	#
   2221 	# If bfu'ing milestone/sysconfig bits or onwards, update the
   2222 	# corresponding non-ON manifests - sysidtool and kdmconfig.
   2223 	#
   2224 	sysidmfst=$rootprefix/var/svc/manifest/system/sysidtool.xml
   2225 	kdmmfst=$rootprefix/var/svc/manifest/platform/i86pc/kdmconfig.xml
   2226 	if smf_is_sysconfig ; then
   2227 		if [[ ! -f $sysidmfst ]]; then
   2228 			#
   2229 			# if WOS build on machine is pre-greenline, and
   2230 			# we're bfu'ing to the sysconfig bits.
   2231 			#
   2232 			smf_copy_manifest post-5090532/sysidtool.xml system
   2233 			if [[ $zone = global ]]; then
   2234 				smf_copy_method sysidtool-net
   2235 				smf_copy_method sysidtool-system
   2236 			fi
   2237 			echo "Converted system/sysidtool (post-5090532)"
   2238 		else
   2239 			#
   2240 			# If sysidtool.xml already exists, update it
   2241 			# if necessary. Future updates of sysidtool.xml
   2242 			# must occur in the dir: $manifest_src/post-5090532
   2243 			#
   2244 			smf_copy_manifest post-5090532/sysidtool.xml system
   2245 		fi
   2246 		if [[ $zone = global && $karch = i86pc ]]; then
   2247 			if [[ ! -f $kdmmfst ]]; then
   2248 				#
   2249 				# if WOS build on machine is pre-greenline, and
   2250 				# we're bfu'ing to the sysconfig bits.
   2251 				#
   2252 				smf_copy_manifest post-5090532/kdmconfig.xml \
   2253 				    platform/i86pc
   2254 				smf_copy_method   svc-kdmconfig
   2255 				smf_cleanup_initd kdmconfig
   2256 				echo "Converted platform/i86pc/kdmconfig"
   2257 				echo "(post-5090532)"
   2258 			else
   2259 				#
   2260 				# If kdmconfig.xml already exists, update
   2261 				# it if necessary. Future updates of
   2262 				# kdmconfig.xml must occur in the dir:
   2263 				# $manifest_src/post-5090532
   2264 				#
   2265 				smf_copy_manifest post-5090532/kdmconfig.xml \
   2266 				    platform/i86pc
   2267 			fi
   2268 		fi
   2269 	else
   2270 		if [[ ! -f $sysidmfst ]]; then
   2271 			smf_copy_manifest pre-5090532/sysidtool.xml system
   2272 			if [[ $zone = global ]]; then
   2273 				smf_copy_method sysidtool-net
   2274 				smf_copy_method sysidtool-system
   2275 			fi
   2276 			echo "Converted system/sysidtool"
   2277 		fi
   2278 		if [[ $zone = global && $karch = i86pc && ! -f $kdmmfst ]];
   2279 		then
   2280 			smf_copy_manifest pre-5090532/kdmconfig.xml \
   2281 			    platform/i86pc
   2282 			smf_copy_method   svc-kdmconfig
   2283 			smf_cleanup_initd kdmconfig
   2284 			echo "Converted platform/i86pc/kdmconfig"
   2285 		fi
   2286 	fi
   2287 
   2288 	# If we've still got the old dtlogin manifest delivered by earlier
   2289 	# versions of bfu, delete it, as it was broken and should have
   2290 	# never been delivered.  A new version delivered by the CDE
   2291 	# consolidation should be left alone.
   2292 	if [[ -f $rootprefix/var/svc/manifest/application/dtlogin.xml &&
   2293 	    `grep -c GLXXX \
   2294 	    $rootprefix/var/svc/manifest/application/dtlogin.xml` -gt 0 &&
   2295 	    -x /tmp/bfubin/svccfg ]]; then
   2296 
   2297 		# Delete the obsolete manifest.
   2298 		rm -f $rootprefix/var/svc/manifest/application/dtlogin.xml
   2299 
   2300 		# Delete the service from repository, then use dtconfig -e to
   2301 		# revert to whatever the WOS bits are using if dtlogin was
   2302 		# enabled.
   2303 		cat >> $rootprefix/var/svc/profile/upgrade <<-EOFA
   2304 if /usr/bin/svcprop -q application/cde-login; then
   2305 	if [ \`/usr/bin/svcprop -p general/enabled \
   2306 		application/cde-login:default\` = "true" ]; then
   2307 		do_dtconfig=1;
   2308 	else
   2309 		do_dtconfig=0;
   2310 	fi
   2311 
   2312 	/usr/sbin/svccfg delete -f application/cde-login
   2313 	type instance_refresh 2>&1 > /dev/null
   2314 	if [ \$? = 0 ]; then
   2315 		instance_refresh system/console-login
   2316 	else
   2317 		/usr/sbin/svcadm refresh system/console-login
   2318 	fi
   2319 
   2320 	if [ \$do_dtconfig -eq 1 -a -x /usr/dt/bin/dtconfig ]; then
   2321 		/usr/dt/bin/dtconfig -e
   2322 	fi
   2323 fi
   2324 EOFA
   2325 	fi
   2326 
   2327 
   2328 	# Enable the inetd-upgrade service to convert any changes to inetd.conf
   2329 	smf_enable network/inetd-upgrade
   2330 
   2331 	# If global zone, and bfu'ing from smf, and the inetd-upgrade
   2332 	# service has an obsolete dependency, then add a clear of inetd
   2333 	# and inetd-upgrade to the upgrade file as either may drop into
   2334 	# maintenance due to a dependency loop resulting from the new
   2335 	# inetd manifest
   2336 	if [[ $zone = global && -x /tmp/bfubin/svccfg ]]; then
   2337 		/tmp/bfubin/svcprop -q -p network/entities network/inetd-upgrade
   2338 		if [[ $? = 0 ]]; then
   2339 		    	echo "/usr/sbin/svcadm clear network/inetd" >> \
   2340 			    $rootprefix/var/svc/profile/upgrade
   2341 			echo "/usr/sbin/svcadm clear network/inetd-upgrade" >> \
   2342 			    $rootprefix/var/svc/profile/upgrade
   2343 		fi
   2344 	fi
   2345 
   2346 	#
   2347 	# Import the name-service-cache service. This is to get the service
   2348 	# (with correct dependencies) in the repository before reboot.
   2349 	#
   2350 	smf_import_service system/name-service-cache.xml
   2351 
   2352 	#
   2353 	# Import the datalink-management service.
   2354 	#
   2355 	smf_import_service network/dlmgmt.xml \
   2356 	    svc:/network/datalink-management:default
   2357 
   2358 	#
   2359 	# Import the ldap/client service. This is to get the service
   2360 	# (with correct dependencies) in the repository before reboot.
   2361 	#
   2362 	smf_import_service network/ldap/client.xml
   2363 
   2364 	# Enable new NFS status and nlockmgr services if client is enabled
   2365 	cat >> $rootprefix/var/svc/profile/upgrade <<-EOF
   2366 	    cl="svc:/network/nfs/client:default"
   2367 	    if [ \`/usr/bin/svcprop -p general/enabled \$cl\` = "true" ]; then
   2368 		/usr/sbin/svcadm enable svc:/network/nfs/status:default
   2369 		/usr/sbin/svcadm enable svc:/network/nfs/nlockmgr:default
   2370 	    fi
   2371 
   2372 EOF
   2373 
   2374 	kpmani="$rootprefix/var/svc/manifest/network/security/krb5_prop.xml"
   2375 	if grep svc-kdc.slave $kpmani > /dev/null 2>&1; then
   2376 		cat >> $rootprefix/var/svc/profile/upgrade <<EOF
   2377 		# We are deleting and reimporting kpropd's manifest, because we
   2378 		# need to change the restarter.
   2379 		kpfmri="svc:/network/security/krb5_prop"
   2380 		kkfmri="svc:/network/security/krb5kdc:default"
   2381 		lkpmani="/var/svc/manifest/network/security/krb5_prop.xml"
   2382 		restarter=\`svcprop -c -p general/restarter \$kpfmri 2>&1\`
   2383 		case \$restarter in
   2384 			*network/inetd:default)
   2385 				kken=\`svcprop -c -p general/enabled \$kkfmri\`
   2386 				eval $BFUSVCCFG delete -f \$kpfmri
   2387 				eval $BFUSVCCFG import \$lkpmani 
   2388 				# Enable kpropd if krb5kdc is enabled, since
   2389 				# krb5kdc would have run kpropd
   2390 				if [ \$kken = "true" ]; then
   2391 					svcadm enable \$kpfmri
   2392 				fi
   2393 				;;
   2394 		esac
   2395 EOF
   2396 	fi
   2397 
   2398 	# Enable print server if there are local queues
   2399 	queues=`echo $rootprefix/etc/lp/printers/*/configuration`
   2400 	if [ "$queues" != "$rootprefix/etc/lp/printers/*/configuration" ]; then
   2401 		smf_enable application/print/server
   2402 	fi
   2403 
   2404 	# Enable rarpd and bootparamd if they would have been running pre-SMF
   2405 	if [ -d $rootprefix/tftpboot ] || [ -d $rootprefix/rplboot ]; then
   2406 		smf_enable network/rarp
   2407 		smf_enable network/rpc/bootparams
   2408 	fi
   2409 
   2410 	touch $rootprefix/var/svc/profile/.upgrade_prophist
   2411 
   2412 	cat >> $rootprefix/var/svc/profile/upgrade <<EOF
   2413 	# We are deleting and reimporting dcs's manifest, because we
   2414 	# need to change the restarter.
   2415 	dcsfmri="svc:/platform/sun4u/dcs:default"
   2416 	dcsmani="/var/svc/manifest/platform/sun4u/dcs.xml"
   2417 	restarter=\`svcprop -c -p general/restarter \$dcsfmri 2>&1\`
   2418 	case \$restarter in
   2419 		*network/inetd:default)
   2420 			en=\`svcprop -c -p general/enabled \$dcsfmri\`
   2421 			eval $BFUSVCCFG delete -f \$dcsfmri
   2422 			eval $BFUSVCCFG import \$dcsmani
   2423 			if [ \$en = "true" ]; then
   2424 				svcadm enable \$dcsfmri
   2425 			fi
   2426 			;;
   2427 	esac
   2428 EOF
   2429 
   2430 	smf_fix_i86pc_profile
   2431 
   2432 	smf_bkbfu_templates
   2433 }
   2434 
   2435 tx_check_update() {
   2436 #
   2437 # If a lbl_edition file is found it's a likely sign that old unbundled
   2438 # Trusted Extensions packages are installed and TX is active.  Update
   2439 # etc/system if needed, to complete enabling of the bundled TX.
   2440 #
   2441 	LMOD1=$rootprefix/kernel/sys/lbl_edition
   2442 	LMOD2=$rootprefix/kernel/sys/amd64/lbl_edition
   2443 	LMOD3=$rootprefix/kernel/sys/sparcv9/lbl_edition
   2444 
   2445 	grep "^set sys_labeling=" $rootprefix/bfu.child/etc/system > \
   2446 	    /dev/null 2>&1
   2447 	if [ $? -eq 0 ]; then
   2448 		return
   2449 	fi
   2450 
   2451 	if [ -f $LMOD1 -o -f $LMOD2 -o -f $LMOD3 ]; then
   2452 		echo "set sys_labeling=1" >> $rootprefix/bfu.child/etc/system
   2453 		if [ $? -ne 0 ]; then
   2454     			echo "cannot set sys_labeling in $rootprefix/bfu.child/etc/system"
   2455 			return
   2456 		fi
   2457 
   2458 		rm -f $LMOD1 $LMOD2 $LMOD3
   2459 	fi
   2460 }
   2461 
   2462 tx_check_bkbfu() {
   2463 #
   2464 # Emit a warning message if bfu'ing a Trusted Extensions-enabled system
   2465 # backwards to pre TX-merge bits.  In this case, unbundled packages must
   2466 # be reinstalled to complete restoration of old TX bits.
   2467 #
   2468 	bsmconv=$rootprefix/etc/security/bsmconv
   2469 
   2470 	# This check is only needed in global zone
   2471 	if [[ $zone != global ]]; then
   2472 		return
   2473 	fi
   2474 
   2475 	# No warning needed if TX is not currently enabled
   2476 	grep "^set sys_labeling=" $rootprefix/bfu.child/etc/system > \
   2477 	    /dev/null 2>&1
   2478 	if [ $? -ne 0 ]; then
   2479 		return
   2480 	fi
   2481 
   2482 	if [ ! -f $bsmconv ]; then
   2483 		return
   2484 	fi
   2485 	grep " -x /usr/bin/plabel " $bsmconv > /dev/null 2>&1
   2486 	if [ $? != 0 ]; then
   2487 		return
   2488 	fi
   2489 
   2490 	print ""
   2491 	print "*************************************************************"
   2492 	print " WARNING: BFU'ing TX backwards across 6533113."
   2493 	print " Must re-install unbundled TX packages to remain Trusted."
   2494 	print "*************************************************************"
   2495 	print ""
   2496 }
   2497 
   2498 #
   2499 # The directboot putback moved the console property from
   2500 # /boot/solaris/bootenv.rc to /boot/grub/menu.lst.  It should be kept in both.
   2501 #
   2502 cleanup_eeprom_console()
   2503 {
   2504 	bootenvrc="$root/boot/solaris/bootenv.rc"
   2505 	menu_console=`eeprom console 2>/dev/null | \
   2506 	    grep -v 'data not available' | cut -d= -f2-`
   2507 	bootenv_console=`grep '^setprop[	 ]\{1,\}console\>' $bootenvrc`
   2508 	if [ -n "$menu_console" ] && [ -z "$bootenv_console" ]; then
   2509 		echo "setprop console '$menu_console'" >> $bootenvrc
   2510 	fi
   2511 }
   2512 
   2513 EXTRACT_LOG=/tmp/bfu-extract-log.$$
   2514 
   2515 rm -f $EXTRACT_LOG
   2516 
   2517 extraction_error() {
   2518 	echo error $* >> $EXTRACT_LOG
   2519 }
   2520 
   2521 #
   2522 # Make a local copy of bfu in /tmp and execute that instead.
   2523 # This makes us immune to loss of networking and/or changes
   2524 # to the original copy that might occur during execution.
   2525 #
   2526 cd .
   2527 abspath=`[[ $0 = /* ]] && print $0 || print $PWD/$0`
   2528 if [[ $abspath != /tmp/* ]]; then
   2529 	localpath=/tmp/bfu.$$
   2530 	print "Copying $abspath to $localpath"
   2531 	cp $abspath $localpath
   2532 	chmod +x $localpath
   2533 	print "Executing $localpath $*\n"
   2534 	exec $localpath $*
   2535 fi
   2536 
   2537 export PATH=/usr/bin:/usr/sbin:/sbin
   2538 
   2539 usage() {
   2540 	echo "Usage:"
   2541 	echo "    bfu    [-fh] <archive_dir> [root-dir]"
   2542 	echo "\tUpdate a single machine by loading archives on root-dir."
   2543 	echo "\troot-dir defaults to / (a live bfu).\n"
   2544 	echo "    bfu -c [-fh] <archive_dir> <exec-dir>"
   2545 	echo "\tUpdate all diskless clients by loading archives on each client"
   2546 	echo "\tthat mounts exec-dir as /usr.  <exec-dir> must start with"
   2547 	echo "\t/export/exec and each client's root must be in /export/root.\n"
   2548 	echo "\t-f        force bfu to continue even if it doesn't seem safe"
   2549 	fail "\t-h|-help  print this usage message and exit\n"
   2550 }
   2551 
   2552 diskless=no
   2553 force_override=no
   2554 while [ $# -gt 0 ]; do
   2555 	case $1 in
   2556 		-c)		diskless=yes;;
   2557 		-f)		force_override=yes;;
   2558 		-h|-help)	usage;;
   2559 		*)      	break;;
   2560 	esac
   2561 	shift
   2562 done
   2563 
   2564 # Variables for x86 platforms
   2565 boot_is_pcfs=no
   2566 have_realmode=no
   2567 is_pcfs_boot=no
   2568 new_dladm=no
   2569 
   2570 # Set when moving to either directboot or multiboot
   2571 multi_or_direct=no
   2572 
   2573 #
   2574 # Shows which type of archives we have, which type of system we are
   2575 # running on (before the bfu), and what the failsafe archives are
   2576 # (again, before the bfu).  failsafe_type is only needed on diskful
   2577 # bfu's, so it's not set in the diskless case.
   2578 # Possible values: unknown, dca, multiboot, directboot, xpv
   2579 #
   2580 archive_type=unknown
   2581 system_type=unknown
   2582 failsafe_type=unknown
   2583 
   2584 test $# -ge 1 || usage
   2585 
   2586 if [ -x /usr/bin/ppriv ]; then
   2587 	# We prefer to use ppriv, as it is a more accurate test, and also
   2588 	# has the benefit of preventing use from within a nonglobal zone.
   2589 	ppriv $$ | grep -w "E: all" > /dev/null 2>&1 || \
   2590 	    fail "bfu requires all privileges"
   2591 else
   2592 	# Fall back to old id check if system does not yet have ppriv.
   2593 	uid=`id | nawk '{print $1}'`
   2594 	[ "$uid" = "uid=0(root)" ] || \
   2595 	    fail "You must be super-user to run this script."
   2596 fi
   2597 
   2598 bfu_isa=`uname -p`
   2599 target_isa=$bfu_isa
   2600 karch=`uname -m`
   2601 plat=`uname -i`
   2602 
   2603 cpiodir=$1
   2604 
   2605 if [ "$cpiodir" = again ]; then
   2606 	cpiodir=`nawk '/^bfu.ed from / { print $3; exit }' /etc/motd`
   2607 fi
   2608 
   2609 [[ "$cpiodir" = */* ]] || cpiodir=$ARCHIVE/archives/$target_isa/$1
   2610 
   2611 [[ "$cpiodir" = /* ]] || fail "archive-dir must be an absolute path"
   2612 
   2613 cd $cpiodir
   2614 case `echo generic.root*` in
   2615 	generic.root)		ZFIX="";	ZCAT="cat";;
   2616 	generic.root.gz)	ZFIX=".gz";	ZCAT="gzip -d -c";;
   2617 	generic.root.Z)		ZFIX=".Z";	ZCAT="zcat";;
   2618 	*) fail "generic.root missing or in unknown compression format";;
   2619 esac
   2620 
   2621 #
   2622 # Determine what kind of archives we're installing, using the following rules:
   2623 #
   2624 # 1. If i86xpv archives exist, the archives are xpv
   2625 # 2. If strap.com is present, the archives are pre-multiboot
   2626 # 3. If symdef is present, the archives are directboot
   2627 # 4. Otherwise, the archives are multiboot
   2628 #
   2629 if [ $target_isa = i386 ]; then
   2630 	if [ -f $cpiodir/i86xpv.root$ZFIX ]; then
   2631 		archive_type=xpv
   2632 		multi_or_direct=yes
   2633 	elif [ -f $cpiodir/i86pc.boot$ZFIX ] && \
   2634 	    archive_file_exists i86pc.boot "strap.com"; then
   2635 		archive_type=dca
   2636 	elif [ -f $cpiodir/i86pc.root$ZFIX ] && \
   2637 	    archive_file_exists i86pc.boot symdef; then
   2638 		archive_type=directboot
   2639 		multi_or_direct=yes
   2640 	else
   2641 		archive_type=multiboot
   2642 		multi_or_direct=yes
   2643 	fi
   2644 fi
   2645 
   2646 if [ $diskless = no ]; then
   2647 	root=${2:-/}
   2648 	[[ "$root" = /* ]] || fail "root-dir must be an absolute path"
   2649 	usrroot=$root
   2650 	usr=${usrroot%/}/usr
   2651 	rootlist=$root
   2652 
   2653 	[[ -f $root/etc/system ]] || \
   2654 	    fail "$root/etc/system not found; nonglobal zone target not allowed"
   2655 
   2656 	rootfstype=`df -n $root | awk '{print $3}'`
   2657 
   2658 	if [ "$rootfstype" = "zfs" ]; then
   2659 		archive_has_zfs_root_support=no
   2660 		mkdir /tmp/zfschk.$$
   2661 		archive_file_peek generic.lib /tmp/zfschk.$$ \
   2662 		    "lib/svc/share/fs_include.sh"
   2663 		if [ -f /tmp/zfschk.$$/lib/svc/share/fs_include.sh ] ; then
   2664 			if grep '^readswapdev' \
   2665 			     /tmp/zfschk.$$/lib/svc/share/fs_include.sh \
   2666 			     >/dev/null 2>&1 ; then
   2667 				archive_has_zfs_root_support=yes
   2668 			fi
   2669 		fi
   2670 		rm -fr /tmp/zfschk.$$
   2671 
   2672 		if [ "$archive_has_zfs_root_support" = "no" ] ; then
   2673 			fail "Cannot bfu a system with zfs root to an archive with no zfs root support"
   2674 		fi
   2675 	fi
   2676 
   2677 	# Make sure we extract the sun4u-us3 libc_psr.so.1
   2678 	if [ -d $root/platform/sun4u -a \
   2679 	   ! -d $root/platform/sun4u-us3 ]
   2680 	then
   2681 		mkdir $root/platform/sun4u-us3
   2682 		chmod 755 $root/platform/sun4u-us3
   2683 		chown root $root/platform/sun4u-us3
   2684 		chgrp sys $root/platform/sun4u-us3
   2685 	fi
   2686 
   2687 	if [ $target_isa = i386 ]; then
   2688 		if [ $archive_type = xpv ]; then
   2689 			#
   2690 			# On i386, we want to apply the archives for both
   2691 			# platforms (i86pc and i86xpv) if they exist.  We
   2692 			# force the platform to i86xpv so that both will be
   2693 			# applied.
   2694 			#
   2695 			karch=i86pc
   2696 			plat=i86xpv
   2697 		fi
   2698 		if [ ! -d $root/platform/i86hvm ]; then
   2699 			mkdir $root/platform/i86hvm
   2700 		fi
   2701 	fi
   2702 
   2703 	if [ $karch != $plat -a -f ${cpiodir}/${plat}.usr$ZFIX ]; then
   2704 		usrarchs="$karch $plat"
   2705 	else
   2706 		usrarchs="$karch"
   2707 	fi
   2708 	if [ $karch != $plat -a -f ${cpiodir}/${plat}.root$ZFIX ]; then
   2709 		rootarchs="$karch $plat"
   2710 	else
   2711 		rootarchs="$karch"
   2712 	fi
   2713 
   2714 	if [ -h ${root}/platform/${plat} ]; then
   2715 		rm -f ${root}/platform/${plat}
   2716 	fi
   2717 	if [ -h ${usr}/platform/${plat} ]; then
   2718 		rm -f ${usr}/platform/${plat}
   2719 	fi
   2720 
   2721 	if [ $plat != $karch -a -f ${cpiodir}/${plat}.root$ZFIX \
   2722 	    -a -f ${cpiodir}/${plat}.usr$ZFIX ]
   2723 	then
   2724 		cd $cpiodir
   2725 		#
   2726 		#  Look through all the archives we build and match
   2727 		#  the names of built archives with the names of
   2728 		#  directories installed on this machine.  We assume
   2729 		#  here that we can get the names of all architectures
   2730 		#  by pattern matching the names of .root archives - so
   2731 		#  if we ever had a case where we had only a .usr archive
   2732 		#  we wouldn't find that archive.
   2733 		#
   2734 		for i in *.root*
   2735 		do
   2736 			platname=${i%.root*}
   2737 			if [ -z "${platname}" -o ${platname} = $karch -o \
   2738 			    $platname = generic -o ${platname} = $plat ]; then
   2739 				continue;
   2740 			fi
   2741 			if [ -d ${root}/platform/${platname} -o \
   2742 			    -h ${root}/platform/${platname} ]; then
   2743 				rootarchs="${rootarchs} ${platname}"
   2744 			fi
   2745 			if [ -d ${usr}/platform/${platname} -o \
   2746 			    -h ${usr}/platform/${platname} ]; then
   2747 				usrarchs="${usrarchs} ${platname}"
   2748 			fi
   2749 			if [ -h ${root}/platform/${platname} ]; then
   2750 				rm -f ${root}/platform/${platname}
   2751 			fi
   2752 			if [ -h ${usr}/platform/${platname} ]; then
   2753 				rm -f ${usr}/platform/${platname}
   2754 			fi
   2755 		done
   2756 	fi
   2757 	if [ "$rootfstype" = "ufs" ] ; then
   2758 		rootslice=`df -k $root | nawk 'NR > 1 { print $1 }' | \
   2759 		    sed s/dsk/rdsk/`
   2760 	fi
   2761 
   2762 	print "Loading $cpiodir on $root"
   2763 else
   2764 	usrroot=$2
   2765 	usr=$2/usr
   2766 	[[ "$usr" = /export/exec/* ]] || fail "exec-dir $usrroot sounds bogus"
   2767 	case $2 in
   2768 	    *sparc*)
   2769 		target_isa=sparc ;;
   2770 	    *i386*)
   2771 		target_isa=i386 ;;
   2772 	esac
   2773 	cd $cpiodir
   2774 	test -f generic.root$ZFIX || fail "$cpiodir/generic.root$ZFIX missing"
   2775 	allarchs=$(echo $(ls *.root$ZFIX | grep -v generic.root$ZFIX | \
   2776 		sed -e 's/.root.*//'))
   2777 
   2778 	if [ $target_isa = i386 -a $archive_type = xpv ]; then
   2779 		#
   2780 		# On i386, we want to apply the archives for both platforms
   2781 		# (i86pc and i86xpv) if they exist.  We force the platform
   2782 		# to i86xpv so that both will be applied.
   2783 		#
   2784 		karch=i86pc
   2785 		plat=i86xpv
   2786 	else
   2787 		# XXX Pick karch as last available root arch
   2788 		karch=${allarchs##* }
   2789 		# XXX Pick plat as first available root arch
   2790 		plat=${allarchs%% *}
   2791 	fi
   2792 
   2793 	rootlist=""
   2794 	for root in /export/root/*
   2795 	do
   2796 		test -f $root/etc/vfstab &&
   2797 			egrep -s $usrroot $root/etc/vfstab &&
   2798 			rootlist="$rootlist $root"
   2799 	done
   2800 	test -n "$rootlist" || fail "no clients to upgrade"
   2801 	print "Loading $cpiodir usr archives on:\n\t$usr\n"
   2802 	print "Loading $cpiodir root archives on:"
   2803 	for root in $rootlist
   2804 	do
   2805 		print "\t$root"
   2806 	done
   2807 fi
   2808 
   2809 if grep '^[ 	]*zfsroot:' $root/etc/system >/dev/null && \
   2810 	    archive_file_exists i86pc.boot boot/grub/zfs_stage1_5; then
   2811 	echo "Cannot BFU a system with the mountroot version"\
   2812 		"of zfs boot support."
   2813 	echo "For information on how to transition this system to the new"
   2814 	echo "zfs boot support, see:"
   2815 	echo "http://www.opensolaris.org/os/community/zfs/boot/zfsboot-manual/mntroot-transition/"
   2816 	fail ""
   2817 fi
   2818 
   2819 nss_lib="$usr/lib/mps/libnss3.so"
   2820 nss_lib64="$usr/lib/mps/64/libnss3.so"
   2821 valid_rpath="\$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps"
   2822 rpath_msg="R(UN)?PATH from file ${nss_lib}\)"
   2823 if [ ! -x /usr/bin/ldd ]; then
   2824 	if [ "$force_override" = yes ]; then
   2825 		echo "/usr/bin/ldd is missing but -f is set; continuing."
   2826 	else
   2827 		echo "/usr/bin/ldd is missing."
   2828 		fail "Install the SUNWtoo package."
   2829 	fi
   2830 fi
   2831 nss_rpath=`ldd -s $nss_lib | egrep "$rpath_msg" | head -1 | cut -d'=' -f2 | \
   2832 		awk '{print $1}'`
   2833 update_script="${GATE}/public/bin/update_nsspkgs"
   2834 if [ $valid_rpath != "$nss_rpath" ]; then
   2835 	if [ "$force_override" = yes ]; then
   2836 		echo "$nss_lib is not valid but -f is set; continuing."
   2837 	else
   2838 		echo "$nss_lib is not valid."
   2839 		fail "Run $update_script to update the SUNWtls package."
   2840 	fi
   2841 fi
   2842 if [ $target_isa = i386 -a ! -f $nss_lib64 ]; then
   2843 	echo "$nss_lib64 does not exist."
   2844 	fail "Run $update_script to update the NSS packages."
   2845 fi
   2846 
   2847 update_script="${GATE}/public/bin/migrate_bind9"
   2848 if [[ ! -f $usr/lib/dns/libdns.so ]] && ! $ZCAT $cpiodir/generic.usr$ZFIX | \
   2849 	    cpio -it 2>/dev/null |  egrep -s '^usr/sbin/ndc' ; then
   2850 	if [ "$force_override" = yes ]; then
   2851 		echo "BIND 9 has not been installed, but -f is set; continuing."
   2852 	else
   2853 		echo "BIND 8 has been removed from ON; BIND 9 is available from SFW."
   2854 		fail "Run $update_script to migrate to BIND 9."
   2855 	fi
   2856 fi
   2857 
   2858 update_script="${GATE}/public/bin/update_ce"
   2859 if ifconfig -a | egrep '^ce' >/dev/null 2>/dev/null; then
   2860 	# CE version 1.148 or later is required
   2861 	cever=`modinfo | grep 'CE Ethernet' | sed 's/.*v1\.//' | tr -d ')' | \
   2862 	    nawk '{ if ($1 < 148) print "BAD"; else print $1 }'`
   2863 	if [ "$cever" = "BAD" ]; then
   2864 		fail "You must run $update_script to upgrade your ce driver."
   2865 	fi
   2866 fi
   2867 
   2868 update_script="${GATE}/public/bin/update_dbus"
   2869 if [ ! -x $usr/lib/dbus-daemon ]; then
   2870 	fail "Run $update_script to update D-Bus."
   2871 fi
   2872 
   2873 #
   2874 # We need biosdev if we're moving from pre-multiboot to multiboot or directboot
   2875 # kernels.  If we already have an i86xpv kernel, then we must already be a
   2876 # directboot kernel, and can therefore skip the check.
   2877 #
   2878 if [ $target_isa = i386 ] && [ $multi_or_direct = yes ] && \
   2879     [ $diskless = no ] && [ ! -d /platform/i86xpv/ ]; then
   2880 	prtconf -v | grep biosdev >/dev/null 2>&1
   2881 	if [ $? -ne 0 ] && [ ! -f $rootprefix/platform/i86pc/multiboot ]; then
   2882 		echo "biosdev cannot be run on this machine."
   2883 		echo "Transitioning from classic to multiboot requires a"
   2884 		echo "bootconf which is compatible with biosdev."
   2885 		echo "bfu to onnv_12 first, then to a build with multiboot."
   2886 		fail ""
   2887 	fi
   2888 fi
   2889 
   2890 #
   2891 # Check whether the archives have a datalink-management services; this is
   2892 # later used to determine whether we need to upgrade the existing datalink
   2893 # configuration and if the datalink-management service needs to be removed.
   2894 #
   2895 if archive_file_exists generic.sbin "sbin/dlmgmtd"; then
   2896 	dlmgmtd_exists=true
   2897 else
   2898 	dlmgmtd_exists=false
   2899 fi
   2900 #
   2901 # Set the value of dlmgmtd_status based on the existence of the
   2902 # /sbin/dlmgmtd file
   2903 #
   2904 dlmgmtd_status=none
   2905 if [[ -f $root/sbin/dlmgmtd ]] && ! $dlmgmtd_exists ; then
   2906 	dlmgmtd_status=cleanup
   2907 elif [[ ! -f $root/sbin/dlmgmtd ]] && $dlmgmtd_exists ; then
   2908 	dlmgmtd_status=new
   2909 fi
   2910 
   2911 #
   2912 # Check whether the archives have an etc/dladm directory; this is
   2913 # later used to determine if aggregation.conf needs to be moved.
   2914 #
   2915 if $ZCAT $cpiodir/generic.root$ZFIX | cpio -it 2>/dev/null | \
   2916     grep etc/dladm > /dev/null 2>&1 ; then
   2917 	new_dladm=yes
   2918 fi
   2919 
   2920 #
   2921 # The Clearview IP Tunneling project changes the format of the
   2922 # /etc/dladm/datalink.conf file.  The conversion is done in the
   2923 # dlmgmtd daemon, so there is no backwards conversion when bfu'ing
   2924 # backwards.  The solution is to have bfu save the old file away when
   2925 # bfu'ing across this project, and restore it when bfu'ing back.
   2926 #
   2927 datalink_file=$root/etc/dladm/datalink.conf
   2928 datalink_backup=$root/etc/dladm/datalink.conf.bfusave
   2929 datalink_action=none
   2930 if [[ -f $datalink_file ]]; then
   2931 	iptun_exists=false
   2932 	if archive_file_exists generic.kernel "kernel/drv/iptun.conf"; then
   2933 		iptun_exists=true
   2934 	fi
   2935 	if [[ ! -f $root/kernel/drv/iptun.conf ]] && $iptun_exists; then
   2936 		datalink_action=save
   2937 	elif [[ -f $root/kernel/drv/iptun.conf ]] && ! $iptun_exists; then
   2938 	    	datalink_action=restore
   2939 	fi
   2940 fi
   2941 
   2942 #
   2943 # Check whether the build is boot-archive or ufsboot sparc
   2944 # boot based on the existence of a generic.boot archive
   2945 #
   2946 newboot_sparc=no
   2947 if [ $target_isa = sparc -a -f $cpiodir/generic.boot$ZFIX ]; then
   2948 	newboot_sparc=yes
   2949 fi
   2950 
   2951 time_ref=/tmp/bfu.time_ref.$$
   2952 rm -f $time_ref
   2953 touch $time_ref || fail "$time_ref: Unable to create time reference."
   2954 time_ref_seconds=$SECONDS
   2955 
   2956 print "\nCreating bfu execution environment ..."
   2957 
   2958 #
   2959 # Save off a few critical libraries and commands, so that bfu will
   2960 # continue to function properly even in the face of major
   2961 # kernel/library/command incompatibilities during a live upgrade.
   2962 #
   2963 bfucmd="
   2964 	/usr/bin/awk
   2965 	/usr/bin/cat
   2966 	/usr/bin/chgrp
   2967 	/usr/bin/chmod
   2968 	/usr/bin/chown
   2969 	/usr/bin/cmp
   2970 	/usr/bin/cp
   2971 	/usr/bin/cpio
   2972 	/usr/bin/csh
   2973 	/usr/bin/cut
   2974 	/usr/bin/date
   2975 	/usr/bin/dd
   2976 	/usr/bin/df
   2977 	/usr/bin/diff
   2978 	/usr/bin/du
   2979 	/usr/bin/echo
   2980 	/usr/bin/ed
   2981 	/usr/bin/egrep
   2982 	/usr/bin/env
   2983 	/usr/bin/ex
   2984 	/usr/bin/expr
   2985 	/usr/bin/false
   2986 	/usr/bin/fgrep
   2987 	/usr/bin/file
   2988 	/usr/bin/find
   2989 	/usr/bin/gettext
   2990 	/usr/bin/grep
   2991 	/usr/bin/head
   2992 	/usr/bin/id
   2993 	/usr/bin/ksh
   2994 	/usr/bin/ksh93
   2995 	/usr/bin/line
   2996 	/usr/bin/ln
   2997 	/usr/bin/ls
   2998 	/usr/bin/mkdir
   2999 	/usr/bin/mktemp
   3000 	/usr/bin/more
   3001 	/usr/bin/mv
   3002 	/usr/bin/nawk
   3003 	/usr/bin/pgrep
   3004 	/usr/bin/pkginfo
   3005 	/usr/bin/pkill
   3006 	/usr/bin/printf
   3007 	/usr/bin/ps
   3008 	/usr/bin/ptree
   3009 	/usr/bin/rm
   3010 	/usr/bin/rmdir
   3011 	/usr/bin/sed
   3012 	/usr/bin/sh
   3013 	/usr/bin/sort
   3014 	/usr/bin/strings
   3015 	/usr/bin/stty
   3016 	/usr/bin/su
   3017 	/usr/bin/tail
   3018 	/usr/bin/tee
   3019 	/usr/bin/touch
   3020 	/usr/bin/tr
   3021 	/usr/bin/true
   3022 	/usr/bin/truss
   3023 	/usr/bin/tty
   3024 	/usr/bin/uname
   3025 	/usr/bin/uniq
   3026 	/usr/bin/uptime
   3027 	/usr/bin/vi
   3028 	/usr/bin/w
   3029 	/usr/bin/wc
   3030 	/usr/bin/xargs
   3031 	/usr/bin/zcat
   3032 	/usr/sbin/add_drv
   3033 	/usr/sbin/chroot
   3034 	/usr/sbin/halt
   3035 	/usr/sbin/lockfs
   3036 	/usr/sbin/lofiadm
   3037 	/usr/sbin/mkfile
   3038 	/usr/sbin/mkfs
   3039 	/usr/sbin/mknod
   3040 	/usr/sbin/mount
   3041 	/usr/sbin/newfs
   3042 	/usr/sbin/pkgrm
   3043 	/usr/sbin/prtconf
   3044 	/usr/sbin/reboot
   3045 	/usr/sbin/rem_drv
   3046 	/usr/sbin/sync
   3047 	/usr/sbin/tar
   3048 	/usr/sbin/uadmin
   3049 	/usr/sbin/umount
   3050 	/usr/sbin/update_drv
   3051 	/usr/sbin/wall
   3052 	/usr/sbin/zonecfg
   3053 	${FASTFS-$GATE/public/bin/$bfu_isa/fastfs}
   3054 	${GZIPBIN-$GATE/public/bin/$bfu_isa/gzip}
   3055 "
   3056 #
   3057 # Scripts needed by BFU. These must be modified to use the interpreters in
   3058 # /tmp/bfubin. The interpreters in /usr/bin may not be compatible with the
   3059 # libraries in the archives being extracted.
   3060 #
   3061 bfuscr="
   3062 	${ACR-${GATE}/public/bin/acr}
   3063 "
   3064 
   3065 #
   3066 # Tools which may be either scripts or ELF binaries,
   3067 # so we need to check them before adding to either $bfucmd or $bfuscr.
   3068 # This does not handle compiled shell scripts yet.
   3069 #
   3070 bfuchameleons="
   3071         /usr/bin/basename
   3072         /usr/bin/bg
   3073         /usr/bin/cd
   3074         /usr/bin/cksum
   3075         /usr/bin/cmp
   3076         /usr/bin/comm
   3077         /usr/bin/command
   3078         /usr/bin/dirname
   3079         /usr/bin/cut
   3080         /usr/bin/fc
   3081         /usr/bin/fg
   3082         /usr/bin/getopts
   3083         /usr/bin/hash
   3084         /usr/bin/jobs
   3085         /usr/bin/join
   3086         /usr/bin/kill
   3087         /usr/bin/logname
   3088         /usr/bin/paste
   3089         /usr/bin/print
   3090         /usr/bin/read
   3091         /usr/bin/rev
   3092         /usr/bin/sleep
   3093         /usr/bin/sum
   3094         /usr/bin/tee
   3095         /usr/bin/test
   3096         /usr/bin/type
   3097         /usr/bin/ulimit
   3098         /usr/bin/umask
   3099         /usr/bin/unalias
   3100         /usr/bin/uniq
   3101         /usr/bin/wait
   3102         /usr/bin/wc
   3103 "
   3104 
   3105 for chameleon in ${bfuchameleons} ; do
   3106         if [[ "$(file "${chameleon}")" == *ELF* ]] ; then
   3107                 bfucmd="${bfucmd} ${chameleon}"
   3108         else
   3109                 bfuscr="${bfuscr} ${chameleon}"
   3110         fi
   3111 done
   3112 
   3113 rm -rf /tmp/bfubin
   3114 mkdir /tmp/bfubin
   3115 set $bfucmd
   3116 isalist=`isalist`
   3117 while [ $# -gt 0 ]
   3118 do
   3119 	dir=${1%/*}
   3120 	cmd=${1##*/}
   3121 	cd $dir
   3122 	isacmd=`(find $isalist -name $cmd 2>/dev/null; echo $cmd) | head -1`
   3123 	cp $dir/$isacmd /tmp/bfubin || fail "cannot copy $dir/$isacmd"
   3124 	shift
   3125 done
   3126 
   3127 #
   3128 # Optional commands.  We warn, but do not abort, if we are crossing a
   3129 # feature boundary (where a command is not present in the parent).
   3130 # Clauses requiring these commands must explicitly test for their
   3131 # presence in /tmp/bfubin.
   3132 #
   3133 bfuoptcmd="
   3134 	/sbin/biosdev
   3135 	/sbin/bootadm
   3136 	/sbin/installgrub
   3137 	/usr/sbin/fdisk
   3138 	/usr/sbin/metastat
   3139 	/usr/bin/mkisofs
   3140 	/usr/sbin/svcadm
   3141 	/usr/sbin/svccfg
   3142 	/usr/bin/svcprop
   3143 	/usr/bin/svcs
   3144 "
   3145 
   3146 set $bfuoptcmd
   3147 isalist=`isalist`
   3148 while [ $# -gt 0 ]
   3149 do
   3150 	dir=${1%/*}
   3151 	cmd=${1##*/}
   3152 	cd $dir
   3153 	isacmd=`(find $isalist -name $cmd 2>/dev/null; echo $cmd) | head -1`
   3154 	cp $dir/$isacmd /tmp/bfubin 2>/dev/null