OpenSolaris_b135/pkgdefs/SUNWcsr/postinstall

#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
BASEPREFIX=`echo $BASEDIR | sed "s/\//_/g"`
#
# Clear sysidtool which may have gone into maintenance due to a dependency
# cycle with milestone/single-user, when upgrading to a system that
# introduces milestone/sysconfig.
#
cat >> $BASEDIR/var/svc/profile/upgrade <<\_CLRSYSID
	/usr/sbin/svcadm clear svc:/system/sysidtool:net
	/usr/sbin/svcadm clear svc:/system/sysidtool:system
_CLRSYSID

if [ -f $BASEDIR/etc/inet/ipnodes.hostsmerge ]; then
	rm -f $BASEDIR/etc/inet/ipnodes.hostsmerge
fi

if [ -h $BASEDIR/var/mail.ABCsavedXYZ ] ; then
	rmdir $BASEDIR/var/mail/:saved >/dev/null 2>&1
	if [ $? = 0 ] ; then
		rmdir $BASEDIR/var/mail >/dev/null 2>&1
		if [ $? = 0 ] ; then
			mv $BASEDIR/var/mail.ABCsavedXYZ $BASEDIR/var/mail
		fi
	fi
	rm -fr $BASEDIR/var/mail.ABCsavedXYZ
fi

if [ -h $BASEDIR/var/news.ABCsavedXYZ ] ; then
	rmdir $BASEDIR/var/news >/dev/null 2>&1
	if [ $? = 0 ] ; then
		mv $BASEDIR/var/news.ABCsavedXYZ $BASEDIR/var/news
	fi
	rm -fr $BASEDIR/var/news.ABCsavedXYZ
fi

PMTAB=$BASEDIR/etc/saf/tcp/_pmtab
if [ -f $PMTAB ] ; then
	sed -e 's/\\x00020ACE......../\\x00020ACE00000000/' \
	    -e 's/\\x00020203......../\\x0002020300000000/' $PMTAB >/tmp/t.$$
	cp /tmp/t.$$ $PMTAB
fi

AUTH_ATTR=$BASEDIR/etc/security/auth_attr
if [ -f $AUTH_ATTR ] ; then
	sed '/^solaris\.\*/d' $AUTH_ATTR > /tmp/a.$$
	cp /tmp/a.$$ $AUTH_ATTR
	rm -f /tmp/a.$$
fi

EXEC_ATTR=$BASEDIR/etc/security/exec_attr
if [ -f $EXEC_ATTR ] ; then
	sed -e '/^Network Security.*sbin\/ipsec.*/ D' \
	    -e '/^Network Security.*sbin\/ike.*/ D' \
	    -e '/^Network Security.*inet\/in\.iked.*/ D' \
	    -e '/^Network Security.*inet\/cert.*/ D' $EXEC_ATTR > /tmp/e.$$
	cp /tmp/e.$$ $EXEC_ATTR
	rm -f /tmp/e.$$
fi

INITTAB=$BASEDIR/etc/inittab
if [ -f $INITTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \
    "$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then
	sed -e '/^ap:/d' -e '/^sp:/d' $INITTAB > /tmp/i.$$
	cp /tmp/i.$$ $INITTAB
	rm -f /tmp/i.$$
fi

VFSTAB=$BASEDIR/etc/vfstab
if [ -f $VFSTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \
    "$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then
	sed '/^\/devices[	 ]/d' $VFSTAB > /tmp/v.$$
	cp /tmp/v.$$ $VFSTAB
	rm -f /tmp/v.$$
fi

#
# Get rid of obsolete BIND 8 server instance
#
cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_BIND8
	obs_se=/usr/sbin/in.named
	cur_se=`svcprop -p start/exec svc:/network/dns/server 2>/dev/null`
	if [ "$obs_se" = "$cur_se" ]; then
		svcadm disable -s svc:/network/dns/server:default
		svccfg delete svc:/network/dns/server:default
		# If this was the only instance, delete the service also
		svcs network/dns/server >/dev/null 2>&1 || \
		    svccfg delete svc:/network/dns/server
	fi
_DEL_BIND8

#
# Get rid of obsolete DARPA trivial name server (Death to IEN-116!)
#
cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_TNAME
	svcs svc:/network/tname > /dev/null 2>&1
	if [ "$?" = 0 ]; then
		svccfg delete -f svc:/network/tname
	fi
_DEL_TNAME

#
# Remove stale GLD services
#
SVCCFG_REPOSITORY=$PKG_INSTALL_ROOT/etc/svc/repository.db
export SVCCFG_REPOSITORY
if [ -x /usr/sbin/svcadm -a -x /usr/sbin/svccfg -a \
    -f $PKG_INSTALL_ROOT/var/svc/manifest/network/datalink.xml ]; then
	if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then
		#
		# Local package install.  Need to disable the services first
		# before deleting.
		#
		svcadm disable -s svc:/network/aggregation >/dev/null 2>&1
		svcadm disable -s svc:/network/datalink-init >/dev/null 2>&1
		svcadm disable -s svc:/network/datalink >/dev/null 2>&1
	fi
	svccfg delete svc:/network/aggregation >/dev/null 2>&1
	svccfg delete svc:/network/datalink-init >/dev/null 2>&1
	svccfg delete svc:/network/datalink >/dev/null 2>&1
fi

# The ipsecalgs and policy services are delivered enabled.
# The ike and manual-key services are delivered disabled. The
# system administrator will need to enable them after creating
# the config file(s). If the system has been upgraded and the
# config files exist, enable the services on first boot.
# The file in /tmp indicates that this system had already been
# upgraded. The service will only be enabled on first upgrade.
IKEMANIFEST=`echo ike.xml"$BASEPREFIX" | cut -c 1-256`
if [ ! -f /tmp/${IKEMANIFEST} ]; then
	cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD
	if [ -f /etc/inet/ike/config ]; then
		/usr/sbin/svcadm enable svc:/network/ipsec/ike:default
	fi
_IPSECUPGRD
	else
		rm /tmp/${IKEMANIFEST}
fi
MANKEYMANIFEST=`echo manual-key.xml"$BASEPREFIX" | cut -c 1-256`
if [ ! -f /tmp/${MANKEYMANIFEST} ]; then
	cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD
	if [ -f /etc/inet/secret/ipseckeys ]; then
		/usr/sbin/svcadm enable svc:/network/ipsec/manual-key:default
	fi
_IPSECUPGRD
	else
		rm /tmp/${MANKEYMANIFEST}
fi

#
# If the eeprom service is present, remove it. We can't use
# /var/svc/profile/upgrade as it runs before manifest-import.
#
/usr/sbin/svccfg -s svc:/platform/i86pc/eeprom:default end >/dev/null 2>&1
if [ "$?" = 0 ]; then
	if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then
		svcadm disable -s svc:/platform/i86pc/eeprom:default \
		    >/dev/null 2>&1
	fi
	svccfg delete svc:/platform/i86pc/eeprom >/dev/null 2>&1
	rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform_i86pc.xml
	rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform.xml
fi

#
# svc:/network/rpc/keyserv is expected to be off on systems that don't
# set domainname.  On systems that do define a default domain, leave the
# setting as previously set.
#
cat >> $BASEDIR/var/svc/profile/upgrade <<\_CSVC_UPGRADE_2
	if [ ! -f /etc/defaultdomain ]; then
		svcadm disable network/rpc/keyserv
	fi
_CSVC_UPGRADE_2

if [ "$UPDATE" != yes ]; then
	#
	# On initial install, default to ns_files.xml.  The installer will
	# customize, if appropriate.
	#
	ln -s ns_files.xml $BASEDIR/var/svc/profile/name_service.xml
elif [ ! -r $BASEDIR/var/svc/profile/name_service.xml ] || \
	[ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then
	#
	# Associate name service profile, if none present.
	#
	grep ldap $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1
	is_ldap=$?
	grep nis $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1
	is_nis=$?

	if [ $is_ldap = 0 ]; then
		ns_profile=ns_ldap.xml
	elif [ $is_nis = 0 ]; then
		ns_profile=ns_nis.xml
	else
		ns_profile=ns_files.xml
	fi

	# Remove stale copy of name_service.xml, if it is not a symlink.
	if [ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then
		/usr/bin/rm -f $BASEDIR/var/svc/profile/name_service.xml
	fi

	ln -s $ns_profile $BASEDIR/var/svc/profile/name_service.xml

	grep dns $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1
	if [ $? = 0 ]; then
		echo "/usr/sbin/svcadm enable network/dns/client" >> \
		    $BASEDIR/var/svc/profile/upgrade
	fi
fi

#
# Associate correct inetd services profile.
#
rm -f $BASEDIR/var/svc/profile/inetd_services.xml
if [ "$UPDATE" = yes ]; then
	ln -s inetd_upgrade.xml $BASEDIR/var/svc/profile/inetd_services.xml
	# Ensure inetd-upgrade is run post-upgrade
	echo "/usr/sbin/svcadm enable network/inetd-upgrade" >> \
	    $BASEDIR/var/svc/profile/upgrade
else
	ln -s inetd_generic.xml $BASEDIR/var/svc/profile/inetd_services.xml
fi

#
# /etc/svc/repository.db was previously packaged but it is now generated
# from one of the seed repositories and then updated by svccfg(1M).
# Therefore, removef(1M) is used to remove the packaging database entry
# although the repository itself is preserved.
#
/usr/sbin/removef $PKGINST /etc/svc/repository.db >/dev/null 2>&1
/usr/sbin/removef -f $PKGINST >/dev/null 2>&1

PROFILEDIR=$BASEDIR/var/svc/profile
GENERICXML=${PROFILEDIR}/generic.xml
if [ -f $BASEDIR/var/SUNWcsr-apply-limited-net ]; then
	UPGRADEFILE=${PROFILEDIR}/upgrade
	ln -sf ./generic_limited_net.xml ${GENERICXML}
	cat >> ${UPGRADEFILE} <<\_ENABLE_LIMITED_NET
#
# apply the generic_limit_net profile selected at install
# time, and set the accompanying properties since they can't
# be readily set in the profile as of yet.
#
apply_limited_net()
{
	/usr/sbin/netservices limited
}

# apply_limited_net as last action of this upgrade script
trap apply_limited_net 0

_ENABLE_LIMITED_NET
	rm -f $BASEDIR/var/SUNWcsr-apply-limited-net
else
	#
	# This is not an initial (zone-)install: we are upgrading.
	#
	# If we have a previous version of generic.xml, keep that.
	# Otherwise (upgrade from pre-SMF filesystem) take the default 
	# action, i.e., sym-link to ./generic_open.xml
	#
	if [ ! -h $GENERICXML -a ! -f $GENERICXML ]; then
		ln -s ./generic_open.xml $GENERICXML
	fi
fi

# generic.xml is now dynamically maintained at install/upgrade time
# and no longer delivered by any package. We therefore removef(1) 
# any reference to it in the package database.
removef $PKGINST /var/svc/profile/generic.xml >/dev/null 2>&1
removef -f $PKGINST >/dev/null 2>&1

# Solaris audit's internal "enable/disable" state is maintained by
# c2audit; if c2audit accepts the auditconfig query, then auditing is
# enabled. If that is the case, then SMF should always enable auditd
# in the global zone and also in a non-global zone if perzone auditing
# is in use.

cat >> $BASEDIR/var/svc/profile/upgrade <<\_ENABLE_AUDIT
/usr/sbin/auditconfig -getcond 2> /dev/null
if [ $? -eq 0 ]; then
	if [ `/sbin/zonename` = global ]; then
		/usr/sbin/svcadm enable system/auditd
	else
		echo `/usr/sbin/auditconfig -getpolicy` | grep perzone > /dev/null
		if [ $? -eq 0 ]; then
			/usr/sbin/svcadm enable system/auditd
		fi
	fi
fi
_ENABLE_AUDIT

# if platform/sun4u/mpxio-upgrade service exists, then
# delete the service on boot after upgrading. 
if [ "$UPDATE" = yes ]; then
	cat >> $BASEDIR/var/svc/profile/upgrade <<\_MPXIOUPGRD
	/usr/bin/svcs platform/sun4u/mpxio-upgrade > /dev/null 2>&1
	if [ "$?" = 0 ]; then
		/usr/sbin/svccfg delete svc:/platform/sun4u/mpxio-upgrade
	fi
_MPXIOUPGRD
fi

#
# Add nwam to sysidconfig app list so sys-unconfig does the right thing
#
cat >> $BASEDIR/var/svc/profile/upgrade <<\_NWAM_SYSID
	/usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" -l |\
		/usr/bin/grep -s net-nwam >/dev/null

	if [ $? -ne 0 ]; then
		/usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" \
			-a /lib/svc/method/net-nwam
	fi
_NWAM_SYSID

#
# Migrate /etc/acctadm.conf settings to smf(5) repository.  Enable the instance
# if the configuration differs from the default configuration.
#
cat >> $BASEDIR/var/svc/profile/upgrade <<\_ACCTADM
if [ -f /etc/acctadm.conf ]; then
	. /etc/acctadm.conf

	fmri="svc:/system/extended-accounting:flow"
	svccfg -s $fmri setprop config/file = \
	    ${ACCTADM_FLOW_FILE:="none"}
	svccfg -s $fmri setprop config/tracked = \
	    ${ACCTADM_FLOW_TRACKED:="none"}
	svccfg -s $fmri setprop config/untracked = \
	    ${ACCTADM_FLOW_UNTRACKED:="extended"}
	if [ ${ACCTADM_FLOW_ENABLE:="no"} = "yes" ]; then
		svccfg -s $fmri setprop config/enabled = "true"
	else
		svccfg -s $fmri setprop config/enabled = "false"
	fi
	if [ $ACCTADM_FLOW_ENABLE = "yes" -o $ACCTADM_FLOW_FILE != "none" -o \
	    $ACCTADM_FLOW_TRACKED != "none" ]; then
		svcadm enable $fmri
	fi

	fmri="svc:/system/extended-accounting:process"
	svccfg -s $fmri setprop config/file = \
	    ${ACCTADM_PROC_FILE:="none"}
	svccfg -s $fmri setprop config/tracked = \
	    ${ACCTADM_PROC_TRACKED:="none"}
	svccfg -s $fmri setprop config/untracked = \
	    ${ACCTADM_PROC_UNTRACKED:="extended,host"}
	if [ ${ACCTADM_PROC_ENABLE:="no"} = "yes" ]; then
		svccfg -s $fmri setprop config/enabled = "true"
	else
		svccfg -s $fmri setprop config/enabled = "false"
	fi
	if [ $ACCTADM_PROC_ENABLE = "yes" -o $ACCTADM_PROC_FILE != "none" -o \
	    $ACCTADM_PROC_TRACKED != "none" ]; then
		svcadm enable $fmri
	fi

	fmri="svc:/system/extended-accounting:task"
	svccfg -s $fmri setprop config/file = \
	    ${ACCTADM_TASK_FILE:="none"}
	svccfg -s $fmri setprop config/tracked = \
	    ${ACCTADM_TASK_TRACKED:="none"}
	svccfg -s $fmri setprop config/untracked = \
	    ${ACCTADM_TASK_UNTRACKED:="extended"}
	if [ ${ACCTADM_TASK_ENABLE:="no"} = "yes" ]; then
		svccfg -s $fmri setprop config/enabled = "true"
	else
		svccfg -s $fmri setprop config/enabled = "false"
	fi
	if [ $ACCTADM_TASK_ENABLE = "yes" -o $ACCTADM_TASK_FILE != "none" -o \
	    $ACCTADM_TASK_TRACKED != "none" ]; then
		svcadm enable $fmri
	fi

	rm /etc/acctadm.conf
fi
_ACCTADM

exit 0