6973927 Installation fails if Primary Administrator rights profile is removed from the system
4885 User created by installer gets unsafe profile "Primary Administrator"
9966 install unnecessarily propagates /lost+found from image to rpool
15454 pkg install failure in im_pop did not abort DC and AI
15507 SUNWcs and SUNWcsd can be removed from manifests
16295 install-finish runs update_boot_archive ICT twice for text and GUI installs
16645 Incorrect permissions on ict.py in build 144 can cause ict's to fail to run
16740 Special handling of SUNWcs and SUNWcsd can be removed from transfer module
--- a/usr/src/cmd/auto-install/ai_manifest.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/auto-install/ai_manifest.xml Tue Aug 17 18:22:44 2010 -0400
@@ -161,10 +161,14 @@
-->
<ai_install_packages>
<pkg name="entire"/>
- <pkg name="SUNWcsd"/>
- <pkg name="SUNWcs"/>
<pkg name="babel_install"/>
</ai_install_packages>
+ <!--
+ babel_install and slim_install are group packages used to
+ define the default installation. They are removed here so
+ that they do not inhibit removal of other packages on the installed
+ system
+ -->
<ai_uninstall_packages>
<pkg name="babel_install"/>
<pkg name="slim_install"/>
--- a/usr/src/cmd/auto-install/default.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/auto-install/default.xml Tue Aug 17 18:22:44 2010 -0400
@@ -50,14 +50,7 @@
<pkg name="pkg:/[email protected]#"/>
-->
<ai_install_packages>
- <!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
- -->
<pkg name="pkg:/entire"/>
- <pkg name="pkg:/SUNWcs"/>
- <pkg name="pkg:/SUNWcsd"/>
<pkg name="pkg:/babel_install"/>
<!--
The following two packages are required by iSCSI,
@@ -67,7 +60,13 @@
<pkg name="pkg:/network/iscsi/initiator"/>
<pkg name="pkg:/network/iscsi/iser"/>
</ai_install_packages>
- <ai_uninstall_packages>
+ <!--
+ babel_install and slim_install are group packages used to
+ define the default installation. They are removed here so
+ that they do not inhibit removal of other packages on the
+ installed system.
+ -->
+ <ai_uninstall_packages>
<pkg name="pkg:/babel_install"/>
<pkg name="pkg:/slim_install"/>
</ai_uninstall_packages>
--- a/usr/src/cmd/distro_const/auto_install/ai_sparc_image.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/auto_install/ai_sparc_image.xml Tue Aug 17 18:22:44 2010 -0400
@@ -272,9 +272,13 @@
-->
<packages>
<!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
+ By default the latest build available, in the
+ specified IPS repository, is installed.
+ If another build is required, the build number has
+ to be appended to the 'entire' package in following
+ form:
+
+ <pkg name="pkg:/[email protected]#/>
-->
<pkg name="pkg:/entire"/>
<pkg name="pkg:/SUNWcs"/>
--- a/usr/src/cmd/distro_const/auto_install/ai_x86_image.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/auto_install/ai_x86_image.xml Tue Aug 17 18:22:44 2010 -0400
@@ -287,9 +287,13 @@
-->
<packages>
<!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
+ By default the latest build available, in the
+ specified IPS repository, is installed.
+ If another build is required, the build number has
+ to be appended to the 'entire' package in following
+ form:
+
+ <pkg name="pkg:/[email protected]#/>
-->
<pkg name="pkg:/entire"/>
<pkg name="pkg:/SUNWcs"/>
--- a/usr/src/cmd/distro_const/slim_cd/all_lang_slim_cd_x86.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/slim_cd/all_lang_slim_cd_x86.xml Tue Aug 17 18:22:44 2010 -0400
@@ -270,11 +270,6 @@
-->
<packages>
<!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
- -->
- <!--
By default the latest build available, in the
specified IPS repository, is installed.
If another build is required, the build number has
@@ -284,24 +279,19 @@
<pkg name="pkg:/[email protected]#/>
-->
<pkg name="pkg:/entire"/>
- <pkg name="pkg:/SUNWcs"/>
- <pkg name="pkg:/SUNWcsd"/>
<pkg name="pkg:/babel_install"/>
<pkg name="pkg:/system/install/media/internal"/>
</packages>
<!--
Items below this line are rarely configured
-->
- <!--
- Packages to be removed from the pkg_image area before
- boot archive construction
- -->
+ <!--
+ babel_install and slim_install are group packages used to
+ define the default installation. They are removed here so
+ that they do not inhibit removal of other packages on the
+ installed system.
+ -->
<post_install_remove_packages>
- <!--
- babel_install must be listed before slim_install
- because babel_install depends on slim_install,
- so, slim_install can't be uninstall first
- -->
<pkg name="pkg:/babel_install"/>
<pkg name="pkg:/slim_install"/>
</post_install_remove_packages>
--- a/usr/src/cmd/distro_const/slim_cd/slim_cd_x86.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/slim_cd/slim_cd_x86.xml Tue Aug 17 18:22:44 2010 -0400
@@ -270,11 +270,6 @@
-->
<packages>
<!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
- -->
- <!--
By default the latest build available, in the
specified IPS repository, is installed.
If another build is required, the build number has
@@ -284,18 +279,18 @@
<pkg name="pkg:/[email protected]#/>
-->
<pkg name="pkg:/entire"/>
- <pkg name="pkg:/SUNWcs"/>
- <pkg name="pkg:/SUNWcsd"/>
<pkg name="pkg:/slim_install"/>
<pkg name="pkg:/system/install/media/internal"/>
</packages>
<!--
Items below this line are rarely configured
-->
- <!--
- Packages to be removed from the pkg_image area before
- boot archive construction
- -->
+ <!--
+ slim_install is a group package used to define the
+ default installation. It is removed here so as to
+ not inhibit removal of other packages on the
+ installed system.
+ -->
<post_install_remove_packages>
<pkg name="pkg:/slim_install"/>
</post_install_remove_packages>
--- a/usr/src/cmd/distro_const/slim_cd/slimcd_boot_archive_configure Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/slim_cd/slimcd_boot_archive_configure Tue Aug 17 18:22:44 2010 -0400
@@ -19,8 +19,7 @@
#
# CDDL HEADER END
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
#
# =============================================================================
@@ -102,11 +101,15 @@
$CP ${TMP_DIR}/custom.conf ${BA_BUILD}/etc/gdm
$RM ${TMP_DIR}/custom.conf
-# Give jack administrator profile and convert root to a role
+# Give jack Software Installation profile and convert root to a role
$SED -e's/^root::::/root::::type=role;/' ${BA_BUILD}/etc/user_attr \
>${TMP_DIR}/user_attr
-echo "jack::::profiles=Primary Administrator;roles=root" >>${TMP_DIR}/user_attr
+echo "jack::::profiles=Software Installation;roles=root" >>${TMP_DIR}/user_attr
$CP ${TMP_DIR}/user_attr ${BA_BUILD}/etc
$RM ${TMP_DIR}/user_attr
+# Give jack full sudo rights, saving sudoers for restoration during install
+$CP ${BA_BUILD}/etc/sudoers ${PKG_IMG_PATH}/save/etc
+echo "jack ALL=(ALL) ALL" >>${BA_BUILD}/etc/sudoers
+
exit 0
--- a/usr/src/cmd/distro_const/text_install/text_mode_sparc.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/text_install/text_mode_sparc.xml Tue Aug 17 18:22:44 2010 -0400
@@ -243,11 +243,6 @@
-->
<packages>
<!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
- -->
- <!--
By default the latest build available, in the
specified IPS repository, is installed.
If another build is required, the build number has
--- a/usr/src/cmd/distro_const/text_install/text_mode_x86.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/text_install/text_mode_x86.xml Tue Aug 17 18:22:44 2010 -0400
@@ -257,11 +257,6 @@
-->
<packages>
<!--
- Due to dependency issues, SUNWcsd and SUNWcs
- must be listed first in the package list,
- after entire
- -->
- <!--
By default the latest build available, in the
specified IPS repository, is installed.
If another build is required, the build number has
--- a/usr/src/cmd/distro_const/utils/boot_archive_archive.py Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/distro_const/utils/boot_archive_archive.py Tue Aug 17 18:22:44 2010 -0400
@@ -389,7 +389,7 @@
raise Exception, (sys.argv[0] + ": Unable to strip boot archive: " +
os.strerror(COPY_STATUS >> 8))
-print "Sizing boot archvie requirements..."
+print "Sizing boot archive requirements..."
# dir_size() returns size in bytes, need to convert to KB
BOOT_ARCHIVE_SIZE = (dir_size(BA_BUILD)) / 1024
print " Raw uncompressed: %d MB." % (BOOT_ARCHIVE_SIZE / 1024)
@@ -444,6 +444,9 @@
"container; find/cpio command returns: " +
os.strerror(COPY_STATUS >> 8))
+# Remove lost+found so it doesn't get carried along to ZFS by an installer
+os.rmdir(BA_LOFI_MNT_PT + "/lost+found")
+
if IS_SPARC:
print "Doing compression..."
try:
--- a/usr/src/cmd/slim-install/finish/install-finish Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/slim-install/finish/install-finish Tue Aug 17 18:22:44 2010 -0400
@@ -240,7 +240,6 @@
SA.append(ICTO.explicit_bootfs())
if not textinstall_exists():
SA.append(ICTO.enable_happy_face_boot())
- SA.append(ICTO.update_boot_archive())
if not IS_SPARC:
SA.append(ICTO.copy_splash_xpm())
SA.append(ICTO.smf_correct_sys_profile())
@@ -260,9 +259,12 @@
SA.append(ICTO.remove_livecd_environment())
SA.append(ICTO.remove_specific_packages(PKG_REMOVE_LIST))
SA.append(ICTO.set_flush_content_cache_false())
- SA.append(ICTO.set_root_password(ROOT_PW))
+ # Password is pre-expired in GUI case since user didn't explicitly set it
+ SA.append(ICTO.set_root_password(ROOT_PW, not textinstall_exists()))
SA.append(ICTO.create_new_user(NU_GOS, NU_LOGIN, NU_PW, NU_GID, NU_UID))
SA.append(ICTO.set_homedir_map(NU_LOGIN))
+ SA.append(ICTO.setup_rbac(NU_LOGIN))
+ SA.append(ICTO.setup_sudo(NU_LOGIN))
if not IS_SPARC:
SA.append(ICTO.copy_capability_file())
SA.append(ICTO.reset_image_uuid())
--- a/usr/src/cmd/system-config/svc/svc-system-config Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/system-config/svc/svc-system-config Tue Aug 17 18:22:44 2010 -0400
@@ -75,6 +75,8 @@
PROP_USER_PROFILES="$PG_USER_ACCOUNT/profiles"
# roles
PROP_USER_ROLES="$PG_USER_ACCOUNT/roles"
+# sudoers entry
+PROP_USER_SUDOERS="$PG_USER_ACCOUNT/sudoers"
# expiration date for a login
PROP_USER_EXPIRE="$PG_USER_ACCOUNT/expire"
# name of home directory ZFS dataset
@@ -394,6 +396,7 @@
typeset desc
typeset profiles
typeset account_type
+ typeset sudoers
typeset password
typeset expire
@@ -661,6 +664,17 @@
fi
#
+ # Configure sudoers entry, if provided
+ #
+ sudoers=$(get_smf_prop $PROP_USER_SUDOERS)
+ if [[ -n "$sudoers" ]] ; then
+ print -u1 " Setting sudoers entry '$sudoers' for user" \
+ "<$login_name>."
+
+ print "$login_name $sudoers" >>/etc/sudoers
+ fi
+
+ #
# Create initial user's profile by copying .profile and .bashrc
# (in case bash is used as user's shell) from /etc/skel/ directory
#
--- a/usr/src/cmd/system-config/svc/system-config.xml Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/system-config/svc/system-config.xml Tue Aug 17 18:22:44 2010 -0400
@@ -97,6 +97,7 @@
<propval name='gid' type='count' value='0'/>
<propval name='profiles' type='astring' value=''/>
<propval name='roles' type='astring' value=''/>
+ <propval name='sudoers' type='astring' value=''/>
<propval name='type' type='astring' value=''/>
<propval name='expire' type='astring' value=''/>
<propval name='home_zfs_dataset' type='astring' value=''/>
--- a/usr/src/cmd/text-install/osol_install/text_install/ti_install.py Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/cmd/text-install/osol_install/text_install/ti_install.py Tue Aug 17 18:22:44 2010 -0400
@@ -18,8 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
#
'''
@@ -61,7 +60,6 @@
# The following is defined for using the ICT program. It can be removed
# once the ict_test program is not used.
CPIO_TRANSFER = "0"
-IPS_TRANSFER = "1" # Only used by the ict_set_user_role() ICT
# The following 2 values, ICT_USER_UID and ICT_USER_GID are defined
# in the ICT C APIs. When those are ported to Python, these will
@@ -602,18 +600,6 @@
except ti_utils.InstallationError:
failed_icts += 1
- # Text installer installation does not use IPS to install files at
- # this time. However, unlike the GUI installer, text installer
- # does not have root as a role. Text installer
- # runs as root, which is a user. So, we need to use the IPS_TRANSFER
- # mode of the ict_set_user_role ICT for the logic to
- # set root as a role or not to act correctly.
- try:
- exec_cmd([ICT_PROG, "ict_set_user_role", INSTALLED_ROOT_DIR,
- IPS_TRANSFER, ulogin], "execute ict_set_user_role() ICT")
- except ti_utils.InstallationError:
- failed_icts += 1
-
INSTALL_STATUS.update(InstallStatus.ICT, 50, ict_mesg)
# Run the install-finish script
--- a/usr/src/lib/libict/ict.c Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/libict/ict.c Tue Aug 17 18:22:44 2010 -0400
@@ -449,144 +449,6 @@
} /* END ict_set_user_profile() */
/*
- * Function: ict_set_user_role()
- *
- * This function will set the user role, if needed, on the specified
- * install target.
- *
- * Input:
- * target - The installation transfer target. A directory used by the
- * installer as a staging area, historically /a
- * login - The login name of the user.
- * transfer_mode - A flag indicating the transfer mode, IPS|CPIO.
- *
- * Return:
- * ICT_SUCCESS - Successful Completion
- * !ICT_SUCCESS - Set failed and ict_errno is set indicate why.
- *
- */
-ict_status_t
-ict_set_user_role(char *target, char *login, int transfer_mode)
-{
- char *_this_func_ = "ict_set_user_role";
- char cmd[MAXPATHLEN];
- int ict_status = 0;
-
- /*
- * Confirm input arguments
- */
- if ((target == NULL) || (strlen(target) == 0)) {
- ict_log_print(INVALID_ARG, _this_func_);
- return (set_error(ICT_INVALID_ARG));
- }
-
- ict_log_print(CURRENT_ICT, _this_func_);
- ict_debug_print(ICT_DBGLVL_INFO, "target:%s login:%s\n",
- target, login != NULL ? login : "NULL");
-
-
- if (transfer_mode == OM_CPIO_TRANSFER) {
- /*
- * If a user login has not been specified then clear out user
- * jack, and switch root out of being a role since no other
- * user has been created.
- *
- * If a user login has been specified make that user
- * a primary administrator.
- *
- */
- if ((login == NULL) || (strlen(login) == 0)) {
- /*
- * Remove jack entry if it exists, and switch root
- * from being a role if it is set to that.
- */
- (void) snprintf(cmd, sizeof (cmd),
- "/bin/sed -e '/^jack/d' "
- "-e 's/^root::::type=role;/root::::/' %s > %s%s",
- USER_ATTR_FILE, target, USER_ATTR_FILE);
- } else {
- (void) snprintf(cmd, sizeof (cmd),
- "/bin/sed -e 's/^jack/%s/' %s > %s%s",
- login, USER_ATTR_FILE, target, USER_ATTR_FILE);
- }
-
- ict_debug_print(ICT_DBGLVL_INFO, ICT_SAFE_SYSTEM_CMD,
- _this_func_, cmd);
- ict_status = ict_safe_system(cmd, B_FALSE);
- if (ict_status != 0) {
- ict_log_print(ICT_SAFE_SYSTEM_FAIL, _this_func_, cmd,
- ict_status);
- return (set_error(ICT_SET_ROLE_FAIL));
- }
- } else if (transfer_mode == OM_IPS_TRANSFER) {
- /*
- * If a user login name has been specified, change the root
- * entry to be of type 'role' and add an entry for the login
- * name.
- */
- if ((login != NULL) && (strlen(login) != 0)) {
- char *tmp_ua = NULL;
-
- /* Generate a temporary file name to use */
- if ((tmp_ua = tmpnam(NULL)) == NULL) {
- ict_log_print(TMPNAM_FAIL, _this_func_);
- return (set_error(ICT_SET_ROLE_FAIL));
- }
-
- /* Change root entry to be of type 'role' */
- (void) snprintf(cmd, sizeof (cmd),
- "/bin/sed -e 's/^root::::/root::::type=role;/' "
- "%s%s > %s", target, USER_ATTR_FILE, tmp_ua);
-
- ict_debug_print(ICT_DBGLVL_INFO, ICT_SAFE_SYSTEM_CMD,
- _this_func_, cmd);
- ict_status = ict_safe_system(cmd, B_FALSE);
- if (ict_status != 0) {
- ict_log_print(ICT_SAFE_SYSTEM_FAIL, _this_func_,
- cmd, ict_status);
- return (set_error(ICT_SET_ROLE_FAIL));
- }
-
- /* Add entry for login name */
- (void) snprintf(cmd, sizeof (cmd),
- "/bin/echo '%s::::profiles=Primary "
- "Administrator;roles=root' >> %s", login, tmp_ua);
-
- ict_debug_print(ICT_DBGLVL_INFO, ICT_SAFE_SYSTEM_CMD,
- _this_func_, cmd);
- ict_status = ict_safe_system(cmd, B_FALSE);
- if (ict_status != 0) {
- ict_log_print(ICT_SAFE_SYSTEM_FAIL, _this_func_,
- cmd, ict_status);
- return (set_error(ICT_SET_ROLE_FAIL));
- }
-
- /* Copy updated file into place */
- (void) snprintf(cmd, sizeof (cmd),
- "/bin/cp %s %s%s ; /bin/rm %s", tmp_ua, target,
- USER_ATTR_FILE, tmp_ua);
-
- ict_debug_print(ICT_DBGLVL_INFO, ICT_SAFE_SYSTEM_CMD,
- _this_func_, cmd);
- ict_status = ict_safe_system(cmd, B_FALSE);
- if (ict_status != 0) {
- ict_log_print(ICT_SAFE_SYSTEM_FAIL, _this_func_,
- cmd, ict_status);
- return (set_error(ICT_SET_ROLE_FAIL));
- }
- }
- } else {
- /* Unsupported transfer mode */
- ict_log_print(INVALID_ARG, _this_func_);
- return (set_error(ICT_INVALID_ARG));
- }
-
- ict_log_print(SUCCESS_MSG, _this_func_);
- return (ICT_SUCCESS);
-
-} /* END ict_set_user_role() */
-
-/*
* Function: ict_set_lang_locale()
*
* This function will set the language locale in init file.
--- a/usr/src/lib/libict/ict_api.h Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/libict/ict_api.h Tue Aug 17 18:22:44 2010 -0400
@@ -143,7 +143,6 @@
/* libict API function signatures */
ict_status_t ict_configure_user_directory(char *target, char *login);
ict_status_t ict_set_user_profile(char *target, char *login);
-ict_status_t ict_set_user_role(char *target, char *login, int transfer_mode);
ict_status_t ict_set_lang_locale(char *target, char *localep,
int transfer_mode);
ict_status_t ict_set_host_node_name(char *target, char *hostname);
--- a/usr/src/lib/libict/ict_private.h Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/libict/ict_private.h Tue Aug 17 18:22:44 2010 -0400
@@ -60,7 +60,6 @@
#define NODENAME "/etc/nodename"
#define PASSWORD_FILE "/etc/passwd"
#define SHADOW_FILE "/etc/shadow"
-#define USER_ATTR_FILE "/etc/user_attr"
#define EXPORT_FS "/export/home"
/*
--- a/usr/src/lib/libict/ict_test.c Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/libict/ict_test.c Tue Aug 17 18:22:44 2010 -0400
@@ -40,7 +40,6 @@
#define CREATE_USER_DIRECTORY "ict_configure_user_directory" /* 25 */
#define SET_USER_PROFILE "ict_set_user_profile" /* 20 */
#define INSTALLBOOT "ict_installboot" /* 15 */
-#define SET_USER_ROLE "ict_set_user_role" /* 17 */
#define SNAPSHOT "ict_snapshot" /* 12 */
#define TRANSFER_LOGS "ict_transfer_logs" /* 17 */
#define MARK_ROOT_POOL_READY "ict_mark_root_pool_ready" /* 24 */
@@ -64,9 +63,6 @@
(void) fprintf(stderr, "\t%s ict_installboot <target> <device> "
"<1 if install partition is fdisk logical, 0 if not>\n",
_this);
- (void) fprintf(stderr,
- "\t%s ict_set_user_role <target> <transfer mode> [login]\n",
- _this);
(void) fprintf(stderr, "\t%s ict_snapshot <pool> <snapshot>\n",
_this);
(void) fprintf(stderr,
@@ -88,8 +84,6 @@
_this);
(void) fprintf(stderr, "\t%s ict_installboot \"/a\" \"c5d0s0\" 1\n",
_this);
- (void) fprintf(stderr, "\t%s ict_set_user_role \"/a\" 0 \"guest\"\n",
- _this);
(void) fprintf(stderr, "\t%s ict_snapshot \"rpool\" \"install\"\n",
_this);
(void) fprintf(stderr, "\t%s ict_transfer_logs \"/\" \"/a\" 0\n",
@@ -171,29 +165,6 @@
(void) fprintf(stdout, "Result \n\t%s\n",
ICT_STR_ERROR(ict_errno));
}
- } else if (strncmp(argv[1], SET_USER_ROLE, 17) == 0) {
- /*
- * The third argument to ict_set_user_role, login is
- * optional.
- */
- if ((argc != 4) && (argc != 5)) {
- usage_exit(argv[0]);
- } else {
- (void) fprintf(stdout, "Invoking ICT: \n");
- if ((argc == 5)) {
- (void) fprintf(stdout, "%s(%s, %s, %s)\n",
- SET_USER_ROLE, argv[2], argv[4], argv[3]);
- ict_set_user_role(argv[2], argv[4],
- atoi(argv[3]));
- } else {
- (void) fprintf(stdout, "%s(%s, NULL, %s)\n",
- SET_USER_ROLE, argv[2], argv[3]);
- ict_set_user_role(argv[2], (char *)NULL,
- atoi(argv[3]));
- }
- (void) fprintf(stdout, "Result \n\t%s\n",
- ICT_STR_ERROR(ict_errno));
- }
} else if (strncmp(argv[1], SNAPSHOT, 12) == 0) {
if ((argc != 4)) {
usage_exit(argv[0]);
--- a/usr/src/lib/libict_pymod/ict.py Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/libict_pymod/ict.py Tue Aug 17 18:22:44 2010 -0400
@@ -123,7 +123,7 @@
import signal
import commands
-from pkg.cfgfiles import PasswordFile
+from pkg.cfgfiles import PasswordFile, UserattrFile
from osol_install.liblogsvc import LS_DBGLVL_ERR, \
LS_DBGLVL_INFO, \
@@ -186,8 +186,10 @@
ICT_SET_AUTOHOME_FAILED,
ICT_COPY_CAPABILITY_FAILED,
ICT_APPLY_SYSCONFIG_FAILED,
-ICT_GENERATE_SC_PROFILE_FAILED
-) = range(200, 254)
+ICT_GENERATE_SC_PROFILE_FAILED,
+ICT_SETUP_RBAC_FAILED,
+ICT_SETUP_SUDO_FAILED
+) = range(200,256)
#Global variables
DEBUGLVL = LS_DBGLVL_ERR
@@ -348,6 +350,7 @@
loc_grubmenu - normal location of GRUB menu
ai_sc_profile - SC profile generated by Automated Installer
target_sc_profile = target SC profile
+ sudoers - normal location of sudo configuration file
class initializer will exit with error status if:
@@ -357,12 +360,13 @@
'''
def __init__(self, basedir,
- debuglvl = -1,
- bootenvrc = '/boot/solaris/bootenv.rc',
- autohome = '/etc/auto_home',
- loc_grubmenu = '/boot/grub/menu.lst',
- ai_sc_profile = '/tmp/sc_manifest.xml',
- target_sc_profile = 'sc_profile.xml'):
+ debuglvl=-1,
+ bootenvrc='/boot/solaris/bootenv.rc',
+ autohome='/etc/auto_home',
+ loc_grubmenu='/boot/grub/menu.lst',
+ ai_sc_profile='/tmp/sc_manifest.xml',
+ target_sc_profile='sc_profile.xml',
+ sudoers='/etc/sudoers'):
# determine whether we are doing AI install or slim install
self.livecd_install = False
@@ -465,6 +469,7 @@
self.bootmenu_sparc = self.bootmenu_path_sparc + '/menu.lst'
self.autohome = basedir + autohome
+ self.sudoers = basedir + sudoers
# System Configuration template used to assemble System Configuration
# profile
@@ -2353,7 +2358,7 @@
return_status = 0
- temp_file = '/tmp/new_auto_home'
+ temp_file = '/var/run/new_auto_home'
if not login:
_dbg_msg('No login specified')
@@ -2381,9 +2386,10 @@
return return_status
- def set_root_password(self, newpw):
+ def set_root_password(self, newpw, expire=False):
'''ICT - set the root password on the specified install target.
- using IPS class PasswordFile from pkg.cfgfiles
+ using IPS class PasswordFile from pkg.cfgfiles. Pre-expire password
+ if expire is True
return 0 on success, error code otherwise
'''
_register_task(inspect.currentframe())
@@ -2395,6 +2401,8 @@
pf = PasswordFile(self.basedir)
ru = pf.getuser('root')
ru['password'] = newpw
+ if expire:
+ ru['lastchg'] = 0
pf.setvalue(ru)
pf.writefile()
except StandardError:
@@ -2462,6 +2470,85 @@
return 0
+ def setup_rbac(self, login):
+ '''ICT - configure user for root role, without any extra profiles and
+ remove the jack user from user_attr
+ return 0 on success, error code otherwise
+ '''
+ _register_task(inspect.currentframe())
+ return_status = 0
+ _dbg_msg('configuring RBAC in: ' + self.basedir)
+
+ try:
+ f = UserattrFile(self.basedir)
+ # Remove jack if present
+ if f.getvalue({'username' : 'jack'}):
+ f.removevalue({'username' : 'jack'})
+
+ rootentry = f.getvalue({'username' : 'root'})
+ rootattrs = rootentry['attributes']
+
+ # If we're creating a user, then ensure root is a role and
+ # add the user. Otherwise ensure that root is not a role.
+ if login:
+ rootattrs['type'] = ['role']
+ rootentry['attributes'] = rootattrs
+ f.setvalue(rootentry)
+
+ # Attributes of a userattr entry are a dictionary of list values
+ userattrs = dict({'roles' : ['root']})
+ # An entry is a dictionary with username and attributes
+ userentry = dict({'username' : login, 'attributes' : userattrs})
+ f.setvalue(userentry)
+ else:
+ if 'type' in rootattrs:
+ del rootattrs['type']
+ rootentry['attributes'] = rootattrs
+ f.setvalue(rootentry)
+
+ # Write the resulting file
+ f.writefile()
+
+ except StandardError:
+ prerror('Failure to edit user_attr file')
+ prerror(traceback.format_exc())
+ prerror('Failure. Returning: ICT_SETUP_RBAC_FAILED')
+ return_status = ICT_SETUP_RBAC_FAILED
+
+ return return_status
+
+ def setup_sudo(self, login):
+ '''ICT - configure user for sudo access, removing jack user from sudoers
+ return 0 on success, error code otherwise
+ '''
+
+ _register_task(inspect.currentframe())
+ return_status = 0
+ _dbg_msg('configuring RBAC in: ' + self.basedir)
+
+ temp_file = '/var/run/sudoers'
+
+ try:
+ with open(self.sudoers, 'r') as fp:
+ sudoers_lines = fp.readlines()
+ with open(temp_file, 'w') as fp_tmp:
+ for l in sudoers_lines:
+ if not l.startswith("jack"):
+ fp_tmp.write(l)
+ if login:
+ fp_tmp.write(login + ' ALL=(ALL) ALL\n')
+
+ os.remove(self.sudoers)
+ shutil.move(temp_file, self.sudoers)
+ os.chmod(self.sudoers, S_IREAD | S_IRGRP)
+ os.chown(self.sudoers, 0, 0) # chown root:root
+ except IOError, (errno, strerror):
+ prerror('Failure to edit sudoers file')
+ prerror(traceback.format_exc())
+ prerror('Failure. Returning: ICT_SETUP_SUDO_FAILED')
+ return_status = ICT_SETUP_SUDO_FAILED
+
+ return return_status
def ict_test(self, optparm=None):
'''ICT - ict test
--- a/usr/src/lib/liborchestrator/perform_slim_install.c Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/liborchestrator/perform_slim_install.c Tue Aug 17 18:22:44 2010 -0400
@@ -1700,17 +1700,6 @@
tcb_args->lname, ICT_STR_ERROR(ict_errno));
status = -1;
}
-
- /*
- * configure root account as a role and assign root role to user
- */
- if (ict_set_user_role(tcb_args->target, tcb_args->lname,
- transfer_mode) != ICT_SUCCESS) {
- om_log_print("Couldn't set the user role\n"
- "for user: %s\n%s\n", tcb_args->lname,
- ICT_STR_ERROR(ict_errno));
- status = -1;
- }
}
/*
--- a/usr/src/lib/libtransfer/transfer_mod.py Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/lib/libtransfer/transfer_mod.py Tue Aug 17 18:22:44 2010 -0400
@@ -18,8 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
#
""" Slim Install Transfer Module """
import errno
@@ -1205,99 +1204,43 @@
raise TValueError("Specified IPS image area is "
"inaccessible", TM_E_INVALID_IPS_ACT_ATTR)
- # Open the file that contains the packages to work on.
- # Batch pkgs into two group when the list of packages to install
- # contain "entire, SUNWcs, SUNWcsd". This ordering code can be
- # removed once IPS fixes dependency issues. For now, we must first
- # install "entire, SUNWcs, SUNWcsd" and then the rest of the packages
- # All the packages have been validated before this function is called.
+ try:
+ # Construct base list of command tokens
+ cmd = [TMDefs.PKG, '-R', self._init_mntpt, action_str]
- pkgdict = {}
- try:
+ # Append following two to list only if they're non-empty, otherwise
+ # the exec of pkg will fail with illegal FMRI's
+ if self._verbose_mode:
+ cmd.append(self._verbose_mode)
+ if self._no_index_flag:
+ cmd.append(self._no_index_flag)
+
+ # Package list is passed in a file; read it all in, append to
+ # command list and then execute one pkg operation for performance
with open(self._pkgs_file, 'r') as pkgfile:
- for line in pkgfile:
- if not line.strip():
- continue
- else:
- # package names can be can partial name, or
- # complete FMRI. e.g,
- # entire
- # [email protected],5.11-0.134
- # [email protected],5.11-0.134:20100302T023003Z
- # pkg://opensolaris.org/[email protected],5.11-0.134
-
- pkgname = line.rstrip('\n')
- pkgcomp = pkgname.partition('@')
- key = pkgcomp[0].rsplit('/')[-1]
-
- # if multiple instances of a package exist, they
- # will be in a list and will be sent as a request
- # to IPS repo, which will verify and generate errors
- # as needed.
-
- if key in pkgdict:
- pkgdict[key].append(pkgname)
- else:
- pkgdict[key] = [ pkgname ]
-
- if action_str == "uninstall":
- logsvc.write_dbg(TRANSFER_ID, logsvc.LS_DBGLVL_INFO,
- "Uninstalling pkg: " +
- str(pkgdict.values()))
+ cmd.extend(pkgfile.read().splitlines())
+
+ status = exec_cmd_outputs_to_log(cmd, self._log_handler)
+ # pkg install/uninstall returns
+ # PKG_EXIT_SUCCESS: install/uninstall was successful
+ # PKG_EXIT_NOP: nothing to do, desired state already exists
+ # Treat any return code other than the above as a missing package
+ if status not in [TMDefs.PKG_EXIT_SUCCESS,
+ TMDefs.PKG_EXIT_NOP]:
+ err_str = ("Failed executing %s") % ((" ".join(cmd)))
+ if self._log_handler is not None:
+ self._log_handler.error(err_str)
+ else:
+ logsvc.write_dbg(TRANSFER_ID, logsvc.LS_DBGLVL_ERR,
+ err_str + "\n")
+ raise TIPSPkgmissing(TM_E_IPS_PKG_MISSING)
except IOError:
raise TAbort("Unable to read list of packages "
" to " + action_str, TM_E_IPS_RETRIEVE_FAILED)
- pkglist = pkgdict.keys()
- if not pkgdict:
- return
-
- pkgs = set(pkglist)
- first = set(['entire', 'SUNWcs', 'SUNWcsd']) & pkgs
- last = pkgs - first
- if first:
- pkgorder = [first, last]
- else:
- pkgorder = [last]
-
- # Note that since we are batching pkgs via cli, failures about
- # specific pkgs will not be detectable other than in the log files.
-
- for order in pkgorder:
- batchpkgs = []
- for key in order:
- batchpkgs.extend(pkgdict[key])
- pkgs = " ".join(batchpkgs)
- cmd = (TMDefs.PKG + " -R %s %s %s %s %s") % \
- (self._init_mntpt, action_str, self._verbose_mode,
- self._no_index_flag, pkgs)
- try:
- status = exec_cmd_outputs_to_log \
- (cmd.split(), self._log_handler)
-
- #
- # pkg transfer is OK with SUCCESS or NOP
- # returned from pkg install. A return of
- # NOP implies an install that didn't do
- # anything because the pkg was already
- # there.
- #
- if status not in [TMDefs.PKG_EXIT_SUCCESS,
- TMDefs.PKG_EXIT_NOP]:
- err_str = ("Unable to " + action_str +
- " %s in %s") % \
- (pkgs, self._init_mntpt)
- if self._log_handler is not None:
- self._log_handler.error(err_str)
- else:
- logsvc.write_dbg(TRANSFER_ID, logsvc.LS_DBGLVL_ERR,
- err_str + "\n")
-
- except OSError:
- raise TAbort("Unable to "
- + action_str + " %s in %s"
- % (pkgs, self._init_mntpt),
- TM_E_IPS_RETRIEVE_FAILED)
+ except OSError:
+ raise TAbort("Failed executing %s" % ((" ".join(cmd))),
+ TM_E_IPS_RETRIEVE_FAILED)
def perform_ips_purge_hist(self):
"""Perform an IPS pkg purge-history.
--- a/usr/src/pkg/manifests/system-install.mf Wed Aug 11 08:35:22 2010 -0700
+++ b/usr/src/pkg/manifests/system-install.mf Tue Aug 17 18:22:44 2010 -0400
@@ -68,7 +68,7 @@
file path=usr/lib/python2.6/vendor-packages/osol_install/ENParser.pyc
file path=usr/lib/python2.6/vendor-packages/osol_install/finalizer.py
file path=usr/lib/python2.6/vendor-packages/osol_install/finalizer.pyc
-file path=usr/lib/python2.6/vendor-packages/osol_install/ict.py
+file path=usr/lib/python2.6/vendor-packages/osol_install/ict.py mode=0755
file path=usr/lib/python2.6/vendor-packages/osol_install/ict.pyc
file path=usr/lib/python2.6/vendor-packages/osol_install/install_utils.py
file path=usr/lib/python2.6/vendor-packages/osol_install/install_utils.pyc