12
|
1 |
|
293
|
2 |
PSARC/2008/190
|
|
3 |
pkg(5): image packaging system
|
|
4 |
|
12
|
5 |
SUPPORTED ACTIONS
|
|
6 |
|
|
7 |
We need to support an extensible set of "actions", which we define as
|
|
8 |
reversible operations that a package can request to enable its later
|
|
9 |
function on the target image.
|
|
10 |
|
293
|
11 |
Packages need a limited set of operations on individual files to
|
|
12 |
manipulate the configuration. The current class actions are given in
|
|
13 |
Appendix A. It appears that if "manifest" and "rbac" were supported,
|
|
14 |
along with some management of editable files (preserve, renamenew,
|
|
15 |
initd, renameold), then the remaining operations could be deferred to
|
|
16 |
image instantiation.
|
|
17 |
|
12
|
18 |
From the legacy packaging system, we can inspect the class action
|
|
19 |
scripts and the postinstall scripts to identify the set of common
|
|
20 |
actions.
|
|
21 |
|
293
|
22 |
depend Declare dependency on other packages.
|
|
23 |
directory All directories.
|
|
24 |
driver Package contains device driver
|
|
25 |
Module loading will be disabled during
|
|
26 |
operations on live images.
|
|
27 |
file All other files. Preservation and rename handling are
|
|
28 |
managed as optional tags.
|
|
29 |
hardlink,
|
|
30 |
link All hard and symbolic links.
|
|
31 |
service Package contains service description
|
|
32 |
Inventoried services will be temporarily
|
|
33 |
disabled during operations on live images.
|
|
34 |
set Set a package attribute.
|
|
35 |
user,
|
|
36 |
group Package requires user, group, or other package-reference
|
|
37 |
managed resource.
|
12
|
38 |
|
293
|
39 |
XXX Is this set sufficient to boot? Should we somehow discriminate
|
|
40 |
them from non-booting actions?
|
|
41 |
|
|
42 |
legacy Record package attributes into legacy packaging
|
|
43 |
metadata.
|
|
44 |
license License files, which deliver into the image metadata
|
|
45 |
rather than the image's filesystems.
|
12
|
46 |
|
|
47 |
XXX Do we have a hard-reboot, reconfigure-reboot, and/or soft-reboot
|
|
48 |
action? Otherwise we are going to build path knowledge somewhere else
|
|
49 |
in the packaging system.
|
|
50 |
|
105
|
51 |
<interface>
|
293
|
52 |
<action name="dependency" payload="false" commitment="Committed" />
|
|
53 |
<action name="directory" payload="false" commitment="Committed" />
|
|
54 |
<action name="hardlink" payload="false" commitment="Committed" />
|
|
55 |
<action name="legacy" payload="false" commitment="Committed" />
|
|
56 |
<action name="license" payload="true" commitment="Committed" />
|
|
57 |
<action name="link" payload="false" commitment="Committed" />
|
|
58 |
<action name="driver" payload="false" commitment="Committed" />
|
|
59 |
<action name="file" payload="true" commitment="Committed" />
|
|
60 |
<action name="group" payload="false" commitment="Committed" />
|
|
61 |
<action name="service" payload="true" commitment="Committed" />
|
|
62 |
<action name="user" payload="false" commitment="Committed" />
|
105
|
63 |
</interface>
|
|
64 |
|
|
65 |
1. Custom actions
|
|
66 |
|
|
67 |
It is discouraged, but certainly possible to deliver custom actions
|
|
68 |
into the appropriate $PYTHONROOT/vendor-packages/pkg directory, by
|
|
69 |
including those actions in a separate package that the new package
|
|
70 |
requires, and invoking the pkg(1) client twice--once to deliver the
|
|
71 |
custom actions and once to use them to install the new package.
|
|
72 |
(Rescanning pkg.actions would complicate the image plan/package plan
|
|
73 |
evaluations.)
|
|
74 |
|
|
75 |
The deployer may wish to deny such actions from operating. For this
|
|
76 |
case, the set of known actions is fixed elsewhere in the pkg modules
|
|
77 |
and updated with subsequent versions. A global and per-image policy,
|
|
78 |
known-actions-only, allows the deployer to disallow operations on
|
|
79 |
packages utilizing actions of unknown provenance.
|
|
80 |
|
|
81 |
<interface>
|
293
|
82 |
<policy name="known-actions-only" scope="global,image"
|
|
83 |
type="boolean" commitment="Committed">
|
|
84 |
Deployer control over execution of unknown actions.
|
|
85 |
</policy>
|
105
|
86 |
<interface>
|
|
87 |
|
|
88 |
|
293
|
89 |
Appendix A. Current class actions on Solaris NV.
|
|
90 |
|
|
91 |
$ grep -v none /tmp/summary | egrep 1\ \[ef\]\ | cut -d \ -f 3 | sort | uniq -c | sort -nr
|
|
92 |
152 manifest
|
|
93 |
129 preserve
|
|
94 |
45 renamenew
|
|
95 |
32 rbac
|
|
96 |
30 initd
|
|
97 |
30 fontsdir
|
|
98 |
17 fontsalias
|
|
99 |
16 appservenv
|
|
100 |
10 ttmapsdir
|
|
101 |
10 encodingsdir
|
|
102 |
8 renameold
|
|
103 |
6 build
|
|
104 |
5 tiservices
|
|
105 |
5 master
|
|
106 |
5 asenv
|
|
107 |
4 smfyes
|
|
108 |
4 services
|
|
109 |
4 immodules
|
|
110 |
4 fontsupr
|
|
111 |
4 fontsscale
|
|
112 |
4 fontenc
|
|
113 |
3 OWconfig
|
|
114 |
2 smfno
|
|
115 |
2 smf
|
|
116 |
2 sendmail
|
|
117 |
2 sed
|
|
118 |
2 owfontpath
|
|
119 |
2 fonttmap
|
|
120 |
2 devlink
|
|
121 |
2 append
|
|
122 |
1 ypnicknames
|
|
123 |
1 vfstab
|
|
124 |
1 ttysrch
|
|
125 |
1 ttydefs
|
|
126 |
1 ttmapkoi8
|
|
127 |
1 ttmap13
|
|
128 |
1 syslogconf
|
|
129 |
1 svmpreserve
|
|
130 |
1 sshdconfig
|
|
131 |
1 sock2path
|
|
132 |
1 shadow
|
|
133 |
1 sdconf
|
|
134 |
1 scsivhciconf
|
|
135 |
1 scsa2usbconf
|
|
136 |
1 sampleslist
|
|
137 |
1 rOWconfig
|
|
138 |
1 qlc
|
|
139 |
1 publickey
|
|
140 |
1 powerconf
|
|
141 |
1 policyconf
|
|
142 |
1 pkcs11confbase
|
|
143 |
1 passwd
|
|
144 |
1 papersize
|
|
145 |
1 pamconf
|
|
146 |
1 opensslcnf
|
|
147 |
1 nsswitch
|
|
148 |
1 nscd
|
|
149 |
1 nfssecconf
|
|
150 |
1 netconfig
|
|
151 |
1 ncalogd
|
|
152 |
1 ncakmod
|
|
153 |
1 nametomajor
|
|
154 |
1 minorperm
|
|
155 |
1 mailxrc
|
|
156 |
1 mach
|
|
157 |
1 logindevperm
|
|
158 |
1 logadmconf
|
|
159 |
1 localprofile
|
|
160 |
1 locallogin
|
|
161 |
1 krbconf
|
|
162 |
1 keytable
|
|
163 |
1 kclasses
|
|
164 |
1 kcfconfbase
|
|
165 |
1 iuap
|
|
166 |
1 iscsiconf
|
|
167 |
1 ipsecalgsbase
|
|
168 |
1 initupdate
|
|
169 |
1 inittab
|
|
170 |
1 init
|
|
171 |
1 inetdconf
|
|
172 |
1 ibnexconf
|
|
173 |
1 hosts
|
|
174 |
1 group
|
|
175 |
1 ftpusers
|
|
176 |
1 ftpaccess
|
|
177 |
1 fstypes
|
|
178 |
1 fpconf
|
|
179 |
1 fonttmap9
|
|
180 |
1 fonttmap7
|
|
181 |
1 fonttmap5
|
|
182 |
1 fonttmap4
|
|
183 |
1 fonttmap2
|
|
184 |
1 fonttmap15
|
|
185 |
1 fontenc9
|
|
186 |
1 fontenc7
|
|
187 |
1 fontenc5
|
|
188 |
1 fontenc4
|
|
189 |
1 fontenc13
|
|
190 |
1 etcsystem
|
|
191 |
1 etcrpc
|
|
192 |
1 etcremote
|
|
193 |
1 etcprofile
|
|
194 |
1 EtcDefLu
|
|
195 |
1 drvalias
|
|
196 |
1 dialers
|
|
197 |
1 dhcpinittab
|
|
198 |
1 devpolicy
|
|
199 |
1 devlinktab
|
|
200 |
1 defsu
|
|
201 |
1 defrpcnisd
|
|
202 |
1 defpasswd
|
|
203 |
1 defnfs
|
|
204 |
1 deflogin
|
|
205 |
1 definit
|
|
206 |
1 cronroot
|
|
207 |
1 configmapconf
|
|
208 |
1 bootenvrc
|
|
209 |
1 automaster
|
|
210 |
1 ataconf
|
|
211 |
1 adpconf
|
|
212 |
1 AddNoUpdate
|
|
213 |
|