Re: [FW1] SP2 and Armoring - The Fix :)

Thu, 27 Jul 2000 19:47:16 -0700 


On Thu, 27 Jul 2000, Rioles, Kevin wrote:

> Lance, have you seen any issues with 4.1 SP1 on any boxes armored via your
> scripts?  All of my boxes are working, but can not be upgraded to SP2
> because they don't have the $FWDIR/boot directory used in the patch scripts.

NOTE: The following applies only to Solaris (to the best of my knowledge)

Kevin, the problem you are describing does not have anything to do with
the armoring script (good guess though).  The problem is because of the
core OS installation.  Specifically,  /usr/ucb/ln was not installed with 
the core OS installation for FW 4.1 or 4.1 SP1.  As a result, most 
likely a symlink does not exist to /opt/CPfw1-41/boot.  If you do NOT have the 
following dir, you will have a problem upgrading to SP2

firewall #ls -l /opt/CPfw1-41/boot
lrwxrwxrwx   1 root     root          12 Jul 27  2000 /opt/CPfw1-41/boot -> 
/etc/fw.boot

If the above directory does NOT exist, do not panic, it is merely a sym
link.  All you should have to do to correct this is execute the following
command.

ln -s /etc/fw.boot /opt/CPfw1-41/boot

This will create the sym link that SP2 requires and should fix the problem.

WHY THE PROBLEM?
----------------
If you installed FW 4.1 or FW 4.1 SP1 without /usr/ucb/ln installed, the
above link was never created. However it appears the firewall operates just
fine without the link.  However, the SP2 upgrade requires the sym link and 
generates the errors. Thats why we are running into the gotcha now.

None of this would be a problem if CheckPoint just used the standard /bin/ls
instead of requiring the additional Berkely compatible binaries :)

The Armoring Solaris Core installation checklist has been updated to reflect
this.

> The package Lance was referring to in "SP2 Upgrade Not Working" was SUNWscpu
> (on Solaris 2.6).  I have a Firewall-1 2000 CD (the one with SP1 on the CD),
> and I installed it without having the SUNWscpu on my system(s).  Because of
> the difficulties I had with SP2, I decided to check a couple of my other
> firewalls to see if the patch worked there, and it did not.  I pkgrm'ed the
> firewall software, added SUNWscpu, and re-installed from the Firewall-1 2000
> CD WITHOUT ANY ERRORS.  I then added SP2, also without any errors.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to