Matthieu Boyer wrote:
Hello and apologies if this isn't the appropriate list for this post.
I ran into a packaging-related issue last week when upgrading an ipkg
zone from 2008.11 to snv_108 from the dev repository. The problem
manifested itself by a failure to ssh into the upgraded zone.
I posted the details on security-discuss (here:
http://www.opensolaris.org/jive/thread.jspa?threadID=96270 ) and it
turns out that:
a) The ssh daemon needs /usr/bin/locale to run properly.
/usr/bin/locale is delivered within SUNWloc.
b) In the world of SysV packages, that dependency is declared
explicitly between SUNWsshdu and SUNWloc
(http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/pkgdefs/SUNWsshdu/depend)
c) As far as I can tell, that dependency isn't declared in the
manifest for SUNWsshd. As I understand it, SUNWsshd replaces both
SUNWsshdu and SUNWsshdr while also declaring them as legacy_pkg.
I would like to know whether the dependency declared in the pkgdef
for SUNWsshdu carries over into the SUNWsshd IPS package even though
it's not explictly declared in SUNWsshd's manifest
(http://pkg.opensolaris.org/dev/manifest/0/SUNWsshd%400.5.11%2C5.11-0.108%3A20090218T054853Z).
As shown in the original post on security-discuss, I was able to
create an ipkg local zone from a 2008.11 install that didn't include
SUNWloc, so it doesn't look like it does.
If it is indeed confirmed that there is currently no dependency in
IPS between SUNWsshd and SUNWloc, could such a dependency be declared
going forward? CR6432078 is relevant to this request.
I'm really not sure how I managed to ssh into the local zone after it
was created on 2008.11 with /usr/bin/locale missing, but I know that
I couldn't ssh into my zone after I did 'pkg image-update' on its zbe
owing to the absence of SUNWloc. I believe this is a rather serious
issue and would appreciate some help from people familiar with the
process of packaging OpenSolaris.
This is a bug in the OpenSolaris distro....
7158 Sun SSH daemon crashes if /usr/bin/locale isn't present
This is of course actually two bugs - 1) the crash, and 2) a missing
dependency.
- Bart
--
Bart Smaalders Solaris Kernel Performance
[email protected] http://blogs.sun.com/barts
"You will contribute more with mercurial than with thunderbird."
_______________________________________________
indiana-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
