Dave Miner wrote: > Casper.Dik at Sun.COM wrote: > >>> As I am unfamiliar with building repositories in a miniroot, I am >>> adding back install-discuss to this thread in the case that they >>> might be able to help you out. >> >> >>> I know how to do this in the running system, but how to do this in a >>> miniroot I would only be guessing really. ( see following ) >> >> >> Check the postinstall script of SUNWsibi and you'll see how the >> miniroot's repository is currently modified from the standard >> one. >> >>> But I would wait for comfirmation that above is actually ok to do in >>> relation to a miniroot. >> >> >> Confirmation from who? >> > > Yeah, that's a good question. In principle it's fine, the devil's in > the details of testing.
I don't test this personally, but I'm willing to test any patches that are generated to fix this, once I get notice. I guess if a patch uses any of the svc commands it will necessitate that the jumpstart server be on 10. Currently we use an s9 server to serve all our images from s8 to nevada builds. Might be worth remembering when conmstructing a patch that mucks with svc repositories. Enda > >> The beauty of this is that we can back-patch this in SUNWsibi and that >> would repair the miniroot. >> >> The list of offending files is small: >> >> >> "e" files (3): >> >> /etc/inittab >> /etc/shadow >> /etc/system >> >> "f" files (8): >> /lib/svc/method/devices-local >> /lib/svc/method/fs-usr >> /lib/svc/method/identity-node >> /lib/svc/method/manifest-import >> /lib/svc/method/net-loopback >> /lib/svc/method/net-physical >> /sbin/rc2 >> /sbin/sulogin >> >> and with this manifest modification we've gotten rid of 6 out of 11; 6 >> of 8 "f" files (f files are those of which editing is illegal) >> >> /etc/rc2 can be improved upon by install the script somewhere else and >> changing start/exec for multi-user. >> >> >> The "e" files, I'm not sure if they are edited in a way which is bad >> (risk is lower, anyway) >> >> But a lot of programs have intimate knowledge of "sulogin". >> (But three of those are shipped as part of SUNWsibi) >> >> But sulogin's function might be easy to fake by changing the >> password and shadow files. >> >> (It's unclear to me why the passwd and shadow file are moved to the >> writable >> "/tmp_proto" area.) >> > > In the case of shadow, it's because sysidtool updates it with the root > password setting. passwd is probably also updated as a byproduct of the > underlying implementation, even though it doesn't actually change. > > Dave
