Ethan Quach wrote: > > > Peter Harvey wrote: >> Talking of the SUNWicda issues we had the following P1 bug passed to >> us (Solaris RPE, Data team): >> >> 6481557 patch T118833-29 will not install in miniroot >> <http://monaco.sfbay/detail.jsf?cr=6481557> >> >> I added the following to the bug: >> >> === >> >> I'm not a SBD expert but here's my analysis: >> >> In essence, we need to ship SUNWicda in a patch that can be applied to >> the mini-root of network install images. >> >> The dependency was created by this fix: >> >> 6438773 install needs way of (de)selecting Secure by default > > We should not be creating a patch for this bugfix. This is a new > miniroot feature in the S10U3 release and should only be available in > S10U3. We don't patch miniroot features into existence! If a customer > wants support for SBD at Install time, they install S10U3.
I need to clarify this statement. The patch should be available to be applied onto installed systems, but it shouldn't be applied to the miniroot. > > >> >> It introduced a change in sysidget which checks for a new install >> profile option called "service_profile" which can be "limited_net" or >> "open". See: >> >> <http://www.opensolaris.org/os/community/security/projects/sbd/sbd_design> >> >> >> So if the latest KU, which contains SBD bits is installed in the >> mini-root the resulting boot image may not install properly unless the >> updated sysidget binary is also present - hence the dependency check. >> >> I've no idea of the history of the prepatch script and I don't believe >> they are versioned. It's thus difficult to determine quite why the >> changes were made, when and by whom. >> >> Given that we *must* be able to apply the KU to any Solaris 10 net >> install image and SBD requires sysidget with the SBD changes, then we >> must make the updated SUNWicda package available somewhere - probably >> as a patch. >> >> We can't make the KU depend on the proposed SUNWicda patch as it's >> only required when patching the mini-root. >> >> === >> >> -- Peter >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> install-discuss mailing list >> install-discuss at opensolaris.org >> http://opensolaris.org/mailman/listinfo/install-discuss > _______________________________________________ > install-discuss mailing list > install-discuss at opensolaris.org > http://opensolaris.org/mailman/listinfo/install-discuss
