On Sat, 18 Jul 2009, Cyril Plisko wrote: > On Sat, Jul 18, 2009 at 7:46 PM, Valerie Bubb > Fenwick<Valerie.Fenwick at sun.com> wrote: >> Hi Everyone - >> >> My integration yesterday for: >> 6852240 libelfsign should use pkcs11_softtoken instead of OpenSSL for >> FIPS-140 integrity checking >> 6851814 tools elfsign is unnecessarily linked against pkcs11_softtoken >> >> constitutes a flag day for all developers, particularly external developers. >> You need to make sure you have the closed binary tarball that corresponds >> with these bits, or you will get an infinite loop in cryptosvcs that will >> look something like this: >> >> Jul 18 15:11:05 moritz svc.startd[7]: [ID 122153 daemon.warning] >> svc:/system/cryptosvc:default: Method or service exit timed out. ?Killing >> contract 15. >> Jul 18 15:11:05 moritz kcf: [ID 949968 kern.warning] WARNING: Module >> verification door upcall failed for /kernel/crypto/amd64/arcfour. errno = 4 >> Jul 18 15:11:05 moritz svc.startd[7]: [ID 636263 daemon.warning] >> svc:/system/cryptosvc:default: Method "/sbin/cryptoadm start" failed due to >> signal KILL >> >> Unfortunately, it doesn't seem like the closed-bins tar ball has been >> updated >> since May 19, so right now these bits will be toxic for external developers, >> though there have been many other changes to the closed bins since that >> date, >> so I am surprised this is the first issue coming up. >> > > Actually the latest closed-bins for numbered build is b118 [1] and for > the midway update is for July 6 [2], which explains why there is no so > much unrest.
Hrm - I didn't see those. I followed the links from "opensolaris.org" and ended up here: http://dlc.sun.com/osol/on/downloads/current/ and those bits do not even have other changes I did to closed back in June. The way I got there: http://www.opensolaris.org/os/ Clicked on "Download" graphic at top of screen. http://www.opensolaris.org/os/downloads/ on the right, clicked on ON Consolidation, which comes to here: http://dlc.sun.com/osol/on/downloads/current/ > But still, things slowed down recently and updates are not posted as > timely as they used to be. > > [1] http://dlc.sun.com/osol/on/downloads/b118/ > [2] http://dlc.sun.com/osol/on/downloads/20090706/ And it seems that we point people to really old bits, which tells me either our links are out of date or we aren't updating "current" anymore. Either way, things are broken, and opensource folks need bits newer than July 6, too. Valerie -- Valerie Fenwick, http://blogs.sun.com/bubbva/ @bubbva Solaris Security Technologies, Developer, Sun Microsystems, Inc. 17 Network Circle, Menlo Park, CA, 94025.
