My changeset with the fix for
6855998 put signed crypto in its own tarball, not with the closed bins
changes the way the ON build tools deal with signed cryptographic
binaries. These changes are a flag day for external developers and
for projects that post files for external developers to build (i.e.,
those that use nightly's cap-oh flag). This is also a heads-up
message for anyone who uses the internal signing server to sign
cryptographic binaries.
Most internal developers will not be affected by these changes, as
long as they build with usr/closed present.
External developers:
The signed cryptographic binaries that have been included in the
closed-bins tarball now live in their own tarball. The next time
you update your sources, tools, or closed binaries from
opensolaris.org, you will need to update all of them, and you'll
need to download a crypto tarball. This new tarball is needed to
build, so any time you would update your closed binaries, you'll
also want to update the crypto tarball.
I recommend that you download the crypto tarball to the top of your
workspace (i.e., $CODEMGR_WS). Then add these lines to your
environment file:
ON_CRYPTO_BINS="$CODEMGR_WS/on-crypto.$MACH.tar.bz2"
export ON_CRYPTO_BINS
(after the lines that define CODEMGR_WS and MACH, of course). Note
that you do not need to unpack the tarball.
You can get the crypto tarball from
http://dlc.sun.com/osol/on/downloads/nightly-crypto.
If you do non-debug builds, you'll also need the on-crypto-nd
tarball. Use the same ON_CRYPTO_BINS setting above; the tools will
adjust for a non-debug build and unpack the appropriate tarball.
The cap-eye Install script has been modified to use the new crypto
tarball. ON_CRYPTO_BINS must be set. I recommend using bldenv to
set up your environment before running Install.
Projects that use "nightly -O":
The signed cryptographic binaries that have been included in the
closed-bins tarball now live in their own tarball. You will need to
post this tarball along with the closed-bins tarball. If you
provide non-debug binaries, you'll have two crypto tarballs to post.
Please note that the crypto tarball(s) will be delivered in the
packages tree, rather than in the top level of your workspace. The
delivery details are the same as for signing builds (see below for
details).
nightly(1) will require that you provide a crypto tarball as input.
You'll normally get this from onnv-gate. If you want to use the
crypto from onnv-gate's most recent nightly build, you can put this
in your environment file:
ON_CRYPTO_BINS=/net/onnv.sfbay/export/onnv-gate/packages/$MACH/on-crypto.$MACH.tar.bz2
export ON_CRYPTO_BINS
If you want to use the crypto from a specific nightly build, older
copies will be in the same directory; modify your ON_CRYPTO_BINS
setting appropriately.
As described above (under "External developers"), the tools will do
the Right Thing for non-debug builds.
You may need to wait until tomorrow for the next nightly gate build
for the first crypto tarball to appear.
Signing builds:
If your builds sign the crypto binaries for execution outside Sun,
your builds will now generate a tarball that contains the signed
binaries. (If you build both debug and non-debug, you'll get two
tarballs.) The tarball(s) will be deposited in the parent of
$PKGARCHIVE (e.g., packages/$MACH). They will be date-stamped, with
a symbolic link pointing to the latest one.
mike
