Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
All, We have another vote besides myself (Thank you Darren). I am still waiting on a vote on the case by COB on Wednesday, June 30th, 2010. The contracts are in process. The contract for the ncurses usage is signed and has been place in the ncurses (LSARC 2008/524) case directory. The libzoneinfo contract is an extension of an existing contract to use an additional interface (isvalid_tz()). I expect this to be signed as soon as the responsible manager returns from vacation. The importing manager (Dana Barsan) has already signed the contract. Thus I believe that there are no outstanding issues for the case. Thanks, John On 06/21/10 01:10 AM, Darren J Moffat wrote: I vote to approve (I wasn't present at the meeting but I have reviewed the materials and opinion). ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
On 06/17/10 09:17 PM, John Fischer wrote: Please review these new materials and the draft opinion. Either provide feedback or vote on the case by COB Wednesday, June 30th, 2010. My vote is approve. -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
Thanks!! On 06/23/10 09:54 AM, Sebastien Roy wrote: On 06/17/10 09:17 PM, John Fischer wrote: Please review these new materials and the draft opinion. Either provide feedback or vote on the case by COB Wednesday, June 30th, 2010. My vote is approve. -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
I vote to approve (I wasn't present at the meeting but I have reviewed the materials and opinion). -- Darren J Moffat ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
PSARC members, Updated opinion based upon feedback provided. Case directory is updated. Thanks, John ?Oracle Systems Architecture Committee Oracle Proprietary/Need to Know Subject: OpenSolaris Text Installer Submitted by:Susan Sohn File: PSARC/2010/165/opinion.html Date: TBD Committee:John Fischer, TBD. Product Approval Committee: N/A 1. Summary The Text Installer is a mouseless, screen-oriented installer designed for use on SPARC and x86 systems that may not have graphics support such as many server-class machines. 2. Decision Precedence Information The project is approved as specified in reference [1]. The project may be delivered in a minor release of the ON Consolidation. 3. Interfaces The project exports the following interfaces. Interfaces Exported Interface Classification Comments --- --- /usr/lib/text-install UncommittedCLI system/install/text-install CommittedIPS package name ${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge osol_install/tgt.so Private to Target Instantiation and Target Discovery ${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge osol_install/libzoneinfo.so Private to /usr/lib/\ libzoneinfo.so system/install-setup:default UncommittedSMF Install service The project imports the following interfaces. Interfaces Imported Interface Classification Comments --- - libzoneinfo.so.1 Contracted Private LSARC/2001/015 Python2.6 Uncommitted PSARC/2009/043 libdiskmgt.so.1 Consolidation LSARC/2004/743 Private Distribution Constructor CommittedPSARC/2009/471 libncurses.soContracted Volatile LSARC/2008/524 menu.lst (grub)CommittedPSARC/2004/454 4. Opinion This project had a successful inception review which did not have any major concerns that could not be corrected by specification updates. Thus the case was approved by updating those specifications and taking an email vote. The issues listed below reflect the substantial inception review issues. 4.1 Static IP and IPv6 Networking The inception UI specifications discussed the longer term UI for setting up the various NICs. The project team stated that the current review was based upon allowing networking to be setup via NWAM or not established. Static and IPv6 configurations will be reviewed in a future fast track and be based upon the interfaces for basic install network configuration case (PSARC/2010/164). There will be documentation in the commitment materials explaining that the Static IP and IPv6 Network section of the UI specification are not covered by this case (reference [2]). The committee was fine with the OpenSolaris Text Installer not being dependent upon that case and following up with a fast track. 4.2 text-install Command Installation Location As specified the project installs text-installer into /usr/bin. When questioned about the usage of the command the project team stated that there are a few edge use cases where the end user might execute the command from a command line. The majority of uses would simply be to insert a disc and the text-installer automatically starts on boot. The committee stated that perhaps a better installation location might be /usr/lib. The project team has decided to install the text-installer into the /usr/lib directory. The committee was fine with the resolution of this issue. 4.3 Root and User Passwords Not Required The committee noted that the root and user passwords are not required at install time. The project team stated that they were following current Best Practices with regards to installation technologies. The installation user is warned that the system will be installed in an unsafe manner. The committee was fine with the issue. 4.4
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
On 18/06/2010 16:08, John Fischer wrote: 4.4 User Installed as Primary Administrator The initial user installed by the Caiman installers have been given the Primary Administrator role. The committee pointed out that this role is going away. The issue was discussed in the Solaris Modernization case (PSARC/2010/067). In that case the project team agreed to modify the installers to: Primary Administrator is a Rights Profile not a Role. The distinction is very important. It is the fact that the profile is assigned directly to a user rather than a role what was the whole problem. Also Primary Administrator as a Rights Profile is not planned to go away. The advice of the security team was not to assign Primary Administrator to the initial user directly. The main reason this was done early on in the Caiman GUI installer was because other technology like the RBAC Console User profile wasn't available and neither was sudo. 1. remove the root password prompt 2. require an initial user login name and password 3. set the root password to the initial user password 4. the root is type=role 5. the initial user is granted the root role (type=normal;roles=root) 6. the initial user is put in /etc/sudoers -- presumable with all commands 7. the initial use is no longer granted the Primary Administrator Rights Profile initial user 8. the password hash algorithm is sha256 9. the root account password is installed as expired (passwd -f). sp_lstchg == 0 username:password:lastchg:min:max:warn:inactive:expire:flag sp_namp:sp_pwdp:sp_lstchg:sp_min:sp_max:sp_inact:ex_expire:sp_flag That is all fine. The specification for this case will be modified to reflect this requirement and deposited in the case directory as commitment materials (Appendix C - [1]). The committee was fine with the issue. 5. Minority Opinion(s) None 6. Advisory Information None 7. Appendices 7.1 Appendix A: Technical Changes Required None 7.2 Appendix B: Technical Changes Advised None 7.3 Appendix C: Reference Material Unless otherwise stated, path names are relative to the case directory (PSARC/2010/165). 1.commitment.materials/PSARC-Questionnaire.txt Standard PSARC Questionnaire 2.commitment.materials/ARC-CoverPage.html ARC cover page describing the case and documents included for review 3.commitment.materials/designdocv2.0.9.odt Text Installer Design Document Open Document Text format 4.commitment.materials/designdocv2.0.9.pdf Text Installer Design Document Portable Document Format 5.commitment.materials/spec10-21.html Solaris Caiman Text-based Installer UI Specification non-graphical format On 06/17/10 06:17 PM, John Fischer wrote: PSARC members, The project team has provided updated materials which have been placed under the commitment.materials directory. There is now an ARC cover page (ARC-CoverPage.html) which describes the changes between the inception and commitment materials. I have also added the attached draft opinion which is in the top level directory. There is also an HTML version of the draft opinion in the case directory. Please review these new materials and the draft opinion. Either provide feedback or vote on the case by COB Wednesday, June 30th, 2010. Thanks, John ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org -- Darren J Moffat ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
PSARC members, Updated opinion includes grub.lst taxonomy updated to Committed and Primary Administrator Rights Profile discussion updated. Thanks, John Oracle Systems Architecture Committee Oracle Proprietary/Need to Know Subject: OpenSolaris Text Installer Submitted by: Susan Sohn File: PSARC/2010/165/opinion.html Date: TBD Committee: John Fischer, TBD. Product Approval Committee: N/A 1. Summary The Text Installer is a mouseless, screen-oriented installer designed for use on SPARC and x86 systems that may not have graphics support such as many server-class machines. 2. Decision Precedence Information The project is approved as specified in reference [1]. The project may be delivered in a minor release of the ON Consolidation. 3. Interfaces The project exports the following interfaces. Interfaces Exported Interface Classification Comments --- --- /usr/lib/text-install Uncommitted CLI system/install/text-install Committed IPS package name ${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge osol_install/tgt.so Private to Target Instantiation and Target Discovery ${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge osol_install/libzoneinfo.so Private to /usr/lib/\ libzoneinfo.so system/install-setup:default Uncommitted SMF Install service The project imports the following interfaces. Interfaces Imported Interface Classification Comments --- --- libzoneinfo.so.1 Contracted Private LSARC/2001/015 Python2.6 Uncommitted PSARC/2009/043 libdiskmgt.so.1 Consolidation LSARC/2004/743 Private Distribution Constructor Committed PSARC/2009/471 libncurses.so Contracted Volatile LSARC/2008/524 menu.lst (grub) Committed PSARC/2004/454 4. Opinion This project had a successful inception review which did not have any major concerns that could not be corrected by specification updates. Thus the case was approved by updating those specifications and taking an email vote. The issues listed below reflect the substantial inception review issues. 4.1 Static IP and IPv6 Networking The inception UI specifications discussed the longer term UI for setting up the various NICs. The project team stated that the current review was based upon allowing networking to be setup via NWAM or not established. Static and IPv6 configurations will be reviewed in a future fast track and be based upon the “interfaces for basic install network configuration” case (PSARC/2010/164). There will be documentation in the commitment materials explaining that the Static IP and IPv6 Network section of the UI specification are not covered by this case (reference [2]). The committee was fine with the OpenSolaris Text Installer not being dependent upon that case and following up with a fast track. 4.2 text-install Command Installation Location As specified the project installs text-installer into /usr/bin. When questioned about the usage of the command the project team stated that there are a few edge use cases where the end user might execute the command from a command line. The majority of uses would simply be to insert a disc and the text-installer automatically starts on boot. The committee stated that perhaps a better installation location might be /usr/lib. The project team has decided to install the text-installer into the /usr/lib directory. The committee was fine with the resolution of this issue. 4.3 Root and User Passwords Not Required The committee noted that the root and user passwords are not required at install time. The project team stated that they were following current Best Practices with regards to installation technologies. The installation user is warned that the system will be installed in an unsafe manner. The committee was fine with the issue. 4.4 User Installed as Primary Administrator The initial user installed by the Caiman installers have been given the Primary Administrator Rights Profile. The committee pointed out that this Rights Profile is going away. The issue was discussed in the Solaris Modernization case (PSARC/2010/067). In that case the project team agreed to modify the installers to: 1. remove the root password prompt 2. require an initial user login name and password 3. set the root password to the initial user password 4. the root is type=role 5. the initial user is granted the root role (type=normal;roles=root) 6. the initial user is put in /etc/sudoers -- presumable with all commands 7. the initial use is no longer granted the Primary Administrator Rights Profile 8. the password hash algorithm is sha256 9. the root account password is installed as expired (passwd -f). sp_lstchg == 0 username:password:lastchg:min:max:warn:inactive:expire:flag sp_namp:sp_pwdp:sp_lstchg:sp_min:sp_max:sp_inact:ex_expire:sp_flag The specification for this case will be modified to reflect this
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
On 18/06/2010 17:03, Gary Winiger wrote: On 6/18/10 8:34 AM, Darren J Moffat wrote: On 18/06/2010 16:08, John Fischer wrote: 4.4 User Installed as Primary Administrator The initial user installed by the Caiman installers have been given the Primary Administrator role. The committee pointed out that this role is going away. The issue was discussed in the Solaris Modernization case (PSARC/2010/067). In that case the project team agreed to modify the installers to: Primary Administrator is a Rights Profile not a Role. The distinction is very important. It is the fact that the profile is assigned directly to a user rather than a role what was the whole problem. Also Primary Administrator as a Rights Profile is not planned to go away. Yes it is. PSARC/2009/652 User, RBAC and Labeled Networking Administration will be removing it along with all the suser and act type entries. Primary Administrator is a bug. With root as a role, there is no reason for Primary Administrator. Gary.. P.S. I'll be requesting a case date for 2009/652 shortly. Okay, didn't know about that. Given that can we have the reference put in this cases' opinion then. 7. the initial use is no longer granted the Primary Administrator Rights Profile initial user Yup. No matter how may times the 6 of us read this we didn't catch all the typos ;-( -- Darren J Moffat ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
PSARC members, The opinion has been updated (section 4.4) based upon Darren's and Gary's feedback. The directory versions are updated. Again, I am looking for a vote by COB Wednesday, June 30th, 2010. Gary, I did not say anything new about the IPv6 and Static IP section. I suspect that the project team will be forth coming with the fast track well prior to the GA of the product. Thanks, John Oracle Systems Architecture Committee Oracle Proprietary/Need to Know Subject: OpenSolaris Text Installer Submitted by: Susan Sohn File: PSARC/2010/165/opinion.html Date: TBD Committee: John Fischer, TBD. Product Approval Committee: N/A 1. Summary The Text Installer is a mouseless, screen-oriented installer designed for use on SPARC and x86 systems that may not have graphics support such as many server-class machines. 2. Decision Precedence Information The project is approved as specified in reference [1]. The project may be delivered in a minor release of the ON Consolidation. 3. Interfaces The project exports the following interfaces. Interfaces Exported Interface Classification Comments --- --- /usr/lib/text-install Uncommitted CLI system/install/text-install Committed IPS package name ${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge osol_install/tgt.so Private to Target Instantiation and Target Discovery ${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge osol_install/libzoneinfo.so Private to /usr/lib/\ libzoneinfo.so system/install-setup:default Uncommitted SMF Install service The project imports the following interfaces. Interfaces Imported Interface Classification Comments --- --- libzoneinfo.so.1 Contracted Private LSARC/2001/015 Python2.6 Uncommitted PSARC/2009/043 libdiskmgt.so.1 Consolidation LSARC/2004/743 Private Distribution Constructor Committed PSARC/2009/471 libncurses.so Contracted Volatile LSARC/2008/524 menu.lst (grub) Committed PSARC/2004/454 4. Opinion This project had a successful inception review which did not have any major concerns that could not be corrected by specification updates. Thus the case was approved by updating those specifications and taking an email vote. The issues listed below reflect the substantial inception review issues. 4.1 Static IP and IPv6 Networking The inception UI specifications discussed the longer term UI for setting up the various NICs. The project team stated that the current review was based upon allowing networking to be setup via NWAM or not established. Static and IPv6 configurations will be reviewed in a future fast track and be based upon the “interfaces for basic install network configuration” case (PSARC/2010/164). There will be documentation in the commitment materials explaining that the Static IP and IPv6 Network section of the UI specification are not covered by this case (reference [2]). The committee was fine with the OpenSolaris Text Installer not being dependent upon that case and following up with a fast track. 4.2 text-install Command Installation Location As specified the project installs text-installer into /usr/bin. When questioned about the usage of the command the project team stated that there are a few edge use cases where the end user might execute the command from a command line. The majority of uses would simply be to insert a disc and the text-installer automatically starts on boot. The committee stated that perhaps a better installation location might be /usr/lib. The project team has decided to install the text-installer into the /usr/lib directory. The committee was fine with the resolution of this issue. 4.3 Root and User Passwords Not Required The committee noted that the root and user passwords are not required at install time. The project team stated that they were following current Best Practices with regards to installation technologies. The installation user is warned that the system will be installed in an unsafe manner. The committee was fine with the issue. 4.4 User Installed as Primary Administrator The initial user installed by the Caiman installers have been given the Primary Administrator Rights Profile. The committee pointed out that this Rights Profile is going away according to the User, RBAC and Labeled Networking Administration case (PSARC/2009/652). Furthermore, the issue was discussed in the Solaris Modernization case (PSARC/2010/067). In that case the project team agreed to modify the installers to: 1. remove the root password prompt 2. require an initial user login name and password 3. set the root password to the initial user password 4. make the root account a role 5. the initial user is granted the root role (type=normal;roles=root) 6. the initial user is put in /etc/sudoers -- presumable with all commands 7. the initial use is no longer granted
Re: PSARC/2010/165 - OpenSolaris Text Installer
Thanks for summarizing and providing the answers John. John Fischer wrote: Alan pointed out that this says nothing about the user account being added to /etc/user_attr with the flags role=root or whether it continues the LiveCD/GUI installer bug of also adding profiles=Primary Administrator. For details, the LiveCD bug is reported as/discussed in: https://defect.opensolaris.org/bz/show_bug.cgi?id=4885 I believe PSARC discussed this issue previously in the sudo Interim Modernization cases. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? Is the user account created during the install granted any special privileges or roles? -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Off Topic, but your email raised the thought/question; Build 140 seems to have only a Text Installer ISO image available. Yet, I have not seen anyone point to documentation that tells the users what to expect with this, and what packages they would need to add after install if they wanted to end up with a Gnome desktop again, etc. What alias or person could point me at a page or wiki, release notes, or docs of any kind, so that we can learn what is different and what to expect from the current x86/x64 Text Installer CD image ? Thanks On 6/9/2010 1:38 PM, Alan Coopersmith wrote: It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? Is the user account created during the install granted any special privileges or roles? -- Oracle http://www.oracle.com Neal Pollack | Senior Manager Phone: +1 3103411123 tel:+1%203103411123 | Mobile: +1 3107047416 tel:+1%203107047416 Oracle Solaris Platform Software Engineering 222 N. Sepulveda Blvd, Floor 10 | El Segundo, CA 90245 Green Oracle http://www.oracle.com/commitment Oracle is committed to developing practices and products that help protect the environment ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
On 06/ 9/10 04:38 PM, Alan Coopersmith wrote: It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? The common case for IPv6 will likely be stateless address autoconfiguration, which doesn't require specifying a static IPv6 address. As a result, I would say no question need be asked about IPv6 addresses during an interactive install. The old interactive installer asked a do you want IPv6 enabled? question, but at this point, IPv6 should always be enabled, and the system should automatically get a global address if there is an IPv6 router advertising an IPv6 prefix on the network. This is already true with NWAM today, so perhaps we need to discuss what the installer needs to do to make that happen if it disables network/physical:nwam and enables network/physical:default... Alan, can you add this question to the issues file so that we can remember to cover it in more detail during the review please? Thanks, -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Neal, On 06/ 9/10 04:45 PM, Neal Pollack wrote: Off Topic Yes indeed. Please ask such questions directly to the appropriate project team members or to a more appropriate mailing list. This external mailing list is for open architecture reviews of specific PSARC cases, and mail sent here is expected to be part of the record of a case's architecture review. -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
On 06/09/10 13:38, Alan Coopersmith wrote: Is the user account created during the install granted any special privileges or roles? There are no special privileges, it is similar to the user account created by the livecd's gui installer. Sue ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Sue Sohn wrote: On 06/09/10 13:38, Alan Coopersmith wrote: Is the user account created during the install granted any special privileges or roles? There are no special privileges, it is similar to the user account created by the livecd's gui installer. The LiveCD GUI installer currently does assign extra priviledges to the account created though - it puts an entry in /etc/user_attr allowing that user to run commands as root via pfexec. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Sebastien Roy wrote: On 06/ 9/10 04:38 PM, Alan Coopersmith wrote: It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? The common case for IPv6 will likely be stateless address autoconfiguration, which doesn't require specifying a static IPv6 address. As a result, I would say no question need be asked about IPv6 addresses during an interactive install. The old interactive installer asked a do you want IPv6 enabled? question, but at this point, IPv6 should always be enabled, and the system should automatically get a global address if there is an IPv6 router advertising an IPv6 prefix on the network. This is already true with NWAM today, so perhaps we need to discuss what the installer needs to do to make that happen if it disables network/physical:nwam and enables network/physical:default... Alan, can you add this question to the issues file so that we can remember to cover it in more detail during the review please? I've put my two questions (the first as modified by Seb's comments) in the issues file as: alanc-1 What happens for IPv6 if static network configuration is chosen? alanc-2 Are any privileges, roles or other user_attr settings made for the user account created during installation? Aside from the case materials, I happen to know from out-of-band discussions with Install QA that there is currently an open bug where the text installer cannot be used on SPARC systems displaying on a local console device driven by a frame buffer without coherent console support. It's not clear where the bug lies (presumably something in the ncurses implementation is relying on something that is only supported by the in-kernel coherent console terminal emulator and not the OBP terminal emulator) - but is coherent console support going to be a dependency of this project or is that bug going to be root caused and fixed in either the installer or ncurses? -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Sue Sohn wrote: On 06/09/10 15:04, Alan Coopersmith wrote: Sue Sohn wrote: On 06/09/10 13:38, Alan Coopersmith wrote: Is the user account created during the install granted any special privileges or roles? There are no special privileges, it is similar to the user account created by the livecd's gui installer. The LiveCD GUI installer currently does assign extra priviledges to the account created though - it puts an entry in /etc/user_attr allowing that user to run commands as root via pfexec. For the user account, root is a role. I thought you meant something beyond that since root being a role was mentioned in the materials. Root being a role is why I suspected the user had more than basic privileges, but that wasn't called out in the case materials. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org