Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
All, We have another vote besides myself (Thank you Darren). I am still waiting on a vote on the case by COB on Wednesday, June 30th, 2010. The contracts are in process. The contract for the ncurses usage is signed and has been place in the ncurses (LSARC 2008/524) case directory. The libzoneinfo contract is an extension of an existing contract to use an additional interface (isvalid_tz()). I expect this to be signed as soon as the responsible manager returns from vacation. The importing manager (Dana Barsan) has already signed the contract. Thus I believe that there are no outstanding issues for the case. Thanks, John On 06/21/10 01:10 AM, Darren J Moffat wrote: I vote to approve (I wasn't present at the meeting but I have reviewed the materials and opinion). ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
On 06/17/10 09:17 PM, John Fischer wrote: Please review these new materials and the draft opinion. Either provide feedback or vote on the case by COB Wednesday, June 30th, 2010. My vote is approve. -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
Thanks!! On 06/23/10 09:54 AM, Sebastien Roy wrote: On 06/17/10 09:17 PM, John Fischer wrote: Please review these new materials and the draft opinion. Either provide feedback or vote on the case by COB Wednesday, June 30th, 2010. My vote is approve. -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
I vote to approve (I wasn't present at the meeting but I have reviewed the materials and opinion). -- Darren J Moffat ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
PSARC members,
Updated opinion based upon feedback provided.
Case directory is updated.
Thanks,
John
?Oracle
Systems Architecture Committee
Oracle Proprietary/Need to Know
Subject: OpenSolaris Text Installer
Submitted by:Susan Sohn
File:
PSARC/2010/165/opinion.html
Date: TBD
Committee:John Fischer, TBD.
Product Approval Committee: N/A
1. Summary
The Text Installer is a mouseless, screen-oriented installer designed
for use
on SPARC and x86 systems that may not have graphics support such as many
server-class machines.
2. Decision Precedence Information
The project is approved as specified in reference [1].
The project may be delivered in a minor release of the ON Consolidation.
3. Interfaces
The project exports the following interfaces.
Interfaces Exported
Interface
Classification Comments
---
---
/usr/lib/text-install
UncommittedCLI
system/install/text-install
CommittedIPS package name
${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C
bridge
osol_install/tgt.so
Private to Target
Instantiation and
Target Discovery
${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C
bridge
osol_install/libzoneinfo.so
Private to /usr/lib/\
libzoneinfo.so
system/install-setup:default UncommittedSMF
Install service
The project imports the following interfaces.
Interfaces Imported
Interface Classification Comments
---
-
libzoneinfo.so.1 Contracted Private LSARC/2001/015
Python2.6 Uncommitted PSARC/2009/043
libdiskmgt.so.1 Consolidation LSARC/2004/743
Private
Distribution Constructor CommittedPSARC/2009/471
libncurses.soContracted Volatile LSARC/2008/524
menu.lst (grub)CommittedPSARC/2004/454
4. Opinion
This project had a successful inception review which did not have any major
concerns that could not be corrected by specification updates. Thus the
case
was approved by updating those specifications and taking an email vote. The
issues listed below reflect the substantial inception review issues.
4.1 Static IP and IPv6 Networking
The inception UI specifications discussed the longer term UI for setting
up the
various NICs. The project team stated that the current review was based
upon
allowing networking to be setup via NWAM or not established. Static and
IPv6
configurations will be reviewed in a future fast track and be based upon
the
interfaces for basic install network configuration case (PSARC/2010/164).
There will be documentation in the commitment materials explaining that the
Static IP and IPv6 Network section of the UI specification are not
covered by
this case (reference [2]). The committee was fine with the OpenSolaris Text
Installer not being dependent upon that case and following up with a
fast track.
4.2 text-install Command Installation Location
As specified the project installs text-installer into /usr/bin. When
questioned
about the usage of the command the project team stated that there are a
few edge
use cases where the end user might execute the command from a command
line. The
majority of uses would simply be to insert a disc and the text-installer
automatically starts on boot. The committee stated that perhaps a better
installation location might be /usr/lib. The project team has decided to
install
the text-installer into the /usr/lib directory. The committee was fine
with the
resolution of this issue.
4.3 Root and User Passwords Not Required
The committee noted that the root and user passwords are not required at
install
time. The project team stated that they were following current Best
Practices
with regards to installation technologies. The installation user is
warned that
the system will be installed in an unsafe manner. The committee was fine
with
the issue.
4.4
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
On 18/06/2010 16:08, John Fischer wrote: 4.4 User Installed as Primary Administrator The initial user installed by the Caiman installers have been given the Primary Administrator role. The committee pointed out that this role is going away. The issue was discussed in the Solaris Modernization case (PSARC/2010/067). In that case the project team agreed to modify the installers to: Primary Administrator is a Rights Profile not a Role. The distinction is very important. It is the fact that the profile is assigned directly to a user rather than a role what was the whole problem. Also Primary Administrator as a Rights Profile is not planned to go away. The advice of the security team was not to assign Primary Administrator to the initial user directly. The main reason this was done early on in the Caiman GUI installer was because other technology like the RBAC Console User profile wasn't available and neither was sudo. 1. remove the root password prompt 2. require an initial user login name and password 3. set the root password to the initial user password 4. the root is type=role 5. the initial user is granted the root role (type=normal;roles=root) 6. the initial user is put in /etc/sudoers -- presumable with all commands 7. the initial use is no longer granted the Primary Administrator Rights Profile initial user 8. the password hash algorithm is sha256 9. the root account password is installed as expired (passwd -f). sp_lstchg == 0 username:password:lastchg:min:max:warn:inactive:expire:flag sp_namp:sp_pwdp:sp_lstchg:sp_min:sp_max:sp_inact:ex_expire:sp_flag That is all fine. The specification for this case will be modified to reflect this requirement and deposited in the case directory as commitment materials (Appendix C - [1]). The committee was fine with the issue. 5. Minority Opinion(s) None 6. Advisory Information None 7. Appendices 7.1 Appendix A: Technical Changes Required None 7.2 Appendix B: Technical Changes Advised None 7.3 Appendix C: Reference Material Unless otherwise stated, path names are relative to the case directory (PSARC/2010/165). 1.commitment.materials/PSARC-Questionnaire.txt Standard PSARC Questionnaire 2.commitment.materials/ARC-CoverPage.html ARC cover page describing the case and documents included for review 3.commitment.materials/designdocv2.0.9.odt Text Installer Design Document Open Document Text format 4.commitment.materials/designdocv2.0.9.pdf Text Installer Design Document Portable Document Format 5.commitment.materials/spec10-21.html Solaris Caiman Text-based Installer UI Specification non-graphical format On 06/17/10 06:17 PM, John Fischer wrote: PSARC members, The project team has provided updated materials which have been placed under the commitment.materials directory. There is now an ARC cover page (ARC-CoverPage.html) which describes the changes between the inception and commitment materials. I have also added the attached draft opinion which is in the top level directory. There is also an HTML version of the draft opinion in the case directory. Please review these new materials and the draft opinion. Either provide feedback or vote on the case by COB Wednesday, June 30th, 2010. Thanks, John ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org -- Darren J Moffat ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
PSARC members,
Updated opinion includes grub.lst taxonomy updated to Committed
and Primary Administrator Rights Profile discussion updated.
Thanks,
John
Oracle
Systems Architecture Committee
Oracle Proprietary/Need to Know
Subject: OpenSolaris Text Installer
Submitted by: Susan Sohn
File: PSARC/2010/165/opinion.html
Date: TBD
Committee: John Fischer, TBD.
Product Approval Committee: N/A
1. Summary
The Text Installer is a mouseless, screen-oriented installer designed
for use
on SPARC and x86 systems that may not have graphics support such as many
server-class machines.
2. Decision Precedence Information
The project is approved as specified in reference [1].
The project may be delivered in a minor release of the ON Consolidation.
3. Interfaces
The project exports the following interfaces.
Interfaces Exported
Interface Classification Comments
--- ---
/usr/lib/text-install Uncommitted CLI
system/install/text-install Committed IPS package name
${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge
osol_install/tgt.so Private to Target
Instantiation and
Target Discovery
${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge
osol_install/libzoneinfo.so Private to /usr/lib/\
libzoneinfo.so
system/install-setup:default Uncommitted SMF Install service
The project imports the following interfaces.
Interfaces Imported
Interface Classification Comments
--- ---
libzoneinfo.so.1 Contracted Private LSARC/2001/015
Python2.6 Uncommitted PSARC/2009/043
libdiskmgt.so.1 Consolidation LSARC/2004/743
Private
Distribution Constructor Committed PSARC/2009/471
libncurses.so Contracted Volatile LSARC/2008/524
menu.lst (grub) Committed PSARC/2004/454
4. Opinion
This project had a successful inception review which did not have any major
concerns that could not be corrected by specification updates. Thus the
case
was approved by updating those specifications and taking an email vote. The
issues listed below reflect the substantial inception review issues.
4.1 Static IP and IPv6 Networking
The inception UI specifications discussed the longer term UI for setting
up the
various NICs. The project team stated that the current review was based
upon
allowing networking to be setup via NWAM or not established. Static and
IPv6
configurations will be reviewed in a future fast track and be based upon
the
“interfaces for basic install network configuration” case (PSARC/2010/164).
There will be documentation in the commitment materials explaining that the
Static IP and IPv6 Network section of the UI specification are not
covered by
this case (reference [2]). The committee was fine with the OpenSolaris Text
Installer not being dependent upon that case and following up with a
fast track.
4.2 text-install Command Installation Location
As specified the project installs text-installer into /usr/bin. When
questioned
about the usage of the command the project team stated that there are a
few edge
use cases where the end user might execute the command from a command
line. The
majority of uses would simply be to insert a disc and the text-installer
automatically starts on boot. The committee stated that perhaps a better
installation location might be /usr/lib. The project team has decided to
install
the text-installer into the /usr/lib directory. The committee was fine
with the
resolution of this issue.
4.3 Root and User Passwords Not Required
The committee noted that the root and user passwords are not required at
install
time. The project team stated that they were following current Best
Practices
with regards to installation technologies. The installation user is
warned that
the system will be installed in an unsafe manner. The committee was fine
with
the issue.
4.4 User Installed as Primary Administrator
The initial user installed by the Caiman installers have been given the
Primary
Administrator Rights Profile. The committee pointed out that this Rights
Profile
is going away. The issue was discussed in the Solaris Modernization case
(PSARC/2010/067). In that case the project team agreed to modify the
installers
to:
1. remove the root password prompt
2. require an initial user login name and password
3. set the root password to the initial user password
4. the root is type=role
5. the initial user is granted the root role (type=normal;roles=root)
6. the initial user is put in /etc/sudoers -- presumable with all commands
7. the initial use is no longer granted the Primary Administrator Rights
Profile
8. the password hash algorithm is sha256
9. the root account password is installed as expired (passwd -f).
sp_lstchg == 0
username:password:lastchg:min:max:warn:inactive:expire:flag
sp_namp:sp_pwdp:sp_lstchg:sp_min:sp_max:sp_inact:ex_expire:sp_flag
The specification for this case will be modified to reflect this
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
On 18/06/2010 17:03, Gary Winiger wrote: On 6/18/10 8:34 AM, Darren J Moffat wrote: On 18/06/2010 16:08, John Fischer wrote: 4.4 User Installed as Primary Administrator The initial user installed by the Caiman installers have been given the Primary Administrator role. The committee pointed out that this role is going away. The issue was discussed in the Solaris Modernization case (PSARC/2010/067). In that case the project team agreed to modify the installers to: Primary Administrator is a Rights Profile not a Role. The distinction is very important. It is the fact that the profile is assigned directly to a user rather than a role what was the whole problem. Also Primary Administrator as a Rights Profile is not planned to go away. Yes it is. PSARC/2009/652 User, RBAC and Labeled Networking Administration will be removing it along with all the suser and act type entries. Primary Administrator is a bug. With root as a role, there is no reason for Primary Administrator. Gary.. P.S. I'll be requesting a case date for 2009/652 shortly. Okay, didn't know about that. Given that can we have the reference put in this cases' opinion then. 7. the initial use is no longer granted the Primary Administrator Rights Profile initial user Yup. No matter how may times the 6 of us read this we didn't catch all the typos ;-( -- Darren J Moffat ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer email vote...
PSARC members,
The opinion has been updated (section 4.4) based upon Darren's and Gary's
feedback. The directory versions are updated. Again, I am looking for a
vote
by COB Wednesday, June 30th, 2010.
Gary, I did not say anything new about the IPv6 and Static IP section. I
suspect
that the project team will be forth coming with the fast track well
prior to the
GA of the product.
Thanks,
John
Oracle
Systems Architecture Committee
Oracle Proprietary/Need to Know
Subject: OpenSolaris Text Installer
Submitted by: Susan Sohn
File: PSARC/2010/165/opinion.html
Date: TBD
Committee: John Fischer, TBD.
Product Approval Committee: N/A
1. Summary
The Text Installer is a mouseless, screen-oriented installer designed
for use
on SPARC and x86 systems that may not have graphics support such as many
server-class machines.
2. Decision Precedence Information
The project is approved as specified in reference [1].
The project may be delivered in a minor release of the ON Consolidation.
3. Interfaces
The project exports the following interfaces.
Interfaces Exported
Interface Classification Comments
--- ---
/usr/lib/text-install Uncommitted CLI
system/install/text-install Committed IPS package name
${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge
osol_install/tgt.so Private to Target
Instantiation and
Target Discovery
${root}/lib/python2.6/vendor-packages/\ Consolidation Python to C bridge
osol_install/libzoneinfo.so Private to /usr/lib/\
libzoneinfo.so
system/install-setup:default Uncommitted SMF Install service
The project imports the following interfaces.
Interfaces Imported
Interface Classification Comments
--- ---
libzoneinfo.so.1 Contracted Private LSARC/2001/015
Python2.6 Uncommitted PSARC/2009/043
libdiskmgt.so.1 Consolidation LSARC/2004/743
Private
Distribution Constructor Committed PSARC/2009/471
libncurses.so Contracted Volatile LSARC/2008/524
menu.lst (grub) Committed PSARC/2004/454
4. Opinion
This project had a successful inception review which did not have any major
concerns that could not be corrected by specification updates. Thus the
case
was approved by updating those specifications and taking an email vote. The
issues listed below reflect the substantial inception review issues.
4.1 Static IP and IPv6 Networking
The inception UI specifications discussed the longer term UI for setting
up the
various NICs. The project team stated that the current review was based
upon
allowing networking to be setup via NWAM or not established. Static and
IPv6
configurations will be reviewed in a future fast track and be based upon
the
“interfaces for basic install network configuration” case (PSARC/2010/164).
There will be documentation in the commitment materials explaining that the
Static IP and IPv6 Network section of the UI specification are not
covered by
this case (reference [2]). The committee was fine with the OpenSolaris Text
Installer not being dependent upon that case and following up with a
fast track.
4.2 text-install Command Installation Location
As specified the project installs text-installer into /usr/bin. When
questioned
about the usage of the command the project team stated that there are a
few edge
use cases where the end user might execute the command from a command
line. The
majority of uses would simply be to insert a disc and the text-installer
automatically starts on boot. The committee stated that perhaps a better
installation location might be /usr/lib. The project team has decided to
install
the text-installer into the /usr/lib directory. The committee was fine
with the
resolution of this issue.
4.3 Root and User Passwords Not Required
The committee noted that the root and user passwords are not required at
install
time. The project team stated that they were following current Best
Practices
with regards to installation technologies. The installation user is
warned that
the system will be installed in an unsafe manner. The committee was fine
with
the issue.
4.4 User Installed as Primary Administrator
The initial user installed by the Caiman installers have been given the
Primary
Administrator Rights Profile. The committee pointed out that this Rights
Profile
is going away according to the User, RBAC and Labeled Networking
Administration
case (PSARC/2009/652). Furthermore, the issue was discussed in the Solaris
Modernization case (PSARC/2010/067). In that case the project team
agreed to
modify the installers to:
1. remove the root password prompt
2. require an initial user login name and password
3. set the root password to the initial user password
4. make the root account a role
5. the initial user is granted the root role (type=normal;roles=root)
6. the initial user is put in /etc/sudoers -- presumable with all commands
7. the initial use is no longer granted
Re: PSARC/2010/165 - OpenSolaris Text Installer
Thanks for summarizing and providing the answers John. John Fischer wrote: Alan pointed out that this says nothing about the user account being added to /etc/user_attr with the flags role=root or whether it continues the LiveCD/GUI installer bug of also adding profiles=Primary Administrator. For details, the LiveCD bug is reported as/discussed in: https://defect.opensolaris.org/bz/show_bug.cgi?id=4885 I believe PSARC discussed this issue previously in the sudo Interim Modernization cases. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? Is the user account created during the install granted any special privileges or roles? -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Off Topic, but your email raised the thought/question; Build 140 seems to have only a Text Installer ISO image available. Yet, I have not seen anyone point to documentation that tells the users what to expect with this, and what packages they would need to add after install if they wanted to end up with a Gnome desktop again, etc. What alias or person could point me at a page or wiki, release notes, or docs of any kind, so that we can learn what is different and what to expect from the current x86/x64 Text Installer CD image ? Thanks On 6/9/2010 1:38 PM, Alan Coopersmith wrote: It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? Is the user account created during the install granted any special privileges or roles? -- Oracle http://www.oracle.com Neal Pollack | Senior Manager Phone: +1 3103411123 tel:+1%203103411123 | Mobile: +1 3107047416 tel:+1%203107047416 Oracle Solaris Platform Software Engineering 222 N. Sepulveda Blvd, Floor 10 | El Segundo, CA 90245 Green Oracle http://www.oracle.com/commitment Oracle is committed to developing practices and products that help protect the environment ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
On 06/ 9/10 04:38 PM, Alan Coopersmith wrote: It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? The common case for IPv6 will likely be stateless address autoconfiguration, which doesn't require specifying a static IPv6 address. As a result, I would say no question need be asked about IPv6 addresses during an interactive install. The old interactive installer asked a do you want IPv6 enabled? question, but at this point, IPv6 should always be enabled, and the system should automatically get a global address if there is an IPv6 router advertising an IPv6 prefix on the network. This is already true with NWAM today, so perhaps we need to discuss what the installer needs to do to make that happen if it disables network/physical:nwam and enables network/physical:default... Alan, can you add this question to the issues file so that we can remember to cover it in more detail during the review please? Thanks, -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Neal, On 06/ 9/10 04:45 PM, Neal Pollack wrote: Off Topic Yes indeed. Please ask such questions directly to the appropriate project team members or to a more appropriate mailing list. This external mailing list is for open architecture reviews of specific PSARC cases, and mail sent here is expected to be part of the record of a case's architecture review. -Seb ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
On 06/09/10 13:38, Alan Coopersmith wrote: Is the user account created during the install granted any special privileges or roles? There are no special privileges, it is similar to the user account created by the livecd's gui installer. Sue ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Sue Sohn wrote: On 06/09/10 13:38, Alan Coopersmith wrote: Is the user account created during the install granted any special privileges or roles? There are no special privileges, it is similar to the user account created by the livecd's gui installer. The LiveCD GUI installer currently does assign extra priviledges to the account created though - it puts an entry in /etc/user_attr allowing that user to run commands as root via pfexec. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Sebastien Roy wrote: On 06/ 9/10 04:38 PM, Alan Coopersmith wrote: It appears the Network Configuration is IPv4 only. Shouldn't we be prepared for IPv6 at this point? The common case for IPv6 will likely be stateless address autoconfiguration, which doesn't require specifying a static IPv6 address. As a result, I would say no question need be asked about IPv6 addresses during an interactive install. The old interactive installer asked a do you want IPv6 enabled? question, but at this point, IPv6 should always be enabled, and the system should automatically get a global address if there is an IPv6 router advertising an IPv6 prefix on the network. This is already true with NWAM today, so perhaps we need to discuss what the installer needs to do to make that happen if it disables network/physical:nwam and enables network/physical:default... Alan, can you add this question to the issues file so that we can remember to cover it in more detail during the review please? I've put my two questions (the first as modified by Seb's comments) in the issues file as: alanc-1 What happens for IPv6 if static network configuration is chosen? alanc-2 Are any privileges, roles or other user_attr settings made for the user account created during installation? Aside from the case materials, I happen to know from out-of-band discussions with Install QA that there is currently an open bug where the text installer cannot be used on SPARC systems displaying on a local console device driven by a frame buffer without coherent console support. It's not clear where the bug lies (presumably something in the ncurses implementation is relying on something that is only supported by the in-kernel coherent console terminal emulator and not the OBP terminal emulator) - but is coherent console support going to be a dependency of this project or is that bug going to be root caused and fixed in either the installer or ncurses? -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
Re: PSARC/2010/165 - OpenSolaris Text Installer
Sue Sohn wrote: On 06/09/10 15:04, Alan Coopersmith wrote: Sue Sohn wrote: On 06/09/10 13:38, Alan Coopersmith wrote: Is the user account created during the install granted any special privileges or roles? There are no special privileges, it is similar to the user account created by the livecd's gui installer. The LiveCD GUI installer currently does assign extra priviledges to the account created though - it puts an entry in /etc/user_attr allowing that user to run commands as root via pfexec. For the user account, root is a role. I thought you meant something beyond that since root being a role was mentioned in the materials. Root being a role is why I suspected the user had more than basic privileges, but that wasn't called out in the case materials. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-arc mailing list opensolaris-arc@opensolaris.org
