blob: cfe56e406924561f2e4985f3cc27675b2d8dfeba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "%Z%%M% %I% %E% SMI"
#
# This postinstall script "clones" the policy for aes/arcfour/blowfish to the
# encryption kit aes256, arcfour2048, and blowfish448 modules.
# Because we want to do the policy cloning and only have one of the kernel
# providers enabled we can't use the i.kcfconf class action script.
# We can't run cryptoadm(1m) here because it might not be available yet.
kcfconf=$BASEDIR/etc/crypto/kcf.conf
ipsecalgs=$BASEDIR/etc/inet/ipsecalgs
if [ ! -r $kcfconf ]; then
echo "/etc/crypto/kcf.conf not found, this may be an attempt to \c"
echo "install this package on an incorrect release of Solaris"
exit 2
fi
# No release that has kcf.conf does NOT have ipsecalgs, so no need to check.
cp $kcfconf ${kcfconf}.tmp
sed -e 's/^aes:/aes256:/' -e 's/^blowfish:/blowfish448:/' -e \
's/^arcfour:/arcfour2048:/' \
$kcfconf > ${kcfconf}.tmp
mv -f ${kcfconf}.tmp $kcfconf
cp $ipsecalgs ${ipsecalgs}.tmp
sed -e 's/_CBC|128\/32-128,8/_CBC|128\/32-448,8/' \
-e 's/AES_CBC|128|/AES_CBC|128\/128-256,64|/' \
$ipsecalgs > ${ipsecalgs}.tmp
mv -f ${ipsecalgs}.tmp $ipsecalgs
if [ ${BASEDIR:="/"} = "/" ]; then
[ -x /usr/sbin/cryptoadm ] && /usr/sbin/cryptoadm refresh
[ -x /usr/sbin/ipsecalgs ] && /usr/sbin/ipsecalgs -s
fi
exit 0
|
