diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/lib/pkcs11/Makefile | 18 | ||||
| -rw-r--r-- | usr/src/tools/SUNWonbld/prototype_com | 4 | ||||
| -rw-r--r-- | usr/src/tools/codesign/Makefile | 3 | ||||
| -rw-r--r-- | usr/src/tools/codesign/findcrypto.sh | 71 | ||||
| -rw-r--r-- | usr/src/tools/codesign/signproto.sh | 43 | ||||
| -rw-r--r-- | usr/src/tools/env/developer.sh | 7 | ||||
| -rw-r--r-- | usr/src/tools/env/gatekeeper.sh | 7 | ||||
| -rw-r--r-- | usr/src/tools/env/opensolaris.sh | 6 | ||||
| -rw-r--r-- | usr/src/tools/opensolaris/README.opensolaris.tmpl | 82 | ||||
| -rw-r--r-- | usr/src/tools/scripts/Install.1 | 9 | ||||
| -rw-r--r-- | usr/src/tools/scripts/Install.sh | 149 | ||||
| -rw-r--r-- | usr/src/tools/scripts/Makefile | 3 | ||||
| -rw-r--r-- | usr/src/tools/scripts/bindrop.sh | 147 | ||||
| -rw-r--r-- | usr/src/tools/scripts/cryptodrop.sh | 162 | ||||
| -rw-r--r-- | usr/src/tools/scripts/mktpl.pl | 49 | ||||
| -rw-r--r-- | usr/src/tools/scripts/nightly.1 | 38 | ||||
| -rw-r--r-- | usr/src/tools/scripts/nightly.sh | 407 | ||||
| -rw-r--r-- | usr/src/uts/intel/Makefile.intel.shared | 20 | ||||
| -rw-r--r-- | usr/src/uts/sparc/Makefile.sparc.shared | 18 | ||||
| -rw-r--r-- | usr/src/uts/sun4u/Makefile.sun4u.shared | 11 | ||||
| -rw-r--r-- | usr/src/uts/sun4v/Makefile.sun4v.shared | 7 |
21 files changed, 886 insertions, 375 deletions
diff --git a/usr/src/lib/pkcs11/Makefile b/usr/src/lib/pkcs11/Makefile index cf1bdd390c..7d14efdd5c 100644 --- a/usr/src/lib/pkcs11/Makefile +++ b/usr/src/lib/pkcs11/Makefile @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # lib/pkcs11/Makefile @@ -36,18 +36,10 @@ CHECKHDRS = $(HDRDIR)/cryptoki.h SUBDIRS = \ libpkcs11 \ libsoftcrypto \ - libkcfd - -# -# Don't build these for OpenSolaris, since they will be replaced by -# binaries that are signed by ON Gatekeepers. -# -$(CLOSED_BUILD)SUBDIRS += \ - pkcs11_kernel \ - pkcs11_softtoken \ - pkcs11_tpm - -$(CLOSED_BUILD)SUBDIRS += $($(MACH)_SUBDIRS) + libkcfd \ + pkcs11_kernel \ + pkcs11_softtoken \ + pkcs11_tpm all := TARGET= all clean := TARGET= clean diff --git a/usr/src/tools/SUNWonbld/prototype_com b/usr/src/tools/SUNWonbld/prototype_com index ec5eafab22..69e5dec056 100644 --- a/usr/src/tools/SUNWonbld/prototype_com +++ b/usr/src/tools/SUNWonbld/prototype_com @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -60,12 +60,14 @@ f none opt/onbld/bin/check_rtime 555 root bin f none opt/onbld/bin/checkpaths 555 root bin f none opt/onbld/bin/checkproto 555 root bin f none opt/onbld/bin/copyrightchk 555 root bin +f none opt/onbld/bin/cryptodrop 555 root bin f none opt/onbld/bin/cstyle 555 root bin f none opt/onbld/bin/ctfcvtptbl 555 root bin f none opt/onbld/bin/ctffindmod 555 root bin f none opt/onbld/bin/elfcmp 555 root bin f none opt/onbld/bin/elfsigncmp 555 root bin f none opt/onbld/bin/find_elf 555 root bin +f none opt/onbld/bin/findcrypto 555 root bin f none opt/onbld/bin/flg.flp 555 root bin f none opt/onbld/bin/genoffsets 555 root bin f none opt/onbld/bin/get_depend_info 555 root bin diff --git a/usr/src/tools/codesign/Makefile b/usr/src/tools/codesign/Makefile index 38e11a7003..71a2bf55c4 100644 --- a/usr/src/tools/codesign/Makefile +++ b/usr/src/tools/codesign/Makefile @@ -19,11 +19,12 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # SHFILES= \ + findcrypto \ signproto PERLFILES= \ diff --git a/usr/src/tools/codesign/findcrypto.sh b/usr/src/tools/codesign/findcrypto.sh new file mode 100644 index 0000000000..8d37a3817e --- /dev/null +++ b/usr/src/tools/codesign/findcrypto.sh @@ -0,0 +1,71 @@ +#!/bin/ksh +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# + +# +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# + +# findcrypto cred_file +# +# Utility to find cryptographic modules in the proto area. Prints out +# one line for each binary, using the form +# +# cred path +# +# where "path" identifies the binary (relative to $ROOT), and "cred" +# says how the binary should get signed. +# +# The cred_file argument is the same as for signproto.sh. +# + +# Directories in proto area that may contain crypto objects +DIRS="platform kernel usr/lib/security" + +# Read list of credentials and regular expressions +n=0 +grep -v "^#" $1 | while read c r +do + cred[$n]=$c + regex[$n]=$r + (( n = n + 1 )) +done + +# Search proto area for crypto modules +cd $ROOT +find $DIRS -type f -print | while read f; do + s=`elfsign list -f signer -e $f 2>/dev/null` + if [[ $? != 0 ]]; then + continue + fi + # Determine credential based on signature + i=0 + while [[ i -lt n ]]; do + if expr "$s" : ".*${regex[i]}" >/dev/null; then + echo "${cred[i]} $f" + break + fi + (( i = i + 1 )) + done +done + +exit 0 diff --git a/usr/src/tools/codesign/signproto.sh b/usr/src/tools/codesign/signproto.sh index 967d48e87e..585c5e0bd4 100644 --- a/usr/src/tools/codesign/signproto.sh +++ b/usr/src/tools/codesign/signproto.sh @@ -1,6 +1,5 @@ #!/bin/ksh # -# # CDDL HEADER START # # The contents of this file are subject to the terms of the @@ -20,12 +19,13 @@ # # CDDL HEADER END # + # -# Copyright 2007 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "%Z%%M% %I% %E% SMI" +# # signproto cred_file # # Utility to find cryptographic modules in the proto area and @@ -36,42 +36,17 @@ # list of signing server credentials and the corresponding # regular expressions to match against the file signatures. -# Directories in proto area that may contain crypto objects -DIRS="platform kernel usr/lib/security" - # Get absolute path of current directory; used later to invoke signit cd . dir=`dirname $0` dir=`[[ $dir = /* ]] && print $dir || print $PWD/$dir` -# Read list of credentials and regular expressions -n=0 -grep -v "^#" $1 | while read c r -do - cred[$n]=$c - regex[$n]=$r - (( n = n + 1 )) -done - -# Search proto area for crypto modules -cd $ROOT -find $DIRS -type f -print | while read f; do - s=`elfsign list -f signer -e $f 2>/dev/null` - if [[ $? != 0 ]]; then - continue - fi - # Determine credential based on signature - i=0 - while [[ i -lt n ]] - do - if expr "$s" : ".*${regex[i]}" >/dev/null; then - echo "${cred[i]} $f" - break - fi - (( i = i + 1 )) - done -done | $dir/signit -i $ROOT -l ${CODESIGN_USER:-${LOGNAME}} +findcrypto $1 | $dir/signit -i $ROOT -l ${CODESIGN_USER:-${LOGNAME}} +stat=$? -if [ $? != 0 ]; then +if [ $stat != 0 ]; then echo "ERROR failure in signing operation" + exit $stat fi + +exit 0 diff --git a/usr/src/tools/env/developer.sh b/usr/src/tools/env/developer.sh index fb4e10bd6e..7bda779fdb 100644 --- a/usr/src/tools/env/developer.sh +++ b/usr/src/tools/env/developer.sh @@ -20,7 +20,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -90,6 +90,11 @@ ATLOG="$CODEMGR_WS/log"; export ATLOG LOGFILE="$ATLOG/nightly.log"; export LOGFILE MACH=`uname -p`; export MACH +# This is usually just needed if the closed tree is missing, or when +# building a project gate with the -O (cap oh) flag. +# ON_CRYPTO_BINS="$PARENT_WS/packages/$MACH/on-crypto.$MACH.tar.bz2" +# export ON_CRYPTO_BINS + # REF_PROTO_LIST - for comparing the list of stuff in your proto area # with. Generally this should be left alone, since you want to see differences # from your parent (the gate). diff --git a/usr/src/tools/env/gatekeeper.sh b/usr/src/tools/env/gatekeeper.sh index 14cee3b3bc..50e6f9092f 100644 --- a/usr/src/tools/env/gatekeeper.sh +++ b/usr/src/tools/env/gatekeeper.sh @@ -20,7 +20,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -101,6 +101,11 @@ ATLOG="$CODEMGR_WS/log"; export ATLOG LOGFILE="$ATLOG/nightly.log"; export LOGFILE MACH=`uname -p`; export MACH +# This is usually just needed if the closed tree is missing, or when +# building a project gate with the -O (cap oh) flag. +# ON_CRYPTO_BINS="$PARENT_WS/packages/$MACH/on-crypto.$MACH.tar.bz2" +# export ON_CRYPTO_BINS + # REF_PROTO_LIST - for comparing the list of stuff in your proto area # with. Generally this should be left alone, since you want to see differences # between todays build and yesterdays. diff --git a/usr/src/tools/env/opensolaris.sh b/usr/src/tools/env/opensolaris.sh index c49f3d8549..036d9bdc6e 100644 --- a/usr/src/tools/env/opensolaris.sh +++ b/usr/src/tools/env/opensolaris.sh @@ -18,7 +18,7 @@ # # CDDL HEADER END # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -104,6 +104,10 @@ ATLOG="$CODEMGR_WS/log"; export ATLOG LOGFILE="$ATLOG/nightly.log"; export LOGFILE MACH=`uname -p`; export MACH +# Location of signed cryptographic binaries. +ON_CRYPTO_BINS="$CODEMGR_WS/on-crypto.$MACH.tar.bz2" +export ON_CRYPTO_BINS + # REF_PROTO_LIST - for comparing the list of stuff in your proto area # with. Generally this should be left alone, since you want to see differences # from your parent (the gate). diff --git a/usr/src/tools/opensolaris/README.opensolaris.tmpl b/usr/src/tools/opensolaris/README.opensolaris.tmpl index 53dace5eb6..54443e40bb 100644 --- a/usr/src/tools/opensolaris/README.opensolaris.tmpl +++ b/usr/src/tools/opensolaris/README.opensolaris.tmpl @@ -1,43 +1,59 @@ - OpenSolaris Buildable Source + OS/Net (ON) Buildable Source -Note: if this is your first OpenSolaris installation, please see the -currently known issues section below to see the minimum build of -Solaris Express - Community Release required to build and install -OpenSolaris. Either an initial install or an upgrade will work, -provided you use the "Entire Distribution" metacluster. - -This delivery of the Buildable Source consists of 4 or 5 pieces: +This delivery of the Buildable Source consists of 5 pieces: 1. encumbered binaries tarball (on-closed-bins-DATE.PLATFORM.tar.bz2) -2. compiler (Sun Studio 11 is the preferred compiler, and it is free - for OpenSolaris community members. You can also use gcc; more on - that below.) +2. signed cryptographic binaries (on-crypto-DATE.PLATFORM.tar.bz2) 3. ON build tools package (SUNWonbld-DATE.PLATFORM.tar.bz2) 4. Pre-built BFU archives (on-bfu-DATE.PLATFORM.tar.bz2) 5. source tarball (on-src-DATE.tar.bz2; numbered builds only) If you just want to install the pre-built archives, you'll need the ON build tools and the BFU archives. The tar file will unpack the -archives into archives-DATE/PLATFORM/ (e.g., -archives-20050612/i386/). You should review Section A -(changes since the last delivery) and Section B (known issues) before -following the BFU instructions in the Developer's Reference +archives into archives-DATE/PLATFORM/ (e.g., archives-20050612/i386/). +You should review the Known Issues section (below) before following +the BFU instructions in the Developer's Reference (http://hub.opensolaris.org/bin/view/Community+Group+on/devref_toc). -If you want to build from source, you will need the source, compiler, -ON tools, and "extras" tools. The encumbered binaries tarball contains -complete binaries (libraries, kernel modules, commands) that are -compatible with the source. These are binaries that cannot be built -using only the source tarball for one reason or another. If you wish -to build the kernel (or some portion of it), or if you wish to build a -complete set of installable archives, you will want the encumbered +If you want to build the entire source tree, you will need the source, +the ON build tools, the encumbered binaries, and the cryptographic binaries. -Currently, to obtain source, you can either download the -on-src-DATE.tar.bz2 tarball if you are downloading a -build-synchronised delivery. Or, you can checkout from the Mercurial -repository; please see instructions at: -http://hub.opensolaris.org/bin/view/Project+onnv/WebHome +The encumbered binaries tarball contains complete binaries (libraries, +kernel modules, commands) that are compatible with the source. These +are binaries that cannot be built using only the source tarball for +one reason or another. + +The cryptographic binaries have been signed with a certificate and key +that enables their use. The cryptographic binaries that you build +from source will not be usable unless you have obtained your own +certificate and key. See elfsign(1) for more information related to +signing binaries. + +To obtain source, you can download the on-src-DATE.tar.bz2 +tarball if you are downloading a build-synchronised delivery. Or, you +can checkout from the Mercurial repository; please see instructions +at: http://hub.opensolaris.org/bin/view/Project+onnv/. + + +Build Environment +----------------- + +To build from source, you will also need the proper compiler, and you +must be running a recent build. + +The standard compiler for building OpenSolaris code is Sun Studio, +which is free to download and use. You can also use gcc. See the +section "Installing from Source" (below) for details. + +Build machines are expected to be running an OpenSolaris build that is +no more than 2 builds behind the source that you're building. For +example, if you're building snv_120, your build machine should be +running snv_118 or later. + + +Other Important Information +--------------------------- The buildable source contains the source for our high key-strength crypto, known as the Encryption Kit (SUNWcry, SUNWcryr, SUNWcryptoint). @@ -48,17 +64,19 @@ country's laws in this area. For general questions on the buildable source, please ask on the OpenSolaris Help discussion list (opensolaris-help <at> opensolaris -<dot> org). For detailed comments about the code, please use -OpenSolaris Code discussion list. Please note that the mailing lists -are configured to only allow posts via the web forum interface or from -list subscribers. +<dot> org). For detailed comments about the code, please use the +on-discuss list. Please note that the mailing lists are configured to +only allow posts from list subscribers. The Help list also has a web +forum that is gatewayed with the mailing list. More information about +OpenSolaris lists is available at +http://hub.opensolaris.org/bin/view/Main/discussions. Currently Known Issues ---------------------- These were some of the major known issues at the time of this delivery. The most recent list is available on the OpenSolaris.org -website in the Nevada community at: +website in the ON community at: http://hub.opensolaris.org/bin/view/Community+Group+on/known_issues <!-- #include http://hub.opensolaris.org/bin/view/Community+Group+on/known_issues --> diff --git a/usr/src/tools/scripts/Install.1 b/usr/src/tools/scripts/Install.1 index f75fca64c6..b1dcb793c8 100644 --- a/usr/src/tools/scripts/Install.1 +++ b/usr/src/tools/scripts/Install.1 @@ -1,5 +1,5 @@ .\" -.\" Copyright 2008 Sun Microsystems, Inc. All rights reserved. +.\" Copyright 2010 Sun Microsystems, Inc. All rights reserved. .\" Use is subject to license terms. .\" .\" CDDL HEADER START @@ -21,7 +21,7 @@ .\" .\" CDDL HEADER END .\" -.TH Install 1 "16 Dec 2008" +.TH Install 1 "14 Jan 2010" .SH NAME Install \- install a kernel from an ON workspace .SH SYNOPSIS @@ -290,6 +290,11 @@ you will need to do the following on the target machine: .LP You can set the following variables in your environment: .LP +ON_CRYPTO_BINS +.IP +file containing signed cryptographic binaries. This is only needed if +you are not building the closed-source tree. +.LP INSTALL_RC [default: $HOME/.Installrc] .IP file containing default options for \fBInstall\fR diff --git a/usr/src/tools/scripts/Install.sh b/usr/src/tools/scripts/Install.sh index c491f0ccf5..bef11e3a7f 100644 --- a/usr/src/tools/scripts/Install.sh +++ b/usr/src/tools/scripts/Install.sh @@ -20,7 +20,7 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Author: Jeff Bonwick @@ -98,7 +98,7 @@ modstatedir=/tmp/modstate$$ trap 'fail "User Interrupt" "You can resume by typing \"$INSTALL -R\""' 1 2 3 15 -usage() { +function usage { echo "" echo $1 echo ' @@ -144,7 +144,7 @@ For full details: # Save the current state of Install # -save_state() { +function save_state { rm -f $INSTALL_STATE (echo "# State of previous Install TARGET=$TARGET @@ -170,7 +170,7 @@ STATE=$STATE" >$INSTALL_STATE) || verbose "Warning: cannot save state" # Restore the previous state of Install # -restore_state() { +function restore_state { test -s $INSTALL_STATE || fail "Can't find $INSTALL_STATE" eval "`cat $INSTALL_STATE`" } @@ -179,7 +179,7 @@ restore_state() { # Install failed -- print error messages and exit 2 # -fail() { +function fail { save_state # # We might have gotten here via a trap. So wait for any @@ -202,7 +202,7 @@ fail() { # Echo a string in verbose mode only # -verbose() { +function verbose { test "$VERBOSE" != "q" && echo $1 } @@ -210,7 +210,7 @@ verbose() { # hack for tmpfs bug -- remove files gradually # -remove_dir() { +function remove_dir { test -d $1 || return local_dot=`pwd` cd $1 @@ -226,7 +226,7 @@ remove_dir() { # message. # -tstmkdir() { +function tstmkdir { [ -d $1 ] || mkdir -p $1 || fail } @@ -235,7 +235,7 @@ tstmkdir() { # usage: fixglom listfile glomname # -fixglom() { +function fixglom { nawk \ -v glomname=$2 \ -v karch=$KARCH ' @@ -269,7 +269,7 @@ fixglom() { # usage: filtimpl listfile implname # -filtimpl() { +function filtimpl { nawk \ -v impl=$2 ' $1 == "MOD" || $1 == "SYMLINK" { @@ -292,7 +292,7 @@ filtimpl() { # Filter the module list to match the user's request. # Usage: filtmod listfile modules # -filtmod() { +function filtmod { nawk -v reqstring="$2" ' function modmatch(modname) { if (reqstring == "All") { @@ -336,12 +336,85 @@ filtmod() { } # +# Unpack the crypto tarball into the given tree, then massage the +# tree so that the binaries are all in objNN or debugNN directories. +# +function unpack_crypto { + typeset tarfile=$1 + typeset ctop=$2 + [ -d "$ctop" ] || fail "Can't create tree for crypto modules." + + [ "$VERBOSE" = "V" ] && echo "unpacking crypto tarball into $ctop..." + bzcat "$tarfile" | (cd "$ctop"; tar xf -) + + typeset root="$ctop/proto/root_$MACH" + [ $OBJD = obj ] && root="$ctop/proto/root_$MACH-nd" + [ -d "$root" ] || fail "Can't unpack crypto tarball." + + (cd "$root"; for d in platform kernel usr/kernel; do + [ ! -d $d ] && continue + find $d -type f -print + done) | while read file; do + typeset dir=$(dirname "$file") + typeset base=$(basename "$file") + typeset type=$(basename "$dir") + if [ "$type" = amd64 ]; then + newdir="$dir/${OBJD}64" + elif [ "$type" = sparcv9 ]; then + newdir="$dir/${OBJD}64" + else + newdir="$dir/${OBJD}32" + fi + mkdir -p "$root/$newdir" + [ "$VERBOSE" = "V" ] && echo "mv $file $newdir" + mv "$root/$file" "$root/$newdir" + done +} + +# +# usage: fixcrypto listfile ctop +# Massage entries in listfile for crypto modules, so that they point +# into ctop. +# +function fixcrypto { + typeset listfile=$1 + typeset ctop=$2 + + typeset ccontents=/tmp/crypto-toc$$ + find "$ctop" -type f -print > $ccontents + typeset root=root_$MACH + [ "$OBJD" = obj ] && root=root_$MACH-nd + + grep -v ^MOD $listfile > $listfile.no-mod + grep ^MOD $listfile | while read tag module targdir size impl srcdir; do + # + # We don't just grep for ${OBJD}$size/$module because + # there can be generic and platform-dependent versions + # of a module. + # + newsrcfile=$(grep -w $root/$targdir/${OBJD}$size/$module $ccontents) + if [ -n "$newsrcfile" ]; then + # srcdir doesn't include final objNN or debugNN + echo $tag $module $targdir $size $impl \ + $(dirname $(dirname "$newsrcfile")) + else + echo $tag $module $targdir $size $impl $srcdir + fi + done > $listfile.mod + cat $listfile.mod $listfile.no-mod > $listfile + + rm -f $listfile.mod + rm -f $listfile.no-mod + rm -f $ccontents +} + +# # Copy a module, or create a link, as needed. # See $SRC/uts/Makefile.targ ($(MODLIST_DEPS) target) for the format # of the different input lines. # -copymod() { +function copymod { case $1 in MOD) targdir=$INSTALL_FILES/$3 @@ -384,7 +457,7 @@ copymod() { # Copy kernel modules to $INSTALL_DIR # -copy_kernel() { +function copy_kernel { case $KARCH in sun4*) ISA=sparc; MACH=sparc ;; @@ -445,7 +518,25 @@ copy_kernel() { verbose "Building module list..." (cd $KARCH; MAKEFLAGS=e $make -K $MODSTATE modlist.karch) | \ egrep "^MOD|^CONF|^LINK|^SYMLINK" > $modlist - [ $VERBOSE = "V" ] && cat $modlist + [ "$VERBOSE" = "V" ] && cat $modlist + if [ -n "$ON_CRYPTO_BINS" ]; then + cryptotar="$ON_CRYPTO_BINS" + if [ "$OBJD" = obj ]; then + isa=$(uname -p) + cryptotar=$(echo "$ON_CRYPTO_BINS" | + sed -e s/.$isa.tar.bz2/-nd.$isa.tar.bz2/) + fi + [ -f "$cryptotar" ] || fail "crypto ($cryptotar) doesn't exist" + cryptotree=$(mktemp -d /tmp/crypto.XXXXXX) + [ -n "$cryptotree" ] || fail "can't create tree for crypto" + unpack_crypto "$cryptotar" "$cryptotree" + # + # fixcrypto must come before fixglom, because + # fixcrypto uses the unglommed path to find things in + # the unpacked crypto. + # + fixcrypto $modlist "$cryptotree" + fi if [ "$GLOM" = "yes" ]; then fixglom $modlist $GLOMNAME filtimpl $modlist $IMPL @@ -499,22 +590,22 @@ copy_kernel() { save_state } -kmdb_copy() { +function kmdb_copy { typeset src="$1" typeset destdir="$2" if [[ ! -d $dest ]] ; then - [[ $VERBOSE != "q" ]] && echo "mkdir -p $destdir" + [[ "$VERBOSE" != "q" ]] && echo "mkdir -p $destdir" mkdir -p $destdir || fail "failed to create $destdir" fi - [[ $VERBOSE != "q" ]] && echo "cp $src $destdir" + [[ "$VERBOSE" != "q" ]] && echo "cp $src $destdir" cp $src $destdir || fail "failed to copy $src to $destdir" } -kmdb_copy_machkmods() { +function kmdb_copy_machkmods { typeset modbase="$1" typeset destdir="$2" typeset dir= @@ -536,7 +627,7 @@ kmdb_copy_machkmods() { done } -kmdb_copy_karchkmods() { +function kmdb_copy_karchkmods { typeset modbase="$1" typeset destdir="$2" typeset bitdir="$3" @@ -562,7 +653,7 @@ kmdb_copy_karchkmods() { done } -kmdb_copy_kmdbmod() { +function kmdb_copy_kmdbmod { typeset kmdbpath="$1" typeset destdir="$2" @@ -573,7 +664,7 @@ kmdb_copy_kmdbmod() { return 0 } -copy_kmdb() { +function copy_kmdb { typeset kmdbtgtdir=$INSTALL_FILES/platform/$KARCH/$GLOMNAME/misc typeset bitdirs= typeset isadir= @@ -620,6 +711,11 @@ copy_kmdb() { srctrees=$SRC if [[ -d $SRC/../closed && "$CLOSED_IS_PRESENT" != no ]]; then srctrees="$srctrees $SRC/../closed" + else + if [ -z "$ON_CRYPTO_BINS" ]; then + echo "Warning: ON_CRYPTO_BINS not set; pre-signed" \ + "crypto not provided." + fi fi if [[ $WANT64 = "yes" ]] ; then # kmdbmod for sparc and x86 are built and installed @@ -679,7 +775,7 @@ copy_kmdb() { # Make tarfile # -make_tarfile() { +function make_tarfile { echo "Creating tarfile $TARFILE" test -d $INSTALL_FILES || fail "Can't find $INSTALL_FILES" cd $INSTALL_FILES @@ -699,7 +795,7 @@ make_tarfile() { # Routines to copy files to the target machine # -remote_fail() { +function remote_fail { fail "" "$1" "" \ "Make sure that $TARGET_MACHINE is up." \ "Check .rhosts in the home directory of user $TARGET_USER on $TARGET_MACHINE." \ @@ -708,7 +804,7 @@ remote_fail() { "Then, use \"$INSTALL -R\" to resume the install." "" } -remote_install() { +function remote_install { if [ "$IMODE" = "n" ]; then STATE=4 return 0 @@ -747,12 +843,13 @@ $TARGET_MACHINE using 'tar xvf $TARGET_DIR/Install.tar'" STATE=4 } -okexit() { +function okexit { cd /tmp test "$CLEANUP" = c && remove_dir $INSTALL_DIR save_state rm -rf $modstatedir rm -f $modlist + [ -n "$cryptotree" ] && rm -rf "$cryptotree" verbose "Install complete" exit 0 } @@ -815,7 +912,7 @@ if [[ $# -gt 0 ]] ; then KMDB="no" fi -case $VERBOSE in +case "$VERBOSE" in v) V="v"; SHV="x";; V) V="v"; SHV="x"; set -x;; q) V=""; SHV="";; diff --git a/usr/src/tools/scripts/Makefile b/usr/src/tools/scripts/Makefile index c03488964d..938480f6a0 100644 --- a/usr/src/tools/scripts/Makefile +++ b/usr/src/tools/scripts/Makefile @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # @@ -36,6 +36,7 @@ SHFILES= \ bringovercheck \ checkpaths \ checkproto \ + cryptodrop \ cstyle \ elfcmp \ flg.flp \ diff --git a/usr/src/tools/scripts/bindrop.sh b/usr/src/tools/scripts/bindrop.sh index 874669d700..1efd7f513f 100644 --- a/usr/src/tools/scripts/bindrop.sh +++ b/usr/src/tools/scripts/bindrop.sh @@ -21,7 +21,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Create an encumbered binaries tarball from a full build proto area, @@ -33,22 +33,6 @@ usage="bindrop [-n] full-root open-root basename" isa=`uname -p` -if [[ "$isa" = sparc ]]; then - isa_short=s -else - isa_short=x -fi - -# -# Crypto related binaries need to be signed in order to be loaded. -# We pull the ongk signed binaries from the gate machine's build -# at the path below so that the closed-bins tarballs are kept in sync -# with what we're actually delivering. We default to pulling out of -# nightly, but if CRYPTO_BINS_PATH is set, then we pull from that path -# instead. This allows us to override with something like -# /ws/onnv-gate/packages/$isa/snv_XX instead. -# -gatepkgs=${CRYPTO_BINS_PATH:-"/ws/onnv-gate/packages/$isa/nightly"} PATH="$PATH:/usr/bin:/usr/sfw/bin" @@ -106,10 +90,8 @@ tarfile="$CODEMGR_WS/$3.$isa.tar" rootdir="root_$isa" if [[ "$nondebug" = y ]]; then rootdir="root_$isa-nd" - gatepkgs="$gatepkgs-nd" fi -[[ -d "$gatepkgs" ]] || fail "can't find gate's crypto packages ($gatepkgs)." [[ -d "$full" ]] || fail "can't find $full." [[ -d "$open" ]] || fail "can't find $open." @@ -182,35 +164,18 @@ delete="$delete " # encumbered binaries and associated files delete="$delete - kernel/drv/amd64/audioens kernel/drv/amd64/bmc - kernel/drv/amd64/pcn - kernel/drv/audioens - kernel/drv/audioens.conf kernel/drv/bmc kernel/drv/bmc.conf kernel/drv/ifp.conf - kernel/drv/pcn - kernel/drv/pcn.conf - kernel/drv/sparcv9/audioens kernel/drv/sparcv9/ifp kernel/drv/sparcv9/isp kernel/drv/spwr kernel/drv/spwr.conf kernel/kmdb/sparcv9/isp - kernel/misc/amd64/phx - kernel/misc/phx - kernel/misc/sparcv9/phx - platform/SUNW,Sun-Blade-100/kernel/drv/grppm.conf - platform/SUNW,Sun-Blade-100/kernel/drv/sparcv9/grfans - platform/SUNW,Sun-Blade-100/kernel/drv/sparcv9/grppm - platform/sun4u/kernel/misc/sparcv9/i2c_svc usr/bin/ksh usr/bin/pfksh usr/bin/rksh - usr/ccs/bin/dis - usr/include/sys/audio/audioens.h - usr/include/sys/phx.h usr/include/sys/scsi/adapters/ifpcmd.h usr/include/sys/scsi/adapters/ifpio.h usr/include/sys/scsi/adapters/ifpmail.h @@ -220,11 +185,8 @@ delete="$delete usr/include/sys/scsi/adapters/ispmail.h usr/include/sys/scsi/adapters/ispreg.h usr/include/sys/scsi/adapters/ispvar.h - usr/lib/mdb/disasm/sparc.so - usr/lib/mdb/disasm/sparcv9/sparc.so usr/lib/mdb/kvm/sparcv9/isp.so usr/platform/SUNW,Netra-T12/ - usr/platform/sun4u/include/sys/i2c/misc/i2c_svc.h usr/platform/sun4u/include/sys/memtestio.h usr/platform/sun4u/include/sys/memtestio_ch.h usr/platform/sun4u/include/sys/memtestio_chp.h @@ -254,11 +216,6 @@ delete="$delete platform/i86pc/kernel/drv/amd64/memtest usr/platform/i86pc/lib/mtst/mtst_AuthenticAMD_15.so " -# pci test tool -delete="$delete - usr/share/man/man1m/pcitool.1m - usr/sbin/pcitool -" for f in $delete; do rm -rf "$tmpdir/closed/$rootdir/$f" done @@ -310,105 +267,11 @@ mkclosed "$isa" "$full" "$tmpdir/closed/$rootdir" || \ fail "can't restore minimal binaries." # -# Replace the crypto binaries with ones that have been signed by ongk. -# Get these from onnv-gate's nightly build +# Exclude signed crypto binaries; they are delivered in their +# own tarball. # - -# List of files to copy, in the form "pkgname file [file ...]" -# common files -cfiles=" - SUNWcsl - usr/lib/security/pkcs11_kernel.so.1 - usr/lib/security/pkcs11_softtoken.so.1 -" -# sparc-only -csfiles=" - SUNWcakr.u - platform/sun4u-us3/kernel/crypto/sparcv9/aes - platform/sun4u/kernel/crypto/sparcv9/arcfour - platform/sun4u/kernel/crypto/sparcv9/des - SUNWcakr.v - platform/sun4v/kernel/drv/sparcv9/ncp - SUNWckr - kernel/crypto/sparcv9/aes - kernel/crypto/sparcv9/arcfour - kernel/crypto/sparcv9/blowfish - kernel/crypto/sparcv9/des - SUNWcsl - usr/lib/security/sparcv9/pkcs11_kernel.so.1 - usr/lib/security/sparcv9/pkcs11_softtoken.so.1 - SUNWdcar - kernel/drv/sparcv9/dca - SUNWn2cp.v - platform/sun4v/kernel/drv/sparcv9/n2cp -" -# x86-only -cxfiles=" - SUNWckr - kernel/crypto/aes - kernel/crypto/arcfour - kernel/crypto/blowfish - kernel/crypto/des - kernel/crypto/amd64/aes - kernel/crypto/amd64/arcfour - kernel/crypto/amd64/blowfish - kernel/crypto/amd64/des - SUNWcsl - usr/lib/security/amd64/pkcs11_kernel.so.1 - usr/lib/security/amd64/pkcs11_softtoken.so.1 - SUNWdcar - kernel/drv/dca - kernel/drv/amd64/dca -" -# These all have hard links from crypto/foo to misc/foo. -linkedfiles=" - platform/sun4u/kernel/crypto/sparcv9/des - kernel/crypto/des - kernel/crypto/amd64/des - kernel/crypto/sparcv9/des -" - -if [[ "$isa" = sparc ]]; then - cfiles="$cfiles $csfiles" -else - cfiles="$cfiles $cxfiles" -fi - -# Copy $pkgfiles from the gate's build for $pkg -function pkgextract -{ - [[ -d "$gatepkgs/$pkg" ]] || fail "$gatepkgs/$pkg doesn't exist." - if [[ -n "$pkg" && -n "$pkgfiles" ]]; then - (cd "$gatepkgs/$pkg/reloc" && tar cf - $pkgfiles) | \ - (cd "$tmpdir/closed/$rootdir"; tar xf - ) - # Doesn't look like we can rely on $? here. - for f in $pkgfiles; do - [[ -f "$tmpdir/closed/$rootdir/$f" ]] || - warn "couldn't find $f in $gatepkgs/$pkg" - done - fi -} - -pkg="" -pkgfiles="" -for cf in $cfiles; do - if [[ "$cf" = SUNW* ]]; then - pkgextract - pkg="$cf" - pkgfiles="" - continue - else - pkgfiles="$pkgfiles $cf" - fi -done -pkgextract # last package in $cfiles - -# Patch up the crypto hard links. -for f in $linkedfiles; do - [[ -f "$tmpdir/closed/$rootdir/$f" ]] || continue - link=$(print $f | sed -e s=crypto=misc=) - (cd "$tmpdir/closed/$rootdir"; rm "$link"; ln "$f" "$link") -done +ROOT="$tmpdir/closed/$rootdir" findcrypto "$SRC/tools/codesign/creds" | + awk '{ print $2 }' | (cd "$tmpdir/closed/$rootdir"; xargs rm -f) # # Add binary license files. diff --git a/usr/src/tools/scripts/cryptodrop.sh b/usr/src/tools/scripts/cryptodrop.sh new file mode 100644 index 0000000000..2987b485ca --- /dev/null +++ b/usr/src/tools/scripts/cryptodrop.sh @@ -0,0 +1,162 @@ +#!/bin/ksh -p +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# + +# +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# + +# +# Create a tarball with crypto binaries. +# + +usage="cryptodrop [-n] result-path" + +isa=`uname -p` + +function fail { + print -u2 "cryptodrop: $@" + exit 1 +} + +[[ -n "$ROOT" ]] || fail "ROOT must be set." +# Verify below (after adjusting for -n) that $ROOT exists, is a directory. +[[ -n "$SRC" ]] || fail "SRC must be set." +[[ -d "$SRC" ]] || fail "SRC ($SRC) is not a directory." +[[ -n "$CODEMGR_WS" ]] || fail "CODEMGR_WS must be set." +[[ -d "$CODEMGR_WS" ]] || fail "CODEMGR_WS ($CODEMGR_WS) is not a directory." + +# +# Wrapper over cpio to filter out "NNN blocks" messages. +# +function cpio_filt { + integer cpio_stat + + cpio "$@" > "$cpio_log" 2>&1 + cpio_stat=$? + cat "$cpio_log" | awk '$0 !~ /[0-9]+ blocks/ { print }' + return $cpio_stat +} + +# +# Create the README from boilerplate and the contents of the closed +# binary tree. +# +# usage: mkreadme targetdir +# +function mkreadme { + typeset targetdir="$1" + typeset readme="README.CRYPTO-BINARIES.$isa" + + sed -e s/@ISA@/$isa/ -e s/@DELIVERY@/CRYPTO-BINARIES/ \ + "$SRC/tools/opensolaris/README.binaries.tmpl" > "$targetdir/$readme" + (cd "$targetdir"; find "$rootdir" -type f -print | \ + sort >> "$targetdir/$readme") +} + +nondebug=n +while getopts n flag; do + case $flag in + n) + nondebug=y + if [ "$MULTI_PROTO" = yes ]; then + export ROOT="$ROOT-nd" + fi + ;; + ?) + print -u2 "usage: $usage" + exit 1 + ;; + esac +done +shift $(($OPTIND - 1)) + +if [[ $# -ne 1 ]]; then + print -u2 "usage: $usage" + exit 1 +fi +[[ -d "$ROOT" ]] || fail "ROOT ($ROOT) is not a directory." + +tarfile="$1" + +if [[ "$nondebug" = n ]]; then + rootdir="root_$isa" +else + rootdir="root_$isa-nd" +fi + +tmpdir=$(mktemp -dt cryptodropXXXXX) +[[ -n "$tmpdir" ]] || fail "could not create temporary directory." +tmproot="$tmpdir/proto/$rootdir" +mkdir -p "$tmproot" || exit 1 +cpio_log="$tmpdir/cpio.log" +filelist="$tmpdir/files" + +# +# Copy the crypto binaries into a temp directory. This is a bit messy +# because we want to preserve the permissions of intermediate +# directories without including all the contents of those +# directories. +# + +# Echo all the parent directories of the given file. +function alldirs { + d=$(dirname "$1") + while [ "$d" != . ]; do + echo $d + d=$(dirname "$d") + done +} + +findcrypto "$SRC/tools/codesign/creds" | awk '{ print $2 }' > "$filelist" +# +# Both alldirs and the cpio -p invocation assume that findcrypto only +# produces relative paths. +# +for f in $(cat "$filelist"); do + if [[ "$f" = /* ]]; then + fail "findcrypto produced absolute path ($f)" + fi +done +for f in $(cat "$filelist"); do + echo "$f" + alldirs "$f" +done | sort -u | (cd "$ROOT"; cpio_filt -pdm "$tmproot") +[[ $? -eq 0 ]] || fail "could not copy crypto files." + +rm -f "$cpio_log" "$filelist" + +# +# Insert binary license files. +# +cp -p "$SRC/tools/opensolaris/BINARYLICENSE.txt" "$tmpdir/proto" || \ + fail "could not add BINARYLICENSE.txt" +mkreadme "$tmpdir/proto" || exit 1 +cp -p "$CODEMGR_WS/THIRDPARTYLICENSE.ON-CRYPTO" "$tmpdir/proto" || \ + fail "could not add THIRDPARTYLICENSE.ON-CRYPTO." + +(cd "$tmpdir"; tar cf "$tarfile" proto) || fail "could not create $tarfile." +bzip2 -f "$tarfile" || fail "could not compress $tarfile". + +rm -rf "$tmpdir" + +exit 0 diff --git a/usr/src/tools/scripts/mktpl.pl b/usr/src/tools/scripts/mktpl.pl index 2515aeb2f0..4974a566e6 100644 --- a/usr/src/tools/scripts/mktpl.pl +++ b/usr/src/tools/scripts/mktpl.pl @@ -21,11 +21,9 @@ # # -# Copyright 2007 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "%Z%%M% %I% %E% SMI" -# # # Create THIRDPARTYLICENSE files using the index file in $CODEMGR_WS. @@ -34,14 +32,20 @@ use Cwd; use Env; use strict; +use vars qw($opt_c); +use Getopt::Std; -my $usage = "mktpl license-list-file"; +# -c: only generate crypto license file +my $usage = "mktpl [-c] license-list-file"; my $top = $ENV{"CODEMGR_WS"}; if (! $top) { die "CODEMGR_WS must be set.\n"; } +if (! getopts('c')) { + die "usage: $usage\n"; +} if (@ARGV != 1) { die "usage: $usage\n"; } @@ -50,7 +54,9 @@ my $indexfile = $ARGV[0]; my $exitstatus = 0; -# create a THIRDPARTYLICENSE file from the given license list and suffix. +# +# Create a THIRDPARTYLICENSE file from the given license list and suffix. +# sub maketpl { my ($suffix, @tpllist) = @_; my $licnum = 1; @@ -91,6 +97,18 @@ sub maketpl { } # +# Return non-zero if we expect the crypto for the given +# third-party license file to be signed. Else, return zero. +# +my $hashes = qr"/(rng|md4|md5|sha1/sha2)/"; +sub signedcrypto { + my ($licpath) = @_; + + return 0 if $licpath =~ m#$hashes#; + return 1; +} + +# # Make file list for each TPL file. # @@ -99,21 +117,29 @@ $top = getcwd(); my $isclosed = qr"^usr/closed"; my $istools = qr"^usr/src/tools"; +my $iscrypto = qr"(^usr/src/common/crypto)|(^usr/src/lib/pkcs11)"; my @closedlist; my @toolslist; my @bfulist; +my @cryptolist; open(IX, "<$indexfile") or die "Can't open $indexfile: $!\n"; while (<IX>) { chomp; - if (/$isclosed/) { - push @closedlist, $_; + my $lic = $_; + if (! $opt_c && $lic =~ /$isclosed/) { + push @closedlist, $lic; } - if (/$istools/) { - push @toolslist, $_; - } else { - push @bfulist, $_; + if ($lic =~ /$iscrypto/ && signedcrypto($lic)) { + push @cryptolist, $lic; + } + if (! $opt_c) { + if ($lic =~ /$istools/) { + push @toolslist, $lic; + } else { + push @bfulist, $lic; + } } } close IX; @@ -125,5 +151,6 @@ close IX; maketpl("ON-BINARIES", @closedlist) if (@closedlist); maketpl("ON-BUILD-TOOLS", @toolslist) if (@toolslist); maketpl("BFU-ARCHIVES", @bfulist) if (@bfulist); +maketpl("ON-CRYPTO", @cryptolist) if (@cryptolist); exit $exitstatus; diff --git a/usr/src/tools/scripts/nightly.1 b/usr/src/tools/scripts/nightly.1 index 0adf15cdbb..53e7a5f873 100644 --- a/usr/src/tools/scripts/nightly.1 +++ b/usr/src/tools/scripts/nightly.1 @@ -17,9 +17,9 @@ .\" " .\" " CDDL HEADER END .\" " -.\" "Copyright 2009 Sun Microsystems, Inc. All rights reserved." +.\" "Copyright 2010 Sun Microsystems, Inc. All rights reserved." .\" "Use is subject to license terms." -.TH nightly 1 "08 Sep 2009" +.TH nightly 1 "14 Jan 2010" .SH NAME .I nightly \- build an OS-Net consolidation overnight @@ -251,10 +251,12 @@ a time. .B Miscellaneous options .TP 10 .B \-O -generate deliverables for OpenSolaris. Tarballs containing -a source snapshot, -binaries of closed-source components, compiled ON tools (SUNWonbld), -and BFU archives are put in $CODEMGR_WS. +generate deliverables for OpenSolaris. Tarballs containing a source +snapshot, binaries of closed-source components, compiled ON tools +(SUNWonbld), and BFU archives are put in $CODEMGR_WS. A tarball +containing signed cryptographic binaries is put in the parent +directory of $PKGARCHIVE (by default they are put in +$CODEMGR_WS/packages/$MACH). .TP 10 .B \-V VERS set the build version string to VERS, overriding VERSION @@ -373,21 +375,21 @@ by \fIuname -p\fP, e.g. sparc, i386. .B LOCKNAME .RS 5 The name of the file used to lock out multiple runs of -.I nightly. +.IR nightly . This should generally be left to the default setting. .RE .LP .B ATLOG .RS 5 The location of the log directory maintained by -.I nightly +.IR nightly . This should generally be left to the default setting. .RE .LP .B LOGFILE .RS 5 The name of the log file in the $ATLOG directory maintained by -.I nightly +.IR nightly . This should generally be left to the default setting. .RE .LP @@ -465,9 +467,9 @@ Points to "$SRC/pkgdefs." Not used these days. .B PKGARCHIVE .RS 5 The destination for packages. This may be relative to -$CODEMGR_WS for private archives or relative to $PARENT_WS +$CODEMGR_WS for private packages or relative to $PARENT_WS if you have different workspaces for different architectures -but want one hierarchy of BFU archives. +but want one hierarchy of packages. .RE .LP .B MAKEFLAGS @@ -559,6 +561,20 @@ where to find these closed binaries, so that it can add them into the build. .LP .RE +.B ON_CRYPTO_BINS +.RS 5 +This is the path to a compressed tarball that contains debug +cryptographic binaries that have been signed to allow execution +outside of Sun, e.g., $PARENT_WS/packages/$MACH/on-crypto.$MACH.bz2. +.I nightly +will automatically adjust the path for non-debug builds. This tarball +is needed if the closed-source tree is not present. Also, it is +usually needed when generating OpenSolaris deliverables from a project +workspace. This is because most projects do not have access to the +necessary key and certificate that would let them sign their own +cryptographic binaries. +.LP +.RE .B CHECK_PATHS .RS 5 Normally, nightly runs the 'checkpaths' script to check for diff --git a/usr/src/tools/scripts/nightly.sh b/usr/src/tools/scripts/nightly.sh index 572cf447fa..2c7bcfdf5e 100644 --- a/usr/src/tools/scripts/nightly.sh +++ b/usr/src/tools/scripts/nightly.sh @@ -21,7 +21,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Based on the nightly script from the integration folks, @@ -71,11 +71,107 @@ if [[ ! -x $WHICH_SCM ]]; then fi # +# Datestamp for crypto tarballs. We don't use BUILD_DATE because it +# doesn't sort right and it uses English abbreviations for the month. +# We want to guarantee a consistent string, so just invoke date(1) +# once and save the result in a global variable. YYYY-MM-DD is easier +# to parse visually than YYYYMMDD. +# +cryptostamp=$(date +%Y-%m-%d) + +# +# Echo the path for depositing a crypto tarball, creating the target +# directory if it doesn't already exist. +# usage: cryptodest suffix +# where "suffix" is "" or "-nd". +# +function cryptodest { + typeset suffix=$1 + # + # $PKGARCHIVE gets wiped out with each build, so put the + # tarball one level up. + # + typeset dir=$(dirname "$PKGARCHIVE") + [ -d "$dir" ] || mkdir -p "$dir" >> "$LOGFILE" 2>&1 + # + # Put the suffix after the datestamp to make it easier for + # gatelings to use crypto from a specific date (no need to + # copy and rename the gate tarball). + # + echo "$dir/on-crypto-$cryptostamp$suffix.$MACH.tar" +} + +# +# Create a non-stamped symlink to the given crypto tarball. +# Return 0 on success, non-zero on failure. +# +function cryptolink { + typeset targpath=$1 + typeset suffix=$2 + if [ ! -f "$targpath" ]; then + echo "no crypto at $targpath" + return 1 + fi + typeset dir=$(dirname "$targpath") + typeset targfile=$(basename "$targpath") + typeset link=on-crypto$suffix.$MACH.tar.bz2 + (cd "$dir"; rm -f "$link") + (cd "$dir"; ln -s "$targfile" "$link") + return $? +} + +# +# Generate a crypto tarball from the proto area and put it in the +# canonical location, along with the datestamp-free symlink. +# Sets build_ok to "n" if there is a problem. +# +function crypto_from_proto { + typeset label=$1 + typeset suffix=$2 + typeset -i stat + typeset to + + echo "Creating $label crypto tarball..." >> "$LOGFILE" + + # + # Generate the crypto THIRDPARTYLICENSE file. This needs to + # be done after the build has finished and before we run + # cryptodrop. We'll generate the file twice if we're building + # both debug and non-debug, but it's a cheap operation and not + # worth the complexity to only do once. + # + mktpl -c usr/src/tools/opensolaris/license-list >> "$LOGFILE" 2>&1 + if (( $? != 0 )) ; then + echo "Couldn't create crypto THIRDPARTYLICENSE file." | + tee -a "$mail_msg_file" >> "$LOGFILE" + build_ok=n + return + fi + + to=$(cryptodest "$suffix") + if [ "$suffix" = "-nd" ]; then + cryptodrop -n "$to" >> "$LOGFILE" 2>&1 + else + cryptodrop "$to" >> "$LOGFILE" 2>&1 + fi + if (( $? != 0 )) ; then + echo "\nCould not create $label crypto tarball." | + tee -a "$mail_msg_file" >> "$LOGFILE" + build_ok=n + else + cryptolink "$to.bz2" "$suffix" >> "$LOGFILE" 2>&1 + if (( $? != 0 )) ; then + build_ok=n + fi + fi +} + +# # Print the tag string used to identify a build (e.g., "DEBUG # open-only") # usage: tagstring debug-part open-part # -tagstring() { +function tagstring { debug_part=$1 open_part=$2 @@ -95,18 +191,23 @@ tagstring() { # -O OpenSolaris delivery build. Put the proto area and # (eventually) packages in -open directories. Use skeleton # closed binaries. Don't generate archives--that needs to be -# done later, after we've generated the closed binaries. Also -# skip the package build (until 6414822 is fixed). +# done later, after we've generated the closed binaries. Use +# the signed binaries from the earlier full build. Skip the +# package build (until 6414822 is fixed). # -normal_build() { +function normal_build { typeset orig_p_FLAG="$p_FLAG" typeset orig_a_FLAG="$a_FLAG" typeset orig_zero_FLAG="$zero_FLAG" + typeset crypto_in="$ON_CRYPTO_BINS" + typeset crypto_signer="$CODESIGN_USER" + typeset gencrypto=no suffix="" open_only="" + [ -n "$CODESIGN_USER" ] && gencrypto=yes while getopts O FLAG $*; do case $FLAG in O) @@ -115,6 +216,18 @@ normal_build() { p_FLAG=n a_FLAG=n zero_FLAG=n + gencrypto=no + if [ -n "$CODESIGN_USER" ]; then + # + # Crypto doesn't get signed in the + # open-only build (no closed tree -> + # no internal signing -> no signing + # for off-SWAN). So use the earlier + # signed crypto. + # + crypto_in=$PKGARCHIVE/../on-crypto.$MACH.tar.bz2 + crypto_signer="" + fi ;; esac done @@ -124,11 +237,18 @@ normal_build() { if [ "$F_FLAG" = "n" ]; then set_non_debug_build_flags mytag=`tagstring "non-DEBUG" "$open_only"` - build "$mytag" "$suffix-nd" "$MULTI_PROTO" + CODESIGN_USER="$crypto_signer" \ + build "$mytag" "$suffix-nd" "-nd" "$MULTI_PROTO" \ + $(ndcrypto "$crypto_in") if [ "$build_ok" = "y" -a "$X_FLAG" = "y" -a \ "$p_FLAG" = "y" ]; then copy_ihv_pkgs non-DEBUG -nd fi + + if [[ "$gencrypto" = yes && "$build_ok" = y ]]; then + crypto_from_proto non-DEBUG -nd + fi + else echo "\n==== No non-DEBUG $open_only build ====\n" >> "$LOGFILE" fi @@ -140,12 +260,17 @@ normal_build() { if [ "$D_FLAG" = "y" ]; then set_debug_build_flags mytag=`tagstring "DEBUG" "$open_only"` - build "$mytag" "$suffix" "$MULTI_PROTO" + CODESIGN_USER="$crypto_signer" \ + build "$mytag" "$suffix" "" "$MULTI_PROTO" "$crypto_in" if [ "$build_ok" = "y" -a "$X_FLAG" = "y" -a \ "$p_FLAG" = "y" ]; then copy_ihv_pkgs DEBUG "" fi + if [[ "$gencrypto" = yes && "$build_ok" = y ]]; then + crypto_from_proto DEBUG "" + fi + else echo "\n==== No DEBUG $open_only build ====\n" >> "$LOGFILE" fi @@ -163,7 +288,7 @@ normal_build() { # If variable "$HOOKNAME" is defined, insert a section header into # our logs and then run the command with ARGS # -run_hook() { +function run_hook { HOOKNAME=$1 eval HOOKCMD=\$$HOOKNAME shift @@ -190,7 +315,7 @@ run_hook() { # # usage: filelist DESTDIR PATTERN # -filelist() { +function filelist { DEST=$1 PATTERN=$2 cd ${DEST} @@ -217,7 +342,7 @@ filelist() { # function to save off binaries after a full build for later # restoration -save_binaries() { +function save_binaries { # save off list of binaries echo "\n==== Saving binaries from build at `date` ====\n" | \ tee -a $mail_msg_file >> $LOGFILE @@ -231,7 +356,7 @@ save_binaries() { # delete files # usage: hybridize_files DESTDIR MAKE_TARGET -hybridize_files() { +function hybridize_files { DEST=$1 MAKETARG=$2 @@ -254,7 +379,7 @@ hybridize_files() { # restore binaries into the proper source tree. # usage: restore_binaries DESTDIR MAKE_TARGET -restore_binaries() { +function restore_binaries { DEST=$1 MAKETARG=$2 @@ -267,7 +392,7 @@ restore_binaries() { # rename files we save binaries of # usage: rename_files DESTDIR MAKE_TARGET -rename_files() { +function rename_files { DEST=$1 MAKETARG=$2 echo "\n==== Renaming source files in ${MAKETARG} at `date` ====\n" | \ @@ -287,7 +412,7 @@ rename_files() { # # usage: copy_source CODEMGR_WS DESTDIR LABEL SRCROOT # -copy_source() { +function copy_source { WS=$1 DEST=$2 label=$3 @@ -418,7 +543,7 @@ function copy_source_mercurial { # Sets SRC to the modified source tree, for use by the caller when it # builds the tree. # -set_up_source_build() { +function set_up_source_build { WS=$1 DEST=$2 MAKETARG=$3 @@ -498,12 +623,12 @@ set_up_source_build() { } # Return library search directive as function of given root. -myldlibs() { +function myldlibs { echo "-L$1/lib -L$1/usr/lib" } # Return header search directive as function of given root. -myheaders() { +function myheaders { echo "-I$1/usr/include" } @@ -513,7 +638,7 @@ myheaders() { # are written to the mail message. Returns with the status of the # original command. # -makebfu_filt() { +function makebfu_filt { typeset tmplog typeset errors typeset cmd @@ -538,17 +663,48 @@ makebfu_filt() { } # +# Unpack the crypto tarball into the proto area. We first extract the +# tarball into a temp directory so that we can handle the non-debug +# tarball correctly with MULTI_PROTO=no. +# Return 0 on success, non-zero on failure. +# +function unpack_crypto { + typeset tarfile=$1 + typeset suffix=$2 + typeset ctop=$(mktemp -d /tmp/crypto.XXXXXX) + [ -n "$ctop" ] || return 1 + typeset croot=$ctop/proto/root_$MACH$suffix + echo "Unpacking crypto ($tarfile)..." + bzcat "$tarfile" | (cd "$ctop"; tar xfBp -) + if [[ $? -ne 0 || ! -d "$croot" ]]; then + return 1 + fi + # + # We extract with -p so that we maintain permissions on directories. + # + (cd "$croot"; tar cf - *) | (cd "$ROOT"; tar xfBp -) + typeset -i stat=$? + rm -rf "$ctop" + return $stat +} + +# # Function to do the build, including cpio archive and package generation. -# usage: build LABEL SUFFIX MULTIPROTO +# usage: build LABEL SUFFIX ND MULTIPROTO CRYPTO # - LABEL is used to tag build output. -# - SUFFIX is used to distinguish files (e.g., debug vs non-debug). +# - SUFFIX is used to distinguish files (e.g., debug vs non-debug, +# open-only vs full tree). +# - ND is "-nd" (non-debug builds) or "" (debug builds). # - If MULTIPROTO is "yes", it means to name the proto area according to # SUFFIX. Otherwise ("no"), (re)use the standard proto area. +# - CRYPTO is the path to the crypto tarball, or null. # -build() { +function build { LABEL=$1 SUFFIX=$2 - MULTIPROTO=$3 + ND=$3 + MULTIPROTO=$4 + CRYPTOPATH=$5 INSTALLOG=install${SUFFIX}-${MACH} NOISE=noise${SUFFIX}-${MACH} CPIODIR=${CPIODIR_ORIG}${SUFFIX} @@ -598,6 +754,16 @@ build() { this_build_ok=n fi + if [ -n "$CRYPTOPATH" ]; then + unpack_crypto "$CRYPTOPATH" "$ND" >> "$LOGFILE" 2>&1 + if (( $? != 0 )) ; then + echo "Could not unpack crypto ($CRYPTOPATH)" | + tee -a "$mail_msg_file" >> "$LOGFILE" + build_ok=n + this_build_ok=n + fi + fi + if [ "$W_FLAG" = "n" ]; then echo "\n==== Build warnings ($LABEL) ====\n" >>$mail_msg_file egrep -i warning: $SRC/${INSTALLOG}.out \ @@ -729,9 +895,9 @@ build() { echo "\n==== Creating $LABEL packages at `date` ====\n" \ >> $LOGFILE rm -f $SRC/pkgdefs/${INSTALLOG}.out - echo "Clearing out $PKGARCHIVE ..." >> $LOGFILE - rm -rf $PKGARCHIVE - mkdir -p $PKGARCHIVE + echo "Clearing out $PKGARCHIVE ..." >> "$LOGFILE" + rm -rf "$PKGARCHIVE" >> "$LOGFILE" 2>&1 + mkdir -p "$PKGARCHIVE" >> "$LOGFILE" 2>&1 # # Optional build of sparc realmode on i386 @@ -739,8 +905,8 @@ build() { if [ "$MACH" = "i386" ] && [ "${SPARC_RM_PKGARCHIVE}" ]; then echo "Clearing out ${SPARC_RM_PKGARCHIVE} ..." \ >> $LOGFILE - rm -rf ${SPARC_RM_PKGARCHIVE} - mkdir -p ${SPARC_RM_PKGARCHIVE} + rm -rf ${SPARC_RM_PKGARCHIVE} >> "$LOGFILE" 2>&1 + mkdir -p ${SPARC_RM_PKGARCHIVE} >> "$LOGFILE" 2>&1 fi cd $SRC/pkgdefs @@ -778,7 +944,7 @@ build() { # Usage: dolint /dir y|n # Arg. 2 is a flag to turn on/off the lint diff output -dolint() { +function dolint { if [ ! -d "$1" ]; then echo "dolint error: $1 is not a directory" exit 1 @@ -862,7 +1028,7 @@ dolint() { # Install proto area from IHV build -copy_ihv_proto() { +function copy_ihv_proto { echo "\n==== Installing IHV proto area ====\n" \ >> $LOGFILE @@ -901,7 +1067,7 @@ copy_ihv_proto() { # Install IHV packages in PKGARCHIVE # usage: copy_ihv_pkgs LABEL SUFFIX -copy_ihv_pkgs() { +function copy_ihv_pkgs { LABEL=$1 SUFFIX=$2 # always use non-DEBUG IHV packages @@ -936,7 +1102,7 @@ copy_ihv_pkgs() { # # returns non-zero status if the build was successful. # -build_tools() { +function build_tools { DESTROOT=$1 INSTALLOG=install-${MACH} @@ -963,7 +1129,7 @@ build_tools() { # # usage: use_tools TOOLSROOT # -use_tools() { +function use_tools { TOOLSROOT=$1 STABS=${TOOLSROOT}/opt/onbld/bin/${MACH}/stabs @@ -1009,7 +1175,7 @@ use_tools() { echo "ONBLD_TOOLS=${ONBLD_TOOLS}" >> $LOGFILE } -staffer() { +function staffer { if [ $ISUSER -ne 0 ]; then "$@" else @@ -1027,7 +1193,7 @@ staffer() { # Verify that the closed tree is present if it needs to be. # Sets CLOSED_IS_PRESENT for future use. # -check_closed_tree() { +function check_closed_tree { if [ -z "$CLOSED_IS_PRESENT" ]; then if [ -d $CODEMGR_WS/usr/closed ]; then CLOSED_IS_PRESENT="yes" @@ -1051,7 +1217,7 @@ check_closed_tree() { fi } -obsolete_build() { +function obsolete_build { echo "WARNING: Obsolete $1 build requested; request will be ignored" } @@ -1059,7 +1225,7 @@ obsolete_build() { # wrapper over wsdiff. # usage: do_wsdiff LABEL OLDPROTO NEWPROTO # -do_wsdiff() { +function do_wsdiff { label=$1 oldproto=$2 newproto=$3 @@ -1079,14 +1245,14 @@ do_wsdiff() { # together. # -set_non_debug_build_flags() { +function set_non_debug_build_flags { export INTERNAL_RELEASE_BUILD ; INTERNAL_RELEASE_BUILD= export RELEASE_BUILD ; RELEASE_BUILD= unset EXTRA_OPTIONS unset EXTRA_CFLAGS } -set_debug_build_flags() { +function set_debug_build_flags { export INTERNAL_RELEASE_BUILD ; INTERNAL_RELEASE_BUILD= unset RELEASE_BUILD unset EXTRA_OPTIONS @@ -1206,7 +1372,7 @@ XMOD_OPT= build_ok=y tools_build_ok=y -is_source_build() { +function is_source_build { [ "$SE_FLAG" = "y" -o "$SD_FLAG" = "y" -o \ "$SH_FLAG" = "y" -o "$SO_FLAG" = "y" ] return $? @@ -1221,7 +1387,7 @@ is_source_build() { # usage: set_S_flag <type> # where <type> is the source build type ("E", "D", ...). # -set_S_flag() { +function set_S_flag { if is_source_build; then echo "Can only build one source variant at a time." exit 1 @@ -1587,6 +1753,63 @@ fi export PATH export MAKE +# +# Make sure the crypto tarball is available if it's needed. +# + +# Echo the non-debug name corresponding to the given crypto tarball path. +function ndcrypto { + typeset dir file + + if [ -z "$1" ]; then + echo "" + return + fi + + dir=$(dirname "$1") + file=$(basename "$1" ".$MACH.tar.bz2") + + echo "$dir/$file-nd.$MACH.tar.bz2" +} + +# Return 0 (success) if the required crypto tarball(s) are present. +function crypto_is_present { + if [ -z "$ON_CRYPTO_BINS" ]; then + echo "ON_CRYPTO_BINS is null or not set." + return 1 + fi + if [ "$D_FLAG" = y ]; then + if [ ! -f "$ON_CRYPTO_BINS" ]; then + echo "DEBUG crypto tarball is unavailable." + return 1 + fi + fi + if [ "$F_FLAG" = n ]; then + if [ ! -f $(ndcrypto "$ON_CRYPTO_BINS") ]; then + echo "Non-DEBUG crypto tarball is unavailable." + return 1 + fi + fi + + return 0 +} + +# +# Canonicalize ON_CRYPTO_BINS, just in case it was set to the -nd +# tarball. +# +if [ -n "$ON_CRYPTO_BINS" ]; then + export ON_CRYPTO_BINS=$(echo "$ON_CRYPTO_BINS" | + sed -e s/-nd.$MACH.tar/.$MACH.tar/) +fi + +if [[ "$O_FLAG" = y && -z "$CODESIGN_USER" ]]; then + if ! crypto_is_present; then + echo "OpenSolaris deliveries need signed crypto." + exit 1 + fi +fi + if [ "${SUNWSPRO}" != "" ]; then PATH="${SUNWSPRO}/bin:$PATH" export PATH @@ -1678,7 +1901,7 @@ unset CFLAGS LD_LIBRARY_PATH LDFLAGS # create directories that are automatically removed if the nightly script # fails to start correctly -newdir() { +function newdir { dir=$1 toadd= while [ ! -d $dir ]; do @@ -1730,7 +1953,7 @@ fi # Juggle the logs and optionally send mail on completion. # -logshuffle() { +function logshuffle { LLOG="$ATLOG/log.`date '+%F.%H:%M'`" if [ -f $LLOG -o -d $LLOG ]; then LLOG=$LLOG.$$ @@ -1808,7 +2031,7 @@ logshuffle() { # # Remove the locks and temporary files on any exit # -cleanup() { +function cleanup { logshuffle [ -z "$lockfile" ] || staffer rm -f $lockfile @@ -1824,7 +2047,7 @@ cleanup() { rm -rf $TMPDIR } -cleanup_signal() { +function cleanup_signal { build_ok=i # this will trigger cleanup(), above. exit 1 @@ -1840,7 +2063,7 @@ trap cleanup_signal 1 2 3 15 # known to be stale (assumes host name is unique among build systems # for the workspace). # -create_lock() { +function create_lock { lockf=$1 lockvar=$2 @@ -1870,7 +2093,7 @@ create_lock() { # Return the list of interesting proto areas, depending on the current # options. # -allprotos() { +function allprotos { roots="$ROOT" if [ $O_FLAG = y ]; then # OpenSolaris deliveries require separate proto areas. @@ -2088,6 +2311,12 @@ yes|no) ;; ;; esac +# If CODESIGN_USER is set, we'll want the crypto that we just built. +if [[ -n "$CODESIGN_USER" && -n "$ON_CRYPTO_BINS" ]]; then + echo "Clearing ON_CRYPTO_BINS for signing build." >> "$LOGFILE" + unset ON_CRYPTO_BINS +fi + echo "\n==== Build version ====\n" | tee -a $mail_msg_file >> $LOGFILE echo $VERSION | tee -a $mail_msg_file >> $LOGFILE @@ -2214,7 +2443,7 @@ else echo "\n==== No clobber at `date` ====\n" >> $LOGFILE fi -type bringover_teamware > /dev/null 2>&1 || bringover_teamware() { +type bringover_teamware > /dev/null 2>&1 || function bringover_teamware { # sleep on the parent workspace's lock while egrep -s write $BRINGOVER_WS/Codemgr_wsdata/locks do @@ -2236,7 +2465,7 @@ type bringover_teamware > /dev/null 2>&1 || bringover_teamware() { fi } -type bringover_mercurial > /dev/null 2>&1 || bringover_mercurial() { +type bringover_mercurial > /dev/null 2>&1 || function bringover_mercurial { typeset -x PATH=$PATH # If the repository doesn't exist yet, then we want to populate it. @@ -2451,7 +2680,7 @@ type bringover_mercurial > /dev/null 2>&1 || bringover_mercurial() { fi } -type bringover_subversion > /dev/null 2>&1 || bringover_subversion() { +type bringover_subversion > /dev/null 2>&1 || function bringover_subversion { typeset -x PATH=$PATH if [[ ! -d $CODEMGR_WS/.svn ]]; then @@ -2481,7 +2710,7 @@ type bringover_subversion > /dev/null 2>&1 || bringover_subversion() { fi } -type bringover_none > /dev/null 2>&1 || bringover_none() { +type bringover_none > /dev/null 2>&1 || function bringover_none { echo "Couldn't figure out what kind of SCM to use for $BRINGOVER_WS." touch $TMPDIR/bringover_failed } @@ -2491,7 +2720,7 @@ type bringover_none > /dev/null 2>&1 || bringover_none() { # be eval'ed by the caller to associate values (possibly empty) with # variables. In that case, passing in a printf string would let the caller # choose the variable names. -parse_url() { +function parse_url { typeset url method host port path url=$1 @@ -2511,7 +2740,7 @@ parse_url() { echo $method ${host:-localhost} ${path:-/} $port } -http_get() { +function http_get { typeset url method host port path url=$1 @@ -2573,6 +2802,17 @@ else echo "\n==== No bringover to $CODEMGR_WS ====\n" >> $LOGFILE fi +if [ "$CLOSED_IS_PRESENT" = no ]; then + crypto_is_present >> "$LOGFILE" + if (( $? != 0 )); then + build_ok=n + echo "A crypto tarball must be provided when" \ + "there is no closed tree." | + tee -a "$mail_msg_file" >> "$LOGFILE" + exit 1 + fi +fi + echo "\n==== Build environment ====\n" | tee -a $build_environ_file >> $LOGFILE # System @@ -2713,18 +2953,19 @@ else fi # -# Generate the THIRDPARTYLICENSE files if needed. This is done before -# findunref to help identify license files that need to be added to -# the list. +# Generate the THIRDPARTYLICENSE files if needed. This is done after +# the build, so that dynamically-created license files are there. +# It's done before findunref to help identify license files that need +# to be added to tools/opensolaris/license-list. # if [ "$O_FLAG" = y -a "$build_ok" = y ]; then - echo "\n==== Generating THIRDPARTYLICENSE files ====\n" | \ - tee -a $mail_msg_file >> $LOGFILE + echo "\n==== Generating THIRDPARTYLICENSE files ====\n" | + tee -a "$mail_msg_file" >> "$LOGFILE" - mktpl usr/src/tools/opensolaris/license-list >>$LOGFILE 2>&1 + mktpl usr/src/tools/opensolaris/license-list >> "$LOGFILE" 2>&1 if (( $? != 0 )) ; then echo "Couldn't create THIRDPARTYLICENSE files" | - tee -a $mail_msg_file >> $LOGFILE + tee -a "$mail_msg_file" >> "$LOGFILE" fi fi @@ -3179,6 +3420,50 @@ fi # Generate the OpenSolaris deliverables if requested. Some of these # steps need to come after findunref and are commented below. # + +# +# Copy an input crypto tarball to the canonical destination (with +# datestamp), and point the non-stamped symlink at it. +# Usage: copycrypto from_path suffix +# Returns 0 if successful, non-zero if not. +# +function copycrypto { + typeset from=$1 + typeset suffix=$2 + typeset to=$(cryptodest "$suffix").bz2 + typeset -i stat + cp "$from" "$to" + stat=$? + if (( $stat == 0 )); then + cryptolink "$to" "$suffix" + stat=$? + fi + return $stat +} + +# +# Pass through the crypto tarball(s) that we were given, putting it in +# the same place that crypto_from_proto puts things. +# +function crypto_passthrough { + echo "Reusing $ON_CRYPTO_BINS for crypto tarball(s)..." >> "$LOGFILE" + if [ "$D_FLAG" = y ]; then + copycrypto "$ON_CRYPTO_BINS" "" >> "$LOGFILE" 2>&1 + if (( $? != 0 )) ; then + echo "Couldn't create DEBUG crypto tarball." | + tee -a "$mail_msg_file" >> "$LOGFILE" + fi + fi + if [ "$F_FLAG" = n ]; then + copycrypto $(ndcrypto "$ON_CRYPTO_BINS") "-nd" \ + >> "$LOGFILE" 2>&1 + if (( $? != 0 )) ; then + echo "Couldn't create non-DEBUG crypto tarball." | + tee -a "$mail_msg_file" >> "$LOGFILE" + fi + fi +} + if [ "$O_FLAG" = y -a "$build_ok" = y ]; then echo "\n==== Generating OpenSolaris tarballs ====\n" | \ tee -a $mail_msg_file >> $LOGFILE @@ -3251,6 +3536,10 @@ if [ "$O_FLAG" = y -a "$build_ok" = y ]; then tee -a $mail_msg_file >> $LOGFILE fi fi + + if [ -n "$ON_CRYPTO_BINS" ]; then + crypto_passthrough + fi fi # Verify that the usual lists of files, such as exception lists, diff --git a/usr/src/uts/intel/Makefile.intel.shared b/usr/src/uts/intel/Makefile.intel.shared index 91fcd94175..391862e93d 100644 --- a/usr/src/uts/intel/Makefile.intel.shared +++ b/usr/src/uts/intel/Makefile.intel.shared @@ -230,6 +230,7 @@ DRV_KMODS += cpuid DRV_KMODS += cpunex DRV_KMODS += crypto DRV_KMODS += cryptoadm +DRV_KMODS += dca DRV_KMODS += dda DRV_KMODS += devinfo DRV_KMODS += dld @@ -373,12 +374,6 @@ DRV_KMODS += ncall nsctl sdbc nskern sv DRV_KMODS += ii rdc rdcsrv rdcstub DRV_KMODS += iptun -# -# Don't build some of these for OpenSolaris, since they will be -# replaced by binaries that are signed by Sun Release Engineering. -# -$(CLOSED_BUILD)DRV_KMODS += dca - $(CLOSED_BUILD)CLOSED_DRV_KMODS += bmc $(CLOSED_BUILD)CLOSED_DRV_KMODS += elxl $(CLOSED_BUILD)CLOSED_DRV_KMODS += glm @@ -663,14 +658,11 @@ $(CLOSED_BUILD)CLOSED_MISC_KMODS += scsi_vhci_f_sym_emc # # Software Cryptographic Providers (/kernel/crypto): # -# Don't build some of these for OpenSolaris, since they will be -# replaced by binaries that are signed by Sun RE. -# -$(CLOSED_BUILD)CRYPTO_KMODS += aes -$(CLOSED_BUILD)CRYPTO_KMODS += arcfour -$(CLOSED_BUILD)CRYPTO_KMODS += blowfish -$(CLOSED_BUILD)CRYPTO_KMODS += des -$(CLOSED_BUILD)CRYPTO_KMODS += ecc +CRYPTO_KMODS += aes +CRYPTO_KMODS += arcfour +CRYPTO_KMODS += blowfish +CRYPTO_KMODS += des +CRYPTO_KMODS += ecc CRYPTO_KMODS += md4 CRYPTO_KMODS += md5 CRYPTO_KMODS += rsa diff --git a/usr/src/uts/sparc/Makefile.sparc.shared b/usr/src/uts/sparc/Makefile.sparc.shared index 595af14c8a..b58991bfef 100644 --- a/usr/src/uts/sparc/Makefile.sparc.shared +++ b/usr/src/uts/sparc/Makefile.sparc.shared @@ -228,12 +228,7 @@ DRV_KMODS += fm DRV_KMODS += nulldriver DRV_KMODS += bridge trill DRV_KMODS += bpf - -# -# Don't build some of these for OpenSolaris, since they will be -# replaced by binaries that are signed by Sun Release Engineering. -# -$(CLOSED_BUILD)DRV_KMODS += dca +DRV_KMODS += dca $(CLOSED_BUILD)CLOSED_DRV_KMODS += glm $(CLOSED_BUILD)CLOSED_DRV_KMODS += isp @@ -442,13 +437,10 @@ $(CLOSED_BUILD)CLOSED_MISC_KMODS += scsi_vhci_f_sym_emc # # Software Cryptographic Providers (/kernel/crypto): # -# Don't build some of these for OpenSolaris, since they will be -# replaced by binaries that are signed by Sun RE. -# -$(CLOSED_BUILD)CRYPTO_KMODS += aes -$(CLOSED_BUILD)CRYPTO_KMODS += arcfour -$(CLOSED_BUILD)CRYPTO_KMODS += blowfish -$(CLOSED_BUILD)CRYPTO_KMODS += des +CRYPTO_KMODS += aes +CRYPTO_KMODS += arcfour +CRYPTO_KMODS += blowfish +CRYPTO_KMODS += des CRYPTO_KMODS += md4 CRYPTO_KMODS += md5 CRYPTO_KMODS += ecc diff --git a/usr/src/uts/sun4u/Makefile.sun4u.shared b/usr/src/uts/sun4u/Makefile.sun4u.shared index 3544159026..d23b55ed70 100644 --- a/usr/src/uts/sun4u/Makefile.sun4u.shared +++ b/usr/src/uts/sun4u/Makefile.sun4u.shared @@ -20,7 +20,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # This makefile contains the common definitions for the sun4u unix @@ -444,12 +444,9 @@ BRAND_KMODS += sn1_brand s10_brand # # Software Cryptographic Providers (/kernel/crypto): # -# Don't build some of these for OpenSolaris, since they will be -# replaced by binaries that are signed by Sun RE. -# -$(CLOSED_BUILD)CRYPTO_KMODS += aes -$(CLOSED_BUILD)CRYPTO_KMODS += arcfour -$(CLOSED_BUILD)CRYPTO_KMODS += des +CRYPTO_KMODS += aes +CRYPTO_KMODS += arcfour +CRYPTO_KMODS += des # # generic-unix module (/kernel/genunix): diff --git a/usr/src/uts/sun4v/Makefile.sun4v.shared b/usr/src/uts/sun4v/Makefile.sun4v.shared index 3a1512de2e..429854c897 100644 --- a/usr/src/uts/sun4v/Makefile.sun4v.shared +++ b/usr/src/uts/sun4v/Makefile.sun4v.shared @@ -20,7 +20,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # This makefile contains the common definitions for the sun4v unix @@ -411,10 +411,7 @@ BRAND_KMODS += sn1_brand s10_brand # # Software Cryptographic Providers (/kernel/crypto): # -# Don't build this for OpenSolaris, since it will be replaced by -# a binary that is signed by Sun RE. -# -$(CLOSED_BUILD)CRYPTO_KMODS += arcfour +CRYPTO_KMODS += arcfour # # generic-unix module (/kernel/genunix): |