changeset 11062:c5aa655977cc

6900578 Update bfu to remove fips entry in kcf.conf
author Hai-May Chao <Hai-May.Chao@Sun.COM>
date Thu, 12 Nov 2009 18:13:18 -0800
parents 1e27eb9fbdd7
children 2523eaff99a3
files usr/src/tools/scripts/bfu.sh
diffstat 1 files changed, 22 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/tools/scripts/bfu.sh	Thu Nov 12 17:40:34 2009 -0700
+++ b/usr/src/tools/scripts/bfu.sh	Thu Nov 12 18:13:18 2009 -0800
@@ -4149,6 +4149,23 @@
 }
 
 #
+# Remove old fips-140 entry from kcf.conf if it is found
+#
+cleanup_kcf_fips140()
+{
+
+	kcfconf=$rootprefix/etc/crypto/kcf.conf
+	kcfconftmp=/tmp/kcfconf.tmp.$$
+
+	if grep '^fips-140:' $kcfconf >/dev/null ; then
+		grep -v '^fips-140:' $kcfconf > $kcfconftmp
+		print "Removing obsolete fips-140 entry from kcf.conf"
+		cp $kcfconftmp $kcfconf
+		rm -f $kcfconftmp
+	fi 
+}
+
+#
 # Add metaslot configuration to pkcs11.conf if it doesn't already exist
 #
 enable_crypto_metaslot()
@@ -8661,6 +8678,11 @@
 	# Remove bsmrecord.  Renamed to auditrecord.
 	rm -f $root/usr/sbin/bsmrecord
 
+	# Remove old fips-140 entry from kcf.conf
+	if [ -f $rootprefix/etc/crypto/kcf.conf ] ; then
+		cleanup_kcf_fips140
+	fi
+
 	print "\nFor each file in conflict, your version has been restored."
 	print "The new versions are under $rootprefix/bfu.conflicts."
 	print "\nMAKE SURE YOU RESOLVE ALL CONFLICTS BEFORE REBOOTING.\n"