Mercurial > illumos > illumos-gate
changeset 11062:c5aa655977cc
6900578 Update bfu to remove fips entry in kcf.conf
| author | Hai-May Chao <Hai-May.Chao@Sun.COM> |
|---|---|
| date | Thu, 12 Nov 2009 18:13:18 -0800 |
| parents | 1e27eb9fbdd7 |
| children | 2523eaff99a3 |
| files | usr/src/tools/scripts/bfu.sh |
| diffstat | 1 files changed, 22 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/tools/scripts/bfu.sh Thu Nov 12 17:40:34 2009 -0700 +++ b/usr/src/tools/scripts/bfu.sh Thu Nov 12 18:13:18 2009 -0800 @@ -4149,6 +4149,23 @@ } # +# Remove old fips-140 entry from kcf.conf if it is found +# +cleanup_kcf_fips140() +{ + + kcfconf=$rootprefix/etc/crypto/kcf.conf + kcfconftmp=/tmp/kcfconf.tmp.$$ + + if grep '^fips-140:' $kcfconf >/dev/null ; then + grep -v '^fips-140:' $kcfconf > $kcfconftmp + print "Removing obsolete fips-140 entry from kcf.conf" + cp $kcfconftmp $kcfconf + rm -f $kcfconftmp + fi +} + +# # Add metaslot configuration to pkcs11.conf if it doesn't already exist # enable_crypto_metaslot() @@ -8661,6 +8678,11 @@ # Remove bsmrecord. Renamed to auditrecord. rm -f $root/usr/sbin/bsmrecord + # Remove old fips-140 entry from kcf.conf + if [ -f $rootprefix/etc/crypto/kcf.conf ] ; then + cleanup_kcf_fips140 + fi + print "\nFor each file in conflict, your version has been restored." print "The new versions are under $rootprefix/bfu.conflicts." print "\nMAKE SURE YOU RESOLVE ALL CONFLICTS BEFORE REBOOTING.\n"