środa, 20 października 2010

find and symlinks

A pearl of wisdom from today problems: find does not automatically descend into symlinks to directories. You have to ask it to, by using -follow. It turns out that trivia is not widely known at this site.
This has today surfaced with filesystem hierarchy resembling below:

drwxr-xr-x /usr/local/bin/Testing
lrwxrwxrwx /opt/Testing -> /usr/local/bin/Testing

It translates into: /usr/locla/bin/Testing is a directory and /opt/Testing is a symbolic link to this directory. Within this directory lies a file test.t.
A developer was bewildered why, when he cds into /opt/Testing, following find the file:

find . -name test.t

and following does not:

find /opt/ -name test.t

Reason is simple. find, by default, will not follow symlinks to directories. There is an option for that: -follow.

poniedziałek, 13 września 2010

Closed crypto removed from illumos - FLAG DAY


I paste e-mail from Garrett, which constitutes a flag day for everyone building illumos nightly. Please, read it carefully, as it explains itself nicely:

With my integration of "6 Need open kcfd", there is actually no more
kcfd or signed crypto tarballs. (The necessary code for thread
management is in the kernel kcf. You'll notice new kernel LWPs called
"kcfpoold" in ps -eLf output.) Also, all vestiges of FIPS-140 support
are removed.

This represents a flag day for everyone building illumos.

You must do a full nightly across thsi flag day -- incrementals *will*

You must not have a crypto tarball. (One less thing to download from
Oracle.. yay!)

You *MUST* use the version of nightly in the latest source. It is a
syntax error to try to use the old nightly -- it won't work unless you
have the old crypto tarball, and if you do, the result will not be

To recap:

* remove crypto tarball if present.
* use nightly from source tree
* do a full clobber build.

Thank you.

- Garrett

How to build illumos guide has been updated to follow this change. Enjoy!

środa, 1 września 2010

Broken splashimage with illumos boot menu

Due to some misunderstanding, a solaris.xpm have been removed too early from illumos source tree. It results in problems while trying to boot your new illumos boot environment, if you have updated with onu.sh script.
If you happen to have this problem, what you need is modify your grub menu. Mine looks like this.

title os-devel_145
findroot (pool_rpool,0,a)
bootfs rpool/ROOT/os-devel_145
splashimage /boot/solaris.xpm
foreground d25f00
background 115d93
kernel$ /platform/i86pc/kernel/$ISADIR/unix -B $ZFS-BOOTFS,console=graphics
module$ /platform/i86pc/$ISADIR/boot_archive

What you need to do, is edit it, so it looks like below:

title os-devel_145
findroot (pool_rpool,0,a)
bootfs rpool/ROOT/os-devel_145
kernel$ /platform/i86pc/kernel/$ISADIR/unix -B $ZFS-BOOTFS
module$ /platform/i86pc/$ISADIR/boot_archive

On somewhat related note, booting to single user mode is done with adding -s at the end of the kernel$ line:

kernel$ /platform/i86pc/kernel/$ISADIR/unix -B $ZFS-BOOTFS -s

The problem with missing splashimage is known and a bug has been filed.

niedziela, 29 sierpnia 2010

Illumos building instructions

As far as we know, Oracle has stopped developing OpenSolaris in the open. For those of us, who would rather have Opensolaris become a real openly developed operating system, ptoject illumos came to life. Thanks to Garrett d'Amore et consortes. On the illumos wiki page there is a nice instruction on compiling your own post build 134 illumos source.
Already much work has been put in the source tree to liberate it from dependency on /extra repository and new putbacks arrive all the time.
If you'd like to check it for yourself, here is the link to How to build illumos guide.

wtorek, 15 czerwca 2010

Zones delegated administration

To counter my previous entry, this is something that touches Zones also, but is pretty nice feature:
http://static.opensolaris.org/on/flagdays/pages/20100607142839.html - delegated zones administration.
Basically a user or role in global zone can be designated in a zone configuration as a admin resource, thus giving the user/role additional abilities to control zones.
A good example taken from the link above:

           example# zonecfg -z myzone
zonecfg:myzone> add admin
zonecfg:myzone:admin> set user=zadmin
zonecfg:myzone:admin> set auths=login,manage,clonefrom
zonecfg:myzone:admin> end
zonecfg:myzone> commit

No, user zadmin can use profiled shell to administer zones.

Linux Brandz removed from ON

ONNV build 143 is a important for every one of us that uses lx Branded Zones - the Linux ones. There have been a stall in development since some time and forums are full of people looking for ways to install anything newer than CentOS images provided by the project. But since the build 143 Linux Brandz will be removed. If you you is too, like me, you have to plan for some migration.
And so Linux Brandz go away: http://static.opensolaris.org/on/flagdays/pages/20100612010403.html

poniedziałek, 7 czerwca 2010

SFE bootstrap script

Thanks to Tommw, who maintains sfe bootstrap script, you can set up a complete SFE compilation ready environment in few simple moves.
The script can be downloaded from here: http://tinyurl.com/bootstrap-sfe-latest-os20nn. Just use wget:

  1. wget -N "http://tinyurl.com/bootstrap-sfe-latest-os20nn"

  2. chmod a+rx bootstrap-sfe-latest-os20nn

  3. ./bootstrap-sfe-latest-os20nn username

Username is a login of a user that you'll use for compilation. The script does all the magic, just answer two or three simple questions - user's password.
Before you begin, you may want to:

  • Create a user that will be responsible for compilation. User should have a "Software Installation" profile assigned. I use my main user, who has both Software Installation and Primary Administrator profiles.

  • pfexec pkg install wget

Remember to send Thanks e-mail to address printed after the bootstrap script finishes.

środa, 28 kwietnia 2010

PSARC 2009/377; 2009/378; 2010/072

PSARC 2009/377
  • In-kernel pfexec implementation.

PSARC 2009/378
  • Basic File Privileges

PSARC 2010/072

  • RBAC update: user attrs from profiles,

  • 4912090 pfzsh(1) should exist,

  • 4912093 pfbash(1) should exist,

  • 4912096 pftcsh(1) should exist,

  • 6440298 Expand the basic privilege set in order to restrict file access,
  • 6859862 Move pfexec into the kernel, [that one is interesting - trochej]

  • 6919171 cred_t sidesteps kmem_debug; we need to be able to detect bad hold/