Patch: Solaris packages don't create privsep user or group

Tim McGarry tim at mcgarry.ch
Thu Jul 18 06:10:39 EST 2002


Or another possibility would be to do absolutely nothing on the pkgadd other
than add the core files, handle key generation, checking/creating users when
necessary with the rc script that starts sshd on the next boot.

Tim
----- Original Message -----
From: <Nicolas.Williams at ubsw.com>
To: <Darren.Moffat at Sun.COM>
Cc: <openssh-unix-dev at mindrot.org>
Sent: Wednesday, July 17, 2002 7:22 PM
Subject: RE: Patch: Solaris packages don't create privsep user or group


>
> Right. But I was wondering if the pkg could detect that it's
> being installed on a build intended to be a Flash Start
> archive image. A response file could do it I suppose...
>
> In any case, even when doing a Flash install there is still a
> finish script that runs for every build, yes? If so then one
> can write a finish script to re-gen keys and leave existing
> pkgs that gen keys alone.
>
> Cheers,
>
> Nico
> --
>
> > -----Original Message-----
> > From: Darren Moffat [mailto:Darren.Moffat at Sun.COM]
> > Sent: Wednesday, July 17, 2002 12:37 PM
> > To: Williams, Nicolas
> > Cc: openssh-unix-dev at mindrot.org
> > Subject: RE: Patch: Solaris packages don't create privsep
> > user or group
> >
> >
> > >How can a package's checkinstall/postinstall detect that
> > >JSS Flash is being used?
> >
> > It can't.
> >
> > When you use Jumpstart Flash you install the system from packages
> > as normal.  Then run sys-unconfig and create flash archives (basically
> > cpio bundles with extra info).
> >
> > For a package to be Jumpstart Flash "safe" it shouldn't do anything to
> > the system that isn't generic to all installs.  In the case of sshd
> > the keys identify a particular system so you really don't want them
> > in your flash archives.
> >
> > --
> > Darren J Moffat
> >
> >
>
> Visit our website at http://www.ubswarburg.com
>
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses.  The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission.  If
> verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list