Print this page
*** NO COMMENTS ***
| Split |
Close |
| Expand all |
| Collapse all |
--- old/src/svc/svc-pkg-depot
+++ new/src/svc/svc-pkg-depot
1 1 #!/usr/bin/ksh -p
2 2 #
3 3 # CDDL HEADER START
4 4 #
5 5 # The contents of this file are subject to the terms of the
6 6 # Common Development and Distribution License (the "License").
7 7 # You may not use this file except in compliance with the License.
8 8 #
9 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 # or http://www.opensolaris.org/os/licensing.
11 11 # See the License for the specific language governing permissions
12 12 # and limitations under the License.
13 13 #
14 14 # When distributing Covered Code, include this CDDL HEADER in each
15 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 # If applicable, add the following below this CDDL HEADER, with the
17 17 # fields enclosed by brackets "[]" replaced with your own identifying
18 18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 19 #
20 20 # CDDL HEADER END
21 21 #
22 22 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 # Use is subject to license terms.
24 24
25 25 # Load SMF constants and functions
26 26 . /lib/svc/share/smf_include.sh
27 27
28 28 if [[ -z "$SMF_FMRI" ]]; then
29 29 echo "this script can only be invoked by smf(5)"
30 30 exit $SMF_EXIT_ERR_NOSMF
31 31 fi
32 32
33 33 case "$1" in
34 34 'start')
35 35 # Handles depot startup
36 36
37 37 # boolean_props are properties which are communicated to the depot
38 38 # via a flag being present or absent on the command line.
39 39 boolean_props="mirror readonly"
40 40 set -A boolean_cmd_line "mirror" "readonly"
41 41
42 42 # short_option_props are properties which are communicated to the depot
43 43 # via a single character flag which takes an argument.
44 44 short_option_props="inst_root port threads socket_timeout"
45 45 set -A short_option_cmd_line "d" "p" "s" "t"
46 46
47 47 # short_option_props are properties which are communicated to the depot
|
↓ open down ↓ |
47 lines elided |
↑ open up ↑ |
48 48 # via a long option flag which takes an argument.
49 49 long_option_props="cfg_file content_root debug log_access log_errors \
50 50 proxy_base ssl_cert_file ssl_dialog ssl_key_file writable_root"
51 51 set -A long_option_cmd_line "cfg-file" "content-root" "debug" \
52 52 "log-access" "log-errors" "proxy-base" "ssl-cert-file" \
53 53 "ssl-dialog" "ssl-key-file" "writable-root"
54 54
55 55 bool_ops=""
56 56 option_props=""
57 57
58 + # retrieve the pkg_env property. If the variable is left empty
59 + # pkg_env is /
60 + pkg_env=$(svcprop -p pkg/pkg_env $SMF_FMRI)
61 + if [[ $? -ne 0 ]]; then
62 + echo "service property pkg/pkg_env not defined for" \
63 + "service: $SMF_FMRI"
64 + exit $SMF_EXIT_ERR_CONFIG
65 + fi
66 +
67 + # adjust the PYTHONPATH to point to the current environment
68 + PYTHONPATH=${pkg_env}/usr/lib/python2.4/vendor-packages/:$PYTHONPATH
69 + export PYTHONPATH
70 +
58 71 # Go through each property in boolean_props and, if its value is set
59 72 # to true in SMF, add the appropriate command line flag to the string.
60 73 cnt=0
61 74 for b in $boolean_props; do
62 75 val=$(svcprop -p pkg/$b $SMF_FMRI)
63 76 if [[ $? -ne 0 ]]; then
64 77 echo "service property pkg/$b not defined for" \
65 78 "service: $SMF_FMRI"
66 79 exit $SMF_EXIT_ERR_CONFIG
67 80 fi
68 81 # If the property is set to true, add the flag.
69 82 if [[ $val == 'true' ]]; then
70 83 bool_ops="$bool_ops --${boolean_cmd_line[$cnt]}"
71 84 fi
72 85 cnt=$(($cnt + 1))
73 86 done
74 87
75 88 # Go through each property in short_option_props and, if its value is
76 89 # set to something other than "", add the appropriate command line
77 90 # flag and argument to the string.
78 91 cnt=0
79 92 for o in $short_option_props; do
80 93 val=$(svcprop -p pkg/$o $SMF_FMRI)
81 94 if [[ $? -ne 0 ]]; then
82 95 echo "service property pkg/$o not defined for" \
83 96 "service: $SMF_FMRI"
84 97 exit $SMF_EXIT_ERR_CONFIG
85 98 fi
86 99 # If the SMF property is set to something other than 'none', add
87 100 # the flag and its argument to the command.
88 101 if [[ $val != '""' ]]; then
89 102 option_ops="$option_ops -${short_option_cmd_line[$cnt]} $val"
90 103 fi
91 104 cnt=$(($cnt + 1))
92 105 done
93 106
94 107 # Go through each property in long_option_props and, if its value is
95 108 # set to something other than "", add the appropriate command line
96 109 # flag and argument to the string.
97 110 cnt=0
98 111 for o in $long_option_props; do
99 112 val=$(svcprop -p pkg/$o $SMF_FMRI)
100 113 if [[ $? -ne 0 ]]; then
101 114 echo "service property pkg/$o not defined for" \
102 115 "service: $SMF_FMRI"
103 116 exit $SMF_EXIT_ERR_CONFIG
104 117 fi
105 118 # If the SMF property is set to something other than 'none', add
106 119 # the flag and its argument to the command.
107 120 if [[ $o == 'ssl_dialog' && $val == 'smf' ]]; then
108 121 option_ops="$option_ops --${long_option_cmd_line[$cnt]}=smf:$SMF_FMRI"
109 122 elif [[ $val != '""' ]]; then
110 123 option_ops="$option_ops --${long_option_cmd_line[$cnt]}=$val"
111 124 fi
112 125 cnt=$(($cnt + 1))
113 126 done
114 127
115 128 #
116 129 # Determine if fork and exec are needed.
117 130 #
118 131 need_forkexec="true"
119 132 if [[ $bool_ops == *'--readonly'* ]]; then
120 133 need_forkexec="false"
121 134 echo "option_ops: [$option_ops]"
122 135 if [[ "$option_ops" == *--ssl-dialog=@(smf|exec):* && \
123 136 "$option_ops" == *'--ssl-key-file='* && \
124 137 "$option_ops" != *'--ssl-key-file=none'* ]]; then
125 138 need_forkexec="true"
126 139 fi
127 140 if [[ "$option_ops" == *'--writable-root='* ]]; then
128 141 need_forkexec="true"
129 142 fi
130 143
131 144 fi
132 145
133 146 #
134 147 # If we don't need them, drop fork and exec.
135 148 #
136 149 forkexec=""
137 150 if [[ $need_forkexec == 'false' ]]; then
138 151 echo "Dropping fork(2) and exec(2) privileges."
139 152 forkexec=",-proc_fork,-proc_exec"
140 153 fi
141 154
142 155 #
143 156 # If this process has net_privaddr, then we pass it along.
144 157 # If not, we ensure that we don't specify it, since that will
145 158 # cause ppriv to throw an error.
146 159 #
147 160 privaddr=""
148 161 ppriv -v $$ | grep 'E: ' | grep net_privaddr > /dev/null 2>&1
149 162 if [[ $? == 0 ]]; then
|
↓ open down ↓ |
82 lines elided |
↑ open up ↑ |
150 163 echo "Dropping net_privaddr privilege."
151 164 privaddr=",net_privaddr"
152 165 fi
153 166 #
154 167 # We build up the privileges available starting with "basic".
155 168 # This provides some protection even when the depot runs as root.
156 169 #
157 170 wrapper="ppriv -s A=basic,-file_link_any,-proc_info,-proc_session$privaddr$forkexec -e"
158 171
159 172 # Build the command to start pkg.depotd with the specified options.
160 - cmd="$wrapper /usr/lib/pkg.depotd $bool_ops $option_ops"
173 + cmd="$wrapper ${pkg_env}/usr/lib/pkg.depotd $bool_ops $option_ops"
161 174 # Echo the command so that the log contains the command used to start
162 175 # the depot.
163 176 echo $cmd
164 177
165 178 exec $cmd
166 179
167 180 ;;
168 181
169 182 'stop')
170 183 #
171 184 # Strategy: First, try shutting down depot using polite kill. Use up
172 185 # as much as possible of the allotted timeout period waiting for polite
173 186 # kill to take effect. As time runs out, try a more aggressive kill.
174 187 #
175 188 SVC_TIMEOUT=`svcprop -p stop/timeout_seconds $SMF_FMRI`
176 189 if [[ $? -ne 0 ]]; then
177 190 echo "service property stop/timeout_seconds not defined" \
178 191 "for service: $SMF_FMRI"
179 192 exit $SMF_EXIT_ERR_CONFIG
180 193 fi
181 194
182 195 #
183 196 # Note that we're working around an oddity in smf_kill_contract: it
184 197 # waits in 5 second chunks and can overshoot the specified timeout
185 198 # by as many as 4 seconds. Example: a specified wait of 6 will result
186 199 # in a wait of 10 seconds in reality. Since we may potentially do a
187 200 # first kill and then a second, we must ensure that at least 8 seconds
188 201 # of slop is left in reserve. To be paranoid, we go for 10.
189 202 #
190 203 ((POLITE=$SVC_TIMEOUT - 10))
191 204 if [[ $POLITE -gt 0 ]]; then
192 205 smf_kill_contract $2 TERM 1 $POLITE
193 206 ret=$?
194 207 # '2' indicates timeout with non-empty contract.
195 208 if [[ $ret -eq 2 ]]; then
196 209 echo "Gentle contract kill timed out after"
197 210 "$POLITE seconds, trying SIGKILL." >&2
198 211 #
199 212 # Again, despite the specified timeout, this will
200 213 # take a minimum of 5 seconds to complete.
201 214 #
202 215 smf_kill_contract $2 KILL 1 1
203 216 if [[ $ret -ne 0 ]]; then
204 217 exit $SMF_EXIT_ERR_FATAL
205 218 fi
206 219 fi
207 220 else
208 221 # If the timeout is too short, we just try once, politely.
209 222 smf_kill_contract $2 TERM
210 223 fi
211 224 ;;
212 225
213 226 *)
214 227 echo "Usage: $0 { start | stop }"
215 228 exit $SMF_EXIT_ERR_CONFIG
216 229 ;;
217 230
218 231 esac
219 232 exit $SMF_EXIT_OK
|
↓ open down ↓ |
49 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX