#
# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"@(#)postinstall	1.3	07/06/04 SMI"
#

# This postinstall script "clones" the policy for aes/arcfour/blowfish to the
# encryption kit aes256, arcfour2048, and blowfish448 modules.
# Because we want to do the policy cloning and only have one of the kernel
# providers enabled we can't use the i.kcfconf class action script.
# We can't run cryptoadm(1m) here because it might not be available yet.

PKGCOND=/usr/bin/pkgcond
is_srngz=99

if [ -x $PKGCOND ]; then
     $PKGCOND -v is_sparse_root_nonglobal_zone > /dev/null 2>&1
     is_srngz=$?
fi

##
## 'pkgcond' does not exist when you do live upgrade from S8/S9
## so in that case, use 'touch' instead for the testing
##

test_writable() {
        if [ $is_srngz -ne 99 ]; then
                $PKGCOND is_path_writable $1 && return $?
        else
                /usr/bin/touch $1/.test.$$ > /dev/null 2>&1
                if [ $? !=  0 ]; then
                        return 1
                else
                        rm -f  $1/.test.$$ > /dev/null 2>&1
                        return 0
                fi
        fi
}

test_writable $BASEDIR/etc/crypto > /dev/null 2>&1
if [ $? = 0 ]; then
kcfconf=$BASEDIR/etc/crypto/kcf.conf
if [ ! -r $kcfconf ]; then
	echo "/etc/crypto/kcf.conf not found, this may be an attempt to \c"	
	echo "install this package on an incorrect release of Solaris"
	exit 2
fi

cp -p $kcfconf ${kcfconf}.tmp

sed -e 's/^aes:/aes256:/' -e 's/^blowfish:/blowfish448:/' -e \
	's/^arcfour:/arcfour2048:/' \
	$kcfconf > ${kcfconf}.tmp

mv -f ${kcfconf}.tmp $kcfconf

if [ -z "$BASEDIR" ]; then
	[ -x /usr/sbin/cryptoadm ] && /usr/sbin/cryptoadm refresh
fi

# "Clone" the policy for pkcs11_softtoken to the encryption kit version
# and "disable" pkcs11_softoken.  This is reversed in the preremove script.
#
# Because we want to do the policy cloning and only have one of the softtoken's
# enabled we can't used the i.pkcs11conf class action script.
# We can't run cryptoadm(1m) here because it might not be available yet.

        pkcs11conf=$BASEDIR/etc/crypto/pkcs11.conf
        if [ ! -r $pkcs11conf ]; then
        echo "/etc/crypto/pkcs11.conf not found, this may be an attempt to \c"
        echo "install this package on an incorrect release of Solaris"
        exit 2
        fi
cp -p $pkcs11conf ${pkcs11conf}.tmp

sed 's/pkcs11_softtoken\.so/pkcs11_softtoken_extra.so/' \
        $pkcs11conf > ${pkcs11conf}.tmp

mv -f ${pkcs11conf}.tmp $pkcs11conf

fi

exit 0