#
# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"@(#)preremove	1.3	07/06/04 SMI"
#

# This preremove script "clones" the policy for aes256/arcfour2048/blowfish448
# to the back to the base aes, arcfour, and blowfish modules.
# Because we want to do the policy cloning and only have one of the modules's
# enabled we can't used the i.kcfconf class action script.
# We can't run cryptoadm(1m) here because it might not be available.

PKGCOND=/usr/bin/pkgcond
is_srngz=99

if [ -x $PKGCOND ]; then
     $PKGCOND -v is_sparse_root_nonglobal_zone > /dev/null 2>&1
     is_srngz=$?
fi

##
## 'pkgcond' does not exist when you do live upgrade from S8/S9
## so in that case, use 'touch' instead for the testing
##

test_writable() {
        if [ $is_srngz -ne 99 ]; then
                $PKGCOND is_path_writable $1 && return $?
        else
                /usr/bin/touch $1/.test.$$ > /dev/null 2>&1
                if [ $? !=  0 ]; then
                        return 1
                else
                        rm -f  $1/.test.$$ > /dev/null 2>&1
                        return 0
                fi
        fi
}

test_writable $BASEDIR/etc/crypto > /dev/null 2>&1
if [ $? = 0 ]; then

kcfconf=$BASEDIR/etc/crypto/kcf.conf
if [ ! -r $kcfconf ]; then
	echo "/etc/crypto/kcf.conf not found, this may be an attempt to \c"	
	echo "install this package on an incorrect release of Solaris"
	exit 2
fi

cp -p $kcfconf ${kcfconf}.tmp

sed -e 's/^aes256:/aes:/' -e 's/^blowfish448:/blowfish:/' -e \
	's/^arcfour2048:/arcfour:/' \
	$kcfconf > ${kcfconf}.tmp

mv -f ${kcfconf}.tmp $kcfconf

if [ -z "$BASEDIR" ]; then
	[ -x /usr/sbin/cryptoadm ] && /usr/sbin/cryptoadm refresh
fi

# Undo the changes for SUNWcry pkcs11_softtoken
#
# This preremove script reactivates pkcs11_softtoken with the policy.
# Because we want to do the policy cloning and only have one of the softtoken's
# enabled we can't used the r.pkcs11conf class action script.
# We can't run cryptoadm(1m) here because it might not be available.
pkcs11conf=$BASEDIR/etc/crypto/pkcs11.conf
        if [ ! -r $pkcs11conf ]; then
        echo "/etc/crypto/pkcs11.conf not found, this may be an attempt to \c"
        echo "remove this package from an incorrect release of Solaris"
        exit 2
        fi

sed 's/pkcs11_softtoken_extra\.so/pkcs11_softtoken.so/' \
        $pkcs11conf > ${pkcs11conf}.tmp

mv -f ${pkcs11conf}.tmp $pkcs11conf
fi

exit 0