[OmniOS-discuss] SSH versions on global and non-global zones
Eric Sproul
eric.sproul at circonus.com
Fri Dec 11 20:51:01 UTC 2015
On Fri, Dec 11, 2015 at 3:38 PM, Dan McDonald <danmcd at omniti.com> wrote:
> Huh... I had NO idea it would do that. I assumed (probably incorrectly) that the NGZs would get "entire" just like the global one would.
>
>
> Ahhh, I see the problem:
>
> https://github.com/omniti-labs/pkg5/blob/omnios/src/brand/pkgcreatezone#L545
>
> "entire" populates the global zone. Whatever is in pkgcreatezone works for ipkg & lipkg zones.
>
> "entire" can support both, and due to IPS's rules (higher version number wins), OpenSSH7.1 beats SunSSH0.151xxx.
>
> Not sure if patching pkgcreatezone is the best option OR if we should inherit-from-global more intelligently in the pkgcreatezone script.
This is fallout from our abuse of entire. The ipkg brand scripts
assume entire is just an incorporation, so they explicitly install a
bunch of basic packages (including ssh). I'd like to see us try to
undo that early mistake (for which I'm partly to blame!) and get back
to having "slim_install" fill the role that we forced "entire" into
back at the beginning, when we didn't fully understand what
distro_const was actually doing.
We (Circonus) can work around this for now, and make it part of our
'014 zone bootstrap process to switch out ssh daemons.
Eric
More information about the OmniOS-discuss
mailing list