OpenSolaris

1. Community: OS/Net (ON)
   1. Blogs
   2. Development Process
   3. Developer's Reference
      1. Introduction
      2. Prerequisites
      3. The Source Tree, part 1
      4. The Source Tree, part 2
      5. Building OpenSolaris
      6. Installing and Testing OpenSolaris
      7. Integration Procedure
      8. Best Practices and Requirements
      9. Glossary
   4. Discussions
   5. Installation (from source) Quickstart
      1. Annotated nightly(1) Mail Example
   6. Currently Known Issues
   7. CRT
      1. Advocates & Sponsors
      2. Becoming a CRT Advocate
      3. Charter
      4. RTI nits to avoid
      5. Sponsor Tasks
      6. Becoming a Sponsor
   8. Schedule
   9. ONNV Flag Days, Heads Ups, and Project Integration History
      1. All
      2. Builds 91-95
      3. Builds 86-90
      4. Builds 81-85
      5. Builds 76-80
      6. Builds 71-75
      7. Builds 66-70
      8. Builds 61-65
      9. Builds 56-60
      10. Builds 51-55
      11. Builds 46-50
      12. Builds 41-45
      13. Builds 36-40
      14. Builds 31-35
      15. Builds 26-30
      16. Builds 21-25
   10. Leaders
   11. Observers
   12. Putback Logs
   13. Developing Solaris
       1. Quality Death Spiral
   14. wx
   15. findunref and unreferenced files
   16. Bourne/Korn Shell Coding Conventions

Flag Day: IPsec and Huron based machines (fwd)

Date: Wed, 29 Nov 2006 16:58:10 -0800 (PST)
From: Valerie Anne Bubb <Valerie.Bubb at Sun dot COM>
To: onnv-gate at onnv dot eng dot sun dot com
Subject: Flag Day: IPsec and Huron based machines (fwd)

Gatelings & Build machine maintainers -

If you do not plan on using IPsec on Huron based machines,
you may disregard this message.

Action required if you want a functioning activation file for IPsec:
* build using the -t option or
* upgrade the build macine to snv_53 or higher.

The Huron project integration on 22 November 2006 represents the
first use of the functionality introduced by

  PSARC 2003/627 Retail/nonretail status for Solaris Cryptographic Framework.

by anything in the ON gate (previous uses were all for unbundled
products on top of S10).

This functionality did not work in Nevada, due to:

  6489058 elfsign generates bogus activation files

Which was introduced in snv_17 and I fixed in snv_53.

If you do not perform one of the above workarounds, you
will find that IPsec is not being accelerated by the hardware
and if you try to verify the module manually, you will get
an error like:

ryoga-54% elfsign verify -e ./dprov
elfsign: Unable to verify .esa contents
elfsign: verification of ./dprov passed, but restricted.

Valerie
-- 
Valerie Bubb, http://blogs.sun.com/bubbva
Solaris Security Technologies,  Developer, Sun Microsystems, Inc.
17 Network Circle, Menlo Park, CA, 94025. 650-786-0461