Wednesday Feb 20, 2013

Generating a crypt_sha256 hash from the CLI

When doing a completely hands off Solaris installation the System Configuration profile needs to contain the hash for the root password, and the optional inital non root user.

Unfortunately Solaris doesn't currently provide a simple to use command for generating these hashes, but with a very simple bit of Python you can easily create them:


import crypt, getpass, os, binascii

if __name__ == "__main__":
    cleartext = getpass.getpass()
    salt = '$5$' + binascii.b2a_base64(os.urandom(8)).rstrip() + '$'

    print crypt.crypt(cleartext, salt)


Tuesday Dec 20, 2011

How low can we go ? (Minimised install of Solaris 11)

I wondered how little we can actually install as a starting point for building a minimised system. The new IPS package system makes this much easier and makes it work in a supportable way without all the pit falls of patches and packages we had previously.

For Solaris 11 I believe the currently smallest configuration we recommend is the solaris-small-server group package.

Note the following is not intended to imply this is a supported configuration and is illustrative only of a short amount of investigative work.

First lets look at a zone (it is easier since there are no driver issues to deal with): I discovered it is possible to get a 'working' zone by choosing a single package to install in the zone AI manifest and that package is: pkg:/package/pkg

That resulted in 175M being reported as being transferred by pkg. Which results in 255M on disk of which about 55M is /var/pkg. I had 140 'real' packages (ie excluding the incorporations). We have 71 online SMF services (nothing in maintenance) with 96 known SMF services. Around 23 processes are running (excluding the ps I used to check this and the shell I was logged in on).

I have discovered some potential packaging that could result in this being a little bit smaller but not much unless a break up of pkg:/system/core-os was done.

Now onto the bare metal install case. This was a little harder and I've not gotten it to where I wanted yet.

Ignoring drivers the only thing I needed on an x86 system was: pkg:/package/pkg and pkg:/system/boot/grub

Which is good and not really different from the zones case. However that won't produce a bootable system - even though it produces one that will install!

To get it to boot I took the list of all the network and storage drivers from the solaris-small-server group package.  I removed all the wlan drivers and also any drivers I knew to be SPARC only.   My list of packages in the AI manifest had 113 driver packages in it. That got me a bootable system, though not one minimized with respect to drivers.

We have a few more processes in the global zone (again ignoring the ps and my shell) this time I counted 32.  This came from 89 online services. Again ignoring the incorporation packages  I had 161 packages installed of which 73 were in the pkg:/driver namespace.

The disk space footprint is much bigger at total of 730M - but remember I've likely installed drivers that I might not need. This time /var/pkg is 174M of that.

Monday Jan 10, 2011

Partial Response to "TechRadar: 20 things we'd change about installing software in Linux" with Solaris IPS [aka pkg(5) ]

TechRadar has an article today about "20 things we'd change about installing software in Linux" most of which is general good advice.  I found a few of the points very interesting considering how Solaris 11 Express is packaged using the Image Packaging System  (IPS); which was also used for OpenSolaris releases).

I've not commented on any of "the 20 things" that are to do with installing from source or packaging of source or filesystem layout since I don't believe they have anything to do with the packaging system, also IPS is by design a packaging system not a build and packaging system (like RPM).

"4. Easier adding of repositories"

We have that already with IPS in the form of .p5i files (see below).

"11. Get rid of -dev package hell"

The facet system in IPS packaging will help with this, if you are intending to build things from source you would set the appropriate facet and you would automatically get all the "developer" parts of packages.

"16. Link to package manager from web pages"

The .p5i file format allows for that for example "this link" points to the .p5i file in the Oracle Solaris 11 Express repository that will install the web/proxy/privoxy package.  If I click on that link on a Solaris system it will automatically start up the package manager to allow installation.  The .p5i file contains all the information necessary to add the appropriate repository (including any known mirrors and required certificates for SSL transport and any certificate information required for the package signing).  The .p5i files and links are automatically created when packages are published into a repository.

"20. Clean up old dependencies"

When uninstalling packages just specify the -r argument to "pkg uninstall" and it will recursively remove any packages 'require' dependencies on the initial package.  So that should catch many (but many be not all of these dependencies - since optional dependencies aren't removed by pkg uninstall -r).


Darren Moffat-Oracle


« July 2016