Creating Finish Scripts

What Is a Finish Script

A finish script is a user-defined Bourne shell script, specified within the rules file, that performs tasks after the Solaris software is installed on the system, but before the system reboots. Finish scripts can be used only with custom JumpStart installations.

Important Information About Finish Scripts

The following information is important to know about finish scripts:

• The Solaris installation program mounts the system's file systems onto /a. The file systems remain mounted on /a until the system reboots. Therefore, you can use the finish script to add, change, or remove files from the newly installed file system hierarchy by modifying the file systems respective to /a.

• Output from the finish script goes to /var/sadm/finish.log.

• Finish scripts should be owned by root and have permissions equal to 644.

Ideas for Finish Scripts

You could set up finish scripts to perform the following tasks:

• Adding files

• Adding packages or patches

• Customizing the root environment

• Setting the system's root password

This section provides finish script examples for all of these tasks.

Adding Files With a Finish Script

Through a finish script, you can add files from the JumpStart directory to the already installed system. This is possible because the JumpStart directory is mounted on the directory specified by the SI_CONFIG_DIR variable (which is set to /tmp/install_config by default).

You can also replace files by copying files from the JumpStart directory to already existing files on the installed system.

The following procedure enables you to create a finish script to add files to a system after the Solaris software is installed on it:

How to Add Files With a Finish Script

1. Copy all the files you want added to the installed system into the JumpStart directory.

2. Insert the following line into the finish script for each file you want copied into the newly installed file system hierarchy.

   cp ${SI_CONFIG_DIR}/file_name /a/path_name

For example, assume you have a special application, site_prog, developed for all users at your site. If you place a copy of site_prog into the JumpStart directory, the following line in a finish script would copy the site_prog from the JumpStart directory into a system's /usr/bin directory during a custom JumpStart installation:

cp ${SI_CONFIG_DIR}/site_prog  /a/usr/bin

Adding Packages and Patches

You can create a finish script to automatically add packages and patches after Solaris is installed on a system. This will not only save you time, but it can ensure consistency on what packages and patches are installed on various systems at your site. When using the pkgadd(1M) or patchadd(1M) commands in your finish scripts, you should use the -R option to specify /a as the root path.

Example 9-1 provides an example finish script to add packages.

Example 9-1 Adding Packages With a Finish Script

	#!/bin/sh
 
  BASE=/a
  MNT=/a/mnt
  ADMIN_FILE=/a/tmp/admin
 
  mkdir ${MNT}
 [Mounts a directory on a server that contains the package
to install.]  mount -f nfs sherlock:/export/package ${MNT}
 [Creates a temporary package administration file, patchadd(1M), to force the pkgadd(1M) command
not to perform checks (and prompt for questions) when installing a package.
This enables you to maintain a hand-off installation when you are adding packages.]  cat >${ADMIN_FILE} <<DONT_ASK
  mail=root
  instance=overwrite
  partial=nocheck
  runlevel=nocheck
  idepend=nocheck
  rdepend=nocheck
  space=ask
  setuid=nocheck
  conflict=nocheck
  action=nocheck
  basedir=default
  DONT_ASK
 
 [Adds the package by using the -a option
(specifying
the package administration file) and the -R option
(specifying the root path).]  /usr/sbin/pkgadd -a ${ADMIN_FILE} -d ${MNT} -R ${BASE} SUNWxyz
 
  umount ${MNT}
  rmdir ${MNT}

In the past, the chroot(1M) command was used with the pkgadd and patchadd commands in the finish script environment. Although this is not recommended, there may be some packages or patches that will not work with the -R option. In those instances, you must create a fake /etc/mnttab file in the /a root path before using the chroot command. The easiest way to do this is to add the following line to your finish script.

cp /etc/mnttab /a/etc/mnttab

Customizing the Root Environment With a Finish Script

Through a finish script, you can customize files already installed on the system. For example, the finish script in Example 9-2 customizes the root environment by appending information to the .cshrc file in the root directory.

Example 9-2 Customizing the Root Environment With a Finish Script

#!/bin/sh
#
# Customize root's environment
#
echo "***adding customizations in /.cshrc"
test -f a/.cshrc || {
cat >> a/.cshrc <<EOF
set history=100 savehist=200 filec ignoreeof prompt="\$user@`uname -n`> "
alias cp cp -i
alias mv mv -i
alias rm rm -i
alias ls ls -FC
alias h history
alias c clear
unset autologout
EOF
}

Setting the System's Root Password With a Finish Script

After Solaris software is installed on a system, the system reboots. Before the boot process is completed, the system prompts for the root password. This means that until someone enters a password, the system cannot finish booting.

The auto_install_sample directory provides a finish script called set_root_pw that sets the root password for you, which is shown in Example 9-3. This allows the initial reboot of the system to be completed without prompting for a root password.

Example 9-3 Setting the System's Root Password With a Finish Script

	 #!/bin/sh
	 #
	 #       @(#)set_root_pw 1.4 93/12/23 SMI
	 #
	 # This is an example bourne shell script to be run after installation.
	 # It sets the system's root password to the entry defined in PASSWD.
	 # The encrypted password is obtained from an existing root password entry
	 # in /etc/shadow from an installed machine.
 
	 echo "setting password for root"
 
	 # set the root password
 [Sets the variable PASSWD to an encrypted
root password obtained from an existing entry in a system's /etc/shadow file.]  PASSWD=dKO5IBkSF42lw
	 #create a temporary input file
 [Creates a temporary input file of /a/etc/shadow.]  cp /a/etc/shadow /a/etc/shadow.orig
 
	 mv /a/etc/shadow /a/etc/shadow.orig
 	nawk -F: '{
 [Changes the root entry in the /etc/shadow
file for the newly installed system using $PASSWD as the
password field.]           if ( $1 == "root" )
           printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,passwd,$3,$4,$5,$6,$7,$8,$9
      else
		        printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,$2,$3,$4,$5,$6,$7,$8,$9
      }' passwd="$PASSWD" /a/etc/shadow.orig > /a/etc/shadow
 [Removes the temporary /a/etc/shadow
file.]  #remove the temporary file
  rm -f /a/etc/shadow.orig
 [Changes the entry from 0 to a 1
in the state file, so that the user will not be prompted for the root password.
The state file is accessed using the variable SI_SYS_STATE,
whose value currently is /a/etc/.sysIDtool.state. (To
avoid problems with your scripts if this value changes, always reference this
file using $SI_SYS_STATE.) The sed command
shown here contains a tab character after the 0 and
after the 1.]  # set the flag so sysidroot won't prompt for the root password
  sed -e 's/0 # root/1 # root/' ${SI_SYS_STATE} > /tmp/state.$$
  mv /tmp/state.$$ ${SI_SYS_STATE}

If you set your root password by using a finish script, be sure to safeguard against those who will try to discover the root password from the encrypted password in the finish script.