David, would you send me your usermod for handling Java security files. I've been wanting this for years! You should offer this to IBM so they can give it to customers. How many times has Java PTF regressed these files?
Brilliant and thank you! Ken Smith mailto://[email protected] <[email protected]> State of Maryland On Thu, Mar 13, 2014 at 7:29 AM, Jousma, David <[email protected]> wrote: > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Paul Gilmartin > Sent: Wednesday, March 12, 2014 4:25 PM > To: [email protected] > Subject: SMP/E updates of HFS (was: Handing /etc and /var filesystems) > > (snip) > > SMP/E has long had a method for accommodating updates to > ++SRC and ++MAC elements. It involves RESTOREing ++SRCUPD > or ++MACUPD USERMODs (how does one undo IEBUPDTE? I suppose copy back > from the DLIB); APPLYing the PTF; and re-APPLYing the USERMOD. Something > analogous is needed for ++HFS elements, a ++HFSUPD in USERMODs using > patch(1) instead of IEBUPDTE. > > I find it extraordinary, uniquely bizarre, that z/OS UNIX System Services > installs without a usable /etc/magic or /etc/services. Even a ++USERMOD > entirely replacing a > ++HFS element would provide the needed protection. > > -- gil > > I agree with you that it would be nice if SMPE had a native function for > updating unix filesystems in a more granular fashion. However, they do > provide support for a scripting facility for you to roll-your-own. Several > years ago, someone on this list provided me with a sample script, that I > have since adapted and use for applying a usermod to JAVA in support if > EKM(enterprise Key Manager). Here are some of the interesting bits and > pieces of the usermod. The script gets executed on an apply, after the > code has been copied in, and on a restore will execute the script again to > do what you want(like delete your updates, and restore the original parts). > I am willing to share the script too, just too long to put into this email. > > ++ USERMOD (MCKL001) /* > IBM Security Key Lifecycle Manager for JAVA 7.1 (31-Bit) platform */. > ++ VER (Z038) > FMID(HJVA710) > /* > USERMOD DESCRIPTION(S): > MCKL001 - > . > . > . > ++ HFS (MCKL001J) /* $java_home/lib/security/java.security.sklm */ > DISTLIB (AAJVHFS) > SYSLIB (SAJV17K) > PARM (PATHMODE(0,6,4,4)) > LINK ('../lib/security/java.security.sklm') > SHSCRIPT (MCKL001S,POST) > TEXT . > $$ GIMDTS FORMAT > $$ VB _; `e > é é # > ====================================================================== > ===== # Licensed Materials - Property of IBM # "Restricted > Materia > ls of IBM" # # IBM SDK, Java(tm) Technology Edition, v7 > # (C) > Copyright IBM Corp. 2004, 2010. All Rights Reserved # ( ( # US > Governm > . > . > . > ++ SHELLSCR (MCKL001S) /* $java_home/MCKL001s */ > DISTLIB (AAJVHFS) > SYSLIB (SAJV17K) > PARM (PATHMODE(0,7,5,5)) > TEXT . > $$ GIMDTS FORMAT > $$ VB _; ` > å å # This script will either create or delete the backup copies of > the < < > # security policy jar files when the JCE Unlimited Strength > Jurisdiction å å > # Policy jar files are installed/removed from the J6.0/lib/security à à > # di > rectory. The script uses the following environment variables # for > input: > # # SMP_Directory - directory in which the file resides > # SMP_ > File - name of the HFS file à à # SMP_Phase - indicates whether the > shell scr > . > . > . > ++ PROC (JVMPRC71) DISTLIB(APROCLIB) SYSLIB(PROCLIB) TXLIB(APROCLIB). > > > Comments from the script: > > # This script will either create or delete the backup copies of the > # security policy jar files when the JCE Unlimited Strength Jurisdiction > # Policy jar files are installed/removed from the J7.1/lib/security > # directory. The script uses the following environment variables > # for input: > # > # SMP_Directory - directory in which the file resides > # SMP_File - name of the HFS file > # SMP_Phase - indicates whether the shell script is being called > # before or after SMP/E has processed the file > # SMP_Action - the action that SMP/E is performing: COPY or DELETE > # > > This e-mail transmission contains information that is confidential and may > be privileged. It is intended only for the addressee(s) named above. If > you receive this e-mail in error, please do not read, copy or disseminate > it in any manner. If you are not the intended recipient, any disclosure, > copying, distribution or use of the contents of this information is > prohibited. Please reply to the message immediately by informing the sender > that the message was misdirected. After replying, please erase it from your > computer system. Your assistance in correcting this error is appreciated. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
