On Sat, Jul 18, 2009 at 7:46 PM, Valerie Bubb Fenwick<Valerie.Fenwick at sun.com> wrote: > Hi Everyone - > > My integration yesterday for: > 6852240 libelfsign should use pkcs11_softtoken instead of OpenSSL for > FIPS-140 integrity checking > 6851814 tools elfsign is unnecessarily linked against pkcs11_softtoken > > constitutes a flag day for all developers, particularly external developers. > You need to make sure you have the closed binary tarball that corresponds > with these bits, or you will get an infinite loop in cryptosvcs that will > look something like this: > > Jul 18 15:11:05 moritz svc.startd[7]: [ID 122153 daemon.warning] > svc:/system/cryptosvc:default: Method or service exit timed out. ?Killing > contract 15. > Jul 18 15:11:05 moritz kcf: [ID 949968 kern.warning] WARNING: Module > verification door upcall failed for /kernel/crypto/amd64/arcfour. errno = 4 > Jul 18 15:11:05 moritz svc.startd[7]: [ID 636263 daemon.warning] > svc:/system/cryptosvc:default: Method "/sbin/cryptoadm start" failed due to > signal KILL > > Unfortunately, it doesn't seem like the closed-bins tar ball has been > updated > since May 19, so right now these bits will be toxic for external developers, > though there have been many other changes to the closed bins since that > date, > so I am surprised this is the first issue coming up. >
Actually the latest closed-bins for numbered build is b118 [1] and for the midway update is for July 6 [2], which explains why there is no so much unrest. But still, things slowed down recently and updates are not posted as timely as they used to be. [1] http://dlc.sun.com/osol/on/downloads/b118/ [2] http://dlc.sun.com/osol/on/downloads/20090706/ -- Regards, Cyril
