-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Paul Gilmartin
Sent: Wednesday, March 12, 2014 4:25 PM
To: [email protected]
Subject: SMP/E updates of HFS (was: Handing /etc and /var filesystems)
(snip)
SMP/E has long had a method for accommodating updates to
++SRC and ++MAC elements. It involves RESTOREing ++SRCUPD
or ++MACUPD USERMODs (how does one undo IEBUPDTE? I suppose copy back from the
DLIB); APPLYing the PTF; and re-APPLYing the USERMOD. Something analogous is
needed for ++HFS elements, a ++HFSUPD in USERMODs using patch(1) instead of
IEBUPDTE.
I find it extraordinary, uniquely bizarre, that z/OS UNIX System Services
installs without a usable /etc/magic or /etc/services. Even a ++USERMOD
entirely replacing a
++HFS element would provide the needed protection.
-- gil
I agree with you that it would be nice if SMPE had a native function for
updating unix filesystems in a more granular fashion. However, they do provide
support for a scripting facility for you to roll-your-own. Several years ago,
someone on this list provided me with a sample script, that I have since
adapted and use for applying a usermod to JAVA in support if EKM(enterprise Key
Manager). Here are some of the interesting bits and pieces of the usermod.
The script gets executed on an apply, after the code has been copied in, and on
a restore will execute the script again to do what you want(like delete your
updates, and restore the original parts). I am willing to share the script
too, just too long to put into this email.
++ USERMOD (MCKL001) /*
IBM Security Key Lifecycle Manager for JAVA 7.1 (31-Bit) platform */.
++ VER (Z038)
FMID(HJVA710)
/*
USERMOD DESCRIPTION(S):
MCKL001 -
.
.
.
++ HFS (MCKL001J) /* $java_home/lib/security/java.security.sklm */
DISTLIB (AAJVHFS)
SYSLIB (SAJV17K)
PARM (PATHMODE(0,6,4,4))
LINK ('../lib/security/java.security.sklm')
SHSCRIPT (MCKL001S,POST)
TEXT .
$$ GIMDTS FORMAT
$$ VB _; `e
é é #
======================================================================
===== # Licensed Materials - Property of IBM # "Restricted
Materia
ls of IBM" # # IBM SDK, Java(tm) Technology Edition, v7 #
(C)
Copyright IBM Corp. 2004, 2010. All Rights Reserved # ( ( # US Governm
.
.
.
++ SHELLSCR (MCKL001S) /* $java_home/MCKL001s */
DISTLIB (AAJVHFS)
SYSLIB (SAJV17K)
PARM (PATHMODE(0,7,5,5))
TEXT .
$$ GIMDTS FORMAT
$$ VB _; `
å å # This script will either create or delete the backup copies of the < <
# security policy jar files when the JCE Unlimited Strength Jurisdiction å å
# Policy jar files are installed/removed from the J6.0/lib/security à à # di
rectory. The script uses the following environment variables # for input:
# # SMP_Directory - directory in which the file resides # SMP_
File - name of the HFS file à à # SMP_Phase - indicates whether the shell scr
.
.
.
++ PROC (JVMPRC71) DISTLIB(APROCLIB) SYSLIB(PROCLIB) TXLIB(APROCLIB).
Comments from the script:
# This script will either create or delete the backup copies of the
# security policy jar files when the JCE Unlimited Strength Jurisdiction
# Policy jar files are installed/removed from the J7.1/lib/security
# directory. The script uses the following environment variables
# for input:
#
# SMP_Directory - directory in which the file resides
# SMP_File - name of the HFS file
# SMP_Phase - indicates whether the shell script is being called
# before or after SMP/E has processed the file
# SMP_Action - the action that SMP/E is performing: COPY or DELETE
#
This e-mail transmission contains information that is confidential and may be
privileged. It is intended only for the addressee(s) named above. If you
receive this e-mail in error, please do not read, copy or disseminate it in any
manner. If you are not the intended recipient, any disclosure, copying,
distribution or use of the contents of this information is prohibited. Please
reply to the message immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
