Oracle Solaris FOSS – Go no longer described as EVALUATION

A lot of FOSS components received an update.
According to changes in the pkg description the golang package is no longer considered “EVALUATION”.

Solaris 11.3 SRU 29:

root@bama:~# pkg info -r golang
             Name: developer/golang
          Summary: The Google Go programming language
      Description: (EVALUATION) Google Go is an open source programming language
                   that makes it easy to build simple, reliable, and efficient
                   software.
         Category: Development/Other Languages
            State: Not installed
        Publisher: solaris
          Version: 1.7
    Build Release: 5.12
           Branch: 5.12.0.0.0.122.0
   Packaging Date: May 10, 2017 06:45:14 PM
             Size: 5.46 kB
             FMRI: pkg://solaris/developer/golang@1.7,5.12-5.12.0.0.0.122.0:20170510T184514Z

Solaris 11.4 beta:

root@crimson:~# pkg info -r golang
Failed to set locale: unsupported locale setting.  Falling back to C.
pkg: Unable to set locale; locale package may be broken or
not installed.  Reverting to C locale.
          Name: developer/golang
       Summary: The Google Go programming language
   Description: Google Go is an open source programming language that makes it
                easy to build simple, reliable, and efficient software.
      Category: Development/Other Languages
         State: Not installed
     Publisher: solaris
       Version: 1.7
        Branch: 11.4.0.0.0.12.0
Packaging Date: Wed Jan 03 02:36:13 2018
          Size: 2.52 kB
          FMRI: pkg://solaris/developer/golang@1.7-11.4.0.0.0.12.0:20180103T023613Z
   Project URL: https://golang.org
    Source URL: https://storage.googleapis.com/golang/go1.7.src.tar.gz

What this means is you can just go ahead and install it without any “surprises” like with Solaris 11.3 FOSS Evaluation Packages. In other words: supported versions.

Solaris 11.3 SRU 29:

root@bama:~# pkg install golang
Creating Plan (Solver setup): -
pkg install: No matching version of developer/golang can be installed:
  Reject:  pkg://solaris/developer/golang@1.5-5.12.0.0.0.95.0
             to
           pkg://solaris/developer/golang@1.7-5.12.0.0.0.122.0
  Reason:  No version for 'require' dependency on release/evaluation can be found

Solaris 11.4 beta:

root@crimson:~# pkg install golang
           Packages to install: 18
           Mediators to change:  1
       Create boot environment: No
Create backup boot environment: No

DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                              18/18     8942/8942  136.0/136.0 75.2k/s

PHASE                                          ITEMS
Installing new actions                     9253/9253
Updating package state database                 Done
Updating package cache                           0/0
Updating image state                            Done
Creating fast lookup database                   Done
Updating package cache                           1/1

A full list of Solaris 11.3 FOSS Evaluation Packages and their status in Oracle Solaris 11.4 beta can be found here.

Evolution of Solaris 11.3 FOSS Evaluation Packages in Solaris 11.4 beta

In case you have never heard of Solaris FOSS and how to handle these, FOSS stands for free and open source software. In Solaris 11.3 the customer is also provided with evaluation copies of FOSS packages to get a head start of new or updated versions until the supported release version is out.

Here you can see a list of all the latest Oracle Solaris 11.3 SRU 29 IPS packages.

developer/build/scons                             2.5.1-5.12.0.0.0.122.0     ---
developer/build/scons-27                          2.5.1-5.12.0.0.0.122.0     ---
developer/documentation-tool/asciidoc             8.6.9-5.12.0.0.0.122.0     ---
developer/documentation-tool/itstool              2.0.2-5.12.0.0.0.122.0     ---
developer/golang                                  1.7-5.12.0.0.0.122.0       ---
developer/golang-15                               1.5-5.12.0.0.0.122.0       ---
developer/golang-17                               1.7-5.12.0.0.0.122.0       ---
developer/parser/re2c                             0.16-5.12.0.0.0.122.0      ---
developer/python/pylint-34                        1.6.4-5.12.0.0.0.122.0     ---
developer/python/pylint-35                        1.6.4-5.12.0.0.0.122.0     ---
developer/versioning/mercurial/hg-git             0.8.5-5.12.0.0.0.122.0     ---
developer/versioning/mercurial/hg-git-27          0.8.5-5.12.0.0.0.122.0     ---
library/audio/taglib                              1.9.1-5.12.0.0.0.122.0     ---
library/cloog                                     0.18.4-5.12.0.0.0.122.0    ---
library/desktop/orc                               0.4.23-5.12.0.0.0.122.0    ---
library/exempi                                    2.2.2-5.12.0.0.0.122.0     ---
library/isl                                       0.18-5.12.0.0.0.122.0      ---
library/javascript/d3                             4.4.4-5.12.0.0.0.122.0     ---
library/javascript/jjv                            1.0.2-5.12.0.0.0.122.0     ---
library/javascript/qunit                          1.23.1-5.12.0.0.0.122.0    ---
library/javascript/raphael                        2.2.7-5.12.0.0.0.122.0     ---
library/lcms2                                     2.7-5.12.0.0.0.122.0       ---
library/libgenders                                1.22-5.12.0.0.0.122.0      ---
library/libmozjs-24                               24.2.0-5.12.0.0.0.122.0    ---
library/liboauth                                  1.0.3-5.12.0.0.0.122.0     ---
library/libserf                                   1.3.8-5.12.0.0.0.122.0     ---
library/nghttp2                                   1.16.1-5.12.0.0.0.122.0    ---
library/oniguruma                                 6.1.1-5.12.0.0.0.122.0     ---
library/perl-5/dbd-sqlite                         1.50-5.12.0.0.0.122.0      ---
library/perl-5/dbd-sqlite-522                     1.50-5.12.0.0.0.122.0      ---
library/perl-5/gettext                            1.0.7-5.12.0.0.0.122.0     ---
library/perl-5/gettext-522                        1.0.7-5.12.0.0.0.122.0     ---
library/perl-5/perl-tk                            804.33-5.12.0.0.0.122.0    ---
library/perl-5/perl-tk-522                        804.33-5.12.0.0.0.122.0    ---
library/python/aioeventlet-35                     0.5.1-5.12.0.0.0.122.0     ---
library/python/alembic-35                         0.8.4-5.12.0.0.0.122.0     ---
library/python/amqp-35                            1.4.9-5.12.0.0.0.122.0     ---
library/python/anyjson-35                         0.3.3-5.12.0.0.0.122.0     ---
library/python/appdirs                            1.4.0-5.12.0.0.0.122.0     ---
library/python/appdirs-27                         1.4.0-5.12.0.0.0.122.0     ---
library/python/appdirs-34                         1.4.0-5.12.0.0.0.122.0     ---
library/python/appdirs-35                         1.4.0-5.12.0.0.0.122.0     ---
library/python/astroid                            1.4.8-5.12.0.0.0.122.0     ---
library/python/astroid-27                         1.4.8-5.12.0.0.0.122.0     ---
library/python/astroid-34                         1.4.8-5.12.0.0.0.122.0     ---
library/python/astroid-35                         1.4.8-5.12.0.0.0.122.0     ---
library/python/automaton                          1.2.0-5.12.0.0.0.122.0     ---
library/python/automaton-27                       1.2.0-5.12.0.0.0.122.0     ---
library/python/automaton-34                       1.2.0-5.12.0.0.0.122.0     ---
library/python/automaton-35                       1.2.0-5.12.0.0.0.122.0     ---
library/python/babel-35                           2.3.4-5.12.0.0.0.122.0     ---
library/python/beautifulsoup4-35                  4.2.1-5.12.0.0.0.122.0     ---
library/python/cachetools                         1.1.5-5.12.0.0.0.122.0     ---
library/python/cachetools-27                      1.1.5-5.12.0.0.0.122.0     ---
library/python/cachetools-34                      1.1.5-5.12.0.0.0.122.0     ---
library/python/cachetools-35                      1.1.5-5.12.0.0.0.122.0     ---
library/python/castellan                          0.4.0-5.12.0.0.0.122.0     ---
library/python/castellan-27                       0.4.0-5.12.0.0.0.122.0     ---
library/python/cffi-35                            1.5.2-5.12.0.0.0.122.0     ---
library/python/cherrypy-35                        5.1.0-5.12.0.0.0.122.0     ---
library/python/cinderclient-35                    1.6.0-5.12.0.0.0.122.0     ---
library/python/cliff-35                           2.0.0-5.12.0.0.0.122.0     ---
library/python/cmd2-35                            0.6.8-5.12.0.0.0.122.0     ---
library/python/congressclient                     1.2.3-5.12.0.0.0.122.0     ---
library/python/congressclient-27                  1.2.3-5.12.0.0.0.122.0     ---
library/python/contextlib2                        0.5.1-5.12.0.0.0.122.0     ---
library/python/contextlib2-27                     0.5.1-5.12.0.0.0.122.0     ---
library/python/cov-core-34                        1.15.0-5.12.0.0.0.122.0    ---
library/python/cov-core-35                        1.15.0-5.12.0.0.0.122.0    ---
library/python/coverage-34                        4.0.3-5.12.0.0.0.122.0     ---
library/python/coverage-35                        4.0.3-5.12.0.0.0.122.0     ---
library/python/cryptography-35                    1.6-5.12.0.0.0.122.0       ---
library/python/cx_oracle-35                       5.2.1-5.12.0.0.0.122.0     ---
library/python/d2to1-35                           0.2.12-5.12.0.0.0.122.0    ---
library/python/debtcollector                      1.3.0-5.12.0.0.0.122.0     ---
library/python/debtcollector-27                   1.3.0-5.12.0.0.0.122.0     ---
library/python/debtcollector-34                   1.3.0-5.12.0.0.0.122.0     ---
library/python/debtcollector-35                   1.3.0-5.12.0.0.0.122.0     ---
library/python/decorator-35                       4.0.10-5.12.0.0.0.122.0    ---
library/python/designateclient                    2.1.0-5.12.0.0.0.122.0     ---
library/python/designateclient-27                 2.1.0-5.12.0.0.0.122.0     ---
library/python/dogpile.cache-35                   0.5.7-5.12.0.0.0.122.0     ---
library/python/dogpile.core-35                    0.4.1-5.12.0.0.0.122.0     ---
library/python/dulwich                            0.16.3-5.12.0.0.0.122.0    ---
library/python/dulwich-27                         0.16.3-5.12.0.0.0.122.0    ---
library/python/dulwich-34                         0.16.3-5.12.0.0.0.122.0    ---
library/python/dulwich-35                         0.16.3-5.12.0.0.0.122.0    ---
library/python/eventlet-35                        0.18.4-5.12.0.0.0.122.0    ---
library/python/extras-35                          0.0.3-5.12.0.0.0.122.0     ---
library/python/fasteners                          0.14.1-5.12.0.0.0.122.0    ---
library/python/fasteners-27                       0.14.1-5.12.0.0.0.122.0    ---
library/python/fasteners-34                       0.14.1-5.12.0.0.0.122.0    ---
library/python/fasteners-35                       0.14.1-5.12.0.0.0.122.0    ---
library/python/filechunkio-35                     1.6-5.12.0.0.0.122.0       ---
library/python/fixtures-34                        1.4.0-5.12.0.0.0.122.0     ---
library/python/fixtures-35                        1.4.0-5.12.0.0.0.122.0     ---
library/python/formencode-34                      1.3.0-5.12.0.0.0.122.0     ---
library/python/formencode-35                      1.3.0-5.12.0.0.0.122.0     ---
library/python/funcsigs                           0.4-5.12.0.0.0.122.0       ---
library/python/funcsigs-27                        0.4-5.12.0.0.0.122.0       ---
library/python/futurist                           0.13.0-5.12.0.0.0.122.0    ---
library/python/futurist-27                        0.13.0-5.12.0.0.0.122.0    ---
library/python/futurist-34                        0.13.0-5.12.0.0.0.122.0    ---
library/python/futurist-35                        0.13.0-5.12.0.0.0.122.0    ---
library/python/greenlet-35                        0.4.9-5.12.0.0.0.122.0     ---
library/python/httplib2-34                        0.9.2-5.12.0.0.0.122.0     ---
library/python/httplib2-35                        0.9.2-5.12.0.0.0.122.0     ---
library/python/idna-35                            2.0-5.12.0.0.0.122.0       ---
library/python/ironic-lib                         1.2.0-5.12.0.0.0.122.0     ---
library/python/ironic-lib-27                      1.2.0-5.12.0.0.0.122.0     ---
library/python/iso8601-35                         0.1.11-5.12.0.0.0.122.0    ---
library/python/isort                              4.2.5-5.12.0.0.0.122.0     ---
library/python/isort-27                           4.2.5-5.12.0.0.0.122.0     ---
library/python/isort-34                           4.2.5-5.12.0.0.0.122.0     ---
library/python/isort-35                           4.2.5-5.12.0.0.0.122.0     ---
library/python/jinja2-35                          2.8-5.12.0.0.0.122.0       ---
library/python/jsonpatch-35                       1.13-5.12.0.0.0.122.0      ---
library/python/jsonpointer-35                     1.10-5.12.0.0.0.122.0      ---
library/python/jsonrpclib-34                      0.2.6-5.12.0.0.0.122.0     ---
library/python/jsonschema-35                      2.0.0-5.12.0.0.0.122.0     ---
library/python/keystoneauth1                      2.4.0-5.12.0.0.0.122.0     ---
library/python/keystoneauth1-27                   2.4.0-5.12.0.0.0.122.0     ---
library/python/lesscpy-34                         0.11.1-5.12.0.0.0.122.0    ---
library/python/lesscpy-35                         0.11.1-5.12.0.0.0.122.0    ---
library/python/linecache2-35                      1.0.0-5.12.0.0.0.122.0     ---
library/python/lockfile-35                        0.12.2-5.12.0.0.0.122.0    ---
library/python/logilab-common-34                  1.2.2-5.12.0.0.0.122.0     ---
library/python/logilab-common-35                  1.2.2-5.12.0.0.0.122.0     ---
library/python/logutils-35                        0.3.3-5.12.0.0.0.122.0     ---
library/python/lxml-35                            3.6.4-5.12.0.0.0.122.0     ---
library/python/magnumclient                       2.0.0-5.12.0.0.0.122.0     ---
library/python/magnumclient-27                    2.0.0-5.12.0.0.0.122.0     ---
library/python/mako-35                            1.0.4-5.12.0.0.0.122.0     ---
library/python/manilaclient                       1.8.1-5.12.0.0.0.122.0     ---
library/python/manilaclient-27                    1.8.1-5.12.0.0.0.122.0     ---
library/python/markdown-35                        2.6.6-5.12.0.0.0.122.0     ---
library/python/markupsafe-35                      0.23-5.12.0.0.0.122.0      ---
library/python/mistralclient                      2.0.0-5.12.0.0.0.122.0     ---
library/python/mistralclient-27                   2.0.0-5.12.0.0.0.122.0     ---
library/python/monotonic                          0.6-5.12.0.0.0.122.0       ---
library/python/monotonic-27                       0.6-5.12.0.0.0.122.0       ---
library/python/msgpack-35                         0.4.7-5.12.0.0.0.122.0     ---
library/python/netifaces-35                       0.10.4-5.12.0.0.0.122.0    ---
library/python/neutron-lib                        0.0.3-5.12.0.0.0.122.0     ---
library/python/neutron-lib-27                     0.0.3-5.12.0.0.0.122.0     ---
library/python/nose-35                            1.3.7-5.12.0.0.0.122.0     ---
library/python/nose-cover3-34                     0.1.0-5.12.0.0.0.122.0     ---
library/python/nose-cover3-35                     0.1.0-5.12.0.0.0.122.0     ---
library/python/novaclient-35                      3.3.1-5.12.0.0.0.122.0     ---
library/python/oauthlib-35                        1.0.3-5.12.0.0.0.122.0     ---
library/python/openstacksdk                       0.8.2-5.12.0.0.0.122.0     ---
library/python/openstacksdk-27                    0.8.2-5.12.0.0.0.122.0     ---
library/python/os-brick                           1.2.0-5.12.0.0.0.122.0     ---
library/python/os-brick-27                        1.2.0-5.12.0.0.0.122.0     ---
library/python/os-client-config                   1.16.0-5.12.0.0.0.122.0    ---
library/python/os-client-config-27                1.16.0-5.12.0.0.0.122.0    ---
library/python/oslo.cache                         1.6.0-5.12.0.0.0.122.0     ---
library/python/oslo.cache-27                      1.6.0-5.12.0.0.0.122.0     ---
library/python/oslo.config-35                     3.9.0-5.12.0.0.0.122.0     ---
library/python/oslo.context-35                    2.2.0-5.12.0.0.0.122.0     ---
library/python/oslo.i18n-35                       3.5.0-5.12.0.0.0.122.0     ---
library/python/oslo.middleware-35                 3.8.0-5.12.0.0.0.122.0     ---
library/python/oslo.reports                       1.7.0-5.12.0.0.0.122.0     ---
library/python/oslo.reports-27                    1.7.0-5.12.0.0.0.122.0     ---
library/python/oslo.service                       1.8.0-5.12.0.0.0.122.0     ---
library/python/oslo.service-27                    1.8.0-5.12.0.0.0.122.0     ---
library/python/paramiko-35                        2.0.2-5.12.0.0.0.122.0     ---
library/python/passlib-35                         1.6.5-5.12.0.0.0.122.0     ---
library/python/paste-34                           2.0.3-5.12.0.0.0.122.0     ---
library/python/paste-35                           2.0.3-5.12.0.0.0.122.0     ---
library/python/paste.deploy-34                    1.5.2-5.12.0.0.0.122.0     ---
library/python/paste.deploy-35                    1.5.2-5.12.0.0.0.122.0     ---
library/python/pathlib                            1.0.1-5.12.0.0.0.122.0     ---
library/python/pathlib-27                         1.0.1-5.12.0.0.0.122.0     ---
library/python/pbr-35                             1.8.1-5.12.0.0.0.122.0     ---
library/python/pep8-35                            1.7.0-5.12.0.0.0.122.0     ---
library/python/pika                               0.10.0-5.12.0.0.0.122.0    ---
library/python/pika-27                            0.10.0-5.12.0.0.0.122.0    ---
library/python/pika-34                            0.10.0-5.12.0.0.0.122.0    ---
library/python/pika-35                            0.10.0-5.12.0.0.0.122.0    ---
library/python/pika-pool                          0.1.3-5.12.0.0.0.122.0     ---
library/python/pika-pool-27                       0.1.3-5.12.0.0.0.122.0     ---
library/python/pika-pool-34                       0.1.3-5.12.0.0.0.122.0     ---
library/python/pika-pool-35                       0.1.3-5.12.0.0.0.122.0     ---
library/python/pint-35                            0.7.2-5.12.0.0.0.122.0     ---
library/python/pip-35                             8.1.1-5.12.0.0.0.122.0     ---
library/python/ply-34                             3.8-5.12.0.0.0.122.0       ---
library/python/ply-35                             3.8-5.12.0.0.0.122.0       ---
library/python/positional                         1.0.1-5.12.0.0.0.122.0     ---
library/python/positional-27                      1.0.1-5.12.0.0.0.122.0     ---
library/python/positional-34                      1.0.1-5.12.0.0.0.122.0     ---
library/python/positional-35                      1.0.1-5.12.0.0.0.122.0     ---
library/python/posix_ipc-35                       1.0.0-5.12.0.0.0.122.0     ---
library/python/prettytable-35                     0.7.2-5.12.0.0.0.122.0     ---
library/python/py-35                              1.4.31-5.12.0.0.0.122.0    ---
library/python/pyasn1-35                          0.1.9-5.12.0.0.0.122.0     ---
library/python/pyasn1-modules-35                  0.0.5-5.12.0.0.0.122.0     ---
library/python/pybonjour-35                       1.1.1-5.12.0.0.0.122.0     ---
library/python/pycountry-35                       0.17-5.12.0.0.0.122.0      ---
library/python/pycparser-35                       2.14-5.12.0.0.0.122.0      ---
library/python/pycurl-34                          7.43.0-5.12.0.0.0.122.0    ---
library/python/pycurl-35                          7.43.0-5.12.0.0.0.122.0    ---
library/python/pyflakes-35                        0.8.1-5.12.0.0.0.122.0     ---
library/python/pygments-35                        2.1.3-5.12.0.0.0.122.0     ---
library/python/pymemcache                         1.3.5-5.12.0.0.0.122.0     ---
library/python/pymemcache-27                      1.3.5-5.12.0.0.0.122.0     ---
library/python/pymemcache-34                      1.3.5-5.12.0.0.0.122.0     ---
library/python/pymemcache-35                      1.3.5-5.12.0.0.0.122.0     ---
library/python/pyopenssl-35                       16.2.0-5.12.0.0.0.122.0    ---
library/python/pyparsing-35                       2.1.4-5.12.0.0.0.122.0     ---
library/python/pyrabbit-34                        1.1.0-5.12.0.0.0.122.0     ---
library/python/pyrabbit-35                        1.1.0-5.12.0.0.0.122.0     ---
library/python/pysendfile-35                      2.0.1-5.12.0.0.0.122.0     ---
library/python/pysmi                              0.0.7-5.12.0.0.0.122.0     ---
library/python/pysmi-27                           0.0.7-5.12.0.0.0.122.0     ---
library/python/pysmi-34                           0.0.7-5.12.0.0.0.122.0     ---
library/python/pysmi-35                           0.0.7-5.12.0.0.0.122.0     ---
library/python/pysnmp                             4.3.2-5.12.0.0.0.122.0     ---
library/python/pysnmp-27                          4.3.2-5.12.0.0.0.122.0     ---
library/python/pysnmp-34                          4.3.2-5.12.0.0.0.122.0     ---
library/python/pysnmp-35                          4.3.2-5.12.0.0.0.122.0     ---
library/python/pytest-35                          2.9.1-5.12.0.0.0.122.0     ---
library/python/pytest-capturelog-35               0.7-5.12.0.0.0.122.0       ---
library/python/pytest-codecheckers-35             0.2-5.12.0.0.0.122.0       ---
library/python/python-editor                      1.0-5.12.0.0.0.122.0       ---
library/python/python-editor-27                   1.0-5.12.0.0.0.122.0       ---
library/python/python-editor-34                   1.0-5.12.0.0.0.122.0       ---
library/python/python-editor-35                   1.0-5.12.0.0.0.122.0       ---
library/python/python-memcached-34                1.57-5.12.0.0.0.122.0      ---
library/python/python-memcached-35                1.57-5.12.0.0.0.122.0      ---
library/python/python-mimeparse-35                1.5.2-5.12.0.0.0.122.0     ---
library/python/pytz-35                            2016.4-5.12.0.0.0.122.0    ---
library/python/pyyaml-35                          3.11-5.12.0.0.0.122.0      ---
library/python/rcssmin                            1.0.6-5.12.0.0.0.122.0     ---
library/python/rcssmin-27                         1.0.6-5.12.0.0.0.122.0     ---
library/python/rcssmin-34                         1.0.6-5.12.0.0.0.122.0     ---
library/python/rcssmin-35                         1.0.6-5.12.0.0.0.122.0     ---
library/python/repoze.lru-35                      0.6-5.12.0.0.0.122.0       ---
library/python/requests-35                        2.9.1-5.12.0.0.0.122.0     ---
library/python/requestsexceptions                 1.1.3-5.12.0.0.0.122.0     ---
library/python/requestsexceptions-27              1.1.3-5.12.0.0.0.122.0     ---
library/python/requestsexceptions-34              1.1.3-5.12.0.0.0.122.0     ---
library/python/requestsexceptions-35              1.1.3-5.12.0.0.0.122.0     ---
library/python/retrying-35                        1.3.3-5.12.0.0.0.122.0     ---
library/python/rjsmin                             1.0.12-5.12.0.0.0.122.0    ---
library/python/rjsmin-27                          1.0.12-5.12.0.0.0.122.0    ---
library/python/rjsmin-34                          1.0.12-5.12.0.0.0.122.0    ---
library/python/rjsmin-35                          1.0.12-5.12.0.0.0.122.0    ---
library/python/routes-35                          2.3.1-5.12.0.0.0.122.0     ---
library/python/scp-35                             0.10.2-5.12.0.0.0.122.0    ---
library/python/semantic-version-35                2.5.0-5.12.0.0.0.122.0     ---
library/python/senlinclient                       0.4.1-5.12.0.0.0.122.0     ---
library/python/senlinclient-27                    0.4.1-5.12.0.0.0.122.0     ---
library/python/setuptools-git-35                  1.1-5.12.0.0.0.122.0       ---
library/python/simplegeneric-35                   0.8.1-5.12.0.0.0.122.0     ---
library/python/simplejson-35                      3.6.5-5.12.0.0.0.122.0     ---
library/python/six-35                             1.10.0-5.12.0.0.0.122.0    ---
library/python/sqlalchemy-35                      1.0.12-5.12.0.0.0.122.0    ---
library/python/sqlparse-35                        0.1.19-5.12.0.0.0.122.0    ---
library/python/stevedore-35                       1.12.0-5.12.0.0.0.122.0    ---
library/python/suds-34                            0.6-5.12.0.0.0.122.0       ---
library/python/suds-35                            0.6-5.12.0.0.0.122.0       ---
library/python/tempita-35                         0.5.1-5.12.0.0.0.122.0     ---
library/python/testresources-35                   1.0.0-5.12.0.0.0.122.0     ---
library/python/testscenarios-35                   0.5.0-5.12.0.0.0.122.0     ---
library/python/testtools-35                       2.0.0-5.12.0.0.0.122.0     ---
library/python/tooz                               1.34.0-5.12.0.0.0.122.0    ---
library/python/tooz-27                            1.34.0-5.12.0.0.0.122.0    ---
library/python/tox-35                             2.3.1-5.12.0.0.0.122.0     ---
library/python/traceback2-35                      1.4.0-5.12.0.0.0.122.0     ---
library/python/trollius-35                        2.1-5.12.0.0.0.122.0       ---
library/python/unicodecsv                         0.14.1-5.12.0.0.0.122.0    ---
library/python/unicodecsv-27                      0.14.1-5.12.0.0.0.122.0    ---
library/python/unicodecsv-34                      0.14.1-5.12.0.0.0.122.0    ---
library/python/unicodecsv-35                      0.14.1-5.12.0.0.0.122.0    ---
library/python/urllib3-35                         1.15.1-5.12.0.0.0.122.0    ---
library/python/virtualenv-35                      15.0.1-5.12.0.0.0.122.0    ---
library/python/waitress-35                        0.9.0-5.12.0.0.0.122.0     ---
library/python/warlock-35                         1.2.0-5.12.0.0.0.122.0     ---
library/python/webob-35                           1.5.1-5.12.0.0.0.122.0     ---
library/python/websockify-35                      0.8.0-5.12.0.0.0.122.0     ---
library/python/wrapt                              1.10.6-5.12.0.0.0.122.0    ---
library/python/wrapt-27                           1.10.6-5.12.0.0.0.122.0    ---
library/python/wrapt-34                           1.10.6-5.12.0.0.0.122.0    ---
library/python/wrapt-35                           1.10.6-5.12.0.0.0.122.0    ---
library/python/zaqarclient                        1.0.0-5.12.0.0.0.122.0     ---
library/python/zaqarclient-27                     1.0.0-5.12.0.0.0.122.0     ---
library/ruby/stomp                                1.3.4-5.12.0.0.0.122.0     ---
system/management/mcollective                     2.8.8-5.12.0.0.0.122.0     ---
web/server/apache-24/module/apache-perl           2.0.9-5.12.0.0.0.122.0     ---

The following is the same list generated in Oracle Solaris 11.4 beta. One difference you can’t directly see here is, that these are no longer considered “EVALUATION” (According to each’s description). What you can see though is that the version of the packages is not that much different from any other non-FOSS package. ;-)

developer/build/scons                             2.5.1-11.4.0.0.0.12.0      ---
developer/build/scons-27                          2.5.1-11.4.0.0.0.12.0      ---
developer/documentation-tool/asciidoc             8.6.9-11.4.0.0.0.12.0      ---
developer/documentation-tool/itstool              2.0.2-11.4.0.0.0.12.0      ---
developer/golang                                  1.7-11.4.0.0.0.12.0        i--
developer/golang-15                               1.5-11.4.0.0.0.12.0        --o
developer/golang-17                               1.7-11.4.0.0.0.12.0        i--
developer/parser/re2c                             0.16-11.4.0.0.0.12.0       ---
developer/python/pylint-34                        1.6.4-11.4.0.0.0.12.0      ---
developer/python/pylint-35                        1.6.4-11.4.0.0.0.12.0      ---
developer/versioning/mercurial/hg-git             0.8.5-11.4.0.0.0.12.0      ---
developer/versioning/mercurial/hg-git-27          0.8.5-11.4.0.0.0.12.0      ---
library/audio/taglib                              1.11.1-11.4.0.0.0.12.0     ---
library/cloog                                     0.18.4-11.4.0.0.0.12.0     ---
library/desktop/orc                               0.4.27-11.4.0.0.0.12.0     ---
library/exempi                                    2.2.2-11.4.0.0.0.12.0      ---
library/isl                                       0.18-11.4.0.0.0.12.0       ---
library/javascript/d3                             4.4.4-11.4.0.0.0.12.0      ---
library/javascript/jjv                            1.0.2-11.4.0.0.0.12.0      i--
library/javascript/qunit                          1.23.1-11.4.0.0.0.12.0     ---
library/javascript/raphael                        2.2.7-11.4.0.0.0.12.0      ---
library/lcms2                                     2.8-11.4.0.0.0.12.0        ---
library/libgenders                                1.22-11.4.0.0.0.12.0       ---
library/libmozjs-24                               24.2.0-11.4.0.0.0.12.0     ---
library/liboauth                                  1.0.3-11.4.0.0.0.12.0      ---
library/libserf                                   1.3.9-11.4.0.0.0.12.0      ---
library/nghttp2                                   1.27.0-11.4.0.0.0.12.0     i--
library/oniguruma                                 6.1.1-11.4.0.0.0.12.0      ---
library/perl-5/dbd-sqlite                         1.50-11.4.0.0.0.12.0       ---
library/perl-5/dbd-sqlite-522                     1.50-11.4.0.0.0.12.0       ---
library/perl-5/gettext                            1.0.7-11.4.0.0.0.12.0      ---
library/perl-5/gettext-522                        1.0.7-11.4.0.0.0.12.0      ---
library/perl-5/perl-tk                            804.33-11.4.0.0.0.12.0     ---
library/perl-5/perl-tk-522                        804.33-11.4.0.0.0.12.0     ---
library/python/aioeventlet-35                     0.5.1-11.4.0.0.0.12.0      ---
library/python/alembic-35                         0.8.4-11.4.0.0.0.12.0      --o
library/python/amqp-35                            1.4.9-11.4.0.0.0.12.0      ---
library/python/anyjson-35                         0.3.3-11.4.0.0.0.12.0      ---
library/python/appdirs                            1.4.0-11.4.0.0.0.12.0      ---
library/python/appdirs-27                         1.4.0-11.4.0.0.0.12.0      ---
library/python/appdirs-34                         1.4.0-11.4.0.0.0.12.0      ---
library/python/appdirs-35                         1.4.0-11.4.0.0.0.12.0      ---
library/python/astroid                            1.4.8-11.4.0.0.0.12.0      ---
library/python/astroid-27                         1.4.8-11.4.0.0.0.12.0      ---
library/python/astroid-34                         1.4.8-11.4.0.0.0.12.0      ---
library/python/astroid-35                         1.4.8-11.4.0.0.0.12.0      ---
library/python/automaton                          1.2.0-11.4.0.0.0.12.0      --o
library/python/automaton-27                       1.2.0-11.4.0.0.0.12.0      --o
library/python/automaton-34                       1.2.0-11.4.0.0.0.12.0      --o
library/python/automaton-35                       1.2.0-11.4.0.0.0.12.0      --o
library/python/babel-35                           2.3.4-11.4.0.0.0.12.0      ---
library/python/beautifulsoup4-35                  4.2.1-11.4.0.0.0.12.0      ---
library/python/cachetools                         1.1.5-11.4.0.0.0.12.0      ---
library/python/cachetools-27                      1.1.5-11.4.0.0.0.12.0      ---
library/python/cachetools-34                      1.1.5-11.4.0.0.0.12.0      ---
library/python/cachetools-35                      1.1.5-11.4.0.0.0.12.0      ---
library/python/castellan                          0.4.0-11.4.0.0.0.12.0      --o
library/python/castellan-27                       0.4.0-11.4.0.0.0.12.0      --o
library/python/cffi-35                            1.5.2-11.4.0.0.0.12.0      ---
library/python/cherrypy-35                        5.1.0-11.4.0.0.0.12.0      ---
library/python/cinderclient-35                    1.6.0-11.4.0.0.0.12.0      --o
library/python/cliff-35                           2.0.0-11.4.0.0.0.12.0      ---
library/python/cmd2-35                            0.6.8-11.4.0.0.0.12.0      ---
library/python/congressclient                     1.2.3-11.4.0.0.0.12.0      --o
library/python/congressclient-27                  1.2.3-11.4.0.0.0.12.0      --o
library/python/contextlib2                        0.5.1-11.4.0.0.0.12.0      ---
library/python/contextlib2-27                     0.5.1-11.4.0.0.0.12.0      ---
library/python/cov-core-34                        1.15.0-11.4.0.0.0.12.0     ---
library/python/cov-core-35                        1.15.0-11.4.0.0.0.12.0     ---
library/python/coverage-34                        4.0.3-11.4.0.0.0.12.0      i--
library/python/coverage-35                        4.0.3-11.4.0.0.0.12.0      ---
library/python/cryptography-35                    1.7.2-11.4.0.0.0.12.0      ---
library/python/cx_oracle-35                       5.2.1-11.4.0.0.0.12.0      ---
library/python/d2to1-35                           0.2.12-11.4.0.0.0.12.0     ---
library/python/debtcollector                      1.3.0-11.4.0.0.0.12.0      ---
library/python/debtcollector-27                   1.3.0-11.4.0.0.0.12.0      ---
library/python/debtcollector-34                   1.3.0-11.4.0.0.0.12.0      ---
library/python/debtcollector-35                   1.3.0-11.4.0.0.0.12.0      ---
library/python/decorator-35                       4.0.10-11.4.0.0.0.12.0     ---
library/python/designateclient                    2.1.0-11.4.0.0.0.12.0      --o
library/python/designateclient-27                 2.1.0-11.4.0.0.0.12.0      --o
library/python/dogpile.cache-35                   0.5.7-11.4.0.0.0.12.0      ---
library/python/dogpile.core-35                    0.4.1-11.4.0.0.0.12.0      ---
library/python/dulwich                            0.16.3-11.4.0.0.0.12.0     ---
library/python/dulwich-27                         0.16.3-11.4.0.0.0.12.0     ---
library/python/dulwich-34                         0.16.3-11.4.0.0.0.12.0     ---
library/python/dulwich-35                         0.16.3-11.4.0.0.0.12.0     ---
library/python/eventlet-35                        0.18.4-11.4.0.0.0.12.0     ---
library/python/extras-35                          0.0.3-11.4.0.0.0.12.0      ---
library/python/fasteners                          0.14.1-11.4.0.0.0.12.0     ---
library/python/fasteners-27                       0.14.1-11.4.0.0.0.12.0     ---
library/python/fasteners-34                       0.14.1-11.4.0.0.0.12.0     ---
library/python/fasteners-35                       0.14.1-11.4.0.0.0.12.0     ---
library/python/filechunkio-35                     1.6-11.4.0.0.0.12.0        ---
library/python/fixtures-34                        1.4.0-11.4.0.0.0.12.0      ---
library/python/fixtures-35                        1.4.0-11.4.0.0.0.12.0      ---
library/python/formencode-34                      1.3.0-11.4.0.0.0.12.0      i--
library/python/formencode-35                      1.3.0-11.4.0.0.0.12.0      ---
library/python/funcsigs                           0.4-11.4.0.0.0.12.0        ---
library/python/funcsigs-27                        0.4-11.4.0.0.0.12.0        ---
library/python/futurist                           0.13.0-11.4.0.0.0.12.0     ---
library/python/futurist-27                        0.13.0-11.4.0.0.0.12.0     ---
library/python/futurist-34                        0.13.0-11.4.0.0.0.12.0     ---
library/python/futurist-35                        0.13.0-11.4.0.0.0.12.0     ---
library/python/greenlet-35                        0.4.9-11.4.0.0.0.12.0      ---
library/python/httplib2-34                        0.9.2-11.4.0.0.0.12.0      ---
library/python/httplib2-35                        0.9.2-11.4.0.0.0.12.0      ---
library/python/idna-35                            2.0-11.4.0.0.0.12.0        ---
library/python/ironic-lib                         1.2.0-11.4.0.0.0.12.0      --o
library/python/ironic-lib-27                      1.2.0-11.4.0.0.0.12.0      --o
library/python/iso8601-35                         0.1.11-11.4.0.0.0.12.0     ---
library/python/isort                              4.2.5-11.4.0.0.0.12.0      ---
library/python/isort-27                           4.2.5-11.4.0.0.0.12.0      ---
library/python/isort-34                           4.2.5-11.4.0.0.0.12.0      ---
library/python/isort-35                           4.2.5-11.4.0.0.0.12.0      ---
library/python/jinja2-35                          2.8-11.4.0.0.0.12.0        ---
library/python/jsonpatch-35                       1.13-11.4.0.0.0.12.0       ---
library/python/jsonpointer-35                     1.10-11.4.0.0.0.12.0       ---
library/python/jsonrpclib-34                      0.2.6-11.4.0.0.0.12.0      i--
library/python/jsonschema-35                      2.0.0-11.4.0.0.0.12.0      ---
library/python/keystoneauth1                      2.4.0-11.4.0.0.0.12.0      ---
library/python/keystoneauth1-27                   2.4.0-11.4.0.0.0.12.0      ---
library/python/lesscpy-34                         0.11.1-11.4.0.0.0.12.0     ---
library/python/lesscpy-35                         0.11.1-11.4.0.0.0.12.0     ---
library/python/linecache2-35                      1.0.0-11.4.0.0.0.12.0      ---
library/python/lockfile-35                        0.12.2-11.4.0.0.0.12.0     ---
library/python/logilab-common-34                  1.2.2-11.4.0.0.0.12.0      ---
library/python/logilab-common-35                  1.2.2-11.4.0.0.0.12.0      ---
library/python/logutils-35                        0.3.3-11.4.0.0.0.12.0      ---
library/python/lxml-35                            3.6.4-11.4.0.0.0.12.0      ---
library/python/magnumclient                       2.0.0-11.4.0.0.0.12.0      --o
library/python/magnumclient-27                    2.0.0-11.4.0.0.0.12.0      --o
library/python/mako-35                            1.0.4-11.4.0.0.0.12.0      ---
library/python/manilaclient                       1.8.1-11.4.0.0.0.12.0      --o
library/python/manilaclient-27                    1.8.1-11.4.0.0.0.12.0      --o
library/python/markdown-35                        2.6.6-11.4.0.0.0.12.0      ---
library/python/markupsafe-35                      0.23-11.4.0.0.0.12.0       ---
library/python/mistralclient                      2.0.0-11.4.0.0.0.12.0      --o
library/python/mistralclient-27                   2.0.0-11.4.0.0.0.12.0      --o
library/python/monotonic                          0.6-11.4.0.0.0.12.0        ---
library/python/monotonic-27                       0.6-11.4.0.0.0.12.0        ---
library/python/msgpack-35                         0.4.7-11.4.0.0.0.12.0      ---
library/python/netifaces-35                       0.10.4-11.4.0.0.0.12.0     ---
library/python/neutron-lib                        0.0.3-11.4.0.0.0.12.0      --o
library/python/neutron-lib-27                     0.0.3-11.4.0.0.0.12.0      --o
library/python/nose-35                            1.3.7-11.4.0.0.0.12.0      ---
library/python/nose-cover3-34                     0.1.0-11.4.0.0.0.12.0      ---
library/python/nose-cover3-35                     0.1.0-11.4.0.0.0.12.0      ---
library/python/novaclient-35                      3.3.1-11.4.0.0.0.12.0      --o
library/python/oauthlib-35                        1.0.3-11.4.0.0.0.12.0      ---
library/python/openstacksdk                       0.8.2-11.4.0.0.0.12.0      ---
library/python/openstacksdk-27                    0.8.2-11.4.0.0.0.12.0      ---
library/python/os-brick                           1.2.0-11.4.0.0.0.12.0      --o
library/python/os-brick-27                        1.2.0-11.4.0.0.0.12.0      --o
library/python/os-client-config                   1.16.0-11.4.0.0.0.12.0     ---
library/python/os-client-config-27                1.16.0-11.4.0.0.0.12.0     ---
library/python/oslo.cache                         1.6.0-11.4.0.0.0.12.0      --o
library/python/oslo.cache-27                      1.6.0-11.4.0.0.0.12.0      --o
library/python/oslo.config-35                     3.9.0-11.4.0.0.0.12.0      ---
library/python/oslo.context-35                    2.2.0-11.4.0.0.0.12.0      ---
library/python/oslo.i18n-35                       3.5.0-11.4.0.0.0.12.0      ---
library/python/oslo.middleware-35                 3.8.0-11.4.0.0.0.12.0      ---
library/python/oslo.reports                       1.7.0-11.4.0.0.0.12.0      --o
library/python/oslo.reports-27                    1.7.0-11.4.0.0.0.12.0      --o
library/python/oslo.service                       1.8.0-11.4.0.0.0.12.0      ---
library/python/oslo.service-27                    1.8.0-11.4.0.0.0.12.0      ---
library/python/paramiko-35                        2.0.2-11.4.0.0.0.12.0      ---
library/python/passlib-35                         1.6.5-11.4.0.0.0.12.0      --o
library/python/paste-34                           2.0.3-11.4.0.0.0.12.0      i--
library/python/paste-35                           2.0.3-11.4.0.0.0.12.0      ---
library/python/paste.deploy-34                    1.5.2-11.4.0.0.0.12.0      i--
library/python/paste.deploy-35                    1.5.2-11.4.0.0.0.12.0      ---
library/python/pathlib                            1.0.1-11.4.0.0.0.12.0      ---
library/python/pathlib-27                         1.0.1-11.4.0.0.0.12.0      ---
library/python/pbr-35                             1.8.1-11.4.0.0.0.12.0      ---
library/python/pep8-35                            1.7.0-11.4.0.0.0.12.0      ---
library/python/pika                               0.10.0-11.4.0.0.0.12.0     ---
library/python/pika-27                            0.10.0-11.4.0.0.0.12.0     ---
library/python/pika-34                            0.10.0-11.4.0.0.0.12.0     ---
library/python/pika-35                            0.10.0-11.4.0.0.0.12.0     ---
library/python/pika-pool                          0.1.3-11.4.0.0.0.12.0      ---
library/python/pika-pool-27                       0.1.3-11.4.0.0.0.12.0      ---
library/python/pika-pool-34                       0.1.3-11.4.0.0.0.12.0      ---
library/python/pika-pool-35                       0.1.3-11.4.0.0.0.12.0      ---
library/python/pint-35                            0.7.2-11.4.0.0.0.12.0      --o
library/python/pip-35                             8.1.1-11.4.0.0.0.12.0      ---
library/python/ply-34                             3.8-11.4.0.0.0.12.0        i--
library/python/ply-35                             3.8-11.4.0.0.0.12.0        ---
library/python/positional                         1.0.1-11.4.0.0.0.12.0      ---
library/python/positional-27                      1.0.1-11.4.0.0.0.12.0      ---
library/python/positional-34                      1.0.1-11.4.0.0.0.12.0      ---
library/python/positional-35                      1.0.1-11.4.0.0.0.12.0      ---
library/python/posix_ipc-35                       1.0.0-11.4.0.0.0.12.0      ---
library/python/prettytable-35                     0.7.2-11.4.0.0.0.12.0      ---
library/python/py-35                              1.4.31-11.4.0.0.0.12.0     ---
library/python/pyasn1-35                          0.1.9-11.4.0.0.0.12.0      ---
library/python/pyasn1-modules-35                  0.0.5-11.4.0.0.0.12.0      ---
library/python/pybonjour-35                       1.1.1-11.4.0.0.0.12.0      ---
library/python/pycountry-35                       0.17-11.4.0.0.0.12.0       ---
library/python/pycparser-35                       2.14-11.4.0.0.0.12.0       ---
library/python/pycurl-34                          7.43.0-11.4.0.0.0.12.0     i--
library/python/pycurl-35                          7.43.0-11.4.0.0.0.12.0     ---
library/python/pyflakes-35                        0.8.1-11.4.0.0.0.12.0      ---
library/python/pygments-35                        2.1.3-11.4.0.0.0.12.0      ---
library/python/pymemcache                         1.3.5-11.4.0.0.0.12.0      ---
library/python/pymemcache-27                      1.3.5-11.4.0.0.0.12.0      ---
library/python/pymemcache-34                      1.3.5-11.4.0.0.0.12.0      ---
library/python/pymemcache-35                      1.3.5-11.4.0.0.0.12.0      ---
library/python/pyopenssl-35                       16.2.0-11.4.0.0.0.12.0     ---
library/python/pyparsing-35                       2.1.4-11.4.0.0.0.12.0      ---
library/python/pyrabbit-34                        1.1.0-11.4.0.0.0.12.0      ---
library/python/pyrabbit-35                        1.1.0-11.4.0.0.0.12.0      ---
library/python/pysendfile-35                      2.0.1-11.4.0.0.0.12.0      --o
library/python/pysmi                              0.0.7-11.4.0.0.0.12.0      ---
library/python/pysmi-27                           0.0.7-11.4.0.0.0.12.0      ---
library/python/pysmi-34                           0.0.7-11.4.0.0.0.12.0      ---
library/python/pysmi-35                           0.0.7-11.4.0.0.0.12.0      ---
library/python/pysnmp                             4.3.2-11.4.0.0.0.12.0      ---
library/python/pysnmp-27                          4.3.2-11.4.0.0.0.12.0      ---
library/python/pysnmp-34                          4.3.2-11.4.0.0.0.12.0      ---
library/python/pysnmp-35                          4.3.2-11.4.0.0.0.12.0      ---
library/python/pytest-35                          2.9.1-11.4.0.0.0.12.0      ---
library/python/pytest-capturelog-35               0.7-11.4.0.0.0.12.0        ---
library/python/pytest-codecheckers-35             0.2-11.4.0.0.0.12.0        ---
library/python/python-editor                      1.0-11.4.0.0.0.12.0        ---
library/python/python-editor-27                   1.0-11.4.0.0.0.12.0        ---
library/python/python-editor-34                   1.0-11.4.0.0.0.12.0        ---
library/python/python-editor-35                   1.0-11.4.0.0.0.12.0        ---
library/python/python-memcached-34                1.57-11.4.0.0.0.12.0       ---
library/python/python-memcached-35                1.57-11.4.0.0.0.12.0       ---
library/python/python-mimeparse-35                1.5.2-11.4.0.0.0.12.0      ---
library/python/pytz-35                            2016.4-11.4.0.0.0.12.0     ---
library/python/pyyaml-35                          3.11-11.4.0.0.0.12.0       ---
library/python/rcssmin                            1.0.6-11.4.0.0.0.12.0      ---
library/python/rcssmin-27                         1.0.6-11.4.0.0.0.12.0      ---
library/python/rcssmin-34                         1.0.6-11.4.0.0.0.12.0      ---
library/python/rcssmin-35                         1.0.6-11.4.0.0.0.12.0      ---
library/python/repoze.lru-35                      0.6-11.4.0.0.0.12.0        ---
library/python/requests-35                        2.9.1-11.4.0.0.0.12.0      ---
library/python/requestsexceptions                 1.1.3-11.4.0.0.0.12.0      ---
library/python/requestsexceptions-27              1.1.3-11.4.0.0.0.12.0      ---
library/python/requestsexceptions-34              1.1.3-11.4.0.0.0.12.0      ---
library/python/requestsexceptions-35              1.1.3-11.4.0.0.0.12.0      ---
library/python/retrying-35                        1.3.3-11.4.0.0.0.12.0      ---
library/python/rjsmin                             1.0.12-11.4.0.0.0.12.0     ---
library/python/rjsmin-27                          1.0.12-11.4.0.0.0.12.0     ---
library/python/rjsmin-34                          1.0.12-11.4.0.0.0.12.0     ---
library/python/rjsmin-35                          1.0.12-11.4.0.0.0.12.0     ---
library/python/routes-35                          2.3.1-11.4.0.0.0.12.0      ---
library/python/scp-35                             0.10.2-11.4.0.0.0.12.0     ---
library/python/semantic-version-35                2.5.0-11.4.0.0.0.12.0      --o
library/python/senlinclient                       0.4.1-11.4.0.0.0.12.0      --o
library/python/senlinclient-27                    0.4.1-11.4.0.0.0.12.0      --o
library/python/setuptools-git-35                  1.1-11.4.0.0.0.12.0        ---
library/python/simplegeneric-35                   0.8.1-11.4.0.0.0.12.0      ---
library/python/simplejson-35                      3.6.5-11.4.0.0.0.12.0      ---
library/python/six-35                             1.10.0-11.4.0.0.0.12.0     ---
library/python/sqlalchemy-35                      1.0.12-11.4.0.0.0.12.0     ---
library/python/sqlparse-35                        0.1.19-11.4.0.0.0.12.0     ---
library/python/stevedore-35                       1.12.0-11.4.0.0.0.12.0     ---
library/python/suds-34                            0.6-11.4.0.0.0.12.0        --o
library/python/suds-35                            0.6-11.4.0.0.0.12.0        --o
library/python/tempita-35                         0.5.1-11.4.0.0.0.12.0      ---
library/python/testresources-35                   1.0.0-11.4.0.0.0.12.0      ---
library/python/testscenarios-35                   0.5.0-11.4.0.0.0.12.0      ---
library/python/testtools-35                       2.0.0-11.4.0.0.0.12.0      ---
library/python/tooz                               1.34.0-11.4.0.0.0.12.0     --o
library/python/tooz-27                            1.34.0-11.4.0.0.0.12.0     --o
library/python/tox-35                             2.3.1-11.4.0.0.0.12.0      ---
library/python/traceback2-35                      1.4.0-11.4.0.0.0.12.0      ---
library/python/trollius-35                        2.1-11.4.0.0.0.12.0        ---
library/python/unicodecsv                         0.14.1-11.4.0.0.0.12.0     ---
library/python/unicodecsv-27                      0.14.1-11.4.0.0.0.12.0     ---
library/python/unicodecsv-34                      0.14.1-11.4.0.0.0.12.0     ---
library/python/unicodecsv-35                      0.14.1-11.4.0.0.0.12.0     ---
library/python/urllib3-35                         1.15.1-11.4.0.0.0.12.0     ---
library/python/virtualenv-35                      15.0.1-11.4.0.0.0.12.0     ---
library/python/waitress-35                        0.9.0-11.4.0.0.0.12.0      ---
library/python/warlock-35                         1.2.0-11.4.0.0.0.12.0      ---
library/python/webob-35                           1.5.1-11.4.0.0.0.12.0      ---
library/python/websockify-35                      0.8.0-11.4.0.0.0.12.0      --o
library/python/wrapt                              1.10.6-11.4.0.0.0.12.0     ---
library/python/wrapt-27                           1.10.6-11.4.0.0.0.12.0     ---
library/python/wrapt-34                           1.10.6-11.4.0.0.0.12.0     ---
library/python/wrapt-35                           1.10.6-11.4.0.0.0.12.0     ---
library/python/zaqarclient                        1.0.0-11.4.0.0.0.12.0      --o
library/python/zaqarclient-27                     1.0.0-11.4.0.0.0.12.0      --o
library/ruby/stomp                                1.4.3-11.4.0.0.0.12.0      ---
system/management/mcollective                     2.10.3-11.4.0.0.0.12.0     ---
web/server/apache-24/module/apache-perl           2.0.10-11.4.0.0.0.12.0     ---

RAD – get ZFS properties

After starting out with Python RAD zonemgr module I thought it is time to write about another available Python RAD module. In the following I want to give you a short and simple look and feel of how to get ZFS property information (name, type, atime, compression, compressratio, dedup, mounted and mountpoint). The puprpose is to get people interested in Solaris going with RAD and show how easily it can be used.

Let’s start with the usual imports which are pretty self-explaining. One is needed to open a connection and the other one depends on the purpose of the script. In this case we want to get ZFS properties which means we will use zfsmgr.
In case it is not already installed just run: pkg install rad-zfsmgr

import rad.connect as radc
import rad.bindings.com.oracle.solaris.rad.zfsmgr_1 as zfsmgr

Next we need to connect to a RAD client. In this case it is a local one and a unix socket can be used.
If you like to use a remote connection go ahead and use ssh://[hostname] instead.

uri = radc.RadURI("unix:///")
rc = uri.connect()

We now have an open connection (rc) and we can move on to the ZFS part.
First we need is to know what the existing datasets are. rc.list_object(zfsmgr.ZfsDataset()) will do exactly this for us. It lists all the ZFS dataset objects (ZfsDataset) the RAD zfs manager (zfsmgr) has to offer for the chosen connection (rc).

zfsDataSets = rc.list_objects(zfsmgr.ZfsDataset())

Well, the list of datasets is complete. But we will need more than just the objects of each dataset.
In order to get the information we are interested in we need to define it first. Therefore ZfsPropRequest is used.

prop0 = zfsmgr.ZfsPropRequest(name="name")
prop1 = zfsmgr.ZfsPropRequest(name="type")
prop2 = zfsmgr.ZfsPropRequest(name="atime")
prop3 = zfsmgr.ZfsPropRequest(name="compression")
prop4 = zfsmgr.ZfsPropRequest(name="compressratio")
prop5 = zfsmgr.ZfsPropRequest(name="dedup")
prop6 = zfsmgr.ZfsPropRequest(name="mounted")
prop7 = zfsmgr.ZfsPropRequest(name="mountpoint")

After defining the properties we just loop through each of the object list of the ZFS datasets and request the value for the just defined keys of the current object (zobj).

for dataset in zfsDataSets:
    zobj = rc.get_object(dataset)
    zvalues = zobj.get_props([prop0, prop1, prop2, prop3, prop4, prop5, prop6, prop7])
    print "%-40s%-14s%-8s%-13s%-15s%-7s%-9s%s" % (zvalues[0].value, zvalues[1].value, zvalues[2].value, zvalues[3].value, zvalues[4].value, zvalues[5].value, zvalues[6].value, zvalues[7].value)

Done. Got the information and therefore can close the connection at this point.

rc.close()

The output will remind you of a regular zfs list -o … output. One may say why should I use RAD then and the answer is quiet simple. Because this is just a trivial example of how you can make use RAD of the zfsmgr to get dataset information. The next steps would be to use the above and automate whatever comes to your mind. Juggle around with the objects, keys, values, etc.. Add more functions to it and even combine it with more RAD modules (e.g.: rad-zonemgr). That’s where you will benefit the most. But even small automation tasks are perfect for this.

Last but not least, here is an example of what it might look like. I had to take out a few lines because it included Solaris beta content.

rad-zfs2

Remember, the purpose was to make the very first step with RAD together with ZFS. Try it out and you will most probably like it and stick to it.

ZFS lz4 compression with Solaris 11.3

If you haven’t read Cindy Swearingen’s latest blog post yet, it is time for you to know that Solaris 11.3 beta is shipped with a zpool version 37 which brings lz4 compression to ZFS.

My last post is about generating report files in a html format and store them on a apache webserver.
Today I was wondering how much disk space the reporting will take and looked at the dataset.

# zfs get compression,compressratio,recordsize,referenced,used lofs/AP6A103/cve
NAME              PROPERTY       VALUE  SOURCE
lofs/AP6A103/cve  compression    on     inherited from lofs
lofs/AP6A103/cve  compressratio  2.45x  -
lofs/AP6A103/cve  recordsize     128K   default
lofs/AP6A103/cve  referenced     163M   -
lofs/AP6A103/cve  used           163M   -

# mv 2015 /var/tmp/
# ptime mv /var/tmp/2015 .

real        1.897081940
user        0.068310370
sys         1.828314030

Since this is not a Solaris 11.2 installation I wanted to change compression to lz4 and see what difference this would make. So I moved the data to a different zfs dataset, set the compression value to lz4 and moved the data back again. Just as a note, I set the compression value for the dataset of the whole zpool in this case. Could have also done it only for the child dataset.

# mv 2015 /var/tmp/
# zfs set compression=lz4 lofs
# ptime mv /var/tmp/2015 .

real        2.094843840
user        0.072113780
sys         2.022243500

The data is moved in only a few more milliseconds so let’s see if lz4 is worth using it.

# zfs get compression,compressratio,recordsize,referenced,used lofs/AP6A103/cve
NAME              PROPERTY       VALUE   SOURCE
lofs/AP6A103/cve  compression    lz4     inherited from lofs
lofs/AP6A103/cve  compressratio  16.26x  -
lofs/AP6A103/cve  recordsize     128K    default
lofs/AP6A103/cve  referenced     16.9M   -
lofs/AP6A103/cve  used           16.9M   -

As the above output shows the compressratio is awesome. It might be a wink of an eye slower on compressible data like this but that for general purpose this environments that are not 100% I/O critical this shouldn’t matter.
This use case here is dealing with compressible data only. But on a companies storage you happen to not always being able to separate compressible and incompressible data. Unlike other algorithms if data is recognized as incompressible lz4 won’t try hard to compress it anyway and instead move on with the next data. lz4 has more to offer than just this but this feature by itself qualifies it as the new default value of compression for every zpool (besides the rpool, yet).

Deploying automated CVE reporting for Solaris 11.3

With Solaris 11.2 Oracle started including quiet few new Solaris features for security and automated deployment. Besides bringing in immutable zones, which I didn’t get to write about yet (which is a shame since these are wonderful), and compliance, Solaris IPS received a new package called pkg://solaris/support/critical-patch-update/solaris-11-cpu. This package includes packages that are considered to be part of the Critical Patch Update. In addition to the package name and version this package now enables you to see which CVE each of these packages belong to.
You can use the pkg command to do some basic searches. Immutable zones, compliance and CVEs are only three of the different security features that were added to Solaris 11.2 and Solaris 11.3.

Most likely an admin will not want to login to each of his hundreds, thousands or even more Solaris installations in order to install needed packages and take care of a proper configuration. Can’t blame him. That’s probably what the Solaris team thought when puppet became part of the IPS repository with Solaris 11.2. There is not that much to say about it for those who do not know it. It does what is suppose to and is a relief for every admin if used right. In case you are interested in some really great articles go check out Manuel Zach’s blog. For automation in general you will want to go and also read Glynn Foster’s blog.
Now why am I writing about these “old” Solaris 11.2 features if Solaris 11.3 beta was released a few weeks ago already. Well, these are fundamental technologies in order to get the most out of Solaris 11.3.

Bringing Solaris IPS and NIST together

Companies mostly use an external software that alerts and reports every single CVE that is out there and triggers a service request for the responsible team. The thing is, it is slow, costs a lot and you get service requests for software that is not installed on any system. So what happens is the admin ends up checking it himself.

So I figured I will just do it Solaris style. By now as I write this post, we do have a fully automated reporting for CVEs for no extra costs at work.

Let’s start with IPS and CVEs. As mentioned before you will need to have a certain package installed.

# pkg install support/critical-patch-update/solaris-11-cpu

This package is updated with every SRU and will include every known CVE for Solaris 11. If you want to know a few basics about it read Darren Moffat’s blog.
Use the following command to see all the included packages:

# pkg contents -ro name,value solaris-11-cpu|grep '^CVE.*'
CVE-1999-0103                 pkg://solaris/system/security/kerberos-5@0.5.11,5.11-0.175.1.10.0.3.2
CVE-2002-2443                 pkg://solaris/system/security/kerberos-5@0.5.11,5.11-0.175.1.10.0.3.2
CVE-2003-0001                 pkg://solaris/driver/network/ethernet/pcn@0.5.11,5.11-0.175.1.11.0.3.2
CVE-2004-0230                 pkg://solaris/system/kernel@0.5.11,5.11-0.175.1.15.0.4.2
CVE-2004-0452                 pkg://solaris/runtime/perl-584/extra@5.8.4,5.11-0.175.1.11.0.3.2
CVE-2004-0452                 pkg://solaris/runtime/perl-584@5.8.4,5.11-0.175.1.11.0.3.2
CVE-2004-1019                 pkg://solaris/web/php-52/extension/php-apc@3.0.19,5.11-0.175.2.8.0.3.0
CVE-2004-1019                 pkg://solaris/web/php-52/extension/php-idn@0.2.0,5.11-0.175.2.8.0.3.0
CVE-2004-1019                 pkg://solaris/web/php-52/extension/php-memcache@2.2.5,5.11-0.175.2.8.0.3.0
CVE-2004-1019                 pkg://solaris/web/php-52/extension/php-mysql@5.2.17,5.11-0.175.2.8.0.3.0
CVE-2004-1019                 pkg://solaris/web/php-52/extension/php-pear@5.2.17,5.11-0.175.2.8.0.3.0
...
CVE-2015-4024                 pkg://solaris/web/php-53/extension/php-tcpwrap@1.1.3,5.11-0.175.2.13.0.4.0
CVE-2015-4024                 pkg://solaris/web/php-53/extension/php-xdebug@2.2.0,5.11-0.175.2.13.0.4.0
CVE-2015-4024                 pkg://solaris/web/php-53/extension/php-zendopcache@7.0.2,5.11-0.175.2.13.0.4.0
CVE-2015-4024                 pkg://solaris/web/php-53@5.3.29,5.11-0.175.2.13.0.4.0
CVE-2015-4024                 pkg://solaris/web/server/apache-22/module/apache-php52@5.2.17,5.11-0.175.2.13.0.4.0
CVE-2015-4024                 pkg://solaris/web/server/apache-22/module/apache-php53@5.3.29,5.11-0.175.2.13.0.4.0
CVE-2015-4770                 pkg://solaris/system/file-system/ufs@0.5.11,5.11-0.175.2.11.0.3.2
CVE-2015-4770                 pkg://solaris/system/kernel/platform@0.5.11,5.11-0.175.2.11.0.4.2
CVE-2015-5073                 pkg://solaris/library/pcre@8.37,5.11-0.175.2.13.0.3.0
CVE-2015-5477                 pkg://solaris/network/dns/bind@9.6.3.11.2,5.11-0.175.2.12.0.7.0
CVE-2015-5477                 pkg://solaris/network/dns/bind@9.6.3.11.2,5.11-0.175.2.13.0.5.0
CVE-2015-5477                 pkg://solaris/service/network/dns/bind@9.6.3.11.2,5.11-0.175.2.12.0.7.0
CVE-2015-5477                 pkg://solaris/service/network/dns/bind@9.6.3.11.2,5.11-0.175.2.13.0.5.0

Now we got the information of which Solaris IPS package belongs to which CVE-ID. That’s nice but how do we get all the other CVE information? Base score, summary, access vector, etc.?! In order to add more details to it I imported the NIST nvd-files into a sqlite3 database.
The files can be either downloaded as a compressed gz-file or regular xml. For more information visit https://nvd.nist.gov/download.cfm.
I imported the xml files into a sqlite3 database for a better performance. If you don’t want to work your way through the xml structures yourself use this python program that I came across while writing it myself. I like the approach of just having to do:

# curl https://nvd.nist.gov/static/feeds/xml/cve/nvdcve-2.0-2015.xml | nvd2sqlite3 -d /wherever/you/like/to/keep/the/dbfile

In order to keep your NIST CVE database current I put the commands in a script and created a crontab entry.

getNvdCve.sh:

#!/usr/bin/bash

curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2002.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2003.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2004.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2005.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2006.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2007.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2008.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2009.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2011.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2012.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2013.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2014.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml | nvd2sqlite3 -d /data/shares/NIST/cvedb

cron:

0 5 * * * /scripts/admin/getNvdCve.sh

Alright this gives us a database with all the information we need and want. The schema of the sqlite3 database looks like this:

sqlite> .schema
CREATE TABLE nvd (access_vector varchar,
                                            access_complexity varchar,
                                            authentication varchar,
                                            availability_impact varchar,
                                            confidentiality_impact varchar,
                                            cve_id text primary key,
                                            integrity_impact varchar,
                                            last_modified_datetime varchar,
                                            published_datetime varchar,
                                            score real,
                                            summary varchar,
                                            urls varchar,
                                            vulnerable_software_list);

Next to do is to match the data of the db with the IPS information. When I started working on this I focused on console output only but when I looked at our centralized compliance reports I wanted the same thing for CVEs. A central CVE reporting. So I ended up with writing the output to a html-file on an apache webserver.

Since the standard Perl in Solaris does not contain DBD::SQLite I switched to Python.
cveList.py does the following:

  • get all the installed package information from IPS
  • get all the information from the solaris-11-cpu package
  • match the above data and filter which pkg is installed and what version does it have (lower version = unpatched CVE)
  • create html report file with all the needed elements
  • connect to the sqlite3 db and get cve_id, access_vector, score and summary
  • write the select output to file, sorted by unpatched and patched CVEs

The CVE report looks like this:
cveReport

What we got now is a script that pulls in all the nvd information from NIST and stores it in a sqlite3 database. And we got a script that matches these information with the installed IPS packages and generates a CVE report in a html format.

Scheduled Services with Solaris 11.3

Next up is to automatically generate these reports. With Solaris 11.2 cron would be the way to do it. Trivial entry in the crontab and done.

30 5 * * * /scripts/admin/cveList.py

With Solaris 11.3 cron is almost obsolete. Why? Because of SMF and the new scheduled and periodic services. I’m not gonna talk about why SMF is great or not. To me it is great and I never ran into any serious problem. If it is a Solaris 11.3 installation I will move custom cronjobs to SMF and create scheduled services.
What these do is the same as cron plus everything else SMF has to offer.
The scheduled service I use for the CVE reporting is the following:

<?xml version="1.0" ?>
<!DOCTYPE service_bundle
  SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<!--
    Manifest created by svcbundle (2015-Sep-04 15:05:15+0200)
-->
<service_bundle type="manifest" name="site/cveList">
    <service version="1" type="service" name="site/cveList">
        <!--
            The following dependency keeps us from starting until the
            multi-user milestone is reached.
        -->
        <dependency restart_on="none" type="service"
            name="multi_user_dependency" grouping="require_all">
            <service_fmri value="svc:/milestone/multi-user"/>
        </dependency>
        <instance enabled="true" name="default" >
                <scheduled_method
                        interval='day'
                        hour='5'
                        minute='30'
                        exec='/lib/svc/method/cveList.py'
                        timeout_seconds='0'>
                                <method_context>
                                        <method_credential user='root' group='root' />
                                </method_context>
                </scheduled_method>
        </instance>
    </service>
</service_bundle>

Use svcbundle to generate your own manifest.

# svcbundle -o /var/tmp/cveList.xml -s service-name=site/cveList -s start-method=/lib/svc/method/cveList.py -s interval=day -s hour=5 -s minute=30
# svccfg validate /var/tmp/cveList.xml

It’s as easy as that. Add to it whatever you feel like and is needed. Mail reporting in case of a status change for example.

Well now we have a service that generates a CVE report every day at 5:30am of a server.
We need more so let’s move on to the next piece.

Building a custom IPS package

The best way to deploy any piece of software on a Solaris 11.x server is with IPS.
IPS packages are very easy to use when they already build and published. List, install, info, uninstall, contents, search, freeze, unfreeze, etc.. It is always the same command pattern that makes it that way. But how do you build your own packages. That is always a bit more tricky than using them. Instead of explaining how it works I will just link to another article written by Glynn Foster which covers everything you need to know.
If you don’t want to type in every single step this little script might help. Adjust your IPS repository and your paths and all you need is a so called mog file which in this case could look like this:

set name=pkg.fmri value=pkg://custom/security/custom-cveList@1.0.2
set name=variant.arch value=sparc value=i386
set name=pkg.description value="custom CVE reporting"
set name=pkg.summary value="custom Solaris CVE reports"
<transform dir path=lib$ -> drop>
<transform dir path=lib/svc$ -> drop>
<transform dir path=lib/svc/manifest$ -> drop>
<transform dir path=lib/svc/manifest/site$ -> set owner root>
<transform dir path=lib/svc/manifest/site$ -> set group sys>
<transform file path=lib/svc/manifest/site/cveList\.xml$ -> set owner root>
<transform file path=lib/svc/manifest/site/cveList\.xml$ -> set group bin>
<transform file path=lib/svc/manifest/site/cveList\.xml$ -> set mode 0444>
<transform file path=lib/svc/manifest/site/cveList\.xml$ -> default restart_fmri svc:/system/manifest-import:default>
<transform dir path=lib/svc/method$ -> drop>
<transform file path=lib/svc/method/cveList\.py$ -> set owner root>
<transform file path=lib/svc/method/cveList\.py$ -> set group bin>
<transform file path=lib/svc/method/cveList\.py$ -> set mode 0555>

Besides the mog file you just enter the path to your proto directory that includes the software that is suppose to be packaged up and you are good to go. You will be asked to type in the name of the package and that’s it. Rest is done automatically. You might have to adjust the configuration inside of your mog file in case of unresolved dependencies for example. Should you be missing a custom IPS repo create one right quick and then start packaging.

Creating a custom IPS repo and share it via nfs:

# zfs create -po mountpoint=/ips/custom rpool/ips/custom
# zfs list -r rpool/ips
NAME              USED  AVAIL  REFER  MOUNTPOINT
rpool/ips          62K  36.2G    31K  /rpool/ips
rpool/ips/custom   31K  36.2G    31K  /ips/custom
# pkgrepo create /ips/custom
# zfs set share=name=custom_ips,path=/ips/custom,prot=nfs rpool/ips/custom
name=custom_ips,path=/ips/custom,prot=nfs
# zfs set share.nfs=on rpool/ips/custom
# zfs get share
NAME                                                           PROPERTY  VALUE  SOURCE
rpool/ips/custom                                               share     name=custom_ips,path=/ips/custom,prot=nfs  local

Let’s actually build the cveList IPS pkg.

# /scripts/admin/buildIpsPkg.sh /scripts/admin/IPS/CVE/MOG/custom-cveList.mog /scripts/admin/IPS/CVE/PROTO.CVE

Need some information about the package. Answer the following questions to generate a mogrify-file (package_name.mog) or if you have a package_name.mog template execute this script with args:

 /scripts/admin/buildIpsPkg.sh [path_to_mog_file] [path_to_proto_dir]


Enter Package Name (eg. custom-compliance): custom-cveList

Ready! Generating the manifest.

pkgsend generate... OK
pkgmogrify... OK
pkgdepend generate... OK
pkgdepend resolve... OK
eliminating version numbers on required dependencies... OK
testing manifest against Solaris 11.2 repository, pkglint ... 
Lint engine setup...

Ignoring -r option, existing image found.
Starting lint run...

OK

Review the manifest file custom-cveList.p5m.4.res!


publish the ips package with:
pkgsend publish -s file:///data/ips/custom -d /scripts/admin/IPS/CVE/PROTO.CVE /scripts/admin/IPS/CVE/custom-cveList.p5m.4.res

check the package with:
pkg refresh
pkg info -r custom-cveList
pkg contents -m -r custom-cveList
pkg install -nv custom-cveList

remove it:
pkgrepo remove -s file:///data/ips/custom pkg://custom/security/custom-cveList@1.0.2

Et voilà, the package is ready to be published.

# pkgsend publish -s file:///data/ips/custom -d /scripts/admin/IPS/CVE/PROTO.CVE /scripts/admin/IPS/CVE/custom-cveList.p5m.4.res
# pkg refresh
# pkg info custom-cveList
             Name: security/custom-cveList
          Summary: custom Solaris CVE reports
      Description: custom CVE reporting
            State: Installed
        Publisher: custom
          Version: 1.0.2
           Branch: None
   Packaging Date: Tue Sep 08 16:48:50 2015
Last Install Time: Tue Sep 08 16:52:07 2015
             Size: 8.80 kB
             FMRI: pkg://custom/security/custom-cveList@1.0.2:20150908T164850Z

DONE! At least with getting CVEs, matching CVEs, scheduling reports and building a package out of all of this.

Let’s deploy.

Let puppet do your job

In this case I am already running a puppet master and several puppet agents. Since I talked about multiple hundreds or thousands of Solaris installations a master-agent setup is exactly what we want.
Nobody has the time and endurance to login on each system and do a pkg install custom-cveList.
I figured a puppet module would be just what I want.
And to save time, here it is:

# cat /etc/puppet/modules/cve/manifests/init.pp
class cve {
        if $::operatingsystemrelease == '11.3' or $::operatingsystemmajrelease == '12' {
                package { 'custom-cveList':
                        ensure => 'present',
                }
        } 
        if $::operatingsystemrelease == '11.2' {
                cron { 'cveList' :
                        ensure => 'present',
                        command => '/scripts/admin/cveList.py',
                        user => 'root',
                        hour => 5,
                        minute => 30,
                }
        }
}

The first if-statement will install the recently build and published IPS pkg. Since scheduled services are not available in Solaris 11.2 I had to add a crontab entry for that case, which would be the second if-statement in the above.
Now just add it to your /etc/puppet/manifest/site.pp and you are all set up.

node default {
        include nameservice
        include tsm
        include arc
        include compliance
        include mounts
        include users
        include cve
}

This is it now. From now on, every single Solaris server that runs a puppet agent will have your custom CVE reporting deployed.
Reading all this actually takes longer than just doing it and you only need to go through all of this once.

I know this looks like it is a lot but it really isn’t. If you want to leave out the IPS part just add your scripts and service/cron to your puppet configuration.
This is easier to handle than a third party tool. If want you could just implement it to your ITIL process and its tools to automate CVE service request handling.

Attachments

Solaris 11.3 brings ZFS task monitoring enhancement – zpool monitor

With the Solaris 11.3 beta release Oracle added a beautiful zpool command. Zpool monitor! And who would have figured, it does exactly that. It helps you to keep track of send, receive, scrub and/or resilver actions.

Let’s say you run zpool scrub rpool and you are interested in the status/progress. So far zpool status was the command of choice to do so. Usually used somehow like while :; do zpool status …|grep …; done. Works but not really convenient. And just imagine have a few send and/or receives running.
Well it is all taking care of. zfs monitor will the job for you. A long needed zfs feature. Thanks a lot Solaris engineering. Very nice improvement.

So how does zpool monitor work. Let’s take a look:

root@wacken:~# zpool help monitor
usage:
        monitor -t provider [-T d|u] [[-p] -o field[,...] [pool] ... [interval [count]]
        Valid values for 'provider' are send, receive, scrub, and resilver
        Valid values for 'field' are done, other, pctdone, pool, provider, speed, starttime,
          tag, timeleft, timestmp, total

This is what the default looks like for monitoring scrub:

root@wacken:~# zpool monitor -t scrub 1
pool                            provider  pctdone  total speed timeleft
rpool                           scrub       0.0    64.8G 1.66M 11h08m
rpool                           scrub       0.0    64.8G 1.69M 10h55m
rpool                           scrub       0.0    64.8G 1.71M 10h45m
rpool                           scrub       0.0    64.8G 1.74M 10h36m
rpool                           scrub       0.0    64.8G 1.79M 10h19m
rpool                           scrub       0.0    64.8G 1.80M 10h15m
...
rpool                           scrub       0.8    64.8G 27.3M 40m09s
rpool                           scrub       0.8    64.8G 26.5M 41m23s
rpool                           scrub       1.0    64.8G 31.9M 34m23s
rpool                           scrub       1.1    64.8G 33.6M 32m34s
rpool                           scrub       1.1    64.8G 32.2M 33m58s
rpool                           scrub       1.1    64.8G 30.9M 35m22s
rpool                           scrub       1.1    64.8G 29.8M 36m44s

Let’s add a few more fields to it.

root@wacken:~# zpool monitor -t scrub -o pool,provider,pctdone,total,speed,timeleft,tag,starttime,done 1
pool                            provider  pctdone  total speed timeleft   tag                 starttime done
rpool                           scrub       3.5    64.8G 18.8M 56m51s     scrub-267           14:22:58  0
rpool                           scrub       3.5    64.8G 18.7M 57m05s     scrub-267           14:22:58  0
rpool                           scrub       3.5    64.8G 18.6M 57m29s     scrub-267           14:22:58  0
rpool                           scrub       3.5    64.8G 18.5M 57m52s     scrub-267           14:22:58  0

Ain’t this nice. If you have an environment that includes automated zfs snapshots together with send/receive this will really make your day.
This command will definately get an alias in my zshrc ;-)