Extracting a file from a Solaris flar
So, as covered in a previous post, Solaris Flash Archives give us a nice way to image a Solaris installation, and then to use that to build a machine via Jumpstart.
The process isn’t all one way, however, and sometimes you’ll want to have the ability to pull apart a flar and see what’s inside. Case in point: trying to debug some Jumpstart issues for a client, where some odd configuration was being set. It wasn’t being set during Jumpstart, and it wasn’t being set during the application install.
This just left the flar as being a possible culprit – but how to pull out a single file to check?
A Solaris Flash Archive is just a cpio archive, which means we can use the cpio command to play around with it. However, flars have some padding and extra sections – if you directly try to use cpio on it, you’ll get a lot of errors about ‘skipped XXX bytes of junk’.
We first need to pull apart the flar into archive, header, etc. sections – and we can do this directly with the flar command:
grond # cd /var/tmp grond # mkdir flar_hacking grond # cd flar_hacking/ grond # flar split /export/install/flars/sol9_0905_sun4u.flar grond # ls -l total 3907142 -rw-r--r-- 1 root root 1999449088 Dec 15 17:14 archive -rw-r--r-- 1 root root 18 Dec 15 17:12 cookie -rw-r--r-- 1 root root 461 Dec 15 17:12 identification -rw-r--r-- 1 root root 4334 Dec 15 17:12 postdeployment -rw-r--r-- 1 root root 1339 Dec 15 17:12 predeployment -rw-r--r-- 1 root root 898 Dec 15 17:12 reboot -rw-r--r-- 1 root root 53 Dec 15 17:12 summary
We can see that the flar split command has given us our archive, which is where all the files actually are, as well as the other extra sections which make the flar more than just a cpio archive.
Now that it’s split up, we can use cpio directly. In this case, I want to check to see if /etc/default/init is in the flar:
grond # cpio -it < archive | grep etc/default/init etc/default/init 3905174 blocks
And there it is - so now we can use cpio again to extract the file:
grond # cpio -ivdm etc/default/init < archive etc/default/init
cpio will extract the file, but relatively to your working directory, and not the root, so we won't be in danger of overwriting anything important:
grond # ls -lR etc/ etc/: total 2 drwxr-xr-x 2 root root 512 Dec 15 17:15 default etc/default: total 2 -r-xr-xr-x 1 root sys 490 Oct 5 2007 init
And there's the file we wanted, extracted from the relevant Solaris flar. In this particular instance, it was indeed responsible for the bogus configuration being pushed out.