| Age | Commit message (Collapse) | Author |
|---|
|
requested by several
discussed with deraadt@
|
|
as strong secure-by-default stance.
people who upload root keys via site.tgz need to adjust sshd_config;
those who load a root key via autoinstall should trigger on this
question and select prohibit-password.
discussed at length
|
|
|
|
"without-password". Instead use "pubkeys-only" which people will find
conceptually easier. Still quietly accept "w" or "without-password"
as an option.
Place a warning beforehands:
WARNING: root is targetted by password guessing attacks, pubkeys are safer.
Everyone happy now, or at learning to not use root passwords?
|
|
ssh login?" question. Either the first letter or the whole word
- Use grep to check for the default in sshd_config
- Simplify sed expression for changing sshd_config
Based on feedback from and OK halex@
|
|
the PermitRootLogin option. Additionally to 'yes' and 'no' allow
'without-password' and make that the proposed default answer for
the "Allow root ssh login?" question. Modify sshd_config only if
the user choice is not the default.
OK deraadt
discussed with halex@, sthen@ and others
|
|
OK halex@
|
|
with the new sed -i.
"Nice" deraadt@
OK krw@ jasper@
|
|
installpath in pkg.conf instead of hardcoding that information.
This fixes the problem, that installpath has a path from an older
release after updating from disk for a while.
NOTE: This matches fw_update behaviour in that during a beta cycle,
it will expand to 5.8 (for e.g.) instead of snapshots.
requested by and OK ajacoutot@
OK halex@ krw@
|
|
OK krw@ halex@
|
|
with rpe's blessing
|
|
put the terminating ;; always on its own line.
discussed with and OK krw@ halex@
|
|
OK krw@
@halex agreed on this in a similar diff
|
|
OK krw@ halex@
|
|
uses disklabel UIDs unconditionally for a while already.
OK krw@
"looks good" deraadt@
|
|
MI function disklabel_autolayout() which now handles all aspects of
the disklabel auto-layout and autopartitioning case for the root disk.
Remove get_disklabel_template() and merge it with the new function.
"move forward" deraadt@
|
|
only remaining consumer.
OK krw@
|
|
Run makedev in install_cdrom() to create the necessary device nodes,
which got lost in a recent change.
Found by James Hartley, thanks for the bug report!
OK krw@
|
|
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.
this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.
with reyk rpe
|
|
and use DUIDs unconditionally. DUIDs in the installed /etc/fstab
has been the default for quite some time now.
OK deraadt@, krw@, guenther@, beck@
|
|
and to put response files in a subdir of the webserver's document root.
Based on diffs from Nathanael Rensen, thanks!
While here fix a buglet introduced by the $_server -> $AI_SERVER change.
OK krw, halex
|
|
to the OpenBSD installer. It is available during unattended installation.
The template file is fetched from an url, provided as answer to a new
question in the response file:
URL to autopartitioning template for disklabel = url
Original diff from and OK henning@
'no objection' krw@
|
|
by default completely in most cases, except where a public ssh key was provided
to autoinstall) - in the case where a (non-root) account was created, sshd
was being disabled; this diff fixes it. Looks good ajacoutot, OK djm@,
extensive testing+OK rpe@,
|
|
default change. The new default is not to ask to enable root logins
when a non-root user has been addedi. There is some additional sublety
for auto-installs that provide root ssh keys.
patch by myself and rpe@ with feedback from sthen@;
ok rpe@ deraadt@ sthen@
|
|
we fetch the response file from in a local _server var, put it in an
exported AI_SERVER one. last not least that allows install.site to see it.
ok krw rpe
|
|
when fetching the autoinstall response file.
a webserver that serves static files doesn't give a damn. if I map that
to something that dynamically creates the response file, i can use that to
construct the sets path, or play other arch and/or version dependent
games.
ok krw uwe
|
|
on the install media does not (currently) support '-e' or other
posix nifties, but does exit after displaying the last line.
Should fix scanning for wireless networks too.
Reported by Adam Wolk on misc@.
ok deraadt@
|
|
|
|
OK halex@ krw@
|
|
OK krw@
|
|
OK krw@
|
|
Noted by Adam Wolk, thanks.
OK krw@ deraadt@
|
|
prodded by deraadt@
|
|
Add comment headers to each function, briefly explaining its purpose
and arguments.
Feedback and OK halex@ krw@
|
|
like `cat file` or $(cat file) with $(<file) in places, where we
can be sure that file exists.
OK krw@
|
|
|
|
noted by Mikolaj Kucharski, thx
OK krw@
|
|
- End comments with a full stop.
OK krw@
|
|
Regroup them by their purpose and add section headers.
go for it halex@, OK krw@
|
|
and remove the update_firmware() function all together.
OK halex@ krw@
|
|
to the bottom of the file to make it easier to see what
code is actually executed.
OK krw@ halex@
|
|
OK krw@
|
|
Don't ask about xdm if the answer to the X question was no.
Noted by mlarkin@
"Looks good" deraadt@
OK krw@
|
|
in the 'Location of sets?' prompt.
Idea from deraadt@
Developed with and tested by rpe@
ok deraadt@ rpe@
|
|
ok rpe
|
|
and shuffle some install specific code into install.sh. No intentional
functional change.
Update copyrights to 2015 while here.
Tested & ok rpe@
|
|
goal of eventually refactoring them)
|
|
|
|
for LIF/header creation, pre-disklabel. post-install/upgrade, this
gets redone, this time with -r /mnt to pick up the new sdboot file
ok krw jsing miod
|
|
Fixes 'groupquota' -> 'grwupquota' damage noted by giovanni@.
Diff from rpe@, ok halex@, giovanni@, deraadt@
|
