| Age | Commit message (Collapse) | Author |
|---|
|
first line of its output. In contrast to the rest of the list of
mirror servers, this first line does not have any location info.
Only use this first line as default answer, if it has no location
info.
OK krw@
|
|
"System hostname" question.
OK tb@ krw@
'sure' deraadt@
positive feedback on the idea halex@
|
|
OK tb@
|
|
in the install.site and upgrade.site scripts.
OK tb@
|
|
OK tb@
|
|
|
|
|
|
|
|
- remove the unsued _err variable
- rework the extraction of the mirror dir info from HTTP_LIST
- use INSTALL_MIRROR to save the mirror info from HTTP_LIST
- use _http_proto to for the final INSTALL_URL if it's a mirror
- assign the correct info to INSTALL_URL
- write INSTALL_URL to /etc/installurl on install if a mirror was used
Feedback and OK tb@
'Looks good' deraadt@
|
|
during installation if an OpenBSD mirror server is used for the
sets download. It contains the mirror server url in the same format
as provided by ftplist.cgi.
The installurl file is used by the OpenBSD installer, the syspatch(8)
and the pkg_add(1) commands.
Stop creating and updating the /etc/pkg.conf file - the pkg_add(1)
command will use the information in installurl.
Use a new dbversion of the CGIs which accecpt and provide mirror
urls without the release/arch part at the end..
Idea from ajacoutot@
Joint work with and OK ajacoutot@ tb@ beck@ deraadt@
|
|
OK tb@ krw@
|
|
calling sed -i on it. While there, use a stricter regular expression, as
suggested by halex.
Problem reported by Pedro Caetano.
ok mestre, halex; ok rpe for earlier version without regex tweak
|
|
ok jmc@
|
|
|
|
and name-server information, the user was not asked for this
configuration. Do not assign a default value to _dn and _ns before
the values are checked with -n in donetconfig().
Fix from halex@; tested and OK rpe@
|
|
the SHA256.sig file which is signed by the OpenBSD project.
Deny the use of mirror servers where the verification fails.
Site specifc sets (siteXX.tgz and siteXX-hostname.tgz) or self
compiled sets in local setups are still supported by using the
index.txt file. Files listed in SHA256.sig override any file
listed in index.txt.
Support http://server and https://server as answers to the
"HTTP Server?" question. This allows a user to control the
logic used to download the set files on architectures that
have tls support for ftp(1).
'server' --> Use https for the sets download. If the server
does not support https, fall back to http but only after
user confirmation.
'https://server'--> Use https only for the sets download.
'http://server' --> Use http only for the sets download.
NOTE: If the autoinstall(8) feature is used, the installer
aborts the installation or upgrade in the following cases:
- a mirror server provides an invalid SHA256.sig file
- 'server' is used, https fails and the question to confirm
the fallback to http is not answered in the response file.
- 'https://server' is used but ftp(1) has no tls support.
- 'https://server' is used but not supported by the server.
Suggested by, in joint work with and OK deraadt@
Feedback, testing and OK tb@
positive feedback halex@ for the http/https part
|
|
disklabel on platforms that have tls enabled ftp(1) including
error handling in case ftp(1) doesn't have it.
OK tb@ halex@
|
|
platforms that have tls enabled ftp(1).
OK tb@
|
|
The sets are downloaded using https per default. If the server does
not support https, the installer offers falling back to http after
asking for confirmation.
NOTE: Depending on the setup, people using autoinstall(8) might
need to add this new installer question to the response file.
Unable to connect using https. Use http instead = yes|no
Joint work with and 'go for it' from deraadt@
Tested from and OK tb@
Feedback and OK for the approach halex@
|
|
to hostname as preparation for an upcoming change.
But to ensure proper name resolution in case dns is not available
yet, add an entry to the hosts file. After an installation, remove
it so it does not end up in the final hosts file. Not needed for
upgrades because the file is not copied to the upgraded system.
OK deraadt@
|
|
calls to those libraries.
|
|
|
|
OK halex@
fine for deraadt@
|
|
|
|
|
|
- re-format case-block
- unquote single word default answer
- use 'break' instead of return to leave (same effect here, but
needed later when the function is no function anymore)
- use -q option with kbd to limit output to warnings/errors only
discussed with and OK krw@ tb@
|
|
Prodded by and OK aja@
OK halex@ krw@
|
|
Add them to bsd.rd and set the ownership and permissions of
/usr/obj and /usr/xobj accordingly.
feedback and OK tb@
Looks good deraadt@
|
|
now automatically handled by the kernel.
The same change was made to /etc/netstart in 5.5 with r1.139.
Should fix the (U)pgrade problem reported on bugs@ by Clint Pachl.
ok mpi@
|
|
mail.
found by and OK tb@
OK halex@ krw@
|
|
The installer will create these directories during install.
So local setups will not get overwritten during upgrades.
idea from and OK deraadt@
with help from and OK tb@
feedback from and no objections halex@
|
|
This enables the installer to verify local set files even if the
prefetch area would not fit on the local disk.
OK krw@ on a similar diff
Idea from and OK naddy@
Feedback and OK tb@
|
|
to fetch local sets without a SHA256.sig file in a directory
unreachable by the unprivileged users. The missing SHA256.sig
file caused an early exit from the for-loop where the _unpriv
variable is unset in case of local sets.
- Move the check of the set location (local/net) to the top
- Set the ftp command title based on the _srclocal variable
- Remove the now unnecessary second _unpriv=
OK naddy@
|
|
- cleanup SHA256 and SHA256.sig before download
- move assignment of _cfile and _srclocal to the top
In a later step, this allows verification of local sets without the
need of a prefetch area which is not used in this case anyway.
Idea from and OK naddy@
OK krw@
|
|
This also covers the case when a template is rejected by disklabel.
OK krw
|
|
It's the users responsibility to ensure the integrity of these files!
Problem found by Laurence Tratt who placed the sets in his home dir
where the unprivileged users now used by the installer weren't able
to read them from.
discussed with deraadt@
OK krw@
|
|
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.
|
|
with input from and OK tb
OK halex krw
|
|
OK tb krw
|
|
Remove leftovers.
OK krw halex deraadt
|
|
Besides ... real men use ed!
OK krw halex deraadt
|
|
The instbin stuff looks good to deraadt@
|
|
ok deraadt@
|
|
while root (sic) causes are probed.
Problem reported by RD Thrush via bugs@ and reproduced locally.
|
|
Saves precious 896 bytes as a side effect.
OK deraadt
|
|
intrusive. Default to the first available disk, skipping to the next
(and so on), should the selected one be determined unsuitable for the
install or upgrade taking place.
"please commit" deraadt@
|
|
only http is used.
|
|
|
|
|
|
to install_sets() and that it is presented as default answer.
- fix pattern in waitcgiinfo() to match method=cd0.
- use a separate variable _im to set INSTALL_METHOD
resp might get overwritten in install_cdrom()
OK halex
|
