| Age | Commit message (Collapse) | Author |
|---|
|
platforms that have tls enabled ftp(1).
OK tb@
|
|
The sets are downloaded using https per default. If the server does
not support https, the installer offers falling back to http after
asking for confirmation.
NOTE: Depending on the setup, people using autoinstall(8) might
need to add this new installer question to the response file.
Unable to connect using https. Use http instead = yes|no
Joint work with and 'go for it' from deraadt@
Tested from and OK tb@
Feedback and OK for the approach halex@
|
|
to hostname as preparation for an upcoming change.
But to ensure proper name resolution in case dns is not available
yet, add an entry to the hosts file. After an installation, remove
it so it does not end up in the final hosts file. Not needed for
upgrades because the file is not copied to the upgraded system.
OK deraadt@
|
|
calls to those libraries.
|
|
|
|
OK halex@
fine for deraadt@
|
|
|
|
|
|
- re-format case-block
- unquote single word default answer
- use 'break' instead of return to leave (same effect here, but
needed later when the function is no function anymore)
- use -q option with kbd to limit output to warnings/errors only
discussed with and OK krw@ tb@
|
|
Prodded by and OK aja@
OK halex@ krw@
|
|
Add them to bsd.rd and set the ownership and permissions of
/usr/obj and /usr/xobj accordingly.
feedback and OK tb@
Looks good deraadt@
|
|
now automatically handled by the kernel.
The same change was made to /etc/netstart in 5.5 with r1.139.
Should fix the (U)pgrade problem reported on bugs@ by Clint Pachl.
ok mpi@
|
|
mail.
found by and OK tb@
OK halex@ krw@
|
|
The installer will create these directories during install.
So local setups will not get overwritten during upgrades.
idea from and OK deraadt@
with help from and OK tb@
feedback from and no objections halex@
|
|
This enables the installer to verify local set files even if the
prefetch area would not fit on the local disk.
OK krw@ on a similar diff
Idea from and OK naddy@
Feedback and OK tb@
|
|
to fetch local sets without a SHA256.sig file in a directory
unreachable by the unprivileged users. The missing SHA256.sig
file caused an early exit from the for-loop where the _unpriv
variable is unset in case of local sets.
- Move the check of the set location (local/net) to the top
- Set the ftp command title based on the _srclocal variable
- Remove the now unnecessary second _unpriv=
OK naddy@
|
|
- cleanup SHA256 and SHA256.sig before download
- move assignment of _cfile and _srclocal to the top
In a later step, this allows verification of local sets without the
need of a prefetch area which is not used in this case anyway.
Idea from and OK naddy@
OK krw@
|
|
This also covers the case when a template is rejected by disklabel.
OK krw
|
|
It's the users responsibility to ensure the integrity of these files!
Problem found by Laurence Tratt who placed the sets in his home dir
where the unprivileged users now used by the installer weren't able
to read them from.
discussed with deraadt@
OK krw@
|
|
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.
|
|
with input from and OK tb
OK halex krw
|
|
OK tb krw
|
|
Remove leftovers.
OK krw halex deraadt
|
|
Besides ... real men use ed!
OK krw halex deraadt
|
|
The instbin stuff looks good to deraadt@
|
|
ok deraadt@
|
|
while root (sic) causes are probed.
Problem reported by RD Thrush via bugs@ and reproduced locally.
|
|
Saves precious 896 bytes as a side effect.
OK deraadt
|
|
intrusive. Default to the first available disk, skipping to the next
(and so on), should the selected one be determined unsuitable for the
install or upgrade taking place.
"please commit" deraadt@
|
|
only http is used.
|
|
|
|
|
|
to install_sets() and that it is presented as default answer.
- fix pattern in waitcgiinfo() to match method=cd0.
- use a separate variable _im to set INSTALL_METHOD
resp might get overwritten in install_cdrom()
OK halex
|
|
by moving waitcgiinfo() from install_http() to before install_sets()
in do_upgrade().
OK halex
|
|
directory does not exist. Otherwise, INSTALL_METHOD is not set
and this information is not sent to the cgi server.
OK halex
|
|
Route labels are now enclosed in double quotes (see r1.107 of
src/sbin/route/show.c).
OK claudio, krw
no objections halex
|
|
One is enough.
OK halex
|
|
OK krw, halex
|
|
Found out by naddy
OK deraadt
|
|
stupi^Wunfortunate, so stop asking.
deraadt@ and krw@ agrees
ok rpe@
|
|
as for upgrades.
- For installs, find all and any disks available.
- For upgrades, look for 'a' partitions with the typical root filesystem
directories in them.
In both cases, if one and only one match is found, it will be selected.
If no disk or multiple disks are found, the installer will require you
to specify a disk, be it by hand or by auto{install,upgrade}.conf.
ok rpe@ krw@ "Innovative." deraadt@
|
|
/tmp with proper permissions so that unprivileged programs can not
tamper with them.
positive feedback from deraadt
OK halex
|
|
as unprivileged users.
OK halex, tb, deraadt
|
|
and ensures that no processes of this user remain active afterwards.
Optionally, it creates a file, that is owned by the user only for
this command execution. Afterwards it's chown'd by root.
Add wrapper functions for do_as(). unpriv() uses the _sndio user
and unpriv2() uses the _file user to execute commands.
OK halex, tb, deraadt
|
|
on a base system. They are used with doas(1) to execute certain
commands as unprivileged users during install and upgrade .
OK halex, tb, deraadt
|
|
OK halex, tb, deraadt
|
|
which will scan the available disks, selecting the first disk with an
'a' partition of type 4.2BSD
ok deraadt@ krw@ phessler@
|
|
during install.
Spotted & diff from Patrik Lundin. Thanks!
|
|
should unvis() it too, but I think this is enough, at least for now.
ok krw@
|
|
OK halex, krw
|
