| Age | Commit message (Collapse) | Author |
|---|
|
This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.
Use that to generate it rather than a best-effort grep/hardcoded path.
OK sthen
|
|
OK input lucas
|
|
iked and isakmpd guard against themselves with "return 0" as rc.subr(8)
checks rc_pre()'s return code and aborts daemo start iff non-zero, but
that isn't needed if we use ksh properly.
|
|
unbound-checkconf(8) itself exits 1 on error already.
|
|
looks correct to deraadt
|
|
from Kirill Miazine, thanks.
|
|
12 factors apps and similar don't daemonize and are thus vulnerable to
receiving a SIGHUP signal at the end of /etc/rc. Shield them by running
them in a different process group. Do this only for services that need
rc_bg=Yes, as suggested by ajacoutot@
There have been several reports about this issue in the past years, the
last one being from edd@ who successfully tested this fix. Input from
several folks, ok sthen@ ajacoutot@
|
|
|
|
prodded by jsg@
|
|
OK florian
|
|
OK florian
|
|
OK solene
|
|
ok robert@ sthen@ kn@
|
|
Moving the configuration check to its own configtest function means rc_pre
exit code will now be that of the && list (sasyncd_flags).
Just do what isakmpd does and return 0.
from lucas at sexy dot is, thanks!
|
|
function (each rc.d script is supposed to define its own if wanted).
This way, we can filter out the "configtest" action depending on whether the
function exists or not.
Adapt documentation.
tweak/ok kn@
|
|
A few adjustments will be done in the next days (like disabling this action if
there's no specific rc_configtest function defined).
e.g.
/etc/rc.d/sshd configtest
rcctl configtest sshd
idea from naddy@
|
|
have to check syslog when running in debug mode (`-d').
|
|
|
|
By default it just returns "0" but can be overriden by rc.d scripts to check
that the daemon configuration is valid when running "start", "reload" and
"restart".
|
|
ok aja
|
|
all the other rc plumbing.
OK deraadt@
|
|
before running rc_rcexec.
Based on an proposal from openbsd.tech at aisha.cc
ok robert@ abieber@
|
|
|
|
It is much cleaner to the eyes and makes more sense from a functionnal point of
view.
This will allow to extend rc_exec with other functionnalities (like upcoming
rc_startdir).
Bonus point: daemon_logger will now work with manually crafted rc_start
functions.
This will require a mechanical change from ${rcexec} to rc_exec in rc.d scripts.
ports will be fixed right after this commit but we will keep compatibility to
give a chance to people to fix their custom scripts.
positive tests from a few
ok robert@
|
|
|
|
input/ok sthen@ halex@
|
|
because rc.subr has special-casing for spamd/spamlogd.
Teach the script to detect the pflog interface from spamlogd flags and
create the correct interface if needed.
ok jturner@
|
|
The conditional was not checked (prior to r1.2 the exit code from the
conditional was implicitly used as the exit code from the whole shell
function, but this wasn't adapted when pflog creation was added).
Reported/tested by Clint Pachl
|
|
ok aja@
|
|
|
|
Rename _rc_wait to _rc_wait_for_start since only "start" uses this now (to
handle rc_bg daemons).
In any situation, none of these actions should be able to hang boot or shutdown.
We should now be able to manage most corner cases out there ("most" because it's
unreasonable to assume we can cope with all the non-default
rc_{start,stop,reload} crazyness).
Several tests have been made and no obvious regression has been found.
But that doesn't mean there isn't; if some behavior changed for the worst, talk
to me.
ok robert@ sthen@
|
|
|
|
While this is not strictly required, it's a failsafe and more fair to
daemon_timeout as we will effectively wait for the start/stop/reload sequence
instead of the duration of the rc.d script itself.
|
|
|
|
This doesn't change the default behavior but fixes rc.d scripts with a home made
rc_stop() function that can block and potentially hangs halt/reboot forever.
ok robert@
|
|
in this situation.
reported by and ok robert@
|
|
configuration files.
OK sthen@ kn@ patrick@
|
|
features and scripts will not work correctly with sh. tweak jca/ok kn/
ok with direction aja
|
|
only for rc.d scripts.
|
|
we have at least 1s for SIGTERM to do its job.
|
|
with a tweak from kn@
ok sthen@
|
|
this point the process has been terminated).
|
|
|
|
function. This will allow to simplify some rc.d script that cook there own
function to gracefully stop a process (e.g. web servers). There are other use
cases as well.
And do the same for rc_reload because it's cheap and can also simplify a
handful of rc.d scripts.
Behave like shutdown and if the process is still not down after daemon_timeout
(configurable; default to 30s), then send a SIGKILL.
While here, factorise pkill invocations into a _rc_sendsig() function that can
potentially be used by rc.d scripts instead of cooking pkill lines; this will
benefit from the configured routing table etc.
tested & ok robert@
|
|
source only what they really needs.
Only expose the following which are used by /etc/rc, netstart and rcctl:
_rc_parse_conf
_rc_check_name
_rc_err
_rc_do
_rc_quirk
ok sthen@
|
|
the go ecosystem).
Properly handle failing daemon startup now that we have pipefail.
To take advantage of this new feature, just add foo_logger=facility to the
daemon rc.d(8) script or in rc.conf.local(8) or use rcctl:
rcctl set foo logger daemon.info
tweak for checking flags in rcctl(8) from martijn@
"this looks pretty good" deraadt@
ok sthen@
|
|
Starting right after unwind.
OK deraadt
|
|
OK deraadt
|
|
This way rc.d and rcctl don't suffer from side effects in people's rc
files. If you somehow used those files to set environment variables,
you should have used login.conf as described in rc.d(8) instead.
ok ajacoutot@
|
|
No functional change.
|
