summaryrefslogtreecommitdiff
path: root/etc/rc
AgeCommit message (Collapse)Author
2020-01-24retire rebound etc bits to the atticTed Unangst
2019-11-11move /usr and var remounting (nfs diskless case...) earlier, so thatTheo de Raadt
unwind can be started (silently) before pf is configured (for those few weirdos who use hostnames in pf.conf...). Other unidentified concerns may be improved by this startup re-ordering, so let's give it a try. discussed with florian.
2019-11-10use $(<file) instead of $(cat file) since this script uses ksh; ok ajacoutot@Christian Weisgerber
2019-11-06we have emergency entropy injection code in rc, for if the bootblocks andTheo de Raadt
other methods failed to inject/churn the rng enough. Move it up far earlier. ok naddy sthen kettenis
2019-10-06for now, only mix in sysctl hw.{uuid,serialno,sensors} to /dev/random.Stuart Henderson
as found the hard way by d.rauschenb@gmail on an old fujitsu siemens machine, reading all of hw (notable hw.setperf) can have unexpected side-effects. ok deraadt
2019-10-02feed "sysctl hw" into /dev/random; a cheap way to feed in sensor dataStuart Henderson
as a one-shot at boot without more complex kernel work, and also includes some serial numbers/guids which may add a little more entropy e.g. for systems where /etc/random.seed may be known (e.g. cloned disk images). "why not" deraadt@
2019-05-10ld.so boot cleanup support:Philip Guenther
- put functions and data which are only used before calling the executable's start function into their own page-aligned segments for unmapping (only done on amd64, arm64, armv7, powerpc, and sparc64 so far) - pass .init_array and .preinit_array functions an addition argument which is a callback to get a structure which includes a function that frees the boot text and data - sometimes delay doing RELRO processing: for a shared-object marked DF_1_INITFIRST do it after the object's .init_array, for the executable do it after the .preinit_array - improve test-ld.so to link against libpthread and trigger its initialization late libc changes to use this will come later ok kettenis@
2019-04-01revert previous. ifconfig errors may be interesting... to be revisited.Ted Unangst
2019-04-01catch/hide errors from ifconfig carp in case there is no carp.Ted Unangst
ok deraadt
2019-02-24Remove -S from install commandskn
As of usr.bin/xinstall/install.c revision 1.68, -S is a no-op and install(1) will always create files safely, thus clean the option usage from the tree. Diff from Lauri Tirkkonen <lotheac at iki dot fi>, thanks.
2019-02-19Simplify NFS check in reorder_libs()kn
Loop over df(1)'s output directly, ensure the resulting list of block devices is unique to avoid later duplicity checks and redundant mount(8) invocations. This allows direct bail out on invalid types and simpler saving for later remount. OK deraadt
2019-01-26rc(8) bits for unwind(8); OK deraadtFlorian Obser
2019-01-24Drop the ttyflags message.Antoine Jacoutot
suggested by and ok deraadt@ ("I think we never hang there anymore")
2019-01-12Use acpidump -q to avoid message about ACPI information not being found.Mark Kettenis
Many arm64 systems use device trees instead of ACPI and acpidump is expectected to fail on those systems. And vmm(4) doesn't provide ACPI information either. ok deraadt@
2018-07-23It's time to switch to rad(8); tested by many.Florian Obser
Remove rtadvd(8) from rc(8). OK deraadt, phessler
2018-07-12rc(8) infrastructure for radFlorian Obser
2018-07-11Explicitly call "/etc/rc.d/vmd stop". This issues graceful shutdown commandsStuart Henderson
to running VMs (at least for OpenBSD ones), but the stop routine for system daemons is not usually called at shutdown. Earlier version with just "vmd stop" ok reyk@ kn@, ajacoutot@ reminded me to hide the contextless "vmd(ok)" text which looks bad, I did so and wrapped it with a "stopping VMs" message (it can take some time, especially when you have multiple VMs, so better to have some clear feedback).
2018-07-11Don't hide errors when IPv6 forwarding is not enabled.Florian Obser
OK(failed) phessler OK deraadt
2018-02-18Remove unecessary line continuation markers after || and &&Robert Peichaer
2018-02-10Load RFC 7217 key material and generate if it does not already exist.Florian Obser
Add soii.key to changelist (pointed out by semarie) and mtree/special (suggest by Craig Skinner). OK naddy, sthen, rpe, tb
2017-11-09kill trailing whitespace introduced in previous commitTheo Buehler
2017-11-06Use a variable for /usr/share/relinkRobert Peichaer
OK tb@
2017-11-05Consolidate lib.so.*.a, ld.so.a and the kernel relink kit intoRobert Peichaer
one location under /usr/share/relink. Be more specific in src/etc/rc reorder_libs() what filesystems need r/w remount and ensure that their mount state is restored. Idea and positive feedback from deraadt@ OK aja@ tb@
2017-10-25Partially revert rev 1.457 of /etc/rc. The pipe introduced inAlexander Bluhm
sysctl_conf() spawns a subshell. This prevents that the new process limits affect the daemons started during boot. OK rpe@ halex@
2017-10-12The testprogram for ld.so reordering is executed in tmpdir.Robert Peichaer
Move tmpdir for reordering library from /tmp to /usr/lib. This allows to have /tmp mounted noexec. prompted by reports on misc@ OK deraadt@ tj@ tb@
2017-10-10Move comment line and spacing.Robert Peichaer
2017-08-29Based on previous work from deraadt, add relinking of ld.so toRobert Peichaer
reorder_libs() resulting in a unique ld.so on every system start. Idea from and OK deraadt@ OK tb@
2017-08-28Display that we are running the upgrade scripts when they exist. On slowishAntoine Jacoutot
machines, running sysmerge(8) can take a little while so don't let people wonder about why the output seems stuck. ok sthen@ tb@ rpe@
2017-08-21Move the kernel relinking code from /etc/rc into a seperate scriptRobert Peichaer
/usr/libexec/reorder_kernel. Requested by ajacoutot@ to be able to relink the kernel from within syspatch(8). OK deraadt@ tb@
2017-08-20Simplify the code for stopping daemons listed in pkg_scripts inRobert Peichaer
reverse order on shutdown. OK aja@ tb@
2017-07-18Use a bit better idiom to get most recent version of the libraryVadim Zhukov
being reordered. okay tb@ deraadt@
2017-07-18Use numerical sysctl output to check for nfs mounts.Robert Peichaer
OK tb@
2017-07-17Tweak previous.Robert Peichaer
2017-07-17Use a more compact way to compose the initial pf ruleset.Robert Peichaer
Diff from Klemens Nanni OK tb@ zhuk@
2017-07-17Now that choosing the library versions is much faster, we can doTheo Buehler
it after remounting the filesystem containing /usr/lib as rw: the former is pointless if the latter should happen to fail. From Klemens Nanni ok rpe
2017-07-17Optimize and simplify the selection of the latest library version inTheo Buehler
reorder_libs(). From Klemens Nanni with input from rpe. ok rpe, zhuk
2017-07-04Switch reorder_kernel() from sending emails to logging via syslogRobert Peichaer
and to write the logfile inside the kernel compile dir. - turn the whole reorder_kernel function into a subshell {} -> () - create kernel compile dir early on - redirect all stdout/stderr to a logfile inside this dir - setup ERR trap handler that - disables the EXIT trap handler - syslogs the error and hints to the logfile - additionally sends this message to the console - setup EXIT trap handler that syslogs success - wipe only the content instead of the whole kernel compile dir - reestablish stdout redirection to the log after the wipe - remove -q option of sha256 to log check result - run reorder_kernel() in the background OK deraadt@ tb@
2017-06-30Improve reorder_kernel()Robert Peichaer
- check for and exit if /usr/share is on a nfs mounted filesystem - add trap handlers that mail the logfile to the admin user - use $_compile instead of $_compile_dir like in the installer - use $_compile/$_kernel instead of $_kernel_dir - remove the now redundant sha256 -h ... after make newinstall - write stdout/stderr of the background subshell to a logfile OK tb@ deraadt@
2017-06-27remove some old cruft.Ted Unangst
2017-06-22Adjust relink procedure to use new targets. Better use semantics forTheo de Raadt
users and developers. diff from rpe, ok tb
2017-06-19As early as possible, create a link /bsd.booted to the /bsd kernel weTheo de Raadt
presume we booted from. If you boot from another kernel, we cannot help you later with hibernate, sorry -- The kernel does not get a useable filename from the bootblocks. In the bootblocks, detect a live hibernate signature and boot from /bsd.booted instead. with yasuoka, lots of discussion with mlarkin, ok tom
2017-06-14Add a new function reorder_kernel() that relinks and installs theRobert Peichaer
new kernel in the background on system startup. It stores the hash of the new kernel and sends a notification email to the admin or root user. If it finds /usr/share/compile.tgz, it removes the existing compile dir and replaces it with the content of (new) archive. If the hash of /bsd does not match the stored one, no relinking happens. Idea from, joint work with and OK deraadt@ OK tb@ halex@ unnoticed by many
2017-06-06start slaacd as early as possible, right after pf and sysctl.conf areFlorian Obser
setup. Input & OK deraadt@
2017-06-03We have been running a small awk program before installing the relinked libc.Theo de Raadt
Perform the same kind of test for relinked libcrypto, using an openssl sequence (proposed by sthen)
2017-06-03Immediately after mounting / read-write, chmod og-rwx the kernel. RemoteTheo de Raadt
prying eyes were already been hindered at determining kernel addresses, now local prying eyes are also hindered. ok tb rpe
2017-05-30Introduce a scary rc.conf(8) knob library_aslr=(YES|NO) to turn off theTheo Buehler
reordering of libraries by rc(8). This way machines with very slow disk I/O have a chance of booting within reasonable time now that libcrypto is also randomized. Discussed with various; input & ok from deraadt ajacoutot
2017-05-29rc.d(8) for slaacdFlorian Obser
OK phessler, deraadt
2017-05-29Randomize link-order of libcrypto as we do with libc. This libraryTheo de Raadt
has many small functions without significant local storage, therefore less tail protection from -fstack-protector-strong to prevent their use as ROP gadgets. It is used in security contexts. Also many functions dribble pointers onto the stack, allowing discovery of gadgets via the fixed relative addresses, so let's randomly bias those. ok tedu jsing The rc script will soon need a strategy for skipping this step on machines with poor IO performance. Or maybe do it less often? However, I don't see many more libraries we'll do this with, these are the two most important ones.
2017-05-01Comments and spacing.Robert Peichaer
2017-04-18Simplify patching of motd(5), also making it agree better with theIngo Schwarze
documentation if the first line of the file is blank. Quirk reported by Anthony Coulter <bsd at anthonycoulter dot name>. OK rpe@