| Age | Commit message (Collapse) | Author |
|---|
|
Found by Frank Scheiner, thanks for reporting this.
OK krw, halex
'cool' deraadt
|
|
- run commands in subshell only if mktemp is successful
- on error just leave the for-loop but set _error=true
- cleanup tmpdirs afterwards
- set _error=true if the ro remount fails
- print appropriate final message depending on $_error
positive feedback from deraadt
OK krw
|
|
OK deraadt
|
|
OK sthen, deraadt
|
|
|
|
- move the info message inside the function
- skip reordering if /usr/lib is on a nfs mounted filesystem
- temporarily remount rw if /usr/lib is on a ro ffs file-system
OK deraadt
|
|
OK deraadt
|
|
sthen does not object
|
|
above it is "starting network", which can make you think something is
broken when your machine is as slow as some of mine.
"Yeah, that's a pretty crappy machine" deraadt@
|
|
chance to update the *default* configuration of the important daemons.
Factorize rc.firsttime into a run_upgrade_script() function which takes the
script suffix name as an argument.
i.e. run_upgrade_script sysmerge / run_upgrade_script firsttime
discussed with deraadt@
ok deraadt@ rpe@
|
|
Noted by zhuk@
OK deraadt@
|
|
order.
with shell script assistance from rpe
|
|
OK halex@
|
|
rc-wise OK aja@ jasper@
|
|
ok mlarkin@
prompted by deraadt@
|
|
shlib_dirs using /etc/rc.conf.local.
Fix from Jan Johansson, thanks.
OK krw@, halex@
|
|
|
|
|
|
OK krw@
|
|
OK krw@ halex@
|
|
ok aja
|
|
ok deraadt@
|
|
- verify that kbd is executable and kbdtype is not empty
- use safer 'print --' to pipe the initial pf ruleset to pfctl
- simplify the ipsecctl if-block
Feedback and OK halex@
OK krw@
|
|
- run domainname only with a non-empty /etc/defaultdomain file
- Make single-user if-block more intuitive, which also matches
better what the comment actually says
OK halex@, krw@ on a similar diff
|
|
The creation of Unix sockets directories in /tmp for X happens right
after pruning /tmp. So the whole dance of checking for their
existence, ownership or permissions is not necessary. It's safe to
just create them with the right permissions if X is installed.
Changes to do_fsck():
Remove the _flags variable and pass flags to fsck directly with "$@".
Feedback and OK halex@
OK krw@ on a similar diff
|
|
at a time, so a second instance of the daemon is required.
OK mikeb stsp ajacoutot
|
|
- use more descriptive variable name
Changes for make_keys():
- use variables for file paths
- key -> keys in message
- take into account the return codes of isakmpd private *and* public
key generation
OK krw@ halex@
|
|
- initialize _ban variable
- style
OK halex@
|
|
In wsconsctl.conf configuration variables can contain doublequotes
which are removed by the shell if wsconsctl is used interactively.
In scripts, without using eval, these doublequotes are preserved
and the wsconsctl command complains about "illegal character in
input".
Found by and OK jmc@
With feedback from and OK krw@, halex@
|
|
- no need to check for non-empty *.conf files, stripcom handles that now
- pipe stripcom output directly to while-read-loop
- quote the argument to the *ctl commands
- no need to double shutup mixerctl, -q already means quiet
OK krw@, halex@
|
|
General changes:
- apply a similar 'style' as used in the installer scripts
- improve comments to be more to the point, remove where code is obvious
- document usage of functions if they have arguments
- rename variables where it improves readability
- replace really old-school shell code with more contemporary idioms
Changes to stripcom():
- skip empty files (eleminates tests for this before calling stripcom)
- remove {} around the while-loop, feed file directly
- instead of continue if empty and then print, print only if non-empty
- use the safer "print -r --" instead of plain "echo"
- quote "$_line" on output to prevent globbing
Changes to update_limit():
- use {,-cur,-max} instead of "" -cur -max
- eleminate if-block with reverse test and continue
OK halex@ krw@
|
|
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt
|
|
able to use ksh syntax within these scripts. This way init doesn't
need to be changed, which starts /etc/rc using /bin/sh and people
can still use "sh /etc/netstart ifname".
Idea from and OK halex@
OK deraadt@ krw@ guenther@
|
|
OK halex@ krw@
|
|
OK krw@ halex@
|
|
- no space in redirections like </foo or >$bar
- few other minor whitespaces
OK krw@
|
|
- Add comments for functions
- Start comments with capital letters
- End comments with a full stop
- Allow comments to extend up to column 80
OK krw@
|
|
tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.
man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@
|
|
Diff from Navan Carson via tech@
|
|
did). This allows any local changes to /etc/services to be effective
if all you have is the default.
Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!
ok phessler@ deraadt@
|
|
OK deraadt@
|
|
generic.
ok miod@
|
|
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many
|
|
This is easier to understand and fixes a bug where the "-type d -prune"
was misplaced as noticed by pirofti@. OK deraadt@
|
|
|
|
|
|
a proper & complete bind port will show up.
discussed with many for years
|
|
Committing early to make sure we have time to fix any side-effect.
ok deraadt@
|
|
|
|
writeable during shutdown. This prevents ugly error messages when
the machine is rebooted from singe-user without mounting the file
systems read-write.
suggested by deraadt@
|
