| Age | Commit message (Collapse) | Author |
|---|
|
|
|
configuration files.
OK sthen@ kn@ patrick@
|
|
a partition to avoid /var overflow issues
ok benno beck
|
|
better for rdomain or metric tuned interfaces
from leon fischer
|
|
AUTOCONF flag set. This removes the delay for even more (strange)
static configs.
ok sthen
|
|
routes, only if at least one exists, so can avoid the subshell and just use
grep -q. ok deraadt
|
|
seconds waiting for a default route (v4 or v6) to exist, this
increases the chance of DNS lookups working earlier. This is done
before pf is configured, sorry we have good reasons. Static
configurations are unaffected. dhclient previously did this kind of
delay, and this is the lightest touch we can come up with which gives
the same effect.
While here, also start relinking earlier.
ok benno florian sthen
|
|
before the first consumer of kvm_bsd.db
|
|
But in the nfs diskless case, we can do better by starting it a little
later. This disrupts nfs diskless on dynamic addresses a little, if it ever
actually worked with dhclient, but anyone doing that deserves the headache.
ok florian
|
|
Starting right after unwind.
OK deraadt
|
|
OK deraadt
|
|
If NFS isn't compiled into the kernel, sysctl -n vfs.mounts.nfs
will produce no numerical output. Make sure that we always have
a valid arithmetic expression.
Reported by and ok patrick@
|
|
to perform network configuration (for example, "!route source -ifp em0")
Split mygate and myname manual pages (how did anyone ever believe these
are related), and perform hostname configuration much earlier in rc.
discussed with benno, claudio, jmc, etc etc, last version of !command
parser by tb
|
|
|
|
unwind can be started (silently) before pf is configured (for those
few weirdos who use hostnames in pf.conf...). Other unidentified concerns
may be improved by this startup re-ordering, so let's give it a try.
discussed with florian.
|
|
|
|
other methods failed to inject/churn the rng enough. Move it up far earlier.
ok naddy sthen kettenis
|
|
as found the hard way by d.rauschenb@gmail on an old fujitsu siemens
machine, reading all of hw (notable hw.setperf) can have unexpected
side-effects. ok deraadt
|
|
as a one-shot at boot without more complex kernel work, and also includes
some serial numbers/guids which may add a little more entropy e.g. for
systems where /etc/random.seed may be known (e.g. cloned disk images).
"why not" deraadt@
|
|
- put functions and data which are only used before calling the executable's
start function into their own page-aligned segments for unmapping
(only done on amd64, arm64, armv7, powerpc, and sparc64 so far)
- pass .init_array and .preinit_array functions an addition argument which
is a callback to get a structure which includes a function that frees
the boot text and data
- sometimes delay doing RELRO processing: for a shared-object marked
DF_1_INITFIRST do it after the object's .init_array, for the executable
do it after the .preinit_array
- improve test-ld.so to link against libpthread and trigger its initialization
late
libc changes to use this will come later
ok kettenis@
|
|
|
|
ok deraadt
|
|
As of usr.bin/xinstall/install.c revision 1.68, -S is a no-op and
install(1) will always create files safely, thus clean the option usage
from the tree.
Diff from Lauri Tirkkonen <lotheac at iki dot fi>, thanks.
|
|
Loop over df(1)'s output directly, ensure the resulting list of block
devices is unique to avoid later duplicity checks and redundant mount(8)
invocations.
This allows direct bail out on invalid types and simpler saving for later
remount.
OK deraadt
|
|
|
|
suggested by and ok deraadt@ ("I think we never hang there anymore")
|
|
Many arm64 systems use device trees instead of ACPI and acpidump is
expectected to fail on those systems. And vmm(4) doesn't provide ACPI
information either.
ok deraadt@
|
|
Remove rtadvd(8) from rc(8).
OK deraadt, phessler
|
|
|
|
to running VMs (at least for OpenBSD ones), but the stop routine for system
daemons is not usually called at shutdown.
Earlier version with just "vmd stop" ok reyk@ kn@, ajacoutot@ reminded me
to hide the contextless "vmd(ok)" text which looks bad, I did so and wrapped
it with a "stopping VMs" message (it can take some time, especially when you
have multiple VMs, so better to have some clear feedback).
|
|
OK(failed) phessler
OK deraadt
|
|
|
|
Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).
OK naddy, sthen, rpe, tb
|
|
|
|
OK tb@
|
|
one location under /usr/share/relink.
Be more specific in src/etc/rc reorder_libs() what filesystems
need r/w remount and ensure that their mount state is restored.
Idea and positive feedback from deraadt@
OK aja@ tb@
|
|
sysctl_conf() spawns a subshell. This prevents that the new process
limits affect the daemons started during boot.
OK rpe@ halex@
|
|
Move tmpdir for reordering library from /tmp to /usr/lib.
This allows to have /tmp mounted noexec.
prompted by reports on misc@
OK deraadt@ tj@ tb@
|
|
|
|
reorder_libs() resulting in a unique ld.so on every system start.
Idea from and OK deraadt@
OK tb@
|
|
machines, running sysmerge(8) can take a little while so don't let people
wonder about why the output seems stuck.
ok sthen@ tb@ rpe@
|
|
/usr/libexec/reorder_kernel. Requested by ajacoutot@ to be able to
relink the kernel from within syspatch(8).
OK deraadt@ tb@
|
|
reverse order on shutdown.
OK aja@ tb@
|
|
being reordered.
okay tb@ deraadt@
|
|
OK tb@
|
|
|
|
Diff from Klemens Nanni
OK tb@ zhuk@
|
|
it after remounting the filesystem containing /usr/lib as rw:
the former is pointless if the latter should happen to fail.
From Klemens Nanni
ok rpe
|
|
reorder_libs().
From Klemens Nanni with input from rpe.
ok rpe, zhuk
|
|
and to write the logfile inside the kernel compile dir.
- turn the whole reorder_kernel function into a subshell {} -> ()
- create kernel compile dir early on
- redirect all stdout/stderr to a logfile inside this dir
- setup ERR trap handler that
- disables the EXIT trap handler
- syslogs the error and hints to the logfile
- additionally sends this message to the console
- setup EXIT trap handler that syslogs success
- wipe only the content instead of the whole kernel compile dir
- reestablish stdout redirection to the log after the wipe
- remove -q option of sha256 to log check result
- run reorder_kernel() in the background
OK deraadt@ tb@
|
