summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2023-03-04move to 7.3-betaTheo de Raadt
2023-03-03Process accounting and lastcomm(1) can detect execve(2) violationsAlexander Bluhm
of pinsyscall(2) policy. Report such findings in daily mail like other security violations. User has to turn on accounting=YES in rc.conf.local to utilize this feature. OK deraadt@
2023-03-01/etc/examples/iked.conf tweaks:Stuart Henderson
- show a demo of a strong random string for psk, for some types of configuration psk makes sense. the previous example hinted at.not using it. - change the EAP MSCHAPv2 example so that more than one client can connect (previous used address config but with only a single address not a pool), and use the newer keywords to show how to route all traffic from dynamic-ip clients over the tunnel ok tobhe@
2023-02-28add 7.4 fw keyStuart Henderson
2023-02-19add 7.4 syspatch public keyRobert Nagy
2023-02-197.4 packages keyChristian Weisgerber
2023-02-187.4 base keyTheo de Raadt
2023-01-28syncTheo de Raadt
2023-01-28Update the number of default wskbd entriesPeter Hessler
OK deraadt@
2023-01-25Delete TAB only line.ASOU Masato
2023-01-24syncJeremie Courreges-Anglas
2023-01-24Provide /dev/ujoy/[0-3]Jeremie Courreges-Anglas
ok deraadt@ miod@
2023-01-18process the sshd random-relink kit if it is found. sshd's text segmentTheo de Raadt
is now garbled, and in the future xonly univirse you'll have poor success downloading it or libc to know where gadgets are. ok djm
2023-01-14regenMark Kettenis
2023-01-14Create /dev/efi on amd64 and arm64.Mark Kettenis
ok yasuoka@
2022-12-28Make wait_reorder_libs() honour library_aslr=NOKlemens Nanni
Otherwise it will unconditionally print an empty line in case relinking is disabled. Reported by kettenis Feedback OK tb OK florian
2022-12-26add newline missed in previousKlemens Nanni
2022-12-26Re-order libraries in parallel to netstart.Florian Obser
While netstart is busy setting up the network and waiting for a default route we can already start with reordering libraries since this does not depend on running network, speeding things up. Idea & input deraadt Input & OK kn
2022-12-18Revert previous as it doesn't create additional lo(4) anymoreKlemens Nanni
Reported by Andreas Bartelt on bugs@
2022-12-18Do not try to create physical interfacesKlemens Nanni
vifscreate() always creates all virtual interfaces up-front. To check whether a given interface exists, ifstart() uses ifcreate() which tries to create nonexistent ones. Virtual ones are guaranteed to be present and physical ones cannot be created, so replace the ifcreate() call with a simpler ifconfig test and clarify the comment. OK martijn afresh1
2022-12-16zap double space and needless line breakKlemens Nanni
2022-12-16Prioritize lladdr over name/unit in hostname.if processingAndrew Fresh
When needed, lladdr is more precise and enduring. Suggested by deraadt@ Many improvments and OK kn@
2022-12-05Add support configuring hostname.if(5) by lladdrAndrew Fresh
Original implementation by martijn@ Feedback and suggestions from kn@, sthen@, claudio@, florian@, and deraadt@. ok deraadt
2022-11-30add configtest; OK martijnKlemens Nanni
2022-11-28rc(8): reorder_libs: print names of relinked librariesScott Soule Cheloha
When booting from slow media, the boot can appear to stall at the "reordering libs" line for quite some time. For my example, my G4 PowerMac booting from USB 1.1 takes a full minute to reorder the libraries. Let's print the name of each library before it is relinked. This gives the operator a better sense of what the machine is doing. In particular, it signals to the operator that the machine did not hang. With input from kn@, deraadt@. Positive feedback from sthen@. Link: https://marc.info/?l=openbsd-tech&m=165914104421476&w=2 ok kn@
2022-11-10RegenKenneth R Westerback
2022-11-10Nuke Vax (ra,rx) and HP-300 (hd) devices.Kenneth R Westerback
Noticed by kn@ ok millert@
2022-11-09RegenKenneth R Westerback
2022-11-09Remove xy/xd. SMD left with sparc.Kenneth R Westerback
ok kn@ deraadt@
2022-11-09Remove xy/xd. SMD left with sparc.Kenneth R Westerback
ok kn@ deraadt@
2022-11-07Import regenerated moduli.Darren Tucker
2022-11-06regen after /dev/pf? cleanup (only /dev/pf exists)Klemens Nanni
2022-11-06There is only one pf(4); OK sashanKlemens Nanni
2022-11-05"need root privileges" is an error, print it on stderr"Klemens Nanni
2022-11-05Print full path in usage; OK jmcKlemens Nanni
2022-11-01Only load the SOII key if IPv6 is availableKlemens Nanni
Possible now that IP6KERNERL is hoisted. This also improves readability and zaps double negation logic.
2022-11-01Do not wait for DAD completion in dry-run modeKlemens Nanni
1. only do so when running without -n 2. move code to own wait_dad() helper like wait_autoconf_default() has it 3. use local _count as usual in both functions rather than the global count Feedback OK claudio
2022-10-31Hoist only the feature checkKlemens Nanni
Keep adding IPv6 routes after lo0 got an addres like before, meant to be committed together with r1.223.
2022-10-31Fix comment: IPv6 link local addresses do not use SOII anymoreKlemens Nanni
sys/netinet6/in6_ifattach.c r1.114 limited it to SLAAC addresses in 2019.
2022-10-31Improve shell style wrt. variable naming/boolean conventionKlemens Nanni
The mixed use of upper and lower case variables is neither obvious nor consistent. PRINT_ONLY is local to netstart. ip6kernel is local to netstart. multicast gets sourced from rc.subr(8). 1. uppercase ip6kernel as is common for global variables in base scripts 2. use the simpler true/false idiom and default with the rest of netstart-only variables, making it clearer that only `multicast=YES/NO' comes from the rc environment 3. hoist kernel feature detection such that a later diff can load the SOII key conditionally 4. zap obvious comment OK aja
2022-10-24do not wait for autoconf in dry-runKlemens Nanni
If there is no default route but some interface has AUTOCONF, printing what would be done still waits for... nothing to happen. OK tb
2022-10-24Add required sh(1) to synopsisKlemens Nanni
Contrary to other scripts in base like rc.d(8) or MAKEDEV(8), netstart(8) itself is not executable and must be passed as file to sh(1): $ man -h netstart /etc/netstart [-n] [interface ...] $ /etc/netstart ksh: /etc/netstart: cannot execute - Permission denied Fix usage and synopsis to provide required usage: $ man -h netsart sh /etc/netstart [-n] [interface ...] OK jmc
2022-10-23powerpc64 and riscv64: sync pbuild class with amd64 and arm64Jeremie Courreges-Anglas
From Brad
2022-10-22lto is a memory hog. Bump pbuild's datasize-cur on arm64 to 8G as on amd64.Theo Buehler
ok phessler
2022-10-21Fix synopsis, -n does not require an interface; OK jmcKlemens Nanni
2022-10-19Exclude /tmp/*.shm files from /tmp cleaning in daily(8); removing themStuart Henderson
interferes with programs using shm_open(3) which uses them as backing files. Problem pointed out by jeremy@ in relation to PostgreSQL. Suggestion/ok tb@.
2022-10-19Drop support for $rcexec; people should now use the rc_exec function.Antoine Jacoutot
prodded by jsg@
2022-10-14add configtestKlemens Nanni
OK florian
2022-10-14add configtestKlemens Nanni
OK florian
2022-10-10Enable configtestKlemens Nanni
OK solene