| Age | Commit message (Collapse) | Author |
|---|
|
to get the network related vars from rc.conf. This is even necessary
if netstart is run from within /etc/rc. Remove test of $INRC which
unintentionally evaluated always to true.
problem with previous change found by nigel@
OK sthen@ aja@ halex@
|
|
control-enable is used, our standard configuration is using unix domain sockets
without certs. existing setups with already-created certificates are ok, if
somebody needs remote+certs they can generate keys themself. ok florian@
|
|
keys/certificates for auth. ok florian@
|
|
It introduced a regression reported by nigel@
|
|
OK halex@ krw@
|
|
inside /etc/rc.
With help from and OK halex@, ajacoutot@
|
|
OK krw@ halex@
|
|
- no space in redirections like </foo or >$bar
- few other minor whitespaces
OK krw@
|
|
- Add comments for functions
- Start comments with capital letters
- End comments with a full stop
- Allow comments to extend up to column 80
OK krw@
|
|
multi-user builds. Discussed with espie, ajacoutot, ok deraadt
|
|
ok tedu@ rep@
|
|
|
|
/etc/examples/ntpd.conf
ok deraadt@ benno@ schwarze@
|
|
ok halex@
|
|
This allows running several instances of the same rc.d(8) script by just
linking it to different name.
e.g.
ln -s ftpproxy ftpproxy6
echo 'ftpproxy6_flags=-6' >>/etc/rc.conf.local
This is likely to break some rc.d scripts in ports. I will try and fix them all
in the next few days but I'd appreciate reports if I missed some.
ok halex@
|
|
This is necessary so that rc.d scripts launched with `-f' can be properly
stopped, checked and reloaded.
ok schwarze@
|
|
|
|
the public key.
prodded by semarie@
ok sthen@
|
|
/var/nsd/etc/nsd.conf (may contain a key)
/var/unbound/db/root.key (fix path as well)
from Tim van der Molen
ok millert@ sthen@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
login class.
|
|
|
|
|
|
ok jmatthew@ miod@
|
|
"inet6 autoconf" was working before and rtsol should behave the same.
OK phessler
|
|
Add a miniroot for the CuBox-i which needs u-boot at a particular
offset in the sd image to boot. Based on changes made by Patrick
Wildt in bitrig.
|
|
|
|
owner and group. Reported by Mark Patruck. ok deraadt@ miod@
|
|
|
|
usr.bin/ssh/moduli-gen.
|
|
conflicting symbols we can combine the configs.
Multiple umg files are still required however. The bsd.umg target in
the kernel is replaced by targets for bsd.IMX.umg, bsd.OMAP.umg and
bsd.SUNXI.umg.
|
|
Similiar changes were made in bitrig by Patrick Wildt.
As part of this change the physical load address for imx and sunxi have
changed. Any u-boot settings that include it will need to be modified.
imx: 0x10800000 -> 0x10300000
sunxi: 0x40800000 -> 0x40300000
Tested by bmercer, canacar and myself.
ok bmercer@
|
|
divert-to has many advantages over rdr-to for proxies. For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to. spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@
|
|
discussed by deraadt@
|
|
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.
this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.
with reyk rpe
|
|
ok henning@, reyk@
|
|
ok dlg@
|
|
that aren't are redundant because they can be found in the rc.d(8)
scripts themselves, and they risk getting out of sync.
While here, sort the daemons alphabetically.
No functional change.
Triggered by a much smaller nameserver-only patch from stephan@.
OK ajacoutot@ rpe@ stephan@ and looks good to sthen@.
|
|
|
|
tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.
man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@
|
