| Age | Commit message (Collapse) | Author |
|---|
|
machines, running sysmerge(8) can take a little while so don't let people
wonder about why the output seems stuck.
ok sthen@ tb@ rpe@
|
|
(again...)
|
|
|
|
|
|
/usr/libexec/reorder_kernel. Requested by ajacoutot@ to be able to
relink the kernel from within syspatch(8).
OK deraadt@ tb@
|
|
requested by ajacoutot@
OK tb@
|
|
|
|
|
|
reverse order on shutdown.
OK aja@ tb@
|
|
|
|
|
|
OK phessler@
|
|
|
|
in hostname.if(5)
OK mpi@ deraadt@ florian@
OK jmc@ from doc perspective
|
|
- in netstart, rename _file to _hn referencing hostname.if files
- in install.sub switch ifstart() to be used with _if instead of
_hn as parameter
ok krw@ tb@
|
|
|
|
reachable through different pvbus device nodes.
Suggestion and OK deraadt, OK reyk
|
|
being reordered.
okay tb@ deraadt@
|
|
OK tb@
|
|
|
|
Diff from Klemens Nanni
OK tb@ zhuk@
|
|
it after remounting the filesystem containing /usr/lib as rw:
the former is pointless if the latter should happen to fail.
From Klemens Nanni
ok rpe
|
|
reorder_libs().
From Klemens Nanni with input from rpe.
ok rpe, zhuk
|
|
parameter expansion instead of basename(1). From Raf Czlonka
ok rpe
|
|
false warnings in the frist three daily mails after process accounting
has been turned on.
from Raf Czlonka
|
|
Size problem noted by me, correct fix from deraadt@
|
|
and to write the logfile inside the kernel compile dir.
- turn the whole reorder_kernel function into a subshell {} -> ()
- create kernel compile dir early on
- redirect all stdout/stderr to a logfile inside this dir
- setup ERR trap handler that
- disables the EXIT trap handler
- syslogs the error and hints to the logfile
- additionally sends this message to the console
- setup EXIT trap handler that syslogs success
- wipe only the content instead of the whole kernel compile dir
- reestablish stdout redirection to the log after the wipe
- remove -q option of sha256 to log check result
- run reorder_kernel() in the background
OK deraadt@ tb@
|
|
OK phessler@
|
|
- check for and exit if /usr/share is on a nfs mounted filesystem
- add trap handlers that mail the logfile to the admin user
- use $_compile instead of $_compile_dir like in the installer
- use $_compile/$_kernel instead of $_kernel_dir
- remove the now redundant sha256 -h ... after make newinstall
- write stdout/stderr of the background subshell to a logfile
OK tb@ deraadt@
|
|
|
|
|
|
users and developers.
diff from rpe, ok tb
|
|
makegap.sh
ok tb
|
|
/usr/share/ so that next boot will find it and perhaps use it.
ok tb rpe
|
|
presume we booted from. If you boot from another kernel, we cannot help
you later with hibernate, sorry -- The kernel does not get a useable
filename from the bootblocks.
In the bootblocks, detect a live hibernate signature and boot from
/bsd.booted instead.
with yasuoka, lots of discussion with mlarkin, ok tom
|
|
new kernel in the background on system startup. It stores the hash
of the new kernel and sends a notification email to the admin or
root user. If it finds /usr/share/compile.tgz, it removes the
existing compile dir and replaces it with the content of (new)
archive. If the hash of /bsd does not match the stored one, no
relinking happens.
Idea from, joint work with and OK deraadt@
OK tb@ halex@
unnoticed by many
|
|
SGI has 8 kernels, so the file is 113MB!
|
|
This contains the relevant pieces from all the GENERIC* compile directories
(*.o ld.script Makefile gap.S). It also includes the machine/ subdir for
now, to support re-randomizing of gap.S, though other methods are being
investigated. (Any binutils ld.script hackers out there?)
collaboration with rpe
|
|
Prepare the install*.fs files for this growth.
|
|
okay millert@ deraadt@
|
|
violations in the daily mail.
OK millert@ jmc@
|
|
setup.
Input & OK deraadt@
|
|
directory. Suggested by Scott Cheloha.
discussed with jmc
|
|
is going on. Should fix another case of false negative reported by sthen
(redis).
|
|
regression from my recent rc.subr changes.
reported by deraadt@ and naddy@ : pflogd was marked as failed during boot while
it was properly running
|
|
Perform the same kind of test for relinked libcrypto, using an openssl
sequence (proposed by sthen)
|
|
prying eyes were already been hindered at determining kernel addresses, now
local prying eyes are also hindered.
ok tb rpe
|
|
$RELEASEDIR
ok tb rpe
|
|
jca points out that all the other interface configuration tools live
there (like ifconfig or dhclient). Furthermore it starts so early in
the boot process that /usr might not be mounted yet if it's a nfs
filesystem.
sthen and deraadt agree
|
|
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.
Discussed with various;
input & ok from deraadt ajacoutot
|
