| Age | Commit message (Collapse) | Author |
|---|
|
- verify that kbd is executable and kbdtype is not empty
- use safer 'print --' to pipe the initial pf ruleset to pfctl
- simplify the ipsecctl if-block
Feedback and OK halex@
OK krw@
|
|
ok florian@ rpe@
|
|
|
|
|
|
|
|
necessary
ok deraadt@ jsing@
|
|
feedback/ok rpe
|
|
- run domainname only with a non-empty /etc/defaultdomain file
- Make single-user if-block more intuitive, which also matches
better what the comment actually says
OK halex@, krw@ on a similar diff
|
|
The creation of Unix sockets directories in /tmp for X happens right
after pruning /tmp. So the whole dance of checking for their
existence, ownership or permissions is not necessary. It's safe to
just create them with the right permissions if X is installed.
Changes to do_fsck():
Remove the _flags variable and pass flags to fsck directly with "$@".
Feedback and OK halex@
OK krw@ on a similar diff
|
|
at a time, so a second instance of the daemon is required.
OK mikeb stsp ajacoutot
|
|
|
|
**smaller than /24 allocations**. Our default ruleset will not allow
those, even though they will be for various pieces of critical dual-stack
infrastructure to help IPv6-only systems survive.
This adds a default rule to allow those blocks. With it, I see the
RIPE announced test blocks on our AMS-IX peers.
ARIN announced this block and policy at, enjoy
https://www.arin.net/announcements/2014/20140130.html
OK benno@, claudio@, sthen@, florian@
|
|
hostname.if, previously netstart tried to configure them all at once
("ifconfig if0 if1 if2 inet6 autoconf"). From Delan Azabani, ok phessler@
|
|
|
|
|
|
|
|
|
|
|
|
- use more descriptive variable name
Changes for make_keys():
- use variables for file paths
- key -> keys in message
- take into account the return codes of isakmpd private *and* public
key generation
OK krw@ halex@
|
|
|
|
requested by several
discussed with deraadt@
|
|
- initialize _ban variable
- style
OK halex@
|
|
In wsconsctl.conf configuration variables can contain doublequotes
which are removed by the shell if wsconsctl is used interactively.
In scripts, without using eval, these doublequotes are preserved
and the wsconsctl command complains about "illegal character in
input".
Found by and OK jmc@
With feedback from and OK krw@, halex@
|
|
|
|
but these are the only two lines in any disktab that do it this way.
ok miod@
|
|
ok jca@ aja@
|
|
flags in the disklabel. These flags were discarded in 2006.
Remove documentation for and instances of 'ty'. Add instances of
'dt' that were missing. Use 'floppy' as the value of 'dt' for all
floppies and 'rdroot' for all boot images/miniroots.
Add 'rdroot' to dktypenames and an associated #define DTYPE_RDROOT,
since 'dt' values are parsed by matching entries in dktypenames[].
Slightly tweaked part of larger cleanup diff previously ok deraadt@.
|
|
/usr/tmp references.
Diff from Craig Skinner via tech@ plus a /usr/tmp removal from me in the
updatedb script.
ok millert@.
|
|
|
|
with r1.18. 'rm' and 'il' were removed from getdiskbyname() in 2009
with r1.19. The associated disklabel fields were recycled for other
purposes.
Another 'harmless' part of the larger disklabel cleanup diff.
ok deraadt@ as part of that larger diff.
|
|
- no need to check for non-empty *.conf files, stripcom handles that now
- pipe stripcom output directly to while-read-loop
- quote the argument to the *ctl commands
- no need to double shutup mixerctl, -q already means quiet
OK krw@, halex@
|
|
General changes:
- apply a similar 'style' as used in the installer scripts
- improve comments to be more to the point, remove where code is obvious
- document usage of functions if they have arguments
- rename variables where it improves readability
- replace really old-school shell code with more contemporary idioms
Changes to stripcom():
- skip empty files (eleminates tests for this before calling stripcom)
- remove {} around the while-loop, feed file directly
- instead of continue if empty and then print, print only if non-empty
- use the safer "print -r --" instead of plain "echo"
- quote "$_line" on output to prevent globbing
Changes to update_limit():
- use {,-cur,-max} instead of "" -cur -max
- eleminate if-block with reverse test and continue
OK halex@ krw@
|
|
ok deraadt@
|
|
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt
|
|
miniroot to cover all current wandboard variations.
Unlike the other imx u-boot configs the wandboard config doesn't search
for ext2 only a fat fs.
Grow the ramdisk size to fit the extra u-boot files.
From Roman Kravchuk.
|
|
nt# * ns# * nc# == pc# == pa#
which makes for a better disklabel via getdiskbyname().
ok deraadt@
|
|
From Denis Fondras, ok deraadt
|
|
a FFS block), not 4480 (the size of the partition).
ok millert@
|
|
|
|
|
|
ok sthen@
|
|
server and radiusctl(8) is to control the server. radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.
fixes from jsg blambert
ok deraadt
|
|
ok deraadt
|
|
|
|
able to use ksh syntax within these scripts. This way init doesn't
need to be changed, which starts /etc/rc using /bin/sh and people
can still use "sh /etc/netstart ifname".
Idea from and OK halex@
OK deraadt@ krw@ guenther@
|
|
any of the other interfaces.
OK deraadt, phessler, benno
|
|
to get the network related vars from rc.conf. This is even necessary
if netstart is run from within /etc/rc. Remove test of $INRC which
unintentionally evaluated always to true.
problem with previous change found by nigel@
OK sthen@ aja@ halex@
|
|
control-enable is used, our standard configuration is using unix domain sockets
without certs. existing setups with already-created certificates are ok, if
somebody needs remote+certs they can generate keys themself. ok florian@
|
|
keys/certificates for auth. ok florian@
|
|
It introduced a regression reported by nigel@
|
