Age | Commit message (Collapse) | Author |
|
violations in the daily mail.
OK millert@ jmc@
|
|
setup.
Input & OK deraadt@
|
|
directory. Suggested by Scott Cheloha.
discussed with jmc
|
|
is going on. Should fix another case of false negative reported by sthen
(redis).
|
|
regression from my recent rc.subr changes.
reported by deraadt@ and naddy@ : pflogd was marked as failed during boot while
it was properly running
|
|
Perform the same kind of test for relinked libcrypto, using an openssl
sequence (proposed by sthen)
|
|
prying eyes were already been hindered at determining kernel addresses, now
local prying eyes are also hindered.
ok tb rpe
|
|
$RELEASEDIR
ok tb rpe
|
|
jca points out that all the other interface configuration tools live
there (like ifconfig or dhclient). Furthermore it starts so early in
the boot process that /usr might not be mounted yet if it's a nfs
filesystem.
sthen and deraadt agree
|
|
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.
Discussed with various;
input & ok from deraadt ajacoutot
|
|
advertisement processing in the kernel.
Go for it!!! deraadt@
additional encouragement to push forward from at least mpi and henning
special thanks to naddy for being an early adopter and finding bugs.
|
|
OK phessler, deraadt
|
|
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
|
|
|
|
|
|
of "ok" so the user is warned and has a chance to fix it (most of the time
due to bogus flags). Daemons reaching the timeout without being able to
start are still marked as "failed" (which should also give a clue to the
user that some investigation is needed).
prodded by beck@ a while ago
discussed with and ok sthen@
|
|
|
|
OK jung@, deraadt@, jmc@
|
|
to know which daemon cannot background themselves (actually we want to
know the opposite, but there are much more). However, it's only needed in
_rc_wait and rc.subr still does its magic without the need to add `&'.
|
|
- prevent a daemon from hanging the boot
(typo in your flagsm e.g. httpd_flags=-d)
- make sure we can get the status of a backgrounded daemon instead of always
returning success
Side effect of this is that we can kill a knob! rip rc_bg :-)
Ports will need love, and a second commit is coming for that.
The diff is small yet not trivial so I am committing early in the release
process in one shot so it can easily be reverted if needed. I started working on
this during g2k16 in Cambridge then finished it in Brisbane for a2k17 where
robert@, beck@ and sthen@ agreed it was the correct way to go and I should move
ahead with it post 6.1.
If you see any regression, please talk to me!
|
|
|
|
with the RS780E chipset.
OK kettenis@, jsg@
|
|
OK tb@, krw@ (for [[]])
Feedback and OK halex@
|
|
OK tb@ halex@
|
|
OK reyk mlarkin
|
|
The id binary is not available in nfs diskless setups at this point.
reported by Andreas Kusalananda, thanks.
discussed with deraadt@
|
|
done in ifstart(). Remove ipv6autoconf() and replace rtsolif with a boolean
variable V6_AUTOCONF. Replace dhcpif with a boolean variable V4_DHCPCONF.
Both are later used in defaultroute() to decide whether or not to configre
defaultroutes from /etc/mygate.
OK krw@
|
|
|
|
Now that route are automatically G/C with the address they are attached
to there's no reason to duplicate the kernel's job.
Fix a regression introduced with multipath default routes.
ok deraadt@
|
|
|
|
or carp. Ensure that the noglob option is disabled at the end of
parse_hn_line() and ifstart().
Reported by Christer Solskogen and Stefan Wollny, thanks!
|
|
hostname.if(5) parsing code in ifstart().
Add a -n option to netstart to only print the interface configuration
commands instead of executing them.
Add a HN_DIR variable, that points to the directory of the hostname.if
files (default /etc) that allows for future regression tests.
- add new parse_hn_line() function
- change ifstart()
- rename $if to $_if
- don't ifconfig or ifconfig create if -n option is used
- replace hostname.if(5) parsing code with new parse_hn_line()
- just print configuration commands if -n option is used
- autoconf now happens in ifstart(), remove ifv6autoconf()
- introduce HN_DIR variable for the hostname.if file location
- add handling of the -n option to only print config commands
- ensure -n is only used if interfaces are specified as parameters
Discussed with and positive feedback from many
'commit' deraadt@
OK sthen@
|
|
documentation if the first line of the file is blank.
Quirk reported by Anthony Coulter <bsd at anthonycoulter dot name>.
OK rpe@
|
|
need to do this.
|
|
if so gcc3 should create them itself.
|
|
that direclty uses /etc/ssl/{,private} by default. Adapt the httpd.conf example
accordingly.
ok florian@ benno@ millert@
|
|
without -Q during the build and in weekly(8). According to tests
by many developers, makewhatis(8) takes a few minutes at most even
on slower hardware like octeon, loongson, ALIX, RPI3, Soekris,
cubox, softiron etc., and security(8) is often worse than makewhatis(8).
In case this causes excessive weekly(8) run times on even slower
(~50 MHz-class) CPUs, consider adding "MAKEWHATISARGS=-Q" to
/etc/weekly.local on machines that feel unhappy.
OK sthen@ kettenis@ millert@ deraadt@
|
|
okay tb@
|
|
variables are not named like commands.
- change test from [] to [[]]
OK tb@ halex@
|
|
install.sub which makes it easier to spot changes in the future.
- comments and formatting
- quotes on assignments are not needed (netstart)
- remove stray space in test (netstart)
- use $file variable with while-loop (netstart)
- although valid, instead of i use $i in arithmetic test (install.sub)
OK krw@, tb@
Looks good deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.
As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.
OK mlarkin@
|
|
in rc_pre.
prodded by and ok jmc@, ok halex@
|
|
from Nick Holland (nick AT holland-consulting DOT net)
ok jmc@ florian@
|
|
|