From d4e0a1c82dc2e362f589e2aba666ce317863905d Mon Sep 17 00:00:00 2001 From: Jason McIntyre Date: Thu, 10 Jul 2003 08:30:37 +0000 Subject: fix some lists and macros; --- share/man/man8/boot_config.8 | 10 +--- share/man/man8/man8.alpha/MAKEDEV.8 | 10 ++-- share/man/man8/man8.alpha/boot_alpha.8 | 14 +++--- share/man/man8/man8.hppa/MAKEDEV.8 | 10 ++-- share/man/man8/man8.hppa/boot_hppa.8 | 14 +++--- share/man/man8/man8.i386/MAKEDEV.8 | 10 ++-- share/man/man8/man8.macppc/MAKEDEV.8 | 10 ++-- share/man/man8/man8.macppc/boot_macppc.8 | 12 ++--- share/man/man8/man8.sparc/MAKEDEV.8 | 10 ++-- share/man/man8/man8.sparc/boot_sparc.8 | 22 ++++----- share/man/man8/man8.sparc64/MAKEDEV.8 | 10 ++-- share/man/man8/man8.sparc64/boot_sparc64.8 | 12 ++--- share/man/man8/rc.conf.8 | 11 +++-- share/man/man8/release.8 | 14 +++--- share/man/man8/starttls.8 | 76 +++++++++++++----------------- 15 files changed, 115 insertions(+), 130 deletions(-) (limited to 'share') diff --git a/share/man/man8/boot_config.8 b/share/man/man8/boot_config.8 index ea82e126285..f7a2ae685df 100644 --- a/share/man/man8/boot_config.8 +++ b/share/man/man8/boot_config.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_config.8,v 1.19 2003/06/06 19:28:06 jmc Exp $ +.\" $OpenBSD: boot_config.8,v 1.20 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 1996 Mats O Jansson .\" All rights reserved. @@ -47,7 +47,6 @@ The boot time configuration is invoked by the option when .Ox prompts for a kernel to boot: -.Pp .Bd -literal >> OpenBSD BOOT 640/31744 k [1.29] use ? for file list, or carriage return for defaults @@ -63,7 +62,7 @@ UKC> Changes made can be saved for the next reboot, by using .Xr config 8 . .Sh COMMANDS -.Bl -tag -width "disable devno | dev" indent +.Bl -tag -width "disable devno | dev" .It Ic add Ar dev Add a device through copying another. .It Ic base Ar 8 | 10 | 16 @@ -107,7 +106,6 @@ e.g. wrong IRQ in OpenBSD/i386. The ethernet card is supposed to use the .Xr ne 4 driver. -.Pp .Bd -literal .No UKC> Ic find ne 24 ne0 at isa0 port 0x240 size 0 iomem 0xd8000 iosiz 0 irq 9 drq -1 drq2 -1 flags 0x0 @@ -123,7 +121,6 @@ So the irq on ne1 should be changed via the .Fa change command. The device can be specified by either name or number. -.Pp .Bd -literal .No UKC> Ic change ne1 25 ne1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 flags 0x0 @@ -146,7 +143,6 @@ device at the probed location. One known case is the Mitsumi CD-ROM in OpenBSD/i386. The simplest thing to solve that problem is to disable mcd0. -.Pp .Bd -literal .No UKC> Ic find mcd0 29 mcd0 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 flags 0x0 @@ -178,7 +174,6 @@ UKC> It is possible to add new devices, but only devices that were linked into the kernel. If a new device is added, following devices will be renumbered. -.Pp .Bd -literal .No UKC> Ic find ep 11 ep0 at isa0 port -1 size 0 iomem -1 iosiz 0 irq -1 drq -1 drq2 -1 flags 0x0 @@ -209,7 +204,6 @@ When configuration is completed, booting can proceed by issuing the or .Ic exit commands. -.Pp .Bd -literal .No UKC> Ic quit Continuing... diff --git a/share/man/man8/man8.alpha/MAKEDEV.8 b/share/man/man8/man8.alpha/MAKEDEV.8 index f140a49bce3..adf1c8b6113 100644 --- a/share/man/man8/man8.alpha/MAKEDEV.8 +++ b/share/man/man8/man8.alpha/MAKEDEV.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.4 2003/06/02 16:16:26 miod Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.5 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 2001 Miodrag Vallat. .\" All rights reserved. @@ -72,8 +72,8 @@ The alpha supports the following devices. Where a device name is followed by a hash sign ("#"), the hash sign must be replaced by a unit number. .Pp -.Sy Pseudo\-names -.Bl -tag -width wsmouse indent -compact +.Sy Pseudo-names +.Bl -tag -width wsmouse -compact .It Ar all All known devices for the alpha. .It Ar std @@ -85,8 +85,8 @@ Configuration specific devices. All wscons-related devices. .El .Pp -.Sy Device\-names -.Bl -tag -width wsmouse indent -compact +.Sy Device-names +.Bl -tag -width wsmouse -compact .It Ar bpf# Berkeley packet filters. .It Ar cd# diff --git a/share/man/man8/man8.alpha/boot_alpha.8 b/share/man/man8/man8.alpha/boot_alpha.8 index 00008e81eea..ecab120866f 100644 --- a/share/man/man8/man8.alpha/boot_alpha.8 +++ b/share/man/man8/man8.alpha/boot_alpha.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_alpha.8,v 1.9 2003/06/06 19:28:06 jmc Exp $ +.\" $OpenBSD: boot_alpha.8,v 1.10 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 2002, Miodrag Vallat. .\" All rights reserved. @@ -32,7 +32,7 @@ .Ss Cold starts When powered on, the SRM firmware will proceed to its initialization, and will boot an operating system if the -.Ev Em auto_action +.Em auto_action variable is set to .Dq boot or @@ -45,26 +45,26 @@ After a panic, or if the system is rebooted via or .Xr shutdown 8 , the SRM console will only restart the system if the -.Ev Em auto_action +.Em auto_action variable is set to .Dq boot . .Ss Boot process options The SRM console will attempt to boot a kernel named from the -.Ev Em boot_file +.Em boot_file environment variable, on the device listed in the -.Ev Em bootdef_dev +.Em bootdef_dev variable. A list of the recognized SRM devices can be obtained with the command .Ic show dev at the SRM prompt. If the -.Ev Em boot_file +.Em boot_file variable is not set or empty, .Pa /bsd will be used by default. .Pp The kernel will be passed the options listed in the -.Ev Em boot_osflags +.Em boot_osflags variable. Option letters are case insensitive. The following option letters are recognized: diff --git a/share/man/man8/man8.hppa/MAKEDEV.8 b/share/man/man8/man8.hppa/MAKEDEV.8 index 2827ca1a3f5..626cb834eef 100644 --- a/share/man/man8/man8.hppa/MAKEDEV.8 +++ b/share/man/man8/man8.hppa/MAKEDEV.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.3 2003/06/02 23:30:15 millert Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.4 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 1991 The Regents of the University of California. .\" All rights reserved. @@ -79,8 +79,8 @@ The hppa supports the following devices. Where a device name is followed by a hash sign ("#"), the hash sign must be replaced by a unit number. .Pp -.Sy Pseudo\-names -.Bl -tag -width openprom indent -compact +.Sy Pseudo-names +.Bl -tag -width openprom -compact .It Ar all All known devices for the hppa. .It Ar std @@ -92,8 +92,8 @@ Configuration specific devices. All wscons-related devices. .El .Pp -.Sy Device\-names -.Bl -tag -width openprom indent -compact +.Sy Device-names +.Bl -tag -width openprom -compact .It Ar audio Audio device. .It Ar bpf# diff --git a/share/man/man8/man8.hppa/boot_hppa.8 b/share/man/man8/man8.hppa/boot_hppa.8 index d4b86f89c81..5575dde5201 100644 --- a/share/man/man8/man8.hppa/boot_hppa.8 +++ b/share/man/man8/man8.hppa/boot_hppa.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_hppa.8,v 1.6 2003/06/19 18:51:08 mickey Exp $ +.\" $OpenBSD: boot_hppa.8,v 1.7 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 2002, Miodrag Vallat. .\" All rights reserved. @@ -208,17 +208,17 @@ The following list only mentions commands impacting the boot process. .It Ic auto boot Displays or changes the autoboot setting. If -.Ev Ic auto boot +.Ic auto boot is set to .Dq on , the PDC will always attempt to boot. The booted device chosen will depend on the -.Ev Ic auto search +.Ic auto search setting. .It Ic auto search Displays or changes the device scan setting. If -.Ev Ic auto search +.Ic auto search is set to .Dq on , the PDC will attempt to boot the first bootable device found in @@ -245,18 +245,18 @@ devices connected to secondary controllers, the highest ID numbers being preferred. .El If -.Ev Ic auto search +.Ic auto search is set to .Dq off and the primary boot path points to a bootable device, no device scan will occur. .Pp Note that setting -.Ev Ic auto search +.Ic auto search to .Dq on will force autoboot, regardless of the -.Ev Ic auto boot +.Ic auto boot value. .It Ic boot Boots off the specified device. diff --git a/share/man/man8/man8.i386/MAKEDEV.8 b/share/man/man8/man8.i386/MAKEDEV.8 index ac42501e301..5bf9d11f755 100644 --- a/share/man/man8/man8.i386/MAKEDEV.8 +++ b/share/man/man8/man8.i386/MAKEDEV.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.23 2003/06/03 21:09:01 deraadt Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.24 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 1997, Jason Downs. All rights reserved. .\" @@ -100,8 +100,8 @@ The i386 supports the following devices. Where a device name is followed by a hash sign ("#"), the hash sign must be replaced by a unit number. .Pp -.Sy Pseudo\-names -.Bl -tag -width wsmouse indent -compact +.Sy Pseudo-names +.Bl -tag -width wsmouse -compact .It Ar all All known devices for the i386. .It Ar std @@ -113,8 +113,8 @@ Configuration specific devices. All wscons-related devices. .El .Pp -.Sy Device\-names -.Bl -tag -width wsmouse indent -compact +.Sy Device-names +.Bl -tag -width wsmouse -compact .It Ar apm Power management devices. .It Ar audio diff --git a/share/man/man8/man8.macppc/MAKEDEV.8 b/share/man/man8/man8.macppc/MAKEDEV.8 index 0d5fdfb8b08..69004794052 100644 --- a/share/man/man8/man8.macppc/MAKEDEV.8 +++ b/share/man/man8/man8.macppc/MAKEDEV.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.7 2003/06/02 23:30:15 millert Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.8 2003/07/10 08:30:36 jmc Exp $ .\" Copyright (c) 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -76,8 +76,8 @@ The macppc supports the following devices. Where a device name is followed by a hash sign ("#"), the hash sign must be replaced by a unit number. .Pp -.Sy Pseudo\-names -.Bl -tag -width wsmouse indent -compact +.Sy Pseudo-names +.Bl -tag -width wsmouse -compact .It Ar all All known devices for the macppc. .It Ar std @@ -89,8 +89,8 @@ Configuration specific devices. All wscons-related devices. .El .Pp -.Sy Device\-names -.Bl -tag -width wsmouse indent -compact +.Sy Device-names +.Bl -tag -width wsmouse -compact .It Ar bpf# Berkeley packet filters. .It Ar ccd# diff --git a/share/man/man8/man8.macppc/boot_macppc.8 b/share/man/man8/man8.macppc/boot_macppc.8 index 0a3754d8e03..1a7ea83b38e 100644 --- a/share/man/man8/man8.macppc/boot_macppc.8 +++ b/share/man/man8/man8.macppc/boot_macppc.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_macppc.8,v 1.9 2003/06/06 19:28:06 jmc Exp $ +.\" $OpenBSD: boot_macppc.8,v 1.10 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 1992, 1993 .\" The Regents of the University of California. All rights reserved. @@ -45,19 +45,19 @@ the .Tn Open Firmware will proceed to its initialization, and will boot an operating system if the -.Ev Em auto-boot? +.Em auto-boot? variable is set to .Dq true , or will wait for interactive commands otherwise. .Ss Boot process description The Apple OpenFirmware will normally load the kernel from the device and filename as instructed by the -.Ev Em boot-device +.Em boot-device and -.Ev Em boot-file +.Em boot-file variables. If the -.Ev Em boot-file +.Em boot-file variable is empty, the .Ox bootloader will look for a kernel named @@ -67,7 +67,7 @@ To reset this variable to its default, empty, value, type the following: .Pp .Em \ ok set-default -.Ev Em boot-device +.Em boot-device .Pp The .Ox diff --git a/share/man/man8/man8.sparc/MAKEDEV.8 b/share/man/man8/man8.sparc/MAKEDEV.8 index c1344d9fe6c..c21bc925453 100644 --- a/share/man/man8/man8.sparc/MAKEDEV.8 +++ b/share/man/man8/man8.sparc/MAKEDEV.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.14 2003/06/02 23:30:15 millert Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.15 2003/07/10 08:30:36 jmc Exp $ .\" Copyright (c) 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -78,8 +78,8 @@ The sparc supports the following devices. Where a device name is followed by a hash sign ("#"), the hash sign must be replaced by a unit number. .Pp -.Sy Pseudo\-names -.Bl -tag -width openprom indent -compact +.Sy Pseudo-names +.Bl -tag -width openprom -compact .It Ar all All known devices for the sparc. .It Ar std @@ -91,8 +91,8 @@ Configuration specific devices. All wscons-related devices. .El .Pp -.Sy Device\-names -.Bl -tag -width openprom indent -compact +.Sy Device-names +.Bl -tag -width openprom -compact .It Ar audio Audio device. .It Ar bpf# diff --git a/share/man/man8/man8.sparc/boot_sparc.8 b/share/man/man8/man8.sparc/boot_sparc.8 index 98c063a8d2a..2ef92f3119a 100644 --- a/share/man/man8/man8.sparc/boot_sparc.8 +++ b/share/man/man8/man8.sparc/boot_sparc.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_sparc.8,v 1.7 2003/06/02 23:30:15 millert Exp $ +.\" $OpenBSD: boot_sparc.8,v 1.8 2003/07/10 08:30:36 jmc Exp $ .\" $NetBSD: boot_sparc.8,v 1.4 1995/04/25 11:37:25 pk Exp $ .\" .\" Copyright (c) 1992, 1993 @@ -94,7 +94,7 @@ incantation in new-mode to force the ROM to always start in new-mode: .Pp .Em \ ok setenv -.Ev Em sunmon-compat? +.Em sunmon-compat? false .Ss Old-style PROM operation By default, the old ROM will poll for boot devices, unless the eeprom settings @@ -112,10 +112,10 @@ for more information. .Ss OpenBoot PROM version 1 operation Older OpenBOOT PROM, as well as hybrid (dual-mode) versions operating in compatibility mode (with the variable -.Ev Em version2? +.Em version2? set to false) will look for a bootloader and kernel filename as specified by the -.Ev Em boot-from +.Em boot-from variable. To change the default so that .Ox @@ -123,7 +123,7 @@ will be loaded, type the following: .Pp .Em \ ok setenv -.Ev Em boot-from +.Em boot-from sd(0,0,0)bsd .Pp Replace @@ -131,31 +131,31 @@ Replace with the appropriate boot device if necessary. .Pp Autoboot is enabled by setting the -.Ev Em auto-boot? +.Em auto-boot? variable to .Dq true , and is the factory default. .Ss OpenBoot PROM version 2 operation Version 2 OpenBOOT PROM will look for a bootloader on the device specified by the -.Ev Em boot-device +.Em boot-device variable. The .Ox bootloader will then look for a kernel named .Pa bsd by default, unless the -.Ev Em boot-file +.Em boot-file variable is set, or a different filename has been specified in the boot command. To reset this variable to its default, empty, value, type the following: .Pp .Em \ ok set-default -.Ev Em boot-file +.Em boot-file .Pp Autoboot is enabled by setting the -.Ev Em auto-boot? +.Em auto-boot? variable to .Dq true , and is the factory default. @@ -196,7 +196,7 @@ during the next multi-user boot cycle), and after the dump is complete If the .Xr sysctl 8 variable -.Ev Em ddb.console +.Em ddb.console is enabled, at any time you can break back to the ROM by pressing the .Dq L1 .Pq also known as the Dq stop key diff --git a/share/man/man8/man8.sparc64/MAKEDEV.8 b/share/man/man8/man8.sparc64/MAKEDEV.8 index b891d858c99..8300cffc1fa 100644 --- a/share/man/man8/man8.sparc64/MAKEDEV.8 +++ b/share/man/man8/man8.sparc64/MAKEDEV.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: MAKEDEV.8,v 1.6 2003/06/02 23:30:15 millert Exp $ +.\" $OpenBSD: MAKEDEV.8,v 1.7 2003/07/10 08:30:36 jmc Exp $ .\" Copyright (c) 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -78,8 +78,8 @@ The sparc64 supports the following devices. Where a device name is followed by a hash sign ("#"), the hash sign must be replaced by a unit number. .Pp -.Sy Pseudo\-names -.Bl -tag -width openprom indent -compact +.Sy Pseudo-names +.Bl -tag -width openprom -compact .It Ar all All known devices for the sparc64. .It Ar std @@ -91,8 +91,8 @@ Configuration specific devices. All wscons-related devices. .El .Pp -.Sy Device\-names -.Bl -tag -width openprom indent -compact +.Sy Device-names +.Bl -tag -width openprom -compact .It Ar audio Audio device. .It Ar bpf# diff --git a/share/man/man8/man8.sparc64/boot_sparc64.8 b/share/man/man8/man8.sparc64/boot_sparc64.8 index e197447d9e1..b3284077641 100644 --- a/share/man/man8/man8.sparc64/boot_sparc64.8 +++ b/share/man/man8/man8.sparc64/boot_sparc64.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: boot_sparc64.8,v 1.5 2003/06/02 23:30:15 millert Exp $ +.\" $OpenBSD: boot_sparc64.8,v 1.6 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 1992, 1993 .\" The Regents of the University of California. All rights reserved. @@ -64,24 +64,24 @@ tape drive The UltraSPARC .Tn Open Firmware will normally look for a bootloader on the device specified by the -.Ev Em boot-device +.Em boot-device variable. The .Ox bootloader will then look for a kernel named .Pa bsd by default, unless the -.Ev Em boot-file +.Em boot-file variable is set, or a different filename has been specified in the boot command. To reset this variable to its default, empty, value, type the following: .Pp .Em \ ok set-default -.Ev Em boot-file +.Em boot-file .Pp Autoboot is enabled by setting the -.Ev Em auto-boot? +.Em auto-boot? variable to .Dq true , and is the factory default. @@ -109,7 +109,7 @@ The system will be booted multi-user unless this option is specified. If the .Xr sysctl 8 variable -.Ev Em ddb.console +.Em ddb.console is enabled, at any time you can break back to the ROM by pressing the .Dq L1 and diff --git a/share/man/man8/rc.conf.8 b/share/man/man8/rc.conf.8 index b44778e1060..114c111372c 100644 --- a/share/man/man8/rc.conf.8 +++ b/share/man/man8/rc.conf.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rc.conf.8,v 1.11 2003/04/13 11:41:10 jmc Exp $ +.\" $OpenBSD: rc.conf.8,v 1.12 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 1997 Ian F. Darwin .\" All rights reserved. @@ -55,13 +55,13 @@ The first is used to turn features on or off. For example, whether the system runs the .Nm routed daemon is determined by the line in this section -.Bd -literal -indent xxx +.Bd -literal -offset indent routed=NO # for normal use: "-q" .Ed .Pp If this line is edited to contain some valid routed daemon command-line flags, such as -.Bd -literal -indent xxx +.Bd -literal -offset indent routed="-q" # for normal use: "-q" .Ed .Pp @@ -71,7 +71,7 @@ The second section contains some other programs that can either be run or not, but that don't need options. They can be set to YES or NO. For example, the line -.Bd -literal -indent xxx +.Bd -literal -offset indent nfs_server=NO .Ed .Pp @@ -89,9 +89,10 @@ server is not running. For example, if .Nm nfs_server , is enabled, then the line -.Bd -literal -indent xxx +.Bd -literal -offset indent nfsd_flags="-tun 4" .Ed +.Pp provides command-line arguments for the NFS server. .Pp This particular line instructs diff --git a/share/man/man8/release.8 b/share/man/man8/release.8 index 8c1febde30c..a6719b3bb0e 100644 --- a/share/man/man8/release.8 +++ b/share/man/man8/release.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: release.8,v 1.31 2003/05/13 18:46:50 jmc Exp $ +.\" $OpenBSD: release.8,v 1.32 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 2000 Marco S. Hyman .\" @@ -42,7 +42,7 @@ The following sections describe each of the required steps in detail. .Pp Commands to be run as a user with write permissions on the source and ports trees -.No ( Ns Pa /usr/src +.Pf ( Ns Pa /usr/src and .Pa /usr/ports respectively) @@ -63,7 +63,7 @@ tag the .Ox developers add to the repository prior to making a release. There are two tags, one which identifies the release as it exists on the -.Tn CD\-ROM +.Tn CD-ROM and another which identifies the .Em stable branch. @@ -77,7 +77,7 @@ The tags are of the form: .Bl -tag -width OPENBSD_x_y_BASE .It Va OPENBSD_x_y_BASE This tag marks the source as it exists on the release -.Tn CD\-ROM +.Tn CD-ROM where .Ar x is the major release number and @@ -196,7 +196,7 @@ At this point your system is up-to-date and running the code that you are going to make into a release. .Ss "4. Make and validate the system release" The system release consists of a generic kernel, one -.Tn CD\-ROM +.Tn CD-ROM and two floppy boot-able file-systems, the release .Sq tarballs , installation instructions, and checksum files. @@ -228,7 +228,7 @@ is used in the release generation process. .El .Pp The floppy and -.Tn CD\-ROM +.Tn CD-ROM .Pa RAMDISK images require a special tool which is created first. The release process is: @@ -266,7 +266,7 @@ The only thing missing is the X Window System The .Va XF4 tree is primarily -.Xr imake 1 No Ns -based +.Xr imake 1 Ns -based and doesn't contain the .Dq obj directory mechanism that comes with Berkeley diff --git a/share/man/man8/starttls.8 b/share/man/man8/starttls.8 index 388a1bf8cb8..1cd0cea5c8f 100644 --- a/share/man/man8/starttls.8 +++ b/share/man/man8/starttls.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: starttls.8,v 1.8 2003/06/06 19:28:06 jmc Exp $ +.\" $OpenBSD: starttls.8,v 1.9 2003/07/10 08:30:36 jmc Exp $ .\" .\" Copyright (c) 2001 Jose Nazario .\" All rights reserved. @@ -75,16 +75,14 @@ For the purposes of this example the certificates will be stored in .Pa /etc/mail/certs , though it is possible to use a different directory if needed. If this directory does not already exist, you must create it: -.Bd -literal -offset indent -width Ds -# mkdir /etc/mail/certs -.Ed +.Pp +.Dl # mkdir /etc/mail/certs .Pp Next, you must generate a .Ar DSA parameter set with a command like the following: -.Bd -literal -offset indent -width Ds -# openssl dsaparam 1024 -out dsa1024.pem -.Ed +.Pp +.Dl # openssl dsaparam 1024 -out dsa1024.pem .Pp This would generate .Ar DSA @@ -98,8 +96,8 @@ Once you have the .Ar DSA parameters generated, you can generate a certificate and unencrypted private key using the command: -.Bd -literal -offset indent -width Ds -# openssl req -x509 -nodes -days 365 -newkey dsa:dsa1024.pem \\ +.Bd -literal -offset indent +# openssl req -x509 -nodes -days 365 -newkey dsa:dsa1024.pem \e -out /etc/mail/certs/mycert.pem -keyout /etc/mail/certs/mykey.pem .Ed .Pp @@ -116,17 +114,15 @@ will be unable to initiate TLS server functions. .Pp You can verify that the newly-generated certificate has correct information with the following command: -.Bd -literal -offset indent -width Ds -# openssl x509 -in /etc/mail/certs/mycert.pem -text -.Ed +.Pp +.Dl # openssl x509 -in /etc/mail/certs/mycert.pem -text .Pp If don't intend to use TLS for authentication (and if you are using self-signed certificates you probably don't) you can simply link your new key to .Pa CAcert.pem . -.Bd -literal -offset indent -width Ds -# ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem -.Ed +.Pp +.Dl # ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem .Pp If, on the other hand, you intend to use TLS for authentication you should install your certificate authority bundle as @@ -135,9 +131,8 @@ you should install your certificate authority bundle as At this point, you no longer need the .Pa dsa1024.pem file and it can be removed. -.Bd -literal -offset indent -width Ds -# rm dsa1024.pem -.Ed +.Pp +.Dl # rm dsa1024.pem .Pp Because the private key files are unencrypted, .Xr sendmail 8 @@ -145,15 +140,14 @@ is picky about using tight permissions on those files. The certificate directory and the files therein should be readable and writable only by the owner (root). A simple way to ensure this is to run the following: -.Bd -literal -offset indent -width Ds -# chmod -R go-rwx /etc/mail/certs -.Ed +.Pp +.Dl # chmod -R go-rwx /etc/mail/certs .Ss Creating a certificate with an existing private key This example assumes you already have an existing private key, .Pa /etc/mail/certs/mykey.pem . You can generate a new certificate based on this key using the command: -.Bd -literal -offset indent -width Ds -# openssl req -x509 -new -days 365 -key /etc/mail/certs/mykey.pem \\ +.Bd -literal -offset indent +# openssl req -x509 -new -days 365 -key /etc/mail/certs/mykey.pem \e -out /etc/mail/certs/mycert.pem # chmod 600 /etc/mail/certs/mycert.pem .Ed @@ -173,7 +167,7 @@ is available as .Pp The pertinent options are: .Pp -.Bl -bullet -literal -compact +.Bl -bullet -compact .It CERT_DIR .It @@ -207,7 +201,7 @@ You will need to make TLS-enabled versions of the following files: .Pa openbsd-proto.mc and .Pa openbsd-localhost.mc . -.Bd -literal -offset indent -width Ds +.Bd -literal -offset indent # cd /usr/share/sendmail/cf # cp openbsd-proto.mc openbsd-proto-tls.mc @@ -224,7 +218,7 @@ definition (the actual placement within the file is not critical as long as it is after the .Dq divert(0)dnl line). -.Bd -literal -offset indent -width Ds +.Bd -literal -offset indent define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs') define(`confCACERT_PATH', `CERT_DIR') define(`confCACERT', `CERT_DIR/CAcert.pem') @@ -238,7 +232,7 @@ Now that you have the TLS-enabled versions of the .mc files you must generate .cf files from them and install the .cf files in .Pa /etc/mail . -.Bd -literal -offset indent -width Ds +.Bd -literal -offset indent # make openbsd-proto-tls.cf openbsd-localhost-tls.cf # cp openbsd-proto-tls.cf /etc/mail/sendmail.cf @@ -248,9 +242,8 @@ files in Finally, restart sendmail with the new configuration by sending it a .Dv SIGHUP . -.Bd -literal -offset indent -width Ds -# kill -HUP `head -1 /var/run/sendmail.pid` -.Ed +.Pp +.Dl # kill -HUP `head -1 /var/run/sendmail.pid` .Pp Note that those are backticks and not single quotes in the example above. .Pp @@ -260,7 +253,7 @@ transactions, STARTTLS. You can test this by connecting to the local host and issuing the .Dq EHLO command. -.Bd -literal -offset indent -width Ds +.Bd -literal -offset indent # telnet localhost 25 Trying ::1... Connected to localhost. @@ -272,7 +265,7 @@ EHLO localhost After typing .Em EHLO localhost you should receive something like the following back. -.Bd -literal -offset indent -width Ds +.Bd -literal -offset indent 250-localhost Hello localhost [IPv6:::1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING @@ -327,15 +320,13 @@ the strength of the encryption (in the macro {cipher_bits}) VERIFY can also accept the argument for {cipher_bits}. Here are a few example entries that illustrate these features, and the role based granularity as well: -.\" XXX - clean this up -.Bl -tag -width Ds -.It "Force strong (112 bit) encryption for communications for this server:" -.sp -.Li server1.example.net ENCR:112 -.It "For a TLS client, force string verification depths to at least 80 bits:" -.sp -.Li TLS_Clt:desktop.example:net VERIFY:80 -.El +.Pp +Force strong (112 bit) encryption for communications for this server: +.Pp +.D1 server1.example.net ENCR:112 +.Pp +For a TLS client, force string verification depths to at least 80 bits: +.D1 TLS_Clt:desktop.example:net VERIFY:80 .Pp Much more complicated access maps are possible, and error conditions (such as permanent or temporary, PERM+ or TEMP+) can be set on the basis of @@ -385,8 +376,7 @@ Lastly, interoperability problems can appear between different implementations. .Xr ssl 8 .Pp .Tn DARPA -Internet Request for Comments -.Tn RFC2487 +Internet Request for Comments RFC 2487 .Pp http://www.sendmail.org/~ca/email/starttls.html .Sh HISTORY -- cgit v1.2.3