Created
October 12, 2017 08:43
-
-
Save zeszyt/c1c1fd8320e2d65e5b13b01af90c3c66 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -ur -x moduli 61/etc/daily 62/etc/daily | |
--- 61/etc/daily 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/daily 2017-10-04 05:13:09.000000000 +0200 | |
@@ -1,5 +1,5 @@ | |
# | |
-# $OpenBSD: daily,v 1.88 2016/04/29 13:05:33 schwarze Exp $ | |
+# $OpenBSD: daily,v 1.90 2017/07/10 11:18:48 bluhm Exp $ | |
# From: @(#)daily 8.2 (Berkeley) 1/25/94 | |
# | |
# For local additions, create the file /etc/daily.local. | |
@@ -66,11 +66,15 @@ | |
next_part "Purging accounting records:" | |
if [ -f /var/account/acct ]; then | |
- mv -f /var/account/acct.2 /var/account/acct.3 | |
- mv -f /var/account/acct.1 /var/account/acct.2 | |
- mv -f /var/account/acct.0 /var/account/acct.1 | |
+ test -f /var/account/acct.2 && \ | |
+ mv -f /var/account/acct.2 /var/account/acct.3 | |
+ test -f /var/account/acct.1 && \ | |
+ mv -f /var/account/acct.1 /var/account/acct.2 | |
+ test -f /var/account/acct.0 && \ | |
+ mv -f /var/account/acct.0 /var/account/acct.1 | |
cp -f /var/account/acct /var/account/acct.0 | |
sa -sq | |
+ lastcomm -f /var/account/acct.0 | grep -e ' -[A-Z]*[PT]' | |
fi | |
# If ROOTBACKUP is set to 1 in the environment, and | |
diff -ur -x moduli 61/etc/disktab 62/etc/disktab | |
--- 61/etc/disktab 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/disktab 2017-10-04 05:13:09.000000000 +0200 | |
@@ -1,9 +1,14 @@ | |
-# $OpenBSD: disktab,v 1.18 2016/12/30 22:26:27 deraadt Exp $ | |
+# $OpenBSD: disktab,v 1.20 2017/07/08 15:39:11 florian Exp $ | |
-mini34|gzip bsd.rd disk image 4.34375MB:\ | |
- :dt=rdroot:se#512:nt#1:ns#64:nc#140:\ | |
- :pa#8896:oa#64:ba#8192:fa#1024:ta=4.2BSD: \ | |
- :pc#8960:oc#0: | |
+mini34|gzip bsd.rd disk image 4.4.6875MB:\ | |
+ :dt=rdroot:se#512:nt#1:ns#64:nc#150:\ | |
+ :pa#9536:oa#64:ba#8192:fa#1024:ta=4.2BSD: \ | |
+ :pc#9600:oc#0: | |
+ | |
+install360|install.fs disk image 360MB:\ | |
+ :dt=rdroot:se#512:nt#1:ns#64:nc#11520:\ | |
+ :pa#737216:oa#64:ba#8192:fa#1024:ta=4.2BSD: \ | |
+ :pc#737280:oc#0: | |
install280|install.fs disk image 280MB:\ | |
:dt=rdroot:se#512:nt#1:ns#64:nc#8960:\ | |
diff -ur -x moduli 61/etc/examples/bgpd.conf 62/etc/examples/bgpd.conf | |
--- 61/etc/examples/bgpd.conf 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/examples/bgpd.conf 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: bgpd.conf,v 1.4 2016/06/03 17:36:37 benno Exp $ | |
+# $OpenBSD: bgpd.conf,v 1.8 2017/09/29 11:00:39 phessler Exp $ | |
# sample bgpd configuration file | |
# see bgpd.conf(5) | |
@@ -39,6 +39,7 @@ | |
group "peering AS65042" { | |
descr "peering AS 65042" | |
+ remote-as 65042 | |
local-address 10.0.0.8 | |
ipsec ah ike | |
neighbor 10.2.0.1 | |
@@ -66,20 +67,29 @@ | |
neighbor 10.0.0.0/24 { | |
descr "template for local peers" | |
+ enforce neighbor-as no | |
} | |
neighbor 10.2.1.1 { | |
remote-as 65023 | |
local-address 10.0.0.8 | |
- ipsec esp in spi 10 sha1 0a4f1d1f1a1c4f3c9e2f6f0f2a8e9c8c5a1b0b3b \ | |
+ ipsec esp in spi 1010 sha1 0a4f1d1f1a1c4f3c9e2f6f0f2a8e9c8c5a1b0b3b \ | |
aes 0c1b3a6c7d7a8d2e0e7b4f3d5e8e6c1e | |
- ipsec esp out spi 12 sha1 0e9c8f6a8e2c7d3a0b5d0d0f0a3c5c1d2b8e0f8b \ | |
+ ipsec esp out spi 1012 sha1 0e9c8f6a8e2c7d3a0b5d0d0f0a3c5c1d2b8e0f8b \ | |
aes 4e0f2f1b5c4e3c0d0e2f2d3b8c5c8f0b | |
} | |
+# do not send or use routes from EBGP neighbors without | |
+# further explicit configuration | |
+deny from ebgp | |
+deny to ebgp | |
+ | |
+# allow updates to and from IBGP neighbors | |
+allow from ibgp | |
+allow to ibgp | |
+ | |
# filter out prefixes longer than 24 or shorter than 8 bits for IPv4 | |
# and longer than 48 or shorter than 16 bits for IPv6. | |
-deny from any | |
allow from any inet prefixlen 8 - 24 | |
allow from any inet6 prefixlen 16 - 48 | |
@@ -87,6 +97,10 @@ | |
#allow from any prefix 0.0.0.0/0 | |
#allow from any prefix ::/0 | |
+# Honor requests to gracefully shutdown BGP sessions | |
+# https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut | |
+match from any community GRACEFUL_SHUTDOWN set { localpref 0 } | |
+ | |
# https://www.arin.net/announcements/2014/20140130.html | |
# This block will be subject to a minimum size allocation of /28 and a | |
# maximum size allocation of /24. ARIN should use sparse allocation when | |
diff -ur -x moduli 61/etc/examples/httpd.conf 62/etc/examples/httpd.conf | |
--- 61/etc/examples/httpd.conf 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/examples/httpd.conf 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ | |
+# $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ | |
# | |
# Macros | |
@@ -50,8 +50,8 @@ | |
listen on 127.0.0.1 tls port 443 | |
# TLS certificate and key files created with acme-client(1) | |
- tls certificate "/etc/ssl/acme/fullchain.pem" | |
- tls key "/etc/ssl/acme/private/privkey.pem" | |
+ tls certificate "/etc/ssl/example.com.fullchain.pem" | |
+ tls key "/etc/ssl/private/example.com.key" | |
# Define server-specific log files relative to /logs | |
log { access "secure-access.log", error "secure-error.log" } | |
diff -ur -x moduli 61/etc/mtree/4.4BSD.dist 62/etc/mtree/4.4BSD.dist | |
--- 61/etc/mtree/4.4BSD.dist 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/mtree/4.4BSD.dist 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: 4.4BSD.dist,v 1.294 2017/02/12 08:56:17 landry Exp $ | |
+# $OpenBSD: 4.4BSD.dist,v 1.299 2017/08/21 20:52:06 rpe Exp $ | |
/set type=dir uname=root gname=wheel mode=0755 | |
@@ -105,10 +105,6 @@ | |
.. | |
lib | |
.. | |
- acme | |
- private uname=root mode=0700 | |
- .. | |
- .. | |
.. | |
.. | |
@@ -137,12 +133,6 @@ | |
include gname=bin uname=root mode=0755 | |
arpa gname=bin uname=root mode=0755 | |
.. | |
- g++ gname=bin uname=root mode=0755 | |
- std gname=bin uname=root mode=0755 | |
- .. | |
- .. | |
- objc gname=bin uname=root mode=0755 | |
- .. | |
openssl gname=bin uname=root mode=0755 | |
.. | |
protocols gname=bin uname=root mode=0755 | |
@@ -424,6 +414,10 @@ | |
calendar | |
.. | |
+ # ./usr/share/compile | |
+ compile | |
+ .. | |
+ | |
# ./usr/share/dict | |
dict | |
papers | |
@@ -533,6 +527,8 @@ | |
.. | |
amd64 | |
.. | |
+ arm64 | |
+ .. | |
armv7 | |
.. | |
hppa | |
diff -ur -x moduli 61/etc/mtree/BSD.x11.dist 62/etc/mtree/BSD.x11.dist | |
--- 61/etc/mtree/BSD.x11.dist 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/mtree/BSD.x11.dist 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: BSD.x11.dist,v 1.44 2017/02/26 16:51:18 matthieu Exp $ | |
+# $OpenBSD: BSD.x11.dist,v 1.45 2017/08/05 14:13:39 jsg Exp $ | |
/set type=dir uname=root gname=wheel mode=0755 | |
. | |
@@ -419,6 +419,8 @@ | |
xtrans | |
.. | |
.. | |
+ libdrm | |
+ .. | |
mk | |
.. | |
util-macros | |
diff -ur -x moduli 61/etc/mtree/special 62/etc/mtree/special | |
--- 61/etc/mtree/special 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/mtree/special 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: special,v 1.123 2017/02/12 08:59:52 landry Exp $ | |
+# $OpenBSD: special,v 1.124 2017/05/03 11:55:36 gsoares Exp $ | |
# | |
# Hand-crafted mtree specification for the dangerous files. | |
# | |
@@ -111,6 +111,7 @@ | |
.. #ssh | |
syslog.conf type=file mode=0644 uname=root gname=wheel | |
ttys type=file mode=0644 uname=root gname=wheel | |
+vm.conf type=file mode=0644 uname=root gname=wheel optional | |
weekly type=file mode=0644 uname=root gname=wheel | |
weekly.local type=file mode=0644 uname=root gname=wheel optional | |
ypldap.conf type=file mode=0600 uname=root gname=wheel optional | |
diff -ur -x moduli 61/etc/netstart 62/etc/netstart | |
--- 61/etc/netstart 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/netstart 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,12 +1,13 @@ | |
#!/bin/sh - | |
# | |
-# $OpenBSD: netstart,v 1.172 2016/12/06 14:01:43 mpi Exp $ | |
+# $OpenBSD: netstart,v 1.186 2017/07/25 21:17:11 rpe Exp $ | |
# Turn off Strict Bourne shell mode. | |
set +o sh | |
-# Strip comment lines from a file. | |
-# Strip leading and trailing whitespace if IFS is set. | |
+# Echo file $1 to stdout. Skip comment lines and delete everything | |
+# after the first '#' from other lines. Strip leading and trailing | |
+# whitespace if IFS is set. | |
# Usage: stripcom /path/to/file | |
stripcom() { | |
local _file=$1 _line | |
@@ -18,116 +19,106 @@ | |
done <$_file | |
} | |
+# Parse and "unpack" a hostname.if(5) line given as positional parameters. | |
+# Fill the _cmds array with the resulting interface configuration commands. | |
+parse_hn_line() { | |
+ local _af=0 _name=1 _mask=2 _bc=3 _prefix=2 _c _cmd _prev _daddr | |
+ set -A _c -- "$@" | |
+ set -o noglob | |
+ | |
+ case ${_c[_af]} in | |
+ ''|*([[:blank:]])'#'*) | |
+ return | |
+ ;; | |
+ inet) ((${#_c[*]} > 1)) || return | |
+ [[ ${_c[_name]} == alias ]] && _mask=3 _bc=4 | |
+ [[ -n ${_c[_mask]} ]] && _c[_mask]="netmask ${_c[_mask]}" | |
+ if [[ -n ${_c[_bc]} ]]; then | |
+ _c[_bc]="broadcast ${_c[_bc]}" | |
+ [[ ${_c[_bc]} == *NONE ]] && _c[_bc]= | |
+ fi | |
+ _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}" | |
+ ;; | |
+ inet6) ((${#_c[*]} > 1)) || return | |
+ if [[ ${_c[_name]} == autoconf ]]; then | |
+ _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}" | |
+ V6_AUTOCONF=true | |
+ return | |
+ fi | |
+ [[ ${_c[_name]} == alias ]] && _prefix=3 | |
+ [[ -n ${_c[_prefix]} ]] && _c[_prefix]="prefixlen ${_c[_prefix]}" | |
+ _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}" | |
+ ;; | |
+ dest) ((${#_c[*]} == 2)) && _daddr=${_c[1]} || return | |
+ _prev=$((${#_cmds[*]} - 1)) | |
+ ((_prev >= 0)) || return | |
+ set -A _c -- ${_cmds[_prev]} | |
+ _name=3 | |
+ [[ ${_c[_name]} == alias ]] && _name=4 | |
+ _c[_name]="${_c[_name]} $_daddr" | |
+ _cmds[$_prev]="${_c[@]}" | |
+ ;; | |
+ dhcp) _c[0]= | |
+ _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]} down;dhclient $_if" | |
+ V4_DHCPCONF=true | |
+ ;; | |
+ '!'*) _cmd=$(print -- "${_c[@]}" | sed 's/\$if/'$_if'/g') | |
+ _cmds[${#_cmds[*]}]="${_cmd#!}" | |
+ ;; | |
+ *) _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}" | |
+ ;; | |
+ esac | |
+ unset _c | |
+ set +o noglob | |
+} | |
+ | |
# Start a single interface. | |
# Usage: ifstart if1 | |
ifstart() { | |
- if=$1 | |
+ local _if=$1 _hn=$HN_DIR/hostname.$1 _cmds _i=0 _line _stat | |
+ set -A _cmds | |
+ | |
# Interface names must be alphanumeric only. We check to avoid | |
# configuring backup or temp files, and to catch the "*" case. | |
- [[ $if != +([[:alpha:]])+([[:digit:]]) ]] && return | |
+ [[ $_if != +([[:alpha:]])+([[:digit:]]) ]] && return | |
- file=/etc/hostname.$if | |
- if ! [ -f $file ]; then | |
- echo "netstart: $file: No such file or directory" | |
+ if [[ ! -f $_hn ]]; then | |
+ echo "${0##*/}: $_hn: No such file or directory" | |
return | |
fi | |
+ | |
# Not using stat(1), we can't rely on having /usr yet. | |
- set -A stat -- $(ls -nL $file) | |
- if [ "${stat[0]#???????} ${stat[2]} ${stat[3]}" != "--- 0 0" ]; then | |
- echo "WARNING: $file is insecure, fixing permissions" | |
- chmod -LR o-rwx $file | |
- chown -LR root.wheel $file | |
+ set -A _stat -- $(ls -nL $_hn) | |
+ if [[ "${_stat[0]}${_stat[2]}${_stat[3]}" != *---00 ]]; then | |
+ echo "WARNING: $_hn is insecure, fixing permissions" | |
+ chmod -LR o-rwx $_hn | |
+ chown -LR root:wheel $_hn | |
+ fi | |
+ | |
+ # Check for ifconfig'able interface, except if -n option is specified. | |
+ if ! $PRINT_ONLY; then | |
+ (ifconfig $_if || ifconfig $_if create) >/dev/null 2>&1 || | |
+ return | |
fi | |
- # Check for ifconfig'able interface. | |
- (ifconfig $if || ifconfig $if create) >/dev/null 2>&1 || return | |
- # Now parse the hostname.* file. | |
- while :; do | |
- if [ "$cmd2" ]; then | |
- # We are carrying over from the 'read dt dtaddr' | |
- # last time. | |
- set -- $cmd2 | |
- af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" cmd2= | |
- # Make sure and get any remaining args in ext2, | |
- # like the read below. | |
- i=1 | |
- while [ $i -lt 6 -a -n "$1" ]; do shift; let i=i+1; done | |
- ext2="$@" | |
+ # Parse the hostname.if(5) file and fill _cmds array with interface | |
+ # configuration commands. | |
+ set -o noglob | |
+ while IFS= read -- _line; do | |
+ parse_hn_line $_line | |
+ done <$_hn | |
+ | |
+ # Apply the interface configuration commands stored in _cmds array. | |
+ while ((_i < ${#_cmds[*]})); do | |
+ if $PRINT_ONLY; then | |
+ print -r -- "${_cmds[_i]}" | |
else | |
- # Read the next line or exit the while loop. | |
- read af name mask bcaddr ext1 ext2 || break | |
+ eval "${_cmds[_i]}" | |
fi | |
- # $af can be "dhcp", "up", "rtsol", an address family, commands, | |
- # or a comment. | |
- case "$af" in | |
- "#"*|"") # Skip comments and empty lines. | |
- continue | |
- ;; | |
- "!"*) # Parse commands. | |
- cmd="${af#*!} ${name} ${mask} ${bcaddr} ${ext1} ${ext2}" | |
- ;; | |
- "dhcp") | |
- [ "$name" = "NONE" ] && name= | |
- [ "$mask" = "NONE" ] && mask= | |
- [ "$bcaddr" = "NONE" ] && bcaddr= | |
- cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 down" | |
- cmd="$cmd;dhclient $if" | |
- dhcpif="$dhcpif $if" | |
- ;; | |
- "rtsol") | |
- rtsolif="$rtsolif $if" | |
- cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up" | |
- ;; | |
- *) | |
- read dt dtaddr | |
- if [ "$name" = "alias" ]; then | |
- # Perform a 'shift' of sorts. | |
- alias=$name | |
- name=$mask | |
- mask=$bcaddr | |
- bcaddr=$ext1 | |
- ext1=$ext2 | |
- ext2= | |
- else | |
- alias= | |
- fi | |
- cmd="ifconfig $if $af $alias $name" | |
- case "$dt" in | |
- dest) | |
- cmd="$cmd $dtaddr" | |
- ;; | |
- *) | |
- cmd2="$dt $dtaddr" | |
- ;; | |
- esac | |
- case $af in | |
- inet) | |
- if [ ! -n "$name" ]; then | |
- echo "/etc/hostname.$if: inet alone is invalid" | |
- return | |
- fi | |
- [ "$mask" ] && cmd="$cmd netmask $mask" | |
- if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then | |
- cmd="$cmd broadcast $bcaddr" | |
- fi | |
- ;; | |
- inet6) | |
- if [ ! -n "$name" ]; then | |
- echo "/etc/hostname.$if: inet6 alone is invalid" | |
- return | |
- fi | |
- [ "$mask" ] && cmd="$cmd prefixlen $mask" | |
- cmd="$cmd $bcaddr" | |
- ;; | |
- *) | |
- cmd="$cmd $mask $bcaddr" | |
- ;; | |
- esac | |
- cmd="$cmd $ext1 $ext2" | |
- ;; | |
- esac | |
- eval "$cmd" | |
- done </etc/hostname.$if | |
+ ((_i++)) | |
+ done | |
+ unset _cmds | |
+ set +o noglob | |
} | |
# Start multiple interfaces by driver name. | |
@@ -153,50 +144,49 @@ | |
done | |
} | |
-# IPv6 autoconf the interfaces in the $rtsolif list. | |
-# Usage: ifv6autoconf | |
-ifv6autoconf() { | |
- local _if | |
- | |
- # $ip6kernel will not have been set if we were invoked with a | |
- # list of interface names | |
- ifconfig lo0 inet6 >/dev/null 2>&1 || return 0 | |
- | |
- for _if in $rtsolif; do | |
- ifconfig $_if inet6 autoconf | |
- done | |
-} | |
- | |
# Parse /etc/mygate and add default routes for IPv4 and IPv6 | |
# Usage: defaultroute | |
defaultroute() { | |
- [[ -z $dhcpif ]] && stripcom /etc/mygate | while read gw; do | |
- [[ $gw == @(*:*) ]] && continue | |
- route -qn delete default >/dev/null 2>&1 | |
- route -qn add -host default $gw && break | |
+ ! $V4_DHCPCONF && stripcom /etc/mygate | | |
+ while read gw; do | |
+ [[ $gw == @(*:*) ]] && continue | |
+ route -qn add -host default $gw && break | |
done | |
- [[ -z $rtsolif ]] && stripcom /etc/mygate | while read gw; do | |
- [[ $gw == !(*:*) ]] && continue | |
- route -qn delete -inet6 default >/dev/null 2>&1 | |
- route -qn add -host -inet6 default $gw && break | |
+ ! $V6_AUTOCONF && stripcom /etc/mygate | | |
+ while read gw; do | |
+ [[ $gw == !(*:*) ]] && continue | |
+ route -qn add -host -inet6 default $gw && break | |
done | |
} | |
-# Make sure the invoking user has the right privileges. | |
-if (($(id -u) != 0)); then | |
- echo "${0##*/}: need root privileges" | |
- exit 1 | |
-fi | |
- | |
# Get network related vars from rc.conf using the parsing routine from rc.subr. | |
FUNCS_ONLY=1 . /etc/rc.d/rc.subr | |
_rc_parse_conf | |
+HN_DIR=${HN_DIR:-/etc} | |
+PRINT_ONLY=false | |
+USAGE="USAGE: ${0##*/} [-n] [interface ...]" | |
+V4_DHCPCONF=false | |
+V6_AUTOCONF=false | |
+ | |
+while getopts ":n" opt; do | |
+ case $opt in | |
+ n) PRINT_ONLY=true;; | |
+ *) print -u2 "$USAGE"; exit 1;; | |
+ esac | |
+done | |
+shift $((OPTIND-1)) | |
+ | |
+# Option -n is only supported if interface names are specified as parameters. | |
+if $PRINT_ONLY && (($# == 0)); then | |
+ print -u2 "Missing parameters.\n$USAGE" | |
+ exit 1 | |
+fi | |
+ | |
# If we were invoked with a list of interface names, just reconfigure these | |
# interfaces (or bridges), add default routes and return. | |
if (($# > 0)); then | |
for _if; do ifstart $_if; done | |
- ifv6autoconf | |
defaultroute | |
return | |
fi | |
@@ -258,8 +248,6 @@ | |
# Due to rare use of IPv4 compatible addresses, and security issues | |
# with it, we disable it by default. | |
route -qn add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject >/dev/null | |
- | |
- rtsolif="" | |
else | |
ip6kernel=NO | |
fi | |
@@ -274,9 +262,6 @@ | |
# Configure all the carp interfaces which we know about before default route. | |
ifmstart "trunk svlan vlan carp" | |
-# Now that $rtsolif has been populated, IPv6 autoconf those interfaces | |
-ifv6autoconf | |
- | |
# Look for default routes in /etc/mygate. | |
defaultroute | |
diff -ur -x moduli 61/etc/rc 62/etc/rc | |
--- 61/etc/rc 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/rc 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc,v 1.493 2017/02/26 16:51:18 matthieu Exp $ | |
+# $OpenBSD: rc,v 1.517 2017/08/29 16:56:13 rpe Exp $ | |
# System startup script run by init on autoboot or after single-user. | |
# Output and error are redirected to console by init, and the console is the | |
@@ -9,7 +9,6 @@ | |
# Subroutines (have to come first). | |
- | |
# Strip in- and whole-line comments from a file. | |
# Strip leading and trailing whitespace if IFS is set. | |
# Usage: stripcom /path/to/file | |
@@ -81,13 +80,12 @@ | |
done | |
} | |
+# Push the old seed into the kernel, create a future seed and create a seed | |
+# file for the boot-loader. | |
random_seed() { | |
- # push the old seed into the kernel | |
dd if=/var/db/host.random of=/dev/random bs=65536 count=1 status=none | |
chmod 600 /var/db/host.random | |
- # ... and create a future seed | |
dd if=/dev/random of=/var/db/host.random bs=65536 count=1 status=none | |
- # and create a seed file for the boot-loader | |
dd if=/dev/random of=/etc/random.seed bs=512 count=1 status=none | |
chmod 600 /etc/random.seed | |
} | |
@@ -160,24 +158,18 @@ | |
# Re-link libraries, placing the objects in a random order. | |
reorder_libs() { | |
- local _l _liba _libas _tmpdir _remount=false _error=false | |
- local _dkdev=$(df /usr/lib | sed '1d;s/ .*//') | |
- local _mp=$(mount | grep "^$_dkdev") | |
+ local _dkdev _liba _libas _mp _tmpdir _remount=false _error=false | |
+ | |
+ [[ $library_aslr == NO ]] && return | |
+ | |
+ _dkdev=$(df /usr/lib | sed '1d;s/ .*//') | |
+ _mp=$(mount | grep "^$_dkdev") | |
# Skip if /usr/lib is on a nfs mounted filesystem. | |
[[ $_mp == *' type nfs '* ]] && return | |
echo -n 'reordering libraries:' | |
- # Only choose the latest version of the libraries. | |
- for _liba in /usr/lib/libc.so.*.a; do | |
- _liba=$(ls ${_liba%%.[0-9]*}*.a | sort -V | tail -1) | |
- for _l in $_libas; do | |
- [[ $_l == $_liba ]] && continue 2 | |
- done | |
- _libas="$_libas $_liba" | |
- done | |
- | |
# Remount read-write, if /usr/lib is on a read-only ffs filesystem. | |
if [[ $_mp == *' type ffs '*'read-only'* ]]; then | |
if mount -u -w $_dkdev; then | |
@@ -188,17 +180,37 @@ | |
fi | |
fi | |
- for _liba in $_libas; do | |
- _tmpdir=$(mktemp -dq /tmp/_librebuild.XXXXXXXXXXXX) && ( | |
- set -o errexit | |
- _lib=${_liba#/usr/lib/} | |
- _lib=${_lib%.a} | |
- cd $_tmpdir | |
- ar x ${_liba} | |
+ # Only choose the latest version of the libraries. | |
+ for _liba in /usr/lib/lib{c,crypto}; do | |
+ _libas="$_libas $(ls $_liba.so.+([0-9.]).a | sort -rV | head -1)" | |
+ done | |
+ _libas=${_libas# } | |
+ | |
+ for _liba in /usr/libdata/ld.so.a $_libas; do | |
+ _tmpdir=$(mktemp -dq /tmp/_librebuild.XXXXXXXXXXXX) && | |
+ ( | |
+ set -o errexit | |
+ _install='install -F -S -o root -g bin -m 0444' | |
+ _lib=${_liba##*/} | |
+ _lib=${_lib%.a} | |
+ cd $_tmpdir | |
+ ar x $_liba | |
+ if [[ $_lib == ld.so ]]; then | |
+ ld -g -x -e _dl_start \ | |
+ --version-script=Symbols.map --shared -Bsymbolic \ | |
+ --no-undefined -o ld.so.test $(ls *.o | sort -R) | |
+ chmod u+x test-ld.so | |
+ [[ $(./test-ld.so ok) == './test-ld.so: ok!' ]] | |
+ $_install /usr/libexec/ld.so /usr/libexec/ld.so.save | |
+ $_install ld.so.test /usr/libexec/ld.so | |
+ else | |
cc -shared -o $_lib $(ls *.so | sort -R) $(cat .ldadd) | |
[[ -s $_lib ]] && file $_lib | fgrep -q 'shared object' | |
LD_BIND_NOW=1 LD_LIBRARY_PATH=$_tmpdir awk 'BEGIN {exit 0}' | |
- install -F -S -o root -g bin -m 0444 $_lib /usr/lib/$_lib | |
+ LD_BIND_NOW=1 LD_LIBRARY_PATH=$_tmpdir openssl \ | |
+ x509 -in /etc/ssl/cert.pem -out /dev/null | |
+ $_install $_lib ${_liba%/*}/$_lib | |
+ fi | |
) || { _error=true; break; } | |
done | |
@@ -224,6 +236,7 @@ | |
[[ -n $_suffix ]] || return 1 | |
if [[ -f /etc/rc.$_suffix ]]; then | |
+ echo "running rc.$_suffix" | |
mv /etc/rc.$_suffix /etc/rc.$_suffix.run | |
. /etc/rc.$_suffix.run 2>&1 | tee /dev/tty | | |
mail -Es "$(hostname) rc.$_suffix output" root >/dev/null | |
@@ -277,12 +290,14 @@ | |
domainname "$(stripcom /etc/defaultdomain)" | |
fi | |
-# Need to get local functions from rc.subr. | |
+# Get local functions from rc.subr to load rc.conf into scope. | |
FUNCS_ONLY=1 . /etc/rc.d/rc.subr | |
- | |
-# Load rc.conf into scope. | |
_rc_parse_conf | |
+# If executed with the 'shutdown' parameter by the halt, reboot or shutdown: | |
+# - update seed files | |
+# - execute the rc.d scripts specified by $pkg_scripts in reverse order | |
+# - bring carp interfaces down gracefully | |
if [[ $1 == shutdown ]]; then | |
if echo 2>/dev/null >>/var/db/host.random || \ | |
echo 2>/dev/null >>/etc/random.seed; then | |
@@ -295,13 +310,13 @@ | |
if (($(sysctl -n kern.securelevel) == 0)); then | |
echo 'single user: not running shutdown scripts' | |
else | |
- pkg_scripts=${pkg_scripts%%*( )} | |
- if [[ -n $pkg_scripts ]]; then | |
+ set -A _d -- $pkg_scripts | |
+ _i=${#_d[*]} | |
+ if ((_i)); then | |
echo -n 'stopping package daemons:' | |
- while [[ -n $pkg_scripts ]]; do | |
- _d=${pkg_scripts##* } | |
- pkg_scripts=${pkg_scripts%%*( )$_d} | |
- [[ -x /etc/rc.d/$_d ]] && /etc/rc.d/$_d stop | |
+ while ((--_i >= 0)); do | |
+ [[ -x /etc/rc.d/${_d[_i]} ]] && | |
+ /etc/rc.d/${_d[_i]} stop | |
done | |
echo '.' | |
fi | |
@@ -309,7 +324,6 @@ | |
[[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown | |
fi | |
- # Bring carp interfaces down gracefully. | |
ifconfig | while read _if _junk; do | |
[[ $_if == carp+([0-9]): ]] && ifconfig ${_if%:} down | |
done | |
@@ -320,6 +334,7 @@ | |
# Add swap block-devices. | |
swapctl -A -t blk | |
+# Run filesystem check unless a /fastboot file exists. | |
if [[ -e /fastboot ]]; then | |
echo "Fast boot: skipping disk checks." | |
elif [[ $1 == autoboot ]]; then | |
@@ -327,14 +342,24 @@ | |
do_fsck | |
fi | |
+# From now on, allow user to interrupt (^C) the boot process. | |
trap "echo 'Boot interrupted.'; exit 1" 3 | |
+# Unmount all filesystems except root. | |
umount -a >/dev/null 2>&1 | |
+ | |
+# Mount all filesystems except those of type NFS and VND. | |
mount -a -t nonfs,vnd | |
-mount -uw / # root on nfs requires this, others aren't hurt. | |
-rm -f /fastboot # XXX (root now writeable) | |
-# Set flags on ttys. (Do early, in case they use tty for SLIP in netstart.) | |
+# Re-mount the root filesystem read/writeable. (root on nfs requires this, | |
+# others aren't hurt.) | |
+mount -uw / | |
+chmod og-rwx /bsd | |
+ln -fh /bsd /bsd.booted | |
+ | |
+rm -f /fastboot | |
+ | |
+# Set flags on ttys. | |
echo 'setting tty flags' | |
ttyflags -a | |
@@ -347,54 +372,58 @@ | |
# Set initial temporary pf rule set. | |
if [[ $pf != NO ]]; then | |
- RULES="block all" | |
- RULES="$RULES\npass on lo0" | |
- RULES="$RULES\npass in proto tcp from any to any port ssh keep state" | |
- RULES="$RULES\npass out proto { tcp, udp } from any to any port domain keep state" | |
- RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" | |
- RULES="$RULES\npass out inet proto udp from any port bootpc to any port bootps" | |
- RULES="$RULES\npass in inet proto udp from any port bootps to any port bootpc" | |
+ RULES=" | |
+ block all | |
+ pass on lo0 | |
+ pass in proto tcp from any to any port ssh keep state | |
+ pass out proto { tcp, udp } from any to any port domain keep state | |
+ pass out inet proto icmp all icmp-type echoreq keep state | |
+ pass out inet proto udp from any port bootpc to any port bootps | |
+ pass in inet proto udp from any port bootps to any port bootpc" | |
+ | |
if ifconfig lo0 inet6 >/dev/null 2>&1; then | |
- RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" | |
- RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" | |
- RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" | |
- RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" | |
- RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server" | |
- RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" | |
- fi | |
- RULES="$RULES\npass in proto carp keep state (no-sync)" | |
- RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" | |
- if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then | |
+ RULES="$RULES | |
+ pass out inet6 proto icmp6 all icmp6-type neighbrsol | |
+ pass in inet6 proto icmp6 all icmp6-type neighbradv | |
+ pass out inet6 proto icmp6 all icmp6-type routersol | |
+ pass in inet6 proto icmp6 all icmp6-type routeradv | |
+ pass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server | |
+ pass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" | |
+ fi | |
+ | |
+ RULES="$RULES | |
+ pass in proto carp keep state (no-sync) | |
+ pass out proto carp !received-on any keep state (no-sync)" | |
+ | |
+ if (($(sysctl -n vfs.mounts.nfs 2>/dev/null) > 0)); then | |
# Don't kill NFS. | |
- RULES="set reassemble yes no-df\n$RULES" | |
- RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" | |
- RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" | |
+ RULES="set reassemble yes no-df | |
+ $RULES | |
+ pass in proto { tcp, udp } from any port { sunrpc, nfsd } to any | |
+ pass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" | |
fi | |
+ | |
print -- "$RULES" | pfctl -f - | |
pfctl -e | |
fi | |
-# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services. | |
fill_baddynamic udp | |
fill_baddynamic tcp | |
sysctl_conf | |
+start_daemon slaacd >/dev/null 2>&1 | |
+ | |
echo 'starting network' | |
# Set carp interlock by increasing the demotion counter. | |
# Prevents carp from preempting until the system is booted. | |
ifconfig -g carp carpdemote 128 | |
-# Recover resolv.conf in case dhclient died hard. | |
-if [[ -f /etc/resolv.conf.save ]]; then | |
- mv -f /etc/resolv.conf.save /etc/resolv.conf | |
- touch /etc/resolv.conf | |
-fi | |
- | |
sh /etc/netstart | |
-dmesg >/dev/random # Any write triggers a rekey. | |
+# Any write triggers a rekey. | |
+dmesg >/dev/random | |
# Load pf rules and bring up pfsync interface. | |
if [[ $pf != NO ]]; then | |
@@ -418,7 +447,8 @@ | |
(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) | |
(cd /var/authpf && rm -rf -- *) | |
-dmesg >/var/run/dmesg.boot # Save a copy of the boot messages. | |
+# Save a copy of the boot messages. | |
+dmesg >/var/run/dmesg.boot | |
make_keys | |
@@ -473,7 +503,7 @@ | |
chmod 666 /dev/tty[pqrstuvwxyzPQRST]* | |
chown root:wheel /dev/tty[pqrstuvwxyzPQRST]* | |
-# Check the password temp/lock file. | |
+# Check for the password temp/lock file. | |
if [[ -f /etc/ptmp ]]; then | |
logger -s -p auth.err \ | |
'password file may be incorrect -- /etc/ptmp exists' | |
@@ -504,8 +534,7 @@ | |
fi | |
if T=$(mktemp /tmp/_motd.XXXXXXXXXX); then | |
sysctl -n kern.version | sed 1q >$T | |
- echo "" >>$T | |
- sed '1,/^$/d' </etc/motd >>$T | |
+ sed -n '/^$/,$p' </etc/motd >>$T | |
cmp -s $T /etc/motd || cp $T /etc/motd | |
rm -f $T | |
fi | |
@@ -561,7 +590,8 @@ | |
[[ -f /etc/rc.local ]] && sh /etc/rc.local | |
-ifconfig -g carp -carpdemote 128 # Disable carp interlock. | |
+# Disable carp interlock. | |
+ifconfig -g carp -carpdemote 128 | |
mixerctl_conf | |
@@ -569,5 +599,9 @@ | |
start_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xenodm | |
echo '.' | |
+# Re-link the kernel, placing the objects in a random order. | |
+# Replace current with relinked kernel and inform root about it. | |
+/usr/libexec/reorder_kernel & | |
+ | |
date | |
exit 0 | |
diff -ur -x moduli 61/etc/rc.conf 62/etc/rc.conf | |
--- 61/etc/rc.conf 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/rc.conf 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc.conf,v 1.213 2017/02/26 16:51:18 matthieu Exp $ | |
+# $OpenBSD: rc.conf,v 1.216 2017/05/30 12:04:26 tb Exp $ | |
# DO NOT EDIT THIS FILE!! | |
# | |
@@ -57,6 +57,7 @@ | |
# be sure to set net.inet6.ip6.forwarding=1 | |
sasyncd_flags=NO | |
sensorsd_flags=NO | |
+slaacd_flags= | |
slowcgi_flags=NO | |
smtpd_flags= | |
sndiod_flags= | |
@@ -99,6 +100,7 @@ | |
# miscellaneous other flags | |
amd_master=/etc/amd/master # AMD 'master' map | |
+library_aslr=YES # set to NO to disable library randomization | |
savecore_flags= # "-z" to compress | |
spamd_black=NO # set to YES to run spamd without greylisting | |
shlib_dirs= # extra directories for ldconfig, separated | |
diff -ur -x moduli 61/etc/rc.d/rc.subr 62/etc/rc.d/rc.subr | |
--- 61/etc/rc.d/rc.subr 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/rc.d/rc.subr 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,6 +1,6 @@ | |
-# $OpenBSD: rc.subr,v 1.118 2017/02/17 16:42:41 ajacoutot Exp $ | |
+# $OpenBSD: rc.subr,v 1.127 2017/06/05 18:31:23 ajacoutot Exp $ | |
# | |
-# Copyright (c) 2010, 2011, 2014-2016 Antoine Jacoutot <ajacoutot@openbsd.org> | |
+# Copyright (c) 2010, 2011, 2014-2017 Antoine Jacoutot <ajacoutot@openbsd.org> | |
# Copyright (c) 2010, 2011 Ingo Schwarze <schwarze@openbsd.org> | |
# Copyright (c) 2010, 2011, 2014 Robert Nagy <robert@openbsd.org> | |
# | |
@@ -45,7 +45,7 @@ | |
} | |
_rc_write_runfile() { | |
- [ -d ${_RC_RUNDIR} ] || mkdir -p ${_RC_RUNDIR} && \ | |
+ [ -d ${_RC_RUNDIR} ] || mkdir -p ${_RC_RUNDIR} && | |
cat >${_RC_RUNFILE} <<EOF | |
daemon_class=${daemon_class} | |
daemon_flags=${daemon_flags} | |
@@ -79,11 +79,30 @@ | |
[ X"$1" = X"ok" ] && exit 0 || exit 1 | |
} | |
+_rc_alarm() | |
+{ | |
+ trap - ALRM | |
+ kill -ALRM ${_TIMERSUB} 2>/dev/null # timer may not be running anymore | |
+ kill $! 2>/dev/null # kill last job if it's running | |
+} | |
+ | |
_rc_wait() { | |
local _i=0 | |
+ if [ X"$1" = X"start" ]; then # prevent hanging the boot sequence | |
+ trap "_rc_alarm" ALRM | |
+ while [ $_i -lt ${daemon_timeout} ]; do | |
+ if _rc_do rc_check; then | |
+ [ X"${rc_bg}" = X"YES" ] || [ -z "$$" ] && break | |
+ fi | |
+ sleep 1 | |
+ _i=$((_i+1)) | |
+ done & wait | |
+ pkill -ALRM -P $$ | |
+ return | |
+ fi | |
while [ $_i -lt ${daemon_timeout} ]; do | |
case "$1" in | |
- reload|start) | |
+ reload) | |
_rc_do rc_check && return 0 ;; | |
stop) | |
_rc_do rc_check || return 0 ;; | |
@@ -121,8 +140,8 @@ | |
typeset -l _key | |
local _l _rcfile _val | |
set -A _allowed_keys -- \ | |
- accounting amd_master check_quotas ipsec multicast nfs_server \ | |
- pexp pf pkg_scripts shlib_dirs spamd_black | |
+ accounting amd_master check_quotas ipsec library_aslr \ | |
+ multicast nfs_server pexp pf pkg_scripts shlib_dirs spamd_black | |
[ $# -gt 0 ] || set -- /etc/rc.conf /etc/rc.conf.local | |
for _rcfile; do | |
@@ -130,15 +149,16 @@ | |
while IFS=' ' read -r _l; do | |
[[ $_l == [!#=]*=* ]] || continue | |
_key=${_l%%*([[:blank:]])=*} | |
- [[ $_key == *_@(flags|rtable|user|timeout) ]] || \ | |
- [[ " ${_allowed_keys[*]} " == *" $_key "* ]] || \ | |
+ [[ $_key == *_@(flags|rtable|user|timeout) ]] || | |
+ [[ " ${_allowed_keys[*]} " == *" $_key "* ]] || | |
continue | |
[[ $_key == "" ]] && continue | |
_val=${_l##*([!=])=*([[:blank:]])} | |
_val=${_val%%#*} | |
_val=${_val%%*([[:blank:]])} | |
# remove leading and trailing quotes (backwards compat) | |
- [[ $_val == @(\"*\"|\'*\') ]] && _val=${_val#?} _val=${_val%?} | |
+ [[ $_val == @(\"*\"|\'*\') ]] && | |
+ _val=${_val#?} _val=${_val%?} | |
eval "${_key}=\${_val}" | |
done < $_rcfile | |
done | |
@@ -150,7 +170,7 @@ | |
[ -n "${FUNCS_ONLY}" ] && return | |
rc_start() { | |
- ${rcexec} "${daemon} ${daemon_flags} ${_bg}" | |
+ ${rcexec} "${daemon} ${daemon_flags}" | |
} | |
rc_check() { | |
@@ -166,12 +186,12 @@ | |
} | |
rc_cmd() { | |
- local _bg _n | |
+ local _to _n _ret | |
[ -n "${1}" ] && echo "${_rc_actions}" | grep -qw -- ${1} || _rc_usage | |
- [ "$(id -u)" -eq 0 ] || \ | |
- [ X"${rc_usercheck}" != X"NO" -a X"$1" = "Xcheck" ] || \ | |
+ [ "$(id -u)" -eq 0 ] || | |
+ [ X"${rc_usercheck}" != X"NO" -a X"$1" = "Xcheck" ] || | |
_rc_err "$0: need root privileges" | |
if _rc_not_supported $1; then | |
@@ -179,7 +199,6 @@ | |
_rc_err "$0: $1 is not supported" | |
fi | |
- [ X"${rc_bg}" = X"YES" ] && _bg="&" | |
[ -n "${_RC_DEBUG}" ] || _n="-n" | |
_rc_do _rc_parse_conf ${_RC_RUNFILE} | |
@@ -200,10 +219,20 @@ | |
if type rc_pre >/dev/null; then | |
_rc_do rc_pre || break | |
fi | |
- _rc_do rc_start || break | |
- _rc_do _rc_wait start || break | |
+ _rc_do _rc_wait start & _TIMERSUB=$! | |
+ trap "_rc_alarm" ALRM | |
+ _rc_do rc_start; _ret=$? | |
+ kill -ALRM ${_TIMERSUB} | |
+ wait ${_TIMERSUB} 2>/dev/null # don't print Alarm clock | |
+ [[ "${_ret}" == 142 ]] && [ X"${rc_bg}" != X"YES" ] && | |
+ _to="timeout" | |
+ # XXX for unknown reason, rc_check can fail (e.g. redis) | |
+ # while it just succeeded in _rc_wait; the check is | |
+ # needed to cope with failing daemons returning 0 | |
+ #[[ "${_ret}" == @(0|142) ]] && _rc_do rc_check || break | |
+ [[ "${_ret}" == @(0|142) ]] || break | |
_rc_do _rc_write_runfile | |
- _rc_exit ok | |
+ _rc_exit ${_to:=ok} | |
done | |
# handle failure | |
type rc_post >/dev/null && _rc_do rc_post | |
@@ -215,7 +244,7 @@ | |
echo $_n "${INRC:+ }${_name}" | |
_rc_do rc_stop || _rc_exit failed | |
_rc_do _rc_wait stop || _rc_exit failed | |
- if type rc_post >/dev/null; then \ | |
+ if type rc_post >/dev/null; then | |
_rc_do rc_post || _rc_exit failed | |
fi | |
_rc_do _rc_rm_runfile | |
@@ -228,7 +257,7 @@ | |
_rc_exit ok | |
;; | |
restart) | |
- $0 ${_RC_DEBUG} ${_RC_FORCE} stop && \ | |
+ $0 ${_RC_DEBUG} ${_RC_FORCE} stop && | |
$0 ${_RC_DEBUG} ${_RC_FORCE} start | |
;; | |
*) | |
@@ -264,14 +293,14 @@ | |
eval _rctimeout=\${${_name}_timeout} | |
# set default values; duplicated in rcctl(8) | |
-getcap -f /etc/login.conf ${_name} 1>/dev/null 2>&1 && \ | |
- daemon_class=${_name} || daemon_class=daemon | |
+getcap -f /etc/login.conf ${_name} 1>/dev/null 2>&1 && daemon_class=${_name} || | |
+ daemon_class=daemon | |
[ -z "${daemon_rtable}" ] && daemon_rtable=0 | |
[ -z "${daemon_user}" ] && daemon_user=root | |
[ -z "${daemon_timeout}" ] && daemon_timeout=30 | |
# use flags from the rc.d script if daemon is not enabled | |
-[ -n "${_RC_FORCE}" -o "$1" != "start" ] && [ X"${_rcflags}" = X"NO" ] && \ | |
+[ -n "${_RC_FORCE}" -o "$1" != "start" ] && [ X"${_rcflags}" = X"NO" ] && | |
unset _rcflags | |
[ -n "${_rcflags}" ] && daemon_flags=${_rcflags} | |
@@ -289,5 +318,5 @@ | |
unset _rcflags _rcrtable _rcuser _rctimeout | |
pexp="${daemon}${daemon_flags:+ ${daemon_flags}}" | |
rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c" | |
-[ "${daemon_rtable}" -eq 0 ] || \ | |
+[ "${daemon_rtable}" -eq 0 ] || | |
rcexec="route -T ${daemon_rtable} exec ${rcexec}" | |
Tylko w 62/etc/rc.d: slaacd | |
diff -ur -x moduli 61/etc/rc.d/ypbind 62/etc/rc.d/ypbind | |
--- 61/etc/rc.d/ypbind 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/rc.d/ypbind 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,6 +1,6 @@ | |
#!/bin/sh | |
# | |
-# $OpenBSD: ypbind,v 1.5 2015/10/18 03:51:11 deraadt Exp $ | |
+# $OpenBSD: ypbind,v 1.7 2017/05/27 19:55:48 ajacoutot Exp $ | |
daemon="/usr/sbin/ypbind" | |
Tylko w 61/etc/signify: openbsd-59-base.pub | |
Tylko w 61/etc/signify: openbsd-59-fw.pub | |
Tylko w 61/etc/signify: openbsd-59-pkg.pub | |
Tylko w 62/etc/signify: openbsd-63-base.pub | |
Tylko w 62/etc/signify: openbsd-63-fw.pub | |
Tylko w 62/etc/signify: openbsd-63-pkg.pub | |
Tylko w 61/etc/ssl: acme | |
diff -ur -x moduli 61/etc/weekly 62/etc/weekly | |
--- 61/etc/weekly 2017-04-01 21:38:28.000000000 +0200 | |
+++ 62/etc/weekly 2017-10-04 05:13:10.000000000 +0200 | |
@@ -1,5 +1,5 @@ | |
# | |
-# $OpenBSD: weekly,v 1.27 2015/08/14 03:02:07 rzalamena Exp $ | |
+# $OpenBSD: weekly,v 1.28 2017/04/15 13:12:08 schwarze Exp $ | |
# | |
# For local additions, create the file /etc/weekly.local. | |
# To get section headers, use the function next_part in weekly.local. | |
@@ -63,7 +63,7 @@ | |
fi | |
next_part "Rebuilding whatis databases:" | |
-/usr/sbin/makewhatis ${MAKEWHATISARGS:--Q} | |
+/usr/sbin/makewhatis $MAKEWHATISARGS | |
next_part "Doing login accounting:" | |
[ "X$LOGINACCOUNTING" = X1 ] && { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment