run the sshd-session link kit also

also relink ssh-agent

program relinking currently uses a Makefile.relink inside the re-link kit.
For sshd (the only relinked program at the moment), this file is created
in an extremely nasty way. It'll be better if we have a proper clean
install.sh script, which I've built for sshd. But let's first commit the
change to /etc/rc which will handle that in the near future.
ok djm

show fingerprint of freshly generated ssh host key on first boot

Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time. This simplifies a secure first ssh connection to
a freshly installed machine.

ok deraadt@ kn@, and various for earlier iterations

During boot we have a protective and restrictive pf ruleset during the time
we are running netstart, and then load the pf.conf ruleset after all of the
interfaces are loaded.

Allow in and out IPv6 neighbor advertisement traffic without state during
that time.

suggestions/OK from saschan@
OK sthen@ kn@ florian@ deraadt@

Delete TAB only line.

process the sshd random-relink kit if it is found. sshd's text segment
is now garbled, and in the future xonly univirse you'll have poor success
downloading it or libc to know where gadgets are.
ok djm

Make wait_reorder_libs() honour library_aslr=NO

Otherwise it will unconditionally print an empty line in case relinking
is disabled.

Reported by kettenis
Feedback OK tb
OK florian

add newline missed in previous

Re-order libraries in parallel to netstart.

While netstart is busy setting up the network and waiting for a
default route we can already start with reordering libraries since
this does not depend on running network, speeding things up.

Idea & input deraadt
Input & OK kn

rc(8): reorder_libs: print names of relinked libraries

When booting from slow media, the boot can appear to stall at the
"reordering libs" line for quite some time. For my example, my G4
PowerMac booting from USB 1.1 takes a full minute to reorder the
libraries.

Let's print the name of each library before it is relinked. This
gives the operator a better sense of what the machine is doing. In
particular, it signals to the operator that the machine did not hang.

With input from kn@, deraadt@. Positive feedback from sthen@.

Link: https://marc.info/?l=openbsd-tech&m=165914104421476&w=2

ok kn@

mount /usr earlier, to satisfy dynamically-linked daemons in /sbin better
(there will be more soon)

Only attempt to set the yp domainname if not yet set; gets rid of an error
message at shutdown.

tweaks & ok deraadt@

Place ypldap with ypserv, inside the $domainname check, since it also
has the same requirement.

/var/run/ypbind.lock doesn't need to be forcefully removed
ok aja

Generate P-256 ECDH keys for iked instead of reusing 2048 bit RSA keys
from isakmpd.

ok bluhm@

Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@

Wait for autoconf interfaces to come up in netstart(8) instead of
rc(8). This makes tunnel interfaces work that depend on working
autoconf interfaces.
OK deraadt

Start network auto configuration daemons earlier so that tunnel
interfaces can depend on dhcp or slaac.
dhcpleased needs /var mounted so pull that up, we do not support /var
on nfs.
With & OK deraadt, earlier version OK sthen

filessystems -> filesystems

switch(4) and switchd(8) are retiering. Unhook them from various
configuration files.
OK sthen@ kn@ patrick@

quietly attempt mounting of /var/log early, in case someone creates such
a partition to avoid /var overflow issues
ok benno beck

A slightly less precise match on the ifconfig output lines works
better for rdomain or metric tuned interfaces
from leon fischer

Only perform the default-route-pause if there are interfaces with the
AUTOCONF flag set. This removes the delay for even more (strange)
static configs.
ok sthen

small tweak for default route checking, we don't care about the number of
routes, only if at least one exists, so can avoid the subshell and just use
grep -q. ok deraadt

After netstart, dhcpleased, and resolved are running, spin up to 10
seconds waiting for a default route (v4 or v6) to exist, this
increases the chance of DNS lookups working earlier. This is done
before pf is configured, sorry we have good reasons. Static
configurations are unaffected. dhclient previously did this kind of
delay, and this is the lightest touch we can come up with which gives
the same effect.
While here, also start relinking earlier.
ok benno florian sthen

because the kernel has been replaced after last boot, run kvm_mkdb
before the first consumer of kvm_bsd.db

dhcpleased wants /var (but contains code to handle when it isn't there).
But in the nfs diskless case, we can do better by starting it a little
later. This disrupts nfs diskless on dynamic addresses a little, if it ever
actually worked with dhclient, but anyone doing that deserves the headache.
ok florian

Ship resolvd service, enable it by default

Starting right after unwind.

OK deraadt

rc(8) bits for dhcpleased(8).
OK deraadt

rc: ensure that vfs.mounts.nfs check works without NFS

If NFS isn't compiled into the kernel, sysctl -n vfs.mounts.nfs
will produce no numerical output. Make sure that we always have
a valid arithmetic expression.

Reported by and ok patrick@

Add support for !command to mygate, so that netstart has a late opportunity
to perform network configuration (for example, "!route source -ifp em0")
Split mygate and myname manual pages (how did anyone ever believe these
are related), and perform hostname configuration much earlier in rc.
discussed with benno, claudio, jmc, etc etc, last version of !command
parser by tb

retire rebound etc bits to the attic

move /usr and var remounting (nfs diskless case...) earlier, so that
unwind can be started (silently) before pf is configured (for those
few weirdos who use hostnames in pf.conf...). Other unidentified concerns
may be improved by this startup re-ordering, so let's give it a try.
discussed with florian.

use $(<file) instead of $(cat file) since this script uses ksh; ok ajacoutot@

we have emergency entropy injection code in rc, for if the bootblocks and
other methods failed to inject/churn the rng enough. Move it up far earlier.
ok naddy sthen kettenis

for now, only mix in sysctl hw.{uuid,serialno,sensors} to /dev/random.
as found the hard way by d.rauschenb@gmail on an old fujitsu siemens
machine, reading all of hw (notable hw.setperf) can have unexpected
side-effects. ok deraadt

feed "sysctl hw" into /dev/random; a cheap way to feed in sensor data
as a one-shot at boot without more complex kernel work, and also includes
some serial numbers/guids which may add a little more entropy e.g. for
systems where /etc/random.seed may be known (e.g. cloned disk images).
"why not" deraadt@

ld.so boot cleanup support:
- put functions and data which are only used before calling the executable's
start function into their own page-aligned segments for unmapping
(only done on amd64, arm64, armv7, powerpc, and sparc64 so far)
- pass .init_array and .preinit_array functions an addition argument which
is a callback to get a structure which includes a function that frees
the boot text and data
- sometimes delay doing RELRO processing: for a shared-object marked
DF_1_INITFIRST do it after the object's .init_array, for the executable
do it after the .preinit_array
- improve test-ld.so to link against libpthread and trigger its initialization
late
libc changes to use this will come later

ok kettenis@

revert previous. ifconfig errors may be interesting... to be revisited.

catch/hide errors from ifconfig carp in case there is no carp.
ok deraadt

Remove -S from install commands

As of usr.bin/xinstall/install.c revision 1.68, -S is a no-op and
install(1) will always create files safely, thus clean the option usage
from the tree.

Diff from Lauri Tirkkonen <lotheac at iki dot fi>, thanks.

Simplify NFS check in reorder_libs()

Loop over df(1)'s output directly, ensure the resulting list of block
devices is unique to avoid later duplicity checks and redundant mount(8)
invocations.

This allows direct bail out on invalid types and simpler saving for later
remount.

OK deraadt

rc(8) bits for unwind(8); OK deraadt

Drop the ttyflags message.
suggested by and ok deraadt@ ("I think we never hang there anymore")

Use acpidump -q to avoid message about ACPI information not being found.
Many arm64 systems use device trees instead of ACPI and acpidump is
expectected to fail on those systems. And vmm(4) doesn't provide ACPI
information either.

ok deraadt@

It's time to switch to rad(8); tested by many.
Remove rtadvd(8) from rc(8).
OK deraadt, phessler

rc(8) infrastructure for rad

Explicitly call "/etc/rc.d/vmd stop". This issues graceful shutdown commands
to running VMs (at least for OpenBSD ones), but the stop routine for system
daemons is not usually called at shutdown.

Earlier version with just "vmd stop" ok reyk@ kn@, ajacoutot@ reminded me
to hide the contextless "vmd(ok)" text which looks bad, I did so and wrapped
it with a "stopping VMs" message (it can take some time, especially when you
have multiple VMs, so better to have some clear feedback).

Don't hide errors when IPv6 forwarding is not enabled.
OK(failed) phessler
OK deraadt

Remove unecessary line continuation markers after || and &&

Load RFC 7217 key material and generate if it does not already exist.

Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).

OK naddy, sthen, rpe, tb

kill trailing whitespace introduced in previous commit

Use a variable for /usr/share/relink

OK tb@

Consolidate lib.so.*.a, ld.so.a and the kernel relink kit into
one location under /usr/share/relink.

Be more specific in src/etc/rc reorder_libs() what filesystems
need r/w remount and ensure that their mount state is restored.

Idea and positive feedback from deraadt@
OK aja@ tb@

Partially revert rev 1.457 of /etc/rc. The pipe introduced in
sysctl_conf() spawns a subshell. This prevents that the new process
limits affect the daemons started during boot.
OK rpe@ halex@

The testprogram for ld.so reordering is executed in tmpdir.
Move tmpdir for reordering library from /tmp to /usr/lib.
This allows to have /tmp mounted noexec.

prompted by reports on misc@
OK deraadt@ tj@ tb@

Move comment line and spacing.

Based on previous work from deraadt, add relinking of ld.so to
reorder_libs() resulting in a unique ld.so on every system start.

Idea from and OK deraadt@
OK tb@

Display that we are running the upgrade scripts when they exist. On slowish
machines, running sysmerge(8) can take a little while so don't let people
wonder about why the output seems stuck.

ok sthen@ tb@ rpe@

Move the kernel relinking code from /etc/rc into a seperate script
/usr/libexec/reorder_kernel. Requested by ajacoutot@ to be able to
relink the kernel from within syspatch(8).

OK deraadt@ tb@

Simplify the code for stopping daemons listed in pkg_scripts in
reverse order on shutdown.

OK aja@ tb@

Use a bit better idiom to get most recent version of the library
being reordered.

okay tb@ deraadt@

Use numerical sysctl output to check for nfs mounts.

OK tb@

Tweak previous.

Use a more compact way to compose the initial pf ruleset.

Diff from Klemens Nanni
OK tb@ zhuk@

Now that choosing the library versions is much faster, we can do
it after remounting the filesystem containing /usr/lib as rw:
the former is pointless if the latter should happen to fail.

From Klemens Nanni
ok rpe

Optimize and simplify the selection of the latest library version in
reorder_libs().

From Klemens Nanni with input from rpe.
ok rpe, zhuk

Switch reorder_kernel() from sending emails to logging via syslog
and to write the logfile inside the kernel compile dir.

- turn the whole reorder_kernel function into a subshell {} -> ()
- create kernel compile dir early on
- redirect all stdout/stderr to a logfile inside this dir
- setup ERR trap handler that
- disables the EXIT trap handler
- syslogs the error and hints to the logfile
- additionally sends this message to the console
- setup EXIT trap handler that syslogs success
- wipe only the content instead of the whole kernel compile dir
- reestablish stdout redirection to the log after the wipe
- remove -q option of sha256 to log check result
- run reorder_kernel() in the background

OK deraadt@ tb@

Improve reorder_kernel()

- check for and exit if /usr/share is on a nfs mounted filesystem
- add trap handlers that mail the logfile to the admin user
- use $_compile instead of $_compile_dir like in the installer
- use $_compile/$_kernel instead of $_kernel_dir
- remove the now redundant sha256 -h ... after make newinstall
- write stdout/stderr of the background subshell to a logfile

OK tb@ deraadt@

remove some old cruft.

Adjust relink procedure to use new targets. Better use semantics for
users and developers.
diff from rpe, ok tb

As early as possible, create a link /bsd.booted to the /bsd kernel we
presume we booted from. If you boot from another kernel, we cannot help
you later with hibernate, sorry -- The kernel does not get a useable
filename from the bootblocks.

In the bootblocks, detect a live hibernate signature and boot from
/bsd.booted instead.

with yasuoka, lots of discussion with mlarkin, ok tom

Add a new function reorder_kernel() that relinks and installs the
new kernel in the background on system startup. It stores the hash
of the new kernel and sends a notification email to the admin or
root user. If it finds /usr/share/compile.tgz, it removes the
existing compile dir and replaces it with the content of (new)
archive. If the hash of /bsd does not match the stored one, no
relinking happens.

Idea from, joint work with and OK deraadt@
OK tb@ halex@
unnoticed by many

start slaacd as early as possible, right after pf and sysctl.conf are
setup.
Input & OK deraadt@

We have been running a small awk program before installing the relinked libc.
Perform the same kind of test for relinked libcrypto, using an openssl
sequence (proposed by sthen)

Immediately after mounting / read-write, chmod og-rwx the kernel. Remote
prying eyes were already been hindered at determining kernel addresses, now
local prying eyes are also hindered.
ok tb rpe

Introduce a scary rc.conf(8) knob library_aslr=(YES|NO) to turn off the
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.

Discussed with various;
input & ok from deraadt ajacoutot

rc.d(8) for slaacd
OK phessler, deraadt

Randomize link-order of libcrypto as we do with libc. This library
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing

The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.

Comments and spacing.

Simplify patching of motd(5), also making it agree better with the
documentation if the first line of the file is blank.
Quirk reported by Anthony Coulter <bsd at anthonycoulter dot name>.
OK rpe@

Switch to xenodm(1).

Do it now deraadt@

Remove user uucp and group news from base.

spacing

first set -max limit, then -cur, otherwise if -cur si higher than the current
max, it won't be set. noted by Evgeny Grin; ok millert@

Add switchd

OK deraadt@

Move vmd down as VMs might need the host's dhcpd, httpd etc. on startup.

OK mlarkin@ deraadt@

Run acpidump(8) at system startup and store ACPI tables in the
/var/db/acpi directory. Later sendbug(1) will use this data in
bug reports. That directory is created by mtree.

idea from and OK deraadt
OK kettenis

Fix detection of /usr/lib on NFS.
Found by Frank Scheiner, thanks for reporting this.

OK krw, halex
'cool' deraadt

Improve error handling in reorder_libs()

- run commands in subshell only if mktemp is successful
- on error just leave the for-loop but set _error=true
- cleanup tmpdirs afterwards
- set _error=true if the ro remount fails
- print appropriate final message depending on $_error

positive feedback from deraadt
OK krw

No need to show the messages if we skip in case of /usr/lib on nfs.

OK deraadt

Add function comments.

OK sthen, deraadt

whitespace found during review

- rename rebuildlibs() to reorder_libs()
- move the info message inside the function
- skip reordering if /usr/lib is on a nfs mounted filesystem
- temporarily remount rw if /usr/lib is on a ro ffs file-system

OK deraadt

Use the -F flag of install(1) to ensure the file's content is flushed to disk.

OK deraadt

unhphenate the world: re-order -> reorder
sthen does not object

show what we're doing when reordering libraries, otherwise the text
above it is "starting network", which can make you think something is
broken when your machine is as slow as some of mine.

"Yeah, that's a pretty crappy machine" deraadt@

We want to run sysmerge(8) a bit earlier in the boot process so that it has a
chance to update the *default* configuration of the important daemons.
Factorize rc.firsttime into a run_upgrade_script() function which takes the
script suffix name as an argument.
i.e. run_upgrade_script sysmerge / run_upgrade_script firsttime

discussed with deraadt@
ok deraadt@ rpe@

Use 'sort -V' which is actually meant to sort version numbers.

Noted by zhuk@
OK deraadt@

Re-link (only the newest) libc.so, placing the objects in a random
order.
with shell script assistance from rpe

Replace single pattern case-blocks with simpler code.

OK halex@

Add missing rc bits for rebound.

rc-wise OK aja@ jasper@

add rcscript for vmd

ok mlarkin@
prompted by deraadt@

Since version 1.467 of /etc/rc, it was no longer possible to add
shlib_dirs using /etc/rc.conf.local.

Fix from Jan Johansson, thanks.

OK krw@, halex@

yppasswd went away

Fix typos in comments

A missed backticks to $() conversion.

OK krw@

Finish first round of rework of the rc script.

OK krw@ halex@

Forcibly delete /var/run/ypbind.lock to prepare for the worst cases.
ok aja

Enable eigrpd(8) and eigrpctl(8) in the builds

ok deraadt@

Besides the usual style changes:
- verify that kbd is executable and kbdtype is not empty
- use safer 'print --' to pipe the initial pf ruleset to pfctl
- simplify the ipsecctl if-block

Feedback and OK halex@
OK krw@

- FOO=bar; export FOO -> export FOO=bar
- run domainname only with a non-empty /etc/defaultdomain file
- Make single-user if-block more intuitive, which also matches
better what the comment actually says

OK halex@, krw@ on a similar diff

Remove setup_X_sockets():
The creation of Unix sockets directories in /tmp for X happens right
after pruning /tmp. So the whole dance of checking for their
existence, ownership or permissions is not necessary. It's safe to
just create them with the right permissions if X is installed.

Changes to do_fsck():
Remove the _flags variable and pass flags to fsck directly with "$@".

Feedback and OK halex@
OK krw@ on a similar diff

Provide an ftpproxy6 rc script. ftp-proxy can only open one listening socket
at a time, so a second instance of the daemon is required.

OK mikeb stsp ajacoutot

Changes for start_daemon():
- use more descriptive variable name

Changes for make_keys():
- use variables for file paths
- key -> keys in message
- take into account the return codes of isakmpd private *and* public
key generation

OK krw@ halex@

- add usage info
- initialize _ban variable
- style

OK halex@

Restore previous behaviour for wsconsctl_conf().

In wsconsctl.conf configuration variables can contain doublequotes
which are removed by the shell if wsconsctl is used interactively.

In scripts, without using eval, these doublequotes are preserved
and the wsconsctl command complains about "illegal character in
input".

Found by and OK jmc@
With feedback from and OK krw@, halex@

Changes to sysctl_conf(), mixerctl_conf() and wsconsctl_conf():
- no need to check for non-empty *.conf files, stripcom handles that now
- pipe stripcom output directly to while-read-loop
- quote the argument to the *ctl commands
- no need to double shutup mixerctl, -q already means quiet

OK krw@, halex@

Start the rework of the /etc/rc shell script.

General changes:
- apply a similar 'style' as used in the installer scripts
- improve comments to be more to the point, remove where code is obvious
- document usage of functions if they have arguments
- rename variables where it improves readability
- replace really old-school shell code with more contemporary idioms

Changes to stripcom():
- skip empty files (eleminates tests for this before calling stripcom)
- remove {} around the while-loop, feed file directly
- instead of continue if empty and then print, print only if non-empty
- use the safer "print -r --" instead of plain "echo"
- quote "$_line" on output to prevent globbing

Changes to update_limit():
- use {,-cur,-max} instead of "" -cur -max
- eleminate if-block with reverse test and continue

OK halex@ krw@

Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.

ok deraadt

Disable Strict Bourne shell mode for /etc/rc and /etc/netstart to be
able to use ksh syntax within these scripts. This way init doesn't
need to be changed, which starts /etc/rc using /bin/sh and people
can still use "sh /etc/netstart ifname".

Idea from and OK halex@
OK deraadt@ krw@ guenther@

Replace test command with [].

OK halex@ krw@

Put the opening curley brackets on the same line as the function name.

OK krw@ halex@

- remove trailing blanks introduced in previous commit
- no space in redirections like </foo or >$bar
- few other minor whitespaces

OK krw@

Improve comments
- Add comments for functions
- Start comments with capital letters
- End comments with a full stop
- Allow comments to extend up to column 80

OK krw@

Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made
tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.

man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@

'rc.firstime' -> 'rc.firsttime' in comment.

Diff from Navan Carson via tech@

Use /etc/services names in all the default pf rules (most already
did). This allows any local changes to /etc/services to be effective
if all you have is the default.

Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!

ok phessler@ deraadt@

Unhook rtsol(8) and rtsold(8) from the build.
OK deraadt@

Fix comment: We don't use RC4 anymore, it's better to be more
generic.

ok miod@

Make /var/tmp a symbolic link to /tmp. The creation of /var/tmp in the
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.

Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.

done with rpe
ok many

When clearing /tmp, use "-maxdepth -1" instead of "-type d -prune".
This is easier to understand and fixes a bug where the "-type d -prune"
was misplaced as noticed by pirofti@. OK deraadt@

Remove sendmail tentacles. ok krw@ ajacoutot@

usr.sbin

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Execute /etc/netstart using sh(1) instead of sourcing it.
Committing early to make sure we have time to fix any side-effect.

ok deraadt@

enable httpd; ok deraadt@

Print a warning message if the files with the random seed are not
writeable during shutdown. This prevents ugly error messages when
the machine is rebooted from singe-user without mounting the file
systems read-write.
suggested by deraadt@

ugly ugly whitespace

sh netstart, instead of using .
We don't want any of the variables created inside netstart to infect the
rc script.
ok claudio sthen aja

quiet /etc/rc.shutdown, it may not exist.

ok deraadt@

This isn't C.

Only set kern.securelevel=1 if it was not lowered nor bumped by
rc.securelevel,

with deraadt@

rc.{local,securelevel,shutdown} become examples. If versions of them
are created in /etc, they are executed (they used to be sourced) to
avoid polluting the rc variable space. The powerdown= and securelevel=
features are removed; they are likely only used by 2 people. the
secureleve is now always raised; this is the only sensible default.
ok ajacoutot

check for existance of rc.shutdown, before sourcing it

rc bits for iscsid. Start iscsid as early as possible. Use the new -N
flag for fsck and mount to check and mount the iscsi file systems (marked
with option net) right after the mount -a.
"Get it in" deraadt@
rpe@ is OK with this going in but it may need further changes

Make rc.conf a parsed configuration file and stop sourcing it as a shell
script.
From now on rc.conf has a fixed syntax (key=val) and it is not allowed
to add anything to it besides the supported syntax, it all going to be
ignored.

discussed with and help from deraadt@ and halex@

Redirecting stderr to /dev/null suppresses all errors. Instead use
the new status=none feature to make dd quiet.
OK halex@

rm rwhod tentacles

Remove krb5 bits from rc(8).

ok reyk@

use "!received-on any" to absolutely ensure that we're not forwarding
carp, rpc or nfs traffic in the initial ruleset active during network
startup for a short time (or a much longer time if /etc/pf.conf is
screwed up). ok phessler

Enable Unbound in base, ok deraadt@

Unhook httpd(8) from build; etc bits
OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@
"The time is right." and much help getting the show on
the road deraadt@

Ignore blank characters at the end of ${pkg_scripts} in order
to refrain from trying to execute /etc/rc.d/ in that case.
Problem noticed by jasper@.

Opinions on this patch vary: "much nicer, ok" sthen@
"good god, what horrible shell voodoo, ok" ajacoutot@

Extend the initial pf ruleset to explicitly allow dhcp / bootp and dhcpv6.
Our dhclient only uses the bpf tap for broadcast packets (which bypass
pf) but lease renewals will use a regular socket and are blocked without
this change. Rules are written so that accidential forwarding of packets
is not possible.
Diff from brad@, OK henning@, benno@, mikeb@

Use kern.securelevel to determine whether or not we are in single
user mode now that init no longer raises securelevel during reboot.
OK deraadt@

document a hack we want fixed later

- add chmod of seedfile in /etc
- use its return code for single/multiuser detection

ok deraadt

re-use random_seed in shutdown section

ok deraadt

create a seed file for the bootloader in /etc/random.seed

nest random_seed() contents into a single redirection
idea from rpe

re-do shutdown operations. Run the scripts if we may; take down carp
unconditionally, and then do the optional powerdown
discussed at length with rpe

when forcing a re-key, might as well toss in dmesg as additional seed
material

all the random devices have been the same for a while; so let us avoid
being obtuse and use /dev/random

make absence of pkg_scripts non silent, after nits from theo and halex.
okay rpe@, kirby@

Run spamd-setup from within /etc/rc.d/spamd, and take $spamd_black
into consideration.
Diff from Maurice Janssen, thanks!

ok rpe@ giovanni@

remove popa3d etc tendrils

Add rc.d(8) scripts for ipropd-master and ipropd-slave.

ok deraadt@

hook up slowcgi to the tree, including /etc glue and a sample configuration
snippet; ok florian@

Remove pointless local declaration.

ok halex@

Start ldomd(8).

Enable npppd and npppctl in default build. Add npppd to rc and
install sample configs to /etc/.

ok claudio deraadt henning mcbride

Hook up nginx to rc(8).

ok deraadt@ robert@

wire up the bits for tftp-proxy, which is called tftpproxy from rc.d's
point of view.

mostly ok sthen@ ajacoutot@, who were discussing the feng shui of the
start_daemons chunk

tedu the raidctl.

ok deraadt@

ypbind likes a ypserv to talk to, and ypldap pretends to be ypserv.
this diff starts ypldap before ypbind instead of after.

ok deraadt@ ajacoutot@

add tftpd to the network daemons list just after ftpd and ftpproxy.

reminded by mikeb@
ok sthen@

Handle aucat -> sndiod name change, and enable sndiod by default. Mostly
from ajacoutot@.

ok deraadt ajacoutot

Start ldapd(8) earlier so that ypldap(8) can properly run (an LDAP
server _must_ be running and accessible before ypldap is started).

Add a proper pexp in the ypldap rc script.

discussed with pyr@ robert@ deraadt@
ok deraadt@

The new ypbind changes requires that the domainname be set before
rc.conf is run. There's no real downside.
ok aja

ccd goes to the attic
discussed with jsing and millert

Add a script for popa3d to support running it outside of inetd.

supress empty rc.firsttime email and add hostname to the subject line

ok deraadt krw

remove an unneeded trailing semicolon

cleanup of fill_baddynamic()

ok krw@

random seed handling can now be done fairly early, well, as soon as
we are beyond the nfs diskless /var and /usr mounting. Issue also
spotted by Hugo Villeneuve, attempt at repair by me. Let's see how it
works out in practice...
looked at by krw, too

Now that fill_baddynamic() is being called much earlier, it cannot use
grep in a NFS diskless environment. Found and fixed by Hugo Villeneuve

put aucat with network daemons for now, until a better solution is found

move aucat very early, to cope with pkgs; ok aja

there is a usage case where ypldap can be used without the local
domainname being set. adjust the scripts to start it in that way.
discussed with pyr

tee the output from rc.firsttime to /dev/tty before passing it to mail(1)
so we can enjoy it on the screen as well

ok deraadt@

re-add ospfd/ospf6d support which got lost, and build scripts for them

early daemons fit on a line

move the pflog0 setup to the pflogd script and only
do that if pf is actually enabled (rely on pfctl -si)

requested by deraadt@

Forgot to commit that part yesterday, spotted by sthen@

simplify, shorten, and "subtly and cleverly" rearrange some daemon
startups according to rules that some of us understand. it may come of
sounding cocky, but any step beyond that would end up with a dependency
graph which will never happen. this file is now ~60% of the length a
week ago.
ok guenther, robert, aja and people who will not test it until it is in

fix boot output and make sure spamlogd is only started when needed

Switch amd and spamlogd to rc scripts and make sure that the
rc_pre() functions are returning correctly. This change
also simplyfies the changes because false || return 1 can be replaced
with false if that's the last call. thanks halex@!

Small bits of fluff before the final re-organization
ok halex

ARGH! the third part: socket handling cleanup

Oops, the second half of moving the key chunks

Move various bits of key generation in rc into one function, which we
can run surprisingly early. Move the X socket directory creation code
into a function too.
robert liked it

Add the nfs startup scripts.

ok robert@

Give up on btd(8) startup until it can prove itself

switch pflogd to rc.d

only start spamlogd if spamd_flags != NO and spamd_black = NO
spotted by halex@

make rc_daemons use start_daemon instead of calling the script directly

oops, the netstart for pfsync *MUST* have the conditional

disable the afs enable stuff. when nnpfs is re-enabled, that can be added
at the right place.

add scripts for aucat and spamd and switch rc to use them

Eliminate some $? tests by rolling the command into the condition

ok halex@

oops, removed one absolute path which is needed

kvm_mkdb and dev_mkdb have been reliable for years, so we can run them
silently now.
ok guenther

We don't need a conditional around the pfsync start.

(As a reminder to others who spot this weirdness later and get
confused like I did: netstart never starts pfsync automatically,
because it would screw the states. That is why there is this 2nd
manual netstart run for pfsync)

ok mpf

add a script for btd and replace the rc parts

add wsmoused script and switch xdm and wsmoused in rc

timed's time is up. use ntpd(8). Even our own fossil developers
switched a while back.
ok miod, kettenis

Move various "console-ish" services into a new start_daemon block near
the bottom, after checking that they are OK with being there.
ok ajacoutot

Do not use absolute paths for things on our (very simple safe) path.

move portmap, yp* and kerberos services to rc.d scripts

remove superfluous semicolon from start_daemon()

Add rc.d(8) script for the system daemons that are restartable.
From now on rc(8) is going to call these scripts to start them up on boot
in the same order than before.
In addition the inetd and rwhod variables in rc.conf are deprecated so that
inetd_flags and rwhod_flags should be used. The old flags are still going
to be used for some time to allow users to switch.
There are more rc modifications to come later so let's put this in so
we can base more work on this.
It is important to mention that you can still keep using rc.local just
like the way you did before, and we have no intention to remove that either.

I'd also like to thank ajacoutot@, halex@, sthen@ and schwarze@ for working
on this with me.

Move the rc.d(8) bits from rc.{local,shutdown} directly into /etc/rc.
By default, rc.{local,shutdown} don't output anything anymore.

original idea from schwarze@
discussed with deraadt@ and no objection from millert@
ok schwarze@ robert@

Output 'starting standard daemons:' to be consistent with the rest.

ok deraadt@

use ssh-keygen -A; ok deraadt

- introduce the INRC environment variable so that rc.subr(8) knows if it
gets called from rc.local or rc.shutdown
- notify the user if a given operation was successfull or not by appending
the (ok) or (failed) strings to the end of the daemon name
- hide stdout and stdin unless RC_DEBUG=1 is set, otherwise all the function
names will be printed out and all output sent to stdin or stdout
- since from now on rc.subr is taking care of printing out the daemon names
on startup, we don't need to do this from rc.{local,shutdown} anymore

brainkilling work done by me and ajacoutot@, ok ajacoutot@

in the most trivial way, request that the kernel arc4random re-key after
we run netstart
ok tedu, djm liked it too

talk to /dev/arandom as a single read or write.
in particular a single write will result in a single re-key event,
rather than 64 writes causing 64 re-keys -- wasting the kernel's time.
ok guenther

Consistantly use /dev/arandom for feeding entropy to the kernel.
ok kjell otto miod

Don't print 'Null message body; hope that's ok' in the rc output if the
call to rc.firstime doesn't output anything to mail(1).

ok deraadt@ halex@

delete excessive ; use

Add a simple 'rc' system to base in order to start/stop/restart/reload
services installed by the ports system (for now).
It only uses pgrep/pkill to handle these processes. A manual page will
come later.

'put it in' deraadt@

start nsd(8); ok deraadt

add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste <mattieu.b@gmail.com>
ok deraadt@

Add ldapd to rc and rc.conf. Enable it at boot with ldapd_flags=.

ok deraadt@ gilles@

When cleaning /tmp at boot, run the slower find unconditionally.
Previously if the quick rm -rf failed, find was not run, so some files
were not removed. Looks good to tedu@.

Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var.
Also copy the generated RSA key for isakmpd into the iked directory; this
way we share the same RSA key by default.

ok deraadt@ jsg@

Add ldpd(8) to /etc/rc* files.
It needs to be started before the routing daemons.
In this way every new prefix learnt by them already has a label associated.

discussed with and ok'ed by claudio@

start ``aucat -l'' from /etc/rc, unless aucat_flags=NO, which is
the default setting in rc.conf.

ok deraadt

If a /etc/rc.firsttime file exists, run it just once, mailing the output to
root. If anyone wants to use this in a siteXX.tgz file, please be sure to
*concatenate* to the file -- not replace it -- since the installer is going
to be using this file itself.
discussed with todd and halex

use mv -f to avoid stopping during wrongly mounted root; sbeyer@reactor.de

Move ipsec key creation before isakmpd, and sshd to become the first
of the network daemons so that it can be used if another daemon stops
in its tracks.
ok claudio markus sthen

change some defaults inside amd itself, so that the rc scripts no longer
have to pass those options. this makes amd much easier to restart by
hand (though it still remains a nasty daemon do that with)
ok millert

- specifically match carp+([0-9]):, not just carp*:. avoids spurious
attempts to "ifconfig carp down" noticed by david@.

- use non-descriptive variables names rather than $if/$junk to encourage
people reading the code to think what it's doing; many of the output lines
are not interface names.

ok david@

correct indent

Don't use grep/cut during shutdown, /usr might not be mounted.
Spotted by deraadt@. These were used to bring down carp ifaces
cleanly; replace with shell features.

ok deraadt@, henning@. "Much mo' better" blambert@.

extra spaces found during inspection of other goo

Make syslogd create a socket in /var/www/dev when httpd is enabled in order
to make logging to syslog work with php for example.

ok deraadt@, henning@

Arla client rename from xfs to nnpfs for later upgrades. Tested on various arches. ok todd@ beck@

Make sure xdm is installed before trying to run it

ok deraadt@

a scrub was hiding here when nfs was enabled. since we want the no-df
behaviour here replace by an explicit set reassemble yes no-df.
noticed by Valery Masiutsin <val.masutin at gmail dot com>

support for smtpd(8); ok gilles@

Don't synchronise carp states in default PF ruleset, these get created
on each host and end up conflicting, so they never sync anyways.

ok dlg henning

Bump size of isakmpd RSA host key up to 2048 bits to match the
SSH2-RSA size; ok hshoexer@, no objection from miod@

Add bt=YES to /etc/rc.conf.local to start the daemon

New option -D to daemonize spamd-setup for early bootup use. This avoids
spamd-setup hanging if there are various (network?) issues and the system
not proceeding to multiuser so that this can be debugged. We do not use
& for startup in /etc/rc because this makes the spamd-setup a child of the
rc scripts after bootup (that is gross)
Problem reported in PR 5864, change discussed with beck, ok millert

automatically populate net.inet.(tcp|udp).baddynamic with the
contents of /etc/services so as to avoid randomly allocating
source ports that correspond to well-known services. Auto-filling
of the baddynamic tables is performed before reading sysctl.conf,
so it is still possible to add or subtract ports, or override the
autofilling entirely there.

Note that this requires a new kernel and /sbin/sysctl.

feedback markus@ ok markus@ deraadt@ millert@

start rpc.statd together with rpc.lockd

"just get it in" deraadt

Replace nmeattach (which will be removed) with ldattach.

Deprecate /etc/dhcpd.interfaces. This is made unnecessary by dhcpd_flags.

ok deraadt@ beck@ reyk@ phessler@

- add a full stop for consistency

ok deraadt@ dlg@

routed is no longer, use ripd instead.

Try to load host.random before starting the network, no network
randomisations (among other things) benefit from it. We still try again
after /var has been definitely mounted in case it is on NFS;
ok deraadt@

enable snmpd in the build

approved by deraadt@, ok thib@

create pflog0 whenever pf is enabled, not just when pflogd_flags!=NO
fixes spamlogd with pflogd disabled.

ok henning

Do not bring up pfsync(4) before the working ruleset
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

-w flag for wsconsctl is deprecated; from Tim van der Molen

permit tcp 111/2049 at boot too, for tcp nfs mounts; Jim Rees

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

shutdown existing carp interfaces based on ifconfig output, not static
/etc/*.if files.

okay reyk@, deraadt@, krw@...

introduce {fsck,mount}_vnd tools to be able to describe vnd images
in /etc/fstab instead of using some weird homegrown scripts.
No support for boot time mounting yet, so "noauto" is still needed.

original idea from david@
help and discussion todd@ bluhm@ beck@, manpage help jmc@
ok simon@ tedu@ bluhm@ todd@, "looks good" thib@

Allow nmeaattach to start a sensor before starting ntpd. Many modern
receivers can cold start in the time it takes the boot process to get
close to starting ntpd. Even if the gps is not ready or the fix is not
valid, at least the sensor has been created; ntpd won't have to wait
a few minutes before scanning for the sensor. This makes using GPS as
the sole source of time a bit easier.

ok deraadt

catch second instance of spamd_grey - thanks millert and jmc

spamd_grey=YES should really be spamd_black=NO
as disscussed with jmc and millert.
ok millert@

Flag day for spamd -
1) config files move to /etc/mail
2) -g option goes away in spamd-setup and spamd - greylisting is now the default
3) option change to spamd, -b addr becomes -l addr.
4) -b option in spamd-setup and spamd to turn on old blacklisting mode.

Man page shortly to be flensed to make this easier to explain
ok deraadt@ millert@

- add a new "accounting" variable (default to NO) to enable accouting
(if the file /var/account/acct does not exist it will be created)

ok mk@

link hoststated to the builds.
ok miod@, henning@

remove acpid references. ok gwk@, steven@, grange@ and janus@.

Move isakmpd's auto-generated public key, local.pub, into /etc/isakmpd
This makes it readable by unprivileged uses, simplifying configuration,
and there is no reason for it to be secret.

ok msf deraadt hshoexer

when pf and pflogd are enabled, do a "ifconfig pflog0 create" early.
rc checks pflog0 existance before starting pflogd0, pbly to not print an
error message on pflog-less kernels... ugh. ok mcbride

duh -- on first boot, do not build the host.random file twice; ok djm

Add the _ripd user and startup stuff.

ok claudio@

Add ifstated(8) startup bits.
OK deraadt@, henning@, mcbride@

Switch boot order: isakmpd starts before sasyncd.
If a user is running sasyncd, start isakmpd with -S.
In this mode isakmpd starts off passsive and doesn't
delete SA's on shutdown.
OK ho@, hshoexer@, deraadt@

increase the carp demotion counter by 128 instead of 1 while rc runs.
you do not want a machine that is in the middle of rc and does not have
all network daemons (that possibly increase the carp demotion counter
further) to become master just because the other one lost 2 bgp sessions
or similar for other daemons (esp sasyncd) and as such has a demotion
count of >1.
ok mcbride mpf deraadt

remove redundant comments; noted by mpf; ok deraadt, millert

Add sasyncd to rc / rc.conf.

ok deraadt@ cloder@

Carp demotion interlock. Prevents carp from preempting until the system is
booted, allowing for daemons to sync with peers before we take over.

ok deraadt@ mpf@ moritz@

Hook dhcrelay(8) into the startup process.

ok henning@

add all the goo to hook dvmrp into the system

ok derradt@

revert vfs.nfs.privport sysctl, broke a few architectures
requested by deraadt@

Add support for NFS mounts to be from non-reserved ports:

- new sysctl vfs.nfs.privport to require NFS mount requests to be on
reserved ports when set to 1 (the default).
- mountd now automatically sets the sysctl depending on the -n flag.
- add mountd_flags to rc.conf to enable the -n flag at boot.
deraadt@ ok

add hostapd to rc/rc.conf glue

suggested and ok by kettenis@

As the isakmpd fifo race is fixed, hook ipsecctl to rc.

ok naddy@ todd@

move wsconsctl up earlier, so that any key changes made can be used
to (for instance) interrupt dhclient with a ^C instead of a 'CAPS-LOCK C'
from e@molioner.dk checked by matthieu

Use the new -s flag to mount the /usr and /var partitions. Avoids
doubly mounted mfs partitions. Also, at the end of the mount dance,
try mount all partitions, not just nfs partitions. Handles a case
where local paritition mounted inside a nfs partition where not
mounted by rc (/usr on nfs with a local /usr/obj, for example).
ok deraadt@ henning@

configure mixers late; obsd@enop.org 4970

Change "starting rpc daemons" to "starting initial daemons" as we
also start ntpd at this time.

discussed with jmc@; ok deraadt@

add new ftp-proxy startup bits

ok henning beck

add bits for watchdogd startup, PR4540 Michael Knudsen <e@molioner.dk>
but I put it at a different place, watchdogd is really not a network daemon

split ypserv & ypbind startup; ypserv does not depend on you being a
client; from amh@POBOX.COM

change printed line from `printer' to `lpd'; deraadt@ ok.

Fix the test for successful ifconfig of carp interface on shutdown, makes
graceful shutdown work correctly.

ok mpf@ deraadt@ a long time ago, committed to local repository by accident.

ntpd -s by default is just a pause if there is no net

split the dummy ruleset pfctl -f - -e into separate -f - and -e.
relevant when the dummy ruleset can't be loaded, we still want to enable
pf, otherwise the real ruleset (even if that does load correctly) won't
be active. might happen on a non-GENERIC kernel or after an update (before
/etc is manually updated). reported by Jim Rees. ok frantzen@

Start on a basic ACPI framework -- does not do much more than read out the
ACPI tables into kernel memory and attach ACPI and HPET timers currently.

In order to test this code, enabling the devices in GENERIC as well as
the ACPI_ENABLE option is needed. This code does not do any thermal
control yet, so this should be done with care depending on the platform.

In the tree so more people can contribute to making this more fully
featured.

Ok niklas@ grange@ tedu@

o change wsconsctl.conf subshell into a function
o move test for foo.conf into the foo_conf function proper

Make test(1) usage consistent when testing a variable that may not be set.
OK deraadt@

o move sysctl and mixerctl parsing into a subroutine instead of a subshell
o update resource limits if kern.maxproc or kern.maxfiles is changed

if, at boot time, a /etc/resolv.conf.save is found, assume this is from
a dhclient that crashed so hard it was unable to swap the file back,
and hence, finish that job. i convinced krw and henning that this is
right right place (not in netstart)

OK, this is an insane commit. Comes from johnb@ugrad.cs.ualberta.ca, pr 3589.
somehow he got his YP and DNS screwed up and nslookup $h was dealing with h = ""
which was doing nslookup "", which is bad and hangs boots. be more careful
by doing echo $h | nslookup instead.

add ospfd, ok theo
From: Jason Crawford <jasonrcrawford@gmail.com>, whitespace fixes me

Only try to run pflogd if pflog0 exists; from mpech@
OK deraadt@ and fgsch@

Add support for setting mixerctl values in a sysctl.conf like manner
via mixerctl.conf.
ok deraadt@, earlier version ok henning@

introduce spamlogd_flags to make it easier to e. g. bind spamlogd
to an interface; no change in default config
from Toni Mueller <support@oeko.net>, ja ja ja ja bob

default pf rule too restrictive for IPv6 (need to allow NS/NA). deraadt ok

Use inet6 pf rules only for inet6-capable setups, first spotted
by form@pdp-11.org.ru.

ok todd@ henning@

kill double whitespace, PR3934, for rea this time and without unrelated
changes

ooopppssss, backout last, lots of unrelated changes creeped in, noticed
by jmc

double whitespace, one from PR3934

unconditionally add -s to ntpd_flags in rc and suggest "" for normal
use in the comment in rc.conf again, idea & ok theo

Set up alternate keyboard encoding earlier in rc.

ok miod@ henning@ deraadt@

no need anymore to require isamkpd.policy for isakmpd startup
ok ho@ henning@

permit icmp6-type routersol out, and icmp6-type routeradv in, at boot time

eh, actually add the startup code for ntpd

hotplugd startup.

ok deraadt@

dhclient doesn't write a pid file any more; do remove the code that
deals with it at startup; noticed by wilfried, millert ok

Bring down carp interfaces gracefully even if powerdown=YES in rc.shutdown.

ok krw@ deraadt@

spacing

generate a isakmpd (host) key; ok henning, deraadt, cedric

double check that the carp* interfaces exist before knocking them down,
mcbride and i think this diff looks good but do not feel like doing the
250 meter walk to go test it

Allow spamd_flags banner to contain spaces. Resolves PR 3720.
ok beck@ millert@

Fix CARP shutdown. ok deraadt

Pass pfsync and carp traffic in the boot-time pf configuration.
Bring carp interfaces down at shutdown, to make a graceful exit if we're master.

ok deraadt@

add the goo for bgpd, theo ok

move spamd to a better place; ok henning beck

A better place for sshd; pointed out by millert

start sshd earlier, ok from various

add support for spamd greylisting with spamd -g and spamlogd to rc/rc.conf

remove -w option to sysctl;

diffs from Paul de Weerd;
ok deraadt@

simplify afs startup so all you have to do is say "YES" to get basic
AFS functionality (enough to to pkg_add's)

permit rpc.yppasswdd run to be blocked, and block by default; ok henning tedu

Move vi.recover invocation until after after ldconf is run. Fixes
a problem when postfix w/ sasl & tls is used instead of sendmail
and perl is dynamically linked anyway. Closes PR 3605.
OK deraadt@ and drahn@

spacing

sensorsd startup via rc/rc.conf
ok millert@

"pass on lo0" in the intermediate pf ruleset loaded during boot.
solves PR3376 by matthew.gream@pobox.com, fix slightly different

ok mcbride@ deraadt@

No more gated. ok krw@, deraadt@, commments from David Krause, jakob@.

fix another non-POSIX chown; Chuck Yerkes

Fix operational typo. Bug reported by William Yodlowsky
bsd at openbsd dot rutgers dot edu. OK millert@, others.

grammar; ok miod@

enclose X${lpd_flags} in quotation marks, as it could carry more than
one argument.

OK miod@, millert@, henning@, markus@, fries@, tdeval@

commented hourly spamd-setup run

only generate shared secret for rndc if named will be started.
tested by grange@, ok millert@

remove support for named_chroot and named_user; always run named as user
named and chrooted to /var/named. ok deraadt@

make sure both /etc/rndc.key and /var/named/etc/rndc.key exist, and are
the same.

ok jakob@, deraadt@

Fix NFS diskless boot when PF is used.
From dhartmei@ e-mail, ok henning@

generated shared secret for rndc/bind9; ok millert@

Add a /var/empty/dev/log socket for things that chroot to /var/empty.

Allow outbound ping in initial pf rules.

dhclient needs this to validate old (but valid) leases in
/var/db/dhclient.leases in case it needs to fall back to such a
lease. (the dhcp server can be down or not responding)

Reported by Chris Jepeway.

"makes sense" henning dhartmei

Handle wsconsctl.conf entries that contain spaces, e.g.
keyboard.map+="keysym Caps_Lock = Control_L"
OK fgs@

Remove screenblank section; reported by Andrey Matveev.

spamd startup stuff

Simpler default block.

ok deraadt@

kill whitespace at EOL; David Krause

no more altqd use

Allow host to do dns lookups in the initial ruleset. This way, pfctl
can properly boot rulesets with dns addresses in it.

use stripcom(), not awk. Spotted by form@.

millert@ ok

Remove more remnants of smtpfwdd. ok deraadt@.

We no longer need to install copies of /dev/null and /etc/localtime
in named's chroot jail. These things are now dealt with before
named chroots.

more photuris bits by bye bye

Prevent possible races by moving .X11 fixups to before the system
goes multiuser. In consultation with dynamo; cleared by millert.

Create directories for X11 unix socket at boot time. This removes the
need for root privileges for processes that create the sockets later.
ok deraadt@

echo before running sshd; mcbride@countersiege.com

www space no longer needs a dev/crypto

toss a /dev/crypto copy into /var/www/dev; millert ok

pfctl -f instead of -N/-R, ok deraadt@

Remove startup stuff for Kerberos 4 servers.

ok deraadt@

clear /var/authpf on bootup - ensure we don't kill things we shouldn't

Sigh, add the rule in the right place (not just when NFS is used).
From Dries Schellekens

Allow incoming ssh connections in the initial temporary rule set that's
active before /etc/pf.conf is loaded, just in case loading fails (and
leaves the inital set active). ok deraadt@

be silent on kernels which lack nfs; d.doroshenko@omnitel.net

If there is a /var/run/dhclient.pid file, stash its contents and
restore it after cleaning out /var/run. Since we don't have /usr
yet our options are limited here.
Without this change /var/run/dhclient.pid will be removed after
dhclient is started from /etc/netstart.

quiet raid check

raid(4) parity check simplification

move ssh config files to /etc/ssh

Permit flags to be set for savecore, e.g. to compress core dumps
ok millert@ fgsch@

print "RSA1" for protocol v1

handle pflogd_flags better; openbsd@davidkrause.com

isakmpd can work without an isakmpd.conf, but not without an
isakmpd.policy -- change startup conditions accordingly.

start pflogd in a different place; do not block NFS in diskless situations; danh & cedric@wireless-networks.com

re-order shlib_dirs, now X11R6/lib, local/lib, then custom libdirs
concept originally from Joshua Stein <jcs@rt.fm>, thanks!
markus@, espie@ ok; based on useful discussion from fgsch@, espie@, heko@

pflogd_flags; mbing@nfr.net

oops, forgot to up pflog0; mbing@nfr.net

start pflogd at the right place, I think

altqd startup stuff

wsconsctl.conf support, wsconsctl accepts saner var names now; raadtified

pull in rc.conf early so that pf(1) startup is right; tested by jasoni, comments from millert

Initialization infrastruture for pf. Based on initial patches
by ian@, and much input and mangling from theo.

KerberosV support.

Kerberos related cleanup.

bail YP if no domainname; dima@unixfreak.org

Use lpd_flags instead of lpd, thus allowing to pass parameters to lpd;
patch from Yozo TODA <yozo@imit.chiba-u.ac.jp>, deraadt@ ok.

With recent changes to swapctl(8), replace the invocation of swapon
with two swapctl invocations.
Swap on block devices is enabled before fscking filesystems, swap on
files is enabled after all filesystems (including remote) are mounted.

Remove ipf. Darren Reed has interpreted his (old, new, whichever)
licence in a way that makes ipf not free according to the rules we
established over 5 years ago, at www.openbsd.org/goals.html (and those
same basic rules govern the other *BSD projects too). Specifically,
Darren says that modified versions are not permitted. But software
which OpenBSD uses and redistributes must be free to all (be they
people or companies), for any purpose they wish to use it, including
modification, use, peeing on, or even integration into baby mulching
machines or atomic bombs to be dropped on Australia. Furthermore, we
know of a number of companies using ipf with modification like us, who
are now in the same situation, and we hope that some of them will work
with us to fill this gap that now exists in OpenBSD (temporarily, we
hope).

swapon -a before fsck is run

oops

wsmoused support; missed 2.9 -- bad aaron; heko@saitti.net

permit passing sshd flags; djm

wscons rc files are not nicely MI clean, so when some nice diffs are shown around, they can go back in

amd now crates autodir by itself

I tried to figure out how to have tmp_mnt get created automatically
inside amd source code. I could not figure out. So here it goes,
until some rocket scientist points out how to do it in the real source.

generate all 3 keys, use -t xxx

install wscons.conf and rc.wscons on alpha/hppa/i386/powerpc and call it from rc

Check whether /etc/inetd.conf exists before starting inetd (chuck@snew.com)

Back-out use of apachectl to start httpd:
1) It's one more dependency in /etc/rc
2) It's one more script that starts from /etc/rc (slowdown)
3) We're only going to be starting httpd in /etc/rc anyway (no other
weird operations), so there's no reason to force a change in rc.conf
4) apachectl(8) doesn't mention "startssl" directive
5) Admins can use apachectl to manage httpd regardless of how the
latter was started

Thanks to fgs@ for yelling about this :-)

Use apachectl to start httpd, rather than directly call httpd in
/etc/rc (PR 1476)

Initialize RAID parity as needed (PR 1529)

after seeding from the host.random file, immediately reset the seed file, so
that if a shutdown-less reboot occurs, the next re-seed is not a repeat

grammar in comment

moused will now co-exist with X

If /etc/mailer.conf specifies a mailer other than sendmail, there
may be no /etc/mail/sendmail.cf so don't include that in the check
for whether or not to run /usr/sbin/sendmail. Instead, check for
the existence of /etc/mailer.conf. Pointed out by Theo.

When starting up sendmail in the background, redirect stderr to
/dev/null too. Otherwise, if there is a name resolution problem
the rc files may finish before sendmail forks into a daemon and it
will complain about EBADF on stderr (since init revoked it).
From a discussion between Theo and myself.

Initialization script stuff for moused.

explicit path to gated so that it will load as expected

ssh always installed, no more static lib case

host.random whacking must be after /var is mounted, obviously

timed & rdate start before securelevel is set so no need to check
$securelevel; noted by ho@

rtadvd.conf is not required, actually

- Move ntpd out of rc.securelevel
- Add ntpdate and rdate rc knobs

Approved-And-Assisted-By: millert

remove ip6defaultif, this is just for IPv6 specification pedants

Start sendmail in the background so it doesn't cause blockage
on reboot timing out on DNS problems.

Clean-up after httpd

ifaliases goes away.
- new installs wont have existing ifaliases
- updates dont touch /etc
- manual updates of /etc/ should know what they're doing anyway

fwiw, see hostname.if(5) alias functionality has moved here for better
overall network configurability

avoid a few extra processes; d.doroshenko@omnitel.net

normalize test vs [; form

nfsiod/nfs_client, bye bye
add commented out entry into sysctl.conf for vfs.nfs.iothreads

Fix SBINDIR path the right way

work around kerberos SBINDIR being misdefined; hin

hmm... simplify this

fix PR #1169; itojun@ OK

ssh_host_dsa_key not ssh_dsa_host_key

build DSA keys automatically at boot time

Enable sendmail 8.10.0. Things like sendmail.* and aliases now live
in /etc/mail.

Adda a stripcom function to strip comments (and leading whitespace,
depending on IFS). This replaces the ed and sed code previously
used to do this.

add ip6defaultif, which configures default outgoing interface
when no neighboring router is found (rare case). this is to conform
strictly to the ND spec. it is safe to leave it empty.

Use ed, not sed, for pulling the interesting bits out of /etc/sysctl.conf.

let sed do all the work, do not invoke extra grep; millert@ ok

add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags