IABSD.fr/src/etc

Branch :


Log

Author Commit Date CI Message
8a1c1efc 2020-08-03 18:19:12 grow to cope with clang10
7932220e 2020-07-22 14:06:08 build bsd.mp (issues remain, but doing the build effort is valuable already)
f47c3a24 2020-07-22 14:04:59 sync
b4c43e69 2020-07-22 14:04:35 create /dev nodes for sparc64 and powerpc console, so that dev_mkdb will find them, and devname() in various programs won't return "??" ok kettenis
9099a081 2020-07-18 14:22:14 copy out bootblocks
b82a4de3 2020-07-16 19:44:19 regen
cd75e4e9 2020-07-16 19:42:47 Bootloader magic.
c93d5785 2020-07-16 19:42:18 Add disk description for bootloader ramdisk.
8b4cf230 2020-07-12 14:35:38 Use su -fl to avoid sourcing /etc/profile / the target user's .profile This way rc.d and rcctl don't suffer from side effects in people's rc files. If you somehow used those files to set environment variables, you should have used login.conf as described in rc.d(8) instead. ok ajacoutot@
17e24fb9 2020-07-06 06:12:37 regen after kstat addition
963d6015 2020-07-06 06:11:26 wire up kstat(4). it's only accessible to root:wheel. ok deraadt@
7db9ac7a 2020-07-05 21:57:23 Build minirootXX.img for powerpc64.
e9e01eb1 2020-07-05 20:03:31 Missing file needed for building releases.
7e1b4d47 2020-07-02 16:24:06 Minimal fbtab for powerpc64.
fae51641 2020-06-30 21:58:13 Fix two places where carp backup state is misspelled in comments. ok claudio@
3209e200 2020-06-29 17:52:02 enter etc.powerpc64
ea425ecd 2020-06-29 17:49:52 powerpc64; picked the best bits from amd64 and arm64
7c3e9570 2020-06-29 17:47:20 regen
08ddfbc8 2020-06-29 17:39:58 Fix pasto.
0178100d 2020-06-29 17:38:35 powerpc64 MD bits
c0a074d6 2020-06-29 17:26:24 powerpc64 man page dirs
143054fa 2020-06-26 19:51:14 Switch cdio's default CDDB database to gnudb.gnudb.org:8880. The freedb.org CD track database has been discontinued. Retire cddb/888 from /etc/services. Nothing uses this any longer. gnudb.org uses the "cddbp-alt" port of 8880, but we don't need a services(5) entry for a single site. ok deraadt@
44268de3 2020-06-23 15:45:34 bump pbuild datasize limit to 8G to allow Firefox to build with Rust 1.44 ok deraadt@
cd431690 2020-06-23 13:57:05 Enable virtual consoles on armv7, the same way it is done on arm64. Tested on a Cubieboard2. OK patrick@
c32abbbf 2020-06-23 13:54:40 Sync armv7 fbtab with arm64 fbtab, leaving out drm devices. OK deraadt@, patrick@
b4cf6692 2020-06-22 09:28:04 Install npppd.conf(5) with mode 0600 instead of 0640. npppd.conf(5) can store radius passwords and nothing requires it to be group readable. ok yasuoka@
bf6955b0 2020-06-21 16:59:45 tidy wording from when dnssec was enabled/disabled/reenabled ok kn gsoares
7058e686 2020-06-21 12:28:13 start wg with the other interfaces that rely on routing being up. from Matt Dunwoodie and Jason A. Donenfeld ok deraadt@
8717b3bd 2020-06-08 15:21:38 growth
471476a4 2020-06-03 08:23:16 Import regenerated moduli file.
4e2f099e 2020-05-25 20:28:12 sync from MAKEDEV.md
cd2d05bf 2020-05-25 20:27:44 Increase the default number of ldom and ttyV devices for sparc64 from eight to sixteen. It's quite easy to be able to create that many LDOMs on the newer machines. Help making the change in the right place from Miod and otto@ ok kn@ "looks fine" deraadt@
885dbb90 2020-05-23 13:16:03 Remove useless line from daemon class in login.conf We used to have different numbers of blowfish rounds between the default and daemon classes in login.conf. On Jun 26, 2016, tedu committed "upgrade selected login.conf to use auto rounds for bcrypt" for amd64, sparc64, i386, and maccpc. Since the class daemon inherits from the default class, the :localcipher=blowfish,a:\ is a duplicate. ok millert@ deraadt@ sthen@
88c728cc 2020-05-22 13:38:43 Revert the following commit as it breaks hostname.if(5) lines with a backslash at the end for line continuation Breaking long lines into multiple ones must still be possible and does require to treat the backslash as an escape character. Breakage reported by Mark Patruck <mark at wrapped dot cx >, thanks! --- distrib/miniroot/install.sub revision 1.1151 etc/netstart revision 1.203 date: 2020/05/21 11:54:41; author: kn; state: Exp; lines: +2 -2; Do not treat backslashe as an escape character in hostname.if(5) lines ifstart() should always pass such lines unaltered, especially if they contain "nwid" or "description" lines with arbitrary strings. <bsdlisten at gmail dot com> reported SSIDs such as "Mike's" during installation end as broken; this was because the installer escaped the single quote using backslashes which ended up being treated as escape characters much later during hostname.if parsing in netstart(8). Ok deraadt
9ed80bb0 2020-05-21 13:42:02 Fix stripcom() description wrt. comments not on their own line Neither netstart's nor install.sub's (subtly different) implementations remove trailing comments on lines not starting as a comment, e.g., lines like "up #not down" go through unaltered and without "#not down" being removed. Only lines *beginning* with the comment sign ("#") are stripped. No functional change, just updating function descriptions.
2bf37714 2020-05-21 11:54:41 Do not treat backslashe as an escape character in hostname.if(5) lines ifstart() should always pass such lines unaltered, especially if they contain "nwid" or "description" lines with arbitrary strings. <bsdlisten at gmail dot com> reported SSIDs such as "Mike's" during installation end as broken; this was because the installer escaped the single quote using backslashes which ended up being treated as escape characters much later during hostname.if parsing in netstart(8). Ok deraadt
4675fc66 2020-05-17 17:04:27 Change install images called *.fs to *.img. These are UFS filesystem images, but additionally have a bootblock in the first 8K (since UFS does not use that space). There are some UEFI direct-from-internet bootloaders that require the name *.img. So this makes things more convenient for those, while keeping it consistant in all architectures. ok kettenis beck kn
382f12e8 2020-05-08 00:56:29 less ugly upstream names
7237aa57 2020-05-05 14:42:44 watch the /.profile and the /.cshrc in the root directory; i noticed this is desirable while looking at an issue reported by Doug Moss <dougmoss710 at yahoo dot com> on bugs@; OK deraadt@ sthen@ tb@
0e97b6f7 2020-05-03 16:48:47 repair headers, as noted by tb
d91bece2 2020-05-03 16:34:16 correct date
de1f111a 2020-04-29 15:38:31 Sort variables and fix a comment. No functional change.
38cbc561 2020-04-24 20:09:30 regen
66992aee 2020-04-24 20:09:04 Bump audio devices count to 4 ok deraadt
35488502 2020-04-24 14:57:31 rpki-client does not do privsep and also no chroot to /var/empty. Change the user to 'rpki-client user' and the homedir to /nonexistent since it is not required for operation of rpki-client. OK deraadt@
5d501c9e 2020-04-23 17:12:59 "local-address" can be specified for both address families now, so no more need for separate v4/v6 groups. ok claudio@
06bd33e0 2020-04-23 02:54:50 Recent changes in usr/mdec require (substantial) growth of the ramdisk. ok jsg kettenis, testing by kmos also
c4e0ad34 2020-04-18 21:29:56 regen
15e934f9 2020-04-18 21:28:35 Create /dev/audio* and /dev/rmidi* with mode 0660 and owned by root:_sndiod. Stop creating unused /dev/mixer* devices. suggested by and ok deraadt
e936b06b 2020-04-18 17:22:43 document the flags field, and combine flags in the rpki example; ok deraadt
e0638294 2020-04-16 23:36:52 Suggest to update RPKI once an hour. In autonomous systems running bgpd(8) and rpki-client(8) on their edge routers, it may be beneficial when out-of-the-box all routers don't all do rpki fetches & bgp loads at the same time. It is expected behavior for RPKI information to un-evenly percolate towards the BGP edge in a staggered way. The 'once an hour' pace may be a reasonable balance between the needs of internet users, and what network operators tolerate in churn. OK deraadt@
83995ae7 2020-04-15 03:24:08 Use the new random interval support in cron instead of a random sleep. The random intervals used can be adjusted as needed. OK deraadt@
35a84b1c 2020-04-05 16:15:39 adjust day of the week and year
3a992ce9 2020-04-05 06:34:19 crank to 6.7-beta
ca9b3991 2020-04-04 13:28:46 clang bsd.rd is a bit bigger..
6deb8478 2020-04-03 23:18:36 increase rdroot size ok kettenis@ deraadt@
e270379e 2020-03-13 13:14:40 Run getty on all /dev/ttyC* apart from ttyC0, since it might conflict with /dev/console. Feedback from and ok kettenis@
f89fb3fa 2020-03-12 16:39:07 sync
64add3df 2020-03-12 16:38:58 Add /dev/drm[0-3]. ok deraadt@
7097fc33 2020-03-12 15:32:21 grow limits a bit because clang is a pig.
d1b96a32 2020-03-11 15:41:48 Bump the pbuild data size limit to 7G; Firefox 74 no longer builds in 6G. ok deraadt@
60516390 2020-03-10 10:48:30 add 6.8 fw pubkey
1813335e 2020-03-04 15:41:16 add 6.8 syspatch public key
457e2542 2020-02-28 05:22:52 oops some snapshot tests fell in
7042a378 2020-02-28 04:59:04 sync
adc23a49 2020-02-27 21:31:16 6.8 packages key
1f93b10e 2020-02-26 16:37:55 add 6.8 base key
6bdb2b35 2020-02-22 18:58:13 Do not run _rc_parse_conf of /var/run/rc.d/foobar on "start". This is needed in case a foobar fails to start but still returns 0. Changing its flags (in rc.conf.local) would then get ignored because of this cache (which is around to handle stop/check/reload on flags changes). claudio@ reported this issue when struggling with prometheus several weeks ago
ae205022 2020-02-20 05:41:50 Import regenerated moduli.
d5ae28d2 2020-02-16 20:02:21 Remove trailing backslashes "prefix-set" blocks work with line breaks just fine, probably old macro leftover. OK job claudio
dd6e8aa1 2020-02-12 20:51:49 do not propagate TMPDIR and override value from /etc/locate.rc in weekly effectively reverting r1.9 to follow principal of least surprise "this is fine" millert "i agree with direction" schwarze
96184aae 2020-01-28 16:51:03 sort
e3ad2ec4 2020-01-26 04:26:46 try disconnecting old world boot.mac bootloader for a bit
99ca1a57 2020-01-25 12:05:08 sync rc.d/sshd with sshd proctitle change - listener has been modified to keep command-line arguments again; ok aja@ djm@
7239ffe9 2020-01-24 14:14:45 regen
c0b209fd 2020-01-24 14:11:01 Use major 32 for dt(4). ok visa@, kettenis@, deraadt@
166e2b08 2020-01-24 06:17:37 retire rebound etc bits to the attic
a2434beb 2020-01-24 02:09:51 revert previous; guenther noted that the csh(1) part belongs in dot.login because each invocation will grow the path, but that exposed an interaction with loginShell:true in our dot.Xdefaults...
aaea26c8 2020-01-23 20:56:11 Extend PATH from login(1)/setusercontext(3) instead of overriding. OK millert@
8af19553 2020-01-23 02:52:15 regen after adding pppac
242e115f 2020-01-23 02:47:28 wire up pppac(4). with help from claudio@
3fc960bd 2020-01-22 13:14:51 update pexp in rc.d/sshd to match the new setproctitle ('sshd: [listener] 1 of 10-100 startups'). "makes sense" deraadt@ Beware if you have multiple sshd processes (e.g. on different ports) and want to restart/stop just one - with the current proctitle there's no way to distinguish between these so rc.d/rcctl will match all of them.
e20c779d 2020-01-21 16:21:39 regen
941a6d3e 2020-01-21 16:20:43 Add /dev/dt
2859b701 2020-01-15 17:16:28 6.4 keys not needed anymore
c3b5ca42 2020-01-15 00:19:40 Do not redirect already quiet stdout for IPv6 reject routes "route -q" already silences all standard output; if it still prints something, that's a bug to fix in route. OK bluhm
cedd04ac 2019-12-30 16:49:51 don't suppress error output from running updatelocatedb check that the resulting db works instead of some more specific test okay schwarze@
9371c6ae 2019-12-22 18:19:55 regen
464195c1 2019-12-22 18:18:02 Wire up ipmi(4). ok deraadt@
3367dcf5 2019-12-21 21:39:59 a few depend:-related thingies that were still in. okay millert@, tb@
c0d08ca4 2019-12-17 13:18:04 sync
5e57d677 2019-12-17 13:15:17 Fix fido(4) documentation link (no functional change)
1ba9f8e2 2019-12-17 13:08:54 Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits
e374e5dd 2019-12-14 09:46:02 Fix comment: vmctl command options come before arguments
ba740118 2019-12-14 05:06:15 sync
503b3160 2019-12-14 05:05:46 usb devices nodes have been excesively permissive. repair that.
14a6528f 2019-12-13 21:05:50 sync
b5f7ba0f 2019-12-13 21:03:57 gpr(4) goes away
ab282890 2019-12-04 15:07:51 Insert missing && OK claudio@
5d9a23fa 2019-12-04 14:49:19 Attempt to smear out stampedes on the RPKI rsync servers OK claudio@ benno@