convinced myself that it's better then what we have, but still
not perfect.
/etc/rc : Attempt to seed /dev/random with multiple backoffs.
/etc/rc.shutdown : Attempt to write the entropy_file.
In debugging the above changes, I've run into some
inconsistancies... rc.shutdown is run via 'init 6', but
does not appear to be run via '/sbin/reboot'. Thus, this
set of changes improves life depending on the mechanism
used to shut the system down.
Submitted by: Doug Barton <DougB@gorean.org>
Approved by: markm
which really wasn't such a hot idea in retrospect.
If the random device isn't available, it probably isn't wanted.
If it's wanted, it should be enabled in loader.conf.
the output for the linux_enable and svr4_enable stuff "floating
in the middle of nowhere".
Give them their own section, called "additional ABI support".
kernel modules for ibcs2_enable and svr4_enable.
Don't rely on a shell script to do the neglibly less simple
job of loading a kernel module and running one command for
linux_enable.
These shell scripts are going away.
it lives in /usr/bin. Instead, locate files manually.
Note, only *files* under /var/spool/lock are now deleted rather
than everything that's not a directory. I think this is more
correct, but if anyone disagrees please feel free to change it.
Problem pointed out by: bde
time, and this is used to reseed the random number generator at
boot time.
NOTE - this has no hope of working if you halt(); you need to
execute rc.shutdown to get the entropy stash.
scripts may use to source safely overrides in ${rc_conf_files}
files.
This protects users who insist on the bad practice of copying
/etc/defaults/rc.conf to /etc/rc.conf from a recursive loop
that exhausts available file descriptors.
Several people have expressed interest in breaking this function
out into its own shell script. Anyone who wants to embark on
such an undertaking would do well to study the attributed PR.
PR: 17595
Reported by: adrian
Submitted by: Doug Barton <Doug@gorean.org>
Initial version created by, and kindly much tested by:
bmah@CA.Sandia.GOV (Bruce A. Mah)
Approved by: jkh
Reviewed by: bmah@CA.Sandia.GOV (Bruce A. Mah),
Ollivier Robert <roberto@keltia.freenix.fr>
Obtained from: KAME project
Changes are:
- rpc.umntall is called at the right places now in /etc/rc*
- rpc.umntall timeout has been lowered from two days (too high) to one
- verbose messages in rpc.umntall have been clarified
- kill double entries in /var/db/mounttab when rpc.umntall is invoked
- ${early_nfs_mounts} has been removed from /etc/rc
- patched mount(8) -p to print different pass/dump values for ufs filesystems.
(last patch recieved from dan <bugg@bugg.strangled.net>)
Submitted by: Martin Blapp <mbr@imp.ch>, dan <bugg@bugg.strangled.net>
The current offical Sendmail Inc. version uses /var/mail/ and when we upgrade
our repository to that version, we will get the change. It is best to make
the path change in 4.0-R (which may not have the latest Sendmail Inc. version,
than to change in mid-4.x stream when we may upgrade.
Ok'ed by: Peter (quite a while ago)
rundown script 'reboot' or 'single'. ISO support (which never
worked) has been removed from mount_nfs. mount_nfs and umount
now use mounttab, which allows umntall to work properly. The
rc scripts now call umntall as appropriate.
Submitted by: Martin Blapp <mb@imp.ch>
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
...
recover vi
msgs/bounds
update MOTD
rc.{arch}
rc.devfs
rc.local
$local.startup
securelevel
The motive behind this is to delay rc.{arch} as long as possible,
as it loads the screensaver, which kills the splash screen.
But at the same time, it can't be done after rc.devfs, as
that might depend on arch specific actions. rc.local and local.startup
also should come after these, and securelevel must be last of all.
this is no longer the right way to start Vinum unless you are doing some
kind of maintenance, and that's not the sort of thing that would go into
rc.conf.
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.
Changes discussed on freebsd-hackers.
Submitted by: Doug Barton <Doug@gorean.org>
* All variables are now embraced: ${foo}
* All comparisons against some value now take the form:
[ "${foo}" ? "value" ]
where ? is a comparison operator
* All empty string tests now take the form:
[ -z "${foo}" ]
* All non-empty string tests now take the form:
[ -n "${foo}" ]
Submitted by: jkh
automagically find all the partitions. This is to be preferred to the
somewhat emetic usage of vinum_slices and the equally obnoxious 'vinum
read' command.
log_in_vain:
log_in_vain turns on logging for packets to ports for which
there is no listener.
rc.sysctl:
A generic way to set sysctl values. It reads /etc/syslog.conf
and sets values based on that. No /etc/syslog.conf has been
checked in yet, and I've not added this to the makefile yet
until I get more feedback.
Reviewed by: -current, -hackers and bde especially
enable_quotas - use quotas on your system
check_quotas - check for violations on startup
By assuming that a system was neat and without violation before it booted
we can skip a long (and at that point needless) process.
Submitted by: Alex Perel <veers@disturbed.net>
suitable defaults pointing to the FreeBSD-shipped versions. This will allow
for easier integration of third-party replacements for these daemons.
Reviewed by: Several members of -committers
we set in rc.conf.
Background: the `vinum read' command has changed. For a short period
of time, it required the names of the slices on which vinum was
stored. Now it requires the names of the drives.
about this becase that makes it get run *before* the filesystems are
mounted. If people have added stuff to their rc.conf or rc.conf.local
that uses stuff outside of /bin and /sbin, this will break.
since the kernel must be booted from something ( like a floppy ). This
script must occur near the beginning of the rc file in order to support
read-only NFS mounts, which in turn allows all the BOOTP machines to use
the same / and /usr.
The companion rc.diskless script is forthcoming.
vinum_slices to the names of all slices (block device) which are under
the control of vinum. The configuration will be read in from each in
turn, starting with the most recently updated.
Reviewed-by: jkh
to be written to /etc.
The only essential change is in paths.h, so any third-party software
written correctly will pick it up in the next rebuild.
Reviewed by: the committers list (actually an old version)
Commit changes to rc and rc.local, removing the remaining minimal
functionality of rc.local into rc and commenting it out of rc.local
prior to the deletion of rc.local from the CVS tree.
Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:
# cd /usr/src/usr.sbin/xntpd/util
# make all install
There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.
Kinda-approved-by: phk
file formats. I have added a new rc.conf variable ${ldconfig_paths_aout}
which is like ${ldconfig_paths}, but only for a.out shared libraries.
On a "standard" ELF system, the ELF ldconfig path is taken from
${ldconfig_paths}, while the a.out ldconfig path is taken from
${ldconfig_paths_aout}.
On a not-yet-converted a.out system, only the a.out ldconfig path
is set, and it is taken from ${ldconfig_paths_aout}. If that
variable is unset, /etc/rc defaults it to the value of ${ldconfig_paths},
on the assumption that the system's "/etc/rc.conf" file hasn't been
updated.
unless /var is nfs-mounted.
This was removing ppps device lock (when ppp's started in
/etc/start_if.tun0 in -ddial or -dedicated mode) and allowing
other programs (such as mgetty) to confuse ppp by playing with
the modem while ppp's using it.
People that nfs-mount /var had better not start ppp in this
way....
use this.
Requested by: max, andreas
Note: This change just provides a convenient way to exercise existing
functionality. Whether `kern.securelevel' is effective in increasing
system security is another issue, and one that has been well thrashed
out in the lists.
Move a.out libraries to /usr/lib/aout to make space for ELF libs.
Make rtld usr /usr/lib/aout as default library path.
Make ldconfig reject /usr/lib as an a.out library path.
Fix various Makefiles for LIBDIR!=/usr/lib breakage.
This will after a make world & reboot give a system that no
longer uses /usr/lib/*, infact one could remove all the old
libraries there, they are not used anymore.
We are getting close to an ELF make world, but I'll let this
all settle for a week or two...
properly. Only users of 4 MB machines might not want it this way (to
prevent accidentally clobbering the coredump), but they are somewhat
in the minority these days.
Enable this by setting clear_tmp_enable in rc.conf to YES. Beware
there can be serious side-effects of enabling this, so use at you own
risk.
PR: misc/4982, misc/5054
(if firewall = "somefilename").
Fix typo fixes and URLs which were accidently nuked out of this
file (submitted by: soil@quick.net via PR#3501).
Submitted by: "Danny J. Zerkel" <dzerkel@phofarm.com>
nfs requests from non-privileged ports.
Change mountd such that it does never set this variable, but only clears
it when run with -n. Also document this in the man page.
Leave dumpdev, but kill the savecore variable. Thus, it's still off
by default, but all you need is enabling dumpdev now.
phk's old argument that savecore might inadvertendly fill up the disk
no longer counts, savecore now correctly obeyes a `minfree' file, and
we ship our systems with such a file that even has a reasonable
default.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
wondering what the hw-config of a machine is, and the logs have been
rotated many times since reboot already.
Added:
/sbin/dmesg > /var/tmp/dmesg.boot
to /etc/rc
2.2 candidate
This is a lot more robust and handles errors a lot better. It also cleans
up stray, hopeless, or unmodified files rather than leaving them there
forever.
. crate the symlink for /dev/log if required, then
. remove the old socket (savecore might have already created it
accidentally), then
. start syslogd.
(Btw., our test(1) misses an option to test for a socket.)
- split the "starting network daemons" in half.
- The first half starts things necessary to get full name service up.
- The quota check etc moved from "before network" to after the name
services are running. quotacheck does a while(p=getpwent()) which
isn't real good without YP running...
- moved rwhod a little later to put it with the other network stuff.
- deferred inetd a tad so that it's after ldconfig and dev_mkdb,
otherwise you get logins before you're ready.
Unresolved: named is started before ypserv/ypbind still, but named does
a while(s = getservent()) and while (p=getprotoent()) to suck in the
entire database into memory. This means you cannot have a "+" in the
/etc/services or /etc/protocols files or you get a long hang at boot.