in /etc/conf/raid/raidN (as well as in /etc/raidN.conf) (less
clutter in /etc).
Allow config files to exist for raids that are autoconfigured (just
skip anything autoconfigured) - this allows a (simplistic) recovery
mechanism if autoconf fails, and makes it simpler to enable/disable
autoconf at will, while keeping the raid working.
While here, add sh quoting where it is needed, and remove it from
where it is pointless.
allow conditionally disabling the building of certain user space
programs in the 'base' set.
There is not enough consensus that this is the right way and a few
people had strong objections, see source-changes-d@.
created if it actualy did create keys (one should thing that a
function called sshd_keygen() only is called to create keys, but
the "precmd" magic makes it run every time sshd is started or stopped).
Patch from Tom Lane, with modifications suggested by kre and a minor
additional cosemtic change.
first character in /etc/gpio.conf and have the rest evaluated in a
shell. It is useful to be able to do actions after setting up gpio
pins or attaching gpioiic(4).
in /etc/rc.conf.d are loaded.
Usually this does not matter as rcvar and name are set to the same value.
For pf_boot and npf_boot, rcvar is set to pf and npf respectively.
Prior to the change, if:
rc.conf contains nfp=YES
rc.conf.d/npf does not exist
Then:
/etc/rc.d/npf_boot rcvar
outputs:
# npf_boot
$npf=YES
If:
rc.conf contains npf=NO (or is not set)
rc.conf.d/npf contains npf=YES
Then:
/etc/rc.d/npf_boot rcvar
outputs:
# npf_boot
$npf=NO
This means that in the latter case, at boot time the npfctl start command
is never run and the firewall is not operational.
a warning to motd pointing at entropy(7) and give instructions how to
re-generate the (weak) keys after fixing up entropy.
Add a "keyregen" command, which forces regeneration of all host keys
to simplify the replacement of weak keys.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
- Use "-6" instead of "--noipv4" as it seems more appropriate based on
the dhcpcd(8) manual page.
- Remove "-f /dev/null" as it seems unnecessary with "-6".
- Remove "--persistent" as it is in the default /etc/dhcpcd.conf,
and this way the user can change it, if they would like to (either
through dhcpcd_flags or by editing /etc/dhcpcd.conf).
The "-b" (or "--background") option is needed to avoid a timeout error
message (and a delay in booting), so it is still left in place.
This results in correct updates to /etc/motd even when the value of
motd_release_tag is changed (a likely event).
Add safe quoting to outputting the read kernel version.
Thanks to kre@ for the feedback.
My personal preferencese for /etc/rc.conf:
update_motd_release=YES
motd_release_tag='Binaries: '
This provides an explanation to users about the second version in motd.
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:
# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL
This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.
This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
rndctl -S triggers entropy consolidation, so whatever we gathered
during kernel startup -- interrupt timings, autoconf timings, &c. --
will be incorporated into the seed and into subsequent data read from
/dev/urandom, just like if rndctl -L had run at this boot, and the
seed will carry them into the next boot too.
But it still avoids frequently consolidating entropy on any regular
schedule, in order to continue to mitigate iterative-guessing
attacks.
- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.
XXX pullup
If you set zfs=YES, presumably you positively want the automatic rc.d
actions, so if there's no /sbin/zfs or if zfs can't find pools with
/etc/zfs/zpool.cache, presumably you would like feedback about that
in rc.log.
kre