/var/run is emptied at boot time by /etc/rc.d/mountcritlocal, so
there's no point in creating this at install time -- it has to be
created on the fly after /var/run is cleared on every boot anyway.
Mark /var/run/named obsolete in the set lists. XXX This isn't quite
right, because it is legitimate for /var/run/named to exist in a
running installation, but it doesn't exist in a freshly installed
system any more. Maybe we should just remove the entry from the set
lists and add a note to UPDATING about deleting it manually from the
destdir in incremental builds.
PR misc/57877
No reason to write to this -- it's expected to have ptyfs mounted,
and ptyfs doesn't allow changing the directory. So use 0555
(-r-xr-xr-x) instead of 0755 (-rwxr-xr-x), like it is by default with
ptyfs mounted.
PR misc/57877
Except etc and xetc, which likely won't match for reasons that aren't
great, like etc including empty log files which in an installed
system have probably changed.
This test will probably fail, but we should make sure it doesn't!
PR misc/57877
and sh's && instead of test's obsolete -a.
Minor formatting cleanups, including removing unneeded \ line continuations.
The somewhat bizarre way that named_migrate() was made to work in a
subshell (which of itself is fine, and looks needed) has been made more
rational. Because of that, the need to use local vars is no longer there,
(subshells can't affect the parent) and "local" in that func could be deleted
(but hasn't been).
Take the opportunity to do a little sh formatting cleanups, the \
line continuation can ususually be avoided by placing sh operators at
the appropriate places.
Note the [ x"$var" = x"$other" ] usage no longer needs the 'x',
avoiding that kind of nonsense is partly why test was much more
precisely specified, and a lot of the unnecessary stuff made obsolete.
Those however I did not remove (they're harmless).
This one was particularly bad:
if [ -z ${dev} -o ${junk} ]; then
was supposed to be validating an entry read from a config file,
dev should be not empty, and junk should be empty (ie: correct
number of fields present). If that test succeeds, the line is
bad, and we error out.
But if dev was empty, and junk was also empty, that turned into
if [ -z -o ]; then
which tests if "-o" is the empty string, which it isn't, so instead
of succeeding, and considering the entry invalid (no dev specified)
the code would just carry on as if all was good.
Because of this, a bunch of quoting fixes were also made (there might
perhaps be more needed).
While here a couple of minor formatting improvements - in general it
is always a good idea to surround sh operator chars (like '>' '(' ...)
with white space, to guard against thet possibility that some other (or
later enhanced) sh might have additional operators which happen to be
the character string used.
I don't understand while the final part of the condition for not doing
anything needs to run in a subshell, but that can stay for now.
This update makes this driver more than just an example and allows for:
o More than one pin to be attached to a gpioirq instance. That is,
the mask parameter can be greater than 0x01 now.
o A /dev/gpioirqN device that allows GPIO pin interrupts to be
transported into userland. This is a device that can be opened for
reading with a simple fixed output indicating the device unit, pin
number and current pin state.
This update was used as part of a physical intrusion detection system
where multiple switches (i.e. window magnetic reed switches and etc.)
are tied to a bunch of GPIO inputs with userland software that reacts
to the pins changing state.
- Allows overriding default from /etc/npf.conf
- Indicate rules file used in output
- Drop check for file presence in script - rely on npf exiting with error
Otherwise in systems without certctl_init=YES, such as systems
installed with sysinst(8) where it's unnecessary because the rehash
has already happened at install time, you'll get spurious warnings.
PR install/57629
XXX pullup-10
This is very limited -- it does not supplant postinstall to rehash
certificates on upgrade; it only runs certctl rehash if
/etc/openssl/certs is an empty directory, as you get in live images
not created with sysinst.
We could also have a more general-purpose way to run postinstall(8)
on first boot of an image, but that has a lot more moving parts to
think about, so let's start with this limited-scope low-risk
approach.
PR install/57629
XXX pullup-10
This way postinstall(8) can refer to the default one when you've done
an upgrade without etcupdate or similar to pull in new config files
from etc.tgz.
Not great -- we should do this systematically for all config files in
/etc, but this one-off hack is less risky for 10.
We no longer block indefinitely -- if nothing else, the hardclock
timer should yield enough samples to unblock /dev/random on all but
the most severely deterministic machines -- so it should be generally
safe for availability to set entropy=wait.
This doesn't guarantee that HWRNG/seed has been provided before you
run ssh-keygen or call getentropy(3) in a user application, but it
does raise the security above netbsd<=9.
PR security/55659
PR lib/56905
XXX pullup-10