Use /var/db/obsolete instead of /etc/obsolete
etc/Makefile:
Create separate target "install-obsolete-files" to populate
/var/db/obsolete, instead of using "install-etc-files".
Makefile:
Add do-obsolete target, to run "cd etc && make install-obsolete-files",
and add this to BUILDTARGETS.
This moves the "obsolete files" creation from "distribution" to "build".
Per discussion with Andrew Brown.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.
Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.
* Improve message display in find_file_in_dirlist()
* do_obsolete(): instead of running distrib/sets/makeobsolete to
temporarily generate the obsolete sets lists, look for them in
${SRC_DIR}/etc/obsolete/* or ${DEST_DIR}/etc/obsolete/*.
The obsolete check now works for "extracted etc.tgz" as the source dir.
etc/Makefile (install-etc-files), distrib/sets/lists/*
* Install obsolete set lists into /etc/obsolete/
* Tweak how pwd_mkdb files are added to METALOG
distrib/sets/makeobsolete
* Don't bother with "_obsolete" suffix on generated file names.
the state table, making it much more useful.
The behaviour of 'restart' is unchanged (flush state table and reload
rules), but is now done slightly more elegantly.
ok'd by lukem.
The old behaviour caused problems when /home is a symlink on a system
and pax is used to extract base.tgz or "installworld" the base set
(because pax will remove the symlink before creating the now-empty
directory). It also made it more difficult for a site that wants
permissions on /home to be something other than what the NetBSD
defaults are.
For sites which want /home, it's a "once off" operation to create it,
and "useradd -m" (with the default "base-dir" of /home) will create
it anyway.
This resolves PR [install/19673], as well as being more consistent
with our defacto policy of "not stomping on stuff we don't need to".
check_passwd_nowarn_shells Don't warn about these non-/etc/shells shells
check_passwd_nowarn_users Don't warn about these users
check_passwd_permit_star Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
/usr/libexec/uucp/uucico, so that it will not warn about the default
master.passwd.
The rationale here is that an administrator who chooses to permit these
warnable conditions should not be warned about them day after day, yet
should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
entries for Kerberos or ssh logins, despite the fact that we permit
"*ssh" (etc.) for this purpose (legacy).
(Using partition f to boot, since that is the default on sparc64
machines and we don't have to consider conflicts for single arch CDs -
this means "boot cdrom" just works)
tron