Commit Graph

3480 Commits

Author SHA1 Message Date
peter
7147ba1184 PR/30177: Rui Paulo: /var/chroot/pflogd isn't created by default 2005-05-11 10:41:51 +00:00
martin
7a5b2dfb39 Tweak the iso-image support: avoid arbitrary hardcoded sizes - use awk to
estimate the real size and round up a bit instead. Doesn't matter much, but
produces a "better" sgi volume header.
While there, simplify a few bits and avoid grep|awk pipes.
2005-05-10 21:58:03 +00:00
martin
5f3107ece4 Add wscons virtual consoles 2005-05-02 13:39:54 +00:00
lukem
b26a3203a3 Add /etc/pam.conf and /etc/pam.d/* 2005-05-02 03:23:43 +00:00
lukem
188cee5c01 Fix previous, caused by premature optimization...
Noted by Kirk Russell.
2005-05-02 02:51:04 +00:00
lukem
710a7ff6e8 Use zeropad() and hexprint() instead of printf(1). 2005-05-02 00:47:58 +00:00
lukem
117d01fe78 Add hexprint(); display the given number as hex.
Add a comment to document zeropad()'s purpose.
2005-05-02 00:46:46 +00:00
augustss
c246220559 Make /dev/usb readable to all; it is only used to report USB events. 2005-04-30 16:26:06 +00:00
christos
699bb11d46 Add more locale directories in preparation of new gettext. 2005-04-26 19:39:11 +00:00
cjs
2dc0814b72 Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.
2005-04-26 10:28:29 +00:00
martin
441f539b14 Pickup bootblock.h from $DESTDIR to make this work when crosscompiling. 2005-04-22 09:49:45 +00:00
blymn
8387760ed1 Rototill of the verified exec functionality.
* We now use hash tables instead of a list to store the in kernel
    fingerprints.
  * Fingerprint methods handling has been made more flexible, it is now
    even simpler to add new methods.
  * the loader no longer passes in magic numbers representing the
    fingerprint method so veriexecctl is not longer kernel specific.
  * fingerprint methods can be tailored out using options in the kernel
    config file.
  * more fingerprint methods added - rmd160, sha256/384/512
  * veriexecctl can now report the fingerprint methods supported by the
    running kernel.
  * regularised the naming of some portions of veriexec.
2005-04-20 13:44:45 +00:00
lukem
8232ca0162 Tweaks for the move of postinstall from /etc to /usr/sbin 2005-04-17 23:12:40 +00:00
lukem
5c5750a595 Move /etc/postinstall (and the etc.tgz set) to /usr/sbin/postinstall
(and the base.tgz set).
2005-04-17 15:15:48 +00:00
lukem
41595413ba elaborate on sysctl rename 2005-04-16 04:19:24 +00:00
kleink
7a5e7ac8e9 Adjust for the Argentina directory that came with tzdata2004b;
noted by Geoff C. Wing in PR bin/29954.
2005-04-12 15:35:54 +00:00
jwise
bfd29aa656 /var/chroot/spamd is now /var/chroot/pfspamd. 2005-04-12 14:24:32 +00:00
peter
271ad04cd9 Allow an underscore as first character and embedded underscores & dots
for login and group names.

Fixes PR misc/29913 from Arto Selonen.
2005-04-11 15:46:42 +00:00
bouyer
4b058b80fb Add xencons to the default list of devices. Fix port-xen/29887 by Juan RP. 2005-04-06 21:06:28 +00:00
peter
c37e23a1f9 Add _pflogd group. 2005-04-05 19:57:30 +00:00
christos
96cf4771d1 PR/29891: Arto Selonen: su(1) does not seem to honor SU_ROOTAUTH any more
Move the rootauth group line before the wheel check, so that rootauth users
are not required to be in wheel [still commented out]
2005-04-05 18:23:36 +00:00
peter
ee8532311f Add _pflogd to the uid check. Pointed out by Luke Mewburn. 2005-04-05 07:03:33 +00:00
peter
80271013f5 Add the _pflogd user which will be used by pflogd(8), the logging daemon
for pf(4).

Approved by core.
2005-04-04 19:06:43 +00:00
lukem
c0372ca1ef ypserv(8) doesn't need the domainname(1) set -- it will serve any maps
present under /var/yp/<somedomain>/<map> -- so don't require it.
Thanks to Chuck Cranor for the suggestion.
2005-04-01 23:25:29 +00:00
peter
7c4b722858 Add pf to the all target. Pointed out by Steve Rumble. 2005-04-01 21:07:01 +00:00
lukem
d45db391ec Install all obsolete X11 sets (even empty ones). 2005-03-28 03:13:39 +00:00
tnozaki
a3b248100e add csmapper:CNS11643-1,2 and esdb:ISO-2022-CN,
integrate esdb:EUC-TW, locale:zh_TW.eucTW.
2005-03-27 22:30:05 +00:00
tron
f1f5ecd1a9 We must check for "${MACHINE}" and not "${MACHINE_ARCH}" of course to
decide about port specific obsolete lists.
2005-03-25 20:15:20 +00:00
tron
728512171e Checking for the file "xserver" in "${OBSOLETE.dir}" doesn't work because
the check will be done before the target which is used to create that file.
So simply add "xserver" to "${OBSOLETE.file}" based on the architecture.
2005-03-24 20:23:55 +00:00
martin
6ebdd24d9a Make var/db/obsolete/xserver optional. 2005-03-24 09:07:17 +00:00
rtr
c6b047ea8b + do not install getconfig 2005-03-24 05:27:18 +00:00
rtr
80843b35d1 + getconfig scripts and configs 2005-03-22 21:43:24 +00:00
lukem
857d896931 -s can be given 'etc.tgz' directly. (Thanks to hubertf for the reminder)
Improve usage.
2005-03-22 04:43:53 +00:00
tron
fb571c8922 Add support for handling obsolete X11 files and directories. 2005-03-21 23:09:39 +00:00
tron
96f232123e Remove directory which got obsoleted by XFree86 4.5.0. 2005-03-21 14:45:19 +00:00
christos
12399bd640 Add the freetype services directory under internal 2005-03-20 18:25:22 +00:00
shige
34be8773f6 Add OPENBLOCKS200 kernel. 2005-03-18 16:32:59 +00:00
christos
c50dc53d46 pam_self is "required" not just sufficient to authorize the Xserver. 2005-03-18 15:15:25 +00:00
tron
878fa2f707 Replace hardcoded "/var/run/named.pid" with ${pidfile}. 2005-03-17 18:44:09 +00:00
christos
5b3d8c8c12 remove stray l. 2005-03-17 01:47:18 +00:00
christos
c788433bb3 Remove ,optional accidentally committed. We are not going to do this after
all.
2005-03-17 01:07:51 +00:00
xtraeme
d34097e695 Create the xbd1* devices as well as xbd0*, this is useful to install
domUs via CDROM or unmounted FS in the sysinst menu.
2005-03-15 23:46:09 +00:00
peter
80f533ce07 Do a "flush all" when disabling pf. This also changes the restart case
to do a "flush all", while the reload case will only reload the rules without
flushing anything.

Suggested by Miles Nordin.
2005-03-15 18:22:03 +00:00
peter
0a9aa9779a Install pf(4) examples. Reviewed by yamt@.
Thanks to hubertf@ for the reminder.
2005-03-15 16:05:03 +00:00
lukem
f198807ca5 Explicitly REQUIRE mountcritremote, since this uses awk. 2005-03-15 12:06:12 +00:00
christos
138a35afd9 comment out pam_ssh and mention it has potential security issues. 2005-03-14 23:41:49 +00:00
jdolecek
03258a805a separate tun(4) and joy(4) entries, those two are totally independant
PR: kern/29673 by FUKAUMI Naoki
2005-03-12 10:26:45 +00:00
tron
9533cbbc67 Try last fix once more. 2005-03-12 00:52:51 +00:00
tron
d2a568b356 Fix a bad typo in populate_dir() which broke a lot of checks. 2005-03-12 00:50:23 +00:00
bouyer
3e8f0992c8 Integrate Xen to the i386 build process:
- Add xen devices to MAKEDEV
- Add Xen kernels to list of kernel to build
- Add INSTALL_XENU to the install kernels
- introduce the xbd disk devices to sysinst.

This will add 3 kernels to the i386 release:
XEN0 for use as a Xen domain0 kernel
XENU for use on a non-privileged domain
INSTALL_XENU to install NetBSD on a non-privileged domain virtual disk.
2005-03-11 20:55:10 +00:00
lukem
8286cd5e07 Deprecate etc_release check, since etc/release is now part of base.tgz.
Support '-s /path/to/etc.tgz' which extract the file to a scratch directory
and run the contained version of postinstall against that directory.
This saves about 5 tedious steps which I've done by hand when updating,
and the expense of some minor CPU time on each invocation of this method.

XXX: postinstall needs a man page.  pkill -HINTHINT wizd
2005-03-08 14:09:25 +00:00
martin
cefddd30c8 Remove ${MACHINE} from the volume name of iso images - our new naming sheme
makes the field overflow even on archs where ${MACHINE} is pretty short.

Also rearange MKISOFS_FLAGS so that they default to -quiet unless the
user explicitly asks for -v. Add -hide-joliet-trans-tbl to get rid of
the TRANS.TBL files on modern OSs.
2005-03-08 07:39:30 +00:00
cube
4804c0d992 modload(8) already obtain the value of the machdep.booted_kernel sysctl
node, and use it as a reasonable default when no -A option is passed.

The difference is, modload(8) prefers /dev/ksyms rather than the sysctl
node, which is the behaviour we really want.

Unconditionally passing -A in rc.lkm prevents the loading of inter-
dependent modules from rc.d, as reported by Jeff Rizzo on netbsd-users.
2005-03-04 21:11:23 +00:00
christos
b8911768e7 Add lastlogx to the list of files created. 2005-03-04 16:16:00 +00:00
christos
f709224812 PR/18670: Charles Blundell: Add entries for lastlog and lastlogx 2005-03-04 16:14:46 +00:00
christos
2bd312ac59 PR/29594: Geoff C. Wing: Allow root in rsh like we used to. 2005-03-04 15:30:59 +00:00
christos
37fd46a3fc by popular demand, and now that we have verified that password authentication
works, allow a user to start the Xserver without a password.
2005-03-03 04:21:51 +00:00
christos
afaa144fe7 Add a no nested option that avoids updating the {u,w}tmp databases on a
nested login.
2005-03-03 02:12:32 +00:00
tv
0a66272c73 Revert previous, for now. We don't umount filesystems in the shutdown
process (we're -- probably inappropriately -- waiting for the kernel to do
that at the end), so cgdconfig -U won't do much until that situation changes.
2005-03-02 19:09:22 +00:00
tv
e32d4e2d39 Unconfigure cgd devices on shutdown, so that underlying layers (i.e.,
RAIDframe) are happier.
2005-03-02 12:14:47 +00:00
christos
7f1a777aba Add the xserver description file. 2005-03-01 16:29:44 +00:00
christos
ba359ad0ee use the ksu module not the krb one. Do kerberos authentication first. 2005-03-01 16:28:46 +00:00
christos
9d1d1be44f Add a new pam description file for the xserver. This is used when the
Xserver is started manually using xinit.
2005-03-01 16:27:52 +00:00
sekiya
a7ca5e9389 Now that the install kernel creates its devices at boot-time, we need to
properly populate the init case.  Reworked, using amd64 as a prototype.
2005-03-01 02:36:12 +00:00
sekiya
1bf17b3733 Oops, the init case must create md0. 2005-03-01 01:42:21 +00:00
sekiya
c0336fc23d Add bpf devices. 2005-02-28 08:27:54 +00:00
christos
d81b21774f Add -a valid for PAM. 2005-02-28 02:35:55 +00:00
christos
5bea007640 disable pam_ftpusers module because our /etc/ftpusers has different syntax
than what it expects.
2005-02-28 02:21:46 +00:00
thorpej
1c5ae7179a passwd(1) does not require -p to use PAM. 2005-02-28 01:59:21 +00:00
christos
74bb35d6b9 update for current reality. 2005-02-28 01:27:01 +00:00
christos
0215fc5818 add display_manager and ppp 2005-02-27 22:34:18 +00:00
thorpej
98a2507fb6 Make a note about when telnetd uses the "telnetd" PAM service, and
when the "login" PAM service is used instead.
2005-02-27 21:49:14 +00:00
thorpej
c3bf5c7ebe Disable pam_ssh by default, and refer people to pam_ssh(8) for information
on its security risks.
2005-02-27 21:35:59 +00:00
christos
2b9f821fc2 Mention the problem with ftpusers and that we have a ppp config now. 2005-02-27 19:30:20 +00:00
christos
b89b9e58a2 Add a config file for ppp; same like ftp for now. 2005-02-27 19:29:43 +00:00
thorpej
13eb2abf9e Major cleanup of PAM service configuration files. 2005-02-27 03:40:14 +00:00
bsh
2871250238 add TWINTAIL.
SMDK2410/2800 now have install kernels.
CVS: ----------------------------------------------------------------------
CVS: CVSROOT  cvs.NetBSD.org:/cvsroot
2005-02-27 02:27:12 +00:00
lukem
5b0739524b Improve the description of the "pam" check/fix; it doesn't ensure
that /etc/pam.d is up to date, just populated.
2005-02-27 00:06:25 +00:00
christos
d242353e08 Update status. 2005-02-24 15:15:27 +00:00
manu
77389b1f94 Update racoon status 2005-02-24 13:16:42 +00:00
lukem
118f369d29 Rename compare_dir() to populate_dir() and add "$onlynew" argument,
which if true prevents existing but changed files from being updated.

Reimplement compare_dir() in terms of populate_dir() ($onlynew=false)

Reenable do_pam() and use populate_dir() instead of compare_dir().
This allows missing etc/pam.d files to be installed with "fix", but
leaves (possibly end-user) modified files alone.
2005-02-24 04:06:53 +00:00
martin
dcffc13e8d Rename /dev/fb to /dev/fb0 and make /dev/fb a symlink to it. 2005-02-23 22:56:20 +00:00
lukem
327af7ca04 Only install postfix config if ${MKPOSTFIX} != "no".
Based on PR misc/29341 by Takeshi Nakayama <nakayama@NetBSD.org>
2005-02-23 02:10:33 +00:00
christos
714867dee9 update for rexecd 2005-02-23 01:28:40 +00:00
peter
1c9b56c830 Add MKIPFILTER; if set to no, don't build and install the ipf(4) programs,
headers and LKM.

Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.

Both options default to yes, so nothing changed in the default build.

Reviewed by lukem.
2005-02-22 14:39:58 +00:00
sketch
fbdc9c3fcb Use hostname(1) in preference to uname(1) in case /usr isn't mounted. 2005-02-22 09:12:17 +00:00
sketch
28dfc695f0 Revision 1.2 of dot.shrc changed the prompt to use a HOST variable without
setting it anywhere, so set it here.
2005-02-22 08:28:34 +00:00
christos
97552a9c4d Update for ppp and passwd. 2005-02-22 01:09:29 +00:00
jdolecek
989b421981 add nsmb(4) for NetBSD/amiga
Fixes PR port-amiga/29066 by Florian Stoehr
2005-02-20 17:49:49 +00:00
christos
379a5c3295 rsh is done. 2005-02-20 05:47:13 +00:00
christos
b757d80462 ftpd is done. 2005-02-20 01:47:04 +00:00
christos
56c6171b31 whitespace 2005-02-20 01:46:42 +00:00
christos
75e797d45f Update. 2005-02-20 00:52:21 +00:00
christos
e51566c11b Add a status file so that we can coordinate who works on what. 2005-02-20 00:02:53 +00:00
perry
ac4f38d372 Try to explain what this file does a little bit better. 2005-02-19 17:25:16 +00:00
thorpej
354f2a1004 Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
2005-02-19 16:55:02 +00:00
jwise
4cf2ccf6dc Wording fix. Comment still not entirely clear. 2005-02-16 14:47:46 +00:00
tnozaki
fcff889a4d remove ko_KR.UTF-8.
this locale is alias for en_US.UTF-8 by locale.alias now.
2005-02-10 18:03:01 +00:00
jdolecek
8e401e6c31 add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
2005-02-05 15:26:37 +00:00
perry
c3f3d85961 Restore the html directories. They are indeed functional. 2005-02-04 17:10:40 +00:00