Commit Graph

228 Commits

Author SHA1 Message Date
plunky 0067012e91 introduce rcvar_is_enabled to test if a rcvar is enabled
use this instead of rcconf_is_set to warn about superseded
rc.d scripts, to silence spurious warnings produced before
/etc/defaults/rc.conf script was updated.

(spurious warnings noted by Martin Husemann)
2011-07-14 09:31:19 +00:00
plunky b52bb12959 provide a new 'bluetooth' rc.d script, to handle Bluetooth configuration
in a simpler manner. This replaces btattach, btconfig, bthcid, btdevctl
and sdpd scripts, and also should not require any configuration settings
other than "bluetooth=YES", though the full range of configurations is
still possible.
2011-05-27 09:28:41 +00:00
martin 4b3298a1fe Invert the chroot/tcpdump/etc test and make it remove the (not needed
anymore) directory.
2011-04-17 13:16:59 +00:00
martin c98db97906 Add a new check to populate /var/chroot/tcpdump/etc 2011-04-11 20:29:50 +00:00
erh b0e49f7e0c Fix the usage of the -s option to mention using it multiple times, rather
than the deprecated colon separated syntax.
2011-03-12 23:04:16 +00:00
tron cdfb116b0f Install "etc/gpio.conf" if it is missing. 2011-02-13 20:25:35 +00:00
tron 85add3c312 Add "npf" to the list of startup scripts that get checked. 2011-02-13 20:17:26 +00:00
njoly 29263bd796 Add _tcpdump uid/gid checks. 2010-12-17 22:56:22 +00:00
njoly aab4946261 Adjust obsolete_libs to handle both the libraries (unchanged) and the
corresponding .debug files if exists.
2010-11-30 14:35:38 +00:00
christos 30b8bfbace - don't bitch if /usr/X11R6/lib/X11 does not exist, if /usr/X11R6 does not
exist either. We might have never installed X11R6 on this system.
- spell nonexistent
2010-11-21 22:50:37 +00:00
njoly 9220c212a8 Add _atf to uid/gid checks. 2010-11-08 09:01:44 +00:00
dyoung ca088e5210 Do not try in postinstall(8) to replicate the code in etc/mtree/Makefile
that assembles /etc/mtree/NetBSD.dist.  Instead, use the Makefile's
new target, emit_dist_file, to assemble the correct NetBSD.dist.

Previously, 'postinstall -m amd64 -s $SRC_TOP' would install a
NetBSD.dist that was missing /usr/lib/i386/ et cetera.
2010-04-23 19:21:08 +00:00
christos 9a4b585a95 running postinstall fix should also say why fontconfig did not work, like
all other postinstall methods.
2009-12-24 21:52:57 +00:00
mbalmer 9b182ae0ac s/the the/the/ 2009-11-22 18:45:27 +00:00
joerg 1444b07e5e Explicitly request literal mode after .Xr. 2009-10-15 02:15:19 +00:00
apb 138c8d4f23 /usr/X11R7/lib/X11/xkb/symbols/pc used to be a directory, but changed
to a file on 2009-06-12.  Fixing this requires removing the directory
(which we can do) and re-extracting the xbase set (which we can't do),
or at least adding that one file (which we may be able to do if X11SRCDIR
is available).

Reviewed by mrg, snj
2009-10-13 07:47:00 +00:00
tsarna a8bcd3b5c3 Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder. 2009-09-29 23:56:26 +00:00
njoly 5fde6173c5 Make do_mtree correctly report failure if either special or
NetBSD.dist checks failed, not only the last one.
2009-09-21 18:03:03 +00:00
mrg cfb8df7f4f install the fontconfig files into /etc/fonts/conf.avail, and symlink
the default ones into /etc/fonts/conf.d, as per default.

reported by jukka marin on netbsd-users.
2009-09-07 21:07:02 +00:00
mrg 2bd0cf0757 - do not create X11 subdirs always anymore
- we now only create them when building X11, and only create the ones
  we need (X11R6 xor X11R7)

- all these subdirs are now in the xbase set

- move the logic for running mtree into etc/mtree/Makefile

- split NetBSD.dist into 3 files, and have the build and postinstall handle
  creating a possibly merged one.  we still have a single installed file
  called "NetBSD.dist".
2009-09-07 19:34:29 +00:00
mbalmer da7930a7f1 Add gpio to rc checks.
Diff from Geoff Wing <gcw@pobox.com>, thanks.
2009-08-06 08:31:58 +00:00
christos 1e5d85413c moduli moved with openssh 2009-07-20 21:03:42 +00:00
tron 7d5e451c60 Switch to building Postfix 2.6.2 via "external/ibm-public/postfix". 2009-06-23 17:58:22 +00:00
pgoyette 8a01920225 Make the makedev step fail if either MAKEDEV or MAKEDEV.local need to
be updated.  Patch from njoly@
2009-05-22 15:23:17 +00:00
jnemeth 2dac444cfe fetch /etc/dhcpcd.conf from the correct place when building the system 2009-05-13 23:44:26 +00:00
jnemeth 8714d998c8 install /etc/rc.d/dhcpcd as well 2009-05-12 02:17:49 +00:00
jnemeth 363f93e8d1 install /etc/dhcpcd.conf 2009-05-12 01:53:07 +00:00
joerg e7f29a3386 Split fsck during boot into two phases. Check the root file system
first, mount root and run the various disk providers. Add swap and
check the remaining file systems after that.
This breaks the dependency cycle for lvm, which needs writeable /dev.
Depend on rndctl in cgd.
2009-04-21 16:08:57 +00:00
martin ecad31aebd Now that we use ?= to optionally assing to ddb.onpanic, match that when
testint existing configurations too.
2009-04-06 00:30:33 +00:00
martin 4e59766728 Make the ddb.onpanic line acceptable even if commented out 2009-04-01 16:38:46 +00:00
martin 7d53797861 Switch the default value (if no options DDB_ONPANIC is defined) for
ddb.onpanic to 1, change it back to 0 in sysctl.conf and make sure
postinstall installs this setting.
This avoids us trying to dump while booting from install CD, but keeps
the default the same once we are far enough through /etc/rc.d. Failing
earlier is unlikely to be recovered by an automatic reboot.
OK: core.
2009-03-11 23:22:57 +00:00
apb c163e7100a As long as we don't yet have a working TOOL_GREP,
fgrep is more portable than grep -F.
2009-02-26 10:32:43 +00:00
apb b56c1a749f In file_exists_exact(), fix an incorrect test of "1" instead of "$1",
and improve the comment explaining what this function does.
2009-02-26 08:25:50 +00:00
apb 6eefb4e5ea "grep -q" is not portable; use "grep >/dev/null" instead. Also add a
comment saying that postinstal is invoked during a cross build.
2009-02-26 08:05:09 +00:00
sketch bb0a3b607e Use awk and grep host tools where required. 'build.sh release' now works
on Solaris (but only with HOST_CC=/usr/sfw/bin/gcc for now).
2009-02-25 20:38:30 +00:00
dyoung ac7c88b5d2 Look for MAKEDEV.local in both ${SRC_DIR}/dev/ and ${SRC_DIR}/etc/,
so that 'postinstall check makedev' works whether the sources told
by the -s argument are a NetBSD source tree, etc.tgz, or a DESTDIR.
2009-02-25 01:11:50 +00:00
yamt 9287e91c00 do_makedev: look at a correct directory for MAKEDEV.local 2009-02-22 15:27:44 +00:00
jklos c259dad90f Added MAKEDEV.local to postinstall's makedev check. Upgraded systems were
not getting an updated MAKEDEV.local file.
2009-01-26 07:40:01 +00:00
haad f42e53f384 Add lvm script to the lists. 2009-01-16 01:58:32 +00:00
lukem c13322daaf Add rndctl to do_rc().
Thanks to Geoff Wing on current-users.
2009-01-08 02:05:15 +00:00
isaki cf59801230 x68k pow(4) now uses MI sysmon_pswitch framework. suggested by tsutsui@.
- Make MD poffd(8) retire, and use MI powerd(8) instead of it.
- Make /dev/pow1 retire, because nobody holds /dev/pow0 any longer.
  Use /dev/pow0 for pow(4) ioctl.
- POWIOCSSIGNAL ioctl which is for poffd(8) is also obsoleted.
2008-12-20 13:20:58 +00:00
mishka 43e91ff9f2 Import rc.d/httpd script for httpd(8) daemon control.
See rc.conf(5) for options explanation.
2008-12-11 13:55:16 +00:00
cube 6d69dde342 - Introduce a function get_makevar that will retrieve the values of a
specific set of user-derived variables, to be used in SOURCEMODE.
- In SOURCEMODE, generate the rc.d scripts xdm and xfs.
- Auto-detect if X11 sets are used (either through the value of MKX11 in
  SOURCEMODE, or by finding an xetc-xpecific file in sets mode).
- Ignore X11-specific rc.d scripts if X11 is not used.
2008-12-05 19:01:23 +00:00
nakayama c16b2cafae Add scan obsolete minor shared libraries in /usr/X11R7/lib.
Also scan in /usr/lib/i386 for amd64, /usr/lib/sparc for sparc64.
2008-11-24 20:12:28 +00:00
chris 0903aecdd9 lkm1, lkm2 and lkm3 are now obsolete and don't exist in the source tree,
so remove the references to them from postinstall.
2008-11-18 13:14:12 +00:00
snj ffabc8967d s/explicitely/explicitly/ 2008-10-29 17:09:47 +00:00
cube 26626779ff apb's latest change introduced a test to make sure an actual etc.tgz (or an
extraction of it) was provided as -s, but SOURCEMODE was not set to true in
the default case, which is to use /usr/src/etc, a source directory.
2008-10-17 21:31:55 +00:00
christos 3e1e171f06 revert previous; now 'postinstall fix' does not work anymore without having
sets.
2008-10-17 21:20:30 +00:00
christos 3e0c867bca use an existing file otherwise the test always fails. 2008-10-17 21:14:40 +00:00
christos 8b08621cd3 I don't have set.etc!?!? Do you? 2008-10-17 20:52:34 +00:00
apb 3c2b458230 In both postinstall and etcupdate, in modes where the -s argument
refers to tgz files or to a directory in which tgz files have already
been extracted, make it an error for the files that should have come
from etc.tgz to be missing.  This is intended to prevent users from
accidentally deleting necessary files when they run "postinstall -s
xetc.tgz fix".

Use the absence of .../etc/mtree/set.etc in the extracted directory
as a test for the error case.
2008-10-04 08:07:38 +00:00
junyoung 7af93d757a Fix 'arith: syntax error: " N_SRC_ARGS + 1 "' error which occurs with
the Debian default shell ("dash").

Now cross-build works again on Ubuntu 7.10.
2008-09-21 06:20:07 +00:00
apb 7c483070b7 Fix errors in previous. 2008-09-14 17:25:59 +00:00
apb 2d19284cc9 Document that "ss tgz1:tgz2" was merely deprecated, not removed. 2008-09-14 14:24:15 +00:00
apb 50356f5260 Allow "-s tgzfile1:tgzfile2" for backward compatibility. Print a
warning to encourage users to switch to using "-s tgzfile1 -s tgzfile2".
2008-09-14 13:46:51 +00:00
apb 9599e1b7c8 Document the change in meaning of "-s foo:bar". It now means a single
file or directory named "foo:bar".  If you want the old meaning,
use "-s foo -s bar" instead.
2008-09-07 15:24:04 +00:00
apb d8f98eee1d * Allow colons to appear in the names of tgz files, to address PR 39459.
* Remove the ability to specify a colon-separated list of tgz files
  using a single "-s" option, because ":" is now a valid character within the
  name of a single file.  Callers should use multiple "-s" options
  instead.
2008-09-07 15:22:47 +00:00
apb a454795e01 Cleanup shell quoting:
* Almost all shell variables are now quoted, except where they
  hold numeric values such as exit status, or where we want
  the shell to split on spaces.

* Constructs like

    _files="$@"
    do_something_with $files

  are changed to

    #_files="$@"
    do_something_with "$@"

* In contexts where we do actually want the args to be concatenated with
  space separators, use "$*", not "$@".

Tested by running "postinstall check" with a SCRATCHDIR whose name
contained spaces.
2008-09-07 12:34:06 +00:00
matt 875074d9fa Make sure to update root.cache too. 2008-07-23 07:43:12 +00:00
dholland 1d33f98b45 Correct improper escaping of regular expressions in string constants in
awk code. Noted by Aleksey Cheusov in tech-userlevel.
2008-07-13 15:34:16 +00:00
peter 430b2da1d5 Install /etc/pf.os with 444 permissions.
Modify postinstall(8) to always upgrade /etc/pf.os.

Suggested by Luke Mewburn in PR/35188.
2008-06-20 17:04:45 +00:00
yamt fff57c5525 merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@.  requested by core@
2008-06-18 09:06:25 +00:00
apb bf49cd32ad Try to make it clear that local changes will be overwritten
by "postinstall fix".
2008-05-03 09:44:45 +00:00
martin 11a6dbe728 Convert TNF licenses to new 2 clause variant 2008-04-30 13:10:46 +00:00
plunky 486e4624e5 some changes to serial bluetooth host controller interfaces
btuartd(8) should be named btattach(8) for consistency
with other parts of NetBSD

make btattach(8) a single-use tool for less complexity

device specicific initialisation (from btuart(4)) is carried
out prior to activating the line discipline (in btattach(8)),
which simplifies the API somewhat and means that the user
tool and the kernel do not need to be kept in sync.

btuart(4) driver is much reduced; naming is made consistent
and all tsleep() and delay() are removed to userland
2008-04-15 11:17:47 +00:00
tron 63fdde0f21 Avoid error message in "obsolete" check if "/usr/X11R6/lib" doesn't exist. 2008-02-13 12:55:56 +00:00
tron 01e5108f0e Don't fail the X11 check if "/usr/X11R6/lib" doesn't exist. This is
perfectly valid setup (e.g. no X11 or modular X11 from "pkgsrc").
2008-02-13 12:52:14 +00:00
jmmv 80aba14b89 Update URLs after website reorganization in the motd check; per pavel@'s
request.  Closes PR misc/37070.
2007-12-15 17:48:38 +00:00
wiz 8e492a60da Typo fix. 2007-12-01 19:38:38 +00:00
jnemeth 91954fd117 PR/35238 - tls@ -- add _proxy to uid and gid checks 2007-11-21 10:41:03 +00:00
pavel d35530e427 now when trap 0 is not used, we need to remove the temporary directiry
at the end. PR bin/37223.
2007-10-26 17:26:25 +00:00
tls 215e50961e Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.
2007-10-16 02:47:12 +00:00
pavel eb9220515b Add a check for obsolete sendmail in /etc/mailer.conf, installs a
fresh copy of the file if invoked as "fix". Not enabled by default.
2007-10-05 10:28:45 +00:00
pavel 6590c89893 Return exit status 1 for failed chacks/fixes, 2 for errors. Suggested
by hubertf. Use exit status 3 for internal errors (misuse of internal
functions).
2007-10-05 10:17:13 +00:00
pavel e9045950d7 do not use trap 0, it clobbers the exit status. Instead remove the
scratch directory in err(). Use err() instead of exit in one place to
ensure that the temporary directory is removed.
2007-10-05 10:06:49 +00:00
plunky 30ba4a7458 add mention of rc.d/btuartd 2007-07-29 13:17:38 +00:00
xtraeme efff6f1100 Extend do_envsys() and check if the sensor_* files in /etc/powerd/scripts
are installed.
2007-07-15 14:31:08 +00:00
xtraeme 307b2a722c Do not install fixsb anymore, which was removed recently. 2007-07-15 13:02:41 +00:00
jnemeth e135b05bdf fix error message for obsolete_libs 2007-07-15 03:04:39 +00:00
ad 96d0aa8e9b fixsb has done its job. 2007-07-14 21:20:31 +00:00
xtraeme 37b598db93 Add do_envsys() that checks if /etc/envsys.conf exists. 2007-07-12 07:13:07 +00:00
xtraeme 4c67d94842 Update for /etc/rc.d/envsys. 2007-07-01 08:30:09 +00:00
pavel 511b2e988c Remove the remaining sendmail config files (including everything in
/usr/share/sendmail) from the obsolete list. Instead, remove them in the
"sendmail" postinstall item, which is disabled by default, to prevent
losing sendmail configuration on upgrade. Fixes the rest of
PR install/36180.
2007-06-08 22:24:07 +00:00
pavel 9188cd99a0 Separate postinstall checks in two groups: enabled and disabled by
default. Only the former checks/fixes are done if no items are given
on the command line. The latter must be requested explicitely.

Intended for "fixes" that are dangerous in some way, because they might
remove files that are still in use, for example.

Make the "sendmail" item disabled by default, it removes sendmail
configuration. Partly addresses PR install/36180.

Proposed on tech-userlevel, review and spelling fixes from lukem@.
2007-06-02 21:25:08 +00:00
kiyohara a0f7691122 Add btuartd.conf to bluetooth. 2007-04-11 07:16:28 +00:00
apb bc4861bd29 * Make postinstall's -s option accept several tgz files, either by
repeating the -s option, or by using a colon-separated list.
* Update postinstall(8) man page with some of the text used in
  etcupdate(8)'s description of the -s option.
* Remove an outdated comment about invoking etc/postinstall from
  the directory in which the tgz is extracted.
* Rename orig_SRC_DIR to SRC_ARG and make related changes.

Reviewed by lukem and martti.
2007-03-26 18:09:42 +00:00
plunky c6f8856e3c For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd 2007-03-18 15:53:54 +00:00
apb 9271fd890c Revert previous. MAKEDEV.subr no longer exists. 2007-03-03 06:43:46 +00:00
apb 8c150ea895 Convert the guts of do_makedev() into a loop that checks both MAKEDEV
and MAKEDEV.subr.
2007-03-01 07:51:26 +00:00
elad f0d477cb85 Add perusertmp. Pointed out by Geoff Wing, thanks! 2007-02-05 02:34:30 +00:00
cbiere 4ce24268ac Added user and group "_timedc" for timedc. 2007-01-28 16:39:29 +00:00
lukem 287af45b8d Crank copyright.
Whitespace & linewrap consistency tweaks.
2006-12-05 10:26:28 +00:00
lukem 24891c430b Fix method to find pf.os so it works with '-s etc.tgz'.
PR 35185 by Valeriy E. Ushakov.

Don't bother to find pf.conf first; the code was a noisy no-op.
2006-12-05 10:18:41 +00:00
peter 7682107fa9 Check if /etc/pf.conf and /etc/pf.os exist and copy them if they don't.
Suggested by lukem@.
2006-11-26 12:05:21 +00:00
lukem 968ace8d2a /etc/postfix/post-install needs to be 555 not 444. 2006-11-14 00:04:01 +00:00
rpaulo e3c4f7c039 PR 34692: wpa_supplicant script.
By Jukka Salmi.
2006-10-07 16:50:34 +00:00
jmmv 15adcce63e Add a check to aid in the migration of motd contents between development
releases.  Suggested by tron@ and approved by silence in tech-userlevel@.
2006-09-23 08:27:52 +00:00
dbj 5671786b47 fix problem with file_exists_exact where it was returning false
for dangling symlinks because it was checking them with test -e
2006-09-12 01:15:16 +00:00
dbj ad69f7c05a fixes for building into case preserving, but case insensitive $DESTDIR
- have checkflist do a second possibly case insensitive check for
   files which are missing from DESTDIR
 - have postinstall require exact case matches for obsolete files
2006-09-11 22:16:10 +00:00
plunky 4f1cbddc12 update to bluetooth device attachment:
remove pseudo-device btdev(4) and inherent limitations

add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.

btdevctl(8) and its cache is updated to handle new semantics

etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
2006-09-10 15:45:55 +00:00
hubertf f83266c2e3 Explain that etcupdate(8) may do the job that postinstall(8) can't
do. (Example: fix master.passwd to include _rwhod and whatnot)

OK'd by lukem@
2006-08-18 12:02:55 +00:00
hubertf c200fdcc45 give a hint on how to fix the 'NOT FIXED' checks -> fix manually
OK'd by lukem@
2006-08-18 12:01:53 +00:00
plunky 885b13c515 rename btcontrol(8) as btdevctl(8) to make it fit with the NetBSD naming
scheme for control programs. This fixes pr 34051.
2006-08-13 09:03:21 +00:00
hubertf ac583aa32a Xref etcupdate from postinstall, and vice versa. 2006-08-11 20:28:22 +00:00
tron fdeefd9c3e Bluetooth fixes by Iain Hibbert:
Create "/etc/rc.d/btcontrol" to attach bluetooth devices at boot.
2006-07-26 11:14:55 +00:00
tron ebe62ad714 Bluetooth fixes by Iain Hibbert:
Remove bluetooth.conf(5) and config parsing from libbluetooth(3)
as this is no longer required.
2006-07-26 11:11:04 +00:00
tron 903cbf25d1 Create and populate "/etc/bluetooth". Based on patch submitted by
Iain Hibbert on "current-users" mailing list.
2006-07-15 21:32:58 +00:00
gdamore a5c89047c0 Initial import of bluetooth stack on behalf of Iain Hibbert. (plunky@,
NetBSD Foundation Membership still pending.)  This stack was written by
Iain under sponsorship from Itronix Inc.

The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.

Drivers for both PCMCIA and USB bluetooth controllers are included.
2006-06-19 15:44:33 +00:00
tron 3421be369d Remove "/var/spool/clientmqueue" and "/var/spool/mqueue" from the list
of obsolete directories and handle them via the "sendmail" item in
postinstall(8), too. These directories are of course necessary on
systems using the "sendmail" package.

Problem pointed out by Hisashi T Fujinaka on "current-users" mailing list.
2006-06-09 21:19:40 +00:00
tron c5ddcac518 Remove the "sendmail" configuration files and startup scripts from the
list of obsolete files. Resurrect the "sendmail" item which now flags
these files as obsolete unless the "sendmail" package is installed.
2006-06-09 12:18:30 +00:00
simonb b93b04bf77 Sort the obsolete rc.conf(5) variables to check, and only check
sysctl once(!).
2006-06-08 20:58:38 +00:00
tron 300dbf11e5 Check whether user and group "postfix" exist. 2006-05-30 19:31:13 +00:00
tron 73575a68a2 After removal of "sendmail":
- Remove the code dealing with "sendmail" updates.
- Don't check for the existence of user and group "smmsp" any more.
- Remove "/etc/rc.d/smmsp" and "/etc/rc.d/sendmail" because there defaults
  have been removed from "/etc/defaults/rc.conf".
2006-05-30 05:53:24 +00:00
simonb b8fb2aedbe Sync rc.d file list with etc/rc.d/Makefile, adding ftpd, hostapd, and
irdaattach.
2006-05-14 15:46:40 +00:00
tron 2d77f6d3d5 Add "iscsi" target which install the iSCSI configuration files.
This will stop e.g. "/etc/security" complaining about these files
missing after a sucessful run of "postinstall"
2006-05-12 12:43:28 +00:00
tron ef526ff868 Check for and install "/etc/rc.d/iscsi_target". 2006-05-12 07:16:47 +00:00
tsarna 55551a76e2 Add postinstall item for the rwhod de-preivledging.
Check and correct permissions on /var/rwho files so rwhod
will be able to update them.
2006-02-14 17:14:21 +00:00
lukem 547b2d58b6 Add checks for _rwhod group & user.
Noted by Patrick Welche on current-users.
2005-11-22 22:10:52 +00:00
lukem 2484bb2972 Fix do_defaults() so that it errors when there's a mismatch.
Noted by Matthias Scheler.
2005-10-02 23:46:48 +00:00
lukem 922ca28a60 Add "named" item to move /etc/namedb/named.conf to /etc/named.conf.
Per discussion with Matthias Scheler.
2005-09-12 23:16:15 +00:00
lukem d50a2d0385 Reorganize items so that they're in alphabetical order except that
"obsolete" is moved to the end.
Clean up some comments.
2005-09-12 15:48:29 +00:00
lukem d4b0741135 not all items can be fixed automatically 2005-09-12 15:42:12 +00:00
lukem 898fa7c553 Fix the installation of /etc/defaults/pf.boot.conf so that it works
with -s etc.tgz.
2005-09-04 10:13:15 +00:00
peter 9c1da17e90 pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
2005-08-23 12:12:56 +00:00
lukem ea2bd1f523 If /etc/ssh/sshd_config contains the following deprecated options,
comment them out:
	rhostsauthentication
	verifyreversemapping
	reversemappingcheck
2005-04-26 01:07:35 +00:00
lukem 5cae62926d do_postinstall() is now unnecessary; remove it.
If extracting -s etc.tgz to a temporary directory, don't run the
embedded etc/postinstall since it doesn't exist anymore.

Remember the original SRC_DIR passed in (e.g, "-s etc.tgz") and
display that in the suggested "fix" message, rather than a temporary
path to the extracted etc.tgz which won't be correct for the next run.
2005-04-17 15:38:34 +00:00
lukem 9358e88bbf Update for move to /usr/sbin.
Add a HISTORY.
2005-04-17 15:27:23 +00:00
lukem 5c5750a595 Move /etc/postinstall (and the etc.tgz set) to /usr/sbin/postinstall
(and the base.tgz set).
2005-04-17 15:15:48 +00:00