including checks for "backups that exist when actual file is deleted", a la
the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks.
This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.
in and setting -kb, check it out again, since the initial check in
trashes any RCSIDs (because -kb wasn't set at that time).
This stops the annoying situation where you add a new file (e.g, "foo")
which contains an RCSID and you get *two* notifications of differences
in two successives runs of /etc/security; the first when the file is
initially checked in and a second when diff finds the RCSID is different
(contains "foo.conf,v 1.1" instead of "foo,v 1.66").
rc_rcorder_flags extra flags to rcorder(8) in /etc/rc
rcshutdown_rcorder_flags extra flags to rcorder(8) in /etc/rc.shutdown
This can be used to specify extra directories to search for rc.d scripts in.
For example, adding the following to rc.conf(5):
rc_rcorder_flags="/usr/pkg/etc/rc.d/*"
rcshutdown_rcorder_flags="/usr/pkg/etc/rc.d/*"
will add the files in /usr/pkg/etc/rc.d to the list of files that rcorder(8)
uses to build the list of scripts to start or stop.
I proposed this functionality on tech-userlevel@ over one month ago.
Closes the recent [misc/16888], which asked for a similar feature.
use appropriately (rather than replicating effort)
- add check_ids(), to check if the lists ids exist in the first field
of a : separated file.
- implement do_gid() and do_uid() using check_ids()
- check for ${DEST_DIR}/var/chroot/ssh instead of /var/chroot/ssh
- rename rcconf_isset() to rcconf_is_set()
- rename cmpdir() to compare_dir()
- be consistent about referring to variables with ${...}
Obsolete NBUILDJOBS; build.sh just passes -jN through to make(1),
which inherits it cooperatively through the build tree. Fix
documentation so that it's shown to be deprecated.
If you use build -jN, please save full build logs so that errors due
to missing dependancies can be analyzed and corrected.
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).
etc/postinstall will detect this, and if "fix" is given, rename the files.
- add extra arg to cmpdir() (before files list), which is the target
mode of copied files
- implement rcconf_isset(), which checks if an rc.conf(5) variable is set
and warns if so.
- minor tweaks
Note:
(1) Character device major number chages to 49 from 48(in my original
code). So it is necessary to rebuild device files.
(2) Must use Booter 2.0.0a10 or later.
(3) Default mode is cpu busy wait. It is defined by flags 0x1000.
It will be more slow than before.
No flags means hardware interrupt mode. But it might be able to
get no interrupts.
Support machines:
(1) Quadra 630 series
(2) PowerBook 150
Non tested machine:
(1) PowerBook 190 series
Approved by: briggs
as NetBSD evolves.
checks/fixes supported in initial version:
defaults /etc/defaults being up to date
mtree /etc/mtree being up to date
rc /etc/rc* and /etc/rc.d/ being up to date
periodic /etc/{daily,weekly,monthly,security} being up to date
ssh ssh configuration file relocation
- Add support for "setvar", which allows setting of arbitrary wsconsctl(8)
variables. Per email on tech-userlevel from Julio Merino <jmmv@hispabsd.org>
make -V FILES
from being useful (and given that every other variable can be
extracted using make -V, the behaviour was unusually inconsistent
given that the original reason for clearing it doesn't seem to be
relevant anymore)
- use <bsd.prog.mk> instead of directly including <bsd.files.mk>
(and possibly <bsd.man.mk> or <bsd.own.mk>)
- remove obsolete NOPROG
+ it was not discussed first
+ it is not consistent with the rest of the rc.d system. everything else:
- has defaults & example configuration in /etc/defaults/rc.conf
- uses lower-case variable names, including ipmon itself
Similar functionality added by the change I'm backing out may be
reintroduced in the future once it's been changed to meet our de-facto
rc.d standards, as opposed to something that appears to have been
lifted from a non-NetBSD source (HP/UX ?) ...
This was tested using a custom INSTALL kernel. The current one is >4Mb
which the cats firmware can't currently boot. We need to decide what
needs to be removed from INSTALL.
(${KERNEL_SUFFIXES}), put the list in a shell variable and use that.
Both bash (before 2.05a) and Solaris /usr/xpg4/bin/sh report a syntax
error otherwise.
This occurs before the first load_rc_config() so that it may be
overridden by the user, and appears in single quotes so the
variables don't get evaluated until the eval in run_rc_command().
Problem noted by Patrick Welche <prlw1@cam.ac.uk> in [bin/15912].
Replace $critical_filesystems with $critical_filesystems_remote .
The new names are now consistent with the type argument that
mount_critical_filesystems() is called with, and allows for other types to
be easily supported by that function.
For backwards compatibility purposes, if the now obsolete variable is defined
(even empty), it takes precedence over the new form, and you will be warned.
If you want to stop the warnings, update your rc.conf(5) settings!
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.
As discussed on tech-userlevel, and approved by Luke.
make them "externally" available:
Previous Current Purpose
-------- ------- -------
_arg rc_arg Argument to command, after fast/force
processing performed (and prefix
removed)
_flags rc_flags Flags to start the default command
with. Defaults to ${name}_flags,
unless overridden by $flags from the
environment. This variable may be
changed by the precmd method.
_pid rc_pid PID of command (if appropriate).
_rc_run_fast rc_fast Not empty is "fast" was provided.
_rc_run_force rc_force Not empty is "force" was provided.
- Use rc_flags instead of _flags or ${name}_flags in various rc.d scripts,
so that $flags from the environment overrides ${name}_flags from rc.conf(5).
Fixes [bin/15800].
If set to yes, block-type swap partitions will be deleted upon shutdown.
This can be useful if swapping onto a RAIDframe device, but may cause
unnecessary delays during shutdown for the general case, so it's
disabled by default.
Should resolve [bin/14433] and [kern/14769].
If set, the first line of $command is read, the leading #! is
removed, whitespace is normalised, the first word is checked
against $command_interpreter, and the result is used as the
string to match in the ps(1) output.
This code isn't infallable, but works for common cases such as
#!/bin/sh
#! /usr/pkg/bin/perl -w
This helps solve the problem described in [bin/15563], and by
Ed Ravin on tech-userlevel.
- Move the common elements of check_process() and check_pidfile() into
_find_processes(), and call appropriately.
- add libc/citrus directory.
this directory contains the common stuffs not only for locale
but also other facilities relating to i18n (e.g. iconv).
- To keep the binary compatibility for the ctype modules easily,
the interface between libc and the modules is simplified.
- For the future integrated extension, module pool is renamed
from "/usr/lib/runemodule" to "/usr/lib/i18n".
In the future, this directory will contain the modules for "iconv",
"collation", etc.
- some cosmetic changes.
- Bug fix for runetype.h; __attribute__((__packed__)) is placed at
the wrong position and it is invalid unintentionally.
But, the all members of the structures seem well-aligned. Thus,
this bug causes no problem, hopefully.
HEADS UP:
- /usr/lib/rumemodule is obsoleted. If you use the multibyte locales,
you need to install /usr/lib/i18n/* from sys/lib/i18n_module .
- The binary compatibility of /usr/share/locale/*/LC_CTYPE is probably kept.
Perhaps, the bug fix about __packed__ mentioned above breaks the
compatibility... Be careful especially on 64bit platforms.
become ippp (ISDN ppp) and irip (ISDN raw IP). The character device now
are called: /dev/isdn (isdnd <-> kernel communication), /dev/isdnctl (dialing
and other control), /dev/isdntrc* (tracing), /dev/isdnbchan* (raw B channel
access, i.e. for user land PPP) and /dev/isdntel* (telephone devices, i.e.
for answering machines).
* use "ln -fs foo bar" instead of "rm -f bar; ln -s foo bar"
* remove unnecessary chown root or chgrp wheel directives; older code here
didn't bother doing this, so why be inconsistent
* when making directories, don't use -p and don't redirect stdout to /dev/null
* clean up whitespace
* wrap the main parser code in a function makedev(), and call makedev
instead of "sh $0". (this is a bit faster)
* don't barf when we have fdesc mounted; just skip the devices fdesc provides
(these files should really be automagically generated...)
- Don't su(1) to ${name}_user if running as that user.
- Support $procname as the name of the process to search for.
Defaults to the value of $command.
I can't remember the rationale for why I made that change in the first place,
and there's been some good arguments presented to me as to why the rcvar
should be checked before status is run.
- always unset the variables used by run_rc_command() before sourcing an
rc.d script, rather than just when rc_fast_and_loose is in effect.
this allows run_rc_command() to be used in .sh scripts (with care).
- remove comment describing now-former limitation of .sh scripts.
- make the rc_fast_and_loose check only after the `` not *.sh / not scratch
/ script-is-executable '' checks. rc_fast_and_loose now behaves a lot more
like the normal operation, in that it skips scratch files and
non-executable files
wiz