From b886f3624ff6587354405cd3d7d4df7f9add78c6 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Mon, 23 Nov 2009 12:14:25 +0000
Subject: [PATCH] Move ipsec key creation before isakmpd, and sshd to become
 the first of the network daemons so that it can be used if another daemon
 stops in its tracks. ok claudio markus sthen

---
 src/etc/rc | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/etc/rc b/src/etc/rc
index 13b5c632..b999623c 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.332 2009/08/12 13:21:15 deraadt Exp $
+#	$OpenBSD: rc,v 1.333 2009/11/23 12:14:25 deraadt Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -371,6 +371,19 @@ if [ X"${named_flags}" != X"NO" ]; then
 	echo 'starting named';		named $named_flags
 fi
 
+if [ ! -f /etc/isakmpd/private/local.key ]; then
+	echo -n "openssl: generating new isakmpd RSA key... "
+	if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
+	    > /dev/null 2>&1; then
+		chmod 600 /etc/isakmpd/private/local.key
+		openssl rsa -out /etc/isakmpd/local.pub \
+		    -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1
+		echo done.
+	else
+		echo failed.
+	fi
+fi
+
 if [ X"${isakmpd_flags}" != X"NO" ]; then
 	if [ X"${sasyncd_flags}" != X"NO" ]; then
 		isakmpd_flags="-S ${isakmpd_flags}"
@@ -596,21 +609,12 @@ if [ ! -f /etc/ssh/ssh_host_key ]; then
 	fi
 fi
 
-if [ ! -f /etc/isakmpd/private/local.key ]; then
-	echo -n "openssl: generating new isakmpd RSA key... "
-	if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
-	    > /dev/null 2>&1; then
-		chmod 600 /etc/isakmpd/private/local.key
-		openssl rsa -out /etc/isakmpd/local.pub \
-		    -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1
-		echo done.
-	else
-		echo failed.
-	fi
-fi
-
 echo -n starting network daemons:
 
+if [ X"${sshd_flags}" != X"NO" ]; then
+	echo -n ' sshd';		/usr/sbin/sshd ${sshd_flags};
+fi
+
 if [ X"${snmpd_flags}" != X"NO" ]; then
 	echo -n ' snmpd';		/usr/sbin/snmpd $snmpd_flags
 fi
@@ -728,10 +732,6 @@ if [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then
 	echo -n ' inetd';		inetd
 fi
 
-if [ X"${sshd_flags}" != X"NO" ]; then
-	echo -n ' sshd';		/usr/sbin/sshd ${sshd_flags};
-fi
-
 if [ X"${spamd_flags}" != X"NO" ]; then
 	if [ X"${spamd_black}" != X"NO" ]; then
 		spamd_flags="${spamd_flags} -b"