From caf9e7cb30089661045b52f92c23962fa3a720e7 Mon Sep 17 00:00:00 2001
From: rpe <>
Date: Wed, 14 Jun 2017 21:39:53 +0000
Subject: [PATCH] Add a new function reorder_kernel() that relinks and installs
 the new kernel in the background on system startup. It stores the hash of the
 new kernel and sends a notification email to the admin or root user. If it
 finds /usr/share/compile.tgz, it removes the existing compile dir and
 replaces it with the content of (new) archive. If the hash of /bsd does not
 match the stored one, no relinking happens.

Idea from, joint work with and OK deraadt@
OK tb@ halex@
unnoticed by many
---
 src/etc/rc | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/src/etc/rc b/src/etc/rc
index 2a84c554..4a1e190b 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.501 2017/06/06 13:59:37 florian Exp $
+#	$OpenBSD: rc,v 1.502 2017/06/14 21:39:53 rpe Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -219,6 +219,38 @@ reorder_libs() {
 	fi
 }
 
+# Re-link the kernel, placing the objects in a random order.
+# Replace current with relinked kernel and inform root about it.
+reorder_kernel() {
+	(
+	set -e
+	_compile_dir=/usr/share/compile
+	_kernel=$(sysctl -n kern.osversion)
+	_kernel=${_kernel%#*}
+	_kernel_dir=$_compile_dir/$_kernel
+	_sha256=$_kernel_dir/SHA256
+
+	if [[ -f /usr/share/compile.tgz ]]; then
+		rm -rf $_compile_dir
+		mkdir -m 700 -p $_compile_dir
+		tar -C $_compile_dir -xzf /usr/share/compile.tgz $_kernel
+		rm -f /usr/share/compile.tgz
+	fi
+
+	[[ -f $_sha256 ]] && sha256 -q -C $_sha256 /bsd
+
+	cd $_kernel_dir
+	make newbsd   >$_kernel_dir/log 2>&1
+	make install >>$_kernel_dir/log 2>&1
+	sha256 -h $_sha256 /bsd
+
+	(echo "Kernel has been relinked and is active on next reboot\n"; \
+		cat $_sha256; echo "\nRelink log:\n"; cat $_kernel_dir/log ) |
+		mail -Es "$(hostname) Kernel relink info" root >/dev/null
+
+	) >/dev/null 2>&1 &
+}
+
 # Run rc.* script and email output to root.
 # Usage: run_upgrade_script firsttime|sysmerge
 run_upgrade_script() {
@@ -586,5 +618,7 @@ echo -n 'starting local daemons:'
 start_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xenodm
 echo '.'
 
+reorder_kernel
+
 date
 exit 0