deraadt
be34e24419
remove the SHA256 file as soon as we start creating sets
11 years ago
espie
a6175a019b
Install our second key. NOTE that this is a TEST KEY for use as we improve
our processes.
prodded by deraadt@
11 years ago
deraadt
c9d82279a9
install signify keys
11 years ago
deraadt
5c507bd686
Install our first key. NOTE that this is a TEST KEY for use as we improve
our processes.
ok tedu
11 years ago
deraadt
fbc6865216
create the /etc/signify directory
11 years ago
guenther
c42f7865bd
Delete struct definitions that have been obsolete for a dozen years
ok deraadt@
11 years ago
tedu
9bdaa18357
calling HashFinal with a null digest should crash, not be silently ignored
11 years ago
deraadt
b66e338b72
rename SHA256_ONLY to SHA2_SMALL; changing things so that sha512 support
is also pulled in
11 years ago
miod
7c529b2bed
Rework the setup of the bootable installation cd-rom (installXX.iso) to
contain both a 2048-byte sector ffs filesystem, and a 512-byte volume header,
so that the IP27 boot magic^Wuglyness recently added to the boot-only cd-rom
(cdXX.iso) can be applied as well.
The full-blown installation iso can now boot on IP27/28/30/32/35.
11 years ago
deraadt
0b406e5e6e
sync
11 years ago
deraadt
5e880e25b6
We need /dev/random on the install media
discussed with rpe and halex
11 years ago
millert
05f4462266
Use kern.securelevel to determine whether or not we are in single
user mode now that init no longer raises securelevel during reboot.
OK deraadt@
11 years ago
kettenis
b612c6c4a1
Move atexit(3) into crtbegin.c and certbeginS.c such that we can pass the
right __dso_handle and have dlopen'ed shared objects run their atexit handlers
when they get unloaded. This is what Linux does, and several ports depend on
this behaviour (and will crash upon exit without this chang).
Based on an earlier diff from matthew@
Tested by ajacoutot@
ok deraadt@
11 years ago
martynas
9af00b1d73
Annotate a few more bounded functions: realpath(3) needs a buffer
of size at least PATH_MAX. pread(2), pwrite(2) and readlinkat(2)
also take the buffer and the bound. OK theo.
11 years ago
deraadt
a137f8a971
document a hack we want fixed later
11 years ago
rpe
998abefe00
- add chmod of seedfile in /etc
- use its return code for single/multiuser detection
ok deraadt
11 years ago
rpe
3617ad469e
re-use random_seed in shutdown section
ok deraadt
11 years ago
deraadt
e5be49c8bf
create a seed file for the bootloader in /etc/random.seed
11 years ago
deraadt
3722093477
nest random_seed() contents into a single redirection
idea from rpe
11 years ago
deraadt
c4a6c88868
re-do shutdown operations. Run the scripts if we may; take down carp
unconditionally, and then do the optional powerdown
discussed at length with rpe
11 years ago
deraadt
dd546f8037
/stand has not been used in decades
ok miod
11 years ago
deraadt
278b68e64a
when forcing a re-key, might as well toss in dmesg as additional seed
material
11 years ago
deraadt
9cfb3c5807
all the random devices have been the same for a while; so let us avoid
being obtuse and use /dev/random
11 years ago
espie
4802391ad7
make absence of pkg_scripts non silent, after nits from theo and halex.
okay rpe@, kirby@
11 years ago
eric
abf1c90f5d
constify data parameter in imsg_add() and imsg_compose()
ok deraadt@
11 years ago
tedu
d8bf2218c6
remove unneeded check for null context. ok deraadt gilles millert
11 years ago
tedu
daca58aea1
tweak comment
11 years ago
jmc
097b4e760e
fix double word error;
11 years ago
millert
d14d049245
Split out strncpy and strncat from strcpy and strcat manuals.
Requested by deraadt@
11 years ago
deraadt
bc8778bde6
pseudo-code corrections from Solar Designer <solar@openwall.com>
11 years ago
ajacoutot
63ce082e2f
Adapt nsd(1) comment to match the default daemon_flags of the rc.d script.
ok sthen@
11 years ago
halex
81d51a594f
Run spamd-setup from within /etc/rc.d/spamd, and take $spamd_black
into consideration.
Diff from Maurice Janssen, thanks!
ok rpe@ giovanni@
11 years ago
tedu
5ca9d3294f
remove popa3d etc tendrils
11 years ago
millert
270de5c380
Fix typo; 200809 not 20080 for __POSIX_VISIBLE. Noticed by jca@
11 years ago
zhuk
eea8ca989f
Zap some getdirentries() leftovers.
okay guenther@
11 years ago
brad
86608ec247
Have df(1) in the daily output show the inodes used/free.
a few developers thought this was a reasonable/good idea.
11 years ago
jca
6167db7df9
Use a correct pexp and unbreak stop/reload. The old and wrong pexp
in /var/run/rc.d/identd has to be manually removed.
Reported by Adam Jeanguenat (avj at voyager dot 6v6 dot org).
ok dcoppa@ lteo@
11 years ago
naddy
04a21957a1
Drop the f0, f1, f2 gettytab capabilities that were used to poke
magic numbers into sgttyb. The "modern" replacement for f# is the
set of i#, o#, c#, l# to poke magic numbers into termios.
ok miod@
11 years ago
naddy
1be57829f4
remove the final vestiges of the stty(), gtty(), and ftime() compatibility
interfaces; ok deraadt@
11 years ago
deraadt
dd897d4f2d
oops, sgtty.h stays for a little longer
11 years ago
jmc
7197069ae1
no more regexp(3), so point to regex(3);
as advised by deraadt
11 years ago
deraadt
de6fe00f6f
express final disapproval of the interfaces in libcompat, such as
them ftime(), gtty(), stty(), re_comp(), cuserid() and others.
Discussion and ongoing work to fix the ports tree from many, especially
naddy.
ok naddy
[There is a bit more cleanup possible after that, but this is considered
the current safe step]
11 years ago
sthen
f5ca212c7d
Stop security(8) whining about /etc/nsd.conf which has moved, pointed out
by Bjorn Ketelaars. Check that the /var/nsd/etc directory is protected
instead, it may contain zone-transfer keys etc.
11 years ago
krw
52fa874892
CIRCLEQ begone.
ok miller@
11 years ago
jasper
834f9b4a9e
kill /var/obj which has been commented out since -r1.1 in '95.
ok deraadt@
11 years ago
miod
9ab81ad8d7
Copy the bootblocks to the release directory and sha256 it; spotted by
aoyama@
11 years ago
deraadt
4c65102df3
fairly simple unsigned char casts for ctype
ok krw
11 years ago
sthen
cb56ad68eb
/etc/nsd.conf -> /var/nsd/etc/nsd.conf
11 years ago
sthen
d317a16f5e
install sample nsd config file to /var/nsd/etc not /etc, spotted by/ok deraadt
11 years ago
sthen
651586e715
update for NSD 4.0.0; generate keys for nsd-control if non-existent, and
use nsd-control to signal NSD.
11 years ago