- in netstart, rename _file to _hn referencing hostname.if files
- in install.sub switch ifstart() to be used with _if instead of
_hn as parameter
ok krw@ tb@
and to write the logfile inside the kernel compile dir.
- turn the whole reorder_kernel function into a subshell {} -> ()
- create kernel compile dir early on
- redirect all stdout/stderr to a logfile inside this dir
- setup ERR trap handler that
- disables the EXIT trap handler
- syslogs the error and hints to the logfile
- additionally sends this message to the console
- setup EXIT trap handler that syslogs success
- wipe only the content instead of the whole kernel compile dir
- reestablish stdout redirection to the log after the wipe
- remove -q option of sha256 to log check result
- run reorder_kernel() in the background
OK deraadt@ tb@
- check for and exit if /usr/share is on a nfs mounted filesystem
- add trap handlers that mail the logfile to the admin user
- use $_compile instead of $_compile_dir like in the installer
- use $_compile/$_kernel instead of $_kernel_dir
- remove the now redundant sha256 -h ... after make newinstall
- write stdout/stderr of the background subshell to a logfile
OK tb@ deraadt@
presume we booted from. If you boot from another kernel, we cannot help
you later with hibernate, sorry -- The kernel does not get a useable
filename from the bootblocks.
In the bootblocks, detect a live hibernate signature and boot from
/bsd.booted instead.
with yasuoka, lots of discussion with mlarkin, ok tom
new kernel in the background on system startup. It stores the hash
of the new kernel and sends a notification email to the admin or
root user. If it finds /usr/share/compile.tgz, it removes the
existing compile dir and replaces it with the content of (new)
archive. If the hash of /bsd does not match the stored one, no
relinking happens.
Idea from, joint work with and OK deraadt@
OK tb@ halex@
unnoticed by many
This contains the relevant pieces from all the GENERIC* compile directories
(*.o ld.script Makefile gap.S). It also includes the machine/ subdir for
now, to support re-randomizing of gap.S, though other methods are being
investigated. (Any binutils ld.script hackers out there?)
collaboration with rpe
jca points out that all the other interface configuration tools live
there (like ifconfig or dhclient). Furthermore it starts so early in
the boot process that /usr might not be mounted yet if it's a nfs
filesystem.
sthen and deraadt agree
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.
Discussed with various;
input & ok from deraadt ajacoutot
advertisement processing in the kernel.
Go for it!!! deraadt@
additional encouragement to push forward from at least mpi and henning
special thanks to naddy for being an early adopter and finding bugs.
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
of "ok" so the user is warned and has a chance to fix it (most of the time
due to bogus flags). Daemons reaching the timeout without being able to
start are still marked as "failed" (which should also give a clue to the
user that some investigation is needed).
prodded by beck@ a while ago
discussed with and ok sthen@
to know which daemon cannot background themselves (actually we want to
know the opposite, but there are much more). However, it's only needed in
_rc_wait and rc.subr still does its magic without the need to add `&'.
- prevent a daemon from hanging the boot
(typo in your flagsm e.g. httpd_flags=-d)
- make sure we can get the status of a backgrounded daemon instead of always
returning success
Side effect of this is that we can kill a knob! rip rc_bg :-)
Ports will need love, and a second commit is coming for that.
The diff is small yet not trivial so I am committing early in the release
process in one shot so it can easily be reverted if needed. I started working on
this during g2k16 in Cambridge then finished it in Brisbane for a2k17 where
robert@, beck@ and sthen@ agreed it was the correct way to go and I should move
ahead with it post 6.1.
If you see any regression, please talk to me!