and to write the logfile inside the kernel compile dir.
- turn the whole reorder_kernel function into a subshell {} -> ()
- create kernel compile dir early on
- redirect all stdout/stderr to a logfile inside this dir
- setup ERR trap handler that
- disables the EXIT trap handler
- syslogs the error and hints to the logfile
- additionally sends this message to the console
- setup EXIT trap handler that syslogs success
- wipe only the content instead of the whole kernel compile dir
- reestablish stdout redirection to the log after the wipe
- remove -q option of sha256 to log check result
- run reorder_kernel() in the background
OK deraadt@ tb@
- check for and exit if /usr/share is on a nfs mounted filesystem
- add trap handlers that mail the logfile to the admin user
- use $_compile instead of $_compile_dir like in the installer
- use $_compile/$_kernel instead of $_kernel_dir
- remove the now redundant sha256 -h ... after make newinstall
- write stdout/stderr of the background subshell to a logfile
OK tb@ deraadt@
presume we booted from. If you boot from another kernel, we cannot help
you later with hibernate, sorry -- The kernel does not get a useable
filename from the bootblocks.
In the bootblocks, detect a live hibernate signature and boot from
/bsd.booted instead.
with yasuoka, lots of discussion with mlarkin, ok tom
new kernel in the background on system startup. It stores the hash
of the new kernel and sends a notification email to the admin or
root user. If it finds /usr/share/compile.tgz, it removes the
existing compile dir and replaces it with the content of (new)
archive. If the hash of /bsd does not match the stored one, no
relinking happens.
Idea from, joint work with and OK deraadt@
OK tb@ halex@
unnoticed by many
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.
Discussed with various;
input & ok from deraadt ajacoutot
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
- run commands in subshell only if mktemp is successful
- on error just leave the for-loop but set _error=true
- cleanup tmpdirs afterwards
- set _error=true if the ro remount fails
- print appropriate final message depending on $_error
positive feedback from deraadt
OK krw
- move the info message inside the function
- skip reordering if /usr/lib is on a nfs mounted filesystem
- temporarily remount rw if /usr/lib is on a ro ffs file-system
OK deraadt
above it is "starting network", which can make you think something is
broken when your machine is as slow as some of mine.
"Yeah, that's a pretty crappy machine" deraadt@
chance to update the *default* configuration of the important daemons.
Factorize rc.firsttime into a run_upgrade_script() function which takes the
script suffix name as an argument.
i.e. run_upgrade_script sysmerge / run_upgrade_script firsttime
discussed with deraadt@
ok deraadt@ rpe@
- verify that kbd is executable and kbdtype is not empty
- use safer 'print --' to pipe the initial pf ruleset to pfctl
- simplify the ipsecctl if-block
Feedback and OK halex@
OK krw@
zhuk