36f63ef5a1
delete junk file
10 years ago
65f45be470
Change the default PF policy to "block return", including x11 as
suggested by naddy@. This solves the problem that occurs when a
server crashes or is hard booted and comes back up without tearing
down any connections to it, and packets from these connections don't
match any existing state or rule and are silenty dropped.
ok phessler@ henning@ claudio@ dlg@
10 years ago
fba32d740f
sort the SHA256 file
10 years ago
557ed03945
Extend the initial pf ruleset to explicitly allow dhcp / bootp and dhcpv6.
Our dhclient only uses the bpf tap for broadcast packets (which bypass
pf) but lease renewals will use a regular socket and are blocked without
this change. Rules are written so that accidential forwarding of packets
is not possible.
Diff from brad@, OK henning@, benno@, mikeb@
10 years ago
329bbe8924
Directories updates for freetype 2.5.2
10 years ago
1265f289cb
crank to 5.5beta
10 years ago
7d2108902b
test pkg key for during the 5.5-beta sequence
10 years ago
d781d60935
test fw key for during the 5.5-beta sequence
10 years ago
b1e59af974
test key for during the 5.5-beta sequence
10 years ago
b3d2446dc5
Remove unnecessary rc_post from rc.d/nsd.
It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.
10 years ago
53af3f8c5b
be a bit more careful
10 years ago
0324a077ed
be forceful with removing the SHA256 file
10 years ago
30e829acf5
a new key. Once again, this is still testing time.
10 years ago
6d3f6e9755
Add DHCPv6.
ok deraadt@
10 years ago
00ae7ec924
Install our third key. NOTE that this is a TEST KEY for use as we improve
our processes.
requested by espie@
10 years ago
be34e24419
remove the SHA256 file as soon as we start creating sets
10 years ago
a6175a019b
Install our second key. NOTE that this is a TEST KEY for use as we improve
our processes.
prodded by deraadt@
10 years ago
c9d82279a9
install signify keys
10 years ago
5c507bd686
Install our first key. NOTE that this is a TEST KEY for use as we improve
our processes.
ok tedu
10 years ago
fbc6865216
create the /etc/signify directory
10 years ago
7c529b2bed
Rework the setup of the bootable installation cd-rom (installXX.iso) to
contain both a 2048-byte sector ffs filesystem, and a 512-byte volume header,
so that the IP27 boot magic^Wuglyness recently added to the boot-only cd-rom
(cdXX.iso) can be applied as well.
The full-blown installation iso can now boot on IP27/28/30/32/35.
10 years ago
0b406e5e6e
sync
10 years ago
5e880e25b6
We need /dev/random on the install media
discussed with rpe and halex
10 years ago
05f4462266
Use kern.securelevel to determine whether or not we are in single
user mode now that init no longer raises securelevel during reboot.
OK deraadt@
10 years ago
a137f8a971
document a hack we want fixed later
11 years ago
998abefe00
- add chmod of seedfile in /etc
- use its return code for single/multiuser detection
ok deraadt
11 years ago
3617ad469e
re-use random_seed in shutdown section
ok deraadt
11 years ago
e5be49c8bf
create a seed file for the bootloader in /etc/random.seed
11 years ago
3722093477
nest random_seed() contents into a single redirection
idea from rpe
11 years ago
c4a6c88868
re-do shutdown operations. Run the scripts if we may; take down carp
unconditionally, and then do the optional powerdown
discussed at length with rpe
11 years ago
dd546f8037
/stand has not been used in decades
ok miod
11 years ago
278b68e64a
when forcing a re-key, might as well toss in dmesg as additional seed
material
11 years ago
9cfb3c5807
all the random devices have been the same for a while; so let us avoid
being obtuse and use /dev/random
11 years ago
4802391ad7
make absence of pkg_scripts non silent, after nits from theo and halex.
okay rpe@, kirby@
11 years ago
63ce082e2f
Adapt nsd(1) comment to match the default daemon_flags of the rc.d script.
ok sthen@
11 years ago
81d51a594f
Run spamd-setup from within /etc/rc.d/spamd, and take $spamd_black
into consideration.
Diff from Maurice Janssen, thanks!
ok rpe@ giovanni@
11 years ago
5ca9d3294f
remove popa3d etc tendrils
11 years ago
86608ec247
Have df(1) in the daily output show the inodes used/free.
a few developers thought this was a reasonable/good idea.
11 years ago
6167db7df9
Use a correct pexp and unbreak stop/reload. The old and wrong pexp
in /var/run/rc.d/identd has to be manually removed.
Reported by Adam Jeanguenat (avj at voyager dot 6v6 dot org).
ok dcoppa@ lteo@
11 years ago
04a21957a1
Drop the f0, f1, f2 gettytab capabilities that were used to poke
magic numbers into sgttyb. The "modern" replacement for f# is the
set of i#, o#, c#, l# to poke magic numbers into termios.
ok miod@
11 years ago
f5ca212c7d
Stop security(8) whining about /etc/nsd.conf which has moved, pointed out
by Bjorn Ketelaars. Check that the /var/nsd/etc directory is protected
instead, it may contain zone-transfer keys etc.
11 years ago
834f9b4a9e
kill /var/obj which has been commented out since -r1.1 in '95.
ok deraadt@
11 years ago
9ab81ad8d7
Copy the bootblocks to the release directory and sha256 it; spotted by
aoyama@
11 years ago
cb56ad68eb
/etc/nsd.conf -> /var/nsd/etc/nsd.conf
11 years ago
d317a16f5e
install sample nsd config file to /var/nsd/etc not /etc, spotted by/ok deraadt
11 years ago
651586e715
update for NSD 4.0.0; generate keys for nsd-control if non-existent, and
use nsd-control to signal NSD.
11 years ago
0f470246a1
new sample config entries for NSD 4.0.0
11 years ago
dd7a41a6be
mtree changes for NSD 4.0
11 years ago
58f4e3a1de
regen
11 years ago
63836acca0
Change /dev/drm* permissions to 0600.
ok deraadt@, naddy@, ajacoutot@
11 years ago
deraadt