Home | History | Annotate | Download | only in defaults
History log of /src/etc/defaults/rc.conf
RevisionDateAuthorComments
 1.167  05-Oct-2023  abs Add support to npf_rules to rc.conf

- Allows overriding default from /etc/npf.conf
- Indicate rules file used in output
- Drop check for file presence in script - rely on npf exiting with error
 1.166  27-Sep-2023  riastradh /etc/rc.d/certctl_init: Default off.

Otherwise in systems without certctl_init=YES, such as systems
installed with sysinst(8) where it's unnecessary because the rehash
has already happened at install time, you'll get spurious warnings.

PR install/57629

XXX pullup-10
 1.165  02-Jul-2023  nia Fix typo in comment.
 1.164  30-Jun-2023  riastradh rc.conf(5): Set entropy=wait by default.

We no longer block indefinitely -- if nothing else, the hardclock
timer should yield enough samples to unblock /dev/random on all but
the most severely deterministic machines -- so it should be generally
safe for availability to set entropy=wait.

This doesn't guarantee that HWRNG/seed has been provided before you
run ssh-keygen or call getentropy(3) in a user application, but it
does raise the security above netbsd<=9.

PR security/55659
PR lib/56905

XXX pullup-10
 1.163  03-Feb-2023  mlelstv Add start script to attach iscsi volumes at boot.

The default is to execute the script (iscsid_volumes=YES), so if you have
any volumes defined, you should also start iscsid (iscsid=YES) to avoid
error messages.
 1.162  20-Feb-2022  alnsn branches: 1.162.2;
Enable critical_filesystems_zfs.
 1.161  10-Jan-2021  riastradh Various entropy integration improvements.

- New /etc/security check for entropy in daily security report.

- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:

. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy

. set `entropy=wait' to make multiuser boot wait until enough entropy

Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.

- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.

- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.

This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.

I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
 1.160  29-Sep-2020  msaitoh s/parition/partition/
 1.159  11-Sep-2020  kim Add optional release info in /etc/motd

My personal preferencese for /etc/rc.conf:

update_motd_release=YES
motd_release_tag='Binaries: '

This provides an explanation to users about the second version in motd.
 1.158  15-Jun-2020  christos Rename blacklist -> blocklist
 1.157  05-Jun-2020  christos Add support for npfd_flags
 1.156  31-May-2020  roy dhcpcd: Empty the chroot

While here, set correct optional hooks.
 1.155  24-May-2020  jmcneill Set resize_gpt=NO by default
 1.154  02-Apr-2020  roy Add a default dhcpcd_chrootdir
 1.153  03-Feb-2020  roy Enable hostapd syslog support by default.
 1.152  15-Sep-2019  brad Add support for legacy ZFS filesystems, specified by mountpoint=legacy
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.

Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.
 1.151  24-Jul-2019  msaitoh branches: 1.151.2;
Fix typo in comment (s/partion/partition/).
 1.150  12-May-2019  kre revert previous. somehowI failedto see that was already done.
 1.149  12-May-2019  kre install rc.d
 1.148  11-May-2019  maxv Add smtoff, an rc.d script that disables Simultaneous Multi-Threading. It
parses the output of cpuctl, and executes "cpuctl offline" for each CPU
that has SmtID!=0.

The default is "smtoff=NO", which means that SMT remains enabled.
 1.147  12-Jan-2019  roy Setup default wpa_supplicant flags so that it:
* Writes diagnostics to syslog
* Enables interface matching to hotplug wireless interfaces
* Uses /etc/wpa_supplicant.conf
 1.146  19-Oct-2018  martin Apply patch from Ian D. Leroux in PR bin/51019:
when unmounting tmpfs file systems at shutdown time, avoid unmounting
a tmpfs created by init on /dev - behaviour overridable from rc.conf.
By default all tmpfs that have device nodes are not mounted.
 1.145  23-Sep-2018  maxv Remove the userland part of ISDN. The kernel part is untouched for now.
ipppctl was actually an exact copy of pppoectl; there is no functional
change in pppoectl in this commit.
 1.144  29-Jun-2018  roy Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html
 1.143  25-May-2018  uwe branches: 1.143.2;
Provide resize_disklabel=NO default. Used by arm images and is not
part of the stock rc.d yet. This silences rc when you delete the
whole resize_* block from rc.conf after the first boot.
 1.142  18-Apr-2018  martin Cosmetics: default to dmesg -t when writing /var/run/dmesg.boot -
the timestamps at boot time are mostly useless.
 1.141  09-Jan-2018  christos branches: 1.141.2;
Merge autofs support from: Tomohiro Kusumi
XXX: Does not work yet
 1.140  29-Dec-2017  is Add startup file for dhcp v6 with builtin isc-dhcp. Alas, this needs to
be a seperate process. On the positive side: this can't break the dhcpd
for IPv4 when tested.
 1.139  07-Jan-2017  christos branches: 1.139.6;
add nsd
 1.138  05-Jan-2017  christos add scripts for npfd
 1.137  20-Aug-2016  christos unbound additions
 1.136  07-Jan-2016  roy branches: 1.136.2;
Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.
 1.135  26-Dec-2015  plunky "ip6addrctl_enable" is now "ip6addrctl", set the default appropriately
 1.134  13-Dec-2015  christos Add defaults for ip6addrctl
 1.133  30-Mar-2015  chopps Add resize_root boot operation. If resize_root=YES in rc.conf then
the system attempts to resize the root file system to fill it's
partition prior to mounting read-write. Useful for things like AMI
file system images. May eventually be used by arm images after
coming up with similar solution for increasing the parition size.
 1.132  21-Mar-2015  jmcneill Process /etc/modules.conf (if present) at startup, before securelevel is
raised, to allow module loading on ports without a module aware bootloader.
 1.131  21-Feb-2015  joerg Add rc script for /sbin/iscsid.
 1.130  25-Jan-2015  christos add blacklistd
 1.129  22-Jan-2015  jmcneill It doesn't make sense to start wpa_supplicant from an rc.d script without
the -B flag, so always prepend it to $rc_flags.
 1.128  26-Sep-2014  tron Revert last change. This was already fixed differently and something
went wrong with the change anyway. Sorry
 1.127  26-Sep-2014  tron Re-add default for "rtsol". "/etc/rc.d/network" still checks for this
setting and complains if it isn't defined at all. Add a comment that
it is deprecated and suggest to use "dhcpcd=YES" instead.
 1.126  13-Sep-2014  roy rtsol has gone.
 1.125  13-Sep-2014  roy Add the -M flag to dhcpcd so it stays in master mode even for one
interface. Suggested by apb@
 1.124  11-Sep-2014  roy Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@
 1.123  22-Jul-2014  wiz branches: 1.123.2;
'file system' for consistency with documentation (instead of 'filesystem').
 1.122  13-Jan-2013  prlw1 branches: 1.122.8;
Add ppp=YES variable. Currently pppd(8) starts automatically if ppp_peers
is not empty. Adding a ppp variable allows the default peer to be set,
and ppp set to NO so that dialing can happen with /etc/rc.d/ppp onestart.
Default set to YES so that old behaviour is preserved.
http://mail-index.netbsd.org/tech-userlevel/2012/08/21/msg006656.html
 1.121  11-Jan-2013  riastradh Nix `-b 1024' from ssh_keygen_flags in /etc/defaults/rc.conf.

No objections on tech-security:

http://mail-index.NetBSD.org/tech-security/2012/09/03/msg000548.html

The security of generating keys at boot remains questionable, but
this change makes that no worse.
 1.120  13-Aug-2012  christos branches: 1.120.2;
No need to specify nfsd flags anymore. The defaults DTRT.
 1.119  07-Feb-2012  joerg Import the new apropos/whatis.

This code has been developed by Abhinav Upadhyay as part of Google's Summer
of Code 2011. It uses libmandoc to parse man pages and builds a Full
Text Index in a SQLite database. The combination of indexing the full
manual page, filtering out stop words and ranking individual matches
based on the section gives a much improved user experience.

The old makewhatis and friends are kept under MKMAKEMANDB=no for now.
 1.118  23-Dec-2011  tsutsui Add a default for isibootd(8). Pointed out by nonaka@.
 1.117  23-Nov-2011  tls Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.

Goes to some trouble to never load or save to network filesystems.

Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.
 1.116  21-Nov-2011  darcy Allow pf flags to be specified in rc.conf.
Add default to defaults/rc.d as suggested by lukem@
 1.115  06-Sep-2011  riz branches: 1.115.2;
Create and install an rc.d file for devpubd - a daemon to listen
on drvctl and autocreate device nodes in /dev for those which don't have any.
Set the default to "NO" for now.
 1.114  22-Aug-2011  jym Modify etc/defaults/Makefile so that architectures can specify an additional
rc.conf file. This one should reside under etc/etc.${MACHINE}/, and will
get automatically appended to etc/defaults/rc.conf at build time if present.

This is used by i386 and amd64 to append a small MD rc.conf(5) configuration
at the end of the defaults/rc.conf file, so that powerd(8) can be started
by default when we are running in a Xen environment. This is needed to support
save/restore functions for domains.

From all the alternatives proposed to fix that issue (from /etc/rc.conf
parsing in postinstall to etc/defaults/rc.conf arch-hooks) I believe
this one will appease everyone because it:
- does not touch etc/defaults/rc.conf template file,
- patches it at build time for MD hooks only when required,
- does not need to parse/modify a user-specified file like /etc/rc.conf (which
is a complex, error-prone operation),
- only enables powerd(8) by default when conditions are met (Xen environment)
while still allowing root to shoot himself in the foot if he wants to
override this manually in /etc/rc.conf.

See also http://mail-index.netbsd.org/tech-userlevel/2011/07/25/msg005246.html
 1.113  27-May-2011  plunky provide a new 'bluetooth' rc.d script, to handle Bluetooth configuration
in a simpler manner. This replaces btattach, btconfig, bthcid, btdevctl
and sdpd scripts, and also should not require any configuration settings
other than "bluetooth=YES", though the full range of configurations is
still possible.
 1.112  18-Feb-2011  jmcneill Add rc.d script to make sure the system fontconfig cache is up to date.
 1.111  02-Feb-2011  rmind NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
 1.110  13-Jan-2011  kefren branches: 1.110.2;
add ldpd rc script
 1.109  01-Oct-2009  tsarna mdnsd enhancements and fixes:

- Enhance the built-in drop-privs support and use it instead of
having the rc.conf do it. Avoids log error on startup.
From OpenSolaris, with enhancements.
- Add dumping of the unicast server list to the DumpStateLog
debugging output, a'la Mac OS X.
- Fix a locking botch that caused warnings in the log.
- Fix FILE leak. From OpenSolaris.
 1.108  29-Sep-2009  tsarna Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.
 1.107  19-Sep-2009  dholland Make rtsold_flags default to -a as per PR 39657.
 1.106  14-Sep-2009  apb Add the ability for file systems mounted via mount_critical_filesystems()
in rc.subr to be marked as optional. This means that it's not an
error if the file system is not mentioned in /etc/fstab. It is
still an error if something else goes wrong.

Change the defaults for these two variables in /etc/defaults/rc.conf:
critical_filesystems_local="OPTIONAL:/var"
critical_filesystems_remote="OPTIONAL:/usr"
 1.105  11-Sep-2009  apb Add a postprocessor to /etc/rc, which logs messages to /var/run/rc.log,
and which can suppress output in silent mode. Silent mode is enabled
via the new rc_silent variable, which defaults to a value that depends
on the kern.boothowto sysctl.

Part of the /etc/rc silent changes requested in PR 41946
and proposed in tech-userlevel.
 1.104  25-Jul-2009  mbalmer Document recent gpio(4) changes and introduce a new config file for GPIO.
Integrate with the startup scripts in /etc/rc.d. Introduce new variable
"gpio" for /etc/rc.conf.
 1.103  28-Apr-2009  roy Add an rc.d script for dhcpcd(8)
 1.102  10-Apr-2009  joerg Add rc_directories to specify where to look for rc scripts.
For the moment all scripts must be in /root and non-existent directories
are skipped.
 1.101  23-Mar-2009  hannken Add flags to rc.d/ipfilter. Use it from rc.conf like

ipfilter=YES ipfilter_flags="-T fr_statemax=18963,fr_statesize=27091"

Ok: Christos Zoulas <christos@netbsd.org>
 1.100  14-Jan-2009  haad branches: 1.100.2;
Add lvm rc script for starting LV's during boot. starting lvm is turn off
by default, until MKLVM is enabled by default. This script can be used
without /usr/bin.
 1.99  04-Jan-2009  apb * Add etc/rc.d/rndctl script, based on work by Brian A. Seklecki. This
allows you to invoke rndctl(8) during the boot.
* Add rndctl=NO and rndctl_flags="" to /etc/defaults/rc.conf.
* Document rndctl and rndctl_flags variables in rc.conf(5).
 1.98  20-Dec-2008  isaki x68k pow(4) now uses MI sysmon_pswitch framework. suggested by tsutsui@.
- Make MD poffd(8) retire, and use MI powerd(8) instead of it.
- Make /dev/pow1 retire, because nobody holds /dev/pow0 any longer.
Use /dev/pow0 for pow(4) ioctl.
- POWIOCSSIGNAL ioctl which is for poffd(8) is also obsoleted.
 1.97  11-Dec-2008  mishka Import rc.d/httpd script for httpd(8) daemon control.
See rc.conf(5) for options explanation.
 1.96  12-Nov-2008  ad Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.
 1.95  27-Jul-2008  joerg branches: 1.95.2;
Update build glue for dhcpcd 4.0.0rc3 and move it to
src/external/dhcpcd.

Make dhcpcd quiet by default when run from rc.
 1.94  20-Jun-2008  yamt add a default for ftp_proxy as reminded by Geoff Wing and others.
 1.93  29-May-2008  joerg Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.
 1.92  15-Apr-2008  plunky branches: 1.92.2; 1.92.4;
some changes to serial bluetooth host controller interfaces

btuartd(8) should be named btattach(8) for consistency
with other parts of NetBSD

make btattach(8) a single-use tool for less complexity

device specicific initialisation (from btuart(4)) is carried
out prior to activating the line discipline (in btattach(8)),
which simplifies the API somewhat and means that the user
tool and the kernel do not need to be kept in sync.

btuart(4) driver is much reduced; naming is made consistent
and all tsleep() and delay() are removed to userland
 1.91  27-Mar-2008  mlelstv The previous versions of kdc got different levels of patches
to make them work like a standard detaching daemon. Now keep
the original and just supply the "work as a daemon" command line
option as a default.
 1.90  27-Aug-2007  pavel branches: 1.90.6; 1.90.10;
Add some magic (similar to the one in rc.d/sendmail introduced with 2.0
release) to not start postfix if $postfix is not explicitely set and
another mailer is selected in /etc/mailer.conf. Also print a warning if it
happens because the mailer in rc.conf is the removed sendmail.

This prevents starting two MTAs at once if one uses a custom MTA.

As proposed on tech-userlevel, approved by martin.
 1.89  26-Aug-2007  dyoung Let an rc variable, sysdb=YES|NO, control the building of the system
databases. Defaults to YES.
 1.88  14-Jul-2007  ad fixsb has done its job.
 1.87  01-Jul-2007  xtraeme Imported envsys 2, a brief description of the new features:
(Part 4: documentation and configuration files)

* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.

Tested by:

blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
 1.86  15-May-2007  elad Some Veriexec stuff that's been rotting in my tree for months.

Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.

- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.

- Fix memory leak in rename handling when overwriting a monitored
file.

- Fix table deletion logic.

- Don't prevent query requests if not in learning mode.


KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.

- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.

- veriexec_report() was removed, it is now internal.

- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.

- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.


New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.

- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:

# veriexecctl dump > /etc/signatures

Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.

Idea from Brett Lymn.

- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:

# veriexecctl flush

- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.

- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.


Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.

- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.

- Some of the messages Veriexec prints were improved.

- Various documentation fixes.


All relevant man-pages were updated to reflect the above changes.

Binary compatibility with existing veriexecctl binaries is maintained.
 1.85  18-Mar-2007  plunky For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd
 1.84  20-Feb-2007  kiyohara Supprot Bluetooth HCI UART (H4) driver and daemon.
 1.83  04-Feb-2007  elad Add support for per-user /tmp.

Enabled via per_user_tmp in /etc/rc.conf (default off).

See security(8) and rc.conf(5) for more details.

Lots of input from thorpej@ & christos@, thanks!
 1.82  30-Dec-2006  elad "Verified exec" -> "Veriexec", in comment.
 1.81  07-Oct-2006  rpaulo branches: 1.81.2; 1.81.4;
PR 34692: wpa_supplicant script.
By Jukka Salmi.
 1.80  13-Aug-2006  plunky rename btcontrol(8) as btdevctl(8) to make it fit with the NetBSD naming
scheme for control programs. This fixes pr 34051.
 1.79  26-Jul-2006  tron branches: 1.79.2;
Bluetooth fixes by Iain Hibbert:
Create "/etc/rc.d/btcontrol" to attach bluetooth devices at boot.
 1.78  19-Jun-2006  gdamore Initial import of bluetooth stack on behalf of Iain Hibbert. (plunky@,
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.

The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.

Drivers for both PCMCIA and USB bluetooth controllers are included.
 1.77  30-May-2006  christos Remove sendmail (approved by core)
 1.76  30-Apr-2006  rpaulo Add a script to start irdaattach on boot.
 1.75  30-Apr-2006  rpaulo rc script to control hostapd.
 1.74  27-Mar-2006  ghen Document the defaultroute6 rc.conf variable and the /etc/mygate6 file in
/etc/defaults/rc.conf, /etc/mtree/special, and rc.conf(5). Ok with wiz.
 1.73  08-Feb-2006  agc Add distribution entries and supporting files for the iSCSI target.
 1.72  08-Feb-2006  christos remove reference to sushi
 1.71  24-Nov-2005  rpaulo RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.
 1.70  15-Oct-2005  elad Load Veriexec signatures after mountall. Use veriexec_strict and
veriexec_verbose to set strict level and verbose level in rc.conf.
Defaults are 0.
 1.69  15-Sep-2005  tsarna Default rwhod to running as _rwhod (but leave disabled by default).
I thought I already comitted this one...
 1.68  09-Aug-2005  peter Add command_args="-D" to the ftpd rc.d script. This flag is always needed
when running ftpd as daemon and it will now automatically be appended to the
command line, even if ftpd_flags doesn't have it.

Suggested by Alan Barrett and Luke Mewburn, thanks.
 1.67  08-Aug-2005  peter Add "-ll" to ftpd_flags to be consistent with the entry in inetd.conf.
Suggested by lukem@.
 1.66  07-Aug-2005  peter Allow to change the location of the pf ruleset with the variable $pf_rules.
 1.65  04-Aug-2005  peter Add defaults for ftpd.
 1.64  15-Jun-2005  christos default swapoff to yes, and explain why.
 1.63  09-Oct-2004  dsainty branches: 1.63.2;
Comment typos: unecessary->unnecessary, accidentaly->accidentally
 1.62  15-Jul-2004  atatat Change the default settings for sendmail.

(1) The stock sendmail.cf will only listen on the loopback interface.
(2) The stock submit.cf specifally connects to "localhost." which
should be less susceptible to being confused or looking confused.
(3) The smtp listener starts by default, if needed. The setting in
/etc/default/rc.conf is still "no", but rc.d/sendmail detects the
default setting and will change it to yes if need is determined.

Need is defined as "nothing else seems to have been changed about the
mail configuration but we'd like locally originated and locally
destined mail to be delivered". If you change, eg, mailer.conf to
point to postfix or some other MTA, sendmail will not start.
 1.61  15-Jul-2004  atatat Make the directory into which crash dumps are saved into something
that can be controlled via rc.conf. The default is, of course,
/var/crash.
 1.60  04-Jul-2004  martin PR bin/26142: add defaults for $pf and $pflogd.
 1.59  03-Jun-2004  abs Add quota=YES and ldconfig=YES
 1.58  18-Apr-2004  dbj add support for turning off fixsb in rc.conf
default is fixsb=YES
 1.57  04-Apr-2004  mrg move ipmon's "-D" argument from "command_args" to "ipmon_flags" so that
passing an (optional) filename argument (that must come last) works fine
from $ipmon_flags. from PR#25006.
 1.56  18-Feb-2004  jonb branches: 1.56.2;
Add ssh_keygen_flags variable to rc.conf to allow users to set the
size of auto-generated keys if desired.
 1.55  31-Jan-2004  christos add line for standalone identd invocation.
 1.54  14-Jan-2004  blymn Add veriexec to defaults.
 1.53  11-Jan-2004  uebayasi Define an rcvar "virecover" so that this can be configurable. The default
is YES.
 1.52  27-Dec-2003  martin Add a new /etc/rc.conf option: rtclocaltime=YES adapts the RTC offset
at boot automatically, so a machine dual booting another OS that uses
the RTC at localtime and NetBSD agree on the current time even if daylight
saving started/ended (without recompiling a kernel twice per year).
Awk code by Matt Thomas.
 1.51  20-Oct-2003  christos set fsck_flags=-p in /etc/defaults/rc.conf instead of checking if it is
empty in /etc/rc.d/fsck. From Bernd Ernesti.
 1.50  10-Sep-2003  wiz Add a knob to turn off automatic configuration (via rc.d) of
non-auto-configured (via kernel) raid devices. oster says ok.
 1.49  18-Apr-2003  thorpej Add defaults for powerd(8).
 1.48  02-Apr-2003  atatat Capitalize the word "if".
 1.47  24-Mar-2003  atatat Expand the sendmail settings section (from two to five) and elaborate
(in brief) on what it's all about.
 1.46  19-Mar-2003  wiz Allow ccd autoconfiguration to be turned off (by setting ccd=NO in
/etc/rc.conf; default is YES.)
Suggested by elric, ok'ed by lukem.
 1.45  19-Mar-2003  wiz Allow cgd configuration to be skipped (by setting cgd=NO, defaults to YES).
Closes my PR/20766. Based on a suggestion by lukem.
 1.44  10-Mar-2003  lukem clarify that lkm needs /usr
 1.43  12-Oct-2002  kent /etc/rc.d/mixerctl: Add capability to save and restore mixer settings.
Thanks to Julio Merino.
 1.42  27-Aug-2002  takemura Added touch panel calibration utility.
 1.41  30-Jul-2002  thorpej Add a wdogctl startup/shutdown script.
 1.40  27-Jun-2002  christos add a line about wsmoused commented out.
 1.39  17-Jun-2002  lukem ntpd_chrootdir needs /dev/clockctl as well
 1.38  15-Jun-2002  lukem $ntpd_chroot requires "pseudo-device clockctl" in the kernel
 1.37  19-May-2002  lukem branches: 1.37.2;
Add two new rc.conf(5) variables:
rc_rcorder_flags extra flags to rcorder(8) in /etc/rc
rcshutdown_rcorder_flags extra flags to rcorder(8) in /etc/rc.shutdown

This can be used to specify extra directories to search for rc.d scripts in.
For example, adding the following to rc.conf(5):
rc_rcorder_flags="/usr/pkg/etc/rc.d/*"
rcshutdown_rcorder_flags="/usr/pkg/etc/rc.d/*"
will add the files in /usr/pkg/etc/rc.d to the list of files that rcorder(8)
uses to build the list of scripts to start or stop.

I proposed this functionality on tech-userlevel@ over one month ago.
Closes the recent [misc/16888], which asked for a similar feature.
 1.36  29-Apr-2002  lukem deprecate $sshd_conf_dir and hardcode /etc/ssh.
$sshd_conf_dir wasn't as flexible as liked (it didn't work for ssh(1),
host keys or known_hosts).
 1.35  10-Apr-2002  martin Now that isdnd does auto-UP/DOWN itself, remove it from the rc.d script.
Remove all related rc.conf options as well, we now have fine-grained
controll in /etc/isdn/isdnd.rc.
 1.34  27-Mar-2002  lukem Replace $critical_filesystems_beforenet with $critical_filesystems_local .
Replace $critical_filesystems with $critical_filesystems_remote .

The new names are now consistent with the type argument that
mount_critical_filesystems() is called with, and allows for other types to
be easily supported by that function.

For backwards compatibility purposes, if the now obsolete variable is defined
(even empty), it takes precedence over the new form, and you will be warned.
If you want to stop the warnings, update your rc.conf(5) settings!
 1.33  21-Mar-2002  lukem Implement rc.conf(5) variable `` $swapoff ''.
If set to yes, block-type swap partitions will be deleted upon shutdown.
This can be useful if swapping onto a RAIDframe device, but may cause
unnecessary delays during shutdown for the general case, so it's
disabled by default.
Should resolve [bin/14433] and [kern/14769].
 1.32  11-Mar-2002  itojun move sshd config files to /etc/ssh
 1.31  28-Feb-2002  lukem ipmon: set -D via command_args rather than the default ipmon_flags.
resolves [install/15753]
 1.30  24-Feb-2002  lukem Support alternate config dir for sshd conf file and keys (defaults to "/etc").
Based on [misc/12473] from Jim Bernard.
 1.29  21-Feb-2002  garbled add a note requesting people edit share/sushi/system/rcconf/form when editing
this file to keep it in sync.
 1.28  11-Feb-2002  martti ipfs allows state information created for NAT entries and rules using
keep state to be locked (modification prevented) and then saved to disk,
allowing for the system to experience a reboot, followed by the restoration
of that information, resulting in connections not being interrupted.

To activate this feature, set ipfs=YES in /etc/rc.conf
 1.27  21-Jan-2002  lukem minor cosmetic changes (no functional change)
 1.26  18-Jan-2002  lukem commented out entry for ntpd_chrootdir
 1.25  10-Dec-2001  martin Add rc.d support for ifwatchd (used to run ip-up/ip-down scripts for
in-kernel pppoe interfaces).
 1.24  29-Oct-2001  augustss Add moused, default off.
 1.23  11-Oct-2001  lukem - add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd
 1.22  24-Sep-2001  hubertf Make rtsol_flags default to -a, to do Router Solicitation on all
interfaces when someone sets rtsol=YES.

OK'd by Itojun.
 1.21  19-Sep-2001  mason language corrections
 1.20  04-Sep-2001  martin Add support to down some interfaces before shutting down the system. All
pppoe* interfaces are automatically shut down by this script, others may be
added to the force_down_interfaces variable in /etc/rc.conf.
 1.19  05-Jul-2001  tron Start "ipmon" with option "D" for daemon mode instead of starting it
in a subshell.
 1.18  16-Jun-2001  lukem change mountd to use its own $mountd variable (instead of $nfs_server).
nfsd will complain if mountd isn't set. from [misc/13135] by Johnny C. Lam.
 1.17  16-Jun-2001  lukem - Implement an optional global watchdog timeout for rc.shutdown, which is
enabled by setting $rcshutdown_timeout to a number of seconds to wait for
before terminating rc.shutdown. This is disabled by default.
- Use symbolic names rather than numbers when defining a trap.
- Improve some comments.
 1.16  22-May-2001  fredette sunndd has been renamed to ndbootd.
 1.15  17-May-2001  fredette Added rc.d support for sunndd.
 1.14  25-Apr-2001  jdolecek change comment for accouting; /var/account/acct is not needed to be created
manually any more
 1.13  12-Apr-2001  pk Put `gated' back; we still refer to it.
 1.12  06-Apr-2001  wiz Remove references to gated, except the conflict check in rc.d/routed.
Noted by Launey Thomas <ljt@alum.mit.edu>.
 1.11  06-Apr-2001  thorpej Add defaults for altqd.
 1.10  12-Mar-2001  lukem commented out entry for named_chrootdir
 1.9  28-Feb-2001  lukem provide commented-out example for rc_fast_and_loose
 1.8  18-Jan-2001  thorpej Add a default for racoon.
 1.7  14-Jan-2001  minoura Add /etc/rc.d/poffd, for x68k power management deamon.
 1.6  08-Jan-2001  martin Supply enough rope to let the user disable or override all interface
up/down magic.
 1.5  07-Jan-2001  martin Add startup script for isdnd.
 1.4  03-Jan-2001  itojun add $ip6sitelocal, to control installation of reject route for fec0::/10.
 1.3  21-Nov-2000  veego Remove $amd_master. We now use /etc/amd.conf.
 1.2  08-Nov-2000  lukem remind people to edit /etc/*.conf instead of /etc/defaults/*.conf
 1.1  01-Oct-2000  lukem branches: 1.1.2;
move default config files from /etc/default -> /etc/defaults, to be
consistent with what FreeBSD uses /etc/defaults for and since SVR4
uses /etc/default for another purpose. as discussed on tech-userlevel,
and no objections were made.
 1.1.2.5  06-Mar-2002  he Pull up revisions 1.19,1.28,1.31 (via patch, requested by martti):
Added ipfs to save state tables. Use -D for ipmon.
 1.1.2.4  27-Oct-2001  he Pull up revision 1.22 (via patch, requested by hubertf):
By default issue Router Solicitation requests on all interfaces
if someone sets rtsol=YES.
 1.1.2.3  29-Jul-2001  he Pull up revision 1.2 (requested by he):
Remind people to edit /etc/*.conf instead of /etc/defaults/*.conf.
 1.1.2.2  02-Oct-2000  lukem pull up rev 1.1 (approved by thorpej):
move default config files from /etc/default -> /etc/defaults, to be
consistent with what FreeBSD uses /etc/defaults for, and since SVR4
uses /etc/default for another purpose.
as discussed on tech-userlevel, and no objections were made.
 1.1.2.1  01-Oct-2000  lukem file rc.conf was added on branch netbsd-1-5 on 2000-10-02 03:13:04 +0000
 1.37.2.5  09-Apr-2004  tron Pull up revision 1.57 (requested by mrg in ticket #1663):
move ipmon's "-D" argument from "command_args" to "ipmon_flags" so that
passing an (optional) filename argument (that must come last) works fine
from $ipmon_flags. from PR#25006.
 1.37.2.4  27-Oct-2003  jmc Pullup rev 1.51 (requested by martti in ticket #1543)

Allow custom fsck options via fsck_flags.
 1.37.2.3  11-Nov-2002  he Pull up revision 1.41 (requested by thorpej in ticket #584):
Add a wdogctl startup/shutdown script.
 1.37.2.2  18-Jun-2002  lukem Pull up revision 1.39 (requested by lukem in ticket #294):
ntpd_chrootdir needs /dev/clockctl as well
 1.37.2.1  15-Jun-2002  lukem Pull up revision 1.38 (requested by lukem in ticket #277):
$ntpd_chroot requires "pseudo-device clockctl" in the kernel
 1.56.2.5  15-Jul-2004  he Pull up revision 1.62 (requested by atatat in ticket #662):
Change the default settings for sendmail:
1) The stock sendmail.cf will only listen on the loopback
interface
2) The stock submit.cf specifically connects to "localhost.",
which should be less susceptible to being confused or
looking confused.
3) The SMTP listener starts by default, if needed. The
setting in /etc/default/rc.conf is still "no", but
rc.d/sendmail detects the default setting and will change
it to "yes" if need is determined.
"Need" is defined as "nothing else seems to have been
changed about the mail configuration but we would like
locally originated and locally destined mail to be delivered".
If you change e.g. mailer.conf to point to postfix or some
other MTA, sendmail will not start.
 1.56.2.4  15-Jul-2004  he Pull up revision 1.61 (requested by atatat in ticket #660):
Make the directory into which crash dumps are saved into
something that can be controlled via rc.conf. The default
is, of course, /var/crash.
 1.56.2.3  07-Jun-2004  tron Pull up revision 1.59 (requested by abs in ticket #455):
Add quota=YES and ldconfig=YES
 1.56.2.2  27-Apr-2004  jdc Pull up revision 1.58 (requested by dbj in ticket #185)

Fix problems related to superblock upgrade issues which may be
experienced by -current users from 2003.
 1.56.2.1  06-Apr-2004  jmc Pullup rev 1.57 (requested by mrg in ticket #66)

Move ipmon's "-D" argument from "command_args" to "ipmon_flags" so that
passing an (optional) filename argument (that must come last) works fine
from $ipmon_flags. PR#25006
 1.63.2.3  28-Mar-2006  riz Pull up following revision(s) (requested by ghen in ticket #1226):
etc/defaults/rc.conf: revision 1.74
etc/mtree/special: revision 1.93
share/man/man5/rc.conf.5: revision 1.99
Document the defaultroute6 rc.conf variable and the /etc/mygate6 file in
/etc/defaults/rc.conf, /etc/mtree/special, and rc.conf(5). Ok with wiz.
 1.63.2.2  21-Oct-2005  tron Pull up following revision(s) (requested by elad in ticket #896):
etc/defaults/rc.conf: revision 1.70
etc/rc.d/veriexec: revision 1.8
Load Veriexec signatures after mountall. Use veriexec_strict and
veriexec_verbose to set strict level and verbose level in rc.conf.
Defaults are 0.
 1.63.2.1  15-Aug-2005  tron Pull up revision 1.66 (requested by peter in ticket #660):
Allow to change the location of the pf ruleset with the variable $pf_rules.
 1.79.2.1  07-Sep-2006  tron Pull up following revision(s) (requested by plunky in ticket #81):
usr.sbin/postinstall/postinstall: revision 1.23
distrib/sets/lists/man/mi: revision 1.919
distrib/sets/lists/etc/mi: revision 1.174
usr.sbin/btdevctl/btdevctl.c: revision 1.1
usr.sbin/btdevctl/hid.c: revision 1.1
usr.sbin/Makefile: revision 1.217
usr.sbin/btdevctl/btdevctl.h: revision 1.1
usr.sbin/btdevctl/btdevctl.8: revision 1.1
etc/rc.d/btcontrol: file removal
distrib/sets/lists/comp/mi: revision 1.910
etc/rc.d/Makefile: revision 1.61
usr.sbin/btdevctl/cfg.c: revision 1.1
usr.sbin/btdevctl/dev.c: revision 1.1
share/man/man4/btkbd.4: revision 1.2
share/man/man4/bthidev.4: revision 1.4
usr.sbin/btcontrol/hid.c: file removal
usr.sbin/btdevctl/Makefile: revision 1.1
share/man/man4/btsco.4: revision 1.3
distrib/sets/lists/base/mi: revision 1.644
share/man/man4/btdev.4: revision 1.3
share/man/man4/btms.4: revision 1.2
etc/mtree/special: revision 1.100
share/man/man5/rc.conf.5: revision 1.105
usr.sbin/btcontrol/cfg.c: file removal
etc/rc.d/btdevctl: revision 1.1
etc/defaults/rc.conf: revision 1.80
usr.sbin/btcontrol/btcontrol.h: file removal
usr.sbin/btcontrol/btcontrol.8: file removal
usr.sbin/btcontrol/dev.c: file removal
usr.sbin/btcontrol/btcontrol.c: file removal
usr.sbin/btcontrol/Makefile: file removal
rename btcontrol(8) as btdevctl(8) to make it fit with the NetBSD naming
scheme for control programs. This fixes pr 34051.
 1.81.4.2  29-Oct-2007  wrstuden Catch up with 4.0 RC3
 1.81.4.1  03-Sep-2007  wrstuden Sync w/ NetBSD-4-RC_1
 1.81.2.3  16-Dec-2009  sborrill Pull up the following revisions(s) (requested by dholland in ticket #1370):
etc/defaults/rc.conf: revision 1.107

Make rtsold_flags default to -a. Closes PR/39657.
 1.81.2.2  14-Oct-2007  riz Pull up following revision(s) (requested by xtraeme in ticket #930):
etc/group: revision 1.22
etc/defaults/rc.conf: revision 1.85
etc/master.passwd: revision 1.38
usr.sbin/sdpd/sdpd.8: revision 1.2
usr.sbin/sdpd/sdpd.8: revision 1.3
share/man/man5/rc.conf.5: revision 1.113
etc/rc.d/sdpd: revision 1.2
usr.sbin/sdpd/server.c: revision 1.3
usr.sbin/postinstall/postinstall: revision 1.38
usr.sbin/sdpd/server.h: revision 1.2
usr.sbin/sdpd/main.c: revision 1.2
usr.sbin/sdpd/main.c: revision 1.3
Add an option to permit members of a specific group to register services, in
order to lower the barrier for users of bluetooth devices which may need to
query services on the local host.
change default user/group from nobody/nobody to _sdpd/_sdpd
 1.81.2.1  28-Aug-2007  ghen Pull up following revision(s) (requested by pavel in ticket #845):
etc/rc.d/postfix: revision 1.14
etc/defaults/rc.conf: revision 1.90
Add some magic (similar to the one in rc.d/sendmail introduced with 2.0
release) to not start postfix if $postfix is not explicitely set and
another mailer is selected in /etc/mailer.conf. Also print a warning if it
happens because the mailer in rc.conf is the removed sendmail.
This prevents starting two MTAs at once if one uses a custom MTA.
As proposed on tech-userlevel, approved by martin.
 1.90.10.8  17-Jan-2009  mjf Sync with HEAD.
 1.90.10.7  05-Oct-2008  mjf Sync with HEAD.
 1.90.10.6  29-Jun-2008  mjf Sync with HEAD.
 1.90.10.5  02-Jun-2008  mjf Sync with HEAD.
 1.90.10.4  07-Apr-2008  mjf Enable devfsd by default. Thanks to riz for pointing this out.
 1.90.10.3  03-Apr-2008  mjf Sync with HEAD.
 1.90.10.2  20-Mar-2008  mjf dctl:
- Make dctl see aware of device driver names being added and removed so
that it can signal devfsd(8), which in turn will request device node
creation of deletion from a particular devfs mount.

- Each device that registers the need for a device node also passes on
some info about what sort of device they are. We now package this up
in the dctl messaging framework to let devfsd(8) know.

- Use a dev_t for the cookie for each device that dctl(4) knows about. This
was changed from a device_t because some devices (zero(4)) don't have
corresponding device_t's.

- dctl mount functions have grown a visibility argument which specifies
the default visibility for that mount.

- Since we want to get information about devices (for matching against
rules) through ioctl calls to match against rules, but for userland
to ioctl they need device nodes, dctl provides an "inner" ioctl function
that calls the ioctl function of the device driver directly.

devfsd:
- Run in the background.

- Convert all output to use syslog(3).

- When devices are removed request the corresponding device node be
removed from every devfs mount.

- Start using the dctl "innerioctl" facility to get information about
devices which will be useful for matching. We're only handling disk
devices, and can only grok information about a partition's file system
type at the moment.

- Fix code that handles rules that specify filenames.

- Specifying visibility for device nodes now works.

mount_devfs:
- Catch up with devfs changes. Provide an -f option which means that the
devfs can only be unmounted it if it forced.

- Provide -i option to specify that the default visibility for a mount
should be invisible. This means device nodes are not visible in the
devfs mount by default, rather they must have a rule for devfsd that
specifies that they should be visible.

- Provide -v option that specifies a devfs mount should be visible.
This is the default.

- Update man page to reflect these changes.

etc/defaults/rc.conf:
- Turn devfsd off by default.


Device nodes can now be dynamically created and removed from a device file
system.
 1.90.10.1  21-Feb-2008  mjf Start where the mjf-devfs branch left off.
 1.90.6.1  18-Feb-2008  mjf Add some devfs code that's been sitting in my local tree for a while.

devfsd(8) is now the first daemon to be started after init(8). It tracks
device insertion (will eventually track removal) and devfs mounts.

Currently, we can mount multiple device file systems and have device
special files pushed into the mounts automatically, though, the device
special files aren't created with the correct major/minor number pairs
yet.

More work to come soon.
 1.92.4.2  18-Sep-2008  wrstuden Sync with wrstuden-revivesa-base-2.
 1.92.4.1  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.92.2.1  04-Jun-2008  yamt sync with head
 1.95.2.5  18-Dec-2009  snj Pull up following revision(s) (requested by dholland in ticket #1195):
etc/defaults/rc.conf: revision 1.107
Make rtsold_flags default to -a as per PR 39657.
 1.95.2.4  10-May-2009  snj Pull up following revision(s) (requested by roy in ticket #534):
etc/defaults/rc.conf: revision 1.103
etc/rc.d/Makefile: revision 1.78 via patch
etc/rc.d/dhcpcd: revision 1.1
Add an rc.d script for dhcpcd(8)
 1.95.2.3  26-Mar-2009  snj branches: 1.95.2.3.4;
Pull up following revision(s) (requested by hannken in ticket #606):
etc/defaults/rc.conf: revision 1.101
etc/rc.d/ipfilter: revision 1.18
Add flags to rc.d/ipfilter. Use it from rc.conf like
ipfilter=YES ipfilter_flags="-T fr_statemax=18963,fr_statesize=27091"
Ok: Christos Zoulas <christos@netbsd.org>
 1.95.2.2  06-Feb-2009  snj Pull up following revision(s) (requested by apb in ticket #406):
etc/defaults/rc.conf: revision 1.99
etc/rc.d/Makefile: revision 1.73
etc/rc.d/rndctl: revision 1.1
share/man/man5/rc.conf.5: revision 1.127
* Add etc/rc.d/rndctl script, based on work by Brian A. Seklecki. This
allows you to invoke rndctl(8) during the boot.
* Add rndctl=NO and rndctl_flags="" to /etc/defaults/rc.conf.
* Document rndctl and rndctl_flags variables in rc.conf(5).
 1.95.2.1  22-Jan-2009  snj Pull up following revision(s) (requested by rafal in ticket #297):
distrib/sets/lists/etc/mi: revision 1.203
doc/CHANGES: revision 1.1151 via patch
etc/defaults/rc.conf: revision 1.97
etc/mtree/special: revision 1.123
etc/rc.d/Makefile: revision 1.71
etc/rc.d/httpd: revision 1.1
share/man/man5/rc.conf.5: revision 1.123
usr.sbin/postinstall/postinstall: revision 1.80
Import rc.d/httpd script for httpd(8) daemon control.
See rc.conf(5) for options explanation.
 1.95.2.3.4.1  21-Apr-2010  matt sync to netbsd-5
 1.100.2.1  13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.110.2.2  05-Mar-2011  bouyer Sync with HEAD
 1.110.2.1  08-Feb-2011  bouyer Sync with HEAD
 1.115.2.3  23-Jan-2013  yamt sync with head
 1.115.2.2  30-Oct-2012  yamt sync with head
 1.115.2.1  17-Apr-2012  yamt sync with head
 1.120.2.2  19-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.120.2.1  25-Feb-2013  tls resync with head
 1.122.8.1  10-Aug-2014  tls Rebase.
 1.123.2.4  06-Aug-2015  snj Pull up following revision(s) (requested by skrll in ticket #909):
distrib/sets/lists/etc/mi: revision 1.237
distrib/sets/lists/tests/mi: revision 1.613
distrib/utils/embedded/conf/armv7.conf: revisions 1.1, 1.2
distrib/utils/embedded/conf/beagleboard.conf: delete
distrib/utils/embedded/conf/evbarm.conf: revisions 1.21, 1.22
distrib/utils/embedded/conf/rpi.conf: revisions 1.28, 1.29
distrib/utils/embedded/conf/rpi_inst.conf: revisions 1.7, 1.8
distrib/utils/embedded/conf/usermode.conf: revision 1.5
distrib/utils/embedded/conf/x86.conf: revision 1.5
distrib/utils/embedded/files/resize_disklabel: revision 1.1
distrib/utils/embedded/mkimage: revisions 1.49, 1.55-1.59
etc/defaults/rc.conf: revision 1.133
etc/etc.evbarm/Makefile.inc: revisions 1.72, 1.76
etc/rc.d/Makefile: revision 1.93 via patch
etc/rc.d/resize_root: revisions 1.1-1.3
etc/rc.d/root: revision 1.5
sbin/resize_ffs/Makefile: revision 1.5
sbin/resize_ffs/resize_ffs.8: revisions 1.14-1.16
sbin/resize_ffs/resize_ffs.c: revisions 1.39-1.44
share/man/man5/rc.conf.5: revision 1.158, 1.159
tests/sbin/resize_ffs/Makefile: revision 1.4
tests/sbin/resize_ffs/common.sh: revision 1.14
tests/sbin/resize_ffs/t_check.sh: revision 1.1
tests/sbin/resize_ffs/t_grow.sh: revision 1.9
tests/sbin/resize_ffs/t_grow_swapped.sh: revision 1.3
tests/sbin/resize_ffs/t_shrink.sh: revision 1.8
tests/sbin/resize_ffs/t_shrink_swapped.sh: revision 1.2
fix image building:
- round up the total size of the disk image
- fix fdisk offset for netbsd ffs images
--
Make get_dev_size work on regular files too.
--
Use `!= -1' instead of `== 0' out of paranoia.
--
- Add -c to check to see if grow/shrink is required
- Divide by DEV_BSIZE when returning size of file.
- Update manpage
--
New sentence, new line. Sort option descriptions.
--
Add resize_root boot operation. If resize_root=YES in rc.conf then
the system attempts to resize the root file system to fill it's
partition prior to mounting read-write. Useful for things like AMI
file system images. May eventually be used by arm images after
coming up with similar solution for increasing the parition size.
--
- Add new tests for -c check flag in resize_ffs
--
Bump date for previous.
it's -> its
--
Handle case in grow() where last cylinder group is too small for ufs2.
Align with code in shrink().
--
factor out geometry calculation and use this also in CheckOnly mode.
be a bit more verbose in Verbose mode.
--
Add support for auto-growing the root partition. Enable it for rpi.img.
--
initialize resize before pulling in board config
--
add KEYWORD: interactive, honour resize_root_flags and
resize_root_postcmd rc vars
--
if the -p flag is specified, display a progress bar while growing the
file-system
--
show resize_ffs progress bar when resizing root partition
--
fix typo in previous; pass -y unconditionally to resize_ffs, not -p
--
Rename beagleboard.img to armv7.img. The new image includes the same
kernels as beagleboard.img plus support for Raspberry Pi 2, ODROID-C1,
Cubieboard2, Cubietruck, Hummingbird A31, and Banana Pi.
--
Properly spell X' name. From X(7):
The X.Org Foundation requests that the following names be
used when
referring to this software:
X
X Window System
X Version 11
X Window System, Version 11
X11
--
Add some documentation:
Tell what this does, and what it expects from conf files
--
Cleanup: make_filesystems is not used any longer, purge remains
--
More cleanup:
Instead of first overwriting the *_evbarm functions with own code,
and then calling them from the regular functions, directly put the
code into the regular functions.
No more functions from evbarm.conf are used now.
Some variables are still used!
--
define TOOL_MKUBOOTIMAGE for mkimage
--
fix mkubootimage
 1.123.2.3  30-Apr-2015  riz Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201

Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
 1.123.2.2  26-Mar-2015  martin Pull up following revision(s) (requested by jmcneill in ticket #635):
etc/rc.d/Makefile: revision 1.92
distrib/sets/lists/man/mi: revision 1.1497
share/man/man5/Makefile: revision 1.71
etc/defaults/rc.conf: revision 1.132
etc/rc.d/modules: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.190
distrib/sets/lists/etc/mi: revision 1.236
etc/mtree/special: revision 1.152
share/man/man5/modules.conf.5: revision 1.1
Process /etc/modules.conf (if present) at startup, before securelevel is
raised, to allow module loading on ports without a module aware bootloader.
 1.123.2.1  23-Jan-2015  martin Pull up following revision(s) (requested by jmcneill in ticket #443):
etc/defaults/rc.conf: revision 1.129
etc/rc.d/wpa_supplicant: revision 1.6
It doesn't make sense to start wpa_supplicant from an rc.d script without
the -B flag, so always prepend it to $rc_flags.
 1.136.2.2  20-Mar-2017  pgoyette Sync with HEAD
 1.136.2.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.139.6.2  16-Oct-2020  martin Pull up the following revision, requested by kim in ticket #1603
and accidently lost during initial commit:

etc/defaults/rc.conf: revision 1.159

Add optional release info in /etc/motd.
 1.139.6.1  14-May-2019  martin Pull up following revision(s) (requested by maxv in ticket #1265):
etc/rc.d/smtoff: revision 1.1
etc/rc.d/smtoff: revision 1.2
distrib/sets/lists/etc/mi: revision 1.258
etc/rc.d/smtoff: revision 1.3
etc/rc.d/smtoff: revision 1.4
etc/defaults/rc.conf: revision 1.148
etc/rc.d/Makefile: revision 1.103
usr.sbin/postinstall/postinstall: revision 1.226
etc/rc.d/Makefile: revision 1.104
etc/mtree/special: revision 1.167
share/man/man5/rc.conf.5: revision 1.180

Add smtoff, an rc.d script that disables Simultaneous Multi-Threading. It
parses the output of cpuctl, and executes "cpuctl offline" for each CPU
that has SmtID!=0.

The default is "smtoff=NO", which means that SMT remains enabled.
Restructure code a little.

Use quoting everywhere possibly useful (always the right way, except
in the few cases where it is wrong...)

Avoid using cut & grep (from /usr/bin) so script could run before /usr
is mounted (pity cpuctl is in /usr/sbin ...).

Use sysctl -n rather than attempting to parse its output.
install rc.d

No change... Previous log message should have said:
Install rc.d/smtoff

I should know better! Don't rely upon the way the shell implements
pipes. Skip the "error" printf from GetSmtId() as there is no easy
portable way to avoid it occurring (there are complicated ways) - but
we don't need it, there is no logical difference between "error" and ""
so just use the latter (if we get an ID, good, if there is nothing, then
there is none - saying 'error' does not mean anything.)

Remove comment, since there is no parsing anymore.
 1.141.2.6  18-Jan-2019  pgoyette Synch with HEAD
 1.141.2.5  20-Oct-2018  pgoyette Sync with head
 1.141.2.4  30-Sep-2018  pgoyette Ssync with HEAD
 1.141.2.3  28-Jul-2018  pgoyette Sync with HEAD
 1.141.2.2  25-Jun-2018  pgoyette Sync with HEAD
 1.141.2.1  22-Apr-2018  pgoyette Sync with HEAD
 1.143.2.3  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.143.2.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.143.2.1  10-Jun-2019  christos Sync with HEAD
 1.151.2.2  13-Sep-2020  martin Pull up following revision(s) (requested by kim in ticket #1080):

etc/rc.d/motd: revision 1.10
etc/rc.d/motd: revision 1.11
share/man/man5/rc.conf.5: revision 1.186
share/man/man5/rc.conf.5: revision 1.187
etc/defaults/rc.conf: revision 1.159

Add optional release info in /etc/motd

My personal preferencese for /etc/rc.conf:

update_motd_release=YES
motd_release_tag='Binaries: '

This provides an explanation to users about the second version in motd.

Document update_motd_release and motd_release_tag

New sentence, new line.

Make a ": " suffix a fixed part of the release info tag

This results in correct updates to /etc/motd even when the value of
motd_release_tag is changed (a likely event).

Add safe quoting to outputting the read kernel version.

Thanks to kre@ for the feedback.
 1.151.2.1  27-Sep-2019  martin Pull up following revision(s) (requested by brad in ticket #250):

external/cddl/osnet/sbin/zfs/mount_zfs.8: revision 1.2
external/cddl/osnet/sbin/zfs/mount_zfs.8: revision 1.3
external/cddl/osnet/sbin/zfs/mount_zfs.8: revision 1.4
external/cddl/osnet/sbin/zfs/mount_zfs.8: revision 1.5
distrib/sets/lists/man/mi: revision 1.1652
distrib/sets/lists/man/mi: revision 1.1653
distrib/sets/lists/etc/mi: revision 1.259
etc/rc.d/mountall: revision 1.11
external/cddl/osnet/sbin/zfs/Makefile: revision 1.5
external/cddl/osnet/dist/cmd/zfs/zfs_main.c: revision 1.7
etc/rc.d/Makefile: revision 1.105
distrib/sets/lists/base/mi: revision 1.1217
etc/rc.d/Makefile: revision 1.106
etc/rc.d/zfs: revision 1.1
etc/defaults/rc.conf: revision 1.152
external/cddl/osnet/sbin/zfs/mount_zfs.8: revision 1.1

Add support for legacy ZFS filesystems, specified by mountpoint=legacy
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.

Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.
mount_zfs.8: add xref to fstab(5)

Use more markup.

Include mount_zfs man pages only for MKZFS builds.

Moved zfs out of MKX11 block.

Fix build failure without X11.

Add a copyright to the man page and a bit of history.
Use Pa macro for path
new sentence, new line
 1.162.2.3  13-Oct-2023  martin Pull up following revision(s) (requested by abs in ticket #404):

etc/rc.d/npf: revision 1.8
etc/defaults/rc.conf: revision 1.167

Add support to npf_rules to rc.conf
- Allows overriding default from /etc/npf.conf
- Indicate rules file used in output
- Drop check for file presence in script - rely on npf exiting with error
 1.162.2.2  02-Oct-2023  martin Pull up following revision(s) (requested by riastradh in ticket #381):

distrib/utils/embedded/conf/evbarm.conf: revision 1.42
distrib/sets/lists/etc/mi: revision 1.273
etc/rc.d/Makefile: revision 1.118
distrib/utils/embedded/conf/usermode.conf: revision 1.7
etc/rc.d/certctl_init: revision 1.1
distrib/evbarm/liveimage/armimage/rc.conf.armimage: revision 1.2
etc/defaults/rc.conf: revision 1.166
distrib/amd64/liveimage/emuimage/rc.conf.emuimage: revision 1.3
distrib/utils/embedded/conf/x86.conf: revision 1.11
distrib/utils/embedded/conf/evbmips.conf: revision 1.4

/etc/rc.d/cerctl_init: New script for certctl rehash in live images.

This is very limited -- it does not supplant postinstall to rehash
certificates on upgrade; it only runs certctl rehash if
/etc/openssl/certs is an empty directory, as you get in live images
not created with sysinst.

We could also have a more general-purpose way to run postinstall(8)
on first boot of an image, but that has a lot more moving parts to
think about, so let's start with this limited-scope low-risk
approach.

PR install/57629

/etc/rc.d/certctl_init: Default off.
Otherwise in systems without certctl_init=YES, such as systems
installed with sysinst(8) where it's unnecessary because the rehash
has already happened at install time, you'll get spurious warnings.
 1.162.2.1  11-Aug-2023  martin Pull up following revision(s) (requested by riastradh in ticket #319):

sys/dev/pci/ubsec.c: revision 1.64
sys/dev/pci/hifn7751.c: revision 1.82
lib/libc/gen/getentropy.3: revision 1.5
lib/libc/gen/getentropy.3: revision 1.6
share/man/man4/rnd.4: revision 1.41
lib/libc/sys/getrandom.2: revision 1.2
lib/libc/sys/getrandom.2: revision 1.3
share/man/man5/rc.conf.5: revision 1.193
share/man/man7/entropy.7: revision 1.5
share/man/man7/entropy.7: revision 1.6
share/man/man7/entropy.7: revision 1.7
share/man/man7/entropy.7: revision 1.8
etc/security: revision 1.130
share/man/man7/entropy.7: revision 1.9
etc/security: revision 1.131
sys/crypto/cprng_fast/cprng_fast.c: revision 1.19
sys/sys/rndio.h: revision 1.3
tests/lib/libc/sys/t_getrandom.c: revision 1.5
etc/defaults/rc.conf: revision 1.164
etc/defaults/rc.conf: revision 1.165
sys/sys/rndsource.h: revision 1.10
sys/kern/kern_entropy.c: revision 1.62
sys/kern/kern_entropy.c: revision 1.63
sys/kern/kern_entropy.c: revision 1.64
sys/kern/subr_cprng.c: revision 1.44
sys/kern/kern_entropy.c: revision 1.65
sys/kern/kern_clock.c: revision 1.149
sys/dev/pci/viornd.c: revision 1.22
share/man/man9/rnd.9: revision 1.32
sys/kern/subr_prf.c: revision 1.202
sys/sys/rndsource.h: revision 1.8
sys/sys/rndsource.h: revision 1.9
share/man/man7/entropy.7: revision 1.10

1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in
parallel with assessment of only confident entropy sources (seed,
HWRNG) for security warnings like sshd keys in motd and daily
insecurity report.

2. Make multiuser boot wait for first /dev/random output soon after
loading a seed and configuring rndctl, so that getentropy(3) meets
its contract starting early at boot without introducing blocking
paths that could cause hangs in init(8) or single-user mode.
Operators can choose to disable this wait in rc.conf.

3. Fix some bugs left over from reducing the global entropy lock from
a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL.

4. Update man pages.

RSS XML Feed