Home | History | Annotate | Download | only in mtree
History log of /src/etc/mtree/special
RevisionDateAuthorComments
 1.179  27-Jul-2024  christos PR/58465: copypu: add wpa_supplicant.conf as optional
 1.178  02-Sep-2023  riastradh branches: 1.178.2;
etc/mtree/special: Fix spaces/tabs.

No functional change intended.
 1.177  30-Aug-2023  martin Now that we have /etc/openssl/certs.conf mentioned here, also
list /etc/openssl.
 1.176  28-Aug-2023  riastradh certctl(8): Set certs.conf 644 and add it to etc/mtree/special.
 1.175  06-Jun-2022  nia branches: 1.175.2;
build system: Revert all the recent additions of MK[...] knobs that
allow conditionally disabling the building of certain user space
programs in the 'base' set.

There is not enough consensus that this is the right way and a few
people had strong objections, see source-changes-d@.
 1.174  25-May-2022  nia mk: Allow setting MKDHCPD=no to build base without the ISC DHCP server,
useful for embedded images that don't need to act as one.
 1.173  25-May-2022  nia mk: Allow building base without the MBONE applications by setting
MKMBONE=no in mk.conf
 1.172  30-Nov-2021  simonb Add /etc/sshd/ssh_host_ed25519_key* .
 1.171  26-Feb-2021  jakllsch Add /etc/ip6addrctl.conf as optional file so it is backed up.
 1.170  28-Jun-2020  kim Fix /private/tmp mode to match etc/rc.d/perusertmp
 1.169  15-Jun-2020  christos Rename blacklist -> blocklist
 1.168  31-May-2020  roy dhcpcd: Empty the chroot

While here, set correct optional hooks.
 1.167  11-May-2019  maxv branches: 1.167.2;
Add smtoff, an rc.d script that disables Simultaneous Multi-Threading. It
parses the output of cpuctl, and executes "cpuctl offline" for each CPU
that has SmtID!=0.

The default is "smtoff=NO", which means that SMT remains enabled.
 1.166  04-May-2019  mrg capture /etc/route.conf in /var/backups.
 1.165  29-Mar-2019  christos For consistency use the user and group names for directory ownership.
Also do this for rtadvd, so that it can dump core.
 1.164  23-Sep-2018  maxv Remove the userland part of ISDN. The kernel part is untouched for now.
ipppctl was actually an exact copy of pppoectl; there is no functional
change in pppoectl in this commit.
 1.163  29-Jun-2018  roy Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html
 1.162  09-Jan-2018  christos branches: 1.162.2; 1.162.4;
Merge autofs support from: Tomohiro Kusumi
XXX: Does not work yet
 1.161  29-Dec-2017  is Add startup file for dhcp v6 with builtin isc-dhcp. Alas, this needs to
be a seperate process. On the positive side: this can't break the dhcpd
for IPv4 when tested.
 1.160  20-Feb-2017  christos branches: 1.160.4;
sort completely
 1.159  20-Feb-2017  pgoyette Move the /etc/sasl stuff to proper position in collating sequence.

XXX Ideally we would sort the whole file...
 1.158  20-Feb-2017  pgoyette Add /etc/rc.d/unbound per christos@

XXX should we move the /etc/sasl/ entries to their proper place in
XXX sort order? as of now they're sitting in the middle of /etc/rc.d !
 1.157  20-Feb-2017  pgoyette Mark the entry for /etc/rc.d/nsd optional - it's not included in every
system.
 1.156  07-Jan-2017  christos branches: 1.156.2;
add nsd npfd
 1.155  27-Dec-2016  maya Add blacklistd.conf so it gets backed up, too.
 1.154  27-Dec-2016  christos Add npf.conf so it gets backed up.
 1.153  23-Nov-2015  christos branches: 1.153.2;
PR/49380: KAMADA Ken'ichi: ntpd_chrootdir does not work on NetBSD 7.0_BETA
Provide /etc/resolv.conf so that it can resolve names. This is needed because
of deferred name resolution.
XXX: pullup -7
 1.152  21-Mar-2015  jmcneill Process /etc/modules.conf (if present) at startup, before securelevel is
raised, to allow module loading on ports without a module aware bootloader.
 1.151  21-Feb-2015  joerg Add rc script for /sbin/iscsid.
 1.150  30-Dec-2014  uebayasi Add entries, sort, etc.
 1.149  20-Sep-2014  roy More rtsold removal, thanks to Henning Petersen.
Fixes PR misc/49228.
 1.148  05-Aug-2014  dholland branches: 1.148.2;
Remove "tags=nodiff" from /var/log/authlog as suggested by uebayasi@;
part of PR 49031.
 1.147  19-May-2014  uebayasi Tag all 0600 files as "nodiff" (== secret).
 1.146  09-Jul-2013  roy branches: 1.146.4;
Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36
 1.145  16-May-2013  yamt try to sync lists of rc.d scripts
 1.144  11-Mar-2013  christos fix typo, from Henning Petersen
 1.143  08-Mar-2013  christos PR/47630: Petar Bogdanovic: add ssh_host_ecdsa_key to /etc/mtree/special
 1.142  28-Jun-2012  kefren branches: 1.142.2;
add ldpd rc.d script here too
 1.141  17-Dec-2011  tsutsui Add an rc.d(8) script for isibootd(8). Taken from ndbootd(8).
 1.140  08-Dec-2011  taca According to /etc/rc.d/mdnsd, /var/run/mdnsd is owned by _mdnsd:_mdnsd
if it created. So, set owner/group of /var/run/mdnsd.

It stop a useless warning in /etc/security.
 1.139  26-Nov-2011  tls Make the rndsave structure public -- the kernel will learn to read it
and sysinst may learn to write it (since, on some systems, most of
the keyboard input they ever get happens to be during install). Fix a
couple of minor problems with the random_seed rc script addition.
 1.138  27-May-2011  plunky branches: 1.138.4;
provide a new 'bluetooth' rc.d script, to handle Bluetooth configuration
in a simpler manner. This replaces btattach, btconfig, bthcid, btdevctl
and sdpd scripts, and also should not require any configuration settings
other than "bluetooth=YES", though the full range of configurations is
still possible.
 1.137  17-Apr-2011  martin Get rid of var/chroot/tcpdump/etc
 1.136  11-Apr-2011  martin When run as root, tcpdump will chroot to /var/run/tcpdump - but it can
not look up /etc/protcols in there. So install a copy of /etc/protocols
into the chroot area.
Fixes PR bin/44721.
 1.135  02-Feb-2011  rmind NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
 1.134  17-Dec-2010  jruoho branches: 1.134.2;
Make tcpdump(8) to drop root privileges and chroot(2) by default.
 1.133  24-Aug-2010  christos Add directory for bind's managed keys.
 1.132  07-Jun-2010  jruoho Add "optional" keyword to rc.d/xdm and rc.d/xfs. Fixes PR misc/43307.
 1.131  29-Sep-2009  tsarna Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.
 1.130  17-Sep-2009  tron Remove "/etc/postfix/postfix-script" as the file was obsoleted by
the upgrade to Postfix 2.6.x.
 1.129  25-Jul-2009  mbalmer Document recent gpio(4) changes and introduce a new config file for GPIO.
Integrate with the startup scripts in /etc/rc.d. Introduce new variable
"gpio" for /etc/rc.conf.
 1.128  21-Apr-2009  joerg Split fsck during boot into two phases. Check the root file system
first, mount root and run the various disk providers. Add swap and
check the remaining file systems after that.
This breaks the dependency cycle for lvm, which needs writeable /dev.
Depend on rndctl in cgd.
 1.127  18-Jan-2009  taca branches: 1.127.2;
Fix a typo with /etc/rc.d/lvm.
 1.126  16-Jan-2009  haad Add lvm script to the lists.
 1.125  08-Jan-2009  apb Add rndctl
 1.124  20-Dec-2008  isaki x68k pow(4) now uses MI sysmon_pswitch framework. suggested by tsutsui@.
- Make MD poffd(8) retire, and use MI powerd(8) instead of it.
- Make /dev/pow1 retire, because nobody holds /dev/pow0 any longer.
Use /dev/pow0 for pow(4) ioctl.
- POWIOCSSIGNAL ioctl which is for poffd(8) is also obsoleted.
 1.123  11-Dec-2008  mishka Import rc.d/httpd script for httpd(8) daemon control.
See rc.conf(5) for options explanation.
 1.122  12-Nov-2008  ad Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.
 1.121  20-Jun-2008  peter branches: 1.121.2;
Add entries for /etc/pf.conf and /etc/pf.os.

Suggested by Luke Mewburn in PR/35188.
 1.120  18-Jun-2008  yamt merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@. requested by core@
 1.119  24-May-2008  joerg Hook dhcpcd into build.
 1.118  30-Apr-2008  ad branches: 1.118.2;
Give i386 and amd64 a default boot.cfg.
 1.117  15-Apr-2008  plunky branches: 1.117.2;
some changes to serial bluetooth host controller interfaces

btuartd(8) should be named btattach(8) for consistency
with other parts of NetBSD

make btattach(8) a single-use tool for less complexity

device specicific initialisation (from btuart(4)) is carried
out prior to activating the line discipline (in btattach(8)),
which simplifies the API somewhat and means that the user
tool and the kernel do not need to be kept in sync.

btuart(4) driver is much reduced; naming is made consistent
and all tsleep() and delay() are removed to userland
 1.116  22-Dec-2007  jmcneill branches: 1.116.2; 1.116.6;
Add example hotkey_button script
 1.115  14-Jul-2007  ad branches: 1.115.4;
fixsb has done its job.
 1.114  02-Jul-2007  xtraeme Add the /etc/powerd/scripts/sensor_indicator to handle events on
indicator sensors.

Update powerd(8).
 1.113  01-Jul-2007  xtraeme Add the /etc/rc.d/envsys script required by envsys2.
 1.112  01-Jul-2007  xtraeme Imported envsys 2, a brief description of the new features:
(Part 4: documentation and configuration files)

* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.

Tested by:

blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
 1.111  10-May-2007  christos Move .db files for services and netgroup to /var/db per gimpy's request.
 1.110  20-Feb-2007  kiyohara Supprot Bluetooth HCI UART (H4) driver and daemon.
 1.109  04-Feb-2007  elad Add support for per-user /tmp.

Enabled via per_user_tmp in /etc/rc.conf (default off).

See security(8) and rc.conf(5) for more details.

Lots of input from thorpej@ & christos@, thanks!
 1.108  14-Dec-2006  reed Remove comment about "hand-crafted".

Mention this file may be overwritten on upgrades, where to put
custom specs instead, and point to manual page.
 1.107  12-Nov-2006  christos goodbye uucp
 1.106  07-Oct-2006  rpaulo PR 34692: wpa_supplicant script.
By Jukka Salmi.
 1.105  26-Sep-2006  jmcneill Add acadapter, lid_switch, and sleep_button powerd scripts.
 1.104  25-Sep-2006  snj Fix a sorting error in the last change. Pointed out by Jukka Salmi.
 1.103  24-Sep-2006  snj Add missing rc.d scripts (cgd, ftpd, hostapd, ifwatchd, ipfs, irdaattach,
moused, rtclocaltime, staticroute, tpctl).

From Jukka Salmi in PR misc/33626.
 1.102  23-Sep-2006  elad PR/18476: reed at reedmedia dot net: add /etc/skel to special mtree
Slightly different patch applied (entry was made optional), thanks!
 1.101  10-Sep-2006  plunky update to bluetooth device attachment:

remove pseudo-device btdev(4) and inherent limitations

add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.

btdevctl(8) and its cache is updated to handle new semantics

etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
 1.100  13-Aug-2006  plunky rename btcontrol(8) as btdevctl(8) to make it fit with the NetBSD naming
scheme for control programs. This fixes pr 34051.
 1.99  26-Jul-2006  tron branches: 1.99.2;
Bluetooth fixes by Iain Hibbert:
Create "/etc/rc.d/btcontrol" to attach bluetooth devices at boot.
 1.98  26-Jul-2006  tron Bluetooth fixes by Iain Hibbert:
Remove bluetooth.conf(5) and config parsing from libbluetooth(3)
as this is no longer required.
 1.97  19-Jun-2006  gdamore Initial import of bluetooth stack on behalf of Iain Hibbert. (plunky@,
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.

The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.

Drivers for both PCMCIA and USB bluetooth controllers are included.
 1.96  09-Jun-2006  tron Remove entries for "/var/spool/mqueue" (used by "sendmail" only).
 1.95  09-Jun-2006  tron Remove obsolete entries for "sendmail". Patch suppled by Yoshito Komatsu
in PR misc/33658
 1.94  30-May-2006  christos Remove sendmail (approved by core)
 1.93  27-Mar-2006  ghen Document the defaultroute6 rc.conf variable and the /etc/mygate6 file in
/etc/defaults/rc.conf, /etc/mtree/special, and rc.conf(5). Ok with wiz.
 1.92  23-Mar-2006  wiz Remove some more kerberosIV remnants.
 1.91  11-Feb-2006  agc Install the iscsi/auths file as mode 600.
 1.90  08-Feb-2006  agc Add distribution entries and supporting files for the iSCSI target.
 1.89  23-Aug-2005  peter pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
 1.88  27-Jun-2005  peter Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.

A port of the latest spamd will be imported into pkgsrc soon.

Suggested by several people, no objections on last proposal on tech-userlevel.
 1.87  22-May-2005  lukem Consistently use 0664 root:utmp for /var/log/{lastlog,wtmp}{,x}.
Rest of PR 18670.
 1.86  11-May-2005  peter PR/30177: Rui Paulo: /var/chroot/pflogd isn't created by default
 1.85  02-May-2005  lukem Add /etc/pam.conf and /etc/pam.d/*
 1.84  17-Apr-2005  lukem Tweaks for the move of postinstall from /etc to /usr/sbin
 1.83  12-Apr-2005  jwise /var/chroot/spamd is now /var/chroot/pfspamd.
 1.82  04-Mar-2005  christos branches: 1.82.2;
PR/18670: Charles Blundell: Add entries for lastlog and lastlogx
 1.81  25-Nov-2004  perry add ./var/chroot and subdirectories
 1.80  18-Apr-2004  dbj enable rc.d fixsb script
initial testing suggests that it is working and I am confident it
will not cause irrevocable damage
 1.79  06-Feb-2004  itohy branches: 1.79.2;
Add /etc/locate.conf
 1.78  01-Feb-2004  christos add identd
 1.77  14-Jan-2004  jmmv Add the veriexec rc.d script.
 1.76  14-May-2003  ragge Remove kvm.db, reminded by atatat.
 1.75  09-May-2003  lukem etc/mail/aliases.db is optional. From [misc/18536] by Jeremy Reed.
 1.74  30-Apr-2003  lukem etc/powerd/** is optional
 1.73  20-Apr-2003  thorpej Add a reset_button script.
 1.72  18-Apr-2003  thorpej Add powerd rc.d script and configuration scripts.
 1.71  16-Apr-2003  cjs Change ipsec.conf not to be world-readable and nodiff, so we don't expose keys
if they happen to be in that file. Also add /etc/racoon stuff.
 1.70  15-Apr-2003  lukem remove superfluous "uname=root gname=wheel" from etc/postfix/** entries
 1.69  24-Mar-2003  atatat Add the new queue directory for the sendmail "mail submission" mode.
 1.68  08-Jan-2003  perry it is okay for the sendmail and postfix .cf files to be writable by root
 1.67  20-Dec-2002  lukem Remove /usr/local (and children) from the base distribution; we shouldn't
be creating directories or modifying permissions under there.

(/usr/local/* is still retained in various default PATHs, for convenience)
 1.66  09-Oct-2002  elric Added cgd rc.d script and put it in the appropriate postinstall and
mtree files.
 1.65  16-Sep-2002  perry add wtmpx
 1.64  03-Sep-2002  abs Split raidframe parity checking/rebuild out into raidframeparity, which is
called after quota so we don't end up with fsck and raidframe parity rebuild
taking forever after a crash/reboot.
While we are here check for raid[0-9].conf & raid[1-9][0-9].conf not
raid[0-9].conf & raid[0-9][0-9].conf
 1.63  03-Sep-2002  wiz Add /var/run/utmpx, requested by soren.
 1.62  27-Aug-2002  cjs Add exclude tag to dumpdates so that diffs do not show up in the daily security
report. This file is expected to change daily, and this is not a security
problem. (Also, the most recent dumps are already shown in the daily report.)
 1.61  30-Jul-2002  lukem add wdogctl
 1.60  06-Jul-2002  tron Remove unused user and group "news" as discussed on "tech-userlevel".
 1.59  03-Jul-2002  yamt add wsmoused
 1.58  02-Jun-2002  jmcneill Add mixerctl rc.d script.
 1.57  29-Apr-2002  lukem branches: 1.57.2;
Complete the conversion back to the OpenSSH default configuration files of
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.
 1.56  29-Apr-2002  lukem add (optional) etc/postinstall
 1.55  27-Mar-2002  lukem etc/ssh is mode 0755 not 0644. Noted by Toru TAKAMIZU on current-users.
 1.54  22-Mar-2002  itojun move ssh config file to /etc/ssh
 1.53  22-Mar-2002  itojun add postfix config files. PR15659
 1.52  24-Feb-2002  wiz Mark mk.conf optional, addressing install/15572.
 1.51  19-Feb-2002  veego Add ./etc/ipf6.conf
 1.50  03-Feb-2002  veego etc/rc.d/NETWORK was renamed to etc/rc.d/NETWORKING
 1.49  15-Oct-2001  lukem Use "nodiff" instead of "nomail" for the tag which is used to exclude
files from having the changes diff generated. Suggested by Michael Graff.
 1.48  15-Oct-2001  lukem monitor etc/changelist again
 1.47  12-Oct-2001  lukem Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.

Features:
- Add a bunch of stuff to /etc/mtree/special to enable removal of
/etc/changelist:
- files which we want to monitor for changes but don't want to
see the diffs of (master.passwd, ssh_host_key, ...) are
tagged with "nomail"
- files which we don't want to monitor are tagged with "exclude"
(such as netgroup.db, kvm.db, ...)
- monitor /etc/mtree/special.local, /root/.ssh/*
- remove /etc/changelist, and a bunch of XXX comments
- use mtree(8)'s -D, -I, and -E to generate lists of files to
actually do the changelist stuff on.
- support /etc/mtree/special.local as an optional user-provided
version of /etc/mtree/special (effectively, an enhanced
/etc/changelist)
- Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/*
including support for these files being added and removed at will.
- If /sbin/fdisk exists, backup the output of "fdisk $disk" for all
the active disk drives as part of $check_disklabels
- Check permissions on: ~/.ssh/* ~/.shosts

Details:
- Reorder initialisation of defaults
- Remove special case for /etc/master.passwd "monitor but don't email diffs"
with general case for other similar files.
- Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...)
in "$backup_dir/work", to minimise name clashes.
- Add migrate_file(old, new) to do the hard work of migrating files
from the old `top level' /var/backups mechanism to the `full path'
mechanism recently added. Use this appropriately.
- Add backup_and_diff(file, printdiffs), to the hard work of backing-up
and diff-ing files.
- Cleanup use of shell redirects
- /bin/sh supports ~root globbing, so use it.
- Improve umask checking; use awk regex rather than awk math
 1.46  05-Oct-2001  lukem Take advantage of mtree(8)'s recently added support for absolute paths.
Use a default "/set uname=root gname=wheel".
This drastically reduces the size of the file, as well as making it
far more maintainable. The differences are:
lines words bytes filename
342 1633 16272 special-relative
295 998 11971 special-absolute
 1.45  02-Oct-2001  lukem add /etc/defaults/*.conf
 1.44  02-Oct-2001  lukem remove rule for pkgsrc - we don't have one for any of the other source
directories. requested in [bin/13818]
 1.43  02-Oct-2001  lukem add etc/rc.d/*. fixes [bin/12729]
 1.42  02-Oct-2001  lukem rc.local is technically an optional file...
 1.41  02-Oct-2001  lukem add ssh{,d}.conf, ssh_known_hosts{,2}, ssh_host_{[rd]sa_,}key{.pub,}
 1.40  01-Oct-2001  lukem add a bunch of optional etc stuff from changelist:
Distfile bootparams bootptab ccd.conf daily.local defaultdomain
dhclient-enter-hooks dhclient-exit-hooks dhclient.conf dhcpd.conf
disktab ethers ftpd.conf ftpwelcome gateways hesiod.conf hosts.allow
hosts.deny hosts.lpd ifaliases ipf.conf ipnat.conf ipsec.conf
monthly.local mygate myname netgroup netgroup.db netstart.local
ntp.conf passwd.conf rbootd.conf rtadvd.conf security.local
ttyaction usermgmt.conf weekly.local
- add required stuff from changelist:
etc/floppytab etc/netconfig etc/sysctl.conf
var/cron/tabs/root
var/yp/Makefile
sort mail/ into its proper place
add some comments to remind us of things to look at in the future
 1.39  24-Jun-2001  veego Another place where primes was used. Change it to moduli.
 1.38  28-May-2001  kleink Look after /etc/primes.
 1.37  06-May-2001  wiz Remove named.boot (only used by BIND 4.x).
 1.36  21-Apr-2001  atatat The script called dhclient-script no longer lives in /etc.
 1.35  29-Jan-2001  itojun remove sendmail-IPv4only.cf from checklist. PR 12075.
 1.34  25-Jan-2001  perry /etc/disklabels is obsolete -- remove it
 1.33  05-Sep-2000  enami Add an entry for optional dumpdates.
 1.32  21-Aug-2000  lukem remove rc.wscons
 1.31  15-Aug-2000  itojun synchronize with /etc/mail content.
NetBSD PR 10836 from koji@jp.above.net.
 1.30  13-May-2000  lukem branches: 1.30.4;
remove netstart
 1.29  08-May-2000  itojun make default sendmail.cf IPv4-only again.
roll sendmail-IPv6.cf, which does IPv4/v6.
 1.28  04-May-2000  itojun sync with sendmail 8.10.1 migration. /etc -> etc/mail
From: Andrew Brown <atatat@atatdot.net>
 1.27  10-Mar-2000  windsor oops, pppd doesn't require /etc/ppp/options now.
 1.26  10-Mar-2000  windsor forgot to add /etc/ppp/options to special(5)
 1.25  10-Mar-2000  windsor create /etc/ppp when building install sets
add this and a lot of files not previously looked at in special(5)
 1.24  23-Jun-1999  frueauf we have no group root by default, set gname=wheel for include.
 1.23  18-Jun-1999  simonb Change /etc/mtree/special and /etc/sendmail.cf to mode 444, and
/usr/include to owner:group root:wheel, to match how these files
are shipped in a distribution.

From PR misc/6736 from Soren Jorvang.
 1.22  05-Mar-1999  abs branches: 1.22.2;
/var/spool/ftp/pub (if present) is better 0775 thane 0777.
From Paul Goyette <paul@whooppee.com>
 1.21  29-Jan-1999  cjs Make /var/spool/news owned by news:news.
 1.20  29-Oct-1998  bad A basic /etc/rc.shutdown. Bails out if do_rcshutdown!=YES in /etc/rc.conf
(default is YES). Kills xdm and waits for it to terminate if it was enabled
in rc.conf (based on a code snippet from Ignatios).
 1.19  28-Oct-1998  mycroft Nuke /usr/src and /usr/pkgsrc from here. They are created when the source
tar files are unpacked, so having them here is pointless.
 1.18  10-Jan-1998  perry get rid of secretmail residue -- suggested in pr-4568 from Carl Shapiro
 1.17  03-Jan-1998  perry /usr/{src,obj,pkgsrc} -> root:wsrc, 0775
 1.16  18-Dec-1997  mikel make root owner of /usr/games/hide to match NetBSD.dist, fixes PR 4658
 1.15  19-Nov-1997  mrg make /usr/games/hide mode 750, and remove bogus /var/games/save entry.
 1.14  20-Oct-1997  fair branches: 1.14.2;
fix /var/mail permissions so that "dot locking" works.
 1.13  20-Sep-1997  mikel make some more files optional; from Erik Bertelsen in PR 4048
 1.12  10-Sep-1997  mikel add some files from /etc: inetd.conf, newsyslog.conf, protocols, rc.subr,
rpc, and services (required); ld.so.conf and resolv.conf (optional).
remove pointless 'ignore' keyword from /dev/mem
 1.11  31-Jul-1997  perry make some items 'optional' -- per pr-3663 from Erik Bertelsen
 1.10  21-Jun-1997  mikel add /etc/profile
 1.9  25-Apr-1997  mikel /usr/games/hide is owned by games.games, /usr/src has mode 755,
/var/at is owned by root.wheel.
 1.8  26-Mar-1997  mikel /etc/netstart doesn't need to be executable.
use four digits for all of the modes.
 1.7  11-Jan-1997  mikel update to match reality; PR misc/1075.
also added new files in /etc.
 1.6  04-Dec-1996  lukem AUTHPRIV syslog messages go to /var/log/authlog instead of /var/log/secure
(in line with other systems)
 1.5  11-Nov-1996  mikel Update name of KVM database.
 1.4  08-May-1996  pk A master.passwd has mode 0600 (PR#1405).
 1.3  21-Apr-1995  cgd /var/db shouldn't have had the 'ignore' flag set.
(from Masanobu Saitoh <saitoh@spa.is.uec.ac.jp>, pr 981)
 1.2  01-Feb-1995  jtc kvm_vmunix.db -> kvm_netbsd.db
 1.1  19-Jun-1994  cgd branches: 1.1.1;
update to Lite
 1.1.1.1  19-Jun-1994  cgd Lite
 1.14.2.2  22-Dec-1997  perry pull up from trunk (mikel)
 1.14.2.1  19-Nov-1997  mellon Pull rev 1.15 up from trunk (mrg)
 1.22.2.1  28-Aug-1999  he Pull up revisions 1.23-1.24:
Change to match the permissions set on install, and fix for
nonexistent group name. (is)
 1.30.4.8  25-Mar-2002  he Apply patch (requested by itojun):
Check the postfix files for changes. Fixes PR#15659.
 1.30.4.7  26-Feb-2002  he Pull up revision 1.52 (via patch, requested by he):
Mark /etc/mk.conf optional, fixing PR#15572.
 1.30.4.6  23-Feb-2002  he Pull up revision 1.39 (requested by he):
Change /etc/primes to /etc/moduli, which we now ship instead.
Fixes part of PR#15572.
 1.30.4.5  25-Jun-2001  he Pull up revision 1.35 (requested by he):
Remove entry for sendmail-IPv4only.cf.
 1.30.4.4  28-May-2001  he Pull up revision 1.38 (requested by kleink):
Install /etc/primes, which is required for Diffie-Hellman Group
Exchange operation.
 1.30.4.3  27-Apr-2001  he Pull up revision 1.36 (requested by he):
/etc/dhclient-script moved to /sbin/dhclient-script.
 1.30.4.2  23-Aug-2000  lukem pull up rev 1.32:
move guts of etc/rc.wscons -> etc/rc.d/wscons
approved: thorpej
 1.30.4.1  15-Aug-2000  itojun pullup 1.30 -> 1.31 (approved by releng-1-5)

> synchronize with /etc/mail content.
> NetBSD PR 10836 from koji@jp.above.net.
 1.57.2.1  30-Nov-2002  he Pull up revision 1.64 (requested by abs in ticket #772):
Split raidframe parity checking/rebuilding out into
raidframeparity, which is called after quota, so we don't
end up with fsck and raidframe parity rebuild taking forever
after a crash/reboot.
While here, check for raid[0-9].conf and raid[1-9][0-9].conf
and not raid[0-9].conf and raid[0-9][0-9].conf
 1.79.2.1  27-Apr-2004  jdc Pull up revision 1.80 (requested by dbj in ticket #185)

Fix problems related to superblock upgrade issues which may be
experienced by -current users from 2003.
 1.82.2.7  28-Mar-2006  riz Pull up following revision(s) (requested by ghen in ticket #1226):
etc/defaults/rc.conf: revision 1.74
etc/mtree/special: revision 1.93
share/man/man5/rc.conf.5: revision 1.99
Document the defaultroute6 rc.conf variable and the /etc/mygate6 file in
/etc/defaults/rc.conf, /etc/mtree/special, and rc.conf(5). Ok with wiz.
 1.82.2.6  07-Oct-2005  tron Pull up following revision(s) (requested by lukem in ticket #871):
etc/mtree/special: revision 1.87
etc/Makefile: revision 1.313
Consistently use 0664 root:utmp for /var/log/{lastlog,wtmp}{,x}.
Rest of PR 18670.
 1.82.2.5  02-Sep-2005  tron Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
 1.82.2.4  02-Jul-2005  tron Pull up revision 1.88 (requested by peter in ticket #518):
Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
 1.82.2.3  11-May-2005  tron Pull up revision 1.86 (requested by peter in ticket #290):
PR/30177: Rui Paulo: /var/chroot/pflogd isn't created by default
 1.82.2.2  20-Apr-2005  tron Pull up revision 1.84 (requested by lukem in ticket #168):
Tweaks for the move of postinstall from /etc to /usr/sbin
 1.82.2.1  13-Apr-2005  tron Pull up revision 1.83 (requested by jwise in ticket #138):
/var/chroot/spamd is now /var/chroot/pfspamd.
 1.99.2.2  14-Sep-2006  riz Pull up following revision(s) (requested by plunky in ticket #161):
sys/dev/bluetooth/btdev.h: revision 1.4
distrib/sets/lists/comp/mi: revision 1.922
usr.sbin/postinstall/postinstall: revision 1.25
sys/netbt/hci_unit.c: revision 1.3
sys/netbt/hci_ioctl.c: revision 1.4
usr.sbin/sdpd/profile.c: revision 1.2
usr.sbin/btdevctl/btdevctl.c: revision 1.2
share/man/man4/Makefile: revision 1.405
distrib/sets/lists/man/mi: revision 1.930
distrib/sets/lists/etc/mi: revision 1.176
usr.sbin/sdpd/profile.c: revision 1.3
usr.sbin/btdevctl/btdevctl.c: revision 1.3
etc/MAKEDEV.tmpl: revision 1.62
distrib/sets/lists/base/mi: revision 1.650
usr.sbin/btdevctl/btdevctl.h: revision 1.2
usr.bin/sdpquery/sdpquery.1: revision 1.4
sys/netbt/rfcomm_session.c: revision 1.2
usr.sbin/btdevctl/btdevctl.8: revision 1.3
usr.bin/sdpquery/search.c: revision 1.2
usr.sbin/sdpd/Makefile: revision 1.2
sys/dev/bluetooth/Makefile: revision 1.3
usr.sbin/btdevctl/cfg.c: file removal
sys/netbt/files.netbt: revision 1.4
usr.sbin/btdevctl/sdp.c: revision 1.1
sys/dev/bluetooth/bthidev.c: revision 1.3
etc/bluetooth/Makefile: revision 1.3
sys/dev/pcmcia/files.pcmcia: revision 1.51
sys/dev/bluetooth/bthidev.c: revision 1.4
sys/dev/bluetooth/bthidev.h: revision 1.3
usr.sbin/btdevctl/dev.c: file removal
sys/dev/bluetooth/files.bluetooth: revision 1.10
sys/arch/i386/conf/GENERIC: revision 1.777
share/man/man4/ubt.4: revision 1.6
share/man/man4/bthub.4: revision 1.3
sys/netbt/hci.h: revision 1.5
sys/arch/i386/conf/GENERIC_LAPTOP: revision 1.202
lib/libsdp/sdp.h: revision 1.2
usr.sbin/btdevctl/print.c: revision 1.1
share/man/man4/bthidev.4: revision 1.5
share/man/man4/btdev.4: file removal
usr.sbin/btdevctl/print.c: revision 1.2
sys/arch/i386/conf/GENERIC_LAPTOP: revision 1.205
usr.sbin/btdevctl/Makefile: revision 1.2
sys/dev/usb/files.usb: revision 1.70
sys/netbt/l2cap_signal.c: revision 1.2
sys/netbt/hci_link.c: revision 1.4
sys/dev/bluetooth/bthub.c: revision 1.3
share/man/man4/btsco.4: revision 1.5
sys/netbt/hci_link.c: revision 1.5
share/man/man4/btdev.4: revision 1.4
sys/dev/bluetooth/btkbd.c: revision 1.3
sys/dev/bluetooth/btdev.c: file removal
sys/netbt/hci_event.c: revision 1.2
sys/dev/bluetooth/btsco.h: revision 1.2
etc/mtree/special: revision 1.101
sys/dev/bluetooth/btsco.c: revision 1.3
sys/conf/majors: revision 1.27
usr.sbin/sdpd/hf.c: revision 1.1
sys/dev/bluetooth/btsco.c: revision 1.4
share/man/man5/rc.conf.5: revision 1.107
sys/dev/bluetooth/btdev.c: revision 1.2
etc/rc.d/btdevctl: revision 1.2
usr.sbin/btdevctl/db.c: revision 1.1
etc/rc.d/btdevctl: revision 1.3
etc/bluetooth/btdevctl.conf: revision 1.1
usr.sbin/btdevctl/hid.c: file removal
sys/arch/i386/conf/GENERIC: revision 1.781
sys/dev/bluetooth/btdev.h: revision 1.3
Make btdev default count explicit
Fix typo in variable name
update to bluetooth device attachment:
remove pseudo-device btdev(4) and inherent limitations
add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.
btdevctl(8) and its cache is updated to handle new semantics
etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
also include service name in dictionary being sent to kernel.
(this is not used just yet, but it might be in the future and it will
be easier if we dont have to provide code to handle its absence)
clarify the CAVEAT section somewhat
Add service discovery support for the Handsfree profile
Replace static 'FreeBSD' string with operating system name gleaned
from uname(3)
Halt the callout on detach
btsco.c:
- sco_getopt(..., SO_SCO_MTU, ...) expects the address of a uint16_t,
not an int. So change sc_mtu's type to uint16_t.
- Try a little harder to ensure btsco_round_blocksize() does not
return zero. Prevents a subsequent panic in audio_init_ringbuffer().
from scw@
Endian issues:
hci_event.c:
- Convert memo->response.clock_offset to host-endian.
hci_ioctl.c:
- printf format tweak (size_t)
hci_link.c:
- Convert memo->response.clock_offset from host-endian.
- Tweak a DIAGNOSTIC message.
l2cap_signal.c:
- In l2cap_recv_config_req(), rp->scid is little-endian so make sure
we convert from host-endian.
from scw@
hci_link.c:
- In hci_link_free(), do not unlink items from a LIST queue within
a LIST_FOREACH() iterator.
rfcomm_session.c:
- In rfcomm_session_recv_mcc_nsc(), do not unlink items from a LIST
queue within a LIST_FOREACH() iterator.
from scw@
guard against a possible situation where the list of l2cap channels is changed
when the bluetooth code is not expecting it to be. During a disconnect, we can
detach the channel that is being disconnected, but its not really safe to detach
any others.
Print explicit 64-bit types using the format macros from int_fmtio.h.
Unbreaks the build for our LP64 ports, where "long long" typically is
not 64 bits.
 1.99.2.1  07-Sep-2006  tron Pull up following revision(s) (requested by plunky in ticket #81):
usr.sbin/postinstall/postinstall: revision 1.23
distrib/sets/lists/man/mi: revision 1.919
distrib/sets/lists/etc/mi: revision 1.174
usr.sbin/btdevctl/btdevctl.c: revision 1.1
usr.sbin/btdevctl/hid.c: revision 1.1
usr.sbin/Makefile: revision 1.217
usr.sbin/btdevctl/btdevctl.h: revision 1.1
usr.sbin/btdevctl/btdevctl.8: revision 1.1
etc/rc.d/btcontrol: file removal
distrib/sets/lists/comp/mi: revision 1.910
etc/rc.d/Makefile: revision 1.61
usr.sbin/btdevctl/cfg.c: revision 1.1
usr.sbin/btdevctl/dev.c: revision 1.1
share/man/man4/btkbd.4: revision 1.2
share/man/man4/bthidev.4: revision 1.4
usr.sbin/btcontrol/hid.c: file removal
usr.sbin/btdevctl/Makefile: revision 1.1
share/man/man4/btsco.4: revision 1.3
distrib/sets/lists/base/mi: revision 1.644
share/man/man4/btdev.4: revision 1.3
share/man/man4/btms.4: revision 1.2
etc/mtree/special: revision 1.100
share/man/man5/rc.conf.5: revision 1.105
usr.sbin/btcontrol/cfg.c: file removal
etc/rc.d/btdevctl: revision 1.1
etc/defaults/rc.conf: revision 1.80
usr.sbin/btcontrol/btcontrol.h: file removal
usr.sbin/btcontrol/btcontrol.8: file removal
usr.sbin/btcontrol/dev.c: file removal
usr.sbin/btcontrol/btcontrol.c: file removal
usr.sbin/btcontrol/Makefile: file removal
rename btcontrol(8) as btdevctl(8) to make it fit with the NetBSD naming
scheme for control programs. This fixes pr 34051.
 1.115.4.1  09-Jan-2008  matt sync with HEAD
 1.116.6.3  17-Jan-2009  mjf Sync with HEAD.
 1.116.6.2  29-Jun-2008  mjf Sync with HEAD.
 1.116.6.1  02-Jun-2008  mjf Sync with HEAD.
 1.116.2.2  22-Dec-2007  jmcneill Add example hotkey_button script
 1.116.2.1  22-Dec-2007  jmcneill file special was added on branch mjf-devfs on 2007-12-22 19:04:11 +0000
 1.117.2.4  14-Jun-2008  peter add ftp proxy rc.d script.
 1.117.2.3  04-Jun-2008  yamt sync with head
 1.117.2.2  25-May-2008  peter Add chroot directories for ftp-proxy/tftp-proxy.
 1.117.2.1  18-May-2008  yamt sync with head.
 1.118.2.1  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.121.2.5  16-Jan-2011  bouyer Pull up following revision(s) (requested by spz in ticket #1528):
etc/named.conf: revision 1.6
etc/mtree/special: revision 1.133
Enable dnssec, and populate managed-keys.bind
Add directory for bind's managed keys.
 1.121.2.4  09-Dec-2010  riz Pull up following revision(s) (requested by uwe in ticket #1494):
etc/mtree/special: revision 1.132
Add &quot;optional&quot; keyword to rc.d/xdm and rc.d/xfs. Fixes PR misc/43307.
 1.121.2.3  18-Sep-2009  snj branches: 1.121.2.3.2;
Pull up following revision(s) (requested by tron in ticket #1012):
etc/mtree/special: revision 1.130
Remove "/etc/postfix/postfix-script" as the file was obsoleted by
the upgrade to Postfix 2.6.x.
 1.121.2.2  06-Feb-2009  snj branches: 1.121.2.2.2; 1.121.2.2.4;
Pull up following revision(s) (requested by apb in ticket #406):
etc/mtree/special: revision 1.125
Add rndctl
 1.121.2.1  22-Jan-2009  snj Pull up following revision(s) (requested by rafal in ticket #297):
distrib/sets/lists/etc/mi: revision 1.203
doc/CHANGES: revision 1.1151 via patch
etc/defaults/rc.conf: revision 1.97
etc/mtree/special: revision 1.123
etc/rc.d/Makefile: revision 1.71
etc/rc.d/httpd: revision 1.1
share/man/man5/rc.conf.5: revision 1.123
usr.sbin/postinstall/postinstall: revision 1.80
Import rc.d/httpd script for httpd(8) daemon control.
See rc.conf(5) for options explanation.
 1.121.2.3.2.1  16-Jan-2011  bouyer Pull up following revision(s) (requested by spz in ticket #1528):
etc/named.conf: revision 1.6
etc/mtree/special: revision 1.133
Enable dnssec, and populate managed-keys.bind
Add directory for bind's managed keys.
 1.121.2.2.4.1  21-Apr-2010  matt sync to netbsd-5
 1.121.2.2.2.1  16-Jan-2011  bouyer Pull up following revision(s) (requested by spz in ticket #1528):
etc/named.conf: revision 1.6
etc/mtree/special: revision 1.133
Enable dnssec, and populate managed-keys.bind
Add directory for bind's managed keys.
 1.127.2.1  13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.134.2.1  08-Feb-2011  bouyer Sync with HEAD
 1.138.4.3  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.138.4.2  30-Oct-2012  yamt sync with head
 1.138.4.1  17-Apr-2012  yamt sync with head
 1.142.2.2  19-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.142.2.1  23-Jun-2013  tls resync from head
 1.146.4.1  10-Aug-2014  tls Rebase.
 1.148.2.2  30-Jun-2020  martin Pull up following revision(s) (requested by kim in ticket #1737):

etc/mtree/special: revision 1.170

Fix /private/tmp mode to match etc/rc.d/perusertmp
 1.148.2.1  26-Mar-2015  martin Pull up following revision(s) (requested by jmcneill in ticket #635):
etc/rc.d/Makefile: revision 1.92
distrib/sets/lists/man/mi: revision 1.1497
share/man/man5/Makefile: revision 1.71
etc/defaults/rc.conf: revision 1.132
etc/rc.d/modules: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.190
distrib/sets/lists/etc/mi: revision 1.236
etc/mtree/special: revision 1.152
share/man/man5/modules.conf.5: revision 1.1
Process /etc/modules.conf (if present) at startup, before securelevel is
raised, to allow module loading on ports without a module aware bootloader.
 1.153.2.2  20-Mar-2017  pgoyette Sync with HEAD
 1.153.2.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.156.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.160.4.2  30-Jun-2020  martin Pull up following revision(s) (requested by kim in ticket #1562):

etc/mtree/special: revision 1.170

Fix /private/tmp mode to match etc/rc.d/perusertmp
 1.160.4.1  14-May-2019  martin Pull up following revision(s) (requested by maxv in ticket #1265):
etc/rc.d/smtoff: revision 1.1
etc/rc.d/smtoff: revision 1.2
distrib/sets/lists/etc/mi: revision 1.258
etc/rc.d/smtoff: revision 1.3
etc/rc.d/smtoff: revision 1.4
etc/defaults/rc.conf: revision 1.148
etc/rc.d/Makefile: revision 1.103
usr.sbin/postinstall/postinstall: revision 1.226
etc/rc.d/Makefile: revision 1.104
etc/mtree/special: revision 1.167
share/man/man5/rc.conf.5: revision 1.180

Add smtoff, an rc.d script that disables Simultaneous Multi-Threading. It
parses the output of cpuctl, and executes "cpuctl offline" for each CPU
that has SmtID!=0.

The default is "smtoff=NO", which means that SMT remains enabled.
Restructure code a little.

Use quoting everywhere possibly useful (always the right way, except
in the few cases where it is wrong...)

Avoid using cut & grep (from /usr/bin) so script could run before /usr
is mounted (pity cpuctl is in /usr/sbin ...).

Use sysctl -n rather than attempting to parse its output.
install rc.d

No change... Previous log message should have said:
Install rc.d/smtoff

I should know better! Don't rely upon the way the shell implements
pipes. Skip the "error" printf from GetSmtId() as there is no easy
portable way to avoid it occurring (there are complicated ways) - but
we don't need it, there is no logical difference between "error" and ""
so just use the latter (if we get an ID, good, if there is nothing, then
there is none - saying 'error' does not mean anything.)

Remove comment, since there is no parsing anymore.
 1.162.4.1  10-Jun-2019  christos Sync with HEAD
 1.162.2.2  30-Sep-2018  pgoyette Ssync with HEAD
 1.162.2.1  28-Jul-2018  pgoyette Sync with HEAD
 1.167.2.3  14-Oct-2024  martin Pull up following revision(s) (requested by riastradh in ticket #1912):

etc/mtree/special: revision 1.179

PR/58465: copypu: add wpa_supplicant.conf as optional
 1.167.2.2  16-Apr-2024  martin Pull up following revision(s) (requested by kim in ticket #1824):
etc/mtree/special: revision 1.172
Add /etc/sshd/ssh_host_ed25519_key* .
 1.167.2.1  30-Jun-2020  martin Pull up following revision(s) (requested by kim in ticket #974):

etc/mtree/special: revision 1.170

Fix /private/tmp mode to match etc/rc.d/perusertmp
 1.175.2.2  12-Sep-2024  martin Pull up following revision(s) (requested by rin in ticket #849):

etc/mtree/special: revision 1.179

PR/58465: copypu: add wpa_supplicant.conf as optional
 1.175.2.1  04-Sep-2023  martin Pull up following revision(s) (requested by riastradh in ticket #343):

external/mpl/mozilla-certdata/dist/certdata.txt: revision 1.1.1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G3.pem: revision 1.1
distrib/sets/lists/man/mi: revision 1.1764
external/mpl/mozilla-certdata/share/certs/ACCVRAIZ1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem: revision 1.1
tests/usr.sbin/certctl/certs4/DigiCert_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_E45.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_ECC.pem: revision 1.1
tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1
tests/usr.sbin/certctl/certs2/GTS_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Izenpe.com.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_2.pem: revision 1.1
tests/usr.sbin/certctl/certs4/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Global_Chambersign_Root_-_2008.pem: revision 1.1
distrib/sets/lists/etc/mi: revision 1.272
external/mpl/mozilla-certdata/share/certs/ISRG_Root_X1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TunTrust_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_BR_Root_CA_1_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_RSA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_EC-384_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/IdenTrust_Public_Sector_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_EC1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SZAFIR_ROOT_CA2.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.1
external/mpl/mozilla-certdata/share/certs/UCA_Global_G2_Root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_Client_ECC_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/COMODO_ECC_Certification_Authority.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.2
tests/usr.sbin/certctl/certs1/DigiCert_Global_Root_CA.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.3
external/mpl/mozilla-certdata/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R2.pem: revision 1.1
usr.sbin/certctl/certctl.sh: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.4
external/mpl/mozilla-certdata/share/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SwissSign_Silver_CA_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Starfield_Class_2_CA.pem: revision 1.1
usr.sbin/certctl/certctl.sh: revision 1.2
tests/usr.sbin/certctl/t_certctl.sh: revision 1.5
usr.sbin/certctl/certctl.sh: revision 1.3
tests/usr.sbin/certctl/t_certctl.sh: revision 1.6
usr.sbin/certctl/certctl.sh: revision 1.4
tests/usr.sbin/certctl/t_certctl.sh: revision 1.7
external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.8
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Hongkong_Post_Root_CA_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ANF_Secure_Server_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Chambers_of_Commerce_Root_-_2008.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Go_Daddy_Class_2_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/USERTrust_RSA_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P384_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certdata.awk: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_TLS_ECC_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_ECA-1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_ECC_Root_CA_2022.pem: revision 1.1
usr.sbin/Makefile: revision 1.292
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/CA_Disig_Root_R2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_C1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Trusted_Root_G4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/vTrus_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-2.pem: revision 1.1
etc/mtree/special: revision 1.176
external/mpl/mozilla-certdata/share/certs/USERTrust_ECC_Certification_Authority.pem: revision 1.1
etc/mtree/special: revision 1.177
etc/mtree/special: revision 1.178
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium_ECC.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/vTrus_ECC_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_ECC_P384_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/NAVER_Global_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/server.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/SecureTrust_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/code.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_RSA_Root_CA_2022.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_RSA4096_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G2.pem: revision 1.1
tests/usr.sbin/certctl/certs1/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_RSA4096_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Client_ECC_Root_CA_2022.pem: revision 1.1
share/man/man7/hier.7: revision 1.141
external/mpl/mozilla-certdata/share/certs/Certigna.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/certSIGN_Root_CA_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certigna_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Telia_Root_CA_v2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TWCA_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Buypass_Class_2_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_C3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Client_RSA_Root_CA_2022.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HiPKI_Root_CA_-_G1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Starfield_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SwissSign_Gold_CA_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Networking.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1
tests/usr.sbin/certctl/Makefile.inc: revision 1.1
external/mpl/mozilla-certdata/share/certs/COMODO_RSA_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA_2.pem: revision 1.1
tests/usr.sbin/certctl/certs2/GlobalSign_Root_CA_-_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GC_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Commercial.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Buypass_Class_3_Root_CA.pem: revision 1.1
distrib/sets/lists/tests/mi: revision 1.1292
external/mpl/mozilla-certdata/share/certs/UCA_Extended_Validation_Root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2.pem: revision 1.1
external/mpl/mozilla-certdata/share/email.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_2011.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_EV_Root_CA_1_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ePKI_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R4.pem: revision 1.1
tests/usr.sbin/certctl/certs2/Makefile: revision 1.1
tests/usr.sbin/Makefile: revision 1.8
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_Certification_Authority.pem: revision 1.1
tests/usr.sbin/certctl/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/IdenTrust_Commercial_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_ECC_P384_Root_G5.pem: revision 1.1
tests/usr.sbin/certctl/certs1/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/Makefile: revision 1.2
external/mpl/mozilla-certdata/share/certs/Microsec_e-Szigno_Root_CA_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_Client_RSA_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GDCA_TrustAUTH_R5_ROOT.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_3.pem: revision 1.1
tests/usr.sbin/certctl/certs4/AC_RAIZ_FNMT-RCM.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ISRG_Root_X2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_CA_3_2013.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.252
external/mpl/mozilla-certdata/share/certs/CFCA_EV_ROOT.pem: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.253
external/mpl/mozilla-certdata/share/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_G1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1
usr.sbin/certctl/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_ECC_RootCA1.pem: revision 1.1
usr.sbin/certctl/Makefile: revision 1.2
usr.sbin/certctl/Makefile: revision 1.3
external/mpl/mozilla-certdata/share/certs/GTS_Root_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/e-Szigno_Root_CA_2017.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/certSIGN_ROOT_CA.pem: revision 1.1
doc/3RDPARTY: revision 1.1949
external/mpl/mozilla-certdata/share/certs/Certainly_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TeliaSonera_Root_CA_v1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_TLS_RSA_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/NetLock_Arany_Class_Gold.pem: revision 1.1
usr.sbin/postinstall/postinstall.in: revision 1.53
usr.sbin/postinstall/postinstall.in: revision 1.54
tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1
etc/Makefile: revision 1.467
usr.sbin/postinstall/postinstall.in: revision 1.55
tests/usr.sbin/certctl/certs3/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/GLOBALTRUST_2020.pem: revision 1.1
etc/mtree/NetBSD.dist.tests: revision 1.200
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_1_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Actalis_Authentication_Root_CA.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1326
distrib/sets/lists/base/mi: revision 1.1327
external/mpl/mozilla-certdata/share/certs/SecureSign_RootCA11.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1328
external/mpl/mozilla-certdata/share/certs/Comodo_AAA_Services_root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2_G3.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1329
external/mpl/mozilla-certdata/share/certs/COMODO_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_High_Assurance_EV_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_R45.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Secure_Global_CA.pem: revision 1.1
usr.sbin/certctl/certctl.8: revision 1.1
external/mpl/mozilla-certdata/share/certs/XRamp_Global_CA_Root.pem: revision 1.1
external/mpl/Makefile: revision 1.5
usr.sbin/certctl/certctl.8: revision 1.2
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Baltimore_CyberTrust_Root.pem: revision 1.1
usr.sbin/certctl/certs.conf: revision 1.1
external/mpl/mozilla-certdata/share/certs/LAWtrust_Root_CA2_4096.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certainly_Root_E1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem: revision 1.1

certctl(8): New tool for managing OpenSSL CA certificates.
Same command-line syntax as FreeBSD, clearer semantics about which
parts are config and which parts are cache.

mozilla-certdata: Record in doc/3RDPARTY.

mozilla-certdata: Makefile infrastructure.

mozilla-certdata: regen
(actually, just `gen', this first time)

mozilla-certdata: Connect it up to the build.

postinstall(8): Add opensslcerts item to regen /etc/openssl/certs.

Works only with destdir /, since it relies on running openssl(1),
which is not available as a tool or required in the cross-build
environment.

certctl(8): Add xfail test for missing certs.conf.

Command should fail, i.e., exit with nonzero status, but it exits
with zero instead.
certctl(8): Exit nonzero on missing certs.conf.
certctl(8): Test prepopulated /etc/openssl/certs.

This is the scenario when you have previously populated
/etc/openssl/certs manually, or with a package like mozilla-rootcerts
or mozilla-rootcerts-openssl, and you update to a version of NetBSD
with certctl(8). In this case, certctl(8) should avoid destroying
your work.

While here, also test some related but less likely edge cases:
- nonexistent
- symlink
- regular file

certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.

Also avoid clobbering some other edge cases like symlinks or
non-directories there.

This way, we have the following transitions on system updates:
- If /etc/openssl/certs is empty (as in default NetBSD<10 installs):
quietly populated on rehash.
- If /etc/openssl/certs is nonempty (you've added things to it,
e.g. by hand or with mozilla-rootcerts) and has never been managed
by certctl(8): left alone on rehash, with an error message to
explain what you need to do.
- If /etc/openssl/certs has been managed by certctl(8): quietly
updated on rehash.

Note: This means current installations made since certctl(8) was
added will be treated like /etc/openssl/certs is nonempty and has
never been managed by certctl(8). To work around this, you can just
delete /etc/openssl/certs and rerun `certctl rehash'.
postinstall(8): Fail if `certctl rehash' fails.

Not using `set -e' here, evidently (maybe we should), so the separate
return 0 suppressed the error.
distrib/sets/lists: certs.conf belongs in etc, not in base.
Oops.

certctl(8): Set certs.conf 644 and add it to etc/mtree/special.
Now that we have /etc/openssl/certs.conf mentioned here, also
list /etc/openssl.

hier(7): Document /etc/openssl.

certctl(8): Minor man page clarifications.
- Specify exactly what /etc/openssl/certs gets populated with.
- Change HTTPS to TLS.
- Specify the permitted character class in certs.conf.
(Maybe more conservative than strictly needed; but let's stay on
the safe side.)

certctl(8): Fix some bugs with evil pathnames.

certctl(8): Fix quoting and whitespace style in evilpath test.

No functional change intended.

etc/mtree/special: Fix spaces/tabs.
No functional change intended.

mozilla-certdata: Install relative symlinks.
Slightly more compact this way, and you can examine them in a destdir
without chrooting. Not terribly important, but a minor convenience.

certctl(8): Test more evil pathnames.

certctl(8): Install certs.conf in /usr/share/examples too.
This way postinstall(8) can refer to the default one when you've done
an upgrade without etcupdate or similar to pull in new config files
from etc.tgz.

Not great -- we should do this systematically for all config files in
/etc, but this one-off hack is less risky for 10.
postinstall(8): Handle various certs.conf scenarios gracefully.

Tested the following scenarios:
1. fresh install
empty /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash
[x] check: fail -- needs rehash
[x] fix: pass -- quietly rehash successfully (go to 4)
2. fresh upgrade
empty /etc/openssl/certs
no /etc/openssl/certs.conf
- opensslcertsconf
[x] check: fail -- complain missing /etc/openssl/certs.conf
[x] fix: pass -- install default /etc/openssl/certs.conf (go to 1)
- opensslcertsrehash
[x] check: fail -- complain missing /etc/openssl/certs.conf
- [x] fix: fail -- complain missing /etc/openssl/certs.conf
3. upgrade from certctl, changes to certs
certctl-managed /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash
[x] check: fail -- needs rehash
[x] fix: pass -- quietly rehash successfully (go to 4)
4. upgrade from certctl, no changes to certs
certctl-managed /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash
[x] check: pass
[x] fix: pass -- quietly rehash successfully (go to 4)
5. upgrade from mozilla-rootcerts
populated /etc/openssl/certs
no /etc/openssl/certs.conf
- opensslcertsconf:
[x] check: fail -- complain missing /etc/openssl/certs.conf
[x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7)
- opensslcertsrehash:
[x] check: fail -- complain missing /etc/openssl/certs.conf
[x] fix: fail -- complain missing /etc/openssl/certs.conf
6. upgrade from mozilla-rootcerts with etcupdate naively
populated /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf:
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash:
[x] check: fail -- complain mismatched certs/ and certs.conf
[x] fix: fail -- complain mismatched certs/ and certs.conf
7. upgrade from mozilla-rootcerts with etcupdate manually
populated /etc/openssl/certs
manual /etc/openssl/certs.conf
- opensslcertsconf:
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash:
[x] check: pass
[x] fix: pass -- skip rehash because manual (go to 7)

XXX Someone should draft automatic tests for postinstall. It has a
very good track record, but it sure would be nice to automate this
testing rather than redo it each time I make a tiny change.
 1.178.2.1  02-Aug-2025  perseant Sync with HEAD

RSS XML Feed