Don't install /etc/rc.d/postfix when MKPOSTFIX=no

branches: 1.118.2;
/etc/rc.d/cerctl_init: New script for certctl rehash in live images.

This is very limited -- it does not supplant postinstall to rehash
certificates on upgrade; it only runs certctl rehash if
/etc/openssl/certs is an empty directory, as you get in live images
not created with sysinst.

We could also have a more general-purpose way to run postinstall(8)
on first boot of an image, but that has a lot more moving parts to
think about, so let's start with this limited-scope low-risk
approach.

PR install/57629

XXX pullup-10

Add start script to attach iscsi volumes at boot.

The default is to execute the script (iscsid_volumes=YES), so if you have
any volumes defined, you should also start iscsid (iscsid=YES) to avoid
error messages.

branches: 1.116.2;
build system: Revert all the recent additions of MK[...] knobs that
allow conditionally disabling the building of certain user space
programs in the 'base' set.

There is not enough consensus that this is the right way and a few
people had strong objections, see source-changes-d@.

mk: Add a MKPPP flag to exclude pppd(8) and related utilities from
the build

mk: Add MKNTP, MKTCPDUMP knobs.

mk: Rename the MKMBONE option to MKMROUTING for greater accuracy and
to match the related kernel config option.

mk: Allow building base without the MBONE applications by setting
MKMBONE=no in mk.conf

llvmlockdir -> lvmlockdir

Various entropy integration improvements.

- New /etc/security check for entropy in daily security report.

- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:

. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy

. set `entropy=wait' to make multiuser boot wait until enough entropy

Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.

- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.

- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.

This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.

I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.

Sort - no functional change

Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems

Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:

# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL

This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.

Moved zfs out of MKX11 block.

Fix build failure without X11.

Add support for legacy ZFS filesystems, specified by mountpoint=legacy
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.

Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.

branches: 1.104.2;

No change... Previous log message should have said:

Install rc.d/smtoff

install rc.d

Fix build, install wsmoused

Don't install YP rc.d files with MKYP=no

Include npf_boot rc.d scripts which loads an interim config early in boot.
By default /etc/default/npf.boot.conf which can be overriden by /etc/npf.boot.conf.

Remove the userland part of ISDN. The kernel part is untouched for now.
ipppctl was actually an exact copy of pppoectl; there is no functional
change in pppoectl in this commit.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.97.2; 1.97.4;
Actually install dhcpd6 rc script. Organize CONFIGFILES
alphabetically again while where.

PR 53018

Merge autofs support from: Tomohiro Kusumi
XXX: Does not work yet

branches: 1.95.6;
add scripts for npfd

branches: 1.94.2;
Add ip6addrctl

Add resize_root boot operation. If resize_root=YES in rc.conf then
the system attempts to resize the root file system to fill it's
partition prior to mounting read-write. Useful for things like AMI
file system images. May eventually be used by arm images after
coming up with similar solution for increasing the parition size.

Process /etc/modules.conf (if present) at startup, before securelevel is
raised, to allow module loading on ports without a module aware bootloader.

Add rc script for /sbin/iscsid.

Don't try and install rc.d/rtsold

branches: 1.89.6;
try to sync lists of rc.d scripts

branches: 1.88.6;
Import the new apropos/whatis.

This code has been developed by Abhinav Upadhyay as part of Google's Summer
of Code 2011. It uses libmandoc to parse man pages and builds a Full
Text Index in a SQLite database. The combination of indexing the full
manual page, filtering out stop words and ranking individual matches
based on the section gives a much improved user experience.

The old makewhatis and friends are kept under MKMAKEMANDB=no for now.

Add an rc.d(8) script for isibootd(8). Taken from ndbootd(8).

Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.

Goes to some trouble to never load or save to network filesystems.

Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.

branches: 1.85.2;
Create and install an rc.d file for devpubd - a daemon to listen
on drvctl and autocreate device nodes in /dev for those which don't have any.
Set the default to "NO" for now.

provide a new 'bluetooth' rc.d script, to handle Bluetooth configuration
in a simpler manner. This replaces btattach, btconfig, bthcid, btdevctl
and sdpd scripts, and also should not require any configuration settings
other than "bluetooth=YES", though the full range of configurations is
still possible.

Add rc.d script to make sure the system fontconfig cache is up to date.

NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.

branches: 1.81.2;
add ldpd rc script

Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.

Document recent gpio(4) changes and introduce a new config file for GPIO.
Integrate with the startup scripts in /etc/rc.d. Introduce new variable
"gpio" for /etc/rc.conf.

Add an rc.d script for dhcpcd(8)

Split fsck during boot into two phases. Check the root file system
first, mount root and run the various disk providers. Add swap and
check the remaining file systems after that.
This breaks the dependency cycle for lvm, which needs writeable /dev.
Depend on rndctl in cgd.

Add a small script to visualize the rc dependency graph and point to it.

branches: 1.75.2;
Add lvm rc.d script to build.

attempt to make the NOTE a bit more prominent

* Add etc/rc.d/rndctl script, based on work by Brian A. Seklecki. This
allows you to invoke rndctl(8) during the boot.
* Add rndctl=NO and rndctl_flags="" to /etc/defaults/rc.conf.
* Document rndctl and rndctl_flags variables in rc.conf(5).

x68k pow(4) now uses MI sysmon_pswitch framework. suggested by tsutsui@.
- Make MD poffd(8) retire, and use MI powerd(8) instead of it.
- Make /dev/pow1 retire, because nobody holds /dev/pow0 any longer.
Use /dev/pow0 for pow(4) ioctl.
- POWIOCSSIGNAL ioctl which is for poffd(8) is also obsoleted.

Import rc.d/httpd script for httpd(8) daemon control.
See rc.conf(5) for options explanation.

- Generate xdm and xfs depending on the value of X11FLAVOUR
- Only generate and install them for MKX11 builds

Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.

branches: 1.68.2;
merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@. requested by core@

branches: 1.67.2; 1.67.4;
some changes to serial bluetooth host controller interfaces

btuartd(8) should be named btattach(8) for consistency
with other parts of NetBSD

make btattach(8) a single-use tool for less complexity

device specicific initialisation (from btuart(4)) is carried
out prior to activating the line discipline (in btattach(8)),
which simplifies the API somewhat and means that the user
tool and the kernel do not need to be kept in sync.

btuart(4) driver is much reduced; naming is made consistent
and all tsleep() and delay() are removed to userland

branches: 1.66.8; 1.66.12;
fixsb has done its job.

Add the /etc/rc.d/envsys script required by envsys2.

Install sys/dev/bluetooth/btuart.h.
Descend into and build/install usr.sbin/btuartd.
Install etc/rc.d/btuartd.

Install the perusertmp file.

PR 34692: wpa_supplicant script.
By Jukka Salmi.

rename btcontrol(8) as btdevctl(8) to make it fit with the NetBSD naming
scheme for control programs. This fixes pr 34051.

branches: 1.60.2;
Per lukem's request, revert previous change which skipped installation
of /etc/rc.d/ipfilter and family if MKIPFILTER=no. As lukem points
out, skipping installation of etc/rc.d/ scripts is not inconsistent
with other optional components, such as pf, x11, etc.

Only install ipfilter, ipfs, ipmon, and ipnat if MKIPFILTER=no.

Bluetooth fixes by Iain Hibbert:
Create "/etc/rc.d/btcontrol" to attach bluetooth devices at boot.

Initial import of bluetooth stack on behalf of Iain Hibbert. (plunky@,
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.

The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.

Drivers for both PCMCIA and USB bluetooth controllers are included.

Remove sendmail (approved by core)

In the rc.d file list, start a new line for each first letter of
the rc.d scripts. Indent by an extra tab to match indentation of
usr.sbin/postinstall/postinstall

add missing files

Add distribution entries and supporting files for the iSCSI target.

pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security

Add the new ftpd rc.d script.

Tweaks for the move of postinstall from /etc to /usr/sbin

branches: 1.49.2;
Install "pf" and "pflogd".

Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall'
target) instead of using home-grown 'distribution' targets or using
FILES with the 'install' target.
Add some etc/ subdir Makefiles where appropriate.

XXX: some of etc/Makefile install-etc-files could be converted to CONFIGFILES.

enable rc.d fixsb script
initial testing suggests that it is working and I am confident it
will not cause irrevocable damage

branches: 1.46.2;
add identd

Add the veriexec rc.d script.

Add rtclocaltime.

Revert part of previous; etc/rc.d/kdc must be installed even if Kerberos
isn't enabled.
This is how the rc.d system works in conjunction with our current build
and install system; all the rc.d scripts are installed even if the
subsystems they control are not.

Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
9 out of 10 experts agree that it is ludicrous to build w/
KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly. That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles. While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)

Add an rc script for powerd(8).

Tweak postinstall to check for (and help out on) the upgrade to
sendmail 8.12.8. Some of the same machinery (in shorter form) is in
the additions to rc.d/sendmail. Also, add a smmsp startup script for
the sendmail client queue runner.

Back out previous (as discussed with releng). The correct way to set this is:

# echo "myserver" > /var/yp/binding/`domainname`.ypservers

Script to bind a NIS client to a known server.

$ grep yp /etc/rc.conf
ypbind=YES
ypbind_flags="-ypset"
ypset=YES
ypset_flags="myserver"

in comment, metion about src/distrib/sets/lists/etc/mi as well.

add staticroute

Added cgd rc.d script and put it in the appropriate postinstall and
mtree files.

Split raidframe parity checking/rebuild out into raidframeparity, which is
called after quota so we don't end up with fsck and raidframe parity rebuild
taking forever after a crash/reboot.
While we are here check for raid[0-9].conf & raid[1-9][0-9].conf not
raid[0-9].conf & raid[0-9][0-9].conf

Added touch panel calibration utility.

Add a wdogctl startup/shutdown script.

add comment:
"if you're adding new scripts, don't forget to update
src/etc/postinstall and src/etc/mtree/special."

add wsmoused.

Add mixerctl script.

branches: 1.28.2;
- in <bsd.files.mk>, don't clear FILES after using it, as that prevents
make -V FILES
from being useful (and given that every other variable can be
extracted using make -V, the behaviour was unusually inconsistent
given that the original reason for clearing it doesn't seem to be
relevant anymore)
- use <bsd.prog.mk> instead of directly including <bsd.files.mk>
(and possibly <bsd.man.mk> or <bsd.own.mk>)
- remove obsolete NOPROG

don't forget to install ipfs...

Rename NETWORK to NETWORKING, to allow rc.d to be on a case insensitive
file system (prevents conflict with 'network'). PROVIDE both NETWORKING
and NETWORK (the latter for compatibility with 3rd party scripts).

- set NOPROG before .include <bsd.own.mk>
- reformat FILES= lines for easier future additions

Add rc.d support for ifwatchd (used to run ip-up/ip-down scripts for
in-kernel pppoe interfaces).

Add moused, default off.

Add downinterfaces. Noticed by Thomas Klausner.

sunndd has been renamed ndbootd.

Install the file sunndd.

Add a startup script for altqd(8).

Don't install /etc/rc.d/gated any longer, since gated isn't in the
base system.

Startup script for racoon(8). Racoon provides "ike", and requires
"kdc" (since you might want to use IPsec on your Kerberos server,
and might be using GSSAPI to authenticate Phase 1) and "ppp" (since
racoon(8) needs to know about all of your network interfaces).

Add /etc/rc.d/poffd, for x68k power management deamon.

Don't fiddle with any isdn interface if the isdnd variable is set to NO
in rc.conf.

Actually do install the isdnd script.

Always install sshd.

Provide the option of running newsyslog at boot time; mainly for laptop
people.

convert fsck.sh -> fsck (using kill -TERM $$ to stop autoboot).

Need bsd.own.mk

Startup script glue for the Heimdal KDC.

An sshd startup script for use with usr.bin/sshd. Installation is conditional
on ${SSHDIST}, as with usr.bin/ssh itself.

This script includes a `keygen' target for regenerating RSA and DSA host keys,
and invokes this if these keys are not present when sshd is started up.

* add new dummy dependancy `NETWORK' to be REQUIREd by services which need
networking to be operational before starting, and use as appropriate.
NETWORK depends upon network and dhclient.
* move the guts of systemfs into mountcritlocal
* replace the dependancy on systemfs with mountcritremote, and remove the
former.
* SERVERS now also depends upon ppp

Notes:
* dhclient (and others) needs /var to be a $critical_filesystem_beforenet
* dhclient now starts before syslogd (because the latter needs /usr, and
/usr might need dhclient to be mounted)

Should fix PRs:
[install/9853] [bin/10002] [misc/10349] [port-i386/10633] [misc/10641]

branches: 1.7.2;
add rc.d/ipsec for ipsec configuration. when enabled, it will inject
/etc/ipsec.conf into "setkey -f". PR 9609.

* Portmap is now called rpcbind.
* Add IPv6 RPC entries to inetd.conf (commented out by default, as the others)
* Add netconfig file, needed for TI-RPC code.

branches: 1.5.2;
xntpd -> ntpd

Provide rc.d support for the Postfix mail system. Committed to the
base because there is no support for packages in rc.d, and Postfix
is supposed to become part of the base system anyhow.

nfsiod script is gone.

* replace daemon, login, servers with DAEMON, LOGIN, SERVERS
* remove sshd (it was from my private system)

branches: 1.1.1;
Initial revision