update pflog
add syncpeer
add postrandom
fix spacing
add commands
fix dependency and path
update routing script
no longer have named
add a reload cmd
cleanup
whitespace
firewalls first
update statd
remove sensorsd
update syscons
update sysctl
jail check
run after filesystems
add utx
tag
be more specific
rework swap
move dumpon
move zvol in order
move zfs in boot order
fix typos
remove old reference
cleanup
merge fixes from freebsd
update usb configs
add apple and zfs configs
tag
add auto master
add autofs configs
fix example
add usb and bhyve
add vt, architectures
remove old timezone data
remove cvs and bind
add unbound, remove bind
update csh config
add .d dirs
remove bind stuff
add missing include directories
update protocols
make a few things conditional.
add unbound
use var for sharedir
add debug to mtrees list
add tests
add freq band
add tests
update services list
update snmpd config example
add syslog.d directories
remove bind stuff
remove sensorsd.conf
remove rsa1 from sshd
remove groff mtree
remove catman
remove 3.4 ver
add clang dirs
remove sudo
add nvme
always install aliases
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't apply to most jails but do apply to vnet jails. This includes adding a new sysctl "security.jail.vnet" to identify vnet jails.
Introduce a new option -DNO_ROOT that allows install and distribution targets to be run without root privilege. Information about ownership, group, flags, and suid bits are stored in the file specified by METALOG which defaults to ${DESTDIR}/METALOG. This file can be used in conjunction with bsdtar or makefs to generate archives or file system images with correct permissions.
Make an attempt to detect missing MTREE files in distrib-dirs. Not perfect, but this is just a developer seatbelt
Replace all known uses of ln in the build process with appropriate install -l invocations via new INSTALL_LINK and INSTALL_SYMLINK variables.
refresh
allow wheel to operate.
remove invalid config for now
add doas utility from OpenBSD. Based on portable version found in mports.
add os dir
add xpc
add mach directories.
minor changes for regen
add conditional sleep per jail if we add IPv6 addresses.
allow starting rtadvd without interfaces present.
load pfsync kernel module as needed.
this breaks mergemaster and etcupdate.
replace all known uses of ln in build process with install -l invocations
refactor the link section of distrib-dirs to always install to a full path.
remove aout
allow LOCAL_DIRS to install files in directories not found in the system mtree. tweak mtree
add support for a exclamation char in regex in devd.
add agp and pci headers.
remove largest suffix instead of smallest
pfsync is working
mad more usb entries
fix dirs
add some dragonfly entries
add rc script for auditdistd
fix location of auditdistd config file.
only pass ip[56].addr when _addrl contains a value
not only load pccard_ether settings, also load network settings.
dont fail with exit 1
allow to pass extra params for each jail
remove freebsd mail config
dont abstract rcvar_manpage
improve moused when used with usb devices
update usb.conf
automatically name jails
allow to specify no source address selection policy
set -x prints on stderr rather than stdout. use built in make features
Implement userland changes for kqueue resource limits Obtained from: FreeBSD svn 256850
change default password hash algorithm for new accounts to sha512 from blowfish. There was a recent issue discovered with openvpn traffic with algorithms using 64 bit block sizes such as blf. Better safe than sorry. FreeBSD is now using this format in 10.3.
switch over to midnightbsd-desktop port
increase default to 1M. we have several processes that do not work without this.
add experimental and tr1 subdirectories.
fix permissions for SNMP configuration file. The default is not secure
update default with some useful server settings
fix rpcbind
increase memory lock limits
update the startup scripts to work with the new kerberos
add kerberos 5 directory for include files
set keyword
handle rename here too
rename configuration files. this should have been done years ago
bring in a useful feature from FreeBSD. Generate SSL certificates automatically for sendmail
adjust address families.
require FILESYSTEMS for many items. print detail with zfs mount
sendmail obviously needs to depend on file systems
refactor so that we depend on FILESYSTEMS rather than cleanvar. it is cleaner
generate new key types for sshd when needed or on initial run
in the backward compatibility case, we still want to shutdown the jail cleanly
turn off jails by default. This was pointed out by Dan Langille on his blog
cleanvar should be here
update examples
disable hast account
set props
we are on xterm now
prop change
prop change
propset
set prop
set prop
set prop
set prop
set prop
set prop
set prop
reserved vars
remove named and enable svn:keywords
svn:keywords
svn:keywords
update props and config
add missing user
update os list
clang 3.3
remove sparc64
add default for mdnsresponder
mdnsresponder for mDNSResponderPosix
remove cvs2svn prop
reset props for svn keywords
Introduce libmap.d in /usr/local/etc/
Include /usr/local/etc/libmap.d/ by default.
we no longer need /var/db/pkg
Update protocols list from IANA
Remove old resources.
rc.subr - Improve shell compatibility. network.subr - conditionalize ipv6 rtadvd
We need to refactor this, but at least set it to use the mport tool rather than pkg_add
setvar sucks
add raid3 directory
Fix IPv6 problems. Make some things in ATA & cam constant. Fix some bugs in geom Remove unused files. Tag.
add gl_ES
add hast account to master.password. enable ipv6 rules in firewall configuration. fixup tty entries per platform. periodic fixes.
still in usr.sbin
no backup script
add utf8 for English man pages
Update periodic and rc.d scripts
Add scrub zfs. Make some modifications to disk related scripts.
update rc.d
add zvol and remove sound as the module is part of GENERIC now.
update rc system
use absolute paths
remove programs no longer used from inetd.conf
update configuration
add devd configuration
clean up and add ruser to get rid of pam warnings on su
tweak formatting.
add missing locale
Fix openbsd fingerprints and typo.
add groups for hast and ftp
update command for reading messages.
add missing protocols.
use tcp by default
remove slip configuration
add several additional services
add groff mtree
overhaul mtree setup
Add i18n paths for libiconv
change default root prompt to show path, user and increase the size of history
conditionalize sendmail and use new style for bind
add more locale directories
If the cd fails, we don't want to run ln here.
add a sleep to give ipv6 interfaces time to come up properly.
add dhcp6c (dhcp over ipv6 client)
add default configuration for dhcp6c
add dhcp6c sample config file
add bsdinstall to mtree
make the include directory for raid5
Add lib32 to mtree file (finally)
update root zones to 2011060800
add eee pc stuff
add libalias.conf
fix typo.
add zfs
remove unusued peridic processes and add logincheck (security related daily)
Tag it.
Add new kld script to allow one to add kernel modules to load on system startup outside of loader.conf If you don't need the modules to boot, this is MUCH faster.
Remove forums link for now. Haven't found a replacement or jforum
play some games.
add new entry for msearch.
default mserach build to no for now. (it does use a lot of space) While we're at it, fix a longstanding bug where we're pointed at the wrong place for packages. This will need to be updated for msearch eventually
add weekly periodic script for building the msearch database.
Link local traffic ftw
Rewrite the rules to actually use ip6 for the desktop case.
These rules are totally screwed up.
Turn on the ipv6 firewall by default.
mksh ftw
default this to vi too. if we have a real problem one can always set it manually to /bin/mined or /bin/ed
MidnightBSD has it's own vendor pool now!
Update dot files, but retain the setvar hack for freebsd ash compatibility.
rcorder can pick a different order for rc scripts to run. If a crazy script from ports tries to run earlier in the boot process, it's possible it will be skipped entirely. This patch from Doug Barton saves the items already run to avoid this problem. It could still get a bit funky if we're remotely mounting a file system but I don't think most MidnightBSD users will do that.
Add config file for nss_mdns module called nss_mdns.conf @see nss_mdns.conf.5
Add mport paths
Remove the blacklists from our openssh configuration.
Don't print out an error message when netwait isn't in use (most of the time)
Fix a potential loop problem (how did that get in there?)
Don't require /usr/lib/aout
Update bind configuration so we have a writable directory. Update root servers list which is seriously out of date.
add working directory for bind9
Add detatch code for usb mice. Techncially, moused dies anyway when it's disconnected, but this is correct.
Commit Jeremy Chadwick's netwait script. This script adds a timeout period for network activity while the system is starting. There's an assumption in the system that link state means the network is working. Some NICs such as the realtek based chips tend to go up and down causing the system to think everything is ok and then losing access to remote file systems, ntp/rdate, etc. This is not an ideal solution, but it does help. Based on FreeBSD PR conf/151063 It's quite possible they'll integrate something similar in their new defaultroute script in FreeBSD 8/9. Note this does not include the rc.conf.5 changes yet.
Allow users to turn on/off interrupt harvesting
allow for clean shutdown
Back firewall require change out. This requires more thought.
Require that the firewalls are up before the network.. why have a window of opportunity?
sysctl sometimes reports warnings instead of errors. Make the script catch these cases.
if scripts are pruned, we don't want errors
REmove isdn.. we killed that a few months ago.
Allow bonjour traffic from the lan.
Add mdns entry
Don't forget to start hostid
Show examples of network wise close servers to encourage users to pick servers closer to them.
Cleanup networks and bring it into reality with today.
Create rc script to start mdnsd on system startup.
Add an entry for mdnsd, apple's multicast dns daemon.
add a sample directory for libdispatch
Add include directory for libdispatch.
Prepare for liblzma
Add nsswitch.conf
Dont' delete the .snap snapshot directory. This should never be auto cleaned
Easily document the linux 2.6.16 knob
This was applicable to 0.2.x and lower. Newer snd_hda and so on don't do it
Fix a minor bug where some items are ignored
silence errors with missing fstab
Rewrite to consume significantly less memory, by using find -s instead of find | sort. As a bonus, this simplifies the logic considerably. Also remove the bogus "overruning the args to ls" comment and the corresponding "-n 20" argument to xargs; the whole point with xargs is precisely that it knows how large the argument list can safely get. Note that the first run of the updated script may hypotheticall produce false positives due to differences between find's and sort's sorting algorithm. I haven't seen this during testing, but others might. Obtained from: FreeBSD
add missing ;
update comment
update google url
Update rc.d script and rc.conf defaults for BIND 9.6.1-P2. Add the auto forwarders ability
How about we type things correctly
Import OpenBSD's sysctl sensors framework. This is based on work by Constantine A. Murenin for the 2007 Google summer of code for FreeBSD. Includes: sample config file for sensord rc scripts documentation fixes and updates sys/kern/kern_sensors.c sys/sensors.h This is compatible with OpenBSD 4.1 and 4.2 in terms of the userland bits.
remove isdn
gcc4
Enabling powerd by default was a good idea, but quite error prone. On my new system and several others, it causes panics. It also seems to interfere with stable operation on older hyperthreaded Pentium 4 based systems (such as the Dell GX270) Let's disable it here and plan on adding an option in the installer to turn it on or off.
a new approach to the ssh files thing
revert for now
ok how about this
we're seeing some problems installing moduli sine the openssh migration in world. Let's try installing it this way
add larn games directory under /usr/share
remove freebsd email address.
add larn directory
add atc game directory
This used tabs instead of spaces. let's keep it consistent.
temporarily back out mksh changes.
update dot.mkshrc for r36b. Add a custom setvar function for freebsd compatibility.
fix for mksh
add /usr/libdata/pkgconfig
*** empty log message ***
add zfs check
should use -n on nice
Update security periodic to go with changes in various system utilities including ipfw
*** empty log message ***
merge rc changes
merge rc changes
Add kld loader functions and make several changes with mounting
Change the way ipfw module is loaded.
remove unneeded commands on ipsec reload
add stop command and fix lowest power profile testing
enclose in quotes
disable dumpdev since we encrypt swap. (regression fix)
ramdisk and ramdisk-own -> mdconfig and mdconfig2 statd is from nfslocking
Make the firewall quiet
Add defaults for several daemons.
add sync dhclient
remove netbsd tags
add zfs support
fix some problems with this script
add friendly message, remove netbsd tag
add mountlate
Rename nfslocking -> lockd
add kernel
*** empty log message ***
add idmapd
Whack ppp-user... merge and cleanup ppp
Make local
Remove some of these options as they were moved to netoptions
change the name of pidfile not to conflict
Add several new friendly net options.
Remove pccard
Emit a warning when the network_interfaces variable is not set to AUTO and change wpa_supplicant to down the interface at the start of the init routine. wpa_supplicant expects that it has exclusive access to the net80211 state. This stops errors trying to scan when it's already scanning causing a problem connecting. This was an issue for firmware based cards in particular. Do not bother ifconfig up(ing) the interface since it is downed again
Remove obsolete directories.
netatm is disabled... don't include it. Remove posix4 as it's no longer used.
tag new files
catch up pam config with audit support
update the pf.os file slightly.. we need to do more with this
Update etc environment. add nscd.conf, remove usbd.conf as we don't need usbd. Switch to new world order
Sync changes
add ftp-proxy for pf
Modify dhclient to use background var
usbd was removed
add atrun
add audit, nscd. Fix kerberos server options. Remove usbd as it's been replaced by devd. Add zfs on/off.
Add forums and wiki pages and update the contact information.
add entries for pts and pty
Update rc.suspend and rc.resume to take advantage of the new modes. Add ZFS to devd config
Add ftp-proxy, nscd (caching), zfs, auditd, bridge, and bthidd. Remove usbd as devd does that job now.
Add man pages
Add several new directories including hostapd, wpa_supplicant, etc..
Add legal directory under share/doc for intel wifi
Fix whitespace. Tabs were used by accident.
Add /var entry for audit
Add lmc to the include directories.
Add gss related files.
Add zfs and gss
Add new directories for new geom layers, and gssapi.
We're having a lot of compliants about pkg_add failing which seem to be firewall related. Drop the firewall during the firstboot script and bring it back up after fetching.
Add default rules for ntpd and avahi (ipv4)
Run moused.. on desktops this is a good idea
Enable default devfs system ruleset
add some user friendly defaults.
Add rules for all users to access cdroms, usb devices, usb scanners, and a few other misc devices.
Remove old architectures we don't do
Add kde/kdm and gnustep + slim + windowmaker setup
Remove source address option (port hard coding) as this has proven to be bad.
Spell pidfile "correctly"
Remove pcnfsd. We don't have this port and it's ancient.
apparently cut and sort are mia in make release as well.
Specify path for printf. This is not the ideal solution.
(needs more testing) Create a ssh subdirectory and alter the ssh config installation so that it runs in it's own Makefile. This let's us deal with the new blacklist files in a easy fashion.
Fix bind mergemaster issues.
Update for bind 9.4.2. Update the root servers list (some have ipv6 addresses now) Follow a similar approach to FreeBSD 7.x
Remove pcvt
debug is lying!
Add support for env in scripts. Some <insert negative here> wrote a python book advocating # python and a lot of scripts are using it. This is insecure, but what do we do...
Fix typo
move x11 path
kill old ppc support
Move x11 path
remove x11 paths
more x11 crap
Add installation of mkshrc
mksh file.
We do not nee X11R6
My first pass at a desktop rule like we have for ipv4 that enables ssh.
Remove /usr/X11R6/bin from path. We don't do old x anymore.
Hmm... while archite had very good intentions changing this, it's been a problem in a desktop setup (and server). Let's switch the umask back.
Add mksh to /etc/shells
Remove ksh.kshrc which is no longer used.
NTP configuration change. When looking up entires in the resolver quickly, sometimes the same ip is selected as it's cacached briefly. This new configuration fixes that possiblity.
Forced bump for sendmail 8.14.2
Disable kernel core dumps Enable additional channels for older sound cards. Allow users to mount cds.
Switch to FILESYSTEMS
fix unloading of "saver" modules
use -ne instead of !=
Add new rc.conf var... sendmail_rebuild_aliases with a setting of off. Aliases will no longer be rebuilt automatically on startup. (FreeBSD 7.x+ behavior)
switch to stop_boot switch to FILE_SYSTEMS
Try to get useful info from dhcp fix whitespace
stop bitching for random on read only devices. (good for live cd use) As a last ditch effort, try to write it to var
Allow relative paths for rndc in case the port version of named is used.
Oops.. fix ${jail_fstab}
run the firewall script in another shell
Don't source the script directly.. run it in a seperate shell.
Remove unneeded semi colon
Change pivot point for jails
Add "fake" point to be the new pivot point instead of mountlocalcrit
Hack to keep us in compliance with IPv6 rfcs
allow delay to be set to a negative value which delays the run indefinetely
Test if nextboot is there before we run it
Enable powerd by default. Remove /usr/X11R6/rc.d search path as we're moving away from that with xorg 7
Remove early.sh
Remove early.sh. Users should now use "new style" rc.d scripts instead. Consult rc(8).
Remove deprecated portmap, single_mountd_enable and xntpd stuff from early 5.x releases of FreeBSD. We don't need this cruft
remove alpha bits.
sort
Add a fireware directory on boot. This will allow us to store firmware for wireless cards there.
Add media for HAL. Use this for removable media such as cdroms, usb flash drives, etc.
Ditch alpha
Remove audit. We don't use it like freebsd.
tail is no longer needed.
fix sorting
Remove $NetBSD$ tags in some cases as we're not going to be merging anything from that direction and it's in CVS. Remove $FreeBSD$ on our ntpd as we've diverged. add shutdown keyword to several services to end things cleanly. More work is required here.
Open port 22 on the desktop ruleset when sshd is enabled in rc.conf.
Enable ipfw kernel module by default. Use the new desktop configuration. Disable verbose display of rulesets on startup. (users get confused enough by the console) Yes, we were going to use pf, but archite@ never completed the work. I got sick of waiting and know ipfw better. Besides, it's familiar to Mac users. This ruleset is very similar to the default apple ships with ipfw enabled.
Add a desktop configuration example with mild protection for desktops. This ruleset is not intrusive and blocks ping + unsolicited TCP traffic.
Fix sshd issue with nologin.
Add cron PAM support.
Add etc/ssl/certs
Sync etc/services with IANA. This is only ports 1-1023.
New version creates a receipt instead of removing one. This is much easier to check for and handles the problem of mergemaster adding a new file, etc.
Add firstboot script to do last minute configuration. Currently, we just want to install packages for GNUstep, X11, WindowMaker, and slim. firstboot needs to start after the network is up so we intentionally position it after dhclient just in case.
Change formatting and text of message when a module is loaded.
vi is the default editor. This is BSD after all.
use ee
Load sound before mixer. Test if sound pci id file exists before loading. Don't run sound in a jail. Clean up formatting and whitespace.
$MidnightBSD$ Change domain to MidnightBSD.org. While we don't technically need "freefall", it might be handy to keep around for now.
*** empty log message ***
enable ssh automatically
Add sound "autodetection"
Add sound directory for sound "autodetection"
We don't have portsnap so don't create the directory.
stop command wouldn't work without the command specified.
Adding ksh.kshrc into /etc for user convenience
remove send-pr reference to fix world.
FreeBSD_version and BSD daemon files were removed from examples. We also recently added MidnightBSD_version.
Document the user/group LOR in our sample pf.conf
Replace awk parts with shell scripting. Obtained from FreeBSD
Change allscreens_flags to disable boot logo screen saver. As we are adding splash, we do not want to use that.
Correct Typo... missing {
Moving sudoers install to src/etc
The jail rc.d script does not check if a path inside a jail is a symbolic link before it uses a path. /var/log/console.log and mounting/unmounting file systems inside the jail structure are not checked. As such, the jail system is vulnerable to symlink attacks.
Don't point at bar.com. Docment how to change polling interval for HC interface and counters.
Add missing ldconfig directories.
Fix output and exit status when daily_mailq_shorten is set to YES
Fix jail list.
File was installed with incorrect name anyway.
Add 32-bit ldconfig32 path for use with scripts.
Add audit to /var with proper group membership of audit.
Get rid of syscons restart in freebsd revision 1.26.2.4
Fix keyboard attach/detach and use new setkeyboard function in rc.d/syscons
Modify sysons to add setkeyboard method. It does nothing with kbdmux but works properly switching otherwise.
Add audit group.
Move pflog into a seperate module.
Remove alpha directory
Beautify the messages from the ipfw script.
Change ipfw l to ipfw list
Remove portsnap config file.
Add rdate to Makefile.
Added src/share/dict/special for spell(1) import from NetBSD.
Improve clear temp routine based on recent changes in FreeBSD 7 current.
Remove OSF1 alpha support
kill alpha support here.
Ensure that ldconfig has been run earlier so that services out of mports have access to their shared libraries.
Correctly set moused_$2_enable when moused_nondefault_enable is set to NO
Fix quote
Change NFS cache timeout to match kernel value.
Improve the friendliness of the linux ld.so.cache with read only file systems.
Make sure abi and therefore archdep start before SERVERS.
rc.d comformance patch: Fix stop command so we don't get abi not running error. Just use start instead of prestart.
Fix login fail to catch sshd, proftpd, and su errors along with many other programs.
Don't forget to install the new periodic scripts.
Add daily periodic scripts with a default of OFF/NO for gmirror, graid3, gstripe and gconcat.
No longer need kvmdb
Add mixer_enable with a default of Yes.
Add rdate to rc.d startup so users can choose between ntpd and rdate.
ntpd's -S flag is the default so we do not need to set it.
Disable dump device as we are prepairing for encrypted swap.
change seeded check
Add reload command.
Fix amd if installed from ports or another source.
add lukemftpd.
if rpc.pcnfsd exists, it would be a port.
Comment out examples.
If NO_BIND_MTREE is set, we don't have anywehre to put namedb files. No need to try.
Fix NO_CRYPT option when it is only defined during some make operations.
Remove pidfile reference so ntpd can be stopped using the rc mechanisms.
Correct spelling errors.
Point at localhost instead of bar.com
Sync with FreeBSD and indirectly NetBSD.
Removing rc_fancy patch.
Reverting to color free rc.subr.
Fix formatting problem with ambiguous ".\n" lines in rc startup when rc fancy is disabled.
$MidnightBSD$
$MidnightBSD$
$MidnightBSD$
$MidnightBSD$
$MidnightBSD$
$MidnightBSD$ and add ntpd.conf
Changed default umask to 077
rdate's -c flag was not working as -DLEAPSECONDS was not used in the base system to maintain posix compliance. Instead, rdate was altered to read a "right" subdirectory just as openbsd does. In right, leapsecond versions of all the zones are built so that we can maintain legal time if needed.
Removed ntpdate rc script.. forgot to fix makefile.
*** empty log message ***
Finishing up the OpenNTPD commits. Since we no longer have ntpdate, i'll simply have to add rdate later.
Added _ntp user for OpenNTPD
OpenNTPD config file
Changed default password to use blowfish instead of md5
Added ksh to the base system.
Converted to MidnightBSD to fix motd repeat problem.
Syntax errors corrected.
Fancy RC startup with colors.
Not FreeBSD anymore... fix motd
This commit was generated by cvs2svn to compensate for changes in r5, which included commits to RCS files with non-trunk default branches.
This commit was generated by cvs2svn to compensate for changes in r2, which included commits to RCS files with non-trunk default branches.