| #
39a11509 |
| 02-Apr-2024 |
deraadt <deraadt@openbsd.org> |
also relink ssh-agent
|
| #
36cf69b3 |
| 30-Mar-2024 |
deraadt <deraadt@openbsd.org> |
program relinking currently uses a Makefile.relink inside the re-link kit.
For sshd (the only relinked program at the moment), this file is created
in an extremely nasty way. It'll be better if we h
program relinking currently uses a Makefile.relink inside the re-link kit.
For sshd (the only relinked program at the moment), this file is created
in an extremely nasty way. It'll be better if we have a proper clean
install.sh script, which I've built for sshd. But let's first commit the
change to /etc/rc which will handle that in the near future.
ok djm
show more ...
|
| #
b6013e36 |
| 01-Oct-2023 |
naddy <naddy@openbsd.org> |
show fingerprint of freshly generated ssh host key on first boot
Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when boot
show fingerprint of freshly generated ssh host key on first boot
Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time. This simplifies a secure first ssh connection to
a freshly installed machine.
ok deraadt@ kn@, and various for earlier iterations
show more ...
|
| #
6fcd0d88 |
| 26-Apr-2023 |
phessler <phessler@openbsd.org> |
During boot we have a protective and restrictive pf ruleset during the time
we are running netstart, and then load the pf.conf ruleset after all of the
interfaces are loaded.
Allow in and out IPv6 n
During boot we have a protective and restrictive pf ruleset during the time
we are running netstart, and then load the pf.conf ruleset after all of the
interfaces are loaded.
Allow in and out IPv6 neighbor advertisement traffic without state during
that time.
suggestions/OK from saschan@
OK sthen@ kn@ florian@ deraadt@
show more ...
|
| #
e0c25898 |
| 25-Jan-2023 |
asou <asou@openbsd.org> |
Delete TAB only line.
|
| #
036e2a92 |
| 18-Jan-2023 |
deraadt <deraadt@openbsd.org> |
process the sshd random-relink kit if it is found. sshd's text segment
is now garbled, and in the future xonly univirse you'll have poor success
downloading it or libc to know where gadgets are.
ok
process the sshd random-relink kit if it is found. sshd's text segment
is now garbled, and in the future xonly univirse you'll have poor success
downloading it or libc to know where gadgets are.
ok djm
show more ...
|
| #
0b442041 |
| 28-Dec-2022 |
kn <kn@openbsd.org> |
Make wait_reorder_libs() honour library_aslr=NO
Otherwise it will unconditionally print an empty line in case relinking
is disabled.
Reported by kettenis
Feedback OK tb
OK florian
|
| #
ee5ad0ad |
| 26-Dec-2022 |
kn <kn@openbsd.org> |
add newline missed in previous
|
| #
5ea7b462 |
| 26-Dec-2022 |
florian <florian@openbsd.org> |
Re-order libraries in parallel to netstart.
While netstart is busy setting up the network and waiting for a
default route we can already start with reordering libraries since
this does not depend on
Re-order libraries in parallel to netstart.
While netstart is busy setting up the network and waiting for a
default route we can already start with reordering libraries since
this does not depend on running network, speeding things up.
Idea & input deraadt
Input & OK kn
show more ...
|
| #
76a9e5e6 |
| 28-Nov-2022 |
cheloha <cheloha@openbsd.org> |
rc(8): reorder_libs: print names of relinked libraries
When booting from slow media, the boot can appear to stall at the
"reordering libs" line for quite some time. For my example, my G4
PowerMac b
rc(8): reorder_libs: print names of relinked libraries
When booting from slow media, the boot can appear to stall at the
"reordering libs" line for quite some time. For my example, my G4
PowerMac booting from USB 1.1 takes a full minute to reorder the
libraries.
Let's print the name of each library before it is relinked. This
gives the operator a better sense of what the machine is doing. In
particular, it signals to the operator that the machine did not hang.
With input from kn@, deraadt@. Positive feedback from sthen@.
Link: https://marc.info/?l=openbsd-tech&m=165914104421476&w=2
ok kn@
show more ...
|
| #
eb550c80 |
| 29-Aug-2022 |
deraadt <deraadt@openbsd.org> |
mount /usr earlier, to satisfy dynamically-linked daemons in /sbin better
(there will be more soon)
|
| #
423d4fbe |
| 28-Jul-2022 |
miod <miod@openbsd.org> |
Only attempt to set the yp domainname if not yet set; gets rid of an error
message at shutdown.
tweaks & ok deraadt@
|
| #
6cc61e20 |
| 27-Jul-2022 |
deraadt <deraadt@openbsd.org> |
Place ypldap with ypserv, inside the $domainname check, since it also
has the same requirement.
|
| #
1b66252f |
| 17-Jul-2022 |
deraadt <deraadt@openbsd.org> |
/var/run/ypbind.lock doesn't need to be forcefully removed
ok aja
|
| #
063d4903 |
| 11-Jul-2022 |
tobhe <tobhe@openbsd.org> |
Generate P-256 ECDH keys for iked instead of reusing 2048 bit RSA keys
from isakmpd.
ok bluhm@
|
| #
c2691def |
| 28-Jun-2022 |
claudio <claudio@openbsd.org> |
Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@
|
| #
f96b97a3 |
| 26-Jun-2022 |
florian <florian@openbsd.org> |
Wait for autoconf interfaces to come up in netstart(8) instead of
rc(8). This makes tunnel interfaces work that depend on working
autoconf interfaces.
OK deraadt
|
| #
889fff72 |
| 26-Jun-2022 |
florian <florian@openbsd.org> |
Start network auto configuration daemons earlier so that tunnel
interfaces can depend on dhcp or slaac.
dhcpleased needs /var mounted so pull that up, we do not support /var
on nfs.
With & OK deraadt
Start network auto configuration daemons earlier so that tunnel
interfaces can depend on dhcp or slaac.
dhcpleased needs /var mounted so pull that up, we do not support /var
on nfs.
With & OK deraadt, earlier version OK sthen
show more ...
|
| #
342eb06c |
| 17-Jan-2022 |
jsg <jsg@openbsd.org> |
filessystems -> filesystems
|
| #
26dd7583 |
| 11-Nov-2021 |
claudio <claudio@openbsd.org> |
switch(4) and switchd(8) are retiering. Unhook them from various
configuration files.
OK sthen@ kn@ patrick@
|
| #
b26a609d |
| 01-Sep-2021 |
deraadt <deraadt@openbsd.org> |
quietly attempt mounting of /var/log early, in case someone creates such
a partition to avoid /var overflow issues
ok benno beck
|
| #
1106a145 |
| 28-Jul-2021 |
deraadt <deraadt@openbsd.org> |
A slightly less precise match on the ifconfig output lines works
better for rdomain or metric tuned interfaces
from leon fischer
|
| #
b0fe20a2 |
| 22-Jul-2021 |
deraadt <deraadt@openbsd.org> |
Only perform the default-route-pause if there are interfaces with the
AUTOCONF flag set. This removes the delay for even more (strange)
static configs.
ok sthen
|
| #
6041cb5b |
| 22-Jul-2021 |
sthen <sthen@openbsd.org> |
small tweak for default route checking, we don't care about the number of
routes, only if at least one exists, so can avoid the subshell and just use
grep -q. ok deraadt
|
| #
4ba63a1b |
| 22-Jul-2021 |
deraadt <deraadt@openbsd.org> |
After netstart, dhcpleased, and resolved are running, spin up to 10
seconds waiting for a default route (v4 or v6) to exist, this
increases the chance of DNS lookups working earlier. This is done
be
After netstart, dhcpleased, and resolved are running, spin up to 10
seconds waiting for a default route (v4 or v6) to exist, this
increases the chance of DNS lookups working earlier. This is done
before pf is configured, sorry we have good reasons. Static
configurations are unaffected. dhclient previously did this kind of
delay, and this is the lightest touch we can come up with which gives
the same effect.
While here, also start relinking earlier.
ok benno florian sthen
show more ...
|