rc (revision 300d0407) - OpenGrok cross reference for /openbsd/etc/rc

*300d0407Srpe#	$OpenBSD: rc,v 1.450 2015/07/18 00:03:34 rpe Exp $
df930be7Sderaadt
*300d0407Srpe# System startup script run by init on autoboot or after single-user.
*300d0407Srpe# Output and error are redirected to console by init, and the console is the
*300d0407Srpe# controlling terminal.
df930be7Sderaadt
5420764bSmillert# Subroutines (have to come first).
5420764bSmillert
*300d0407Srpe
*300d0407Srpe# Strip comments (and leading/trailing whitespace if IFS is set) from a file
*300d0407Srpe# and spew to stdout.
5420764bSmillertstripcom() {
5420764bSmillert	local _file="$1"
5420764bSmillert	local _line
5420764bSmillert
5420764bSmillert	{
5420764bSmillert		while read _line ; do
5420764bSmillert			_line=${_line%%#*}		# strip comments
5420764bSmillert			test -z "$_line" && continue
5420764bSmillert			echo $_line
5420764bSmillert		done
5420764bSmillert	} < $_file
5420764bSmillert}
5420764bSmillert
*300d0407Srpe# Update resource limits when sysctl changes.
0e47d797Smillert# Usage: update_limit -X loginconf_name
0e47d797Smillertupdate_limit() {
0e47d797Smillert	local _fl="$1"	# ulimit flag
0e47d797Smillert	local _lc="$2"	# login.conf name
0e47d797Smillert	local _new _suf
0e47d797Smillert
0e47d797Smillert	for _suf in "" -cur -max; do
0e47d797Smillert		_new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null`
0e47d797Smillert		if [ X"$_new" != X"" ]; then
0e47d797Smillert			if [ X"$_new" = X"infinity" ]; then
0e47d797Smillert				_new=unlimited
0e47d797Smillert			fi
0e47d797Smillert			case "$_suf" in
0e47d797Smillert			-cur)
0e47d797Smillert				ulimit -S $_fl $_new
0e47d797Smillert				;;
0e47d797Smillert			-max)
0e47d797Smillert				ulimit -H $_fl $_new
0e47d797Smillert				;;
0e47d797Smillert			*)
0e47d797Smillert				ulimit $_fl $_new
0e47d797Smillert				return
0e47d797Smillert				;;
0e47d797Smillert			esac
0e47d797Smillert		fi
0e47d797Smillert	done
0e47d797Smillert}
0e47d797Smillert
*300d0407Srpe# Apply sysctl(8) settings.
0e47d797Smillertsysctl_conf() {
6be3177eSmillert	test -s /etc/sysctl.conf || return
6be3177eSmillert
0e47d797Smillert	# delete comments and blank lines
0e47d797Smillert	set -- `stripcom /etc/sysctl.conf`
0e47d797Smillert	while [ $# -ge 1 ] ; do
0e47d797Smillert		sysctl $1
0e47d797Smillert		# update limits if needed
0e47d797Smillert		case $1 in
0e47d797Smillert		kern.maxproc=*)
0e47d797Smillert			update_limit -p maxproc
0e47d797Smillert			;;
0e47d797Smillert		kern.maxfiles=*)
0e47d797Smillert			update_limit -n openfiles
0e47d797Smillert			;;
0e47d797Smillert		esac
0e47d797Smillert		shift
0e47d797Smillert	done
0e47d797Smillert}
0e47d797Smillert
*300d0407Srpe# Apply mixerctl(1) settings.
0e47d797Smillertmixerctl_conf()
0e47d797Smillert{
6be3177eSmillert	test -s /etc/mixerctl.conf || return
6be3177eSmillert
0e47d797Smillert	# delete comments and blank lines
0e47d797Smillert	set -- `stripcom /etc/mixerctl.conf`
0e47d797Smillert	while [ $# -ge 1 ] ; do
0e47d797Smillert		mixerctl -q $1 > /dev/null 2>&1
0e47d797Smillert		shift
0e47d797Smillert	done
0e47d797Smillert}
0e47d797Smillert
*300d0407Srpe# Apply wscons system driver settings using wsconsctl(8).
6be3177eSmillertwsconsctl_conf()
6be3177eSmillert{
6be3177eSmillert	local save_IFS="$IFS"
6be3177eSmillert
6be3177eSmillert	test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return
6be3177eSmillert	# delete comments and blank lines
6be3177eSmillert	IFS="
6be3177eSmillert"
6be3177eSmillert	set -- `stripcom /etc/wsconsctl.conf`
6be3177eSmillert	IFS="$save_IFS"
6be3177eSmillert	while [ $# -ge 1 ] ; do
cffa29c0Sderaadt		eval wsconsctl $1
6be3177eSmillert		shift
6be3177eSmillert	done
6be3177eSmillert}
6be3177eSmillert
8f0921ecSdjmrandom_seed()
8f0921ecSdjm{
d7e1c4e4Sderaadt	# push the old seed into the kernel
13a462f6Sbluhm	dd if=/var/db/host.random of=/dev/random bs=65536 count=1 status=none
d7e1c4e4Sderaadt	chmod 600 /var/db/host.random
d7e1c4e4Sderaadt	# ... and create a future seed
13a462f6Sbluhm	dd if=/dev/random of=/var/db/host.random bs=65536 count=1 status=none
49be1d20Sderaadt	# and create a seed file for the boot-loader
13a462f6Sbluhm	dd if=/dev/random of=/etc/random.seed bs=512 count=1 status=none
49be1d20Sderaadt	chmod 600 /etc/random.seed
8f0921ecSdjm}
8f0921ecSdjm
*300d0407Srpe# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so
*300d0407Srpe# as to avoid randomly allocating source ports that correspond to well-known
*300d0407Srpe# services.
e27ad5ceSdjmfill_baddynamic()
e27ad5ceSdjm{
484497f6Shalex	local _service=$1
e27ad5ceSdjm	local _sysctl="net.inet.${_service}.baddynamic"
484497f6Shalex	stripcom /etc/services |
484497f6Shalex	{
484497f6Shalex		# Variables are local
484497f6Shalex		while IFS=" 	/" read _name _port _srv _junk; do
fa65f058Shalex			[ "x${_srv}" = "x${_service}" ] || continue
484497f6Shalex			_ban="${_ban:+${_ban},}+${_port}"
e27ad5ceSdjm			# Flush before argv gets too long
484497f6Shalex			if [ ${#_ban} -gt 1024 ]; then
484497f6Shalex				sysctl -q ${_sysctl}=${_ban}
e27ad5ceSdjm				_ban=""
e27ad5ceSdjm			fi
484497f6Shalex		done
484497f6Shalex		[ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban}
484497f6Shalex	}
e27ad5ceSdjm}
e27ad5ceSdjm
*300d0407Srpe# Start daemon using the rc.d daemon control scripts.
*300d0407Srpe# Usage: start_daemon daemon1 daemon2 daemon3
833ea469Srobertstart_daemon()
833ea469Srobert{
598b0ae3Srobert	local _n
833ea469Srobert	for _n; do
833ea469Srobert		eval _do=\${${_n}_flags}
833ea469Srobert		if [ X"${_do}" != X"NO" ]; then
833ea469Srobert			/etc/rc.d/${_n} start
833ea469Srobert		fi
833ea469Srobert	done
833ea469Srobert}
833ea469Srobert
*300d0407Srpe# Generate keys for isakmpd, iked and sshd if the don't exist yet.
3e77ed4cSderaadtmake_keys()
3e77ed4cSderaadt{
3e77ed4cSderaadt	if [ ! -f /etc/isakmpd/private/local.key ]; then
3e77ed4cSderaadt		echo -n "openssl: generating isakmpd/iked RSA key... "
3e77ed4cSderaadt		if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
3e77ed4cSderaadt		    >/dev/null 2>&1; then
3e77ed4cSderaadt			chmod 600 /etc/isakmpd/private/local.key
3e77ed4cSderaadt			openssl rsa -out /etc/isakmpd/local.pub -in \
3e77ed4cSderaadt			    /etc/isakmpd/private/local.key -pubout \
3e77ed4cSderaadt			    >/dev/null 2>&1
3e77ed4cSderaadt			echo done.
3e77ed4cSderaadt		else
3e77ed4cSderaadt			echo failed.
3e77ed4cSderaadt		fi
3e77ed4cSderaadt	fi
3e77ed4cSderaadt
3e77ed4cSderaadt	if [ ! -f /etc/iked/private/local.key ]; then
3e77ed4cSderaadt		# Just copy the generated isakmpd key
3e77ed4cSderaadt		cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
3e77ed4cSderaadt		chmod 600 /etc/iked/private/local.key
3e77ed4cSderaadt		cp /etc/isakmpd/local.pub /etc/iked/local.pub
3e77ed4cSderaadt	fi
3e77ed4cSderaadt
3e77ed4cSderaadt	ssh-keygen -A
3e77ed4cSderaadt}
3e77ed4cSderaadt
*300d0407Srpe# Create Unix sockets directories for X if needed and make sure they have
*300d0407Srpe# correct permissions.
3e77ed4cSderaadtsetup_X_sockets()
3e77ed4cSderaadt{
3e77ed4cSderaadt	if [ -d /usr/X11R6/lib ]; then
3e77ed4cSderaadt		for d in /tmp/.X11-unix /tmp/.ICE-unix ; do
3e77ed4cSderaadt			if [ -d $d ]; then
3e77ed4cSderaadt				if [ `ls -ld $d | cut -d' ' -f4` \
3e77ed4cSderaadt				    != root ]; then
3e77ed4cSderaadt					chown root $d
3e77ed4cSderaadt				fi
3e77ed4cSderaadt				if [ `ls -ld $d | cut -d' ' -f1` \
3e77ed4cSderaadt				    != drwxrwxrwt ]; then
3e77ed4cSderaadt					chmod 1777 $d
3e77ed4cSderaadt				fi
3e77ed4cSderaadt			elif [ -e $d ]; then
3e77ed4cSderaadt				echo "Error: $d exists and isn't a directory."
3e77ed4cSderaadt			else
3e77ed4cSderaadt				mkdir -m 1777 $d
3e77ed4cSderaadt			fi
3e77ed4cSderaadt		done
3e77ed4cSderaadt	fi
3e77ed4cSderaadt}
3e77ed4cSderaadt
*300d0407Srpe# Check filesystems, optionally by using a flag for fsck(8) passed as $1.
81896204Sclaudiodo_fsck()
81896204Sclaudio{
81896204Sclaudio	local _flags=$1
81896204Sclaudio
81896204Sclaudio	fsck -p $_flags
81896204Sclaudio	case $? in
81896204Sclaudio	0)
81896204Sclaudio		;;
81896204Sclaudio	2)
81896204Sclaudio		exit 1
81896204Sclaudio		;;
81896204Sclaudio	4)
81896204Sclaudio		echo "Rebooting..."
81896204Sclaudio		reboot
81896204Sclaudio		echo "Reboot failed; help!"
81896204Sclaudio		exit 1
81896204Sclaudio		;;
81896204Sclaudio	8)
81896204Sclaudio		echo "Automatic file system check failed; help!"
81896204Sclaudio		exit 1
81896204Sclaudio		;;
81896204Sclaudio	12)
81896204Sclaudio		echo "Boot interrupted."
81896204Sclaudio		exit 1
81896204Sclaudio		;;
81896204Sclaudio	130)
*300d0407Srpe		# Interrupt before catcher installed.
81896204Sclaudio		exit 1
81896204Sclaudio		;;
81896204Sclaudio	*)
81896204Sclaudio		echo "Unknown error; help!"
81896204Sclaudio		exit 1
81896204Sclaudio		;;
81896204Sclaudio	esac
81896204Sclaudio}
81896204Sclaudio
*300d0407Srpe# End subroutines.
5420764bSmillert
df930be7Sderaadtstty status '^T'
df930be7Sderaadt
*300d0407Srpe# Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3)
*300d0407Srpe# and returns to single user after fsck.
df930be7Sderaadttrap : 2
*300d0407Srpetrap : 3	# Shouldn't be needed.
df930be7Sderaadt
df930be7SderaadtHOME=/; export HOME
102e9b47SrobertINRC=1; export INRC
df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin
df930be7Sderaadtexport PATH
df930be7Sderaadt
*300d0407Srpe# Must set the domainname before rc.conf, so YP startup choices can be made.
10cfcf00Sderaadtif [ -f /etc/defaultdomain ]; then
10cfcf00Sderaadt	domainname `stripcom /etc/defaultdomain`
10cfcf00Sderaadtfi
10cfcf00Sderaadt
*300d0407Srpe# Need to get local functions from rc.subr.
8799e9c8SrobertFUNCS_ONLY=1 . /etc/rc.d/rc.subr
8799e9c8Srobert
*300d0407Srpe# Load rc.conf into scope.
8799e9c8Srobert_rc_parse_conf
d9f03edaSrobert
9969bcb5Smillertif [ X"$1" = X"shutdown" ]; then
7b987043Sbluhm	if echo 2>/dev/null >>/var/db/host.random || \
7b987043Sbluhm	    echo 2>/dev/null >>/etc/random.seed; then
a938e06dSrpe		random_seed
7b987043Sbluhm	else
7b987043Sbluhm		echo warning: cannot write random seed to disk
7b987043Sbluhm	fi
a938e06dSrpe
19b9ddfaSmillert	# If we are in secure level 0, assume single user mode.
19b9ddfaSmillert	if [ `sysctl -n kern.securelevel` -ne 0 ]; then
9d0326b3Sschwarze		pkg_scripts=${pkg_scripts%%*( )}
ab772a24Sderaadt		if [ -n "${pkg_scripts}" ]; then
bbe1205bSajacoutot			echo -n 'stopping package daemons:'
931d9abfSajacoutot			while [ -n "${pkg_scripts}" ]; do
931d9abfSajacoutot				_r=${pkg_scripts##* }
931d9abfSajacoutot				pkg_scripts=${pkg_scripts%%*( )${_r}}
bbe1205bSajacoutot				[ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop
bbe1205bSajacoutot			done
bbe1205bSajacoutot			echo '.'
bbe1205bSajacoutot		fi
ab772a24Sderaadt
e6e1e079Sderaadt		[ -f /etc/rc.shutdown ] && sh /etc/rc.shutdown
ab772a24Sderaadt	else
ab772a24Sderaadt		echo single user: not running shutdown scripts
ab772a24Sderaadt	fi
9e07bef9Smcbride
*300d0407Srpe	# Bring carp interfaces down gracefully.
4375b688Ssthen	ifconfig | while read a b; do
4375b688Ssthen		case $a in
4375b688Ssthen		carp+([0-9]):) ifconfig ${a%:} down ;;
b7f7a928Ssthen		esac
9e07bef9Smcbride	done
2ee46d13Smcbride
75a54d2eSderaadt	exit 0
75a54d2eSderaadtfi
75a54d2eSderaadt
638be0f1Smiodswapctl -A -t blk
920abb1bSderaadt
8b7444a6Sderaadtif [ -e /fastboot ]; then
df930be7Sderaadt	echo "Fast boot: skipping disk checks."
9969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then
df930be7Sderaadt	echo "Automatic boot in progress: starting file system checks."
81896204Sclaudio	do_fsck
df930be7Sderaadtfi
df930be7Sderaadt
df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3
df930be7Sderaadt
df930be7Sderaadtumount -a >/dev/null 2>&1
6e571508Sgrunkmount -a -t nonfs,vnd
*300d0407Srpemount -uw /		# root on nfs requires this, others aren't hurt.
df930be7Sderaadtrm -f /fastboot		# XXX (root now writeable)
df930be7Sderaadt
*300d0407Srpe# Set flags on ttys.  (Do early, in case they use tty for SLIP in netstart.)
df930be7Sderaadtecho 'setting tty flags'
df930be7Sderaadtttyflags -a
df930be7Sderaadt
48390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then
48390b59Smcbride	kbd `cat /etc/kbdtype`
48390b59Smcbridefi
48390b59Smcbride
cc294143Sderaadtwsconsctl_conf
cc294143Sderaadt
9969bcb5Smillertif [ X"${pf}" != X"NO" ]; then
7b24ca9eSmcbride	RULES="block all"
4dd40d42Shenning	RULES="$RULES\npass on lo0"
997283b1Skrw	RULES="$RULES\npass in proto tcp from any to any port ssh keep state"
997283b1Skrw	RULES="$RULES\npass out proto { tcp, udp } from any to any port domain keep state"
3dadfb84Scamield	RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state"
841a2ab1Sclaudio	RULES="$RULES\npass out inet proto udp from any port bootpc to any port bootps"
841a2ab1Sclaudio	RULES="$RULES\npass in inet proto udp from any port bootps to any port bootpc"
e24e98b3Sgrange	if ifconfig lo0 inet6 >/dev/null 2>&1; then
ff3da558Sitojun		RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol"
ff3da558Sitojun		RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv"
63c4fe5eSderaadt		RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol"
63c4fe5eSderaadt		RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv"
841a2ab1Sclaudio		RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server"
841a2ab1Sclaudio		RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client"
e24e98b3Sgrange	fi
d7cbed85Shenning	RULES="$RULES\npass in proto carp keep state (no-sync)"
d7cbed85Shenning	RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)"
3dda96c1Sderaadt	case `sysctl vfs.mounts.nfs 2>/dev/null` in
18db1430Sderaadt	*[1-9]*)
*300d0407Srpe		# Don't kill NFS.
649b49daShenning		RULES="set reassemble yes no-df\n$RULES"
997283b1Skrw		RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any"
997283b1Skrw		RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any"
18db1430Sderaadt		;;
18db1430Sderaadt	esac
4616f5d9Sdhartmei	echo $RULES | pfctl -f -
4616f5d9Sdhartmei	pfctl -e
1097c023Skjellfi
1097c023Skjell
*300d0407Srpe# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services.
e27ad5ceSdjmfill_baddynamic udp
e27ad5ceSdjmfill_baddynamic tcp
e27ad5ceSdjm
0e47d797Smillertsysctl_conf
f753b29fSderaadt
*300d0407Srpe# Set hostname, turn on network.
df930be7Sderaadtecho 'starting network'
a1f52e7fShenningifconfig -g carp carpdemote 128
053628caSderaadtif [ -f /etc/resolv.conf.save ]; then
7d2d953cSderaadt	mv -f /etc/resolv.conf.save /etc/resolv.conf
053628caSderaadt	touch /etc/resolv.conf
053628caSderaadtfi
24492e87Sajacoutotsh /etc/netstart
*300d0407Srpedmesg > /dev/random	# Any write triggers a rekey.
df930be7Sderaadt
*300d0407Srpe# Load pf rules and bring up pfsync interface.
9969bcb5Smillertif [ X"${pf}" != X"NO" ]; then
3544dba0Sajacoutot	if [ -f /etc/pf.conf ]; then
3544dba0Sajacoutot		pfctl -f /etc/pf.conf
1097c023Skjell	fi
*300d0407Srpe	# Bring up pfsync after the working ruleset has been loaded.
df0568a3Sderaadt	if [ -f /etc/hostname.pfsync0 ]; then
b523182eSderaadt		sh /etc/netstart pfsync0
f5262b16Smpf	fi
df0568a3Sderaadtfi
1097c023Skjell
cc3d9aa9Sottomount -s /usr >/dev/null 2>&1
cc3d9aa9Sottomount -s /var >/dev/null 2>&1
df930be7Sderaadt
8f0921ecSdjmrandom_seed
74af54b4Sderaadt
*300d0407Srpe# Clean up left-over files.
47a1f8faSderaadtrm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/*
2402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; })
23d49488Sbeck(cd /var/authpf && rm -rf -- *)
23d49488Sbeck
*300d0407Srpe# Save a copy of the boot messages.
6c0a0b4aSalexdmesg >/var/run/dmesg.boot
6c0a0b4aSalex
3e77ed4cSderaadtmake_keys
3e77ed4cSderaadt
cc027ce3Sderaadtecho -n 'starting early daemons:'
d750a370Sderaadtstart_daemon syslogd ldattach pflogd nsd unbound ntpd
81896204Sclaudiostart_daemon iscsid isakmpd iked sasyncd ldapd npppd
833ea469Srobertecho '.'
096ed560Sderaadt
*300d0407Srpe# Load IPsec rules.
79ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then
3544dba0Sajacoutot	if [ -f /etc/ipsec.conf ]; then
3544dba0Sajacoutot		ipsecctl -f /etc/ipsec.conf
79ec6e47Shshoexer	fi
79ec6e47Shshoexerfi
79ec6e47Shshoexer
cc027ce3Sderaadtecho -n 'starting RPC daemons:'
6bf0f2bdSdlgstart_daemon portmap ypldap
47a1f8faSderaadtif [ X"`domainname`" != X"" ]; then
1528aeb4Sderaadt	start_daemon ypserv ypbind yppasswdd
47a1f8faSderaadtfi
6bf0f2bdSdlgstart_daemon mountd nfsd lockd statd amd
df930be7Sderaadtecho '.'
df930be7Sderaadt
cc3d9aa9Sottomount -a
638be0f1Smiodswapctl -A -t noblk
638be0f1Smiod
*300d0407Srpe# Check and mount networked filesystems.
81896204Sclaudiodo_fsck -N
81896204Sclaudiomount -a -N
81896204Sclaudio
*300d0407Srpe# /var/crash should be a directory or a symbolic link to the crash directory
*300d0407Srpe# if core dumps are to be saved.
df930be7Sderaadtif [ -d /var/crash ]; then
9d112a13Stholo	savecore ${savecore_flags} /var/crash
df930be7Sderaadtfi
df930be7Sderaadt
9969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then
df930be7Sderaadt	echo -n 'checking quotas:'
df930be7Sderaadt	quotacheck -a
df930be7Sderaadt	echo ' done.'
df930be7Sderaadt	quotaon -a
36a647e7Sdownsjfi
df930be7Sderaadt
47a1f8faSderaadtkvm_mkdb			# build kvm(3) databases
df930be7Sderaadtdev_mkdb
e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]*
a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]*
df930be7Sderaadt
*300d0407Srpe# Check the password temp/lock file.
8b7444a6Sderaadtif [ -f /etc/ptmp ]; then
df930be7Sderaadt	logger -s -p auth.err \
df930be7Sderaadt	    'password file may be incorrect -- /etc/ptmp exists'
df930be7Sderaadtfi
df930be7Sderaadt
e65724e6Smillertecho clearing /tmp
e65724e6Smillert
*300d0407Srpe# Prune quickly with one rm, then use find to clean up /tmp/[lqv]*
*300d0407Srpe# (not needed with mfs /tmp, but doesn't hurt there...).
c67deee9Sderaadt(cd /tmp && rm -rf [a-km-pr-uw-zA-Z]*)
68b9454cSsthen(cd /tmp &&
ca51295aSmillert    find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \
c67deee9Sderaadt	! -name quota.group ! -name vi.recover -execdir rm -rf -- {} \;)
e65724e6Smillert
3e77ed4cSderaadtsetup_X_sockets
3e77ed4cSderaadt
e6e1e079Sderaadt[ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel
*300d0407Srpe# rc.securelevel did not specifically set -1 or 2, so select the default: 1.
07f21ec8Sajacoutotif [ `sysctl -n kern.securelevel` -eq 0 ]; then
e6e1e079Sderaadt	sysctl kern.securelevel=1
7a8988dbSajacoutotfi
41406ee4Sderaadt
*300d0407Srpe# Patch /etc/motd.
dc279d04Sderaadtif [ ! -f /etc/motd ]; then
dc279d04Sderaadt	install -c -o root -g wheel -m 664 /dev/null /etc/motd
dc279d04Sderaadtfi
22baa516Sguentherif T=`mktemp /tmp/_motd.XXXXXXXXXX`; then
dc279d04Sderaadt	sysctl -n kern.version | sed 1q > $T
dc279d04Sderaadt	echo "" >> $T
dc279d04Sderaadt	sed '1,/^$/d' < /etc/motd >> $T
dc279d04Sderaadt	cmp -s $T /etc/motd || cp $T /etc/motd
dc279d04Sderaadt	rm -f $T
5b45527eSmillertfi
dc279d04Sderaadt
f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then
f0d9a157Sajacoutot	if [ ! -f /var/account/acct ]; then
f0d9a157Sajacoutot		touch /var/account/acct
f0d9a157Sajacoutot	fi
df930be7Sderaadt	echo 'turning on accounting';	accton /var/account/acct
df930be7Sderaadtfi
df930be7Sderaadt
e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then
7e42516dSderaadt	echo 'creating runtime link editor directory cache.'
7e42516dSderaadt	if [ -d /usr/local/lib ]; then
5881fc76Stodd		shlib_dirs="/usr/local/lib $shlib_dirs"
7e42516dSderaadt	fi
7e42516dSderaadt	if [ -d /usr/X11R6/lib ]; then
5881fc76Stodd		shlib_dirs="/usr/X11R6/lib $shlib_dirs"
7e42516dSderaadt	fi
7e42516dSderaadt	ldconfig $shlib_dirs
7e42516dSderaadtfi
7e42516dSderaadt
747e271cSjasperecho 'preserving editor files.';	/usr/libexec/vi.recover
f57929bcSmillert
833ea469Srobertecho -n 'starting network daemons:'
71dd685dSkettenisstart_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
01c03f3dSderaadtstart_daemon relayd dhcpd dhcrelay mrouted dvmrpd
95d52386Snorby
33a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then
33a0f254Sitojun	fw=`sysctl -n net.inet6.ip6.forwarding`
0150d928Sflorian	if [ X"${fw}" = X"1" ]; then
47a1f8faSderaadt		start_daemon route6d rtadvd
33a0f254Sitojun	fi
33a0f254Sitojunfi
33a0f254Sitojun
0139179fSmatthieustart_daemon hostapd lpd smtpd slowcgi httpd ftpd
d7fd7d2cSajacoutotstart_daemon ftpproxy tftpd tftpproxy identd inetd rarpd bootparamd
33f3f8beSajacoutotstart_daemon rbootd mopd spamd spamlogd sndiod
ac826d78Srobertecho '.'
a2f190fbSrobert
*300d0407Srpe# If rc.firsttime exists, run it just once, and make sure it is deleted.
fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then
fcbaa02fSderaadt	mv /etc/rc.firsttime /etc/rc.firsttime.run
9b5245e0Shalex	. /etc/rc.firsttime.run 2>&1 | tee /dev/tty |
2452231eShalex		mail -Es "`hostname` rc.firsttime output" root >/dev/null
fcbaa02fSderaadtfi
fcbaa02fSderaadtrm -f /etc/rc.firsttime.run
fcbaa02fSderaadt
*300d0407Srpe# Run rc.d(8) scripts from packages.
931d9abfSajacoutotif [ -n "${pkg_scripts}" ]; then
bbe1205bSajacoutot	echo -n 'starting package daemons:'
931d9abfSajacoutot	for _r in $pkg_scripts; do
739cb2c2Sespie		if [ -x /etc/rc.d/${_r} ]; then
739cb2c2Sespie			start_daemon ${_r}
739cb2c2Sespie		else
739cb2c2Sespie			echo -n " ${_r}(absent)"
739cb2c2Sespie		fi
bbe1205bSajacoutot	done
bbe1205bSajacoutot	echo '.'
bbe1205bSajacoutotfi
bbe1205bSajacoutot
e6e1e079Sderaadt[ -f /etc/rc.local ] && sh /etc/rc.local
8b7444a6Sderaadt
cc027ce3Sderaadtifconfig -g carp -carpdemote 128	# disable carp interlock
f026f8beSmarc
cc027ce3Sderaadtmixerctl_conf
cc027ce3Sderaadtecho -n 'starting local daemons:'
1d338f44Sderaadtstart_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm
74491808Smillertecho '.'
74491808Smillert
df930be7Sderaadtdate
df930be7Sderaadtexit 0