1*354b290bSrenato# $OpenBSD: rc,v 1.465 2015/10/03 18:57:11 renato Exp $ 2df930be7Sderaadt 3300d0407Srpe# System startup script run by init on autoboot or after single-user. 4300d0407Srpe# Output and error are redirected to console by init, and the console is the 5300d0407Srpe# controlling terminal. 6df930be7Sderaadt 75116749bSrpe# Turn off Strict Bourne shell. 85116749bSrpeset +o sh 95116749bSrpe 105420764bSmillert# Subroutines (have to come first). 115420764bSmillert 12300d0407Srpe 13fcb22a03Srpe# Strip in- and whole-line comments from a file. 14fcb22a03Srpe# Strip leading and trailing whitespace if IFS is set. 15fcb22a03Srpe# Usage: stripcom /path/to/file 165420764bSmillertstripcom() { 17fcb22a03Srpe local _file=$1 _line 185420764bSmillert 19fcb22a03Srpe [[ -s $_file ]] || return 20fcb22a03Srpe 215420764bSmillert while read _line ; do 22fcb22a03Srpe _line=${_line%%#*} 23fcb22a03Srpe [[ -n $_line ]] && print -r -- "$_line" 24fcb22a03Srpe done <$_file 255420764bSmillert} 265420764bSmillert 27fcb22a03Srpe# Update resource limits based on login.conf settings. 28fcb22a03Srpe# Usage: update_limit -flag capability 290e47d797Smillertupdate_limit() { 30fcb22a03Srpe local _flag=$1 # ulimit flag 31fcb22a03Srpe local _cap=$2 _val # login.conf capability and its value 32fcb22a03Srpe local _suffix 330e47d797Smillert 34fcb22a03Srpe for _suffix in {,-cur,-max}; do 35fcb22a03Srpe _val=$(getcap -f /etc/login.conf -s ${_cap}${_suffix} daemon 2>/dev/null) 36fcb22a03Srpe [[ -n $_val ]] || continue 37fcb22a03Srpe [[ $_val == infinity ]] && _val=unlimited 38fcb22a03Srpe 39fcb22a03Srpe case $_suffix in 40fcb22a03Srpe -cur) ulimit -S $_flag $_val 410e47d797Smillert ;; 42fcb22a03Srpe -max) ulimit -H $_flag $_val 430e47d797Smillert ;; 44fcb22a03Srpe *) ulimit $_flag $_val 450e47d797Smillert return 460e47d797Smillert ;; 470e47d797Smillert esac 480e47d797Smillert done 490e47d797Smillert} 500e47d797Smillert 51c30b6886Srpe# Apply sysctl.conf(5) settings. 520e47d797Smillertsysctl_conf() { 53c30b6886Srpe stripcom /etc/sysctl.conf | 54c30b6886Srpe while read _line; do 55c30b6886Srpe sysctl "$_line" 566be3177eSmillert 57c30b6886Srpe case $_line in 580e47d797Smillert kern.maxproc=*) 59c30b6886Srpe update_limit -p maxproc;; 600e47d797Smillert kern.maxfiles=*) 61c30b6886Srpe update_limit -n openfiles;; 620e47d797Smillert esac 630e47d797Smillert done 640e47d797Smillert} 650e47d797Smillert 66c30b6886Srpe# Apply mixerctl.conf(5) settings. 67e5682fb9Srpemixerctl_conf() { 68c30b6886Srpe stripcom /etc/mixerctl.conf | 69c30b6886Srpe while read _line; do 70c30b6886Srpe mixerctl -q "$_line" 2>/dev/null 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 74c30b6886Srpe# Apply wsconsctl.conf(5) settings. 75e5682fb9Srpewsconsctl_conf() { 76c30b6886Srpe [[ -x /sbin/wsconsctl ]] || return 776be3177eSmillert 78c30b6886Srpe stripcom /etc/wsconsctl.conf | 79c30b6886Srpe while read _line; do 80a07f66abSrpe eval "wsconsctl $_line" 816be3177eSmillert done 826be3177eSmillert} 836be3177eSmillert 84e5682fb9Srperandom_seed() { 85d7e1c4e4Sderaadt # push the old seed into the kernel 8613a462f6Sbluhm dd if=/var/db/host.random of=/dev/random bs=65536 count=1 status=none 87d7e1c4e4Sderaadt chmod 600 /var/db/host.random 88d7e1c4e4Sderaadt # ... and create a future seed 8913a462f6Sbluhm dd if=/dev/random of=/var/db/host.random bs=65536 count=1 status=none 9049be1d20Sderaadt # and create a seed file for the boot-loader 9113a462f6Sbluhm dd if=/dev/random of=/etc/random.seed bs=512 count=1 status=none 9249be1d20Sderaadt chmod 600 /etc/random.seed 938f0921ecSdjm} 948f0921ecSdjm 95300d0407Srpe# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so 96300d0407Srpe# as to avoid randomly allocating source ports that correspond to well-known 97300d0407Srpe# services. 98d1aa7b7fSrpe# Usage: fill_baddynamic tcp|udp 99e5682fb9Srpefill_baddynamic() { 100484497f6Shalex local _service=$1 101e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 102d1aa7b7fSrpe 103484497f6Shalex stripcom /etc/services | 104484497f6Shalex { 105d1aa7b7fSrpe _ban= 106484497f6Shalex while IFS=" /" read _name _port _srv _junk; do 107d1aa7b7fSrpe [[ $_srv == $_service ]] || continue 108d1aa7b7fSrpe 109d1aa7b7fSrpe _ban="${_ban:+$_ban,}+$_port" 110d1aa7b7fSrpe 111e27ad5ceSdjm # Flush before argv gets too long 112d1aa7b7fSrpe if ((${#_ban} > 1024)); then 113d1aa7b7fSrpe sysctl -q "$_sysctl=$_ban" 114d1aa7b7fSrpe _ban= 115e27ad5ceSdjm fi 116484497f6Shalex done 117d1aa7b7fSrpe [[ -n $_ban ]] && sysctl -q "$_sysctl=$_ban" 118484497f6Shalex } 119e27ad5ceSdjm} 120e27ad5ceSdjm 121300d0407Srpe# Start daemon using the rc.d daemon control scripts. 122300d0407Srpe# Usage: start_daemon daemon1 daemon2 daemon3 123e5682fb9Srpestart_daemon() { 124d4d32436Srpe local _daemon 125d4d32436Srpe 126d4d32436Srpe for _daemon; do 127d4d32436Srpe eval "_do=\${${_daemon}_flags}" 128d4d32436Srpe [[ $_do != NO ]] && /etc/rc.d/${_daemon} start 129833ea469Srobert done 130833ea469Srobert} 131833ea469Srobert 132300d0407Srpe# Generate keys for isakmpd, iked and sshd if the don't exist yet. 133e5682fb9Srpemake_keys() { 134d4d32436Srpe local _isakmpd_key=/etc/isakmpd/private/local.key 135d4d32436Srpe local _isakmpd_pub=/etc/isakmpd/local.pub 136d4d32436Srpe local _iked_key=/etc/iked/private/local.key 137d4d32436Srpe local _iked_pub=/etc/iked/local.pub 138d4d32436Srpe 139d4d32436Srpe if [[ ! -f $_isakmpd_key ]]; then 140d4d32436Srpe echo -n "openssl: generating isakmpd/iked RSA keys... " 141d4d32436Srpe if openssl genrsa -out $_isakmpd_key 2048 >/dev/null 2>&1 && 142d4d32436Srpe chmod 600 $_isakmpd_key && 143d4d32436Srpe openssl rsa -out $_isakmpd_pub -in $_isakmpd_key \ 144d4d32436Srpe -pubout >/dev/null 2>&1; then 1453e77ed4cSderaadt echo done. 1463e77ed4cSderaadt else 1473e77ed4cSderaadt echo failed. 1483e77ed4cSderaadt fi 1493e77ed4cSderaadt fi 1503e77ed4cSderaadt 151d4d32436Srpe if [[ ! -f $_iked_key ]]; then 1523e77ed4cSderaadt # Just copy the generated isakmpd key 153d4d32436Srpe cp $_isakmpd_key $_iked_key 154d4d32436Srpe chmod 600 $_iked_key 155d4d32436Srpe cp $_isakmpd_pub $_iked_pub 1563e77ed4cSderaadt fi 1573e77ed4cSderaadt 1583e77ed4cSderaadt ssh-keygen -A 1593e77ed4cSderaadt} 1603e77ed4cSderaadt 16148d8ec78Srpe# Check filesystems, optionally by using a fsck(8) flag. 16248d8ec78Srpe# Usage: do_fsck [-flag] 163e5682fb9Srpedo_fsck() { 16448d8ec78Srpe fsck -p "$@" 16581896204Sclaudio case $? in 16648d8ec78Srpe 0) ;; 16748d8ec78Srpe 2) exit 1 16881896204Sclaudio ;; 16948d8ec78Srpe 4) echo "Rebooting..." 17081896204Sclaudio reboot 17181896204Sclaudio echo "Reboot failed; help!" 17281896204Sclaudio exit 1 17381896204Sclaudio ;; 17448d8ec78Srpe 8) echo "Automatic file system check failed; help!" 17581896204Sclaudio exit 1 17681896204Sclaudio ;; 17748d8ec78Srpe 12) echo "Boot interrupted." 17881896204Sclaudio exit 1 17981896204Sclaudio ;; 18048d8ec78Srpe 130) # Interrupt before catcher installed. 18181896204Sclaudio exit 1 18281896204Sclaudio ;; 18348d8ec78Srpe *) echo "Unknown error; help!" 18481896204Sclaudio exit 1 18581896204Sclaudio ;; 18681896204Sclaudio esac 18781896204Sclaudio} 18881896204Sclaudio 189300d0407Srpe# End subroutines. 1905420764bSmillert 191df930be7Sderaadtstty status '^T' 192df930be7Sderaadt 193300d0407Srpe# Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3) 194300d0407Srpe# and returns to single user after fsck. 195df930be7Sderaadttrap : 2 196300d0407Srpetrap : 3 # Shouldn't be needed. 197df930be7Sderaadt 198ff291771Srpeexport HOME=/ 199ff291771Srpeexport INRC=1 200ff291771Srpeexport PATH=/sbin:/bin:/usr/sbin:/usr/bin 201df930be7Sderaadt 202300d0407Srpe# Must set the domainname before rc.conf, so YP startup choices can be made. 203ff291771Srpeif [[ -s /etc/defaultdomain ]]; then 204ff291771Srpe domainname "$(stripcom /etc/defaultdomain)" 20510cfcf00Sderaadtfi 20610cfcf00Sderaadt 207300d0407Srpe# Need to get local functions from rc.subr. 2088799e9c8SrobertFUNCS_ONLY=1 . /etc/rc.d/rc.subr 2098799e9c8Srobert 210300d0407Srpe# Load rc.conf into scope. 2118799e9c8Srobert_rc_parse_conf 212d9f03edaSrobert 213ff291771Srpeif [[ $1 == shutdown ]]; then 2147b987043Sbluhm if echo 2>/dev/null >>/var/db/host.random || \ 2157b987043Sbluhm echo 2>/dev/null >>/etc/random.seed; then 216a938e06dSrpe random_seed 2177b987043Sbluhm else 2187b987043Sbluhm echo warning: cannot write random seed to disk 2197b987043Sbluhm fi 220a938e06dSrpe 221ff291771Srpe # If we are in secure level 0, asume single user mode. 222ff291771Srpe if (($(sysctl -n kern.securelevel) == 0)); then 223ff291771Srpe echo 'single user: not running shutdown scripts' 224ff291771Srpe else 2259d0326b3Sschwarze pkg_scripts=${pkg_scripts%%*( )} 226ff291771Srpe if [[ -n $pkg_scripts ]]; then 227bbe1205bSajacoutot echo -n 'stopping package daemons:' 228ff291771Srpe while [[ -n $pkg_scripts ]]; do 229ff291771Srpe _d=${pkg_scripts##* } 230ff291771Srpe pkg_scripts=${pkg_scripts%%*( )$_d} 231ff291771Srpe [[ -x /etc/rc.d/$_d ]] && /etc/rc.d/$_d stop 232bbe1205bSajacoutot done 233bbe1205bSajacoutot echo '.' 234bbe1205bSajacoutot fi 235ab772a24Sderaadt 236ff291771Srpe [[ -f /etc/rc.shutdown ]] && sh /etc/rc.shutdown 237ab772a24Sderaadt fi 2389e07bef9Smcbride 239300d0407Srpe # Bring carp interfaces down gracefully. 240ff291771Srpe ifconfig | while read _if _junk; do 241ff291771Srpe case $_if in 242ff291771Srpe carp+([0-9]):) ifconfig ${_if%:} down ;; 243b7f7a928Ssthen esac 2449e07bef9Smcbride done 2452ee46d13Smcbride 24675a54d2eSderaadt exit 0 24775a54d2eSderaadtfi 24875a54d2eSderaadt 249ff291771Srpe# Add swap block-devices. 250638be0f1Smiodswapctl -A -t blk 251920abb1bSderaadt 252ff291771Srpeif [[ -e /fastboot ]]; then 253df930be7Sderaadt echo "Fast boot: skipping disk checks." 254ff291771Srpeelif [[ $1 == autoboot ]]; then 255df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 25681896204Sclaudio do_fsck 257df930be7Sderaadtfi 258df930be7Sderaadt 259df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 260df930be7Sderaadt 261df930be7Sderaadtumount -a >/dev/null 2>&1 2626e571508Sgrunkmount -a -t nonfs,vnd 263300d0407Srpemount -uw / # root on nfs requires this, others aren't hurt. 264df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 265df930be7Sderaadt 266300d0407Srpe# Set flags on ttys. (Do early, in case they use tty for SLIP in netstart.) 267df930be7Sderaadtecho 'setting tty flags' 268df930be7Sderaadtttyflags -a 269df930be7Sderaadt 270b892352dSrpe# Set keyboard encoding. 271b892352dSrpeif [[ -x /sbin/kbd && -s /etc/kbdtype ]]; then 272b892352dSrpe kbd "$(cat /etc/kbdtype)" 27348390b59Smcbridefi 27448390b59Smcbride 275cc294143Sderaadtwsconsctl_conf 276cc294143Sderaadt 277b892352dSrpe# Set initial temporary pf rule set. 278b892352dSrpeif [[ $pf != NO ]]; then 2797b24ca9eSmcbride RULES="block all" 2804dd40d42Shenning RULES="$RULES\npass on lo0" 281997283b1Skrw RULES="$RULES\npass in proto tcp from any to any port ssh keep state" 282997283b1Skrw RULES="$RULES\npass out proto { tcp, udp } from any to any port domain keep state" 2833dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 284841a2ab1Sclaudio RULES="$RULES\npass out inet proto udp from any port bootpc to any port bootps" 285841a2ab1Sclaudio RULES="$RULES\npass in inet proto udp from any port bootps to any port bootpc" 286e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 287ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 288ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 28963c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 29063c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 291841a2ab1Sclaudio RULES="$RULES\npass out inet6 proto udp from any port dhcpv6-client to any port dhcpv6-server" 292841a2ab1Sclaudio RULES="$RULES\npass in inet6 proto udp from any port dhcpv6-server to any port dhcpv6-client" 293e24e98b3Sgrange fi 294d7cbed85Shenning RULES="$RULES\npass in proto carp keep state (no-sync)" 295d7cbed85Shenning RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" 296b892352dSrpe case $(sysctl vfs.mounts.nfs 2>/dev/null) in 29718db1430Sderaadt *[1-9]*) 298300d0407Srpe # Don't kill NFS. 299649b49daShenning RULES="set reassemble yes no-df\n$RULES" 300997283b1Skrw RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" 301997283b1Skrw RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" 30218db1430Sderaadt ;; 30318db1430Sderaadt esac 304b892352dSrpe print -- "$RULES" | pfctl -f - 3054616f5d9Sdhartmei pfctl -e 3061097c023Skjellfi 3071097c023Skjell 308300d0407Srpe# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services. 309e27ad5ceSdjmfill_baddynamic udp 310e27ad5ceSdjmfill_baddynamic tcp 311e27ad5ceSdjm 3120e47d797Smillertsysctl_conf 313f753b29fSderaadt 314df930be7Sderaadtecho 'starting network' 315b892352dSrpe 316b892352dSrpe# Set carp interlock by increasing the demotion counter. 317b892352dSrpe# Prevents carp from preempting until the system is booted. 318a1f52e7fShenningifconfig -g carp carpdemote 128 319b892352dSrpe 320b892352dSrpe# Recover resolv.conf in case dhclient died hard. 321b892352dSrpeif [[ -f /etc/resolv.conf.save ]]; then 3227d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 323053628caSderaadt touch /etc/resolv.conf 324053628caSderaadtfi 325b892352dSrpe 32624492e87Sajacoutotsh /etc/netstart 327b892352dSrpe 328300d0407Srpedmesg >/dev/random # Any write triggers a rekey. 329df930be7Sderaadt 330300d0407Srpe# Load pf rules and bring up pfsync interface. 331b892352dSrpeif [[ $pf != NO ]]; then 332b892352dSrpe if [[ -f /etc/pf.conf ]]; then 3333544dba0Sajacoutot pfctl -f /etc/pf.conf 3341097c023Skjell fi 335b892352dSrpe if [[ -f /etc/hostname.pfsync0 ]]; then 336b523182eSderaadt sh /etc/netstart pfsync0 337f5262b16Smpf fi 338df0568a3Sderaadtfi 3391097c023Skjell 340cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 341cc3d9aa9Sottomount -s /var >/dev/null 2>&1 342df930be7Sderaadt 3438f0921ecSdjmrandom_seed 34474af54b4Sderaadt 345300d0407Srpe# Clean up left-over files. 34647a1f8faSderaadtrm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* 3472402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 34823d49488Sbeck(cd /var/authpf && rm -rf -- *) 34923d49488Sbeck 350b892352dSrpedmesg >/var/run/dmesg.boot # Save a copy of the boot messages. 3516c0a0b4aSalex 3523e77ed4cSderaadtmake_keys 3533e77ed4cSderaadt 354cc027ce3Sderaadtecho -n 'starting early daemons:' 355d750a370Sderaadtstart_daemon syslogd ldattach pflogd nsd unbound ntpd 35681896204Sclaudiostart_daemon iscsid isakmpd iked sasyncd ldapd npppd 357833ea469Srobertecho '.' 358096ed560Sderaadt 359300d0407Srpe# Load IPsec rules. 360b892352dSrpeif [[ $ipsec != NO && -f /etc/ipsec.conf ]]; then 3613544dba0Sajacoutot ipsecctl -f /etc/ipsec.conf 36279ec6e47Shshoexerfi 36379ec6e47Shshoexer 364cc027ce3Sderaadtecho -n 'starting RPC daemons:' 3656bf0f2bdSdlgstart_daemon portmap ypldap 366b892352dSrpeif [[ -n $(domainname) ]]; then 3671528aeb4Sderaadt start_daemon ypserv ypbind yppasswdd 36847a1f8faSderaadtfi 3696bf0f2bdSdlgstart_daemon mountd nfsd lockd statd amd 370df930be7Sderaadtecho '.' 371df930be7Sderaadt 372b892352dSrpe# Check and mount remaining file systems and enable additional swap. 373cc3d9aa9Sottomount -a 374638be0f1Smiodswapctl -A -t noblk 37581896204Sclaudiodo_fsck -N 37681896204Sclaudiomount -a -N 37781896204Sclaudio 378300d0407Srpe# /var/crash should be a directory or a symbolic link to the crash directory 379300d0407Srpe# if core dumps are to be saved. 380b892352dSrpeif [[ -d /var/crash ]]; then 381b892352dSrpe savecore $savecore_flags /var/crash 382df930be7Sderaadtfi 383df930be7Sderaadt 384b892352dSrpeif [[ $check_quotas == YES ]]; then 385df930be7Sderaadt echo -n 'checking quotas:' 386df930be7Sderaadt quotacheck -a 387df930be7Sderaadt echo ' done.' 388df930be7Sderaadt quotaon -a 38936a647e7Sdownsjfi 390df930be7Sderaadt 391b892352dSrpe# Build kvm(3) and /dev databases. 392b892352dSrpekvm_mkdb 393df930be7Sderaadtdev_mkdb 394b892352dSrpe 395b892352dSrpe# Set proper permission for the tty device files. 396e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 397a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 398df930be7Sderaadt 399300d0407Srpe# Check the password temp/lock file. 4008b7444a6Sderaadtif [ -f /etc/ptmp ]; then 401df930be7Sderaadt logger -s -p auth.err \ 402df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 403df930be7Sderaadtfi 404df930be7Sderaadt 405e65724e6Smillertecho clearing /tmp 406e65724e6Smillert 407300d0407Srpe# Prune quickly with one rm, then use find to clean up /tmp/[lqv]* 408300d0407Srpe# (not needed with mfs /tmp, but doesn't hurt there...). 409c67deee9Sderaadt(cd /tmp && rm -rf [a-km-pr-uw-zA-Z]*) 41068b9454cSsthen(cd /tmp && 411ca51295aSmillert find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \ 412c67deee9Sderaadt ! -name quota.group ! -name vi.recover -execdir rm -rf -- {} \;) 413e65724e6Smillert 41448d8ec78Srpe# Create Unix sockets directories for X if needed and make sure they have 41548d8ec78Srpe# correct permissions. 41648d8ec78Srpe[[ -d /usr/X11R6/lib ]] && mkdir -m 1777 /tmp/.{X11,ICE}-unix 4173e77ed4cSderaadt 418e6e1e079Sderaadt[ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel 419300d0407Srpe# rc.securelevel did not specifically set -1 or 2, so select the default: 1. 42007f21ec8Sajacoutotif [ `sysctl -n kern.securelevel` -eq 0 ]; then 421e6e1e079Sderaadt sysctl kern.securelevel=1 4227a8988dbSajacoutotfi 42341406ee4Sderaadt 424300d0407Srpe# Patch /etc/motd. 425dc279d04Sderaadtif [ ! -f /etc/motd ]; then 426dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 427dc279d04Sderaadtfi 42822baa516Sguentherif T=`mktemp /tmp/_motd.XXXXXXXXXX`; then 429dc279d04Sderaadt sysctl -n kern.version | sed 1q >$T 430dc279d04Sderaadt echo "" >>$T 431dc279d04Sderaadt sed '1,/^$/d' </etc/motd >>$T 432dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 433dc279d04Sderaadt rm -f $T 4345b45527eSmillertfi 435dc279d04Sderaadt 436f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 437f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 438f0d9a157Sajacoutot touch /var/account/acct 439f0d9a157Sajacoutot fi 440df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 441df930be7Sderaadtfi 442df930be7Sderaadt 443e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then 4447e42516dSderaadt echo 'creating runtime link editor directory cache.' 4457e42516dSderaadt if [ -d /usr/local/lib ]; then 4465881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 4477e42516dSderaadt fi 4487e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 4495881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 4507e42516dSderaadt fi 4517e42516dSderaadt ldconfig $shlib_dirs 4527e42516dSderaadtfi 4537e42516dSderaadt 454747e271cSjasperecho 'preserving editor files.'; /usr/libexec/vi.recover 455f57929bcSmillert 456833ea469Srobertecho -n 'starting network daemons:' 45771dd685dSkettenisstart_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated 458*354b290bSrenatostart_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd eigrpd 45995d52386Snorby 46033a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 46133a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 4620150d928Sflorian if [ X"${fw}" = X"1" ]; then 46347a1f8faSderaadt start_daemon route6d rtadvd 46433a0f254Sitojun fi 46533a0f254Sitojunfi 46633a0f254Sitojun 4670139179fSmatthieustart_daemon hostapd lpd smtpd slowcgi httpd ftpd 468de442913Ssthenstart_daemon ftpproxy ftpproxy6 tftpd tftpproxy identd inetd rarpd bootparamd 46933f3f8beSajacoutotstart_daemon rbootd mopd spamd spamlogd sndiod 470ac826d78Srobertecho '.' 471a2f190fbSrobert 472300d0407Srpe# If rc.firsttime exists, run it just once, and make sure it is deleted. 473fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then 474fcbaa02fSderaadt mv /etc/rc.firsttime /etc/rc.firsttime.run 4759b5245e0Shalex . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | 4762452231eShalex mail -Es "`hostname` rc.firsttime output" root >/dev/null 477fcbaa02fSderaadtfi 478fcbaa02fSderaadtrm -f /etc/rc.firsttime.run 479fcbaa02fSderaadt 480300d0407Srpe# Run rc.d(8) scripts from packages. 481931d9abfSajacoutotif [ -n "${pkg_scripts}" ]; then 482bbe1205bSajacoutot echo -n 'starting package daemons:' 483931d9abfSajacoutot for _r in $pkg_scripts; do 484739cb2c2Sespie if [ -x /etc/rc.d/${_r} ]; then 485739cb2c2Sespie start_daemon ${_r} 486739cb2c2Sespie else 487739cb2c2Sespie echo -n " ${_r}(absent)" 488739cb2c2Sespie fi 489bbe1205bSajacoutot done 490bbe1205bSajacoutot echo '.' 491bbe1205bSajacoutotfi 492bbe1205bSajacoutot 493e6e1e079Sderaadt[ -f /etc/rc.local ] && sh /etc/rc.local 4948b7444a6Sderaadt 495cc027ce3Sderaadtifconfig -g carp -carpdemote 128 # disable carp interlock 496f026f8beSmarc 497cc027ce3Sderaadtmixerctl_conf 498cc027ce3Sderaadtecho -n 'starting local daemons:' 4991d338f44Sderaadtstart_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm 50074491808Smillertecho '.' 50174491808Smillert 502df930be7Sderaadtdate 503df930be7Sderaadtexit 0 504