1*739cb2c2Sespie# $OpenBSD: rc,v 1.410 2013/12/26 18:05:31 espie Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 97cffa29c0Sderaadt eval wsconsctl $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1028f0921ecSdjmrandom_seed() 1038f0921ecSdjm{ 104d16de01eSderaadt if [ -f /var/db/host.random ]; then 10595800214Sderaadt dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \ 1068f0921ecSdjm > /dev/null 2>&1 107d16de01eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 1088f0921ecSdjm 1098f0921ecSdjm # reset seed file, so that if a shutdown-less reboot occurs, 1108f0921ecSdjm # the next seed is not a repeat 11195800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ 1128f0921ecSdjm > /dev/null 2>&1 1138f0921ecSdjm fi 1148f0921ecSdjm} 1158f0921ecSdjm 116e27ad5ceSdjmfill_baddynamic() 117e27ad5ceSdjm{ 118484497f6Shalex local _service=$1 119e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 120484497f6Shalex stripcom /etc/services | 121484497f6Shalex { 122484497f6Shalex # Variables are local 123484497f6Shalex while IFS=" /" read _name _port _srv _junk; do 124fa65f058Shalex [ "x${_srv}" = "x${_service}" ] || continue 125484497f6Shalex _ban="${_ban:+${_ban},}+${_port}" 126e27ad5ceSdjm # Flush before argv gets too long 127484497f6Shalex if [ ${#_ban} -gt 1024 ]; then 128484497f6Shalex sysctl -q ${_sysctl}=${_ban} 129e27ad5ceSdjm _ban="" 130e27ad5ceSdjm fi 131484497f6Shalex done 132484497f6Shalex [ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban} 133484497f6Shalex } 134e27ad5ceSdjm} 135e27ad5ceSdjm 136833ea469Srobertstart_daemon() 137833ea469Srobert{ 138598b0ae3Srobert local _n 139833ea469Srobert for _n; do 140833ea469Srobert eval _do=\${${_n}_flags} 141833ea469Srobert if [ X"${_do}" != X"NO" ]; then 142833ea469Srobert /etc/rc.d/${_n} start 143833ea469Srobert fi 144833ea469Srobert done 145833ea469Srobert} 146833ea469Srobert 1473e77ed4cSderaadtmake_keys() 1483e77ed4cSderaadt{ 1493e77ed4cSderaadt if [ X"${named_flags}" != X"NO" ]; then 1503e77ed4cSderaadt if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then 1513e77ed4cSderaadt echo -n "rndc-confgen: generating shared secret... " 1523e77ed4cSderaadt if rndc-confgen -a -t /var/named >/dev/null 2>&1; then 1533e77ed4cSderaadt chmod 0640 /var/named/etc/rndc.key \ 1543e77ed4cSderaadt >/dev/null 2>&1 1553e77ed4cSderaadt echo done. 1563e77ed4cSderaadt else 1573e77ed4cSderaadt echo failed. 1583e77ed4cSderaadt fi 1593e77ed4cSderaadt fi 1603e77ed4cSderaadt fi 1613e77ed4cSderaadt 1623e77ed4cSderaadt if [ ! -f /etc/isakmpd/private/local.key ]; then 1633e77ed4cSderaadt echo -n "openssl: generating isakmpd/iked RSA key... " 1643e77ed4cSderaadt if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ 1653e77ed4cSderaadt >/dev/null 2>&1; then 1663e77ed4cSderaadt chmod 600 /etc/isakmpd/private/local.key 1673e77ed4cSderaadt openssl rsa -out /etc/isakmpd/local.pub -in \ 1683e77ed4cSderaadt /etc/isakmpd/private/local.key -pubout \ 1693e77ed4cSderaadt >/dev/null 2>&1 1703e77ed4cSderaadt echo done. 1713e77ed4cSderaadt else 1723e77ed4cSderaadt echo failed. 1733e77ed4cSderaadt fi 1743e77ed4cSderaadt fi 1753e77ed4cSderaadt 1763e77ed4cSderaadt if [ ! -f /etc/iked/private/local.key ]; then 1773e77ed4cSderaadt # Just copy the generated isakmpd key 1783e77ed4cSderaadt cp /etc/isakmpd/private/local.key /etc/iked/private/local.key 1793e77ed4cSderaadt chmod 600 /etc/iked/private/local.key 1803e77ed4cSderaadt cp /etc/isakmpd/local.pub /etc/iked/local.pub 1813e77ed4cSderaadt fi 1823e77ed4cSderaadt 1833e77ed4cSderaadt ssh-keygen -A 1843e77ed4cSderaadt} 1853e77ed4cSderaadt 1863e77ed4cSderaadt# create Unix sockets directories for X if needed and make sure they have 1873e77ed4cSderaadt# correct permissions 1883e77ed4cSderaadtsetup_X_sockets() 1893e77ed4cSderaadt{ 1903e77ed4cSderaadt if [ -d /usr/X11R6/lib ]; then 1913e77ed4cSderaadt for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 1923e77ed4cSderaadt if [ -d $d ]; then 1933e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f4` \ 1943e77ed4cSderaadt != root ]; then 1953e77ed4cSderaadt chown root $d 1963e77ed4cSderaadt fi 1973e77ed4cSderaadt if [ `ls -ld $d | cut -d' ' -f1` \ 1983e77ed4cSderaadt != drwxrwxrwt ]; then 1993e77ed4cSderaadt chmod 1777 $d 2003e77ed4cSderaadt fi 2013e77ed4cSderaadt elif [ -e $d ]; then 2023e77ed4cSderaadt echo "Error: $d exists and isn't a directory." 2033e77ed4cSderaadt else 2043e77ed4cSderaadt mkdir -m 1777 $d 2053e77ed4cSderaadt fi 2063e77ed4cSderaadt done 2073e77ed4cSderaadt fi 2083e77ed4cSderaadt} 2093e77ed4cSderaadt 2105420764bSmillert# End subroutines 2115420764bSmillert 212df930be7Sderaadtstty status '^T' 213df930be7Sderaadt 214df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 215df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 216df930be7Sderaadttrap : 2 217df930be7Sderaadttrap : 3 # shouldn't be needed 218df930be7Sderaadt 219df930be7SderaadtHOME=/; export HOME 220102e9b47SrobertINRC=1; export INRC 221df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 222df930be7Sderaadtexport PATH 223df930be7Sderaadt 22410cfcf00Sderaadt# must set the domainname before rc.conf, so YP startup choices can be made 22510cfcf00Sderaadtif [ -f /etc/defaultdomain ]; then 22610cfcf00Sderaadt domainname `stripcom /etc/defaultdomain` 22710cfcf00Sderaadtfi 22810cfcf00Sderaadt 229d9f03edaSrobert# pick up option configuration 230d9f03edaSrobert. /etc/rc.conf 231d9f03edaSrobert 2329969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 23395800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1 23475a54d2eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 2357cd25becSajacoutot _c=$? 236931d9abfSajacoutot if [ ${_c} -eq 0 -a -n "${pkg_scripts}" ]; then 237bbe1205bSajacoutot echo -n 'stopping package daemons:' 238931d9abfSajacoutot while [ -n "${pkg_scripts}" ]; do 239931d9abfSajacoutot _r=${pkg_scripts##* } 240931d9abfSajacoutot pkg_scripts=${pkg_scripts%%*( )${_r}} 241bbe1205bSajacoutot [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop 242bbe1205bSajacoutot done 243bbe1205bSajacoutot echo '.' 244bbe1205bSajacoutot fi 245bbe1205bSajacoutot if [ ${_c} -eq 0 -a -f /etc/rc.shutdown ]; then 24675a54d2eSderaadt echo /etc/rc.shutdown in progress... 24775a54d2eSderaadt . /etc/rc.shutdown 24875a54d2eSderaadt echo /etc/rc.shutdown complete. 2499e07bef9Smcbride 2509e07bef9Smcbride # bring carp interfaces down gracefully 2514375b688Ssthen ifconfig | while read a b; do 2524375b688Ssthen case $a in 2534375b688Ssthen carp+([0-9]):) ifconfig ${a%:} down ;; 254b7f7a928Ssthen esac 2559e07bef9Smcbride done 2562ee46d13Smcbride 2579969bcb5Smillert if [ X"${powerdown}" = X"YES" ]; then 2582ee46d13Smcbride exit 2 2592ee46d13Smcbride fi 2602ee46d13Smcbride 26175a54d2eSderaadt else 26275a54d2eSderaadt echo single user: not running /etc/rc.shutdown 26375a54d2eSderaadt fi 26475a54d2eSderaadt exit 0 26575a54d2eSderaadtfi 26675a54d2eSderaadt 267638be0f1Smiodswapctl -A -t blk 268920abb1bSderaadt 2698b7444a6Sderaadtif [ -e /fastboot ]; then 270df930be7Sderaadt echo "Fast boot: skipping disk checks." 2719969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 272df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 273b39bbe87Smillert fsck -p 274df930be7Sderaadt case $? in 275df930be7Sderaadt 0) 276df930be7Sderaadt ;; 277df930be7Sderaadt 2) 278df930be7Sderaadt exit 1 279df930be7Sderaadt ;; 280df930be7Sderaadt 4) 281df930be7Sderaadt echo "Rebooting..." 282df930be7Sderaadt reboot 283df930be7Sderaadt echo "Reboot failed; help!" 284df930be7Sderaadt exit 1 285df930be7Sderaadt ;; 286df930be7Sderaadt 8) 287df930be7Sderaadt echo "Automatic file system check failed; help!" 288df930be7Sderaadt exit 1 289df930be7Sderaadt ;; 290df930be7Sderaadt 12) 291df930be7Sderaadt echo "Boot interrupted." 292df930be7Sderaadt exit 1 293df930be7Sderaadt ;; 294df930be7Sderaadt 130) 295df930be7Sderaadt # interrupt before catcher installed 296df930be7Sderaadt exit 1 297df930be7Sderaadt ;; 298df930be7Sderaadt *) 299df930be7Sderaadt echo "Unknown error; help!" 300df930be7Sderaadt exit 1 301df930be7Sderaadt ;; 302df930be7Sderaadt esac 303df930be7Sderaadtfi 304df930be7Sderaadt 305df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 306df930be7Sderaadt 307df930be7Sderaadtumount -a >/dev/null 2>&1 3086e571508Sgrunkmount -a -t nonfs,vnd 3094515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 310df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 311df930be7Sderaadt 312df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 313df930be7Sderaadtecho 'setting tty flags' 314df930be7Sderaadtttyflags -a 315df930be7Sderaadt 31648390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 31748390b59Smcbride kbd `cat /etc/kbdtype` 31848390b59Smcbridefi 31948390b59Smcbride 320cc294143Sderaadtwsconsctl_conf 321cc294143Sderaadt 3229969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3237b24ca9eSmcbride RULES="block all" 3244dd40d42Shenning RULES="$RULES\npass on lo0" 3257637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 326ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 3273dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 328e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 329ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 330ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 33163c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 33263c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 333e24e98b3Sgrange fi 334c9c12644Smcbride RULES="$RULES\npass proto carp keep state (no-sync)" 3353dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 33618db1430Sderaadt *[1-9]*) 33718db1430Sderaadt # don't kill NFS 338649b49daShenning RULES="set reassemble yes no-df\n$RULES" 339befcbaa2Sderaadt RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" 340befcbaa2Sderaadt RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" 34118db1430Sderaadt ;; 34218db1430Sderaadt esac 3434616f5d9Sdhartmei echo $RULES | pfctl -f - 3444616f5d9Sdhartmei pfctl -e 3451097c023Skjellfi 3461097c023Skjell 347e27ad5ceSdjm# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services 348e27ad5ceSdjmfill_baddynamic udp 349e27ad5ceSdjmfill_baddynamic tcp 350e27ad5ceSdjm 3510e47d797Smillertsysctl_conf 352f753b29fSderaadt 353df930be7Sderaadt# set hostname, turn on network 354df930be7Sderaadtecho 'starting network' 355a1f52e7fShenningifconfig -g carp carpdemote 128 356053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 3577d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 358053628caSderaadt touch /etc/resolv.conf 359053628caSderaadtfi 360df930be7Sderaadt. /etc/netstart 361c5f87768Sderaadtecho rekey > /dev/arandom # any write triggers an RC4 rekey 362df930be7Sderaadt 3639969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3641097c023Skjell if [ -f ${pf_rules} ]; then 365616367a9Sdhartmei pfctl -f ${pf_rules} 3661097c023Skjell fi 367f5262b16Smpf # bring up pfsync after the working ruleset has been loaded 368df0568a3Sderaadt if [ -f /etc/hostname.pfsync0 ]; then 369f5262b16Smpf . /etc/netstart pfsync0 370f5262b16Smpf fi 371df0568a3Sderaadtfi 3721097c023Skjell 373cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 374cc3d9aa9Sottomount -s /var >/dev/null 2>&1 375df930be7Sderaadt 3768f0921ecSdjmrandom_seed 37774af54b4Sderaadt 378f0550eb3Sderaadt# clean up left-over files 37947a1f8faSderaadtrm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* 3802402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 38123d49488Sbeck(cd /var/authpf && rm -rf -- *) 38223d49488Sbeck 3836c0a0b4aSalex# save a copy of the boot messages 3846c0a0b4aSalexdmesg >/var/run/dmesg.boot 3856c0a0b4aSalex 3863e77ed4cSderaadtmake_keys 3873e77ed4cSderaadt 388cc027ce3Sderaadtecho -n 'starting early daemons:' 389c17182bbSderaadtstart_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd 390d483baadSyasuokastart_daemon ldapd npppd 391833ea469Srobertecho '.' 392096ed560Sderaadt 39379ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 39479ec6e47Shshoexer if [ -f ${ipsec_rules} ]; then 39579ec6e47Shshoexer ipsecctl -f ${ipsec_rules} 39679ec6e47Shshoexer fi 39779ec6e47Shshoexerfi 39879ec6e47Shshoexer 399cc027ce3Sderaadtecho -n 'starting RPC daemons:' 4006bf0f2bdSdlgstart_daemon portmap ypldap 40147a1f8faSderaadtif [ X"`domainname`" != X"" ]; then 4021528aeb4Sderaadt start_daemon ypserv ypbind yppasswdd 40347a1f8faSderaadtfi 4046bf0f2bdSdlgstart_daemon mountd nfsd lockd statd amd 405df930be7Sderaadtecho '.' 406df930be7Sderaadt 407cc3d9aa9Sottomount -a 408638be0f1Smiodswapctl -A -t noblk 409638be0f1Smiod 410df930be7Sderaadt# /var/crash should be a directory or a symbolic link 411df930be7Sderaadt# to the crash directory if core dumps are to be saved. 412df930be7Sderaadtif [ -d /var/crash ]; then 4139d112a13Stholo savecore ${savecore_flags} /var/crash 414df930be7Sderaadtfi 415df930be7Sderaadt 4169969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 417df930be7Sderaadt echo -n 'checking quotas:' 418df930be7Sderaadt quotacheck -a 419df930be7Sderaadt echo ' done.' 420df930be7Sderaadt quotaon -a 42136a647e7Sdownsjfi 422df930be7Sderaadt 42347a1f8faSderaadtkvm_mkdb # build kvm(3) databases 424df930be7Sderaadtdev_mkdb 425e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 426a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 427df930be7Sderaadt 428df930be7Sderaadt# check the password temp/lock file 4298b7444a6Sderaadtif [ -f /etc/ptmp ]; then 430df930be7Sderaadt logger -s -p auth.err \ 431df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 432df930be7Sderaadtfi 433df930be7Sderaadt 434e65724e6Smillertecho clearing /tmp 435e65724e6Smillert 436e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 437e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 43868b9454cSsthen(cd /tmp && rm -rf [a-km-pr-zA-Z]*) 43968b9454cSsthen(cd /tmp && 440e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 4418b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 442e65724e6Smillert 4433e77ed4cSderaadtsetup_X_sockets 4443e77ed4cSderaadt 4452f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel 4469969bcb5Smillertif [ X"${securelevel}" != X"" ]; then 447e31a5b5aSmillert echo -n 'setting kernel security level: ' 4486a337e36Sjmc sysctl kern.securelevel=${securelevel} 44941406ee4Sderaadtfi 45041406ee4Sderaadt 451dc279d04Sderaadt# patch /etc/motd 452dc279d04Sderaadtif [ ! -f /etc/motd ]; then 453dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 454dc279d04Sderaadtfi 45522baa516Sguentherif T=`mktemp /tmp/_motd.XXXXXXXXXX`; then 456dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 457dc279d04Sderaadt echo "" >> $T 458dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 459dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 460dc279d04Sderaadt rm -f $T 4615b45527eSmillertfi 462dc279d04Sderaadt 463f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 464f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 465f0d9a157Sajacoutot touch /var/account/acct 466f0d9a157Sajacoutot fi 467df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 468df930be7Sderaadtfi 469df930be7Sderaadt 470e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then 4717e42516dSderaadt echo 'creating runtime link editor directory cache.' 4727e42516dSderaadt if [ -d /usr/local/lib ]; then 4735881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 4747e42516dSderaadt fi 4757e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 4765881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 4777e42516dSderaadt fi 4787e42516dSderaadt ldconfig $shlib_dirs 4797e42516dSderaadtfi 4807e42516dSderaadt 481747e271cSjasperecho 'preserving editor files.'; /usr/libexec/vi.recover 482f57929bcSmillert 483833ea469Srobertecho -n 'starting network daemons:' 48471dd685dSkettenisstart_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated 48501c03f3dSderaadtstart_daemon relayd dhcpd dhcrelay mrouted dvmrpd 48695d52386Snorby 48733a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 48833a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 4899969bcb5Smillert if [ X"${fw}" = X"0" ]; then 490833ea469Srobert start_daemon rtsold 49133a0f254Sitojun else 49247a1f8faSderaadt start_daemon route6d rtadvd 49333a0f254Sitojun fi 49433a0f254Sitojunfi 49533a0f254Sitojun 496d7fd7d2cSajacoutotstart_daemon hostapd rwhod lpd sendmail smtpd httpd slowcgi nginx ftpd 497d7fd7d2cSajacoutotstart_daemon ftpproxy tftpd tftpproxy identd inetd rarpd bootparamd 49826fac87bStedustart_daemon rbootd mopd spamd spamlogd kdc kadmind kpasswdd 499d7fd7d2cSajacoutotstart_daemon ipropd_master ipropd_slave sndiod 500ac826d78Srobertecho '.' 501a2f190fbSrobert 502fcbaa02fSderaadt# If rc.firstime exists, run it just once, and make sure it is deleted 503fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then 504fcbaa02fSderaadt mv /etc/rc.firsttime /etc/rc.firsttime.run 5059b5245e0Shalex . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | 5062452231eShalex mail -Es "`hostname` rc.firsttime output" root >/dev/null 507fcbaa02fSderaadtfi 508fcbaa02fSderaadtrm -f /etc/rc.firsttime.run 509fcbaa02fSderaadt 510bbe1205bSajacoutot# Run rc.d(8) scripts from packages 511931d9abfSajacoutotif [ -n "${pkg_scripts}" ]; then 512bbe1205bSajacoutot echo -n 'starting package daemons:' 513931d9abfSajacoutot for _r in $pkg_scripts; do 514*739cb2c2Sespie if [ -x /etc/rc.d/${_r} ]; then 515*739cb2c2Sespie start_daemon ${_r} 516*739cb2c2Sespie else 517*739cb2c2Sespie echo -n " ${_r}(absent)" 518*739cb2c2Sespie fi 519bbe1205bSajacoutot done 520bbe1205bSajacoutot echo '.' 521bbe1205bSajacoutotfi 522bbe1205bSajacoutot 5232f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local 5248b7444a6Sderaadt 525cc027ce3Sderaadtifconfig -g carp -carpdemote 128 # disable carp interlock 526f026f8beSmarc 527cc027ce3Sderaadtmixerctl_conf 528cc027ce3Sderaadtecho -n 'starting local daemons:' 5291d338f44Sderaadtstart_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm 53074491808Smillertecho '.' 53174491808Smillert 532df930be7Sderaadtdate 533df930be7Sderaadtexit 0 534