version 1.449, 2015/05/02 09:35:44 |
version 1.450, 2015/07/18 00:03:34 |
|
|
# $OpenBSD$ |
# $OpenBSD$ |
|
|
# System startup script run by init on autoboot |
# System startup script run by init on autoboot or after single-user. |
# or after single-user. |
# Output and error are redirected to console by init, and the console is the |
# Output and error are redirected to console by init, |
# controlling terminal. |
# and the console is the controlling terminal. |
|
|
|
# Subroutines (have to come first). |
# Subroutines (have to come first). |
|
|
# Strip comments (and leading/trailing whitespace if IFS is set) |
|
# from a file and spew to stdout |
# Strip comments (and leading/trailing whitespace if IFS is set) from a file |
|
# and spew to stdout. |
stripcom() { |
stripcom() { |
local _file="$1" |
local _file="$1" |
local _line |
local _line |
|
|
} < $_file |
} < $_file |
} |
} |
|
|
# Update resource limits when sysctl changes |
# Update resource limits when sysctl changes. |
# Usage: update_limit -X loginconf_name |
# Usage: update_limit -X loginconf_name |
update_limit() { |
update_limit() { |
local _fl="$1" # ulimit flag |
local _fl="$1" # ulimit flag |
|
|
done |
done |
} |
} |
|
|
|
# Apply sysctl(8) settings. |
sysctl_conf() { |
sysctl_conf() { |
test -s /etc/sysctl.conf || return |
test -s /etc/sysctl.conf || return |
|
|
|
|
done |
done |
} |
} |
|
|
|
# Apply mixerctl(1) settings. |
mixerctl_conf() |
mixerctl_conf() |
{ |
{ |
test -s /etc/mixerctl.conf || return |
test -s /etc/mixerctl.conf || return |
|
|
done |
done |
} |
} |
|
|
|
# Apply wscons system driver settings using wsconsctl(8). |
wsconsctl_conf() |
wsconsctl_conf() |
{ |
{ |
local save_IFS="$IFS" |
local save_IFS="$IFS" |
|
|
chmod 600 /etc/random.seed |
chmod 600 /etc/random.seed |
} |
} |
|
|
|
# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so |
|
# as to avoid randomly allocating source ports that correspond to well-known |
|
# services. |
fill_baddynamic() |
fill_baddynamic() |
{ |
{ |
local _service=$1 |
local _service=$1 |
|
|
} |
} |
} |
} |
|
|
|
# Start daemon using the rc.d daemon control scripts. |
|
# Usage: start_daemon daemon1 daemon2 daemon3 |
start_daemon() |
start_daemon() |
{ |
{ |
local _n |
local _n |
|
|
done |
done |
} |
} |
|
|
|
# Generate keys for isakmpd, iked and sshd if the don't exist yet. |
make_keys() |
make_keys() |
{ |
{ |
if [ ! -f /etc/isakmpd/private/local.key ]; then |
if [ ! -f /etc/isakmpd/private/local.key ]; then |
|
|
ssh-keygen -A |
ssh-keygen -A |
} |
} |
|
|
# create Unix sockets directories for X if needed and make sure they have |
# Create Unix sockets directories for X if needed and make sure they have |
# correct permissions |
# correct permissions. |
setup_X_sockets() |
setup_X_sockets() |
{ |
{ |
if [ -d /usr/X11R6/lib ]; then |
if [ -d /usr/X11R6/lib ]; then |
|
|
fi |
fi |
} |
} |
|
|
|
# Check filesystems, optionally by using a flag for fsck(8) passed as $1. |
do_fsck() |
do_fsck() |
{ |
{ |
local _flags=$1 |
local _flags=$1 |
|
|
exit 1 |
exit 1 |
;; |
;; |
130) |
130) |
# interrupt before catcher installed |
# Interrupt before catcher installed. |
exit 1 |
exit 1 |
;; |
;; |
*) |
*) |
|
|
esac |
esac |
} |
} |
|
|
# End subroutines |
# End subroutines. |
|
|
stty status '^T' |
stty status '^T' |
|
|
# Set shell to ignore SIGINT (2), but not children; |
# Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3) |
# shell catches SIGQUIT (3) and returns to single user after fsck. |
# and returns to single user after fsck. |
trap : 2 |
trap : 2 |
trap : 3 # shouldn't be needed |
trap : 3 # Shouldn't be needed. |
|
|
HOME=/; export HOME |
HOME=/; export HOME |
INRC=1; export INRC |
INRC=1; export INRC |
PATH=/sbin:/bin:/usr/sbin:/usr/bin |
PATH=/sbin:/bin:/usr/sbin:/usr/bin |
export PATH |
export PATH |
|
|
# must set the domainname before rc.conf, so YP startup choices can be made |
# Must set the domainname before rc.conf, so YP startup choices can be made. |
if [ -f /etc/defaultdomain ]; then |
if [ -f /etc/defaultdomain ]; then |
domainname `stripcom /etc/defaultdomain` |
domainname `stripcom /etc/defaultdomain` |
fi |
fi |
|
|
# need to get local functions from rc.subr |
# Need to get local functions from rc.subr. |
FUNCS_ONLY=1 . /etc/rc.d/rc.subr |
FUNCS_ONLY=1 . /etc/rc.d/rc.subr |
|
|
# load rc.conf into scope |
# Load rc.conf into scope. |
_rc_parse_conf |
_rc_parse_conf |
|
|
if [ X"$1" = X"shutdown" ]; then |
if [ X"$1" = X"shutdown" ]; then |
|
|
echo single user: not running shutdown scripts |
echo single user: not running shutdown scripts |
fi |
fi |
|
|
# bring carp interfaces down gracefully |
# Bring carp interfaces down gracefully. |
ifconfig | while read a b; do |
ifconfig | while read a b; do |
case $a in |
case $a in |
carp+([0-9]):) ifconfig ${a%:} down ;; |
carp+([0-9]):) ifconfig ${a%:} down ;; |
|
|
|
|
umount -a >/dev/null 2>&1 |
umount -a >/dev/null 2>&1 |
mount -a -t nonfs,vnd |
mount -a -t nonfs,vnd |
mount -uw / # root on nfs requires this, others aren't hurt |
mount -uw / # root on nfs requires this, others aren't hurt. |
rm -f /fastboot # XXX (root now writeable) |
rm -f /fastboot # XXX (root now writeable) |
|
|
# set flags on ttys. (do early, in case they use tty for SLIP in netstart) |
# Set flags on ttys. (Do early, in case they use tty for SLIP in netstart.) |
echo 'setting tty flags' |
echo 'setting tty flags' |
ttyflags -a |
ttyflags -a |
|
|
|
|
RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" |
RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" |
case `sysctl vfs.mounts.nfs 2>/dev/null` in |
case `sysctl vfs.mounts.nfs 2>/dev/null` in |
*[1-9]*) |
*[1-9]*) |
# don't kill NFS |
# Don't kill NFS. |
RULES="set reassemble yes no-df\n$RULES" |
RULES="set reassemble yes no-df\n$RULES" |
RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" |
RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" |
RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" |
RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" |
|
|
pfctl -e |
pfctl -e |
fi |
fi |
|
|
# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services |
# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services. |
fill_baddynamic udp |
fill_baddynamic udp |
fill_baddynamic tcp |
fill_baddynamic tcp |
|
|
sysctl_conf |
sysctl_conf |
|
|
# set hostname, turn on network |
# Set hostname, turn on network. |
echo 'starting network' |
echo 'starting network' |
ifconfig -g carp carpdemote 128 |
ifconfig -g carp carpdemote 128 |
if [ -f /etc/resolv.conf.save ]; then |
if [ -f /etc/resolv.conf.save ]; then |
|
|
touch /etc/resolv.conf |
touch /etc/resolv.conf |
fi |
fi |
sh /etc/netstart |
sh /etc/netstart |
dmesg > /dev/random # any write triggers a rekey |
dmesg > /dev/random # Any write triggers a rekey. |
|
|
|
# Load pf rules and bring up pfsync interface. |
if [ X"${pf}" != X"NO" ]; then |
if [ X"${pf}" != X"NO" ]; then |
if [ -f /etc/pf.conf ]; then |
if [ -f /etc/pf.conf ]; then |
pfctl -f /etc/pf.conf |
pfctl -f /etc/pf.conf |
fi |
fi |
# bring up pfsync after the working ruleset has been loaded |
# Bring up pfsync after the working ruleset has been loaded. |
if [ -f /etc/hostname.pfsync0 ]; then |
if [ -f /etc/hostname.pfsync0 ]; then |
sh /etc/netstart pfsync0 |
sh /etc/netstart pfsync0 |
fi |
fi |
|
|
|
|
random_seed |
random_seed |
|
|
# clean up left-over files |
# Clean up left-over files. |
rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* |
rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* |
(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) |
(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) |
(cd /var/authpf && rm -rf -- *) |
(cd /var/authpf && rm -rf -- *) |
|
|
# save a copy of the boot messages |
# Save a copy of the boot messages. |
dmesg >/var/run/dmesg.boot |
dmesg >/var/run/dmesg.boot |
|
|
make_keys |
make_keys |
|
|
start_daemon iscsid isakmpd iked sasyncd ldapd npppd |
start_daemon iscsid isakmpd iked sasyncd ldapd npppd |
echo '.' |
echo '.' |
|
|
|
# Load IPsec rules. |
if [ X"${ipsec}" != X"NO" ]; then |
if [ X"${ipsec}" != X"NO" ]; then |
if [ -f /etc/ipsec.conf ]; then |
if [ -f /etc/ipsec.conf ]; then |
ipsecctl -f /etc/ipsec.conf |
ipsecctl -f /etc/ipsec.conf |
|
|
mount -a |
mount -a |
swapctl -A -t noblk |
swapctl -A -t noblk |
|
|
# check and mount networked filesystems |
# Check and mount networked filesystems. |
do_fsck -N |
do_fsck -N |
mount -a -N |
mount -a -N |
|
|
# /var/crash should be a directory or a symbolic link |
# /var/crash should be a directory or a symbolic link to the crash directory |
# to the crash directory if core dumps are to be saved. |
# if core dumps are to be saved. |
if [ -d /var/crash ]; then |
if [ -d /var/crash ]; then |
savecore ${savecore_flags} /var/crash |
savecore ${savecore_flags} /var/crash |
fi |
fi |
|
|
chmod 666 /dev/tty[pqrstuvwxyzPQRST]* |
chmod 666 /dev/tty[pqrstuvwxyzPQRST]* |
chown root:wheel /dev/tty[pqrstuvwxyzPQRST]* |
chown root:wheel /dev/tty[pqrstuvwxyzPQRST]* |
|
|
# check the password temp/lock file |
# Check the password temp/lock file. |
if [ -f /etc/ptmp ]; then |
if [ -f /etc/ptmp ]; then |
logger -s -p auth.err \ |
logger -s -p auth.err \ |
'password file may be incorrect -- /etc/ptmp exists' |
'password file may be incorrect -- /etc/ptmp exists' |
|
|
|
|
echo clearing /tmp |
echo clearing /tmp |
|
|
# prune quickly with one rm, then use find to clean up /tmp/[lqv]* |
# Prune quickly with one rm, then use find to clean up /tmp/[lqv]* |
# (not needed with mfs /tmp, but doesn't hurt there...) |
# (not needed with mfs /tmp, but doesn't hurt there...). |
(cd /tmp && rm -rf [a-km-pr-uw-zA-Z]*) |
(cd /tmp && rm -rf [a-km-pr-uw-zA-Z]*) |
(cd /tmp && |
(cd /tmp && |
find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \ |
find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \ |
|
|
setup_X_sockets |
setup_X_sockets |
|
|
[ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel |
[ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel |
# rc.securelevel did not specifically set -1 or 2, so select the default: 1 |
# rc.securelevel did not specifically set -1 or 2, so select the default: 1. |
if [ `sysctl -n kern.securelevel` -eq 0 ]; then |
if [ `sysctl -n kern.securelevel` -eq 0 ]; then |
sysctl kern.securelevel=1 |
sysctl kern.securelevel=1 |
fi |
fi |
|
|
# patch /etc/motd |
# Patch /etc/motd. |
if [ ! -f /etc/motd ]; then |
if [ ! -f /etc/motd ]; then |
install -c -o root -g wheel -m 664 /dev/null /etc/motd |
install -c -o root -g wheel -m 664 /dev/null /etc/motd |
fi |
fi |
|
|
start_daemon rbootd mopd spamd spamlogd sndiod |
start_daemon rbootd mopd spamd spamlogd sndiod |
echo '.' |
echo '.' |
|
|
# If rc.firsttime exists, run it just once, and make sure it is deleted |
# If rc.firsttime exists, run it just once, and make sure it is deleted. |
if [ -f /etc/rc.firsttime ]; then |
if [ -f /etc/rc.firsttime ]; then |
mv /etc/rc.firsttime /etc/rc.firsttime.run |
mv /etc/rc.firsttime /etc/rc.firsttime.run |
. /etc/rc.firsttime.run 2>&1 | tee /dev/tty | |
. /etc/rc.firsttime.run 2>&1 | tee /dev/tty | |
|
|
fi |
fi |
rm -f /etc/rc.firsttime.run |
rm -f /etc/rc.firsttime.run |
|
|
# Run rc.d(8) scripts from packages |
# Run rc.d(8) scripts from packages. |
if [ -n "${pkg_scripts}" ]; then |
if [ -n "${pkg_scripts}" ]; then |
echo -n 'starting package daemons:' |
echo -n 'starting package daemons:' |
for _r in $pkg_scripts; do |
for _r in $pkg_scripts; do |