=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/etc/rc,v retrieving revision 1.449 retrieving revision 1.450 diff -u -r1.449 -r1.450 --- src/etc/rc 2015/05/02 09:35:44 1.449 +++ src/etc/rc 2015/07/18 00:03:34 1.450 @@ -1,14 +1,14 @@ -# $OpenBSD: rc,v 1.449 2015/05/02 09:35:44 ajacoutot Exp $ +# $OpenBSD: rc,v 1.450 2015/07/18 00:03:34 rpe Exp $ -# System startup script run by init on autoboot -# or after single-user. -# Output and error are redirected to console by init, -# and the console is the controlling terminal. +# System startup script run by init on autoboot or after single-user. +# Output and error are redirected to console by init, and the console is the +# controlling terminal. # Subroutines (have to come first). -# Strip comments (and leading/trailing whitespace if IFS is set) -# from a file and spew to stdout + +# Strip comments (and leading/trailing whitespace if IFS is set) from a file +# and spew to stdout. stripcom() { local _file="$1" local _line @@ -22,7 +22,7 @@ } < $_file } -# Update resource limits when sysctl changes +# Update resource limits when sysctl changes. # Usage: update_limit -X loginconf_name update_limit() { local _fl="$1" # ulimit flag @@ -51,6 +51,7 @@ done } +# Apply sysctl(8) settings. sysctl_conf() { test -s /etc/sysctl.conf || return @@ -71,6 +72,7 @@ done } +# Apply mixerctl(1) settings. mixerctl_conf() { test -s /etc/mixerctl.conf || return @@ -83,6 +85,7 @@ done } +# Apply wscons system driver settings using wsconsctl(8). wsconsctl_conf() { local save_IFS="$IFS" @@ -111,6 +114,9 @@ chmod 600 /etc/random.seed } +# Populate net.inet.(tcp|udp).baddynamic with the contents of /etc/services so +# as to avoid randomly allocating source ports that correspond to well-known +# services. fill_baddynamic() { local _service=$1 @@ -131,6 +137,8 @@ } } +# Start daemon using the rc.d daemon control scripts. +# Usage: start_daemon daemon1 daemon2 daemon3 start_daemon() { local _n @@ -142,6 +150,7 @@ done } +# Generate keys for isakmpd, iked and sshd if the don't exist yet. make_keys() { if [ ! -f /etc/isakmpd/private/local.key ]; then @@ -168,8 +177,8 @@ ssh-keygen -A } -# create Unix sockets directories for X if needed and make sure they have -# correct permissions +# Create Unix sockets directories for X if needed and make sure they have +# correct permissions. setup_X_sockets() { if [ -d /usr/X11R6/lib ]; then @@ -192,6 +201,7 @@ fi } +# Check filesystems, optionally by using a flag for fsck(8) passed as $1. do_fsck() { local _flags=$1 @@ -218,7 +228,7 @@ exit 1 ;; 130) - # interrupt before catcher installed + # Interrupt before catcher installed. exit 1 ;; *) @@ -228,29 +238,29 @@ esac } -# End subroutines +# End subroutines. stty status '^T' -# Set shell to ignore SIGINT (2), but not children; -# shell catches SIGQUIT (3) and returns to single user after fsck. +# Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3) +# and returns to single user after fsck. trap : 2 -trap : 3 # shouldn't be needed +trap : 3 # Shouldn't be needed. HOME=/; export HOME INRC=1; export INRC PATH=/sbin:/bin:/usr/sbin:/usr/bin export PATH -# must set the domainname before rc.conf, so YP startup choices can be made +# Must set the domainname before rc.conf, so YP startup choices can be made. if [ -f /etc/defaultdomain ]; then domainname `stripcom /etc/defaultdomain` fi -# need to get local functions from rc.subr +# Need to get local functions from rc.subr. FUNCS_ONLY=1 . /etc/rc.d/rc.subr -# load rc.conf into scope +# Load rc.conf into scope. _rc_parse_conf if [ X"$1" = X"shutdown" ]; then @@ -279,7 +289,7 @@ echo single user: not running shutdown scripts fi - # bring carp interfaces down gracefully + # Bring carp interfaces down gracefully. ifconfig | while read a b; do case $a in carp+([0-9]):) ifconfig ${a%:} down ;; @@ -302,10 +312,10 @@ umount -a >/dev/null 2>&1 mount -a -t nonfs,vnd -mount -uw / # root on nfs requires this, others aren't hurt +mount -uw / # root on nfs requires this, others aren't hurt. rm -f /fastboot # XXX (root now writeable) -# set flags on ttys. (do early, in case they use tty for SLIP in netstart) +# Set flags on ttys. (Do early, in case they use tty for SLIP in netstart.) echo 'setting tty flags' ttyflags -a @@ -335,7 +345,7 @@ RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" case `sysctl vfs.mounts.nfs 2>/dev/null` in *[1-9]*) - # don't kill NFS + # Don't kill NFS. RULES="set reassemble yes no-df\n$RULES" RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" @@ -345,13 +355,13 @@ pfctl -e fi -# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services +# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services. fill_baddynamic udp fill_baddynamic tcp sysctl_conf -# set hostname, turn on network +# Set hostname, turn on network. echo 'starting network' ifconfig -g carp carpdemote 128 if [ -f /etc/resolv.conf.save ]; then @@ -359,13 +369,14 @@ touch /etc/resolv.conf fi sh /etc/netstart -dmesg > /dev/random # any write triggers a rekey +dmesg > /dev/random # Any write triggers a rekey. +# Load pf rules and bring up pfsync interface. if [ X"${pf}" != X"NO" ]; then if [ -f /etc/pf.conf ]; then pfctl -f /etc/pf.conf fi - # bring up pfsync after the working ruleset has been loaded + # Bring up pfsync after the working ruleset has been loaded. if [ -f /etc/hostname.pfsync0 ]; then sh /etc/netstart pfsync0 fi @@ -376,12 +387,12 @@ random_seed -# clean up left-over files +# Clean up left-over files. rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* (cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) (cd /var/authpf && rm -rf -- *) -# save a copy of the boot messages +# Save a copy of the boot messages. dmesg >/var/run/dmesg.boot make_keys @@ -391,6 +402,7 @@ start_daemon iscsid isakmpd iked sasyncd ldapd npppd echo '.' +# Load IPsec rules. if [ X"${ipsec}" != X"NO" ]; then if [ -f /etc/ipsec.conf ]; then ipsecctl -f /etc/ipsec.conf @@ -408,12 +420,12 @@ mount -a swapctl -A -t noblk -# check and mount networked filesystems +# Check and mount networked filesystems. do_fsck -N mount -a -N -# /var/crash should be a directory or a symbolic link -# to the crash directory if core dumps are to be saved. +# /var/crash should be a directory or a symbolic link to the crash directory +# if core dumps are to be saved. if [ -d /var/crash ]; then savecore ${savecore_flags} /var/crash fi @@ -430,7 +442,7 @@ chmod 666 /dev/tty[pqrstuvwxyzPQRST]* chown root:wheel /dev/tty[pqrstuvwxyzPQRST]* -# check the password temp/lock file +# Check the password temp/lock file. if [ -f /etc/ptmp ]; then logger -s -p auth.err \ 'password file may be incorrect -- /etc/ptmp exists' @@ -438,8 +450,8 @@ echo clearing /tmp -# prune quickly with one rm, then use find to clean up /tmp/[lqv]* -# (not needed with mfs /tmp, but doesn't hurt there...) +# Prune quickly with one rm, then use find to clean up /tmp/[lqv]* +# (not needed with mfs /tmp, but doesn't hurt there...). (cd /tmp && rm -rf [a-km-pr-uw-zA-Z]*) (cd /tmp && find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \ @@ -448,12 +460,12 @@ setup_X_sockets [ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel -# rc.securelevel did not specifically set -1 or 2, so select the default: 1 +# rc.securelevel did not specifically set -1 or 2, so select the default: 1. if [ `sysctl -n kern.securelevel` -eq 0 ]; then sysctl kern.securelevel=1 fi -# patch /etc/motd +# Patch /etc/motd. if [ ! -f /etc/motd ]; then install -c -o root -g wheel -m 664 /dev/null /etc/motd fi @@ -501,7 +513,7 @@ start_daemon rbootd mopd spamd spamlogd sndiod echo '.' -# If rc.firsttime exists, run it just once, and make sure it is deleted +# If rc.firsttime exists, run it just once, and make sure it is deleted. if [ -f /etc/rc.firsttime ]; then mv /etc/rc.firsttime /etc/rc.firsttime.run . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | @@ -509,7 +521,7 @@ fi rm -f /etc/rc.firsttime.run -# Run rc.d(8) scripts from packages +# Run rc.d(8) scripts from packages. if [ -n "${pkg_scripts}" ]; then echo -n 'starting package daemons:' for _r in $pkg_scripts; do