1# $MirSecuCron$ 2# $MirOS: src/etc/rc,v 1.119 2014/07/22 20:33:42 tg Exp $ 3# $OpenBSD: rc,v 1.277 2006/01/12 21:54:15 deraadt Exp $ 4#- 5# System startup script run by init on autoboot or after single-user. 6# Output and error are redirected to console by init, and the console 7# is the controlling terminal. This is called with _PATH_BSHELL which 8# must be an mksh(1). 9 10export HOME=/ LC_CTYPE=en_US.UTF-8 PATH=/sbin:/bin:/usr/sbin:/usr/bin 11umask 022 12cd / 13 14# Subroutines (have to come first). 15 16# strip comments (and leading/trailing whitespace if IFS is set) from 17# any file(s) given as argument, or stdin if none, and spew to stdout 18function stripcom { 19 cat "$@" | { set -o noglob; while read _line; do 20 _line=${_line%%#*} 21 [[ -n $_line ]] && print -r -- $_line 22 done; } 23} 24 25# Update resource limits when sysctl changes 26# Usage: update_limit -X loginconf_name 27update_limit() { 28 typeset _fl=$1 # ulimit flag 29 typeset _lc=$2 # login.conf name 30 typeset n s 31 32 for s in "" -cur -max; do 33 n=$(getcap -f /etc/login.conf -s $_lc$s daemon 2>/dev/null) 34 if [[ -n $n ]]; then 35 [[ $n = infinity ]] && n=unlimited 36 case $s { 37 (-cur) 38 ulimit -S $_fl $n 39 ;; 40 (-max) 41 ulimit -H $_fl $n 42 ;; 43 (*) 44 ulimit $_fl $n 45 return 46 ;; 47 } 48 fi 49 done 50} 51 52sysctl_conf() { 53 test -s /etc/sysctl.conf || return 54 55 set -- $(stripcom /etc/sysctl.conf) 56 while [ $# -ge 1 ]; do 57 sysctl $1 58 # update limits if needed 59 case $1 { 60 (kern.maxproc=*) 61 update_limit -p maxproc 62 ;; 63 (kern.maxfiles=*) 64 update_limit -n openfiles 65 ;; 66 } 67 shift 68 done 69} 70 71mixerctl_conf() { 72 test -s /etc/mixerctl.conf || return 73 74 set -- $(stripcom /etc/mixerctl.conf) 75 while [ $# -ge 1 ]; do 76 mixerctl $1 77 shift 78 done 79} 80 81wsconsctl_conf() { 82 typeset dev res save_IFS=$IFS 83 84 test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 85 IFS=" 86" 87 set -- $(stripcom /etc/wsconsctl.conf) 88 IFS=$save_IFS 89 while [ $# -ge 1 ]; do 90 for dev in /dev/wskbd*; do 91 res=$(eval wsconsctl -k \$dev -w $1 2>/dev/null) 92 [[ -z $res ]] || print -r -- "$dev: $res" 93 done 94 shift 95 done 96} 97 98# Sort the "/etc/fstab" arrays: 99# -> sorting is done on $_mp[] from 0 to ${#_mp[*]}-1 100# -> swapping is done on $_dev[] $_mp[] $_fstype[] $_opt[] 101function _fsswap { 102 typeset dev mp fstype opt rest 103 104 dev=${_dev[$1]} 105 mp=${_mp[$1]} 106 fstype=${_fstype[$1]} 107 opt=${_opt[$1]} 108 109 _dev[$1]=${_dev[$2]} 110 _mp[$1]=${_mp[$2]} 111 _fstype[$1]=${_fstype[$2]} 112 _opt[$1]=${_opt[$2]} 113 114 _dev[$2]=$dev 115 _mp[$2]=$mp 116 _fstype[$2]=$fstype 117 _opt[$2]=$opt 118} 119 120function _fssort { 121 typeset -i i=0 122 while (( i < (${#_mp[*]} - 1) )); do 123 typeset -i j=i k=i+1 124 while (( k < ${#_mp[*]} )); do 125 [[ ${_mp[k]} < ${_mp[j]} ]] && j=k 126 let k++ 127 done 128 (( i != j )) && _fsswap $i $j 129 let i++ 130 done 131} 132 133# End subroutines 134 135# Set shell to ignore SIGINT (2), but not children; 136# shell catches SIGQUIT (3) and returns to single user after fsck. 137trap : 2 138trap : 3 # shouldn't be needed 139 140# If we are about to shut down, execute this bunch of code, 141# otherwise (startup), skip below 142if [[ $1 = shutdown ]]; then 143 [[ -x /usr/sbin/wsconfig ]] && /usr/sbin/wsconfig -s 1 2>&- 144 echo Received shutdown request. 145 146 # empty lopool into compressor arcfour state 147 dd if=/dev/arandom of=/dev/wrandom count=1 2>/dev/null 148 sync 2>/dev/null & # why not? 149 sleep 0.1 150 # cause the kernel to re-stir arc4random 151 dd if=/var/db/host.random of=/dev/arandom 2>/dev/null 152 # save a random seed 153 (dd if=/dev/arandom count=3; dd if=/dev/urandom count=8) \ 154 >/var/db/host.random 2>/dev/null 155 chmod 600 /var/db/host.random 156 [[ -x /usr/sbin/wsconfig ]] && /usr/sbin/wsconfig -s 1 2>&- 157 if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then 158 echo /etc/rc.shutdown in progress... 159 . /etc/rc.shutdown 160 echo /etc/rc.shutdown complete. 161 162 # bring carp interfaces down gracefully 163 for hn in /etc/hostname.carp[0-9]*; do 164 [[ -e $hn ]] || continue 165 if=${hn#/etc/hostname.} 166 [[ " $(ifconfig -l) " = *@( $if )* ]] && \ 167 ifconfig $if down 168 done 169 170 # re-stir again 171 dd if=/dev/urandom of=/dev/arandom bs=4 count=1 2>/dev/null 172 sleep 0.1 173 # and append more entropy 174 dd if=/dev/arandom count=1 >>/var/db/host.random 2>/dev/null 175 176 [[ $powerdown = YES ]] && exit 2 177 else 178 echo single user: not running /etc/rc.shutdown 179 fi 180 exit 0 181fi 182 183# Protect us from shooting ourselves into the foot 184dmesg | while IFS= read -r line; do 185 [[ $line = ?d[0-9]*@('<VBOX'[, >])* ]] || continue 186 echo Sorry, WirrtualBox is not supported. 187 echo To continue on your own risk: touch /etc/allow-vbox 188 echo But remember that vbox is buggy and often broken! 189 test -e /etc/allow-vbox || exit 1 190done 191 192# early munge point (for baselive CD) 193 194# Configure ccd devices. 195[[ -f /etc/ccd.conf ]] && ccdconfig -C 196 197# Configure raid devices. 198for dev in 0 1 2 3 4 5 6 7; do 199 [[ -f /etc/raid${dev}.conf ]] && \ 200 raidctl -c /etc/raid${dev}.conf raid$dev 201done 202 203# Check parity on raid devices. 204raidctl -P all 205 206swapctl -A -t blk 207 208consspeed=$(stty -f /dev/console speed) 209print -u2 "console at $consspeed bps" 210 211# pick up configuration options 212. /etc/rc.conf 213 214# Read /etc/fstab into arrays and sort by mountpoint 215typeset -i i=0 216set -A _dev _mp _fstype _opt 217stripcom /etc/fstab |& 218while read -p _fdev _fmp _ffstype _fopt _frest; do 219 _dev[i]=$_fdev 220 _mp[i]=$_fmp 221 _fstype[i]=$_ffstype 222 _opt[i]=${_fopt:-rw} 223 let i++ 224done 225_fssort 226 227# Examine the filesystems whether there are IDE drives 228if [[ $softdrives_ide = NO ]]; then 229 # auto-detect from /etc/fstab 230 softdrives_ide= 231 i=0 232 while (( i < ${#_mp[*]} )); do 233 if [[ ${_dev[i]} = /dev/wd+([0-9])[a-p] ]]; then 234 _fdev=${_dev[i]#/dev/} 235 softdrives_ide="$softdrives_ide ${_fdev%[a-p]}" 236 fi 237 let i++ 238 done 239fi 240 241# Needed for softdep to work correctly (SCSI drives, too!) 242if [[ -n $softdrives_ide ]]; then 243 echo -n Disabling HDD hardware write caches... 244 x=: 245 for drv in $softdrives_ide; do 246 [[ $x = *:$drv:* ]] && continue 247 echo -n " $drv" 248 atactl /dev/r${drv}c secfreeze >/dev/null 2>&1 249 atactl /dev/r${drv}c writecachedisable >/dev/null 2>&1 || \ 250 echo -n ! 251 x=$x$drv: 252 done 253 echo . 254fi 255 256# Check filesystems 257if [[ -e /fastboot ]]; then 258 echo Fast boot: skipping disk checks. 259elif [[ $1 = autoboot ]]; then 260 echo Automatic boot in progress: starting file system checks. 261 fsck -p 262 case $? { 263 (0) 264 ;; 265 (2) 266 exit 1 267 ;; 268 (4) 269 echo Rebooting... 270 reboot 271 echo "Reboot failed; help!" 272 exit 1 273 ;; 274 (8) 275 echo "Automatic file system check failed; help!" 276 exit 1 277 ;; 278 (12) 279 echo Boot interrupted. 280 exit 1 281 ;; 282 (130) 283 # interrupt before catcher installed 284 exit 1 285 ;; 286 (*) 287 echo "Unknown error; help!" 288 exit 1 289 ;; 290 } 291fi 292 293trap "echo Boot interrupted.; exit 1" 3 294 295umount -a >/dev/null 2>&1 296i=0 297while (( i < ${#_mp[*]} )); do 298 if [[ ${_mp[i]} = / && ${_opt[i]}, != ro,* ]]; then 299 if ! mount -uwo "${_opt[i]}" "${_dev[i]}" / >/dev/null 2>&1; \ 300 then 301 if [[ ,${_opt[i]}, != *,softdep,* ]]; then 302 echo -n 'WARNING: Your root filesystem failed' 303 echo -n ' to remount read-write! <forcing...>' 304 echo 'The system is probably severely damaged' 305 fi 306 mount -ufwo "${_opt[i]}" "${_dev[i]}" / 307 fi 308 elif [[ ,${_opt[i]}, != *,noauto,* && ${_opt[i]}, != @(sw|xx),* ]]; then 309 if [[ ${_fstype[i]} = ffs ]]; then 310 if ! mount -t ffs -o "${_opt[i]}" "${_dev[i]}" \ 311 "${_mp[i]}" >/dev/null 2>&1; then 312 if [[ ,${_opt[i]}, != *,softdep,* ]]; then 313 echo -n "Warning: force-mounting unch" 314 echo -n "ecked ffs filesystem nosoft" 315 echo "dep: ${_dev[i]} -> ${_mp[i]}" 316 fi 317 mount -f -t ffs -o "${_opt[i]}" \ 318 "${_dev[i]}" "${_mp[i]}" 319 fi 320 elif [[ ${_fstype[i]} != nfs ]]; then 321 # Ignore NFS this early in the boot process 322 mount -t "${_fstype[i]}" -o "${_opt[i]}" \ 323 "${_dev[i]}" "${_mp[i]}" 324 fi 325 fi 326 let i++ 327done 328mount -a -t nonfs 329# root on nfs may require this 330mount 2>/dev/null |& 331x= 332while read -p line; do 333 [[ $line = *@( on / )* ]] || continue 334 x=$line 335 break 336done 337while read -p line; do : consume until mount is finished; done 338[[ -z $x || $x = *\(*read-only* ]] && mount -uw / 339# root is now writable 340rm -f /fastboot 341 342# enable running applications from /usr for now 343[[ -x /sbin/ldconfig && -d /var/run/. ]] && /sbin/ldconfig 344 345# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 346echo setting tty flags 347ttyflags -a 348 349if [[ $pf != NO ]]; then 350 RULES="block all" 351 RULES="$RULES\npass on lo0" 352 RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 353 RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 354 RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 355 if ifconfig lo0 inet6 >/dev/null 2>&1; then 356 RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 357 RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 358 RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 359 RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 360 fi 361 RULES="$RULES\npass proto { pfsync, carp }" 362 if [[ "$(sysctl vfs.mounts.nfs 2>/dev/null)" = *[1-9]* ]]; then 363 # don't kill NFS 364 RULES="scrub in all no-df\n$RULES" 365 RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" 366 RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" 367 fi 368 echo $RULES | pfctl -f - 369 pfctl -e 370fi 371 372sysctl_conf 373 374# configure wscons(4) early, in case someone needs to interrupt e.g. dhclient 375wsconsctl_conf 376 377# set hostname, turn on network 378echo starting network 379if [ -f /etc/resolv.conf.save ]; then 380 mv /etc/resolv.conf.save /etc/resolv.conf 381 touch /etc/resolv.conf 382fi 383[[ -e /etc/rc.netselect ]] && . /etc/rc.netselect 384. /etc/netstart 385 386[[ $pf != NO && -s $pf_rules ]] && pfctl -f "$pf_rules" 387 388# ensure /usr and /var are mounted, even if marked noauto 389i=0 390while (( i < ${#_mp[*]} )); do 391 if [[ ${_mp[i]} = /@(usr|var) ]]; then 392 x=$(mount 2>/dev/null | fgrep " on ${_mp[i]} " 2>/dev/null) 393 [[ -z $x ]] && mount ${_mp[i]} >/dev/null 2>&1 394 fi 395 let i++ 396done 397 398# on sparc, use the nvram to provide some additional entropy 399[[ -x /usr/sbin/eeprom ]] && eeprom 2>&1 | cksum -ba sha512 >/dev/wrandom 400 401# load arp tables 402if [[ $arptables = YES && -s /etc/arp.conf ]]; then 403 echo Setting static ARP table entries 404 arp -f /etc/arp.conf 405fi 406 407# read old random seed; if there's no /var/db/host.random, make 408# one through random(4); else reset seed file anyway so that if 409# a shutdown-less reboot occurs the next seed is not a repeat - 410# also reset arandom(4) 411{ 412 cat /var/db/host.random >/dev/urandom 413 (dd if=/dev/arandom count=3; dd if=/dev/urandom count=5) | \ 414 dd of=/var/db/host.random 415 chmod 600 /var/db/host.random 416 sync 417 418 let RANDOM=$(dd if=/dev/arandom bs=4 count=1 2>&- | hexdump -ve '"%u"') 419 typeset -i1 a=RANDOM b=RANDOM c=RANDOM d=RANDOM 420 print -nr -- "${a#1#}${b#1#}${c#1#}${d#1#}" >/dev/arandom 421 unset a b c d 422 423 dd if=/dev/arandom count=3 >>/var/db/host.random 424 let RANDOM=$(dd if=/dev/arandom bs=4 count=1 2>&- | hexdump -ve '"%u"') 425} >/dev/wrandom 2>&1 426 427# clean up left-over files 428rm -f /etc/nologin 429rm -f /var/spool/lock/LCK.* 430rm -f /var/spool/uucp/STST/* 431rm -rf /var/{run,authpf}/* 432install -c -m 664 -g utmp /dev/null /var/run/utmp 433 434if [[ -f /sbin/ldconfig ]]; then 435 echo creating runtime link editor directory cache. 436 [[ -d /usr/local/lib ]] && shlib_dirs="/usr/local/lib $shlib_dirs" 437 [[ -d /usr/X11R6/lib ]] && shlib_dirs="/usr/X11R6/lib $shlib_dirs" 438 [[ -d /usr/mpkg/lib ]] && shlib_dirs="/usr/mpkg/lib $shlib_dirs" 439 ldconfig $shlib_dirs 440 PATH=/sbin:/bin:/usr/sbin:/usr/bin 441fi 442 443# save a copy of the boot messages 444dmesg | tee /var/run/dmesg.boot | cksum -ba rmd160 >/dev/wrandom 445 446# Initialise anoncvs chroot /dev directory 447i=0 448grep ':/var/anoncvs.*:/usr/libexec/anoncvssh$' /etc/master.passwd |& 449while IFS=: read -p name pass rest; do 450 [[ $pass = '*' ]] || i=1 451done 452(( i )) && if [[ -d /var/anoncvs/dev/. ]]; then 453 mount_mfs -s 128 swap /var/anoncvs/dev 454 (cd /dev; pax -rw -pe arandom wrandom null zero /var/anoncvs/dev/) 455 syslogd_flags="$syslogd_flags -a /var/anoncvs/dev/log" 456fi 457 458echo starting system logger 459rm -f /dev/log 460if [[ $httpd_flags != NO && " $httpd_flags " != *@( -u )* ]]; then 461 rm -f /var/www/dev/log 462 mkdir -p -m 0555 /var/www/dev 463 syslogd_flags="$syslogd_flags -a /var/www/dev/log" 464fi 465if [[ $named_flags != NO && -d /var/named/dev/. ]]; then 466 rm -f /var/named/dev/log 467 syslogd_flags="$syslogd_flags -a /var/named/dev/log" 468fi 469if [[ -d /var/empty/. ]]; then 470 rm -f /var/empty/dev/log 471 mkdir -p -m 0555 /var/empty/dev 472 syslogd_flags="$syslogd_flags -a /var/empty/dev/log" 473fi 474syslogd $syslogd_flags 475 476[[ $pf != NO && $pflogd_flags != NO ]] && \ 477 ifconfig pflog0 up && pflogd $pflogd_flags 478 479# $isakmpd_flags is imported from /etc/rc.conf; 480# If $isakmpd_flags == NO, isakmpd isn't run. 481if [[ $isakmpd_flags != NO ]]; then 482 echo starting isakmpd; isakmpd $isakmpd_flags 483fi 484 485echo -n starting initial daemons: 486 487if [[ $tpmrng_flags != NO && -x /usr/libexec/tpmrng ]]; then 488 echo -n ' tpmrng'; /usr/libexec/tpmrng $tpmrng_flags 489fi 490 491# $portmap is imported from /etc/rc.conf; 492# if $portmap == YES, the portmapper is started. 493if [[ $portmap = YES ]]; then 494 echo -n ' portmap'; portmap 495else 496 nfs_server=NO 497fi 498 499# $nfs_server is imported from /etc/rc.conf; 500# if $nfs_server == YES, the machine is setup for being an nfs server 501if [[ $nfs_server = YES && -s /etc/exports && \ 502 $(stripcom /etc/exports | wc -l) -ne 0 ]]; then 503 rm -f /var/db/mountdtab 504 echo -n >/var/db/mountdtab 505 echo -n ' mountd'; mountd $mountd_flags 506 echo -n ' nfsd'; nfsd $nfsd_flags 507 if [[ $lockd = YES ]]; then 508 echo -n ' rpc.lockd'; rpc.lockd 509 fi 510fi 511 512# run rdate before timed/ntpd 513if [[ $rdate_flags != NO ]]; then 514 echo -n ' rdate'; rdate -s $rdate_flags 2>&1 |& 515 set -A rdate_flags 516 i=0 517 while read -p x; do 518 rdate_flags[${#rdate_flags[*]}]=$x 519 done 520fi 521 522# $timed_flags is imported from /etc/rc.conf; 523# if $timed_flags == NO, timed isn't run. 524if [[ $timed_flags != NO ]]; then 525 echo -n ' timed'; timed $timed_flags 526fi 527 528if [[ $ntpd_flags != NO ]]; then 529 echo -n ' ntpd'; ntpd $ntpd_flags 530fi 531 532echo . 533[[ $rdate_flags = NO ]] || while (( i < ${#rdate_flags[*]} )); do 534 print -r -- "${rdate_flags[i++]}" 535done 536 537mount -a -t nfs 538 539swapctl -A -t noblk 540 541# /var/crash should be a directory or a symbolic link 542# to the crash directory if core dumps are to be saved. 543[[ -d /var/crash ]] && savecore $savecore_flags /var/crash 544 545if [[ $check_quotas = YES ]]; then 546 echo -n 'checking quotas: ' 547 quotacheck -a 548 echo done. 549 quotaon -a 550fi 551 552# build ps databases 553echo -n building ps databases: 554[[ -e /var/db/kvm_bsd.new ]] && mv -f /var/db/kvm_bsd.new /var/db/kvm_bsd.db 555if [[ $kvm_mkdb != NO ]]; then 556 echo -n " kvm" 557 kvm_mkdb 558fi 559echo -n " dev" 560dev_mkdb 561echo . 562 563chmod 666 /dev/tty[pqrstuvwxyzPQRST]* 564chown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 565 566# check the password temp/lock file 567[[ -f /etc/ptmp ]] && logger -s -p auth.err \ 568 'password file may be incorrect -- /etc/ptmp exists' 569 570echo clearing /tmp 571x=$(mount 2>/dev/null | fgrep " on /tmp" 2>/dev/null) 572if [[ -z $x ]]; then 573 # clean up as usual on small systems 574 rm -rf /tmp 575 mkdir /tmp 576 chown 0:0 /tmp 577 chmod 01777 /tmp 578elif [[ $x != *@(type mfs)* ]]; then 579 # prune quickly with one rm, then use find to clean up /tmp/[lq]* 580 (cd /tmp && rm -rf [a-km-pr-zA-Z]* && \ 581 find . ! -name . ! -name lost+found ! -name quota.user \ 582 ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 583fi 584 585# create Unix sockets directories for X if needed and make sure they have 586# correct permissions 587if [[ -d /usr/X11R6/lib ]]; then 588 for d in /tmp/.X11-unix /tmp/.ICE-unix; do 589 [[ -e $d ]] || mkdir -p $d 590 if [[ -d $d ]]; then 591 [[ $(stat -f %u $d) = 0 ]] || chown 0 $d 592 [[ $(stat -f %p $d) = 41777 ]] || chmod 1777 $d 593 elif [[ -e $d ]]; then 594 echo "Error: $d exists and isn't a directory." 595 fi 596 done 597fi 598 599[[ -f /etc/rc.securelevel ]] && . /etc/rc.securelevel 600if [[ -n $securelevel ]]; then 601 echo -n 'setting kernel security level: ' 602 sysctl kern.securelevel=$securelevel 603fi 604 605# patch /etc/motd 606x=$(sysctl -n kern.version | sed 1q) 607[[ -s /etc/motd && "$([[ "$(head -1 /etc/motd)" != $x ]] && \ 608 ed -s /etc/motd 2>&1 <<-EOF 609 1,/^\$/d 610 0a 611 $x 612 613 . 614 wq 615EOF)" = @(?) ]] && rm -f /etc/motd 616if [[ ! -s /etc/motd ]]; then 617 install -c -o root -g wheel -m 664 /dev/null /etc/motd 618 print -- "$x\n" >/etc/motd 619fi 620 621if [[ -f /var/account/acct ]]; then 622 echo turning on accounting; accton /var/account/acct 623fi 624 625if [[ -x /usr/libexec/vi.recover && -x /usr/bin/perl && \ 626 -d /var/tmp/vi.recover ]]; then 627 echo preserving editor files; /usr/libexec/vi.recover 628fi 629 630if [[ -e /etc/rc.once ]]; then 631 print rc: running post-install hooks 632 mksh /etc/rc.once 633fi 634 635# Generate all the RSA keys we might need 636if [[ ! -s /etc/ssl/private/default.key && -s /etc/ssh/ssh_host_rsa_key ]]; then 637 print "openssl: using old SSH host RSA key" 638 rm -f /etc/ssl/{def{ault,lt-ca}.cer,private/default.key} 639 cat /etc/ssh/ssh_host_rsa_key >/etc/ssl/private/default.key 640 chmod 600 /etc/ssl/private/default.key 641fi 642if [[ ! -s /etc/ssl/private/default.key ]]; then 643 print -n "openssl: generating new host RSA key... " 644 rm -f /etc/ssl/{def{ault,lt-ca}.cer,private/default.key} 645 # XXX 6000-8000 is recommended... choose less to be nice to old boxen 646 if openssl genrsa -out /etc/ssl/private/default.key 4096 \ 647 >/dev/wrandom 2>&1; then 648 chmod 600 /etc/ssl/private/default.key 649 rm -f /etc/ssh/ssh_host_rsa_key 650 print done. 651 else 652 print failed. 653 fi 654fi 655if [[ ! -s /etc/ssl/default.cer || ! -s /etc/ssl/deflt-ca.cer ]]; then 656 print -n "openssl: generating new host X.509v3 certificate... " 657 rm -f /etc/ssl/def{ault,lt-ca}.cer 658 openssl req -batch -new -subj "/CN=$(hostname)/" \ 659 -key /etc/ssl/private/default.key \ 660 -x509 -out /etc/ssl/default.cer 661 chmod 644 /etc/ssl/default.cer 662 cp /etc/ssl/default.cer /etc/ssl/deflt-ca.cer 663 print done 664fi 665if [[ ! -s /etc/ssh/ssh_host_rsa_key ]]; then 666 print -n "ssh-keygen: installing host RSA key... " 667 cp -f /etc/ssl/private/default.key /etc/ssh/ssh_host_rsa_key 668 rm -f /etc/ssh/ssh_host_rsa_key.pub 669 print done. 670fi 671if [[ ! -s /etc/ssh/ssh_host_rsa_key.pub ]]; then 672 print -n "ssh-keygen: installing host public key... " 673 print -r -- $(ssh-keygen -yf /etc/ssh/ssh_host_rsa_key) \ 674 $(hostname) host key >/etc/ssh/ssh_host_rsa_key.pub 675 chmod 600 /etc/ssh/ssh_host_rsa_key 676 chmod 644 /etc/ssh/ssh_host_rsa_key.pub 677 print done. 678fi 679 680echo -n starting network daemons: 681 682# $routed_flags are imported from /etc/rc.conf. 683# If $routed_flags == NO, routed isn't run. 684# Same for the other dæmons. 685 686if [[ $routed_flags != NO ]]; then 687 echo -n ' routed'; routed $routed_flags 688fi 689 690if [[ $mrouted_flags != NO ]]; then 691 echo -n ' mrouted'; mrouted $mrouted_flags 692fi 693 694if [[ $ospfd_flags != NO && -x /usr/sbin/ospfd ]]; then 695 echo -n ' ospfd'; /usr/sbin/ospfd $ospfd_flags 696fi 697 698if [[ $bgpd_flags != NO && -x /usr/sbin/bgpd ]]; then 699 echo -n ' bgpd'; /usr/sbin/bgpd $bgpd_flags 700fi 701 702if [[ $dhcpd_flags != NO && -f /etc/dhcpd.conf ]]; then 703 touch /var/db/dhcpd.leases 704 [[ -f /etc/dhcpd.interfaces ]] && \ 705 dhcpd_ifs=$(stripcom /etc/dhcpd.interfaces) 706 echo -n ' dhcpd'; /usr/sbin/dhcpd $dhcpd_flags $dhcpd_ifs 707fi 708 709if ifconfig lo0 inet6 >/dev/null 2>&1; then 710 fw=$(sysctl -n net.inet6.ip6.forwarding) 711 if [[ $fw = 0 ]]; then 712 if [[ $rtsold_flags != NO ]]; then 713 echo -n ' rtsold' 714 /usr/sbin/rtsold $rtsold_flags 715 fi 716 else 717 if [[ $route6d_flags != NO ]]; then 718 echo -n ' route6d' 719 /usr/sbin/route6d $route6d_flags 720 fi 721 if [[ $rtadvd_flags != NO ]]; then 722 echo -n ' rtadvd' 723 /usr/sbin/rtadvd $rtadvd_flags 724 fi 725 fi 726fi 727 728# if $rwhod == YES, rwhod is run. 729if [[ $rwhod = YES ]]; then 730 echo -n ' rwhod'; rwhod 731fi 732 733if [[ $lpd_flags != NO ]]; then 734 echo -n ' lpd'; lpd $lpd_flags 735fi 736 737# $sendmail_flags is imported from /etc/rc.conf; 738# If $sendmail_flags == NO or /etc/mailer.conf doesn't exist, then 739# sendmail isn't run. We call sendmail with a full path so that 740# SIGHUP works. Note that /usr/sbin/sendmail may actually call a 741# mailer other than sendmail, depending on /etc/mailer.conf. 742if [[ $sendmail_flags != NO && -s /etc/mailer.conf ]]; then 743 echo -n ' sendmail' 744 ( /usr/sbin/sendmail $sendmail_flags <>/dev/null >&0 2>&0 & ) 745fi 746 747if [[ $httpd_flags != NO ]]; then 748 # Clean up left-over httpd locks 749 rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.* 750 echo -n ' httpd'; /usr/sbin/httpd $httpd_flags 751fi 752 753if [[ $ftpd_flags != NO ]]; then 754 echo -n ' ftpd'; /usr/libexec/ftpd $ftpd_flags 755fi 756 757if [[ $ftpproxy_flags != NO ]]; then 758 echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy $ftpproxy_flags 759fi 760 761if [[ $identd_flags != NO ]]; then 762 echo -n ' identd'; /usr/libexec/identd $identd_flags 763fi 764 765if [[ $inetd = YES && -s /etc/inetd.conf ]]; then 766 echo -n ' inetd'; inetd 767fi 768 769if [[ $sshd_flags != NO ]]; then 770 echo -n ' sshd'; /usr/sbin/sshd $sshd_flags 771fi 772 773if [[ $spamd_flags != NO ]]; then 774 [[ $spamd_black != NO ]] && spamd_flags="$spamd_flags -b" 775 echo -n ' spamd'; eval /usr/libexec/spamd $spamd_flags 776 /usr/libexec/spamd-setup 777 if [[ $spamd_black = NO ]]; then 778 echo -n ' spamlogd' 779 /usr/libexec/spamlogd 780 fi 781fi 782 783# If $rarpd_flags == NO or /etc/ethers doesn't exist, then 784# rarpd isn't run. 785if [[ $rarpd_flags != NO && -s /etc/ethers ]]; then 786 echo -n ' rarpd'; rarpd $rarpd_flags 787fi 788 789# If $bootparamd_flags == NO or /etc/bootparams doesn't exist, then 790# bootparamd isn't run. 791if [[ $bootparamd_flags != NO && -s /etc/bootparams ]]; then 792 echo -n ' rpc.bootparamd'; rpc.bootparamd $bootparamd_flags 793fi 794 795# If $rbootd_flags == NO or /etc/rbootd.conf doesn't exist, then 796# rbootd isn't run. 797if [[ $rbootd_flags != NO && -s /etc/rbootd.conf ]]; then 798 echo -n ' rbootd'; rbootd $rbootd_flags 799fi 800 801if [[ $isdnd_flags != NO ]]; then 802 echo -n ' isdnd'; /usr/sbin/isdnd $isdnd_flags 803fi 804 805echo . 806 807mixerctl_conf 808 809# if /etc/ttys does not include a console entry, remove it (borken) 810grep -q '^console' /etc/ttys >/dev/null 2>&1 || rm -f /etc/ttys 811# if /etc/ttys does not exist (or was broken), install a fresh copy 812[[ -e /etc/ttys ]] || install -c -o 0 -g 0 -m 644 /etc/ttys.dist /etc/ttys 813# if /etc/ttys indicates auto-setup of console speed, do that 814grep -q '^console.*acs\.[0-9s]' /etc/ttys >/dev/null 2>&1 && \ 815 ed -s /etc/ttys >/dev/null 2>&1 <<-EOF 816 /^console/s/acs\.[0-9]*/acs.${consspeed}/ 817 wq 818EOF 819 820[[ -f /etc/rc.local ]] && . /etc/rc.local 821 822# Only if it exists and is an unused ram disc array. 823# Compare approximately like the kernel does, except 824# we checksum the first 2 pages instead of a memcmp. 825x=$(dd if=/dev/rrd0c count=16 2>/dev/wrandom | cksum -a adler32) 826[[ $x = 1B32098C ]] && swapctl -ap0 /dev/rd0c 827 828[[ $sshagent_autostart = NO ]] && sshagent_autostart= 829echo Setting up ssh-agent directories... 830mkdir -m 0755 /var/run/ssh-agent 831chown root:daemon /var/run/ssh-agent 832for luser in 0 $sshagent_autostart; do 833 mkdir -m 0700 /var/run/ssh-agent/$luser 834 chown $luser /var/run/ssh-agent/$luser 835 rm -f /var/run/ssh-agent/$luser/agent 836done 837 838echo -n standard daemons: 839# don't run daemon if $food_flags == NO or /usr/sbin/food doesn't exist 840 841if [[ $apmd_flags != NO && -x /usr/sbin/apmd ]]; then 842 echo -n ' apmd'; /usr/sbin/apmd $apmd_flags 843fi 844 845if [[ $acpid_flags != NO && -x /usr/sbin/acpid ]]; then 846 echo -n ' acpid'; /usr/sbin/acpid $acpid_flags 847fi 848 849if [[ $sensorsd_flags != NO && -x /usr/sbin/sensorsd ]]; then 850 echo -n ' sensorsd'; /usr/sbin/sensorsd $sensorsd_flags 851fi 852 853if [[ $hotplugd_flags != NO && -x /usr/sbin/hotplugd ]]; then 854 echo -n ' hotplugd'; /usr/sbin/hotplugd $hotplugd_flags 855fi 856 857if [[ $watchdogd_flags != NO && -x /usr/sbin/watchdogd ]]; then 858 echo -n ' watchdogd'; /usr/sbin/watchdogd $watchdogd_flags 859fi 860 861echo -n ' cron'; cron 862 863if [[ $wsmoused_flags != NO && -x /usr/sbin/wsmoused ]]; then 864 echo -n ' wsmoused'; /usr/sbin/wsmoused $wsmoused_flags 865fi 866 867echo . 868 869date 870 871# Alternatively, on some architectures, xdm may be started in /etc/ttys. 872if [[ $xdm_flags != NO && -x /usr/X11R6/bin/xdm ]]; then 873 echo starting xdm...; /usr/X11R6/bin/xdm $xdm_flags 874fi 875 876exit 0 877