Drop incomplete archs lists from wsmoused(8) comment

OK deraadt

Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@

switch(4) and switchd(8) are retiering. Unhook them from various
configuration files.
OK sthen@ kn@ patrick@

switch to dhcpleased/resolvd in base
OK deraadt

resolvd and dhcpleased should not be enabled yet

Ship resolvd service, enable it by default

Starting right after unwind.

OK deraadt

rc(8) bits for dhcpleased(8).
OK deraadt

retire rebound etc bits to the attic

rc(8) bits for unwind(8); OK deraadt

It's time to switch to rad(8); tested by many.
Remove rtadvd(8) from rc(8).
OK deraadt, phessler

rc(8) infrastructure for rad

Introduce a scary rc.conf(8) knob library_aslr=(YES|NO) to turn off the
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.

Discussed with various;
input & ok from deraadt ajacoutot

Enable slaacd(8) by default and disable router solicitation and
advertisement processing in the kernel.
Go for it!!! deraadt@
additional encouragement to push forward from at least mpi and henning
special thanks to naddy for being an early adopter and finding bugs.

rc.d(8) for slaacd
OK phessler, deraadt

Switch to xenodm(1).

Do it now deraadt@

Add switchd

OK deraadt@

Add missing rc bits for rebound.

rc-wise OK aja@ jasper@

multicast_router -> multicast

It does not make sense to insert a specific route for 224/4 when the
default one is good enough.

So merge rc.conf(8)'s 'multicast_router' and 'multicast_host' into a
single 'multicast'. If set to YES the reject route for 224/4 is not
inserted by netstart(8).

Manual bits from jmc@

ok henning@, ajacoutot@

add rcscript for vmd

ok mlarkin@
prompted by deraadt@

yppasswd went away

Enable eigrpd(8) and eigrpctl(8) in the builds

ok deraadt@

Provide an ftpproxy6 rc script. ftp-proxy can only open one listening socket
at a time, so a second instance of the daemon is required.

OK mikeb stsp ajacoutot

Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.

ok deraadt

enable ntpd by default at install time. We use pools and a reliable
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.

this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.

with reyk rpe

Remove comments about default daemon_flags; most are empty, those
that aren't are redundant because they can be found in the rc.d(8)
scripts themselves, and they risk getting out of sync.
While here, sort the daemons alphabetically.
No functional change.

Triggered by a much smaller nameserver-only patch from stephan@.
OK ajacoutot@ rpe@ stephan@ and looks good to sthen@.

Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made
tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.

man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@

Unhook rtsol(8) and rtsold(8) from the build.
OK deraadt@

Remove sendmail tentacles. ok krw@ ajacoutot@

Nuke net.inet6.icmp6.rediraccept and allow redirects on interfaces
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@

usr.sbin

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Enable httpd(8) in the builds to get more testing, feedback and
improvements. It is not "finished" but serves static files.

ok deraadt@

net.inet6.ip6.accept_rtadv is gone

Add iscsid_flags to rc.conf so we do not try to start iscsid all the time.
Noticed by naddy@

Make rc.conf a parsed configuration file and stop sourcing it as a shell
script.
From now on rc.conf has a fixed syntax (key=val) and it is not allowed
to add anything to it besides the supported syntax, it all going to be
ignored.

discussed with and help from deraadt@ and halex@

remove bluetooth bits

add cron_flags which seemed to have been forgotten here.

ok aja@ dcoppa@

rm rwhod tentacles

Remove krb5 bits from rc(8).

ok reyk@

Enable Unbound in base, ok deraadt@

Unhook httpd(8) from build; etc bits
OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@
"The time is right." and much help getting the show on
the road deraadt@

switch over to smtpd by default.
ok deraadt gilles todd

Adapt nsd(1) comment to match the default daemon_flags of the rc.d script.

ok sthen@

remove popa3d etc tendrils

Mention amd_master with amd_flags.
Move identd_flags away from the inetd-capable daemons and fix usage.

ok deraadt@

Add rc.d(8) scripts for ipropd-master and ipropd-slave.

ok deraadt@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

hook up slowcgi to the tree, including /etc glue and a sample configuration
snippet; ok florian@

Remove most of pre-rc.d(8) backward compatibility.

ok krw@ sthen@ rpe@ halex@ dcoppa@

disable inetd by default; ok aja millert

document default operation of identd; mentioned by creamy@nocrater.com

Revert previous; there are more things to consider.

Remove pre-rc.d(8) backward compatibility.
See faq/current.html for more information.

The local_rcconf variable is not used anywhere anymore so drop it.

suggested by deraadt@
ok sthen@

Start ldomd(8).

OK, enough is enough. So many people persist in the practice of editing
this file, even years after the rc.conf / rc.conf.local split happened.
One way to improve upon this is to put a big fat comment at the top of
the file. (Other ways to improve this is by renaming files, but that
will just create more confusion).
ok aja robert

Enable npppd and npppctl in default build. Add npppd to rc and
install sample configs to /etc/.

ok claudio deraadt henning mcbride

Hook up nginx to rc(8).

ok deraadt@ robert@

no more afs activation goop

wire up the bits for tftp-proxy, which is called tftpproxy from rc.d's
point of view.

mostly ok sthen@ ajacoutot@, who were discussing the feng shui of the
start_daemons chunk

btd went away

add rc.d bits for the new standalone tftpd daemon.

mostly from Kent R. Spillner
ok sthen@ robert@

Adapt after recent rc scripts change.

with input from and ok sthen@

Handle aucat -> sndiod name change, and enable sndiod by default. Mostly
from ajacoutot@.

ok deraadt ajacoutot

Fix a small regression reported by nicm@: when domainname is set but
/var/yp/binding does not exist, do _not_ try to start ypbind.

Make it possible to start ypbind the same way as the other daemons
(using ypbind_flags) while preserving the historical startup behavior.

tested by deraadt@

Remove the "portmap" variable, it's unused now (use portmap_flags).

ok deraadt@ robert@

Add a script for popa3d to support running it outside of inetd.

use the right sysctl, doh!
pointed out by Moritz Grimm (mgrimm-at-mrsserver-dot-net)

mention net.inet6.ip6.rediraccept as well around rtsold_flags.
sthen@ ok.

Zap rdate_flags, it's not used anymore.

ok deraadt@

fix ${pf} variable so that the special pflogd check works; ok deraadt@

unset amd_flags so that backward compat (amd=YES) works

we need ypldap_flags=NO by default

move the pflog0 setup to the pflogd script and only
do that if pf is actually enabled (rely on pfctl -si)

requested by deraadt@

Remove outdated comment.

ok robert@ deraadt@

Forgot to commit that part yesterday, spotted by sthen@

fix boot output and make sure spamlogd is only started when needed

Switch amd and spamlogd to rc scripts and make sure that the
rc_pre() functions are returning correctly. This change
also simplyfies the changes because false || return 1 can be replaced
with false if that's the last call. thanks halex@!

Add the nfs startup scripts.

ok robert@

Set ypserv_flags to NO by default.

ok robert@

add a script for btd and replace the rc parts

timed's time is up. use ntpd(8). Even our own fossil developers
switched a while back.
ok miod, kettenis

Add kerberos startup scripts with backward compatibility goo.

ok robert@ deraadt@

Sync comments with reality.

add compat for portmap

Add rc.d(8) script for the system daemons that are restartable.
From now on rc(8) is going to call these scripts to start them up on boot
in the same order than before.
In addition the inetd and rwhod variables in rc.conf are deprecated so that
inetd_flags and rwhod_flags should be used. The old flags are still going
to be used for some time to allow users to switch.
There are more rc modifications to come later so let's put this in so
we can base more work on this.
It is important to mention that you can still keep using rc.local just
like the way you did before, and we have no intention to remove that either.

I'd also like to thank ajacoutot@, halex@, sthen@ and schwarze@ for working
on this with me.

Add the rc_scripts variable for rc.d(8).

prodded by espie@
ok miod@

start nsd(8); ok deraadt

replace two misleading ie. with e.g.; from Jan Stary

Add ldapd to rc and rc.conf. Enable it at boot with ldapd_flags=.

ok deraadt@ gilles@

Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var.
Also copy the generated RSA key for isakmpd into the iked directory; this
way we share the same RSA key by default.

ok deraadt@ jsg@

Add ldpd(8) to /etc/rc* files.
It needs to be started before the routing daemons.
In this way every new prefix learnt by them already has a label associated.

discussed with and ok'ed by claudio@

start ``aucat -l'' from /etc/rc, unless aucat_flags=NO, which is
the default setting in rc.conf.

ok deraadt

amd_dir is no longer used by rc so no need for it in rc.conf.

ok deraadt

enable pf by default.
turns bombs into flowers, water into beer and eradicts swine flu

support for smtpd(8); ok gilles@

Add bt=YES to /etc/rc.conf.local to start the daemon

Replace nmeattach (which will be removed) with ldattach.

routed is no longer, use ripd instead.

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

comment for spamd_flags should refer to spamd(8);

pointed out by Daniel Wade and previously by Frank Bax;
this time ok beck

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

Allow nmeaattach to start a sensor before starting ntpd. Many modern
receivers can cold start in the time it takes the boot process to get
close to starting ntpd. Even if the gps is not ready or the fix is not
valid, at least the sensor has been created; ntpd won't have to wait
a few minutes before scanning for the sensor. This makes using GPS as
the sole source of time a bit easier.

ok deraadt

spamd_grey=YES should really be spamd_black=NO
as disscussed with jmc and millert.
ok millert@

Make greylisting the default when spamd is enabled. Uses the new -g flag
for spamd-setup. OK beck@

- add a new "accounting" variable (default to NO) to enable accouting
(if the file /var/account/acct does not exist it will be created)

ok mk@

link hoststated to the builds.
ok miod@, henning@

remove acpid references. ok gwk@, steven@, grange@ and janus@.

Add the _ripd user and startup stuff.

ok claudio@

Add ifstated(8) startup bits.
OK deraadt@, henning@, mcbride@

Add sasyncd to rc / rc.conf.

ok deraadt@ cloder@

Hook dhcrelay(8) into the startup process.

ok henning@

add all the goo to hook dvmrp into the system

ok derradt@

revert vfs.nfs.privport sysctl, broke a few architectures
requested by deraadt@

Add support for NFS mounts to be from non-reserved ports:

- new sysctl vfs.nfs.privport to require NFS mount requests to be on
reserved ports when set to 1 (the default).
- mountd now automatically sets the sysctl depending on the -n flag.
- add mountd_flags to rc.conf to enable the -n flag at boot.
deraadt@ ok

add hostapd to rc/rc.conf glue

suggested and ok by kettenis@

As the isakmpd fifo race is fixed, hook ipsecctl to rc.

ok naddy@ todd@

add new ftp-proxy startup bits

ok henning beck

wsmoused works on amd64 too; carvalholatas@gmail.com

add bits for watchdogd startup, PR4540 Michael Knudsen <e@molioner.dk>
but I put it at a different place, watchdogd is really not a network daemon

Start on a basic ACPI framework -- does not do much more than read out the
ACPI tables into kernel memory and attach ACPI and HPET timers currently.

In order to test this code, enabling the devices in GENERIC as well as
the ACPI_ENABLE option is needed. This code does not do any thermal
control yet, so this should be done with care depending on the platform.

In the tree so more people can contribute to making this more fully
featured.

Ok niklas@ grange@ tedu@

add ospfd, ok theo
From: Jason Crawford <jasonrcrawford@gmail.com>, whitespace fixes me

introduce spamlogd_flags to make it easier to e. g. bind spamlogd
to an interface; no change in default config
from Toni Mueller <support@oeko.net>, ja ja ja ja bob

back out my previous commit: beck@ says spamd-setup(8) is correct;

unconditionally add -s to ntpd_flags in rc and suggest "" for normal
use in the comment in rc.conf again, idea & ok theo

adjust comment for ntpd_flags, "-s" is the normal use in the rc scripts now

correct comment: spamd flags in spamd(8), not spamd-setup(8);
from frank bax on misc@;

ok deraadt@

new dhcpd doesn't have -q any more, adjust comment accordingly
From: keoki seu <keoki@camelot.physics.wm.edu>

remove startup code for that other ntpd from ports and use the one
in base instead. theo ok & rush to go for beer

hotplugd startup.

ok deraadt@

SNTP is RFC2030

add the goo for bgpd, theo ok

add support for spamd greylisting with spamd -g and spamlogd to rc/rc.conf

simplify afs startup so all you have to do is say "YES" to get basic
AFS functionality (enough to to pkg_add's)

permit rpc.yppasswdd run to be blocked, and block by default; ok henning tedu

sensorsd startup via rc/rc.conf
ok millert@

now that there is multicast routing documentation in netstart(8),
reference it rather than /etc/netstart
ok henning@ millert@

don't tell people to use -u for identd any more, runs as _identd by default
now

No more gated. ok krw@, deraadt@, commments from David Krause, jakob@.

mention shlib_dirs entries are separated by space; ok many people

commented hourly spamd-setup run

remove support for named_chroot and named_user; always run named as user
named and chrooted to /var/named. ok deraadt@

spewd-setup should read spamd-setup

spamd startup stuff

Compile wsmoused on alpha, as it can be used on vga displays.

no more altqd use

smtpd leaves the building

more photuris bits by bye bye

no rpc by default

note about the cron job; requested by fred@francis.unitra.sk

doc that rdate can do SNTP as well

ready ourself for the chroot httpd parts

pfctl -f instead of -N/-R, ok deraadt@

Remove startup stuff for Kerberos 4 servers.

ok deraadt@

Permit flags to be set for savecore, e.g. to compress core dumps
ok millert@ fgsch@

zap trailing spaces and tabs

clarify smtpfwdd_flags; from dfa@solo.ee. ok deraadt

Scaffolding to support sendmail 8.12. Note that the new smmsp user/group
are *required*.

pflogd_flags; mbing@nfr.net

altqd startup stuff

pf off by default; how did this happening, as is noone testing????

Initialization infrastruture for pf. Based on initial patches
by ian@, and much input and mangling from theo.

I suck

KerberosV support.

Kerberos related cleanup.

Use lpd_flags instead of lpd, thus allowing to pass parameters to lpd;
patch from Yozo TODA <yozo@imit.chiba-u.ac.jp>, deraadt@ ok.

Remove ipf. Darren Reed has interpreted his (old, new, whichever)
licence in a way that makes ipf not free according to the rules we
established over 5 years ago, at www.openbsd.org/goals.html (and those
same basic rules govern the other *BSD projects too). Specifically,
Darren says that modified versions are not permitted. But software
which OpenBSD uses and redistributes must be free to all (be they
people or companies), for any purpose they wish to use it, including
modification, use, peeing on, or even integration into baby mulching
machines or atomic bombs to be dropped on Australia. Furthermore, we
know of a number of companies using ipf with modification like us, who
are now in the same situation, and we hope that some of them will work
with us to fill this gap that now exists in OpenBSD (temporarily, we
hope).

USB mice apply here, too.

fix wsmoused comment

wsmoused support; missed 2.9 -- bad aaron; heko@saitti.net

permit passing sshd flags; djm

Typos: neccesary -> necessary, desireable -> desirable

Back-out use of apachectl to start httpd:
1) It's one more dependency in /etc/rc
2) It's one more script that starts from /etc/rc (slowdown)
3) We're only going to be starting httpd in /etc/rc anyway (no other
weird operations), so there's no reason to force a change in rc.conf
4) apachectl(8) doesn't mention "startssl" directive
5) Admins can use apachectl to manage httpd regardless of how the
latter was started

Thanks to fgs@ for yelling about this :-)

Use apachectl to start httpd, rather than directly call httpd in
/etc/rc (PR 1476)

Give examples of moused_flags usage for ps/2 and serial mice.

Initialization script stuff for moused.

- Move ntpd out of rc.securelevel
- Add ntpdate and rdate rc knobs

Approved-And-Assisted-By: millert

remove ip6defaultif, this is just for IPv6 specification pedants

rc.conf now parses ${local_rcconf} internally; closes pr 1259

add a note where to go to for nfs client configuration; after popular demand

nfsiod/nfs_client, bye bye
add commented out entry into sysctl.conf for vfs.nfs.iothreads

fix PR #1169; itojun@ OK

rc.conf.local support, inspired by chuck yerkes

add ip6defaultif, which configures default outgoing interface
when no neighboring router is found (rare case). this is to conform
strictly to the ND spec. it is safe to leave it empty.

description error; discovered in a bar in sweden..

add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags

Allow identd to be used w/o inetd.

Fix misleading comment.

shorten lines

Change defaults to start sendmail using '-q30m'. This will not make
sendmail listen to requests on port 25, just process the queue every
30 minutes to take care of any unsent mail. OK millert@.

clean

Add shlib_dirs variable so users can add to the directories cached
in /var/run/ld.so.hints

New multicast route setup style

isakmpd startup stuff

Add option for running ftpd out of rc.

startup code for AFS

add toggle for ntpd

Added daemon mode flags "-D" to default configuration. This new version doesn't
automatically release the terminal.

better way of handling dhcp client; Jason Ish <jbi130@mail.usask.ca>

dhcp client stuff. "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

put back recent change (apmd flags) that was accidently removed

dhcpd: start from rc, controlled by rc.conf; sample config files

allow flags to be passed to apmd at millert's request

start apmd in rc, controlled by rc.conf

rc.conf control sshd

to turn of named chroot set to be empty, not 'NO'

Add named_user and named_chroot variables to simplify chroot'd named
setup.

mention -u name -t /var/named

add xdm control to /etc/rc.conf; X11 docs need updating

s/^nat/ipnat/

httpd is now in the tree, and an rc.conf flag turns it on

disable photuris by default; it is noisy and ipsec is not fully functional by default

move nat.rules to ipnat.rules

add an option for kerberos slave servers.

syslogd gets a new -a argument: specify additional AF_UNIX log devices
syslogd should create & listen to. As in "syslogd -a /chroot/dev/log",
I'm sure you get the idea.

Flags and startup for smtpd/smtpfwdd - not enabled by default.

ipforward is in sysctl.conf now

introduce /etc/sysctl.conf containing sysctl variables to change at boot time

Add ${nfsiod_flags}

Consistency.

ipforwarding option in rc.conf

correct swedish grammar

rearrange rfc1323 thingy

NAT requires IPF

Add support for mopd. -moj

spaces->tabs

fork netstart; new child is rc.conf

Hook up bgplgd. Uses _bgplgd user with id 71:71 add a rc.d script and
all the other rc plumbing.
OK deraadt@

switch(4) and switchd(8) are retiering. Unhook them from various
configuration files.
OK sthen@ kn@ patrick@

switch to dhcpleased/resolvd in base
OK deraadt

resolvd and dhcpleased should not be enabled yet

Ship resolvd service, enable it by default

Starting right after unwind.

OK deraadt

rc(8) bits for dhcpleased(8).
OK deraadt

retire rebound etc bits to the attic

rc(8) bits for unwind(8); OK deraadt

It's time to switch to rad(8); tested by many.
Remove rtadvd(8) from rc(8).
OK deraadt, phessler

rc(8) infrastructure for rad

Introduce a scary rc.conf(8) knob library_aslr=(YES|NO) to turn off the
reordering of libraries by rc(8). This way machines with very slow disk I/O
have a chance of booting within reasonable time now that libcrypto is also
randomized.

Discussed with various;
input & ok from deraadt ajacoutot

Enable slaacd(8) by default and disable router solicitation and
advertisement processing in the kernel.
Go for it!!! deraadt@
additional encouragement to push forward from at least mpi and henning
special thanks to naddy for being an early adopter and finding bugs.

rc.d(8) for slaacd
OK phessler, deraadt

Switch to xenodm(1).

Do it now deraadt@

Add switchd

OK deraadt@

Add missing rc bits for rebound.

rc-wise OK aja@ jasper@

multicast_router -> multicast

It does not make sense to insert a specific route for 224/4 when the
default one is good enough.

So merge rc.conf(8)'s 'multicast_router' and 'multicast_host' into a
single 'multicast'. If set to YES the reject route for 224/4 is not
inserted by netstart(8).

Manual bits from jmc@

ok henning@, ajacoutot@

add rcscript for vmd

ok mlarkin@
prompted by deraadt@

yppasswd went away

Enable eigrpd(8) and eigrpctl(8) in the builds

ok deraadt@

Provide an ftpproxy6 rc script. ftp-proxy can only open one listening socket
at a time, so a second instance of the daemon is required.

OK mikeb stsp ajacoutot

Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.

ok deraadt

enable ntpd by default at install time. We use pools and a reliable
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.

this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.

with reyk rpe

Remove comments about default daemon_flags; most are empty, those
that aren't are redundant because they can be found in the rc.d(8)
scripts themselves, and they risk getting out of sync.
While here, sort the daemons alphabetically.
No functional change.

Triggered by a much smaller nameserver-only patch from stephan@.
OK ajacoutot@ rpe@ stephan@ and looks good to sthen@.

Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made
tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.

man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@

Unhook rtsol(8) and rtsold(8) from the build.
OK deraadt@

Remove sendmail tentacles. ok krw@ ajacoutot@

Nuke net.inet6.icmp6.rediraccept and allow redirects on interfaces
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@

usr.sbin

disable use of bind in base; in the base use nsd/unbound instead.
a proper & complete bind port will show up.
discussed with many for years

Enable httpd(8) in the builds to get more testing, feedback and
improvements. It is not "finished" but serves static files.

ok deraadt@

net.inet6.ip6.accept_rtadv is gone

Add iscsid_flags to rc.conf so we do not try to start iscsid all the time.
Noticed by naddy@

Make rc.conf a parsed configuration file and stop sourcing it as a shell
script.
From now on rc.conf has a fixed syntax (key=val) and it is not allowed
to add anything to it besides the supported syntax, it all going to be
ignored.

discussed with and help from deraadt@ and halex@

remove bluetooth bits

add cron_flags which seemed to have been forgotten here.

ok aja@ dcoppa@

rm rwhod tentacles

Remove krb5 bits from rc(8).

ok reyk@

Enable Unbound in base, ok deraadt@

Unhook httpd(8) from build; etc bits
OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@
"The time is right." and much help getting the show on
the road deraadt@

switch over to smtpd by default.
ok deraadt gilles todd

Adapt nsd(1) comment to match the default daemon_flags of the rc.d script.

ok sthen@

remove popa3d etc tendrils

Mention amd_master with amd_flags.
Move identd_flags away from the inetd-capable daemons and fix usage.

ok deraadt@

Add rc.d(8) scripts for ipropd-master and ipropd-slave.

ok deraadt@

Remove all references to btd and the corresponding _btd user and group.

ok sthen@ deraadt@

hook up slowcgi to the tree, including /etc glue and a sample configuration
snippet; ok florian@

Remove most of pre-rc.d(8) backward compatibility.

ok krw@ sthen@ rpe@ halex@ dcoppa@

disable inetd by default; ok aja millert

document default operation of identd; mentioned by creamy@nocrater.com

Revert previous; there are more things to consider.

Remove pre-rc.d(8) backward compatibility.
See faq/current.html for more information.

The local_rcconf variable is not used anywhere anymore so drop it.

suggested by deraadt@
ok sthen@

Start ldomd(8).

OK, enough is enough. So many people persist in the practice of editing
this file, even years after the rc.conf / rc.conf.local split happened.
One way to improve upon this is to put a big fat comment at the top of
the file. (Other ways to improve this is by renaming files, but that
will just create more confusion).
ok aja robert

Enable npppd and npppctl in default build. Add npppd to rc and
install sample configs to /etc/.

ok claudio deraadt henning mcbride

Hook up nginx to rc(8).

ok deraadt@ robert@

no more afs activation goop

wire up the bits for tftp-proxy, which is called tftpproxy from rc.d's
point of view.

mostly ok sthen@ ajacoutot@, who were discussing the feng shui of the
start_daemons chunk

btd went away

add rc.d bits for the new standalone tftpd daemon.

mostly from Kent R. Spillner
ok sthen@ robert@

Adapt after recent rc scripts change.

with input from and ok sthen@

Handle aucat -> sndiod name change, and enable sndiod by default. Mostly
from ajacoutot@.

ok deraadt ajacoutot

Fix a small regression reported by nicm@: when domainname is set but
/var/yp/binding does not exist, do _not_ try to start ypbind.

Make it possible to start ypbind the same way as the other daemons
(using ypbind_flags) while preserving the historical startup behavior.

tested by deraadt@

Remove the "portmap" variable, it's unused now (use portmap_flags).

ok deraadt@ robert@

Add a script for popa3d to support running it outside of inetd.

use the right sysctl, doh!
pointed out by Moritz Grimm (mgrimm-at-mrsserver-dot-net)

mention net.inet6.ip6.rediraccept as well around rtsold_flags.
sthen@ ok.

Zap rdate_flags, it's not used anymore.

ok deraadt@

fix ${pf} variable so that the special pflogd check works; ok deraadt@

unset amd_flags so that backward compat (amd=YES) works

we need ypldap_flags=NO by default

move the pflog0 setup to the pflogd script and only
do that if pf is actually enabled (rely on pfctl -si)

requested by deraadt@

Remove outdated comment.

ok robert@ deraadt@

Forgot to commit that part yesterday, spotted by sthen@

fix boot output and make sure spamlogd is only started when needed

Switch amd and spamlogd to rc scripts and make sure that the
rc_pre() functions are returning correctly. This change
also simplyfies the changes because false || return 1 can be replaced
with false if that's the last call. thanks halex@!

Add the nfs startup scripts.

ok robert@

Set ypserv_flags to NO by default.

ok robert@

add a script for btd and replace the rc parts

timed's time is up. use ntpd(8). Even our own fossil developers
switched a while back.
ok miod, kettenis

Add kerberos startup scripts with backward compatibility goo.

ok robert@ deraadt@

Sync comments with reality.

add compat for portmap

Add rc.d(8) script for the system daemons that are restartable.
From now on rc(8) is going to call these scripts to start them up on boot
in the same order than before.
In addition the inetd and rwhod variables in rc.conf are deprecated so that
inetd_flags and rwhod_flags should be used. The old flags are still going
to be used for some time to allow users to switch.
There are more rc modifications to come later so let's put this in so
we can base more work on this.
It is important to mention that you can still keep using rc.local just
like the way you did before, and we have no intention to remove that either.

I'd also like to thank ajacoutot@, halex@, sthen@ and schwarze@ for working
on this with me.

Add the rc_scripts variable for rc.d(8).

prodded by espie@
ok miod@

start nsd(8); ok deraadt

replace two misleading ie. with e.g.; from Jan Stary

Add ldapd to rc and rc.conf. Enable it at boot with ldapd_flags=.

ok deraadt@ gilles@

Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var.
Also copy the generated RSA key for isakmpd into the iked directory; this
way we share the same RSA key by default.

ok deraadt@ jsg@

Add ldpd(8) to /etc/rc* files.
It needs to be started before the routing daemons.
In this way every new prefix learnt by them already has a label associated.

discussed with and ok'ed by claudio@

start ``aucat -l'' from /etc/rc, unless aucat_flags=NO, which is
the default setting in rc.conf.

ok deraadt

amd_dir is no longer used by rc so no need for it in rc.conf.

ok deraadt

enable pf by default.
turns bombs into flowers, water into beer and eradicts swine flu

support for smtpd(8); ok gilles@

Add bt=YES to /etc/rc.conf.local to start the daemon

Replace nmeattach (which will be removed) with ldattach.

routed is no longer, use ripd instead.

enable snmpd in the build

approved by deraadt@, ok thib@

hoststated gets renamed to relayd. easier to type, and actually says
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying

comment for spamd_flags should refer to spamd(8);

pointed out by Daniel Wade and previously by Frank Bax;
this time ok beck

Add the user _ospf6d otherwise the newly imported ospf6d daemon will not
start.

ok dlg@

Allow nmeaattach to start a sensor before starting ntpd. Many modern
receivers can cold start in the time it takes the boot process to get
close to starting ntpd. Even if the gps is not ready or the fix is not
valid, at least the sensor has been created; ntpd won't have to wait
a few minutes before scanning for the sensor. This makes using GPS as
the sole source of time a bit easier.

ok deraadt

spamd_grey=YES should really be spamd_black=NO
as disscussed with jmc and millert.
ok millert@

Make greylisting the default when spamd is enabled. Uses the new -g flag
for spamd-setup. OK beck@

- add a new "accounting" variable (default to NO) to enable accouting
(if the file /var/account/acct does not exist it will be created)

ok mk@

link hoststated to the builds.
ok miod@, henning@

remove acpid references. ok gwk@, steven@, grange@ and janus@.

Add the _ripd user and startup stuff.

ok claudio@

Add ifstated(8) startup bits.
OK deraadt@, henning@, mcbride@

Add sasyncd to rc / rc.conf.

ok deraadt@ cloder@

Hook dhcrelay(8) into the startup process.

ok henning@

add all the goo to hook dvmrp into the system

ok derradt@

revert vfs.nfs.privport sysctl, broke a few architectures
requested by deraadt@

Add support for NFS mounts to be from non-reserved ports:

- new sysctl vfs.nfs.privport to require NFS mount requests to be on
reserved ports when set to 1 (the default).
- mountd now automatically sets the sysctl depending on the -n flag.
- add mountd_flags to rc.conf to enable the -n flag at boot.
deraadt@ ok

add hostapd to rc/rc.conf glue

suggested and ok by kettenis@

As the isakmpd fifo race is fixed, hook ipsecctl to rc.

ok naddy@ todd@

add new ftp-proxy startup bits

ok henning beck

wsmoused works on amd64 too; carvalholatas@gmail.com

add bits for watchdogd startup, PR4540 Michael Knudsen <e@molioner.dk>
but I put it at a different place, watchdogd is really not a network daemon

Start on a basic ACPI framework -- does not do much more than read out the
ACPI tables into kernel memory and attach ACPI and HPET timers currently.

In order to test this code, enabling the devices in GENERIC as well as
the ACPI_ENABLE option is needed. This code does not do any thermal
control yet, so this should be done with care depending on the platform.

In the tree so more people can contribute to making this more fully
featured.

Ok niklas@ grange@ tedu@

add ospfd, ok theo
From: Jason Crawford <jasonrcrawford@gmail.com>, whitespace fixes me

introduce spamlogd_flags to make it easier to e. g. bind spamlogd
to an interface; no change in default config
from Toni Mueller <support@oeko.net>, ja ja ja ja bob

back out my previous commit: beck@ says spamd-setup(8) is correct;

unconditionally add -s to ntpd_flags in rc and suggest "" for normal
use in the comment in rc.conf again, idea & ok theo

adjust comment for ntpd_flags, "-s" is the normal use in the rc scripts now

correct comment: spamd flags in spamd(8), not spamd-setup(8);
from frank bax on misc@;

ok deraadt@

new dhcpd doesn't have -q any more, adjust comment accordingly
From: keoki seu <keoki@camelot.physics.wm.edu>

remove startup code for that other ntpd from ports and use the one
in base instead. theo ok & rush to go for beer

hotplugd startup.

ok deraadt@

SNTP is RFC2030

add the goo for bgpd, theo ok

add support for spamd greylisting with spamd -g and spamlogd to rc/rc.conf

simplify afs startup so all you have to do is say "YES" to get basic
AFS functionality (enough to to pkg_add's)

permit rpc.yppasswdd run to be blocked, and block by default; ok henning tedu

sensorsd startup via rc/rc.conf
ok millert@

now that there is multicast routing documentation in netstart(8),
reference it rather than /etc/netstart
ok henning@ millert@

don't tell people to use -u for identd any more, runs as _identd by default
now

No more gated. ok krw@, deraadt@, commments from David Krause, jakob@.

mention shlib_dirs entries are separated by space; ok many people

commented hourly spamd-setup run

remove support for named_chroot and named_user; always run named as user
named and chrooted to /var/named. ok deraadt@

spewd-setup should read spamd-setup

spamd startup stuff

Compile wsmoused on alpha, as it can be used on vga displays.

no more altqd use

smtpd leaves the building

more photuris bits by bye bye

no rpc by default

note about the cron job; requested by fred@francis.unitra.sk

doc that rdate can do SNTP as well

ready ourself for the chroot httpd parts

pfctl -f instead of -N/-R, ok deraadt@

Remove startup stuff for Kerberos 4 servers.

ok deraadt@

Permit flags to be set for savecore, e.g. to compress core dumps
ok millert@ fgsch@

zap trailing spaces and tabs

clarify smtpfwdd_flags; from dfa@solo.ee. ok deraadt

Scaffolding to support sendmail 8.12. Note that the new smmsp user/group
are *required*.

pflogd_flags; mbing@nfr.net

altqd startup stuff

pf off by default; how did this happening, as is noone testing????

Initialization infrastruture for pf. Based on initial patches
by ian@, and much input and mangling from theo.

I suck

KerberosV support.

Kerberos related cleanup.

Use lpd_flags instead of lpd, thus allowing to pass parameters to lpd;
patch from Yozo TODA <yozo@imit.chiba-u.ac.jp>, deraadt@ ok.

Remove ipf. Darren Reed has interpreted his (old, new, whichever)
licence in a way that makes ipf not free according to the rules we
established over 5 years ago, at www.openbsd.org/goals.html (and those
same basic rules govern the other *BSD projects too). Specifically,
Darren says that modified versions are not permitted. But software
which OpenBSD uses and redistributes must be free to all (be they
people or companies), for any purpose they wish to use it, including
modification, use, peeing on, or even integration into baby mulching
machines or atomic bombs to be dropped on Australia. Furthermore, we
know of a number of companies using ipf with modification like us, who
are now in the same situation, and we hope that some of them will work
with us to fill this gap that now exists in OpenBSD (temporarily, we
hope).

USB mice apply here, too.

fix wsmoused comment

wsmoused support; missed 2.9 -- bad aaron; heko@saitti.net

permit passing sshd flags; djm

Typos: neccesary -> necessary, desireable -> desirable

Back-out use of apachectl to start httpd:
1) It's one more dependency in /etc/rc
2) It's one more script that starts from /etc/rc (slowdown)
3) We're only going to be starting httpd in /etc/rc anyway (no other
weird operations), so there's no reason to force a change in rc.conf
4) apachectl(8) doesn't mention "startssl" directive
5) Admins can use apachectl to manage httpd regardless of how the
latter was started

Thanks to fgs@ for yelling about this :-)

Use apachectl to start httpd, rather than directly call httpd in
/etc/rc (PR 1476)

Give examples of moused_flags usage for ps/2 and serial mice.

Initialization script stuff for moused.

- Move ntpd out of rc.securelevel
- Add ntpdate and rdate rc knobs

Approved-And-Assisted-By: millert

remove ip6defaultif, this is just for IPv6 specification pedants

rc.conf now parses ${local_rcconf} internally; closes pr 1259

add a note where to go to for nfs client configuration; after popular demand

nfsiod/nfs_client, bye bye
add commented out entry into sysctl.conf for vfs.nfs.iothreads

fix PR #1169; itojun@ OK

rc.conf.local support, inspired by chuck yerkes

add ip6defaultif, which configures default outgoing interface
when no neighboring router is found (rare case). this is to conform
strictly to the ND spec. it is safe to leave it empty.

description error; discovered in a bar in sweden..

add following IPv6 configs: rtadvd_flags route6d_flags rtsold_flags

Allow identd to be used w/o inetd.

Fix misleading comment.

shorten lines

Change defaults to start sendmail using '-q30m'. This will not make
sendmail listen to requests on port 25, just process the queue every
30 minutes to take care of any unsent mail. OK millert@.

clean

Add shlib_dirs variable so users can add to the directories cached
in /var/run/ld.so.hints

New multicast route setup style

isakmpd startup stuff

Add option for running ftpd out of rc.

startup code for AFS

add toggle for ntpd

Added daemon mode flags "-D" to default configuration. This new version doesn't
automatically release the terminal.

better way of handling dhcp client; Jason Ish <jbi130@mail.usask.ca>

dhcp client stuff. "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

put back recent change (apmd flags) that was accidently removed

dhcpd: start from rc, controlled by rc.conf; sample config files

allow flags to be passed to apmd at millert's request

start apmd in rc, controlled by rc.conf

rc.conf control sshd

to turn of named chroot set to be empty, not 'NO'

Add named_user and named_chroot variables to simplify chroot'd named
setup.

mention -u name -t /var/named

add xdm control to /etc/rc.conf; X11 docs need updating

s/^nat/ipnat/

httpd is now in the tree, and an rc.conf flag turns it on

disable photuris by default; it is noisy and ipsec is not fully functional by default

move nat.rules to ipnat.rules

add an option for kerberos slave servers.

syslogd gets a new -a argument: specify additional AF_UNIX log devices
syslogd should create & listen to. As in "syslogd -a /chroot/dev/log",
I'm sure you get the idea.

Flags and startup for smtpd/smtpfwdd - not enabled by default.

ipforward is in sysctl.conf now

introduce /etc/sysctl.conf containing sysctl variables to change at boot time

Add ${nfsiod_flags}

Consistency.

ipforwarding option in rc.conf

correct swedish grammar

rearrange rfc1323 thingy

NAT requires IPF

Add support for mopd. -moj

spaces->tabs

fork netstart; new child is rc.conf

switch(4) and switchd(8) are retiering. Unhook them from various
configuration files.
OK sthen@ kn@ patrick@

switch to dhcpleased/resolvd in base
OK deraadt

resolvd and dhcpleased should not be enabled yet

Ship resolvd service, enable it by default

Starting right after unwind.

OK deraadt

rc(8) bits for dhcpleased(8).
OK deraadt

retire rebound etc bits to the attic

rc(8) bits for unwind(8); OK deraadt

It's time to switch to rad(8); tested by many.
Remove rtadvd(8) from rc(8).
OK deraadt, phessler