Index: defaults.mk ================================================================== --- defaults.mk +++ defaults.mk @@ -1,19 +1,57 @@ +# cleanvar CLEANVAR_DIRS?=/var/run /var/spool/lock /var/spool/uucp/.Temp -CRASHINFO_ENABLE?=no + +# cloned +CLONED_INTERFACES?= + +# devfs DEVFS_CONFIG_FILES?=/etc/defaults/devfs.conf /etc/devfs.conf + +# dmesg DMESG_FILE?=/var/run/dmesg.boot + +# dumpon DUMPDEV?=no -DUMPDIR?=/var/crash -ENTROPY_FILE?=/var/db/entropy/random -ENTROPY_DIR?=/var/db/entropy + +# fsck FSCK_Y_ENABLE?=no + +# hostname HOSTNAME?=Amnesiac -IFCONFIG_IFACES?=lo0 -IFCONFIG_lo0?=inet 127.0.0.1/8 up + +# kld KLD_LIST?= + +# ldconfig LDCONFIG_PATHS?=/lib /usr/lib /usr/local/lib /usr/pkg/lib LDCONFIG_LOCAL_DIRS?=/usr/local/libdata/ldconfig + +# mount NETFS_TYPES?=nfs:NFS smbfs:SMB + +# newsyslog NEWSYSLOG_ENABLE?=no +NEWSYSLOG_FLAGS?= + +# nfsclient NFSCLIENT_ENABLE?=no + +# netif +IFCONFIG_IFACES?=lo0 +IFCONFIG_lo0?=inet 127.0.0.1/8; up + +# pf +PF_ENABLE?=no +PF_RULES?=/etc/pf.conf +PF_FLAGS?= + +# random +ENTROPY_DIR?=/var/db/entropy +ENTROPY_FILE?=/var/db/entropy/random + +# rpc_umntall RPC_UMNTALL_ENABLE?=no + +# savecore +CRASHINFO_ENABLE?=no +DUMPDIR?=/var/crash Index: init.mk ================================================================== --- init.mk +++ init.mk @@ -1,21 +1,21 @@ # Meta targets TARGETS+=adjkerntz bootfs cleanvar cleartmp cloned devfs dmesg dumpon fsck \ - hostname ifconfig kld ldconfig microcode mixer mount mountlate msgs \ - newsyslog nextboot nfsclient pwcheck random root rpc_umntall runshm \ + hostname kld ldconfig microcode mixer mount mountlate msgs netif \ + newsyslog nextboot nfsclient pf pwcheck random root rpc_umntall runshm \ savecore swap sysctl sysdb wlans -DAEMON: pwcheck sysctl sysdb NETWORK SERVERS ldconfig nfsclient cleartmp +DAEMON: pwcheck sysctl sysdb NETWORK SERVERS ldconfig nfsclient cleartmp pflogd -LOGIN: DAEMON dntpd msgs powerd +LOGIN: DAEMON dntpd msgs powerd pflogd -NETWORK: ifconfig devd hostname +NETWORK: netif devd hostname SERVERS: swap mountlate syslogd newsyslog -SERVICE: ifconfig mount random hostname cleanvar +SERVICE: netif mount random hostname cleanvar # regular targets adjkerntz: random mount echo "MRC:$@> Adjust kernel timezone." @@ -107,19 +107,10 @@ hostname: echo "MRC:$@> Setting to ${HOSTNAME}." hostname ${HOSTNAME} -ifconfig: adjkerntz wlans cloned kld - echo "MRC:$@> Starting interfaces: ${IFCONFIG_IFACES}" -.for iface in ${IFCONFIG_IFACES} -.for item in ${IFCONFIG_${iface}:tW:ts;} - ifconfig ${iface} ${item} -.endfor -.undef _IFCONFIG_ARGS -.endfor - kld: bootfs .if defined(KLD_LIST) echo "MRC:$@> Loading kernel modules: ${KLD_LIST}" kldload -n ${KLD_LIST} .endif @@ -191,40 +182,61 @@ DAEMON_rpcbind_ENABLE=yes .endif nfsclient: NETWORK rpcbind rpc_umntall test -z "$${NFSCLIENT_ENABLE}" || kldload -n nfs + +netif: adjkerntz wlans cloned kld + echo "MRC:$@> Starting interfaces: ${IFCONFIG_IFACES}" +.for iface in ${IFCONFIG_IFACES} +.for item in ${IFCONFIG_${iface}:tW:ts;} + ifconfig ${iface} ${item} +.endfor +.undef _IFCONFIG_ARGS +.endfor + +pf: pflogd +.if empty(PF_ENABLE:tl:Mno) + echo "MRC:$@> Enabling and loading rules." ;\ + kldload -n pf || exit 1 ;\ + test -r ${PF_RULES} || {\ + echo "MRC:$@> Can't find file with rules at ${PF_RULES}." ;\ + exit 1 ;\ + } ;\ + pfctl -Fa || exit 1 ;\ + pfctl -f ${PF_RULES} ${PF_FLAGS} || exit 1 ;\ + pfctl -Si | grep -q Enabled && pfctl -e +.endif pwcheck: mountlate syslogd echo "MRC:$@> Checking password lock file." .if exists(/etc/ptmp) logger -s -p auth.err "password file may be incorrect -- /etc/ptmp \ exists" .endif random: mount devfs - echo "MRC:$@> Seeding." - sysctl kern.seedenable=1 > /dev/null + echo "MRC:$@> Seeding." ;\ + sysctl kern.seedenable=1 > /dev/null ;\ ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww; ) 2>&1 | \ - dd status=none of=/dev/random bs=8k - cat /bin/ls | dd status=none of=/dev/random bs=8k -.if exists(ENTROPY_DIR) # XXX -.for file in ${:!find ${ENTROPY_DIR} -type f!} - dd status=none if=${file} of=/dev/random bs=8k -.endfor -.elif exists(ENTROPY_FILE) - dd status=none if=${ENTROPY_FILE} of=/dev/random bs=8k -.endif + dd status=none of=/dev/random bs=8k ;\ + dd if=/bin/ps status=none of=/dev/random bs=8k ;\ + test -d $${ENTROPY_DIR} && {\ + find $${ENTROPY_DIR} -type f |\ + xargs -n1 -Ifoo dd status=none if=foo of=/dev/random bs=8k ;\ + } || {\ + dd status=none if=${ENTROPY_FILE} of=/dev/random bs=8k ;\ + } ;\ sysctl kern.seedenable=0 > /dev/null root: fsck bootfs echo "MRC:$@> Mount root R/W." mount -uo rw / umount -a rpc_umntall: mountlate NETWORK rpcbind -.if empty(RPC_UMNTALL_ENABLE:tl:Mno) # XXX +.if empty(RPC_UMNTALL_ENABLE:tl:Mno) echo "MRC:$@> Sending RPC unmount notifications."; \ test -f /var/db/mounttab || true && \ rpc.umntall -k & .endif ADDED pflogd.service.mk Index: pflogd.service.mk ================================================================== --- /dev/null +++ pflogd.service.mk @@ -0,0 +1,13 @@ +DAEMON_pflogd_COMMAND?=/sbin/pflogd +DAEMON_pflogd_MODULES?=pf +DAEMON_pflogd_FLAGS?=-f /var/log/pflog + +pflogd: roor mount netif +.if !empty(PFLOG_ENABLE:tl:Mno) + echo "MRC:$@> Configuring device." ;\ + kldload -n pf || exit 1 ;\ + ifconfig pflog0 up || { \ + echo "MRC:$@> Failed to set up pflog0 device." ;\ + exit 1 ;\ + } \ +.endif