On Fri, Jul 14, 2017 at 11:56:02AM +0000, Florian Obser wrote:
> next try
> - sha512
> - fixed key size
> - /etc/soii.key
> - man page tweaks from sthen & jmc and rewording by me to get rid of 48 bits
> - link local address is updated when soii flag is toggled
>
> If this is the final version I can cut up the diff and send parts if
> people prefer. But I also take OKs for the big one :)
>
> diff --git etc/rc etc/rc
> index 48e5671335f..47dc78362c2 100644
> --- etc/rc
> +++ etc/rc
> @@ -47,6 +47,14 @@ update_limit() {
> done
> }
>
> +# Apply soii.key settings.
> +soii_key() {
> + stripcom /etc/soii.key |
> + while read _line; do
> + sysctl -q "net.inet6.ip6.soiikey=$_line"
> + done
> +}
> +
> # Apply sysctl.conf(5) settings.
> sysctl_conf() {
> stripcom /etc/sysctl.conf |
> @@ -60,6 +68,7 @@ sysctl_conf() {
> update_limit -n openfiles;;
> esac
> done
> + soii_key
> }
>
> # Apply mixerctl.conf(5) settings.
> @@ -154,6 +163,11 @@ make_keys() {
> fi
>
> ssh-keygen -A
> +
> + if [[ ! -f /etc/soii.key ]]; then
> + openssl rand -hex 16 > /etc/soii.key && \
> + chmod 600 /etc/soii.key && soii_key
> + fi
> }
>
> # Re-link libraries, placing the objects in a random order.
OK for the rc parts.
