On Wed, Sep 13, 2017 at 11:58 AM, Theo de Raadt <dera...@openbsd.org> wrote: > Not going to do that. > >> Because sometimes you run not so good device, >> and you boot often. >> >> or you do not want to write on boot. >> >> ( attached file got the tabulation to apply ) >> >> Index: ./etc/rc.conf >> =================================================================== >> RCS file: /cvs/src/etc/rc.conf,v >> retrieving revision 1.213 >> diff -u -p -r1.213 rc.conf >> --- ./etc/rc.conf 26 Feb 2017 16:51:18 -0000 1.213 >> +++ ./etc/rc.conf 13 Sep 2017 14:35:21 -0000 >> @@ -51,6 +51,7 @@ rarpd_flags=NO >> rbootd_flags=NO >> relayd_flags=NO >> rebound_flags=NO >> +reorder= # NO to disable relink on boot >> ripd_flags=NO >> route6d_flags=NO # be sure to set net.inet6.ip6.forwarding=1 >> rtadvd_flags=NO # for normal use: list of interfaces >> Index: ./etc/rc >> =================================================================== >> RCS file: /cvs/src/etc/rc,v >> retrieving revision 1.493 >> diff -u -p -r1.493 rc >> --- ./etc/rc 26 Feb 2017 16:51:18 -0000 1.493 >> +++ ./etc/rc 13 Sep 2017 14:35:21 -0000 >> @@ -411,7 +411,7 @@ mount -s /var >/dev/null 2>&1 >> >> random_seed >> >> -reorder_libs >> +[[ $reorder != NO ]] && reorder_libs $reorder >> >> # Clean up left-over files. >> rm -f /etc/nologin /var/spool/lock/LCK.* >> >> -- >> -- >> ------------------------------------------------------------ --------------------------------------------------------- >> Knowing is not enough; we must apply. Willing is not enough; we must do >> >> --001a113fee683ba8120559132126 >> Content-Type: application/octet-stream; name=diff >> Content-Disposition: attachment; filename=diff >> Content-Transfer-Encoding: base64 >> X-Attachment-Id: f_j7j4r11g0 >> >> SW5kZXg6IC4vZXRjL3JjLmNvbmYNCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09 >> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAv Y3ZzL3NyYy9ldGMv >> cmMuY29uZix2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMjEzDQpkaWZmIC11 IC1wIC1yMS4yMTMg >> cmMuY29uZg0KLS0tIC4vZXRjL3JjLmNvbmYJMjYgRmViIDIwMTcgMTY6NTE6 MTggLTAwMDAJMS4y >> MTMNCisrKyAuL2V0Yy9yYy5jb25mCTEzIFNlcCAyMDE3IDE0OjM1OjIxIC0w MDAwDQpAQCAtNTEs >> NiArNTEsNyBAQCByYXJwZF9mbGFncz1OTw0KIHJib290ZF9mbGFncz1OTw0K IHJlbGF5ZF9mbGFn >> cz1OTw0KIHJlYm91bmRfZmxhZ3M9Tk8NCityZW9yZGVyX2ZsYWdzPQkJIyBO TyB0byBkaXNhYmxl >> IHJlbGluayBvbiBib290DQogcmlwZF9mbGFncz1OTw0KIHJvdXRlNmRfZmxh Z3M9Tk8JIyBiZSBz >> dXJlIHRvIHNldCBuZXQuaW5ldDYuaXA2LmZvcndhcmRpbmc9MQ0KIHJ0YWR2 ZF9mbGFncz1OTwkJ >> IyBmb3Igbm9ybWFsIHVzZTogbGlzdCBvZiBpbnRlcmZhY2VzDQpJbmRleDog Li9ldGMvcmMNCj09 >> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09 >> PT09PT09PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMvcmMsdg0KcmV0cmll dmluZyByZXZpc2lv >> biAxLjQ5Mw0KZGlmZiAtdSAtcCAtcjEuNDkzIHJjDQotLS0gLi9ldGMvcmMJ MjYgRmViIDIwMTcg >> MTY6NTE6MTggLTAwMDAJMS40OTMNCisrKyAuL2V0Yy9yYwkxMyBTZXAgMjAx NyAxNDozNToyMSAt >> MDAwMA0KQEAgLTQxMSw3ICs0MTEsNyBAQCBtb3VudCAtcyAvdmFyID4vZGV2 L251bGwgMj4mMQ0K >> IA0KIHJhbmRvbV9zZWVkDQogDQotcmVvcmRlcl9saWJzDQorW1sgJHJlb3Jk ZXJfZmxhZ3MgIT0g >> Tk8gXV0gJiYgcmVvcmRlcl9saWJzICRyZW9yZGVyX2ZsYWdzDQogDQogIyBD bGVhbiB1cCBsZWZ0 >> LW92ZXIgZmlsZXMuDQogcm0gLWYgL2V0Yy9ub2xvZ2luIC92YXIvc3Bvb2wv bG9jay9MQ0suKg0K >> --001a113fee683ba8120559132126 >> Content-Type: application/octet-stream; name="diff.noflag" >> Content-Disposition: attachment; filename="diff.noflag" >> Content-Transfer-Encoding: base64 >> X-Attachment-Id: f_j7j4r1211 >> >> SW5kZXg6IC4vZXRjL3JjLmNvbmYNCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09 >> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAv Y3ZzL3NyYy9ldGMv >> cmMuY29uZix2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMjEzDQpkaWZmIC11 IC1wIC1yMS4yMTMg >> cmMuY29uZg0KLS0tIC4vZXRjL3JjLmNvbmYJMjYgRmViIDIwMTcgMTY6NTE6 MTggLTAwMDAJMS4y >> MTMNCisrKyAuL2V0Yy9yYy5jb25mCTEzIFNlcCAyMDE3IDE0OjM1OjIxIC0w MDAwDQpAQCAtNTEs >> NiArNTEsNyBAQCByYXJwZF9mbGFncz1OTw0KIHJib290ZF9mbGFncz1OTw0K IHJlbGF5ZF9mbGFn >> cz1OTw0KIHJlYm91bmRfZmxhZ3M9Tk8NCityZW9yZGVyPQkJIyBOTyB0byBk aXNhYmxlIHJlbGlu >> ayBvbiBib290DQogcmlwZF9mbGFncz1OTw0KIHJvdXRlNmRfZmxhZ3M9Tk8J IyBiZSBzdXJlIHRv >> IHNldCBuZXQuaW5ldDYuaXA2LmZvcndhcmRpbmc9MQ0KIHJ0YWR2ZF9mbGFn cz1OTwkJIyBmb3Ig >> bm9ybWFsIHVzZTogbGlzdCBvZiBpbnRlcmZhY2VzDQpJbmRleDogLi9ldGMv cmMNCj09PT09PT09 >> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09 >> PT0NClJDUyBmaWxlOiAvY3ZzL3NyYy9ldGMvcmMsdg0KcmV0cmlldmluZyBy ZXZpc2lvbiAxLjQ5 >> Mw0KZGlmZiAtdSAtcCAtcjEuNDkzIHJjDQotLS0gLi9ldGMvcmMJMjYgRmVi IDIwMTcgMTY6NTE6 >> MTggLTAwMDAJMS40OTMNCisrKyAuL2V0Yy9yYwkxMyBTZXAgMjAxNyAxNDoz NToyMSAtMDAwMA0K >> QEAgLTQxMSw3ICs0MTEsNyBAQCBtb3VudCAtcyAvdmFyID4vZGV2L251bGwg Mj4mMQ0KIA0KIHJh >> bmRvbV9zZWVkDQogDQotcmVvcmRlcl9saWJzDQorW1sgJHJlb3JkZXIgIT0g Tk8gXV0gJiYgcmVv >> cmRlcl9saWJzICRyZW9yZGVyDQogDQogIyBDbGVhbiB1cCBsZWZ0LW92ZXIg ZmlsZXMuDQogcm0g >> LWYgL2V0Yy9ub2xvZ2luIC92YXIvc3Bvb2wvbG9jay9MQ0suKg0K >> --001a113fee683ba8120559132126-- >> >
Sorry, i did not know the stuff was sending text file like that. The diff, from HEAD this time. https://pastebin.com/ALwDcDRA -- Index: ./etc/rc =================================================================== RCS file: /cvs/src/etc/rc,v retrieving revision 1.517 diff -u -p -r1.517 rc --- ./etc/rc 29 Aug 2017 16:56:13 -0000 1.517 +++ ./etc/rc 13 Sep 2017 23:18:00 -0000 @@ -440,7 +440,7 @@ mount -s /var >/dev/null 2>&1 random_seed -reorder_libs +[[ $reorder != NO ]] && reorder_libs # Clean up left-over files. rm -f /etc/nologin /var/spool/lock/LCK.* @@ -601,7 +601,7 @@ echo '.' # Re-link the kernel, placing the objects in a random order. # Replace current with relinked kernel and inform root about it. -/usr/libexec/reorder_kernel & +[[ $reorder != NO ]] && /usr/libexec/reorder_kernel & date exit 0 Index: ./etc/rc.conf =================================================================== RCS file: /cvs/src/etc/rc.conf,v retrieving revision 1.216 diff -u -p -r1.216 rc.conf --- ./etc/rc.conf 30 May 2017 12:04:26 -0000 1.216 +++ ./etc/rc.conf 13 Sep 2017 23:18:00 -0000 @@ -93,6 +93,7 @@ pf=YES # Packet filter / NAT ipsec=NO # IPsec check_quotas=YES # NO may be desirable in some YP environments accounting=NO # process accounting (using /var/account/acct) +reorder=YES # Kernel and libs address mitigation # Multicast routing configuration # Please look at netstart(8) for a detailed description if you change these -- -- ------------------------------------------------------------ --------------------------------------------------------- Knowing is not enough; we must apply. Willing is not enough; we must do
