summaryrefslogtreecommitdiff
path: root/extra/openrc
diff options
context:
space:
mode:
authordavidovski <david@davidovski.xyz>2022-05-04 23:52:30 +0100
committerdavidovski <david@davidovski.xyz>2022-05-04 23:52:30 +0100
commit739c65c54cb0e957df5e9b76f93fb02554e5cac3 (patch)
tree09ddfa0a342f3ea9de136cb50abdd79821bf1b53 /extra/openrc
parent4c585ad54388285500fd18a6aaa516894e0f2c16 (diff)
moved everything to new file formatting
Diffstat (limited to 'extra/openrc')
-rw-r--r--extra/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch25
-rw-r--r--extra/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch35
-rw-r--r--extra/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch70
-rw-r--r--extra/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch70
-rw-r--r--extra/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch31
-rw-r--r--extra/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch101
-rw-r--r--extra/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch47
-rw-r--r--extra/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch44
-rw-r--r--extra/openrc/0009-fix-bootmisc-mv-error.patch27
-rw-r--r--extra/openrc/0010-noexec-devfs.patch14
-rw-r--r--extra/openrc/firstboot.initd34
-rw-r--r--extra/openrc/hostname.initd18
-rw-r--r--extra/openrc/hwdrivers.initd32
-rw-r--r--extra/openrc/machine-id.initd17
-rw-r--r--extra/openrc/modloop.confd6
-rwxr-xr-xextra/openrc/modloop.initd153
-rw-r--r--extra/openrc/modules.initd80
-rw-r--r--extra/openrc/networking.initd88
-rw-r--r--extra/openrc/openrc.logrotate4
-rw-r--r--extra/openrc/openrc.post-install38
-rw-r--r--extra/openrc/openrc.post-upgrade35
-rw-r--r--extra/openrc/rc.conf313
-rw-r--r--extra/openrc/seedrng.patch640
-rw-r--r--extra/openrc/sysctl.initd87
-rw-r--r--extra/openrc/sysfsconf.initd66
-rw-r--r--extra/openrc/test-networking.sh65
26 files changed, 0 insertions, 2140 deletions
diff --git a/extra/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch b/extra/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
deleted file mode 100644
index 3d41060..0000000
--- a/extra/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 78245081fe109ed7777b79ba9c99890d56c21272 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 1 Feb 2017 04:04:52 +0000
-Subject: [PATCH] call /sbin/mkmntdirs in localmount OpenRC service
-
----
- init.d/localmount.in | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/init.d/localmount.in b/init.d/localmount.in
-index c571504a..14189396 100644
---- a/init.d/localmount.in
-+++ b/init.d/localmount.in
-@@ -21,6 +21,8 @@ depend()
-
- start()
- {
-+ [ -x /sbin/mkmntdirs ] && mkmntdirs
-+
- # Mount local filesystems in /etc/fstab.
- # The types variable must start with no, and must be a type
- local critical= types="noproc" x= no_netdev= rc=
---
-2.33.1
-
diff --git a/extra/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch b/extra/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch
deleted file mode 100644
index 1d79818..0000000
--- a/extra/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From b143f35a45d59708365a52e329fd8caa6475a9bb Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Tue, 28 Nov 2017 13:35:10 +0100
-Subject: [PATCH] fsck: don't add -C0 to busybox fsck
-
----
- init.d/fsck.in | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/init.d/fsck.in b/init.d/fsck.in
-index 7052d808..99a9ae4f 100644
---- a/init.d/fsck.in
-+++ b/init.d/fsck.in
-@@ -82,7 +82,7 @@ start()
- local skiptypes
- skiptypes=$(printf 'no%s,' ${net_fs_list} ${extra_net_fs_list})
- [ "${skiptypes}" = "no," ] && skiptypes=""
-- fsck_opts="$fsck_opts -C0 -T -t ${skiptypes}noopts=_netdev"
-+ fsck_opts="$fsck_opts -T -t ${skiptypes}noopts=_netdev"
- if [ -z "$fsck_passno" -a -z "$fsck_mnt" ]; then
- fsck_args=${fsck_args:--A -p}
- if echo 2>/dev/null >/.test.$$; then
-@@ -90,6 +90,9 @@ start()
- fsck_opts="$fsck_opts -R"
- fi
- fi
-+ if [ "$(readlink -f $(which fsck))" != "/bin/busybox" ]; then
-+ fsck_opts="$fsck_opts -C0"
-+ fi
- fi
-
- trap : INT QUIT
---
-2.33.1
-
diff --git a/extra/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch b/extra/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
deleted file mode 100644
index 546ccb7..0000000
--- a/extra/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 17f33c1968a51484eefdafbfb5b8fef5ac13d215 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 1 Feb 2017 04:17:14 +0000
-Subject: [PATCH] rc: pull in sysinit and boot as stacked levels when needed
-
-We need start services from sysinit and boot runlevel, even if the new
-runlevel is empty.
-
-This fixes problem introduced with commit 7716bf31 (Fix stacked runlevel
-support), at which the start_services list are no longer used to start
-the services.
-
-This also make sure that all services in sysinit and boot runlevels are
-started before switching to next. This was not guaranteed when switching
-to a non-empty runlevel.
-
-Fixes issue #54.
----
- src/rc/rc.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/rc/rc.c b/src/rc/rc.c
-index ef46925d..82786074 100644
---- a/src/rc/rc.c
-+++ b/src/rc/rc.c
-@@ -729,6 +729,7 @@ int main(int argc, char **argv)
- const char *bootlevel = NULL;
- char *newlevel = NULL;
- const char *systype = NULL;
-+ RC_STRINGLIST *runlevel_chain;
- RC_STRINGLIST *deporder = NULL;
- RC_STRINGLIST *tmplist;
- RC_STRING *service;
-@@ -986,6 +987,7 @@ int main(int argc, char **argv)
- main_hotplugged_services = rc_services_in_state(RC_SERVICE_HOTPLUGGED);
- main_start_services = rc_services_in_runlevel_stacked(newlevel ?
- newlevel : runlevel);
-+ runlevel_chain = rc_runlevel_stacks(newlevel ? newlevel : runlevel);
- if (strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SHUTDOWN) != 0 &&
- strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SYSINIT) != 0)
- {
-@@ -1003,6 +1005,7 @@ int main(int argc, char **argv)
- tmplist = rc_services_in_runlevel(bootlevel);
- TAILQ_CONCAT(main_start_services, tmplist, entries);
- free(tmplist);
-+ rc_stringlist_add(runlevel_chain, bootlevel);
- }
- if (main_hotplugged_services) {
- TAILQ_FOREACH(service, main_hotplugged_services,
-@@ -1011,6 +1014,7 @@ int main(int argc, char **argv)
- service->value);
- }
- }
-+ rc_stringlist_add(runlevel_chain, RC_LEVEL_SYSINIT);
- }
-
- parallel = rc_conf_yesno("rc_parallel");
-@@ -1067,9 +1071,6 @@ int main(int argc, char **argv)
-
- /* If we have a list of services to start then... */
- if (main_start_services) {
-- /* Get a list of the chained runlevels which compose the target runlevel */
-- RC_STRINGLIST *runlevel_chain = rc_runlevel_stacks(runlevel);
--
- /* Loop through them in reverse order. */
- RC_STRING *rlevel;
- TAILQ_FOREACH_REVERSE(rlevel, runlevel_chain, rc_stringlist, entries)
---
-2.33.1
-
diff --git a/extra/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch b/extra/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch
deleted file mode 100644
index b92b5ac..0000000
--- a/extra/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 613fb7f437c42e0ed01b2366b597598235e64a2d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
-Date: Wed, 17 Aug 2016 17:52:58 +0200
-Subject: [PATCH] make consolefont service compatible with busyboxs setfont
- applet
-
-Compared to kdbs setfont program it doesn't support -O and -m.
----
- conf.d/consolefont | 11 ++---------
- init.d/consolefont.in | 7 ++-----
- 2 files changed, 4 insertions(+), 14 deletions(-)
-
-diff --git a/conf.d/consolefont b/conf.d/consolefont
-index e01ae842..75544b2f 100644
---- a/conf.d/consolefont
-+++ b/conf.d/consolefont
-@@ -3,16 +3,9 @@
- #
- # consolefont specifies the default font that you'd like Linux to use on the
- # console. You can find a good selection of fonts in /usr/share/consolefonts;
--# you shouldn't specify the trailing ".psf.gz", just the font name below.
--# To use the default console font, comment out the CONSOLEFONT setting below.
--consolefont="default8x16"
-+consolefont="default8x16.psf.gz"
-
- # consoletranslation is the charset map file to use. Leave commented to use
- # the default one. Have a look in /usr/share/consoletrans for a selection of
- # map files you can use.
--#consoletranslation="8859-1_to_uni"
--
--# unicodemap is the unicode map file to use. Leave commented to use the
--# default one. Have a look in /usr/share/unimaps for a selection of map files
--# you can use.
--#unicodemap="iso01"
-+#consoletranslation="8859-1_to_uni.trans"
-diff --git a/init.d/consolefont.in b/init.d/consolefont.in
-index d65dd14c..ccb6ee87 100644
---- a/init.d/consolefont.in
-+++ b/init.d/consolefont.in
-@@ -22,7 +22,6 @@ start()
- {
- ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
- consolefont=${consolefont:-${CONSOLEFONT}}
-- unicodemap=${unicodemap:-${UNICODEMAP}}
- consoletranslation=${consoletranslation:-${CONSOLETRANSLATION}}
-
- if [ -z "$consolefont" ]; then
-@@ -43,9 +42,6 @@ start()
- if [ -n "$consoletranslation" ]; then
- param="$param -m $consoletranslation"
- fi
-- if [ -n "${unicodemap}" ]; then
-- param="$param -u $unicodemap"
-- fi
-
- # Set the console font
- ebegin "Setting console font [$consolefont]"
-@@ -63,7 +59,8 @@ start()
- # Store the font so we can use it ASAP on boot
- if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then
- mkdir -p "$RC_LIBEXECDIR"/console
-- setfont -O "$RC_LIBEXECDIR"/console/font
-+ zcat "/usr/share/consolefonts/$consolefont" \
-+ > "$RC_LIBEXECDIR"/console/font
- fi
-
- return $retval
---
-2.33.1
-
diff --git a/extra/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch b/extra/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
deleted file mode 100644
index f25d984..0000000
--- a/extra/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From a07970bf087c089f467eefa30c2476f17f6e9536 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
-Date: Thu, 7 Mar 2019 16:55:53 +0100
-Subject: [PATCH] Support early loading of keymap if kbd is installed
-
-Early loading of the keymap with busybox was never supported and would
-require modifying the save-keymaps services as well. Since no one
-complained that it doesn't work with busybox so far just make it work
-with kbd for now.
----
- sh/init-early.sh.Linux.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/sh/init-early.sh.Linux.in b/sh/init-early.sh.Linux.in
-index f304e924..7571ff3d 100644
---- a/sh/init-early.sh.Linux.in
-+++ b/sh/init-early.sh.Linux.in
-@@ -48,8 +48,8 @@ if service_present "$RC_DEFAULTLEVEL" consolefont ||
- fi
-
- # Try and set a keyboard map as early as possible
--if service_present "$RC_DEFAULTLEVEL" keymaps ||
-- service_present "$RC_BOOTLEVEL" keymaps; then
-+if service_present "$RC_DEFAULTLEVEL" loadkeys ||
-+ service_present "$RC_BOOTLEVEL" loadkeys; then
- kbd_mode $kmode -C "$CONSOLE" 2>/dev/null
- if [ -r "$RC_LIBEXECDIR"/console/keymap ]; then
- loadkeys -q "$RC_LIBEXECDIR"/console/keymap 2>/dev/null
---
-2.33.1
-
diff --git a/extra/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch b/extra/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch
deleted file mode 100644
index 6f7ed69..0000000
--- a/extra/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From c250503412b061e69a99cfe12514e47fc06b5885 Mon Sep 17 00:00:00 2001
-From: Ariadne Conill <ariadne@dereferenced.org>
-Date: Fri, 14 Feb 2020 16:02:43 +0000
-Subject: [PATCH] Add support for starting services in a specified VRF.
-
-The venerable iproute2 utility has recently introduced support
-for executing programs in specific VRFs which are virtualized
-routing tables. These are typically used to isolate different
-networking planes from each other, for security or flexibility
-reasons.
-
-Services which use the normal supervisor/start-stop-daemon
-pattern can be configured by setting the vrf variable in the
-/etc/conf.d tree for the service.
-
-This allows for things like configuring the sshd service to
-run in a management VRF, which is useful for high assurance
-environments where the management plane is intended to be
-isolated.
-
-Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
----
- sh/openrc-run.sh.in | 6 ++++++
- sh/runit.sh | 2 +-
- sh/s6.sh | 2 +-
- sh/start-stop-daemon.sh | 2 +-
- sh/supervise-daemon.sh | 2 +-
- 5 files changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/sh/openrc-run.sh.in b/sh/openrc-run.sh.in
-index 5c84af45..a1f374b0 100644
---- a/sh/openrc-run.sh.in
-+++ b/sh/openrc-run.sh.in
-@@ -236,6 +236,12 @@ if ! sourcex -e "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL"; then
- fi
- unset _conf_d
-
-+# If we are configured to run in a VRF, provide a hint for that
-+RC_VRF_EXEC=""
-+if [ -n "$vrf" ]; then
-+ RC_VRF_EXEC="/sbin/ip vrf exec $vrf"
-+fi
-+
- # load service supervisor functions
- sourcex "@LIBEXECDIR@/sh/runit.sh"
- sourcex "@LIBEXECDIR@/sh/s6.sh"
-diff --git a/sh/runit.sh b/sh/runit.sh
-index 5d82c9f6..c0186a43 100644
---- a/sh/runit.sh
-+++ b/sh/runit.sh
-@@ -23,7 +23,7 @@ runit_start()
- local i=0 retval=1
- # it can take upto 5 seconds for runsv to start
- while [ $i -lt 6 ] ; do
-- if sv start "${service_link}" > /dev/null 2>&1; then
-+ if ${RC_VRF_EXEC} sv start "${service_link}" > /dev/null 2>&1; then
- retval=0
- break
- fi
-diff --git a/sh/s6.sh b/sh/s6.sh
-index acbe965b..1f339703 100644
---- a/sh/s6.sh
-+++ b/sh/s6.sh
-@@ -37,7 +37,7 @@ s6_start()
- ln -sf "${s6_service_path}" "${s6_service_link}"
- s6-svscanctl -na "${RC_SVCDIR}"/s6-scan
- sleep 1.5
-- s6-svc -u "${s6_service_link}"
-+ ${RC_VRF_EXEC} s6-svc -u "${s6_service_link}"
- if [ -n "$s6_svwait_options_start" ]; then
- s6-svwait ${s6_svwait_options_start} "${s6_service_link}"
- fi
-diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh
-index 2e549ae1..5e7a1b88 100644
---- a/sh/start-stop-daemon.sh
-+++ b/sh/start-stop-daemon.sh
-@@ -45,7 +45,7 @@ ssd_start()
- #the eval call is necessary for cases like:
- # command_args="this \"is a\" test"
- # to work properly.
-- eval start-stop-daemon --start \
-+ eval ${RC_VRF_EXEC} start-stop-daemon --start \
- --exec $command \
- ${chroot:+--chroot} $chroot \
- ${directory:+--chdir} $directory \
-diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh
-index e403a789..259b8166 100644
---- a/sh/supervise-daemon.sh
-+++ b/sh/supervise-daemon.sh
-@@ -24,7 +24,7 @@ supervise_start()
- # The eval call is necessary for cases like:
- # command_args="this \"is a\" test"
- # to work properly.
-- eval supervise-daemon "${RC_SVCNAME}" --start \
-+ eval ${RC_VRF_EXEC} supervise-daemon "${RC_SVCNAME}" --start \
- ${retry:+--retry} $retry \
- ${directory:+--chdir} $directory \
- ${chroot:+--chroot} $chroot \
---
-2.33.1
-
diff --git a/extra/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch b/extra/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
deleted file mode 100644
index 34100ef..0000000
--- a/extra/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From f406231dc9a49b67ca558983de80513f95078309 Mon Sep 17 00:00:00 2001
-From: Ariadne Conill <ariadne@dereferenced.org>
-Date: Wed, 8 Sep 2021 23:51:11 -0600
-Subject: [PATCH] Clean up staticroute config - remove irrelevant parts (for
- BSD, Hurd) and suggest that route(8) is legacy.
-
----
- conf.d/staticroute | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/conf.d/staticroute b/conf.d/staticroute
-index 19d0961f..49d0e0bb 100644
---- a/conf.d/staticroute
-+++ b/conf.d/staticroute
-@@ -1,26 +1,9 @@
--# Static routes are defined differently depending on your operating
--# system, so please be sure to use the correct syntax.
- # Do not use this file to define the default route.
- # In all settings, multiple routes should be separated using ; or new lines.
-
--# Define static routes on Linux using route. See route(8) for syntax.
--#staticroute="net 192.168.0.0 netmask 255.255.255.0 gw 10.73.1.1
--#net 192.168.1.0 netmask 255.255.255.0 gw 10.73.1.1"
--
- # Define static routes on Linux using iproute2. See ip(8) for syntax.
- #staticiproute="192.168.0.0/24 via 10.73.1.1; 192.168.1.0/24 via 10.73.1.1"
-
--# Define static routes on GNU/Hurd. See route(8) for syntax.
--# /etc/route.conf(5) takes precedence over this configuration.
--# FIXME: "net ..." not supported
--#staticroute="net 192.168.0.0 -netmask 255.255.255.0 --address 10.73.1.1
--#net 192.168.1.0 -netmask 255.255.255.0 --address 10.73.1.1"
--
--# Define static routes on GNU/KFreeBSD. See route(8) for syntax.
--#staticroute="net 192.168.0.0 10.73.1.1 netmask 255.255.255.0
--#net 192.168.1.0 10.73.1.1 netmask 255.255.255.0"
--
--# Define static routes on other BSD systems. See route(8) for syntax.
--# /etc/route.conf(5) takes precedence over this configuration.
--#staticroute="net 192.168.0.0 -netmask 255.255.255.0 10.73.1.1
--#net 192.168.1.0 -netmask 255.255.255.0 10.73.1.1"
-+# Or define static routes on Linux using route (legacy). See route(8) for syntax.
-+#staticroute="net 192.168.0.0 netmask 255.255.255.0 gw 10.73.1.1
-+#net 192.168.1.0 netmask 255.255.255.0 gw 10.73.1.1"
---
-2.33.1
-
diff --git a/extra/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch b/extra/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
deleted file mode 100644
index f498d05..0000000
--- a/extra/openrc/0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From a756576ae62e4f24a2ea36e87053187cdfc1be63 Mon Sep 17 00:00:00 2001
-From: Ariadne Conill <ariadne@dereferenced.org>
-Date: Wed, 13 Oct 2021 21:12:10 -0600
-Subject: [PATCH] bootmisc: switch wipe_tmp setting to no by default
-
-When wipe_tmp=yes, an insufficiently bounded rm -rf occurs that,
-under specific unknown circumstances, can escape into other filesystems
-resulting in data loss.
-
-See alpine/aports#13070.
----
- conf.d/bootmisc | 2 +-
- init.d/bootmisc.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/conf.d/bootmisc b/conf.d/bootmisc
-index dd5b08e0..5cf18d33 100644
---- a/conf.d/bootmisc
-+++ b/conf.d/bootmisc
-@@ -3,7 +3,7 @@ clean_tmp_dirs="/tmp"
-
- # Should we wipe the tmp paths completely or just selectively remove known
- # locks / files / etc... ?
--wipe_tmp="YES"
-+wipe_tmp="NO"
-
- # Write the initial dmesg log into /var/log/dmesg after boot
- # This may be useful if you need the kernel boot log afterwards
-diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
-index b1a849a3..8485110a 100644
---- a/init.d/bootmisc.in
-+++ b/init.d/bootmisc.in
-@@ -17,7 +17,7 @@ depend()
- keyword -prefix -timeout
- }
-
--: ${wipe_tmp:=${WIPE_TMP:-yes}}
-+: ${wipe_tmp:=${WIPE_TMP:-no}}
- : ${log_dmesg:=${LOG_DMESG:-yes}}
-
- cleanup_tmp_dir()
---
-2.33.1
-
diff --git a/extra/openrc/0009-fix-bootmisc-mv-error.patch b/extra/openrc/0009-fix-bootmisc-mv-error.patch
deleted file mode 100644
index e87f9bb..0000000
--- a/extra/openrc/0009-fix-bootmisc-mv-error.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Dermot Bradley <dermot_bradley@yahoo.com>
-Date: Sat, 29 Jan 2022 19:28 +0000
-Subject: prevent a bootmisc trying to move a nonexistant file
-
-During boot if the "previous_dmesg" setting is enabled in
-/etc/conf.d/bootmisc then during the 1st boot of a machine the
-bootmisc init.d script will attempt to move a nonexistant dmesg
-file, so generating an error on the console.
-
-Modify the script to only move an existing file.
-
-Upstream has merged this as PR 496 so it will be in the next release.
-
----
-
-diff -aur a/init.d/bootmisc.in b/init.d/bootmisc.in
---- a/init.d/bootmisc.in
-+++ b/init.d/bootmisc.in
-@@ -226,7 +226,7 @@
- case "$RC_SYS" in
- VSERVER|OPENVZ|LXC|SYSTEMD-NSPAWN) ;;
- *)
-- if yesno ${previous_dmesg:-no}; then
-+ if yesno ${previous_dmesg:-no} && [ -e /var/log/dmesg ]; then
- mv /var/log/dmesg /var/log/dmesg.old
- fi
- dmesg > /var/log/dmesg
diff --git a/extra/openrc/0010-noexec-devfs.patch b/extra/openrc/0010-noexec-devfs.patch
deleted file mode 100644
index 9a8928c..0000000
--- a/extra/openrc/0010-noexec-devfs.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/init.d/devfs.in
-+++ b/init.d/devfs.in
-@@ -24,8 +24,9 @@ mount_dev()
- action=--mount
- conf_d_dir="${RC_SERVICE%/*/*}/conf.d"
- msg=Mounting
-- # Some devices require exec, Bug #92921
-- mountopts="exec,nosuid,mode=0755"
-+ # Some devices require exec, https://bugs.gentoo.org/92921
-+ # Users with such requirements can use an fstab entry for /dev
-+ mountopts="noexec,nosuid,mode=0755"
- if yesno ${skip_mount_dev:-no} ; then
- einfo "/dev will not be mounted due to user request"
- return 0
diff --git a/extra/openrc/firstboot.initd b/extra/openrc/firstboot.initd
deleted file mode 100644
index eac4ef8..0000000
--- a/extra/openrc/firstboot.initd
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/sbin/openrc-run
-
-# The first boot init service
-
-# read kernel options
-init_KOPT() {
- eval "set -- $(cat /proc/cmdline 2>/dev/null)"
- for opt; do
- case "$opt" in
- ssh_*=*)
- eval "KOPT_${opt%%=*}='${opt#*=}'" ;;
- esac
- done
-}
-
-start() {
- rm -f /etc/runlevels/*/$RC_SVCNAME
- init_KOPT
- local rc=0
- ebegin "Starting ${RC_SVCNAME}"
- if [ -n "$KOPT_ssh_key" ] && [ ! -f "/root/.ssh/authorized_keys" ]; then
- einfo "Fetching ssh keys"
- mkdir -pm 700 /root/.ssh
- checkpath -fm 0600 /root/.ssh/authorized_keys
- case "$KOPT_ssh_key" in
- https://*|ftps://*|http://*)
- wget -q "$KOPT_ssh_key" -O /root/.ssh/authorized_keys
- rc=$?;;
- *) echo "$KOPT_ssh_key" > /root/.ssh/authorized_keys;;
- esac
- fi
- eend $rc
-}
-
diff --git a/extra/openrc/hostname.initd b/extra/openrc/hostname.initd
deleted file mode 100644
index 4581595..0000000
--- a/extra/openrc/hostname.initd
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/sbin/openrc-run
-
-description="Sets the hostname of the machine."
-
-depend() {
- keyword -prefix -lxc -docker
-}
-
-start() {
- if [ -s /etc/hostname ] ; then
- name=$(cat /etc/hostname)
- else
- name="${hostname:-localhost}"
- fi
- ebegin "Setting hostname"
- hostname $name
- eend $?
-}
diff --git a/extra/openrc/hwdrivers.initd b/extra/openrc/hwdrivers.initd
deleted file mode 100644
index 80184c9..0000000
--- a/extra/openrc/hwdrivers.initd
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/sbin/openrc-run
-
-depend() {
- need sysfs dev
- before checkfs fsck
- after modloop
- keyword -vserver -lxc
-}
-
-# Load hardware drivers
-start() {
- # check for boot option "nocoldplug"
- if get_bootparam noautodetect; then
- ewarn "Autodetection of hardware disabled from boot cmdline"
- return 0
- fi
-
- ebegin "Loading hardware drivers"
- find /sys -name modalias -type f -print0 | xargs -0 sort -u \
- | xargs modprobe -b -a 2> /dev/null
- # we run it twice so we detect all devices
- find /sys -name modalias -type f -print0 | xargs -0 sort -u \
- | xargs modprobe -b -a 2> /dev/null
-
- # check if framebuffer drivers got pulled in
- if [ -e /dev/fb0 ] && ! [ -e /sys/module/fbcon ]; then
- modprobe -b -q fbcon
- fi
-
- eend 0
-}
-
diff --git a/extra/openrc/machine-id.initd b/extra/openrc/machine-id.initd
deleted file mode 100644
index bdd0698..0000000
--- a/extra/openrc/machine-id.initd
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/sbin/openrc-run
-
-description="Generate machine-id if needed"
-
-depend() {
- need root dev
-}
-
-start() {
- if [ -s /etc/machine-id ] ; then
- return 0
- fi
- ebegin "Generating machine-id"
- dd if=/dev/urandom status=none bs=16 count=1 \
- | md5sum | cut -d' ' -f1 > /etc/machine-id
- eend $?
-}
diff --git a/extra/openrc/modloop.confd b/extra/openrc/modloop.confd
deleted file mode 100644
index 6966429..0000000
--- a/extra/openrc/modloop.confd
+++ /dev/null
@@ -1,6 +0,0 @@
-# Enable loadable module support when running from RAM
-# when OverlayFS support is available in the kernel.
-# 0 means default tmpfs size (50% of physical RAM).
-# for more information please see kernel documention at:
-# https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt
-overlay_size=0
diff --git a/extra/openrc/modloop.initd b/extra/openrc/modloop.initd
deleted file mode 100755
index fb7006c..0000000
--- a/extra/openrc/modloop.initd
+++ /dev/null
@@ -1,153 +0,0 @@
-#!/sbin/openrc-run
-
-# script that will mount image with modules
-
-depend() {
- after dev-mount
- before checkfs fsck hwdrivers modules hwclock dev sysfs
- keyword -vserver -lxc
-}
-
-# read kernel options
-init_KOPT() {
- for opt in $(cat /proc/cmdline 2>/dev/null); do
- case "$opt" in
- modloop=*|modloop_verify=*)
- eval "KOPT_${opt%%=*}='${opt#*=}'" ;;
- esac
- done
-}
-
-mountdirs() {
- awk '$2 !~ /^\/(sys|proc|dev|run)/ && $2 != "/" {print $2}' /proc/mounts
-}
-
-find_modloop() {
- local dir="$1"
- local kver=$(uname -r)
- local oifs="$IFS"
- IFS=$'\n'
- set -- $(blkid "$dir"/boot/* "$dir"/*)
- IFS="$oifs"
- for line; do
- img=${line%%:*}
- verify_modloop "$img" || eerror "Failed to verify signature of $img!"
- mount "$img" -o loop,ro /.modloop || continue
- if [ -d /.modloop/modules/$kver ]; then
- return 0
- fi
- umount /.modloop
- done
- return 1
-}
-
-verify_modloop() {
- local modloop=$1 key=
- if ! yesno "${KOPT_modloop_verify:=yes}"; then
- return 0
- fi
- for key in /etc/apk/keys/*.pub; do
- local sig=/var/cache/misc/${modloop##*/}.SIGN.RSA.${key##*/}
- if [ -f "$sig" ]; then
- if ! command -v openssl > /dev/null; then
- ewarn "Missing openssl. Modloop verification disabled!"
- return 0
- fi
- einfo "Verifying modloop"
- openssl dgst -sha1 -verify "$key" -signature "$sig" "$modloop" \
- >/dev/null 2>&1 || return 1
- fi
- done
-}
-
-find_backing_file() {
- local dir="$1"
- local dev=$(df -P "$dir" | tail -1 | awk '{print $1}')
- cat /sys/block/${dev#/dev/}/loop/backing_file 2>/dev/null
-}
-
-start() {
- local modloop= mount_opts= modloop_dldir="/lib"
- init_KOPT
-
- case "$KOPT_modloop" in
- none) return 0;;
- http://*|https://*|ftp://*)
- modloop=$modloop_dldir/${KOPT_modloop##*/}
- if [ ! -f "$modloop" ]; then
- mkdir -p "$modloop_dldir"
- wget -P "$modloop_dldir" "$KOPT_modloop" || eend 1
- fi
- ;;
- *)
- for dir in $(mountdirs); do
- if [ -f "$dir"/$KOPT_modloop ]; then
- modloop="$dir/${KOPT_modloop##/}"
- alpine_mnt="$dir"
- break
- fi
- done
- ;;
- esac
-
- ebegin "Mounting modloop $modloop"
- mkdir -p /.modloop
- if [ -n "$modloop" ]; then
- verify_modloop "$modloop" || eerror "Failed to verify signature of $img!"
- mount -o loop,ro $modloop /.modloop
- eend $? || return 1
- else
- for dir in $(mountdirs); do
- if find_modloop "$dir"; then
- alpine_mnt="$dir"
- break
- fi
- done
- if [ -d /.modloop/modules/$(uname -r) ]; then
- eend 0
- else
- eend 1 || return 1
- fi
- fi
-
- #use overlayfs if available and configured
- if grep -q -w "overlay$" /proc/filesystems && [ ! -z ${unionfs_size+x} ]; then
- ewarn "Use of unionfs_size is deprecated use overlay_size instead"
- overlay_size="$unionfs_size"
- fi
- if grep -q -w "overlay$" /proc/filesystems && [ -n "$overlay_size" ]; then
- ebegin "OverlayFS detected, mounting modloop rw"
- [ "$overlay_size" != 0 ] && mount_ops="-o size=$overlay_size"
- mkdir -p /.modoverlayfs /lib/modules
- mount -t tmpfs $mount_ops tmpfs /.modoverlayfs
- mkdir -p /.modoverlayfs/modules /.modoverlayfs/work
- mount -t overlay -o upperdir=/.modoverlayfs/modules,lowerdir=/lib/modules:/.modloop/modules,workdir=/.modoverlayfs/work overlay /lib/modules
- depmod -A
- eend $? || return 1
- else
- rm -rf /lib/modules && ln -sf /.modloop/modules /lib/
- fi
-
- # copy firmware if there are any
- if [ -d $alpine_mnt/firmware ]; then
- ebegin "Copying firmware from $alpine_mnt/firmware"
- cp -R -a $alpine_mnt/firmware /lib/
- eend $?
- elif [ -d /lib/modules/firmware ]; then
- rmdir /lib/firmware 2>/dev/null \
- && ln -s /lib/modules/firmware /lib/
- fi
- return 0
-}
-
-stop() {
- local ret=0
- local mnt; for mnt in /lib/modules /.modoverlayfs /.modloop; do
- if mountinfo --quiet "$mnt"; then
- ebegin "Unmounting $mnt"
- umount -d "$mnt" || ret=1
- fi
- done
- eend $ret || return 1
-}
-
diff --git a/extra/openrc/modules.initd b/extra/openrc/modules.initd
deleted file mode 100644
index 3cd141e..0000000
--- a/extra/openrc/modules.initd
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/sbin/openrc-run
-
-description="Loads a user defined list of kernel modules."
-
-depend()
-{
- before hwclock hwdrivers
- keyword -openvz -prefix -vserver -lxc
-}
-
-start() {
- yesno $rc_verbose && verbose=yes
-
- ebegin "Loading modules"
- eindent
- for f in /lib/modules-load.d/*.conf \
- /usr/lib/modules-load.d/*.conf; do
-
- if ! [ -f "$f" ]; then
- continue
- fi
-
- if [ -f /etc/modules-load.d/"${f##*/}" ]; then
- veinfo "Ignoring $f due to /etc/modules-load.d/${f##*/}"
- continue
- fi
-
- if [ -f /run/modules-load.d/"${f##*/}" ]; then
- veinfo "Ignoring $f due to /run/modules-load.d/${f##*/}"
- continue
- fi
-
- veinfo "Processing $f"
- sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
- | while read module args; do
- modprobe -q $module $args
- done
- done
-
- if [ -f /etc/modules ]; then
- veinfo "Processing /etc/modules"
- sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < /etc/modules \
- | while read module args; do
- modprobe -q $module $args
- done
- fi
-
- for f in /etc/modules-load.d/*.conf; do
- if [ ! -f "$f" ]; then
- continue
- fi
-
- if [ -f /run/modules-load.d/"${f##*/}" ]; then
- veinfo "Ignoring $f due to /run/modules-load.d/${f##*/}"
- continue
- fi
-
- veinfo "Processing $f"
- sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
- | while read module args; do
- modprobe -q $module $args
- done
- done
-
- for f in /run/modules-load.d/*.conf; do
- if [ ! -f "$f" ]; then
- continue
- fi
-
- veinfo "Processing $f"
- sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
- | while read module args; do
- modprobe -q $module $args
- done
- done
- eoutdent
-
- eend $?
-}
-
diff --git a/extra/openrc/networking.initd b/extra/openrc/networking.initd
deleted file mode 100644
index 417f4a3..0000000
--- a/extra/openrc/networking.initd
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/sbin/openrc-run
-
-# note that the spoofprotect, syncoockies and ip_forward options are set in
-# /etc/sysctl.conf
-
-: ${cfgfile:="/etc/network/interfaces"}
-: ${ifquery:="ifquery"}
-: ${ifstate:="/run/ifstate"}
-
-single_iface="${RC_SVCNAME#*.}"
-if [ "$single_iface" = "$RC_SVCNAME" ]; then
- single_iface=
-fi
-
-depend() {
- need localmount
- want dev-settle
- after bootmisc hwdrivers modules
- provide net
- keyword -jail -prefix -vserver -docker
-}
-
-# find interfaces we want to start
-find_ifaces() {
- if [ -n "$single_iface" ]; then
- echo $single_iface
- return 0
- fi
-
- if command -v "$ifquery" >/dev/null; then
- $ifquery -i "$cfgfile" --list --auto
- return
- fi
-
- # fallback in case ifquery does not exist
- awk '$1 == "auto" {for (i = 2; i <= NF; i = i + 1) printf("%s ", $i)}' "$cfgfile"
-}
-
-# return the list of interfaces we should try stop
-find_running_ifaces() {
- if [ -n "$single_iface" ]; then
- echo $single_iface
- return 0
- fi
-
- if command -v "$ifquery" >/dev/null; then
- $ifquery --state-file $ifstate -i "$cfgfile" --running
- return
- fi
-
- # fallback
- awk -F= '{print $2}' $ifstate
-}
-
-start() {
- local iface= ret=1
- ebegin "Starting networking"
- eindent
- for iface in $(find_ifaces); do
- local r=0
- ebegin "$iface"
- if ! ifup -i "$cfgfile" $iface >/dev/null; then
- ifdown -i "$cfgfile" $iface >/dev/null 2>&1
- r=1
- fi
- # atleast one interface needs to be started for action
- # to be success
- eend $r && ret=0
- done
- eoutdent
- return $ret
-}
-
-stop() {
- local iface=
- # Don't stop the network at shutdown.
- yesno ${keep_network:-YES} && yesno $RC_GOINGDOWN && return 0
-
- ebegin "Stopping networking"
- eindent
- for iface in $(find_running_ifaces); do
- ebegin "$iface"
- ifdown -i "$cfgfile" -f $iface >/dev/null
- eend $?
- done
- eoutdent
- return 0
-}
diff --git a/extra/openrc/openrc.logrotate b/extra/openrc/openrc.logrotate
deleted file mode 100644
index 5e5e64b..0000000
--- a/extra/openrc/openrc.logrotate
+++ /dev/null
@@ -1,4 +0,0 @@
-/var/log/rc.log {
- missingok
- notifempty
-}
diff --git a/extra/openrc/openrc.post-install b/extra/openrc/openrc.post-install
deleted file mode 100644
index 1c27350..0000000
--- a/extra/openrc/openrc.post-install
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/sh
-
-rc_update() {
- local svc="$1"
- local level="$2"
- mkdir -p /etc/runlevels/$level
- ln -sf /etc/init.d/$svc /etc/runlevels/$level
-}
-
-if [ ! -d etc/rcS.d ] && [ ! -d etc/rcL.d ]; then
- exit 0
-fi
-
-for i in etc/rc[SL].d/*; do
- [ -L "$i" ] || continue
- oldsvc=${i##*/S[0-9][0-9]}
- # some services are renamed
- case "$oldsvc" in
- modutils) svc=modules;;
- procps) svc=sysctl;;
- bootmisc.sh) svc=bootmisc;;
- keymap) svc=keymaps;;
- rc.local) svc=local;;
- *) svc=$oldsvc;;
- esac
-
- # add the service to correct "runlevel"
- case "$svc" in
- syslog|klogd)
- rc_update $svc sysinit;;
- hwclock|modules|sysctl|hostname|keymaps|bootmisc)
- rc_update $svc boot;;
- *) rc_update $svc default;;
- esac
-
- rm $i
-done
-
diff --git a/extra/openrc/openrc.post-upgrade b/extra/openrc/openrc.post-upgrade
deleted file mode 100644
index 8884202..0000000
--- a/extra/openrc/openrc.post-upgrade
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-
-# in 0.8.0-r1 the state dir moved from /libexec/rc/init.d to /lib/rc/init.d
-# and with 0.10 it moved to /run/openrc
-
-mkdir -p /run/openrc
-for dir in /libexec /lib; do
- [ -d $dir/rc/init.d ] || continue
-
- for i in $dir/rc/init.d/* ; do
- [ -e "$i" ] || continue
- if [ -e /run/openrc/${i##*/} ]; then
- rm -r $i
- else
- mv $i /run/openrc/
- fi
- done
-
- rmdir $dir/rc/init.d $dir/rc /libexec 2>/dev/null
-done
-
-# create rc.local compat
-if [ -f /etc/rc.local ]; then
- cat >/etc/local.d/rc.local-compat.start<<__EOF__
-#!/bin/sh
-
-# this is only here for compatibility reasons
-if [ -f /etc/rc.local ]; then
- . /etc/rc.local
-fi
-__EOF__
- chmod +x /etc/local.d/rc.local-compat.start
-fi
-
-exit 0
diff --git a/extra/openrc/rc.conf b/extra/openrc/rc.conf
deleted file mode 100644
index fdeb653..0000000
--- a/extra/openrc/rc.conf
+++ /dev/null
@@ -1,313 +0,0 @@
-# Global OpenRC configuration settings
-
-# Set to "YES" if you want the rc system to try and start services
-# in parallel for a slight speed improvement. When running in parallel we
-# prefix the service output with its name as the output will get
-# jumbled up.
-# WARNING: whilst we have improved parallel, it can still potentially lock
-# the boot process. Don't file bugs about this unless you can supply
-# patches that fix it without breaking other things!
-rc_parallel="YES"
-
-# Set rc_interactive to "YES" and you'll be able to press the I key during
-# boot so you can choose to start specific services. Set to "NO" to disable
-# this feature. This feature is automatically disabled if rc_parallel is
-# set to YES.
-#rc_interactive="YES"
-
-# If we need to drop to a shell, you can specify it here.
-# If not specified we use $SHELL, otherwise the one specified in /etc/passwd,
-# otherwise /bin/sh
-# Linux users could specify /sbin/sulogin
-rc_shell=/bin/sh
-
-# Do we allow any started service in the runlevel to satisfy the dependency
-# or do we want all of them regardless of state? For example, if net.eth0
-# and net.eth1 are in the default runlevel then with rc_depend_strict="NO"
-# both will be started, but services that depend on 'net' will work if either
-# one comes up. With rc_depend_strict="YES" we would require them both to
-# come up.
-#rc_depend_strict="YES"
-
-# rc_hotplug controls which services we allow to be hotplugged.
-# A hotplugged service is one started by a dynamic dev manager when a matching
-# hardware device is found.
-# Hotplugged services appear in the "hotplugged" runlevel.
-# If rc_hotplug is set to any value, we compare the name of this service
-# to every pattern in the value, from left to right, and we allow the
-# service to be hotplugged if it matches a pattern, or if it matches no
-# patterns. Patterns can include shell wildcards.
-# To disable services from being hotplugged, prefix patterns with "!".
-#If rc_hotplug is not set or is empty, all hotplugging is disabled.
-# Example - rc_hotplug="net.wlan !net.*"
-# This allows net.wlan and any service not matching net.* to be hotplugged.
-# Example - rc_hotplug="!net.*"
-# This allows services that do not match "net.*" to be hotplugged.
-
-# rc_logger launches a logging daemon to log the entire rc process to
-# /var/log/rc.log
-# NOTE: Linux systems require the devfs service to be started before
-# logging can take place and as such cannot log the sysinit runlevel.
-#rc_logger="NO"
-
-# Through rc_log_path you can specify a custom log file.
-# The default value is: /var/log/rc.log
-#rc_log_path="/var/log/rc.log"
-
-# If you want verbose output for OpenRC, set this to yes. If you want
-# verbose output for service foo only, set it to yes in /etc/conf.d/foo.
-#rc_verbose=no
-
-# By default we filter the environment for our running scripts. To allow other
-# variables through, add them here. Use a * to allow all variables through.
-#rc_env_allow="VAR1 VAR2"
-
-# By default we assume that all daemons will start correctly.
-# However, some do not - a classic example is that they fork and return 0 AND
-# then child barfs on a configuration error. Or the daemon has a bug and the
-# child crashes. You can set the number of milliseconds start-stop-daemon
-# waits to check that the daemon is still running after starting here.
-# The default is 0 - no checking.
-#rc_start_wait=100
-
-# rc_nostop is a list of services which will not stop when changing runlevels.
-# This still allows the service itself to be stopped when called directly.
-#rc_nostop=""
-
-# rc will attempt to start crashed services by default.
-# However, it will not stop them by default as that could bring down other
-# critical services.
-#rc_crashed_stop=NO
-#rc_crashed_start=YES
-
-# Set rc_nocolor to yes if you do not want colors displayed in OpenRC
-# output.
-#rc_nocolor=NO
-
-##############################################################################
-# MISC CONFIGURATION VARIABLES
-# There variables are shared between many init scripts
-
-# Set unicode to YES to turn on unicode support for keyboards and screens.
-unicode="YES"
-
-# This is how long fuser should wait for a remote server to respond. The
-# default is 60 seconds, but it can be adjusted here.
-#rc_fuser_timeout=60
-
-# Below is the default list of network fstypes.
-#
-# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs
-# nfs nfs4 ocfs2 shfs smbfs
-#
-# If you would like to add to this list, you can do so by adding your
-# own fstypes to the following variable.
-#extra_net_fs_list=""
-
-##############################################################################
-# SERVICE CONFIGURATION VARIABLES
-# These variables are documented here, but should be configured in
-# /etc/conf.d/foo for service foo and NOT enabled here unless you
-# really want them to work on a global basis.
-# If your service has characters in its name which are not legal in
-# shell variable names and you configure the variables for it in this
-# file, those characters should be replaced with underscores in the
-# variable names as shown below.
-
-# Some daemons are started and stopped via start-stop-daemon.
-# We can set some things on a per service basis, like the nicelevel.
-#SSD_NICELEVEL="-19"
-# Or the ionice level. The format is class[:data] , just like the
-# --ionice start-stop-daemon parameter.
-#SSD_IONICELEVEL="2:2"
-
-# Pass ulimit parameters
-# If you are using bash in POSIX mode for your shell, note that the
-# ulimit command uses a block size of 512 bytes for the -c and -f
-# options
-#rc_ulimit="-u 30"
-
-# It's possible to define extra dependencies for services like so
-#rc_config="/etc/foo"
-#rc_need="openvpn"
-#rc_use="net.eth0"
-#rc_after="clock"
-#rc_before="local"
-#rc_provide="!net"
-
-# You can also enable the above commands here for each service. Below is an
-# example for service foo.
-#rc_foo_config="/etc/foo"
-#rc_foo_need="openvpn"
-#rc_foo_after="clock"
-
-# Below is an example for service foo-bar. Note that the '-' is illegal
-# in a shell variable name, so we convert it to an underscore.
-# example for service foo-bar.
-#rc_foo_bar_config="/etc/foo-bar"
-#rc_foo_bar_need="openvpn"
-#rc_foo_bar_after="clock"
-
-# You can also remove dependencies.
-# This is mainly used for saying which services do NOT provide net.
-#rc_net_tap0_provide="!net"
-
-# This is the subsystem type.
-# It is used to match against keywords set by the keyword call in the
-# depend function of service scripts.
-#
-# It should be set to the value representing the environment this file is
-# PRESENTLY in, not the virtualization the environment is capable of.
-# If it is commented out, automatic detection will be used.
-#
-# The list below shows all possible settings as well as the host
-# operating systems where they can be used and autodetected.
-#
-# "" - nothing special
-# "docker" - Docker container manager (Linux)
-# "jail" - Jail (DragonflyBSD or FreeBSD)
-# "lxc" - Linux Containers
-# "openvz" - Linux OpenVZ
-# "prefix" - Prefix
-# "rkt" - CoreOS container management system (Linux)
-# "subhurd" - Hurd subhurds (to be checked)
-# "systemd-nspawn" - Container created by systemd-nspawn (Linux)
-# "uml" - Usermode Linux
-# "vserver" - Linux vserver
-# "xen0" - Xen0 Domain (Linux and NetBSD)
-# "xenU" - XenU Domain (Linux and NetBSD)
-#rc_sys=""
-
-# if you use openrc-init, which is currently only available on Linux,
-# this is the default runlevel to activate after "sysinit" and "boot"
-# when booting.
-#rc_default_runlevel="default"
-
-# on Linux and Hurd, this is the number of ttys allocated for logins
-# It is used in the consolefont, keymaps, numlock and termencoding
-# service scripts.
-rc_tty_number=12
-
-##############################################################################
-# LINUX CGROUPS RESOURCE MANAGEMENT
-
-# This sets the mode used to mount cgroups.
-# "hybrid" mounts cgroups version 2 on /sys/fs/cgroup/unified and
-# cgroups version 1 on /sys/fs/cgroup.
-# "legacy" mounts cgroups version 1 on /sys/fs/cgroup
-# "unified" mounts cgroups version 2 on /sys/fs/cgroup
-#rc_cgroup_mode="hybrid"
-
-# This is a list of controllers which should be enabled for cgroups version 2
-# when hybrid mode is being used.
-# Controllers listed here will not be available for cgroups version 1.
-#rc_cgroup_controllers=""
-
-# This variable contains the cgroups version 2 settings for your services.
-# If this is set in this file, the settings will apply to all services.
-# If you want different settings for each service, place the settings in
-# /etc/conf.d/foo for service foo.
-# The format is to specify the setting and value followed by a newline.
-# Multiple settings and values can be specified.
-# For example, you would use this to set the maximum memory and maximum
-# number of pids for a service.
-#rc_cgroup_settings="
-#memory.max 10485760
-#pids.max max
-#"
-#
-# For more information about the adjustments that can be made with
-# cgroups version 2, see Documentation/cgroups-v2.txt in the linux kernel
-# source tree.
-#rc_cgroup_settings=""
-
-# This switch controls whether or not cgroups version 1 controllers are
-# individually mounted under
-# /sys/fs/cgroup in hybrid or legacy mode.
-#rc_controller_cgroups="YES"
-
-# The following setting turns on the memory.use_hierarchy setting in the
-# root memory cgroup for cgroups v1.
-# It must be set to yes in this file if you want this functionality.
-#rc_cgroup_memory_use_hierarchy="NO"
-
-# The following settings allow you to set up values for the cgroups version 1
-# controllers for your services.
-# They can be set in this file;, however, if you do this, the settings
-# will apply to all of your services.
-# If you want different settings for each service, place the settings in
-# /etc/conf.d/foo for service foo.
-# The format is to specify the names of the settings followed by their
-# values. Each variable can hold multiple settings.
-# For example, you would use this to set the cpu.shares setting in the
-# cpu controller to 512 for your service.
-# rc_cgroup_cpu="
-# cpu.shares 512
-# "
-#
-# For more information about the adjustments that can be made with
-# cgroups version 1, see Documentation/cgroups-v1/* in the linux kernel
-# source tree.
-
-# Set the blkio controller settings for this service.
-#rc_cgroup_blkio=""
-
-# Set the cpu controller settings for this service.
-#rc_cgroup_cpu=""
-
-# Add this service to the cpuacct controller (any value means yes).
-#rc_cgroup_cpuacct=""
-
-# Set the cpuset controller settings for this service.
-#rc_cgroup_cpuset=""
-
-# Set the devices controller settings for this service.
-#rc_cgroup_devices=""
-
-# Set the hugetlb controller settings for this service.
-#rc_cgroup_hugetlb=""
-
-# Set the memory controller settings for this service.
-#rc_cgroup_memory=""
-
-# Set the net_cls controller settings for this service.
-#rc_cgroup_net_cls=""
-
-# Set the net_prio controller settings for this service.
-#rc_cgroup_net_prio=""
-
-# Set the pids controller settings for this service.
-#rc_cgroup_pids=""
-
-# Set this to YES if you want all of the processes in a service's cgroup
-# killed when the service is stopped or restarted.
-# Be aware that setting this to yes means all of a service's
-# child processes will be killed. Keep this in mind if you set this to
-# yes here instead of for the individual services in
-# /etc/conf.d/<service>.
-# To perform this cleanup manually for a stopped service, you can
-# execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or
-# rc-service <service> cgroup_cleanup.
-# The process followed in this cleanup is the following:
-# 1. send stopsig (sigterm if it isn't set) to all processes left in the
-# cgroup immediately followed by sigcont.
-# 2. Send sighup to all processes in the cgroup if rc_send_sighup is
-# yes.
-# 3. delay for rc_timeout_stopsec seconds.
-# 4. send sigkill to all processes in the cgroup unless disabled by
-# setting rc_send_sigkill to no.
-# rc_cgroup_cleanup="NO"
-
-# If this is yes, we will send sighup to the processes in the cgroup
-# immediately after stopsig and sigcont.
-#rc_send_sighup="NO"
-
-# This is the amount of time in seconds that we delay after sending sigcont
-# and optionally sighup, before we optionally send sigkill to all
-# processes in the # cgroup.
-# The default is 90 seconds.
-#rc_timeout_stopsec="90"
-
-# If this is set to no, we do not send sigkill to all processes in the
-# cgroup.
-#rc_send_sigkill="YES"
diff --git a/extra/openrc/seedrng.patch b/extra/openrc/seedrng.patch
deleted file mode 100644
index ff61d81..0000000
--- a/extra/openrc/seedrng.patch
+++ /dev/null
@@ -1,640 +0,0 @@
-From 076c2552aeff88a27fe275dfaae61dedf4bb4bd5 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Thu, 24 Mar 2022 22:07:16 -0600
-Subject: [PATCH] Use seedrng for seeding the random number generator
-
-The RNG can't actually be seeded from a shell script, due to the
-reliance on ioctls. For this reason, the seedrng project provides a
-basic script meant to be copy and pasted into projects like OpenRC and
-tweaked as needed: https://git.zx2c4.com/seedrng/about/
-
-This commit imports it into OpenRC and wires up /etc/init.d/urandom to
-call it. It shouldn't be called by other things on the system, so it
-lives in rc_sbindir.
-
-Closes #506.
-Closes #507.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- AUTHORS | 1 +
- conf.d/urandom | 9 +-
- init.d/urandom.in | 41 ++--
- src/rc/Makefile | 6 +-
- src/rc/meson.build | 10 +-
- src/rc/seedrng.c | 453 +++++++++++++++++++++++++++++++++++++++++++++
- 6 files changed, 499 insertions(+), 21 deletions(-)
- create mode 100644 src/rc/seedrng.c
-
-diff --git a/AUTHORS b/AUTHORS
-index 0616d5175..ede0f471b 100644
---- a/AUTHORS
-+++ b/AUTHORS
-@@ -43,6 +43,7 @@ Ian Stakenvicius <axs@gentoo.org>
- Jakob Drexel <jake42@rommel.stw.uni-erlangen.de>
- James Le Cuirot <chewi@aura-online.co.uk>
- Jan Psota <jasiu@belsznica.pl>
-+Jason A. Donenfeld <Jason@zx2c4.com>
- Jason Zaman <jason@perfinion.com>
- Joe Harvell <jharvell@dogpad.net>
- Joe M <joe9mail@gmail.com>
-diff --git a/conf.d/urandom b/conf.d/urandom
-index f721a2491..744e4f702 100644
---- a/conf.d/urandom
-+++ b/conf.d/urandom
-@@ -2,4 +2,11 @@
- # (say for crypt swap), so you will need to customize this
- # behavior. If you have /var on a separate partition, then
- # make sure this path lives on your root device somewhere.
--urandom_seed="/var/lib/misc/random-seed"
-+seed_dir="/var/lib/seedrng"
-+lock_file="/var/run/seedrng.lock"
-+
-+# Set this to true if you do not want seed files to actually
-+# credit the RNG. Set this if you plan to replicate this
-+# file system image and do not have the wherewithal to first
-+# delete the contents of /var/lib/seedrng.
-+skip_credit="false"
-diff --git a/init.d/urandom.in b/init.d/urandom.in
-index 0d6ab66e0..cda431fdb 100644
---- a/init.d/urandom.in
-+++ b/init.d/urandom.in
-@@ -1,5 +1,5 @@
- #!@SBINDIR@/openrc-run
--# Copyright (c) 2007-2015 The OpenRC Authors.
-+# Copyright (c) 2007-2022 The OpenRC Authors.
- # See the Authors file at the top-level directory of this distribution and
- # https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS
- #
-@@ -9,7 +9,10 @@
- # This file may not be copied, modified, propagated, or distributed
- # except according to the terms contained in the LICENSE file.
-
--: ${urandom_seed:=${URANDOM_SEED:-/var/lib/misc/random-seed}}
-+export SEEDRNG_SEED_DIR="${seed_dir:-/var/lib/seedrng}"
-+export SEEDRNG_LOCK_FILE="${lock_file:-/var/run/seedrng.lock}"
-+export SEEDRNG_SKIP_CREDIT="${skip_credit:-false}"
-+: ${urandom_seed:=${SEEDRNG_SEED_DIR}/../misc/random-seed}
- description="Initializes the random number generator."
-
- depend()
-@@ -21,33 +24,35 @@ depend()
-
- save_seed()
- {
-- local psz=1
--
-- if [ -e /proc/sys/kernel/random/poolsize ]; then
-- : $(( psz = $(cat /proc/sys/kernel/random/poolsize) / 4096 ))
-- fi
--
- ( # sub shell to prevent umask pollution
- umask 077
-- dd if=/dev/urandom of="$urandom_seed" count=${psz} 2>/dev/null
-+ dd if=/dev/urandom of="$urandom_seed" count=1 2>/dev/null
- )
- }
-
- start()
- {
-- [ -c /dev/urandom ] || return
-- if [ -f "$urandom_seed" ]; then
-- ebegin "Initializing random number generator"
-- cat "$urandom_seed" > /dev/urandom
-- eend $? "Error initializing random number generator"
-+ if [ "$RC_UNAME" = Linux ]; then
-+ seedrng
-+ else
-+ [ -c /dev/urandom ] || return
-+ if [ -f "$urandom_seed" ]; then
-+ ebegin "Initializing random number generator"
-+ cat "$urandom_seed" > /dev/urandom
-+ eend $? "Error initializing random number generator"
-+ fi
-+ rm -f "$urandom_seed" && save_seed
- fi
-- rm -f "$urandom_seed" && save_seed
- return 0
- }
-
- stop()
- {
-- ebegin "Saving random seed"
-- save_seed
-- eend $? "Failed to save random seed"
-+ if [ "$RC_UNAME" = Linux ]; then
-+ seedrng
-+ else
-+ ebegin "Saving random seed"
-+ save_seed
-+ eend $? "Failed to save random seed"
-+ fi
- }
-diff --git a/src/rc/Makefile b/src/rc/Makefile
-index fd796d920..62539f134 100644
---- a/src/rc/Makefile
-+++ b/src/rc/Makefile
-@@ -15,7 +15,7 @@ endif
-
- ifeq (${OS},Linux)
- SRCS+= kill_all.c openrc-init.c openrc-shutdown.c rc-sysvinit.c broadcast.c \
-- rc-wtmp.c
-+ rc-wtmp.c seedrng.c
- endif
-
- CLEANFILES= version.h rc-selinux.o
-@@ -47,6 +47,7 @@ RC_SBINPROGS= mark_service_starting mark_service_started \
-
- ifeq (${OS},Linux)
- RC_BINPROGS+= kill_all
-+RC_SBINPROGS+= seedrng
- SBINPROGS+= openrc-init openrc-shutdown
- endif
-
-@@ -180,3 +181,6 @@ shell_var: shell_var.o
-
- swclock: swclock.o _usage.o rc-misc.o
- ${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
-+
-+seedrng: seedrng.o
-+ ${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
-diff --git a/src/rc/meson.build b/src/rc/meson.build
-index 8fdf3ac3b..b724c51f2 100644
---- a/src/rc/meson.build
-+++ b/src/rc/meson.build
-@@ -268,7 +268,15 @@ if os == 'Linux'
- link_with: [libeinfo,librc],
- install: true,
- install_dir: rc_bindir)
-- endif
-+
-+ executable('seedrng',
-+ ['seedrng.c'],
-+ c_args : cc_branding_flags,
-+ include_directories: [incdir, einfo_incdir, rc_incdir],
-+ link_with: [libeinfo, librc],
-+ install: true,
-+ install_dir: rc_sbindir)
-+endif
-
- executable('shell_var',
- ['shell_var.c'],
-diff --git a/src/rc/seedrng.c b/src/rc/seedrng.c
-new file mode 100644
-index 000000000..c1f941457
---- /dev/null
-+++ b/src/rc/seedrng.c
-@@ -0,0 +1,453 @@
-+/*
-+ * seedrng.c
-+ * Seed kernel RNG from seed file, based on code from:
-+ * https://git.zx2c4.com/seedrng/about/
-+ */
-+
-+/*
-+ * Copyright (c) 2022 The OpenRC Authors.
-+ * See the Authors file at the top-level directory of this distribution and
-+ * https://github.com/OpenRC/openrc/blob/HEAD/AUTHORS
-+ *
-+ * This file is part of OpenRC. It is subject to the license terms in
-+ * the LICENSE file found in the top-level directory of this
-+ * distribution and at https://github.com/OpenRC/openrc/blob/HEAD/LICENSE
-+ * This file may not be copied, modified, propagated, or distributed
-+ * except according to the terms contained in the LICENSE file.
-+ */
-+
-+#include <linux/random.h>
-+#include <sys/random.h>
-+#include <sys/ioctl.h>
-+#include <sys/file.h>
-+#include <sys/stat.h>
-+#include <sys/types.h>
-+#include <fcntl.h>
-+#include <poll.h>
-+#include <unistd.h>
-+#include <time.h>
-+#include <errno.h>
-+#include <endian.h>
-+#include <stdbool.h>
-+#include <stdint.h>
-+#include <string.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+
-+#include "rc.h"
-+#include "einfo.h"
-+#include "helpers.h"
-+
-+#ifndef GRND_INSECURE
-+#define GRND_INSECURE 0x0004 /* Apparently some headers don't ship with this yet. */
-+#endif
-+
-+static const char *SEED_DIR;
-+static const char *LOCK_FILE;
-+static char *CREDITABLE_SEED;
-+static char *NON_CREDITABLE_SEED;
-+
-+enum blake2s_lengths {
-+ BLAKE2S_BLOCK_LEN = 64,
-+ BLAKE2S_HASH_LEN = 32,
-+ BLAKE2S_KEY_LEN = 32
-+};
-+
-+enum seedrng_lengths {
-+ MAX_SEED_LEN = 512,
-+ MIN_SEED_LEN = BLAKE2S_HASH_LEN
-+};
-+
-+struct blake2s_state {
-+ uint32_t h[8];
-+ uint32_t t[2];
-+ uint32_t f[2];
-+ uint8_t buf[BLAKE2S_BLOCK_LEN];
-+ unsigned int buflen;
-+ unsigned int outlen;
-+};
-+
-+#define le32_to_cpup(a) le32toh(*(a))
-+#define cpu_to_le32(a) htole32(a)
-+#ifndef ARRAY_SIZE
-+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-+#endif
-+#ifndef DIV_ROUND_UP
-+#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
-+#endif
-+
-+static inline void cpu_to_le32_array(uint32_t *buf, unsigned int words)
-+{
-+ while (words--) {
-+ *buf = cpu_to_le32(*buf);
-+ ++buf;
-+ }
-+}
-+
-+static inline void le32_to_cpu_array(uint32_t *buf, unsigned int words)
-+{
-+ while (words--) {
-+ *buf = le32_to_cpup(buf);
-+ ++buf;
-+ }
-+}
-+
-+static inline uint32_t ror32(uint32_t word, unsigned int shift)
-+{
-+ return (word >> (shift & 31)) | (word << ((-shift) & 31));
-+}
-+
-+static const uint32_t blake2s_iv[8] = {
-+ 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
-+ 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
-+};
-+
-+static const uint8_t blake2s_sigma[10][16] = {
-+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
-+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
-+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
-+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
-+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
-+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
-+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
-+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
-+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
-+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 },
-+};
-+
-+static void blake2s_set_lastblock(struct blake2s_state *state)
-+{
-+ state->f[0] = -1;
-+}
-+
-+static void blake2s_increment_counter(struct blake2s_state *state, const uint32_t inc)
-+{
-+ state->t[0] += inc;
-+ state->t[1] += (state->t[0] < inc);
-+}
-+
-+static void blake2s_init_param(struct blake2s_state *state, const uint32_t param)
-+{
-+ int i;
-+
-+ memset(state, 0, sizeof(*state));
-+ for (i = 0; i < 8; ++i)
-+ state->h[i] = blake2s_iv[i];
-+ state->h[0] ^= param;
-+}
-+
-+static void blake2s_init(struct blake2s_state *state, const size_t outlen)
-+{
-+ blake2s_init_param(state, 0x01010000 | outlen);
-+ state->outlen = outlen;
-+}
-+
-+static void blake2s_compress(struct blake2s_state *state, const uint8_t *block, size_t nblocks, const uint32_t inc)
-+{
-+ uint32_t m[16];
-+ uint32_t v[16];
-+ int i;
-+
-+ while (nblocks > 0) {
-+ blake2s_increment_counter(state, inc);
-+ memcpy(m, block, BLAKE2S_BLOCK_LEN);
-+ le32_to_cpu_array(m, ARRAY_SIZE(m));
-+ memcpy(v, state->h, 32);
-+ v[ 8] = blake2s_iv[0];
-+ v[ 9] = blake2s_iv[1];
-+ v[10] = blake2s_iv[2];
-+ v[11] = blake2s_iv[3];
-+ v[12] = blake2s_iv[4] ^ state->t[0];
-+ v[13] = blake2s_iv[5] ^ state->t[1];
-+ v[14] = blake2s_iv[6] ^ state->f[0];
-+ v[15] = blake2s_iv[7] ^ state->f[1];
-+
-+#define G(r, i, a, b, c, d) do { \
-+ a += b + m[blake2s_sigma[r][2 * i + 0]]; \
-+ d = ror32(d ^ a, 16); \
-+ c += d; \
-+ b = ror32(b ^ c, 12); \
-+ a += b + m[blake2s_sigma[r][2 * i + 1]]; \
-+ d = ror32(d ^ a, 8); \
-+ c += d; \
-+ b = ror32(b ^ c, 7); \
-+} while (0)
-+
-+#define ROUND(r) do { \
-+ G(r, 0, v[0], v[ 4], v[ 8], v[12]); \
-+ G(r, 1, v[1], v[ 5], v[ 9], v[13]); \
-+ G(r, 2, v[2], v[ 6], v[10], v[14]); \
-+ G(r, 3, v[3], v[ 7], v[11], v[15]); \
-+ G(r, 4, v[0], v[ 5], v[10], v[15]); \
-+ G(r, 5, v[1], v[ 6], v[11], v[12]); \
-+ G(r, 6, v[2], v[ 7], v[ 8], v[13]); \
-+ G(r, 7, v[3], v[ 4], v[ 9], v[14]); \
-+} while (0)
-+ ROUND(0);
-+ ROUND(1);
-+ ROUND(2);
-+ ROUND(3);
-+ ROUND(4);
-+ ROUND(5);
-+ ROUND(6);
-+ ROUND(7);
-+ ROUND(8);
-+ ROUND(9);
-+
-+#undef G
-+#undef ROUND
-+
-+ for (i = 0; i < 8; ++i)
-+ state->h[i] ^= v[i] ^ v[i + 8];
-+
-+ block += BLAKE2S_BLOCK_LEN;
-+ --nblocks;
-+ }
-+}
-+
-+static void blake2s_update(struct blake2s_state *state, const void *inp, size_t inlen)
-+{
-+ const size_t fill = BLAKE2S_BLOCK_LEN - state->buflen;
-+ const uint8_t *in = inp;
-+
-+ if (!inlen)
-+ return;
-+ if (inlen > fill) {
-+ memcpy(state->buf + state->buflen, in, fill);
-+ blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_LEN);
-+ state->buflen = 0;
-+ in += fill;
-+ inlen -= fill;
-+ }
-+ if (inlen > BLAKE2S_BLOCK_LEN) {
-+ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_LEN);
-+ blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_LEN);
-+ in += BLAKE2S_BLOCK_LEN * (nblocks - 1);
-+ inlen -= BLAKE2S_BLOCK_LEN * (nblocks - 1);
-+ }
-+ memcpy(state->buf + state->buflen, in, inlen);
-+ state->buflen += inlen;
-+}
-+
-+static void blake2s_final(struct blake2s_state *state, uint8_t *out)
-+{
-+ blake2s_set_lastblock(state);
-+ memset(state->buf + state->buflen, 0, BLAKE2S_BLOCK_LEN - state->buflen);
-+ blake2s_compress(state, state->buf, 1, state->buflen);
-+ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
-+ memcpy(out, state->h, state->outlen);
-+}
-+
-+static size_t determine_optimal_seed_len(void)
-+{
-+ size_t ret = 0;
-+ char poolsize_str[11] = { 0 };
-+ int fd = open("/proc/sys/kernel/random/poolsize", O_RDONLY);
-+
-+ if (fd < 0 || read(fd, poolsize_str, sizeof(poolsize_str) - 1) < 0) {
-+ ewarn("Unable to determine pool size, falling back to %u bits: %s", MIN_SEED_LEN * 8, strerror(errno));
-+ ret = MIN_SEED_LEN;
-+ } else
-+ ret = DIV_ROUND_UP(strtoul(poolsize_str, NULL, 10), 8);
-+ if (fd >= 0)
-+ close(fd);
-+ if (ret < MIN_SEED_LEN)
-+ ret = MIN_SEED_LEN;
-+ else if (ret > MAX_SEED_LEN)
-+ ret = MAX_SEED_LEN;
-+ return ret;
-+}
-+
-+static int read_new_seed(uint8_t *seed, size_t len, bool *is_creditable)
-+{
-+ ssize_t ret;
-+ int urandom_fd;
-+
-+ *is_creditable = false;
-+ ret = getrandom(seed, len, GRND_NONBLOCK);
-+ if (ret == (ssize_t)len) {
-+ *is_creditable = true;
-+ return 0;
-+ }
-+ if (ret == -1 && errno == ENOSYS) {
-+ struct pollfd random_fd = {
-+ .fd = open("/dev/random", O_RDONLY),
-+ .events = POLLIN
-+ };
-+ if (random_fd.fd < 0)
-+ return -errno;
-+ *is_creditable = poll(&random_fd, 1, 0) == 1;
-+ close(random_fd.fd);
-+ } else if (getrandom(seed, len, GRND_INSECURE) == (ssize_t)len)
-+ return 0;
-+ urandom_fd = open("/dev/urandom", O_RDONLY);
-+ if (urandom_fd < 0)
-+ return -errno;
-+ ret = read(urandom_fd, seed, len);
-+ if (ret == (ssize_t)len)
-+ ret = 0;
-+ else
-+ ret = -errno ? -errno : -EIO;
-+ close(urandom_fd);
-+ return ret;
-+}
-+
-+static int seed_rng(uint8_t *seed, size_t len, bool credit)
-+{
-+ struct {
-+ int entropy_count;
-+ int buf_size;
-+ uint8_t buffer[MAX_SEED_LEN];
-+ } req = {
-+ .entropy_count = credit ? len * 8 : 0,
-+ .buf_size = len
-+ };
-+ int random_fd, ret;
-+
-+ if (len > sizeof(req.buffer))
-+ return -EFBIG;
-+ memcpy(req.buffer, seed, len);
-+
-+ random_fd = open("/dev/random", O_RDWR);
-+ if (random_fd < 0)
-+ return -errno;
-+ ret = ioctl(random_fd, RNDADDENTROPY, &req);
-+ if (ret)
-+ ret = -errno ? -errno : -EIO;
-+ close(random_fd);
-+ return ret;
-+}
-+
-+static int seed_from_file_if_exists(const char *filename, bool credit, struct blake2s_state *hash)
-+{
-+ uint8_t seed[MAX_SEED_LEN];
-+ ssize_t seed_len;
-+ int fd, dfd, ret = 0;
-+
-+ fd = open(filename, O_RDONLY);
-+ if (fd < 0 && errno == ENOENT)
-+ return 0;
-+ else if (fd < 0) {
-+ ret = -errno;
-+ eerror("Unable to open seed file: %s", strerror(errno));
-+ return ret;
-+ }
-+ dfd = open(SEED_DIR, O_DIRECTORY | O_RDONLY);
-+ if (dfd < 0) {
-+ ret = -errno;
-+ close(fd);
-+ eerror("Unable to open seed directory: %s", strerror(errno));
-+ return ret;
-+ }
-+ seed_len = read(fd, seed, sizeof(seed));
-+ if (seed_len < 0) {
-+ ret = -errno;
-+ eerror("Unable to read seed file: %s", strerror(errno));
-+ }
-+ close(fd);
-+ if (ret) {
-+ close(dfd);
-+ return ret;
-+ }
-+ if ((unlink(filename) < 0 || fsync(dfd) < 0) && seed_len) {
-+ ret = -errno;
-+ eerror("Unable to remove seed after reading, so not seeding: %s", strerror(errno));
-+ }
-+ close(dfd);
-+ if (ret)
-+ return ret;
-+ if (!seed_len)
-+ return 0;
-+
-+ blake2s_update(hash, &seed_len, sizeof(seed_len));
-+ blake2s_update(hash, seed, seed_len);
-+
-+ einfo("Seeding %zd bits %s crediting", seed_len * 8, credit ? "and" : "without");
-+ ret = seed_rng(seed, seed_len, credit);
-+ if (ret < 0)
-+ eerror("Unable to seed: %s", strerror(-ret));
-+ return ret;
-+}
-+
-+static void populate_global_paths(void)
-+{
-+ SEED_DIR = getenv("SEEDRNG_SEED_DIR");
-+ if (!SEED_DIR || !*SEED_DIR)
-+ SEED_DIR = "/var/lib/seedrng";
-+ LOCK_FILE = getenv("SEEDRNG_LOCK_FILE");
-+ if (!LOCK_FILE || !*LOCK_FILE)
-+ LOCK_FILE = "/var/run/seedrng.lock";
-+ xasprintf(&CREDITABLE_SEED, "%s/seed.credit", SEED_DIR);
-+ xasprintf(&NON_CREDITABLE_SEED, "%s/seed.no-credit", SEED_DIR);
-+}
-+
-+int main(int argc _unused, char *argv[] _unused)
-+{
-+ static const char seedrng_prefix[] = "SeedRNG v1 Old+New Prefix";
-+ static const char seedrng_failure[] = "SeedRNG v1 No New Seed Failure";
-+ int ret, fd, lock, program_ret = 0;
-+ uint8_t new_seed[MAX_SEED_LEN];
-+ size_t new_seed_len;
-+ bool new_seed_creditable;
-+ struct timespec realtime = { 0 }, boottime = { 0 };
-+ struct blake2s_state hash;
-+
-+ umask(0077);
-+ if (getuid())
-+ eerrorx("This rc helper program requires root");
-+
-+ populate_global_paths();
-+ blake2s_init(&hash, BLAKE2S_HASH_LEN);
-+ blake2s_update(&hash, seedrng_prefix, strlen(seedrng_prefix));
-+ clock_gettime(CLOCK_REALTIME, &realtime);
-+ clock_gettime(CLOCK_BOOTTIME, &boottime);
-+ blake2s_update(&hash, &realtime, sizeof(realtime));
-+ blake2s_update(&hash, &boottime, sizeof(boottime));
-+
-+ if (mkdir(SEED_DIR, 0700) < 0 && errno != EEXIST)
-+ eerrorx("Unable to create \"%s\" directory: %s", SEED_DIR, strerror(errno));
-+
-+ lock = open(LOCK_FILE, O_WRONLY | O_CREAT, 0000);
-+ if (lock < 0 || flock(lock, LOCK_EX) < 0)
-+ eerrorx("Unable to open lock file: %s", strerror(errno));
-+
-+ ret = seed_from_file_if_exists(NON_CREDITABLE_SEED, false, &hash);
-+ if (ret < 0)
-+ program_ret |= 1 << 1;
-+ ret = seed_from_file_if_exists(CREDITABLE_SEED, !rc_yesno(getenv("SEEDRNG_SKIP_CREDIT")), &hash);
-+ if (ret < 0)
-+ program_ret |= 1 << 2;
-+
-+ new_seed_len = determine_optimal_seed_len();
-+ ret = read_new_seed(new_seed, new_seed_len, &new_seed_creditable);
-+ if (ret < 0) {
-+ eerror("Unable to read new seed: %s", strerror(-ret));
-+ new_seed_len = BLAKE2S_HASH_LEN;
-+ strncpy((char *)new_seed, seedrng_failure, new_seed_len);
-+ program_ret |= 1 << 3;
-+ }
-+ blake2s_update(&hash, &new_seed_len, sizeof(new_seed_len));
-+ blake2s_update(&hash, new_seed, new_seed_len);
-+ blake2s_final(&hash, new_seed + new_seed_len - BLAKE2S_HASH_LEN);
-+
-+ einfo("Saving %zu bits of %s seed for next boot", new_seed_len * 8, new_seed_creditable ? "creditable" : "non-creditable");
-+ fd = open(NON_CREDITABLE_SEED, O_WRONLY | O_CREAT | O_TRUNC, 0400);
-+ if (fd < 0) {
-+ eerror("Unable to open seed file for writing: %s", strerror(errno));
-+ program_ret |= 1 << 4;
-+ goto out;
-+ }
-+ if (write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) {
-+ eerror("Unable to write seed file: %s", strerror(errno));
-+ program_ret |= 1 << 5;
-+ goto out;
-+ }
-+ if (new_seed_creditable && rename(NON_CREDITABLE_SEED, CREDITABLE_SEED) < 0) {
-+ ewarn("Unable to make new seed creditable: %s", strerror(errno));
-+ program_ret |= 1 << 6;
-+ }
-+out:
-+ close(fd);
-+ close(lock);
-+ return program_ret;
-+}
diff --git a/extra/openrc/sysctl.initd b/extra/openrc/sysctl.initd
deleted file mode 100644
index befdb91..0000000
--- a/extra/openrc/sysctl.initd
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/sbin/openrc-run
-
-depend()
-{
- after clock
- before bootmisc logger
- keyword -prefix -systemd-nspawn -vserver
-}
-
-start()
-{
- local quiet retval=0 status
- ebegin "Configuring kernel parameters"
-
- yesno $rc_verbose || quiet=-q
-
- eindent
-
- for f in /lib/sysctl.d/*.conf \
- /usr/lib/sysctl.d/*.conf; do
-
- if [ -f /etc/sysctl.d/"${f##*/}" ]; then
- veinfo "Ignoring $f due to /etc/sysctl.d/${f##*/}"
- continue
- fi
-
- if [ -f /run/sysctl.d/"${f##*/}" ]; then
- veinfo "Ignoring $f due to /run/sysctl.d/${f##*/}"
- continue
- fi
-
- if [ -f "$f" ]; then
- vebegin "applying $f"
- sysctl $quiet -p "$f"
- status=$?
- if [ $status -gt 0 ]; then
- # Don't change retval= since we expect some package/distro provided
- # sysctl configurations to break, so just warn when the user wants
- # verbose messages
- vewarn "Unable to configure kernel parameters from $f"
- fi
- fi
- done
-
- for f in /etc/sysctl.d/*.conf; do
-
- if [ -f /run/sysctl.d/"${f##*/}" ]; then
- veinfo "Ignoring $f due to /run/sysctl.d/${f##*/}"
- continue
- fi
-
- if [ -f "$f" ]; then
- vebegin "applying $f"
- sysctl $quiet -p "$f"
- status=$?
- if [ $status -gt 0 ]; then
- retval=$(( $retval + $status ))
- eerror "Unable to configure kernel parameters from $f"
- fi
- fi
- done
-
- if [ -f /etc/sysctl.conf ]; then
- vebegin "applying /etc/sysctl.conf"
- sysctl $quiet -p /etc/sysctl.conf
- status=$?
- if [ $status -gt 0 ]; then
- retval=$(( $retval + $status ))
- eerror "Unable to configure kernel parameters from /etc/sysctl.conf"
- fi
- fi
-
- for f in /run/sysctl.d/*.conf; do
- if [ -f "$f" ]; then
- vebegin "applying $f"
- sysctl $quiet -p "$f"
- status=$?
- if [ $status -gt 0 ]; then
- retval=$(( $retval + $status ))
- eerror "Unable to configure kernel parameters from $f"
- fi
- fi
- done
- eoutdent
-
- eend $retval
-}
diff --git a/extra/openrc/sysfsconf.initd b/extra/openrc/sysfsconf.initd
deleted file mode 100644
index 433e51d..0000000
--- a/extra/openrc/sysfsconf.initd
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/sbin/openrc-run
-
-description="Set sysfs variables from /etc/sysfs.conf and /etc/sysfs.d/*.conf"
-conffile=/etc/sysfs.conf
-confdir=/etc/sysfs.d
-
-depend() {
- need sysfs
-}
-
-setval() {
- local value="$1" attrib="$2"
- # Some fields need a terminating newline, others
- # need the terminating newline to be absent :-(
- echo -n "$value" > "$attrib" 2>/dev/null \
- || echo "$value" > "$attrib"
-}
-
-load_conffile() {
- local file="$1"
- while read line; do
- local line=${line%%#*}
- local cmd= attrib= value=
- set -- $line
- if [ $# -eq 0 ]; then
- continue
- fi
- case "$1$3" in
- mode=) cmd=chmod
- attrib="$2"
- value="$4"
- ;;
- owner=) cmd=chown
- attrib="$2"
- value="$4"
- ;;
- *) if [ "$2" = "=" ]; then
- cmd=setval
- attrib="$1"
- value="$3"
- fi
- ;;
- esac
- if ! [ -e "/sys/$attrib" ]; then
- eerror "$attrib: unknown attribute"
- continue
- fi
- if [ -z "$attrib" ] || [ -z "$value" ]; then
- eerror "syntax error in $file: '$line'"
- continue
- fi
- $cmd "$value" "/sys/$attrib"
- done < "$file"
-}
-
-start() {
- [ -r "$conffile" -o -d "$confdir" ] || return 0
- ebegin "Setting sysfs variables"
- for file in $confdir/*.conf $conffile; do
- [ -r "$file" ] || continue
- load_conffile "$file" || return 1
- done
- eend 0
-
-}
-
diff --git a/extra/openrc/test-networking.sh b/extra/openrc/test-networking.sh
deleted file mode 100644
index 5e5f70b..0000000
--- a/extra/openrc/test-networking.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# unit tests for find_ifaces and find_running_ifaces in networking.initd
-
-cfgfile=/tmp/openrc-test-network.$$
-sourcefile=$cfgfile.source
-sourcedir=$cfgfile.d
-ifstate=$cfgfile.state
-
-cat >$cfgfile<<EOF
-auto eth0
-iface eth0 inet dhcp
-
-source $sourcefile
-
-source-directory $sourcedir
-EOF
-
-cat >$sourcefile<<EOF
-auto eth1
-iface eth1 inet dhcp
-EOF
-
-mkdir -p $sourcedir
-cat >$sourcedir/a<<EOF
-auto eth2
-iface eth2 inet dhcp
-EOF
-
-cat >$ifstate<<EOF
-eth4=eth4 1
-EOF
-
-errors=0
-fail() {
- echo "$@"
- errors=$(( $errors + 1))
-}
-
-# test fallback, when ifquery does not exist
-ifquery=does-not-exist
-. ./networking.initd
-
-find_ifaces | grep -q -w eth0 || fail "Did not find eth0"
-find_ifaces | grep -q -E '(eth1|eth2)' && fail "Unexpectedly found eth1 or eth2"
-
-# test that ifquery finds source and source-directory
-unset ifquery
-. ./networking.initd
-for i in eth0 eth1 eth2; do
- find_ifaces | grep -q -w "$i" || fail "Did not find $i"
-done
-
-# test that ifquery picks up the running state file
-find_running_ifaces | grep -q -w "eth4" || fail "Did not detect eth4 running"
-
-
-# test /etc/init.d/net.eth5
-RC_SVCNAME=net.eth5
-. ./networking.initd
-find_ifaces | grep -q -w "eth5" || fail "Did not detect eth5"
-find_running_ifaces | grep -q -w "eth5" || fail "Did not detect eth5 running"
-
-rm -rf $cfgfile $sourcefile $sourcedir $ifstate
-exit $errors