On Fri, Jul 05, 2019 at 08:52:55AM +0200, Rosselur Rossen wrote:
> Hi!
>
> I have the following added to root's .profile:
>
> --snip--
> env=~/.ssh/agent.env
> agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }
> agent_start () {
> (umask 077; ssh-agent >| "$env")
> . "$env" >| /dev/null ; }
> agent_load_env
> # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent
> not running
> agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)
> if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
> agent_start
> ssh-add
> elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
> ssh-add
> fi
> unset env
> --snip--
>
> OpenBSD 6.4 amd64.
> When I reboot the machine, it asks for my id_rsa password during
> system startup, which prevents most services from starting. Eventually
> all the password prompts time out and I am able to log in on the
> console, but most services including sshd have failed to start.
> The desired behaviour would be for the id_rsa password prompt to
> appear only when I am actually interactively logging in, and not
> during system boot.
> Is there any way I could achieve this for the root account? What am I
> doing wrong (apart from interactively logging in as root, I am well
> aware)?
Hi.
Does this help?
Index: rc.subr
===================================================================
RCS file: /cvs/src/etc/rc.d/rc.subr,v
retrieving revision 1.131
diff -u -p -r1.131 rc.subr
--- rc.subr 21 Mar 2019 15:10:27 -0000 1.131
+++ rc.subr 5 Jul 2019 18:10:34 -0000
@@ -319,6 +319,6 @@ unset _rcflags _rcrtable _rcuser _rctime
# the shell will strip the quotes from daemon_flags when starting a daemon;
# make sure pexp matches the process (i.e. doesn't include the quotes)
pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
-rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
+rcexec="env -i HOME=/tmp su -m -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
[ "${daemon_rtable}" -eq "$(id -R)" ] ||
rcexec="route -T ${daemon_rtable} exec ${rcexec}"
--
Antoine
