install.sub: two little ergonomic tweaks

Thu, 18 May 2023 04:39:16 -0700 

Hello devs!

First of all, my compliment.
The installer is already quite ergonomic (for a CLI ;) ).
But there are the following two little diff(1)s standing
between it and its perfection IMAO.


--- distrib/miniroot/install.sub.orig   Thu May 18 12:37:52 2023
+++ distrib/miniroot/install.sub        Thu May 18 12:44:49 2023
@@ -1220,3 +1220,3 @@
                ask_until "IPv6 address for $_if? (or 'autoconf' or 'none')" \
-                         "${_addr:-none}"
+                         "${_addr:-autoconf}"
                case $resp in

I personally enable IPv6 everywhere,
even if I have only link-local addresses.
If I got SLAAC, nice for my OpenBSD clients
and the clients of my OpenBSD servers.
Win-win. If not, I haven't lost anything.
In the worst case I have to do specific config,
but then the default doesn't matter anyway.

The only reason against this could be a permit-default pf.conf.
But such shouldn't be done and this is the installer after all.
One writes pf.conf after the installer or can -in extreme case-
still type "none" here (which is shorter to type).
I know that you folks like not to surprise users.
But IMAO default-enabling IPv6 *on new installs* isn't a surprise
(in 2023 when IIRC some US gov orgs already sell their whole IPv4s).

In case you don't agree with me:
What about a shortcut "a" (= autoconf)
for IPv[46] address (like below)?


--- distrib/miniroot/install.sub.orig   Thu May 18 12:37:52 2023
+++ distrib/miniroot/install.sub        Thu May 18 12:44:49 2023
@@ -2306,15 +2306,15 @@
        [[ $START_SSHD == y ]] || return

        if [[ -z $ADMIN ]]; then
                echo "Since no user was setup, root logins via sshd(8) might be 
useful."
        fi
        echo "WARNING: root is targeted by password guessing attacks, pubkeys are 
safer."
        while :; do
-               ask "Allow root ssh login? (yes, no, prohibit-password)" no
+               ask "Allow root ssh login? (yes, no, (p)rohibit-password)" no
                _resp=$resp
                case $_resp in
                y|yes)  SSHD_ENABLEROOT=yes
                        ;;
                n|no)   SSHD_ENABLEROOT=no
                        ;;
                w|p|without-password|prohibit-password)

Originally I wanted to do the same thing as above here.
I.e. to change the default no -> prohibit-password
which isn't less secure IMAO until you explicitly set auth. keys.
But then I've discovered the "p" shortcut (I'm showing you via diff(1) -U7).
IMAO showing it as I patched wouldn't harm anyone.


ok?

Reply via email to