Old certctl commands still work for compatability, but are deprecated.
Approved by: secteam (gordon)
Differential Revision: https://reviews.freebsd.org/D30807
This fixes a bug in an earlier change to move tree rotation to
the end of the update where the step to make room for the new
preworld tree was deleting the old "current" tree instead of
the old "preworld" tree.
Reported by: olivier, dhw
Fixes: 0611aec3cf
MFC after: 2 weeks
Run the 'build_tree' function inside of a subshell and trap SIGINT to
return an error to the caller. This allows callers to gracefully
cleanup a partially created tree.
While here, redirect stdout/stderr of the subshell to the log file
instead of applying redirections individually to each command executed
while building the tree.
Reviewed by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D29844
etcupdate has had a somewhat nasty race condition since its creation
in that its state machine can get very confused if it is interrupted
while building the tree to compare against. This is exacerbated by
the fact that etcupdate doesn't emit any output while building the
tree which can take several seconds (especially in recent years with
the addition of the tree-wide buildconfig/installconfig passes).
To mitigate this, always install a new tree into a temporary directory
created via mktemp as was previously done only for dry-runs via -n.
The existing trees are only rotated and the new tree installed as
/var/db/etcupdate/current after the update command has completed.
Reported by: dim, np (and many others)
Reviewed by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D29843
This commit add support for certctl in mergemaster and etcupdate. Both will
either rehash or prompt for rehash as new certificates are
trusted/blacklisted.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Differential Revision: https://reviews.freebsd.org/D17389
Use the .PATH mechanism instead so keep installing them from lib/libc/gen
While here revert 347961 and 347893 which are no longer needed
Discussed with: manu
Tested by: manu
ok manu@
Check the legacy directory and use it instead if present.
Install these first if using beinstall.
UPDATING entry to follow.
Approved by: allanjude (mentor, in person)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20279
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
When using diff3 to perform a three-way merge, etcupdate lost the destination
file's metadata. The metadata from the temporary file were used instead.
This was unpleasant for rc.d scripts, which require execute permission.
Use "cat >" to overwrite the destination file's contents while preserving its
metadata.
Reviewed by: bapt
Sponsored by: Dell Technologies
Differential Revision: https://reviews.freebsd.org/D7817
During the last attempt to rmeove GNU rcs, 2 blockers were spotted:
We need an ident(1) and etcupdate(8) uses merge(1).
Now nothing should prevent to remove rcs from base
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D7401
New .meta files will be created without filemon data, but any future build
that wants filemon data will force a rebuild due to the missing data
due to use of bmake's .MAKE.MODE=missing-filemon=yes feature.
Reported by: np
Sponsored by: EMC / Isilon Storage Division
MFC after: 3 days
- Fix ALWAYS_INSTALL to take precedence over the FreeBSD ID checks.
In particular, always install a file where the only change was
the FreeBSD ID even if -F is specified.
- Fix the -F option in the case that the only upstream change is a
change in the FreeBSD ID and the local file is removed.
- Add tests for these two cases.
passed to mergemaster. In this mode, only changes to /etc/master.passwd
and /etc/group are merged to /etc. In addition, it uses a temporary
tree to stage these changes rather than overwriting the existing
'current' and 'previous' trees so that a full update can be run after
a normal installworld has completed.
MFC after: 2 weeks
not updated as part of `make installworld' such as files in /etc. It
manages updates by doing a three-way merge of changes made to these files
against the local versions. It is also designed to minimize the amount
of user intervention with the goal of simplifying upgrades for clusters
of machines.
The primary difference from mergemaster is that etcupdate requires less
manual work. The primary difference from etcmerge is that etcupdate
updates files in-place similar to mergemaster rather than building a
separate /etc tree.
Requested by: obrien, kib, theraven, joeld (among others)
