Commit Graph

1394 Commits

Author SHA1 Message Date
Yoshihiro Takahashi
2b375b4edd Remove pc98 support completely.
I thank all developers and contributors for pc98.

Relnotes:	yes
2017-01-28 02:22:15 +00:00
Ian Lepore
6a4b451a11 Follow r311103: add "pool" to the keywords that rc.d/ntpdate examines to
find a server address in ntp.conf.

Submitted by:	Ronald Klop <ronald@klop.ws>
Pointy hat to:	ian
2017-01-11 00:14:47 +00:00
Konrad Witaszczyk
480f31c214 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
Baptiste Daroussin
62352309a8 Do not install NIS program rc script if WITHOUT_NIS is set
PR:		213375
Submitted by:	sergey@akhmatov.ru
MFC after:	3 days
2016-10-22 19:51:32 +00:00
Jilles Tjoelker
7627b33010 swapoff: Remove only late devices with -aL.
Currently, '/etc/rc.d/swaplate stop' removes all swap devices. This can be
very slow and may not even be possible if there is a lot of swap space in
use. However, removing swap devices is only needed for late swap devices
that may depend on daemons that subsequent shutdown steps stop. Normal swap
devices such as hard disk partitions will remain available throughout the
shutdown process and need not be removed.

In swapoff, interpret -aL to remove late swap devices only, and use this in
etc/rc.d/swaplate. The meaning of -aL in swapon remains unchanged (add all
swap devices, both normal and late).

PR:		187081
Reviewed by:	wblock (man page only), ngie
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D8126
2016-10-21 21:55:50 +00:00
Enji Cooper
5b143fd96f Install etc/rc.d/zfsbe when MK_ZFS != no
X-MFC with:	r307182
Sponsored by:	Dell EMC Isilon
2016-10-13 07:10:27 +00:00
Andriy Gapon
ebd3b79f20 rc.d/zfsbe: a new script designed for boot environment support
Currently zfsbe ensures that subordinate filesystems are mounted at the
right mount points.
The script assumes that the subordinate filesystems of a boot environment
have their canmount property set to noauto, so that they are not
automatically mounted on boot.  Whereas the root filesystem is mounted
by the kernel, there was nothing to mount its subordinates.
rc.d/zfsbe fills that gap.

Discussed with:	allanjude, will
MFC after:	3 weeks
Differential Revision: https://reviews.freebsd.org/D7797
2016-10-13 06:19:54 +00:00
Devin Teske
d119e0f7fb Many shops still prefer rc.conf(5) based jail configuration(s). In-part
because they can use sysrc in conjunction with ssh and xargs to perform
en-masse changes in a large distribution with lots of jails spread over
many hosts on a LAN/WAN.

Provide a mechanism for disabling the warning eschewed by /etc/rc.d/jail
in said situation. If jail_confwarn="NO" is in rc.conf(5) (default "YES")
skip the warning that per-jail configurations are obsolete and that the
user should migrate to jail.conf(5).

Reviewed by:	jelischer
MFC after:	3 days
Sponsored by:	FIS Global, Inc.
Differential Revision:	https://reviews.freebsd.org/D7465
2016-10-12 20:50:17 +00:00
Cy Schubert
eb27c4c0e9 Remove the gratuitous check for $FreeBSD$ and rename the function
to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
isn't already there.

Reported by:	ache@
MFC after:	1 day
2016-08-25 13:24:11 +00:00
Cy Schubert
05174bd95f Make validation of the leap-seconds file unconditional.
MFC after:	1 day
2016-08-25 03:09:23 +00:00
Cy Schubert
1ac66dd31d Add logic to replace the working ntp leap-seconds file in /var/db
if it contains a $FreeBSD$ header. The header will cause the file
to fail checksum of the hash causing ntpd to ignore the file.

MFC after:	1 day
2016-08-25 02:58:41 +00:00
Cy Schubert
0a8083a658 Change the algorithm by which /var/db/leap-seconds is updated.
1. Use the leap-seconds version number (update time) to determine
   whether to update the file or not.

2. If the version numbers of the files is the same, use the later
   expiry date to determine which file to use.

Suggested by:	ian@
MFC after:	1 day
2016-08-25 02:45:52 +00:00
Devin Teske
d23b7f655c Allow enforce_statfs (see jail(8)) to be set per jail
Reviewed by:	jelischer
MFC after:	3 days
2016-08-10 23:24:21 +00:00
Dag-Erling Smørgrav
af8ee1391d Disable DSA again.
MFC after:	3 days
2016-08-03 16:34:20 +00:00
Jamie Gritton
106efceff3 Start jails non-parallel if jail_parallel_start is NO. This was true
for an explicitly specified jail list; now it's also true for all jails.

PR:		209112
MFC after:	3 days
2016-07-14 20:17:08 +00:00
Jamie Gritton
e25520bab3 Wait for jails to complete startup if jail_parallel_start is YES,
instead of assuming they'll take less than one second.

PR:		203172
Submitted by:	dmitry2004@yandex.ru
2016-07-14 19:51:54 +00:00
Kurt Lidl
c0759dac0d Separate BLACKLIST vs BLACKLIST_SUPPORT properly
Sponsored by:	The FreeBSD Foundation
2016-06-07 16:31:03 +00:00
Marcelo Araujo
3f708a3203 Connect ypldap(8) script on Makefile, forgotten on my previous commit r301480. 2016-06-06 04:13:49 +00:00
Marcelo Araujo
46b6ecf257 Add rc.d script for ypldap(8). 2016-06-06 03:55:00 +00:00
Kurt Lidl
95856e1457 Add basic blacklist build support
Reviewed by:	rpaulo
Approved by:	rpaulo
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5913
2016-06-02 19:06:04 +00:00
Alan Somers
6761eb4b11 Fix exit status of "service routing start <af> <iface>"
etc/rc.d/routing
	Ignore the exit status of options_{inet,inet6,atm}. It's
	meaningless.

Reviewed by:	hrs
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6687
2016-06-02 15:31:24 +00:00
Eric van Gyzen
dd6aada336 Fix indentation in dhclient rc.d script 2016-05-31 18:40:47 +00:00
Edward Tomasz Napierala
92fa6c540c Cosmetics: add missing space after the ':' in etc/rc.d/random.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-31 08:31:34 +00:00
Enji Cooper
1b2b34583e Fix circular dependency created after r287197 between ldconfig and mountcritremote
ldconfig is already required by mountcritremote indirectly, as noted by rcorder:

> rcorder: Circular dependency on provision `mountcritremote' in file `ldconfig'.

Having mountcritremote REQUIRE ldconfig breaks dependency ordering.

Making the ldconfig hints be conditionally regenerated from mountcritremote when
remote filesystems are mounted is done after this change, similar to cleanvar
being conditionally called after the change.

Differential Revision: https://reviews.freebsd.org/D6621
PR: 202726
Reviewed by: jilles
Sponsored by: EMC / Isilon Storage Division
2016-05-30 19:59:51 +00:00
Enji Cooper
08f9163b69 Make netif REQUIRE hostid
As noted in the PR, if etc/rc.d/zvol is removed, netif will be run before
hostid, and the MAC address generated for any bridge devices will be
non-deterministic. Make the MAC address generated be deterministic for
bridge devices by explicitly REQUIRE'ing hostid.

This fixes up the rest of the PR, inadvertently committed in r299844

MFC after: 1 week
PR: 195188
Sponsored by: EMC / Isilon Storage Division
2016-05-29 02:59:03 +00:00
Alan Somers
7a0c41d5d7 zfsd(8), the ZFS fault management daemon
Add zfsd, which deals with hard drive faults in ZFS pools. It manages
hotspares and replements in drive slots that publish physical paths.

cddl/usr.sbin/zfsd
	Add zfsd(8) and its unit tests

cddl/usr.sbin/Makefile
	Add zfsd to the build

lib/libdevdctl
	A C++ library that helps devd clients process events

lib/Makefile
share/mk/bsd.libnames.mk
share/mk/src.libnames.mk
	Add libdevdctl to the build. It's a private library, unusable by
	out-of-tree software.

etc/defaults/rc.conf
	By default, set zfsd_enable to NO

etc/mtree/BSD.include.dist
	Add a directory for libdevdctl's include files

etc/mtree/BSD.tests.dist
	Add a directory for zfsd's unit tests

etc/mtree/BSD.var.dist
	Add /var/db/zfsd/cases, where zfsd stores case files while it's shut
	down.

etc/rc.d/Makefile
etc/rc.d/zfsd
	Add zfsd's rc script

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
	Fix the resource.fs.zfs.statechange message. It had a number of
	problems:

	It was only being emitted on a transition to the HEALTHY state.
	That made it impossible for zfsd to take actions based on drives
	getting sicker.

	It compared the new state to vdev_prevstate, which is the state that
	the vdev had the last time it was opened.  That doesn't make sense,
	because a vdev can change state multiple times without being
	reopened.

	vdev_set_state contains logic that will change the device's new
	state based on various conditions.  However, the statechange event
	was being posted _before_ that logic took effect.  Now it's being
	posted after.

Submitted by:	gibbs, asomers, mav, allanjude
Reviewed by:	mav, delphij
Relnotes:	yes
Sponsored by:	Spectra Logic Corp, iX Systems
Differential Revision:	https://reviews.freebsd.org/D6564
2016-05-28 17:43:40 +00:00
Alan Somers
30da687794 Always create loopback routes on every fib
Always create loopback routes on every fib, for both IPv4 and IPv6

etc/rc.d/routing
	Create loopback IPv4 and IPv6 routes on every fib at boot. Revert
	278302; now that all FIBs have IPv6 loopback routes, the
	"route add -reject" commands won't fail.

tests/etc/rc.d/routing_test.sh
	Greatly simplify static_ipv6_loopback_route_for_each_fib. It was
	written under the assumption that loopback routes would be added to
	a given fib by the kernel as soon as an interface is configured on
	that fib. However, the logic can be much simpler now that we simply
	add loopback routes to all fibs at boot. This also removes the need
	to run the test as root, removes the restriction that
	net.add_addr_allfibs=0, and removes the need to configure fibs in
	kyua.conf.

	Also, add a test case for IPv4 loopback routes

Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6582
2016-05-27 22:40:40 +00:00
Cy Schubert
3f9e9f234e Use the expiry date to determine whether to replace the DB copy of
leapfile instead of using the leapfile serial number (create
timestamp).

PR:		209577
MFC after:	3 days
2016-05-25 01:35:02 +00:00
Enji Cooper
73ffff5f64 Make hostid_save depend on hostid
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 06:00:13 +00:00
Enji Cooper
322c831d0c Fix broken dependency with routed when MK_ROUTED != no
Remove routed as a requirement in NETWORKING, and put it in routed as a BEFORE
requirement instead

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 05:45:54 +00:00
Enji Cooper
904bea8330 Conditionalize installing etc/rc.d/atm{1,2,3}
`BEFORE: netif` was already in etc/rc.d/atm1, so no additional changes
are needed in that script

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 05:38:47 +00:00
Enji Cooper
0648b47f06 Conditionalize etc/rc.d/{zfs,zvol} install on MK_ZFS != no
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:39:36 +00:00
Enji Cooper
7e7d2a6f50 Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol
Make zfs and zvol come before all of the items that depended on them
previously

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:38:50 +00:00
Enji Cooper
142e7499c5 Reduce redundancy after release-pkg merge to head in r298107
- Use BINDIR instead of FILESDIR
- Default all <FILESGROUPS>MODEs to BINMODE with a single for-loop at the
  bottom of the Makefile
- Move all of the conditionals under the relevant MK_* != no build conditional
  blocks

Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:19:50 +00:00
Edward Tomasz Napierala
6e9bf96d6f Refactor the root mount hold code and add the wait to etc/rc.d/fsck.
This fixes mounting (non-root) USB drives on boot with fsck enabled
(with non-zero 'Pass#' field in fstab(5)).

Reported by:	Graham Menhennitt <graham at menhennitt.com.au>
Reviewed by:	jilles@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6221
2016-05-10 08:44:44 +00:00
Enji Cooper
9941801f1e Only install etc/rc.d/{rfcomm_pppd_server,sdpd} if MK_BLUETOOTH != no
These are bluetooth specific services

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-06 09:18:09 +00:00
Pedro F. Giffuni
f2730d1d65 etc: minor spelling fixes.
Mostly comments but these tend to be user-visible.

MFC after:	2 weeks
2016-05-01 16:43:22 +00:00
Peter Wemm
47041448c0 Fix incorrect permissions for /etc/rc.d/sendmail in fallout from
release-pkg merge.
2016-04-30 19:01:51 +00:00
Enji Cooper
4cdbb1c0bf Make SERVERS REQUIRE clean when MK_KERBEROS==no
Make kdc run BEFORE SERVERS instead of being REQUIREd by SERVERS,
so systems that pedantically check REQUIREs function after r270782

MFC after: 1 week
X-MFC with: r270782
Sponsored by: EMC / Isilon Storage Division
2016-04-30 09:50:08 +00:00
Baptiste Daroussin
7f5ddefe05 Add a savecore_enable variable support for the savecore rc script
By default set to 'YES' so it does not change the current behaviour for users,
this variable allows to decide to not extract crach dumps from the dump
device at boot time by setting it to "NO" in rc.conf.

Sponsored by:	Gandi.net
2016-04-29 12:23:56 +00:00
Lars Engels
72e733c5b1 Fix duplicate "name" variable that sneaked in with the rc description commit.
Approved by:	jhibbits
2016-04-24 19:25:11 +00:00
Stefan Eßer
f732131386 Fix typo (forgotten "=" after desc). 2016-04-24 12:07:44 +00:00
Jens Schweikhardt
9b3940931d Cosmetics: - no need to escape the newline after '|'
- parenthesize the "case" string for symmetry and improved
             search for matching paren (e.g. with vi's %)
2016-04-24 10:52:59 +00:00
Jamie Gritton
abfdc877c6 Don't remove the /var/run/jail_name.id file if a jail fails to start.
This messes up ezjail (and possibly others), when attempting to start
a jail that already exists.

PR:		208806
Reviewed by:	tj
MFC after:	5 days
2016-04-23 16:23:01 +00:00
Lars Engels
6c1a5e837d - Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by:	bapt, brueffer
Differential Revision:	D452
2016-04-23 16:10:54 +00:00
Baptiste Daroussin
49817d14f1 Remove mroute6d rc script
It is directly available via ports (pim6dd which provides the needed rc script)

Reported by:	lme
Sponsored by:	Essen Hackathon 2016
2016-04-23 13:24:45 +00:00
Peter Wemm
e8c6a8339f Turn ssh_host_dsa_key back on until PR#208254 is taken care of. 2016-04-17 03:57:37 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Kristof Provost
2f396d3cc3 pf: Friendly error message for status if pf.ko is not loaded
Check if pf.ko is loaded (i.e. /dev/pf exists) before trying to use it. This
means that '/etc/rc.d/pf status' will no longer return 'pfctl: /dev/pf: No such
file or directory' but 'pf.ko is not loaded'.

PR:		205671
Submitted by:	Johannes Jost Meixner <xmj@FreeBSD.org>
2016-03-27 17:22:27 +00:00
Jilles Tjoelker
938e6bb267 rc.d: Make msgs a proper rc.d script.
PR:		207149
Reported by:	Jonathan de Boyne Pollard
2016-03-27 16:27:49 +00:00