Up to 7 archives of the log will be kept (just for consistency with the other
log rotation rules)
PR: 196788
MFC after: 1 week
Reviewed by: hselasky
Sponsored by: EMC / Isilon Storage Division
Some users build FreeBSD as non-root in Perforce workspaces. By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories. Bare use of
'cp' should be avoided in the future.
Update all current users of 'cp' in the src tree.
Reviewed by: emaste
MFC after: 1 week
Sponsored by: Spectra Logic
periodic(8) run, taken from uname(1) '-U' and '-K'
flags.
Reviewed by: allanjude, dvl
Differential Revision: https://reviews.freebsd.org/D1541
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
contains the libraries for Address Sanitizer (asan), Undefined Behavior
Sanitizer (ubsan) and Profile Guided Optimization.
ASan is a fast memory error detector. It can detect the following types
of bugs:
Out-of-bounds accesses to heap, stack and globals
Use-after-free
Use-after-return (to some extent)
Double-free, invalid free
Memory leaks (experimental)
Typical slowdown introduced by AddressSanitizer is 2x.
UBSan is a fast and compatible undefined behavior checker. It enables a
number of undefined behavior checks that have small runtime cost and no
impact on address space layout or ABI.
PLEASE NOTE: the sanitizers still have some rough edges on FreeBSD,
particularly on i386. These will hopefully be smoothed out in the
coming time.
Differential Revision: https://reviews.freebsd.org/D1505
- Fix depend target by removing a space after an "-I" inclusion option.
- Fix some minor compile issues in the "osmtest" utility.
MFC after: 3 days
PR: 196580
Sponsored by: Mellanox Technologies
The SAMPLE message and notes where tab seperated for some parts and hence
displayed incorrectly unless tabstop was set to 8. Switch to spaces to it
displays correctly independent of the tabstop setting.
Sponsored by: Multiplay
The work in r258233 hardcoded the assumption that tests was the last component
of the tests tree by pushing tests as an explicit prefix for the paths in
BSD.tests.dist and /usr was the prefix for all tests, per BSD.usr.dist and all
of the mtree calls used in Makefile.inc1. This assumption breaks if/when one
provides a custom TESTSBASE "prefix", e.g. TESTSBASE=/mytests .
One thing that r258233 did properly though was remove "/usr/tests" creation
from BSD.usr.dist -- that should have not been there in the first place. That
was an "oops" on my part for the work that was originally committed in r241823
MFC after: 2 weeks
Phabric: D1301
Reviewed by: imp
Sponsored by: EMC / Isilon Storage Division
for counter mode), and AES-GCM. Both of these modes have been added to
the aesni module.
Included is a set of tests to validate that the software and aesni
module calculate the correct values. These use the NIST KAT test
vectors. To run the test, you will need to install a soon to be
committed port, nist-kat that will install the vectors. Using a port
is necessary as the test vectors are around 25MB.
All the man pages were updated. I have added a new man page, crypto.7,
which includes a description of how to use each mode. All the new modes
and some other AES modes are present. It would be good for someone
else to go through and document the other modes.
A new ioctl was added to support AEAD modes which AES-GCM is one of them.
Without this ioctl, it is not possible to test AEAD modes from userland.
Add a timing safe bcmp for use to compare MACs. Previously we were using
bcmp which could leak timing info and result in the ability to forge
messages.
Add a minor optimization to the aesni module so that single segment
mbufs don't get copied and instead are updated in place. The aesni
module needs to be updated to support blocked IO so segmented mbufs
don't have to be copied.
We require that the IV be specified for all calls for both GCM and ICM.
This is to ensure proper use of these functions.
Obtained from: p4: //depot/projects/opencrypto
Relnotes: yes
Sponsored by: FreeBSD Foundation
Sponsored by: NetGate
drives or flash keys. It can be enabled by uncommenting a single entry
in default /etc/auto_master. It can also be easily modified to use
fuse-based filesystems instead of in-kernel ones.
There is still one deficiency - the mountpoints are permanent, they
don't disappear when user removes the media. Fixing it needs some
autofs changes.
Differential Revision: https://reviews.freebsd.org/D1210
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
service does not run in jails, it was necessary to change it to something
else when jailed, and NETWORKING was arbitrarily chosen. The divider was
later moved to FILESYSTEMS when it was introduced, but the logic to change
it to NETWORKING when jailed remained. Remove it, as it no longer serves
any purpose.
PR: 194975
MFC after: 1 week
mrouted has been available in ports for the last 8 years as net/mrouted . An
equivalent rc.d script has been present in the port.
Remove all corresponding variables from etc/defaults/rc.conf
Relnotes: yes
- FreeBSD hasn't packaged X11 with the distro since 8.x
- X.org hasn't required xorg.conf [in /etc/X11] for some time now
- X.org should work with ${LOCALBASE}/etc/X11
- This path should be included in the X.org package manifest
- bootparamd
- bootpd
- finger/fingerd
- ftp/ftpd
- hastctl/hastd
- iscsid, et al
- rbootd
- talk/talkd
- tcpd, et al
- tftp/tftpd
Add src.conf entries for the various components and do a best effort
at adding components to tools/build/mk/OptionalObsoleteFiles.inc
A variant of this code has been tested on amd64/i386 for some time by
EMC/Isilon on 10-STABLE/11-CURRENT. It builds on other architectures, but the
code will remain off until it's proven it works on virtual hardware or real
hardware on other architectures
Sponsored by: EMC / Isilon Storage Division
A variant of this code has been tested on amd64/i386 for some time by
EMC/Isilon on 10-STABLE/11-CURRENT. It builds on other architectures, but the
code will remain off until it's proven it works on virtual hardware or real
hardware on other architectures
Sponsored by: EMC / Isilon Storage Division
lib/libthr/tests
A variant of this code has been tested on amd64/i386 for some time by
EMC/Isilon on 10-STABLE/11-CURRENT. It builds on other architectures, but the
code will remain off until it's proven it works on virtual hardware or real
hardware on other architectures
Original work by: pho
Sponsored by: EMC / Isilon Storage Division
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.
No objections from: net@
500 new testcases
Various TODOs have been sprinkled around the Makefiles for items that even need
to be ported (missing features), testcases have issues with building/linking, or
issues at runtime.
A variant of this code has been tested extensively on amd64 and i386
10-STABLE/11-CURRENT for several months without issue. It builds on other
architectures, but the code will remain off until I have prove it works on
virtual hardware or real hardware on other architectures
In collaboration with: pho, Casey Peel <casey.peel@isilon.com>
Sponsored by: EMC / Isilon Storage Division
pjdfstest execution is opt-in and must be done as root due to some of the
assumptions made by the test suite and lack of error checking in the non-root
case
A description of how to execute pjdfstest with kyua is provided in
share/pjdfstest/README
Phabric: D824 (an earlier prototype patch)
MFC after: 1 month
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
random script ran before filesystems were mounted, which is no
longer the case.
In random_start(), immediately delete each file that is fed into
/dev/random, and recreate the default entropy file immediately
after reading and deleting it. The logic used in random_stop()
to determine which file to write to should probably be factored
out and used here as well.
do not require additional entropy to function.
It would create a circular dependency (not immediately obvious:
geli provides 'disks' and requires 'random' as of r273872,
'random' requires 'FILESYSTEMS', 'FILESYSTEMS' requires 'root',
'root' requires 'swap', and finally 'swap' requires 'disk').
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.
The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.
The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.
Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.
My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.
My Nomex pants are on. Let the feedback commence!
Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by: so(des)
Directories for /usr/lib{,32}/{i18n,private} were missing from the mtree
file, which caused installworld to install the files that should be in
the directory as the name of the directory.
interpreted the listed items as port numbers of TCP services.
A service with no suffix still works and recognized as a TCP service for
backward compatibility. It should be updated with /tcp suffix.
PR: 194292
MFC after: 1 week
for i386/amd64. Rather, it only works on i386/amd64 and should only be
built there. Rather than change the default based on which
architecutre, do things more directly by only building it on
i386/amd64 and having it always on. This is how we handle other
options that are relevant only for a few architectures.
Summary:
Add a polling loop (1Hz) to monitor the battery and AC status, to notify devd
like ACPI does for power monitoring. This allows /etc/rc.d/power_profile to
work on PowerPC laptops
Test Plan:
Tested on a Titanium PowerBook, configuring economy_cpu_freq and
performance_cpu_freq, disabling powerd.
Reviewers: #powerpc, nwhitehorn
Reviewed By: nwhitehorn
Subscribers: rpaulo
Differential Revision: https://reviews.freebsd.org/D937
This will prevent vim users from accidentally checking in buggy mtree files
(mixed tabs/spaces).
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
It defines a variable and its default value in load_rc_config() just after
rc.conf is loaded. "rcvar" command shows the current and the default values.
This is an attempt to solve a problem that rc.d scripts from third-party
software do not have entries in /etc/defaults/rc.conf. The fact that
load_rc_config() reads rc.conf only once and /etc/rc invokes the function
before running rc.d scripts made developers confused for a long time because
load_rc_config() just before run_rc_command() in each rc.d script overrides
variables only when the script is directly invoked, not from /etc/rc.
Variables defined in set_rcvar are always set in load_rc_config() after
loading rc.conf. An rc.d script can now be written in a self-contained
manner regarding the related variables as follows:
---
name=foo
rcvar=foo_enable
set_rcvar foo_enable YES "Enable $name"
set_rcvar foo_flags "-s" "Flags to $name"
...
load_rc_config $name
run_rc_command "$@"
---
collision for "no" as a country code with "NO" meaning "do not load any
keymap" (which also has been the default value in etc/defaults/rc.conf
for a long time).
The result of this collision is, that "kbdcontrol -l no" will load the
Norwegian keymap, while "keymap=no" in rc.conf was interpreted as the
lower case spelling of "NO" meaning "no keyboard" (and "no.kbd" was not
loaded).
Fix this by matching only the upper-case spelling "NO" in rc.d/syscons
when deciding whether to load a keymap file.
This will lead to "no.kbd" being loaded, if the until now valid (but
non-default) spelling "no" was used in an individual rc.conf file to mean
"no keyboard". But all alternatives I could think of introduce a larger
violation of POLA ...
Reported by: Gyrd Thane Lange (gyrd-se at thanelange.no)
MFC after: 3 days
Makefiles should not assume that source files can be overwritten. This is the
common case for Perforce source trees.
This is a followup commit to r211243 in the same vein.
MFC after: 1 month
Sponsored by: Spectra Logic
MFSpectraBSD: r1036319 on 2014/01/29, r1046711 on 2014/03/06
This is cleaner and eliminates the unneeded startup of KVP daemon on
systems that do not run as a Hyper-V guest.
Submitted by: hrs
X-MFC-with: 271493, 271688, 271699
run when asked for by the user. Right now, hv_kvpd is run on every boot.
Don't do that.
Add hv_kvpd_enable= for this script to be run.
MFC with 271493
MFC after: 2 weeks
Relnotes: yes
The following warnings were displayed:
sysctl: net.inet.ip.sourceroute=0: Operation not permitted
sysctl: net.inet.ip.accept_sourceroute=0: Operation not permitted
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
This is a stable/10 candidate for inclusion with 10.1-RELEASE.
Submitted by: Wei Hu <weh microsoft com>
MFC after: 1 week
addresses generated by an address range specification. The default
value is 2048. This can be increased by setting $netif_ipexpand_max
in rc.conf.
- Fix warning messages when an address range spec exceeds the upper limit.
PR: 186841
Mounting something in /tmp such as a build jail with nullfs mounts for
some directories can result in very surprising results the next day.
MFC after: 2 weeks
Relnotes: yes
tree support includes a device tree source compiler dtc(8) which
converts .dts files into .dtb files. /boot/loader will load dtb files
from this directory by default, allowing for fewer differences between
images for different SoCs. Compiled dts files will wind up here
eventually as an alternative to embedding them into the kernel.
Document this in hier(7), as well as add missing entries for
/boot/firmware and /boot/zfs, though the latter two should only be
considered place holders if someone wants to make them better.
- Identify the console driver used and print syscons or vt as appropriate.
- If vt is used and a keymap could not be loaded, then try to replace the
keymap name configured in rc.conf based on a replacement list in this
script. Warn about the fact, that a syscons keyname is configured and
report the replacement used under vt.
- If no replacement keymap is found, no keymap is loaded and a warning
is displayed, which points at the conversion script and allows the
conversion of keymaps not part of the official distribution.
This patch has been sent to the -hackers list for review, but no comment
has been received, yet. It is tested to work under syscons and vt on my
system (on vt with either the syscons or vt keymap file name in rc.conf).
MFC after: 3 days
- Rename $kerberos5_server_enable with $kdc_enable and rename
rc.d/kerberos with rc.d/kdc.
- Rename $kadmin5_server_enable with $kadmind_enable.
- Rename ${kerberos5,kpasswdd}_server with ${kdc,kpasswdd}_program.
- Fix rc.d/{kadmind,kerberos,kpasswdd,kfd} scripts not to change variables
after load_rc_config().
- Add rc.d/ipropd_master and rc.d/ipropd_slave scripts. These are
for iprop-master(8) and iprop-slave(8). Keytab used for iprop service is
defined in ipropd_{master,slave}_keytab (/etc/krb5.keytab by default).
- Add dependency on rc.d/kdc to SERVERS. rc.d/kdc must be invoked as early
as possible before scripts divided by rc.d/SERVERS.
Note that changes to rc.d/{kdc,kpasswdd,kadmind} are backward-compatible
with the old configuration variables:
${kerberos5,kpasswdd,kadmin5}_server{,_enable,_flags}.
appropriate (i.e. where syscons was already mentioned and vt supports the
feature). Comments in defaults/rc.conf are updated to match the contents
of the modified man-page rc.conf(5).
Reviewed by: pluknet, emaste
MFC after: 3 days
particularly useful for services such as "network" (netif) where each
interface can now have its own separate configuration file.
Add /etc/rc.conf.d to the mtree file so it is always present.
MFC after: 3 days
