Use /usr not /usr/local for base system components.
Use /usr/lib/flua and /usr/share/flua (not lua) for consistency and to
avoid the possibility that other software accidentally finds our base
system modules.
Also drop the version from the path, as flua represents an unspecified
lua version that corresponds to the FreeBSD version it comes with.
LUA_USE_DLOPEN is not yet enabled because some additional changes are
needed wrt symbol visibility.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24605
The tests compare the command output (including of error cases) with the
expected output and exit code.
Not all tests are executed, since some expect to have a known good bc and
dc binary installed and compare results of large amounts of generated data
being processed by both versions to test for regressions.
Add tests to cover "add", "change" and "delete" functionality of /sbin/route
for ipv4 and ipv6. These tests for the existing route tool are the first step
towards creating libroute.
Submitted by: Ahsan Barkati
Sponsored by: Google, Inc. (GSoC 2020)
Reviewed by: kp, thj
Approved by: bz (mentor)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D25220
Remove world-readability from the root directory. Sensitive information may be
stored in /root and we diverge here from normative administrative practice, as
well as installation defaults of other Unix-alikes. The wheel group is still
permitted to read the directory.
750 is no more restrictive than defaults for the rest of the open source
Unix-alike world. In particular, Ben Woods surveyed DragonFly, NetBSD,
OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu. None have a
world-readable /root by default.
Submitted by: Gordon Bergling <gbergling AT gmail.com>
Reviewed by: ian, myself
Discussed with: emaste (informal approval)
Relnotes: sure?
Differential Revision: https://reviews.freebsd.org/D23392
When WITHOUT_SENDMAIL is set, we end up with two different mailer.conf that
conflict, and hilarity ensues. There's currently three different places that
we might install mailer.conf:
- ^/etc/Makefile (package=runtime, contingent on MK_MAIL != no)
- ^/libexec/dma/dmagent/Makefile (package=dma, contingent on MK_SENDMAIL !=
no)
- ^/usr.sbin/mailwrapper/Makefile (package=utilities, contingent on
not-installed)
The mailwrapper installation will effectively never happen because the ^/etc
one will first.
This patch simplifies the whole situation; remove the ^/etc/Makefile version
and install it primarily in mailwrapper if MK_MAILWRAPPER != "no". The
scenarios covered in mailwrapper are:
- sendmail(8) is installed, dma(8) may or may not be installed
- neither sendmail(8) nor dma(8) is installed
In the first scenario, sendmail(8) is dominant so we can go ahead and
install the version in ^/etc/mail. In the unlisted scenario, sendmail(8) is
not installed but dma(8) is, we'll let ^/libexec/dma/dmagent do the
installation. In the second listed scenario, we still want to install an
example mailer.conf so just install the base sendmail(8) version.
Reviewed by: bapt
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24924
Because the install location was hardcoded in the Makefile as
/usr/lib/libxo/encoder, the lib32 version was installed over the native
version. Replace /usr/lib with ${LIBDIR}.
Also define SHLIB_NAME instead of LIB + FILES. This prevents building a
static library.
MFC after: 2 weeks
r316063 installed pf's embedded libevent as a private lib, with headers
in /usr/include/private/event. Unfortunately we also have a copy of
libevent v2 included in ntp, which needed to be updated for compatibility
with OpenSSL 1.1.
As unadorned 'libevent' generally refers to libevent v2, be explicit that
this one is libevent v1.
Reviewed by: vangyzen (earlier)
Differential Revision: https://reviews.freebsd.org/D17275
This is the foundational change for the routing subsytem rearchitecture.
More details and goals are available in https://reviews.freebsd.org/D24141 .
This patch introduces concept of nexthop objects and new nexthop-based
routing KPI.
Nexthops are objects, containing all necessary information for performing
the packet output decision. Output interface, mtu, flags, gw address goes
there. For most of the cases, these objects will serve the same role as
the struct rtentry is currently serving.
Typically there will be low tens of such objects for the router even with
multiple BGP full-views, as these objects will be shared between routing
entries. This allows to store more information in the nexthop.
New KPI:
struct nhop_object *fib4_lookup(uint32_t fibnum, struct in_addr dst,
uint32_t scopeid, uint32_t flags, uint32_t flowid);
struct nhop_object *fib6_lookup(uint32_t fibnum, const struct in6_addr *dst6,
uint32_t scopeid, uint32_t flags, uint32_t flowid);
These 2 function are intended to replace all all flavours of
<in_|in6_>rtalloc[1]<_ign><_fib>, mpath functions and the previous
fib[46]-generation functions.
Upon successful lookup, they return nexthop object which is guaranteed to
exist within current NET_EPOCH. If longer lifetime is desired, one can
specify NHR_REF as a flag and get a referenced version of the nexthop.
Reference semantic closely resembles rtentry one, allowing sed-style conversion.
Additionally, another 2 functions are introduced to support uRPF functionality
inside variety of our firewalls. Their primary goal is to hide the multipath
implementation details inside the routing subsystem, greatly simplifying
firewalls implementation:
int fib4_lookup_urpf(uint32_t fibnum, struct in_addr dst, uint32_t scopeid,
uint32_t flags, const struct ifnet *src_if);
int fib6_lookup_urpf(uint32_t fibnum, const struct in6_addr *dst6, uint32_t scopeid,
uint32_t flags, const struct ifnet *src_if);
All functions have a separate scopeid argument, paving way to eliminating IPv6 scope
embedding and allowing to support IPv4 link-locals in the future.
Structure changes:
* rtentry gets new 'rt_nhop' pointer, slightly growing the overall size.
* rib_head gets new 'rnh_preadd' callback pointer, slightly growing overall sz.
Old KPI:
During the transition state old and new KPI will coexists. As there are another 4-5
decent-sized conversion patches, it will probably take a couple of weeks.
To support both KPIs, fields not required by the new KPI (most of rtentry) has to be
kept, resulting in the temporary size increase.
Once conversion is finished, rtentry will notably shrink.
More details:
* architectural overview: https://reviews.freebsd.org/D24141
* list of the next changes: https://reviews.freebsd.org/D24232
Reviewed by: ae,glebius(initial version)
Differential Revision: https://reviews.freebsd.org/D24232
on all major Linux distributions as well as NetBSD and OpenBSD.
Remove the undocumented ZONEINFO_OLD_TIMEZONES_SUPPORT and the deprecated
OLDTIMEZONES knobs as they are now the default.
Reviewed by: ngie, rgrimes
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24306
I recently made some bug fixes in nvmecontrol. It occurred to me that
since nvmecontrol lacks any kyua tests, I should convert the informal
testing I did into a more formal automated test. The test in this
change should be considered just a starting point; it is neither
complete nor thorough. While converting the test to ATF/kyua, I
discovered a small bug in nvmecontrol; the nvmecontrol devlist command
would always exit with an unsuccessful status. So I included the fix
for that, too, so that the test won't fail.
Reviewed by: imp@
MFC after: 3 days
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D24269
instead of sprinkling them out over many disjoint files. This is a follow-up
to achieve the same goal in an incomplete rev.348521.
Approved by: imp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20520
No user (except nobody) should be a member of the nobody group.
Reported by: rgrimes
Reviewed by: rgrimes
MFC after: 3 days
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24199
The "kyua about" command assumes these files exist causing tests
supplied devel/kyua to fail.
Fix a bug defining the default KYUA_DOCDIR so the installed files can be
found.
Reported by: jenkins tests
Reviewed by: lwhsu
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24187
Also mark it as config file so if a user changes this file pkg will attempt
to merge the new file upon an update.
device.hints is neither related to runtime or loader but it make more sense
to have it in loader in case some user delete /boot/ and wants to recreate it,
now only two packages are required FreeBSD-bootloader and the kernel package.
While here change where we override the package for files installed in /boot,
this allow us to keep other tags (such as config).
Reported by: pizzamig
Reviewed by: bapt pizzamig emaste
Differential Revision: https://reviews.freebsd.org/D24159
Having kyua in the base system will simplify automated testing in CI and
eliminates bootstrapping issues on new platforms.
The build of kyua is controlled by WITH(OUT)_TESTS_SUPPORT.
Reviewed by: emaste
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24103
Else when WITHOUT_SENDMAIL is set we still create a sendmail package
that contains (only) two directories.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24149
As described in Warner's email message[1] to the FreeBSD-arch mailing
list we have reached GCC 4.2.1's retirement date. At this time all
supported architectures either use in-tree Clang, or rely on external
toolchain (i.e., a contemporary GCC version from ports).
GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later
that year, in r171825. GCC has served us well, but version 4.2.1 is
obsolete and not used by default on any architecture in FreeBSD. It
does not support modern C and does not support arm64 or RISC-V.
Thanks to everyone responsible for maintaining, updating, and testing
GCC in the FreeBSD base system over the years.
So long, and thanks for all the fish.
[1] https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019823.html
PR: 228919
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23124
The original intention for caroot was to be packaged separately, perhaps so
that users can have a more/less conservative upgrade policy for this
separated from the rest of base.
secure/caroot/Makefile doesn't have anything interesting to package, but its
subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted
and trusted get packaged consistently into the correct one rather than the
default -utilities. Also tag the directories for package=caroot, as they
could also be empty; blacklisted is empty by default, but trusted is not.
Add a post-install script to do certctl rehash, along with a note should we
eventually come up with a way to detect that files have been added or
removed that requires a rehash.
-caroot gets a dependency on -utilities, as that's where we provide certctl
at the moment. We can perhaps reconsider this and put certctl into this
package in the future, but there are some bits within -utilities that
unconditionally invoke certctl so let's hold off for now.
Reviewed by: manu (earlier version, before -utilities dep added)
Differential Revision: https://reviews.freebsd.org/D23352
POSIX and en_US.US_ASCII are aliases (symlinks) to the C locale. They were
not previously tagged with a pkgbase pacakge. Add the tag so that they are
handled correctly on pkgbase-installed/updated systems.
[This is r356990 reapplied with a corrected commit message.]
Discussed with: manu
POSIX and en_US.US_ASCII are aliases (symlinks) to the C locale. They were
not previously tagged with a pkgbase pacakge. Add the tag so that they are
handled correctly on pkgbase-installed/updated systems.
Discussed with: manu
Add ATF tests for most gmultipath operations. Add some dtrace probes too,
primarily for configuration changes that happen in response to provider
errors.
PR: 178473
MFC after: 2 weeks
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D22235
Each boot, regenerate /var/run/os-release based on the currently running
system. Create a /etc/os-release symlink pointing to this file (so that this
doesn't create a new reason /etc can not be mounted read-only).
This is compatible with what other systems do and is what the sysutil/os-release
port attempted to do, but in an incomplete way. Linux, Solaris and DragonFly all
implement this natively as well. The complete standard can be found at
https://www.freedesktop.org/software/systemd/man/os-release.html
Moving this to the base solves both the non-standard location problem with the
port, as well as the lack of update of this file on system update.
Bump __FreeBSD_version to 1300060
PR: 238953
Differential Revision: https://reviews.freebsd.org/D22271
Mount the UEFI ESP on /boot/efi. No current system uses this by default, but
there are many ad-hoc schemes that do this in /efi or /esp or /uefi and adding a
new directory at the top-level would have a much higher likelihood of
collision. Document this in /etc/mtree/BSD.root.mtree and create EFIDIR and
related variables in bsd.own.mk.
Differential Revision: https://reviews.freebsd.org/D21344
In order to ensure that changing the frag6 code does not change behaviour
or break code a set of test cases were implemented.
Like some other test cases these use Scapy to generate packets and possibly
wait for expected answers. In most cases we do check the global and
per interface (netstat) statistics output using the libxo output and grep
to validate fields and numbers. This is a bit hackish but we currently have
no better way to match a selected number of stats only (we have to ignore
some of the ND6 variables; otherwise we could use the entire list).
Test cases include atomic fragments, single fragments, multi-fragments,
and try to cover most error cases in the code currently.
In addition vnet teardown is tested to not panic.
A separate set (not in-tree currently) of probes were used in order to
make sure that the test cases actually test what they should.
The "sniffer" code was copied and adjusted from the netpfil version
as we sometimes will not get packets or have longer timeouts to deal with.
Sponsored by: Netflix
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.
This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions
A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16856
