Also add the ability to use Bzip'ed distributions -- but this is exclusive
of being able to use Gzip'ed distributions.
Sponsored by: FreeBSD Mall, Inc.
and pull configSecurityProfile under that menu. Add a menu option
to determine whether LOMAC is enabled at boot. Probably, eventually,
many of the 'Security Profile' menu choices should be pulled out
independently into the Security Menu, so as to make them individually
selectable.
Sponsored by: DARPA, NAI Labs
defaults both in regards to the size of the partitions that are created
and in regards to safety and functional separation.
Still TODO: extend the previous partition to cover a deleted partition
if the previous partiton was auto-created, and supply some sort of
solution for /tmp.
Reviewed by: Just about everyone
Approved by: Nobody except maybe my pet mouse fred
Obtained from: God, so complain to HIM
MFC after: 1 week
Since userconfig feature is implemented by tweaking variables (hint.*)
with loader(8), we can put back an equivalent feature. Maybe the first
step for this is to commit yokota-san's patch (add userconfig command
for loader).
Approved by: jkh
survive a sysinstall Ctrl-C -> 'Restart'. This fixes another annoying
bug where restarting sysinstall will try to reload kernel modules and
do other external things that have already been done. For now, use
these persistent variables to keep track of module, usbd, and pccardd
initialization.
Bug found by: rwatson
MFC after: 1 week
environment. This fixes an annoying bug where hitting Ctrl-C and
telling sysinstall to 'restart' will do no such thing since many of
the options are still set and so you won't be prompted for them
again.
MFC after: 1 week
conservative default, and actually prompt specifically for inetd rather
than handling it as a side effect of the security profile. Update the
help file to reflect this change.
o Rename "Fascist" to "Extreme" in the source code, to match the names
presented to the user.
o Remove portmap and inetd from profile management. Portmap is now
disabled by default, but automatically turned on if a feature requires
it (such as NFS, etc).
This is an MFC candidate for 4.4-RELEASE.
Reviewed by: freebsd-arch@FreeBSD.org
Approved by: re@FreeBSD.org
MFC after: 2 days
post-install config, reduce the potential confusion from the existence
of both configTTYs and configTtys by renaming configTTYs to
configEtcTtys. While this is not a C naming conflict, it was probably
a poor choice of names on my part.
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
names suggest, they perform methods on Device's. In addition, they
check that the pointer passed to them is valid; if it isn't, they
pretend that the action failed. This fixes some crashes due to NULL
dereferences (e.g., PR 26509).
Approved by: jkh (some time ago)
need to manually force the network_interfaces variable in /etc/rc.conf,
and it only ever gets in the way. rc.network and rc.network6 DTRT with
the default of 'auto'. This should have died over a year ago.
no as a default. Sysinstall should be both less dangerous and less
annoying as a result of this change, though that's just my opinion
(since they're the defaults which annoy ME the least :).
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
appropriate(?) defaults for "low", "medium" and "high" security
environments. Medium is basically what we currently have with a little
seat-belt tightening where it made sense. Low is the same as medium but
without the tightening. High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
does bad things to /etc/make.conf in certain situations. Also
soften the "don't install crypto from the USA!" messages since,
except for RSA (which is still noted), that's not so true anymore.
IPv6 configuration is only done by rtsol. Does someone really
need manual configuration? :-)
You can specify IPv6 DNS server as well.
We have only one server ftp7.jp.freebsd.org that speaks IPv6
in this time. ftp7.jp speaks IPv4 as well and also listed as
Japan #7.
Approved by: jkh
boot.flp and plain boot.flp.
- Clean up crunchgen related routine.
- Add PC-98 support.
TODO:
o Documentation
o Fix some messages for PC-98
o Decrease the size of fixit.flp to 1.2MB
o I18N (See: http://www.jp.FreeBSD.org/BootAsia/index.html)
No response from jkh
setting 'usbd_enable' in rc.conf during nwe installs if USB is detected.
Also, since usbd already handles USB mice automatically, note that the
mouse setup section in sysinstall only applies to non-USB mice.
Approved by: jkh
You can't enable 'emulate 3 button' option for moused in sysinstall.
This adds a menu option to set moused_flags and the help text explains
that entering "-3" will enable this feature.
on locale.
o Allow use of "G" in label editor to stand for gigabytes. This
is actually an unrelated patch which I meant to commit separately
but what the heck, it's late.
Partially submitted by: phk
I backed-out the changes in -current and didn't touch stable at all (I
thought I had my patch order reversed, not what actually happened).
AIEEE! I can't even blame the crack for this one since I broke my
crack pipe a few weeks ago. I think sleep deprivation gets the blame
for this one.
Medal for noticing this one goes to: Jim Bloom <bloom@acm.org>
bringing in DHCP support. The only thing I left out were Poul-Henning's
newfs changes since I'm not sure if he's brought the rest of that support
into -stable yet. If it turns out that this is the case, I'll MFC those
changes too.
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
in some code from C. Stone to parse the lease information. This is still
a WIP and this commit is largely intended to allow others to sync up; the
dhclient code still only works when doing dhcp configuration post-install
and requires a bit more work on the boot floppy before it will truly
work in the minimal bootstrapping role.
on CDs and FTP sites.
o Collapse some redundant code.
o Fix typo'd menu.
o Restrict searches properly to packages rather than categories.
o Small tweaks to signal handling.
All RELENG_3 candidates.
feature of packages now so that no version info is embedded.
o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
and Windowmaker desktops instead of the boring twm(1) based one if the
user so chooses. This will require a little testing.
to now detect that CD you just remembered to put in the drive or that
pccard NIC that you've inserted (anybody can put pccardd in an mfsroot image
now you know.. :)
Requested by: Annelise Anderson <andrsn@andrsn.Stanford.EDU>
orthogonal to the other entries).
Clean up X selection code a bit.
Choose proper architecture subdirectories on mirror sites now that we've
gone fully to the new multi-arch directory scheme.
Now we know which variables are internal and which need to be
backed to /etc/rc.conf.site. rc.conf is not touched now.
Also kget kernel change information back properly and set up a loader.rc
file to use it.
o Move fixups into extraction routine so all consumers don't have to duplicate
the right behavior.
o Make some things more orthogonal (just for asthetics sake)
o Add option to go back and do it again if XF86Setup fails (possibly with
a different setup - this one has always annoyed me).
the device is enabled by default in the GENERIC kernel.
- Kill the mouse daemon, if any, when the user wants to disable it.
- Minor update on mouse menus.
Now you can use one without entering the other and it will DTRT.
These changes just allowed me to do the most straight-forward new disk
installation I've ever managed with sysinstall.
1. Detecting the split /dev/ttyv0 / /dev/console case, e.g. you've
booted with the -h flag and you have a VGA card also.
2. Adding an extra "menu" for selecting terminal type and adding ANSI
to the list of compiled-in terms.
3. Opening the proper file descriptors before disowning ourselves.
Requested by: pst
those ideas that, like the Apache server setup, was well-intentioned
but doomed to fail in the face of change. That and the fact that it
shouldn't be part of the installation tool, it should be part of the
post-installation setup tool (which we need to write). Combining the
two utilities into one utility was my first conceptual mistake.
Apologies also to Coranth Gryphon, who worked hard on the Apache
and Samba server setup code. These features were quite useful
for awhile, if that's any consolation, I just simply had the wrong
ideas about where to put them. :-(
Add a system command to script mechanism (so you can call things like
tzsetup from scripts).
Add noError variable for causing script errors to be ignored.