This sshd_config keyword was replaced by KbdInteractiveAuthentication in
openssh 8.7, though ChallengeResponseAuthentication is silently accepted
as an alias. However, this means that the code in ec2.conf which
modifies a commented-out line no longer does anything. Apply a minimal
fix.
Reviewed by: cperciva, emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34400
This requires two sets of changes. Firstly, for non-FreeBSD, we do not
know where tools are in PATH (and it is likely that some are not in
system directories and have been built as bootstrap tools during the
build), so we should leave PATH alone and trust the user. Secondly,
makefs needs a master.passwd for building images from a METALOG file, so
pass the directory in the image tree to makefs's -N option in order to
pick up a valid FreeBSD master.passwd; this is unnecessary on FreeBSD
(except in the edge case of building an image that refers to users or
groups not present in the host's database, which is unlikely but
technically possible) but harmless so can be done unconditionally.
Reviewed by: brooks, emaste, gjb
Differential Revision: https://reviews.freebsd.org/D34001
This requires a bunch of METALOG mangling to include the files we inject
into the tree. The mkisoimages.sh and make-memstick.sh scripts are now
called with the current directory inside the tree so that the relative
paths in the METALOG match up with the current directory. The scripts do
not require this when not using a METALOG, but for simplicity we always
do so. The Makefile mangles the real METALOG created from the install,
as those files are shared across all uses of the tree, but the shell
scripts create a temporary copy of the METALOG that they mangle as their
tree modifications are specific to that image. We also need to pass -D
to makefs to turn any duplicate METALOG entry errors into warnings, as
we have many (harmless) instances of those.
Whilst dvd1.iso should work, the !NOPKG code will need more work to
support this.
All media will also lack mergemaster and etcupdate trees, since more
work is needed to add -DNO_ROOT modes to them. Users of install media
built this way will have to manually bootstrap them.
Reviewed by: brooks, gjb
Differential Revision: https://reviews.freebsd.org/D33999
Currently the current directory is the parent of the rootfs directory,
but this will change in order to support NO_ROOT builds that use a
metalog manifest, since those need to have the current directory be the
rootfs itself in order for the relative paths to be correct, and we do
not want the non-METALOG case (which passes the directory to makefs) to
pick up leftover temporary .img files from a previous failed build.
Reviewed by: brooks, emaste, gjb
Differential Revision: https://reviews.freebsd.org/D33998
ubldr.bin was obsoleted by our uboot ports last year, so this is
completely unused in the default config (some customers still use
it, but that's not relevant to this script). Don't copy it at all
since it won't be used for re@ produced images.
Sponsored by: Netflix
Reviewed by: kevans, gjb (re@)
Differential Revision: https://reviews.freebsd.org/D34192
It isn't needed and will cause problem when upgrading to a newer release.
Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33878
Now that root uses /bin/sh as the default shell no need to have csh part
of runtime.
Put it in its own package.
MFC after: never
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33471
And put pkg and its keys in it.
It's easier for small image to depend on this package rather than the
larger utilities one.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33458
It's useful for small image to fetch some data but we don't want to
install utilities nor bloat runtime.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33463
There is no reason that this shouldn't be there.
Change the dependency of caroot from utilities to openssl as it's
the only command that it uses not in runtime.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33458
This allow one to install it without having to install FreeBSD-utilities.
While here put some newsyslog.d file in their own package.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33456
This allow one to not install syslogd and use syslog-ng or any other
syslog daemon.
While here put some syslog.d file in their own package.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33455
While here put the periodic files for some utilities in their own
packages.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33454
And put the mtree binary and files in it.
Useful to create small mfsroot using /etc/rc.d/var without
having to install FreeBSD-utilities.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33442
And put the tcp-wrapper utilities in it.
Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33439
YP is less and less used, split them to users have the choice to not
install them.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33441
Disable Duplicate Address Detection in EC2 instances. The networking
configuration in EC2, with IPv6 addresses assigned by DHCPv6 and
host egress filtering, makes "duplicate addresses" impossible.
This speeds up the boot process in EC2 by 2 seconds.
Reviewed by: kp, imp, bz
MFC after: 2 weeks
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D33091
Imports the changes for building official images on Azure Marketplace,
which fulfill the requirements of Azure and FreeBSD cloud images like
disk layout and UEFI for Gen2 VM, along with some minor improvements like
configurations to speed up booting.
"CLOUDWARE" list will be updated after some more collaborations with re
completed.
Reviewed by: re (gjb)
Sponsored by: The FreeBSD Foundation
Technical assistance from: Microsoft
Differential Revision: https://reviews.freebsd.org/D23804
This reduces the FreeBSD boot time by approximately 5 seconds,
roughly equally divided betwenn two factors:
* Disk I/O is faster in the EFI loader since it can perform larger
I/Os. (The BIOS loader is limited due to the use of bounce buffers
in sub-1M memory.)
* The EFI console is much faster than the VGA console.
Note however that not all EC2 instance types support UEFI; as a
general rule the newer instances (based on Amazon's "Nitro" platform)
support UEFI but the older instances (based on Xen) do not.
X-MFC: TBD based on tradeoff between performance and compatibility
Relnotes: yes
Sponsored by: https://www.patreon.com/cperciva
The default boot method for amd64 AMIs is BIOS, but at AMI creation
time a flag can be set to specify that UEFI should be used instead.
This commit adds a variable AMIBOOTMETHOD which, if set to "UEFI",
causes the appropriate flag to be set during AMI creation.
The only boot method supported by EC2 for arm64 is UEFI.
The names of AMIs are also amended to include the boot method; they
now look like "FreeBSD 14.0-CURRENT-amd64-20210915 UEFI".
MFC after: 1 week
Sponsored by: https://www.patreon.com/cperciva
ftp tools aren't that useful nowadays but some might want them.
Create a FreeBSD-ftp package so users have a choice to have
them or not.
Differential Revision: https://reviews.freebsd.org/D31794
vt files for either keyboards and fonts are totally optional
so create a separate package for them.
Differential Revision: https://reviews.freebsd.org/D31797
mlx* are only useful for users who have a Mellanox card.
Create a package for it so users that don't have this card can
avoid having this program.
Differential Revision: https://reviews.freebsd.org/D31795
cxgbetool is only useful for users who have a Chelsio card.
Create a package for it so users that don't have this card can
avoid having this program.
Differential Revision: https://reviews.freebsd.org/D31793
both telnet and telnetd aren't that useful nowadays but some
might want them.
Create a FreeBSD-telnet package so users have a choice to have
them or not.
Differential Revision: https://reviews.freebsd.org/D31791
Reviewed by: emaste
If SSMPREFIX is specified, AMI Ids will be recorded in the SSM
Parameter Store under the name
${SSMPREFIX}/${ARCH}/${FLAVOUR}/${ROOTFS}/${REVISION}/${BRANCH}
where ARCH is "amd64" or "arm64", FLAVOUR is "base" (but may have
other options in the future), ROOTFS is "ufs" (but may have other
options in the future), and REVISION and BRANCH have their normal
meanings.
FreeBSD will be using the public prefix "/aws/service/freebsd",
resulting in SSM Parameter names which look like
/aws/service/freebsd/amd64/base/ufs/14.0/CURRENT
Relnotes: yes
Sponsored by: https://patreon.com/cperciva
MFC after: 2 weeks
This is useful for adding extra packages to the build of an AMI.
For example:
env VM_EXTRA_PACKAGES="zsh" make -C release ec2ami
Approved by: gjb
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Currently pkg(8) will fail to install any package if one is missing, so
make this a loop to prevent one missing package from preventing the rest
from installing. Seen building an AWS AMI for aarch64 on main and
ebsnvme-id is not available in the repo at the moment.
Approved by: gjb
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Per [(1), i.e. test(1), the string comparison operator should be `=`,
not `==` in sh(1) scripts.
No functional change. FreeBSD's test accepts `==` as an alias for `=`
for compatibility with gnu test's `==` extension.
Reviewed by: imp@, gjb@
Pull Request: https://github.com/freebsd/freebsd-src/pull/485
And move all the nfs related commands there.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D30754
Sponsored by: Diablotin Systems
This allows to boot out of the box on the RPI COmpute Module 3 with 32G
of eMMC.
Tested by: imp confirmed .dtb is in the rpi-firmware pkg
Reviewed by: gjb@, imp@
Pull Request: https://github.com/freebsd/freebsd-src/pull/452
Sponsored by: Netflix
While here, fix all links to older en_US.ISO8859-1 documentation
in the src/ tree.
PR: 255026
Reported by: Michael Büker <freebsd@michael-bueker.de>
Reviewed by: dbaio
Approved by: blackend (mentor), re (gjb)
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D30265
This is useful for upgrade and also to make tiny jail so they won't
depend on FreeBSD-utilities (where openssl was packaged before).
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30081
We do not currently generate armv7 distribution sets, because we don't
build any installer images. However, having such sets available can be
useful for quickly installing a base system, particularly in the case
of creating an armv7 poudriere jail on arm64.
Add a configuration file for the generation of these distribution sets.
Reviewed by: manu, imp, gjb
MFC after: 3 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D29923
The mangling was present in the initial revision of the script, but its
purpose is not clear. It may have been to avoid defining make(1)
variables with a dash in the name, but this is permitted. Furthermore,
it results in invalid dependency information if a dependency's name
contains an underscore, causing e.g., libcompiler_rt-dev to depend on
libcompiler-rt, and resulting in warnings when installing base system
packages. Remove the mangling.
Reviewed by: manu
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29883
To support -DNO_ROOT work. The top-level installworld target creates a
new METALOG starting with `#mtree 2.0` so it needs to be first, to avoid
overwriting installkernel METALOG entries.
Reviewed by: gjb
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29582
make "vital" a replaceable, which defaults to "false" and only set it for
the main clib, utilities and runtime packages, not their sub-packages
PR: 254174
Differential Revision: https://reviews.freebsd.org/D29224
Recent mkimg changes forces to have partitions given in explicit order.
This is so we can have the first partition starting at a specific offset
and the next ones starting after without having to specify an offset.
Switch the partition in the mkisoimage.sh script so the first one created
is the isoboot one.
PR: 254490
Reported by: Michael Dexter <editor@callfortesting.org
Tested by: Vincent Milum Jr <freebsd@darkain.com>
MFC after: Right now
Sync determining the git count with newvers.sh by adding the
--first-parent argument. This ensures uname(1) reflects the
file name for snapshots.
Reported by: Mark Millard
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Remove tmpfs size limitation, this breaks make installworld and installation of some packages
Format generated fstab using tabs to make it consistent and readable
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D29283
Man pages can be big in total, add an options to split man pages
in -man packages so we produce smaller packages.
This is useful for small jails or mfsroot produced of pkgbase.
The option is off by default.
Reviewed by: bapt, Mina Galić <me@igalic.co>
Differential Revision: https://reviews.freebsd.org/D29169
MFC after: 2 weeks
They aren't needed and produce wrong package comments :
We use to have "runtime-dev package" instead of
"FreeBSD Base System (Development Files)" for example
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D29168
MFC after: 2 weeks
Pass UNAME_r override to make(1) for ports builds when building
ports for another branch.
MFC after: 3 days
MFC with: 0be274d373, 80ab50e1de, c883b6fd8c
Sponsored by: Rubicon Communications, LLC ("Netgate")
truncate(1) is not case-sensitive with regard to setting the size
of a file. makefs(8), however, does not honor upper-case values.
Update release-specific files and the release(7) manual page to
reflect this.
MFC with: 1ca8842f3a
Submitted by: ehem_freebsd_m5p.com (original)
Differential Review: https://reviews.freebsd.org/D28979
Sponsored by: Rubicon Communications, LLC ("Netgate")
This had prevented the bootconfig step from determining if an ESP exists,
resulting in its unconditional setup. On BIOS-booted amd64, this wasn't
harmful, just unnecessary, but it resulted in failed installations on
non-EFI-supporting platforms like powerpc64.
MFC after: 3 days
In followup to 80ab50e1de,
export UNAME_r in Makefile.inc1 instead of Makefile.vm.
MFC after: 3 days
MFC with: 80ab50e1de
Sponsored by: Rubicon Communications, LLC ("Netgate")
Using makefs instead reduces the privileges needed to build VM images,
simplifies the script (no need to copy files to a fresh image at the end),
and improves portability by allowing generation of cross-endian images.
As a result of the last, this patch also adds support for generation of
powerpc64 and powerpc64le VM images.
No other changes to the output. Tested and working for both amd64 and
powerpc64 targets.
Reviewed by: gjb
Differential Revision: https://reviews.freebsd.org/D28912
These images only ever worked on Apple Powermacs, which are now a very
old platform, and did so only for a very loose definition of "worked"
(they booted on a small subset of supported machines). Moreover, all
the machines they *did* boot on also would boot from a memstick made
by dd'ing an CD image to a flash drive. Since a flash drive prepared
in this way would also boot all the newer systems we support, the
memstick images were strictly less functional than the CD images, even
for booting from memory sticks.
Reviewed by: jhibbits
MFC after: 1 week
Following 7b1d1a1658, the structure
for the reldoc target has significantly changed as result of the
ASCIIDoctor/Hugo migration. As the release notes related files
on the installation medium are inherently out of date, purge them
entirely.
Discussed within: re, doceng
No objection: re (silence), doceng (silence)
Timeout: 2 weeks
MFC after: 1 week
MFC to: stable/13, stable/12, and stable/11 only
Sponsored by: Rubicon Communications, LLC ("Netgate")
Add PBUILD_FLAGS and UNAME_r overrides to extra_chroot_setup()
to fix building ports for 14-CURRENT builds on 13.x.
MFC after: 3 days
MFC with: c511a5ab53
Sponsored by: Rubicon Communications, LLC ("Netgate")
The 'reldoc' target includes release-related documentation on
installation medium. Since the switch from XML to ASCIIDoctor,
the file locations have moved, and it will take some time to sort
out how this target should work now.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
The ports tree is scheduled to be converted from Subversion to Git
after the currently-scheduled 13.0-RELEASE, so the source of truth
will be Subversion for the ports tree.
Implement a hack specifically for this case.
Sponsored by: Rubicon Communications, LLC (netgate.com)
Hard-code the GITROOT for the ports tree to use cgit-beta
until the ports repository is converted.
While here, remove $FreeBSD$ RCS IDs.
Sponsored by: Rubicon Communications, LLC (netgate.com)
We now have a u-boot port and config.txt for booting on all 64bits
variant of the RPI boards (RPI2v1.1, RPI3* and RPI4*) so use
the new u-boot-rpi-arm64 and the config_arm64.txt files.
Discussed with: karels, kevans
For platforms that don't have any of the memstick, cdrom, or dvdrom
release images (i.e. riscv64), the release-install target will trip up
when invoking md5(1) on the non-existent image files. Skipping this
allows the install to complete successfully.
Add two release flavors for RISC-V. First, the traditional "big-iron"
images, capable of generating distribution sets and VM images. Installer
images won't be built yet, but can be trivially enabled in the future
with the addition of riscv/make-memstick.sh.
Second, a GENERICSD embedded image. I've opted for this instead of
board-specific SD card images as it allows users to just dd the u-boot
they want. The RISC-V hardware ecosystem is still young, so a
configuration for e.g. the new PolarFire SoC Icicle Kit would likely see
very few users.
Reviewed by: gjb
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27045
RISC-V has the same booting requirements as arm64 (loader.efi, no legacy
boot options), so generated images for both architectures have the same
partition layout.
Reviewed by: gjb
Differential Revision: https://reviews.freebsd.org/D27044
Since the few existing RISC-V hardware platforms are single board
computers, we can piggyback off of arm/arm64's embedded build support
for generating SD card images.
I don't see a pressing need to change the naming in this file at this
time.
Reviewed by: gjb, manu
Differential Revision: https://reviews.freebsd.org/D27043
Both RPI2 and BEAGLEBONE are still popular and used arm boards.
Both u-boots can coexist as they are named differently and live in the
fat partition.
This leave us with only one image that can be used for both of those
boards and all the other ones supported by FreeBSD provided that you
install the correct u-boot on it.
Reviewed by: imp
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27283
All those board are impossible to buy nowadays and could boot using the
GENERICSD image after putting the correct u-boot on them.
Reviewed by: imp
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27282
