- awk sometimes formatted swapbase as floating point, which gpart
does not accept; force int.
- Fix typo in code for checking vm.max_swap_pages.
- While here, do not set kernel env if "gpart add" fails.
- Add "gpart show" before modification to verbose output.
Reported by: marklmi at yahoo dot com
Tested by: marklmi at yahoo dot com
When setting up carp tunnel, using a password consisting of only the
characters used as hexadecimal characters, i.e. abc-def, there will be
an infinite loop in the shell function ifalias_af_common_handler().
To circumvent this we test for " pass ".
PR: 268378
Reported by: jyoung15@gmail.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37748
"[[:space:]]" is easier to read than "\ " and is conisitent with
clone_up().
Reported by: eugen
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D37748
Pass `-vv` to pytest in order to always get the full output.
While here, enforce the modeline.
Differential Revision: https://reviews.freebsd.org/D37894
MFC after: 2 weeks
This new default-enabled rc will generate a /etc/machine-id file if it
does not exist, and pre-fill it with a newly generated UUID of version 4
[2].
The file is generated in /var/db/machine-id and symlinked to
/etc/machine-id to allow for read-only root partitions.
This file is amongst other things used by libraries like GLib.
Bump FreeBSD version 1400076 to be able to easily add support for older
version of FreeBSD via a package.
[1] Linux machine-id(5): https://www.man7.org/linux/man-pages/man5/machine-id.5.html
[2] f176fe8e7f
Approved by: bapt
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37722
Add comments analogous to those that are in the sendmail mailer.conf,
including a pointer to /usr/share/examples/sendmail/mailer.conf.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D37711
Add new growfs_swap_size variable with a default value of the empty
string, along with comments on other settings. Used by the growfs
script.
Differential Revision: https://reviews.freebsd.org/D37464
The growfs_fstab script is a helper for the growfs script to add any
new swap partition to /etc/fstab on first boot. If growfs adds a
swap partition, it sets growfs_swap_pdev in the kenv. In this case,
after the root file system is read/write, if there is no swap partition
in the fstab, growfs_fstab adds growfs_swap as a swap partition to the
fstab. Also, it runs dumpon to add the swap partition (as this
happened earlier in the startup sequence).
Discussed with: cperciva
Differential Revision: https://reviews.freebsd.org/D37463
Add the ability to create a swap partition in the course of growing
the root file system on first boot, enabling by default. The default
rules are: add swap if the disk is at least 15 GB (decimal), and the
existing root is less than 40% of the disk. The default size is 10%
of the disk, but is limited by the memory size. The limit is twice
memory size up to 4 GB, 8 GB up to 8 GB memory, and memory size over
8 GB memory. Swap size is clamped at vm.swap_maxpages/2 as well.
The new swap partition is labeled as "growfs_swap".
The default behavior can be overridden by setting growfs_swap_size in
/etc/rc.conf or in the kernel environment, with kenv taking priority.
A value of 0 inhibits the addition of swap, an empty value specifies
the default, and other values indicate a swap size in bytes.
By default, addition of swap is inhibited if a swap partition is found
in the output of the sysctl kern.geom.conftxt before the current root
partition, usually meaning that there is another disk present.
Swap space is not added if one is already present in /etc/fstab.
The root partition is read-only when growfs runs, so /etc/fstab can
not be modified. That step is handled by a new growfs_fstab script,
added in a separate commit. Set the value "growfs_swap_pdev" in kenv
to indicate that this should be done, as well as for internal use.
There is optional verbose output meant for debugging; it can only be
enabled by modifying the script (in two places, for sh and awk).
This should be removed before release, after testing on -current.
Discussed with: cperciva
Reviewed by: imp (previous version)
Differential Revision: https://reviews.freebsd.org/D37462
The NONE parameter has been deprecated for more than 20 years
but was never removed, its useful to simplify the sendmail
management.
This reverts commit 7cadc52638.
GCC 12 defaults to C++17 which removes (not just deprecates)
std::auto_ptr<>. Trying to use CXXSTD of c++03 doesn't work with
libc++ headers, but c++11 does.
Reviewed by: brooks, imp, emaste
Differential Revision: https://reviews.freebsd.org/D37531
The main difference with the chown in luaposix, is that it checks
and reports if a user or a group do exist when a string is passed
as arguments
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D37479
GCC warns about the non-literal format string passed to strftime(). A
warning here seems a bit odd as strftime() does not take varargs so
there is not a risk of missing args.
As PF now also supports dummynet but can not configure it on its own,
the service which configures pipes, queues and schedulers is needed.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D37451
othermta (along with mta_start_script configuration entry in rc.conf)
was a mechanism used to be able to run another mta than sendmail(8) before
"rcng" time 20 years ago.
othermta has not been used since.
similar to the same token in glibc.
Requested and reviewed by: bapt
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D37329
dma accepts mail from a local Mail User Agent (MUA) and delivers it
locally or to a smarthost for delivery. dma does not accept inbound
mail (i.e., it does not listen on port 25) and is not intended to
provide the same functionality as a full MTA like postfix or sendmail.
It is intended for use cases such as delivering cron(8) mail. which
is the default configuration and usage of sendmail in the default
setup of the base system.
In order to switch the default from sendmail to dma, we teach
mailwrapper to fallback on dma directly if the mailer.conf file cannot
be opened.
We install by default a mailer.conf file which points at dma
We install a mailer.conf file for sendmail in the examples.
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D37035
If a zpool is created by makefs(8), its version is 5000, i.e., all
feature flags are off. Introduce an rc script to run `zpool upgrade`
over the assigned zpools on the first boot. This is useful to the
ZFS based VM images built from release(7).
Reviewed by: imp, markj, mav
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37282
* Avoid unnecessary use of `unsigned char *`
* Use explicit casts when assigning `unsigned char *` to `char *` or vice versa
* Drop unused global variables (and fix memory leak in `gettable()`)
* Use `snprintf()` instead of `strcpy()` + `strcat()`
* Drop spurious braces in switch
Sponsored by: Klara, Inc.
Obtained from: Apple OSS Distributions (in part)
Differential Revision: https://reviews.freebsd.org/D37263
Mostly remove from the SEE ALSO section, adding a mention of the port
where not removed. Elsewhere, remove as appropriate and change from .Xr
to .Nm where a mention of telnetd continues to make sense (or removing
it would require significant reworking of the surrounding text).
Reviewed by: imp, delphij, emaste
Differential Revision: https://reviews.freebsd.org/D36785
The telnetd codebase is unmaintained and has a number of quality
issues. Telnet has been largely supplanted by ssh. If needed, a port is
available (net/freebsd-telnetd), but a more maintained implementation
should be prefered.
While the telnet client suffers from the same issues, it is deemed
to be of lower risk and is required to connect to legacy devices, so
it remains.
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D36620
for the default output. For '-a' (per-object needed printout) the
[preloaded] banner is kept.
Instead, use special format2 for printing the preloaded objects (and
vdso), which does not include DT_NEEDED, since there is no object
needing the printed one.
In this way, the output is more compatible with glibc.
Example:
LD_PRELOAD=/lib/libthr.so.3 LD_TRACE_LOADED_OBJECTS=1 /libexec/ld-elf.so.1 /bin/ls
libutil.so.9 => /lib/libutil.so.9 (0x801099000)
libncursesw.so.9 => /lib/libncursesw.so.9 (0x8010b0000)
libc.so.7 => /lib/libc.so.7 (0x801123000)
[vdso] (0x7ffffffff000)
/lib/libthr.so.3 (0x80106c000)
Note the absense of the part before and including '=>' for preloaded
libthr.so.3, and for vdso.
PR: 265750
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D36616
The "shutdown" keyword invokes rcorder with the -k flag, for rc scripts
with the keyword at shutdown.
Reported by: bdrewery
Fixes: 27b9777c28
MFC after: 3 days
Differential Revision:
Users with a tmpfs /var/run will lose the directory tree state of
/var/run at reboot. This rc script will optionally (by default)
capture the state of the directory structure in /var/run prior to
shutdown and recreate it at system boot.
Alternatively a user can save the state of the /var/run directories
manually using service var_run save and disable the autosaving of
/var/run state using the var_run_autosave variable, for those
paranoid SSD users.
PR: 259585, 259699
Reported by: freebsd@walstatt-de.de,
Reviewed by: philip, gbe (previous version)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36386
Rtld locks from libthr defer signals delivery, which means that binding
is not possible while a signal handler is executed.
Binding might upgrade read-locked rtld_bind_lock to write-lock, if
symbol resolution requires loading filters. If a signal would be delivered
while rtld is in read-locked section, and signal handler needs binding
which upgrades the lock, for non-threaded image that uses default rtld
locks, we get the rtld data structures modified under the top-level
active rtld frame.
To correct the problem, mask signals for read-locking of default locks
in addition to the write-locking. It is very cheap now with
sigfastblock(2).
Note that the global state is used to track pre-locked state of either
sigfastblock(2) or signal mask (if sigfastblock(2) is administratively
disabled). It is fine for non-threaded images since there are no other
threads. But I believe that it is fine for threaded images using libc_r
as well, since masking signals disables preemption (I did not tested
it).
NetBSD PR: https://gnats.netbsd.org/56979
Reported by: tmunro
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D36396
Certain configurations need to use a different path for pidfile.
Allow rc.conf to overwrite it.
Reviewed by: cy, 0mp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D36141
None of tools working with login classes change umask(1)
and we had no ways to specify non-default umask for a service
not touching its startup script. This change makes in possible.
Some file-sharing services that create new files may benefit from it.
Differential: https://reviews.freebsd.org/D36309
MFC-after: 3 days
Run a service-based setup script before running the start command.
Useful for automatic configuration file generation.
Reviewed by: https://reviews.freebsd.org/D36006
Commit 24d0c9c1f5 introduced the following regression:
% ldd /bin/ls
/bin/ls:
libutil.so.9 => /lib/libutil.so.9 (0x1021000)
libncursesw.so.9 => /lib/libncursesw.so.9 (0x1021000)
libc.so.7 => /lib/libc.so.7 (0x1021000)
Note that the base address is the same for all displayed libraries.
Fix it by passing correct object to trace_print_obj().
Fixes: 24d0c9c1f5
Reviewed by: jrtc27
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D36198
The first time a FreeBSD system boots, it obtains a hostuuid and hostid
from the smbios.system.uuid kernel environment variable. If this value
is found to be invalid, a warning is printed and the boot pauses for
two seconds to give the user a chance to read it.
If the FreeBSD kernel is launched directly in a virtual machine rather
than via the FreeBSD boot loader, the smbios.system.uuid environment
variable might not be set; in this case, there's no need to alert the
user and delay the boot process since the lack of a "hardware" uuid is
entirely expected.
Distinguish between the cases of "invalid UUID" and "no UUID", warning
and delaying the boot only in the former case. In both cases we still
generate a random UUID in software.
Reviewed by: delphij
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D36185
This change adds 2 tests to make sure that the *_oomprotect variable
sets the protection against OOM killer properly within rc(8) scripts.
This is also adding the first tests for the rc(8) framework. More tests
will be added as we go.
PR: 256148
Approved by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35745
55abf23dd3 inverted the value passed to origin_subst_one when rolling
up the existing code into a loop. If the first token is found ($ORIGIN),
this results in a wild free of part of strtab. Processing the second
token works fine and will act how the first should have regardless of
whether found, allocating memory for the string without freeing.
Processing subsequent tokens however will then leak, regardless of
whether found, as they will also believe they need to allocate memory
and can't free the string.
Found by: CHERI
Reviewed by: kib, markj
Fixes: 55abf23dd3 ("rtld: make token substitution table-driven")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D35792
The rc(8) framework support protecting services from OOM killer.
The current implementation applies the protection after the service has
already started. This works fine if only the main process is to be
protected (*_oomprotect=yes). However, the current implementation fails
to protect existing children when children are also to be protected
(*_oomprotect=all). This patch fixes that.
Note: it is not easy to apply the protectoin earlier because we want to
support both the services which use the "command" variable and those
that use the "start_cmd" variable.
PR: 256148
Approved by: adrian, osogbo
Tested by: Jamie Landeg-Jones <jamie@catflap.org>
Fixes: 3bead71e95 - Add a global option where we can protect
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35747
atf format does not provide any way of signalling any error message
back to the atf runner when listing tests. Work this around by
reporting "__test_cases_list_pytest_binary_not_found__" test instead.
Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D35721
The mountd script in rc.d sets vfs.nfsd.server_max_nfsvers correctly
when it is run at system startup, relying on the kernel default.
However, if NFSv4 was enabled in /etc/rc.conf later, and the script
was re-run to restart mountd, the sysctl was still set to 3.
Set the sysctl to the right value in all cases.
Reviewed by: rmacklem
MFC after: 1 week
This change is a continuation of 9c42645a1e workaround.
Apparently pytest argument parser is not happy when parsing values
with spaces or just more than one --atf-var argument.
Switch wrapper to send these kv pairs as env variables. Specifically,
use _ATF_VAR_key=value format to distinguish from the other vars.
Add the `atf_vars` fixture returning all passed kv pairs as a dict.
Reviewed by: lwhsu
Differential Revision: https://reviews.freebsd.org/D35625
MFC after: 2 weeks
Move pytest wrapper to the collection of the other atf wrappers
in libexec. It solves the problem of combining bits & pieces from
bsd.test.mk and bgs.prog.mk to address "test binary, but not the
suite binary".
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D35604
MFC after: 2 weeks
ntpd does not always gracefully handle clock steps during resume.
This is probably most useful in conjunction with
ntpd_sync_on_start=YES which will work around any clock skew while
suspended.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D35479
bapt@ had discovered a noticeable boot improvement without the sleep.
Without the sleep does not affect warm or cold boot however a
service netif restart may cause dhclient to spend a few extra seconds
to rerequest the DHCP request.
Reported by: bapt
Reviewed by: bapt
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D35457
In 2018, the commit r328100 (0fdf7fa846)
removed libxo(3) support from ls(1), so ftpd has no reasons to link
with libxo since then.
ls(1) does not depend on libxo in both of stable/12 and stable/13.
MFC after: 2 weeks
If one boots up multiple copies of a template VM image containing a
zpool, the pool GUIDs will be identical, making it impossible to, e.g.,
share datasets between them.
This diff introduces a simple workaround for the problem: one can use
the script to, upon first boot, assign a new GUID to one or more zpools.
This will be useful when building ZFS-based VM images from release(7).
Reviewed by: mav, allanjude, asomers
Reviewed by: Pau Amma (docs)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35336
When no interface is specified results in a syntax error in the rc
script. Only execute poststart when an interface has been specified.
PR: 263358
Submitted by: markj
Reported by: Joshua Kinard <freebsd@kumba.dev>
Fixes: 0da2c91e64
MFC after: 3 days
To allow for a dynamic page size on arm64 have the runtime linker
query the kernel for the currentl page size.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34765
Before, preloaded objects, if not listed as needed for any normally
linked objects, were silently ignored.
Preloaded objects are printed with the `[preloaded]` herald. The list
includes the objects not listed explicitly as recursive dependencies of
the main object, effectively dsos loaded by LD_PRELOAD mechanism.
vdso is listed as well, since it is not needed by anything.
Since there is no DT_NEEDED entry for LD_PRELOADed objects, they are
usually printed using LD_TRACE_LOADED_OBJECTS_FTM2 format due to the
failure of the heuristic based on the presence of the 'lib' prefix.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D34716
The zfskeys service script starts before the zfs service script, so that
dataset decryption keys are available when `zfs mount -a` is run. One of
the potential edge cases of this design is that if a key is stored on
ZFS it won't be loaded until `zfs mount -a` is issued.
In order to address that let's try to load the additional keys and mount
related ZFS datasets after the zfs script finishes its standard mounting
procedure.
PR: 262468
Reported by: Graham Perrin <grahamperrin@gmail.com>
Reviewed by: allanjude
Approved by: allanjude (src)
Fixes: 33ff39796f Add zfskeys rc.d script for auto-loading encryption keys
MFC after: 3 days
Sponsored by: Modirum
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D34601
By rc.conf(5), setting rc_startmsgs="NO" should silence start messages.
Fix a few rc scripts by using startmsg.
PR: 255207
Reported by: Jose Luis Duran <jlduran@gmail.com>
Reviewed by: imp, 0mp
Approved by: imp (src)
Differential Revision: https://reviews.freebsd.org/D34514
startmsg is a new rc.subr(8) function function to be used instead of
echo(1) when for boot messages. It replaces the often forgotten
check_startmsgs && echo ...
with
startmsg ...
No functional change intended.
I adjusted the commit message and did some final clean-ups of the patch
before committing.
PR: 255207
Reported by: Jose Luis Duran <jlduran@gmail.com>
Reviewed by: imp, 0mp
Approved by: imp (src)
Differential Revision: https://reviews.freebsd.org/D34514
/etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is in
use the .eli or .bde device will not exist at the time dumpon runs.
Even if this is addressed it does not make sense to dump core to
encrypted swap, as the encryption key will not be available after
reboot rendering the dump useless. Thus, for the case that dumpdev=AUTO
and encrypted swap is in use, strip the extension and use the underlying
device.
Emit a warning if we are using the underlying device and the user has not
configured dump encryption, so that the user knows that the will not be
encrypted.
PR: 238301
Reported by: Ivan Rozhuk
Reviewed by: jilles
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34474
- Use the standard *_flags variable for additional flags.
- Style: do not create unnecessary variables
- Do not set the defaults in the service script. This is what
/etc/defaults/rc.conf is for.
- Do not set additional flags via commands_args. ggated_flags are
already included in the final invocation. See rc.subr(8) for details.
- Document the meaning of ggated_config in /etc/defaults/rc.conf.
Approved by: eugen (src)
Fixes: c068632981 Add ggated rc script
Differential Revision: https://reviews.freebsd.org/D34439
When enabled, have the framework use the boottrace(8) utility to execute
each rc script, generating trace entries for the entire suite of
scripts.
Reviewed by: 0mp (slightly earlier version)
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D31930
Arno Tuber reported via email that he needed to restart the gssd daemon
after booting, to get his Kerberized NFS mount to work.
Without this patch, rcorder shows that the gssd starts before NETWORKING
and kdc. The gssd will need NETWORKING to connect to the KDC and, if
the kdc is running on the same system, it does not make sense to start it
before the kdc. This fixed the problem for Arno.
While here, I also added a "# BEFORE: mountcritremote".
It does not affect ordering at this time, but I felt
it should be added, since the gssd needs to be running
when remote NFS mounts are done.
PR: 261939
Reported by: anothatuber@gmail.com
Tested by: anothatuber@gmail.com
Reviewed by: rew
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34265
it seems that glibc supports them, and such spelling is mentioned in the
ld.bfd manual. Idea seems to auto-correct some quoting/makefile sytnax
errors on linker command line.
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D34247
NanoBSD or, more generally, systems with root_rw_mount="NO" are not able
to remove the firstboot_sentinel file, typically /firstboot, because the
logic in /etc/rc is currently inverted.
When checkyesno root_rw_mount tests on a read-only file system, the
return is 1, hence avoiding the option to mount the system read-write.
Restore the ability to remove the firstboot_sentinel file on read-only
mounted file systems.
This change was introduced in 40adda8665, and partially fixed in
1ce07411fa.
Differential Revision: https://reviews.freebsd.org/D34166
PR#254282 reports a problem where nullfs mounts cannot be
exported via mountd for FreeBSD 13.0.
The problem seems to be that, to do the nullfs mounts in
/etc/fstab, they require the "late" mount option, so that the
underlying filesystem is mounted (ZFS for the PR).
Adding "mountlate" to the REQUIRE list in /etc/rc.d/mountd
fixes the problem, but that results in a dependency cycle
because /etc/rc.d/lockd specifies:
REQUIRE: nfsd
BEFORE: DAEMON
--> which forces mountd to preceed DAEMON.
This patch removes "nfsd" from REQUIRE for lockd and statd,
then adds mountlate to REQUIRE for mountd, to fix this
problem. Having lockd REQUIRE nfsd was done in the NetBSD
code when it was pulled into FreeBSD and there does not
seem to be a need for this.
In case this causes problems, a long MFC has been specified.
PR: 254282
Differential Revision: https://reviews.freebsd.org/D33256
MFC after: 3 months
