Commit Graph

4436 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
d1bb0919f0 don't match packets other than IPv4 against divert rule.
divert supports only IPv4.

Reported by:	SAITOU Toshihide <toshi__at__ruby.ocn.ne.jp>
Discussed with:	suz
MFC after:	1 day
2005-11-18 02:23:59 +00:00
Yaroslav Tykhiy
fd9791c1ea Avoid invoking the current script again when we need
to issue sub-commands, e.g., restart = stop + start.
By calling run_rc_command instead, we provide rc.d
scripts with full control over their configuration
variables.

For an example problem the former approach caused, see
http://lists.freebsd.org/pipermail/freebsd-rc/2005-October/000311.html

Reviewed by:	freebsd-rc
Tested by:	Dirk Engling erdgeist <at> erdgeist.org
MFC after:	2 weeks
2005-11-16 10:45:19 +00:00
Ruslan Ermilov
ebd3cef10b Diff reduction to RELENG_6. 2005-11-16 07:24:31 +00:00
Maksim Yevmenkin
14dba5fc90 Revise hcsecd(8) and sdpd(8) rc.d scripts.
- Have both scripts automatically kldload ng_btsocket(4). I did not want to
  do it, but its easier for users and it seems other scripts do similar things;

- Assign few variables after load_rc_config, so the /etc/rc.conf overrides
  actually work;

MFC after:	1 week
2005-11-15 20:36:26 +00:00
Brooks Davis
cda39c0193 Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or
more IPv4 address from a ranged list in CIRD notation:

ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"

In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.

Submitted by:	Philipp Wuensche <cryx dash freebsd at h3q dot com>
2005-11-14 23:34:50 +00:00
Maksim Yevmenkin
e4638e53d8 Add section to start/stop Bluetooth USB devices (via ng_ubt(4))
Submitted by:	Panagiotis Astithas ( past at ebs dot gr )
Reviewed by:	brooks, imp
MFC after:	1 week
2005-11-12 03:42:56 +00:00
Ruslan Ermilov
0069d4d8b1 Traditionally expand tabs here. 2005-11-11 21:05:40 +00:00
Xin LI
d9276f685b Add dev/speaker into include/ tree 2005-11-11 17:38:10 +00:00
Maksim Yevmenkin
cdf98ad3e7 Start integrating Bluetooth into rc.d system.
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.

Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)

The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.

The bluetooth.device.conf(5) and handbook update will follow shortly.

Inspired by:	Panagiotis Astithas ( past at ebs dot gr )
Reviewed by:	brooks, yar
MFC after:	1 week
2005-11-10 19:09:22 +00:00
Ralf S. Engelschall
b89ad281dc Backout r1.11...
> >   There is no need to explicitly add "status" to $extra_commands in
> >   the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
> >   run_rc_command() because of the existing $pf_program.
> >
> >   Submitted by:   Christoph Schug <chris@schug.net>

...because as yar@ points out: "[...] you were relying on evil
side-effects of the variable being named *_program. hose side-effect
have been eliminated since rc.subr rev. 1.42. [...] The point is that
the default "status" method is for rc.d scripts that handle startup and
shutdown of conventional daemons, and not for custom tasks like the pf
case."

The change is still valid in RELENG_6 (and still doesn't have to be
backed out) as long as rc.subr:r1.42 is not MFC'ed to RELENG_6, too.
2005-11-10 10:40:15 +00:00
Robert Watson
f61914743d Fix minor white space nit introduced in 1.102: use spaces, not tabs. 2005-11-08 09:53:28 +00:00
Ralf S. Engelschall
9d14a9a235 There is no need to explicitly add "status" to $extra_commands in
the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
run_rc_command() because of the existing $pf_program.

Submitted by:	Christoph Schug <chris@schug.net>
MFC after:	1 week
2005-11-03 13:17:49 +00:00
Brooks Davis
a8e1134a6b Add items to unmount to the front of the list so they are unmounted in
reverse (thus allowing /conf to be unmounted).
2005-11-01 01:36:58 +00:00
Brooks Davis
ed5b9e57cd Switch from pax to tar for extracting cpio archives. pax requires a
writable /tmp (or TMPDIR) and thus is unsuitable for this job.

Tested by:	Joerg Pulz <Joerg dot Pulz at frm2 dot tum dot de>
PR:		conf/88293
2005-10-31 22:00:44 +00:00
Brooks Davis
1c3a359b41 The -x <format> option of pax is for creation of archives, not
extraction.

This will allow cpio archive support to work, at least in situations
where /tmp is writable.  Because pax requires a writable /tmp it is
unsuitable for this task, but replacing it will come in a later commit.

Submitted by:	Joerg Pulz <Joerg dot Pulz at frm2 dot tum dot de>
PR:		conf/88293
2005-10-31 21:07:14 +00:00
Yaroslav Tykhiy
82b765987d Transforming "ppp-user" into just "ppp", step 5:
Finally, delete the old, unfittingly named file "ppp-user".
2005-10-29 05:12:14 +00:00
Yaroslav Tykhiy
10b58447d5 Transforming "ppp-user" into just "ppp", step 4:
The legacy script "/etc/netstart" will start "ppp", not "ppp-user".
2005-10-29 05:08:00 +00:00
Yaroslav Tykhiy
66ba402cd0 Transforming "ppp-user" into just "ppp", step 3:
Install "ppp" (just repocopied) instead of "ppp-user".
2005-10-29 05:05:52 +00:00
Ruslan Ermilov
2ad08c56d8 Add some significant Ukrainian dates.
PR:		88076
Submitted by:	Andriy Gapon
2005-10-28 21:25:28 +00:00
Yaroslav Tykhiy
df19ed6a02 Use ${name} in pathnames where appropriate.
The sendmail script already was on this way,
but it didn't reach the end of it yet.
2005-10-28 16:55:38 +00:00
Yaroslav Tykhiy
b29890a328 Use:
command="/path/to/${name}"

since it's applicable here.  It's the current style of rc.d.

Pointed out by:	pjd
2005-10-28 16:10:56 +00:00
Yaroslav Tykhiy
23b50ea745 Transforming "ppp-user" into just "ppp", step 1:
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".

The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.

Discussed with: pjd, -rc
2005-10-28 16:07:52 +00:00
Yaroslav Tykhiy
6fa3ee6c30 Override $command with $foo_program only if $command
has been set in the first place.  This should reduce
unwanted side-effects in rc.d scripts that don't mean
to use $command and rc.subr(8) methods associated with
it at all.

Discussed with:	brooks
Reviewed by:	-rc (silence)
2005-10-26 04:32:31 +00:00
Yaroslav Tykhiy
5a3c72ce8f Document that `reload' is not provided by default
yet it can be enabled when applicable.
2005-10-26 04:12:34 +00:00
Maxim Konovalov
4b401243a4 o Grammar.
Submitted by:	Ulrich Spoerlein
MFC after:	1 week
2005-10-24 08:53:21 +00:00
Yaroslav Tykhiy
180e996dfc Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
2005-10-23 14:06:53 +00:00
Jung-uk Kim
c9ea633926 wpa_supplicant(8) requires -D option for ndis(4) now. 2005-10-19 22:26:47 +00:00
John Baldwin
2e169ae820 Allow the process name to be in square brackets ([]) in _find_processes().
PR:		conf/82430
Submitted by:	Pavel Volkov pol at iib dot ru
MFC after:	1 week
2005-10-17 19:01:53 +00:00
Ruslan Ermilov
84f59115ec Remove redundant include. 2005-10-14 15:26:23 +00:00
Pawel Jakub Dawidek
384c6482df First start rc.d/ipsec and then rc.d/mountcritremote, so we can mount
NFS file system over IPsec.

Suggested by:	Tomasz Pi³at <tomasz.pilat@axelspringer.pl>
2005-10-12 22:14:44 +00:00
Pawel Jakub Dawidek
a0b8a85fc6 setkey(8) was repo-copied from usr.sbin/ to sbin/.
This will allow for NFS mount of /usr over IPsec.

Discussed on:	arch@
2005-10-12 21:40:41 +00:00
Maksim Yevmenkin
b0d089b7f3 Connect rc.d scripts for the hcsecd(8) and sdpd(8) daemons to the build.
MFC after:	1 month
2005-10-12 00:45:58 +00:00
Maksim Yevmenkin
412d0f16d1 Add rc.d scripts for the hcsecd(8) and sdpd(8) daemons. Put defaults into
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.

MFC after:	1 month
2005-10-11 19:16:48 +00:00
Hajimu UMEMOTO
c837857210 stop RFC 4193 address on the outside interface.
MFC after:	1 day
2005-10-05 07:00:42 +00:00
Brooks Davis
721d95b6b2 Use more rc.subr bits to clean up pccard_ether and implement new
features.  Both the presence of a NOAUTO keyword and an interface being
up can be ignored is the forcestart option is used.  Additionally, a
restart option has been added.

Reviewed by:	ume
2005-10-03 18:20:44 +00:00
Scott Long
6fa40729c8 Add the lmcconfig tool for controlling the lmc driver. Add man pages and
glue.

Submitted by: David Boggs
2005-10-03 07:09:41 +00:00
Yaroslav Tykhiy
22124484e2 Use available rc.subr features.
Reduce code duplication.
Follow the current style of rc.d scripting.
2005-10-02 19:17:49 +00:00
Yaroslav Tykhiy
b3470f8c82 Record dependency on the newly introduced pfsync.
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)

Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.

Discussed with: mlaier on -pf
MFC after:	5 days
2005-10-02 19:12:42 +00:00
Yaroslav Tykhiy
c8a0dfab83 Add an rc.d script to start pfsync at the right moment of the
system boot, and hook it up in the system.

The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.

Discussed with:	mlaier on -pf
MFC after:	5 days
2005-10-02 18:59:02 +00:00
Yaroslav Tykhiy
932d1eb384 Use rc.subr(8) appropriately:
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
  (pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
  decorate them sufficiently.
2005-10-02 15:54:26 +00:00
Maxim Konovalov
8862edf857 o Remove unfinished code and make it possible to override
bsdextended_script from rc.conf(5):

Not objected by:	trhodes
2005-10-02 07:03:00 +00:00
Yaroslav Tykhiy
85a65c57e3 Fix the usage of rc_usage. The rc_usage function takes
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.
2005-10-01 20:58:03 +00:00
Yoshihiro Takahashi
4041bad612 Use hw.machine_arch instead of hw.machine. 2005-09-30 13:27:36 +00:00
Brooks Davis
94d785c84c Be less IPv4 centric. When checking if the interface is already
configured, check if the UP flag is set instead of checking for the
netmask keyword.
2005-09-28 19:59:18 +00:00
Yaroslav Tykhiy
eb03e6374a Make it a good-mannered rcNG script respectful to the command line. 2005-09-28 16:24:47 +00:00
Brooks Davis
e5cf486710 Don't print anything if we can't do any localpkg shutdown (start already
does this).

Submitted by:	Andre Albsmeier <Andre dot Albsmeier at siemens dot com>
PR:		conf/86606
2005-09-27 02:05:55 +00:00
Pawel Jakub Dawidek
9d503e9def Simplify the code by making use of 'kldstat -q -m <mod>'.
No objections from:	mlaier
2005-09-24 15:57:17 +00:00
Pawel Jakub Dawidek
bb13d7dc5e Simplify the code a bit by using newly added (to kldstat(8) '-q') option. 2005-09-23 23:53:35 +00:00
Garrett Wollman
09eec2276d If we're not installing OpenSSH in the base, don't install its startup
file either.  This clears the way for third-party SSH ports to install
an RCng startup script.
2005-09-23 16:54:09 +00:00
Robert Watson
1a51e01115 Add a new rc.conf entry, kerberos5_server_flags, which allows the
administrator to specify additional start-up flags to the Kerberos
5 Authentication Server.

MFC after:	3 days
2005-09-20 11:13:28 +00:00
Craig Rodrigues
c33f2417a1 In mountd_precmd(), use rc_args, not mountd_args to
override the value of mountd_args.  This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.

PR:		conf/86260
Submitted by:	Thierry Herbelot <thierry at herbelot dot com>
MFC after:	3 days
2005-09-18 17:04:26 +00:00
Robert Watson
8ed695309f Use sysctl -q when querying for kern.bootp_cookie in order to avoid
printing boot-time errors that don't reflect true error conditions.

MFC after:	1 week
2005-09-15 16:09:28 +00:00
Robert Watson
218fe3f1b0 Use kenv -q to extract dumpdev rather than kenv, in order to avoid
spamming the console in the event that a loader tunable 'dumpdev'
isn't defined, which is not a relevant failure to report.

MFC after:	1 week
2005-09-13 19:07:02 +00:00
Maxim Konovalov
17793b6ae5 A new version of rev. 1.4: postpone a temporary file creation
until we realize if ipfw(4) ever used.

PR:		bin/85970
Submitted by:	Andre Albsmeier
MFC after:	3 days
2005-09-11 14:29:58 +00:00
Peter Grehan
c3614b63a2 Comment out ofw_console 'screen' entry and zs tty entries.
The OpenFirmware console isn't used on real systems anymore and
I never get to multi-user mode in psim. There are problems with
zs that need to be resolved before these lines can be enabled.

This eliminates disconcerting warnings on boot.

MFC after:	2 days
2005-09-10 22:46:03 +00:00
Colin Percival
ff69e5b71e Teach portsnap how to ignore unwanted parts of the ports tree. A line
of the form "REFUSE foo" in portsnap.conf will result in parts of the
tree matching "^foo" being (a) not extracted by "portsnap extract", (b)
not updated by "portsnap update", and (c) not having any patches or new
ports downloaded by "portsnap fetch" or "portsnap cron". The example
shown in portsnap.conf demonstrates ignoring all the language categories.

As mentioned in portsnap.conf.5, the use of an imcomplete ports tree is
not officially supported; but this is something which many users have
requested, so I'm adding it anyway.

PR:		bin/85619 (but not the patch provided therein)
MFC after:	1 month
2005-09-06 19:28:37 +00:00
Doug Barton
9e8bc8bf11 In accordance with my intentions announced (and not objected to)
on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt)
which officially deprecates all usage of IP6.INT, remove the
reference to that zone from the example named.conf file.
2005-09-05 13:42:22 +00:00
Giorgos Keramidas
5340ff6caa Remove duplicate "at" from comment. 2005-09-04 21:57:23 +00:00
Brooks Davis
0e412a010b Actually block Ctrl-C (SIGINT=2).
Reported by:	sam
Pointy hat to:	brooks
2005-09-02 18:30:16 +00:00
Brooks Davis
2b32284f18 - Alwasy explicitly bring the interface up before configuring it.
- If an interface's ifconfig_<ifn> is set, but empty, don't set it to
   ifconfig_DEFAULT.  This way interfaces can be disabled even in the
   presence of ifconfig_DEFAULT.
 - When listing interfaces and network_interfaces=auto, place lo0 first
   if it's around.
2005-09-02 17:11:13 +00:00
Brooks Davis
1f1525c556 Block SIGQUIT (Ctrl-C) while running in startup mode. This should allow
dhclient's to be killed without stopping all boot progress.

Minor cleanup of the interface list generation code.
2005-09-02 17:05:07 +00:00
Giorgos Keramidas
67f2d71f40 Add a short description of how a literal colon ':' can be inlined in the
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.

Triggered by:	a question by Ceri on -questions
2005-08-31 15:02:11 +00:00
Gleb Smirnoff
fcb3c1b182 Fix braino in last commit. Print nothing if ipfw(4) is not present. 2005-08-31 08:31:14 +00:00
Gregory Neil Shapiro
125ffad4f8 Be sure to execute sendmail_precmd() to check sendmail.cf conflicts and
rebuild the aliases file if necessary.

PR:		conf/72910
Submitted by:	matteo@
MFC after:	3 days
2005-08-30 03:41:59 +00:00
Bruce A. Mah
9bfd3af7d0 Fix minor typo in a comment. 2005-08-28 18:48:04 +00:00
Warner Losh
652729a4d5 Allow one to override the endian flags for make distribution. This
can be useful for when you know that you are doing something that
won't work with the standard settings and different settings are more
appropriate.
	This allows 5.3 tools to build a 6.x userland when these
	values are set to null.
2005-08-26 18:54:06 +00:00
Brooks Davis
815e43db38 Support ifconfig_<ifn> variables containing quoted variables with spaces
in them by wrapping the ifconfig command with eval "...".

For example, this allows:

ifconfig_iwi0="DHCP ssid 'foo bar baz'"
2005-08-26 04:06:17 +00:00
Yaroslav Tykhiy
4986c6d8e2 Stop hard-coding an -M flag to mdmfs(8) in /etc/rc.subr.
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags.  The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.

Submitted by:	marck
MFC after:	3 days
2005-08-24 16:25:47 +00:00
Brooks Davis
41f7ee42ae - Remove the removable_interfaces variable. /etc/pccard_ether will
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
  of an interface at boot or via /etc/pccard_ether.  This allows
  /etc/rc.d/netif to be used to start and stop an interface on a purely
  manual basis.  The decision to affect pccard_ether may be revisited at
  a later date.

Requested by:	imp, gallatin (removable_interfaces)
Discussed with:	sam, Randy Bush (NOAUTO)
2005-08-24 01:23:49 +00:00
Colin Percival
d7883da19f When looking for new lines in diff output, grep for '^[>+]' instead of
'^>', in order to catch both normal and unified diffs.

Problem reported by:	volker at vwsoft dot com via -stable
MFC after:	3 days
2005-08-22 09:33:36 +00:00
Gleb Smirnoff
07d6ed30ec - Correctly parse output, when logging amount is limited in the
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
  their own log limits.

PR:		conf/77929
Submitted by:	Andriy Gapon [1]
Reviewed by:	matteo
2005-08-20 09:41:49 +00:00
Brooks Davis
13b302a79f Add two new template sources, /conf/bcast/${ipbca} and /conf/ip/${ip}.
These allow large installations to keep their /conf directory down to a
managable number of entries.

Clean up the handling of dhcp_cookie.
2005-08-17 00:28:38 +00:00
Pawel Jakub Dawidek
adf98e7afa Fix (/usr could not be mounted yet, so there is no grep(1) available) and
simplify checking for g_eli module.

MFC after:	3 days
2005-08-14 22:16:34 +00:00
Pawel Jakub Dawidek
893cdb3d34 Connect geli and geli2 ro the build.
MFC after:	3 days
2005-08-14 18:25:35 +00:00
Pawel Jakub Dawidek
b12cfed25c Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
             detach on last close.

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	3 days
2005-08-14 18:02:22 +00:00
Pawel Jakub Dawidek
b3d1f1fce9 Move 'local_tr' function to rc.subr and change its name to 'ltr'.
MFC after:	3 days
2005-08-14 17:28:15 +00:00
Colin Percival
6fb01948ee Add portsnap to the base system. This is a secure, easy to use,
fast, lightweight, and generally good way for users to keep their
ports trees up to date.

This is version 0.9.4 from the ports tree (sysutils/portsnap) with
the following changes:
1. The experimental pipelined http code is enabled.  No seatbelts
in -CURRENT. (^_^)
2. The working directory has moved from /usr/local/portsnap to
/var/db/portsnap (as discussed on -arch two days ago).
3. Portsnap now fetches a list of mirrors (distributed as DNS SRV
records) and selects one randomly.  This should help to avoid the
uneven loading which plagues the cvsup mirror network.
4. The license is now 2-clause BSD instead of 3-clause BSD.
5. Various incidental changes to make portsnap fit into the base
system's build mechanics.

X-MFC-After:    6.0-RELEASE
X-MFC-Before:   5.5-RELEASE
X-MFC-To:       RELENG_6, RELENG_5, ports
discussed on:   -arch and several other places
"yes please" from:      simon, remko, flz, Diane Bruce
thinks this is a great idea:    bsdimp
Hopes he didn't forget any files:       cperciva
2005-08-08 20:10:06 +00:00
Pawel Jakub Dawidek
2069c3305d Back-out previous commit - we need to skip logging socket when we start a
jail and external syslogd is listening in jail's chroot.

Pointed out by:	csjp

While here, skip also "logpriv" socket.
2005-08-08 09:46:09 +00:00
Pawel Jakub Dawidek
5b3e518936 Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.

It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).

MFC after:	1 week
2005-08-07 23:19:02 +00:00
Pawel Jakub Dawidek
ea16133887 We don't need to skip /var/run/log socket, as syslogd is always started
after rc.d/cleanvar. And if we wanted to skip /var/run/log we still needed
to skip /var/run/logpriv, which wasn't implemented.
2005-08-07 23:10:32 +00:00
Pawel Jakub Dawidek
4558bd977d Allow to give more than one jail's name, eg.:
# /etc/rc.d/jail start www mail

MFC after:	3 days
2005-08-07 22:38:41 +00:00
Pawel Jakub Dawidek
49ad116fcc Teach rc.d/encswap script how to use geli(8) for swap encryption.
MFC after:	3 days
2005-08-05 23:38:51 +00:00
Pawel Jakub Dawidek
e816acc79b gbde_swap has been repo-copied to encswap.
Repo-copy made by:	markm
2005-08-05 21:23:08 +00:00
Pawel Jakub Dawidek
39f1497151 Remove gbde_swap_enable option which doesn't work and doesn't really have to
work, as one still needs to put <device>.bde into /etc/fstab.
2005-08-04 08:19:13 +00:00
Sam Leffler
491e9810c0 eliminate the regex used to match ethernet and 802.11 devices;
instead use the interface's media-type

Reviewed by:	imp
MFC after:	1 week
2005-08-02 18:28:31 +00:00
Warner Losh
73ca9658a6 Add a couple of missing nic interfaces that have been added: iwi, ipw,
ral and ural.  Add a comment about this regexp being lame, which
should shock no-one.  Add a comment about why rescans are disabled on scsi
cards.
2005-07-28 03:51:54 +00:00
Pawel Jakub Dawidek
e33ed6289e Forgot to add this change when commiting geli.
Reported by:	cperciva
2005-07-28 00:53:47 +00:00
Brooks Davis
ffbf77eb49 Silence the de-bouncing of dhclient start up. The previous output
caused significant mental anguish for some portions of the user
population. :)
2005-07-26 00:37:19 +00:00
Ruslan Ermilov
1ede9a7d0e Require that DESTDIR be set before running "make distribution". 2005-07-22 10:35:35 +00:00
David E. O'Brien
a38c1f6ce8 This depends on syslogd due to logger(1). 2005-07-22 00:57:37 +00:00
David E. O'Brien
aaacd70897 Embellish the dependency lists - this script depends having awk(1),
and it needs syslogd due to using logger(1).
Have it run as early as possible to save battery power for laptop users.
2005-07-22 00:57:04 +00:00
David E. O'Brien
e8e92a219f Minor comment re-alignment. 2005-07-22 00:38:55 +00:00
Pav Lucistnik
0da71daba6 - Mention special behaviour of init(8) when kern_securelevel="0"
Suggested by:	Miroslav Lachman <000.fbsd@quip.cz>
Approved by:	cperciva (src hat)
2005-07-21 15:17:54 +00:00
Ruslan Ermilov
6537491231 Pass -i to pwd_mkdb(8) to ignore locking failures. This can be useful
for NFS installing world/kernel to another machine.
2005-07-15 14:52:29 +00:00
Peter Grehan
f16eb1e821 Remove obsolete ttya/ttyb entries and replace with ttyy0/1.
Mark origin of ofw_console(4) and zs(4) devices.

MFC after:  3 days
2005-07-14 07:08:49 +00:00
Jung-uk Kim
c687e6de5b `net.inet.ipf.fr_running' can be a negative value, which was introduced by
recent ipfilter import.

Approved by:	re (scottl), anholt (mentor)
2005-07-07 05:59:44 +00:00
Brooks Davis
1985a13e74 Remove REQUIRE and BEFORE lines since this script is not run by rcorder
at startup.  Instead it is called by other scripts.

Approved by:	re (network interface startup blanket)
2005-06-30 17:50:34 +00:00
Brooks Davis
7657f59596 - Remove the pccard_ifconfig variable in favor of a new
ifconfig_DEFAULT variable.  Unlike pccard_ifconfig, ifconfig_DEFAULT
   applies to all interfaces that do not specify an ifconfig_<ifn>
   variable rather than just those listed in removable_interfaces.
 - Correct the list of interfaces when network_interfaces and
   removable_interfaces are both set by including removable_interfaces
   in the list of canidates.
 - When listing dhcp interfaces, include those with other ifconfig
   options so nat works.

Approved by:	re (network interface startup blanket)
2005-06-30 05:02:34 +00:00
Brooks Davis
a7e55c1e77 Add support for starting wpa_supplicant by adding the WPA keyword to an
interface's ifconfig_<ifn> entry in /etc/rc.conf.

Approved by:	re (network interface startup blanket)
2005-06-30 04:52:47 +00:00
Brooks Davis
d3a260999d When interfaces are given on the command line, don't attempt to filter
them.  Just try to run the given command on them.  We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.

Approved by:	re (interface startup blanket)
2005-06-30 04:46:21 +00:00
Pawel Jakub Dawidek
7db9a6fcd1 Introduce new per-jail variable jail_<name>_flags, which allows to specify
jail(8) flags (before the change we had hardcoded "-l -U root").

Submitted by:	Frank Behrens <frank@pinky.sax.de>
PR:		conf/80244
Approved by:	re (scottl)
MFC after:	1 week
2005-06-26 16:30:20 +00:00
Dima Dorfman
b5f6d74386 Unbreak the ipfilter_loaded function. There doesn't seem to be a way
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.

Approved by:	re (dwhite)
2005-06-21 09:39:09 +00:00
Brooks Davis
d873676af6 Make sure we actually read the config files before testing values from
them.

Reported by:	Darren Pilgrim <dmp at bitfreak dot org>
PR:		conf/82313
Approved by:	re (network interface startup blanket)
2005-06-16 18:08:04 +00:00
Dejan Lesjak
f44873531a Move couple of directories out of mtree and into their respective
ports. This mtree now specifies basic structure of X11BASE, similarly
to BSD.local.dist.

No objections on: freebsd-x11@
Approved by:	re (dwhite), portmgr
2005-06-15 02:27:41 +00:00
Gregory Neil Shapiro
18e370c342 Use new OSTYPE(freebsd6).
Approved by:	re (scottl)
Requested by:	keramida
2005-06-14 02:25:17 +00:00
Marius Strobl
9a472268c8 - In preparation to turning syscons(4) etc. on by default in the sparc64
GENERIC comment in ttyN.
- Add the name of the device driver creating the device nodes above the
  respectives blocks so it's easier for user to find the right entry to
  shut up warnings from getty(8). Replace 'Requires device 'uart' be
  enabled.' with just 'uart(4)' as the former referred to a sparc64
  GENERIC back when uart(4) wasn't enabled by default, yet.
- Turn off the getty(8) on screen as screen is created by ofw_console(4)
  which is no longer enabled in the sparc64 GENERIC (and also only is a
  last resort) to shut up warnings from getty(8) with the current GENERIC.
2005-06-10 23:06:14 +00:00
Jacques Vidrine
a8e0b2e8ab Remove rexecd(8), a server that implements a particularly insecure
method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
2005-06-10 20:52:36 +00:00
Andrey A. Chernov
8c31c2a9db Back out "rw" locale addition for reason unknown to me (forced by portmgr) 2005-06-10 20:14:38 +00:00
Andrey A. Chernov
e5cc8496e3 Add locale/rw 2005-06-10 11:24:30 +00:00
Joseph Koshy
f263522a45 MFP4:
- Implement sampling modes and logging support in hwpmc(4).

- Separate MI and MD parts of hwpmc(4) and allow sharing of
  PMC implementations across different architectures.
  Add support for P4 (EMT64) style PMCs to the amd64 code.

- New pmcstat(8) options: -E (exit time counts) -W (counts
  every context switch), -R (print log file).

- pmc(3) API changes, improve our ability to keep ABI compatibility
  in the future.  Add more 'alias' names for commonly used events.

- bug fixes & documentation.
2005-06-09 19:45:09 +00:00
Brooks Davis
1e03bb0312 Remove default and documenation for pccard_ether_delay since I removed
it from /etc/pccard_ether.

Submitted by:	Jeremie Le Hen <jeremie at le-hen dot org>
2005-06-08 00:05:58 +00:00
Brooks Davis
cbac4adce6 Fix return values of ifconfig_up/down.
Reported by:	Andrea Campi
2005-06-07 23:59:45 +00:00
Dag-Erling Smørgrav
cad530b9d3 Change the default for dumpdev to "AUTO". It should be reverted to "NO"
on RELENG_* branches.
2005-06-07 15:22:08 +00:00
Dag-Erling Smørgrav
f07bf52735 Honor the "dumpdev" kenv variable if it is set and the "dumpdev" rc
variable is set to "AUTO".

MFC after:	2 weeks
2005-06-07 15:20:10 +00:00
Brooks Davis
8e9e71f817 Support code for the OpenBSD dhclient. This significantly changes the
way interfaces are configured.  Some key points:

  - At startup, all interfaces are configured through /etc/rc.d/netif.
  - ifconfig_<if> variables my now mix real ifconfig commands the with
    DHCP and WPA directives.  For example, this allows media
    configuration prior to running dhclient.
  - /etc/rc.d/dhclient is not run at startup except by netif to start
    dhclient on specific interfaces.
  - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
    it's work.
  - /etc/pccard_ether no longer takes additional arguments to pass to
    ifconfig.  Instead, ifconfig_<if> variables are now honored in favor
    of pccard_ifconfig when available.
  - /etc/pccard_ether will only run on interfaces specified in
    removable_interfaces, even if pccard_ifconfig is set.
2005-06-07 04:49:12 +00:00
Maxim Konovalov
8cdcfdf3ab Finish adding _dhcp user. 2005-06-07 03:41:20 +00:00
Brooks Davis
7217408a65 Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00
David E. O'Brien
737840187b Remove RCng files that were brought in from NetBSD, but we ended up not
using them (or did and no longer do).
2005-06-06 02:51:26 +00:00
Marius Strobl
91ee05e122 Add esp(4) to scsi-controller-regex.
MFC after:	1 month
2005-06-04 21:05:37 +00:00
Robert Watson
c64e9e6833 Add /etc/security, into which the BSM audit configuration files will be
installed.  This is the same directory as found on Solaris.

NB: In FreeBSD 4.x and earlier, a script (file) named /etc/security
exists.  Does mergemaster need to be taught how to replace a file with
a directory?

Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2005-05-30 20:51:13 +00:00
Robert Watson
19fb720da7 Add /usr/include/bsm to mtree creation set.
Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2005-05-29 16:18:29 +00:00
Maxim Sobolev
61a20ce696 Add cdce(4) into the list of ethernet interfaces. 2005-05-23 16:23:28 +00:00
Pawel Jakub Dawidek
8f5aed3be4 We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
2005-05-23 12:25:33 +00:00
Jens Schweikhardt
e67132b9ed Style: mostly tabs vs blanks, and semicolon placement. 2005-05-22 16:22:23 +00:00
Joe Marcus Clarke
0749600611 Add libdata/pkgconfig. It is used under ${LOCALBASE} as much (if not more)
than under ${X11BASE}.

Discussed with:	portmgr
MFC after:	1 day
2005-05-13 04:06:04 +00:00
Brian Somers
709acd0300 Run /etc/rc.d/syscons restart when a usb keyboard is attached so that the
keymap and other settings are correct.
2005-05-11 10:24:20 +00:00
Christian S.J. Peron
115005468b Do not unconditionally mount devfs to ${jail_devdir}/dev. First check
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.

Discussed with:	pjd
MFC after:	1 week
2005-04-30 00:16:00 +00:00
Brooks Davis
2af94c5d1d To allow /etc to be as minimal as possible in a diskless setup, we need
to run initdiskless before we run rcorder on /etc/rc.d.  To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.

Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.

Discussed on:	freebsd-rc
Repocopy by:	peter
2005-04-29 23:02:56 +00:00
Dag-Erling Smørgrav
394fc87351 X logins should be recorded in lastlog / wtmp / utmp. I have no idea why
this wasn't there already...  it makes much more sense this way.

MFC after:	2 weeks
2005-04-28 07:59:09 +00:00
Doug Barton
65db76c1aa Add -h to the ln command to make the -f flag actually do something.
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.

The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
2005-04-24 01:51:22 +00:00
Gleb Smirnoff
8d6e44f80f Add startup script and default configuration file for bsnmpd.
Reviewed by:	harti
2005-04-17 10:47:58 +00:00
Christian S.J. Peron
99a6b61d70 Do not remove logging sockets. This fixes an issue where logging
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).

Discussed with:	pjd, green, cperciva
MFC after:	1 week
2005-04-14 03:56:06 +00:00
Thomas Quinot
a5562a139a Document that dumpdev may be set to AUTO to dump to the first appropriate
swap device listed in /etc/fstab.
2005-04-12 15:21:51 +00:00
Doug Barton
f297a20e30 The alternative suggested for /entropy as a shutdown
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.

In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.

PR:		conf/75722
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
2005-04-11 02:45:05 +00:00
Nate Lawson
0a133d67f3 Set CPU speed to 100% in acpi_throttle attach. This is needed for some
systems that boot with this value at the lowest setting.  Change the
default boot config back to "leave frequency as BIOS set it".  Also, fix
buglet where acpi_throttle wouldn't be used if p4tcc was present but
disabled by the user.

MFC after:	1 week
2005-04-10 20:04:30 +00:00
David E. O'Brien
623720bd03 'dumpon' can run before 'initrandom' so make it.
This gives a better chance of debugging /dev/random related panics.
2005-04-05 18:59:24 +00:00
Sean Chittenden
47accd603c When reloading rules via rc.d/pf, flush everything but existing state
entries that way when rules are read in, it doesn't break established
connections.

Approved by:	mlaier
Reviewed by:	rc
MFC after:	3 weeks
2005-04-04 23:06:10 +00:00
Nate Lawson
c2137e57f5 Instead of leaving the current frequency setting at whatever the BIOS set
on boot, force it to HIGH.  This is needed for some systems which appear
to boot with a low acpi_throttle setting by default.  Thanks to Christian
Brueffer for tracking this down on his system.

MFC after:	1 day
2005-04-03 21:45:20 +00:00
Tom Rhodes
bfd02b7da8 Add a ugidfw_load() function and fix up some of the scripting in this file.
This will allow better integration with the ports system.

Submitted by:	clement
2005-04-02 00:01:03 +00:00
Ruslan Ermilov
8aad57438b Purge orphan catpages.
PR:		conf/35242
Submitted by:	Annihilator <annihilator.c@usa.net>
2005-03-30 18:02:49 +00:00
Colin Percival
c0be525bed netstart is now obsoleted by /etc/rc.d/*, not by /etc/rc.network.
Reported by:	Martin Jakob, on freebsd-stable@
MFC after:	1 month
2005-03-26 20:10:24 +00:00
Kirill Ponomarev
910329da1d Add mt locale directory, since more and more ports create and use it.
Approved by:	kris
MFC after:	3 days
2005-03-22 18:29:41 +00:00
Nate Lawson
8971569ca1 Remove the 'usbd' keyword (it isn't necessary for mixer). Also, use
BEFORE instead of REQUIRE.

Probably ok by:	jhb
MFC after:	3 days
2005-03-17 22:36:16 +00:00
Ruslan Ermilov
3e1631ce0a Start natd(8) before loading firewall rules, to give the
ipdivert.ko module a chance to load.
2005-03-16 08:47:48 +00:00
Doug Barton
1a2980c6c7 Unhook the recently departed lomac file from the build.
Forgotten by:	trhodes (the real one)
2005-03-13 08:07:11 +00:00
Tom Rhodes
a7efb70ebd Remove mac_lomac(4) functionality. The proper way is to use loader.conf
or build the policy into a kernel.

Approved by:	rwatson
2005-03-12 21:09:15 +00:00
Gleb Smirnoff
9091954535 Fix a terrible braino in last commit. Put kern.debug back to /var/log/messages
and do exactly what last commit message described.
2005-03-12 12:31:16 +00:00
David E. O'Brien
2a907aec6b Be consistent about the serial line terminal type.
CVS ----------------------------------------------------------------------
2005-03-09 03:57:08 +00:00
Ruslan Ermilov
08f8440ba4 New Ukrainian locale: uk_UA.CP1251.
Submitted by:	Alexander Peresunko
2005-03-04 14:24:30 +00:00
Brooks Davis
bed34fbfb6 It is sufficent to require rcconf rather than initdiskless. 2005-03-02 19:03:08 +00:00