Commit Graph

1264 Commits

Author SHA1 Message Date
Colin Percival
cabad26453 Add support for "first boot" rc.d scripts. [1]
These scripts, containing
# KEYWORD: firstboot
will only be run if a sentinel file (default: /firstboot, configurable
via the rc.conf ${firstboot_sentinel} variable) exists; this sentinel
file will be deleted at the end of the boot process.

Scripts can request that the system reboot after the first boot by
creating the file ${firstboot_sentinel}-reboot.

This functionality is expected to be useful for embedded systems and
virtual machine images, where it may be desirable to
(a) download and install updates which became available between when
the image was created and when it was "turned on";
(b) download and install packages which may be newer than those
which were available when the image was created;
(c) install packages which run binaries during their install process,
bypassing the problem of cross-architecture installs;
(d) resize filesystems to match the disk onto which a VM image was
installed;
(e) perform initialization tasks relevant to cloud systems (e.g.,
Amazon's Elastic Compute Cloud);
and likely to perform many other one-time initialization functions.

Document this new functionality in rc.conf(5) and rc(8). [2]

Reviewed by:	freebsd-current, freebsd-rc [1]
Reviewed by:	Warren Block [2]
MFC after:	3 days
2013-10-19 21:37:06 +00:00
Hiroki Sato
fbd868c9d8 - Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs.  The mount happens just after
  mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
  fails to start.

Approved by:	re (gjb)
2013-10-12 17:27:59 +00:00
Rui Paulo
ec0e2ac611 Remove most of the ATF tools and the _atf user.
This is necessary because ATF is deprecated and it will be replaced by Kyua.

Submitted by:	jmmv@netbsd.org
Reviewed by:	Garrett Cooper
Approved by:	re
2013-10-12 06:06:53 +00:00
Hiroki Sato
84b354cb9a - Update rc.d/jail to use a jail(8) configuration file instead of
command line options.  The "jail_<jname>_*" rc.conf(5) variables for
  per-jail configuration are automatically converted to
  /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
  This is transparently backward compatible.

- Fix a minor bug in jail(8) which prevented it from returning false
  when jail -r failed.

Approved by:	re (glebius)
2013-10-10 09:32:27 +00:00
Glen Barber
c9fc60beee Revert r256095, r256120 (partial), r256121:
r256095:
 - Add gnu/usr.bin/rcs back to the base system.

r256120:
 - Add WITHOUT_RCS back to src.conf.5.

r256121:
 - Remove UPDATING entry regarding gnu/usr.bin/rcs removal.

Requested by:	many
Approved by:	re (marius)
Discussed with:	core
2013-10-09 17:07:20 +00:00
Eitan Adler
18bb1b08e5 This regenerates src.conf.5 for both the RCS removal as well as r255784.
Approved by:	re (glebius)
2013-10-07 19:22:53 +00:00
Joel Dahl
89898f63c2 mdoc: remove EOL whitespace.
Approved by:	re (blanket)
2013-10-04 16:44:24 +00:00
Sergey Kandaurov
05d98029e9 Sweep man pages replacing ad -> ada.
Approved by:	re (blackend)
MFC after:	1 week
X-MFC note:	stable/9 only
2013-10-01 18:41:53 +00:00
Ed Maste
2e845e0d0a Regen.
Approved by:	re (implicit)
2013-10-01 17:46:04 +00:00
Dag-Erling Smørgrav
744f86ec15 Regenerate.
Approved by:	re (gjb)
2013-09-30 17:40:39 +00:00
Dag-Erling Smørgrav
e7145502e1 Regenerate.
Approved by:	re (blanket)
2013-09-24 14:46:10 +00:00
Dag-Erling Smørgrav
49cede74ee Add a setup script for unbound(8) called local-unbound-setup. It
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf.  The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost.  Alternatively, a list of forwarders can be provided on the
command line.

To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks.  We should consider doing
the same for "status", which is currently pointless.

Add an rc script for unbound, called local_unbound.  If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.

Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound.  This is necessary so that
unbound can reload its configuration while chrooted.  We should
probably provide symlinks in /etc.

Approved by:	re (blanket)
2013-09-23 04:36:51 +00:00
Dag-Erling Smørgrav
8182b3bee1 Make the directory mapping functionality, which was previously only
available in 32-bit compatibility mode, unconditional.

Overhaul the man page, which had evolved more by accretion than by design.

Approved by:	re (gjb)
MFC after:	3 weeks
2013-09-21 21:03:52 +00:00
Ed Maste
2789c11117 Regenerate after addition of WITH_LLDB
Approved by: re (blanket)
2013-09-20 01:55:37 +00:00
Joel Dahl
79ce8a649b mdoc: sort SEE ALSO.
Approved by:	re (blanket)
2013-09-18 04:44:54 +00:00
Hiroki Sato
9d52c5eaec Add EXAMPLES section to explain the format of fstab(5).
Approved by:	re (marius)
Reviewed by:	wblock
2013-09-17 20:25:29 +00:00
Hiroki Sato
4e62a1443a Remove description "ifconfig_IF_aliasN is deprecated". While this
sentence was added in 2005, many users still need it.

Approved by:	re (gjb)
PR:		docs/162354
2013-09-17 20:20:04 +00:00
Dag-Erling Smørgrav
75e60c005a Regnerate.
Approved by:	re (blanket)
2013-09-15 15:23:50 +00:00
Glen Barber
b11797ad2f Do not install freebsd-update.conf.5 manual if WITHOUT_FREEBSD_UPDATE is
set.

MFC after:	3 days
Approved by:	re (delphij)
Sponsored by:	The FreeBSD Foundation
2013-09-13 03:39:19 +00:00
Niclas Zeising
26c4cc026d Regenerate after unhooking gcc/g++ from the default build for some arches. 2013-09-06 20:51:15 +00:00
Jeremie Le Hen
f1ed02fabd Since r254974, periodic scripts' period can be configured
independently.  There is no reason to leave their options
with the daily ones, so move them to their own section.
2013-09-03 07:51:06 +00:00
Antoine Brodin
b9aa88b0c1 Fix after r255014 2013-08-29 15:58:20 +00:00
Joel Dahl
99e27a7806 mdoc fix 2013-08-28 05:12:29 +00:00
Niclas Zeising
969fe8f052 Really regen after r254962.
This removes the WITH_BSDCONFIG description alltogether, since this option
is removed.
At the same time, fix the WITHOUT_LIBCPLUSPLUS option that had gotten
inverted.
2013-08-27 23:30:02 +00:00
Jeremie Le Hen
69b55c23cb Make the period of each periodic security script configurable.
There are now six additional variables
  weekly_status_security_enable
  weekly_status_security_inline
  weekly_status_security_output
  monthly_status_security_enable
  monthly_status_security_inline
  monthly_status_security_output
alongside their existing daily counterparts.  They all have the same
default values.

All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.

"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script.  The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".

Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.

When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
  myfbsd security run output ->  myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.

Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section.  I left them in
place for this commit to make reviewing easier.

Reviewed by:	hackers@
2013-08-27 21:20:28 +00:00
Devin Teske
a5aa00fbae Formally remove WITH_BSDCONFIG build option and re-generate src.conf.5
NOTE: Should have been inline with revisions 252862 and 254958.
2013-08-27 16:30:50 +00:00
Antoine Brodin
8aad3f600b Regenerate src.conf.5 2013-08-26 17:18:21 +00:00
Hiroki Sato
7dce7544fc - Reimplement $gif_interfaces as a variant of $cloned_interfaces.
Newly-configured systems should use $cloned_interfaces.

- Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}.
  ifnet_rename() now accepts an interface name list as its argument.

- Add rc.d/netif clear.  The "clear" subcommand is basically equivalent to
  "stop" but it does not call clone_down().

- Add "ifname:sticky" keyword into $cloned_interfaces.  If :sticky is
  specified, the interface will not be destroyed in rc.d/netif stop.

- Add cloned_interfaces_sticky={YES,NO}.  This variable globally sets
  :sticky keyword above for all interfaces.  The default value is NO.
  When cloned_interfaces_sticky=YES, :nosticky keyword can be used to
  override it on per interface basis.
2013-08-04 06:36:17 +00:00
Andrew Turner
e1f38054f5 Regen. 2013-07-16 19:20:50 +00:00
Hiroki Sato
a78deafaaa Document options for .eli devices.
Submitted by:	ADAM David Alan Martin
2013-07-15 03:50:14 +00:00
Baptiste Daroussin
13f6fdf210 Regenerate src.conf(5) after changing WITHOUT_PKGTOOLS to WITH_PKGTOOLS 2013-07-12 23:12:37 +00:00
Glen Barber
d87953e418 Document that a literal jail name of 0 (zero) is not allowed.
PR:		174436
Submitted by:	Robert Schulze
Reviewed by:	mjg
MFC after:	3 days
2013-07-12 22:02:11 +00:00
Hiroki Sato
6b577129ab Remove $swapfile and $geli_swap_flags. 2013-07-09 07:57:10 +00:00
Niclas Zeising
82fbf0f6ea Revert previous revision, local change that accidentally snuck in. 2013-07-03 12:58:53 +00:00
Niclas Zeising
5b694ac5db Regenerate after r252561
PR:		docs/180025
Submitted by:	Garrett Cooper <yaneurabeya@gmail.com>
2013-07-03 12:53:06 +00:00
Joel Dahl
a9ca77e055 mdoc: remove EOL whitespace. 2013-06-29 16:05:44 +00:00
Hiroki Sato
268a55bc98 - Add vnode-backed swap space specification support. This is enabled when
device names "md" or "md[0-9]*" and a "file" option are specified in
  /etc/fstab like this:

  md    none    swap    sw,file=/swap.bin       0       0

- Add GBDE/GELI encrypted swap space specification support, which
  rc.d/encswap supported.  The /etc/fstab lines are like the following:

  /dev/ada1p1.bde       none    swap    sw      0       0
  /dev/ada1p2.eli       none    swap    sw      0       0

  .eli devices accepts aalgo, ealgo, keylen, and sectorsize as options.

  swapctl(8) can understand an encrypted device in the command line
  like this:

  # swapctl -a /dev/ada2p1.bde

- "-L" flag is added to support "late" option to defer swapon until
  rc.d/mountlate runs.

- rc.d script change:

    rc.d/encswap -> removed
    rc.d/addswap -> just display a warning message if $swapfile is defined
    rc.d/swap1 -> renamed to rc.d/swap
    rc.d/swaplate -> newly added to support "late" option

These changes alleviate a race condition between device creation/removal
and swapon/swapoff.

MFC after:	1 week
Reviewed by:	wblock (manual page)
2013-06-27 18:28:45 +00:00
Rui Paulo
47ccafd283 Document ifconfig_wlanX="HOSTAP" 2013-06-26 04:33:32 +00:00
Hiroki Sato
740b713999 - Add CIDR notation support like 192.168.1-2.10-16/24 to $ifconfig_IF_aliasN.
This is an extended version of ipv4_addr_IF which supports both IPv4 and
  IPv6, and multiple range specifications.  To avoid to generate too many
  addresses, the maximum number of the generated addresses is currently
  limited to 31.

- Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable.

- ipv6_prefix_IF now supports !/64 prefix length.  In addition to the old
  64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64
  is supported.

- Replace ifconfig command with $IFCONFIG_CMD variable to support
  a dry-run mode in the future.

- Remove IP aliases before removing all of IPv4 addresses when doing
  "rc.d/netif down".

- Add a DAD wait to network6_getladdr() because it is possible to fail to
  configure an EUI64 address when ipv6_prefix_IF is specified.

A summary of the supported ifconfig_* variables is as follows:

 # IPv4 configuration.
 ifconfig_em0="inet 192.168.0.1"
 # IPv6 configuration.
 ifconfig_em0_ipv6="inet6 2001:db8::1/64"
 # IPv4 address range spec.  Now deprecated.
 ipv4_addr_em0="10.2.1.1-10"
 # IPv6 alias.
 ifconfig_em0_alias0="inet6 2001:db8:5::1 prefixlen 70"
 # IPv4 alias.
 ifconfig_em0_alias1="inet 10.2.2.1/24"
 # IPv4 alias with range spec w/o AF keyword (backward compat).
 ifconfig_em0_alias2="10.3.1.1-10/32"
 # IPv6 alias with range spec.
 ifconfig_em0_alias3="inet6 2001:db8:20-2f::1/64"
 # ifconfig_IF_aliases is just like ifconfig_IF_aliasN.
 ifconfig_em0_aliases="inet 10.3.3.201-204/24 inet6 2001:db8:210-213::1/64 inet 10.1.1.1/24"
 # IPv6 alias (backward compat)
 ipv6_ifconfig_em0_alias0="inet6 2001:db8:f::1/64"
 # IPv6 alias w/o AF keyword (backward compat)
 ipv6_ifconfig_em0_alias1="2001:db8:f:1::1/64"
 # IPv6 prefix.
 ipv6_prefix_em0="2001:db8::/64"

Tested by:	Kimmo Paasiala
2013-06-20 02:29:49 +00:00
Niclas Zeising
4ddfbec06c Fix the libc++ option.
This somehow got reverted when this was updated after the CVS removal.
2013-06-16 20:51:44 +00:00
Eitan Adler
8ed396853b Regenerate after CVS removal (and it seems other missed changes) 2013-06-15 21:29:47 +00:00
Hiroki Sato
ed45ea12ca Add :ifname modifier to specify interface-specific routes into
{,ipv6_}static_routes and rc.d/routing.  For example:

 static_routes="foo bar:em0"
 route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1"
 route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2"

At boot time, all of the static routes are installed as before.
The differences are:

- "/etc/rc.d/netif start/stop <if>" now configures static routes
  with :<if> if any.
- "/etc/rc.d/routing start/stop <af> <if>" works as well.  <af> cannot be
  omitted when <if> is specified, but a keyword "any" or "all" can be used
  for <af> and <if>.
2013-06-09 18:11:36 +00:00
Ed Maste
e9f843e2f6 Add WITH_DEBUG_FILES
makeman currently generates a src.conf that claims every option also
enforces WITHOUT_BIND_UTILS, so I applied this section by hand.
2013-06-07 21:51:10 +00:00
Glen Barber
3c10f4198d Remove references to CVS_UPDATE and SUP_UPDATE to catch up with r251084.
MFC after:	1 month
X-MFC-With:	r251084, r251085
2013-05-28 23:52:01 +00:00
Xin LI
8d8a4892fe Fix a copy-and-paste typo. 2013-05-22 05:21:19 +00:00
Xin LI
6de725c2d8 Regenerate with manual fixup for WITH_LDNS_UTILS inheriting WITHOUT_BIND_UTILS. 2013-05-22 05:16:07 +00:00
Brooks Davis
2afea814ac Document WITHOUT_CROSS_COMPILER and WITHOUT_FORMAT_EXTENSIONS. 2013-05-15 14:35:02 +00:00
Joel Dahl
37b983c09b mdoc sweep 2013-05-13 18:13:50 +00:00
Joel Dahl
2710751bc3 mdoc sweep. 2013-05-12 22:22:12 +00:00
Bryan Drewery
fdcb645387 Fix examples for overriding INSTALL to not suggest hardcoding
'install' since it breaks buildworld after the introduction and
use of 'install -l' in r245752. Overriding INSTALL causes
/usr/bin/install to be used instead of the proper
/usr/src/tools/install.sh which handles the new flag.

Approved by:	bapt
MFC after:	2 weeks
2013-04-26 19:56:14 +00:00