Commit Graph

6977 Commits

Author SHA1 Message Date
Eitan Adler
dae3a64fb9 userland: Fix several typos and minor errors
- duplicate words
- typos
- references to old versions of FreeBSD

Reviewed by:	imp, benno
2017-12-27 03:23:01 +00:00
Dimitry Andric
54b4b13c4a Merge ^/head r326936 through r327149. 2017-12-24 13:22:57 +00:00
Kevin Lo
f1ab57eead Add soft float abi caching form armv7, it would allow people with old
binaries to run them.

Reviewed by:	imp
2017-12-22 01:46:25 +00:00
Dimitry Andric
27228b49fb Update clang versioned dir in mtree files. 2017-12-20 20:28:40 +00:00
Dimitry Andric
14767bd616 Follow-up to r325967, which removed /etc/casper, by also removing it
from BSD.root.dist, so it does not get created again on installworld.
2017-12-12 22:21:20 +00:00
Eitan Adler
fbc88a6f35 sponge(1): revert
I did a complete buildworld and test... with the program disconnected
from the tree. Revert the change for now.

(this keeps the change to .arclint which is still correct)

Wearing:	my pointhat
2017-12-06 02:47:46 +00:00
Eitan Adler
8d4a7aab40 sponge(1): fix my tests
Reviewed by:	kevans
2017-12-05 04:43:39 +00:00
Alan Somers
95639a80ef dc(1): fix input of non-decimal fractional numbers
Inputting fractional non-decimal numbers has never worked correctly in our
OpenBSD-derived dc(1). It truncates the input to a number of decimal places
equal to the number of hexadecimal (or whatever base) places given on the
input. That's unacceptable, because many numbers require more precision to
represent in base 10 than in their original bases.

Fix this bug by using as many decimal places as needed to represent the
input, up to the maximum of the global scale factor.

This has one mildly surprising side effect: the scale of a number entered in
non-decimal mode will no longer necessarily equal the number of hexadecimal
(or whatever base) places given on the input. I think that's an acceptable
behavior change, given that inputting fractional non-decimal numbers never
worked in the first place, and the man page doesn't specify whether trailing
zeros on the input should affect a number's scale.

PR:		206230
Reported by:	nibbana@gmx.us
Reviewed by:	pfg
Differential Revision:	https://reviews.freebsd.org/D13336
2017-12-05 04:22:35 +00:00
Mark Johnston
04006780d9 Complete support for dtrace's -x setenv option.
This allows one to override the environment for processes created with
dtrace -c. By default, the environment is inherited.

This support was originally merged from illumos in r249367 but was lost
when the commit was later reverted and then brought back piecemeal.

Reported by:	Samuel Lepetit <slepetit@apple.com>
MFC after:	2 weeks
2017-12-03 16:57:28 +00:00
Kristof Provost
4fbebc7472 Add IPSec tests in tunnel mode
Some IPSec in tunnel mode allowing to test multiple IPSec
configurations.  These tests are reusing the jail/vnet scripts from pf
tests for generating complex network.

Submitted by:	olivier@
Differential Revision:	https://reviews.freebsd.org/D13017
2017-12-03 13:52:35 +00:00
Dimitry Andric
d4419f6fa8 Upgrade our copies of clang, llvm, lldb and libc++ to r319231 from the
upstream release_50 branch.  This corresponds to 5.0.1 rc2.

MFC after:	2 weeks
2017-12-03 12:14:34 +00:00
Eitan Adler
e6fb36794f pf.os: Add OpenBSD:6.1
Obtained From: OpenBSD
2017-12-02 06:23:02 +00:00
Alan Somers
cc58910608 Fix fetching ntp leapfile after 325256
Submitted by:	Ronald Klop <ronald-lists@klop.ws>
Reviewed by:	asomers
MFC after:	3 days
X-MFC-With:	325256
2017-11-28 20:44:10 +00:00
Alan Somers
013953eb5f Add basic tests for ctfconvert(1), fold(1) and rs(1)
Add basic command line parsing test coverage for these utilities.  The tests
were automatically generated based on their man pages.  These tests can be
expanded by hand for more thorough coverage.  The aim is to generate very
basic amount of test coverage for all the utilities in the base system.

Tests generated via: https://github.com/shivansh/smoketestsuite/

Submitted by:	shivansh
Reviewed by:	asomers
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D12424
2017-11-27 20:01:58 +00:00
Emmanuel Vadot
b7f38d774d growfs: Commit the changes after expanding the partition
This fix the problem in arm snapshot present since at least 6 months where
growfs was failing at firstboot and dropped you in a single user shell.
2017-11-27 15:39:11 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Edward Tomasz Napierala
f497052bcf Add /etc/autofs/include_nis, a non-rewriting NIS map.
Submitted by:	G. Paul Ziemba
Suggested by:	asomers@
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-11-27 12:50:26 +00:00
Edward Tomasz Napierala
61cfb3db4c Rename /etc/autofs/include_nis to /etc/autofs/include_nis_nullfs, to indicate
that this script provides nullfs map rewriting for local mounts.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-11-27 12:46:18 +00:00
Edward Tomasz Napierala
db2ec83907 Change formatting; no functional changes.
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-11-27 12:44:03 +00:00
Ed Maste
71d5ff4391 filter all passwords (not only changed) from periodic passwd backup
The periodic 200.backup-passwd script outputs any differences it finds
in master.passwd, relative to the previous backup.  It intends to elide
the encrypted password field, but previously did so only for changed
lines (i.e., those beginning with - or + in the diff).

Apply the sed expression also to unchanged lines to also elide their
passwords.

PR:		223461
Reported by:	Andre Albsmeier
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2017-11-21 20:31:54 +00:00
Alan Somers
396c556d77 Add ATF tests for head(1)
Submitted by:	Fred Schlecter <https://github.com/fjs-github>
Reviewed by:	asomers, jilles
MFC after:	3 weeks
Differential Revision:	https://github.com/freebsd/freebsd/pull/127
2017-11-20 22:55:02 +00:00
Andriy Voskoboinyk
c92451ae9d Reduce code duplication for wlan(4) interface creation in network.subr.
Since wlandebug(8) can accept any (original or changed) interface name
this part may be simplified a bit.
2017-11-19 20:18:21 +00:00
Mariusz Zaborski
3aa239f187 Remove unused Casper configurations files.
This is a reaming of Casper daemon.
2017-11-18 15:34:31 +00:00
Konstantin Belousov
9898800172 Remove xlint(1).
xlint is currently a fossil.  We have much more useful and alive tools
to do now what xlint did twenty years ago.

I did not cleared some stuff which makes lint operational, in
sys/x86/include and sys/sys, but I might do it as followup.  The
x86/include/ucontext.h and _types.h hacks made to please lint was the
main reason for my initial proposal to classify xlint as obsolete and
to remove it.

Also I do not intend to clear sccs ids.

Reviewed by:	bapt, brooks, emaste, jhb, pfg
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D13015
2017-11-16 14:37:18 +00:00
Alan Somers
d02819b5e6 devd.conf: add mps and mpr to the scsi controllers regex
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D12744
2017-11-14 16:32:40 +00:00
Brad Davis
f58e59923e Remove an unused variable.
Approved by:	bdrewery
2017-11-14 01:48:24 +00:00
Eugene Grosbein
cedc7c5870 Add suitable knob ifconfig_<interface>_descr for static interface description.
Document availability of interface descriptions within rc.conf(5).

Approved by:	avg (mentor), mav (mentor)
MFC after:	3 days
2017-11-08 16:53:11 +00:00
Edward Tomasz Napierala
35dd951c8c Make autofs(5) rc scripts run earlier, matching those for amd(8).
This helps when you have some daemons that need to access automounted shares.

PR:		221011
MFC after:	2 weeks
2017-11-04 15:52:16 +00:00
Edward Tomasz Napierala
533b437eae Add NIS automounter map, which supports rewriting of self-hosted locations
to make them nullfs.

PR:		221010
Submitted by:	G. Paul Ziemba
MFC after:	2 weeks
2017-11-04 14:38:00 +00:00
Conrad Meyer
648176e095 bluetooth: Default to discoverable off
Try to not expose bluetooth devices to external devices unless the user
explicitly configures it, like any other radio/network device.  Bluetooth
has a long history of security problems and it is probably best to keep it
disabled if not needed.

Users who do use the bluetooth device should enable "discoverable" in
bluetooth.device.conf(5) after this change.

Keep in mind that bluetooth addresses can be discovered by passive
monitoring or whole address-space scans[0], so a safety conscious user
should also disable "connectable" in bluetooth.device.conf(5).

[0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth

Reviewed by:	emax, hselasky
Security:	maybe
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12831
2017-11-01 18:58:54 +00:00
Andriy Voskoboinyk
99a1c8894a Regenerate etc/devd/usb.conf
Reminded by:		hselasky
2017-10-31 23:33:24 +00:00
Bryan Drewery
939d033cab Disconnect libpathconv tests since they require external perl and do not work with kyua.
This reverts r325192 and is due to libpathconv being connected in r325186.

Reported by:	ngie
Sponsored by:	Dell EMC Isilon
2017-10-31 19:52:30 +00:00
Bryan Drewery
ae160963d8 Fix installworld/distrib-dirs for pathconv after r325186.
Sponsored by:	Dell EMC Isilon
2017-10-31 01:43:36 +00:00
Eitan Adler
a2aef24aa3 Update several more URLs
- Primarily http -> https
- Primarily FreeBSD project URLs
2017-10-29 08:17:03 +00:00
Mark Johnston
64a16434d8 Add support for compressed kernel dumps.
When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.

Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.

savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.

A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.

Reviewed by:	cem (earlier version)
Discussed with:	def, rgrimes
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
Brad Davis
bd6bc862e3 Remove a atrun check that is nullified by r318443.
Approved by:	will
2017-10-21 21:58:24 +00:00
Cy Schubert
dde7644292 Anticongestion refinements for ntpd rc script. This reverts r324681
and checks if ntp leapfile needs fetching before entering into the
anticongestion sleep.

Unfortunately some ports still use their own sleeps so, this commit
doesn't address the complete problem which is compounded by every
port that uses its own anticongestion mechanism.

Discussed with:		asomers
2017-10-19 03:17:50 +00:00
Cy Schubert
53ddaabc12 Style. Replace 8 spaces with a tab.
MFC after:	2 weeks (with prior commit to this file)
2017-10-17 01:15:55 +00:00
Cy Schubert
088e763042 Provide an option to run the anticongestion ntpd leapfile fetch in
the background.

Original patch submitted by feld@. I added the "optional" bit.

Submitted by:	feld (original patch)
MFC after:	2 weeks
2017-10-17 01:15:13 +00:00
Jilles Tjoelker
d78b853f0f rc.subr: Remove test that is always true.
The code above always sets _pidcmd to a non-empty value.
2017-10-15 11:28:41 +00:00
Kristof Provost
96842052d3 Regenerate usb.conf 2017-10-13 20:29:35 +00:00
Kristof Provost
1d6f5f214a pf: Basic automated test using VIMAGE
If VIMAGE is present we can start jails with their own pf instance. This
makes it fairly easy to run tests.
For example, this basic test verifies that drop/pass and icmp
classification works. It's a basic sanity test for pf, and hopefully an
example on how to write more pf tests.

The tests are skipped if VIMAGE is not enabled.

This work is inspired by the GSoC work of Panagiotes Mousikides.

Differential Revision:	https://reviews.freebsd.org/D12580
2017-10-06 20:43:14 +00:00
Jeremie Le Hen
e415aa2846 Remove rcmds.
If they are still needed, you can find them in the net/bsdrcmds port.

This was proposed June, 20th and approved by various committers [1].
They have been marked as deprecated on CURRENT in r320644 [2] on July, 4th.
Both stable/11 and release/11.1 contain the deprecation notice (thanks to
allanjude@).

Note that ruptime(1)/rwho(1)/rwhod(8) were initially thought to be part of
rcmds but this was a mistake and those are therefore NOT removed.

[1] https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html
[2] https://svnweb.freebsd.org/base?view=revision&revision=320644

Reviewed by:	bapt, brooks
Differential Revision:	https://reviews.freebsd.org/D12573
2017-10-06 08:43:14 +00:00
Andriy Gapon
31f976bc4a fix the misleading log facility used in devd/zfs.conf
In general, the "kern" facility is reserved for the kernel use only.
If a program specifies that facility, then it is silently converted
to "user" facility.
So, using logger -p kern.xxx was both misleading and non-specific.

Thus, change the facility to local7, so that users can create
more adequate syslogd configurations.

While local0..local7 are documented as being for local use we already
have several examples in the tree where they are used because none of
the named facilities really fits.

Approved by:	asomers
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D12420
2017-10-05 12:38:26 +00:00
Ian Lepore
e8b437ef9a Remove spurious $flags; it's a paste-o from copying the line from rc.subr.
Also, add a comment documenting the args passed to mount_md().
2017-09-29 22:21:42 +00:00
Ian Lepore
50e3590c44 Enhance mdmfs(8) to work with tmpfs(5).
Existing scripts and associated config such as rc.initdiskless, rc.d/var,
and others, use mdmfs to create memory filesystems. That program accepts a
size argument which allows SI suffixes and treats an unsuffixed number as a
count of 512 byte sectors. That makes it difficult to convert existing
scripts to use tmpfs instead of mdmfs, because tmpfs treats unsuffixed
numbers as a count of bytes. The script logic to deal with existing user
config that might include suffixed and unsuffixed numbers is... unpleasant.

Also, there is no g'tee that tmpfs will be available. It is sometimes
configured out of small-resource embedded systems to save memory and flash
storage space.

These changes enhance mdmfs(8) so that it accepts two new values for the
'md-device' arg: 'tmpfs' and 'auto'. With tmpfs, the program always uses
tmpfs(5) (and fails if it's not available). With 'auto' the program prefers
tmpfs, but falls back to using md(4) if tmpfs isn't available. It also
handles the -s <size> argument so that the mdconfig interpetation of
unsuffixed numbers applies when tmpfs is used as well, so that existing user
config keeps working after a switch to tmpfs.

A new rc setting, mfs_type, is added to etc/defaults/rc.conf to let users
force the use of tmpfs or md; the default value is "auto".

Differential Revision:	https://reviews.freebsd.org/D12301
2017-09-29 22:13:26 +00:00
Baptiste Daroussin
52eb4160a1 Do not actually install uneeded alias for man 2017-09-26 05:46:10 +00:00
Baptiste Daroussin
e6340c5d05 Remove unneeded locales and alias man directories
In base, locales (and encoding) specific directories are not used
by any tool. Just remove them.

While here also remove the cat page directory for openssl
2017-09-26 05:43:55 +00:00
Baptiste Daroussin
05572d356b Remove the cat pages directory now that catman(1) is gone 2017-09-25 21:23:49 +00:00
Hans Petter Selasky
05a3427964 Regenerate usb.conf .
MFC after:	1 week
2017-09-20 15:00:00 +00:00
Gordon Tetlow
4572fb3faf Deorbit catman. The tradeoff of disk for performance has long since tipped
in favor of just rendering the manpage instead of relying on pre-formatted
catpages. Note, this does not impede the ability to use existing catpages,
it just removes the utility to generate them.

Reviewed by:	imp, allanjude
Approved by:	emaste (mentor)
Differential Revision:	https://reviews.freebsd.org/D12317
2017-09-13 16:35:16 +00:00
Alan Somers
014404db1a Add basic tests for chflags, mkdir, rcp, and rmdir
Add basic command line parsing test coverage for these utilities.  The tests
were automatically generated based on their man pages.  These tests can be
expanded by hand for more thorough coverage.  The aim is to generate very
basic amount of test coverage for all the utilities in the base system.

Submitted by:	shivansh
Reviewed by:	asomers, brooks
MFC after:	3 weeks
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D12036
2017-09-07 16:54:47 +00:00
Alan Somers
cc15f41351 Fix 100.chksetuid and 110.neggrpperm for mountpoints with spaces
Also, fix them for mountpoints with tabs.

PR:		48325
Reported by:	pguyot@kallisys.net, aaron@baugher.biz
MFC after:	3 weeks
2017-08-25 00:28:56 +00:00
Marius Strobl
ae47d9383f Bring back the much more readable unified format for differences in
/etc/{group,master.passwd}. This was originally turned on for all of
/etc/{aliases,group,master.passwd} in r55196, but then backed out
only for the latter two in r56697, as the adaption of the sed(1)ing
done in r56308 was incorrect. This left us with inconsistent diff(1)
formats in the daily output of periodic(8) ever since, despite in
r56697 having been promised to be revisited. So properly adapt the
password hash filtering to the unified format and turn the later on
again for /etc/{group,master.passwd}, too.
2017-08-20 20:38:15 +00:00
John Baldwin
0bfcfa8634 Unconditionally install rwhod support scripts.
r322277 moved rwho* and ruptime out of the MK_RCMDS conditional including
updating the obsolete files entries to not remove these scripts due to
WITHOUT_RCMDS=yes.  However, the initial installation was still conditional
on MK_RCMDS, so new installs did not include these scripts and upgrades via
mergemaster or etcupdate removed them.

PR:		220953
MFC after:	1 month
2017-08-15 22:16:15 +00:00
Jilles Tjoelker
2cc32af06f sh: Add tests for sh -c that already pass.
PR:		220587
Submitted by:	Ryan Moeller
2017-08-12 19:17:48 +00:00
Sepherosa Ziehau
c685956956 hyperv: Add VF bringup scripts and devd rules.
How network VF works with hn(4) on Hyper-V in non-transparent mode:

- Each network VF has a cooresponding hn(4).
- The network VF and the it's cooresponding hn(4) have the same hardware
  address.
- Once the network VF is up, e.g. ifconfig VF up:
  o  All of the transmission should go through the network VF.
  o  Most of the reception goes through the network VF.
  o  Small amount of reception may go through the cooresponding hn(4).
     This reception will happen, even if the the cooresponding hn(4) is
     down.  The cooresponding hn(4) will change the reception interface
     to the network VF, so that network layer and application layer will
     be tricked into thinking that these packets were received by the
     network VF.
  o  The cooresponding hn(4) pretends the physical link is down.
- Once the network VF is down or detached:
  o  All of the transmission should go through the cooresponding hn(4).
  o  All of the reception goes through the cooresponding hn(4).
  o  The cooresponding hn(4) fallbacks to the original physical link
     detection logic.

All these features are mainly used to help live migration, during which
the network VF will be detached, while the network communication to the
VM must not be cut off.  In order to reach this level of live migration
transparency, we use failover mode lagg(4) with the network VF and the
cooresponding hn(4) attached to it.

To ease user configuration for both network VF and non-network VF, the
lagg(4) will be created by the following rules, and the configuration
of the cooresponding hn(4) will be applied to the lagg(4) automatically.

Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D11635
2017-07-31 07:18:15 +00:00
Rick Macklem
a70ee81756 Modify /etc/rc.d/nfsd so it doesn't force a startup of nfsuserd for NFSv4.
Given that RFC7530 allows uid/gids to be placed in owner/owner_group
strings directly, many NFSv4 environments don't need the nfsuserd.
This small patch modified /etc/rc.d/nfsd so that it does not force
startup of the nfsuserd daemon unless nfs_server_managegids is enabled.
This implies that nfsuserd_enable="YES" must be added to /etc/rc.conf
for NFSv4 server environments that use Kerberos mounts or clients that
do not support the uid/gid in string capability.
Since this could be considered a POLA violation, it will not be MFC'd.

Discussed on:	freebsd-current
2017-07-28 21:07:57 +00:00
Enji Cooper
fcb60eb0bb Unconditionally install etc/mtree/BSD.debug.dist again
r279248 unconditionally installed BSD.debug.dist for ease-of-developer-use.
Restore the previous behavior.

While here, add a comment to note that this is intentional to avoid accidental
future removal.

MFC after:	2 months
MFC with:	r321444
2017-07-25 00:28:23 +00:00
Enji Cooper
e017348aa8 Remove ${MTREE} and leverage etc/mtree/Makefile instead with
"make distribution".

This also fixes the fact that BSD.debug.dist was being installed if/when
${MK_DEBUG_FILES} != "no" before this commit.

MFC after:	2 months
2017-07-24 23:57:43 +00:00
Dimitry Andric
2fef18f836 Merge ^/head r320994 through r321238. 2017-07-19 19:43:10 +00:00
Emmanuel Vadot
2a4727a472 ipfw_netflow: Add support for FIB
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.

While here correct some value in rc.conf(5) to be int and not str.

Sponsored by:	Gandi.net
2017-07-18 14:02:02 +00:00
Emmanuel Vadot
fd75b64d7e ipfw_netflow: add +ipfw_netflow_enable="NO" to defaults/rc.conf and document
usage in rc.conf(5)

Reported by:	markj
Sponsored by:	Gandi.net
2017-07-17 08:53:51 +00:00
Kristof Provost
4d7709ddf6 pfctl parser tests
Copy the most important test cases from OpenBSD's corresponding
src/regress/sbin/pfctl, those that run pfctl on a test input file and check
correctness of its output. We have also added some new tests using the same
format.

The tests consist of a collection of input files (pf*.in) and
corresponding output files (pf*.ok). We run pfctl -nv on the input
files and check that the output matches the output files. If any
discrepancy is discovered during future development in the source
tree, we know that a regression bug has been introduced into the tree.

Submitted by:	paggas
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D11322
2017-07-15 19:22:01 +00:00
Emmanuel Vadot
0a84d3e5f0 etc/rc.d: Only install ipfw_netflow is MK_IPFW and MK_NETGRAPH is defined
While here only install ipfw rc script if MK_IPFW is defined.

Reported by:	ngie
2017-07-15 09:04:23 +00:00
Dimitry Andric
d2043ca373 Merge ^/head r320573 through r320970. 2017-07-13 22:01:38 +00:00
Emmanuel Vadot
0fc830cca9 Add an rc.d script to setup a netflow export via ng_netflow
The default is to export netflow data on localhost on the netflow port.
ngtee is used to have the lowest overhead possible.
The ipfw ng hook is the netflow port (it can only be numeric)
Default is netflow version 5.

Sponsored-By:   Gandi.net
Reviewed by:	bapt (earlier version), olivier (earlier version)
2017-07-13 13:40:18 +00:00
Emmanuel Vadot
600a08a80d Add ipfw_status command to etc/rc.d/ipfw
This is helpful when using service/conf management tools.

Sonsored-By:	Gandi.net
2017-07-13 13:32:23 +00:00
Kyle Evans
b5ddde39ac Add some basic tests for hexdump(1)'s various output flags. Formatting
tests are omitted for this initial run as there are still some bugs to work
out there.

This covers -s flag testing on devices and non-devices that would have
caught breakage found in PR 219173 as well as other subtle breakage caused
locally.

Reviewed by:	cem, ngie
Approved by:	cem (acting co-mentor)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D11279
2017-07-13 03:52:54 +00:00
Edward Tomasz Napierala
d43225de5c Make fsck_y_enable default to passing pass -R to fsck_ffs(8) in addition
to -y.  To me, fsck_y_enable means "try as hard as possible", and without
-R, it... well, doesn't.

Reviewed by:	mckusick
Obtained from:	CheriBSD
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D11490
2017-07-11 12:32:40 +00:00
Bryan Drewery
27f3f39a1d Fix INSTALL_AS_USER after r319020.
Reviewed by:	vangyzen
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-07-10 23:52:07 +00:00
Warner Losh
a94a63f0a6 An MMC/SD/SDIO stack using CAM
Implement the MMC/SD/SDIO protocol within a CAM framework. CAM's
flexible queueing will make it easier to write non-storage drivers
than the legacy stack. SDIO drivers from both the kernel and as
userland daemons are possible, though much of that functionality will
come later.

Some of the CAM integration isn't complete (there are sleeps in the
device probe state machine, for example), but those minor issues can
be improved in-tree more easily than out of tree and shouldn't gate
progress on other fronts. Appologies to reviews if specific items
have been overlooked.

Submitted by: Ilya Bakulin
Reviewed by: emaste, imp, mav, adrian, ian
Differential Review: https://reviews.freebsd.org/D4761

merge with first commit, various compile hacks.
2017-07-09 16:57:24 +00:00
Kristof Provost
2ca5f390c4 Allow more services to run in vnet jails
After some tests, here are the services that run into a vnet jail:
  - defaultroute
  - dhclient
  - ip6addrctl
  - natd
  - pf
  - pfsync
  - pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
  - rarpd
  - route6d (do nothing anyway because obsolete)
  - routed (do nothing anyway because obsolete)
  - rtsold
  - static_arp
  - static_ndp

PR:		220530
Submitted by:	olivier@freebsd.org
2017-07-08 09:28:31 +00:00
Enji Cooper
f37852c173 Add tests to help verify Links functionality for .../contrib/tzdata/backwards
MFC after:	1 month
MFC with:	r320702
2017-07-06 04:30:06 +00:00
Kristof Provost
05370e9a99 Allow ipsec to run in vnet jails
ipsec is usable in vnet jails, so allow it to run there.

PR:		211364
Submitted by:	Matthias Meyser <meyser xenet.de>
2017-07-05 20:00:58 +00:00
Edward Tomasz Napierala
124569d0ce Fix typo introduced in r320672 - check for existence of the right file.
Reported by:	rpokala@
MFC after:	2 weeks
2017-07-05 15:42:33 +00:00
Edward Tomasz Napierala
df6744e840 Cosmetic tweaks to the default shell rc files, mostly comments.
MFC after:	2 weeks
2017-07-05 13:08:07 +00:00
Edward Tomasz Napierala
dd0e1324ba Run "resizewin -z" from the default shell profile files. This makes
the terminal work properly out of the box when logging over a serial
line, which is quite important for the user experience on boards like
Raspberry Pi.  It doesn't affect cases where the terminal size is
already non-zero, such as SSH or vt(4) sessions.

Note that this doesn't handle a scenario pointed out by rgrimes@:
when the terminal is resized after login, the terminal size won't
get updated even after logging out and back in.

Reviewed by:	imp
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D10642
2017-07-05 10:37:37 +00:00
Ed Maste
8fadf6a637 cam: EOL whitespace cleanup and line wrapping changes
NFC. This cleanup simplifies diffs for review of the MMC-CAM work.

Submitted by:	kibab
2017-07-04 18:48:08 +00:00
Kristof Provost
2f0f20717d Allow rtadvd and bsnmpd to run in vnet jails
Both of these tools are usable in vnet jails, so allow them to run there.

PR:		220431, 220432
Submitted by:	olivier@freebsd.org
2017-07-03 20:36:58 +00:00
Dimitry Andric
f6e653bb10 Merge ^/head r320398 through r320572. 2017-07-02 11:48:07 +00:00
Enji Cooper
3416500aef Pull down pjdfstest 0.1
The summary of changes is as follows..

Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
  testcases that require lchmod, skip the testcase -- otherwise
  use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].

Linux support::
- Fixed Linux support to pass on later supported versions of
  Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].

OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
  [2].

MFC after:	2 months
Obtained from:	https://github.com/pjd/pjdfstest/tree/0.1
Relnotes:	yes
Submitted by:	asomers [1], ngie [2]
Tested with:	UFS, ZFS
2017-06-28 09:22:45 +00:00
Enji Cooper
de1abb9778 Commit the corresponding mtree file change for the TAP test examples
MFC after:	1 month
MFC with:	r320443
2017-06-28 08:23:20 +00:00
Dimitry Andric
a3604b95ed Merge ^/head r320042 through r320397. 2017-06-27 06:44:32 +00:00
Cy Schubert
3dfcef9d29 Replace the leap-seconds file in r320242 from USNO -
ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3701462400 - with a
leap-seconds file from NIST at ftp://time.nist.gov/pub/. The USNO
version of the file changes the last documented leap second update
time whereas the NIST version does not. The expiration of the USNO
version of the file is also one month short.

Requested by:	ian@
Obtained from:	ftp://time.nist.gov/pub/leap-seconds.3676924800
MFC after:	3 days
2017-06-23 01:05:49 +00:00
Cy Schubert
ded4f89519 Update leap-seconds to leap-seconds.3701462400.
As per https://datacenter.iers.org/eop/-/somos/5Rgv/latest/16:

     INTERNATIONAL EARTH ROTATION AND REFERENCE SYSTEMS SERVICE (IERS)

SERVICE INTERNATIONAL DE LA ROTATION TERRESTRE ET DES SYSTEMES DE REFERENCE

SERVICE DE LA ROTATION TERRESTRE
OBSERVATOIRE DE PARIS
61, Av. de l'Observatoire 75014 PARIS (France)
Tel.      : 33 (0) 1 40 51 23 35
FAX       : 33 (0) 1 40 51 22 91
Internet  : services.iers@obspm.fr

                                             Paris, 9 January 2017

                                             Bulletin C 53

                                             To authorities responsible
                                             for the measurement and
                                             distribution of time

                          INFORMATION ON UTC - TAI

 NO leap second will be introduced at the end of June 2017.
 The difference between Coordinated Universal Time UTC and the
 International Atomic Time TAI is :

     from 2017 January 1, 0h UTC, until further notice : UTC-TAI = -37 s

 Leap seconds can be introduced in UTC at the end of the months of December
 or June,  depending on the evolution of UT1-TAI. Bulletin C is mailed every
 six months, either to announce a time step in UTC, or to confirm that there
 will be no time step at the next possible date.

                                            Christian BIZOUARD
                                            Director
                                            Earth Orientation Center of IERS
					    Observatoire de Paris, France

Obtained from:	ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3701462400
MFC after:	3 days
2017-06-22 19:25:17 +00:00
Dimitry Andric
4198293b25 Merge ^/head r319801 through r320041. 2017-06-17 00:14:54 +00:00
Stephen J. Kiernan
dd8a25a799 Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5).
Need to multiply the size of the disk passed to mount_md by 512 as mdmfs
expects number of 512-byte blocks while tmpfs size option wants number of
bytes.

Reviewed by:	brooks
Approved by:	sjg (mentor)
Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D11106
2017-06-15 20:06:41 +00:00
Enji Cooper
74c9a5910c Add some initial basic tests for du(1)
Tests that exercise the following flags are added in this commit:
- -A
- -H
- -I
- -g
- -h
- -k
- -m

Additional tests will be added soon.

MFC after:	1 month
2017-06-12 07:43:58 +00:00
Gregory Neil Shapiro
720046d61c Fix 'restart' action: rc.subr only expects to restart one service, not two.
PR:		217393
Reported by:	Martin Simmons
MFC after:	1 week
2017-06-12 01:26:36 +00:00
Enji Cooper
21860bf938 Write up some basic tests for readlink(1)
The tests exercise -f (f_flag), -n (n_flag), and no arguments (basic).

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-06-11 21:13:12 +00:00
Jilles Tjoelker
eaac4bffc7 rc.subr: Optimize repeated sourcing.
When /etc/rc runs all /etc/rc.d scripts, it has already loaded /etc/rc.subr
but each /etc/rc.d script sources it again (since /etc/rc.d scripts must
also work when started stand-alone).

Therefore, if rc.subr is already loaded, return so sh need not parse the
rest of the file.

A second effect is that there is no longer a compound command around most of
rc.subr. This reduces memory usage while sh is loading rc.subr for the first
time (but this memory is free()d once rc.subr is loaded).

For purposes of porting this to other systems, I do not recommend porting
this to systems with shells that do not have the change to the return
special builtin like in r255215 (before FreeBSD 10.0-RELEASE). This change
ensures that return in the top level of a dot script returns from the dot
script, even if the dot script was sourced from a function.

A comparison of CPU time on an amd64 bhyve virtual machine from a times
command added near the end of /etc/rc, all four values summed:

x orig1
+ quickreturn
+--------------------------------------------------------------------------+
|  +    +              +                             x    x               x|
||______M__A_________|                             |______M___A__________| |
+--------------------------------------------------------------------------+
    N           Min           Max        Median           Avg        Stddev
x   3         1.704         1.802         1.726         1.744   0.051419841
+   3         1.467         1.559         1.487     1.5043333   0.048387326
Difference at 95.0% confidence
	-0.239667 +/- 0.113163
	-13.7424% +/- 6.48873%
	(Student's t, pooled s = 0.0499266)
2017-06-11 19:06:07 +00:00
Dimitry Andric
686fb94a00 Merge ^/head r319548 through r319778. 2017-06-10 13:22:49 +00:00
Alan Somers
670f178299 Add tests for ln(1)
* Verify that when creating a hard link to a symbolic link, '-L' option
  creates a hard link to the target of the symbolic link
* Verify that when creating a hard link to a symbolic link, '-P' option
  creates a hard link to the symbolic link itself
* Verify that if the target file already exists, '-f' option unlinks it so
  that link may occur
* Verify that if the target file or directory is a symbolic link, '-shf'
  option prevents following the link
* Verify that if the target file or directory is a symbolic link, '-snf'
  option prevents following the link
* Verify that '-s' option creates a symbolic link
* Verify that '-w' option produces a warning if the source of a symbolic
  link does not currently exist

Submitted by:	shivansh
Reviewed by:	asomers, ngie
MFC after:	1 month
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D11084
2017-06-08 19:09:55 +00:00
Baptiste Daroussin
9a4d69e3aa Remove directories for the roff documentations which is built and installed
anymore

Reported by:	trasz
2017-06-08 01:41:20 +00:00
Baptiste Daroussin
738919c039 Remove groff from base
All manpages in base are now compatible with mandoc(1), all roff documentation
will be relocated in the doc tree. man(1) can now use groff from the ports tree
if it needs.

Also remove checknr(1) and colcrt(1) which are only useful with groff.

Approved by:	(no objections on the mailing lists)
2017-06-07 23:00:34 +00:00
Enji Cooper
245e210cc6 Add some basic tests for chmod(1)
MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-06-07 05:33:56 +00:00
Enji Cooper
2d15c3cb12 Add basic tests for echo(1)
Verify that echo(1) does not...
- ... print the trailing newline character with option '-n'.
- ... print the trailing newline character when '\c' is appended to
      the end of the string.

Submitted by:	shivansh
Reviewed by:	asomers, ngie
MFC after:	1 month
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	D11036
2017-06-06 16:04:27 +00:00
Dimitry Andric
4224465e82 Merge ^/head r319251 through r319479. 2017-06-01 22:59:41 +00:00
Eric van Gyzen
1f1ed24cc5 crashinfo: add "batch" mode and use it during boot
In batch mode, most messages go into the core.txt.N file instead of stdout.

Reviewed by:	jhb
MFC after:	3 days
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D10429
2017-06-01 21:23:04 +00:00
Dimitry Andric
a773cead9f Merge ^/head r318964 through r319164. 2017-05-29 22:25:33 +00:00
Xin LI
335917f071 Tighten /entropy permissions.
PR:		219527
Reported by:	Lu Tung-Pin <lutungpin at openmailbox.org>
Submitted by:	jilles
MFC after:	3 days
2017-05-27 06:24:06 +00:00
Dimitry Andric
d02c951f8e Merge ^/head r318658 through r318963. 2017-05-26 19:11:24 +00:00
Edward Tomasz Napierala
85a4f37a3a Create /net by default, for autofs.
MFC after:	2 weeks
2017-05-25 08:34:24 +00:00
Dimitry Andric
27c240688c Merge ^/head r318560 through r318657. 2017-05-22 19:28:24 +00:00
Jilles Tjoelker
fd1c67ef4e compress: Add basic tests. 2017-05-21 14:05:32 +00:00
Michael Reifenberger
e817140df0 Improve time-since-last-scrub calculation.
This can be needed to compensate anticongestion delays in 410.pkg-audit or 480.leapfile-ntpd.

PR:		217622
Submitted by:	wbe@psr.com
MFC after:	2 weeks
2017-05-20 16:47:00 +00:00
Dimitry Andric
775e1e023f After r317383 (removal of NATM), also remove usr/include/dev/utopia from
BSD.include.dist.
2017-05-20 11:40:37 +00:00
Dimitry Andric
ea1e967cbf Merge ^/head r318380 through r318559. 2017-05-19 21:20:01 +00:00
Enji Cooper
56ba774ebc Install {cron.d,newsyslog.conf.d,syslog.d} via make distribution, not make install
I incorrectly started this pattern in r277541 with the opensm newsyslog.conf.d file,
and continued using it in r318441 and r318443.

This will fix the files being handled improperly via installworld, preventing tools like
etcupdate, mergemaster, etc from functioning properly when comparing the installed
contents on a system vs the contents in a source tree when doing merges.

PR:		219404
Submitted by:	Dan McGregor <dan.mcgregor@usask.ca>
MFC after:	2 weeks
MFC with:	r277541, r318441, r318443
Sponsored by:	Dell EMC Isilon
2017-05-19 17:04:01 +00:00
Enji Cooper
043b080e33 Conditionally handle the crontab entry for atrun(8)
The default crontab prior to this commit assumes atrun(8) is always
present, which isn't true if MK_AT == no. Move atrun(8) execution
from /etc/crontab to /etc/cron.d/at, and base /etc/cron.d/at's installation
on MK_AT. cron(8) will detect /etc/cron.d/at's presence when the configuration
is loaded and run atrun every 5 minutes like it would prior to this commit.

SHELL and PATH are duplicated between /etc/crontab and /etc/cron.d/at
because atrun(8) executes programs, which may rely on environment
set in the current default /etc/crontab.

Noted by:	bdrewery (in an internal review)
MFC after:	2 months
Relnotes:	yes (may need to add environmental modifications to
		     /etc/cron.d/at)
Sponsored by:	Dell EMC Isilon
2017-05-18 06:33:55 +00:00
Enji Cooper
cb8106ba77 Revert r318441: the commit message was incoherent 2017-05-18 06:27:37 +00:00
Enji Cooper
94af8db1e9 Handle the cron.d entry for MK_AT in cron conditionally
Install /etc/cron.d/at if MK_AT != no, always using it, which tries
to run a non-existent program via cron(8) every 5 minutes with the
default /etc/crontab, prior to this commit.

SHELL and PATH are duplicated between /etc/crontab and /etc/cron.d/at
because atrun(8) executes programs, which may rely on environment
currently set via /etc/crontab.

Noted by:	bdrewery (in an internal review)
MFC after:	2 months
Relnotes:	yes (may need to add environmental modifications to
		     /etc/cron.d/at)
Sponsored by:	Dell EMC Isilon
2017-05-18 06:25:39 +00:00
Enji Cooper
20d90b10b1 usr.bin/getconf: add some initial tests
Items tested via this commit are:
- Some basic POSIX constants.
- Some valid programming environments with -v.
- Some invalid programming environments via -v.

NOTE: this test makes assumptions about ILP32/LP32 vs LP64 that are
currently not true on all architectures to avoid hardcoding some
architectures in the tests. I'm working on improving getconf(1) to be
more sane about handling ILP32/LP32 vs LP64. Future commits are coming
soon to address this.

MFC after:	2 weeks
Tested with:	amd64, i386
Sponsored by:	Dell EMC Isilon
2017-05-18 01:43:30 +00:00
Dimitry Andric
209be20560 Merge ^/head r317971 through r318379. 2017-05-16 19:54:47 +00:00
Enji Cooper
c7d813a93e Start writing up some basic feature tests for procstat
These tests query a running process for information related to the -b,
-c, -e, and -f flags; the -f testcase is largely stubbed out, pending
additional work to determine a good, deterministic descriptor.

Core file test support is coming soon--it requires a bit more effort
due to the fact that:
- coredumps can be disabled (kern.coredump=0).
- corefiles can be put in different directories than the current
  directory, or be named something other than `<prog>.core`
  (`kern.corefile`).

MFC after:	2 months
Sponsored by:	Dell EMC Isilon
2017-05-15 22:52:25 +00:00
Enji Cooper
e5c4c8aa7f Handle the logfiles in newsyslog and syslogd conditionally, based on
src.conf(5) knobs

This will allow consumers of FreeBSD to use the unmodified configuration
files out of the box more than previously.

Both newsyslog.conf and syslog.conf:
- /var/log/lpd-errs (MK_LPR != no)
- /var/log/ppp.log (MK_PPP != no)
- /var/log/xferlog (MK_FTP != no)

newsyslog.conf:
- /var/log/amd.log (MK_AMD != no)
- /var/log/pflog (MK_PF != no)
- /var/log/sendmail.st (MK_SENDMAIL != no)

MFC after:      3 weeks
Sponsored by:   Dell EMC Isilon
2017-05-13 03:10:50 +00:00
Dimitry Andric
7e1b7636c8 Merge ^/head r317808 through r317970. 2017-05-08 19:27:44 +00:00
Enji Cooper
c53d56999c Fix the build after r317942 by adding usr.bin/csplit to BSD.tests.dist
Pointyhat to:	cem
MFC with:	r317942
Sponsored by:	Dell EMC Isilon
2017-05-08 17:13:00 +00:00
Dimitry Andric
be27b31162 Merge ^/head r317503 through r317807. 2017-05-04 21:30:26 +00:00
Edward Tomasz Napierala
1f1abc7882 Enable automounting of exFAT media.
With fstyp(8) being updated to detect exfat in base r312003, it seems
like a good time to add support for auto-mounting SDXC cards -- which
use exfat by default.

The user will need to locally compile and install sysutils/fusefs-exfat
for this to succeed; logs a message to that effect when not installed.

PR:		218743
Submitted by:	eborisch+FreeBSD@gmail.com
MFC after:	2 weeks
2017-05-04 19:16:36 +00:00
Nick Hibma
c32d0b5689 Silence sysctl in startup scripts.
This makes 'stop' behave consistently with 'start' in the script.
Also use $SYSCTL instead of sysctl for consistency within that script.

MFC after:	3 weeks
2017-05-03 08:10:03 +00:00
Dimitry Andric
af3f36025b Merge ^/head r317281 through r317502. 2017-04-27 12:59:14 +00:00
Brooks Davis
b4e2ab78df Remove NATM configuration bits and assorted NATM and ATM remnants.
Reported by:	ak
Reviewed by:	ngie (first version)
Differential Revision:	https://reviews.freebsd.org/D10497
2017-04-25 21:59:34 +00:00
Brooks Davis
a7dc31283a Remove the NATM framework including the en(4), fatm(4), hatm(4), and
patm(4) devices.

Maintaining an address family and framework has real costs when we make
infrastructure improvements.  In the case of NATM we support no devices
manufactured in the last 20 years and some will not even work in modern
motherboards (some newer devices that patm(4) could be updated to
support apparently exist, but we do not currently have support).

With this change, support remains for some netgraph modules that don't
require NATM support code. It is unclear if all these should remain,
though ng_atmllc certainly stands alone.

Note well: FreeBSD 11 supports NATM and will continue to do so until at
least September 30, 2021.  Improvements to the code in FreeBSD 11 are
certainly welcome.

Reviewed by:	philip
Approved by:	harti
2017-04-24 21:21:49 +00:00
Dimitry Andric
554491ffbd Merge ^/head r316992 through r317215. 2017-04-20 21:04:21 +00:00
Baptiste Daroussin
50502545ce Readd Big5: some large databases setup are still requiring it.
Reported by:	"張君天(Chun-Tien Chang)" <tcs@kitty.2y.idv.tw>
2017-04-20 18:21:50 +00:00
Justin Hibbits
d7f8d4bc4a Add 32-bit caching to ldconfig script for powerpc64
Reported by:	ian@
2017-04-18 03:40:36 +00:00
Dimitry Andric
5897d2f01b Initial update of clang/llvm build glue, for building just a minimal
clang executable.
2017-04-17 11:21:42 +00:00
Baptiste Daroussin
e229090553 Import zstandard 1.1.4 in base
zstandard is a new compression library/tool which is very fast at
compression/decompression

For now import as a private library
2017-04-15 20:05:22 +00:00
Alan Somers
18e1cc077d Reorder Makefile entries from r316945
PR:		176049
Reported by:	Oliver Pinter
MFC after:	3 weeks
X-MFC-With:	316945
2017-04-15 00:39:45 +00:00
Alan Somers
7b2d87d085 Add 410.status-mfi, a periodic script for mfi(4) arrays
PR:		176049
Submitted by:	doconnor@gsoft.com.au
Reviewed by:	scottl, Larry Rosenman <ler@lerctr.org>
MFC after:	3 weeks
Relnotes:	yes
2017-04-14 22:59:14 +00:00
Enji Cooper
2f4a73322e Conditionally install /etc/pam.d/ftp* and /etc/pam.d/telnetd
/etc/pam.d/ftp* should be installed with MK_FTP != no and
/etc/pam.d/telnetd should be installed when MK_TELNET != no.

MFC after:	7 weeks
Sponsored by:	Dell EMC Isilon
2017-04-14 06:42:46 +00:00
Enji Cooper
269960e4b7 Derive {AT,RCMDS}{DIR,MODE} from FILE{DIR,MODE}
This reduces duplicity a bit.

MFC after:	7 weeks
Sponsored by:	Dell EMC Isilon
2017-04-14 06:33:15 +00:00
Cy Schubert
f6245ac3f7 Revert r316487. It is broken, causing boot to fail due to line 25 in
etc/rc.d/dhclient unconditionally testing true when called by a devd
rule during boot, ignoring statically assigned IP addresses in rc.conf.

Requested by:	des@
2017-04-06 12:52:05 +00:00
Enji Cooper
b824378b14 sbuf(3): add some basic functional tests for the library
Areas not covered still [positive functionality wise] are:
- sbuf_{clear,get,set}_flags
- sbuf_new (in particular, with fixed buffers, etc).

Some basic negative testing has been added, but more will be added in the
future.

This work was in part to validate work done by cem in r288223, and ian
before that.

MFC after:	2 months
Sponsored by:	Dell EMC Isilon
2017-04-06 05:29:28 +00:00
Alan Somers
e2a212c1fb Quiet 450.status-security when *_inline="YES"
Previously, 450.status-security would always set rc=3 in inline mode,
because it doesn't know whether "periodic security" is going to find
anything interesting. But this annoyingly results in daily reports that
simply say "Security check: \n\n-- End of daily output --".

This change fixes that by testing whether "periodic security" printed
anything, and setting 450.status-security's exit status to 3 if it did. An
alternative would be to change the exit status of periodic(8) to be the
worst of its scripts' exit statuses, but that would be a more intrusive
change.

Reviewed by:	brian
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10267
2017-04-06 01:37:03 +00:00
Cy Schubert
89f0a53cfe Revert r316516. des@ asked that r316516 be reverted so that he can spend
a little more time getting r316487 right.

Requested by:	des@
2017-04-06 00:15:18 +00:00
Cy Schubert
4360d992ef r316487 altered the defined values of rc_force from "yes" (for yes)
and NULL (for no) to "no" (for no) and no change to the definition
of yes. Two rc.d scripts, dhclient and bgfsck check rc_force for
yesi, using test -n, and no, using test -z. The redefinition of
yes and no by r316487 caused rc.d/dhclient, when invoked by devd
using a devd.conf rule, to assign DHCP assigned IP addresses for
interfaces with statically assigned interfaces, breaking boot.
Point of breakage was at line 25 of etc/rc.d/dhclient (r301068)
where $rc_force needs to be NULL.

MFC after:	3 weeks
X-MFC with:	r316487
2017-04-05 05:23:09 +00:00
Alan Somers
6dc025ea3a Fix file descriptor and memory leaks in pr(1)
Also, hook NetBSD's pr test into the build, and add three more test cases.

Reported by:	Coverity, Valgrind
CID:		271650 271651 271652 271653 271654 271655 271656 271656
CID:		271657 271658 271659 1006939 1006940 1006941 1006942 1009098
Reviewed by:	ngie
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9137
2017-04-04 20:03:57 +00:00
Dag-Erling Smørgrav
93385ba03b Allow command modifiers (fast, quiet etc.) to be stacked in any order.
Add a "debug" modifier that sets rc_debug.

MFC after:	3 weeks
2017-04-04 11:43:31 +00:00
Alan Somers
86571b9c01 Consolidate random sleeps in periodic scripts
Multiple periodic scripts sleep for a random amount of time in order to
mitigate the thundering herd problem. This is bad, because the sum of
multiple uniformly distributed random variables approaches a normal
distribution, so the problem isn't mitigated as effectively as it would be
with a single sleep.

This change creates a single configurable anticongestion sleep. periodic
will only sleep if at least one script requires it, and it will never sleep
more than once per invocation. It also won't sleep if periodic was run
interactively, fixing an unrelated longstanding bug.

PR:		217055
PR:		210188
Reviewed by:	cy
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D10211
2017-04-01 04:42:35 +00:00
Enji Cooper
10f81a9b3b lib/libkvm: start adding basic tests for kvm(3)
- kvm_close: add a testcase to verify support for errno = EINVAL / -1
  (see D10065) when kd == NULL is provided to the libcall.
- kvm_geterr:
-- Add a negative testcase for kd == NULL returning "" (see D10022).
-- Add two positive testcases:
--- test the error case using kvm_write on a O_RDONLY descriptor.
--- test the "no error" case using kvm_read(3) and kvm_nlist(3) as
    helper routines and by injecting a bogus error message via
    _kvm_err (an internal API) _kvm_err was used as there isn't a
    formalized way to clear the error output, and because
    kvm_nlist always returns ENOENT with the NULL terminator today.
- kvm_open, kvm_open2:
-- Add some basic negative tests for kvm_open(3) and kvm_open2(3).
   Testing positive cases with a specific
   `corefile`/`execfile`/`resolver` requires more work and would require
   user intervention today in order to reliably test this out.

Reviewed by:	markj
MFC after:	2 months
Sponsored by:	Dell EMC Isilon
Differential Revision:	D10024
2017-03-28 17:37:49 +00:00
Adrian Chadd
f906f2025b [private] add libevent1 and sqlite3 include files for our private libraries.
This, like including ucl private headers, is useful for writing new base
system tools.  Yes, anyone using these libraries shouldn't assume ABI
compatibility.

Reviewed by:	bdrewery, bapt
Differential Revision:	https://reviews.freebsd.org/D10123
2017-03-27 22:34:43 +00:00
Baptiste Daroussin
b285596f4e Remove empty Big5 directory from share/nls 2017-03-19 18:03:52 +00:00
Baptiste Daroussin
ababdab0ce Remove zh_TW.Big5 locale
After discussion with many Taiwanese, in IT or not. Big5 is not used anymore.
It is not able to represent lots of the characters used in the language.
2017-03-19 17:52:46 +00:00
Marius Strobl
72dec0792a - Add support for eMMC "partitions". Besides the user data area, i. e.
the default partition, eMMC v4.41 and later devices can additionally
  provide up to:
  1 enhanced user data area partition
  2 boot partitions
  1 RPMB (Replay Protected Memory Block) partition
  4 general purpose partitions (optionally with a enhanced or extended
    attribute)

  Of these "partitions", only the enhanced user data area one actually
  slices the user data area partition and, thus, gets handled with the
  help of geom_flashmap(4). The other types of partitions have address
  space independent from the default partition and need to be switched
  to via CMD6 (SWITCH), i. e. constitute a set of additional "disks".

  The second kind of these "partitions" doesn't fit that well into the
  design of mmc(4) and mmcsd(4). I've decided to let mmcsd(4) hook all
  of these "partitions" up as disk(9)'s (except for the RPMB partition
  as it didn't seem to make much sense to be able to put a file-system
  there and may require authentication; therefore, RPMB partitions are
  solely accessible via the newly added IOCTL interface currently; see
  also below). This approach for one resulted in cleaner code. Second,
  it retains the notion of mmcsd(4) children corresponding to a single
  physical device each. With the addition of some layering violations,
  it also would have been possible for mmc(4) to add separate mmcsd(4)
  instances with one disk each for all of these "partitions", however.
  Still, both mmc(4) and mmcsd(4) share some common code now e. g. for
  issuing CMD6, which has been factored out into mmc_subr.c.

  Besides simply subdividing eMMC devices, some Intel NUCs having UEFI
  code in the boot partitions etc., another use case for the partition
  support is the activation of pseudo-SLC mode, which manufacturers of
  eMMC chips typically associate with the enhanced user data area and/
  or the enhanced attribute of general purpose partitions.

  CAVEAT EMPTOR: Partitioning eMMC devices is a one-time operation.

- Now that properly issuing CMD6 is crucial (so data isn't written to
  the wrong partition for example), make a step into the direction of
  correctly handling the timeout for these commands in the MMC layer.
  Also, do a SEND_STATUS when CMD6 is invoked with an R1B response as
  recommended by relevant specifications. However, quite some work is
  left to be done in this regard; all other R1B-type commands done by
  the MMC layer also should be followed by a SEND_STATUS (CMD13), the
  erase timeout calculations/handling as documented in specifications
  are entirely ignored so far, the MMC layer doesn't provide timeouts
  applicable up to the bridge drivers and at least sdhci(4) currently
  is hardcoding 1 s as timeout for all command types unconditionally.
  Let alone already available return codes often not being checked in
  the MMC layer ...

- Add an IOCTL interface to mmcsd(4); this is sufficiently compatible
  with Linux so that the GNU mmc-utils can be ported to and used with
  FreeBSD (note that due to the remaining deficiencies outlined above
  SANITIZE operations issued by/with `mmc` currently most likely will
  fail). These latter will be added to ports as sysutils/mmc-utils in
  a bit. Among others, the `mmc` tool of the GNU mmc-utils allows for
  partitioning eMMC devices (tested working).

- For devices following the eMMC specification v4.41 or later, year 0
  is 2013 rather than 1997; so correct this for assembling the device
  ID string properly.

- Let mmcsd.ko depend on mmc.ko. Additionally, bump MMC_VERSION as at
  least for some of the above a matching pair is required.

- In the ACPI front-end of sdhci(4) describe the Intel eMMC and SDXC
  controllers as such in order to match the PCI one.
  Additionally, in the entry for the 80860F14 SDXC controller remove
  the eMMC-only SDHCI_QUIRK_INTEL_POWER_UP_RESET.

OKed by:	imp
Submitted by:	ian (mmc_switch_status() implementation)
2017-03-16 22:23:04 +00:00
Enji Cooper
b0b1dbdd49 Start adding basic tests for cam(3)
This change contains several negative and positive tests for:
- cam_open_device
- cam_close_device
- cam_getccb
- cam_freeccb

This also contains a test for the failure case noted in bug 217649,
i.e., O_RDWR must be specified because pass(4) requires it.

This test unfortunately cannot assume that cam-capable devices are
present, so the user must explicitly provide a device via
`test_suites.FreeBSD.cam_test_device`. In the future, a test kernel
module might be shipped, or ctl(4) might be used, as a test device
when testing out libcam, which will allow the tests to do away with
having to specify an explicit test device.

Reviewed by:	asomers, ken (earlier diff)
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision: D9928
2017-03-15 18:00:54 +00:00
Enji Cooper
e22ad7bca1 Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/...
This change moves the tests added in r313962 to an existing directory
structure used by the geli TAP tests. It also, renames the test from
pbkdf2 to pbkdf2_test .

The changes to ObsoleteFiles.inc are being committed separately as they
aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests
is done all in one commit.

MFC after:	2 weeks
X-MFC with:	r313962, r313972-r313973
Reviewed by:	allanjude
Sponsored by:	Dell EMC Isilon
Differential Revision:	D9985
2017-03-14 07:00:22 +00:00
Warner Losh
6dcff5b77c Move /etc/ to SRCTOP
Prefer ${SRCTOP}/ to ${.CURDIR}/../ and ${.CURDIR}/../../ as appropriate.

Differential Revision:  https://reviews.freebsd.org/D9932
Sponsored by:		Netflix
Silence On:		arch@ (twice)
2017-03-12 18:58:55 +00:00
Baptiste Daroussin
84e1ba258b Add the diff to the tests mtree
Reported by:	lwhsu
2017-03-11 06:27:06 +00:00
Baptiste Daroussin
d2baa3fdee texinfo is gone in r276551 remove the related directories
Reported by:	jbeich
2017-03-08 08:52:15 +00:00
Enji Cooper
d0d6d69788 Only install 900.tcpwrap if MK_INETD != "no" and MK_TCP_WRAPPERS != "no"
It relies on output from inetd that is triggered by MK_TCP_WRAPPERS=yes.

We need to check for both knobs being set -- otherwise the script doesn't
have much value.

PR:		217577
Submitted by:	Sergey <kpect@protonmail.com> (MK_TCP_WRAPPERS piece)
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-03-08 06:12:16 +00:00
Cy Schubert
05de3f339a Fix install due to incorrect placement of pwait dir in r314886.
Reported by:	Shawn Webb <shawn.webb@hardenedbsd.org>
MFC after:	2 weeks
X-MFC with:	r314886
2017-03-08 05:27:04 +00:00
Bryan Drewery
b06b52baac pwait: Add a -t flag to specify a timeout before exiting, and tests.
The exit status will be 124, as the timeout(1) utility uses.

Reviewed by:	jilles
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D9697
2017-03-07 22:16:55 +00:00
Enji Cooper
7d9ade5da1 Integrate indent tests added in r313544 into ATF/Kyua and the FreeBSD
test suite

This change does the following:

- Introduces symmetry in the test inputs/outputs by adding the exit
  code to the files. This simplified the test driver notably by
  requiring less filename/test name manipulation.
- Adds a test driver for the testcases added in r313544, patterned
  after bin/sh/tests/functional_test.sh . The driver calls indent as
  noted in r313544, with an exception: The $FreeBSD$ RCS keyword's
  expansion is reindented with indent, which means that the output
  differs from the expected output. Thus, all lines with $FreeBSD$
  in them are deleted on the fly, both in the input file and the
  output file.

  The test inputs/outputs are copied to the kyua sandbox before the
  test is run as the pathing in some of the files relies on pathing
  normalized to the current directory (copying the files is the
  easiest way to resolve the issue).

Approved by:	pstef (maintainer)
Reviewed by:	pstef
X-MFC with:	r313544
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D9682
2017-03-03 20:15:22 +00:00
Dimitry Andric
be64968040 Merge ^/head r314270 through r314419. 2017-02-28 21:30:26 +00:00
Gleb Smirnoff
efe3b0de14 Remove SVR4 (System V Release 4) binary compatibility support.
UNIX System V Release 4 is operating system released in 1988. It ceased
to exist in early 2000-s.
2017-02-28 05:14:42 +00:00
Alan Somers
7bcb2e63aa Update devd.conf for ports change 421360
Ports change 421360 changed the name and UID of the postgres user

Reviewed by:	trasz, imp, girgen
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9746
2017-02-27 15:32:56 +00:00
Dimitry Andric
eedd67c033 Merge ^/head r314129 through r314177. 2017-02-23 19:32:25 +00:00
Yoshihiro Takahashi
041377941a The ct driver was removed by r312910. 2017-02-23 16:42:48 +00:00
Dimitry Andric
6ae9acde63 Merge ^/head r313896 through r314128. 2017-02-23 07:45:58 +00:00
Warner Losh
b8efe21815 Remove more stray EISA refernces: ahb was removed. Remove the cross
reference and replace, where appropiate, with ahd.4.
2017-02-22 20:47:25 +00:00
Enji Cooper
81e8601f58 Remove lib/libpam tests after they were removed from the source tree in r313975
X-MFC with:	r313975
Sponsored by:	Dell EMC Isilon
2017-02-20 01:45:12 +00:00
Allan Jude
85c15ab853 improve PBKDF2 performance
The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be

GELI's PBKDF2 uses a simple benchmark to determine a number of iterations
that will takes approximately 2 seconds. The security provided is actually
half what is expected, because an attacker could use the optimized
algorithm to brute force the key in half the expected time.

With this change, all newly generated GELI keys will be approximately 2x
as strong. Previously generated keys will talk half as long to calculate,
resulting in faster mounting of encrypted volumes. Users may choose to
rekey, to generate a new key with the larger default number of iterations
using the geli(8) setkey command.

Security of existing data is not compromised, as ~1 second per brute force
attempt is still a very high threshold.

PR:		202365
Original Research:	https://jbp.io/2015/08/11/pbkdf2-performance-matters/
Submitted by:	Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version)
Reviewed by:	ed, pjd, delphij
Approved by:	secteam, pjd (maintainer)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D8236
2017-02-19 19:30:31 +00:00
Dimitry Andric
1a36faad54 Merge ^/head r313301 through r313643. 2017-02-11 14:04:18 +00:00
Enji Cooper
15df32b48d MFhead@r313360 2017-02-07 01:33:39 +00:00
Dimitry Andric
f9edb08480 Merge ^/head r313055 through r313300. 2017-02-05 20:03:05 +00:00
Enji Cooper
7664382295 Use kldload -n when loading if_deqna
This fixes if_deqna from being loaded by accident twice if it's already loaded
in the kernel.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-02-05 08:24:37 +00:00
Enji Cooper
9b3ece1c2e MFhead@r313243 2017-02-04 18:06:09 +00:00
Alan Somers
cb23468e75 Allow 999.local to run scripts in any language
If one of the scripts listed in (daily|weekly|monthly)_local is executable,
999.local should simply execute it. Only if the script isn't executable
should 999.local assume it needs /bin/sh.

Reviewed by:	brian
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-02-01 23:22:54 +00:00
Dimitry Andric
65575c1424 Merge ^/head r312894 through r312967. 2017-01-29 22:00:47 +00:00
Yoshihiro Takahashi
2b375b4edd Remove pc98 support completely.
I thank all developers and contributors for pc98.

Relnotes:	yes
2017-01-28 02:22:15 +00:00
Dimitry Andric
2004ce3f0d Merge ^/head r312624 through r312719. 2017-01-24 19:59:25 +00:00
Kevin Lo
a6bac5b604 Sort REALTEK section and remove duplicate entry for RTL8192CU. 2017-01-24 03:00:22 +00:00
Kevin Lo
60b9567d16 Add support for the Realtek RTL8192EU chipset.
Committed over the D-Link DWA-131 rev E1 on amd64 with WPA.

Reviewed by:	avos
2017-01-24 02:35:38 +00:00
Dimitry Andric
a4aa656aa5 Merge ^/head r312309 through r312623. 2017-01-22 16:05:13 +00:00
Ed Maste
6b02cd2c8f Remove obsolete /usr/lib/debug/usr/lib/private dir
Missed in r282420

Reported by:	dim
2017-01-20 03:14:18 +00:00
Enji Cooper
71164a14d0 Integrate .../contrib/netbsd-tests/usr.bin/uniq into the FreeBSD test
suite as .../usr.bin/uniq/tests

Sponsored by:	Dell EMC Isilon
2017-01-14 06:51:31 +00:00
Dimitry Andric
8a6fe8ce60 Merge ^/head r311812 through r311939. 2017-01-11 21:05:13 +00:00
Ian Lepore
6a4b451a11 Follow r311103: add "pool" to the keywords that rc.d/ntpdate examines to
find a server address in ntp.conf.

Submitted by:	Ronald Klop <ronald@klop.ws>
Pointy hat to:	ian
2017-01-11 00:14:47 +00:00
Alan Somers
cdb7a6fc42 Fix memory leaks during "tail -r" of an irregular file
* Rewrite r_buf to use standard tail queues instead of a hand-rolled
  circular linked list. Free dynamic allocations when done.
* Remove an optimization for the case where the file is a multiple of 128KB
  in size and there is a scarcity of memory.
* Add ATF tests for "tail -r" and its variants.

Reported by:	Valgrind
Reviewed by:	ngie
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9067
2017-01-10 20:43:32 +00:00
Dimitry Andric
69415bc524 Merge ^/head r311546 through r311683. 2017-01-08 14:36:18 +00:00
Enji Cooper
3bc6f09c7b Move the mibII module up so uncommenting the bridge module works
Add a note about how module ordering and dependent modules

MFC after:	1 week
2017-01-07 09:03:40 +00:00
Dimitry Andric
2b532af829 Merge ^/head r311314 through r311459. 2017-01-05 20:50:44 +00:00
Dimitry Andric
53fe1d28fa Adjust version numbers for the clang library directory. 2017-01-05 18:32:18 +00:00
Alan Somers
0dbb4093ef Fix typo from r311349
Reported by:	lwhsu
Pointy-hat-to:	asomers
MFC after:	4 weeks
X-MFC-with:	311349
2017-01-05 15:07:04 +00:00
Alan Somers
371f86d244 tabs -> spaces in etc/mtree
MFC after:	4 weeks
2017-01-05 02:47:56 +00:00
Ian Lepore
9f5b5f5a4d Update ntp.conf to use the ntpd pool feature.
Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org
using 3 separate 'server' config lines.  That is now replaced with a single
'pool' line which causes ntpd to add multiple servers from the pool.

More than just making the config smaller, the pool feature in ntpd has one
major advantage over configuring 3 separate servers from a pool: if a server
that was added using a 'pool' statement provides bad time (initially or at
some later date), ntpd automatically discards it and configures a new
different server from the pool without needing to be restarted.

These changes also add a 'tos' line to control how many pool servers get
added, a 'restrict source' line that is required to allow ntpd to add new
peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does
nothing and should never have been there (127.127.1.0 is not a valid IP
address, it's a refclock identifier).

Differential Revision:	https://reviews.freebsd.org/D9011
2017-01-02 15:19:22 +00:00
Enji Cooper
79030cf6d9 Provide some guidance when dealing with sections and variables contained
within them

For example, using variables designated for %usm requires uncommenting
%usm section header

MFC after:	1 month
2016-12-23 08:59:23 +00:00
Enji Cooper
62530c3f9e Don't hardcode $(securityModelUSM) (3) in the authPriv example under the %vacm
section

MFC after:	1 week
2016-12-23 08:54:44 +00:00
Enji Cooper
ad59cea045 Group all loadable modules in the %default section
This will allow new users to uncomment the modules and have things work
with less head scratching, in the event they decide to uncomment any
of the section separators, e.g. %usm or %vcm, as the module loading is
only effective in the %default section.

MFC after:	1 week
2016-12-23 06:56:48 +00:00
Enji Cooper
bedfa5f26a Clean up trailing whitespace
No functional change

MFC after:	3 days
2016-12-23 06:35:18 +00:00
Ed Schouten
1982624784 Add an example inetd(8) entry for the Prometheus sysctl exporter.
I went through the process of allocating a default port number for this
exporter, TCP 9124. This means that we can add an entry to the services
file as well.

List of Prometheus default port numbers:
https://github.com/prometheus/prometheus/wiki/Default-port-allocations
2016-12-21 08:32:20 +00:00
Dimitry Andric
3ffd353070 Merge ^/head r309817 through r310168. 2016-12-16 18:38:31 +00:00
Konrad Witaszczyk
480f31c214 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
Dimitry Andric
1bde3b7066 Merge ^/head r309519 through r309757. 2016-12-09 20:57:43 +00:00
Andriy Voskoboinyk
7d3a36a88e Do not try to recreate wlan(4) interface if it already exists.
This should fix error messages caused by devd(8) during startup:

Starting Network: lo0 wlan0.
...
Starting devd.
ifconfig: SIOCS80211: Device busy
wpa_supplicant already running?  (pid=323).

MFC after:	2 weeks
2016-12-04 15:58:34 +00:00
Dimitry Andric
4f9d94bf64 Merge ^/head r309263 through r309518. 2016-12-04 00:00:56 +00:00
Devin Teske
4f38967037 Fix bug preventing limits(1) from being applied
PR:		misc/212493
Differential Revision:	https://reviews.freebsd.org/D8232
Submitted by:	girgen
Reviewed by:	adrian
MFC after:	3 days
X-MFC-to:	stable/11
2016-12-03 19:03:40 +00:00
Warner Losh
f8c1525499 Finish incomplete comments in prior revision. I was going to fix this
after I tested it, but didn't.
2016-12-01 05:16:27 +00:00
Warner Losh
5c42a629c3 Revert the 'performance' setting to 'NONE' from C2. C2 has issues with
USB in places, as well as having the potential for reducing
performance. Since this is used even when powerd isn't enabled, these
two problems can cause on servers. Supermicro X9 motherboards, for
example, have problems with the virtual IPMI USB keyboards and mice
attaching and detaching repeatedly. Since there are issues on some
CPUs with C2, fail safe by defaulting to not altering it.

MFC After: 3 days
2016-12-01 04:35:43 +00:00
Warner Losh
5ad34286cd If the kenv variable rc_debug is set, turn on rc_debug. 2016-12-01 04:35:41 +00:00
Dimitry Andric
5b41a5b675 Update build glue for llvm/clang 3.9.1. 2016-11-26 01:13:53 +00:00
Dimitry Andric
0ed76ec8e6 Merge ^/head r308870 through r309105. 2016-11-24 14:39:04 +00:00
Jilles Tjoelker
481b6d6f37 rc.subr: $(ps -p $$ -o jid=) is always 0, so do not fork ps for it.
The JID keyword writes 0 for a process also in the host system or in the
same jail.
2016-11-20 18:21:05 +00:00
Dimitry Andric
67bc8c8b9e Merge ^/head r308491 through r308841. 2016-11-19 16:05:55 +00:00
Jilles Tjoelker
bddbe3b2b1 rc.subr: Swap checks so we only fork sysctl if *_oomprotect is set. 2016-11-17 22:49:51 +00:00
Sepherosa Ziehau
168fce73b5 hyperv/vss: Add driver and tools for VSS
VSS stands for "Volume Shadow Copy Service".  Unlike virtual machine
snapshot, it only takes snapshot for the virtual disks, so both
filesystem and applications have to aware of it, and cooperate the
whole VSS process.

This driver exposes two device files to the userland:

    /dev/hv_fsvss_dev

    Normally userland programs should _not_ mess with this device file.
    It is currently used by the hv_vss_daemon(8), which freezes and
    thaws the filesystem.  NOTE: currently only UFS is supported, if
    the system mounts _any_ other filesystems, the hv_vss_daemon(8)
    will veto the VSS process.

    If hv_vss_daemon(8) was disabled, then this device file must be
    opened, and proper ioctls must be issued to keep the VSS working.

    /dev/hv_appvss_dev

    Userland application can opened this device file to receive the
    VSS freeze notification, hold the VSS for a while (mainly to flush
    application data to filesystem), release the VSS process, and
    receive the VSS thaw notification i.e. applications can run again.

    The VSS will still work, even if this device file is not opened.
    However, only filesystem consistency is promised, if this device
    file is not opened or is not operated properly.

hv_vss_daemon(8) is started by devd(8) by default.  It can be disabled
by editting /etc/devd/hyperv.conf.

Submitted by:	Hongjiang Zhang <honzhan microsoft com>
Reviewed by:	kib, mckusick
MFC after:	3 weeks
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8224
2016-11-15 02:36:12 +00:00
Dimitry Andric
2828dafcf3 Merge ^/head r308227 through r308490. 2016-11-10 22:12:19 +00:00
Marcelo Araujo
46542a426e We can't use protect(1) inside a jail(8)!
To avoid have warning for services that are using oomprotect, oomprotect
will only be applied on services that won't run inside jails.

Reported by:	allanjude
MFC after:	2 weeks.
2016-11-10 07:05:41 +00:00
Andriy Voskoboinyk
fafbeccf90 Fix device driver name if devd.conf + move it into appropriate place.
Noticed by:	Idwer Vollering <vidwer@gmail.com>
2016-11-06 19:51:01 +00:00
Dimitry Andric
a2b802ce70 Merge ^/head r303250 through r308226. 2016-11-02 19:18:24 +00:00
Baptiste Daroussin
fdec22c37d syslogd(8): add an 'include' keyword
All the '.conf' files not beginning with a '.' contained int he directory
following the keyword will be included.

This keyword can only be used in the first level configuration files.

Modify the default syslogd.conf to 'include' /etc/syslog.d and
/usr/local/etc/syslog.d

It simplify a lot handling of syslog from automation tools.

Reviewed by:	markj, kib (via irc)
Approved by:	markj
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D8402
2016-11-01 01:41:24 +00:00
Glen Barber
2d5386cc2c Fix packaging /usr/share/examples/etc.
Reported by:	woodsb02
MFC after:	3 days
X-MFC-With:	r308148
Sponsored by:	The FreeBSD Foundation
2016-10-31 21:11:46 +00:00
Dimitry Andric
02ebdc7823 Merge ^/head r307736 through r308146. 2016-10-31 19:02:42 +00:00
Baptiste Daroussin
b2fd8384ff cron(8): add support for /etc/cron.d and /usr/local/etc/cron.d
For automation tools it is way easier to maintain files in directories rather
than modifying /etc/crontab.

The files in those directories are in the same format as /etc/crontab

Reviewed by:	adrian
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Gandi.net
Differential Revision:	https://reviews.freebsd.org/D8400
2016-10-31 18:20:12 +00:00
Kevin Lo
a24d62b533 Add preliminary support for the RTL8153.
Reviewed by:	hselasky
2016-10-31 05:58:11 +00:00
Warner Losh
40adda8665 Use checkyesno instead of rolling my own.. 2016-10-23 18:00:09 +00:00
Baptiste Daroussin
62352309a8 Do not install NIS program rc script if WITHOUT_NIS is set
PR:		213375
Submitted by:	sergey@akhmatov.ru
MFC after:	3 days
2016-10-22 19:51:32 +00:00
Jilles Tjoelker
7627b33010 swapoff: Remove only late devices with -aL.
Currently, '/etc/rc.d/swaplate stop' removes all swap devices. This can be
very slow and may not even be possible if there is a lot of swap space in
use. However, removing swap devices is only needed for late swap devices
that may depend on daemons that subsequent shutdown steps stop. Normal swap
devices such as hard disk partitions will remain available throughout the
shutdown process and need not be removed.

In swapoff, interpret -aL to remove late swap devices only, and use this in
etc/rc.d/swaplate. The meaning of -aL in swapon remains unchanged (add all
swap devices, both normal and late).

PR:		187081
Reviewed by:	wblock (man page only), ngie
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D8126
2016-10-21 21:55:50 +00:00
Dimitry Andric
5763f79695 Merge ^/head r307383 through r307735. 2016-10-21 16:29:40 +00:00
Enji Cooper
669c253531 Integrate contrib/netbsd-tests/fs/tmpfs into the FreeBSD test suite
as tests/sys/fs

These testcases exercise tmpfs support

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2016-10-21 05:24:08 +00:00
Andriy Voskoboinyk
7453645f2a rtwn(4), urtwn(4): merge common code, add support for 11ac devices.
All devices:
- add support for rate adaptation via ieee80211_amrr(9);
- use short preamble for transmitted frames when needed;
- multi-bss support:
 * for RTL8821AU: 2 VAPs at the same time;
 * other: 1 any VAP + 1 sta VAP.
RTL8188CE:
- fix IQ calibration bug (reason of significant speed degradation);
- add h/w crypto acceleration support.
USB:
- A-MPDU Tx support;
- short GI support;
Other:
- add support for RTL8812AU / RTL8821AU chipsets
(a/b/g/n only; no ac yet);
- split merged code into subparts:
 * bus glue (usb/*, pci/*, rtl*/usb/*, rtl*/pci/*)
 * common (if_rtwn*)
 * chip-specific (rtl*/*)
- various other bugfixes.

Due to code reorganization, module names / requirements were changed too:
urtwn urtwnfw -> rtwn rtwn_usb rtwnfw
rtwn  rtwnfw  -> rtwn rtwn_pci rtwnfw

Tested with RTL8188CE, RTL8188CUS, RTL8188EU and RTL8821AU.

Tested by:	kevlo, garga,
		Peter Garshtja <peter.garshtja@ambient-md.com>,
		Kevin McAleavey <kevin.mcaleavey@knosproject.com>,
		Ilias-Dimitrios Vrachnis <id@vrachnis.com>,
		<otacilio.neto@bsd.com.br>
Relnotes:	yes
2016-10-17 20:38:24 +00:00
Warner Losh
2cf098b8fc Allow root_rw_mount to be both lower and upper case. Before, if it was
upper case, you'd wind up with a read-only filesystem when you should
sometimes.

PR: 213549
2016-10-17 04:07:13 +00:00
Marcel Moolenaar
50875ed2c1 Re-apply change 306811 or alternatively, revert change 307385. 2016-10-16 02:43:51 +00:00
Marcel Moolenaar
9ffbf09f2f Revert change 306811 so that the change can be re-done using
svn copy instead of svn move.  This to preserve history on
the originals headers as well.
2016-10-16 02:05:22 +00:00
Dimitry Andric
a0e610c439 Merge ^/head r306906 through r307382. 2016-10-15 22:49:04 +00:00
Baptiste Daroussin
a0135a1e35 Remove GNU rcs from base.
GNU rcs is still available as a package:
- rcs: Latest GPLv3 GNU rcs version.
- rcs57: Copy of the latest version of GNU rcs (GPLv2) from base.

Relnotes:	yes
2016-10-15 12:07:37 +00:00
Enji Cooper
5b143fd96f Install etc/rc.d/zfsbe when MK_ZFS != no
X-MFC with:	r307182
Sponsored by:	Dell EMC Isilon
2016-10-13 07:10:27 +00:00
Andriy Gapon
ebd3b79f20 rc.d/zfsbe: a new script designed for boot environment support
Currently zfsbe ensures that subordinate filesystems are mounted at the
right mount points.
The script assumes that the subordinate filesystems of a boot environment
have their canmount property set to noauto, so that they are not
automatically mounted on boot.  Whereas the root filesystem is mounted
by the kernel, there was nothing to mount its subordinates.
rc.d/zfsbe fills that gap.

Discussed with:	allanjude, will
MFC after:	3 weeks
Differential Revision: https://reviews.freebsd.org/D7797
2016-10-13 06:19:54 +00:00
Devin Teske
d119e0f7fb Many shops still prefer rc.conf(5) based jail configuration(s). In-part
because they can use sysrc in conjunction with ssh and xargs to perform
en-masse changes in a large distribution with lots of jails spread over
many hosts on a LAN/WAN.

Provide a mechanism for disabling the warning eschewed by /etc/rc.d/jail
in said situation. If jail_confwarn="NO" is in rc.conf(5) (default "YES")
skip the warning that per-jail configurations are obsolete and that the
user should migrate to jail.conf(5).

Reviewed by:	jelischer
MFC after:	3 days
Sponsored by:	FIS Global, Inc.
Differential Revision:	https://reviews.freebsd.org/D7465
2016-10-12 20:50:17 +00:00
Dimitry Andric
242b248284 Merge ^/head r306412 through r306905. 2016-10-09 13:30:57 +00:00
Marcel Moolenaar
0974f66d06 In order to allow mkimg(1) (and other tools) to become a build tool
that can be compiled on various OSes (including on older versions
of FreeBSD), make it possible to have it include the partitioning
scheme definitions without pulling in FreeBSD specifics.
In particular this means:
 o  move the scheme definitions iand related defines to header files
    under sys/disk,
 o  make them (more) portable by using uint#_t (where applicable)
    and renaming defines so that they at least have a good prefix,
 o  make the new headers stand-alone so that they don't need FreeBSD
    definitions, like struct uuid(*)
 o  keep the original headers for compatibility, but rewrite them to
    get the scheme definitions from <sys/disk/$scheme.h>.

(*) since UUID/GUID type definitions are non-portable and the GPT
scheme uses them, make it possible to have the scheme definitions
use an external type by allowing consumers of the header to set
GPT_UUID_TYPE. When GPT_UUID_TYPE has not been defined, the header
will use it's own type definition, which is the same as struct uuid.
The gpt_uuid_t typedef is created to abstract the details and allows
consumers to refer to a single type.

There is not conflict between the partitioning scheme headers and
what is defined in them. All headers can be included in the same
source files.

Note: consumers of the old headers have not been changed yet. Such
will be done if and when needed/beneficial.

Reviewed by:	imp, jhb
MFC after:	1 month
Sponsored by:	Bracket Computing
2016-10-07 15:42:20 +00:00
Kurt Lidl
d3de26c3d0 Make 502.pfdenied find blacklistd/* filter names dynamically
This change is needed to make the 520.pfdenied script find the new
blacklistd/* anchor points for reporting blocked traffic.

Reviewed by:	kp
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2016-10-04 23:12:35 +00:00
Dimitry Andric
8c4282b370 Merge ^/head r305892 through r306302. 2016-09-24 20:58:59 +00:00
Alan Somers
cc4ee17f44 Fix periodic scripts when an NFS mount covers a local mount
100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
filesystems. But their logic contains an error. They also search through
remote filesystems that are mounted on top of the root of a local
filesystem. For example, if a user installs a FreeBSD system with the
default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
/usr/home over NFS, these scripts would search through /usr/home.

MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D7482
2016-09-20 18:47:33 +00:00
Edward Tomasz Napierala
81eaa5685e Fix -media to not mount ufs with "async"; it doesn't make sense when
there is softupdates.

Suggested by:	imp@
MFC after:	1 month
2016-09-20 04:54:00 +00:00
Edward Tomasz Napierala
921bf145a6 Stop appending "noatime" in the autofs -media map, and instead add it
to auto_master, since all filesystems seem to support it.  It's cleaner
this way, and easier to customize.

MFC after:	1 month
2016-09-20 04:52:01 +00:00
Edward Tomasz Napierala
554159ec95 Make autofs(5) -media map also use "async" and "noatime" for ext2fs(5).
Suggested by:	pfg@
MFC after:	1 month
2016-09-20 04:33:58 +00:00
Edward Tomasz Napierala
1f902c4a09 Make autofs use the "noatime" flag for msdosfs, ntfs, and ufs
filesystems mounted on /media.

MFC after:	1 month
2016-09-19 08:55:36 +00:00
Edward Tomasz Napierala
0d0d6e4842 Make autofs use the "async" flag for msdosfs and ufs filesystems mounted
on /media.

MFC after:	1 month
2016-09-19 08:51:27 +00:00
Baptiste Daroussin
5b71d8999c Remove backup_uses_rcs from rc.subr
In preparation for the removal of GNU rcs from base, remove the backup_uses_rcs
functionality from the rc.subr backup_file feature. This functionnality was off
by default

Reviewed by:	wblock
Differential Revision:	https://reviews.freebsd.org/D7883
2016-09-18 12:49:23 +00:00
Dimitry Andric
93badfa1f2 Merge ^/head r305687 through r305890. 2016-09-16 20:49:12 +00:00
Oleksandr Tymoshenko
2b3f6d6650 Add evdev protocol implementation
evdev is a generic input event interface compatible with Linux
evdev API at ioctl level. It allows using unmodified (apart from
header name) input evdev drivers in Xorg, Wayland, Qt.

This commit has only generic kernel API. evdev support for individual
hardware drivers like ukbd, ums, atkbd, etc. will be committed later.

Project was started by Jakub Klama as part of GSoC 2014. Jakub's
evdev implementation was later used as a base, updated and finished
by Vladimir Kondratiev.

Submitted by:	Vladimir Kondratiev <wulf@cicgroup.ru>
Reviewed by:	adrian, hans
Differential Revision:	https://reviews.freebsd.org/D6998
2016-09-11 18:56:38 +00:00
Dimitry Andric
a75e9a0239 Merge ^/head r305623 through r305686. 2016-09-10 17:00:08 +00:00
Jung-uk Kim
3f65d720c3 Add new directories added in r305626 to fix "make installworld". 2016-09-08 21:59:34 +00:00
Dimitry Andric
d002f039ae Merge ^/head r305431 through r305622. 2016-09-08 18:15:36 +00:00
Enji Cooper
cb5fe245b1 Move tests/sys/kqueue/... to tests/sys/kqueue/libkqueue/...
This is being done to clearly distinguish the libkqueue tests
from the (soon to be imported) NetBSD tests.

MFC after:	58 days
Sponsored by:	EMC / Isilon Storage Division
2016-09-06 08:45:29 +00:00
Dimitry Andric
491cdc1b53 Merge ^/head r304700 through r304884. 2016-08-27 09:40:29 +00:00
Cy Schubert
eb27c4c0e9 Remove the gratuitous check for $FreeBSD$ and rename the function
to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
isn't already there.

Reported by:	ache@
MFC after:	1 day
2016-08-25 13:24:11 +00:00
Cy Schubert
05174bd95f Make validation of the leap-seconds file unconditional.
MFC after:	1 day
2016-08-25 03:09:23 +00:00
Cy Schubert
1ac66dd31d Add logic to replace the working ntp leap-seconds file in /var/db
if it contains a $FreeBSD$ header. The header will cause the file
to fail checksum of the hash causing ntpd to ignore the file.

MFC after:	1 day
2016-08-25 02:58:41 +00:00
Cy Schubert
0a8083a658 Change the algorithm by which /var/db/leap-seconds is updated.
1. Use the leap-seconds version number (update time) to determine
   whether to update the file or not.

2. If the version numbers of the files is the same, use the later
   expiry date to determine which file to use.

Suggested by:	ian@
MFC after:	1 day
2016-08-25 02:45:52 +00:00
Cy Schubert
383236844f Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
to leap-seconds invaldidates validation hash at the end of the file.

Remove svn:keywords and replace with fbsd:nokeywords=yes to
support this change.

MFC after:	1 day
2016-08-25 02:40:14 +00:00
Allan Jude
335906de4b Increase the default rotation threshold of log files from 100kb to 1000kb
Submitted by:	Sean Kelly <smkelly@freebsd.org>
Differential Revision:	https://reviews.freebsd.org/D6792
2016-08-24 23:02:20 +00:00
Dimitry Andric
65e1b13807 Merge ^/head r304236 through r304536. 2016-08-20 18:52:03 +00:00
John Baldwin
5d41c20b85 Remove stale drivers (amd(4) and asr(4)) from the SCSI controller regex. 2016-08-19 22:05:22 +00:00
John Baldwin
64450fdf48 Remove the wds(4) driver for the WD700 ISA SCSI HBA.
While this driver does do DMA, it bounce buffers all transactions through
a single 64k buffer.  It also does not have a manpage.

Relnotes:	yes
2016-08-19 21:51:42 +00:00
Dimitry Andric
7fff4413af Update build glue for clang and the llvm/clang extras. 2016-08-19 17:55:34 +00:00
Mark Johnston
5968c00154 Regenerate DTrace tests. 2016-08-16 02:34:25 +00:00
Alan Somers
55f27b093d Decrease the anti-congestion sleep in 480.leapfile-ntpd to 1 hour
24 hours is too long. Periodic scripts are executed serially, so when
combined with the sleep in 410.pkg-audit periodic could actually take more
than 24 hours and block the next invocation.

Reviewed by:	cy
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D7481
2016-08-15 14:58:25 +00:00
Xin LI
ed1202fc80 Now that the portsnap buildbox is generating the raw bits for INDEX-12,
add it to the set of INDEX files built by portsnap.

Switch to INDEX-12 for head/.
2016-08-14 05:18:38 +00:00
Devin Teske
d23b7f655c Allow enforce_statfs (see jail(8)) to be set per jail
Reviewed by:	jelischer
MFC after:	3 days
2016-08-10 23:24:21 +00:00
Dag-Erling Smørgrav
af8ee1391d Disable DSA again.
MFC after:	3 days
2016-08-03 16:34:20 +00:00
Bryan Drewery
bd4dcc3e5f Move chown tests to proper path
Sponsored by:	EMC / Isilon Storage Division
2016-07-23 05:49:18 +00:00
Cy Schubert
e0633de05a Update leap-seconds to leap-seconds.3676752000.
As per https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16:

                                  UTC TIME STEP
                            on the 1st of January 2017

 A positive leap second will be introduced at the end of December 2016.
 The sequence of dates of the UTC second markers will be:

                          2016 December 31, 23h 59m 59s
                          2016 December 31, 23h 59m 60s
                          2017 January   1,  0h  0m  0s

 The difference between UTC and the International Atomic Time TAI is:

  from 2015 July 1, 0h UTC, to 2017 January 1 0h UTC   : UTC-TAI = - 36s
  from 2017 January 1, 0h UTC, until further notice    : UTC-TAI = - 37s

Obtained from:	ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3676752000
See also:	https://www.iers.org/SharedDocs/News/EN/BulletinC.html
	https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16
MFC after:	1 week
Relnotes:	yes
2016-07-21 19:27:04 +00:00
Jamie Gritton
106efceff3 Start jails non-parallel if jail_parallel_start is NO. This was true
for an explicitly specified jail list; now it's also true for all jails.

PR:		209112
MFC after:	3 days
2016-07-14 20:17:08 +00:00
Jamie Gritton
e25520bab3 Wait for jails to complete startup if jail_parallel_start is YES,
instead of assuming they'll take less than one second.

PR:		203172
Submitted by:	dmitry2004@yandex.ru
2016-07-14 19:51:54 +00:00
Cy Schubert
8cabd541f7 Restore lost comment from r301295.
PR:		211027
Reported by:	Trond.Endrestol@ximalas.info
Pointy hat to:	cy@ (me)
MFC after:	3 days
2016-07-14 01:16:07 +00:00
Mark Johnston
ba3c9fc45c Remove more references to mroute6d, which was removed in r298512. 2016-07-14 00:41:37 +00:00
Baptiste Daroussin
3cf6509d70 Posixify the locales name for variants
For all locales with variants:
- if no ambiguity on the locale (only one variant) just use the regular name
- if ambiguity, pick one as default and append @<variant> to the others
  respecting POSIX

As a result:
- All the 3 components locales added recently are renamed to the usual 2
  components version for all but sr_RS.UTF-8
- Set sr_RS.UTF-8 to the cyrillic variant
- Add sr_RS.UTF-8@latin
- Remove the symlinks aliases they were created to represent the 2 components
  version as aliasas and are now useless
- Update the OptionalObsoleteFiles.inc and ObsoleteFiles.inc to reflect those
  changes

Discussed with:	ache@
Approved by:	re@ (gjb)
2016-07-03 18:21:11 +00:00
Baptiste Daroussin
87dd365e3d Remove reference to mroute6d in /etc/netstart.
mroute6d has been removed in r298512.

PR:		209405
Submitted by:	Trond.Endrestol@ximalas.info
Approved by:	re (gjb)
2016-06-25 12:54:27 +00:00
Kurt Lidl
cc4eb1ea10 Add support for a /etc/defaults/vendor.conf override file
Reviewed by:	stas, imp
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D6895
2016-06-23 19:37:00 +00:00
Warner Losh
f24c011beb Commit the bits of nda that were missed. This should fix the build.
Approved by: re@
2016-06-10 06:04:53 +00:00
Mark Johnston
714ac00292 Implement an NSS backend for netgroups and add getnetgrent_r(3).
This support appears to have been documented in nsswitch.conf(5) for some
time. The implementation adds two NSS netgroup providers to libc. The
default, compat, provides the behaviour documented in netgroup(5), so this
change does not make any user-visible behaviour changes. A files provider
is also implemented.

innetgr(3) is implemented as an optional NSS method so that providers such
as NIS which are able to implement efficient reverse lookup can do so.
A fallback implementation is used otherwise. getnetgrent_r(3) is added for
convenience and to provide compatibility with glibc and Solaris.

With a small patch to net/nss_ldap, it's possible to specify an ldap
netgroup provider, allowing one to query nisNetgroupTriple entries.

Sponsored by:	EMC / Isilon Storage Division
2016-06-09 01:28:44 +00:00
Enji Cooper
cadd473c52 Fix typo with description for $ipv6_cpe_wanif (upstram -> upstream)
MFC after: 3 days
PR: 210146
Reported by: Sean M. Collins <sean@coreitpro.com>
Sponsored by: EMC / Isilon Storage Division
2016-06-08 18:38:48 +00:00
Kurt Lidl
c0759dac0d Separate BLACKLIST vs BLACKLIST_SUPPORT properly
Sponsored by:	The FreeBSD Foundation
2016-06-07 16:31:03 +00:00
Kurt Lidl
00dc8270d5 Turn off blacklistd daemon in defaults
Reported by:	Matteo Riondato ( matteo @ FreeBSD.org )
Reviewed by:	rpaulo
Approved by:	rpaulo
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
2016-06-06 17:01:35 +00:00
Marcelo Araujo
3f708a3203 Connect ypldap(8) script on Makefile, forgotten on my previous commit r301480. 2016-06-06 04:13:49 +00:00
Marcelo Araujo
46b6ecf257 Add rc.d script for ypldap(8). 2016-06-06 03:55:00 +00:00
Marcelo Araujo
3191e5717d Install/Connect ypldap.conf(5) on examples. 2016-06-06 02:43:41 +00:00
Cy Schubert
2712f5b016 Enable daily_ntpd_leapfile_enable by default. Otherwise an expired
leapfile will be ignored and ntpd will behave as if it has no
leapfile.

While here, remove an extraneous blank line.

Suggested by:	ache
MFC after:	1 week
2016-06-04 01:01:46 +00:00
Kurt Lidl
95856e1457 Add basic blacklist build support
Reviewed by:	rpaulo
Approved by:	rpaulo
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5913
2016-06-02 19:06:04 +00:00
Alan Somers
6761eb4b11 Fix exit status of "service routing start <af> <iface>"
etc/rc.d/routing
	Ignore the exit status of options_{inet,inet6,atm}. It's
	meaningless.

Reviewed by:	hrs
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6687
2016-06-02 15:31:24 +00:00
Glen Barber
ea580d0b45 Revert r301137 and r301163, and implement a correct fix
for the CONFS issue with dma.conf and ppp.conf.

Thank you very much to Bryan Drewery for looking into the
problem and providing this fix.

Pointyhat:	gjb
Sponsored by:	The FreeBSD Foundation
2016-06-01 20:44:28 +00:00
Glen Barber
d1900df6cc Implement a hack to re-enable installation of the dma.conf.
The 'CONFS' entries in share/mk/bsd.confs.mk explicitly check
for the 'installconfig', but does not behave properly with the
'distribute' target.

This seems to be related to the previously-reported issues
with files within /etc in the past.

Reported by:	Ben Woods
Sponsored by:	The FreeBSD Foundation
2016-06-01 20:06:55 +00:00
Glen Barber
efe50fa18a Revert r289096:
Files listed in 'CONFS' are not properly included in new
installations (missing from base.txz), for reasons I still
do not fully understand.

This reverts the change excluding /etc/ppp/ppp.conf from
a new installation.  /etc/dma/dma.conf is also affected,
but requires a different solution, still being investigated.

Reported by:	Ben Woods
Sponsored by:	The FreeBSD Foundation
2016-06-01 16:45:08 +00:00
Cy Schubert
054b92544e Don't rely on $ntpd_enable to periodically fetch the latest
leapfile.

Suggested by:	cperciva
MFC after:	1 week
2016-06-01 04:37:43 +00:00
Eric van Gyzen
dd6aada336 Fix indentation in dhclient rc.d script 2016-05-31 18:40:47 +00:00
Edward Tomasz Napierala
92fa6c540c Cosmetics: add missing space after the ':' in etc/rc.d/random.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-31 08:31:34 +00:00
Enji Cooper
1b2b34583e Fix circular dependency created after r287197 between ldconfig and mountcritremote
ldconfig is already required by mountcritremote indirectly, as noted by rcorder:

> rcorder: Circular dependency on provision `mountcritremote' in file `ldconfig'.

Having mountcritremote REQUIRE ldconfig breaks dependency ordering.

Making the ldconfig hints be conditionally regenerated from mountcritremote when
remote filesystems are mounted is done after this change, similar to cleanvar
being conditionally called after the change.

Differential Revision: https://reviews.freebsd.org/D6621
PR: 202726
Reviewed by: jilles
Sponsored by: EMC / Isilon Storage Division
2016-05-30 19:59:51 +00:00
Enji Cooper
08f9163b69 Make netif REQUIRE hostid
As noted in the PR, if etc/rc.d/zvol is removed, netif will be run before
hostid, and the MAC address generated for any bridge devices will be
non-deterministic. Make the MAC address generated be deterministic for
bridge devices by explicitly REQUIRE'ing hostid.

This fixes up the rest of the PR, inadvertently committed in r299844

MFC after: 1 week
PR: 195188
Sponsored by: EMC / Isilon Storage Division
2016-05-29 02:59:03 +00:00
Enji Cooper
51da679955 Fix "make installworld" with MK_CDDL == no after r300906 by
adding a missing entry for ${TESTSBASE}/cddl/sbin

X-MFC with: r300906
Pointyhat to: asomers
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored by: EMC / Isilon Storage Division
2016-05-29 01:38:12 +00:00
Alan Somers
7a0c41d5d7 zfsd(8), the ZFS fault management daemon
Add zfsd, which deals with hard drive faults in ZFS pools. It manages
hotspares and replements in drive slots that publish physical paths.

cddl/usr.sbin/zfsd
	Add zfsd(8) and its unit tests

cddl/usr.sbin/Makefile
	Add zfsd to the build

lib/libdevdctl
	A C++ library that helps devd clients process events

lib/Makefile
share/mk/bsd.libnames.mk
share/mk/src.libnames.mk
	Add libdevdctl to the build. It's a private library, unusable by
	out-of-tree software.

etc/defaults/rc.conf
	By default, set zfsd_enable to NO

etc/mtree/BSD.include.dist
	Add a directory for libdevdctl's include files

etc/mtree/BSD.tests.dist
	Add a directory for zfsd's unit tests

etc/mtree/BSD.var.dist
	Add /var/db/zfsd/cases, where zfsd stores case files while it's shut
	down.

etc/rc.d/Makefile
etc/rc.d/zfsd
	Add zfsd's rc script

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
	Fix the resource.fs.zfs.statechange message. It had a number of
	problems:

	It was only being emitted on a transition to the HEALTHY state.
	That made it impossible for zfsd to take actions based on drives
	getting sicker.

	It compared the new state to vdev_prevstate, which is the state that
	the vdev had the last time it was opened.  That doesn't make sense,
	because a vdev can change state multiple times without being
	reopened.

	vdev_set_state contains logic that will change the device's new
	state based on various conditions.  However, the statechange event
	was being posted _before_ that logic took effect.  Now it's being
	posted after.

Submitted by:	gibbs, asomers, mav, allanjude
Reviewed by:	mav, delphij
Relnotes:	yes
Sponsored by:	Spectra Logic Corp, iX Systems
Differential Revision:	https://reviews.freebsd.org/D6564
2016-05-28 17:43:40 +00:00
Alan Somers
30da687794 Always create loopback routes on every fib
Always create loopback routes on every fib, for both IPv4 and IPv6

etc/rc.d/routing
	Create loopback IPv4 and IPv6 routes on every fib at boot. Revert
	278302; now that all FIBs have IPv6 loopback routes, the
	"route add -reject" commands won't fail.

tests/etc/rc.d/routing_test.sh
	Greatly simplify static_ipv6_loopback_route_for_each_fib. It was
	written under the assumption that loopback routes would be added to
	a given fib by the kernel as soon as an interface is configured on
	that fib. However, the logic can be much simpler now that we simply
	add loopback routes to all fibs at boot. This also removes the need
	to run the test as root, removes the restriction that
	net.add_addr_allfibs=0, and removes the need to configure fibs in
	kyua.conf.

	Also, add a test case for IPv4 loopback routes

Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6582
2016-05-27 22:40:40 +00:00
Cy Schubert
3f9e9f234e Use the expiry date to determine whether to replace the DB copy of
leapfile instead of using the leapfile serial number (create
timestamp).

PR:		209577
MFC after:	3 days
2016-05-25 01:35:02 +00:00
Alan Somers
c5b5b50ded Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.

etc/defaults/periodic.conf
	Explicitly set defaults for security_show_{success,info,badconfig}

usr.sbin/periodic/periodic.sh
	Update usage string

usr.sbin/periodic/periodic.8
	Minor man page updates

One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.

Reviewed by:	brd
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6477
2016-05-21 02:14:11 +00:00
George V. Neville-Neil
71957470d5 Remove DTrace tooklkit from the mtree and add the files to remove
to the ObsoleteFiles list.

Sponsored by:	DARPA, AFRL
2016-05-20 01:38:31 +00:00
Cy Schubert
005bba27dc Update leap-seconds to leap-seconds.3661459200.
NO leap second will be introduced at the end of June 2016.

This commit reapplies the r298887 minor spelling fix.

Obtained from:	ftp://tycho.usno.navy.mil/pub/ntp/.
See also:	http://www.iers.org/SharedDocs/News/EN/BulletinC.html
MFC after:	2 weeks
2016-05-19 03:56:07 +00:00
Enji Cooper
73ffff5f64 Make hostid_save depend on hostid
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 06:00:13 +00:00
Enji Cooper
322c831d0c Fix broken dependency with routed when MK_ROUTED != no
Remove routed as a requirement in NETWORKING, and put it in routed as a BEFORE
requirement instead

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 05:45:54 +00:00
Enji Cooper
904bea8330 Conditionalize installing etc/rc.d/atm{1,2,3}
`BEFORE: netif` was already in etc/rc.d/atm1, so no additional changes
are needed in that script

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 05:38:47 +00:00
Enji Cooper
0648b47f06 Conditionalize etc/rc.d/{zfs,zvol} install on MK_ZFS != no
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:39:36 +00:00
Enji Cooper
7e7d2a6f50 Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol
Make zfs and zvol come before all of the items that depended on them
previously

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:38:50 +00:00
Enji Cooper
142e7499c5 Reduce redundancy after release-pkg merge to head in r298107
- Use BINDIR instead of FILESDIR
- Default all <FILESGROUPS>MODEs to BINMODE with a single for-loop at the
  bottom of the Makefile
- Move all of the conditionals under the relevant MK_* != no build conditional
  blocks

Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:19:50 +00:00
Eric van Gyzen
079171874c iconvctl(3): remove superfluous NULL pointer tests
convname and dst are guaranteed to be non-NULL by iconv_open(3).
src is an array. Remove these tests for NULL pointers.
While I'm here, eliminate a strlcpy with a correct but suspicious-looking
calculation for the third parameter (i.e. not a simple sizeof).
Compare the strings in-place instead of copying.

Found by:	bdrewery
Found by:	Coverity
CID:		1130050, 1130056
MFC after:	3 days
Sponsored by:	Dell Inc.
Differential Revision:	 https://reviews.freebsd.org/D6338
2016-05-14 00:35:35 +00:00
Martin Matuska
cdf63a700c MFV r299425:
Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
  similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after:	1 month
Relnotes:	yes
2016-05-12 10:16:16 +00:00
Benedict Reuschling
ebf75b599a Capitalize "LDAP" in the description field of the _ypldap entry.
Reviewed by:	bapt
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D5267
2016-05-10 12:47:36 +00:00
Edward Tomasz Napierala
6e9bf96d6f Refactor the root mount hold code and add the wait to etc/rc.d/fsck.
This fixes mounting (non-root) USB drives on boot with fsck enabled
(with non-zero 'Pass#' field in fstab(5)).

Reported by:	Graham Menhennitt <graham at menhennitt.com.au>
Reviewed by:	jilles@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6221
2016-05-10 08:44:44 +00:00
Jilles Tjoelker
1f9b8f8e0d install: Add some tests. 2016-05-08 21:11:24 +00:00
Rick Macklem
90ce51106e Make "-S" a default option for mountd.
After a discussion on freebsd-fs@ there seemed to be a consensus that
the "-S" option for mountd should become the default.
Since the only known issue w.r.t. using "-S" was fixed by r299201,
this commit adds "-S" to the default mountd_flags.

Discussed on:	freebsd-fs
PR:		9619, 131342, 206855
MFC after:	2 weeks
Relnotes:	yes
2016-05-08 20:10:22 +00:00
Enji Cooper
9941801f1e Only install etc/rc.d/{rfcomm_pppd_server,sdpd} if MK_BLUETOOTH != no
These are bluetooth specific services

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-06 09:18:09 +00:00
Alan Somers
8907f744ff Improve performance and functionality of the bitstring(3) api
Two new functions are provided, bit_ffs_at() and bit_ffc_at(), which allow
for efficient searching of set or cleared bits starting from any bit offset
within the bit string.

Performance is improved by operating on longs instead of bytes and using
ffsl() for searches within a long. ffsl() is a compiler builtin in both
clang and gcc for most architectures, converting what was a brute force
while loop search into a couple of instructions.

All of the bitstring(3) API continues to be contained in the header file.
Some of the functions are large enough that perhaps they should be uninlined
and moved to a library, but that is beyond the scope of this commit.

sys/sys/bitstring.h:
        Convert the majority of the existing bit string implementation from
        macros to inline functions.

        Properly protect the implementation from inadvertant macro expansion
        when included in a user's program by prefixing all private
        macros/functions and local variables with '_'.

        Add bit_ffs_at() and bit_ffc_at(). Implement bit_ffs() and
        bit_ffc() in terms of their "at" counterparts.

        Provide a kernel implementation of bit_alloc(), making the full API
        usable in the kernel.

        Improve code documenation.

share/man/man3/bitstring.3:
        Add pre-exisiting API bit_ffc() to the synopsis.

        Document new APIs.

        Document the initialization state of the bit strings
        allocated/declared by bit_alloc() and bit_decl().

        Correct documentation for bitstr_size(). The original code comments
        indicate the size is in bytes, not "elements of bitstr_t". The new
        implementation follows this lead. Only hastd assumed "elements"
        rather than bytes and it has been corrected.

etc/mtree/BSD.tests.dist:
tests/sys/Makefile:
tests/sys/sys/Makefile:
tests/sys/sys/bitstring.c:
        Add tests for all existing and new functionality.

include/bitstring.h
	Include all headers needed by sys/bitstring.h

lib/libbluetooth/bluetooth.h:
usr.sbin/bluetooth/hccontrol/le.c:
        Include bitstring.h instead of sys/bitstring.h.

sbin/hastd/activemap.c:
        Correct usage of bitstr_size().

sys/dev/xen/blkback/blkback.c
        Use new bit_alloc.

sys/kern/subr_unit.c:
        Remove hard-coded assumption that sizeof(bitstr_t) is 1.  Get rid of
        unrb.busy, which caches the number of bits set in unrb.map.  When
        INVARIANTS are disabled, nothing needs to know that information.
        callapse_unr can be adapted to use bit_ffs and bit_ffc instead.
        Eliminating unrb.busy saves memory, simplifies the code, and
        provides a slight speedup when INVARIANTS are disabled.

sys/net/flowtable.c:
        Use the new kernel implementation of bit-alloc, instead of hacking
        the old libc-dependent macro.

sys/sys/param.h
        Update __FreeBSD_version to indicate availability of new API

Submitted by:   gibbs, asomers
Reviewed by:    gibbs, ngie
MFC after:      4 weeks
Sponsored by:   Spectra Logic Corp
Differential Revision:  https://reviews.freebsd.org/D6004
2016-05-04 22:34:11 +00:00
John Baldwin
cf05aafc7e Add a debug dir for /boot/modules.
This provides a place for standalone modules to store debug symbols.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D6190
2016-05-03 18:26:07 +00:00
Pedro F. Giffuni
f2730d1d65 etc: minor spelling fixes.
Mostly comments but these tend to be user-visible.

MFC after:	2 weeks
2016-05-01 16:43:22 +00:00
Peter Wemm
47041448c0 Fix incorrect permissions for /etc/rc.d/sendmail in fallout from
release-pkg merge.
2016-04-30 19:01:51 +00:00
Enji Cooper
4cdbb1c0bf Make SERVERS REQUIRE clean when MK_KERBEROS==no
Make kdc run BEFORE SERVERS instead of being REQUIREd by SERVERS,
so systems that pedantically check REQUIREs function after r270782

MFC after: 1 week
X-MFC with: r270782
Sponsored by: EMC / Isilon Storage Division
2016-04-30 09:50:08 +00:00
Baptiste Daroussin
e6ff0a002c Add sdiff test directory to the tests mtree 2016-04-30 06:37:32 +00:00
Baptiste Daroussin
7f5ddefe05 Add a savecore_enable variable support for the savecore rc script
By default set to 'YES' so it does not change the current behaviour for users,
this variable allows to decide to not extract crach dumps from the dump
device at boot time by setting it to "NO" in rc.conf.

Sponsored by:	Gandi.net
2016-04-29 12:23:56 +00:00
Hans Petter Selasky
d308a222e9 Regenerate usb.conf .
MFC after:	1 week
2016-04-29 12:00:36 +00:00
Lars Engels
72e733c5b1 Fix duplicate "name" variable that sneaked in with the rc description commit.
Approved by:	jhibbits
2016-04-24 19:25:11 +00:00
Stefan Eßer
f732131386 Fix typo (forgotten "=" after desc). 2016-04-24 12:07:44 +00:00
Jens Schweikhardt
9b3940931d Cosmetics: - no need to escape the newline after '|'
- parenthesize the "case" string for symmetry and improved
             search for matching paren (e.g. with vi's %)
2016-04-24 10:52:59 +00:00
Jamie Gritton
abfdc877c6 Don't remove the /var/run/jail_name.id file if a jail fails to start.
This messes up ezjail (and possibly others), when attempting to start
a jail that already exists.

PR:		208806
Reviewed by:	tj
MFC after:	5 days
2016-04-23 16:23:01 +00:00
Lars Engels
1980d11b5f - Add two new subcommands to rc.subr:
"describe" shows an rc script's description
  "extracommands" shows an rc script's non-standard commands like "reload", "configtest", "keygen", etc
- Update the rc(8) manpage and the tcsh(1) completion examples to reflect these changes

Approved by:	bapt
Sponsored by:	Essen Linuxhotel Hackathon 2016
Differential Revision:	D452
2016-04-23 16:19:34 +00:00
Lars Engels
6c1a5e837d - Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by:	bapt, brueffer
Differential Revision:	D452
2016-04-23 16:10:54 +00:00
Baptiste Daroussin
49817d14f1 Remove mroute6d rc script
It is directly available via ports (pim6dd which provides the needed rc script)

Reported by:	lme
Sponsored by:	Essen Hackathon 2016
2016-04-23 13:24:45 +00:00
Alan Somers
83e2bfb685 Add ATF tests for usr.sbin/extattr
Add ATF tests for the existing behavior of setextattr, rmextattr, lsextattr,
and getextattr.

Reviewed by:	ngie
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D5889
2016-04-22 17:02:47 +00:00
Peter Wemm
e8c6a8339f Turn ssh_host_dsa_key back on until PR#208254 is taken care of. 2016-04-17 03:57:37 +00:00
Glen Barber
b40fde96d2 Fix etcupdate(8) with rc.sendmail and devd/*. It turns out
BIN1 and such in etc/* cannot use FILESGROUPS.

Reported by:	peter
Sponsored by:	The FreeBSD Foundation
2016-04-17 03:45:45 +00:00
Baptiste Daroussin
6d8d675d7d Remove Big5HKSCS entries from mtree
Reported by:	ache
2016-04-16 20:42:51 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Kristof Provost
2f396d3cc3 pf: Friendly error message for status if pf.ko is not loaded
Check if pf.ko is loaded (i.e. /dev/pf exists) before trying to use it. This
means that '/etc/rc.d/pf status' will no longer return 'pfctl: /dev/pf: No such
file or directory' but 'pf.ko is not loaded'.

PR:		205671
Submitted by:	Johannes Jost Meixner <xmj@FreeBSD.org>
2016-03-27 17:22:27 +00:00
Jilles Tjoelker
938e6bb267 rc.d: Make msgs a proper rc.d script.
PR:		207149
Reported by:	Jonathan de Boyne Pollard
2016-03-27 16:27:49 +00:00
Edward Tomasz Napierala
e299e01f56 Make the autofs(5) -hosts map more robust, primarily to make it correctly
handle NFS shares containing whitespace. This also adds the -E parameter
to showmount(8).

Reviewed by:	emaste@, jhibbits@, wblock@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5649
2016-03-23 12:13:53 +00:00
Edward Tomasz Napierala
0b1b2722bf Add a special case for NTFS to the -media autofs(5) map.
Submitted by:	lme@ (earlier version)
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-18 09:54:09 +00:00
Warner Losh
486607d0b6 Just install ar5523.bin into /usr/share/firmware and stop compiling it
in.

Differential Review: https://reviews.freebsd.org/D5639
2016-03-15 04:42:37 +00:00
Edward Tomasz Napierala
94e900c6cd Restore accidentaly removed comment line.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:57:09 +00:00
Glen Barber
538354481e MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
Edward Tomasz Napierala
0cae9d3d4a Fix autofs handling of filesystem labels containing plus signs and slashes.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-14 17:45:39 +00:00
Ian Lepore
e282d8f5bc Require firewall setup before running rc.d/netwait, otherwise the ping
packets sent by netwait may not get through.

PR:		207916
Submitted by:	John.Marshall@riverwillow.com.au (ipfw), ian@ (pf, ipfilter)
2016-03-13 19:42:59 +00:00
Konstantin Belousov
250d9fd8aa Fix handling of umtxp resource limit in sh(1)/ulimit(1), limits(1), add
login.conf(5) support.

Reviewed by:	jilles
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D5610
2016-03-12 14:54:34 +00:00
Bryan Drewery
b7d28aff10 META_MODE: Simplify the META_COOKIE handling to use .USE/.USEBEFORE.
Extend it to other cases of meta mode cookies so they get the proper rm
cookie behavior when a .meta file detects it needs to rebuild and fails.

Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:28 +00:00
Bryan Drewery
d5cc057985 DIRDEPS_BUILD: Fix staging of share/sendmail and share/examples.
Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:09 +00:00
Glen Barber
7d536dc855 MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
Bryan Drewery
30924962f4 Fix and connect setjmp test.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:45:04 +00:00
Dmitry Chagin
7b68aa7b6f Load linux64 module for amd64 if Linux abi enabled.
Reviewed by:	emaste@
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D5567
2016-03-08 19:08:55 +00:00
Glen Barber
b655ec9752 MFH
Sponsored by:	The FreeBSD Foundation
2016-03-06 04:13:17 +00:00
Dimitry Andric
82aa34e6fa Merge ^/head r296007 through r296368. 2016-03-03 23:15:46 +00:00
Glen Barber
52259a98ad MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
Andriy Voskoboinyk
d546378bd8 network.subr: avoid unnecessary reinitialization
Do not start interface when wpa_supplicant or hostapd is used;
they will restart it anyway

Tested with:
 * Intel 3945BG, STA mode (wpa_supplicant)
 * RTL8188EU, HOSTAP mode (hostapd)

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D5486
2016-02-29 20:21:54 +00:00
Andriy Voskoboinyk
b6a21c5c8e etc/defaults/rc.conf: fix a typo (wlanddebug -> wlandebug)
Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D5480
2016-02-28 23:57:26 +00:00
Ed Maste
9a5ed09660 Sort subdirectories in BSD.debug.dist 2016-02-28 00:24:13 +00:00
Ed Maste
f35fbc2982 Restore lib/casper debug directory, reverting r296130
Reported by:	bdrewery
Pointy hat to:	emaste
2016-02-26 22:25:35 +00:00
Ed Maste
0210fa8f75 Remove libexec/casper debug directory missed in r296047 2016-02-26 22:19:39 +00:00
Ed Maste
563a01a1da Add debug /libexec directory for rtld-elf debug files 2016-02-26 19:49:04 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Dimitry Andric
14e9c9161c Merge ^/head r295902 through r296006. 2016-02-24 21:38:51 +00:00
Glen Barber
aef2f6ad2e MFH
Sponsored by:	The FreeBSD Foundation
2016-02-24 03:08:58 +00:00
Marcelo Araujo
3bead71e95 - Add a global option where we can protect processes when swap space
is exhausted.

How to use:

Basically we need to add on rc.conf an another option like:

    If we want to protect only the main processes.
    syslogd_oomprotect="YES"

    If we want to protect all future children of the specified processes.
    syslogd_oomprotect="ALL"

PR:		204741 (based on)
Submitted by:	eugen@grosbein.net
Reviewed by:	jhb, allanjude, rpokala and bapt
MFC after:	4 weeks
Relnotes:	Yes
Sponsored by:	gandi.net
Differential Revision:	https://reviews.freebsd.org/D5176
2016-02-24 01:32:12 +00:00
Glen Barber
0fe0fe112f MFH
Sponsored by:	The FreeBSD Foundation
2016-02-15 21:58:52 +00:00
Dimitry Andric
90a4726375 Merge ^/head r295544 through r295600. 2016-02-13 16:02:12 +00:00
Devin Teske
4fa10b673c Interpret vnet_interface/vnet.interface as array 2016-02-12 02:50:36 +00:00
Dimitry Andric
4156ce4fed Merge ^/head r295351 through r295543. 2016-02-11 20:07:09 +00:00
Cy Schubert
1041b71deb Update leapsecond file in non-chroot environments.
PR:		207095
Submitted by:	madpilot
MFC after:	3 days
2016-02-11 01:16:57 +00:00
Mark Felder
0ba5cf0e44 Add new rc.conf parameter "jail_reverse_stop"
When a user defines "jail_list" in rc.conf the jails are started in the
order defined. Currently the jails are not are stopped in reverse order
which may break dependencies between jails/services and prevent a clean
shutdown. The new parameter "jail_reverse_stop" will shutdown jails in
"jail_list" in reverse order when set to "YES".

Please note that this does not affect manual invocation of the jail rc
script. If a user runs the command

  # service jail stop jail1 jail2 jail3

the jails will be stopped in exactly the order specified regardless of
jail_reverse_stop being defined in rc.conf.

PR:		196152
Approved by:	jamie
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D5233
2016-02-10 16:13:59 +00:00
Glen Barber
30922917c8 MFH
Sponsored by:	The FreeBSD Foundation
2016-02-10 04:20:39 +00:00
Kurt Lidl
bd5ca94caa Zero pf rule counters so daily reports make sense
Zero pf rule counters so that each daily report lists an absolute
number of rejected packets, not the total since the last time the
machine rebooted (or the counters were manually cleared).

PR:		206467
Submitted by:	Rick Adams
Approved by:	rpaulo (mentor)
Differential Revision:	https://reviews.freebsd.org/D5172
2016-02-09 21:00:38 +00:00
Glen Barber
bcefcb026a Create a package for HAST.
Sponsored by:	The FreeBSD Foundation
2016-02-08 21:15:07 +00:00
Glen Barber
9c4fa87c23 Create a package for sendmail(8).
Sponsored by:	The FreeBSD Foundation
2016-02-08 18:41:46 +00:00
Glen Barber
bbb51924bb MFH
Sponsored by:	The FreeBSD Foundation
2016-02-08 12:16:01 +00:00
Dimitry Andric
a49d8b6ecc Merge ^/head r294961 through r295350. 2016-02-06 14:07:17 +00:00
Devin Teske
d62a61608f Fix typo in a comment; s/redined/redefined/
Thanks to:	rpokala
2016-02-06 02:35:52 +00:00
Devin Teske
1ba4612e13 Add comment to explain functionality of code
Thanks to:	rpokala
2016-02-06 02:32:13 +00:00
Devin Teske
a8cb567afb Allow rc_conf_files to be redefined in rc.conf(5)
With this change, it's possible to redefine rc_conf_files (e.g.,
sysrc rc_conf_files+=/etc/rc.conf.other) and have the boot process
pick up settings in extra files. The sysrc(8) tool can be used to
query/enumerate/find/manage extra files configured in this manner.

Relnotes:	yes
2016-02-06 02:16:48 +00:00
Alexander Motin
b1963ead44 Update script for modern zpool status output. 2016-02-05 18:17:37 +00:00
Alexander Motin
b0fcd5fba2 Add error check to not leak logs with syntax errors in case of failed
`zpool history`.

MFC after:	1 month
2016-02-05 17:28:11 +00:00
Glen Barber
0b8bc9c1d1 Create a 'casper' package.
Sponsored by:	The FreeBSD Foundation
2016-02-04 21:17:15 +00:00
Devin Teske
b5d189b6b6 Fix grammar in error statement
s/consider to migrate to jail.conf/consider migrating to jail.conf/
2016-02-04 17:09:43 +00:00
Glen Barber
1d0bd2f971 Include virecover in vi package.
Submitted by:	lidl
Sponsored by:	The FreeBSD Foundation
2016-02-02 21:06:09 +00:00
Glen Barber
dd181aca6c Create a package for autofs(5)
Sponsored by:	The FreeBSD Foundation
2016-02-02 17:33:37 +00:00
Glen Barber
45ccd77b60 Fix periodic(8) and rc(8) script inclusion to rcmds package.
Sponsored by:	The FreeBSD Foundation
2016-01-30 01:52:18 +00:00
Glen Barber
87850ff356 Cleanup and organize etc/rc.d/Makefile.
No functional changes.

Sponsored by:	The FreeBSD Foundation
2016-01-29 21:35:24 +00:00
Glen Barber
c8296cbb96 MFH
Sponsored by:	The FreeBSD Foundation
2016-01-29 14:52:54 +00:00
Marius Strobl
05ef7ed17b Use '^[>+][^+]' instead of '^[>+]' with grep(1) when filtering the
diff(1) output between two files in "new_only"-mode. Otherwise,
with the default of using unified format a remnant of the header
in the output is the result. This is especially irritating when
the two files differ but the second one is empty, amounting to the
vestige of the header being the only readout.
Reported by: Stefan Haemmerl

MFC after:	3 days
2016-01-29 01:54:32 +00:00
Glen Barber
a5a71822df Fix accounting package rc.d/accounting conflict.
Add periodic(8) accounting scripts to acct package.

Sponsored by:	The FreeBSD Foundation
2016-01-28 18:44:31 +00:00
Dimitry Andric
752d00608c Merge ^/head r294777 through r294960. 2016-01-27 22:52:20 +00:00
Glen Barber
0e186c0aab MFH
Sponsored by:	The FreeBSD Foundation
2016-01-27 14:16:13 +00:00
Marcelo Araujo
1cf38d9ef8 Fix regression introduced on r293801.
The UID/GID 93 is in using by jaber on PORTS, we will use
UID/GID 160 for ypldap(8).

Reported by:	antoine
Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D5062
2016-01-27 06:28:56 +00:00
Cy Schubert
f9ddb2af5f Allow specification of fetch options for ntp leap-seconds fetch.
MFC after:	1 week
X-MFC with:	r289421, r293037, r294773
2016-01-27 02:25:25 +00:00
Dimitry Andric
14d5c08ba8 Merge ^/head r294599 through r294776. 2016-01-26 07:49:11 +00:00
Cy Schubert
b5bdbd0461 Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
/etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
automatic leapfile updates be disabled (default).

Automatic leapfile updates are fetched from $ntp_leapfile_sources,
defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
file expiry. Automatic updates can be enabled by setting
$daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
the ntp leapfile source the automatic update randomized by default but
can be disabled through daily_ntpd_avoid_congestion="NO" in
periodic.conf.

Suggested by:	des
Reviewed by:	des, roberto, dwmalone, ian, cperciva, glebius, gjb
MFC after:	1 week
X-MFC with:	r289421, r293037
2016-01-26 07:06:44 +00:00
Jamie Gritton
0e00d580ff Allow the (old rc-style) exec_afterstart jail parameters to start numbering
at 0, like exec_prestart and the others do.  Make param0 optional, i.e.
still look for param1.

PR:		142973
MFC after:	3 days
2016-01-25 22:14:31 +00:00
Glen Barber
f9421853ad MFH
Sponsored by:	The FreeBSD Foundation
2016-01-25 14:13:28 +00:00
Dimitry Andric
d9b9dae1a9 Merge ^/head r294169 through r294598. 2016-01-22 20:41:56 +00:00
Dag-Erling Smørgrav
a65e87276e Do not generate RSA1 or DSA keys by default. 2016-01-22 12:14:08 +00:00
Gleb Smirnoff
d519cedbad Provide new socket option TCP_CCALGOOPT, which stands for TCP congestion
control algorithm options.  The argument is variable length and is opaque
to TCP, forwarded directly to the algorithm's ctl_output method.

Provide new includes directory netinet/cc, where algorithm specific
headers can be installed.

The new API doesn't yet have any in tree consumers.

The original code written by lstewart.
Reviewed by:	rrs, emax
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D711
2016-01-22 02:07:48 +00:00
Glen Barber
396953934d Create a package for apm(8).
Sponsored by:	The FreeBSD Foundation
2016-01-21 18:41:55 +00:00
Glen Barber
4ffb51fe89 Create a package for amd(8) and related tools.
While here, fix accounting rc script installation.

Sponsored by:	The FreeBSD Foundation
2016-01-21 18:19:33 +00:00