As discussed with Robert Watson on the src-committers list, it is safer
to keep at least some pty(4) entries in /etc/ttys, for applications that
roll their own PTY allocation routine and only search for BSD-style
PTY's.
This means we've now just toggled the amount of entries for pts(4) and
pty(4).
Requested by: rwatson
Because we now use pts(4)-style PTY's exclusively, there is no use for
these entries in /etc/ttys. Right now the pts(4) entries only go from 0
to 255. Because we're going to touch these files anyway, increase the
number to 511.
Discussed with: philip (ex-mentor)
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
"workstation" firewall types to be set from rc.conf so that rc.firewall
no longer needs local patching to be usable for those types. For now
I've set the variables in /etc/defaults/rc.conf to the previous defaults
in /etc/rc.firewall.
PR: bin/65258
Submitted by: Valentin Nechayev netch of netch.kiev.ua
Silence from: net
MFC after: 2 weeks
and "mask" variables into a single "net" variable that contains a full
network address (including either a netmask or prefix length at the user's
choice). Update the example settings to match.
MFC after: 2 weeks
- don't run it if net.inet.ip.fw.verbose = 0 as it is pointless
- handle rules without logging limit correctly [1]
(those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1]
MFC after: 1 month
to allow them to do a "clean" shutdown.
I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.
I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.
The uart(4) driver has the advantage of supporting a wider variety of
hardware on a greater amount of platforms. This driver has already been
the standard on platforms such as ia64, powerpc and sparc64.
I've decided not to change anything on pc98. I'd rather let people from
the pc98 team look at this.
Approved by: philip (mentor), marcel
Give a better example if a user absolutely must use this option, and
suggest they pick something from the ephemeral port range rather than
port 53. This means that the example will not work if it is merely
uncommented, but this will hopefully encourage users to read the comment.
This includes hotkeys support and sysctl variables to control camera
and card reader. These new sysctls don't have CTFLAG_ANYBODY set.
While there add entries to devd.conf related to the Eee volume keys.
Reviewed by: phillip
MFC after: 1 week
Also tested by: lme (previous version)
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.
Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
service behind $rc_quiet. Instead, output a warning if the pre-command
routine or the command itself failed. Arguably, it's more useful to know when
a command failed to start than it is to have an endless list of
"Starting ...." lines[1].
[1] - This change actually helped me to discover a bug in rc.d/{lockd,statd}
(fixed in r179941) that used to fail silently before.
documents away from being public accessible. Replace link to
the Bluetooth specification document with the document name.
Pointed out by: SoftLover < slserg at uic dot tula dot ru >
MFC after: 3 days
parts relied on the now removed NET_NEEDS_GIANT.
Most of I4B has been disconnected from the build
since July 2007 in HEAD/RELENG_7.
This is what was removed:
- configuration in /etc/isdn
- examples
- man pages
- kernel configuration
- sys/i4b (drivers, layers, include files)
- user space tools
- i4b support from ppp
- further documentation
Discussed with: rwatson, re
NET_NEEDS_GIANT. netatm has been disconnected from the build for ten
months in HEAD/RELENG_7. Specifics:
- netatm include files
- netatm command line management tools
- libatm
- ATM parts in rescue and sysinstall
- sample configuration files and documents
- kernel support as a module or in NOTES
- netgraph wrapper nodes for netatm
- ctags data for netatm.
- netatm-specific device drivers.
MFC after: 3 weeks
Reviewed by: bz
Discussed with: bms, bz, harti
non-dhcp interfaces to negotiate/associate this will make more sense.
This also correctly gets run after both devd and netif are run so it has
a chance of working.
The rc.initdiskless functionality is used by NanoBSD to allow configuration
files to live on a separate configuration slice, which acts as NVRAM, whilst
the system image is mounted read-only.
Normally, if the remount command fails during boot, this is regarded as
a fatal error. If /conf/T/M/remount_optional is present, this error is
non-fatal. If the file is not present, the default behaviour is unchanged.
This is very useful for people building live CD images using FreeBSD,
where the NVRAM lives somewhere completely differently from the system image,
and may be present on removable media which is not present during the
initial boot.
To preserve the existing behavior of etc/rc.d/netif, add code to wait
up to if_up_delay seconds (30 seconds by default) for a default route to
be configured if there are any dhcp interfaces. This should be extended
to test that the interface is actually up.
X-MFC after:
none or if the file doesn't exist (there's no ntp.conf in the base install).
PR: conf/119592
Submitted by: Renaud Waldura <renaud+freebsd@waldura.org>
MFC after: 1 week
more wlans_<ifn> and create_args_<ifn>
Add documentation for these variants and generally update the wireless
device example.
There is are very short lived shim from vaps_<ifn> which produces
a warning and vap_create_<ifn> which does not. Misuse the MFC
notification service to remind me to remove them.
MFC after: 3 weeks
only work if there's just one interface doing dhcp. This version implements
the same logic as the version in the PR, but uses pgrep to be less verbose.
PR: conf/95905
MFC after: 1 week
mode at boot time. Multiple profiles can be started at the same time.
The whole idea is very similar to the ppp rc script.
Document Bluetooth knobs in rc.conf(5)
MFC after: 1 week
and config file
o change default logging options from -q to -s (log to syslog); this
is currently broken for boot-time startup as syslogd is started too
late but that'll be dealt with separately
MFC after: 2 weeks
mountcritremote REQUIREs FILESYSTEMS, and that script REQUIREs zfs,
so this change is a noop. By removing it we make life a little easier
both for rcorder(8) and for debugging down the road.
Approved by: 2 weeks of silence from pjd
per-profile variables of the form ppp_<profile>_unit. No ppp_unit
variable is supported since tying the same unit to more than one profile
won't work.
PR: conf/122127
MFC after: 1 week
to _ when evaluating ppp_<profile>_nat and ppp_<profile>_mode. Document
the per-profile variables.
PR: conf/121452, conf/122127 (partial)
MFC after: 1 week
modifications merged. I had initially expected that people would
put any local changes into /boot/loader.conf, but it turns out that
editing /boot/device.hints is something many people do.
Suggested by: Jaakko Heinonen
MFC after: 1 week
we can remove the file as early as possible, but shut up nextboot at this moment
if the operation is failed, because /boot is not necessarily a part of /; the
newly added second run is placed in rc.d/mountlate after all filesystems were
mounted.
Discussed at: -rc@
Suggestions from: brooks, mtm
MFC after: 1 month
because another command (echo) is executed between the mount command
and the check.
Reported by: Sergey Baturov <sergey@toor.org.ru>
MFC after: 2 weeks
specific one. Instruct it to listen on all interfaces so that enabling
it in rc.conf(5) works "out of the box."
PR: conf/121406
Submited by: trasz
MFC after: 1 week
scripts at boot. This is currently disabled by default. /etc/ddb.conf
contains some potentially reasonable default scripts.
PR: conf/119995
Submitted by: Scot Hetzel <swhetzel at gmail dot com> (Earlier version)
X-MFC after: textdumps
find | sort. As a bonus, this simplifies the logic considerably. Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.
Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm. I haven't seen this during testing, but others might.
MFC after: 2 weeks
rapid wireless association changes in my experience), there is a race
where dhclient is in the process of exiting due to the link going down
when the link coming up causes devd to try and start a new one. This
results is the link being up, but no dhclient running.
Work around this race by checking a second time after a one second delay
before refusing to start a dhclient instance due to one already being
running.
MFC after: 1 week
out because the rc.conf(5) variable was not enabled. Display a
message that the command wasn't run and offer suggestions on
what the user can do.
Implement a quiet prefix, which will disable some diagnostics. The
fast prefix also implies quiet. During boot we use either fast or
quiet. For shutdown we already use 'faststop'. So, this informational
message should only appear during interactive use.
An additional benefit of having a quiet prefix is that we can start
putting some of our diagnostic messages behind this knob and start
"de-cluttering" the console during boot and shutdown.
during boot and shutdown. I think I'll hide it behind autoboot or
maybe take brooks@ suggestion and implement a different command
prefix for booting/shutdown purposes, but in any case it needs more
thought and attention.
Noticed by: ceri
Pointyhat to: mtm
- Allow IP in firewall_nat_interface, just like natd_interface
- Allow additional configuration parameters passed to ipfw via
firewall_nat_flags
- Document firewall_nat_* in defaults/rc.conf
Tested by: Albert B. Wang <abwang at gmail.com>
MFC after: 1 month
included in the kernel by default. Remove reference to this option
from defaults/rc.conf and rc.conf(5).
PR: conf/119098
Submitted by: Beat Gaetzi
MFC after: 1 week
the rejected mail reports to tally the rejects per blacklist without
providing details about individual sender hosts. The default configuration
keeps the reports in their original form.
MFC after: 1 week
.ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
daily 100.clean-tmps job. If you are logged into an X session longer
than the timeout period (default of 3 days), then this job can delete
the X11 sockets out from under the session without this fix.
MFC after: 3 days
upgrading to new releases. Important parts of this code include
* automatically determining which optional components (e.g., src,
info, proflibs) are installed.
* merging changes in files which are modified locally and have
changed between the currently running and new release.
* prompting the user to rebuild all 3rd party software before
deleting old shared libraries.
Yes, this is compatible with "freebsd-update rollback" -- you can
test a new -BETA and roll back to the old release if you don't
like it.
Subject to re@ approval, this will be MFCed before 7.0-BETA3 and
6.3-RC1.
MFC after: 2 days
This includes:
o mtree (for legal/intel_wpi)
o manpage for i386/amd64 archs
o module for i386/amd64 archs
o NOTES for i386/amd64 archs
Approved by: mlaier (comentor)
wpa_supplicant expects that it has exclusive access to the net80211 state so
when its starts poking in the WEP/WPA settings and the card is already
scanning it can cause net80211 to try and associate incorrectly with a
protected AP.
This is an inconvenience for firmware based cards such as iwi where it can be
sent an auth instruction with incomplete security info and cause a firmware
error.
Remove the 'ifconfig up' from network.subr since wpa_supplicant will
immediately down the interface again.
Reported by: Guy Helmer (and others)
Reviewed by: sam, brooks, avatar
MFC after: 3 days
it's just a matter of adding a `${_+_}' prefix before each submake
invokation. This allows a dry run to proceed down to, but not
including, leaf commands. (See <sys.mk> for how ${_+_} is set
depending on the number of -n flags.)
so that when using named from the ports (or elsewhere) the proper rndc*
commands will be run.
2. Rework the stop routine using ideas from brooks and delphij.
Specifically I am duplicating a lot of code from rc.subr's stop routine
so that this one will behave more like the one in rc.subr, but use rndc
to kill the daemon (or regular kill if that fails). This also avoids
the problems related to using killall if rndc fails, which is bad if
you're running more than one named on the same box.
3. Take a concept from gshapiro and allow the rndc.key file to be
owned by root OR the named_uid user.
Although I used different solutions, this commit handles issues raised in:
PR: conf/73929
PR: conf/103976
PR: conf/109409
is then used as an argument to the amd program. This outpu may contain
newlines, but the script did not take care to strip those newlines before
apending it to rc_flags. Revision 1.72 of rc.subr(8) introduced changes that
exposed this problem (specifically putting the final eval'ed command in
quotes).[1]
Also, for correctness' sake, shell directives appended to the command-line
by the script should go into command_args, and not appended directly
to rc_flags.
Reported by: John E Hein <jhein@timing.com> [1]
Tested by: John E Hein <jhein@timing.com>
MFC after: 1 week
This commit includes the following core components:
* sample configuration file for sensorsd
* rc(8) script and glue code for sensorsd(8)
* sysctl(3) doc fixes for CTL_HW tree
* sysctl(3) documentation for hardware sensors
* sysctl(8) documentation for hardware sensors
* support for the sensor structure for sysctl(8)
* rc.conf(5) documentation for starting sensorsd(8)
* sensor_attach(9) et al documentation
* /sys/kern/kern_sensors.c
o sensor_attach(9) API for drivers to register ksensors
o sensor_task_register(9) API for the update task
o sysctl(3) glue code
o hw.sensors shadow tree for sysctl(8) internal magic
* <sys/sensors.h>
* HW_SENSORS definition for <sys/sysctl.h>
* sensors display for systat(1), including documentation
* sensorsd(8) and all applicable documentation
The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and -current as of today.
All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.
Submitted by: Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by: Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by: syrinx
Tested by: many
OKed by: kensmith
Obtained from: OpenBSD (parts)
ppp_profile variable can now contain multiple profiles.
Overrides for ppp mode and nat can go into ppp_$profile_mode
and ppp_$profile_nat variables respectively. If those are
not specified, defaults from ppp_mode and ppp_nat are used.
Submitted by: Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by: mtm
MFC after: 1 week
local rc.d scripts in the overall boot order was added.
Proper rc.d scripts are run by rc.subr in a subshell, whereas scripts that
end in .sh are sourced into rc's shell. The latter has potential to create
serious boot problems, and there is no reason that the same functionality
cannot be added by the user in the form of a proper rc.d script (as
opposed to being added by the user in the form of /etc/rc.early).
This script will be removed prior to the 8.0 branch.
Approved by: re (kensmith)
for pre-5.0 variable names.
Remove two dhcp compatibility variables added after the 5.1-RELEASE.
Remove the now-unused support for these shims.
Approved by: re (kensmith)
providers with limited physical storage and add physical storage as
needed.
Submitted by: Ivan Voras
Sponsored by: Google Summer of Code 2006
Approved by: re (kensmith)
otherwise the /dev/mdX.uzip won't be created immediately, which is
needed because we issue a mount right afterwards.
Approved by: re@ (bmah@)
MFC after: 2 days
so that when I applied the patch to my check-in tree the top half of my patch failed to
apply. Off course I saw what I *expected* to see (the bottom half succeeded) and
didn't notice that it had failed to apply cleanly.
Approved by: re (bmah)
in most cases, except one. The 'restart' case was not working as expected. Specifically,
it would stop both lockd and statd, but it would restart only statd (which appears first
in the script). This is because rc.subr(8) contains code to guard against infinite
recursion in the 'restart' casae.
To fix this use the traditional approach of controlling only one server from one script by
breaking out rc.d/nfslocking into its contituent parts: rc.d/lockd and rc.d/statd. Keep
rc.d/nfslocking around but don't include it in the boot rcorder(8)ing.
PR: conf/107316
Approved by: re (bmah)
MFC after: 2 weeks
commented out example who have either not responded, or specifically
asked not to participate because they do not view AXFR as "a production
service."
2. Add f.root-servers.net to the example after confirmation from
Paul Vixie.
3. Add a warning to the commented out "root zone slave" example to the
effect that it requires more attention than a hints file, and provides
more benefit to larger sites than individual hosts.
4. Correct a typo copied from RFC 2544 which was corrected in a later
errata, and confirmed in RFC 3330. Update the comment to reflect that
RFC 3330 got it right and to avoid confusion down the road. 3330 also
contains a reference back to 2544 for anyone interested in pursuing the
history. [1]
PR: conf/115573 [1]
Submitted by: Oliver Fromme <olli@secnetix.de> [1]
Approved by: re (kensmith)
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.
2. Change the default behavior back to using a hint zone for the root.
3. Leave the root slave zone config as a commented out example.
4. Remove the B and F root servers from the example at the request of
their operators.
Requested by: he-who-must-not-be-named [1]
Requested by: many [2]
Approved by: re (rwatson)
wpa_supplicant and other programs started by 'netif' don't get erased
by a subsequent 'cleanvar'.
Approved by: re (bmah)
Reviewed by: dougb
MFC after: 1 week
included man pages on how to use it. This code is still somewhat experimental
but has been successfully tested on a number of targets. Many thanks to
Danny for contributing this.
Approved by: re
NET_NEEDS_GIANT, which will shortly be removed. This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added. Specifics:
- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm
This removes the last remaining consumer of NET_NEEDS_GIANT.
Reviewed by: harti
Discussed with: bz, bms
Approved by: re (kensmith)
sys/i4b/include/ so they will be available to all architectures
once I4B compiles on those.
I4B header files are now installed in include/i4b/ and no longer
in include/machine/.
For now we still install the headers for i386 only.
Approved by: re (kensmith)
Improvements:
* /etc/rc.suspend,rc.resume are always run, no matter the source of the
suspend request (user or kernel, apm or acpi)
* suspend now requires positive user acknowledgement. If a user program
wants to cancel the suspend, they can. If one of the user programs
hangs or doesn't respond within 10 seconds, the system suspends anyway.
* /dev/apm is clonable, allowing multiple listeners for suspend events.
In the future, xorg-server can use this to be informed about suspend
even if there are other listeners (i.e. apmd).
Changes:
* Two new ACPI ioctls: REQSLPSTATE and ACKSLPSTATE. Request begins the
process of suspending by notifying all listeners. acpi is monitored by
devd(8) and /dev/apm listener(s) are also counted. Users register their
approval or disapproval via Ack. If anyone disapproves, suspend is vetoed.
* Old user programs or kernel modules that used SETSLPSTATE continue to
work. A message is printed once that this interface is deprecated.
* acpiconf gains the -k flag to ack the suspend request. This flag is
undocumented on purpose since it's only used by /etc/rc.suspend. It is
not intended to be a permanent change and will be removed once a better
power API is implemented.
* S5 (power off) is no longer supported via acpiconf -s 5 or apm -z/-Z.
This restores previous behavior of halt/shutdown -p being the interface.
* Miscellaneous improvements to error reporting
Approved by: re
best practices:
1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."
2. In named.conf
a. Clean up white space
b. Add/clarify a few comments
c. Slave zones from the root servers instead of using a hints
file. This has several advantages, as described in the comments.
d. Significantly revamp the default zones, including the
forward localhost zone, and the reverse zones for IPv4 and IPv6
loopback addresses. There are extensive comments describing what
is included and why. Interested readers should take the time to
review the RFCs mentioned in the comments. There is also relevant
information about the motivations for hosting these zones in the
"work in progress" Internet-Draft,
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
or its successor.
It's also worth noting that a significant number of these
empty zones are already included by default in the named binary
without any user configuration.
e. Because we're including a lot of examples of both local
forward zones and slave zones in the default configuration,
eliminate some of those examples.
3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.
In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.
The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs. E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM. When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made. Then it'll be
enough to set the expire field in future for the commands to run
again. And so on.
Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.
X-Security: should benefit as users have access to cron(8) by default
/etc/rc.d/sendmail whether or not to run newaliases if the database
is missing or the aliases text file is newer than aliases.db.
In my opinion, the aliases file should never be automatically rebuilt.
The current text form could represent a work in progress. Therefore,
in FreeBSD 7.0, this new option will default to "NO". When this rc.d
change is MFC'ed, it will need to remain "YES" to maintain backward
compatibility.
PR: conf/86252
Approved by: re (kensmith)
MFC after: 3 days
id used by sysinstall when enabling anonymous FTP.
Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.
PR: 93284
Approved by: ru (mentor)
Reviewed by: simon
instead of an authentication function. There are a design reason
and a practical reason for that. First, the module belongs in
account management because it checks availability of the account
and does no authentication. Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)
PR: bin/112574
Approved by: des, re
when figuring out what the real interpreter is for an
interpreted command. That is, check whether we can read
the script file in the first place and, if so, make sure
we got a valid shebang line from it.
stop looking there for things like rc.d and periodic. This avoids
duplicating effort when /usr/X11R6 is a symlink to /usr/local,
which it is by default now.
It is not anticipated at this time that we will MFC this change, since
we'd like to avoid breaking legacy systems. However, there is a fix for
/etc/rc.subr in the works to avoid running any rc.d scripts twice which
we should be able to MFC.
/etc/rc.d/hostid now that we switched the origin of the UUID (variable
smbios.system.uuid as provided by the i386 BIOS code) to already provide
a standard conforming lower-case UUID text representation.
usage to an equivalent csh(1) usage as tr(1) stays in /usr/bin and
/etc/rc.d/hostid has just the root filesystem (and this way mainly the
tools in /bin) available.
I've chosen csh(1) here as the string manipulation tools available in
/bin is extremely limited and the (only) alternative ed(1) usage would
have been a lot more complicated or even might require a temporary file.
and ISO/IEC-9834-8:2005 is with LOWER-CASE hexadecimal characters only,
so translate the (usually upper-case and this way not conforming)
representation of the BIOS UUID when reading it. Also be more strict
about the valid characters in the textual representation by checking for
just the hexadecimal characters.
list.
This is only for the well known known ports (port 1-1023) for tcp and
udp only.
Changes:
- Removed "problems" comments around port 57, 77 and 87
- Removed audionews (port 114)
- Added imap3 (port 220)
- Removed yak-chat (port 258)
- Removed concert (port 786)
- Added a lot of new allocations
Submitted by: edwin
scripts in rc.d to stop rc(8) from booting into multi-user mode when
a critical or severe error condition is encountered.
o Modify scripts in etc/rc.d that already implemented this functionality
independently.
o Document it.
[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
to rc.subr(8). Our version differs slightly in that it takes an
optional argument to stop the boot even if "autoboot" is not set.
Obtained from: NetBSD
MFC after: 2 weeks
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.
MFC after: 2 weeks
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.
From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
NFS-share anything. This way we can safely start mountd with
/etc/zfs/exports and mountd won't complain.
Pointed out by: ceri
- Move 'zfs volinit' before 'zfs mount -a' and 'zfs volfini' after
'zfs unmount -a'.
The registration names for 5222(tcp,udp) and 5269(tcp,udp) was changed to
xmpp-client and xmpp-server correspondingly.
This inconsistency causes problems to applications developed on other
systems, as they tries to use port numbers from /etc/services as fallback.
PR: conf/100606
Submitted by: Ralph Meijer <freebsd-gnats2@ralphm.ik.nu>
Approved by: maxim
MFC after: 1 week
software-generated UUID. Store the result in /etc/hostid and use it in
the future. Perform simple UUID format check, as there is a lot of
hardware with broken UUIDs. The check should be improved to also eliminate
fake UUIDs like 00000000-0000-0000-0000-000000000000.
Requested by: many
which can be used to turn off multicast pfsync support, and enable
the transmission of directed PFSYNC (IP protocol: 240) packets to
a specific "sync peer" host.
PR: conf/111225
Submitted by: Bas van Beek <bas@tobin.nl>
Approved by: mtm, mlaier
MFC after: 2 weeks
UUID and stores it in /etc/hostid ($hostid_file) as well as sets kern.hostuuid
and kern.hostid sysctls on every boot.
Hostid can be reset using '/etc/rc.d/hostid reset' command.
Hostid generation and setting can be turned off by setting variable
hostid_enable to "NO" in /etc/rc.conf.
Reviewed by: mlaier, rink, brooks, rwatson
and takes over mountcritlocal's role as the early / late divider. This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.
This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.
MFC after: 3 weeks
If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.
PR: conf/78762
MFC-After: 2 weeks
All xxx_<ifname> flags are set to empty strings automatically earlier so
eval echo \${${prefix}${_if}${suffix}-${_default}}
not substitute the default but return just the empty string.
Fix it using
eval echo \${${prefix}${_if}${suffix}:-${_default}}
(i.e. treat empty strings as unset)
The bug manifistates itself with the following warning from checkyesno():
/etc/rc.d/dhclient: WARNING: $background_dhclient is not set properly -
see rc.conf(5)
The code looks for all the loaded screensaver modules, tries to
kldunload them, and only loads the new one if kldstat's output shows
that there aren't any left. However, the regexp looking for modules
to unload was still searching according to the the old naming scheme,
splash_<name>.ko, instead of <name>_saver.ko.
MFC after: 3 days
the background fsck indefinitely. This allows the administrator to run
it at a convenient time. To support running it from cron, the
forcestart argument now causes the fsck to start with no delay and all
output to be suppressed.
insert a slash between ${_chroot} and the pathname if and only if
${_chroot} is set to a non-empty string. Now the pathname is very
likely to be absolute, but we shouldn't take that for granted.
for /tmp and /var. This makes the memory discs swap-backed instead
of malloc-backed. A swap-backed memory disc should not be worse
than a malloc-backed one in any scenario because it will start
touching swap only when needed. OTOH, a malloc-backed disc can
starve limited kernel resources and evenually crash the system.
Reflect the change in the rc.conf(5) manpage. Also stop telling
lies there about softupdates: it does not waste disc space, it
just can delay its freeing.
Suggested by: many
PR: kern/87255
MFC after: 1 week
Include /var/db/entropy-file in the reseeding if present. It is used for
last-ditch efforts to save entropy and thus should also be used to seed
the RNG when starting. Print a warning instead of an error if writing the
file fails -- err() exits, preventing the umask from being restored.
Also, since there's not much that can be done about it, notifying the user
is all that's needed.
MFC after: 2 weeks
uuencoded format along with their respective LICENSE files.
- Add new share/doc/legal directory to BSD.usr.dist mtree file. This is the
place we install LICENSE files for restricted firmwares.
- Teach firmware(9) and kmod.mk about licensed firmwares. Restricted firmwares
won't load properly unless legal.<name>.license_ack is set to 1, either
via kenv(1) or /boot/loader.conf.
Reviewed by: mlaier, sam
Permitted by: Intel (via Andrew Wilson)
MFC after: 1 month
arrangement that has no intrinsic internal knowledge of whether devices
it is given are truly multipath devices. As such, this is a simplistic
approach, but still a useful one.
The basic approach is to (at present- this will change soon) use camcontrol
to find likely identical devices and and label the trailing sector of the
first one. This label contains both a full UUID and a name. The name is
what is presented in /dev/multipath, but the UUID is used as a true
distinguishor at g_taste time, thus making sure we don't have chaos
on a shared SAN where everyone names their data multipath as "Fred".
The first of N identical devices (and N *may* be 1!) becomes the active
path until a BIO request is failed with EIO or ENXIO. When this occurs,
the active disk is ripped away and the next in a list is picked to
(retry and) continue with.
During g_taste events new disks that meet the match criteria for existing
multipath geoms get added to the tail end of the list.
Thus, this active/passive setup actually does work for devices which
go away and come back, as do (now) mpt(4) and isp(4) SAN based disks.
There is still a lot to do to improve this- like about 5 of the 12
recommendations I've received about it, but it's been functional enough
for a while that it deserves a broader test base.
Reviewed by: pjd
Sponsored by: IronPort Systems
MFC: 2 months
bad or illegal. This prevents matching on systems that
have a name that matches the query.
PR: conf/107560
Submitted by: Christian Laursen <cfsl at pil dot dk>
MFC after: 3 days
Approved by: imp (mentor)
Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.
PR: conf/104884
Submitted by: nork
Harassed by: brd
Discussed with: brooks, dougb
o Remove ttyyX, created by the obsolete zs(4)
o Replace ttydX by ttyuX, which is created by uart(4)
o Enable ttyu0 as a console to better support the xserve.
MFC after: 1 week