The summary of changes is as follows..
Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
testcases that require lchmod, skip the testcase -- otherwise
use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].
Linux support::
- Fixed Linux support to pass on later supported versions of
Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].
OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
[2].
MFC after: 2 months
Obtained from: https://github.com/pjd/pjdfstest/tree/0.1
Relnotes: yes
Submitted by: asomers [1], ngie [2]
Tested with: UFS, ZFS
ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3701462400 - with a
leap-seconds file from NIST at ftp://time.nist.gov/pub/. The USNO
version of the file changes the last documented leap second update
time whereas the NIST version does not. The expiration of the USNO
version of the file is also one month short.
Requested by: ian@
Obtained from: ftp://time.nist.gov/pub/leap-seconds.3676924800
MFC after: 3 days
As per https://datacenter.iers.org/eop/-/somos/5Rgv/latest/16:
INTERNATIONAL EARTH ROTATION AND REFERENCE SYSTEMS SERVICE (IERS)
SERVICE INTERNATIONAL DE LA ROTATION TERRESTRE ET DES SYSTEMES DE REFERENCE
SERVICE DE LA ROTATION TERRESTRE
OBSERVATOIRE DE PARIS
61, Av. de l'Observatoire 75014 PARIS (France)
Tel. : 33 (0) 1 40 51 23 35
FAX : 33 (0) 1 40 51 22 91
Internet : services.iers@obspm.fr
Paris, 9 January 2017
Bulletin C 53
To authorities responsible
for the measurement and
distribution of time
INFORMATION ON UTC - TAI
NO leap second will be introduced at the end of June 2017.
The difference between Coordinated Universal Time UTC and the
International Atomic Time TAI is :
from 2017 January 1, 0h UTC, until further notice : UTC-TAI = -37 s
Leap seconds can be introduced in UTC at the end of the months of December
or June, depending on the evolution of UT1-TAI. Bulletin C is mailed every
six months, either to announce a time step in UTC, or to confirm that there
will be no time step at the next possible date.
Christian BIZOUARD
Director
Earth Orientation Center of IERS
Observatoire de Paris, France
Obtained from: ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3701462400
MFC after: 3 days
Need to multiply the size of the disk passed to mount_md by 512 as mdmfs
expects number of 512-byte blocks while tmpfs size option wants number of
bytes.
Reviewed by: brooks
Approved by: sjg (mentor)
Obtained from: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D11106
Tests that exercise the following flags are added in this commit:
- -A
- -H
- -I
- -g
- -h
- -k
- -m
Additional tests will be added soon.
MFC after: 1 month
When /etc/rc runs all /etc/rc.d scripts, it has already loaded /etc/rc.subr
but each /etc/rc.d script sources it again (since /etc/rc.d scripts must
also work when started stand-alone).
Therefore, if rc.subr is already loaded, return so sh need not parse the
rest of the file.
A second effect is that there is no longer a compound command around most of
rc.subr. This reduces memory usage while sh is loading rc.subr for the first
time (but this memory is free()d once rc.subr is loaded).
For purposes of porting this to other systems, I do not recommend porting
this to systems with shells that do not have the change to the return
special builtin like in r255215 (before FreeBSD 10.0-RELEASE). This change
ensures that return in the top level of a dot script returns from the dot
script, even if the dot script was sourced from a function.
A comparison of CPU time on an amd64 bhyve virtual machine from a times
command added near the end of /etc/rc, all four values summed:
x orig1
+ quickreturn
+--------------------------------------------------------------------------+
| + + + x x x|
||______M__A_________| |______M___A__________| |
+--------------------------------------------------------------------------+
N Min Max Median Avg Stddev
x 3 1.704 1.802 1.726 1.744 0.051419841
+ 3 1.467 1.559 1.487 1.5043333 0.048387326
Difference at 95.0% confidence
-0.239667 +/- 0.113163
-13.7424% +/- 6.48873%
(Student's t, pooled s = 0.0499266)
* Verify that when creating a hard link to a symbolic link, '-L' option
creates a hard link to the target of the symbolic link
* Verify that when creating a hard link to a symbolic link, '-P' option
creates a hard link to the symbolic link itself
* Verify that if the target file already exists, '-f' option unlinks it so
that link may occur
* Verify that if the target file or directory is a symbolic link, '-shf'
option prevents following the link
* Verify that if the target file or directory is a symbolic link, '-snf'
option prevents following the link
* Verify that '-s' option creates a symbolic link
* Verify that '-w' option produces a warning if the source of a symbolic
link does not currently exist
Submitted by: shivansh
Reviewed by: asomers, ngie
MFC after: 1 month
Sponsored by: Google, Inc (GSoC 2017)
Differential Revision: https://reviews.freebsd.org/D11084
All manpages in base are now compatible with mandoc(1), all roff documentation
will be relocated in the doc tree. man(1) can now use groff from the ports tree
if it needs.
Also remove checknr(1) and colcrt(1) which are only useful with groff.
Approved by: (no objections on the mailing lists)
Verify that echo(1) does not...
- ... print the trailing newline character with option '-n'.
- ... print the trailing newline character when '\c' is appended to
the end of the string.
Submitted by: shivansh
Reviewed by: asomers, ngie
MFC after: 1 month
Sponsored by: Google, Inc (GSoC 2017)
Differential Revision: D11036
In batch mode, most messages go into the core.txt.N file instead of stdout.
Reviewed by: jhb
MFC after: 3 days
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D10429
I incorrectly started this pattern in r277541 with the opensm newsyslog.conf.d file,
and continued using it in r318441 and r318443.
This will fix the files being handled improperly via installworld, preventing tools like
etcupdate, mergemaster, etc from functioning properly when comparing the installed
contents on a system vs the contents in a source tree when doing merges.
PR: 219404
Submitted by: Dan McGregor <dan.mcgregor@usask.ca>
MFC after: 2 weeks
MFC with: r277541, r318441, r318443
Sponsored by: Dell EMC Isilon
The default crontab prior to this commit assumes atrun(8) is always
present, which isn't true if MK_AT == no. Move atrun(8) execution
from /etc/crontab to /etc/cron.d/at, and base /etc/cron.d/at's installation
on MK_AT. cron(8) will detect /etc/cron.d/at's presence when the configuration
is loaded and run atrun every 5 minutes like it would prior to this commit.
SHELL and PATH are duplicated between /etc/crontab and /etc/cron.d/at
because atrun(8) executes programs, which may rely on environment
set in the current default /etc/crontab.
Noted by: bdrewery (in an internal review)
MFC after: 2 months
Relnotes: yes (may need to add environmental modifications to
/etc/cron.d/at)
Sponsored by: Dell EMC Isilon
Install /etc/cron.d/at if MK_AT != no, always using it, which tries
to run a non-existent program via cron(8) every 5 minutes with the
default /etc/crontab, prior to this commit.
SHELL and PATH are duplicated between /etc/crontab and /etc/cron.d/at
because atrun(8) executes programs, which may rely on environment
currently set via /etc/crontab.
Noted by: bdrewery (in an internal review)
MFC after: 2 months
Relnotes: yes (may need to add environmental modifications to
/etc/cron.d/at)
Sponsored by: Dell EMC Isilon
Items tested via this commit are:
- Some basic POSIX constants.
- Some valid programming environments with -v.
- Some invalid programming environments via -v.
NOTE: this test makes assumptions about ILP32/LP32 vs LP64 that are
currently not true on all architectures to avoid hardcoding some
architectures in the tests. I'm working on improving getconf(1) to be
more sane about handling ILP32/LP32 vs LP64. Future commits are coming
soon to address this.
MFC after: 2 weeks
Tested with: amd64, i386
Sponsored by: Dell EMC Isilon
These tests query a running process for information related to the -b,
-c, -e, and -f flags; the -f testcase is largely stubbed out, pending
additional work to determine a good, deterministic descriptor.
Core file test support is coming soon--it requires a bit more effort
due to the fact that:
- coredumps can be disabled (kern.coredump=0).
- corefiles can be put in different directories than the current
directory, or be named something other than `<prog>.core`
(`kern.corefile`).
MFC after: 2 months
Sponsored by: Dell EMC Isilon
src.conf(5) knobs
This will allow consumers of FreeBSD to use the unmodified configuration
files out of the box more than previously.
Both newsyslog.conf and syslog.conf:
- /var/log/lpd-errs (MK_LPR != no)
- /var/log/ppp.log (MK_PPP != no)
- /var/log/xferlog (MK_FTP != no)
newsyslog.conf:
- /var/log/amd.log (MK_AMD != no)
- /var/log/pflog (MK_PF != no)
- /var/log/sendmail.st (MK_SENDMAIL != no)
MFC after: 3 weeks
Sponsored by: Dell EMC Isilon
With fstyp(8) being updated to detect exfat in base r312003, it seems
like a good time to add support for auto-mounting SDXC cards -- which
use exfat by default.
The user will need to locally compile and install sysutils/fusefs-exfat
for this to succeed; logs a message to that effect when not installed.
PR: 218743
Submitted by: eborisch+FreeBSD@gmail.com
MFC after: 2 weeks
This makes 'stop' behave consistently with 'start' in the script.
Also use $SYSCTL instead of sysctl for consistency within that script.
MFC after: 3 weeks
patm(4) devices.
Maintaining an address family and framework has real costs when we make
infrastructure improvements. In the case of NATM we support no devices
manufactured in the last 20 years and some will not even work in modern
motherboards (some newer devices that patm(4) could be updated to
support apparently exist, but we do not currently have support).
With this change, support remains for some netgraph modules that don't
require NATM support code. It is unclear if all these should remain,
though ng_atmllc certainly stands alone.
Note well: FreeBSD 11 supports NATM and will continue to do so until at
least September 30, 2021. Improvements to the code in FreeBSD 11 are
certainly welcome.
Reviewed by: philip
Approved by: harti
/etc/pam.d/ftp* should be installed with MK_FTP != no and
/etc/pam.d/telnetd should be installed when MK_TELNET != no.
MFC after: 7 weeks
Sponsored by: Dell EMC Isilon
etc/rc.d/dhclient unconditionally testing true when called by a devd
rule during boot, ignoring statically assigned IP addresses in rc.conf.
Requested by: des@
Areas not covered still [positive functionality wise] are:
- sbuf_{clear,get,set}_flags
- sbuf_new (in particular, with fixed buffers, etc).
Some basic negative testing has been added, but more will be added in the
future.
This work was in part to validate work done by cem in r288223, and ian
before that.
MFC after: 2 months
Sponsored by: Dell EMC Isilon
Previously, 450.status-security would always set rc=3 in inline mode,
because it doesn't know whether "periodic security" is going to find
anything interesting. But this annoyingly results in daily reports that
simply say "Security check: \n\n-- End of daily output --".
This change fixes that by testing whether "periodic security" printed
anything, and setting 450.status-security's exit status to 3 if it did. An
alternative would be to change the exit status of periodic(8) to be the
worst of its scripts' exit statuses, but that would be a more intrusive
change.
Reviewed by: brian
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D10267
and NULL (for no) to "no" (for no) and no change to the definition
of yes. Two rc.d scripts, dhclient and bgfsck check rc_force for
yesi, using test -n, and no, using test -z. The redefinition of
yes and no by r316487 caused rc.d/dhclient, when invoked by devd
using a devd.conf rule, to assign DHCP assigned IP addresses for
interfaces with statically assigned interfaces, breaking boot.
Point of breakage was at line 25 of etc/rc.d/dhclient (r301068)
where $rc_force needs to be NULL.
MFC after: 3 weeks
X-MFC with: r316487
Multiple periodic scripts sleep for a random amount of time in order to
mitigate the thundering herd problem. This is bad, because the sum of
multiple uniformly distributed random variables approaches a normal
distribution, so the problem isn't mitigated as effectively as it would be
with a single sleep.
This change creates a single configurable anticongestion sleep. periodic
will only sleep if at least one script requires it, and it will never sleep
more than once per invocation. It also won't sleep if periodic was run
interactively, fixing an unrelated longstanding bug.
PR: 217055
PR: 210188
Reviewed by: cy
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D10211
- kvm_close: add a testcase to verify support for errno = EINVAL / -1
(see D10065) when kd == NULL is provided to the libcall.
- kvm_geterr:
-- Add a negative testcase for kd == NULL returning "" (see D10022).
-- Add two positive testcases:
--- test the error case using kvm_write on a O_RDONLY descriptor.
--- test the "no error" case using kvm_read(3) and kvm_nlist(3) as
helper routines and by injecting a bogus error message via
_kvm_err (an internal API) _kvm_err was used as there isn't a
formalized way to clear the error output, and because
kvm_nlist always returns ENOENT with the NULL terminator today.
- kvm_open, kvm_open2:
-- Add some basic negative tests for kvm_open(3) and kvm_open2(3).
Testing positive cases with a specific
`corefile`/`execfile`/`resolver` requires more work and would require
user intervention today in order to reliably test this out.
Reviewed by: markj
MFC after: 2 months
Sponsored by: Dell EMC Isilon
Differential Revision: D10024
This, like including ucl private headers, is useful for writing new base
system tools. Yes, anyone using these libraries shouldn't assume ABI
compatibility.
Reviewed by: bdrewery, bapt
Differential Revision: https://reviews.freebsd.org/D10123
the default partition, eMMC v4.41 and later devices can additionally
provide up to:
1 enhanced user data area partition
2 boot partitions
1 RPMB (Replay Protected Memory Block) partition
4 general purpose partitions (optionally with a enhanced or extended
attribute)
Of these "partitions", only the enhanced user data area one actually
slices the user data area partition and, thus, gets handled with the
help of geom_flashmap(4). The other types of partitions have address
space independent from the default partition and need to be switched
to via CMD6 (SWITCH), i. e. constitute a set of additional "disks".
The second kind of these "partitions" doesn't fit that well into the
design of mmc(4) and mmcsd(4). I've decided to let mmcsd(4) hook all
of these "partitions" up as disk(9)'s (except for the RPMB partition
as it didn't seem to make much sense to be able to put a file-system
there and may require authentication; therefore, RPMB partitions are
solely accessible via the newly added IOCTL interface currently; see
also below). This approach for one resulted in cleaner code. Second,
it retains the notion of mmcsd(4) children corresponding to a single
physical device each. With the addition of some layering violations,
it also would have been possible for mmc(4) to add separate mmcsd(4)
instances with one disk each for all of these "partitions", however.
Still, both mmc(4) and mmcsd(4) share some common code now e. g. for
issuing CMD6, which has been factored out into mmc_subr.c.
Besides simply subdividing eMMC devices, some Intel NUCs having UEFI
code in the boot partitions etc., another use case for the partition
support is the activation of pseudo-SLC mode, which manufacturers of
eMMC chips typically associate with the enhanced user data area and/
or the enhanced attribute of general purpose partitions.
CAVEAT EMPTOR: Partitioning eMMC devices is a one-time operation.
- Now that properly issuing CMD6 is crucial (so data isn't written to
the wrong partition for example), make a step into the direction of
correctly handling the timeout for these commands in the MMC layer.
Also, do a SEND_STATUS when CMD6 is invoked with an R1B response as
recommended by relevant specifications. However, quite some work is
left to be done in this regard; all other R1B-type commands done by
the MMC layer also should be followed by a SEND_STATUS (CMD13), the
erase timeout calculations/handling as documented in specifications
are entirely ignored so far, the MMC layer doesn't provide timeouts
applicable up to the bridge drivers and at least sdhci(4) currently
is hardcoding 1 s as timeout for all command types unconditionally.
Let alone already available return codes often not being checked in
the MMC layer ...
- Add an IOCTL interface to mmcsd(4); this is sufficiently compatible
with Linux so that the GNU mmc-utils can be ported to and used with
FreeBSD (note that due to the remaining deficiencies outlined above
SANITIZE operations issued by/with `mmc` currently most likely will
fail). These latter will be added to ports as sysutils/mmc-utils in
a bit. Among others, the `mmc` tool of the GNU mmc-utils allows for
partitioning eMMC devices (tested working).
- For devices following the eMMC specification v4.41 or later, year 0
is 2013 rather than 1997; so correct this for assembling the device
ID string properly.
- Let mmcsd.ko depend on mmc.ko. Additionally, bump MMC_VERSION as at
least for some of the above a matching pair is required.
- In the ACPI front-end of sdhci(4) describe the Intel eMMC and SDXC
controllers as such in order to match the PCI one.
Additionally, in the entry for the 80860F14 SDXC controller remove
the eMMC-only SDHCI_QUIRK_INTEL_POWER_UP_RESET.
OKed by: imp
Submitted by: ian (mmc_switch_status() implementation)
This change contains several negative and positive tests for:
- cam_open_device
- cam_close_device
- cam_getccb
- cam_freeccb
This also contains a test for the failure case noted in bug 217649,
i.e., O_RDWR must be specified because pass(4) requires it.
This test unfortunately cannot assume that cam-capable devices are
present, so the user must explicitly provide a device via
`test_suites.FreeBSD.cam_test_device`. In the future, a test kernel
module might be shipped, or ctl(4) might be used, as a test device
when testing out libcam, which will allow the tests to do away with
having to specify an explicit test device.
Reviewed by: asomers, ken (earlier diff)
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: D9928
This change moves the tests added in r313962 to an existing directory
structure used by the geli TAP tests. It also, renames the test from
pbkdf2 to pbkdf2_test .
The changes to ObsoleteFiles.inc are being committed separately as they
aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests
is done all in one commit.
MFC after: 2 weeks
X-MFC with: r313962, r313972-r313973
Reviewed by: allanjude
Sponsored by: Dell EMC Isilon
Differential Revision: D9985
Prefer ${SRCTOP}/ to ${.CURDIR}/../ and ${.CURDIR}/../../ as appropriate.
Differential Revision: https://reviews.freebsd.org/D9932
Sponsored by: Netflix
Silence On: arch@ (twice)
It relies on output from inetd that is triggered by MK_TCP_WRAPPERS=yes.
We need to check for both knobs being set -- otherwise the script doesn't
have much value.
PR: 217577
Submitted by: Sergey <kpect@protonmail.com> (MK_TCP_WRAPPERS piece)
MFC after: 1 week
Sponsored by: Dell EMC Isilon
The exit status will be 124, as the timeout(1) utility uses.
Reviewed by: jilles
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9697
test suite
This change does the following:
- Introduces symmetry in the test inputs/outputs by adding the exit
code to the files. This simplified the test driver notably by
requiring less filename/test name manipulation.
- Adds a test driver for the testcases added in r313544, patterned
after bin/sh/tests/functional_test.sh . The driver calls indent as
noted in r313544, with an exception: The $FreeBSD$ RCS keyword's
expansion is reindented with indent, which means that the output
differs from the expected output. Thus, all lines with $FreeBSD$
in them are deleted on the fly, both in the input file and the
output file.
The test inputs/outputs are copied to the kyua sandbox before the
test is run as the pathing in some of the files relies on pathing
normalized to the current directory (copying the files is the
easiest way to resolve the issue).
Approved by: pstef (maintainer)
Reviewed by: pstef
X-MFC with: r313544
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D9682
Ports change 421360 changed the name and UID of the postgres user
Reviewed by: trasz, imp, girgen
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9746
The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be
GELI's PBKDF2 uses a simple benchmark to determine a number of iterations
that will takes approximately 2 seconds. The security provided is actually
half what is expected, because an attacker could use the optimized
algorithm to brute force the key in half the expected time.
With this change, all newly generated GELI keys will be approximately 2x
as strong. Previously generated keys will talk half as long to calculate,
resulting in faster mounting of encrypted volumes. Users may choose to
rekey, to generate a new key with the larger default number of iterations
using the geli(8) setkey command.
Security of existing data is not compromised, as ~1 second per brute force
attempt is still a very high threshold.
PR: 202365
Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/
Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version)
Reviewed by: ed, pjd, delphij
Approved by: secteam, pjd (maintainer)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D8236
If one of the scripts listed in (daily|weekly|monthly)_local is executable,
999.local should simply execute it. Only if the script isn't executable
should 999.local assume it needs /bin/sh.
Reviewed by: brian
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
* Rewrite r_buf to use standard tail queues instead of a hand-rolled
circular linked list. Free dynamic allocations when done.
* Remove an optimization for the case where the file is a multiple of 128KB
in size and there is a scarcity of memory.
* Add ATF tests for "tail -r" and its variants.
Reported by: Valgrind
Reviewed by: ngie
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9067
Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org
using 3 separate 'server' config lines. That is now replaced with a single
'pool' line which causes ntpd to add multiple servers from the pool.
More than just making the config smaller, the pool feature in ntpd has one
major advantage over configuring 3 separate servers from a pool: if a server
that was added using a 'pool' statement provides bad time (initially or at
some later date), ntpd automatically discards it and configures a new
different server from the pool without needing to be restarted.
These changes also add a 'tos' line to control how many pool servers get
added, a 'restrict source' line that is required to allow ntpd to add new
peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does
nothing and should never have been there (127.127.1.0 is not a valid IP
address, it's a refclock identifier).
Differential Revision: https://reviews.freebsd.org/D9011
This will allow new users to uncomment the modules and have things work
with less head scratching, in the event they decide to uncomment any
of the section separators, e.g. %usm or %vcm, as the module loading is
only effective in the %default section.
MFC after: 1 week
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.
A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.
dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable. Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.
When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore
A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.
Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.
savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.
decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.
Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.
EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.
Designed by: def, pjd
Reviewed by: cem, oshogbo, pjd
Partial review: delphij, emaste, jhb, kib
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4712
USB in places, as well as having the potential for reducing
performance. Since this is used even when powerd isn't enabled, these
two problems can cause on servers. Supermicro X9 motherboards, for
example, have problems with the virtual IPMI USB keyboards and mice
attaching and detaching repeatedly. Since there are issues on some
CPUs with C2, fail safe by defaulting to not altering it.
MFC After: 3 days
VSS stands for "Volume Shadow Copy Service". Unlike virtual machine
snapshot, it only takes snapshot for the virtual disks, so both
filesystem and applications have to aware of it, and cooperate the
whole VSS process.
This driver exposes two device files to the userland:
/dev/hv_fsvss_dev
Normally userland programs should _not_ mess with this device file.
It is currently used by the hv_vss_daemon(8), which freezes and
thaws the filesystem. NOTE: currently only UFS is supported, if
the system mounts _any_ other filesystems, the hv_vss_daemon(8)
will veto the VSS process.
If hv_vss_daemon(8) was disabled, then this device file must be
opened, and proper ioctls must be issued to keep the VSS working.
/dev/hv_appvss_dev
Userland application can opened this device file to receive the
VSS freeze notification, hold the VSS for a while (mainly to flush
application data to filesystem), release the VSS process, and
receive the VSS thaw notification i.e. applications can run again.
The VSS will still work, even if this device file is not opened.
However, only filesystem consistency is promised, if this device
file is not opened or is not operated properly.
hv_vss_daemon(8) is started by devd(8) by default. It can be disabled
by editting /etc/devd/hyperv.conf.
Submitted by: Hongjiang Zhang <honzhan microsoft com>
Reviewed by: kib, mckusick
MFC after: 3 weeks
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D8224
To avoid have warning for services that are using oomprotect, oomprotect
will only be applied on services that won't run inside jails.
Reported by: allanjude
MFC after: 2 weeks.
All the '.conf' files not beginning with a '.' contained int he directory
following the keyword will be included.
This keyword can only be used in the first level configuration files.
Modify the default syslogd.conf to 'include' /etc/syslog.d and
/usr/local/etc/syslog.d
It simplify a lot handling of syslog from automation tools.
Reviewed by: markj, kib (via irc)
Approved by: markj
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D8402
For automation tools it is way easier to maintain files in directories rather
than modifying /etc/crontab.
The files in those directories are in the same format as /etc/crontab
Reviewed by: adrian
MFC after: 2 weeks
Relnotes: yes
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D8400
Currently, '/etc/rc.d/swaplate stop' removes all swap devices. This can be
very slow and may not even be possible if there is a lot of swap space in
use. However, removing swap devices is only needed for late swap devices
that may depend on daemons that subsequent shutdown steps stop. Normal swap
devices such as hard disk partitions will remain available throughout the
shutdown process and need not be removed.
In swapoff, interpret -aL to remove late swap devices only, and use this in
etc/rc.d/swaplate. The meaning of -aL in swapon remains unchanged (add all
swap devices, both normal and late).
PR: 187081
Reviewed by: wblock (man page only), ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8126
All devices:
- add support for rate adaptation via ieee80211_amrr(9);
- use short preamble for transmitted frames when needed;
- multi-bss support:
* for RTL8821AU: 2 VAPs at the same time;
* other: 1 any VAP + 1 sta VAP.
RTL8188CE:
- fix IQ calibration bug (reason of significant speed degradation);
- add h/w crypto acceleration support.
USB:
- A-MPDU Tx support;
- short GI support;
Other:
- add support for RTL8812AU / RTL8821AU chipsets
(a/b/g/n only; no ac yet);
- split merged code into subparts:
* bus glue (usb/*, pci/*, rtl*/usb/*, rtl*/pci/*)
* common (if_rtwn*)
* chip-specific (rtl*/*)
- various other bugfixes.
Due to code reorganization, module names / requirements were changed too:
urtwn urtwnfw -> rtwn rtwn_usb rtwnfw
rtwn rtwnfw -> rtwn rtwn_pci rtwnfw
Tested with RTL8188CE, RTL8188CUS, RTL8188EU and RTL8821AU.
Tested by: kevlo, garga,
Peter Garshtja <peter.garshtja@ambient-md.com>,
Kevin McAleavey <kevin.mcaleavey@knosproject.com>,
Ilias-Dimitrios Vrachnis <id@vrachnis.com>,
<otacilio.neto@bsd.com.br>
Relnotes: yes
GNU rcs is still available as a package:
- rcs: Latest GPLv3 GNU rcs version.
- rcs57: Copy of the latest version of GNU rcs (GPLv2) from base.
Relnotes: yes
Currently zfsbe ensures that subordinate filesystems are mounted at the
right mount points.
The script assumes that the subordinate filesystems of a boot environment
have their canmount property set to noauto, so that they are not
automatically mounted on boot. Whereas the root filesystem is mounted
by the kernel, there was nothing to mount its subordinates.
rc.d/zfsbe fills that gap.
Discussed with: allanjude, will
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D7797
because they can use sysrc in conjunction with ssh and xargs to perform
en-masse changes in a large distribution with lots of jails spread over
many hosts on a LAN/WAN.
Provide a mechanism for disabling the warning eschewed by /etc/rc.d/jail
in said situation. If jail_confwarn="NO" is in rc.conf(5) (default "YES")
skip the warning that per-jail configurations are obsolete and that the
user should migrate to jail.conf(5).
Reviewed by: jelischer
MFC after: 3 days
Sponsored by: FIS Global, Inc.
Differential Revision: https://reviews.freebsd.org/D7465
that can be compiled on various OSes (including on older versions
of FreeBSD), make it possible to have it include the partitioning
scheme definitions without pulling in FreeBSD specifics.
In particular this means:
o move the scheme definitions iand related defines to header files
under sys/disk,
o make them (more) portable by using uint#_t (where applicable)
and renaming defines so that they at least have a good prefix,
o make the new headers stand-alone so that they don't need FreeBSD
definitions, like struct uuid(*)
o keep the original headers for compatibility, but rewrite them to
get the scheme definitions from <sys/disk/$scheme.h>.
(*) since UUID/GUID type definitions are non-portable and the GPT
scheme uses them, make it possible to have the scheme definitions
use an external type by allowing consumers of the header to set
GPT_UUID_TYPE. When GPT_UUID_TYPE has not been defined, the header
will use it's own type definition, which is the same as struct uuid.
The gpt_uuid_t typedef is created to abstract the details and allows
consumers to refer to a single type.
There is not conflict between the partitioning scheme headers and
what is defined in them. All headers can be included in the same
source files.
Note: consumers of the old headers have not been changed yet. Such
will be done if and when needed/beneficial.
Reviewed by: imp, jhb
MFC after: 1 month
Sponsored by: Bracket Computing
This change is needed to make the 520.pfdenied script find the new
blacklistd/* anchor points for reporting blocked traffic.
Reviewed by: kp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
filesystems. But their logic contains an error. They also search through
remote filesystems that are mounted on top of the root of a local
filesystem. For example, if a user installs a FreeBSD system with the
default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
/usr/home over NFS, these scripts would search through /usr/home.
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D7482
In preparation for the removal of GNU rcs from base, remove the backup_uses_rcs
functionality from the rc.subr backup_file feature. This functionnality was off
by default
Reviewed by: wblock
Differential Revision: https://reviews.freebsd.org/D7883
evdev is a generic input event interface compatible with Linux
evdev API at ioctl level. It allows using unmodified (apart from
header name) input evdev drivers in Xorg, Wayland, Qt.
This commit has only generic kernel API. evdev support for individual
hardware drivers like ukbd, ums, atkbd, etc. will be committed later.
Project was started by Jakub Klama as part of GSoC 2014. Jakub's
evdev implementation was later used as a base, updated and finished
by Vladimir Kondratiev.
Submitted by: Vladimir Kondratiev <wulf@cicgroup.ru>
Reviewed by: adrian, hans
Differential Revision: https://reviews.freebsd.org/D6998
This is being done to clearly distinguish the libkqueue tests
from the (soon to be imported) NetBSD tests.
MFC after: 58 days
Sponsored by: EMC / Isilon Storage Division
1. Use the leap-seconds version number (update time) to determine
whether to update the file or not.
2. If the version numbers of the files is the same, use the later
expiry date to determine which file to use.
Suggested by: ian@
MFC after: 1 day
to leap-seconds invaldidates validation hash at the end of the file.
Remove svn:keywords and replace with fbsd:nokeywords=yes to
support this change.
MFC after: 1 day
24 hours is too long. Periodic scripts are executed serially, so when
combined with the sleep in 410.pkg-audit periodic could actually take more
than 24 hours and block the next invocation.
Reviewed by: cy
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D7481
As per https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16:
UTC TIME STEP
on the 1st of January 2017
A positive leap second will be introduced at the end of December 2016.
The sequence of dates of the UTC second markers will be:
2016 December 31, 23h 59m 59s
2016 December 31, 23h 59m 60s
2017 January 1, 0h 0m 0s
The difference between UTC and the International Atomic Time TAI is:
from 2015 July 1, 0h UTC, to 2017 January 1 0h UTC : UTC-TAI = - 36s
from 2017 January 1, 0h UTC, until further notice : UTC-TAI = - 37s
Obtained from: ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3676752000
See also: https://www.iers.org/SharedDocs/News/EN/BulletinC.htmlhttps://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16
MFC after: 1 week
Relnotes: yes
For all locales with variants:
- if no ambiguity on the locale (only one variant) just use the regular name
- if ambiguity, pick one as default and append @<variant> to the others
respecting POSIX
As a result:
- All the 3 components locales added recently are renamed to the usual 2
components version for all but sr_RS.UTF-8
- Set sr_RS.UTF-8 to the cyrillic variant
- Add sr_RS.UTF-8@latin
- Remove the symlinks aliases they were created to represent the 2 components
version as aliasas and are now useless
- Update the OptionalObsoleteFiles.inc and ObsoleteFiles.inc to reflect those
changes
Discussed with: ache@
Approved by: re@ (gjb)
This support appears to have been documented in nsswitch.conf(5) for some
time. The implementation adds two NSS netgroup providers to libc. The
default, compat, provides the behaviour documented in netgroup(5), so this
change does not make any user-visible behaviour changes. A files provider
is also implemented.
innetgr(3) is implemented as an optional NSS method so that providers such
as NIS which are able to implement efficient reverse lookup can do so.
A fallback implementation is used otherwise. getnetgrent_r(3) is added for
convenience and to provide compatibility with glibc and Solaris.
With a small patch to net/nss_ldap, it's possible to specify an ldap
netgroup provider, allowing one to query nisNetgroupTriple entries.
Sponsored by: EMC / Isilon Storage Division
leapfile will be ignored and ntpd will behave as if it has no
leapfile.
While here, remove an extraneous blank line.
Suggested by: ache
MFC after: 1 week
for the CONFS issue with dma.conf and ppp.conf.
Thank you very much to Bryan Drewery for looking into the
problem and providing this fix.
Pointyhat: gjb
Sponsored by: The FreeBSD Foundation
The 'CONFS' entries in share/mk/bsd.confs.mk explicitly check
for the 'installconfig', but does not behave properly with the
'distribute' target.
This seems to be related to the previously-reported issues
with files within /etc in the past.
Reported by: Ben Woods
Sponsored by: The FreeBSD Foundation
Files listed in 'CONFS' are not properly included in new
installations (missing from base.txz), for reasons I still
do not fully understand.
This reverts the change excluding /etc/ppp/ppp.conf from
a new installation. /etc/dma/dma.conf is also affected,
but requires a different solution, still being investigated.
Reported by: Ben Woods
Sponsored by: The FreeBSD Foundation
ldconfig is already required by mountcritremote indirectly, as noted by rcorder:
> rcorder: Circular dependency on provision `mountcritremote' in file `ldconfig'.
Having mountcritremote REQUIRE ldconfig breaks dependency ordering.
Making the ldconfig hints be conditionally regenerated from mountcritremote when
remote filesystems are mounted is done after this change, similar to cleanvar
being conditionally called after the change.
Differential Revision: https://reviews.freebsd.org/D6621
PR: 202726
Reviewed by: jilles
Sponsored by: EMC / Isilon Storage Division
As noted in the PR, if etc/rc.d/zvol is removed, netif will be run before
hostid, and the MAC address generated for any bridge devices will be
non-deterministic. Make the MAC address generated be deterministic for
bridge devices by explicitly REQUIRE'ing hostid.
This fixes up the rest of the PR, inadvertently committed in r299844
MFC after: 1 week
PR: 195188
Sponsored by: EMC / Isilon Storage Division
Add zfsd, which deals with hard drive faults in ZFS pools. It manages
hotspares and replements in drive slots that publish physical paths.
cddl/usr.sbin/zfsd
Add zfsd(8) and its unit tests
cddl/usr.sbin/Makefile
Add zfsd to the build
lib/libdevdctl
A C++ library that helps devd clients process events
lib/Makefile
share/mk/bsd.libnames.mk
share/mk/src.libnames.mk
Add libdevdctl to the build. It's a private library, unusable by
out-of-tree software.
etc/defaults/rc.conf
By default, set zfsd_enable to NO
etc/mtree/BSD.include.dist
Add a directory for libdevdctl's include files
etc/mtree/BSD.tests.dist
Add a directory for zfsd's unit tests
etc/mtree/BSD.var.dist
Add /var/db/zfsd/cases, where zfsd stores case files while it's shut
down.
etc/rc.d/Makefile
etc/rc.d/zfsd
Add zfsd's rc script
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
Fix the resource.fs.zfs.statechange message. It had a number of
problems:
It was only being emitted on a transition to the HEALTHY state.
That made it impossible for zfsd to take actions based on drives
getting sicker.
It compared the new state to vdev_prevstate, which is the state that
the vdev had the last time it was opened. That doesn't make sense,
because a vdev can change state multiple times without being
reopened.
vdev_set_state contains logic that will change the device's new
state based on various conditions. However, the statechange event
was being posted _before_ that logic took effect. Now it's being
posted after.
Submitted by: gibbs, asomers, mav, allanjude
Reviewed by: mav, delphij
Relnotes: yes
Sponsored by: Spectra Logic Corp, iX Systems
Differential Revision: https://reviews.freebsd.org/D6564
Always create loopback routes on every fib, for both IPv4 and IPv6
etc/rc.d/routing
Create loopback IPv4 and IPv6 routes on every fib at boot. Revert
278302; now that all FIBs have IPv6 loopback routes, the
"route add -reject" commands won't fail.
tests/etc/rc.d/routing_test.sh
Greatly simplify static_ipv6_loopback_route_for_each_fib. It was
written under the assumption that loopback routes would be added to
a given fib by the kernel as soon as an interface is configured on
that fib. However, the logic can be much simpler now that we simply
add loopback routes to all fibs at boot. This also removes the need
to run the test as root, removes the restriction that
net.add_addr_allfibs=0, and removes the need to configure fibs in
kyua.conf.
Also, add a test case for IPv4 loopback routes
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6582
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.
etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}
usr.sbin/periodic/periodic.sh
Update usage string
usr.sbin/periodic/periodic.8
Minor man page updates
One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.
Reviewed by: brd
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6477
NO leap second will be introduced at the end of June 2016.
This commit reapplies the r298887 minor spelling fix.
Obtained from: ftp://tycho.usno.navy.mil/pub/ntp/.
See also: http://www.iers.org/SharedDocs/News/EN/BulletinC.html
MFC after: 2 weeks
Remove routed as a requirement in NETWORKING, and put it in routed as a BEFORE
requirement instead
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
`BEFORE: netif` was already in etc/rc.d/atm1, so no additional changes
are needed in that script
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
- Use BINDIR instead of FILESDIR
- Default all <FILESGROUPS>MODEs to BINMODE with a single for-loop at the
bottom of the Makefile
- Move all of the conditionals under the relevant MK_* != no build conditional
blocks
Sponsored by: EMC / Isilon Storage Division
convname and dst are guaranteed to be non-NULL by iconv_open(3).
src is an array. Remove these tests for NULL pointers.
While I'm here, eliminate a strlcpy with a correct but suspicious-looking
calculation for the third parameter (i.e. not a simple sizeof).
Compare the strings in-place instead of copying.
Found by: bdrewery
Found by: Coverity
CID: 1130050, 1130056
MFC after: 3 days
Sponsored by: Dell Inc.
Differential Revision: https://reviews.freebsd.org/D6338
Update libarchive to 3.2.0
New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive
Patched files (fixed compiler warnings):
contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)
MFC after: 1 month
Relnotes: yes
This fixes mounting (non-root) USB drives on boot with fsck enabled
(with non-zero 'Pass#' field in fstab(5)).
Reported by: Graham Menhennitt <graham at menhennitt.com.au>
Reviewed by: jilles@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6221
After a discussion on freebsd-fs@ there seemed to be a consensus that
the "-S" option for mountd should become the default.
Since the only known issue w.r.t. using "-S" was fixed by r299201,
this commit adds "-S" to the default mountd_flags.
Discussed on: freebsd-fs
PR: 9619, 131342, 206855
MFC after: 2 weeks
Relnotes: yes
Two new functions are provided, bit_ffs_at() and bit_ffc_at(), which allow
for efficient searching of set or cleared bits starting from any bit offset
within the bit string.
Performance is improved by operating on longs instead of bytes and using
ffsl() for searches within a long. ffsl() is a compiler builtin in both
clang and gcc for most architectures, converting what was a brute force
while loop search into a couple of instructions.
All of the bitstring(3) API continues to be contained in the header file.
Some of the functions are large enough that perhaps they should be uninlined
and moved to a library, but that is beyond the scope of this commit.
sys/sys/bitstring.h:
Convert the majority of the existing bit string implementation from
macros to inline functions.
Properly protect the implementation from inadvertant macro expansion
when included in a user's program by prefixing all private
macros/functions and local variables with '_'.
Add bit_ffs_at() and bit_ffc_at(). Implement bit_ffs() and
bit_ffc() in terms of their "at" counterparts.
Provide a kernel implementation of bit_alloc(), making the full API
usable in the kernel.
Improve code documenation.
share/man/man3/bitstring.3:
Add pre-exisiting API bit_ffc() to the synopsis.
Document new APIs.
Document the initialization state of the bit strings
allocated/declared by bit_alloc() and bit_decl().
Correct documentation for bitstr_size(). The original code comments
indicate the size is in bytes, not "elements of bitstr_t". The new
implementation follows this lead. Only hastd assumed "elements"
rather than bytes and it has been corrected.
etc/mtree/BSD.tests.dist:
tests/sys/Makefile:
tests/sys/sys/Makefile:
tests/sys/sys/bitstring.c:
Add tests for all existing and new functionality.
include/bitstring.h
Include all headers needed by sys/bitstring.h
lib/libbluetooth/bluetooth.h:
usr.sbin/bluetooth/hccontrol/le.c:
Include bitstring.h instead of sys/bitstring.h.
sbin/hastd/activemap.c:
Correct usage of bitstr_size().
sys/dev/xen/blkback/blkback.c
Use new bit_alloc.
sys/kern/subr_unit.c:
Remove hard-coded assumption that sizeof(bitstr_t) is 1. Get rid of
unrb.busy, which caches the number of bits set in unrb.map. When
INVARIANTS are disabled, nothing needs to know that information.
callapse_unr can be adapted to use bit_ffs and bit_ffc instead.
Eliminating unrb.busy saves memory, simplifies the code, and
provides a slight speedup when INVARIANTS are disabled.
sys/net/flowtable.c:
Use the new kernel implementation of bit-alloc, instead of hacking
the old libc-dependent macro.
sys/sys/param.h
Update __FreeBSD_version to indicate availability of new API
Submitted by: gibbs, asomers
Reviewed by: gibbs, ngie
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6004
Make kdc run BEFORE SERVERS instead of being REQUIREd by SERVERS,
so systems that pedantically check REQUIREs function after r270782
MFC after: 1 week
X-MFC with: r270782
Sponsored by: EMC / Isilon Storage Division
By default set to 'YES' so it does not change the current behaviour for users,
this variable allows to decide to not extract crach dumps from the dump
device at boot time by setting it to "NO" in rc.conf.
Sponsored by: Gandi.net
Check if pf.ko is loaded (i.e. /dev/pf exists) before trying to use it. This
means that '/etc/rc.d/pf status' will no longer return 'pfctl: /dev/pf: No such
file or directory' but 'pf.ko is not loaded'.
PR: 205671
Submitted by: Johannes Jost Meixner <xmj@FreeBSD.org>
handle NFS shares containing whitespace. This also adds the -E parameter
to showmount(8).
Reviewed by: emaste@, jhibbits@, wblock@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5649
Extend it to other cases of meta mode cookies so they get the proper rm
cookie behavior when a .meta file detects it needs to rebuild and fails.
Sponsored by: EMC / Isilon Storage Division
Do not start interface when wpa_supplicant or hostapd is used;
they will restart it anyway
Tested with:
* Intel 3945BG, STA mode (wpa_supplicant)
* RTL8188EU, HOSTAP mode (hostapd)
Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5486
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
is exhausted.
How to use:
Basically we need to add on rc.conf an another option like:
If we want to protect only the main processes.
syslogd_oomprotect="YES"
If we want to protect all future children of the specified processes.
syslogd_oomprotect="ALL"
PR: 204741 (based on)
Submitted by: eugen@grosbein.net
Reviewed by: jhb, allanjude, rpokala and bapt
MFC after: 4 weeks
Relnotes: Yes
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D5176
When a user defines "jail_list" in rc.conf the jails are started in the
order defined. Currently the jails are not are stopped in reverse order
which may break dependencies between jails/services and prevent a clean
shutdown. The new parameter "jail_reverse_stop" will shutdown jails in
"jail_list" in reverse order when set to "YES".
Please note that this does not affect manual invocation of the jail rc
script. If a user runs the command
# service jail stop jail1 jail2 jail3
the jails will be stopped in exactly the order specified regardless of
jail_reverse_stop being defined in rc.conf.
PR: 196152
Approved by: jamie
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D5233
Zero pf rule counters so that each daily report lists an absolute
number of rejected packets, not the total since the last time the
machine rebooted (or the counters were manually cleared).
PR: 206467
Submitted by: Rick Adams
Approved by: rpaulo (mentor)
Differential Revision: https://reviews.freebsd.org/D5172
With this change, it's possible to redefine rc_conf_files (e.g.,
sysrc rc_conf_files+=/etc/rc.conf.other) and have the boot process
pick up settings in extra files. The sysrc(8) tool can be used to
query/enumerate/find/manage extra files configured in this manner.
Relnotes: yes
diff(1) output between two files in "new_only"-mode. Otherwise,
with the default of using unified format a remnant of the header
in the output is the result. This is especially irritating when
the two files differ but the second one is empty, amounting to the
vestige of the header being the only readout.
Reported by: Stefan Haemmerl
MFC after: 3 days
The UID/GID 93 is in using by jaber on PORTS, we will use
UID/GID 160 for ypldap(8).
Reported by: antoine
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D5062
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
/etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
automatic leapfile updates be disabled (default).
Automatic leapfile updates are fetched from $ntp_leapfile_sources,
defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
file expiry. Automatic updates can be enabled by setting
$daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
the ntp leapfile source the automatic update randomized by default but
can be disabled through daily_ntpd_avoid_congestion="NO" in
periodic.conf.
Suggested by: des
Reviewed by: des, roberto, dwmalone, ian, cperciva, glebius, gjb
MFC after: 1 week
X-MFC with: r289421, r293037
control algorithm options. The argument is variable length and is opaque
to TCP, forwarded directly to the algorithm's ctl_output method.
Provide new includes directory netinet/cc, where algorithm specific
headers can be installed.
The new API doesn't yet have any in tree consumers.
The original code written by lstewart.
Reviewed by: rrs, emax
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D711
any root mount holds. The previous one used a wrong conditional - the
"err=$?" assignment resets "$?" to 0.
Submitted by: jilles@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
tools/regression/geom_{concat,eli,gate,mirror,nop,raid3,shsec,stripe,uzip}
in to the FreeBSD test suite as
tests/sys/geom/class/{concat,eli,gate,mirror,nop,raid3,shsec,stripe,uzip}
The tools/regression/geom and tools/regression/geom_part testcases are being
left alone because both test sets are both currently broken.
The majority of this work was done on ^/user/ngie/more-tests2 . The differences
are as follows:
- tests/sys/geom/class/Makefile.inc is not present; it was
inlined into the class's Makefiles for explicitness.
- The testcases officially require root via kyua
- The geom_gate(4) tests don't use the pidfile changes proposed in
https://reviews.freebsd.org/D4836 .
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
This commit, fix a core dump on ypldap(8) related with memory allocation.
Also an example of how to set the ypldap.conf(5) properly is added to
examples files.
A new user _ypldap is required to be able to run ypldap(8) as well as
in a chroot mode.
Reviewed by: rodrigc (mentor), bjk
Approved by: bapt (mentor)
Relnotes: Yes
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D4744
case they accidentally get created as directories or with flags that
prevent their removal. While I wouldn't normally go the extra mile
here and let the normal unix rules prevail, the effects of failure are
large enough that extra care is warranted.
Fix a bug in rpcbind for multihomed hosts. If the server had interfaces on
two separate subnets, and a client on the first subnet contacted rpcbind at
the address on the second subnet, rpcbind would advertise addresses on the
first subnet. This is a bug, because it should prefer to advertise the
address where it was contacted. The requested service might be firewalled
off from the address on the first subnet, for example.
usr.sbin/rpcbind/check_bound.c
If the address on which a request was received is known, pass that
to addrmerge as the clnt_uaddr parameter. That is what addrmerge's
comment indicates the parameter is supposed to mean. The previous
behavior is that clnt_uaddr would contain the address from which the
client sent the request.
usr.sbin/rpcbind/util.c
Modify addrmerge to prefer to use an IP that is equal to clnt_uaddr,
if one is found. Refactor the relevant portion of the function for
clarity, and to reduce the number of ifdefs.
etc/mtree/BSD.tests.dist
usr.sbin/rpcbind/tests/Makefile
usr.sbin/rpcbind/tests/addrmerge_test.c
Add unit tests for usr.sbin/rpcbind/util.c:addrmerge.
usr.sbin/rpcbind/check_bound.c
usr.sbin/rpcbind/rpcbind.h
usr.sbin/rpcbind/util.c
Constify some function arguments
Reviewed by: imp
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D4690
up and can cause issues on boot with the prompts. Fix the read-only
root case with horrible kludge of mounting rw removing the files, then
mounting ro. But since that's no more horrible than the kludge of
using marker files in /. With this change, NanoBSD configs can safely
use /firstboot + growfs to produce minimal images that grow to the
size of the card.
contain characters not allowed in a shell variable (such as "-").
These will be replaced by an underscore in jail config variables,
e.g. for jail "foo-bar" you would set "jail_foo_bar_hostname".
This is separate from the current code that changes the jail names
if they contain "." or "/". It also doesn't apply to jails defined
in a jail.conf file.
PR: 191181
MFC after: 5 days
USB NICs.
USB network hardware may not be enumerated and available when the rc.d
networking scripts run. Eventually the USB attachment completes and devd
events cause the network initialization to happen, but by then other rc.d
scripts have already failed, because services which depend on NETWORKING
(such as mountcritremote) may end up running before the network is actually
ready.
There is an existing netwait script, but because it is dependent on
NETWORKING it runs too late to prevent failure of some other rc
scripts. This change flips the order so that NETWORKING depends on netwait,
and netwait now depends on devd and routing (the former is needed to make
interfaces appear, and the latter is needed to run the ping tests in
netwait).
The netwait script used to be oriented primarily towards "as soon as any
host is reachable the network is fully functional", so you gave it a list of
IPs to try and you could optionally name an interface and it would wait for
carrier on that interface. That functionality still works the same, but now
you can provide a list of interfaces to wait for and it waits until each one
of them is available. The ping logic still completes as soon as the first IP
on the list responds.
These changes were submitted by Brenden Molloy <brendan+freebsd@bbqsrc.net>
in PR 205186, and lightly modified by me to allow a list of interfaces
instead of just one.
PR: 205186
Differential Revision: https://reviews.freebsd.org/D4608 (timeout w/o review)
bugfix-only release, with no new features.
Please note that from 3.5.0 onwards, clang and llvm require C++11
support to build; see UPDATING for more information.
tools/regression/mac/mac_portacl into the FreeBSD test suite as
tests/sys/mac/bsdextended and tests/sys/mac/portacl, respectively
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
lib/libc/tests/nss
- Convert the testcases to ATF
- Do some style(9) cleanups:
-- Sort headers
-- Apply indentation fixes
-- Remove superfluous parentheses
- Explicitly print out debug printfs for use with `kyua {debug,report}`; for
items that were overly noisy, they've been put behind #ifdef DEBUG
conditionals
- Fix some format strings
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
RISC-V is a new ISA designed to support computer research and education, and
is now become a standard open architecture for industry implementations.
This is a minimal set of changes required to run 'make kernel-toolchain'
using external (GNU) toolchain.
The FreeBSD/RISC-V project home: https://wiki.freebsd.org/riscv.
Reviewed by: andrew, bdrewery, emaste, imp
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
Differential Revision: https://reviews.freebsd.org/D4445
Currently rc scripts implementing their own start_cmd do not enjoy the
benefits of rc.subr's own check for rc_pid.
This leads to around a third of ports with such a start_cmd not to check for
the process at all and two thirds of ports to re-implement this check
(sometimes wrongly).
This patch moves the check for rc_pid to before ${rc_arg}_cmd is executed.
Submitted by: Dirk Engling
Reviewed by: feld
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4156
This request by the submitter was valid, but unfortunately there is a good deal
of concern over breakage when DESTDIR != / or "", i.e. with release media.
Making this change correct for all cases would make it markedly more complex
than need be
Requested by: bdrewery, ian, imp
PR: 76362
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so. A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR. These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package. The current implementation of targets/ is
very unmaintainable.
Currently rescue/rescue and sys/modules are still not connected.
Sponsored by: EMC / Isilon Storage Division
to the rc scripts. With these changes, setting nfs_server_managegids="YES"
in /etc/rc.conf will enable this capability.
Suggested by: jpaetzel
Tested by: jpaetzel
Reviewed by: rc (pending)
MFC after: 2 weeks
tests/sys/kern/pipe
- Fix style(9) bugs
- Fix compiler warnings
- Use `nitems(x)` instead of `sizeof(x) / sizeof(*x)` pattern
The testcases will be converted over to ATF eventually, but for now will be
integrated in as plain C tests
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
The :encode_tv_random_million testcase fails the epsilon tests a few thousand
times out of one million, so expect the testcase to fail
MFC after: 1 week
Submitted by: keramida
Sponsored by: EMC / Isilon Storage Division
The goal here is to make the upgrade seamless for users
Add aliases for zh_HK
Remove bad symlinks created by previous bad upgrade procedure.
Complete ObsoleteFiles.inc with more locales that have been removed
tree was /usr/src/svn, /sys would point to usr/src/svn
This fixes the assumption that the source tree will always exist at
${DESTDIR}/usr/src
MFC after: 1 week
PR: 76362
Reported by: Scot Hetzel <swhetzel@gmail.com>
Sponsored by: EMC / Isilon Storage Division
output from df, similar to what security/200.chkmounts does. This can be
useful to avoid listing automounted ZFS snapshots, for instance.
MFC after: 1 week
This fixes /var/empty not being schg in the installation.
This was a change from fmtree to nmtree, that -i is now required to
apply these flags.
PR: 194189
Submitted by: guyyur@gmail.com
MFC after: 2 weeks
Relnotes: yes
Most daily_status_security_* variables in periodic.conf were changed to
security_status_* in SVN r254974. The compatibility code for the old names
did not work.
PR: 204331
Submitted by: martin at lispworks.com
MFC after: 1 week
Before this change, the 520.pfdenied script listed all rules that
matched /^block/ in the rule. Restrict the printed output to only
those rules that result in packets being dropped.
PR: conf/187224
Approved by: rpaulo (mentor)
Differential Revision: https://reviews.freebsd.org/D4068
The command was checking local/remote system uptime, so rename the script to
match its function and to avoid confusion
The controlling variable in /etc/periodic.conf has been renamed from
daily_status_rwho_enable to daily_status_uptime_enable.
MFC after: 3 days
Reported by: Peter Jeremy <peter@rulingia.com>
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
if they are not required for mounting rootfs. However, it's possible
that some setups try to mount them in mountcritlocal (ie from fstab).
Export the list of current root mount holds using a new sysctl,
vfs.root_mount_hold, and make mountcritlocal retry if "mount -a" fails
and the list is not empty.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D3709
as lib/libc/rpc
This testcase requires rpcbind be up in running; otherwise the testcases
will time out and be skipped
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
Extend OptionalObsoleteFiles.inc to delete all lib32 files when MK_LIB32 is
set to no on a system that previously had lib32 libraries installed.
Also, to prevent "make delete-old-dirs" from always deleting lib32 directories
after an installworld, move the lib32 subtree to its own mtree file that only
gets applied when MK_LIB32=yes.
Test: Ran "make delete-old" and "make delete-old-libs" on a system that never
had MK_LIB32 enabled, and on a system where MK_LIB32 was enabled and later
disabled. Did this both on amd64 and powerpc64.
Test: Ran "make tinderbox" without errors.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D3923