all instances of `${CMD_OSTYPE}` to just using ${OSTYPE}. This saves us a
shell invocation on anything that is OS-dependent. I seriously doubt that we
will be spontaneously changing OS types during bootup.
in the script. Eliminates a bug where we create a temp file, but don't
delete it since the rm(1) is only done if the check is enabled.
PR: bin/40960
Submitted by: frf <frf@xocolatl.com>
MFC after: 3 days
xntpd_* -> ntpd_*
portmap_* -> rpcbind_*
Also change single_mountd_enable -> mountd_enable
Changing the mountd flags brings us closer to NetBSD.
All of the old variable names are shimmed so you can continue to use the
old variable name.
Finally make /etc/rc.d/mountd no longer dependent on nfs as there are
(apparently) other consumers of mountd.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
xntpd_* -> ntpd_*
portmap_* -> rpcbind_*
Also change single_mountd_enable to mountd_enable.
We also include shims for all the old variable names.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
and others, because test(1) does not do shortcut evaluation.
Fix the same off-by-one error for acd*t* that revision 1.326 fixed
for other *cd devices.
Suggested by: bde
Reviewed by: bde
created cd1 as well due to an off-by-one error left over from
revision 1.249.
PR: conf/20436
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
MFC after: 1 week
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`
sets ${MP} to an empty string so the next line:
set ${MP}
actually just dumps all of the shells variables to stdout (and therefore
the security report). Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.
Reviewed by: brian
MFC after: 3 days
/etc filesystem isn't enough; consequently, add "-i 4096" to the newfs
command for /etc. This results in 1022 inodes, which should be enough
for the forseeable future (although I don't know why we would ever
have more than 1000 files in a default /etc).
Silence by: -current
Submitted by: matt peterson
While I'm here, kill the flags 0x10000 on all the prism based cards.
Both stable and current figure this out on their own and we've had at
least one releases where this is the case.
card behind it (without the pcmcia form factor). This entry gets to
the point of attaching, but there's something wrong with the '29
support, so it doesn't quite work yet.
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
Once upon a time (in rev. 1.81), COPYRIGHT and FREEBSD
were multi-value.
Moved installation of /var/log/cron to where it belongs
(this finishes the change in rev. 1.205).
Removed (with extreme prejudice) a bunch of parentheses
that unnecessarily obfuscated this makefile.
Run pwd_mkdb(8) right after master.passwd is installed.
Install nsmb.conf to /usr/share/examples/etc/.
MAKEDEV: Add MAKEDEV glue for the ti(4) device nodes.
ti.4: Update the ti(4) man page to include information on the
TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options,
and also include information about the new character
device interface and the associated ioctls.
man9/Makefile: Add jumbo.9 and zero_copy.9 man pages and associated
links.
jumbo.9: New man page describing the jumbo buffer allocator
interface and operation.
zero_copy.9: New man page describing the general characteristics of
the zero copy send and receive code, and what an
application author should do to take advantage of the
zero copy functionality.
NOTES: Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS,
TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT.
conf/files: Add uipc_jumbo.c and uipc_cow.c.
conf/options: Add the 5 options mentioned above.
kern_subr.c: Receive side zero copy implementation. This takes
"disposable" pages attached to an mbuf, gives them to
a user process, and then recycles the user's page.
This is only active when ZERO_COPY_SOCKETS is turned on
and the kern.ipc.zero_copy.receive sysctl variable is
set to 1.
uipc_cow.c: Send side zero copy functions. Takes a page written
by the user and maps it copy on write and assigns it
kernel virtual address space. Removes copy on write
mapping once the buffer has been freed by the network
stack.
uipc_jumbo.c: Jumbo disposable page allocator code. This allocates
(optionally) disposable pages for network drivers that
want to give the user the option of doing zero copy
receive.
uipc_socket.c: Add kern.ipc.zero_copy.{send,receive} sysctls that are
enabled if ZERO_COPY_SOCKETS is turned on.
Add zero copy send support to sosend() -- pages get
mapped into the kernel instead of getting copied if
they meet size and alignment restrictions.
uipc_syscalls.c:Un-staticize some of the sf* functions so that they
can be used elsewhere. (uipc_cow.c)
if_media.c: In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid
calling malloc() with M_WAITOK. Return an error if
the M_NOWAIT malloc fails.
The ti(4) driver and the wi(4) driver, at least, call
this with a mutex held. This causes witness warnings
for 'ifconfig -a' with a wi(4) or ti(4) board in the
system. (I've only verified for ti(4)).
ip_output.c: Fragment large datagrams so that each segment contains
a multiple of PAGE_SIZE amount of data plus headers.
This allows the receiver to potentially do page
flipping on receives.
if_ti.c: Add zero copy receive support to the ti(4) driver. If
TI_PRIVATE_JUMBOS is not defined, it now uses the
jumbo(9) buffer allocator for jumbo receive buffers.
Add a new character device interface for the ti(4)
driver for the new debugging interface. This allows
(a patched version of) gdb to talk to the Tigon board
and debug the firmware. There are also a few additional
debugging ioctls available through this interface.
Add header splitting support to the ti(4) driver.
Tweak some of the default interrupt coalescing
parameters to more useful defaults.
Add hooks for supporting transmit flow control, but
leave it turned off with a comment describing why it
is turned off.
if_tireg.h: Change the firmware rev to 12.4.11, since we're really
at 12.4.11 plus fixes from 12.4.13.
Add defines needed for debugging.
Remove the ti_stats structure, it is now defined in
sys/tiio.h.
ti_fw.h: 12.4.11 firmware.
ti_fw2.h: 12.4.11 firmware, plus selected fixes from 12.4.13,
and my header splitting patches. Revision 12.4.13
doesn't handle 10/100 negotiation properly. (This
firmware is the same as what was in the tree previously,
with the addition of header splitting support.)
sys/jumbo.h: Jumbo buffer allocator interface.
sys/mbuf.h: Add a new external mbuf type, EXT_DISPOSABLE, to
indicate that the payload buffer can be thrown away /
flipped to a userland process.
socketvar.h: Add prototype for socow_setup.
tiio.h: ioctl interface to the character portion of the ti(4)
driver, plus associated structure/type definitions.
uio.h: Change prototype for uiomoveco() so that we'll know
whether the source page is disposable.
ufs_readwrite.c:Update for new prototype of uiomoveco().
vm_fault.c: In vm_fault(), check to see whether we need to do a page
based copy on write fault.
vm_object.c: Add a new function, vm_object_allocate_wait(). This
does the same thing that vm_object allocate does, except
that it gives the caller the opportunity to specify whether
it should wait on the uma_zalloc() of the object structre.
This allows vm objects to be allocated while holding a
mutex. (Without generating WITNESS warnings.)
vm_object_allocate() is implemented as a call to
vm_object_allocate_wait() with the malloc flag set to
M_WAITOK.
vm_object.h: Add prototype for vm_object_allocate_wait().
vm_page.c: Add page-based copy on write setup, clear and fault
routines.
vm_page.h: Add page based COW function prototypes and variable in
the vm_page structure.
Many thanks to Drew Gallatin, who wrote the zero copy send and receive
code, and to all the other folks who have tested and reviewed this code
over the years.
which needs an empty directory into which to chroot(2).
Hint to the operator that this directory really _should_ be empty
by creating it with mode 0555 and the system immutable flag (schg)
set.
Reviewed by: des
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
permissions to use for alias and map database files built by
/etc/mail/Makefile. The default is 0640 to assist users in avoiding
a file locking local denial of service.
MFC after: 1 day
pending RE approval
Apparently binding only to 127.0.0.1 inside of a jail actually binds
to the jail IP address as well (in effect, bind to all available
interfaces in the jail).
Submitted by: Helge Oldach <test-smtp@oldach.net>
MFC after: 1 day
pending RE approval
though I would personally prefer to see the broken nameservers fixed
instead of standards compliant applications work around them, I can't
force FreeBSD users to help fight that battle.
Submitted by: Damon Anton Permezel <dap@damon.com>
MFC after: 2 days
pending RE approval
fix a comment that suggested setting ipv6_ipv4mapping to blank. This
will aid in merging with rcng which requires all veriables to be
explicitly set.
Submitted by: Mike Makonnen
MFC after: 1 week
files in each ${local_startup} directory, it also reverses the order of the
directories.
Suggested by: jhb
Reviewed by: jake
Approved by: dougb
MFC after: 1 week
of wtmp.0 is done as mode 600.
This ensures that tight permissions set in /etc/newsyslog.conf for
wtmp logging aren't ``betrayed''.
Suggested by: lumpy <lumpy@the.whole.net>
MFC after: 3 days
The change was introduced in src/etc/security 1.53 almost a year ago
in an attempt to see ipfw deny message logs.
However, ipfw deny/reject logs have been displayed since version 1.13
of the same file as a separate ``job'' and have since moved to
src/etc/periodic/security/500.ipfwdenied.
MFC after: 3 days
rm -f /tmp/.X11-unix/*
If /tmp/.X11-unix didn't already exist, a user could symlink it to a directory
with files that he wants to wipe out, and wait for next reboot.
Reported by: lumpy <lumpy@the.whole.net>
The Blue Concentric CF 802.11b card is a compactflash form-factored card
that does 802.11b, including 128bit encryption.
The Zonet modem pccard is a simple FAX/Modem card.
Both are sold in Guang-Hua Market in Taipei, and functions perfectly
with -current and -stable.
Due to the way we run ls(1), through xargs(1), the leading whitespace
can change even when the setuid files haven't. To avoid displaying
these lines, we currently run diff(1) with the '-w' option. However,
this is probably not the ideal way to go; there is a very, very small
possibility for diff(1) to miss things is shouldn't. So, with the
leading space cleaned, we can revert to the '-b' option which is
"safer."
PR: conf/37618
Reviewed by: brian
MFC after: 3 days
pam_lastlog, so add a dummy session chain to avoid using the one from
pam.d/other. I assume gdm does something similar, so give it a dummy
session chain as well.
Sponsored by: DARPA, NAI Labs.
Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.
Eliminate the need in the second installworld. For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.
Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).
Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).
In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.
Moved the creation of the "crypto" dist from release.5 to
release.2.
In release.3 and doMFSKERN, build kernels in the "world"
environment. KERNELS now means "additional" kernels, GENERIC is
always built.
Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.
Inline createBOOTMFS target.
Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules. GC doMODULES as such.
Assorted fixes:
Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".
Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.
gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.
release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists. Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories. This will be fixed
soon.
Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage. Most of the userland makefiles did not test it for "YES"
anyway.
XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists? (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)
Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.
Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
around. If the kernel boots successfully, the record of this kernel
is erased, it is intended to be a one-shot option for testing
kernels.
This could be improved by having the loader remove the record of
the next kernel to boot, it is currently removed in /etc/rc immediately
after disks are mounted r/w.
I'd like to MFC this before the 4.6 freeze unless there is violent
objection.
Reviewed by: Several on IRC
MFC after: 4 days
alternative MTAs. Therefore, always install rc.sendmail, regardless of
NO_SENDMAIL make.conf setting. Users can still set mta_start_script to a
different script.
This commit is after a repo-copy of src/etc/sendmail/rc.sendmail to
src/etc/rc.sendmail.
Noticed by: Calvin NG <calvinng@brel.com>
MFC after: 3 days
the creation of /var/spool/clientmqueue and therefore the need for the
smmsp user and group if NO_SENDMAIL is defined. This required breaking out
the creation of the directory into a new BSD.sendmail.dist mtree file.
MFC after: 1 week
Added NOOBJ if anyone even attempts to "make obj" here.
Revert to installing files with mode 644 except README.
Make this overall look like a BSD-style Makefile rather
than roll-your-own (this is not a bug).
For the record. Previous revision also fixed the breakage
introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no
longer automatically included from sys.mk.
Reported by: jhay
the .mc file used for /etc/mail/submit.cf. By default,
/etc/mail/freebsd.submit.mc is installed and used.
Requested by: fenner
Submitted by: ume
MFC after: 1 week
Add /etc/rc.d to the startup dirs list. It is a convenient place to put
custom startup scripts instead of hacking a shared rc.local. eg: ftpd in
listener mode, or maybe even sendmail or another mailer, etc.
<peril sensitive sunglasses off>
clientmqueue (submit mail queue).
The new mailq display is only active if both the old
daily_status_mailq_enable is set to "YES" and the new
daily_status_include_submit_mailq is set to "YES" so people who disabled
440.status-mailq won't have any surprises.
Likewise, the new queue run is only active if both the old
daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun
is set to "YES" so people who disabled 500.queuerun won't have any
surprises.
While I am here, remove the [ ! -d /var/spool/mqueue ] checks from
both scripts as the queue directory isn't always /var/spool/mqueue for
the main daemon -- it can be set to anything in the sendmail.cf file.
MFC after: 1 week
prevent the interfaces from being initialized by /etc/rc.network6
wrongly. So, you can explicitly initialize the interfaces by
/etc/pccard_ether.
With previous rc.network6, if you specify pccardd_flags="-z",
net.inet6.ip6.accept_rtadv was wronly set to 0, then RA was not
accepted.
again."
As an alternative to sendmail_enable=NONE, solve the boot time problem
for non-sendmail users completely by moving all of the sendmail startup
code from /etc/rc to /etc/rc.sendmail. The source for that script will
be kept in src/etc/sendmail/rc.sendmail so make.conf's NO_SENDMAIL will
prevent it from being installed. A new rc.conf variable,
mta_start_script specifies the script to run to start the user's
preferred MTA. For backward compatibility, it will default to
/etc/rc.sendmail. The specified script is called out of /etc/rc after
checking to make sure it exists. A new rc.sendmail.8 man page has also
been added which now houses the sendmail_* variable descriptions
formerly in rc.conf.5.
Use /etc/rc.sendmail in /etc/mail/Makefile to reduce code duplication.
Reviewed by: -current, -stable, obrien, peter, ru
MFC after: 1 week
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.
In any case, now it's fixed.
(65536 * 32 - 1), but MAKEDEV only supports up to (32 * 32 -1). Device
names use the unit number in base 32 for all "digits".
This required fixing an old bug in MAKEDEV:ttyminor(). Its arg was the
global $unit instead of $1.
Reminded by: Valentin K. Ponomarenko <valka@krog.ukrtel.net>
MFC-after: 1 week
logic and added a new set of targets for controlling the MSP queue runner
(start-mspq, stop-mspq, and restart-mspq).
Reminded by: Mark Santcroos <marks@ripe.net>
MFC after: 1 week
at boot time.
Instead of rc.conf's sendmail_enable only accepting YES or NO, it can now
also accept NONE. If set to NONE, none of the other sendmail related
startup items will be done.
Remove an extra queue running daemon might be started that wasn't necessary
(it didn't hurt anything but it wasn't needed).
The new logic is:
# MTA
if ${sendmail_enable} == NONE
# Do nothing
else if ${sendmail_enable} == YES
start sendmail with ${sendmail_flags}
else if ${sendmail_submit_enable} == YES
start sendmail with ${sendmail_submit_flags}
else if ${sendmail_outbound_enable} == YES
start sendmail with ${sendmail_outbound_flags}
endif
# MSP Queue Runner
if ${sendmail_enable} != NONE &&
[ -r /etc/mail/submit.cf] && ${sendmail_msp_queue_enable} == YES
start sendmail with ${sendmail_msp_queue_flags}
endif
Discussed with: Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>,
Christopher Schulte <schulte+freebsd@nospam.schulte.org>
MFC after: 1 week
Install sys/<arch>/include/pc/*.h to /usr/include/machine/pc/.
PR: docs/29534
Install sys/netatm/*/*.h to /usr/include/netatm/*/.
Don't install compatibility symlinks for <machine/soundcard.h>
and <machine/joystick.h>. Three years is enough to be aware of
the change, and these weren't visible in the SHARED=symlinks
case.
Back out include/Makefile,v 1.160 that was a null change anyway
due to the bug in the path, and we now don't want to install
these headers because they would otherwise be invisible in the
SHARED=symlinks case.
Don't install IPFILTER headers. Userland utilities fetch them
directly, and they were not visible in the SHARED=symlinks case.
Resurrect SHARED=symlinks in Makefile.inc1.
PR: bin/28002
Prodded by: bde
MFC after: 2 weeks
black lists in the default config, give a pointer to a non-static list.
I was convinced this was the right thing to do after getting a PR
asking to add ORBZ the day before ORBZ went off the air.
PR: conf/35884
MFC after: 4 days
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet)
MFC after: 3 days
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432
Submitted by: Me
administrator wishes to run commands outside of the PATH, he should
use a full pathname for the executable or set the PATH as appropriate
in any local startup scripts.
PR: misc/35770
addition, take out the checks on the $dumpdev. dumpon(8) behaves well
if given a non-existent filename. It gives a nice error message which
is better rather than the current silent failure.
Reviewed by: des
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.
o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).
This creates a special authentication log, which can now be searched
by scripts for authentication events.
argument. Don't fail silently, but let savecore(8) make noise. It
won't behave badly, it doesn't need protection.
At the same time, allow the administrator to have dumpdev enabled
while dumpdir (savecore(8)) is disabled and document how to do it.
PR: conf/35725
systems due to sshd not using the security log class. Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.
Submitted by: aeonflux@synapse.subneural.net
MFC after: 4 weeks
Kerberized CVS (kserver) listens on the same port as normal CVS
(pserver). In /etc/inetd.conf cvs kserver is disabled by default,
but set to listen to the service port 'cvs' which doesn't exist. It
should listen to 'cvspserver'.
PR: 34317
Submitted by: Sean Chittenden <sean@chittenden.org>
seperate the short name and the long name. This was present for most
but not all entries. Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
MFC after: 2 weeks
some new IANA-blessed services and close some PRs. Ports for
Jabber and PostgreSQL.
PR: conf/35219, conf/35220
Submitted by: Sean Chittenden <sean@chittenden.org>
MFC after: 1 day
and looks like no other Unix diskless configuration I've ever seen.
Thus allow a more traditional /etc.
Note, the use of an MFS /var should also be settable.
Otherwise installing ports(packages) is just a total PITA.
rc.conf(5) and the files' inline documentation.
- Add the "closed"-type, documented in both places, but which did not
exist in the code.
- When provided a ruleset, the system should not make any assumptions
about the sites's policy and should add no rules of its own.
- Make the "UNKNOWN" (documented in-line) actual work as advertised,
load no rules.
Prodded by: Igor M Podlesny <poige@morning.ru>
MFC after: 1 week
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions. If this isn't desired, see etc/mail/README for more hints.
Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.
Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.
works and ways to work around common problems people might have.
Include information on reverting to a set-user-ID root sendmail binary in
case anyone really needs to do this.