Commit Graph

4649 Commits

Author SHA1 Message Date
dougb
3066b17d9e Update the test for failed zone transfers to reflect BIND 9.3.1 semantics
Simplify the shell scripting a bit, and remove a useless grep | sed

The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.

PR:		conf/74228
Submitted by:	Jeremy Chadwick <freebsd@jdc.parodius.com>
2005-11-22 22:24:27 +00:00
emax
24ecba159a Remove not needed redirection of kldstat -q output to /dev/null.
Noticed by:	pjd
MFC after:	3 days
2005-11-22 19:17:41 +00:00
emax
3afbecfca5 Revise hcsecd(8) and sdpd(8) rc.d scripts one more time
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;

- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname"
  to avoid collision with "magic" variables;

Inspired by:	yar
MFC after:	3 days
2005-11-22 18:51:43 +00:00
ume
1f2553e461 don't match packets other than IPv4 against divert rule.
divert supports only IPv4.

Reported by:	SAITOU Toshihide <toshi__at__ruby.ocn.ne.jp>
Discussed with:	suz
MFC after:	1 day
2005-11-18 02:23:59 +00:00
yar
962b5dc651 Avoid invoking the current script again when we need
to issue sub-commands, e.g., restart = stop + start.
By calling run_rc_command instead, we provide rc.d
scripts with full control over their configuration
variables.

For an example problem the former approach caused, see
http://lists.freebsd.org/pipermail/freebsd-rc/2005-October/000311.html

Reviewed by:	freebsd-rc
Tested by:	Dirk Engling erdgeist <at> erdgeist.org
MFC after:	2 weeks
2005-11-16 10:45:19 +00:00
ru
876e62604d Diff reduction to RELENG_6. 2005-11-16 07:24:31 +00:00
emax
b45e4c11da Revise hcsecd(8) and sdpd(8) rc.d scripts.
- Have both scripts automatically kldload ng_btsocket(4). I did not want to
  do it, but its easier for users and it seems other scripts do similar things;

- Assign few variables after load_rc_config, so the /etc/rc.conf overrides
  actually work;

MFC after:	1 week
2005-11-15 20:36:26 +00:00
brooks
267072f91c Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or
more IPv4 address from a ranged list in CIRD notation:

ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"

In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.

Submitted by:	Philipp Wuensche <cryx dash freebsd at h3q dot com>
2005-11-14 23:34:50 +00:00
emax
a942e061a3 Add section to start/stop Bluetooth USB devices (via ng_ubt(4))
Submitted by:	Panagiotis Astithas ( past at ebs dot gr )
Reviewed by:	brooks, imp
MFC after:	1 week
2005-11-12 03:42:56 +00:00
ru
0673a083d0 Traditionally expand tabs here. 2005-11-11 21:05:40 +00:00
delphij
42f426fa12 Add dev/speaker into include/ tree 2005-11-11 17:38:10 +00:00
emax
3e42392551 Start integrating Bluetooth into rc.d system.
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.

Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)

The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.

The bluetooth.device.conf(5) and handbook update will follow shortly.

Inspired by:	Panagiotis Astithas ( past at ebs dot gr )
Reviewed by:	brooks, yar
MFC after:	1 week
2005-11-10 19:09:22 +00:00
rse
439f89ac76 Backout r1.11...
> >   There is no need to explicitly add "status" to $extra_commands in
> >   the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
> >   run_rc_command() because of the existing $pf_program.
> >
> >   Submitted by:   Christoph Schug <chris@schug.net>

...because as yar@ points out: "[...] you were relying on evil
side-effects of the variable being named *_program. hose side-effect
have been eliminated since rc.subr rev. 1.42. [...] The point is that
the default "status" method is for rc.d scripts that handle startup and
shutdown of conventional daemons, and not for custom tasks like the pf
case."

The change is still valid in RELENG_6 (and still doesn't have to be
backed out) as long as rc.subr:r1.42 is not MFC'ed to RELENG_6, too.
2005-11-10 10:40:15 +00:00
rwatson
e5230bfcda Fix minor white space nit introduced in 1.102: use spaces, not tabs. 2005-11-08 09:53:28 +00:00
rse
c2b1833590 There is no need to explicitly add "status" to $extra_commands in
the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
run_rc_command() because of the existing $pf_program.

Submitted by:	Christoph Schug <chris@schug.net>
MFC after:	1 week
2005-11-03 13:17:49 +00:00
brooks
d41eafedf7 Add items to unmount to the front of the list so they are unmounted in
reverse (thus allowing /conf to be unmounted).
2005-11-01 01:36:58 +00:00
brooks
f45d60a425 Switch from pax to tar for extracting cpio archives. pax requires a
writable /tmp (or TMPDIR) and thus is unsuitable for this job.

Tested by:	Joerg Pulz <Joerg dot Pulz at frm2 dot tum dot de>
PR:		conf/88293
2005-10-31 22:00:44 +00:00
brooks
8cc0b6538d The -x <format> option of pax is for creation of archives, not
extraction.

This will allow cpio archive support to work, at least in situations
where /tmp is writable.  Because pax requires a writable /tmp it is
unsuitable for this task, but replacing it will come in a later commit.

Submitted by:	Joerg Pulz <Joerg dot Pulz at frm2 dot tum dot de>
PR:		conf/88293
2005-10-31 21:07:14 +00:00
yar
524d4493bb Transforming "ppp-user" into just "ppp", step 5:
Finally, delete the old, unfittingly named file "ppp-user".
2005-10-29 05:12:14 +00:00
yar
da5aa9d8b3 Transforming "ppp-user" into just "ppp", step 4:
The legacy script "/etc/netstart" will start "ppp", not "ppp-user".
2005-10-29 05:08:00 +00:00
yar
2cb8cc35d2 Transforming "ppp-user" into just "ppp", step 3:
Install "ppp" (just repocopied) instead of "ppp-user".
2005-10-29 05:05:52 +00:00
ru
67f1b851d4 Add some significant Ukrainian dates.
PR:		88076
Submitted by:	Andriy Gapon
2005-10-28 21:25:28 +00:00
yar
85be5dff38 Use ${name} in pathnames where appropriate.
The sendmail script already was on this way,
but it didn't reach the end of it yet.
2005-10-28 16:55:38 +00:00
yar
63f6ebb546 Use:
command="/path/to/${name}"

since it's applicable here.  It's the current style of rc.d.

Pointed out by:	pjd
2005-10-28 16:10:56 +00:00
yar
e602bb9ed8 Transforming "ppp-user" into just "ppp", step 1:
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".

The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.

Discussed with: pjd, -rc
2005-10-28 16:07:52 +00:00
yar
4f42d603be Override $command with $foo_program only if $command
has been set in the first place.  This should reduce
unwanted side-effects in rc.d scripts that don't mean
to use $command and rc.subr(8) methods associated with
it at all.

Discussed with:	brooks
Reviewed by:	-rc (silence)
2005-10-26 04:32:31 +00:00
yar
82d988c3c8 Document that `reload' is not provided by default
yet it can be enabled when applicable.
2005-10-26 04:12:34 +00:00
maxim
f75fe16509 o Grammar.
Submitted by:	Ulrich Spoerlein
MFC after:	1 week
2005-10-24 08:53:21 +00:00
yar
01c93e4949 Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
2005-10-23 14:06:53 +00:00
jkim
af52aff9fb wpa_supplicant(8) requires -D option for ndis(4) now. 2005-10-19 22:26:47 +00:00
jhb
238e851643 Allow the process name to be in square brackets ([]) in _find_processes().
PR:		conf/82430
Submitted by:	Pavel Volkov pol at iib dot ru
MFC after:	1 week
2005-10-17 19:01:53 +00:00
ru
b40b074ce3 Remove redundant include. 2005-10-14 15:26:23 +00:00
pjd
37920cc810 First start rc.d/ipsec and then rc.d/mountcritremote, so we can mount
NFS file system over IPsec.

Suggested by:	Tomasz Pi³at <tomasz.pilat@axelspringer.pl>
2005-10-12 22:14:44 +00:00
pjd
053665bac9 setkey(8) was repo-copied from usr.sbin/ to sbin/.
This will allow for NFS mount of /usr over IPsec.

Discussed on:	arch@
2005-10-12 21:40:41 +00:00
emax
79a31f9053 Connect rc.d scripts for the hcsecd(8) and sdpd(8) daemons to the build.
MFC after:	1 month
2005-10-12 00:45:58 +00:00
emax
cf4406c1aa Add rc.d scripts for the hcsecd(8) and sdpd(8) daemons. Put defaults into
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.

MFC after:	1 month
2005-10-11 19:16:48 +00:00
ume
a358b1f631 stop RFC 4193 address on the outside interface.
MFC after:	1 day
2005-10-05 07:00:42 +00:00
brooks
591862f3fe Use more rc.subr bits to clean up pccard_ether and implement new
features.  Both the presence of a NOAUTO keyword and an interface being
up can be ignored is the forcestart option is used.  Additionally, a
restart option has been added.

Reviewed by:	ume
2005-10-03 18:20:44 +00:00
scottl
6026f74dcd Add the lmcconfig tool for controlling the lmc driver. Add man pages and
glue.

Submitted by: David Boggs
2005-10-03 07:09:41 +00:00
yar
6037bb20e3 Use available rc.subr features.
Reduce code duplication.
Follow the current style of rc.d scripting.
2005-10-02 19:17:49 +00:00
yar
778f700a67 Record dependency on the newly introduced pfsync.
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)

Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.

Discussed with: mlaier on -pf
MFC after:	5 days
2005-10-02 19:12:42 +00:00
yar
327895a26d Add an rc.d script to start pfsync at the right moment of the
system boot, and hook it up in the system.

The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.

Discussed with:	mlaier on -pf
MFC after:	5 days
2005-10-02 18:59:02 +00:00
yar
470062ac3b Use rc.subr(8) appropriately:
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
  (pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
  decorate them sufficiently.
2005-10-02 15:54:26 +00:00
maxim
1becc1ee39 o Remove unfinished code and make it possible to override
bsdextended_script from rc.conf(5):

Not objected by:	trhodes
2005-10-02 07:03:00 +00:00
yar
1069404ea9 Fix the usage of rc_usage. The rc_usage function takes
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.
2005-10-01 20:58:03 +00:00
nyan
d2e8ad6a16 Use hw.machine_arch instead of hw.machine. 2005-09-30 13:27:36 +00:00
brooks
3f995d4eb8 Be less IPv4 centric. When checking if the interface is already
configured, check if the UP flag is set instead of checking for the
netmask keyword.
2005-09-28 19:59:18 +00:00
yar
0dc753e21a Make it a good-mannered rcNG script respectful to the command line. 2005-09-28 16:24:47 +00:00
brooks
436b84c750 Don't print anything if we can't do any localpkg shutdown (start already
does this).

Submitted by:	Andre Albsmeier <Andre dot Albsmeier at siemens dot com>
PR:		conf/86606
2005-09-27 02:05:55 +00:00
pjd
264e350e93 Simplify the code by making use of 'kldstat -q -m <mod>'.
No objections from:	mlaier
2005-09-24 15:57:17 +00:00
pjd
0b524fa9c8 Simplify the code a bit by using newly added (to kldstat(8) '-q') option. 2005-09-23 23:53:35 +00:00
wollman
49e164220d If we're not installing OpenSSH in the base, don't install its startup
file either.  This clears the way for third-party SSH ports to install
an RCng startup script.
2005-09-23 16:54:09 +00:00
rwatson
b5d6d150d4 Add a new rc.conf entry, kerberos5_server_flags, which allows the
administrator to specify additional start-up flags to the Kerberos
5 Authentication Server.

MFC after:	3 days
2005-09-20 11:13:28 +00:00
rodrigc
58834f5972 In mountd_precmd(), use rc_args, not mountd_args to
override the value of mountd_args.  This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.

PR:		conf/86260
Submitted by:	Thierry Herbelot <thierry at herbelot dot com>
MFC after:	3 days
2005-09-18 17:04:26 +00:00
rwatson
32a45dd89e Use sysctl -q when querying for kern.bootp_cookie in order to avoid
printing boot-time errors that don't reflect true error conditions.

MFC after:	1 week
2005-09-15 16:09:28 +00:00
rwatson
6f04d98412 Use kenv -q to extract dumpdev rather than kenv, in order to avoid
spamming the console in the event that a loader tunable 'dumpdev'
isn't defined, which is not a relevant failure to report.

MFC after:	1 week
2005-09-13 19:07:02 +00:00
maxim
e6775c1a34 A new version of rev. 1.4: postpone a temporary file creation
until we realize if ipfw(4) ever used.

PR:		bin/85970
Submitted by:	Andre Albsmeier
MFC after:	3 days
2005-09-11 14:29:58 +00:00
grehan
70f9da6719 Comment out ofw_console 'screen' entry and zs tty entries.
The OpenFirmware console isn't used on real systems anymore and
I never get to multi-user mode in psim. There are problems with
zs that need to be resolved before these lines can be enabled.

This eliminates disconcerting warnings on boot.

MFC after:	2 days
2005-09-10 22:46:03 +00:00
cperciva
4c165daa8d Teach portsnap how to ignore unwanted parts of the ports tree. A line
of the form "REFUSE foo" in portsnap.conf will result in parts of the
tree matching "^foo" being (a) not extracted by "portsnap extract", (b)
not updated by "portsnap update", and (c) not having any patches or new
ports downloaded by "portsnap fetch" or "portsnap cron". The example
shown in portsnap.conf demonstrates ignoring all the language categories.

As mentioned in portsnap.conf.5, the use of an imcomplete ports tree is
not officially supported; but this is something which many users have
requested, so I'm adding it anyway.

PR:		bin/85619 (but not the patch provided therein)
MFC after:	1 month
2005-09-06 19:28:37 +00:00
dougb
9d72996973 In accordance with my intentions announced (and not objected to)
on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt)
which officially deprecates all usage of IP6.INT, remove the
reference to that zone from the example named.conf file.
2005-09-05 13:42:22 +00:00
keramida
57d500e0a7 Remove duplicate "at" from comment. 2005-09-04 21:57:23 +00:00
brooks
850d1c399d Actually block Ctrl-C (SIGINT=2).
Reported by:	sam
Pointy hat to:	brooks
2005-09-02 18:30:16 +00:00
brooks
7d67985300 - Alwasy explicitly bring the interface up before configuring it.
- If an interface's ifconfig_<ifn> is set, but empty, don't set it to
   ifconfig_DEFAULT.  This way interfaces can be disabled even in the
   presence of ifconfig_DEFAULT.
 - When listing interfaces and network_interfaces=auto, place lo0 first
   if it's around.
2005-09-02 17:11:13 +00:00
brooks
1b74cef931 Block SIGQUIT (Ctrl-C) while running in startup mode. This should allow
dhclient's to be killed without stopping all boot progress.

Minor cleanup of the interface list generation code.
2005-09-02 17:05:07 +00:00
keramida
6417f6af98 Add a short description of how a literal colon ':' can be inlined in the
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.

Triggered by:	a question by Ceri on -questions
2005-08-31 15:02:11 +00:00
glebius
5facd9e67a Fix braino in last commit. Print nothing if ipfw(4) is not present. 2005-08-31 08:31:14 +00:00
gshapiro
e5e2fe755b Be sure to execute sendmail_precmd() to check sendmail.cf conflicts and
rebuild the aliases file if necessary.

PR:		conf/72910
Submitted by:	matteo@
MFC after:	3 days
2005-08-30 03:41:59 +00:00
bmah
4ddb80f603 Fix minor typo in a comment. 2005-08-28 18:48:04 +00:00
imp
88de47450a Allow one to override the endian flags for make distribution. This
can be useful for when you know that you are doing something that
won't work with the standard settings and different settings are more
appropriate.
	This allows 5.3 tools to build a 6.x userland when these
	values are set to null.
2005-08-26 18:54:06 +00:00
brooks
d3e1bd8576 Support ifconfig_<ifn> variables containing quoted variables with spaces
in them by wrapping the ifconfig command with eval "...".

For example, this allows:

ifconfig_iwi0="DHCP ssid 'foo bar baz'"
2005-08-26 04:06:17 +00:00
yar
473f777e4d Stop hard-coding an -M flag to mdmfs(8) in /etc/rc.subr.
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags.  The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.

Submitted by:	marck
MFC after:	3 days
2005-08-24 16:25:47 +00:00
brooks
ec73ff7b51 - Remove the removable_interfaces variable. /etc/pccard_ether will
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
  of an interface at boot or via /etc/pccard_ether.  This allows
  /etc/rc.d/netif to be used to start and stop an interface on a purely
  manual basis.  The decision to affect pccard_ether may be revisited at
  a later date.

Requested by:	imp, gallatin (removable_interfaces)
Discussed with:	sam, Randy Bush (NOAUTO)
2005-08-24 01:23:49 +00:00
cperciva
2f763eca1d When looking for new lines in diff output, grep for '^[>+]' instead of
'^>', in order to catch both normal and unified diffs.

Problem reported by:	volker at vwsoft dot com via -stable
MFC after:	3 days
2005-08-22 09:33:36 +00:00
glebius
34a844087d - Correctly parse output, when logging amount is limited in the
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
  their own log limits.

PR:		conf/77929
Submitted by:	Andriy Gapon [1]
Reviewed by:	matteo
2005-08-20 09:41:49 +00:00
brooks
e7d53d1ef4 Add two new template sources, /conf/bcast/${ipbca} and /conf/ip/${ip}.
These allow large installations to keep their /conf directory down to a
managable number of entries.

Clean up the handling of dhcp_cookie.
2005-08-17 00:28:38 +00:00
pjd
230cfc984d Fix (/usr could not be mounted yet, so there is no grep(1) available) and
simplify checking for g_eli module.

MFC after:	3 days
2005-08-14 22:16:34 +00:00
pjd
b6cb84e760 Connect geli and geli2 ro the build.
MFC after:	3 days
2005-08-14 18:25:35 +00:00
pjd
a2b7d69791 Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
             detach on last close.

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	3 days
2005-08-14 18:02:22 +00:00
pjd
4c42e011b4 Move 'local_tr' function to rc.subr and change its name to 'ltr'.
MFC after:	3 days
2005-08-14 17:28:15 +00:00
cperciva
7d8af51fdc Add portsnap to the base system. This is a secure, easy to use,
fast, lightweight, and generally good way for users to keep their
ports trees up to date.

This is version 0.9.4 from the ports tree (sysutils/portsnap) with
the following changes:
1. The experimental pipelined http code is enabled.  No seatbelts
in -CURRENT. (^_^)
2. The working directory has moved from /usr/local/portsnap to
/var/db/portsnap (as discussed on -arch two days ago).
3. Portsnap now fetches a list of mirrors (distributed as DNS SRV
records) and selects one randomly.  This should help to avoid the
uneven loading which plagues the cvsup mirror network.
4. The license is now 2-clause BSD instead of 3-clause BSD.
5. Various incidental changes to make portsnap fit into the base
system's build mechanics.

X-MFC-After:    6.0-RELEASE
X-MFC-Before:   5.5-RELEASE
X-MFC-To:       RELENG_6, RELENG_5, ports
discussed on:   -arch and several other places
"yes please" from:      simon, remko, flz, Diane Bruce
thinks this is a great idea:    bsdimp
Hopes he didn't forget any files:       cperciva
2005-08-08 20:10:06 +00:00
pjd
2363572625 Back-out previous commit - we need to skip logging socket when we start a
jail and external syslogd is listening in jail's chroot.

Pointed out by:	csjp

While here, skip also "logpriv" socket.
2005-08-08 09:46:09 +00:00
pjd
ef1fbf3ef9 Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.

It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).

MFC after:	1 week
2005-08-07 23:19:02 +00:00
pjd
309ea12cd0 We don't need to skip /var/run/log socket, as syslogd is always started
after rc.d/cleanvar. And if we wanted to skip /var/run/log we still needed
to skip /var/run/logpriv, which wasn't implemented.
2005-08-07 23:10:32 +00:00
pjd
d369af7dc0 Allow to give more than one jail's name, eg.:
# /etc/rc.d/jail start www mail

MFC after:	3 days
2005-08-07 22:38:41 +00:00
pjd
0c7478173c Teach rc.d/encswap script how to use geli(8) for swap encryption.
MFC after:	3 days
2005-08-05 23:38:51 +00:00
pjd
0b10714f0f gbde_swap has been repo-copied to encswap.
Repo-copy made by:	markm
2005-08-05 21:23:08 +00:00
pjd
1dc02f5edc Remove gbde_swap_enable option which doesn't work and doesn't really have to
work, as one still needs to put <device>.bde into /etc/fstab.
2005-08-04 08:19:13 +00:00
sam
84822f3de1 eliminate the regex used to match ethernet and 802.11 devices;
instead use the interface's media-type

Reviewed by:	imp
MFC after:	1 week
2005-08-02 18:28:31 +00:00
imp
c6224df3d7 Add a couple of missing nic interfaces that have been added: iwi, ipw,
ral and ural.  Add a comment about this regexp being lame, which
should shock no-one.  Add a comment about why rescans are disabled on scsi
cards.
2005-07-28 03:51:54 +00:00
pjd
4bb68a8b05 Forgot to add this change when commiting geli.
Reported by:	cperciva
2005-07-28 00:53:47 +00:00
brooks
381391f129 Silence the de-bouncing of dhclient start up. The previous output
caused significant mental anguish for some portions of the user
population. :)
2005-07-26 00:37:19 +00:00
ru
ec1d8a2559 Require that DESTDIR be set before running "make distribution". 2005-07-22 10:35:35 +00:00
obrien
318f4e03ec This depends on syslogd due to logger(1). 2005-07-22 00:57:37 +00:00
obrien
af93289086 Embellish the dependency lists - this script depends having awk(1),
and it needs syslogd due to using logger(1).
Have it run as early as possible to save battery power for laptop users.
2005-07-22 00:57:04 +00:00
obrien
bb3cca0254 Minor comment re-alignment. 2005-07-22 00:38:55 +00:00
pav
0e0f1d53fe - Mention special behaviour of init(8) when kern_securelevel="0"
Suggested by:	Miroslav Lachman <000.fbsd@quip.cz>
Approved by:	cperciva (src hat)
2005-07-21 15:17:54 +00:00
ru
2a7034130d Pass -i to pwd_mkdb(8) to ignore locking failures. This can be useful
for NFS installing world/kernel to another machine.
2005-07-15 14:52:29 +00:00
grehan
2976fcbe92 Remove obsolete ttya/ttyb entries and replace with ttyy0/1.
Mark origin of ofw_console(4) and zs(4) devices.

MFC after:  3 days
2005-07-14 07:08:49 +00:00
jkim
08e6ec1ce1 `net.inet.ipf.fr_running' can be a negative value, which was introduced by
recent ipfilter import.

Approved by:	re (scottl), anholt (mentor)
2005-07-07 05:59:44 +00:00
brooks
680c0ca6d1 Remove REQUIRE and BEFORE lines since this script is not run by rcorder
at startup.  Instead it is called by other scripts.

Approved by:	re (network interface startup blanket)
2005-06-30 17:50:34 +00:00
brooks
c724d1075b - Remove the pccard_ifconfig variable in favor of a new
ifconfig_DEFAULT variable.  Unlike pccard_ifconfig, ifconfig_DEFAULT
   applies to all interfaces that do not specify an ifconfig_<ifn>
   variable rather than just those listed in removable_interfaces.
 - Correct the list of interfaces when network_interfaces and
   removable_interfaces are both set by including removable_interfaces
   in the list of canidates.
 - When listing dhcp interfaces, include those with other ifconfig
   options so nat works.

Approved by:	re (network interface startup blanket)
2005-06-30 05:02:34 +00:00
brooks
17407ba288 Add support for starting wpa_supplicant by adding the WPA keyword to an
interface's ifconfig_<ifn> entry in /etc/rc.conf.

Approved by:	re (network interface startup blanket)
2005-06-30 04:52:47 +00:00
brooks
da81e8c0fc When interfaces are given on the command line, don't attempt to filter
them.  Just try to run the given command on them.  We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.

Approved by:	re (interface startup blanket)
2005-06-30 04:46:21 +00:00
pjd
573c1a1020 Introduce new per-jail variable jail_<name>_flags, which allows to specify
jail(8) flags (before the change we had hardcoded "-l -U root").

Submitted by:	Frank Behrens <frank@pinky.sax.de>
PR:		conf/80244
Approved by:	re (scottl)
MFC after:	1 week
2005-06-26 16:30:20 +00:00
dd
570bbf677f Unbreak the ipfilter_loaded function. There doesn't seem to be a way
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.

Approved by:	re (dwhite)
2005-06-21 09:39:09 +00:00
brooks
b4f8c168e5 Make sure we actually read the config files before testing values from
them.

Reported by:	Darren Pilgrim <dmp at bitfreak dot org>
PR:		conf/82313
Approved by:	re (network interface startup blanket)
2005-06-16 18:08:04 +00:00
lesi
dd07f0a552 Move couple of directories out of mtree and into their respective
ports. This mtree now specifies basic structure of X11BASE, similarly
to BSD.local.dist.

No objections on: freebsd-x11@
Approved by:	re (dwhite), portmgr
2005-06-15 02:27:41 +00:00
gshapiro
c1f0877e6f Use new OSTYPE(freebsd6).
Approved by:	re (scottl)
Requested by:	keramida
2005-06-14 02:25:17 +00:00
marius
843acabcc3 - In preparation to turning syscons(4) etc. on by default in the sparc64
GENERIC comment in ttyN.
- Add the name of the device driver creating the device nodes above the
  respectives blocks so it's easier for user to find the right entry to
  shut up warnings from getty(8). Replace 'Requires device 'uart' be
  enabled.' with just 'uart(4)' as the former referred to a sparc64
  GENERIC back when uart(4) wasn't enabled by default, yet.
- Turn off the getty(8) on screen as screen is created by ofw_console(4)
  which is no longer enabled in the sparc64 GENERIC (and also only is a
  last resort) to shut up warnings from getty(8) with the current GENERIC.
2005-06-10 23:06:14 +00:00
nectar
a23214e059 Remove rexecd(8), a server that implements a particularly insecure
method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
2005-06-10 20:52:36 +00:00
ache
d2308ab790 Back out "rw" locale addition for reason unknown to me (forced by portmgr) 2005-06-10 20:14:38 +00:00
ache
957be7650c Add locale/rw 2005-06-10 11:24:30 +00:00
jkoshy
1d3209ab83 MFP4:
- Implement sampling modes and logging support in hwpmc(4).

- Separate MI and MD parts of hwpmc(4) and allow sharing of
  PMC implementations across different architectures.
  Add support for P4 (EMT64) style PMCs to the amd64 code.

- New pmcstat(8) options: -E (exit time counts) -W (counts
  every context switch), -R (print log file).

- pmc(3) API changes, improve our ability to keep ABI compatibility
  in the future.  Add more 'alias' names for commonly used events.

- bug fixes & documentation.
2005-06-09 19:45:09 +00:00
brooks
70938bdd39 Remove default and documenation for pccard_ether_delay since I removed
it from /etc/pccard_ether.

Submitted by:	Jeremie Le Hen <jeremie at le-hen dot org>
2005-06-08 00:05:58 +00:00
brooks
dc7f878d88 Fix return values of ifconfig_up/down.
Reported by:	Andrea Campi
2005-06-07 23:59:45 +00:00
des
5f1929e7d4 Change the default for dumpdev to "AUTO". It should be reverted to "NO"
on RELENG_* branches.
2005-06-07 15:22:08 +00:00
des
f7c1b7b972 Honor the "dumpdev" kenv variable if it is set and the "dumpdev" rc
variable is set to "AUTO".

MFC after:	2 weeks
2005-06-07 15:20:10 +00:00
brooks
5a3d620fb1 Support code for the OpenBSD dhclient. This significantly changes the
way interfaces are configured.  Some key points:

  - At startup, all interfaces are configured through /etc/rc.d/netif.
  - ifconfig_<if> variables my now mix real ifconfig commands the with
    DHCP and WPA directives.  For example, this allows media
    configuration prior to running dhclient.
  - /etc/rc.d/dhclient is not run at startup except by netif to start
    dhclient on specific interfaces.
  - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
    it's work.
  - /etc/pccard_ether no longer takes additional arguments to pass to
    ifconfig.  Instead, ifconfig_<if> variables are now honored in favor
    of pccard_ifconfig when available.
  - /etc/pccard_ether will only run on interfaces specified in
    removable_interfaces, even if pccard_ifconfig is set.
2005-06-07 04:49:12 +00:00
maxim
d1e4c87cf9 Finish adding _dhcp user. 2005-06-07 03:41:20 +00:00
brooks
c05aa0dd93 Add _dhcp user/group as required by the OpenBSD dhclient. 2005-06-06 20:19:56 +00:00
obrien
3747899cae Remove RCng files that were brought in from NetBSD, but we ended up not
using them (or did and no longer do).
2005-06-06 02:51:26 +00:00
marius
a5dfc9120a Add esp(4) to scsi-controller-regex.
MFC after:	1 month
2005-06-04 21:05:37 +00:00
rwatson
06d01f1fcd Add /etc/security, into which the BSM audit configuration files will be
installed.  This is the same directory as found on Solaris.

NB: In FreeBSD 4.x and earlier, a script (file) named /etc/security
exists.  Does mergemaster need to be taught how to replace a file with
a directory?

Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2005-05-30 20:51:13 +00:00
rwatson
2608c23876 Add /usr/include/bsm to mtree creation set.
Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2005-05-29 16:18:29 +00:00
sobomax
c13418a2a7 Add cdce(4) into the list of ethernet interfaces. 2005-05-23 16:23:28 +00:00
pjd
56ad93da86 We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
2005-05-23 12:25:33 +00:00
schweikh
87aa0afa3d Style: mostly tabs vs blanks, and semicolon placement. 2005-05-22 16:22:23 +00:00
marcus
f320f90aa1 Add libdata/pkgconfig. It is used under ${LOCALBASE} as much (if not more)
than under ${X11BASE}.

Discussed with:	portmgr
MFC after:	1 day
2005-05-13 04:06:04 +00:00
brian
f3b828668d Run /etc/rc.d/syscons restart when a usb keyboard is attached so that the
keymap and other settings are correct.
2005-05-11 10:24:20 +00:00
csjp
86d0205844 Do not unconditionally mount devfs to ${jail_devdir}/dev. First check
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.

Discussed with:	pjd
MFC after:	1 week
2005-04-30 00:16:00 +00:00
brooks
02891f1c55 To allow /etc to be as minimal as possible in a diskless setup, we need
to run initdiskless before we run rcorder on /etc/rc.d.  To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.

Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.

Discussed on:	freebsd-rc
Repocopy by:	peter
2005-04-29 23:02:56 +00:00
des
aef5277078 X logins should be recorded in lastlog / wtmp / utmp. I have no idea why
this wasn't there already...  it makes much more sense this way.

MFC after:	2 weeks
2005-04-28 07:59:09 +00:00
dougb
37f3e68064 Add -h to the ln command to make the -f flag actually do something.
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.

The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
2005-04-24 01:51:22 +00:00
glebius
07ad0b76bc Add startup script and default configuration file for bsnmpd.
Reviewed by:	harti
2005-04-17 10:47:58 +00:00
csjp
b2d40e185a Do not remove logging sockets. This fixes an issue where logging
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).

Discussed with:	pjd, green, cperciva
MFC after:	1 week
2005-04-14 03:56:06 +00:00
thomas
87d4b4820b Document that dumpdev may be set to AUTO to dump to the first appropriate
swap device listed in /etc/fstab.
2005-04-12 15:21:51 +00:00
dougb
7558fa129d The alternative suggested for /entropy as a shutdown
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.

In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.

PR:		conf/75722
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
2005-04-11 02:45:05 +00:00
njl
77a934a1ee Set CPU speed to 100% in acpi_throttle attach. This is needed for some
systems that boot with this value at the lowest setting.  Change the
default boot config back to "leave frequency as BIOS set it".  Also, fix
buglet where acpi_throttle wouldn't be used if p4tcc was present but
disabled by the user.

MFC after:	1 week
2005-04-10 20:04:30 +00:00
obrien
bdc63e8f10 'dumpon' can run before 'initrandom' so make it.
This gives a better chance of debugging /dev/random related panics.
2005-04-05 18:59:24 +00:00
seanc
c8a26af59b When reloading rules via rc.d/pf, flush everything but existing state
entries that way when rules are read in, it doesn't break established
connections.

Approved by:	mlaier
Reviewed by:	rc
MFC after:	3 weeks
2005-04-04 23:06:10 +00:00
njl
8e90cdc27b Instead of leaving the current frequency setting at whatever the BIOS set
on boot, force it to HIGH.  This is needed for some systems which appear
to boot with a low acpi_throttle setting by default.  Thanks to Christian
Brueffer for tracking this down on his system.

MFC after:	1 day
2005-04-03 21:45:20 +00:00
trhodes
52ff34dd11 Add a ugidfw_load() function and fix up some of the scripting in this file.
This will allow better integration with the ports system.

Submitted by:	clement
2005-04-02 00:01:03 +00:00
ru
b7500638b6 Purge orphan catpages.
PR:		conf/35242
Submitted by:	Annihilator <annihilator.c@usa.net>
2005-03-30 18:02:49 +00:00
cperciva
88aa2cd1d8 netstart is now obsoleted by /etc/rc.d/*, not by /etc/rc.network.
Reported by:	Martin Jakob, on freebsd-stable@
MFC after:	1 month
2005-03-26 20:10:24 +00:00
krion
366d756d2b Add mt locale directory, since more and more ports create and use it.
Approved by:	kris
MFC after:	3 days
2005-03-22 18:29:41 +00:00
njl
b39d6b16b2 Remove the 'usbd' keyword (it isn't necessary for mixer). Also, use
BEFORE instead of REQUIRE.

Probably ok by:	jhb
MFC after:	3 days
2005-03-17 22:36:16 +00:00
ru
e4eb567539 Start natd(8) before loading firewall rules, to give the
ipdivert.ko module a chance to load.
2005-03-16 08:47:48 +00:00
dougb
650ccf9997 Unhook the recently departed lomac file from the build.
Forgotten by:	trhodes (the real one)
2005-03-13 08:07:11 +00:00
trhodes
fa95e1004c Remove mac_lomac(4) functionality. The proper way is to use loader.conf
or build the policy into a kernel.

Approved by:	rwatson
2005-03-12 21:09:15 +00:00
glebius
658ce18125 Fix a terrible braino in last commit. Put kern.debug back to /var/log/messages
and do exactly what last commit message described.
2005-03-12 12:31:16 +00:00
obrien
db39edbb65 Be consistent about the serial line terminal type.
CVS ----------------------------------------------------------------------
2005-03-09 03:57:08 +00:00
ru
47f2612399 New Ukrainian locale: uk_UA.CP1251.
Submitted by:	Alexander Peresunko
2005-03-04 14:24:30 +00:00
brooks
0c521317a0 It is sufficent to require rcconf rather than initdiskless. 2005-03-02 19:03:08 +00:00
brooks
924c3f6df2 Remove stray else.
Reported by:	Tai-hwa Liang <avatar at mmlab dot cse dot yzu dot edu dot tw>
Point hat:	brooks
2005-03-02 16:41:35 +00:00
brooks
5960c03b45 Allow chkprintcap(8) to be run before lpd is started. Disabled by
default for now.  Default flags create missing directories.

Remove comment about doing this in etc/rc.d/var.

Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.

PR:		conf/71488
Submitted by:	RZ-FreeBSD0904 at fh-karlsruhe dot de
2005-03-02 02:46:47 +00:00
brooks
e0e77927b6 If we don't have /usr/sbin/mtree, try to mount /usr. We're only likely
to hit this case when /usr is remote and thus hasn't been mounted (since
you're supposed to have /var before mounting remote file systems).
Normal machines that don't have a /var for some reason will have /usr
already available because it's local.
2005-03-02 00:58:05 +00:00
brooks
ff2589bdb2 Remove a number of entries from the distribution target that are
automaticly created at boot.  There's no need to maintain a list of
files and permissions in multiple places.  This also means binary
updates won't stomp on log files.

For the record, utmp is created in etc/rc.d/cleanvar, wtmp and lastlog
in etc/rc.d/var, and the reset via etc/rc.d/newsyslog.
2005-03-02 00:44:39 +00:00
brooks
14774e80ee - Update etc/rc.d/newsyslog to FreeBSD standards and install it.
- Enable it by default, running newsyslog with -CN which creates files
   that have the C flag specified in /etc/newsyslog.conf.
 - Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
   newsyslog.
 - Add the C flag to entries in /etc/newsyslog.conf that are currently
   installed as part of the base system.

There are two effects from this change:
 - Users who delete default syslog files to stop logging to them
   will need to set newsyslog_enable=NO in rc.conf or remove the C
   flag from those file in /etc/newsyslog.conf or they will come back
   on the next boot.
 - Diskless systems now create the same set of files that ordinary
   systems have by default instead of every file in newsyslog.conf.
2005-03-02 00:40:55 +00:00
brooks
ae565b7e33 - Remove the dependency of /usr/bin/touch by using "cp /dev/null <target>"
to create /var/log/lastlog.
- Also create /var/log/wtmp if missing.
- Attempt to create these files unless populate_var is NO rather then
  only when /var is empty or populate_var=YES.
2005-03-01 22:08:15 +00:00
trhodes
db9271ae9e Add rc.bsdextended. It's been tested enough. 2005-03-01 03:59:24 +00:00
ru
8115657ff0 Bootstrap pwd_mkdb(8) and use its new feature during "make distribute". 2005-02-28 22:55:43 +00:00
ru
43bead57c4 Step 1/2 of making "make distribute" work for cross-builds. 2005-02-28 14:16:53 +00:00
njl
a7262484e5 Install acpi includes in dev/acpica. This should later be trimmed (the pci
bus one is not needed) and ifdef _KERNEL added.

PR:		kern/74215
MFC after:	1 day
2005-02-28 02:20:03 +00:00
njl
6583ba4496 command_args is redundant.
Submitted by:	Pawel Worach
2005-02-27 07:11:47 +00:00
njl
10f6e11df5 Due to a couple complaints about C3 failing on an old Compaq Armada and
a mobile Celeron, disable it by default for the release.  We'll have to
nail the last few cases later.
2005-02-27 04:05:50 +00:00
njl
a4011c08cb Add rc.conf options for powerd (disabled by default) and hook the script
up to the build.
2005-02-26 21:19:35 +00:00
njl
e9018b74a4 Add an rc script for powerd(8). 2005-02-26 21:18:54 +00:00
njl
f26bab271b Make power_profile not touch cpufreq by default. 2005-02-26 21:01:22 +00:00
njl
bedad858af Add the ability to specify "NONE" if the user wants no change for the
given power profile.

MFC after:	1 day
2005-02-26 20:17:07 +00:00
njl
d63908059a Quiet error messages if the requested sysctls are not present.
MFC after:	1 day
2005-02-25 23:14:41 +00:00
ssouhlal
ec1c427a31 Replace "ipfw l", which is now deprecated, with "ipfw list".
Approved by:	grehan (mentor)
2005-02-23 15:07:36 +00:00
glebius
e1d22638d0 Add CARP (Common Address Redundancy Protocol), which allows multiple
hosts to share an IP address, providing high availability and load
balancing.

Original work on CARP done by Michael Shalayeff, with many
additions by Marco Pfatschbacher and Ryan McBride.

FreeBSD port done solely by Max Laier.

Patch by:	mlaier
Obtained from:	OpenBSD (mickey, mcbride)
2005-02-22 13:04:05 +00:00
glebius
4df93e25d7 Do not print kernel debugging on console. In case of serial console
this can cause a really heavy load on system. Several kernel debugging
messages can be triggered even remotely (e.g. bad ARP replies).

Use kern.warning instead, so that really significant messages still
will be printed on console.

Reviewed by:	current@
MFC after:	1 week
Security:	this change fixes a DoS condition, when default system
		console is serial, and box is flooded with bogus ARP
		packets
2005-02-22 08:03:09 +00:00
njl
944b15ac74 Add support for cpufreq to power_profile(8). Values for on/offline cpu
frequencies are specified with performance_cpu_freq and economy_cpu_freq.
Of course, special values LOW and HIGH are also supported.  Also, remove
old throttling support.
2005-02-06 21:12:25 +00:00
phk
ed9a516141 Add directories for GPIB support 2005-02-06 15:17:21 +00:00
pjd
458021ff80 Add a comment which explain why we need to use special function instead of
tr(1)/sed(1)/awk(1).
2005-01-30 11:04:13 +00:00
marcel
268c70c974 Start gettys on ttyu0 and ttyu1 instead of ttya and ttyz0 now that
uart(4) is the default driver.

MFC after: 2 weeks
2005-01-30 09:31:22 +00:00
keramida
64e31eb727 Add a reference to the periodic.conf(5) manual page.
Suggested by:	simon
2005-01-24 22:21:13 +00:00
keramida
472efa3242 Add a reference to rc.conf(5).
PR:		docs/35648
Submitted by:	Gary W. Swearingen
2005-01-24 21:52:32 +00:00
pjd
15644d6b3c We cannot use sed(1), because rc.d/gbde has to be called before
rc.d/mountcritlocal and sed(1) is placed in /usr/bin/. Other useful tools
for this task are also placed in /usr/ (tr(1), awk(1)), so I implemented
local_tr() function which works simlar to tr(1).

Reported by:	Amir Shalem <amir@boom.org.il>
MFC after:	1 week
2005-01-23 16:43:55 +00:00
dougb
b49ed4eca3 Scot pointed out that the dynamic zone example didn't seem to "flow"
with the rest of the examples, so after discussion with him and gshapiro,
re-sort the examples, and add more comments to make things very obvious.

Also, divide the examples between example.{com|net|org} to make things
even more obvious, and use the same RFC 1918 block for all examples.

Pointed out by:	Scot W. Hetzel <hetzels@westbend.net>
2005-01-22 21:34:10 +00:00
pjd
33e44ca5a9 Fix handling of providers with / in them (e.g. mirror/foo).
Submitted by:	Attila Nagy <bra@fsn.hu>
MFC after:	1 week
2005-01-21 14:38:44 +00:00
ceri
d3cf358535 s/ntpdate_command/ntpdate_program/ to match rc.conf(5) and
/etc/defaults/rc.conf.

PR:		conf/76188
Submitted by:	Arne Wörner <arne_woerner at yahoo dot com>
Approved by:	murray
MFC After:	7 days
2005-01-17 18:28:09 +00:00
ceri
75b1493523 The submitter of bin/75786 turned out to not have removable interfaces,
and so the fix committed in r1.42 was not quite correct for the case
where there are two or more DHCP consuming removable interfaces - dhclient
must be restarted so that the other interfaces continue to function
correctly.

Approved by:	murray
MFC After:	7 days
2005-01-17 11:44:30 +00:00
obrien
e6a047ebc9 Remove debugging that made it into the commit. 2005-01-16 08:34:30 +00:00
obrien
55c1c55e0e "REQUIRE: cleanvar" for all RC's writing into /var/run. 2005-01-16 03:12:03 +00:00
dds
9dd6141c7e Fix the pbio include file installation process and the
corresponding documentation.

Noticed by: ru
Reviewed by: ru
2005-01-14 14:18:19 +00:00
glebius
f044db930e Don't do setuid checks on file systems mounted with noexec option.
Reviewed by:	brian, ru
MFC after:	1 week
2005-01-13 15:07:35 +00:00
anholt
70b72b2db5 Create three additional X socket directories. Using X applications when another
user owns these directories or the sticky bit is unset may open security holes,
so simply create them at startup with the correct owner/mode.

MFC after:	1 day
2005-01-12 07:18:25 +00:00
brian
274b15afc6 Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
As there are no tabs in maillog, reduce the expression so that only spaces
are used.

Problem raised by:      Leif Neland root at internet dot dk
2005-01-12 01:31:21 +00:00
pjd
63224016be Connect SHSEC GEOM class to the build. 2005-01-11 18:18:40 +00:00
brian
0df4d3761b Oops, the < in arg1=< is optional - treat it as such! 2005-01-11 10:54:38 +00:00
brian
845566c7e8 Adjust the mail reject output so that it gives an abreviated reason for the
reject.  For example:

Checking for rejected mail hosts:
  48 getherbalnow.info (451... resolve)
  46 absorb.com (451... resolve)
   4 tgmart01.codns.com (553... exist)
   3 kali.com.cn (451... resolve)
   2 genie.com (451... resolve)
   1 zv.qy (553... exist)
   1 zd.hinet.hr (553... exist)
   ....

The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).

While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.

I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....

PR:		17377
Idea from:	root at ns dot internet dot dk
MFC after:	7 days
2005-01-11 02:08:53 +00:00
brian
db72d98ac1 Collapse "fgrep | egrep | sed" down to a single sed.
This also trims extraneous commas from domain names.

MFC after:	7 days
2005-01-11 01:47:44 +00:00
imp
3db1414d2d Another prism2 card (not sure what, if anything, is needed for >=5)
Pr: 43805
2005-01-11 00:40:00 +00:00
ru
8466f09c0d Unbreak the install. 2005-01-10 09:04:13 +00:00
keramida
76c14a66e7 Cosmetic typo in check_pidfile()
PR:		bin/75946
Submitted by:	zero@gddn.org (Finn)
2005-01-09 23:46:37 +00:00
brooks
cfc1c07f99 When ukbd0 arrives, attach to /dev/ukbd0 rather then /dev/kbd1 since
kbd1 might be something else.
2005-01-08 06:00:24 +00:00
ceri
ace3a11916 Correct syntactical weirdness in a call to /etc/rc.d/dhclient. Fixes:
PR:		bin/75786
Reported by:	Radko Keves <rado at daemon dot sk>
Approved by:	murray
MFC After:	5 days	( to RELENG_5 )
2005-01-04 16:52:15 +00:00
paul
9b2407e09d Ports index file is now INDEX-6 2005-01-04 16:35:30 +00:00
brueffer
7631cf3801 Changes in comments:
- correct a sentence so it actually has some meaning [1]
- sprinkle some full stops

Spotted by:	markus [1]
MFC after:	3 days
2004-12-25 00:12:27 +00:00
ru
f4c44b761b NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
ru
cec60429bb Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
peadar
1b5cf5c2e6 Use "KEYWORD: shutdown" so shutdown commands will actually be executed.
Approved by:	 dougb@
2004-12-20 18:34:10 +00:00
peadar
4852d38188 When stopping a chrooted named, unmount the devfs filesystem from
the chroot area. This stops "umount -a" failing when dropping to
single user.

Reviewed by:	dougb@
2004-12-20 10:48:48 +00:00
brueffer
909b888a12 In the ethernet-nic-regex:
- add udav(4)

In the scsi-controller-regex:

- correct an entry
- move another one to the right place
- add a bunch of missing drivers

Glanced at by:	trhodes (scsi-controller-regex part)
MFC after:	3 days
2004-12-19 00:50:07 +00:00
phk
15b61d2dfc If /etc/named is a symlink, try to make sure it points the right place. 2004-12-18 15:19:36 +00:00
pjd
00a4f5d350 Remove autofs entry from here. 2004-12-15 13:58:28 +00:00
brian
b90cfd5af4 Use rc.subr
PR:		72505
Submitted by:	Amir Shalem <amir@active.ath.cx>
2004-12-15 12:39:28 +00:00
rse
b4c7840f00 Improve the RC framework for the clean booting/shutdown of Jails:
1. Feature: for flexibility reasons and as a prerequisite to clean
   shutdowns, allow the configuration of a stop/shutdown command
   via rc.conf variable "jail_<name>_exec_stop" in addition to the
   start/boot command (rc.conf variable "jail_<name>_exec_start"). For
   backward compatibility reasons, rc.conf variable "jail_<name>_exec"
   is still supported, too.

2. Debug: Add the used boot/shutdown commands to the debug output of
   the /etc/rc.d/jail script, too.

3. Security: Run the Jail start/boot command in a cleaned environment
   to not leak information from the host to the Jail during startup.

4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
   "/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
   before its processes are just killed.

5. Bugfix: When killing the remaining Jail processes give the processes
   time to actually perform their termination sequence. Without this the
   subsequent umount(8) operations usually fail because the resources
   are still in use. Additionally, if after trying to TERM-inate the
   processes there are still processes hanging around, finally just KILL
   them.

6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
   scripts which are flagged with the KEYWORD "nojail" to allow the
   correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
   /etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.

Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:

-----------------------------------------------------------
#  /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
#  /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
#  /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------

Reviewed by:	freebsd-hackers
MFC after:	2 weeks
2004-12-14 14:36:35 +00:00
obrien
d6633b851a Use utils from /rescue vs. /stand. Also use pax rather than cpio & gzip. 2004-12-12 08:04:26 +00:00
rsm
493b79bbda Add Ethernet part of Intel EtherExpress PRO/100 LAN/Modem card. This is a
rebadged Xircom REM56 RealPort card.  Short MFC timeout to beat the 4.11
code freeze.

PR:		53027
Submitted by:	John Merryweather Cooper <coop9211 at uidaho dot edu>
Approved by:	imp (mentor)
MFC after:	2 days
2004-12-09 22:27:11 +00:00
pjd
cdb5b5cf1c 'all' argument for list_net_interfaces() is now unused, remove it. 2004-12-05 21:45:36 +00:00
rse
68bef2dca5 Use "ifconfig -l" instead of "list_network_interfaces all" in
ifnet_rename() to support situations where rc.conf's $network_interfaces
variable is set to an explicit list of network interfaces (instead of
the default "auto").

Using "list_network_interfaces all" resulted in using
$network_interfaces for both interface _renaming_ and interface
_configuration_ which obviously cannot work either before (if the
new name is in $network_interfaces) or after (if the old name is in
$network_interfaces) renaming the interface.
2004-12-05 09:51:48 +00:00
rse
638d03f597 fix typo: s/intefraces/interfaces/ 2004-12-05 09:01:20 +00:00
kris
cb6038510d Add more frequently-used locale directories. This is in preparation
for cleanup of pkg-plist files with respect to handling of the share/locale
subdirectories.

MFC after: 3 days
2004-12-04 23:30:36 +00:00
marius
0b4d466c6f Catch up with the new device name of sab(4). The entries for tty[a,b]
can't be removed as ofw_console(4) and zs(4) use them so one has to
live with some complaints about non-existent devices at boot time and
remove the respective entries locally for now.
2004-12-04 14:03:45 +00:00
rees
5ac4dbe564 Add nfs4 to list of net filesystems.
Approved by:	alfred
2004-12-01 22:05:50 +00:00
iedowse
ee64a49eff Move the purely device-name based entries for mice and ethernet
adapters from usbd.conf to devd.conf. USB ethernet devices were
already handled in devd.conf so this just removes their usbd.conf
entry.

PR:	conf/73799
2004-11-28 23:16:00 +00:00
iedowse
13275047a7 Add axe(4) devices to the USB ethernet regular expression.
MFC after:	1 week
PR:		conf/73239
Submitted by:	Daan Vreeken
2004-11-28 20:44:28 +00:00
mlaier
7e3eabcfe7 Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

The output will look like this (line wrapped):

  pf denied packets:
  > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
    Bytes: 0 States: 0 ]
  > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
    States: 0 ]

Submitted by:	clive (thanks a lot!)
MFC after:	2 weeks
2004-11-24 18:41:53 +00:00
mux
ba795b0226 Fix a typo in an error message.
Spotted by:	ceri
2004-11-24 10:44:39 +00:00
mux
c6e2c549c2 Implement per-jail fstab(5) files. Here's a rc.conf sample using
this feature for a jail named foo :

jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"

The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.

MFC after:	3 days
Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2004-11-23 20:09:58 +00:00
obrien
4eb13d1561 Catch up with PHK's sio(4) cuaa->cuad rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-19 17:12:56 +00:00
obrien
07115bc66a Catch up with PHK's sio(4) cuaa->cuad rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-19 03:51:12 +00:00
wes
be4c9c6401 Convince mergemaster to maintain/merge ramdisk scripts too.
Submitted by:	Ben Kelly <ben.kelly@ieee.org>
PR:		bin/64079
2004-11-16 04:20:09 +00:00
wes
9bfb681470 Shutup debugging output. 2004-11-16 04:14:28 +00:00
obrien
cdada79f39 Unify the ci/co variables now that the the tty drivers now use the same
character for both.
2004-11-14 19:51:34 +00:00
obrien
2a65a20ac7 Catch up with PHK's sio(4) rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-14 19:42:13 +00:00
keramida
c6f350df37 Revert the noexec,nosuid,nodev options for md /tmp file systems, since
the change in the default behavior may break existing, working setups.

Requested by:	brooks
2004-11-09 21:33:19 +00:00
keramida
a9be348266 Add two new rc.conf options: tmpmfs_flags and varmfs_flags.
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).

Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.

Reviewed by:	mtm
Inspired by:	J. D. Bronson, jbronson at wixb dot com
2004-11-09 10:03:17 +00:00
ru
f4dd946343 Removed the remnants of gx(4). 2004-11-08 20:24:52 +00:00
imp
0f5bd56a6f Someone (sanpei-san?) sent me this entry some time ago. Add COREGA
FEtherII PCC-TXD to the FEther PCC-TXD entry (since they appear to be
handled the same).
2004-11-08 16:59:01 +00:00
pjd
efbbe345c4 Stop method for swap1 script was introduced, because gmirror needed it.
Now gmirror use shutdown hooks to mark mirrors as clean on shutdown,
so this is not needed anymore.
2004-11-05 12:38:27 +00:00
mtm
1feafc679b - Make the header conform to standard rc.d style.
- The 'before ipfw' directive seems bogus, and should instead
  be 'before rcconf'.
2004-11-05 07:35:31 +00:00
ru
d9699a4522 Sync up with vinum(8) and rc.d/vinum removal.
OK'ed by:	phk
2004-11-04 13:33:29 +00:00
phk
85c3929d07 remove vinum startup script. 2004-11-04 12:59:16 +00:00
gshapiro
8ed6cabf10 Create a separate directory for dynamic zones which is owned by the bind
user (for creation of the zone journal file).  This is separate from the
master/ directory for security.  Give an example dynamic zone in the
sample named.conf.

Approved by:	dougb
Noticed by:	Eivind Olsen <eivind at aminor.no>
MFC after:	1 week
2004-11-04 05:24:29 +00:00
pjd
98473d74f1 Sort files properly. 2004-11-02 12:35:54 +00:00
mtm
94c6d19c80 Do a better job of supporting more than one mouse device
on the system.

To start/stop/check on a specific device give the device name as
the second argument to the script:
	# /etc/rc.d/moused start ums0

To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
	moused_ums0_enable=yes
	moused_ums0_flags="-z 4"
	moused_ums0_port="/dev/ums0"

Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.

To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.

To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.

Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.

MFC after: 1 month
2004-11-01 18:05:41 +00:00
pjd
9933431342 Allow to change interfaces name on boot time.
Now, one should be able to put something like this into /etc/rc.conf:

	ifconfig_fxp0_name="net0"
	ifconfig_net0="inet 10.0.0.1/16"

Reviewed by:	green
2004-10-30 13:44:06 +00:00
pjd
100e94e682 - Add 'check' command for checking rules syntax.
- Before flushing rules in 'reload' command, check first if rules are
  correct.
- Do not duplicate checking if $pf_rules file exists.
2004-10-25 08:12:28 +00:00
ru
5db2b9d5b3 For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
des
e84d8e229d - use realpath /dev/dumpdev instead of just /dev/dumpdev so messages
will show the real device name
- show different error messages for missing dump device and directory
2004-10-24 13:04:09 +00:00
mtm
46fb533e13 Move devfs earlier in the boot sequence. Some system daemons and other
programs may need to use the symlinks and permissions that it sets up.

Discussed on: -current
2004-10-23 06:50:50 +00:00
andre
de991565df Automatically load the ipdivert module if it was not compiled into the kernel
and natd_enable is true.
2004-10-22 19:36:03 +00:00
keramida
6efc621989 Introduce root_rw_mount as a new variable in defaults/rc.conf to
unbreak /etc/rc.d/root for diskless systems that get their root
filesystem from a read-only NFS mount.

PR:		conf/72927
Submitted by:	Ralf Wenk <RZ-FreeBSD1004@fh-karlsruhe.de>
Reviewed by:	brooks
2004-10-20 16:58:28 +00:00
ru
baf68d6ae6 Apply README guidelines (no tabs). 2004-10-19 17:32:56 +00:00
thomas
55c32119bf When dumpdev is set to 'auto', and a suitable swap device is found,
create a symbolic link /dev/dumpdev designating that device so
savecore can find and save a previous kernel dump.
2004-10-18 23:40:13 +00:00
wollman
2fd0ed6b52 New directory added for Argentinian timezones.
Submitted by:	ache
2004-10-18 17:03:53 +00:00
thomas
6d5f19c25b Remove unused computation of memory size.
Reviewed by:	des
2004-10-18 14:59:53 +00:00
marcel
34bc20db35 turn off getty(8) on ttyv[0-7]. We don't support syscons on ia64 and
do not have these device special files. Where this previously failed
quietly, it now emits annoying but complete messages at best and
incomprehensible prefixes on average. During all of October, this is
a string of 16 O's, as in:

	:
Starting inetd.

Sun Oct 17 15:09:09 PDT 2004
OOOOOOOOOOOOOOOO
FreeBSD/ia64 (itanium.pn.xcllnt.net) (ttyu2)

login:
2004-10-17 22:20:39 +00:00
schweikh
642fb16ac0 Fix a bogus variable assignment. You can't expect
_msg="a" \
        " b"
to concat the strings. Use
   _msg="a"
   _msg="$_msg b"
instead (intent is to not exceed 80 chars per line).

MFC after:	1 week
2004-10-17 13:39:42 +00:00
ru
776eafa230 Remove a redundant "uname=root".
Forgotten by:	dougb
2004-10-15 08:57:24 +00:00
trhodes
44fa180124 Remove requirement on FreeBSD keyword.
Skipped by:	mtm (/me glares at mtm)  :)
2004-10-14 04:37:57 +00:00
phk
f44657f5f4 Reflect sio driver device name change cuaa -> cuad 2004-10-13 08:32:34 +00:00
ru
b25a86c4ce Accidentally removed the last component of the pathname when committing. 2004-10-13 07:12:14 +00:00
ru
5bae9fd390 Fix a botched rev. 1.221 commit. Also, a number of people have
pointed out that /usr/local/etc/rc.d/000.pkgtools.sh installed
with the portupgrade does an equivalent thing, so I personally
would like to see the change reverted, but let David handle it.
2004-10-13 07:00:21 +00:00
des
ab17626c2d Remove hcsecd line which was inadvertantly included in the previous commit. 2004-10-12 18:45:15 +00:00
des
effb5b048f Remove a pointless syslogd_flags example.
MFC after:	2 weeks
2004-10-12 18:36:32 +00:00
obrien
8dd74215fa 'portupgrade' places obsoleted shared libraries in /usr/local/lib/compat/pkg,
so add this the list of directories ldconfig'ed.
2004-10-11 22:37:34 +00:00
mtm
485ea4eb22 Remove an unused variable.
Submitted by: Pawel Worach <pawel.worach@telia.com>
2004-10-08 14:23:49 +00:00
dougb
e83c5bbcc5 1. Incorporate most of Ruslan's improvements to where and how the
/etc/namedb symlink is created.

2. Incorporate Brian's suggestion to make the link relative. This
is necessary to handle situations (such as mergemaster) where the
user is building a tree in a seperate environment. This will also
fix the problem with the way DESTDIR is set in 'make release'.

3. Add a new knob, NO_BIND_MTREE, as suggested by the folks who
already have stuff in /var/named that they don't want me to mess with.

4. Update make.conf(5) with the new stuff, and correct a few paths
that have changed since I last updated it.
2004-10-08 00:14:28 +00:00
mtm
39d3f406ce Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
2004-10-07 13:55:26 +00:00
pjd
d8c70aa723 - Be more userfriendly and allow to specify gbde device name in those forms:
device
	device.bde
	/dev/device
	/dev/device.bde
- Fix stop routine:
	+ There don't have to be file system mounted on gbde device,
	  so ignore errors from umount(8).
	+ Only detach existing gbde devices.
2004-10-07 10:02:46 +00:00
pjd
bc618096d2 Only try to attach if parent device actually exists.
I used ugly "/dev/${parent}" instead of "${parentdev}", because "/dev/"
prefix for devices listed in gbde_devices variable is optional.

Reported by:	Sean McNeil <sean@mcneil.com>
2004-10-07 06:00:06 +00:00
pjd
5da4fe1795 Lock file for gbde devices is optional. 2004-10-06 14:42:35 +00:00
ru
c67e4fe829 Fixed symlinking of /etc/namedb.
Reported by:	Jeremy Chadwick
2004-10-05 13:03:08 +00:00
kensmith
c5f1195949 With the fixes to getty handling of non-existent devices a default
install now complains about ttyu0/ttyu1 not existing at boot time.
Since users wanting the uart based devices as terminals will need
to do something special to get them anyway set it up so a default
config doesn't complain.

MFC after:	3 days
2004-10-04 03:39:52 +00:00
dougb
187850e01e Install namedb stuff to ${DESTDIR}/var/named/etc/namedb instead
of relying on the symlink in ${DESTDIR}/etc/namedb.

This is functionally equivalent, but doesn't rely on the symlink to work.

Requested by:	ru
2004-09-30 10:24:24 +00:00
dougb
c176604fce 1. Update the documentation references, and the warning about setting up
authoritative servers.

2. Add an IPv4 listen-on option for 127.0.0.1, which is appropriate
for the default use as a local resolver.

3. Add a commented out listen-on-v6 option.
2004-09-30 09:57:36 +00:00
dougb
4c435e5ce2 Hide all the devices in the chroot dev except for random and null. 2004-09-30 09:15:21 +00:00
trhodes
57448e310f Correct a trivial typo. 2004-09-29 07:07:43 +00:00
ru
2b4a153126 Fixed symlinking /var/named/etc/namedb to /etc/namedb.
A second "make distrib-dirs" createed a symlink in /var/namedb/etc/namedb.
A third "make distrib-dirs" failed.
2004-09-29 06:54:18 +00:00
dougb
7d517d0a4a Add a statistics-file directive 2004-09-29 03:49:35 +00:00
dougb
0e6ff3cc75 stats goes under /var, not /var/run 2004-09-29 03:43:10 +00:00
dougb
69f1a8cb34 gshapiro assures me that uid bind is not necessary for /etc/namedb,
so we'll use the more secure default till I have a chance to prove
myself wrong. :)

Add a /var/stats directory to be enabled in named.conf.

Submitted by:	gshapiro
2004-09-29 03:35:49 +00:00
dougb
93db1b2d6d Whitespace only, tabs -> spaces, per README 2004-09-29 03:33:45 +00:00
trhodes
2bf857d4fd Give users the ability to load a mac_bsdextended(4) ruleset on boot (defaults
to NO of course).  Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.

Discussed with:	rwatson (awhile ago)
2004-09-29 00:12:28 +00:00
dougb
2f4ac8072d Fix some of the more egregious problems with this file:
1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.

2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.

3. The topology configuration is not for the faint of heart, so
remove the commented example.

4. Tighten up some language a bit.

5. s/secondary/slave/

6. No need for the example about a bind-owned directory for slave zones.

7. Change domain.com to example.com in the example, per RFC 2606.

8. Update the path for slave zones in the example.
	- Thanks to Scot Hetzel <swhetzel@gmail.com>

There is more work to do here, but this is an improvement.
2004-09-28 21:22:09 +00:00
dougb
a0c7847c5b Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.
2004-09-28 09:46:00 +00:00
dougb
fc66d174a3 1. Add much finer granularity to the NO_BIND knobs with the addition of:
NO_BIND_DNSSEC, NO_BIND_ETC, NO_BIND_NAMED, and NO_BIND_UTILS.

2. Make creation of directories in /usr/include that are only needed
in the WITH_BIND_LIBS case conditional.

Reviewed by:	ru, des
2004-09-27 08:23:43 +00:00
dougb
d69dcb1c72 Remove the directories that are now only installed when the user
defines WITH_BIND_LIBS.
2004-09-27 08:18:43 +00:00
dougb
540aa4514b Hook the BIND.* files up to the build. 2004-09-27 08:17:51 +00:00
dougb
b3d66f17dc Seperate out the optional parts of the include tree that are
only built and installed when the user defines WITH_BIND_LIBS.
2004-09-27 08:16:29 +00:00
dougb
db8948d7c2 Add a file spec to create a chroot directory structure for
a BIND name server.

This file is not being used yet, but will be soon.
2004-09-27 08:15:34 +00:00
dougb
c08ff0b54f This file is about to get some optional bits, so line up the parts of
the FILES variable one line at a time.

This should be a whitespace change only.

Reviewed by:	ru
2004-09-27 07:00:44 +00:00
dougb
99cc98aa0b It's not necessary to create an rndc.key file if the user already
has an rndc.conf file.

Submitted by:	Sergey Mokryshev <mokr@mokr.net>
2004-09-26 07:01:56 +00:00
des
74080d4757 Create /etc/namedb/bind with owner / group bind and mode 0750. 2004-09-25 15:55:17 +00:00
dougb
45457fa40b Install the documentation for bind9, and remove the /usr/share/doc/bind
directory from mtree while we're at it.

Help, advice, and code from:	ru, des
2004-09-25 00:42:38 +00:00
dougb
fc1ae4d927 Fix two glitches that appear in the non-chroot case. First, if not
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.

Pointed out by:	Sean McNeil <sean@mcneil.com>
2004-09-24 23:49:38 +00:00
dougb
3cd959aedd For the default FreeBSD install, the file path actually is
/var/run/named/pid. This is done so that named can start
with -u bind and still dump a pid file in that directory,
which is chowned to user bind.
2004-09-24 22:47:10 +00:00
des
3fe60073ff It's named.pid, not named/pid.
Pointy hat to:	dougb@
2004-09-24 19:46:18 +00:00
des
8bda6a04d2 Reconnect namedb. While it may not be optimal, our old named.conf from
BIND 8 is quite usable for BIND 9.
2004-09-24 16:13:55 +00:00
cognet
883ad7e1a5 Add ttyu0 as a serial console, as we're using the uart(4) driver on arm. 2004-09-24 12:51:15 +00:00
keramida
909ffdebbf Fix a comment typo: s/neccessary/necessary/ 2004-09-24 11:04:27 +00:00
dougb
cdf79b2b37 Update to reflect BIND 9 in the base:
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.

2. named-xfer is not part of the BIND 9 world.

3. BIND 9 needs a /dev/random in the chroot directory if chrooted.

4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.

5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
2004-09-24 04:53:18 +00:00
dougb
4a53309170 Add a note to indicate that the path set in named_pidfile must
also be set in named.conf. Our default named.conf has this already.

Update the note for named_symlink_enable to indicate that ndc is gone.
2004-09-24 04:45:16 +00:00
des
138096672e Re-add namedb. I misunderstood what Doug said about using ISC's
layout: he meant for binaries, not configuration files.
2004-09-23 19:33:54 +00:00
jkoshy
e73862471d Add a knob 'daily_status_security_diff_flags' controlling the
format of the 'diff' output generated during periodic(8) scripts.

Submitted by:	keramida (script changes)
Reviewed by:	keramida (man page changes)
2004-09-23 02:00:52 +00:00
des
a4c12f8006 Switch from BIND 8 to BIND 9.
Submitted by:	(in part) dougb@, trhodes@
Reviewed by:	dougb@, trhodes@, re@
MFC after:	5 days
2004-09-21 19:01:48 +00:00
des
c93358b0a6 If $dumpdev is set to AUTO, use the first suitable swap partition listed
in /etc/fstab, or print an error message if no suitable device was found.

MFC after:	4 weeks
2004-09-20 17:48:45 +00:00
pjd
566c62aad2 Teach swap1 script how to remove added swap devices on system shutdown.
Without this change, if one had a swap-on-mirror configuration, gmirror
will rebuild mirror component(s) on boot, because they are dirty (they
were open on shutdown).
2004-09-17 17:58:19 +00:00
glebius
595e382626 Change tabs to whitespaces.
Noticed by:	ru
Pointy hat to:	glebius
2004-09-16 21:33:56 +00:00
glebius
1c47cb72bb Install netflow includes.
Approved by:	julian (mentor)
2004-09-16 20:42:03 +00:00
keramida
49dafca9da We don't have any providers of `beforenetlkm' in FreeBSD. Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
2004-09-16 17:04:20 +00:00
keramida
307d72bfbe Fix requirement of network' to NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
2004-09-16 17:03:12 +00:00
seanc
7580811af2 Bring back etc/rc.d/ntpdate as requested by scads of people. This isn't a
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES).  Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).

Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut.  At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).

Requested by:	many
2004-09-15 01:08:33 +00:00
seanc
fe1474f861 Stop using ntpdate(1) in our startup procedure. Replace ntpdate(1) with
calls to ntpd -g.  ntpd is noticeably slower than ntpdate, but is also more
accurate.  This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file).  By default, ntpd *will* sync with its listed time servers.  To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf.  If ntpd is not enabled (the default), then time is
not synced on startup.  ntpdate has been depreciated by the ntpd authors
for quite some time so this change shouldn't be unexpected.

Suggested by:	des
Approved by:	roberto (resident ntp guru)
2004-09-14 03:04:50 +00:00
seanc
dcf0d84fcd Stop using ntpdate(1) in our startup proceedure. Replace ntpdate(1) with
calls to ntpd -g.  ntpd is noticably slower than ntpdate, but is also more
accurate.  This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file).  By default, ntpd *will* sync with its listed time servers.  To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf.  If ntpd is not enabled (the default), then time is
not synced on startup.  ntpdate's use has been depreciated by the ntpd
authors for quite some time so this change shouldn't be unexpected.

Suggested by:	des
Approved by:	roberto (resident ntp guru)
2004-09-14 03:01:38 +00:00
mlaier
61e73d53e0 Bring in some examples (and create space for future work here):
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
  as share/examples is an opaque item there).

Obtained from:	OpenBSD
Reminded by:	Thomas T. Veldhouse
PR:		docs/71691
MFC after:	2 days
2004-09-14 01:07:19 +00:00
mlaier
0dd68a174a Update the passive OS fingerprint database from OpenBSD.
Obtained from:	lcamtuf.coredump.cx (via OpenBSD)
2004-09-14 00:30:14 +00:00
ru
12835c964a A power failure left the temporary /var/.diskless directory
on my system, and since then my /var was always created as
MFS which was very surprising.  Fix this for /tmp and /var.
2004-09-13 17:40:14 +00:00
wpaul
a2f7a53a34 Add device driver support for the VIA Networking Technologies
VT6122 gigabit ethernet chip and integrated 10/100/1000 copper PHY.
The vge driver has been added to GENERIC for i386, pc98 and amd64,
but not to sparc or ia64 since I don't have the ability to test
it there. The vge(4) driver supports VLANs, checksum offload and
jumbo frames.

Also added the lge(4) and nge(4) drivers to GENERIC for i386 and
pc98 since I was in the neighborhood. There's no reason to leave them
out anymore.
2004-09-10 20:57:46 +00:00
obrien
e4d8d65565 Restore NetBSD SCM ID.
Submitted by:	delphij@beastie.frontfree.net
2004-09-09 16:41:55 +00:00
glebius
97fb6113f0 Add axe(4) to ethernet-nic-regex.
PR:		conf/71410
Submitted by:	Andrew Thompson <thompsa AT thingy.tbd.co.nz>
Approved by:	julian (mentor)
MFC after:	3 days
2004-09-06 20:09:00 +00:00
alfred
ffce5199dd Hook autofs to the build. 2004-09-02 20:44:56 +00:00
brooks
77972e1ec2 When an USB keyboard is plugged in to a machine with a builtin keyboard,
cause the USB keyboard to take over from the builtin one.  This means my
laptop just works when I'm using it as a desktop.

Reviewed by:	imp
2004-09-01 00:08:15 +00:00
mlaier
07c612deee Don't rely on properly setup linker.hints to figure out that pflog is now
part of the pf module.
While here fix a comment that was c'n'ped from rc.d/pf

PR:		bin/71096 (partly)
Submitted by:	Ville-Pertti Keinonen
MFC after:	2 days
2004-08-31 14:23:51 +00:00
kensmith
0da56f8f1e Protect the command flags set in the rc.conf files in case they're
more than one word, adding some quotes.

Advice from:	mtm (my first attempt wasn't quite right)
Reviewed by:	mtm
MFC after:	3 days
2004-08-29 15:02:43 +00:00
tjr
73afa7d781 Add Basque (Spain) locales: eu_ES.ISO8859-1, eu_ES.ISO8859-15, eu_ES.UTF-8.
(This differs somewhat from the version originally submitted - any mistakes
are my own.)

PR:		68524
Submitted by:	J. Vicente Carrasco -Bixen-
2004-08-28 12:52:31 +00:00
yar
2032b765e7 Avoid double appearing of cloned interfaces in the output
from list_net_interfaces() when network_interfaces=auto.

Rationale: Since the auto case is special, the lesser evil
had to be chosen among not adding cloned interfaces to
_tmplist or removing duplicates from _tmplist after adding
cloned interfaces.  Since list_net_interfaces() must not use
/usr/bin tools, the former "evil" appeared clearer and much
more efficient.  (See the PR audit trail for discussion.)

PR:		conf/63700
Reviewed by:	brooks
MFC after:	5 days
2004-08-28 07:58:02 +00:00
yar
42e5c7d376 Fix a typo in a variable name. 2004-08-27 12:11:47 +00:00
ru
8b2104d07b share/examples/worm is dead. 2004-08-24 19:03:55 +00:00
des
aedf82c640 Always quote variables in tests, to ensure correct evaluation even when
they are empty or undefined.

MFC after:	3 days
2004-08-19 08:55:24 +00:00
thomas
78808e1a5d Skip entries for GBDE swap devices if they are commented out in /etc/fstab.
Reviewed by:	des
2004-08-18 21:54:40 +00:00
nectar
455e6a1652 Create temporary files safely.
Submitted by:	Jon Passki <cykyc@yahoo.com>
2004-08-16 16:37:06 +00:00
cperciva
f036c02496 Add 3653/tcp and 3653/udp, since they were specifically requested.
PR:		conf/63907
Submitted by:	Marc Blanchet
MFC after:	3 days
2004-08-16 11:52:22 +00:00
dwmalone
486b54a301 Add Hungarian calendar entries.
PR:		42725
Submitted by:	Janos Mohacsi <janos.mohacsi@bsd.hu>
2004-08-16 09:31:09 +00:00
pjd
5719aaaa5f Connect RAID3 GEOM class to the build. 2004-08-16 06:36:21 +00:00
gshapiro
bd18d41fef Fix the startup logic for sendmail. If sendmail_enable=yes, don't start
the submit and outbound daemon, else if sendmail_submit_enable=yes, don't
start the outbound daemon.  Only one daemon should be started.

Also, do not rebuild database maps at boot time.  The code didn't pay
attention to SENDMAIL_MAP_TYPE and assumed 'hash'.  Also, admins may
not want maps automatically rebuilt just because the back end database
has changed.  Finally, some maps are built with mode tools than just
makemap (e.g., using cidrexpand on the access text file before sending
it to makemap).

Noticed by:	ache
Reviewed by:	ache
2004-08-05 03:09:54 +00:00
markm
2eca3d2dab Give sshd a secure startup, but with a tweakable timeout so that
the box won't hang forever at startup.
2004-08-04 08:10:37 +00:00
ume
aedc433cf3 Use RFC 3849 address for examples.
Pointed out by:	mistral@imasy.or.jp
MFC after:	1 week
2004-08-03 08:58:34 +00:00
ume
5a48e6bc9f allow ::1 explicitly.
Pointed out by:	mistral@imasy.or.jp
MFC after:	1 week
2004-08-03 08:47:35 +00:00
markm
b6d85a7112 UUCP's uucico(8) has not been in the base system for some time now,
so reflect this in the default. The uucp uid is a bit funny, and
is used by mtree in /var/spool for locks, so we can't remove it
without thinking about it a bit harder.
2004-08-01 21:33:47 +00:00
pjd
70045d465a Connect GEOM_MIRROR class to the build. 2004-07-30 23:18:53 +00:00
mtm
cc10a9c33b Finish cleanup of rc.d/netif. It's now possible to start/stop more
than one interface from the command line:
	# /etc/rc.d/netif start bfe0 xl0
It's also possible to restart an interface(s):
	# /etc/rc.d/netif restart bfe0

This required some changes to rc.subr(8) so that if the start/stop commands
are overidden the rest of the command line (after the start/stop/etc... cmd)
is passed through to the subroutines.
2004-07-30 17:19:35 +00:00
kan
482ec87e2d Bmake glue for GCC 3.4.2-prerelease. 2004-07-28 05:27:21 +00:00
eik
ac2fecdcf2 back out the localkg changes until things have settled.
Discussed with:	mtm
2004-07-28 00:09:19 +00:00
mtm
232741d90d Even though binaries will give 0 matches, make it explicit. 2004-07-27 16:59:35 +00:00
ru
1c9892680c Fixed style of previous commit. 2004-07-27 12:31:38 +00:00
mlaier
559d01a8d6 Fix typo in description of pflog_logfile.
Submitted by:	Mike Jakubik
2004-07-27 00:28:16 +00:00
mtm
7556b394c6 Correct typo.
Submitted by: eik (and probably many others)
2004-07-24 16:30:31 +00:00
mtm
99fe82d8e6 Ports related rc.d cleanups:
o Separate out local (ports) scripts that use rc.d, and the old style
  startup/shutdown scripts and execute them separately. On startup the
  rc.d style scripts are executed first and then the old-style scripts.
  On shutdown, exactly the reverse happens.
o The rc.d ports scripts should now behave more like base system scripts.
  Scripts ending in .sh will be sourced into the current shell, while the
  rest will be executed in a subshell. Previously, all ports scripts,
  regardless of the .sh suffix, were executed in a subshell.
o The parent script, /etc/rc.d/localpkg, passes its command line arguments
  straight to the rc.d ports scripts. This means they should now honor
  faststop and faststart commands as well. Old style scripts, should not see
  any differences. They will still get either a start or stop command.
o The initial phrase shown during shutdown has been changed to use
  "local packages" instead of "daemon processes" to be more inline with the
  phrase used during local package startup. The phrases are also used only for
  old-style ports script startup/shutdown, whereas previously they were being
  used for both rc.d and old-style scripts. This should make startup/shutdown
  output a bit less ugly.

Discussed with:	portmgr
Has Reservations: eik
2004-07-24 14:56:21 +00:00
roberto
f892b6158f Add /etc/ntp to hold keys for ntpd. 2004-07-21 10:14:10 +00:00
simon
0fcf2627f6 For the gbde attach script:
- Ask the user up to X times (3 by default) for the pass-phrase, if
  it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
  than /etc.
- Document that it is possible to override the location of each single
  lockfile.

Approved by:	pjd
2004-07-18 18:01:48 +00:00
cperciva
4ac0cfc416 Whitespace cleanup. This will simplify a future merge from
IANA's official list of port assignments.
2004-07-11 19:20:47 +00:00
harti
8c11c172c1 Add a directory for the API include files. 2004-07-08 16:48:43 +00:00
cperciva
abbc5d3d40 Sort entries correctly. 2004-07-07 06:15:32 +00:00
imp
4a1a7c3a83 Disable rescanning of the scsi bus for the scsi controllers. There
are some that really hate this, so now that devd is default, be more
conservative about what we do.

Noticed by: marcel
2004-07-05 20:16:30 +00:00