Simplify the shell scripting a bit, and remove a useless grep | sed
The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.
PR: conf/74228
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;
- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname"
to avoid collision with "magic" variables;
Inspired by: yar
MFC after: 3 days
to issue sub-commands, e.g., restart = stop + start.
By calling run_rc_command instead, we provide rc.d
scripts with full control over their configuration
variables.
For an example problem the former approach caused, see
http://lists.freebsd.org/pipermail/freebsd-rc/2005-October/000311.html
Reviewed by: freebsd-rc
Tested by: Dirk Engling erdgeist <at> erdgeist.org
MFC after: 2 weeks
- Have both scripts automatically kldload ng_btsocket(4). I did not want to
do it, but its easier for users and it seems other scripts do similar things;
- Assign few variables after load_rc_config, so the /etc/rc.conf overrides
actually work;
MFC after: 1 week
more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.
Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)
The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.
The bluetooth.device.conf(5) and handbook update will follow shortly.
Inspired by: Panagiotis Astithas ( past at ebs dot gr )
Reviewed by: brooks, yar
MFC after: 1 week
> > There is no need to explicitly add "status" to $extra_commands in
> > the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
> > run_rc_command() because of the existing $pf_program.
> >
> > Submitted by: Christoph Schug <chris@schug.net>
...because as yar@ points out: "[...] you were relying on evil
side-effects of the variable being named *_program. hose side-effect
have been eliminated since rc.subr rev. 1.42. [...] The point is that
the default "status" method is for rc.d scripts that handle startup and
shutdown of conventional daemons, and not for custom tasks like the pf
case."
The change is still valid in RELENG_6 (and still doesn't have to be
backed out) as long as rc.subr:r1.42 is not MFC'ed to RELENG_6, too.
the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
run_rc_command() because of the existing $pf_program.
Submitted by: Christoph Schug <chris@schug.net>
MFC after: 1 week
extraction.
This will allow cpio archive support to work, at least in situations
where /tmp is writable. Because pax requires a writable /tmp it is
unsuitable for this task, but replacing it will come in a later commit.
Submitted by: Joerg Pulz <Joerg dot Pulz at frm2 dot tum dot de>
PR: conf/88293
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".
The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.
Discussed with: pjd, -rc
has been set in the first place. This should reduce
unwanted side-effects in rc.d scripts that don't mean
to use $command and rc.subr(8) methods associated with
it at all.
Discussed with: brooks
Reviewed by: -rc (silence)
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.
The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.
MFC after: 1 month
features. Both the presence of a NOAUTO keyword and an interface being
up can be ignored is the forcestart option is used. Additionally, a
restart option has been added.
Reviewed by: ume
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)
Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.
Discussed with: mlaier on -pf
MFC after: 5 days
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
(pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
decorate them sufficiently.
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.
override the value of mountd_args. This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.
PR: conf/86260
Submitted by: Thierry Herbelot <thierry at herbelot dot com>
MFC after: 3 days
The OpenFirmware console isn't used on real systems anymore and
I never get to multi-user mode in psim. There are problems with
zs that need to be resolved before these lines can be enabled.
This eliminates disconcerting warnings on boot.
MFC after: 2 days
of the form "REFUSE foo" in portsnap.conf will result in parts of the
tree matching "^foo" being (a) not extracted by "portsnap extract", (b)
not updated by "portsnap update", and (c) not having any patches or new
ports downloaded by "portsnap fetch" or "portsnap cron". The example
shown in portsnap.conf demonstrates ignoring all the language categories.
As mentioned in portsnap.conf.5, the use of an imcomplete ports tree is
not officially supported; but this is something which many users have
requested, so I'm adding it anyway.
PR: bin/85619 (but not the patch provided therein)
MFC after: 1 month
on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt)
which officially deprecates all usage of IP6.INT, remove the
reference to that zone from the example named.conf file.
- If an interface's ifconfig_<ifn> is set, but empty, don't set it to
ifconfig_DEFAULT. This way interfaces can be disabled even in the
presence of ifconfig_DEFAULT.
- When listing interfaces and network_interfaces=auto, place lo0 first
if it's around.
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.
Triggered by: a question by Ceri on -questions
can be useful for when you know that you are doing something that
won't work with the standard settings and different settings are more
appropriate.
This allows 5.3 tools to build a 6.x userland when these
values are set to null.
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags. The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.
Submitted by: marck
MFC after: 3 days
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
of an interface at boot or via /etc/pccard_ether. This allows
/etc/rc.d/netif to be used to start and stop an interface on a purely
manual basis. The decision to affect pccard_ether may be revisited at
a later date.
Requested by: imp, gallatin (removable_interfaces)
Discussed with: sam, Randy Bush (NOAUTO)
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
their own log limits.
PR: conf/77929
Submitted by: Andriy Gapon [1]
Reviewed by: matteo
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
fast, lightweight, and generally good way for users to keep their
ports trees up to date.
This is version 0.9.4 from the ports tree (sysutils/portsnap) with
the following changes:
1. The experimental pipelined http code is enabled. No seatbelts
in -CURRENT. (^_^)
2. The working directory has moved from /usr/local/portsnap to
/var/db/portsnap (as discussed on -arch two days ago).
3. Portsnap now fetches a list of mirrors (distributed as DNS SRV
records) and selects one randomly. This should help to avoid the
uneven loading which plagues the cvsup mirror network.
4. The license is now 2-clause BSD instead of 3-clause BSD.
5. Various incidental changes to make portsnap fit into the base
system's build mechanics.
X-MFC-After: 6.0-RELEASE
X-MFC-Before: 5.5-RELEASE
X-MFC-To: RELENG_6, RELENG_5, ports
discussed on: -arch and several other places
"yes please" from: simon, remko, flz, Diane Bruce
thinks this is a great idea: bsdimp
Hopes he didn't forget any files: cperciva
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.
It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).
MFC after: 1 week
ifconfig_DEFAULT variable. Unlike pccard_ifconfig, ifconfig_DEFAULT
applies to all interfaces that do not specify an ifconfig_<ifn>
variable rather than just those listed in removable_interfaces.
- Correct the list of interfaces when network_interfaces and
removable_interfaces are both set by including removable_interfaces
in the list of canidates.
- When listing dhcp interfaces, include those with other ifconfig
options so nat works.
Approved by: re (network interface startup blanket)
them. Just try to run the given command on them. We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.
Approved by: re (interface startup blanket)
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.
Approved by: re (dwhite)
ports. This mtree now specifies basic structure of X11BASE, similarly
to BSD.local.dist.
No objections on: freebsd-x11@
Approved by: re (dwhite), portmgr
GENERIC comment in ttyN.
- Add the name of the device driver creating the device nodes above the
respectives blocks so it's easier for user to find the right entry to
shut up warnings from getty(8). Replace 'Requires device 'uart' be
enabled.' with just 'uart(4)' as the former referred to a sparc64
GENERIC back when uart(4) wasn't enabled by default, yet.
- Turn off the getty(8) on screen as screen is created by ofw_console(4)
which is no longer enabled in the sparc64 GENERIC (and also only is a
last resort) to shut up warnings from getty(8) with the current GENERIC.
method of executing commands remotely. There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat. It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
- Implement sampling modes and logging support in hwpmc(4).
- Separate MI and MD parts of hwpmc(4) and allow sharing of
PMC implementations across different architectures.
Add support for P4 (EMT64) style PMCs to the amd64 code.
- New pmcstat(8) options: -E (exit time counts) -W (counts
every context switch), -R (print log file).
- pmc(3) API changes, improve our ability to keep ABI compatibility
in the future. Add more 'alias' names for commonly used events.
- bug fixes & documentation.
way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif.
- ifconfig_<if> variables my now mix real ifconfig commands the with
DHCP and WPA directives. For example, this allows media
configuration prior to running dhclient.
- /etc/rc.d/dhclient is not run at startup except by netif to start
dhclient on specific interfaces.
- /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
it's work.
- /etc/pccard_ether no longer takes additional arguments to pass to
ifconfig. Instead, ifconfig_<if> variables are now honored in favor
of pccard_ifconfig when available.
- /etc/pccard_ether will only run on interfaces specified in
removable_interfaces, even if pccard_ifconfig is set.
installed. This is the same directory as found on Solaris.
NB: In FreeBSD 4.x and earlier, a script (file) named /etc/security
exists. Does mergemaster need to be taught how to replace a file with
a directory?
Submitted by: wsalamon
Obtained from: TrustedBSD Project
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.
Discussed with: pjd
MFC after: 1 week
to run initdiskless before we run rcorder on /etc/rc.d. To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.
Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.
Discussed on: freebsd-rc
Repocopy by: peter
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.
The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).
Discussed with: pjd, green, cperciva
MFC after: 1 week
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.
In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.
PR: conf/75722
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
systems that boot with this value at the lowest setting. Change the
default boot config back to "leave frequency as BIOS set it". Also, fix
buglet where acpi_throttle wouldn't be used if p4tcc was present but
disabled by the user.
MFC after: 1 week
on boot, force it to HIGH. This is needed for some systems which appear
to boot with a low acpi_throttle setting by default. Thanks to Christian
Brueffer for tracking this down on his system.
MFC after: 1 day
default for now. Default flags create missing directories.
Remove comment about doing this in etc/rc.d/var.
Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.
PR: conf/71488
Submitted by: RZ-FreeBSD0904 at fh-karlsruhe dot de
to hit this case when /usr is remote and thus hasn't been mounted (since
you're supposed to have /var before mounting remote file systems).
Normal machines that don't have a /var for some reason will have /usr
already available because it's local.
automaticly created at boot. There's no need to maintain a list of
files and permissions in multiple places. This also means binary
updates won't stomp on log files.
For the record, utmp is created in etc/rc.d/cleanvar, wtmp and lastlog
in etc/rc.d/var, and the reset via etc/rc.d/newsyslog.
- Enable it by default, running newsyslog with -CN which creates files
that have the C flag specified in /etc/newsyslog.conf.
- Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
newsyslog.
- Add the C flag to entries in /etc/newsyslog.conf that are currently
installed as part of the base system.
There are two effects from this change:
- Users who delete default syslog files to stop logging to them
will need to set newsyslog_enable=NO in rc.conf or remove the C
flag from those file in /etc/newsyslog.conf or they will come back
on the next boot.
- Diskless systems now create the same set of files that ordinary
systems have by default instead of every file in newsyslog.conf.
to create /var/log/lastlog.
- Also create /var/log/wtmp if missing.
- Attempt to create these files unless populate_var is NO rather then
only when /var is empty or populate_var=YES.
hosts to share an IP address, providing high availability and load
balancing.
Original work on CARP done by Michael Shalayeff, with many
additions by Marco Pfatschbacher and Ryan McBride.
FreeBSD port done solely by Max Laier.
Patch by: mlaier
Obtained from: OpenBSD (mickey, mcbride)
this can cause a really heavy load on system. Several kernel debugging
messages can be triggered even remotely (e.g. bad ARP replies).
Use kern.warning instead, so that really significant messages still
will be printed on console.
Reviewed by: current@
MFC after: 1 week
Security: this change fixes a DoS condition, when default system
console is serial, and box is flooded with bogus ARP
packets
frequencies are specified with performance_cpu_freq and economy_cpu_freq.
Of course, special values LOW and HIGH are also supported. Also, remove
old throttling support.
rc.d/mountcritlocal and sed(1) is placed in /usr/bin/. Other useful tools
for this task are also placed in /usr/ (tr(1), awk(1)), so I implemented
local_tr() function which works simlar to tr(1).
Reported by: Amir Shalem <amir@boom.org.il>
MFC after: 1 week
with the rest of the examples, so after discussion with him and gshapiro,
re-sort the examples, and add more comments to make things very obvious.
Also, divide the examples between example.{com|net|org} to make things
even more obvious, and use the same RFC 1918 block for all examples.
Pointed out by: Scot W. Hetzel <hetzels@westbend.net>
and so the fix committed in r1.42 was not quite correct for the case
where there are two or more DHCP consuming removable interfaces - dhclient
must be restarted so that the other interfaces continue to function
correctly.
Approved by: murray
MFC After: 7 days
user owns these directories or the sticky bit is unset may open security holes,
so simply create them at startup with the correct owner/mode.
MFC after: 1 day
reject. For example:
Checking for rejected mail hosts:
48 getherbalnow.info (451... resolve)
46 absorb.com (451... resolve)
4 tgmart01.codns.com (553... exist)
3 kali.com.cn (451... resolve)
2 genie.com (451... resolve)
1 zv.qy (553... exist)
1 zd.hinet.hr (553... exist)
....
The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).
While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.
I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....
PR: 17377
Idea from: root at ns dot internet dot dk
MFC after: 7 days
- add udav(4)
In the scsi-controller-regex:
- correct an entry
- move another one to the right place
- add a bunch of missing drivers
Glanced at by: trhodes (scsi-controller-regex part)
MFC after: 3 days
1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command
via rc.conf variable "jail_<name>_exec_stop" in addition to the
start/boot command (rc.conf variable "jail_<name>_exec_start"). For
backward compatibility reasons, rc.conf variable "jail_<name>_exec"
is still supported, too.
2. Debug: Add the used boot/shutdown commands to the debug output of
the /etc/rc.d/jail script, too.
3. Security: Run the Jail start/boot command in a cleaned environment
to not leak information from the host to the Jail during startup.
4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
"/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
before its processes are just killed.
5. Bugfix: When killing the remaining Jail processes give the processes
time to actually perform their termination sequence. Without this the
subsequent umount(8) operations usually fail because the resources
are still in use. Additionally, if after trying to TERM-inate the
processes there are still processes hanging around, finally just KILL
them.
6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
scripts which are flagged with the KEYWORD "nojail" to allow the
correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
/etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.
Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:
-----------------------------------------------------------
# /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
# /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
# /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------
Reviewed by: freebsd-hackers
MFC after: 2 weeks
rebadged Xircom REM56 RealPort card. Short MFC timeout to beat the 4.11
code freeze.
PR: 53027
Submitted by: John Merryweather Cooper <coop9211 at uidaho dot edu>
Approved by: imp (mentor)
MFC after: 2 days
ifnet_rename() to support situations where rc.conf's $network_interfaces
variable is set to an explicit list of network interfaces (instead of
the default "auto").
Using "list_network_interfaces all" resulted in using
$network_interfaces for both interface _renaming_ and interface
_configuration_ which obviously cannot work either before (if the
new name is in $network_interfaces) or after (if the old name is in
$network_interfaces) renaming the interface.
can't be removed as ofw_console(4) and zs(4) use them so one has to
live with some complaints about non-existent devices at boot time and
remove the respective entries locally for now.
adapters from usbd.conf to devd.conf. USB ethernet devices were
already handled in devd.conf so this just removes their usbd.conf
entry.
PR: conf/73799
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets:
> block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
Bytes: 0 States: 0 ]
> block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
States: 0 ]
Submitted by: clive (thanks a lot!)
MFC after: 2 weeks
this feature for a jail named foo :
jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"
The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.
MFC after: 3 days
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).
Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.
Reviewed by: mtm
Inspired by: J. D. Bronson, jbronson at wixb dot com
user (for creation of the zone journal file). This is separate from the
master/ directory for security. Give an example dynamic zone in the
sample named.conf.
Approved by: dougb
Noticed by: Eivind Olsen <eivind at aminor.no>
MFC after: 1 week
on the system.
To start/stop/check on a specific device give the device name as
the second argument to the script:
# /etc/rc.d/moused start ums0
To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"
Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.
To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.
To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.
Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.
MFC after: 1 month
unbreak /etc/rc.d/root for diskless systems that get their root
filesystem from a read-only NFS mount.
PR: conf/72927
Submitted by: Ralf Wenk <RZ-FreeBSD1004@fh-karlsruhe.de>
Reviewed by: brooks
do not have these device special files. Where this previously failed
quietly, it now emits annoying but complete messages at best and
incomprehensible prefixes on average. During all of October, this is
a string of 16 O's, as in:
:
Starting inetd.
Sun Oct 17 15:09:09 PDT 2004
OOOOOOOOOOOOOOOO
FreeBSD/ia64 (itanium.pn.xcllnt.net) (ttyu2)
login:
pointed out that /usr/local/etc/rc.d/000.pkgtools.sh installed
with the portupgrade does an equivalent thing, so I personally
would like to see the change reverted, but let David handle it.
/etc/namedb symlink is created.
2. Incorporate Brian's suggestion to make the link relative. This
is necessary to handle situations (such as mergemaster) where the
user is building a tree in a seperate environment. This will also
fix the problem with the way DESTDIR is set in 'make release'.
3. Add a new knob, NO_BIND_MTREE, as suggested by the folks who
already have stuff in /var/named that they don't want me to mess with.
4. Update make.conf(5) with the new stuff, and correct a few paths
that have changed since I last updated it.
device
device.bde
/dev/device
/dev/device.bde
- Fix stop routine:
+ There don't have to be file system mounted on gbde device,
so ignore errors from umount(8).
+ Only detach existing gbde devices.
I used ugly "/dev/${parent}" instead of "${parentdev}", because "/dev/"
prefix for devices listed in gbde_devices variable is optional.
Reported by: Sean McNeil <sean@mcneil.com>
install now complains about ttyu0/ttyu1 not existing at boot time.
Since users wanting the uart based devices as terminals will need
to do something special to get them anyway set it up so a default
config doesn't complain.
MFC after: 3 days
authoritative servers.
2. Add an IPv4 listen-on option for 127.0.0.1, which is appropriate
for the default use as a local resolver.
3. Add a commented out listen-on-v6 option.
so we'll use the more secure default till I have a chance to prove
myself wrong. :)
Add a /var/stats directory to be enabled in named.conf.
Submitted by: gshapiro
to NO of course). Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.
Discussed with: rwatson (awhile ago)
1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.
2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.
3. The topology configuration is not for the faint of heart, so
remove the commented example.
4. Tighten up some language a bit.
5. s/secondary/slave/
6. No need for the example about a bind-owned directory for slave zones.
7. Change domain.com to example.com in the example, per RFC 2606.
8. Update the path for slave zones in the example.
- Thanks to Scot Hetzel <swhetzel@gmail.com>
There is more work to do here, but this is an improvement.
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
NO_BIND_DNSSEC, NO_BIND_ETC, NO_BIND_NAMED, and NO_BIND_UTILS.
2. Make creation of directories in /usr/include that are only needed
in the WITH_BIND_LIBS case conditional.
Reviewed by: ru, des
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.
Pointed out by: Sean McNeil <sean@mcneil.com>
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.
2. named-xfer is not part of the BIND 9 world.
3. BIND 9 needs a /dev/random in the chroot directory if chrooted.
4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.
5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
Without this change, if one had a swap-on-mirror configuration, gmirror
will rebuild mirror component(s) on boot, because they are dirty (they
were open on shutdown).
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES). Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).
Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut. At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).
Requested by: many
calls to ntpd -g. ntpd is noticeably slower than ntpdate, but is also more
accurate. This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file). By default, ntpd *will* sync with its listed time servers. To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf. If ntpd is not enabled (the default), then time is
not synced on startup. ntpdate has been depreciated by the ntpd authors
for quite some time so this change shouldn't be unexpected.
Suggested by: des
Approved by: roberto (resident ntp guru)
calls to ntpd -g. ntpd is noticably slower than ntpdate, but is also more
accurate. This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file). By default, ntpd *will* sync with its listed time servers. To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf. If ntpd is not enabled (the default), then time is
not synced on startup. ntpdate's use has been depreciated by the ntpd
authors for quite some time so this change shouldn't be unexpected.
Suggested by: des
Approved by: roberto (resident ntp guru)
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
as share/examples is an opaque item there).
Obtained from: OpenBSD
Reminded by: Thomas T. Veldhouse
PR: docs/71691
MFC after: 2 days
VT6122 gigabit ethernet chip and integrated 10/100/1000 copper PHY.
The vge driver has been added to GENERIC for i386, pc98 and amd64,
but not to sparc or ia64 since I don't have the ability to test
it there. The vge(4) driver supports VLANs, checksum offload and
jumbo frames.
Also added the lge(4) and nge(4) drivers to GENERIC for i386 and
pc98 since I was in the neighborhood. There's no reason to leave them
out anymore.
part of the pf module.
While here fix a comment that was c'n'ped from rc.d/pf
PR: bin/71096 (partly)
Submitted by: Ville-Pertti Keinonen
MFC after: 2 days
from list_net_interfaces() when network_interfaces=auto.
Rationale: Since the auto case is special, the lesser evil
had to be chosen among not adding cloned interfaces to
_tmplist or removing duplicates from _tmplist after adding
cloned interfaces. Since list_net_interfaces() must not use
/usr/bin tools, the former "evil" appeared clearer and much
more efficient. (See the PR audit trail for discussion.)
PR: conf/63700
Reviewed by: brooks
MFC after: 5 days
the submit and outbound daemon, else if sendmail_submit_enable=yes, don't
start the outbound daemon. Only one daemon should be started.
Also, do not rebuild database maps at boot time. The code didn't pay
attention to SENDMAIL_MAP_TYPE and assumed 'hash'. Also, admins may
not want maps automatically rebuilt just because the back end database
has changed. Finally, some maps are built with mode tools than just
makemap (e.g., using cidrexpand on the access text file before sending
it to makemap).
Noticed by: ache
Reviewed by: ache
so reflect this in the default. The uucp uid is a bit funny, and
is used by mtree in /var/spool for locks, so we can't remove it
without thinking about it a bit harder.
than one interface from the command line:
# /etc/rc.d/netif start bfe0 xl0
It's also possible to restart an interface(s):
# /etc/rc.d/netif restart bfe0
This required some changes to rc.subr(8) so that if the start/stop commands
are overidden the rest of the command line (after the start/stop/etc... cmd)
is passed through to the subroutines.
o Separate out local (ports) scripts that use rc.d, and the old style
startup/shutdown scripts and execute them separately. On startup the
rc.d style scripts are executed first and then the old-style scripts.
On shutdown, exactly the reverse happens.
o The rc.d ports scripts should now behave more like base system scripts.
Scripts ending in .sh will be sourced into the current shell, while the
rest will be executed in a subshell. Previously, all ports scripts,
regardless of the .sh suffix, were executed in a subshell.
o The parent script, /etc/rc.d/localpkg, passes its command line arguments
straight to the rc.d ports scripts. This means they should now honor
faststop and faststart commands as well. Old style scripts, should not see
any differences. They will still get either a start or stop command.
o The initial phrase shown during shutdown has been changed to use
"local packages" instead of "daemon processes" to be more inline with the
phrase used during local package startup. The phrases are also used only for
old-style ports script startup/shutdown, whereas previously they were being
used for both rc.d and old-style scripts. This should make startup/shutdown
output a bit less ugly.
Discussed with: portmgr
Has Reservations: eik
- Ask the user up to X times (3 by default) for the pass-phrase, if
it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
than /etc.
- Document that it is possible to override the location of each single
lockfile.
Approved by: pjd