interact very nicely with HTTP proxies: Since proxies do not know
that all the files on portsnap1.freebsd.org are identical to the
files with the same names on portsnap2.freebsd.org, said proxies end
up downloading and storing files in duplicate.
This commit uses the HTTP_PROXY environment variable, if set, to
generate a random number seed for use in selecting a mirror. This
means that if several systems all have the same HTTP_PROXY value set,
they will ask the proxy to fetch files from the same mirror (unless
that mirror fails, in which case all the systems will use the same
second choice, et cetera).
Portsnap still doesn't interact very well with "transparent" HTTP
proxies, but there's nothing I can do about those.
Requested by: simon
Sponsored by: FreeBSD security development fundraiser
track of which mirrors we have tried and try a different mirror if we
fail when trying to download the SSL public key or the snapshot
signature.
Failures later in the download process will not result in switching to
a different mirror, for two reasons:
1. If is very unlikely that a mirror will fail partway through the
process of downloading updates.
2. If we switched from a more recently updated mirror to a less
recently updated mirror partway through the download process, we would
end up failing anyway because we would be trying to fetch files which
the second mirror didn't have yet.
PR: bin/96288
Requested by: lots of people
Sponsored by: FreeBSD security development fundraiser
the host(1) from BIND 9. This doesn't matter for HEAD, but will help
people who install portsnap from the ports tree onto older versions of
FreeBSD.
PR: ports/93901
Sponsored by: FreeBSD security development fundraiser
An mtree description of all non-zero files that make
distribution installs (only size and md5) is built from the
temproot. When the user completes a mergemaster run, the
mtree description file gets installed into /var/db for
safe-keeping.
When the user then decides to do a subsequent upgrade (with
the -U flag), the existing mtree description from /var/db
is called into service looking for files that are different in
DESTDIR. This is stashed away until a file that would normally
end up prompting the user to look at changes is encountered.
Since there are no user modified changes, the new file is
installed without bothering the user.
Looked at by: dougb
MFC after: 6 weeks
- Remove hard sentence breaks;
- Avoid using double negatives or "sexist" language;
- Expand contractions;
- Remove a blank line;
- Some grammar changes.
Usually we do not "hard code" requests to submit bugs to the author, but
I will leave this go for now.
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
1900 in network byte order. Use a uint32_t to calculate and send
the time, so that we don't need to know how big ints or longs are.
I used uint32_t instead of int in the patch, on the off chance
someone uses our inetd source on a system that doesnt 32 bit ints.
PR: 95290
Submitted by: Bruce Becker <hostmaster@whois.gts.net>
MFC after: 2 weeks
o Implement Solaris-like -z flag: omit lines for devices with no activity.
o iostat.8: describe -x and -z flags, Xr devstat(3), touch .Dd.
PR: mostly bin/68840, with style changes; bin/73327
Submitted by: Dan Nelson, Peter Schuller
Obtained from: NetBSD (a part of man page)
MFC after: 1 month
takes a host:port specification.
- Update the manual page and add an example showing how log
over the network using pmcstat(8) and nc(1). Document the
current inability to process logs in cross-platform manner.
- Have pmcstat_open_log() call err(3) directly in case
of an error; this simplifies error handling in its caller.
MFC after: 1 week
internal list of logfiles. So if writev(2) fails for potentially transient
errors like ENOSPC, syslogd requires a restart, even if the filesystem has
purged.
This change allows syslogd to ignore ENOSPC space errors, so that when the
filesystem is cleaned up, syslogd will automatically start logging again
without requiring the reset. This makes syslogd(8) a bit more reliable.
MFC after: 1 week
Kernel changes:
Inform hwpmc of executable objects brought into the system by
kldload() and mmap(), and of their removal by kldunload() and
munmap(). A helper function linker_hwpmc_list_objects() has been
added to "sys/kern/kern_linker.c" and is used by hwpmc to retrieve
the list of currently loaded kernel modules.
The unused `MAPPINGCHANGE' event has been deprecated in favour
of separate `MAP_IN' and `MAP_OUT' events; this change reduces
space wastage in the log.
Bump the hwpmc's ABI version to "2.0.00". Teach hwpmc(4) to
handle the map change callbacks.
Change the default per-cpu sample buffer size to hold
32 samples (up from 16).
Increment __FreeBSD_version.
libpmc(3) changes:
Update libpmc(3) to deal with the new events in the log file; bring
the pmclog(3) manual page in sync with the code.
pmcstat(8) changes:
Introduce new options to pmcstat(8): "-r" (root fs path), "-M"
(mapfile name), "-q"/"-v" (verbosity control). Option "-k" now
takes a kernel directory as its argument but will also work with
the older invocation syntax.
Rework string handling in pmcstat(8) to use an opaque type for
interned strings. Clean up ELF parsing code and add support for
tracking dynamic object mappings reported by a v2.0.00 hwpmc(4).
Report statistics at the end of a log conversion run depending
on the requested verbosity level.
Reviewed by: jhb, dds (kernel parts of an earlier patch)
Tested by: gallatin (earlier patch)
greater than the size we autosized. Without this fix, systems with
drives under 10GB can end up with very small /usr partitions...
Broken since: January 2002
Tripped over by: simon
- <netipx> headers [1]
- IPX library (libipx)
- IPX support in ifconfig(8)
- IPXrouted(8)
- new MK_NCP option
New MK_NCP build option controls:
- <netncp> and <fs/nwfs> headers
- NCP library (libncp)
- ncplist(1) and ncplogin(1)
- mount_nwfs(8)
- ncp and nwfs kernel modules
User knobs: WITHOUT_IPX, WITHOUT_IPX_SUPPORT, WITHOUT_NCP.
[1] <netsmb/netbios.h> unconditionally uses <netipx> headers
so they are still installed. This needs to be dealt with.
at runtime and to support distributing additional kernels:
o remove kernel from the base tarball
o add new kernel tarballs
o build + package both SMP and GENERIC kernels when an <arch>/conf/SMP
config file is present
o add sysinstall support for multiple kernels
o update sysinstall to probe for the number of cpus on a system
and auto-select smp/up kernel accordingly
o add a post-kernels install hook to fixup /boot/kernel
o add -ldevinfo to boot crunch for sysinstall's cpu probing logic
Notes:
1. On HEAD this code is not currently used because GENERIC kernels
include SMP. This work is mainly intended for RELENG_6 where the
GENERIC kernel is UP. If HEAD changes to match then just enable
WITH_SMP in sysinstall/Makefile.
2. The cpu probing support is done with acpi and MPTable; this means
some systems will require work for auto-detection to work.
3. The handling of /boot/kernel may need to be revisited; for now
we rename one kernel at the last moment (SMP if installed, otherwise
GENERIC). There are other, possibly better, approaches.
Lots of help from ru, emaste, scottl, and jhb.
when they don't exist, but sometimes its quite useful (eg. we use
non-standard log files and memory backed /var/, which is populated on
boot).
Add -C option which tells syslogd(8) to create log files if they don't
exist.
Glanced at by: phk
MFC after: 3 days
this now compiles on i386 with WARNS?= 3. Most of the fixes included
adding missing 'static' keywords to internal functions, using fully-defined
terminators in statically defined arrays of structs, and various
signed vs unsigned mismatches. Also G/C'd unused configSecurity()
function.
by syscons.
- If we are running as init, popup the country menu before the main menu.
If a non-default country is chosen, then a second menu is brought up
to let the user choose a keymap. By default the default keymap for
the country that was selected is highlighted. If the user chooses the
default country, then the default keymap is just assumed and the user
is not presented with the keymap menu. Currently the default country
is set to "United States" except for PC98 which assumes "Japan".
PR: bin/93853
Submitted by: Seth Kingsley sethk at magnesium dot net
MFC after: 3 days
on UFS2 inodes are initialised as they are needed, rather than at
newfs time. When quot encountered these inodes it could produce
crazy results.
Now, on UFS2 filesystems, quot's get_inode function will bzero
unallicated inodes before passing them back to a caller. This is
how UFS2 initialises new inodes, so this should work OK.
Also, while I'm here, make quot exit with an error if it finds
inodes of an unknown type. This should help catch future problems
of this type.
Reviewed by: iedowse
MFC after: 1 week
completely noop.
- Geometry sanitization for non-interactive mode is moved to correct place.
Reported by: Anton Yuzhaninov <citrin at citrin dot ru>
Pointyhat: me
wep key configure at key indices > 0 and 802.1x/EAPOL operation
with ap's that want the station to install a key at indices > 0.
Hard work by: Joe Love
Reviewed by: avatar
MFC after: 1 week
ENABLE_WPA_SUPPLICANT_EAPOL is no more, now use NO_WPA_SUPPLICANT_EAPOL
to build with only WPA-PSK support.
Reviewed by: ru, bsdimp (basic approach)
MFC after: 1 week
architecture to pass through to the underlying makefiles. This is
quite useful when building on an i386 box to populate an amd64 NFS
root.
Head nod: dougb
MFC after: 1 week
For example, you can dynamically generate and load configuration file
depending on the hardware configuration with the following template:
mediaSetCDROM
mediaOpen
command='/dist/rescue/sh /dist/scripts/install.sh'
system
mediaClose
configFile=/tmp/generated.cfg
loadConfig
Now we have full access to files on the media before installation begins.
+ Include netinet/in.h for ntohl()
* Since the return value was tested separately, cast the values to
size_t in order to shut up compiler warnings.
+ Raise WARNS= level to 6
PR: bin/71666
snapshot in order to avoid unnecessary re-downloading.
Remove the earlier "rm -f ${SNAPSHOTHASH}.tgz" to make this work.
Suggested by: Lars Engels
MFC after: 7 days
they have been rotated. Among other things, use warnx() instead of warn()
for some messages where the value if errno is irrelevant to the problem
being reported.
MFC after: 5 days
possible for information to be copied from the group file to the group
file in the FTP area. This patch based on a patch from Zak Johnson
<zakj at nox dot cx>.
PR: bin/25851
Submitted by: Ted Mittelstaedt <tedm at toybox punkt placo period com>
Approved by: jhb (proxy mentor)
MFC after: 3 days
MFC to: RELENG_5, RELENG_6
Security: Prevents possible group information leakage
PR: bin/90057
Submitted by: Charlie M. McDonald <BoredOutkast at yahoo punkt com>
Approved by: jhb (mentor by proxy)
MFC to: RELENG_5, RELENG_6
MFC After: 3 days
"crontab /etc/crontab", but not the same format due to the who field.
Add some limited anti-foot-shooting support and refuse to load
/etc/crontab as someone's crontab. Users wishing shoot their foot in
this manner may copy /etc/crontab elsewhere. :)
MFC After: 1 week
This option saves packages to PKGDIR (if defined or current directory by default)
as they are downloaded.
Silent a warning when -n is used and package has a +DISPLAY file.
Approved by: krion
MFC after: 1 week
prefix later, but doing so with @cwd %%OLDPREFIX%% (having
PLIST_SUB+="OLDPREFIX=${PREFIX}") hardcodes the value in the packing
list. That's not really a problem when dealing with ports but that's
a problem with packages since pkg_add -p option only overrides the
first @cwd occurrence.
This patch allow us to use @cwd without any argument. If no
directory argument is given, it will set current working directory
to the first prefix given by the @cwd command.
PR: bin/77212
Submitted by: flz
free(3).
- print_recsrc() should honor shortflag and give appropriate output for
later consumption by /etc/rc.d/mixer. This will ensure that recording
device selections survived across reboot. Output everything to stdout
instead if stderr.
MFC after: 3 days
- The code that creates hints.c and env.c from the skeleton files
moved into separate functions.
- Sanity checks for missing "ident" and "cputype" directives moved
into main(), alongside the existing check for "machine".
PR: bin/90310
Submitted by: Matt Emmerton <matt@gsicomp.on.ca>
for each of udp and tcp (and their IPv6 equivalents when INET6 is
enabled). Note that dependency here.
PR: docs/90435
Submitted by: Dmitry Kazarov <kazarov at mcm dot ru>
Pointed out by: Daniel Gerzo <danger at rulez dot sk>
MFC after: 8 days
classes from say, /lib/geom, cannot be statically linked completely.
Moreover, those shared objects may require other shared objects (i.e.
for geom, libraries like -lmd, -lcrypto).
The libs_so extension to crunchgen fixes this by allowing some libraries
to be linked in dynamically. This requires that a copy of rtld and the
shared libraries be made available to the crunched binary, and so is not
suitable for all environments. Crunchgen configurations which do not
use the 'libs_so' keyword are unaffected and produce identical binaries
with and without this commit.
Approved by: murray (mentor, in spirit), jhb
In collaboration with: Adrian Steinmann <ast at marabu dot ch>
MFC After: 6 weeks
page. I'm pretty sure that this description applies the same way to
ipv6, and at least mentioning SO_DONTROUTE is better than having no
description at all.
means:
o Remove Elf64_Quarter,
o Redefine Elf64_Half to be 16-bit,
o Redefine Elf64_Word to be 32-bit,
o Add Elf64_Xword and Elf64_Sxword for 64-bit entities,
o Use Elf_Size in MI code to abstract the difference between
Elf32_Word and Elf64_Word.
o Add Elf_Ssize as the signed counterpart of Elf_Size.
MFC after: 2 weeks
register, remove or change services in the local database. For now only
accept the request if the peer has effective user ID the same as 'root'
user ID.
MFC after: 1 week
is caught. Can be assigned to a window manager shortcut to prevent accidents
with touchpads.
PR: bin/89357
Submitted by: Nick Hibma <nick -at- van-laarhoven.org>
MFC after: 1 week
containing the jailid, path, hostname, ip and the command used to start
the jail.
PR: misc/89883
Submitted by: L. Jason Godsey <lannygodsey -at- yahoo.com>
Reviewed by: phk
MFC after: 1 week
instance, the dreaded shared memory problem in PostgreSQL coming back to
haunt you after a binary update.
PR: 89817
Submitted by: edwin
MFC after: 2 days
much later than before, and it is now after we do a mkdir ../compile/FILE.
As a result, if you do 'config DOESNOTEXIST', it now creates the directory
../config/DOESNOTEXIST. It did not do that before. If DEFAULTS does not
exist, it still fails early before any permanent changes.
This shameless hack restores the old behavior of ensuring the config file
actually exists before mkdiring its counterpart directory.
Now I can rmdir ../compile/D and it will stay dead, after my fingers keep
sabotaging me with 'config D<tab><enter>'. (Some of my kernel names
started with D, which used to be 1-character unique and my fingers knew
this very well...)
this file. With ru@'s approval, change it to this version. In this case we
had to bump the version because the old parser would choke on | in the new
'or' syntax and consider that a device.
Approved by: ru@
Don't keep duplicate files in the files list just to
mark the device as "known" later. XXX: Since the
device list isn't unique (there can be two "device foo"
directives, as this the case with LINT+DEFAULTS), we
have to traverse it all to mark all copies of the same
device as "used", but this is not worse than it was.
