Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.
PR: conf/104884
Submitted by: nork
Harassed by: brd
Discussed with: brooks, dougb
o Remove ttyyX, created by the obsolete zs(4)
o Replace ttydX by ttyuX, which is created by uart(4)
o Enable ttyu0 as a console to better support the xserve.
MFC after: 1 week
modern dual-core systems as well.
- Parse the _CST packages for each cpu and track all the states individually,
on a per-cpu basis.
- Revert to generic FADT/P_BLK based Cx control if the _CST package
is not present on all cpus. In that case, the new driver will
still support per-cpu Cx state handling. The driver will determine the
highest Cx level that can be supported by all the cpus and configure the
available Cx state based on that.
- Fixed the case where multiple cpus in the system share the same
registers for Cx state handling. To do that, added a new flag
parameter to the acpi_PkgGas and acpi_bus_alloc_gas functions that
enable the caller to add the RF_SHAREABLE flag. This flag could also be
useful to other callers (acpi_throttle?) in the tree but this change is
not yet made.
- For Core Duo cpus, both cores seems to be taken out of C3 state when
any one of the cores need to transition out. This broke the short sleep
detection logic. It is disabled now if there is more than one cpu in
the system for now as it fixed it in my case. This quirk may need to
be re-enabled later differently.
- Added support to control cx_lowest on a per-cpu basis. There is still
a generic cx_lowest to enable changing cx_lowest for all cpus with a single
sysctl and for ease of use. Sample output for the new sysctl:
dev.cpu.0.cx_supported: C1/1 C2/1 C3/57
dev.cpu.0.cx_lowest: C3
dev.cpu.0.cx_usage: 0.00% 43.16% 56.83%
dev.cpu.1.cx_supported: C1/1 C2/1 C3/57
dev.cpu.1.cx_lowest: C3
dev.cpu.1.cx_usage: 0.00% 45.65% 54.34%
hw.acpi.cpu.cx_lowest: C3
This work was done by Stephane E. Potvin with some simple reworking by
myself. Thank you.
Submitted by: Stephane E. Potvin <sepotvin / videotron.ca>
MFC after: 2 weeks
in a previous commit to avoid namespace collisions, unfortunately I missed two
of them. This leads to the ip alias being incorrectly removed in some cases
when using the stop command.
Reported by: Philipp Wuensche <cryx-freebsd@h3q.com>
interpreted $command. Some "portable" sofware packages use such a
line to skip the task of figuring out the absolute pathname of the
interpreter at install time, e.g.:
#!/usr/bin/env python
It is insecure, but a popular book on Python seems to have advised
it to a wide audience. Hence a number of such scripts in the ports,
mostly written in Python.
PR: bin/100287
MFC after: 1 week
scripts, except for mdconfig* and jail. Such symbols are reserved
for the rc.subr internals. Most scripts can be fixed by just
declaring _foo symbols as local: few scripts actually need them to
be global.
Discussed with: dougb in freebsd-rc
With the second (and last) part of my previous Summer of Code work, we get:
-ipfw's in kernel nat
-redirect_* and LSNAT support
General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.
To enable in kernel nat in rc.conf, two options were added:
o firewall_nat_enable: equivalent to natd_enable
o firewall_nat_interface: equivalent to natd_interface
Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.
NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).
Approved by: glebius (mentor)
Implement the checks for required_* objects as two functions, one
to be run before precmd and the other after it. They get the current
rc command as an argument so they can choose what requirement tests
to perform. As of now, only "start" needs such tests.
Implement a new requirement variable, required_modules. It can
list kernel modules that need to be loaded after start_precmd
indicated success. Each name in the list can be just "file", or
"file:module", or "file~regex". This will allow us to remove a lot
of duplicated code from rc.d scripts.
Perform the checks not only for the default start method, but for
any method. This allows for more flexibility and fixes a few rc.d
scripts (namely newsyslog, pf, sendmail) that rely on a required_*
variable while providing a non-default start method.
To be able to call the new check_required* functions naturally,
remove lots of crufty duplicated code pieces from run_rc_command
and replace each of them by a call to the helper function providing
a single corrected instance of the respective code snippet. Now
run_rc_command isn't as scary as it used to be, and it even appears
to have quite a nice logic that was obscured by the old crufty code.
In the default handler for restart, run start from a subshell to
protect global varibles, e.g., _postcmd, from modification by the
start handler. This enables using restart_postcmd. [x]
PR: conf/98734 [x]
Submitted by: Rick van der Zwet <rick@wzoeterwoude.net> [x]
Reviewed by: freebsd-rc (silence for an older version)
MFC after: 1 month
After a change of devd.conf, devd(8) handles NIC attach/detach event
by using /etc/pccard_ether with the interface name as the argument.
This model does not work properly with IPv6 configuration because the
implementation of IPv6 stateless auto-configuration in the FreeBSD
rc.d scripts depends on whether there are any explicit configurations
for interfaces or not. It works this way: if no manual configuration,
it will perform auto-configuration, but otherwise no
auto-configuration will be performed. So, this behavior can only be
determined by all of the interfaces on a system, not a single one.
For this reason, the network6_interface_setup() function called from
the pccard_ether_start() does not work with a single interface name.
And what is worse, this combination of devd.conf and
pccard_ether_start() caused a bad side-effect that when
ipv6_enable=YES, all of interfaces marked as DOWN would be UP
unconditionally (and router solicitation was sent) just after devd(8)
was invoked. This should be fixed in a more sophisticated way.
A kernel with INET6 always has ::1 on lo0, so in the case of
ipv6_enable="NO" the lo0 can have ::1 with no link-local address.
This is a violation of the IPv6 specification. As a workaround for
this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has
no link-local address. This should not be harmful for IPv4-only users.
- add better checks on non-existing directories to prevent error
messages at run time;
- introduce a function log() to help debugging diskless booting
when things don't work;
- modify the parsing of diskless_remount so you can add mount_nfs
options after the pathname. You could use 'remount' to do something
similar, but this way is more convenient because you don't have to
hardwire the server name in the command.
- document the above.
I have been running the above in a diskless lab since february on RELENG_6.
MFC after: 1 week
There's no dollar use in variable assignment in sh.
Assuming this is can be expected behavior for some
people, this change won't be MFC'ed to RELENG_6.
Discussed with: yar on -rc
how to change the auditd instance. When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Factor out the loopback setup
Use "me" instead of hardcoded $ip where possible.
Add "workstation" which protects just this machine with stateful
firewalling. Put the variables for this in rc.conf.
Submitted by: Flemming Jacobsen <fj@batmule.dk>
Reviewed by: cperciva
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
(perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
a chance to kill as much files in /tmp as ARG_MAX permits.
PR: bin/104044
Submitted by: Andrey Simonenko <see PR for email>
Hacked by: yar
MFC after: 1 month
read requests to its consumer. It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load. Documentation will be
provided later. I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
chance to actually terminate the audit service and exit. Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running. Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.
Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.
MFC after: 3 days
Obtained from: TrustedBSD Project
interface is an IPv6 interface.
Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether. The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that. This is at least a step in the right
direction and is probably about as much as we can MFC safely.
PR: conf/103428
MFC after: 3 days
- Note that diskless_remount files may use ".." to support mounts above
the root path.
- Copy dot files when populating directories from /conf. [1]
PR: misc/102724 [1]
Submitted by: Attila Nagy <bra at fsn.hu> [1]
certain conditions. I haven't been able to find a better solution yet:
- Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.
- Reflect prefix/etcdir changes in rc.subr.8.
src/etc/rc.d/sshd: rev 1.9 -> 1.10
src/etc/rc.subr: rev 1.51 -> 1.52
src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12
Approved by: cperciva (mentor)
it limits the width of its output to the value of $COLUMNS, or
what TIOCGWINSZ reports, or 79 columns. We should specify -ww
to ps(1) so that it removes the limit and prints lines in full.
Otherwise very long command pathnames could be mishandled, e.g.,
by _find_processes().
MFC after: 1 week
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
The order in _doit must be "nice su", not "su nice", for that.
In addition, don't ignore the exit status from "cd $foo_chdir".
Reviewed by: freebsd-rc (silence)
MFC after: 1 week
touch interfaces that don't actually exist in the stop case. In the
process move some IPv4 specific code from ifconfig_down to ipv4_down.
This should solve problems with ifconfig: error messages on boot when
interfaces are renamed.
thing to do in most (all?) cases and certainly should not be the default
now that we're running pccard_ether on all interface creates and
destroys.
MFC after: 3 days
and so users get hangs until interrupts are generated another way. We'll
have to find a way to make the 2 work together before re-enabling this by
default.
PowerPC-based Apple's machines and small utility to do it from
userland modelled after the similar utility in Darwin/OSX.
Only tested on 1.25GHz G4 Mac Mini.
MFC after: 1 month
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.
Requested by: Chris Timmons <cwt@networks.cwu.edu>
Approved by: cperciva (mentor, implicit)
MFC after: 1 week
not be mounted unless the -l flag was specified.
Add an rc script, mountlate, which basically runs 'mount -a -l'. It runs
after DAEMON but before LOGIN.
This is useful for things like loopback mounts, because mountcritremote
runs before mountd / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.
Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.
Reviewed by: freebsd-rc
MFC after: 3 weeks
expect to see quite a few files appearing in libdata/ldconfig directories.
This change avoids the screen to be filled with the names of those ldconfig
files and replace them by the actual non-default directories they contain.
Most of them will be ${PREFIX}/lib so, 'sort -u' will help reducing the
output.
Approved by: cperciva (implicit)
MFC after: 1 week
of them do that conditionally depending on kldstat. The code is
duplicated all over, but bugs can be uniqie.
To make the things more consistent, introduce a new rc.subr function,
load_kld, which takes care of loading a kernel module conditionally.
(Found this lying for a while in my p4 branch for various hacks.)
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
notification so all interfaces including pseudo are reported. When netif
creates the clones at startup devctl_disable has not been turned off yet so the
interfaces will not be initialised twice, enforce this by adding an explicit
order between rc.d/netif and rc.d/devd.
This change allows actions to taken in userland when an interface is cloned
and the pseudo interface will be automatically configured if a ifconfig_<int>=""
line exists in rc.conf.
Reviewed by: brooks
No objections on: net
1,2 and so on.
It specifies the command to be run as Nth after jail startup.
sh(1)-fu by: Dario Freni
PR: conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
more appropriate value and is also the default set by the kernel. I
could not find a justification of why rc.conf began overriding it back
in 1998.
This dramatically cuts NFS traffic on e.g. a busy system with NFS root.
Reviewed by: mohans
MFC After: 2 weeks
scripts. These scripts handle vnode backed md(4) devices.
Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).
Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).
Use should be as easy as:
mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"
See rc.conf(5) for more information and description of the additional
variables.
Approved by: cperciva
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]
Reported by: pjd [1], clsung [2]
Approved by: cperciva
X-MFC after: i got sufficient testing from people using rc.d/jail
subdirectories that will be used for removable media mount points (i.e.
mount points for CDs, floppy disks, USB drives, etc.). While the primary
purpose of /media is to provide a location for HAL
(http://www.freedesktop.org/wiki/Software_2fhal) to mount volumes, it could
be used by any application that needs to manage removable media volumes.
Discussed on: arch@
Approved by: mux
MFC after: 1 week
boot. Autogeneration of nsswitch.conf doesn't makes sense in 7.0
since it's not permitted to upgrade from a pre-nss release without
passing through an intermediate release.
Suggested by: brooks
for some early starting services from the ports collection
to have their shared objects available before start.
Reviewed by: freebsd-rc (dougb, brooks)
MFC After: 3 days
- Sync with latest version from NetBSD.
'In order to handle some perl scripts running as daemons, add a
pattern which also matches "`basename $interpreter`: $command" in the
ps listing.'
Approved by: cperciva (mentor)
Obtained from: NetBSD
MFC after: 1 week
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.
PR: conf/68916
Submitted by: JD Bronson <jd@aurora.org>
Approved by: cperciva (mentor)
MFC after: 1 week
working on.
1) Make it possible to configure interfaces with certain characters in
their names that aren't valid in shell variables. Currently supported
characters are ".-/+". They are converted into '_' characters.
2) Replace nearly all eval statements in network.subr with a new
function get_if_var which substitues an interface name (after the
translations above) for "IF" in a variable name.
3) Fix list_net_interfaces() in the nodhcp case.
4) Allow the administrator to specify if dhclient should be started
when /etc/rc.d/netif configures the interface or only by devd.
This can be set on both a per interface and system wide basis.
PR: conf/88974 [1,2], conf/92433 [1,2]
- Add the according amd_program default value in defaults.
PR: conf/82738
Submitted by: TAOKA Fumiyoshi <fmysh@iijmio-mail.jp>
Approved by: cperciva (mentor)
MFC after: 3 days
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.
Reviewed by: brooks
Approved by: cperciva (mentor)
MFC after: 1 week
set:
* jail_mount_enable
* jail_devfs_ruleset
* jail_devfs_enable
* jail_fdescfs_enable
* jail_procfs_enable
* jail_fstab
* jail_flags
- Add a jail_interface / jail_<jid>_interface option. An ip alias will be
created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
This is not a mandatory option.
- Document all missing jail_* options in rc.conf(5).
Approved by: cperciva (mentor)
MFC after: 2 weeks
daemon in the base system and all the IKE daemons in the Ports
Collection has their own rc.d script.
OK'ed by: dougb
Discussed on: freebsd-rc
MFC after: 1 month
Approved by: cperciva (mentor)
Do install sys/security/audit include files. It would be nice just
to install audit_ioctl.h, but we seem only to support installing
directories, so we get them all. The two not intended for extra-
kernel use have !_KERNEL #error's, which should help.
Obtained from: TrustedBSD Project
you booted from, unless /boot/kernel already exists and is not a symlink.
This should only affect people like me who juggle multiple kernels and
have KODIR = /boot/${KERN_IDENT} in /etc/make.conf to keep them apart.
into one function syscons_configure_keyboard(). Call new function from
both syscons_start() and sysconst_setkeyboard(). The reason for this
is because syscons_start() will (re)configure both keyboard and screen
settings. Apparently, some graphics cards have problems with running
vidcontrol(1) while X11 is running.
Remove "/etc/rc.d/syscons restart" from /etc/devd.conf. It is no longer
required. Using "/etc/rc.d/syscons setkeyboard" is enough. This also
should fix annoying "syscons not running?" message.
Tested by: Ulrich Spoerlein < q at galgenberg dot net >
MFC after: 3 days
a control variable was misspelled as `SCRIPTS_NAME_isdntel.sh'
(should've been `SCRIPTSNAME_isdntel.sh') when the Makefile was
converted to using <bsd.prog.mk>. Consequently, `isdntel.sh' has
been installed as `isdntel' since then. Nevertheless, nobody has
been unhappy with the change. So it's time to make it official.
Approved by: hm
Pointy hat to: ru
MFC after: 3 days
keyboard device name (i.e. /dev/kbd0). This method will do nothing is
kbdmux(4) is the current active keyboard, otherwise it will switch
active keyboard as requested.
Modify ukbd(4) entries in the /etc/devd.conf to use /etc/rc.d/syscons
and new 'setkeyboard' method.
No comments from: freebsd-current@
MFC after: 1 day
directory when we have 10+ ports that make use of it, and now we have
only 3. This change would come back if the tt/ usage grown up to the
level.
Knowledge provided by: krion, kris
the ongoing re-alignment of ordering that is necessary as a result of
including local scripts in the base rcorder. [1]
Accomplish this by removing the BEFORE's, and using REQUIRE instead.
This makes the dependencies more obvious, and less susceptible to turning
circular and/or nonsensical when seemingly innocent changes are made
in one place and not another.
Requested by: delphij [1]
and not under machdep as the behaviour is controlled by the process.
When PSR.ac is set the process expects to receive a SIGBUS. Otherwise
the processor or the kernel will emulate the misaligned memory access.
MFC after: 3 days
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags
are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
64.15.205.248 address, change host to "foobar". This won't be
resolvable in most cases, so administrator will need to change it.
Also do not send our trap messages to 64.15.205.248, use localhost
as default traphost.
RSC (Remote System Control) connected via uart2 as console working out
of the box. On machines that use uart2 to connect a keyboard and thus
the ttyu2 node doesn't exist this will trigger a warning from getty(8)
but cause no real harm.
MFC after: 1 week
Allow user to decide if SAD and SPD entries should be flushed on 'reload'.
With this change flush/spdflush is not done automatically (it could still
be done from ipsec.conf).
supported and that users of REFUSE directives should update their
entire ports tree before asking for help on the mailing lists.
Requested by: kris
MFC after: 3 days
RELENG_6 this will be a noop, however as we introduce local
startup scripts to the base rcorder, we'll see more cases
where the previous status quo will need to be made explicit
to avoid having it disrupted when random local scripts are
added to the mix.
were now sticky. This script was deleting /boot/nextkernel on boot, but
there is no code in the tree that creates that file since revision 1.15
of src/sbin/reboot/reboot.c.
nextboot(8) creates /boot/nextboot.conf, so remove that instead.
Approved by: jhb (proxy mentor)
MFC after: 1 week
ldconfig. Build the cache in a temporary directory and only install it
if it's actually different that the installed one.
Also, use "cat tmp > real" to install the temporary file in the real
location to allow the real location to be a symlink to a writable
directory such as /var/run (where the file actually belongs).
MFC After: 5 days
the names of directories to include in the base ldconfig script.
This will eliminate the need for each port to install its own
boot script which does nothing but ldocnfig a given directory.
This code was developed by flz (ports committer), discussed on
freebsd-rc@, and modified slightly by me.
Submitted by: flz
Reviewed by: brooks
the line continuation backslash doesn't cause "warn" to print "return".
2. Group "warn" and "return" together as the "return 1" should be
performed only if the "kldload nfsclient" also failed (and not
already if the "vfs.nfs" sysctl(8) check failed).
MFC after: 3 days
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
on devfs is useful so that a hardware time device can start with its
necessary device nodes already in place. While this ordering happens
as a side effect currently in HEAD, and the PRs were generally fixed
via upgrades, etc; it's better to make it explicit.
While I'm here, ntpd should REQUIRE ntpdate, rather than ntpdate
using BEFORE: ntpd.
and including both in this file had nasty side effects on the
ordering of syslogd, as well as producing an error when running
rcorder. Remove the more bogus of the two options, which restores
proper ordering and removes the error.
There is an open question as to whether scripts with the nostart
KEYWORD should even have REQUIRE/BEFORE lines, and indeed, whether
they should be in /etc/rc.d at all, but that's for another time.
by default, so add a new knob that is on by default, and check that
knob in start_precmd so that it can run even if cleaning /tmp is
not enabled. This has the advantage of not violating POLA, while
still allowing the user to disable this behavior if they wish (for
example on a server that will never run X).
to light by the PR. Specifically, convert these three scripts
into good rc.d citizens, making sure that their functionality
is preserved, but the rc.d framework rules are not broken.
Add support for cleanvar as a regular rc.d script in the
default rc.conf, and document this in the man page.
Add a descriptive comment to rc.conf that regarding the
three emulation/compatibility services provided by abi
so users will not be confused by these services not having
their own startup scripts.
PR: conf/84574
Submitted by: Alexander Botero-Lowry
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...
Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.
Reviewed by: brooks
every now and then. It is up to the caller to choose a proper
action upon an error condition. Therefore, use return, not exit,
except for some special cases.
Consistently return 1 to indicate an error.
Submitted by: sem (initially)
Reviewed by: freebsd-rc (silence)
MFC after: 2 weeks
source it into the shell. If not, handle it in a subshell the same
way that "real" rc.d-style scripts are handled. This will dramatically
ease the "process local scripts in the base rcorder" transition.
Add *.bak to the list of files in */rc.d that we ignore.
is only present for fstab(5) compatibility, and is
otherwise ignored by mount(8) (not passed to mount_*
programs, and not passed to nmount(2)).
"-u -o rw" worked with an old mount(8) with mount_ufs.c
because "-o rw" was stripped and simple "-u" caused an
update of UFS from read-only to read-write, due to
inability of mount(2) to track changes in options
(MNT_RDONLY is either set or not).
"-u" no longer causes the transition from RO to RW,
now that mount(8) was converted to use nmount(2), so
an explicit change to RW is required. Keep up with
this change, and use "-uw" to mount root read-write.
the base rcorder. This is accomplished by running rcorder twice,
first to get all the disks mounted (through mountcritremote),
then again to include the local_startup directories.
This dramatically changes the behavior of rc.d/localpkg, as
all "local" scripts that have the new rc.d semantics are now
run in the base rcorder, so only scripts that have not been
converted yet will run in rc.d/localpkg.
Make a similar change in rc.shutdown, and add some functions in
rc.subr to support these changes.
Bump __FreeBSD_version to reflect this change.
Simplify the shell scripting a bit, and remove a useless grep | sed
The problem was pointed out by the PR, and I used part of the solution
suggested there, but the semantics changed again for 9.2.x -> 9.3.x.
PR: conf/74228
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;
- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname"
to avoid collision with "magic" variables;
Inspired by: yar
MFC after: 3 days
to issue sub-commands, e.g., restart = stop + start.
By calling run_rc_command instead, we provide rc.d
scripts with full control over their configuration
variables.
For an example problem the former approach caused, see
http://lists.freebsd.org/pipermail/freebsd-rc/2005-October/000311.html
Reviewed by: freebsd-rc
Tested by: Dirk Engling erdgeist <at> erdgeist.org
MFC after: 2 weeks
- Have both scripts automatically kldload ng_btsocket(4). I did not want to
do it, but its easier for users and it seems other scripts do similar things;
- Assign few variables after load_rc_config, so the /etc/rc.conf overrides
actually work;
MFC after: 1 week
more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.
Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)
The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.
The bluetooth.device.conf(5) and handbook update will follow shortly.
Inspired by: Panagiotis Astithas ( past at ebs dot gr )
Reviewed by: brooks, yar
MFC after: 1 week
> > There is no need to explicitly add "status" to $extra_commands in
> > the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
> > run_rc_command() because of the existing $pf_program.
> >
> > Submitted by: Christoph Schug <chris@schug.net>
...because as yar@ points out: "[...] you were relying on evil
side-effects of the variable being named *_program. hose side-effect
have been eliminated since rc.subr rev. 1.42. [...] The point is that
the default "status" method is for rc.d scripts that handle startup and
shutdown of conventional daemons, and not for custom tasks like the pf
case."
The change is still valid in RELENG_6 (and still doesn't have to be
backed out) as long as rc.subr:r1.42 is not MFC'ed to RELENG_6, too.
the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
run_rc_command() because of the existing $pf_program.
Submitted by: Christoph Schug <chris@schug.net>
MFC after: 1 week
extraction.
This will allow cpio archive support to work, at least in situations
where /tmp is writable. Because pax requires a writable /tmp it is
unsuitable for this task, but replacing it will come in a later commit.
Submitted by: Joerg Pulz <Joerg dot Pulz at frm2 dot tum dot de>
PR: conf/88293
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".
The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.
Discussed with: pjd, -rc
has been set in the first place. This should reduce
unwanted side-effects in rc.d scripts that don't mean
to use $command and rc.subr(8) methods associated with
it at all.
Discussed with: brooks
Reviewed by: -rc (silence)
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.
The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.
MFC after: 1 month
features. Both the presence of a NOAUTO keyword and an interface being
up can be ignored is the forcestart option is used. Additionally, a
restart option has been added.
Reviewed by: ume
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)
Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.
Discussed with: mlaier on -pf
MFC after: 5 days
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
(pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
decorate them sufficiently.
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.
override the value of mountd_args. This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.
PR: conf/86260
Submitted by: Thierry Herbelot <thierry at herbelot dot com>
MFC after: 3 days
The OpenFirmware console isn't used on real systems anymore and
I never get to multi-user mode in psim. There are problems with
zs that need to be resolved before these lines can be enabled.
This eliminates disconcerting warnings on boot.
MFC after: 2 days
of the form "REFUSE foo" in portsnap.conf will result in parts of the
tree matching "^foo" being (a) not extracted by "portsnap extract", (b)
not updated by "portsnap update", and (c) not having any patches or new
ports downloaded by "portsnap fetch" or "portsnap cron". The example
shown in portsnap.conf demonstrates ignoring all the language categories.
As mentioned in portsnap.conf.5, the use of an imcomplete ports tree is
not officially supported; but this is something which many users have
requested, so I'm adding it anyway.
PR: bin/85619 (but not the patch provided therein)
MFC after: 1 month
on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt)
which officially deprecates all usage of IP6.INT, remove the
reference to that zone from the example named.conf file.
- If an interface's ifconfig_<ifn> is set, but empty, don't set it to
ifconfig_DEFAULT. This way interfaces can be disabled even in the
presence of ifconfig_DEFAULT.
- When listing interfaces and network_interfaces=auto, place lo0 first
if it's around.
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.
Triggered by: a question by Ceri on -questions
can be useful for when you know that you are doing something that
won't work with the standard settings and different settings are more
appropriate.
This allows 5.3 tools to build a 6.x userland when these
values are set to null.
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags. The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.
Submitted by: marck
MFC after: 3 days
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
of an interface at boot or via /etc/pccard_ether. This allows
/etc/rc.d/netif to be used to start and stop an interface on a purely
manual basis. The decision to affect pccard_ether may be revisited at
a later date.
Requested by: imp, gallatin (removable_interfaces)
Discussed with: sam, Randy Bush (NOAUTO)
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
their own log limits.
PR: conf/77929
Submitted by: Andriy Gapon [1]
Reviewed by: matteo
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
fast, lightweight, and generally good way for users to keep their
ports trees up to date.
This is version 0.9.4 from the ports tree (sysutils/portsnap) with
the following changes:
1. The experimental pipelined http code is enabled. No seatbelts
in -CURRENT. (^_^)
2. The working directory has moved from /usr/local/portsnap to
/var/db/portsnap (as discussed on -arch two days ago).
3. Portsnap now fetches a list of mirrors (distributed as DNS SRV
records) and selects one randomly. This should help to avoid the
uneven loading which plagues the cvsup mirror network.
4. The license is now 2-clause BSD instead of 3-clause BSD.
5. Various incidental changes to make portsnap fit into the base
system's build mechanics.
X-MFC-After: 6.0-RELEASE
X-MFC-Before: 5.5-RELEASE
X-MFC-To: RELENG_6, RELENG_5, ports
discussed on: -arch and several other places
"yes please" from: simon, remko, flz, Diane Bruce
thinks this is a great idea: bsdimp
Hopes he didn't forget any files: cperciva
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.
It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).
MFC after: 1 week
