The reason for doing this is that (at least some) 4.x binaries are very
unhappy if host.conf does not exist, and if we create host.conf but not
nsswitch.conf, nsswitch.conf will be created at the next reboot, so it
is better to create a correct nsswitch.conf right away.
use the conf/* stuff for their firewall configuration.
Running ipfw before could seem to make sense in that it would allow
one to setup access to the NFS server on a "default-deny" kernel,
but it is pretty obvious to the casual observer that such a configuration
never makes it far enough to mount the NFS-root in the first place.
debug.watchdog since it is not created by hardware watchdog(4) devices.
The watchdog(4) device is always compiled in the kernel, so removing the
check should not cause any problems.
Approved by: phk
initdiskless. The output of several commands and if available the
contents of /entropy are feed into /dev/random to kickstart the PRNG.
/etc/rc.d/initrandom is left alone to maintain the previous behavior as
much as possiable.
Further work in this area is probably needed.
Discussed with: markm
and permissions specified per rc.conf(5) now apply both to the md
device and to the mountpoint directory, after the mount has completed.
This has to be done in two steps, because chown is not available
until after /usr has been mounted, but the mdconfig and newfs steps
have to complete before fstab processing.
(when new natd is started before old natd died) and allows to manage natd
without touching ipfw.
natd should probably be killed with SIGKILL when stopping natd.
- Use sendmail_foo variables after load_rc_config so that they actually work.
- Utilize sendmail_procname.
- Check sendmail_submit_enable instead of sendmail_enable when dealing
with mail submission MTA.
comments and empty lines have been touched.
All of this should go in the diskless(8) manpage, now if we had
some kind of 'literate programming' tool to extract the comments
from the script and put them in a reasonable nroff format, it
would be a lot easier to keep code and docs in sync
+ SUBDIR.cpio.gz prevents files from SUBDIR/ to be copied when
priming the memory filesystems. This restores the old behaviour
and makes the copy process a lot more efficient
+ look for templates also in the list of directories supplied by
bootp/dhcp via the T134 option aka kern.bootp_cookie
+ keep track of directories temporarily mounted with "remount"
or "diskless_remount" commands and unmount them once we are done
with them (at the end of this script).
1. Add the shutdown keyword so that the script is run at shutdown time,
and the mixer* files are saved.
2. Twiddle whitespace.
3. Remove an unecessary function, and therefore collapse one variable.
hostname, resolve, tmp, and var scripts. The latter three are new and
were repo copied. These scripts no longer depend on being booted with
and NFS root instead attempt to automaticly create mfs /tmp and /var
volumes if the they are not writable. This behavior can be overridden
in /etc/rc.conf.
Reviewed by: luigi, pjd
Yes, this means for stuff OTHER than jails, too. Example usage:
#devfs_system_ruleset="root"
devfs_set_rulesets="/dev=root /etc/namedb/dev=named_devfs"
in the system on shutdown and restores the settings on boot. The settings
can also be reset to the saved values via 'mixer reload'.
Reviewed by: current@
thing, but we're ready to move on.
2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.
3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].
4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.
5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.
There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.
Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
identical) on GENERIC.hints, hence the following change:
Moved the creation of /boot/device.hints where it belongs. This
should aid in merging GENERIC.hints changes to /boot/device.hints,
using mergemaster(8) or a similar approach.
In particular, this allows a "virgin" system installed from
source (installworld, installkernel, cd etc && make distribution)
to boot correctly and modestly simplifies the creation
of single-partition network/cdrom/CF bootable images.
Trigger not only on diskless booting sysctls being set, but also
on the existence of the file "/etc/diskless". But do not try to
extract IP# related keywords in that case.
Add a general "remount" facility to allow non-NFS remounting.
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
included a start_precmd check for gated. The precommand was not
executed in the FreeBSD branch. When I did a mass removal of
NetBSD specific logic a while back this file apparently got only
a partial treatement. This bug did not have any functional consequences,
however, since the precommand was not declared to the rc.subr routines.
Noticed by: pjd
they exit. Sometimes they simply can't (core-dump, for example).
So, when searching for a running program send standard error
output from ps(1) to never-never land.
# This should quite those
# ps: kvm_getprocs: No such user
# errors. Since ports use a duplicate rc.subr(8) you might
# still see this error from ports startup scripts.
Certain MTA configurations mean that the notifications from
virecover keep bouncing; so here's a patch to allow administrators
to turn them off.
PR: conf/54910
Submitted by: bms (with a minor cleanup)
cannot or does not want to be executed in a jail the
KEYWORDS line should contain the nojail keyword.
o Update Copyright
# I suggest people who use jails more extensively than I do
# make commits to the appropriate files.
Implement ``one'' prefix to allow a "one shot" operation as if
${rcvar}=yes yet all the other prerequisite tests are still performed.
The existing ``force'' prefix is a sledgehammer that ignores all the
prerequisite checks and always returns a zero exit status; this is a
more gentle approach to the problem of "manipulate this disabled
service without editing rc.conf(5)".
Obtained From: NetBSD
# We have a work-around in our version of rc.subr that
# makes force* return a non-zero exit status if the
# command/service could not be acted upon. The work-around
# is no longer necessary and should be removed.
run_rc_command(): when checking if ${command} exists before executing it,
be sure to check under ${name_chroot} (if set).
Fix from Ed Ravin in [bin/18523]
Obtained From: NetBSD
Change how internal boolean variables are used to:
if ! ${_somevar:-false}; then
_somevar=true
fi
(Consisent, slightly quicker, and slightly cleaner)
Obtained from: NetBSD
I committed it. Apologies to Juergen Unger <j.unger@addict.de>.
o When stopping jails output the hostname of the jails that
were stopped.
o Refactor
o Remove extraneous empty line
o Correct spelling error
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
it is still above the critical temperature on the next poll cycle. This
is a 10 second advance notice by default. Document the private
(non-standard) notify we will be using with devd(8).
This commit also removes the support for the sysutils/jailer port. This
is inline with the general policy to keep ports related knobs out
of the base system's configuration mechanism.
Submitted by: Juergen Unger <j.unger@addict.de>
- If there was an exiting dhclient running on the same interface as the
new iface that left and returned then dhclient would be told to use the
same interface twice. Dhclient would fail and exit after getting
confused. Use "sort -u" on them to ensure no duplicates.
This is a mostly a race condition on suspend and resume and how things
happen to occur.
- Check for netmask being set on an interface rather then up. An interface
can be up but not configured.
Reviewed by: mbr
targets, have "distribution" always install original (as from the release
media) files, whether SENDMAIL_MC is set or not. Do error handling the
make(1) way.
Reviewed by: gshapiro
Approved by: gshapiro
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).
The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).
The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.
in keeping the scripts under rc.d in sync with us. So, begin removal
of NetBSD specific stuff (which made our scripts more complicated
than necessary), starting with the NetBSD KEYWORD.
case so that if devices need different initialization, we can key off
this in the rc scripts (currently unused). Also update the man page
which is a 100% duplicate of the rc scripts.
the throttling state in response to line transitions. Future plans
include adding support for CPU frequency changes.
Add a devd.conf entry for calling this script.
The default values for this are:
performance_cx_lowest="HIGH" # Use HLT (C0) online
performance_throttle_state="HIGH" # 100% (no throttling)
economy_cx_lowest="LOW" # Use the lowest Cx state possible
economy_throttle_state="HIGH" # 100% (no throttling)
systems are mounted. An example set of entries for /etc/rc.conf:
ataraid_enable="YES"
ataraid_devices="ar0"
ataraid_ar0_set="ad2 ad3"
ataraid_ar0_type="RAID1"
Because there is no "correct" way of doing ATA raid (ie, geom vs.
atacontrol vs. vinum) that is bikeshed proof, this rcng script stays within
the bounds of atacontrol and assumes that other RAID solutions for GEOM or
vinum will end up in a different rcNG script.
Reviewed by: green
then immediately terminate the shell (during boot this
also terminates the parent rc(8) shell). This was the pre-rcNG behaviour.
Also, remove an extraneous mount /.
PR: conf/57659
Submitted by: yar (with modifications)
as these ioctl's aren't MD. This also means they are installed in
/usr/include/dev/bktr now. Also provide compatability wrappers for
where these headers lived in 4.x.
time during the boot process. This is needed in the case where NFS mounts
from servers reachable only via IPSEC are in /etc/fstab.
PR: conf/42497
Submitted by: Volker Stolz
Approved by: re (rwatson)
default attempt to list Biba, LOMAC, and MLS label information
for the socket if they are present.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
dcons(4): very simple console and gdb port driver
dcons_crom(4): FireWire attachment
dconschat(8): User interface to dcons
Tested with: i386, i386-PAE, and sparc64.
we are configured to use an MTA or MSP queue runner. Otherwise the
script used to complain about the missing PID file.
PR: conf/57075
Submitted by: Jonathan Chen <jonc@chen.org.nz>
MFC after: 2 weeks
the number of broken DNS servers out there in the world. Since we are
diverging from the sendmail.org submit.mc, it's time to make our own
freebsd.submit.mc.
PR: conf/57733
Reviewed by: nork
MFC after: 2 weeks
porting this stuff back.
* Test /etc/motd for writability before trying to update it. This is
especially useful when /etc/ is mounted ro, like on a diskless boot.
(Thanks to phk for the idea on this one.)
* Make the "updating" message reflect what actually happens.
A "driftfile" caches the oscillator offset estimate from boot to boot,
having this means faster and less bumpy time synchronization. Will
be overridden by any value in the config file.
thin blue air if the kenv doesn't have any info.
This improves the truth value of the comment above significantly and
reduces the bogous output on the console considerably.
- Use a more robust check to determine if we need to load ipl.ko.
- Don't try to run ipf -E if ipfilter is already enabled. Look at
the net.inet.ipf.fr_running sysctl to figure this out. This fixes
a warning message about ipfilter being already initialized.
- Only one ipf -E command is needed. We don't need an extra one for
the -6 case which would only print a warning message about ipfilter
being already initialized.
- Fix one occurence where we were running /sbin/ipf directly without
using the ${ipfilter_program} variable if set.
- In ipfilter_stop(), don't try to save the firewall state tables if
ipfilter is disabled. Similarly, don't try to disable it if it's
already disabled. This fixes some more error messages.
and use it in src/etc/sendmail/Makefile in case the user wants to use
a different path to the sendmail m4 sources (e.g., sendmail port users).
Submitted by: dinoex
MFC after: 21 days
X-MFC after: RELENG_4 code freeze ends
dhclient couldn't get killed.
If we execute 'dhclient -r', dhclient gets already
killed, so there is no need to do it twice. Only do
this if we really have to release some leases.
Reviewed by: silence on freebsd-rc@yahoogroups.com
written by Stuart Walsh and Duncan Barclay (with some kibbitzing by
me). I'm checking it in on Stuart's behalf.
The BCM4401 is built into several x86 laptop and desktop systems. For the
moment, I have only enabled it in the x86 kernel config because although
it's a PCI device, I haven't heard of any standalone NICs that use it. If
somebody knows of one, we can easily add it to the other arches.
This driver uses register/structure data gleaned from the Linux
driver released by Broadcom, but does not contain any of the code
from the Linux driver itself. It uses busdma.
device special files created by sio(4). The latter are the device
special files created by uart(4). As of this moment sio(4) is not
supported on ia64... by me, that is :-)
with the vendor sendmail distribution. By doing so, we avoid mergemaster
warnings after every 'make' in /etc/mail/.
Reported by: Jeremy Chadwick <koitsu@parodius.com>
MFC after: 3 days
X-MFC after: and re approval
o The following additional configuration attributes of a jail can be
controlled from rc.conf:
- mounting devfs(5)
- mounting fdescfs(5)
- mounting procfs(5)
- custom devfs(8) ruleset
If no ruleset is specified, the default jail ruleset is used.
o The output of executing /etc/rc in the jail is now redirected
to /dev/null. Instead, the hostname of the jail is echoed if
the jail(8) command exited successfully. If the output is wanted
it can probably be redirected to a file (/var/run/$jail maybe)
instead of /dev/null.
Submitted by: Scot W. Hetzel <hetzels@westbend.net>
with modifications by Jens Rehsack <rehsack@liwing.de>
and me.
the src/etc makefile. This list was used to manually
install the files from src/etc. Instead, simply change
directory and 'make install'.
o There is no reason for the files in src/etc/defaults to
be installed as writeable.
Reviewed by: ru
off by default.
o Apparently the routine displaying the informational messages wasn't
checking its knob in rc.conf, so fix that as well.
Requested by: obrien
devfs(8) rules in rc(8). It is most useful for applying
rules to devfs(5) mount points in /dev or inside jails.
The following line of script is sufficient to
mount a relatively useful+secure devfs(5) in a jail:
devfs_mount_jail /some/jail/dev
Some new shell routines available to scripts that source
rc.subr(5):
o devfs_link - Makes it a little easier to create symlinks
o devfs_init_rulesets - Create devfs(8) rulesets from devfs.rules
o devfs_set_ruleset - Set a ruleset to a devfs(5) mount
o devfs_apply_ruleset - Apply a ruleset to a devfs(5) mount
o devfs_domount - Mount devfs(5) and apply some ruleset
o devfs_mount_jail - Mount devfs(5) and apply a ruleset
appropriate to jails.
Additional rulesets can be specified in /etc/devfs.rules.
If the devfs_system_ruleset variable is defined in rc.conf
and it contains the name of a ruleset defined in /etc/defaults/devfs.rules
or user supplied rulesets in /etc/devfs.rules then that ruleset will
be applied to /dev at startup by the /etc/rc.d/devfs script. It can
also be applied post-startup:
/etc/rc.d/devfs start
This is a more flexible mechanism than the previous method of using
/etc/devfs.conf. However, that method is still available.
Note: since devfs(8) doesn't provide any way for creating symlinks
as part of a ruleset, anyone wishing to create symlinks in a devfs(5)
as part of the bootup sequence will still have to rely on /etc/devfs.conf.
use the atmconfig(8) utility instead of route(8) to install those routes.
For this we need a new rc.conf variable natm_static_routes that works
just like static_routes except that the referenced routes use the syntax
of atmconfig(8).
Okay'ed by: mtm
one internal device. Don't call the startup procedure again if
we already use start.
Support a manually started dhclient and keep its configured
interfaces after pccard removal.
Make pccard_ether working in single-user mode without /usr mounted.
There are now many configurations which have a NIC on board, and
pccard slots. If a dhclient is running on the internal nic, the
Improve the handling dhcp handling of pccard_ether.
Improve the dhcp handling of pccard_ether.
There are now many configurations which have a NIC on board and
Improve the dhcp handling of pccard_ether.
There are now many configurations which have a NIC on board and
cardbus slots too. If a dhclient was already running on the internal
NIC, the user was forced to kill a running dhclient manually.
If now a pccard is included at startup time, /etc/rc.d/dhclient
start does include it into the startup list for dhcp devices.
That means you can now do dhcp on the internal and the pccard devices
at the same time. If the card is plugged in later, a running dhclient
(working for the internal interface only) is killed, and restarted,
but the interface name of the new pccard is added to the internal
name. After removal, /etc/rc.d/dhclient is started again. This
script does nothing if there are no devices in /etc/rc.conf
This is only a workaround for a well known problem. After we have
a dhcp client which handles device adding and removal, it will go
away.
The original name was really a mistake since
/usr/local/etc/rc.d scripts can (and usually do) start
more than just daemons. Even the output in the script
uses 'local packages.' Also, the term 'local daemons' is
used by rc.d/local, which was etc/rc.local of rcOG fame.
No repo-copy because there isn't much history to save.
I will remove localdaemons shortly with all the other
files that don't belong in rc.d anymore.
Discussed with: dougb, freebsd-rc@yahoogroups.com
for the harp(4) pseudo driver and for loadable native HARP drivers
(like hfa_pci).
To use harp(4) the rc variable natm_interfaces must be set to the
list of NATM interfaces to be used for HARP. These interfaces
will be brought up with ifconfig and the harp(4) will be loaded.
To use loadable native HARP drivers atm_load must be set to
the list of drivers to load.
Reviewed by: mtm, gordon (partly)
and PAM configuration. Remove the line concerning "auth_list"
from the template, since it's referenced only in the tinyware
password command, and only #ifdef KERBEROS, which isn't defined
in tinyware. Add a comment about auth.conf being on the way
out the door. The one remaining consumer of auth.conf is
crypt(3).
the address, also kill the dhclient process. Instead of doing the
release in the stop command, move it to the precmd stage and allow
rc.subr(8) to automatically kill the dhclient process by leaving the
stop command undefined.
Noticed by: mbr
evaluating the $_precmd command as a string. We're not actually
trying to evaluate the contents of the command.
Reported by: Glenn Johnson <gjohnson@srrc.ars.usda.gov>
variable in rc.conf to have sshd from ports (or somewhere else) installed.
So, don't make the sshd_config for the base system a required file
to start the service.
PR: conf/45766
instead of SENDMAIL_MC but don't remove on it 'make clean' as the
user may not have the original .mc file and removing it could be
dangerous (e.g., make SENDMAIL_CF=/etc/mail/sendmail.cf clean).
Noticed by: peter
MFC after: 3 days
defined. The only two files installed in this case are aliases (which
I believe other MTAs may use) and mailer.conf (which isn't sendmail,
it belongs to mailwrapper).
PR: 50477
MFC after: 5 days
`hostname`.submit.mc which is templated from freebsd.submit.mc if the
default file does not exist. This makes the building of the submit.cf
behavior identical to that of the the sendmail.cf.
PR: 44256
Submitted by: Matt Emmerton <matt@gsicomp.on.ca>
MFC after: 5 days
- Stop 'make clean' from removing SENDMAIL_CF
- install and distribute targets should not attempt to build anything
- SENDMAIL_ADDITIONAL_CF were not installed in the distribution case
- If SENDMAIL_SET_USER_ID was defined, submit.cf was needlessly installed
in the distribution case
- Collapse install and distribution target into one to remove code
duplication
Submitted by: ru
MFC after: 5 days
network interfaces could only be turned on and off as a group (all
static interfaces or all dhcp interfaces).
When used to start the interface a 'long form' ifconfig output is
used to show the status of the interface, but when stopping an interface
the script will simply output the name of the interface. This is simply my
personal preference. Hopefully as this functionality matures we can
stabilize on a prefered form of output for these scripts.
A stop command to the dhclient script now explicitly releases the dhcp lease.
Behaviour at system shutdown; however, is unchanged since dhclient is not,
by default, run at that time. The client will not release its lease
at shutdown.
o Ensure rc.d/network2 and rc.d/network3 are not automatically run
during boot
o Modify script headers so rcorder(8) can put the two scripts in the
correct sequence.
o Change the provider names.
o Separate routing into two parts: static routing and routing options. The
start command will run both parts, but they can be run separately using
the static and options command, respectively:
(/etc/rc.d/routing static; /etc/rc.d/routing options)
This commit has two pieces. One half is the watchdog kernel code which lives
primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland
daemon which, when run, will keep the watchdog from firing while the userland
is intact and functioning.
Approved by: jeff (mentor)
than duplicate it. This requires OpenPAM Dianthus, which was committed two
weeks ago; installing these files on a system running a world older than
June 1st, 2003 will cause login(1) and su(1) to fail.
It currently supports the PMC Sierra Lite, Ultra and 622 chips and
the IDT 77105. The driver handles media options and state in a consistent
manner for ATM drivers. The next commit to the midway driver will make
it use utopia.
exception of the default 'status' command) regardless of whether the
executed command was actually successfull or not. Forced scripts should
always correctly reflect the outcome of the command.
NOTE: exit values are treated as booleans. We don't care what
the actual exit value was, only whether it was successfull or not.
interfaces, interface aliases, user supplied ifconfig scripts, and
ipx interfaces. The ipx routine fails unconditionaly at the moment.
Someone who has a need for it can fill it in with the appropriate incantations.
take advantage of the rc.subr(8) glue. They are renamed dhclient_program
and dhclient_flags.
o Rename them in rc.conf(5)
o Rename them in /etc/defaults/rc.conf
o Add the deprecated variables to /etc/rc.subr
o Isolate the use of the 'command' variable to the
NetBSD specific parts in /etc/rc.d/dhclient.
o Now that dhcp_flags has also been renamed it will
be applied properly by rc.subr(8) glue code.
Reported by: John Nielsen <john@jnielsen.net>
really make much difference since this script is not used during startup
and is due to be removed before RELENG_5.
Submitted by: "Simon L. Nielsen" <simon@nitro.dk>
down to the section of optional mail/news services. Change the nntpd
location to /usr/local/libexec since it's an optional software.
Henceforth, nntpd will be advised to run as "news", which is a
standard user in the system, instead of "usenet", which has never
existed in the default master.passwd(5).
Note: It's not "news:news" since inetd(8) runs a service at the
specified user's login group by default.
Add a blank comment line above the uucpd line so the section looks uniform.
Partly pointed out by: Alexey Neyman <alex.neyman at auriga.ru>
MFC after: 1 week
with the rest of the options following it. This caused problems for
people using ldconfig_insecure=yes because the '-i' switch was being
positioned before the format argument.
Approved by: markm/mentor (implicit), re/rwatson
PR: 47430
script to read /etc/devfs.conf, and take appropriate actions based on
what it finds there.
The (commented out) examples in the new devfs.conf file are taken in
part from the old rc.devfs script.
sessions if the mailer is dynamically linked. This happens because
on some systems the ldconfig script is run after the vi recovery
script.
I thought I had already fixed this with revision 1.5 of rc.d/ldconfig,
but apparently not. So, in addition I'm making ldconfig a requirement
of this script.
Approved by: markm (mentor)(implicit)
PR: bin/51767
We can't remove the sourcing of /etc/rc.devfs yet in case the user
might have custom entries in it. We will have to come up with an
/etc/devfs.rules or something to make this kind of thing easier.
Approved by: markm (mentor)(implicit)
All functionality from the previous system has been preserved, and
users should still customize their system boot with the familiar
methods, rc.conf, rc.conf.local, rc.firewall, sysctl.conf, etc.
Users who have customized versions of scripts that have been removed
should take great care when upgrading, since the compatibility code
that used those old scripts has also been removed.
script at which a filesystem will be mounted in FreeBSD. Without this
the script was being inserted later in the boot than necessary.
Approved by: markm (mentor) (implicit)
Reviewed by: dougb
Noticed by: Andrzej ToboÅa <san@wilk.2a.pl>