giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.
Start with the following services:
- system.dns - provides API compatible to:
- gethostbyname(3),
- gethostbyname2(3),
- gethostbyaddr(3),
- getaddrinfo(3),
- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.
Sponsored by: The FreeBSD Foundation
This is to ensure that test-related directories don't get needlessly
created (and later deleted) when MK_TESTS=no.
Problem found by jhb@.
Approved by: rpaulo (mentor)
For now only /etc/pkg/FreeBSD.conf is supported. Its style is:
Repo: {
URL: "...",
MIRROR_TYPE: "...",
...
}
The configuration will be read from /usr/local/etc/pkg.conf if exists,
otherwise /etc/pkg/FreeBSD.conf
Approved by: bapt
MFC after: 2 days
Populate /usr/tests with the only test programs that currently live
in the tree (those in lib/libcrypt/tests/) and add all the build
machinery to accompany this change.
In particular:
- Add a WITHOUT_TESTS variable that users can define to request that
no tests be put in /usr/tests.
- Add a top-level Kyuafile for /usr/tests and a way to create similar
Kyuafiles in top-level subdirectories.
- Add a BSD.tests.dist file to define the directory layout of
/usr/tests.
Submitted by: Julio Merino jmmv google.com
Reviewed by: sjg
MFC after: 2 weeks
except to document the hardcoded standard library search path for 32-bit
binaries. The third line performs the equivalent substitution for the
private library directory.
Ironically, these entries rely on functionality which is only available
in the COMPAT_32BIT version of rtld-elf.
Approved by: re (blanket)
debug files for userland programs and libraries. The "-g" debug flag
is automatically applied when WITH_DEBUG_FILES is set.
The debug files are now named ${prog}.debug and ${shlib}.debug for
consistency with other systems and documentation. In addition they are
installed under /usr/lib/debug, to simplify the process of installing
them if needed after a crash. Users of bsd.{prog,lib}.mk outside of the
base system place the standalone debug files in a .debug subdirectory.
GDB automatically searches both of these directories for standalone
debug files.
Thanks to everyone who contributed changes, review, and testing during
development.
than number as is done in install so as to differ binding of names to
ids.
Remove the -W flag from the mtree command so that the correct user and
group is recorded rather than the default.
targets to be run without root privilege.
Information about ownership, group, flags, and suid bits are stored in
the file specified by METALOG which defaults to ${DESTDIR}/METALOG.
This file can be used in conjunction with bsdtar or makefs to generate
archives or file system images with correct permissions.
The packageworld target has been altered to use this metadata allowing
non-root releases (subject to further changes in release/Makefile.)
Sponsored by: DARPA, AFRL
Reviewed by: ian, ray
"ln -sfh <bar> <foo>" or the links would fail when a valid link to a
directly was in place at <foo>.
Reported by: peter
Tested by: peter
Pointy hat to: brooks
refactor the link section of distrib-dirs to alwasy install to a full
path (the link contents remain relative as they should).
Eliminate the use of the "rm -r[f] <foo>; ln -s <bar> <foo>" pattern in
favor of "ln -sf <bar> <foo>". None of these links could be directories
on a system installed in the last decade.
Sponsored by: DARPA, AFRL
Reviewed by: mtree
mtree in a shell loop so there is only one mtree commandline. Move the
implementation of LOCAL_MTREE into etc/Makefile.
Sponsored by: DARPA, AFRL
Reviewed by: mtree :)
installing. This allows things like running installworld for 10-CURRENT
on a 9.0-RELEASE system without adding extra users and groups to the
passwd and group files.
To prevent potentially risky uid/gid mismatches on systems with
non-standard local values, require that DESTDIR be set if DB_FROM_SRC is
set.
Sponsored by: DARPA, AFRL
Reviewed by: peter
It also doesn't work with make -s.
Prefer the use of builtin make features.
PR: misc/126312
Reported by: Nejc Skoberne <nejc@skoberne.net>
Submitted by: bdrewery
Approved by: cperciva
MFC after: 1 week
but committing it helps to get everyone on the same page and makes
sure we make progress.
Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.
Credits follow:
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@
thing it was still used for was to set the "global default" password
hash. Since the stock auth.conf contained nothing but comments, the
global default was actually the first algorithm in crypt(3)'s list,
which happens to be DES; I take the fact that nobody noticed as proof
that it was not used outside of crypt(3).
The only other use in our tree was in the Kerberos support code in
in tinyware's passwd(1). I removed that code in an earlier commit;
it would not have compiled anyway, as it only supported Kerberos IV.
The auth_getval() function is now a stub that always returns NULL,
which has the same effect as a functional auth_getval() with an
empty auth.conf.
MFC after: 3 weeks
comment out the NIS _compat options by default, but leave them in
the file for the convenience of users who want to enable it.
Update the comment in the file accordingly.
Reviewed by: ed
Approved by: re (hrs)
We already modify various configuration files in /etc based on build
configuration. This is not done for nsswitch.conf right now when setting
WITHOUT_NIS. This breaks various utilities, including crond, that depend
on working databases.
Approved by: re (kib)
MFC after: 1 month
A full featured groff is required during buildworld, so build it always
and don't rely on it being present on the host system.
vgrind(1) is tightly coupled to a roff processor and will not be
built/installed when groff is disabled. Also much of the roff'ed
documentation under share/doc will not be built/installed when
WITHOUT_GROFF is defined.
Reviewed by: ru (partial)
utilities and related support files for manual pages, which were previously
controlled by MAN. For POLA, the default depends on MAN, i.e., WITHOUT_MAN
implies WITHOUT_MAN_UTILS and WITH_MAN implies WITH_MAN_UTILS. This patch
is slightly improved by me from:
PR: misc/145212
Just comment out the atrun line instead of completely removing it. It is
not a bad idea to leave it as a reference in case someone decides to
install atrun by hand afterwards.
Right now we have a termcap.small in the tree, but we don't install it.
If we do install this file by default, it is more likely for
applications to work in single user mode.
I am not entirely happy with the contents of this file. In my opinion we
should remove the `dosansi', `pc' and `pc3' entries and replace them
with `vt100' in case someone uses a serial console.
The file does already have entries for `cons25' and `xterm', which is
used most often.
Requested by: brucec
