All xxx_<ifname> flags are set to empty strings automatically earlier so
eval echo \${${prefix}${_if}${suffix}-${_default}}
not substitute the default but return just the empty string.
Fix it using
eval echo \${${prefix}${_if}${suffix}:-${_default}}
(i.e. treat empty strings as unset)
The bug manifistates itself with the following warning from checkyesno():
/etc/rc.d/dhclient: WARNING: $background_dhclient is not set properly -
see rc.conf(5)
The code looks for all the loaded screensaver modules, tries to
kldunload them, and only loads the new one if kldstat's output shows
that there aren't any left. However, the regexp looking for modules
to unload was still searching according to the the old naming scheme,
splash_<name>.ko, instead of <name>_saver.ko.
MFC after: 3 days
the background fsck indefinitely. This allows the administrator to run
it at a convenient time. To support running it from cron, the
forcestart argument now causes the fsck to start with no delay and all
output to be suppressed.
insert a slash between ${_chroot} and the pathname if and only if
${_chroot} is set to a non-empty string. Now the pathname is very
likely to be absolute, but we shouldn't take that for granted.
for /tmp and /var. This makes the memory discs swap-backed instead
of malloc-backed. A swap-backed memory disc should not be worse
than a malloc-backed one in any scenario because it will start
touching swap only when needed. OTOH, a malloc-backed disc can
starve limited kernel resources and evenually crash the system.
Reflect the change in the rc.conf(5) manpage. Also stop telling
lies there about softupdates: it does not waste disc space, it
just can delay its freeing.
Suggested by: many
PR: kern/87255
MFC after: 1 week
Include /var/db/entropy-file in the reseeding if present. It is used for
last-ditch efforts to save entropy and thus should also be used to seed
the RNG when starting. Print a warning instead of an error if writing the
file fails -- err() exits, preventing the umask from being restored.
Also, since there's not much that can be done about it, notifying the user
is all that's needed.
MFC after: 2 weeks
uuencoded format along with their respective LICENSE files.
- Add new share/doc/legal directory to BSD.usr.dist mtree file. This is the
place we install LICENSE files for restricted firmwares.
- Teach firmware(9) and kmod.mk about licensed firmwares. Restricted firmwares
won't load properly unless legal.<name>.license_ack is set to 1, either
via kenv(1) or /boot/loader.conf.
Reviewed by: mlaier, sam
Permitted by: Intel (via Andrew Wilson)
MFC after: 1 month
arrangement that has no intrinsic internal knowledge of whether devices
it is given are truly multipath devices. As such, this is a simplistic
approach, but still a useful one.
The basic approach is to (at present- this will change soon) use camcontrol
to find likely identical devices and and label the trailing sector of the
first one. This label contains both a full UUID and a name. The name is
what is presented in /dev/multipath, but the UUID is used as a true
distinguishor at g_taste time, thus making sure we don't have chaos
on a shared SAN where everyone names their data multipath as "Fred".
The first of N identical devices (and N *may* be 1!) becomes the active
path until a BIO request is failed with EIO or ENXIO. When this occurs,
the active disk is ripped away and the next in a list is picked to
(retry and) continue with.
During g_taste events new disks that meet the match criteria for existing
multipath geoms get added to the tail end of the list.
Thus, this active/passive setup actually does work for devices which
go away and come back, as do (now) mpt(4) and isp(4) SAN based disks.
There is still a lot to do to improve this- like about 5 of the 12
recommendations I've received about it, but it's been functional enough
for a while that it deserves a broader test base.
Reviewed by: pjd
Sponsored by: IronPort Systems
MFC: 2 months
bad or illegal. This prevents matching on systems that
have a name that matches the query.
PR: conf/107560
Submitted by: Christian Laursen <cfsl at pil dot dk>
MFC after: 3 days
Approved by: imp (mentor)
Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.
PR: conf/104884
Submitted by: nork
Harassed by: brd
Discussed with: brooks, dougb
o Remove ttyyX, created by the obsolete zs(4)
o Replace ttydX by ttyuX, which is created by uart(4)
o Enable ttyu0 as a console to better support the xserve.
MFC after: 1 week
modern dual-core systems as well.
- Parse the _CST packages for each cpu and track all the states individually,
on a per-cpu basis.
- Revert to generic FADT/P_BLK based Cx control if the _CST package
is not present on all cpus. In that case, the new driver will
still support per-cpu Cx state handling. The driver will determine the
highest Cx level that can be supported by all the cpus and configure the
available Cx state based on that.
- Fixed the case where multiple cpus in the system share the same
registers for Cx state handling. To do that, added a new flag
parameter to the acpi_PkgGas and acpi_bus_alloc_gas functions that
enable the caller to add the RF_SHAREABLE flag. This flag could also be
useful to other callers (acpi_throttle?) in the tree but this change is
not yet made.
- For Core Duo cpus, both cores seems to be taken out of C3 state when
any one of the cores need to transition out. This broke the short sleep
detection logic. It is disabled now if there is more than one cpu in
the system for now as it fixed it in my case. This quirk may need to
be re-enabled later differently.
- Added support to control cx_lowest on a per-cpu basis. There is still
a generic cx_lowest to enable changing cx_lowest for all cpus with a single
sysctl and for ease of use. Sample output for the new sysctl:
dev.cpu.0.cx_supported: C1/1 C2/1 C3/57
dev.cpu.0.cx_lowest: C3
dev.cpu.0.cx_usage: 0.00% 43.16% 56.83%
dev.cpu.1.cx_supported: C1/1 C2/1 C3/57
dev.cpu.1.cx_lowest: C3
dev.cpu.1.cx_usage: 0.00% 45.65% 54.34%
hw.acpi.cpu.cx_lowest: C3
This work was done by Stephane E. Potvin with some simple reworking by
myself. Thank you.
Submitted by: Stephane E. Potvin <sepotvin / videotron.ca>
MFC after: 2 weeks
in a previous commit to avoid namespace collisions, unfortunately I missed two
of them. This leads to the ip alias being incorrectly removed in some cases
when using the stop command.
Reported by: Philipp Wuensche <cryx-freebsd@h3q.com>
interpreted $command. Some "portable" sofware packages use such a
line to skip the task of figuring out the absolute pathname of the
interpreter at install time, e.g.:
#!/usr/bin/env python
It is insecure, but a popular book on Python seems to have advised
it to a wide audience. Hence a number of such scripts in the ports,
mostly written in Python.
PR: bin/100287
MFC after: 1 week
scripts, except for mdconfig* and jail. Such symbols are reserved
for the rc.subr internals. Most scripts can be fixed by just
declaring _foo symbols as local: few scripts actually need them to
be global.
Discussed with: dougb in freebsd-rc
With the second (and last) part of my previous Summer of Code work, we get:
-ipfw's in kernel nat
-redirect_* and LSNAT support
General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.
To enable in kernel nat in rc.conf, two options were added:
o firewall_nat_enable: equivalent to natd_enable
o firewall_nat_interface: equivalent to natd_interface
Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.
NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).
Approved by: glebius (mentor)
Implement the checks for required_* objects as two functions, one
to be run before precmd and the other after it. They get the current
rc command as an argument so they can choose what requirement tests
to perform. As of now, only "start" needs such tests.
Implement a new requirement variable, required_modules. It can
list kernel modules that need to be loaded after start_precmd
indicated success. Each name in the list can be just "file", or
"file:module", or "file~regex". This will allow us to remove a lot
of duplicated code from rc.d scripts.
Perform the checks not only for the default start method, but for
any method. This allows for more flexibility and fixes a few rc.d
scripts (namely newsyslog, pf, sendmail) that rely on a required_*
variable while providing a non-default start method.
To be able to call the new check_required* functions naturally,
remove lots of crufty duplicated code pieces from run_rc_command
and replace each of them by a call to the helper function providing
a single corrected instance of the respective code snippet. Now
run_rc_command isn't as scary as it used to be, and it even appears
to have quite a nice logic that was obscured by the old crufty code.
In the default handler for restart, run start from a subshell to
protect global varibles, e.g., _postcmd, from modification by the
start handler. This enables using restart_postcmd. [x]
PR: conf/98734 [x]
Submitted by: Rick van der Zwet <rick@wzoeterwoude.net> [x]
Reviewed by: freebsd-rc (silence for an older version)
MFC after: 1 month
After a change of devd.conf, devd(8) handles NIC attach/detach event
by using /etc/pccard_ether with the interface name as the argument.
This model does not work properly with IPv6 configuration because the
implementation of IPv6 stateless auto-configuration in the FreeBSD
rc.d scripts depends on whether there are any explicit configurations
for interfaces or not. It works this way: if no manual configuration,
it will perform auto-configuration, but otherwise no
auto-configuration will be performed. So, this behavior can only be
determined by all of the interfaces on a system, not a single one.
For this reason, the network6_interface_setup() function called from
the pccard_ether_start() does not work with a single interface name.
And what is worse, this combination of devd.conf and
pccard_ether_start() caused a bad side-effect that when
ipv6_enable=YES, all of interfaces marked as DOWN would be UP
unconditionally (and router solicitation was sent) just after devd(8)
was invoked. This should be fixed in a more sophisticated way.
A kernel with INET6 always has ::1 on lo0, so in the case of
ipv6_enable="NO" the lo0 can have ::1 with no link-local address.
This is a violation of the IPv6 specification. As a workaround for
this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has
no link-local address. This should not be harmful for IPv4-only users.
- add better checks on non-existing directories to prevent error
messages at run time;
- introduce a function log() to help debugging diskless booting
when things don't work;
- modify the parsing of diskless_remount so you can add mount_nfs
options after the pathname. You could use 'remount' to do something
similar, but this way is more convenient because you don't have to
hardwire the server name in the command.
- document the above.
I have been running the above in a diskless lab since february on RELENG_6.
MFC after: 1 week
There's no dollar use in variable assignment in sh.
Assuming this is can be expected behavior for some
people, this change won't be MFC'ed to RELENG_6.
Discussed with: yar on -rc
how to change the auditd instance. When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Factor out the loopback setup
Use "me" instead of hardcoded $ip where possible.
Add "workstation" which protects just this machine with stateful
firewalling. Put the variables for this in rc.conf.
Submitted by: Flemming Jacobsen <fj@batmule.dk>
Reviewed by: cperciva
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
(perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
a chance to kill as much files in /tmp as ARG_MAX permits.
PR: bin/104044
Submitted by: Andrey Simonenko <see PR for email>
Hacked by: yar
MFC after: 1 month
read requests to its consumer. It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load. Documentation will be
provided later. I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
chance to actually terminate the audit service and exit. Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running. Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.
Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.
MFC after: 3 days
Obtained from: TrustedBSD Project
interface is an IPv6 interface.
Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether. The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that. This is at least a step in the right
direction and is probably about as much as we can MFC safely.
PR: conf/103428
MFC after: 3 days
- Note that diskless_remount files may use ".." to support mounts above
the root path.
- Copy dot files when populating directories from /conf. [1]
PR: misc/102724 [1]
Submitted by: Attila Nagy <bra at fsn.hu> [1]
certain conditions. I haven't been able to find a better solution yet:
- Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.
- Reflect prefix/etcdir changes in rc.subr.8.
src/etc/rc.d/sshd: rev 1.9 -> 1.10
src/etc/rc.subr: rev 1.51 -> 1.52
src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12
Approved by: cperciva (mentor)
it limits the width of its output to the value of $COLUMNS, or
what TIOCGWINSZ reports, or 79 columns. We should specify -ww
to ps(1) so that it removes the limit and prints lines in full.
Otherwise very long command pathnames could be mishandled, e.g.,
by _find_processes().
MFC after: 1 week
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
The order in _doit must be "nice su", not "su nice", for that.
In addition, don't ignore the exit status from "cd $foo_chdir".
Reviewed by: freebsd-rc (silence)
MFC after: 1 week
touch interfaces that don't actually exist in the stop case. In the
process move some IPv4 specific code from ifconfig_down to ipv4_down.
This should solve problems with ifconfig: error messages on boot when
interfaces are renamed.
thing to do in most (all?) cases and certainly should not be the default
now that we're running pccard_ether on all interface creates and
destroys.
MFC after: 3 days
and so users get hangs until interrupts are generated another way. We'll
have to find a way to make the 2 work together before re-enabling this by
default.
PowerPC-based Apple's machines and small utility to do it from
userland modelled after the similar utility in Darwin/OSX.
Only tested on 1.25GHz G4 Mac Mini.
MFC after: 1 month
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.
Requested by: Chris Timmons <cwt@networks.cwu.edu>
Approved by: cperciva (mentor, implicit)
MFC after: 1 week
not be mounted unless the -l flag was specified.
Add an rc script, mountlate, which basically runs 'mount -a -l'. It runs
after DAEMON but before LOGIN.
This is useful for things like loopback mounts, because mountcritremote
runs before mountd / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.
Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.
Reviewed by: freebsd-rc
MFC after: 3 weeks
expect to see quite a few files appearing in libdata/ldconfig directories.
This change avoids the screen to be filled with the names of those ldconfig
files and replace them by the actual non-default directories they contain.
Most of them will be ${PREFIX}/lib so, 'sort -u' will help reducing the
output.
Approved by: cperciva (implicit)
MFC after: 1 week
of them do that conditionally depending on kldstat. The code is
duplicated all over, but bugs can be uniqie.
To make the things more consistent, introduce a new rc.subr function,
load_kld, which takes care of loading a kernel module conditionally.
(Found this lying for a while in my p4 branch for various hacks.)
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
notification so all interfaces including pseudo are reported. When netif
creates the clones at startup devctl_disable has not been turned off yet so the
interfaces will not be initialised twice, enforce this by adding an explicit
order between rc.d/netif and rc.d/devd.
This change allows actions to taken in userland when an interface is cloned
and the pseudo interface will be automatically configured if a ifconfig_<int>=""
line exists in rc.conf.
Reviewed by: brooks
No objections on: net
1,2 and so on.
It specifies the command to be run as Nth after jail startup.
sh(1)-fu by: Dario Freni
PR: conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
more appropriate value and is also the default set by the kernel. I
could not find a justification of why rc.conf began overriding it back
in 1998.
This dramatically cuts NFS traffic on e.g. a busy system with NFS root.
Reviewed by: mohans
MFC After: 2 weeks
scripts. These scripts handle vnode backed md(4) devices.
Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).
Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).
Use should be as easy as:
mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"
See rc.conf(5) for more information and description of the additional
variables.
Approved by: cperciva
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]
Reported by: pjd [1], clsung [2]
Approved by: cperciva
X-MFC after: i got sufficient testing from people using rc.d/jail
subdirectories that will be used for removable media mount points (i.e.
mount points for CDs, floppy disks, USB drives, etc.). While the primary
purpose of /media is to provide a location for HAL
(http://www.freedesktop.org/wiki/Software_2fhal) to mount volumes, it could
be used by any application that needs to manage removable media volumes.
Discussed on: arch@
Approved by: mux
MFC after: 1 week
boot. Autogeneration of nsswitch.conf doesn't makes sense in 7.0
since it's not permitted to upgrade from a pre-nss release without
passing through an intermediate release.
Suggested by: brooks
for some early starting services from the ports collection
to have their shared objects available before start.
Reviewed by: freebsd-rc (dougb, brooks)
MFC After: 3 days
- Sync with latest version from NetBSD.
'In order to handle some perl scripts running as daemons, add a
pattern which also matches "`basename $interpreter`: $command" in the
ps listing.'
Approved by: cperciva (mentor)
Obtained from: NetBSD
MFC after: 1 week
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.
PR: conf/68916
Submitted by: JD Bronson <jd@aurora.org>
Approved by: cperciva (mentor)
MFC after: 1 week
working on.
1) Make it possible to configure interfaces with certain characters in
their names that aren't valid in shell variables. Currently supported
characters are ".-/+". They are converted into '_' characters.
2) Replace nearly all eval statements in network.subr with a new
function get_if_var which substitues an interface name (after the
translations above) for "IF" in a variable name.
3) Fix list_net_interfaces() in the nodhcp case.
4) Allow the administrator to specify if dhclient should be started
when /etc/rc.d/netif configures the interface or only by devd.
This can be set on both a per interface and system wide basis.
PR: conf/88974 [1,2], conf/92433 [1,2]
- Add the according amd_program default value in defaults.
PR: conf/82738
Submitted by: TAOKA Fumiyoshi <fmysh@iijmio-mail.jp>
Approved by: cperciva (mentor)
MFC after: 3 days
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.
Reviewed by: brooks
Approved by: cperciva (mentor)
MFC after: 1 week
set:
* jail_mount_enable
* jail_devfs_ruleset
* jail_devfs_enable
* jail_fdescfs_enable
* jail_procfs_enable
* jail_fstab
* jail_flags
- Add a jail_interface / jail_<jid>_interface option. An ip alias will be
created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
This is not a mandatory option.
- Document all missing jail_* options in rc.conf(5).
Approved by: cperciva (mentor)
MFC after: 2 weeks
daemon in the base system and all the IKE daemons in the Ports
Collection has their own rc.d script.
OK'ed by: dougb
Discussed on: freebsd-rc
MFC after: 1 month
Approved by: cperciva (mentor)
Do install sys/security/audit include files. It would be nice just
to install audit_ioctl.h, but we seem only to support installing
directories, so we get them all. The two not intended for extra-
kernel use have !_KERNEL #error's, which should help.
Obtained from: TrustedBSD Project
you booted from, unless /boot/kernel already exists and is not a symlink.
This should only affect people like me who juggle multiple kernels and
have KODIR = /boot/${KERN_IDENT} in /etc/make.conf to keep them apart.
into one function syscons_configure_keyboard(). Call new function from
both syscons_start() and sysconst_setkeyboard(). The reason for this
is because syscons_start() will (re)configure both keyboard and screen
settings. Apparently, some graphics cards have problems with running
vidcontrol(1) while X11 is running.
Remove "/etc/rc.d/syscons restart" from /etc/devd.conf. It is no longer
required. Using "/etc/rc.d/syscons setkeyboard" is enough. This also
should fix annoying "syscons not running?" message.
Tested by: Ulrich Spoerlein < q at galgenberg dot net >
MFC after: 3 days
a control variable was misspelled as `SCRIPTS_NAME_isdntel.sh'
(should've been `SCRIPTSNAME_isdntel.sh') when the Makefile was
converted to using <bsd.prog.mk>. Consequently, `isdntel.sh' has
been installed as `isdntel' since then. Nevertheless, nobody has
been unhappy with the change. So it's time to make it official.
Approved by: hm
Pointy hat to: ru
MFC after: 3 days
keyboard device name (i.e. /dev/kbd0). This method will do nothing is
kbdmux(4) is the current active keyboard, otherwise it will switch
active keyboard as requested.
Modify ukbd(4) entries in the /etc/devd.conf to use /etc/rc.d/syscons
and new 'setkeyboard' method.
No comments from: freebsd-current@
MFC after: 1 day
directory when we have 10+ ports that make use of it, and now we have
only 3. This change would come back if the tt/ usage grown up to the
level.
Knowledge provided by: krion, kris
the ongoing re-alignment of ordering that is necessary as a result of
including local scripts in the base rcorder. [1]
Accomplish this by removing the BEFORE's, and using REQUIRE instead.
This makes the dependencies more obvious, and less susceptible to turning
circular and/or nonsensical when seemingly innocent changes are made
in one place and not another.
Requested by: delphij [1]
and not under machdep as the behaviour is controlled by the process.
When PSR.ac is set the process expects to receive a SIGBUS. Otherwise
the processor or the kernel will emulate the misaligned memory access.
MFC after: 3 days
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags
are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
64.15.205.248 address, change host to "foobar". This won't be
resolvable in most cases, so administrator will need to change it.
Also do not send our trap messages to 64.15.205.248, use localhost
as default traphost.
RSC (Remote System Control) connected via uart2 as console working out
of the box. On machines that use uart2 to connect a keyboard and thus
the ttyu2 node doesn't exist this will trigger a warning from getty(8)
but cause no real harm.
MFC after: 1 week
Allow user to decide if SAD and SPD entries should be flushed on 'reload'.
With this change flush/spdflush is not done automatically (it could still
be done from ipsec.conf).
supported and that users of REFUSE directives should update their
entire ports tree before asking for help on the mailing lists.
Requested by: kris
MFC after: 3 days