This removes the WITH_BSDCONFIG description alltogether, since this option
is removed.
At the same time, fix the WITHOUT_LIBCPLUSPLUS option that had gotten
inverted.
There are now six additional variables
weekly_status_security_enable
weekly_status_security_inline
weekly_status_security_output
monthly_status_security_enable
monthly_status_security_inline
monthly_status_security_output
alongside their existing daily counterparts. They all have the same
default values.
All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.
"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script. The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".
Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.
When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
myfbsd security run output -> myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.
Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section. I left them in
place for this commit to make reviewing easier.
Reviewed by: hackers@
Newly-configured systems should use $cloned_interfaces.
- Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}.
ifnet_rename() now accepts an interface name list as its argument.
- Add rc.d/netif clear. The "clear" subcommand is basically equivalent to
"stop" but it does not call clone_down().
- Add "ifname:sticky" keyword into $cloned_interfaces. If :sticky is
specified, the interface will not be destroyed in rc.d/netif stop.
- Add cloned_interfaces_sticky={YES,NO}. This variable globally sets
:sticky keyword above for all interfaces. The default value is NO.
When cloned_interfaces_sticky=YES, :nosticky keyword can be used to
override it on per interface basis.
device names "md" or "md[0-9]*" and a "file" option are specified in
/etc/fstab like this:
md none swap sw,file=/swap.bin 0 0
- Add GBDE/GELI encrypted swap space specification support, which
rc.d/encswap supported. The /etc/fstab lines are like the following:
/dev/ada1p1.bde none swap sw 0 0
/dev/ada1p2.eli none swap sw 0 0
.eli devices accepts aalgo, ealgo, keylen, and sectorsize as options.
swapctl(8) can understand an encrypted device in the command line
like this:
# swapctl -a /dev/ada2p1.bde
- "-L" flag is added to support "late" option to defer swapon until
rc.d/mountlate runs.
- rc.d script change:
rc.d/encswap -> removed
rc.d/addswap -> just display a warning message if $swapfile is defined
rc.d/swap1 -> renamed to rc.d/swap
rc.d/swaplate -> newly added to support "late" option
These changes alleviate a race condition between device creation/removal
and swapon/swapoff.
MFC after: 1 week
Reviewed by: wblock (manual page)
This is an extended version of ipv4_addr_IF which supports both IPv4 and
IPv6, and multiple range specifications. To avoid to generate too many
addresses, the maximum number of the generated addresses is currently
limited to 31.
- Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable.
- ipv6_prefix_IF now supports !/64 prefix length. In addition to the old
64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64
is supported.
- Replace ifconfig command with $IFCONFIG_CMD variable to support
a dry-run mode in the future.
- Remove IP aliases before removing all of IPv4 addresses when doing
"rc.d/netif down".
- Add a DAD wait to network6_getladdr() because it is possible to fail to
configure an EUI64 address when ipv6_prefix_IF is specified.
A summary of the supported ifconfig_* variables is as follows:
# IPv4 configuration.
ifconfig_em0="inet 192.168.0.1"
# IPv6 configuration.
ifconfig_em0_ipv6="inet6 2001:db8::1/64"
# IPv4 address range spec. Now deprecated.
ipv4_addr_em0="10.2.1.1-10"
# IPv6 alias.
ifconfig_em0_alias0="inet6 2001:db8:5::1 prefixlen 70"
# IPv4 alias.
ifconfig_em0_alias1="inet 10.2.2.1/24"
# IPv4 alias with range spec w/o AF keyword (backward compat).
ifconfig_em0_alias2="10.3.1.1-10/32"
# IPv6 alias with range spec.
ifconfig_em0_alias3="inet6 2001:db8:20-2f::1/64"
# ifconfig_IF_aliases is just like ifconfig_IF_aliasN.
ifconfig_em0_aliases="inet 10.3.3.201-204/24 inet6 2001:db8:210-213::1/64 inet 10.1.1.1/24"
# IPv6 alias (backward compat)
ipv6_ifconfig_em0_alias0="inet6 2001:db8:f::1/64"
# IPv6 alias w/o AF keyword (backward compat)
ipv6_ifconfig_em0_alias1="2001:db8:f:1::1/64"
# IPv6 prefix.
ipv6_prefix_em0="2001:db8::/64"
Tested by: Kimmo Paasiala
{,ipv6_}static_routes and rc.d/routing. For example:
static_routes="foo bar:em0"
route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1"
route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2"
At boot time, all of the static routes are installed as before.
The differences are:
- "/etc/rc.d/netif start/stop <if>" now configures static routes
with :<if> if any.
- "/etc/rc.d/routing start/stop <af> <if>" works as well. <af> cannot be
omitted when <if> is specified, but a keyword "any" or "all" can be used
for <af> and <if>.
'install' since it breaks buildworld after the introduction and
use of 'install -l' in r245752. Overriding INSTALL causes
/usr/bin/install to be used instead of the proper
/usr/src/tools/install.sh which handles the new flag.
Approved by: bapt
MFC after: 2 weeks
The description explains why we should not configure "path",
"host.hostname", "command", "ip4.addr" and ip6.addr" parameters with
this, but rather use the historical rc.conf(5) options.
MFC after: 3 days
be used on the host system (and not installed on the device, if required). The
GPL'd one is still available if there are any devices that need it (make
universe passes with it, including kernels that use fdt, but there may be some
out-of-tree ones). WITH_GPL_DTC can be used to select the old one, for now.
Probably won't be MFC'd, but we'll remove the GPL'd version in head after the
new one has had a lot more testing and ship it in 10.0.
