variable to check for debug functionality. Previously, you had to set
both 'debug' and 'SYSINSTALL_DEBUG' to get a log of sysinstall's
activities. Now, only 'debug' is necessary.
useful for post install configuration or other cases that might not be
handled by usb.c. (usb.c already sets usbd_enable iff sysinstall
detects usb during install).
PR: bin/18946
Submitted by: Peter van Heusden <pvh@egenetics.com>
Reviewed by: jhb
and RTSOL in sysinstall. If the respective TRY_FOO variable is set to
"YES" then it will be tried without prompting the user.
However, if the TRY_FOO variable is set to "NO" then the user will not
be prompted for a choice. This is the correct behavior, since we want
people to be able to script sysinstall in either case.
However, the default TRY_FOO variable has been "NO" since 1999. This
is incorrect, and when the logic was corrected in tcpip.c this has the
effect of never giving the user a choice to use DHCP or IPv6. The
value should be undefined until it is set by a script or by the user.
Submitted by: Randy Pratt, Chern Lee, many others.
post-configuration "Startup" menu. In the event that diskcheckd is
removed, this can easily be trimmed also; in the mean time, it allows
diskcheckd to be easily disabled using our documented management
tool
the name for the moderate security profile is "moderate", not
"medium", so update this one reference to it as "medium".
This is a 4.4-RELEASE MFC candidate.
MFC after: 2 days
Add a timestamp to the comment so that it's possible to see when
changes were made.
e.g.:
# -- sysinstall generated deltas -- # Wed Aug 15 18:10:20 2001
conservative default, and actually prompt specifically for inetd rather
than handling it as a side effect of the security profile. Update the
help file to reflect this change.
o Rename "Fascist" to "Extreme" in the source code, to match the names
presented to the user.
o Remove portmap and inetd from profile management. Portmap is now
disabled by default, but automatically turned on if a feature requires
it (such as NFS, etc).
This is an MFC candidate for 4.4-RELEASE.
Reviewed by: freebsd-arch@FreeBSD.org
Approved by: re@FreeBSD.org
MFC after: 2 days
post-install config, reduce the potential confusion from the existence
of both configTTYs and configTtys by renaming configTTYs to
configEtcTtys. While this is not a C naming conflict, it was probably
a poor choice of names on my part.
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
blown over by the Hurricane and had a house dropped on you by the Tornado.
Now it's time to have your parade rained on by... the Typhoon!
This commit adds driver support for 3Com 3cR990 10/100 ethernet
adapters based on the Typhoon I and Typhoon II chipsets. This is actually
a port of the OpenBSD driver with many hacks by me.
No Virginia, there isn't any support for the hardware crypto yet. However
there is support for TCP/IP checksum offload and VLANs.
Special thanks go to Jason Wright, Aaron Campbell and Theo de Raadt for
squeezing enough info out of 3Com to get this written, and for doing
most of the hard work.
Manual page is included. Compiled as a module and included in GENERIC.
names suggest, they perform methods on Device's. In addition, they
check that the pointer passed to them is valid; if it isn't, they
pretend that the action failed. This fixes some crashes due to NULL
dereferences (e.g., PR 26509).
Approved by: jkh (some time ago)
/usr/share/syscons/keymaps. This should prevent word breakage when new keymaps
have been added.
Prompted by: Matthew D. Fuller <fullermd@over-yonder.net>
and DP83821 gigabit ethernet MAC chips and the NatSemi DP83861 10/100/1000
copper PHY. There are a whole bunch of very low cost cards available with
this chipset selling for $150USD or less. This includes the SMC9462TX,
D-Link DGE-500T, Asante GigaNIX 1000TA and 1000TPC, and a couple cards
from Addtron.
This chip supports TCP/IP checksum offload, VLAN tagging/insertion.
2048-bit multicast filter, jumbograms and has 8K TX and 32K RX FIFOs.
I have not done serious performance testing with this driver. I know
it works, and I want it under CVS control so I can keep tabs on it.
Note that there's no serious mutex stuff in here yet either: I need
to talk more with jhb to figure out the right way to do this. That
said, I don't think there will be any problems.
This driver should also work on the alpha. It's not turned on in
GENERIC.
/usr/src/usr.sbin/sysinstall/menus.c:1323: initializer element is not computable at load time
/usr/src/usr.sbin/sysinstall/menus.c:1323: (near initialization for `MenuNetworking.items[9].aux')
Eliminate an old warning brought about by insufficient foresight when creating
the Menu structure. Have I ever mentioned that sysinstall really needs to
be rewritten?
1. Has a time-stamp to show when it was created
2. Sorts and uniq's the output to only contain single instances of a
given setting. This doesn't mean you still can't have settings which
override one another, that's still possible since it's too much
trouble to do the redundancy checking here.
Requested by: lots of people
a few cosmetic problems:
o Allow it to work with scripts (see man page or install.cfg file).
o Preserve old softupdates flag across newfs toggles
o Clean up partitioned/labelled flag handling
o Don't ask for MBR choice again if you've already written it out.
o Actually document the new features.
and also obey most of the rules of english in their construction.
Add a help screen for the security menu which gives the user a rough idea
just what the various security profiles do.
need to manually force the network_interfaces variable in /etc/rc.conf,
and it only ever gets in the way. rc.network and rc.network6 DTRT with
the default of 'auto'. This should have died over a year ago.
not right because rtermcap would be reading the *host* termcap, not
from the termcap in the src tree. Besides, /usr/sbin/sysinstall
(not the crunched one in /stand) should use the runtime termcap
not the precompiled set.
static version that installs in /stand. Also, don't use an extra
before-install target to create /stand.
- Add missing $FreeBSD$.
- Fix dependencies to handle keymap.h. (*)
Submitted by: obrien (*)
non-advertised option (F = "FreeBSD only"), and leave the A key with
standard partitioning. It seems people still want a runtime backdoo
to get to dangerously dedicated mode.
at people. This has been sitting in my tree for a few months now. I
have spoken with quite a few folks about this and the support for doing
this was pretty strong. I dont remember names though, so I cannot share
the blame :-(. Note that this does not *remove* DD mode, it just stops
waving it at new users. You can still set it via config files etc, and
the bootblocks and kernel still support it. You can still use disklabel
to make true DD disks.
no as a default. Sysinstall should be both less dangerous and less
annoying as a result of this change, though that's just my opinion
(since they're the defaults which annoy ME the least :).
standard or serial. This change needs to be done to the entire system that
depends on this. This way we don't have some code using OnVTY checks
and other doing
strcmp(variable_get(VAR_FIXIT_TTY), "standard") == 0
checks. Also we need to set VAR_FIXIT_TTY to "serial" if we come up on
a serial console.
Also fixed a dialog problem in that dialog was used when dialog was
disabled causing some troubles such as not letting the cursor keys
work when exiting the fixit mode on media (ie. not the fixit shell but
for example fixit on a floppy).
Submitted by: Doug Ambrisko <ambrisko@whistle.com>
PR: 22352
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
Replace all in-tree uses with necessary subset of <sys/{fb,kb,cons}io.h>.
This is also the appropriate fix for exo-tree sources.
Put warnings in <machine/console.h> to discourage use.
November 15th 2000 the warnings will be converted to errors.
January 15th 2001 the <machine/console.h> files will be removed.
Approved by: jkh
Write kern_securelevel_enable variable to rc.conf if user selects
medium or low security in sysinstall. This overrides the case where a
user selects fascist security and then tries to go back to a lower
setting.
a default. This should prevent people from whacking return at
the Distributions menu and getting nothing selected as a result
(a minimal "standard" system will at least install).
Flagged as big tech support headache by: Chris Shumway <cshumway@osd.bsdi.com>
support which use National Semiconductor DP8393X (SONIC) as ethernet
controller. Currently, this driver is used on only PC-98.
Submitted by: Motomichi Matsuzaki <mzaki@e-mail.ne.jp>
Obtained from: NetBSD/pc98
appropriate(?) defaults for "low", "medium" and "high" security
environments. Medium is basically what we currently have with a little
seat-belt tightening where it made sense. Low is the same as medium but
without the tightening. High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
Previously, these cards were supported by the lnc driver (and they
still are, but the pcn driver will claim them first), which is fine
except the lnc driver runs them in 16-bit LANCE compatibility mode.
The pcn driver runs these chips in 32-bit mode and uses the RX alignment
feature to achieve zero-copy receive. (Which puts it in the same
class as the xl, fxp and tl chipsets.) This driver is also MI, so it
will work on the x86 and alpha platforms. (The lnc driver is still
needed to support non-PCI cards. At some point, I'll need to newbusify
it so that it too will me MI.)
The Am79c978 HomePNA adapter is also supported.
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null. Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)
Reviewed by: jhb
Discussed with: The usual cabal
Now, if a release is specified, instead of just looking for a directory
with the same name as the release, try several possible directories (each
suffixed with the release name) relative to the base directory including
".", "releases/MACHINE", "snapshots/MACHINE", and each of those prefixed
with "pub/FreeBSD/". This will allow us to remove the evil symlinks under
pub/FreeBSD/releases/MACHINE/ to the snapshots on the ftp site.
does bad things to /etc/make.conf in certain situations. Also
soften the "don't install crypto from the USA!" messages since,
except for RSA (which is still noted), that's not so true anymore.
IPv6 configuration is only done by rtsol. Does someone really
need manual configuration? :-)
You can specify IPv6 DNS server as well.
We have only one server ftp7.jp.freebsd.org that speaks IPv6
in this time. ftp7.jp speaks IPv4 as well and also listed as
Japan #7.
Approved by: jkh
boot.flp and plain boot.flp.
- Clean up crunchgen related routine.
- Add PC-98 support.
TODO:
o Documentation
o Fix some messages for PC-98
o Decrease the size of fixit.flp to 1.2MB
o I18N (See: http://www.jp.FreeBSD.org/BootAsia/index.html)
No response from jkh
setting 'usbd_enable' in rc.conf during nwe installs if USB is detected.
Also, since usbd already handles USB mice automatically, note that the
mouse setup section in sysinstall only applies to non-USB mice.
Approved by: jkh
You can't enable 'emulate 3 button' option for moused in sysinstall.
This adds a menu option to set moused_flags and the help text explains
that entering "-3" will enable this feature.
be detected by netscape and such.
PR: bin/17659
Submitted by: Murray Stokelay <murray@cdrom.com>
Approved by: jkh
jkh made updates that conflict with the submitters patch, so I updated
accordingly, any mistakes are mine, not the submitters.
