| Age | Commit message (Collapse) | Author |
|---|
|
Fixes: f74f891581bc ("src.opts: Introduce MK_SOUND")
PR: 292436
Sponsored by: The FreeBSD Foundation
MFC after: 4 days
Reviewed by: ivy, emaste
Differential Revision: https://reviews.freebsd.org/D54706
|
|
Add rc.conf defaults for the os-release URL settings introduced in the
os-release rc.d script. This makes it easier for downstream integrators
and appliances to override the URLs via rc.conf instead of patching the
script.
The following variables are added to libexec/rc/rc.conf:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url
These correspond to HOME_URL, DOCUMENTATION_URL, SUPPORT_URL, and
BUG_REPORT_URL in the generated os-release file.
Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961
|
|
Add DOCUMENTATION_URL and SUPPORT_URL to the generated /var/run/os-release
file, and route the existing URLs through rc.conf-configurable variables:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url
This allows downstreams and appliance vendors to customize these URLs
without patching the base script, while providing useful defaults for
stock FreeBSD installations.
Tested:
- sh -n libexec/rc/rc.d/os-release
- (No FreeBSD host available; not runtime-tested yet)
Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961
|
|
PR: 291853
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: zarychtam_plan-b.pwste.edu.pl, markj
Differential Revision: https://reviews.freebsd.org/D54456
|
|
As a free bonus the tapping points are now able to match packet direction.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D53875
|
|
Reported by: gtetlow
Fixes: 39ee24182b92 ("rc.subr: Support setting the audit user when starting services")
MFC after: 1 week
|
|
ipfilter options are erased and reset to default when ipfilter is
disabled. This results in nullifying options from rc.conf that were
previously set.
8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.
Fixes: 8d6feaaaa26f
MFC after: 1 day
|
|
MFC after: 1 day
|
|
This rc script exists solely to create a file, so have it explicitly
require FILESYSTEMS. In its current form, it was as likely as not to
end up running before cleanvar, which would undo its work.
MFC after: 3 days
Fixes: 384d976725a5 ("rc.d: Add precious_machine rc.conf knob to create /var/run/noshutdown")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54119
|
|
Instead of having FILESYSTEMS require cleanvar, which doesn't really
make semantic sense, say that cleanvar needs to run before FILESYSTEMS.
MFC after: 3 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54118
|
|
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
MFC after: 3 days
|
|
When an unprivileged user restarts a service using, e.g., sudo, the
service runs with the audit user ID set to that of the unprivileged
user. This can have surprising effects: for instance, a user that
restarts a jail that is running sshd will end up with their UID attached
to all audit logs associated with users who log in via that sshd
instance. (sshd will set the audit user, but this is disallowed in
jails by default.)
Add support for rc.conf directives which cause rc to override the audit
user. Specifically, make <name>_audit_user=foo cause the audit user to
be set to "foo" for service <name>. A plain audit_user=foo directive
causes all services to be started as foo.
Note, like other similar rc features, this feature is limited to rc
services which are run by executing a command. Shell functions can't be
wrapped this way.
Reviewed by: 0mp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53747
|
|
When running an rc command, if the target rc script defines
<command>_cmd, e.g., start_cmd=..., then the run_rc_command() executes
that instead of $command. In general it's a shell function, and
"cpuset -l <n> <shell function>" doesn't work.
Moreover, it doesn't really make sense to run cpuset for anything other
than start_cmd.
Other optional isolation mechanisms (e.g., <name>_fib,
<name>_chroot) are only used when invoking $command directly as part of
the "start" command. Make <name>_cpuset consistent with everything else
by removing these extraneous cpuset invocations.
Reviewed by: 0mp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53746
|
|
Specifically, make this code fit in fewer columns:
- deindent cases to conform to the usual style,
- use a local variable to minimize duplication in each case.
No functional change intended.
Reviewed by: 0mp, netchild
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D53754
|
|
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: imp, markj, emaste
Differential Revision: https://reviews.freebsd.org/D53616
|
|
Files read by '.' cannot workout for themselves where they are
or what they are called, so set dot_dir and dot_file to pass
this information to them.
Reviewed by: obrien, stevek
Differential Revision: https://reviews.freebsd.org/D53476
|
|
Instead of sleeping after pwait returns, use its new -p option to
obtain the list of processes that still have not terminated.
MFC after: 3 days
PR: 290357
Fixes: 5953e7c98427 ("rc.subr: Move the sleep in wait_for_pids")
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D53294
|
|
The blocklist daemon depends on a packet filter in order to block.
Add all supported packet filters to the REQUIRE line, not just pf, to
indicate rcorder(8) that it should start after the packet filter service
has started.
While here, change the mode of the rc file to include the executable
bit, just like the rest of the files in the rc.d source directory.
Reviewed by: 0mp
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53364
|
|
bfb202c4554a addresses the CTRL-EVENT-SCAN-FAILED. Upstream d807e289d
caused FreeBSD regression in driver_bsd.c, which this rc.d patch
worked around. As of bfb202c4554a this workaround is no longer needed.
052211e08c0e implemented this change for wpa_supplicant but not for
hostapd.
Reported by: avg
MFC after: 3 days
|
|
Allow umask to be configurable.
Being able to set the umask via an rc variable is useful when setting:
security.bsd.unprivileged_read_msgbuf=0
As it allows a user to configure:
dmesg_umask="066"
Without modifying the rc script, and preventing the contents of the
$dmesg_file (/var/run/dmesg.boot) from being publicly readable.
PR: 272552
Reviewed by: netchild
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53169
|
|
Reviewed by: emaste
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53168
|
|
This more accurately reflects its purpose, and its contents, since
everything in the package is prefixed with "local-".
While here, add a message on upgrade about regenerating the config.
MFC after: 3 seconds
Requested by: des
Reviewed by: des
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53056
|
|
Follow up upstream rename from blacklist to blocklist.
- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anchor names should work, but emitting an ugly
warning
- Old MK_BLACKLIST* knobs are wired to the new ones
Although care has been taken not to break current configurations, this
is a large patch containing mostly duplicated code. If issues arise, it
will be swiftly reverted.
Reviewed by: ivy (pkgbase)
Approved by: emaste (mentor)
MFC after: 2 days
Relnotes: yes
|
|
sndiod is part of audio/sndio, so we should avoid referencing a port
utility from base.
We should also require NETWORKING for the service to start, since
virtual_oss can be configured to send audio through the network.
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: des, markj, emaste
Differential Revision: https://reviews.freebsd.org/D53019
|
|
Reviewed by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D52954
|
|
After commit 900bc0206348, zpool depends on mountcritlocal. zpoolreguid
and zpoolupgrade depend on zpool and want to run before mountcritcycle,
so we have a pair of cycles.
Update zpoolreguid and zpoolupgrade to avoid this.
Reviewed by: des
MFC after: 3 days
Fixes: 900bc0206348 ("rc.d/zpool: change mountcritlocal dep from BEFORE to REQUIRE")
Differential Revision: https://reviews.freebsd.org/D52953
|
|
Replace .if statements with CONFGROUPS.${MK_FOO} where possible,
and also sort and re-indent the file for readability.
A couple of more complicated sections don't work with CONFGROUPS.yes
yet, so leave those as they are for now.
MFC after: 1 week
Reviewed by: imp
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D52974
|
|
Disable if IPv6 is not supported, and instead of 10 seconds, default to
one more than the value of net.inet6.ip6.dad_count.
Fixes: 5ead817c3b7a ("rc: Teach netwait to wait for DAD")
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D52905
|
|
In some configurations, especially in jails, it is possible for the
system to boot so fast that we end up launching daemons while duplicate
address detection is still ongoing. If that happens, said daemons may
fail to bind to IPv6 addresses, as they are still tentative. Teach the
netwait service to wait (up to 10 seconds, by default) for the tentative
flag to vanish.
MFC after: 1 week
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D51889
|
|
Put virtual_oss, /etc/devd/snd.conf and the other audio-related tools
into a new "sound" package. Don't create a separate -lib package,
since it's unlikely someone will want mixer(3) without mixer(8).
Put the sound package in the optional set rather than minimal, since
it's not actually required for audio hardware support, and many systems
(including nearly all servers) won't want it installed.
MFC after: 3 seconds
Reviewed by: christos
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D52823
|
|
There is no virtual_oss package. Install the virtual_oss script in
rc, since there's currently no specific package for sound utilities.
This fixes the pkgbase build.
Fixes: f040ee6e4078 ("virtual_oss: Do not build if WITHOUT_CUSE is set")
|
|
PR: 289920
Fixes: 9cab9fde5eda ("virtual_oss: Port to base")
Sponsored by: The FreeBSD Foundation
MFC after: 1 day
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D52807
|
|
This was previously deprecated and is slated for removal in 15.0.
Users who still need ftpd(8) can install the ftp/freebsd-ftpd port.
Retain the ftp(d) PAM services since other FTP daemons use them.
Update /etc/inetd.conf to point to /usr/local.
Add ftpd to ObsoleteFiles, but do not list configuration files since
users may want to preserve these to use with the freebsd-ftpd port.
There is still some language in the manual referring to ftpd(8)
which is relevant to the port, which has been retained but updated
to reference the port.
MFC after: 3 days
Relnotes: yes
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D52739
|
|
This patch diverges quite a bit from the current upstream [1] in a few
ways:
1. virtual_oss(8), virtual_bt_speaker(8) and virtual_oss_cmd(8) are
actually separate programs.
2. Backends (lib/virtual_oss) are built as separate shared libraries and
we dlopen() them in virtual_oss(8) and virtual_bt_speaker(8) on
demand.
3. virtual_equalizer(8) and the sndio and bluetooth backends are built
as ports, because they depend on third-party libraries.
4. Use newer libav API in bluetooth backend (see HAVE_LIBAV ifdefs) to
address compiler errors.
[1] https://github.com/freebsd/virtual_oss
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D52308
|
|
After f99f0ee14e3a ("rc.d: add a service jails config to all base system
services"), the FTP service ignores the flags configured in ftpd_flags:
# sysrc ftpd_flags=-B
ftpd_flags: -> -B
# service ftpd enable
ftpd enabled in /etc/rc.conf
# service ftpd start
Starting ftpd.
# pgrep -fl ftpd
1234 /usr/libexec/ftpd -D
Notice the absence of the "-B" flag.
PR: 285600
Reviewed by: 0mp, emaste
Approved by: emaste (mentor)
Fixes: f99f0ee14e3a ("rc.d: add a service jails config to all base system services")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52745
|
|
MFC after: 1 day
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D52650
|
|
Nearly everyone wants powerd to manage CPU frequency scaling on real
hardware, even if -utilities isn't installed. Conversely, very small
jails might want -utilities but don't need powerd.
Move it to its own package and add it to the minimal set.
MFC after: 1 day
Reviewed by: manu, imp
Differential Revision: https://reviews.freebsd.org/D52645
|
|
Instead of sleeping while constructing the list of PIDs to wait for,
sleep briefly after pwait to give init a chance to reap the processes
that just terminated before we loop around and start probing them.
PR: 289630
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D52619
|
|
This fixes "usage: basename string [suffix]" message.
Reported by: cy
MFC after: 1 day
|
|
It is appeared that currently starting of moused does not depend on
moused_enable variable value in rc.conf. That leads to missing USB mice
support in default configuration. Start moused in traditional per
device mode with devd to follow POLA.
One daemon per system mode still can be enabled with setting of
moused_port="auto"
moused_nondefault_enable="NO"
variables in /etc/rc.conf
To revert to sysmouse mode add moused_type="sysmouse" to /etc/rc.conf
Reported by: many
Requested by: glebius
Reviewed by: glebius
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D52430
|
|
to evdev or sysmouse. It is required to avoid receiving of double events
on hybrid devices supporting both interfaces like ums (4).
MFC after: 1 day
Reviewed by: glebius (via private chat)
Differential Revision: https://reviews.freebsd.org/D52647
|
|
The new daemon have following properties as compared with previous
incarnation:
- evdev protocol support for mices and touchpads. Additionally to
relative PS/2 and USB devices it enables console support for I2C/USB
touchpads and bluetooth mices.
- Other aged protocols like COM, raw PS/2 and X10 are dropped with only
exception of sysmouse. For those who still use them there is an
utility called msconvd(8).
- single daemon per system where hotplug is processed via devd socket.
Per device mode still supported too.
- Configuration and quirks files in libinput-compatible format.
Actually, the new moused config parser is taken from libinput.
The moused(8) can work in 2 modes:
1. Evdev support mode. It enables all previously mentioned devices.
It is enabled by deault.
2. Sysmouse support mode. All should work as before.
No new devices supported. To enable it add following lines to
/etc/rc.conf:
moused_port="/dev/psm0"
moused_nondefault_enable="YES"
One may add hw.usb.usbhid.enable=0 to /boot/loader.conf to enable
ums(4) driver which supports sysmouse protocol.
Differential Revision: https://reviews.freebsd.org/D52164
|
|
The dtrwait wait functionality was dropped in the TTY MPSAFE rewrite for
FreeBSD 8. Remove referneces to it here. Also, the sysctl was renamed
for drainwait, so use the new name. Given the 16 years between this
event and somebody noticing, I strongly suspect this file can just be
removed.
Sponsored by: Netflix
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D52316
|
|
Cyclades and digiboard drivers were removed in 2017 and 2016
respectively. There's no need for these anymore.
Sponsored by: Netflix
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D52315
|
|
A VM had no virtual terminals and emitted a warning on boot
`eval: cannot open /dev/ttyv*: No such file or directory`.
Break the loop in this case to avoid the warning.
PR: 289173
Reviewed by: jlduran
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52344
|
|
Fix a redirect of stderr to stdout which is going to /dev/null.
A '&' got missing in the original rewrite from the review that
I took and committed. Seems no one had noticed during testing
or review. People may have ended up with a "/1" file in their
root file system.
Fixes: 40652f86b5ef
Reported by: Vladyslav Movchan (vladislav.movchan gmail.com)
MFX after: 3 days
X-MFC: squash
|
|
During startup hccontrol reset needs to be run multiple times
for iwbt to work more reliably. Add a loop trying up to
three times.
Tested by: various (original version; I changed test to -eq)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D44861
|
|
For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of
Kerberos and is always built if MK_KERBEROS is enabled. Backport this
behaviour to Heimdal so it works the same way.
While here, change Heimdal's libcom_err and compile_et to be selected by
MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos
and third-party users might need it even if Kerberos support is disabled
in the base system. This means MK_KERBEROS_SUPPORT installs the same
files with both MIT and Heimdal.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51859
|
|
This reverts commit 7ac276298b72982189ac1a5b17461936dc00163e.
Requested by: kib
|
|
Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.
Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.
Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.
Remove the documentation for the old functions.
Remove rpc.ypupdated since it requires DES authentication.
Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442
|
