| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed by: kib
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54507
|
|
Fixes: f74f891581bc ("src.opts: Introduce MK_SOUND")
PR: 292436
Sponsored by: The FreeBSD Foundation
MFC after: 4 days
Reviewed by: ivy, emaste
Differential Revision: https://reviews.freebsd.org/D54706
|
|
The stock assert() works because rtld-libc includes a custom
implementation of __assert().
Reviewed by: imp, kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54712
|
|
This is a no-op on non-CHERI architectures, but is required for CHERI
where Elf_Addr is only an address and not a complete pointer.
While here, consistently use `uintptr_t *` for arrays of init/fini
function pointers.
Reviewed by: imp, kib
Effort: CHERI upstreaming
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54711
|
|
Store phnum in Obj_Entry instead of phsize and use that to simplify
the terminate expressions when iterating over program headers.
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54710
|
|
Function arguments are based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)
Reviewed by: kib, andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54559
|
|
Add rc.conf defaults for the os-release URL settings introduced in the
os-release rc.d script. This makes it easier for downstream integrators
and appliances to override the URLs via rc.conf instead of patching the
script.
The following variables are added to libexec/rc/rc.conf:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url
These correspond to HOME_URL, DOCUMENTATION_URL, SUPPORT_URL, and
BUG_REPORT_URL in the generated os-release file.
Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961
|
|
Add DOCUMENTATION_URL and SUPPORT_URL to the generated /var/run/os-release
file, and route the existing URLs through rc.conf-configurable variables:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url
This allows downstreams and appliance vendors to customize these URLs
without patching the base script, while providing useful defaults for
stock FreeBSD installations.
Tested:
- sh -n libexec/rc/rc.d/os-release
- (No FreeBSD host available; not runtime-tested yet)
Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961
|
|
PR: 291853
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: zarychtam_plan-b.pwste.edu.pl, markj
Differential Revision: https://reviews.freebsd.org/D54456
|
|
Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1957
|
|
As reported on the freebsd-announce mailing list[1] FreeBSD is
continuing to retire 32-bit support. Remove powerpcspe from build
infrastructure.
[1] https://lists.freebsd.org/archives/freebsd-announce/2024-February/000117.html
Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: jhibbits, emaste
Pull request: https://github.com/freebsd/freebsd-src/pull/1914
|
|
with recent change nuageinit always create a "freebsd" user, if no
users are specified, which means we do need to get the rootdir in the
testsuite containing a group file otherwise pw complains and the tests
fails.
|
|
This address the situation reported here
https://github.com/freebsd/freebsd-src/pull/1952#issuecomment-3720210259
The user-data file was missing and the `sethostname` function is never
called. This commit adjusts slightly the logic to avoid the `exit()` call
when the `user-data` file is missing.
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Differential Revision: https://github.com/freebsd/freebsd-src/pull/1953
|
|
The "default" user should only be created when:
- the `users` key is missing
- or the `default` string is present in the `users` list
Since the `public_keys` is extracted from the meta-data, this patch has
to slightly adjust the way they are loaded.
The change simplify the logic around the default user SSH key injection.
Both `ssh_authorized_keys` and `public_keys` are handled at the same time.
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1952
|
|
MFC After: 1 week
|
|
Clarify that both `sudo` and `doas` are not part of the base system and
they need to be listed in the `packages` section if the user wants to
enable them.
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1944
|
|
This change enhances `config2_network()` to honor the DNS
configuration, when it's defined through the `services` section.
The `network_data.json` file can hold DNS configuration at two different
places:
- within a network configuration entry
- or `dns` entry in the `services` section, in this case the configuration is global.
An example of such configuration:
{"links": [{"id": "interface0", "type": "phy",
"ethernet_mac_address": "52:54:00:01:59:03"}], "networks": [{"id": "private-ipv4-0", "type": "ipv4", "link": "interface0",
"ip_address": "192.168.123.5", "netmask": "255.255.255.0", "routes": [{"network": "0.0.0.0", "netmask": "0.0.0.0", "gateway":
"192.168.123.1"}], "network_id": "9e5b1ed9-f5e6-4941-a90f-2e06bab858de", "dns_nameservers": ["192.168.123.1"], "services": [{"type":
"dns", "address": "192.168.123.1"}]}], "services": [{"type": "dns", "address": "192.168.123.1"}]}
See: https://docs.openstack.org/nova/latest/user/metadata.html
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1941
|
|
Since the initializer is used in other places where we can't just
replace it with a char-by-char initializer, this adds a macro for the
nonstring attribute (match the linuxkpi definition).
Reviewed by: emaste, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52535
|
|
As a free bonus the tapping points are now able to match packet direction.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D53875
|
|
Reported by: gtetlow
Fixes: 39ee24182b92 ("rc.subr: Support setting the audit user when starting services")
MFC after: 1 week
|
|
ipfilter options are erased and reset to default when ipfilter is
disabled. This results in nullifying options from rc.conf that were
previously set.
8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.
Fixes: 8d6feaaaa26f
MFC after: 1 day
|
|
MFC after: 1 day
|
|
This rc script exists solely to create a file, so have it explicitly
require FILESYSTEMS. In its current form, it was as likely as not to
end up running before cleanvar, which would undo its work.
MFC after: 3 days
Fixes: 384d976725a5 ("rc.d: Add precious_machine rc.conf knob to create /var/run/noshutdown")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54119
|
|
Instead of having FILESYSTEMS require cleanvar, which doesn't really
make semantic sense, say that cleanvar needs to run before FILESYSTEMS.
MFC after: 3 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54118
|
|
This prevents dumping the memory layout of setugid processes.
MFC after: 3 days
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54033
|
|
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
MFC after: 3 days
|
|
|
|
In arch_fix_auxv(), remove local variable shadowing the argument,
remove write-only variable, and declare the loop variable.
The wrong patch was committed after series of local reverts and
re-apply.
Fixes: b2b3d2a962eb00005641546fbe672b95e5d0672a
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
|
Add guards against attempting to process a user data file with an empty
first line or contents.
PR: 290395
Reviewed by: bapt (earlier), dtxdf, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53239
|
|
No functional change intended.
Reviewed by: bapt, dtxdf, kevans
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53238
|
|
Tested by: Timothy Pearson (tpearson_raptorengineering.com)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53801
|
|
- s/outout/output/
MFC after: 3 days
|
|
- s/environnement/environment/
- s/interger/integer/
MFC after: 3 days
|
|
When an unprivileged user restarts a service using, e.g., sudo, the
service runs with the audit user ID set to that of the unprivileged
user. This can have surprising effects: for instance, a user that
restarts a jail that is running sshd will end up with their UID attached
to all audit logs associated with users who log in via that sshd
instance. (sshd will set the audit user, but this is disallowed in
jails by default.)
Add support for rc.conf directives which cause rc to override the audit
user. Specifically, make <name>_audit_user=foo cause the audit user to
be set to "foo" for service <name>. A plain audit_user=foo directive
causes all services to be started as foo.
Note, like other similar rc features, this feature is limited to rc
services which are run by executing a command. Shell functions can't be
wrapped this way.
Reviewed by: 0mp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53747
|
|
When running an rc command, if the target rc script defines
<command>_cmd, e.g., start_cmd=..., then the run_rc_command() executes
that instead of $command. In general it's a shell function, and
"cpuset -l <n> <shell function>" doesn't work.
Moreover, it doesn't really make sense to run cpuset for anything other
than start_cmd.
Other optional isolation mechanisms (e.g., <name>_fib,
<name>_chroot) are only used when invoking $command directly as part of
the "start" command. Make <name>_cpuset consistent with everything else
by removing these extraneous cpuset invocations.
Reviewed by: 0mp
MFC after: 2 weeks
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D53746
|
|
Specifically, make this code fit in fewer columns:
- deindent cases to conform to the usual style,
- use a local variable to minimize duplication in each case.
No functional change intended.
Reviewed by: 0mp, netchild
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D53754
|
|
This updates the nuageinit man page by aligning mentions of the
cloud-config header line with the cloud-init documentation[0], removing
an unwanted "!" character.
[0] https://docs.cloud-init.io/en/latest/explanation/about-cloud-config.html#how-do-i-create-a-cloud-config-file
Signed-off-by: Jonathan Matthews <freebsd@hello.jonathanmatthews.com>
Differential Revision: https://reviews.freebsd.org/D53706
|
|
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: imp, markj, emaste
Differential Revision: https://reviews.freebsd.org/D53616
|
|
This periodic script only makes sense if mandoc is installed, so move
it to the mandoc package like other periodic scripts.
/usr/libexec/makewhatis.local only exists for the enjoyment of this
script, and doesn't work without mandoc installed, so move that as
well.
This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.
MFC after: never
Reviewed by: ziaee, manu
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53609
|
|
Commit 9065390ddc7b moved atf to its own package, but mistakenly moved
the tests as well. Put the tests back into the test package.
Fixes: 9065390ddc7b ("packages: Remove the tests-dev package")
MFC after: 1 day
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53594
|
|
Files read by '.' cannot workout for themselves where they are
or what they are called, so set dot_dir and dot_file to pass
this information to them.
Reviewed by: obrien, stevek
Differential Revision: https://reviews.freebsd.org/D53476
|
|
Instead of sleeping after pwait returns, use its new -p option to
obtain the list of processes that still have not terminated.
MFC after: 3 days
PR: 290357
Fixes: 5953e7c98427 ("rc.subr: Move the sleep in wait_for_pids")
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D53294
|
|
This reverts commit 2347ca21d657121670e6e7246c6ac32efc996cac.
A fix has been implemented in 99560fe98c76 ("pfctl: Do not warn if there
is no Ethernet anchor").
Revert this commit to avoid having differences with upstream.
MFC after: 2 days
|
|
This reverts commit 67ade69eb6079887215db1fde86eba2fb8e2acf7.
A fix has been implemented in a943a96a50ba ("libpfctl: Fix displaying
deeply nested anchors").
Revert this commit to avoid having differences with upstream.
|
|
The blocklist daemon depends on a packet filter in order to block.
Add all supported packet filters to the REQUIRE line, not just pf, to
indicate rcorder(8) that it should start after the packet filter service
has started.
While here, change the mode of the rc file to include the executable
bit, just like the rest of the files in the rc.d source directory.
Reviewed by: 0mp
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53364
|
|
flua is a standalone third-party component that deserves its own
package. In particular, this means things can use flua without
having to depend on FreeBSD-utilities, which will be useful as
more base utilities use flua.
This saves ~500kB in FreeBSD-utilities for systems which don't
need flua.
MFC after: 3 days
Reviewed by: kevans
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53161
|
|
It has been reported as PR 290478. In the meantime, just sweep under
the carpet.
It is worth noting that neither commit:
2347ca21d657 ("blocklist-helper: Silence a bogus pf warning")
nor this one will be upstreamed, as this is a FreeBSD-specific issue.
PR: 290478
MFC after: 2 days
|
|
bfb202c4554a addresses the CTRL-EVENT-SCAN-FAILED. Upstream d807e289d
caused FreeBSD regression in driver_bsd.c, which this rc.d patch
worked around. As of bfb202c4554a this workaround is no longer needed.
052211e08c0e implemented this change for wpa_supplicant but not for
hostapd.
Reported by: avg
MFC after: 3 days
|
|
Allow umask to be configurable.
Being able to set the umask via an rc variable is useful when setting:
security.bsd.unprivileged_read_msgbuf=0
As it allows a user to configure:
dmesg_umask="066"
Without modifying the rc script, and preventing the contents of the
$dmesg_file (/var/run/dmesg.boot) from being publicly readable.
PR: 272552
Reviewed by: netchild
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53169
|
|
Reviewed by: emaste
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53168
|
