diff options
| author | Simon J. Gerraty <sjg@FreeBSD.org> | 2014-04-28 07:50:45 +0000 |
|---|---|---|
| committer | Simon J. Gerraty <sjg@FreeBSD.org> | 2014-04-28 07:50:45 +0000 |
| commit | 3b8f08459569bf0faa21473e5cec2491e95c9349 (patch) | |
| tree | 80f45dd81ca716bcd7ca9674581e1fc40b93cd34 /etc | |
| parent | 9d2ab4a62d6733c45958627ac113bdbd818d1e2a (diff) | |
| parent | b2ba55951383498f252746f618d513139da06e8e (diff) | |
| download | src-test2-3b8f08459569bf0faa21473e5cec2491e95c9349.tar.gz src-test2-3b8f08459569bf0faa21473e5cec2491e95c9349.zip | |
Notes
Diffstat (limited to 'etc')
88 files changed, 1542 insertions, 1594 deletions
diff --git a/etc/Makefile b/etc/Makefile index 1d145c192ec0..0909b8bfbd58 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -7,6 +7,10 @@ SUBDIR= sendmail .endif +.if ${MK_TESTS} != "no" +SUBDIR+=tests +.endif + BIN1= crontab \ devd.conf \ devfs.conf \ @@ -139,6 +143,9 @@ BIN1+= regdomain.xml BIN2= netstart pccard_ether rc.suspend rc.resume MTREE= BSD.include.dist BSD.root.dist BSD.usr.dist BSD.var.dist +.if ${MK_TESTS} != "no" +MTREE+= BSD.tests.dist +.endif .if ${MK_SENDMAIL} != "no" MTREE+= BSD.sendmail.dist .endif @@ -215,16 +222,20 @@ distribution: echo "./etc/spwd.db type=file mode=0600 uname=root gname=wheel"; \ ) | ${METALOG.add} .endif -.if ${MK_ATF} != "no" - ${_+_}cd ${.CURDIR}/atf; ${MAKE} install -.endif .if ${MK_BLUETOOTH} != "no" ${_+_}cd ${.CURDIR}/bluetooth; ${MAKE} install .endif +.if ${MK_CASPER} != "no" + ${_+_}cd ${.CURDIR}/casper; ${MAKE} install +.endif ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install ${_+_}cd ${.CURDIR}/devd; ${MAKE} install +.if ${MK_DMAGENT} != "no" + ${_+_}cd ${.CURDIR}/dma; ${MAKE} install +.endif ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install + ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap @@ -326,6 +337,9 @@ MTREES+= mtree/BSD.debug.dist /usr/lib .if ${MK_GROFF} != "no" MTREES+= mtree/BSD.groff.dist /usr .endif +.if ${MK_TESTS} != "no" +MTREES+= mtree/BSD.tests.dist /usr +.endif .if ${MK_SENDMAIL} != "no" MTREES+= mtree/BSD.sendmail.dist / .endif diff --git a/etc/atf/FreeBSD.conf b/etc/atf/FreeBSD.conf deleted file mode 100644 index e90a6dc51be3..000000000000 --- a/etc/atf/FreeBSD.conf +++ /dev/null @@ -1,12 +0,0 @@ -Content-Type: application/X-atf-config; version="1" - -# $FreeBSD$ -# -# Configuration file for the FreeBSD test suite. -# -# See atf-formats(5) for details on the syntax of this file and tests(7) for -# details on the FreeBSD test suite. -# - -#variable1 = value1 -#variable2 = value2 diff --git a/etc/atf/Makefile b/etc/atf/Makefile deleted file mode 100644 index 5eaa8303bf9a..000000000000 --- a/etc/atf/Makefile +++ /dev/null @@ -1,39 +0,0 @@ -#- -# Copyright (c) 2011 Google, Inc. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ - -ATF= ${.CURDIR}/../../contrib/atf - -.PATH: ${ATF}/atf-run/sample - -NO_OBJ= - -FILESGROUPS= ETC - -ETCDIR= /etc/atf -ETC= FreeBSD.conf atf-run.hooks common.conf - -.include <bsd.prog.mk> diff --git a/etc/atf/common.conf b/etc/atf/common.conf deleted file mode 100644 index 392b57b0af62..000000000000 --- a/etc/atf/common.conf +++ /dev/null @@ -1,12 +0,0 @@ -Content-Type: application/X-atf-config; version="1" - -# $FreeBSD$ -# -# Sample configuration file for properties affecting all test suites. -# - -# When running the test suite as root, some tests require to switch to -# an unprivileged user to perform extra checks. Set this variable to -# the user you want to use in those cases. If not set, those tests will -# be skipped. -unprivileged-user = "_atf" diff --git a/etc/casper/Makefile b/etc/casper/Makefile new file mode 100644 index 000000000000..d1cd9f4da4a4 --- /dev/null +++ b/etc/casper/Makefile @@ -0,0 +1,12 @@ +# $FreeBSD$ + +FILES= system.dns +FILES+= system.grp +FILES+= system.pwd +FILES+= system.random +FILES+= system.sysctl + +NO_OBJ= +FILESDIR= /etc/casper + +.include <bsd.prog.mk> diff --git a/etc/casper/system.dns b/etc/casper/system.dns new file mode 100644 index 000000000000..b3c1ca069224 --- /dev/null +++ b/etc/casper/system.dns @@ -0,0 +1 @@ +/libexec/casper/dns diff --git a/etc/casper/system.grp b/etc/casper/system.grp new file mode 100644 index 000000000000..32eea2ca1d1f --- /dev/null +++ b/etc/casper/system.grp @@ -0,0 +1 @@ +/libexec/casper/grp diff --git a/etc/casper/system.pwd b/etc/casper/system.pwd new file mode 100644 index 000000000000..a5f7c2529a3b --- /dev/null +++ b/etc/casper/system.pwd @@ -0,0 +1 @@ +/libexec/casper/pwd diff --git a/etc/casper/system.random b/etc/casper/system.random new file mode 100644 index 000000000000..ac98b356b1c6 --- /dev/null +++ b/etc/casper/system.random @@ -0,0 +1 @@ +/libexec/casper/random diff --git a/etc/casper/system.sysctl b/etc/casper/system.sysctl new file mode 100644 index 000000000000..9f80c5d8b539 --- /dev/null +++ b/etc/casper/system.sysctl @@ -0,0 +1 @@ +/libexec/casper/sysctl diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 9078577930aa..8520fc5bbf35 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -137,17 +137,9 @@ daily_status_mail_rejects_enable="YES" # Check mail rejects daily_status_mail_rejects_logs=3 # How many logs to check daily_status_mail_rejects_shorten="NO" # Shorten output -# 470.status-named -daily_status_named_enable="YES" -daily_status_named_usedns="YES" # DNS lookups are ok - # 480.status-ntpd daily_status_ntpd_enable="NO" # Check NTP status -# 490.status-pkg-changes -daily_status_pkg_changes_enable="NO" # Show package changes -pkg_info="pkg_info" # Use this program - # 500.queuerun daily_queuerun_enable="YES" # Run mail queue daily_submit_queuerun="YES" # Also submit queue @@ -187,11 +179,6 @@ weekly_catman_enable="NO" # Preformat man pages weekly_noid_enable="NO" # Find unowned files weekly_noid_dirs="/" # Look here -# 400.status-pkg -weekly_status_pkg_enable="NO" # Find out-of-date pkgs -pkg_version=pkg_version # Use this program -pkg_version_index=/usr/ports/INDEX-11 # Use this index file - # 450.status-security weekly_status_security_enable="YES" # Security check # See also "Security options" above for more options @@ -319,7 +306,7 @@ if [ -z "${source_periodic_confs_defined}" ]; then security_daily_compat_var() { local var=$1 dailyvar value - dailyvar=daily_status_security${#status_security} + dailyvar=daily_status_security${var#security_status} periodvar=${var%enable}period eval value=\"\$$dailyvar\" [ -z "$value" ] && return @@ -331,7 +318,7 @@ if [ -z "${source_periodic_confs_defined}" ]; then $periodvar=daily ;; *) - $var="$value" + eval $var=\"$value\" ;; esac } diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index b7a9a0e739f0..0d4b7428f7ea 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -212,7 +212,6 @@ cloned_interfaces="" # List of cloned network interfaces to create. #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. #ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. -#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. #ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry #ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. @@ -235,10 +234,6 @@ gif_interfaces="" # List of GIF tunnels. # Choose correct tunnel addrs. #gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router. #gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router. -fec_interfaces="" # List of Fast EtherChannels. -#fec_interfaces="fec0 fec1" -#fecconfig_fec0="fxp0 dc0" # Examples typically for two NICs -#fecconfig_fec1="em0 em1 bge0 bge1" # Examples typically for four NICs # User ppp configuration. ppp_enable="NO" # Start user-ppp (or NO). @@ -260,6 +255,7 @@ hostapd_enable="NO" # Run hostap daemon. syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. syslogd_flags="-s" # Flags to syslogd (if enabled). +altlog_proglist="" # List of chrooted applicatioins in /var inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. inetd_flags="-wW -C 60" # Optional flags to inetd @@ -271,23 +267,6 @@ hastd_program="/sbin/hastd" # path to hastd, if you want a different one. hastd_flags="" # Optional flags to hastd. ctld_enable="NO" # CAM Target Layer / iSCSI target daemon. local_unbound_enable="NO" # local caching resolver -# -# named. It may be possible to run named in a sandbox, man security for -# details. -# -named_enable="NO" # Run named, the DNS server (or NO). -named_program="/usr/sbin/named" # Path to named, if you want a different one. -named_conf="/etc/namedb/named.conf" # Path to the configuration file -#named_flags="" # Use this for flags OTHER than -u and -c -named_uid="bind" # User to run named as -named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) -named_chroot_autoupdate="YES" # Automatically install/update chrooted - # components of named. See /etc/rc.d/named. -named_symlink_enable="YES" # Symlink the chrooted pid file -named_wait="NO" # Wait for working name service before exiting -named_wait_host="localhost" # Hostname to check if named_wait is enabled -named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf -named_auto_forward_only="NO" # Do "forward only" instead of "forward first" # # kerberos. Do not run the admin daemons on slave servers @@ -331,7 +310,7 @@ nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_access_cache="60" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). oldnfs_server_enable="NO" # Run the old NFS server (YES/NO). -nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). +nfs_server_flags="-u -t" # Flags to nfsd (if enabled). mountd_enable="NO" # Run mountd (or NO). mountd_flags="-r" # Flags to mountd (if NFS server enabled). weak_mountd_authentication="NO" # Allow non-root mount requests to be served. @@ -402,9 +381,6 @@ mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast # install it from package or # port. mrouted_flags="" # Flags for multicast routing daemon. -ipxgateway_enable="NO" # Set to YES to enable IPX routing. -ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. -ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us @@ -573,6 +549,8 @@ sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file sendmail_procname="/usr/sbin/sendmail" # sendmail process name sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) +sendmail_cert_create="YES" # Create a server certificate if none (YES/NO) +#sendmail_cert_cn="CN" # CN of the generate certificate sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" # Flags for localhost-only MTA @@ -619,6 +597,9 @@ quotacheck_flags="-a" # Check all file system quotas (if enabled) accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO). +firstboot_sentinel="/firstboot" # Scripts with "firstboot" keyword are run if + # this file exists. Should be on a R/W filesystem so + # the file can be deleted after the boot completes. # Emulation/compatibility services provided by /etc/rc.d/abi sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO). @@ -651,6 +632,7 @@ entropy_save_num="8" # Number of entropy cache files to save. harvest_interrupt="YES" # Entropy device harvests interrupt randomness harvest_ethernet="YES" # Entropy device harvests ethernet randomness harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness +harvest_swi="YES" # Entropy device harvests internal SWI randomness dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) @@ -672,6 +654,11 @@ newsyslog_enable="YES" # Run newsyslog at startup. newsyslog_flags="-CN" # Newsyslog flags to create marked files mixer_enable="YES" # Run the sound mixer. opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off +casperd_enable="YES" # casperd(8) daemon + +# rctl(8) requires kernel options RACCT and RCTL +rctl_enable="NO" # Load rctl(8) rules on boot +rctl_rules="/etc/rctl.conf" # rctl(8) ruleset. See rctl.conf(5). ############################################################## ### Jail Configuration (see rc.conf(5) manual page) ########## diff --git a/etc/devd.conf b/etc/devd.conf index 5339bae18a2a..12f6931d48ed 100644 --- a/etc/devd.conf +++ b/etc/devd.conf @@ -119,6 +119,15 @@ notify 100 { match "system" "DEVFS"; match "subsystem" "CDEV"; match "type" "CREATE"; + match "cdev" "atp[0-9]+"; + + action "/etc/rc.d/moused quietstart $cdev"; +}; + +notify 100 { + match "system" "DEVFS"; + match "subsystem" "CDEV"; + match "type" "CREATE"; match "cdev" "ums[0-9]+"; action "/etc/rc.d/moused quietstart $cdev"; @@ -127,6 +136,15 @@ notify 100 { notify 100 { match "system" "DEVFS"; match "subsystem" "CDEV"; + match "type" "CREATE"; + match "cdev" "wsp[0-9]+"; + + action "/etc/rc.d/moused quietstart $cdev"; +}; + +notify 100 { + match "system" "DEVFS"; + match "subsystem" "CDEV"; match "type" "DESTROY"; match "cdev" "ums[0-9]+"; @@ -228,37 +246,6 @@ notify 10 { action "logger -p kern.emerg 'WARNING: system temperature too high, shutting down soon!'"; }; -# Sample ZFS problem reports handling. -notify 10 { - match "system" "ZFS"; - match "type" "zpool"; - action "logger -p kern.err 'ZFS: failed to load zpool $pool'"; -}; - -notify 10 { - match "system" "ZFS"; - match "type" "vdev"; - action "logger -p kern.err 'ZFS: vdev failure, zpool=$pool type=$type'"; -}; - -notify 10 { - match "system" "ZFS"; - match "type" "data"; - action "logger -p kern.warn 'ZFS: zpool I/O failure, zpool=$pool error=$zio_err'"; -}; - -notify 10 { - match "system" "ZFS"; - match "type" "io"; - action "logger -p kern.warn 'ZFS: vdev I/O failure, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size error=$zio_err'"; -}; - -notify 10 { - match "system" "ZFS"; - match "type" "checksum"; - action "logger -p kern.warn 'ZFS: checksum mismatch, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size'"; -}; - # User requested suspend, so perform preparation steps and then execute # the actual suspend process. notify 10 { diff --git a/etc/devd/Makefile b/etc/devd/Makefile index 433436b0890c..c744398b84c2 100644 --- a/etc/devd/Makefile +++ b/etc/devd/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -FILES= uath.conf usb.conf +FILES= uath.conf usb.conf zfs.conf .if ${MACHINE} == "powerpc" FILES+= apple.conf diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index 449b20be2a44..c8d252abe387 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -1,7 +1,7 @@ # # $FreeBSD$ # -# This file was automatically generated by "tools/bus_autoconf.sh". +# This file was automatically generated by "tools/tools/bus_autoconf/bus_autoconf.sh". # Please do not edit! # @@ -721,6 +721,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "0x1103"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x1203"; action "kldload -n ubsa"; }; @@ -833,7 +841,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; - match "product" "0x935a"; + match "product" "(0x935a|0x935b)"; action "kldload -n if_run"; }; @@ -1064,6 +1072,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0586"; + match "product" "0x3421"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x058f"; match "product" "0x9720"; action "kldload -n uplcom"; @@ -1081,7 +1097,39 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x05ac"; - match "product" "(0x020d|0x020e|0x020f|0x0215|0x0217|0x0218|0x0219|0x021a|0x021b|0x021c|0x0229|0x022a|0x022b|0x030a|0x030b)"; + match "product" "(0x020d|0x020e|0x020f|0x0215|0x0217|0x0218|0x0219|0x021a|0x021b|0x021c)"; + action "kldload -n atp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x0223|0x0224|0x0225)"; + action "kldload -n wsp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x0229|0x022a|0x022b)"; + action "kldload -n atp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x0230|0x0231|0x0232|0x0236|0x0237|0x0238|0x023f|0x0240|0x0241|0x0242|0x0243|0x0244|0x0245|0x0246|0x0247|0x0249|0x024a|0x024b|0x024c|0x024d|0x024e|0x0252|0x0253|0x0254|0x0259|0x025a|0x025b|0x0262|0x0263|0x0264|0x0290|0x0291|0x0292)"; + action "kldload -n wsp"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x030a|0x030b)"; action "kldload -n atp"; }; @@ -1801,6 +1849,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0846"; + match "product" "0x1100"; + action "kldload -n uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0846"; match "product" "0x4240"; action "kldload -n if_upgt"; }; @@ -2185,7 +2241,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0af0"; - match "product" "(0x7601|0xc031|0xd013|0xd031)"; + match "product" "(0x7601|0x9000|0xc031|0xd013|0xd031)"; action "kldload -n uhso"; }; @@ -2289,7 +2345,15 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; - match "product" "0x17b5"; + match "product" "0x17ad"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "(0x17b5|0x17cb)"; action "kldload -n ng_ubt"; }; @@ -2361,7 +2425,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b95"; - match "product" "(0x1720|0x1780|0x7720|0x772a|0x772b|0x7e2b)"; + match "product" "(0x1720|0x1780)"; + action "kldload -n if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b95"; + match "product" "(0x178a|0x1790)"; + action "kldload -n if_axge"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b95"; + match "product" "(0x7720|0x772a|0x772b|0x7e2b)"; action "kldload -n if_axe"; }; @@ -2433,7 +2513,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; - match "product" "(0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; + match "product" "(0x8176|0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; action "kldload -n if_urtwn"; }; @@ -3104,6 +3184,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0fde"; + match "product" "0xca05"; + action "kldload -n uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0fe6"; match "product" "(0x8101|0x9700)"; action "kldload -n if_udav"; @@ -3265,7 +3353,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x10c4"; - match "product" "(0x8066|0x806f|0x807a|0x80c4|0x80ca|0x80dd|0x80ed|0x80f6|0x8115|0x813d|0x813f|0x814a|0x814a|0x814b|0x8156|0x815e|0x815f|0x818b|0x819f|0x81a6|0x81a9|0x81ac|0x81ad|0x81c8|0x81e2|0x81e7|0x81e8|0x81f2|0x8218|0x822b|0x826b|0x8293|0x82f9|0x8341|0x8382|0x83a8|0x83d8|0x8411|0x8418|0x846e|0x8477|0x85ea|0x85eb|0x8664|0x8665|0xea60|0xea61|0xea70|0xea71|0xea80|0xf001|0xf002|0xf003|0xf004)"; + match "product" "(0x8066|0x806f|0x807a|0x80c4|0x80ca|0x80dd|0x80ed|0x80f6|0x8115|0x813d|0x813f|0x814a|0x814a|0x814b|0x8156|0x815e|0x815f|0x818b|0x819f|0x81a6|0x81a9|0x81ac|0x81ad|0x81c8|0x81e2|0x81e7|0x81e8|0x81f2|0x8218|0x822b|0x826b|0x8293|0x82f9|0x8341|0x8382|0x83a8|0x83d8|0x8411|0x8418|0x846e|0x8477|0x85ea|0x85eb|0x85f8|0x8664|0x8665|0x88a4|0x88a5|0xea60|0xea61|0xea70|0xea71|0xea80|0xf001|0xf002|0xf003|0xf004)"; action "kldload -n uslcom"; }; @@ -3665,7 +3753,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x1410"; - match "product" "(0x1100|0x1110|0x1120|0x1130|0x1400|0x1410|0x1420|0x1430|0x1450|0x2100|0x2110|0x2120|0x2130|0x2400|0x2410|0x2420|0x4100|0x4400|0x5010|0x5041|0x5100|0x6000|0x6002|0x7042)"; + match "product" "(0x1100|0x1110|0x1120|0x1130|0x1400|0x1410|0x1420|0x1430|0x1450|0x2100|0x2110|0x2120|0x2130|0x2400|0x2410|0x2420|0x4100|0x4400|0x5010|0x5020|0x5041|0x5100|0x6000|0x6002|0x7042)"; action "kldload -n u3g"; }; @@ -3777,7 +3865,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x148f"; - match "product" "(0x2770|0x2870|0x3070|0x3071|0x3072|0x3370|0x3572|0x8070)"; + match "product" "(0x2770|0x2870|0x2878|0x3070|0x3071|0x3072|0x3370|0x3572|0x3573|0x5370|0x5572|0x8070)"; action "kldload -n if_run"; }; @@ -4376,6 +4464,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x1adb"; + match "product" "0x0001"; + action "kldload -n uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x1b3d"; match "product" "(0x0100|0x0101|0x0102|0x0103|0x0104|0x0105|0x0106|0x0107|0x0108|0x0109|0x010a|0x010b|0x010c|0x010d|0x010e|0x010f|0x0110|0x0111|0x0112|0x0113|0x0114|0x0115|0x0116|0x0117|0x0118|0x0119|0x011a|0x011b|0x011c|0x011d|0x011e|0x011f|0x0120|0x0121|0x0122|0x0123|0x0124|0x0125|0x0126|0x0128|0x0129|0x012a|0x012b|0x012d|0x012e|0x012f|0x0130|0x0131|0x0132|0x0133|0x0134|0x0135|0x0136|0x0137|0x0138|0x0139|0x013a|0x013b|0x013c|0x013d|0x013e|0x013f|0x0140|0x0141|0x0142|0x0143|0x0144|0x0145|0x0146|0x0147|0x0148|0x0149|0x014a|0x014b|0x014c|0x014d|0x014e|0x014f|0x0150|0x0151|0x0152|0x0153|0x0159|0x015a|0x015b|0x015c|0x015d|0x015e|0x015f|0x0160|0x0161|0x0162|0x0163|0x0164|0x0165|0x0166|0x0167|0x0168|0x0169|0x016a|0x016b|0x016c|0x016d|0x016e|0x016f|0x0170|0x0171|0x0172|0x0173|0x0174|0x0175|0x0176|0x0177|0x0178|0x0179|0x017a|0x017b|0x017c|0x017d|0x017e|0x017f|0x0180|0x0181|0x0182|0x0183|0x0184|0x0185|0x0186|0x0187|0x0188|0x0189|0x018a|0x018b|0x018c|0x018d|0x018e|0x018f|0x0190|0x0191|0x0192|0x0193|0x0194|0x0195|0x0196|0x0197|0x0198|0x0199|0x019a|0x019b|0x019c|0x019d|0x019e|0x019f|0x01a0|0x01a1|0x01a2|0x01a3|0x01a4|0x01a5|0x01a6|0x01a7|0x01a8|0x01a9|0x01aa|0x01ab|0x01ac|0x01ad|0x01ae|0x01af|0x01b0|0x01b1|0x01b2|0x01b3|0x01b4|0x01b5|0x01b6|0x01b7|0x01b8|0x01b9|0x01ba|0x01bb|0x01bc|0x01bd|0x01be|0x01bf|0x01c0|0x01c1|0x01c2|0x01c3|0x01c4|0x01c5|0x01c6|0x01c7|0x01c8|0x01c9|0x01ca|0x01cb|0x01cc|0x01cd|0x01ce|0x01cf|0x01d0|0x01d1|0x01d2|0x01d3|0x01d4|0x01d5|0x01d6|0x01d7|0x01d8|0x01d9|0x01da|0x01db|0x01dc|0x01dd|0x01de|0x01df|0x01e0|0x01e1|0x01e2|0x01e3|0x01e4|0x01e5|0x01e6|0x01e7|0x01e8|0x01e9|0x01ea|0x01eb|0x01ec|0x01ed|0x01ee|0x01ef|0x01f0|0x01f1|0x01f2|0x01f3|0x01f4|0x01f5|0x01f6|0x01f7|0x01f8|0x01f9|0x01fa|0x01fb|0x01fc|0x01fd|0x01fe|0x01ff)"; action "kldload -n uftdi"; @@ -4512,6 +4608,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x1fb9"; + match "product" "(0x0100|0x0200|0x0201|0x0202|0x0203|0x0300|0x0301|0x0302|0x0303|0x0400|0x0401|0x0402|0x0403|0x0404|0x0600|0x0601|0x0602|0x0700|0x0701)"; + action "kldload -n uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x2001"; match "product" "(0x1a00|0x1a02)"; action "kldload -n if_axe"; @@ -4561,7 +4665,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; - match "product" "(0x3c09|0x3c0a)"; + match "product" "(0x3c09|0x3c0a|0x3c15|0x3c1a|0x3c1b|0x3c1f)"; action "kldload -n if_run"; }; @@ -4768,6 +4872,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x2405"; + match "product" "0x0003"; + action "kldload -n uslcom"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x2478"; match "product" "0x2008"; action "kldload -n uplcom"; @@ -4985,7 +5097,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x7392"; - match "product" "(0x7711|0x7717|0x7718)"; + match "product" "(0x7711|0x7717|0x7718|0x7733)"; action "kldload -n if_run"; }; @@ -5122,6 +5234,15 @@ nomatch 32 { match "mode" "host"; match "intclass" "0x02"; match "intsubclass" "0x02"; + match "intprotocol" "0x00"; + action "kldload -n umodem"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0x02"; + match "intsubclass" "0x02"; match "intprotocol" "0x01"; action "kldload -n umodem"; }; @@ -5192,6 +5313,24 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "intclass" "0xe0"; + match "intsubclass" "0x01"; + match "intprotocol" "0x03"; + action "kldload -n if_urndis"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0xef"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload -n if_urndis"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "intclass" "0xff"; match "intsubclass" "0x5d"; match "intprotocol" "0x01"; @@ -5260,5 +5399,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2537 USB entries processed +# 2621 USB entries processed diff --git a/etc/devd/zfs.conf b/etc/devd/zfs.conf new file mode 100644 index 000000000000..a9061ccdacd4 --- /dev/null +++ b/etc/devd/zfs.conf @@ -0,0 +1,77 @@ +# $FreeBSD$ +# +# Sample ZFS problem reports handling. + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.checksum"; + action "logger -p kern.warn -t ZFS 'checksum mismatch, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.io"; + action "logger -p kern.warn -t ZFS 'vdev I/O failure, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size error=$zio_err'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.data"; + action "logger -p kern.warn -t ZFS 'pool I/O failure, zpool=$pool error=$zio_err'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.zpool"; + action "logger -p kern.err -t ZFS 'failed to load zpool $pool'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.vdev\..*"; + action "logger -p kern.err -t ZFS 'vdev problem, zpool=$pool path=$vdev_path type=$type'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.io_failure"; + action "logger -p kern.alert -t ZFS 'catastrophic pool I/O failure, zpool=$pool'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.probe_failure"; + action "logger -p kern.err -t ZFS 'vdev probe failure, zpool=$pool path=$vdev_path'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.log_replay"; + action "logger -p kern.err -t ZFS 'pool log replay failure, zpool=$pool'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "fs.zfs.config_cache_write"; + action "logger -p kern.warn -t ZFS 'failed to write zpool.cache, zpool=$pool'"; +}; + + +notify 10 { + match "system" "ZFS"; + match "type" "resource.fs.zfs.removed"; + action "logger -p kern.notice -t ZFS 'vdev is removed, pool_guid=$pool_guid vdev_guid=$vdev_guid'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "resource.fs.zfs.autoreplace"; + action "logger -p kern.info -t ZFS 'autoreplace is configured for vdev, pool_guid=$pool_guid vdev_guid=$vdev_guid'"; +}; + +notify 10 { + match "system" "ZFS"; + match "type" "resource.fs.zfs.statechange"; + action "logger -p kern.notice -t ZFS 'vdev state changed, pool_guid=$pool_guid vdev_guid=$vdev_guid'"; +}; + diff --git a/etc/dma/Makefile b/etc/dma/Makefile new file mode 100644 index 000000000000..0544f6f8f0a7 --- /dev/null +++ b/etc/dma/Makefile @@ -0,0 +1,8 @@ +# $FreeBSD$ + +FILES= dma.conf + +NO_OBJ= +FILESDIR= /etc/dma + +.include <bsd.prog.mk> diff --git a/etc/dma/dma.conf b/etc/dma/dma.conf new file mode 100644 index 000000000000..2f50a4e98d95 --- /dev/null +++ b/etc/dma/dma.conf @@ -0,0 +1,64 @@ +# $FreeBSD$ +# +# Your smarthost (also called relayhost). Leave blank if you don't want +# smarthost support. +#SMARTHOST + +# Use this SMTP port. Most users will be fine with the default (25) +#PORT 25 + +# Path to your alias file. Just stay with the default. +#ALIASES /etc/aliases + +# Path to your spooldir. Just stay with the default. +#SPOOLDIR /var/spool/dma + +# SMTP authentication +#AUTHPATH /etc/dma/auth.conf + +# Uncomment if yout want TLS/SSL support +#SECURETRANSFER + +# Uncomment if you want STARTTLS support (only used in combination with +# SECURETRANSFER) +#STARTTLS + +# Uncomment if you have specified STARTTLS above and it should be allowed +# to fail ("opportunistic TLS", use an encrypted connection when available +# but allow an unencrypted one to servers that do not support it) +#OPPORTUNISTIC_TLS + +# Path to your local SSL certificate +#CERTFILE + +# If you want to use plain text SMTP login without using encryption, change +# the SECURE entry below to INSECURE. Otherwise plain login will only work +# over a secure connection. Use this option with caution. +#SECURE + +# Uncomment if you want to defer your mails. This is useful if you are +# behind a dialup line. You have to submit your mails manually with dma -q +#DEFER + +# Uncomment if you want the bounce message to include the complete original +# message, not just the headers. +#FULLBOUNCE + +# The internet hostname dma uses to identify the host. +# If not set or empty, the result of gethostname(2) is used. +# If MAILNAME is an absolute path to a file, the first line of this file +# will be used as the hostname. +#MAILNAME mail.example.net + +# Masquerade envelope from addresses with this address/hostname. +# Use this if mails are not accepted by destination mail servers because +# your sender domain is invalid. +# By default, MASQUERADE is not set. +# Format: MASQUERADE [user@][host] +# Examples: +# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet +# MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator +# MASQUERADE herb@ert will send all mails as herb@ert + +# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery +#NULLCLIENT diff --git a/etc/etc.arm/ttys b/etc/etc.arm/ttys index b6fd9edc7486..ba410b707c1c 100644 --- a/etc/etc.arm/ttys +++ b/etc/etc.arm/ttys @@ -41,7 +41,7 @@ ttyv7 "/usr/libexec/getty Pc" xterm off secure #ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. -ttyu0 "/usr/libexec/getty std.9600" vt100 on secure +ttyu0 "/usr/libexec/getty 3wire" vt100 on secure ttyu1 "/usr/libexec/getty std.9600" dialup off secure ttyu2 "/usr/libexec/getty std.9600" dialup off secure ttyu3 "/usr/libexec/getty std.9600" dialup off secure diff --git a/etc/etc.ia64/ttys b/etc/etc.ia64/ttys index 2da34615b0fa..6ddc77759cac 100644 --- a/etc/etc.ia64/ttys +++ b/etc/etc.ia64/ttys @@ -41,8 +41,8 @@ ttyv7 "/usr/libexec/getty Pc" xterm off secure ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure # Serial terminals. The 'dialup' keyword identifies dialin lines to login, # fingerd etc. -ttyu0 "/usr/libexec/getty std.9600" vt100 on secure -ttyu1 "/usr/libexec/getty std.9600" dialup off secure +ttyu0 "/usr/libexec/getty 3wire" vt100 on secure +ttyu1 "/usr/libexec/getty 3wire" vt100 on secure ttyu2 "/usr/libexec/getty std.9600" dialup off secure ttyu3 "/usr/libexec/getty std.9600" dialup off secure # Dumb console diff --git a/etc/etc.mips/ttys b/etc/etc.mips/ttys index 2fbeae5282f1..a07cbc282cdb 100644 --- a/etc/etc.mips/ttys +++ b/etc/etc.mips/ttys @@ -30,7 +30,7 @@ console none unknown off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. -ttyu0 "/usr/libexec/getty std.115200" dialup on secure +ttyu0 "/usr/libexec/getty 3wire" vt100 on secure ttyu1 "/usr/libexec/getty std.115200" dialup off secure ttyu2 "/usr/libexec/getty std.115200" dialup off secure ttyu3 "/usr/libexec/getty std.115200" dialup off secure diff --git a/etc/etc.powerpc/ttys b/etc/etc.powerpc/ttys index 51a802c113d8..793a155b6358 100644 --- a/etc/etc.powerpc/ttys +++ b/etc/etc.powerpc/ttys @@ -41,7 +41,7 @@ ttyv7 "/usr/libexec/getty Pc" xterm on secure #ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. -ttyu0 "/usr/libexec/getty std.9600" vt100 on secure +ttyu0 "/usr/libexec/getty 3wire" vt100 on secure ttyu1 "/usr/libexec/getty std.9600" dialup off secure ttyu2 "/usr/libexec/getty std.9600" dialup off secure ttyu3 "/usr/libexec/getty std.9600" dialup off secure diff --git a/etc/etc.sparc64/ttys b/etc/etc.sparc64/ttys index fccc6bde3c89..c3fa95f9ad57 100644 --- a/etc/etc.sparc64/ttys +++ b/etc/etc.sparc64/ttys @@ -46,9 +46,9 @@ ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. # uart(4) -ttyu0 "/usr/libexec/getty std.9600" vt100 on secure -ttyu1 "/usr/libexec/getty std.9600" vt100 on secure -ttyu2 "/usr/libexec/getty std.9600" vt100 on secure +ttyu0 "/usr/libexec/getty 3wire" vt100 on secure +ttyu1 "/usr/libexec/getty 3wire" vt100 on secure +ttyu2 "/usr/libexec/getty 3wire" vt100 on secure ttyu3 "/usr/libexec/getty std.9600" vt100 off secure # Dumb console dcons "/usr/libexec/getty std.9600" vt100 off secure diff --git a/etc/freebsd-update.conf b/etc/freebsd-update.conf index 44109034b007..7f0917053750 100644 --- a/etc/freebsd-update.conf +++ b/etc/freebsd-update.conf @@ -35,7 +35,7 @@ UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile # When upgrading to a new FreeBSD release, files which match MergeChanges # will have any local changes merged into the version from the new release. -MergeChanges /etc/ /var/named/etc/ /boot/device.hints +MergeChanges /etc/ /boot/device.hints ### Default configuration options: diff --git a/etc/ftpusers b/etc/ftpusers index da896230a1ee..e56e44ffdd7c 100644 --- a/etc/ftpusers +++ b/etc/ftpusers @@ -15,7 +15,6 @@ man sshd smmsp mailnull -_atf bind unbound proxy diff --git a/etc/gettytab b/etc/gettytab index a5100a5ebcc3..2dbd1f7f4518 100644 --- a/etc/gettytab +++ b/etc/gettytab @@ -49,6 +49,8 @@ default:\ # autobaud code in getty, and likewise can # be assigned to any table desired (hopefully the same speed). # +std:\ + :np:sp#0: a|std.110|110-baud:\ :np:nd#1:cd#1:uc:sp#110: b|std.134|134.5-baud:\ @@ -214,11 +216,15 @@ al.115200:\ :al=root:tc=std.115200: al.230400:\ :al=root:tc=std.230400: +al.Pc:\ + :al=root:tc=Pc # # Entries for 3-wire serial terminals. These don't supply carrier, so # clocal needs to be set, and crtscts needs to be unset. # +3wire:\ + :np:nc:sp#0: 3wire.9600|9600-3wire:\ :np:nc:sp#9600: 3wire.19200|19200-3wire:\ diff --git a/etc/group b/etc/group index 72b1ec4f9419..5918ac1adb01 100644 --- a/etc/group +++ b/etc/group @@ -16,7 +16,6 @@ staff:*:20: sshd:*:22: smmsp:*:25: mailnull:*:26: -_atf:*:27: guest:*:31: bind:*:53: unbound:*:59: diff --git a/etc/hosts.allow b/etc/hosts.allow index 96e0b67aba11..95286d75cc7f 100644 --- a/etc/hosts.allow +++ b/etc/hosts.allow @@ -60,6 +60,7 @@ exim : localhost : allow exim : ALL : allow # Rpcbind is used for all RPC services; protect your NFS! +# Rpcbind should be running with -W option to support this. # (IP addresses rather than hostnames *MUST* be used here) #rpcbind : 192.0.2.32/255.255.255.224 : allow #rpcbind : 192.0.2.96/255.255.255.224 : allow diff --git a/etc/login.conf b/etc/login.conf index 67509f93ea0f..ff98d1ce5beb 100644 --- a/etc/login.conf +++ b/etc/login.conf @@ -42,6 +42,7 @@ default:\ :vmemoryuse=unlimited:\ :swapuse=unlimited:\ :pseudoterminals=unlimited:\ + :kqueues=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022: diff --git a/etc/master.passwd b/etc/master.passwd index 758547113bd6..af096dda4232 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -13,7 +13,6 @@ man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin -_atf:*:27:27::0:0:& pseudo-user:/nonexistent:/usr/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin unbound:*:59:59::0:0:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 76cdf9488d44..9394a4bed7ee 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -9,10 +9,6 @@ .. arpa .. - atf-c - .. - atf-c++ - .. bsm .. bsnmp @@ -81,6 +77,8 @@ .. .. v1 + experimental + .. ext .. tr1 @@ -94,7 +92,7 @@ .. .. clang - 3.3 + 3.4 .. .. crypto @@ -259,8 +257,6 @@ .. net80211 .. - netatalk - .. netgraph atm .. @@ -277,8 +273,6 @@ .. netipsec .. - netipx - .. netnatm api .. @@ -289,6 +283,10 @@ sig .. .. + netpfil + pf + .. + .. netsmb .. nfs @@ -329,6 +327,8 @@ .. sys .. + teken + .. ufs ffs .. diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist index 352ac216803f..d1617c645a6c 100644 --- a/etc/mtree/BSD.root.dist +++ b/etc/mtree/BSD.root.dist @@ -24,14 +24,16 @@ etc X11 .. - atf - .. bluetooth .. + casper + .. defaults .. devd .. + dma + .. gnats .. gss @@ -54,6 +56,8 @@ weekly .. .. + pkg + .. ppp .. rc.d @@ -74,6 +78,8 @@ .. .. libexec + casper + .. resolvconf .. .. diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist new file mode 100644 index 000000000000..4cc3f87b41eb --- /dev/null +++ b/etc/mtree/BSD.tests.dist @@ -0,0 +1,278 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + include + atf-c + .. + atf-c++ + .. + .. + share + aclocal + .. + atf + .. + doc + atf + .. + .. + .. + tests + bin + date + .. + mv + .. + pax + .. + pkill + .. + sh + builtins + .. + errors + .. + execution + .. + expansion + .. + parameters + .. + parser + .. + set-e + .. + .. + test + .. + .. + cddl + lib + .. + sbin + .. + usr.bin + .. + usr.sbin + .. + .. + etc + .. + games + .. + gnu + lib + .. + usr.bin + .. + .. + lib + atf + libatf-c + detail + .. + .. + libatf-c++ + detail + .. + .. + test-programs + .. + .. + libcrypt + .. + .. + libexec + atf + atf-check + .. + .. + .. + sbin + dhclient + .. + growfs + .. + ifconfig + .. + mdconfig + .. + .. + secure + lib + .. + libexec + .. + usr.bin + .. + usr.sbin + .. + .. + share + examples + tests + atf + .. + plain + .. + .. + .. + .. + sys + kern + .. + netinet + .. + .. + usr.bin + apply + .. + atf + atf-sh + .. + .. + calendar + .. + comm + .. + file2c + .. + join + .. + jot + .. + lastcomm + .. + m4 + .. + make + archives + fmt_44bsd + .. + fmt_44bsd_mod + .. + fmt_oldbsd + .. + .. + basic + t0 + .. + t1 + .. + t2 + .. + t3 + .. + .. + execution + ellipsis + .. + empty + .. + joberr + .. + plus + .. + .. + shell + builtin + .. + meta + .. + path + .. + path_select + .. + replace + .. + select + .. + .. + suffixes + basic + .. + src_wild1 + .. + src_wild2 + .. + .. + syntax + directive-t0 + .. + enl + .. + funny-targets + .. + semi + .. + .. + sysmk + t0 + 2 + 1 + .. + .. + mk + .. + .. + t1 + 2 + 1 + .. + .. + mk + .. + .. + t2 + 2 + 1 + .. + .. + mk + .. + .. + .. + variables + modifier_M + .. + modifier_t + .. + opt_V + .. + t0 + .. + .. + .. + ncal + .. + printf + .. + sed + regress.multitest.out + .. + .. + tr + .. + uudecode + .. + uuencode + .. + xargs + .. + yacc + .. + .. + usr.sbin + etcupdate + .. + newsyslog + .. + sa + .. + .. + .. +.. diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index c06d3e1af678..ff8b96faae57 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -120,8 +120,6 @@ sbin .. share - atf - .. bsdconfig media .. @@ -165,16 +163,8 @@ doc IPv6 .. - atf - .. atm .. - bind9 - arm - .. - misc - .. - .. legal intel_ipw .. @@ -299,8 +289,6 @@ .. IPv6 .. - atf - .. bhyve .. bootforth @@ -313,6 +301,8 @@ .. diskless .. + dma + .. drivers .. etc @@ -333,8 +323,6 @@ .. ipfw .. - iscsi - .. jails .. kld @@ -368,8 +356,6 @@ mdoc .. netgraph - bluetooth - .. .. pc-sysinstall .. @@ -490,6 +476,14 @@ .. info .. + keys + pkg + revoked + .. + trusted + .. + .. + .. locale UTF-8 .. @@ -1410,14 +1404,6 @@ catalog .. .. - xml - atf - .. - .. - xsl - atf - .. - .. zoneinfo Africa .. @@ -1455,6 +1441,4 @@ .. src nochange .. - tests - .. .. diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index f4faeed7a0a7..67c7b016a9df 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -28,7 +28,7 @@ /set gname=wheel backups .. - cache + cache mode=0755 .. crash .. @@ -74,6 +74,8 @@ rwho gname=daemon mode=0775 .. spool + dma uname=root gname=mail mode=0770 + .. lock uname=uucp gname=dialer mode=0775 .. /set gname=daemon diff --git a/etc/mtree/Makefile b/etc/mtree/Makefile index 3228c6c242ed..f24867b8ecf8 100644 --- a/etc/mtree/Makefile +++ b/etc/mtree/Makefile @@ -6,6 +6,7 @@ FILES= ${_BSD.debug.dist} \ BSD.include.dist \ BSD.root.dist \ ${_BSD.sendmail.dist} \ + ${_BSD.tests.dist} \ BSD.usr.dist \ BSD.var.dist @@ -18,6 +19,9 @@ _BSD.groff.dist= BSD.groff.dist .if ${MK_SENDMAIL} != "no" _BSD.sendmail.dist= BSD.sendmail.dist .endif +.if ${MK_TESTS} != "no" +_BSD.tests.dist= BSD.tests.dist +.endif NO_OBJ= FILESDIR= /etc/mtree diff --git a/etc/namedb/Makefile b/etc/namedb/Makefile deleted file mode 100644 index 3a5e1f699a23..000000000000 --- a/etc/namedb/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $FreeBSD$ - -SUBDIR= master - -FILES= named.conf named.root - -NO_OBJ= -FILESDIR= /etc/namedb -FILESMODE= 644 - -.include <bsd.prog.mk> diff --git a/etc/namedb/master/Makefile b/etc/namedb/master/Makefile deleted file mode 100644 index 7907bf3bb5c1..000000000000 --- a/etc/namedb/master/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $FreeBSD$ - -FILES= empty.db localhost-forward.db localhost-reverse.db - -NO_OBJ= -FILESDIR= /etc/namedb/master -FILESMODE= 644 - -.include <bsd.prog.mk> diff --git a/etc/namedb/master/empty.db b/etc/namedb/master/empty.db deleted file mode 100644 index 070f6634825a..000000000000 --- a/etc/namedb/master/empty.db +++ /dev/null @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA @ nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - -@ NS @ - -; Silence a BIND warning -@ A 127.0.0.1 diff --git a/etc/namedb/master/localhost-forward.db b/etc/namedb/master/localhost-forward.db deleted file mode 100644 index 9156d2f09978..000000000000 --- a/etc/namedb/master/localhost-forward.db +++ /dev/null @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - - A 127.0.0.1 - AAAA ::1 diff --git a/etc/namedb/master/localhost-reverse.db b/etc/namedb/master/localhost-reverse.db deleted file mode 100644 index ceabe059ba77..000000000000 --- a/etc/namedb/master/localhost-reverse.db +++ /dev/null @@ -1,13 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - -1.0.0 PTR localhost. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. - diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf deleted file mode 100644 index 5f011062c10a..000000000000 --- a/etc/namedb/named.conf +++ /dev/null @@ -1,360 +0,0 @@ -// $FreeBSD$ -// -// Refer to the named.conf(5) and named(8) man pages, and the documentation -// in /usr/share/doc/bind9 for more details. -// -// If you are going to set up an authoritative server, make sure you -// understand the hairy details of how DNS works. Even with -// simple mistakes, you can break connectivity for affected parties, -// or cause huge amounts of useless Internet traffic. - -options { - // All file and path names are relative to the chroot directory, - // if any, and should be fully qualified. - directory "/etc/namedb/working"; - pid-file "/var/run/named/pid"; - dump-file "/var/dump/named_dump.db"; - statistics-file "/var/stats/named.stats"; - -// If named is being used only as a local resolver, this is a safe default. -// For named to be accessible to the network, comment this option, specify -// the proper IP address, or delete this option. - listen-on { 127.0.0.1; }; - -// If you have IPv6 enabled on this system, uncomment this option for -// use as a local resolver. To give access to the network, specify -// an IPv6 address, or the keyword "any". -// listen-on-v6 { ::1; }; - -// These zones are already covered by the empty zones listed below. -// If you remove the related empty zones below, comment these lines out. - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - -// If you've got a DNS server around at your upstream provider, enter -// its IP address here, and enable the line below. This will make you -// benefit from its cache, thus reduce overall DNS traffic in the Internet. -/* - forwarders { - 127.0.0.1; - }; -*/ - -// If the 'forwarders' clause is not empty the default is to 'forward first' -// which will fall back to sending a query from your local server if the name -// servers in 'forwarders' do not have the answer. Alternatively you can -// force your name server to never initiate queries of its own by enabling the -// following line: -// forward only; - -// If you wish to have forwarding configured automatically based on -// the entries in /etc/resolv.conf, uncomment the following line and -// set named_auto_forward=yes in /etc/rc.conf. You can also enable -// named_auto_forward_only (the effect of which is described above). -// include "/etc/namedb/auto_forward.conf"; - - /* - Modern versions of BIND use a random UDP port for each outgoing - query by default in order to dramatically reduce the possibility - of cache poisoning. All users are strongly encouraged to utilize - this feature, and to configure their firewalls to accommodate it. - - AS A LAST RESORT in order to get around a restrictive firewall - policy you can try enabling the option below. Use of this option - will significantly reduce your ability to withstand cache poisoning - attacks, and should be avoided if at all possible. - - Replace NNNNN in the example with a number between 49160 and 65530. - */ - // query-source address * port NNNNN; -}; - -// If you enable a local name server, don't forget to enter 127.0.0.1 -// first in your /etc/resolv.conf so this server will be queried. -// Also, make sure to enable it in /etc/rc.conf. - -// The traditional root hints mechanism. Use this, OR the slave zones below. -zone "." { type hint; file "/etc/namedb/named.root"; }; - -/* Slaving the following zones from the root name servers has some - significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots - 3. Greater resilience to any potential root server failure/DDoS - - On the other hand, this method requires more monitoring than the - hints file to be sure that an unexpected failure mode has not - incapacitated your server. Name servers that are serving a lot - of clients will benefit more from this approach than individual - hosts. Use with caution. - - To use this mechanism, uncomment the entries below, and comment - the hint zone above. - - As documented at http://dns.icann.org/services/axfr/ these zones: - "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET - are available for AXFR from these servers on IPv4 and IPv6: - xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org -*/ -/* -zone "." { - type slave; - file "/etc/namedb/slave/root.slave"; - masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - }; - notify no; -}; -zone "arpa" { - type slave; - file "/etc/namedb/slave/arpa.slave"; - masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - }; - notify no; -}; -*/ - -/* Serving the following zones locally will prevent any queries - for these zones leaving your network and going to the root - name servers. This has two significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots -*/ -// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) -zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; }; -zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; -zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// RFC 1912-style zone for IPv6 localhost address (RFC 6303) -zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; - -// "This" Network (RFCs 1912, 5735 and 6303) -zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Private Use Networks (RFCs 1918, 5735 and 6303) -zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Shared Address Space (RFC 6598) -zone "64.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "65.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "66.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "67.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "68.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "69.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "70.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "71.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "72.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "73.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "74.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "75.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "76.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "77.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "78.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "79.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "80.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "81.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "82.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "83.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "84.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "85.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "86.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "87.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "88.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "89.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "90.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "91.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "92.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "93.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "94.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "95.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "96.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "97.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "98.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "99.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "100.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "101.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "102.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "103.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "104.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "105.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "106.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "107.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "108.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "109.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "110.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "111.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "112.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "113.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "114.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "115.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "116.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "117.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "118.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "119.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "120.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "121.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "122.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "123.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "124.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "125.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "126.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "127.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Link-local/APIPA (RFCs 3927, 5735 and 6303) -zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IETF protocol assignments (RFCs 5735 and 5736) -zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) -zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Example Range for Documentation (RFCs 3849 and 6303) -zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// Domain Names for Documentation and Testing (BCP 32) -zone "test" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example" { type master; file "/etc/namedb/master/empty.db"; }; -zone "invalid" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example.com" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example.net" { type master; file "/etc/namedb/master/empty.db"; }; -zone "example.org" { type master; file "/etc/namedb/master/empty.db"; }; - -// Router Benchmark Testing (RFCs 2544 and 5735) -zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IANA Reserved - Old Class E Space (RFC 5735) -zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Unassigned Addresses (RFC 4291) -zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 ULA (RFCs 4193 and 6303) -zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Link Local (RFCs 4291 and 6303) -zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) -zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; - -// IP6.INT is Deprecated (RFC 4159) -zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; }; - -// NB: Do not use the IP addresses below, they are faked, and only -// serve demonstration/documentation purposes! -// -// Example slave zone config entries. It can be convenient to become -// a slave at least for the zone your own domain is in. Ask -// your network administrator for the IP address of the responsible -// master name server. -// -// Do not forget to include the reverse lookup zone! -// This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. -// -// Before starting to set up a master zone, make sure you fully -// understand how DNS and BIND work. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is usually simpler. -// -// NB: Don't blindly enable the examples below. :-) Use actual names -// and addresses instead. - -/* An example dynamic zone -key "exampleorgkey" { - algorithm hmac-md5; - secret "sf87HJqjkqh8ac87a02lla=="; -}; -zone "example.org" { - type master; - allow-update { - key "exampleorgkey"; - }; - file "/etc/namedb/dynamic/example.org"; -}; -*/ - -/* Example of a slave reverse zone -zone "1.168.192.in-addr.arpa" { - type slave; - file "/etc/namedb/slave/1.168.192.in-addr.arpa"; - masters { - 192.168.1.1; - }; -}; -*/ diff --git a/etc/namedb/named.root b/etc/namedb/named.root deleted file mode 100644 index adf5e792138a..000000000000 --- a/etc/namedb/named.root +++ /dev/null @@ -1,92 +0,0 @@ -; -; $FreeBSD$ -; - -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: Jan 3, 2013 -; related version of root zone: 2013010300 -; -; formerly NS.INTERNIC.NET -; -. 3600000 IN NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 -; End of File diff --git a/etc/netstart b/etc/netstart index 885932d11f79..44b8ab75bf50 100755 --- a/etc/netstart +++ b/etc/netstart @@ -59,6 +59,7 @@ _start=quietstart /etc/rc.d/route6d ${_start} /etc/rc.d/mrouted ${_start} /etc/rc.d/routed ${_start} +/etc/rc.d/rtsold ${_start} /etc/rc.d/nisdomain ${_start} exit 0 diff --git a/etc/network.subr b/etc/network.subr index f92cab1b1015..aa72749c6967 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -51,7 +51,6 @@ ifn_start() if ! noafif $ifn; then afexists inet && ipv4_up ${ifn} && cfg=0 afexists inet6 && ipv6_up ${ifn} && cfg=0 - afexists ipx && ipx_up ${ifn} && cfg=0 fi childif_create ${ifn} && cfg=0 @@ -71,7 +70,6 @@ ifn_stop() [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" if ! noafif $ifn; then - afexists ipx && ipx_down ${ifn} && cfg=0 afexists inet6 && ipv6_down ${ifn} && cfg=0 afexists inet && ipv4_down ${ifn} && cfg=0 fi @@ -285,10 +283,8 @@ get_if_var() fi _if=$1 - _punct=". - / +" - for _punct_c in $_punct; do - _if=`ltr ${_if} ${_punct_c} '_'` - done + _punct=".-/+" + ltr ${_if} "${_punct}" '_' _if _var=$2 _default=$3 @@ -495,9 +491,6 @@ afexists() inet|inet6) check_kern_features ${_af} ;; - ipx) - ${SYSCTL_N} net.ipx > /dev/null 2>&1 - ;; atm) if [ -x /sbin/atmconfig ]; then /sbin/atmconfig diag list > /dev/null 2>&1 @@ -1081,6 +1074,7 @@ ifalias_af_common_handler() ifalias_af_common() { local _ret _if _af _action alias ifconfig_args _aliasn _c _tmpargs _iaf + local _punct=".-/+" _ret=1 _aliasn= @@ -1088,15 +1082,18 @@ ifalias_af_common() _af=$2 _action=$3 + # Normalize $_if before using it in a pattern to list_vars() + ltr "$_if" "$_punct" "_" _if + # ifconfig_IF_aliasN which starts with $_af - alias=0 - while : ; do - ifconfig_args=`get_if_var $_if ifconfig_IF_alias${alias}` + for alias in `list_vars ifconfig_${_if}_alias[0-9]\* | + sort_lite -nk1.$((9+${#_if}+7))` + do + eval ifconfig_args=\"\$$alias\" _iaf= case $ifconfig_args in inet\ *) _iaf=inet ;; inet6\ *) _iaf=inet6 ;; - ipx\ *) _iaf=ipx ;; link\ *) _iaf=link ;; ether\ *) _iaf=ether ;; esac @@ -1113,15 +1110,15 @@ ifalias_af_common() warn "\$ifconfig_${_if}_alias${alias} needs " \ "\"inet\" keyword for an IPv4 address." esac - alias=$(($alias + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. case $_af in inet6) - alias=0 - while : ; do - ifconfig_args=`get_if_var $_if ipv6_ifconfig_IF_alias${alias}` + for alias in `list_vars ipv6_ifconfig_${_if}_alias[0-9]\* | + sort_lite -nk1.$((14+${#_if}+7))` + do + eval ifconfig_args=\"\$$alias\" case ${_action}:"${ifconfig_args}" in *:"") break @@ -1133,7 +1130,6 @@ ifalias_af_common() "instead." ;; esac - alias=$(($alias + 1)) done esac @@ -1146,7 +1142,7 @@ ifalias_af_common() _tmpargs= for _c in `get_if_var $_if ifconfig_IF_aliases` $_aliasn; do case $_c in - inet|inet6|ipx|link|ether) + inet|inet6|link|ether) case $_tmpargs in ${_af}\ *) eval ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 @@ -1520,103 +1516,6 @@ ng_create_one() done } -# ng_fec_create ifn -# Configure Fast EtherChannel for interface $ifn. Returns 0 if -# FEC arguments were found and configured; returns !0 otherwise. -ng_fec_create() -{ - local req_iface iface bogus - req_iface="$1" - - ngctl shutdown ${req_iface}: > /dev/null 2>&1 - - bogus="" - while true; do - iface=`ng_create_one fec dummy fec` - if [ -z "${iface}" ]; then - exit 2 - fi - if [ "${iface}" = "${req_iface}" ]; then - break - fi - bogus="${bogus} ${iface}" - done - - for iface in ${bogus}; do - ngctl shutdown ${iface}: - done -} - -# fec_up -# Create Fast EtherChannel interfaces. -fec_up() -{ - local i j - - for i in ${fec_interfaces}; do - ng_fec_create $i - for j in `get_if_var $i fecconfig_IF`; do - case ${j} in - '') - continue - ;; - *) - ngctl msg ${i}: add_iface "\"${j}\"" - ;; - esac - done - done -} - -# ipx_up ifn -# Configure any IPX addresses for interface $ifn. Returns 0 if -# IPX arguments were found and configured; returns 1 otherwise. -# -ipx_up() -{ - local ifn - ifn="$1" - - # ifconfig_IF_ipx - ifconfig_args=`_ifconfig_getargs $ifn ipx` - if [ -n "${ifconfig_args}" ]; then - ${IFCONFIG_CMD} ${ifn} ${ifconfig_args} - return 0 - fi - - return 1 -} - -# ipx_down ifn -# Remove IPX addresses for interface $ifn. Returns 0 if IPX -# addresses were found and unconfigured. It returns 1, otherwise. -# -ipx_down() -{ - local _if _ifs _ret ipxList oldifs _ipx - _if=$1 - _ifs="^" - _ret=1 - ipxList="`${IFCONFIG_CMD} ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" - oldifs="$IFS" - - IFS="$_ifs" - for _ipx in $ipxList ; do - # get rid of extraneous line - [ -z "$_ipx" ] && break - - _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` - - IFS="$oldifs" - ${IFCONFIG_CMD} ${_if} ${_ipx} delete - IFS="$_ifs" - _ret=0 - done - IFS="$oldifs" - - return $_ret -} - # ifnet_rename [ifname] # Rename interfaces if ifconfig_IF_name is defined. # diff --git a/etc/nsmb.conf b/etc/nsmb.conf index e5f225849191..531d0941001d 100644 --- a/etc/nsmb.conf +++ b/etc/nsmb.conf @@ -29,7 +29,7 @@ # # keyword/section A B C D Comment # -# addr - + - - IP or IPX address of SMB server +# addr - + - - IP address of SMB server # charsets + + + + local:remote charset pair # nbns + + - - address of NetBIOS name server (WINS) # nbscope + + - - NetBIOS scope diff --git a/etc/ntp.conf b/etc/ntp.conf index 0421e4c2213a..8419adf5c215 100644 --- a/etc/ntp.conf +++ b/etc/ntp.conf @@ -17,7 +17,7 @@ # users with a static IP and good upstream NTP servers to add a server # to the pool. See http://www.pool.ntp.org/join.html if you are interested. # -# The option `iburst' is used for faster initial synchronisation. +# The option `iburst' is used for faster initial synchronization. # server 0.freebsd.pool.ntp.org iburst server 1.freebsd.pool.ntp.org iburst @@ -35,21 +35,37 @@ server 2.freebsd.pool.ntp.org iburst # server 2.CC.pool.ntp.org iburst # -# Security: Only accept NTP traffic from the following hosts. -# The following configuration example only accepts traffic from the -# above defined servers. +# Security: +# +# By default, only allow time queries and block all other requests +# from unauthenticated clients. +# +# See http://support.ntp.org/bin/view/Support/AccessRestrictions +# for more information. +# +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery +# +# Alternatively, the following rules would block all unauthorized access. +# +#restrict default ignore +#restrict -6 default ignore +# +# In this case, all remote NTP time servers also need to be explicitly +# allowed or they would not be able to exchange time information with +# this server. # # Please note that this example doesn't work for the servers in # the pool.ntp.org domain since they return multiple A records. -# (This is the reason that by default they are commented out) # -#restrict default ignore #restrict 0.pool.ntp.org nomodify nopeer noquery notrap #restrict 1.pool.ntp.org nomodify nopeer noquery notrap #restrict 2.pool.ntp.org nomodify nopeer noquery notrap -#restrict 127.0.0.1 -#restrict -6 ::1 -#restrict 127.127.1.0 +# +# The following settings allow unrestricted access from the localhost +restrict 127.0.0.1 +restrict -6 ::1 +restrict 127.127.1.0 # # If a server loses sync with all upstream servers, NTP clients diff --git a/etc/periodic/daily/220.backup-pkgdb b/etc/periodic/daily/220.backup-pkgdb deleted file mode 100755 index 82bf0b3dce6c..000000000000 --- a/etc/periodic/daily/220.backup-pkgdb +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -rc=0 - -case "$daily_backup_pkgdb_enable" in - [Yy][Ee][Ss]) - bak="${daily_backup_pkgdb_dir:-/var/backups}" - bak_file="${bak}/pkgdb.bak.tbz" - - pkg_dbdir=`make -f/usr/share/mk/bsd.port.mk -V PKG_DBDIR 2>/dev/null` || - pkg_dbdir=/var/db/pkg - - if [ ! -d "$bak" ] - then - install -d -o root -g wheel -m 750 $bak || { - echo '$daily_backup_pkgdb_enable is enabled but' \ - "$daily_backup_pkgdb_dir doesn't exist" ; - exit 2 ; } - fi - - echo '' - echo 'Backing up package db directory:' - - new_bak_file=`mktemp ${bak_file}-XXXXX` - - if tar -cjHf "${new_bak_file}" "$pkg_dbdir" 2>/dev/null; then - chmod 644 "${new_bak_file}" - - if [ -e "${bak_file}.2" -a -e "${bak_file}" ]; then - unlink "${bak_file}.2" - mv "${bak_file}" "${bak_file}.2" - fi - [ -e "${bak_file}" ] && mv "${bak_file}" "${bak_file}.2" - mv "${new_bak_file}" "${bak_file}" - else - rc=3 - fi ;; -esac - -exit $rc diff --git a/etc/periodic/daily/470.status-named b/etc/periodic/daily/470.status-named deleted file mode 100755 index 987029e5c4f6..000000000000 --- a/etc/periodic/daily/470.status-named +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -catmsgs() { - find /var/log -name 'messages.*' -mtime -2 | - sort -t. -r -n -k 2,2 | - while read f - do - case $f in - *.gz) zcat -f $f;; - *.bz2) bzcat -f $f;; - esac - done - [ -f /var/log/messages ] && cat /var/log/messages -} - -case "$daily_status_named_enable" in - [Yy][Ee][Ss]) - echo - echo 'Checking for denied zone transfers (AXFR and IXFR):' - - start=`date -v-1d '+%b %e'` - rc=$(catmsgs | - fgrep -E "^$start.*named\[[[:digit:]]+\]: transfer of .*failed .*: REFUSED" | - sed -e "s/.*transfer of \'\(.*\)\/IN\' from \(.*\)#[0-9]*: .*/\1 from \2/" | - sort -f | uniq -ic | ( - usedns=0 - case "$daily_status_named_usedns" in - '') ;; - [yY][eE][sS]) usedns=1 ;; - esac - - while read line ;do - ipaddr=`echo "$line" | sed -e 's/^.*from //'` - if [ $usedns -eq 1 ]; then - name=`host "${ipaddr}" 2>/dev/null | \ - sed 's/.*domain name pointer \(.*\)\./\1/'` - fi - if [ -n "${name}" ]; then - echo "${line} (${name})" - else - echo "${line}" - fi - done ) | \ - tee /dev/stderr | wc -l) - [ $rc -gt 0 ] && rc=1 - ;; - - *) rc=0;; -esac - -exit $rc diff --git a/etc/periodic/daily/490.status-pkg-changes b/etc/periodic/daily/490.status-pkg-changes deleted file mode 100755 index 548e10add795..000000000000 --- a/etc/periodic/daily/490.status-pkg-changes +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ]; then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -case "$daily_status_pkg_changes_enable" in - [Yy][Ee][Ss]) - if [ ! -f /usr/sbin/pkg_info ]; then - echo '$daily_status_pkg_changes_enable is enabled but' \ - "/usr/sbin/pkg_info doesn't exist" - rc=2 - else - bak=/var/backups - rc=0 - - if [ -f $bak/pkg_info.bak ]; then - mv -f $bak/pkg_info.bak $bak/pkg_info.bak2 - fi - ${pkg_info:-/usr/sbin/pkg_info} > $bak/pkg_info.bak - - cmp -sz $bak/pkg_info.bak $bak/pkg_info.bak2 - if [ $? -eq 1 ]; then - echo "" - echo "Changes in installed packages:" - diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \ - | grep '^[-+][^-+]' | sort -k 1.2 - fi - fi - ;; - - *) - rc=0 - ;; -esac - -exit $rc diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile index 6909e30d7deb..aa28351ae2a1 100644 --- a/etc/periodic/daily/Makefile +++ b/etc/periodic/daily/Makefile @@ -36,11 +36,6 @@ FILES+= 130.clean-msgs FILES+= 480.status-ntpd .endif -.if ${MK_PKGTOOLS} != "no" -FILES+= 220.backup-pkgdb \ - 490.status-pkg-changes -.endif - .if ${MK_RCMDS} != "no" FILES+= 140.clean-rwho \ 430.status-rwho diff --git a/etc/periodic/security/460.chkportsum b/etc/periodic/security/460.chkportsum deleted file mode 100755 index 18a12ecbadb3..000000000000 --- a/etc/periodic/security/460.chkportsum +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2010 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -. /etc/periodic/security/security.functions - -security_daily_compat_var security_status_chkportsum_enable - -rc=0 - -echo "" -echo 'Checking for ports with mismatched checksums:' - -if check_yesno_period security_status_chkportsum_enable -then - set -f - pkg_info -ga 2>/dev/null | \ - while IFS= read -r line; do - set -- $line - case $1 in - Information) - case $2 in - for) name="${3%%:}" ;; - *) name='??' ;; - esac - ;; - Mismatched|'') ;; - *) [ -n "${name}" ] && - echo "${name}: ${line%% fails the original MD5 checksum}" - ;; - esac - done -fi - -exit $rc diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index a0de96dec10e..4c78f441639a 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -64,7 +64,7 @@ if check_yesno_period security_status_loginfail_enable then echo "" echo "${host} login failures:" - n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | + n=$(catmsgs | egrep -ia "^$yesterday.*: .*\b(fail(ures?|ed)?|invalid|bad|illegal|auth.*error)\b" | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0 fi diff --git a/etc/periodic/security/Makefile b/etc/periodic/security/Makefile index fbcd45460d2b..c5af2f85b012 100644 --- a/etc/periodic/security/Makefile +++ b/etc/periodic/security/Makefile @@ -29,8 +29,4 @@ FILES+= 500.ipfwdenied \ FILES+= 520.pfdenied .endif -.if ${MK_PKGTOOLS} != "no" -FILES+= 460.chkportsum -.endif - .include <bsd.prog.mk> diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg deleted file mode 100755 index 785c2fffd756..000000000000 --- a/etc/periodic/weekly/400.status-pkg +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh - -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ] -then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -case "$weekly_status_pkg_enable" in - [Yy][Ee][Ss]) - echo "" - echo "Check for out of date packages:" - - rc=$(${pkg_version:-pkg_version} -v ${pkg_version_index} | - sed -n -e 's/^\([^ ]*\) *< */ \1 /p' \ - -e '/^[^ ]*-\([^ ]*\) *\* *multiple versions.*[ ,]\1[,)].*/d' \ - -e 's/^\([^ ]*\) *\* *multiple versions.*\((.*\)/ \1 needs updating \2/p' \ - -e 's/^\(bsdpan-[^ ]*\) *? *unknown in index/ \1 may be outdated - check CPAN version manually/p' \ - -e 's/^\([^ ]*-[^ ]*\) *? *unknown in index/ \1 is obsolete/p' \ - -e 's/^\([^ ]*-[^ ]*\) *? *\(orphaned:.*\)$/ \1 was \2/p' | - tee /dev/stderr | - wc -l) - [ $rc -gt 1 ] && rc=1;; - - *) rc=0;; -esac - -exit $rc diff --git a/etc/periodic/weekly/Makefile b/etc/periodic/weekly/Makefile index 057653d590f3..b6f77c4f71d0 100644 --- a/etc/periodic/weekly/Makefile +++ b/etc/periodic/weekly/Makefile @@ -16,8 +16,4 @@ FILES+= 310.locate FILES+= 320.whatis 330.catman .endif -.if ${MK_PKGTOOLS} != "no" -FILES+= 400.status-pkg -.endif - .include <bsd.prog.mk> diff --git a/etc/pf.os b/etc/pf.os index 699f19a6b61b..78b70d6c1d73 100644 --- a/etc/pf.os +++ b/etc/pf.os @@ -315,6 +315,14 @@ S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps 16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9 16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df) +# ----------------- DragonFly BSD ----------------- + +57344:64:1:60:M*,N,W0,N,N,T: DragonFly:1.0:A:DragonFly 1.0A +57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:1.2-1.12::DragonFly 1.2-1.12 +5840:64:1:60:M*,S,T,N,W4: DragonFly:2.0-2.1::DragonFly 2.0-2.1 +57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:2.2-2.3::DragonFly 2.2-2.3 +57344:64:0:64:M*,N,W5,N,N,S,N,N,T: DragonFly:2.4-2.7::DragonFly 2.4-2.7 + # ----------------- Solaris ----------------- S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 diff --git a/etc/pkg/FreeBSD.conf b/etc/pkg/FreeBSD.conf new file mode 100644 index 000000000000..e4eec8f11451 --- /dev/null +++ b/etc/pkg/FreeBSD.conf @@ -0,0 +1,16 @@ +# $FreeBSD$ +# +# To disable this repository, instead of modifying or removing this file, +# create a /usr/local/etc/pkg/repos/FreeBSD.conf file: +# +# mkdir -p /usr/local/etc/pkg/repos +# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf +# + +FreeBSD: { + url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/share/keys/pkg", + enabled: yes +} diff --git a/etc/pkg/Makefile b/etc/pkg/Makefile new file mode 100644 index 000000000000..abc8c64ca5cb --- /dev/null +++ b/etc/pkg/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= FreeBSD.conf + +FILESDIR= /etc/pkg +FILESMODE= 644 + +.include <bsd.prog.mk> @@ -71,6 +71,11 @@ fi . /etc/rc.subr load_rc_config 'XXX' +# If we receive a SIGALRM, re-source /etc/rc.conf; this allows rc.d +# scripts to perform "boot-time configuration" including enabling and +# disabling rc.d scripts which appear later in the boot order. +trap "_rc_conf_loaded=false; load_rc_config 'XXX'" ALRM + skip="-s nostart" if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then skip="$skip -s nojail" @@ -82,10 +87,15 @@ if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then fi fi +# If the firstboot sentinel doesn't exist, we want to skip firstboot scripts. +if ! [ -e ${firstboot_sentinel} ]; then + skip_firstboot="-s firstboot" +fi + # Do a first pass to get everything up to $early_late_divider so that # we can do a second pass that includes $local_startup directories # -files=`rcorder ${skip} /etc/rc.d/* 2>/dev/null` +files=`rcorder ${skip} ${skip_firstboot} /etc/rc.d/* 2>/dev/null` _rc_elem_done=' ' for _rc_elem in ${files}; do @@ -107,7 +117,13 @@ case ${local_startup} in *) find_local_scripts_new ;; esac -files=`rcorder ${skip} /etc/rc.d/* ${local_rc} 2>/dev/null` +# The firstboot sentinel might be on a newly mounted filesystem; look for it +# again and unset skip_firstboot if we find it. +if [ -e ${firstboot_sentinel} ]; then + skip_firstboot="" +fi + +files=`rcorder ${skip} ${skip_firstboot} /etc/rc.d/* ${local_rc} 2>/dev/null` for _rc_elem in ${files}; do case "$_rc_elem_done" in *" $_rc_elem "*) continue ;; @@ -116,6 +132,15 @@ for _rc_elem in ${files}; do run_rc_script ${_rc_elem} ${_boot} done +# Remove the firstboot sentinel, and reboot if it was requested. +if [ -e ${firstboot_sentinel} ]; then + rm ${firstboot_sentinel} + if [ -e ${firstboot_sentinel}-reboot ]; then + rm ${firstboot_sentinel}-reboot + kill -INT 1 + fi +fi + echo '' date exit 0 diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index e51e2f8058a8..6c6801b52581 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -26,6 +26,7 @@ FILES= DAEMON \ bridge \ bsnmpd \ ${_bthidd} \ + ${_casperd} \ ccd \ cleanvar \ cleartmp \ @@ -62,7 +63,6 @@ FILES= DAEMON \ ipmon \ ipnat \ ipsec \ - ${_ipxrouted} \ iscsictl \ iscsid \ jail \ @@ -90,7 +90,6 @@ FILES= DAEMON \ mroute6d \ mrouted \ msgs \ - named \ natd \ netif \ netoptions \ @@ -165,10 +164,6 @@ FILES= DAEMON \ zfs \ zvol -.if ${MK_IPX} != "no" -_ipxrouted= ipxrouted -.endif - .if ${MK_OFED} != "no" _opensm= opensm .endif @@ -188,6 +183,10 @@ _hcsecd= hcsecd _ubthidhci= ubthidhci .endif +.if ${MK_CASPER} != "no" +_casperd= casperd +.endif + .if ${MK_UNBOUND} != "no" _unbound= local_unbound .endif diff --git a/etc/rc.d/casperd b/etc/rc.d/casperd new file mode 100644 index 000000000000..0b80169a0262 --- /dev/null +++ b/etc/rc.d/casperd @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: casperd +# REQUIRE: NETWORKING syslogd +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="casperd" +rcvar="casperd_enable" +pidfile="/var/run/${name}.pid" +command="/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/devd b/etc/rc.d/devd index 597697937135..c7288e446292 100755 --- a/etc/rc.d/devd +++ b/etc/rc.d/devd @@ -30,9 +30,10 @@ devd_prestart() { find_pidfile - # If devd is disabled, turn it off in the kernel to avoid memory leaks. + # If devd is disabled, turn it off in the kernel to avoid unnecessary + # memory usage. if ! checkyesno ${rcvar}; then - $SYSCTL hw.bus.devctl_disable=1 + $SYSCTL hw.bus.devctl_queue=0 fi } diff --git a/etc/rc.d/ftp-proxy b/etc/rc.d/ftp-proxy index 1bb89ddda9bc..f97b76b06a63 100755 --- a/etc/rc.d/ftp-proxy +++ b/etc/rc.d/ftp-proxy @@ -14,4 +14,62 @@ rcvar="ftpproxy_enable" command="/usr/sbin/ftp-proxy" load_rc_config $name -run_rc_command "$1" + +# +# manage_pid argument +# Create or remove a pidfile manually, for daemons that can't be bothered +# to do it themselves. Takes one argument, which is the argument provided +# to the rc script. The pidfile will be named /var/run/<$name>.pid, +# unless $pidfile is defined. +# +# The method used to determine the pid is rather hacky; grep ps output to +# find '$procname|$command', then grep for ${name}_flags. If at all +# possible, use another method if at all possible, to avoid that dirty- +# code feeling. +# +manage_pid() { + local search_string ps_pid + case $1 in + *start) + cmd_string=`basename ${procname:-${command}}` + eval flag_string=\"\$${name}_flags\" + # Determine the pid. + ps_pid=`ps ax -o pid= -o command= | grep $cmd_string | grep -e "$flag_string" | grep -v grep | awk '{ print $1 }'` + # Write the pidfile depending on $pidfile status. + echo $ps_pid > ${pidfile:-"/var/run/$name.pid"} + ;; + stop) + rm $pidfile + ;; + esac +} + +# Allow ftp-proxy to start up in two different ways. The typical behavior +# is to start up one instance of ftp-proxy by setting ftpproxy_enable and +# ftpproxy_flags. The alternate behavior allows multiple instances of ftp- +# proxy to be started, allowing different types of proxy behavior. To use the +# new behavior, a list of instances must be defined, and a list of flags for +# each instance. For example, if we want to start two instances of ftp-proxy, +# foo and bar, we would set the following vars. +# ftpproxy_enable="YES" +# ftpproxy_instances="foo bar" +# ftpproxy_foo="<arguments for foo>" +# ftpproxy_bar="<arguments for bar>" +# +# Starting more than one ftp-proxy? +if [ "$ftpproxy_instances" ] && [ -n "${ftpproxy_instances}" ]; then + # Iterate through instance list. + for i in $ftpproxy_instances; do + #eval ftpproxy_${i}_flags=\$ftpproxy_${i} + #eval name=ftpproxy_${i} + # Set flags for this instance. + eval ftpproxy_flags=\$ftpproxy_${i} + # Define a unique pid file name. + pidfile="/var/run/ftp-proxy.$i.pid" + run_rc_command "$1" + manage_pid $1 + done +else + # Traditional single-instance behavior + run_rc_command "$1" +fi diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom index 47838737806e..907668b191c6 100755 --- a/etc/rc.d/initrandom +++ b/etc/rc.d/initrandom @@ -14,26 +14,6 @@ name="initrandom" start_cmd="initrandom_start" stop_cmd=":" -feed_dev_random() -{ - if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then - cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null - fi -} - -better_than_nothing() -{ - # XXX temporary until we can improve the entropy - # harvesting rate. - # Entropy below is not great, but better than nothing. - # This unblocks the generator at startup - # Note: commands are ordered to cause the most variance across reboots. - ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \ - | dd of=/dev/random bs=8k 2>/dev/null - /sbin/sha256 -q `sysctl -n kern.bootfile` \ - | dd of=/dev/random bs=8k 2>/dev/null -} - initrandom_start() { soft_random_generator=`sysctl kern.random 2>/dev/null` @@ -63,23 +43,15 @@ initrandom_start() else ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null fi - fi - # First pass at reseeding /dev/random. - # - case ${entropy_file} in - [Nn][Oo] | '') - ;; - *) - if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" + if checkyesno harvest_swi; then + ${SYSCTL} kern.random.sys.harvest.swi=1 >/dev/null + echo -n ' swi' + else + ${SYSCTL} kern.random.sys.harvest.swi=0 >/dev/null fi - ;; - esac - - better_than_nothing + fi - echo -n ' kickstart' fi echo '.' diff --git a/etc/rc.d/ipxrouted b/etc/rc.d/ipxrouted deleted file mode 100755 index dcca91df9746..000000000000 --- a/etc/rc.d/ipxrouted +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: ipxrouted -# REQUIRE: SERVERS -# BEFORE: DAEMON -# KEYWORD: nojail - -. /etc/rc.subr - -name="ipxrouted" -rcvar="ipxrouted_enable" -command="/usr/sbin/IPXrouted" -command_args="> /dev/null 2>&1" - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/jail b/etc/rc.d/jail index 63e489aabc02..d8a88e438b7c 100755 --- a/etc/rc.d/jail +++ b/etc/rc.d/jail @@ -22,7 +22,7 @@ status_cmd="jail_status" extra_commands="config console status" : ${jail_conf:=/etc/jail.conf} : ${jail_program:=/usr/sbin/jail} -: ${jail_consolecmd:=/bin/sh} +: ${jail_consolecmd:=/usr/bin/login -f root} : ${jail_jexec:=/usr/sbin/jexec} : ${jail_jls:=/usr/sbin/jls} @@ -94,7 +94,7 @@ extract_var() # parse_options() { - local _j + local _j _p _j=$1 _confwarn=0 @@ -132,7 +132,9 @@ parse_options() # _confwarn=1 if [ -r "$jail_conf" -o -r "$_jconf" ]; then - warn "$_conf is created and used for jail $_j." + if ! checkyesno jail_parallel_start; then + warn "$_conf is created and used for jail $_j." + fi fi /usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1 @@ -166,7 +168,7 @@ parse_options() jail_handle_ips_option $_ip $_interface alias=0 while : ; do - eval _x=\"\$jail_${_jail}_ip_multi${alias}\" + eval _x=\"\$jail_${_j}_ip_multi${alias}\" [ -z "$_x" ] && break jail_handle_ips_option $_x $_interface @@ -208,6 +210,7 @@ parse_options() eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}} if checkyesno jail_${_j}_devfs_enable; then echo " mount.devfs;" + eval _ruleset=\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}} case $_ruleset in "") ;; [0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;; @@ -217,7 +220,7 @@ parse_options() # mount(8) only accepts an integer. # This should accept a ruleset name. ;; - *) warn "devfs_ruleset must be integer." ;; + *) warn "devfs_ruleset must be an integer." ;; esac if [ -r $_fstab ]; then echo " mount.fstab = \"$_fstab\";" @@ -226,8 +229,7 @@ parse_options() eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} if checkyesno jail_${_j}_fdescfs_enable; then - echo " mount += " \ - "\"fdescfs ${_rootdir%/}/dev/fd fdescfs rw 0 0\";" + echo " mount.fdescfs;" fi eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} if checkyesno jail_${_j}_procfs_enable; then @@ -235,8 +237,6 @@ parse_options() "\"procfs ${_rootdir%/}/proc procfs rw 0 0\";" fi - echo " ${_parameters};" - eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} if checkyesno jail_${_j}_mount_enable; then echo " allow.mount;" >> $_conf @@ -244,6 +244,9 @@ parse_options() extract_var $_j set_hostname_allow allow.set_hostname YN NO extract_var $_j sysvipc_allow allow.sysvipc YN NO + for _p in $_parameters; do + echo " ${_p%\;};" + done echo "}" ) >> $_conf @@ -316,8 +319,8 @@ jail_extract_address() _mask=${_mask:-/32} elif [ "${_type}" = "inet6" ]; then - # In case _maske is not set for IPv6, use /64. - _mask=${_mask:-/64} + # In case _maske is not set for IPv6, use /128. + _mask=${_mask:-/128} fi } @@ -328,9 +331,9 @@ jail_extract_address() # jail_handle_ips_option() { - local _x _type _i _iface + local _x _type _i _defif _x=$1 - _iface=$2 + _defif=$2 if [ -z "${_x}" ]; then # No IP given. This can happen for the primary address @@ -354,7 +357,8 @@ jail_handle_ips_option() _type="" _addr="" _mask="" - jail_extract_address $_i $_iface + _iface="" + jail_extract_address $_i $_defif # make sure we got an address. case $_addr in @@ -365,10 +369,10 @@ jail_handle_ips_option() # Append address to list of addresses for the jail command. case $_type in inet) - echo " ip4.addr += \"${_addr}${_mask}\";" + echo " ip4.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";" ;; inet6) - echo " ip6.addr += \"${_addr}${_mask}\";" + echo " ip6.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";" need_dad_wait=1 ;; esac @@ -377,26 +381,35 @@ jail_handle_ips_option() jail_config() { + local _j + case $1 in _ALL) return ;; esac - for _jail in $@; do - if parse_options $_jail; then - echo "$_jail: parameters are in $_conf." + for _j in $@; do + _j=$(echo $_j | tr /. _) + if parse_options $_j; then + echo "$_j: parameters are in $_conf." fi done } jail_console() { + local _j _cmd + # One argument that is not _ALL. case $#:$1 in - 1:_ALL) err 3 "Specify a jail name." ;; - 1:*) ;; - *) err 3 "Specify a jail name." ;; + 0:*|1:_ALL) err 3 "Specify a jail name." ;; + 1:*) ;; esac - eval _cmd=\${jail_$1_consolecmd:-$jail_consolecmd} - $jail_jexec $1 $_cmd + _j=$(echo $1 | tr /. _) + shift + case $# in + 0) eval _cmd=\${jail_${_j}_consolecmd:-$jail_consolecmd} ;; + *) _cmd=$@ ;; + esac + $jail_jexec $_j $_cmd } jail_status() @@ -407,67 +420,139 @@ jail_status() jail_start() { + local _j _jid _jn _jl + if [ $# = 0 ]; then return fi echo -n 'Starting jails:' case $1 in _ALL) - echo -n ' ' command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -c" - $command $rc_flags $command_args "*" + _tmp=`mktemp -t jail` || exit 3 + if $command $rc_flags $command_args >> $_tmp 2>&1; then + $jail_jls -nq | while read IN; do + _jn=$(echo $IN | tr " " "\n" | grep ^name=) + _jid=$(echo $IN | tr " " "\n" | grep ^jid=) + echo -n " ${_jn#name=}" + echo "${_jid#jid=}" \ + > /var/run/jail_${_jn#name=}.id + done + else + tail -1 $_tmp + fi + rm -f $_tmp echo '.' return ;; esac - _tmp=`mktemp -t jail` || exit 3 - for _jail in $@; do - parse_options $_jail || continue - - eval rc_flags=\${jail_${_j}_flags:-$jail_flags} - eval command=\${jail_${_j}_program:-$jail_program} - if checkyesno jail_parallel_start; then - command_args="-i -f $_conf -c $_jail &" - else - command_args="-i -f $_conf -c $_jail" - fi - if $command $rc_flags $command_args \ - >> $_tmp 2>&1 </dev/null; then - echo -n " ${_hostname:-${_jail}}" - else - echo " cannot start jail \"${_hostname:-${jail}}\": " - tail +2 $_tmp - fi - rm -f $_tmp - done + if checkyesno jail_parallel_start; then + # + # Start jails in parallel and then check jail id when + # jail_parallel_start is YES. + # + _jl= + for _j in $@; do + _j=$(echo $_j | tr /. _) + parse_options $_j || continue + + _jl="$_jl $_j" + eval rc_flags=\${jail_${_j}_flags:-$jail_flags} + eval command=\${jail_${_j}_program:-$jail_program} + command_args="-i -f $_conf -c $_j" + $command $rc_flags $command_args \ + >/dev/null 2>&1 </dev/null & + done + sleep 1 + for _j in $_jl; do + echo -n " ${_hostname:-${_j}}" + if _jid=$($jail_jls -n -j $_j | tr " " "\n" | \ + grep ^jid=); then + echo "${_jid#jid=}" > /var/run/jail_${_j}.id + else + rm -f /var/run/jail_${_j}.id + echo " cannot start jail " \ + "\"${_hostname:-${_j}}\": " + fi + done + else + # + # Start jails one-by-one when jail_parallel_start is NO. + # + for _j in $@; do + _j=$(echo $_j | tr /. _) + parse_options $_j || continue + + eval rc_flags=\${jail_${_j}_flags:-$jail_flags} + eval command=\${jail_${_j}_program:-$jail_program} + command_args="-i -f $_conf -c $_j" + _tmp=`mktemp -t jail` || exit 3 + if $command $rc_flags $command_args \ + >> $_tmp 2>&1 </dev/null; then + echo -n " ${_hostname:-${_j}}" + _jid=$($jail_jls -n -j $_j | \ + tr " " "\n" | grep ^jid=) + echo "${_jid#jid=}" > /var/run/jail_${_j}.id + else + rm -f /var/run/jail_${_j}.id + echo " cannot start jail " \ + "\"${_hostname:-${_j}}\": " + cat $_tmp + fi + rm -f $_tmp + done + fi echo '.' } jail_stop() { + local _j _jn + if [ $# = 0 ]; then return fi echo -n 'Stopping jails:' case $1 in _ALL) - echo -n ' ' command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -r" - $command $rc_flags $command_args "*" + $jail_jls -nq | while read IN; do + _jn=$(echo $IN | tr " " "\n" | grep ^name=) + echo -n " ${_jn#name=}" + _tmp=`mktemp -t jail` || exit 3 + $command $rc_flags $command_args ${_jn#name=} \ + >> $_tmp 2>&1 + if $jail_jls -j ${_jn#name=} > /dev/null 2>&1; then + tail -1 $_tmp + else + rm -f /var/run/jail_${_jn#name=}.id + fi + rm -f $_tmp + done echo '.' return ;; esac - for _jail in $@; do - parse_options $_jail || continue + for _j in $@; do + _j=$(echo $_j | tr /. _) + parse_options $_j || continue + if ! $jail_jls -j $_j > /dev/null 2>&1; then + continue + fi eval command=\${jail_${_j}_program:-$jail_program} - if $command -q -f $_conf -r $_jail; then - echo -n " ${_hostname:-${_jail}}" + echo -n " ${_hostname:-${_j}}" + _tmp=`mktemp -t jail` || exit 3 + $command -q -f $_conf -r $_j >> $_tmp 2>&1 + if $jail_jls -j $_j > /dev/null 2>&1; then + tail -1 $_tmp + else + rm -f /var/run/jail_${_j}.id fi + rm -f $_tmp done echo '.' } diff --git a/etc/rc.d/mdconfig b/etc/rc.d/mdconfig index 7b9ddf8074be..627da8750b24 100755 --- a/etc/rc.d/mdconfig +++ b/etc/rc.d/mdconfig @@ -181,17 +181,14 @@ fi load_rc_config $name -_mdconfig_unit=0 if [ -z "${_mdconfig_list}" ]; then - while :; do - eval _mdconfig_config=\$mdconfig_md${_mdconfig_unit} - if [ -z "${_mdconfig_config}" ]; then - break - else - _mdconfig_list="${_mdconfig_list}${_mdconfig_list:+ }md${_mdconfig_unit}" - _mdconfig_unit=$((${_mdconfig_unit} + 1)) - fi + for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | + sort_lite -nk1.12` + do + _mdconfig_unit=${_mdconfig_config#mdconfig_md} + _mdconfig_list="$_mdconfig_list md$_mdconfig_unit" done + _mdconfig_list="${_mdconfig_list# }" fi run_rc_command "${_mdconfig_cmd}" diff --git a/etc/rc.d/mdconfig2 b/etc/rc.d/mdconfig2 index 4b1535e8e7c5..85fd07fc3fe2 100755 --- a/etc/rc.d/mdconfig2 +++ b/etc/rc.d/mdconfig2 @@ -211,17 +211,14 @@ fi load_rc_config $name -_mdconfig2_unit=0 if [ -z "${_mdconfig2_list}" ]; then - while :; do - eval _mdconfig2_config=\$mdconfig_md${_mdconfig2_unit} - if [ -z "${_mdconfig2_config}" ]; then - break - else - _mdconfig2_list="${_mdconfig2_list}${_mdconfig2_list:+ }md${_mdconfig2_unit}" - _mdconfig2_unit=$((${_mdconfig2_unit} + 1)) - fi + for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | + sort_lite -nk1.12` + do + _mdconfig2_unit=${_mdconfig2_config#mdconfig_md} + _mdconfig2_list="$_mdconfig2_list md$_mdconfig2_unit" done + _mdconfig2_list="${_mdconfig2_list# }" fi run_rc_command "${_mdconfig2_cmd}" diff --git a/etc/rc.d/named b/etc/rc.d/named deleted file mode 100755 index b55bde3a88ab..000000000000 --- a/etc/rc.d/named +++ /dev/null @@ -1,301 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: named -# REQUIRE: SERVERS FILESYSTEMS -# KEYWORD: shutdown - -. /etc/rc.subr - -name="named" -rcvar=named_enable - -extra_commands="reload" - -start_precmd="named_prestart" -start_postcmd="named_poststart" -reload_cmd="named_reload" -stop_cmd="named_stop" -stop_postcmd="named_poststop" - -# If running in a chroot cage, ensure that the appropriate files -# exist inside the cage, as well as helper symlinks into the cage -# from outside. -# -# As this is called after the is_running and required_dir checks -# are made in run_rc_command(), we can safely assume ${named_chrootdir} -# exists and named isn't running at this point (unless forcestart -# is used). -# -chroot_autoupdate() -{ - local file - - # Create (or update) the chroot directory structure - # - if [ -r /etc/mtree/BIND.chroot.dist ]; then - mtree -deU -f /etc/mtree/BIND.chroot.dist \ - -p ${named_chrootdir} - else - warn "/etc/mtree/BIND.chroot.dist missing," - warn "chroot directory structure not updated" - fi - - # Create (or update) the configuration directory symlink - # - if [ ! -L "${named_conf%/*}" ]; then - if [ -d "${named_conf%/*}" ]; then - warn "named chroot: ${named_conf%/*} is a directory!" - elif [ -e "${named_conf%/*}" ]; then - warn "named chroot: ${named_conf%/*} exists!" - else - ln -s ${named_confdir} ${named_conf%/*} - fi - else - # Make sure it points to the right place. - ln -shf ${named_confdir} ${named_conf%/*} - fi - - # Mount a devfs in the chroot directory if needed - # - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide - else - if [ -c ${named_chrootdir}/dev/null -a \ - -c ${named_chrootdir}/dev/random ]; then - info "named chroot: using pre-mounted devfs." - else - err 1 "named chroot: devfs cannot be mounted from" \ - "within a jail. Thus a chrooted named cannot" \ - "be run from within a jail." \ - "To run named without chrooting it, set" \ - "named_chrootdir=\"\" in /etc/rc.conf." - fi - fi - - # Copy and/or update key files to the chroot /etc - # - for file in localtime protocols services; do - if [ -r /etc/$file ]; then - cmp -s /etc/$file "${named_chrootdir}/etc/$file" || - cp -p /etc/$file "${named_chrootdir}/etc/$file" - fi - done -} - -# Make symlinks to the correct pid file -# -make_symlinks() -{ - checkyesno named_symlink_enable && - ln -fs "${named_chrootdir}${pidfile}" ${pidfile} -} - -named_poststart() { - make_symlinks - - if checkyesno named_wait; then - until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do - echo " Waiting for nameserver to resolve $named_wait_host" - sleep 1 - done - fi -} - -named_reload() -{ - ${command%/named}/rndc reload -} - -find_pidfile() -{ - if get_pidfile_from_conf pid-file $named_conf; then - pidfile="$_pidfile_from_conf" - else - pidfile="/var/run/named/pid" - fi -} - -named_stop() -{ - find_pidfile - - # This duplicates an undesirably large amount of code from the stop - # routine in rc.subr in order to use rndc to shut down the process, - # and to give it a second chance in case rndc fails. - rc_pid=$(check_pidfile $pidfile $command) - if [ -z "$rc_pid" ]; then - [ -n "$rc_fast" ] && return 0 - _run_rc_notrunning - return 1 - fi - echo 'Stopping named.' - if ${command%/named}/rndc stop 2>/dev/null; then - wait_for_pids $rc_pid - else - echo -n 'rndc failed, trying kill: ' - kill -TERM $rc_pid - wait_for_pids $rc_pid - fi -} - -named_poststop() -{ - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" - fi - fi -} - -create_file() { - if [ -e "$1" ]; then - unlink $1 - fi - > $1 - chown root:wheel $1 - chmod 644 $1 -} - -named_prestart() -{ - find_pidfile - - if [ -n "$named_pidfile" ]; then - warn 'named_pidfile: now determined from the conf file' - fi - - command_args="-u ${named_uid:=root}" - - if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then - case "$named_flags" in - -c*|*' -c'*) ;; # No need to add it - *) command_args="-c $named_conf $command_args" ;; - esac - fi - - local line nsip firstns - - # Is the user using a sandbox? - # - if [ -n "$named_chrootdir" ]; then - rc_flags="$rc_flags -t $named_chrootdir" - checkyesno named_chroot_autoupdate && chroot_autoupdate - else - named_symlink_enable=NO - fi - - # Create an rndc.key file for the user if none exists - # - confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \ - -c ${named_confdir}/rndc.key" - if [ -s "${named_confdir}/rndc.conf" ]; then - unset confgen_command - fi - if [ -s "${named_confdir}/rndc.key" ]; then - case `stat -f%Su ${named_confdir}/rndc.key` in - root|$named_uid) ;; - *) $confgen_command ;; - esac - else - $confgen_command - fi - - local checkconf - - checkconf="${command%/named}/named-checkconf" - if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then - checkconf="$checkconf -t $named_chrootdir" - fi - - # Create a forwarder configuration based on /etc/resolv.conf - if checkyesno named_auto_forward; then - if [ ! -s /etc/resolv.conf ]; then - warn "named_auto_forward enabled, but no /etc/resolv.conf" - - # Empty the file in case it is included in named.conf - [ -s "${named_confdir}/auto_forward.conf" ] && - create_file ${named_confdir}/auto_forward.conf - - $checkconf $named_conf || - err 3 'named-checkconf for $named_conf failed' - return - fi - - create_file /var/run/naf-resolv.conf - create_file /var/run/auto_forward.conf - - echo ' forwarders {' > /var/run/auto_forward.conf - - while read line; do - case "$line" in - 'nameserver '*|'nameserver '*) - nsip=${line##nameserver[ ]} - - if [ -z "$firstns" ]; then - if [ ! "$nsip" = '127.0.0.1' ]; then - echo 'nameserver 127.0.0.1' - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - - firstns=1 - else - [ "$nsip" = '127.0.0.1' ] && continue - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - ;; - esac - - echo $line - done < /etc/resolv.conf > /var/run/naf-resolv.conf - - echo ' };' >> /var/run/auto_forward.conf - echo '' >> /var/run/auto_forward.conf - if checkyesno named_auto_forward_only; then - echo " forward only;" >> /var/run/auto_forward.conf - else - echo " forward first;" >> /var/run/auto_forward.conf - fi - - if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then - unlink /var/run/naf-resolv.conf - else - [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf - mv /var/run/naf-resolv.conf /etc/resolv.conf - fi - - if cmp -s ${named_confdir}/auto_forward.conf \ - /var/run/auto_forward.conf; then - unlink /var/run/auto_forward.conf - else - [ -e "${named_confdir}/auto_forward.conf" ] && - unlink ${named_confdir}/auto_forward.conf - mv /var/run/auto_forward.conf \ - ${named_confdir}/auto_forward.conf - fi - else - # Empty the file in case it is included in named.conf - [ -s "${named_confdir}/auto_forward.conf" ] && - create_file ${named_confdir}/auto_forward.conf - fi - - $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' -} - -load_rc_config $name - -# Updating the following variables requires that rc.conf be loaded first -# -required_dirs="$named_chrootdir" # if it is set, it must exist - -named_confdir="${named_chrootdir}${named_conf%/*}" - -run_rc_command "$1" diff --git a/etc/rc.d/netif b/etc/rc.d/netif index daece80c2153..154f1ce704e2 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -62,9 +62,6 @@ network_start() # disable SIGINT (Ctrl-c) when running at startup trap : 2 - - # Create Fast EtherChannel interfaces - fec_up fi # Create cloned interfaces diff --git a/etc/rc.d/ntpdate b/etc/rc.d/ntpdate index 235e6c086dd0..de7a13271588 100755 --- a/etc/rc.d/ntpdate +++ b/etc/rc.d/ntpdate @@ -4,7 +4,7 @@ # # PROVIDE: ntpdate -# REQUIRE: NETWORKING syslogd named +# REQUIRE: NETWORKING syslogd # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/pflog b/etc/rc.d/pflog index a0e6876b4350..7647ebf676e7 100755 --- a/etc/rc.d/pflog +++ b/etc/rc.d/pflog @@ -24,25 +24,41 @@ pflog_prestart() { load_kld pflog || return 1 - # set pflog0 interface to up state - if ! ifconfig pflog0 up; then - warn 'could not bring up pflog0.' + # set pflog_dev interface to up state + if ! ifconfig $pflog_dev up; then + warn "could not bring up $pflog_dev." return 1 fi # prepare the command line for pflogd - rc_flags="-f $pflog_logfile $rc_flags" + rc_flags="-f $pflog_logfile -i $pflog_dev $rc_flags" # report we're ready to run pflogd return 0 } +pflog_poststart() { + # Allow child pflogd to settle + sleep 0.10 + # More elegant(?) method for getting a unique pid + if [ -f /var/run/pflogd.pid ]; then + mv /var/run/pflogd.pid $pidfile + else + warn "/var/run/pflogd.pid does not exist. Too fast." + fi +} + pflog_poststop() { - if ! ifconfig pflog0 down; then - warn 'could not bring down pflog0.' + if ! ifconfig $pflog_dev down; then + warn "could not bring down $pflog_dev." return 1 fi + + if [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then + rm $pidfile + fi + return 0 } @@ -53,4 +69,33 @@ pflog_resync() } load_rc_config $name -run_rc_command "$1" + +# Check if spawning multiple pflogd +echo "Starting pflogd: $pflog_instances" +if [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then + start_postcmd="pflog_poststart" + # Interate through requested instances. + for i in $pflog_instances; do + # Set required variables + eval pflog_dev=\$pflog_${i}_dev + eval pflog_logfile=\$pflog_${i}_logfile + eval pflog_flags=\$pflog_${i}_flags + # Check that required vars have non-zero length, warn if not. + if [ -z $pflog_dev ]; then + warn "pflog_dev not set" + continue + fi + if [ -z $pflog_logfile ]; then + warn "pflog_logfile not set" + continue + fi + # pflogd sets a pidfile, but the name is hardcoded. Concoct a + # unique pidfile name. + pidfile="/var/run/pflogd.$i.pid" + run_rc_command "$1" + done +else + # Typical case, spawn single instance only. + pflog_dev=${pflog_dev:-"pflog0"} + run_rc_command "$1" +fi diff --git a/etc/rc.d/rctl b/etc/rc.d/rctl index 4fa057998408..567436be9da6 100755 --- a/etc/rc.d/rctl +++ b/etc/rc.d/rctl @@ -15,7 +15,7 @@ stop_cmd="rctl_stop" rctl_start() { - if [ -f /etc/rctl.conf ]; then + if [ -f ${rctl_rules} ]; then while read var comments do case ${var} in @@ -25,7 +25,7 @@ rctl_start() rctl -a "${var}" ;; esac - done < /etc/rctl.conf + done < ${rctl_rules} fi } diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 284aa7d708a8..c37c706efdb9 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -33,7 +33,7 @@ routing_start() esac case $_af in - inet|inet6|ipx|atm) + inet|inet6|atm) if afexists $_af; then setroutes $_cmd $_af $_if else @@ -41,7 +41,7 @@ routing_start() fi ;; ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) - for _a in inet inet6 ipx atm; do + for _a in inet inet6 atm; do afexists $_a && setroutes $_cmd $_a $_if done ;; @@ -62,7 +62,7 @@ routing_stop() esac case $_af in - inet|inet6|ipx|atm) + inet|inet6|atm) if afexists $_af; then eval static_${_af} delete $_if # When $_if is specified, do not flush routes. @@ -74,7 +74,7 @@ routing_stop() fi ;; ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) - for _a in inet inet6 ipx atm; do + for _a in inet inet6 atm; do afexists $_a || continue eval static_${_a} delete $_if # When $_if is specified, do not flush routes. @@ -127,11 +127,6 @@ routing_stop_atm() return 0 } -routing_stop_ipx() -{ - return 0 -} - static_inet() { local _action _if _skip @@ -290,11 +285,6 @@ static_atm() fi } -static_ipx() -{ - : -} - ropts_init() { if [ -z "${_ropts_initdone}" ]; then @@ -387,20 +377,5 @@ options_atm() [ -n "${_ropts_initdone}" ] && echo '.' } -options_ipx() -{ - _ropts_initdone= - - if checkyesno ipxgateway_enable; then - ropts_init ipx - echo -n ' gateway=YES' - ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null - else - ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null - fi - - [ -n "${_ropts_initdone}" ] && echo '.' -} - load_rc_config $name run_rc_command "$@" diff --git a/etc/rc.d/rpcbind b/etc/rc.d/rpcbind index 37a428a71918..60e23084b14d 100755 --- a/etc/rc.d/rpcbind +++ b/etc/rc.d/rpcbind @@ -4,7 +4,7 @@ # # PROVIDE: rpcbind -# REQUIRE: NETWORKING ntpdate syslogd named +# REQUIRE: NETWORKING ntpdate syslogd # KEYWORD: shutdown . /etc/rc.subr diff --git a/etc/rc.d/rtadvd b/etc/rc.d/rtadvd index 562498c3c36b..732e1279b22f 100755 --- a/etc/rc.d/rtadvd +++ b/etc/rc.d/rtadvd @@ -14,6 +14,8 @@ name="rtadvd" rcvar="rtadvd_enable" command="/usr/sbin/${name}" +extra_commands="reload" +reload_cmd="rtadvd_reload" start_precmd="rtadvd_precmd" rtadvd_precmd() @@ -62,5 +64,9 @@ rtadvd_precmd() return 0 } +rtadvd_reload() { + /usr/sbin/rtadvctl reload +} + load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/sendmail b/etc/rc.d/sendmail index 712bb3ec67bc..824709702649 100755 --- a/etc/rc.d/sendmail +++ b/etc/rc.d/sendmail @@ -24,6 +24,8 @@ command=${sendmail_program:-/usr/sbin/${name}} pidfile=${sendmail_pidfile:-/var/run/${name}.pid} procname=${sendmail_procname:-/usr/sbin/${name}} +CERTDIR=/etc/mail/certs + case ${sendmail_enable} in [Nn][Oo][Nn][Ee]) sendmail_enable="NO" @@ -44,6 +46,118 @@ if checkyesno sendmail_submit_enable; then sendmail_outbound_enable="NO" fi +sendmail_cert_create() +{ + cnname="${sendmail_cert_cn:-`hostname`}" + cnname="${cnname:-amnesiac}" + + # based upon: + # http://www.sendmail.org/~ca/email/other/cagreg.html + CAdir=`mktemp -d` && + certpass=`(date; ps ax ; hostname) | md5 -q` + + # make certificate authority + ( cd "$CAdir" && + chmod 700 "$CAdir" && + mkdir certs crl newcerts && + echo "01" > serial && + :> index.txt && + + cat <<-OPENSSL_CNF > openssl.cnf && + RANDFILE = $CAdir/.rnd + [ ca ] + default_ca = CA_default + [ CA_default ] + dir = . + certs = \$dir/certs # Where the issued certs are kept + crl_dir = \$dir/crl # Where the issued crl are kept + database = \$dir/index.txt # database index file. + new_certs_dir = \$dir/newcerts # default place for new certs. + certificate = \$dir/cacert.pem # The CA certificate + serial = \$dir/serial # The current serial number + crlnumber = \$dir/crlnumber # the current crl number + crl = \$dir/crl.pem # The current CRL + private_key = \$dir/cakey.pem + x509_extensions = usr_cert # The extentions to add to the cert + name_opt = ca_default # Subject Name options + cert_opt = ca_default # Certificate field options + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL + default_md = default # use public key default MD + preserve = no # keep passed DN ordering + policy = policy_anything + [ policy_anything ] + countryName = optional + stateOrProvinceName = optional + localityName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + [ req ] + default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes + x509_extensions = v3_ca # The extentions to add to the self signed cert + string_mask = utf8only + prompt = no + [ req_distinguished_name ] + countryName = XX + stateOrProvinceName = Some-state + localityName = Some-city + 0.organizationName = Some-org + CN = $cnname + [ req_attributes ] + challengePassword = foobar + unstructuredName = An optional company name + [ usr_cert ] + basicConstraints=CA:FALSE + nsComment = "OpenSSL Generated Certificate" + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid,issuer + [ v3_req ] + basicConstraints = CA:FALSE + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + [ v3_ca ] + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid:always,issuer + basicConstraints = CA:true + OPENSSL_CNF + + # though we use a password, the key is discarded and never used + openssl req -batch -passout pass:"$certpass" -new -x509 \ + -keyout cakey.pem -out cacert.pem -days 3650 \ + -config openssl.cnf -newkey rsa:2048 >/dev/null 2>&1 && + + # make new certificate + openssl req -batch -nodes -new -x509 -keyout newkey.pem \ + -out newreq.pem -days 365 -config openssl.cnf \ + -newkey rsa:2048 >/dev/null 2>&1 && + + # sign certificate + openssl x509 -x509toreq -in newreq.pem -signkey newkey.pem \ + -out tmp.pem >/dev/null 2>&1 && + openssl ca -notext -config openssl.cnf \ + -out newcert.pem -keyfile cakey.pem -cert cacert.pem \ + -key "$certpass" -batch -infiles tmp.pem >/dev/null 2>&1 && + + mkdir -p "$CERTDIR" && + chmod 0755 "$CERTDIR" && + chmod 644 newcert.pem cacert.pem && + chmod 600 newkey.pem && + cp -p newcert.pem "$CERTDIR"/host.cert && + cp -p cacert.pem "$CERTDIR"/cacert.pem && + cp -p newkey.pem "$CERTDIR"/host.key && + ln -s cacert.pem "$CERTDIR"/`openssl x509 -hash -noout \ + -in cacert.pem`.0) + + retVal="$?" + rm -rf "$CAdir" + + return "$retVal" +} + sendmail_precmd() { # Die if there's pre-8.10 custom configuration file. This check is @@ -71,6 +185,17 @@ sendmail_precmd() /usr/bin/newaliases fi fi + + if checkyesno sendmail_cert_create && [ ! \( \ + -f "$CERTDIR/host.cert" -o -f "$CERTDIR/host.key" -o \ + -f "$CERTDIR/cacert.pem" \) ]; then + if ! openssl version >/dev/null 2>&1; then + warn "OpenSSL not available, but sendmail_cert_create is YES." + else + info Creating certificate for sendmail. + sendmail_cert_create + fi + fi } run_rc_command "$1" diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd index 5ad1b100aff6..9f747164f88d 100755 --- a/etc/rc.d/sshd +++ b/etc/rc.d/sshd @@ -24,6 +24,7 @@ extra_commands="configtest keygen reload" : ${sshd_rsa_enable:="yes"} : ${sshd_dsa_enable:="yes"} : ${sshd_ecdsa_enable:="yes"} +: ${sshd_ed25519_enable:="yes"} sshd_keygen_alg() { @@ -39,7 +40,7 @@ sshd_keygen_alg() rsa1) keyfile="/etc/ssh/ssh_host_key" ;; - rsa|dsa|ecdsa) + rsa|dsa|ecdsa|ed25519) keyfile="/etc/ssh/ssh_host_${alg}_key" ;; *) @@ -67,6 +68,7 @@ sshd_keygen() sshd_keygen_alg rsa sshd_keygen_alg dsa sshd_keygen_alg ecdsa + sshd_keygen_alg ed25519 } sshd_configtest() diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl index 2420414d4ad6..6e968f706c5d 100755 --- a/etc/rc.d/sysctl +++ b/etc/rc.d/sysctl @@ -27,7 +27,9 @@ sysctl_start() esac for _f in /etc/sysctl.conf /etc/sysctl.conf.local; do - [ -r ${_f} ] && ${command} ${command_args} ${_f} > /dev/null + if [ -r ${_f} ]; then + ${command} ${command_args} ${_f} > /dev/null + fi done } diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd index 87f7de24b19c..2842b48fac9e 100755 --- a/etc/rc.d/syslogd +++ b/etc/rc.d/syslogd @@ -21,7 +21,6 @@ extra_commands="reload" sockfile="/var/run/syslogd.sockets" evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" -altlog_proglist="named" syslogd_precmd() { diff --git a/etc/rc.d/watchdogd b/etc/rc.d/watchdogd index bba1635d80db..9f25fbf39dd6 100755 --- a/etc/rc.d/watchdogd +++ b/etc/rc.d/watchdogd @@ -39,4 +39,7 @@ command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" load_rc_config $name + +sig_stop="${watchdogd_sig_stop:-TERM}" + run_rc_command "$1" diff --git a/etc/rc.subr b/etc/rc.subr index 152b70e64267..b6172dbf4d8a 100644 --- a/etc/rc.subr +++ b/etc/rc.subr @@ -54,6 +54,20 @@ JID=`$PS -p $$ -o jid=` # functions # --------- +# list_vars pattern +# List vars matching pattern. +# +list_vars() +{ + set | { while read LINE; do + var="${LINE%%=*}" + case "$var" in + "$LINE"|*[!a-zA-Z0-9_]*) continue ;; + $1) echo $var + esac + done; } +} + # set_rcvar_obsolete oldvar [newvar] [msg] # Define obsolete variable. # Global variable $rcvars_obsolete is used. @@ -314,6 +328,246 @@ _find_processes() eval $_proccheck } +# sort_lite [-b] [-n] [-k POS] [-t SEP] +# A lite version of sort(1) (supporting a few options) that can be used +# before the real sort(1) is available (e.g., in scripts that run prior +# to mountcritremote). Requires only shell built-in functionality. +# +sort_lite() +{ + local funcname=sort_lite + local sort_sep="$IFS" sort_ignore_leading_space= + local sort_field=0 sort_strict_fields= sort_numeric= + local nitems=0 skip_leading=0 trim= + + local OPTIND flag + while getopts bnk:t: flag; do + case "$flag" in + b) sort_ignore_leading_space=1 ;; + n) sort_numeric=1 sort_ignore_leading_space=1 ;; + k) sort_field="${OPTARG%%,*}" ;; # only up to first comma + # NB: Unlike sort(1) only one POS allowed + t) sort_sep="$OPTARG" + if [ ${#sort_sep} -gt 1 ]; then + echo "$funcname: multi-character tab \`$sort_sep'" >&2 + return 1 + fi + sort_strict_fields=1 + ;; + \?) return 1 ;; + esac + done + shift $(( $OPTIND - 1 )) + + # Create transformation pattern to trim leading text if desired + case "$sort_field" in + ""|[!0-9]*|*[!0-9.]*) + echo "$funcname: invalid sort field \`$sort_field'" >&2 + return 1 + ;; + *.*) + skip_leading=${sort_field#*.} sort_field=${sort_field%%.*} + while [ ${skip_leading:-0} -gt 1 ] 2> /dev/null; do + trim="$trim?" skip_leading=$(( $skip_leading - 1 )) + done + esac + + # Copy input to series of local numbered variables + # NB: IFS of NULL preserves leading whitespace + local LINE + while IFS= read -r LINE || [ "$LINE" ]; do + nitems=$(( $nitems + 1 )) + local src_$nitems="$LINE" + done + + # + # Sort numbered locals using insertion sort + # + local curitem curitem_orig curitem_mod curitem_haskey + local dest dest_orig dest_mod dest_haskey + local d gt n + local i=1 + while [ $i -le $nitems ]; do + curitem_haskey=1 # Assume sort field (-k POS) exists + eval curitem=\"\$src_$i\" + curitem_mod="$curitem" # for modified comparison + curitem_orig="$curitem" # for original comparison + + # Trim leading whitespace if desired + if [ "$sort_ignore_leading_space" ]; then + while case "$curitem_orig" in + [$IFS]*) : ;; *) false; esac + do + curitem_orig="${curitem_orig#?}" + done + curitem_mod="$curitem_orig" + fi + + # Shift modified comparison value if sort field (-k POS) is > 1 + n=$sort_field + while [ $n -gt 1 ]; do + case "$curitem_mod" in + *[$sort_sep]*) + # Cut text up-to (and incl.) first separator + curitem_mod="${curitem_mod#*[$sort_sep]}" + + # Skip NULLs unless strict field splitting + [ "$sort_strict_fields" ] || + [ "${curitem_mod%%[$sort_sep]*}" ] || + [ $n -eq 2 ] || + continue + ;; + *) + # Asked for a field that doesn't exist + curitem_haskey= break + esac + n=$(( $n - 1 )) + done + + # Trim trailing words if sort field >= 1 + [ $sort_field -ge 1 -a "$sort_numeric" ] && + curitem_mod="${curitem_mod%%[$sort_sep]*}" + + # Apply optional trim (-k POS.TRIM) to cut leading characters + curitem_mod="${curitem_mod#$trim}" + + # Determine the type of modified comparison to use initially + # NB: Prefer numerical if requested but fallback to standard + case "$curitem_mod" in + ""|[!0-9]*) # NULL or begins with non-number + gt=">" + [ "$sort_numeric" ] && curitem_mod=0 + ;; + *) + if [ "$sort_numeric" ]; then + gt="-gt" + curitem_mod="${curitem_mod%%[!0-9]*}" + # NB: trailing non-digits removed + # otherwise numeric comparison fails + else + gt=">" + fi + esac + + # If first time through, short-circuit below position-search + if [ $i -le 1 ]; then + d=0 + else + d=1 + fi + + # + # Find appropriate element position + # + while [ $d -gt 0 ] + do + dest_haskey=$curitem_haskey + eval dest=\"\$dest_$d\" + dest_mod="$dest" # for modified comparison + dest_orig="$dest" # for original comparison + + # Trim leading whitespace if desired + if [ "$sort_ignore_leading_space" ]; then + while case "$dest_orig" in + [$IFS]*) : ;; *) false; esac + do + dest_orig="${dest_orig#?}" + done + dest_mod="$dest_orig" + fi + + # Shift modified value if sort field (-k POS) is > 1 + n=$sort_field + while [ $n -gt 1 ]; do + case "$dest_mod" in + *[$sort_sep]*) + # Cut text up-to (and incl.) 1st sep + dest_mod="${dest_mod#*[$sort_sep]}" + + # Skip NULLs unless strict fields + [ "$sort_strict_fields" ] || + [ "${dest_mod%%[$sort_sep]*}" ] || + [ $n -eq 2 ] || + continue + ;; + *) + # Asked for a field that doesn't exist + dest_haskey= break + esac + n=$(( $n - 1 )) + done + + # Trim trailing words if sort field >= 1 + [ $sort_field -ge 1 -a "$sort_numeric" ] && + dest_mod="${dest_mod%%[$sort_sep]*}" + + # Apply optional trim (-k POS.TRIM), cut leading chars + dest_mod="${dest_mod#$trim}" + + # Determine type of modified comparison to use + # NB: Prefer numerical if requested, fallback to std + case "$dest_mod" in + ""|[!0-9]*) # NULL or begins with non-number + gt=">" + [ "$sort_numeric" ] && dest_mod=0 + ;; + *) + if [ "$sort_numeric" ]; then + gt="-gt" + dest_mod="${dest_mod%%[!0-9]*}" + # NB: kill trailing non-digits + # for numeric comparison safety + else + gt=">" + fi + esac + + # Break if we've found the proper element position + if [ "$curitem_haskey" -a "$dest_haskey" ]; then + if [ "$dest_mod" = "$curitem_mod" ]; then + [ "$dest_orig" ">" "$curitem_orig" ] && + break + elif [ "$dest_mod" $gt "$curitem_mod" ] \ + 2> /dev/null + then + break + fi + else + [ "$dest_orig" ">" "$curitem_orig" ] && break + fi + + # Break if we've hit the end + [ $d -ge $i ] && break + + d=$(( $d + 1 )) + done + + # Shift remaining positions forward, making room for new item + n=$i + while [ $n -ge $d ]; do + # Shift destination item forward one placement + eval dest_$(( $n + 1 ))=\"\$dest_$n\" + n=$(( $n - 1 )) + done + + # Place the element + if [ $i -eq 1 ]; then + local dest_1="$curitem" + else + local dest_$d="$curitem" + fi + + i=$(( $i + 1 )) + done + + # Print sorted results + d=1 + while [ $d -le $nitems ]; do + eval echo \"\$dest_$d\" + d=$(( $d + 1 )) + done +} + # # wait_for_pids pid [pid ...] # spins until none of the pids exist @@ -1524,19 +1778,20 @@ load_kld() return 0 } -# ltr str src dst +# ltr str src dst [var] # Change every $src in $str to $dst. # Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor -# awk(1). +# awk(1). If var is non-NULL, set it to the result. ltr() { - local _str _src _dst _out _com - _str=$1 - _src=$2 - _dst=$3 + local _str _src _dst _out _com _var + _str="$1" + _src="$2" + _dst="$3" + _var="$4" _out="" - IFS=${_src} + local IFS="${_src}" for _com in ${_str}; do if [ -z "${_out}" ]; then _out="${_com}" @@ -1544,7 +1799,11 @@ ltr() _out="${_out}${_dst}${_com}" fi done - echo "${_out}" + if [ -n "${_var}" ]; then + setvar "${_var}" "${_out}" + else + echo "${_out}" + fi } # Creates a list of providers for GELI encryption. diff --git a/etc/sendmail/freebsd.mc b/etc/sendmail/freebsd.mc index 6d756368daca..9a9142573a50 100644 --- a/etc/sendmail/freebsd.mc +++ b/etc/sendmail/freebsd.mc @@ -33,6 +33,7 @@ divert(-1) # SUCH DAMAGE. # + # # This is a generic configuration file for FreeBSD 6.X and later systems. # If you want to customize it, copy it to a name appropriate for your @@ -42,6 +43,11 @@ divert(-1) # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README # +# +# NOTE: If you enable RunAsUser, make sure that you adjust the permissions +# and owner of the SSL certificates and keys in /etc/mail/certs to be usable +# by that user. +# divert(0) VERSIONID(`$FreeBSD$') @@ -54,6 +60,16 @@ FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') +dnl Enable STARTTLS for receiving email. +define(`CERT_DIR', `/etc/mail/certs')dnl +define(`confSERVER_CERT', `CERT_DIR/host.cert')dnl +define(`confSERVER_KEY', `CERT_DIR/host.key')dnl +define(`confCLIENT_CERT', `CERT_DIR/host.cert')dnl +define(`confCLIENT_KEY', `CERT_DIR/host.key')dnl +define(`confCACERT', `CERT_DIR/cacert.pem')dnl +define(`confCACERT_PATH', `CERT_DIR')dnl +define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl + dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. diff --git a/etc/sendmail/freebsd.submit.mc b/etc/sendmail/freebsd.submit.mc index c6ec65553598..fbb036cd63b4 100644 --- a/etc/sendmail/freebsd.submit.mc +++ b/etc/sendmail/freebsd.submit.mc @@ -9,6 +9,7 @@ divert(-1) # # + # # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail # that acts as a initial mail submission program. diff --git a/etc/services b/etc/services index 6f254fa02fd7..13ad4c820f63 100644 --- a/etc/services +++ b/etc/services @@ -2192,6 +2192,8 @@ ospf6d 2606/tcp #OSPF6d vty dict 2628/tcp #RFC 2229 dict 2628/udp #RFC 2229 listen 2766/tcp #System V listener port +smpp 2775/tcp #SMPP +smpp 2775/udp #SMPP www-dev 2784/tcp #world wide web - development www-dev 2784/udp #world wide web - development m2ua 2904/sctp #M2UA @@ -2462,6 +2464,8 @@ amidxtape 10083/tcp #Amanda tape indexing wmereceiving 11997/sctp #WorldMailExpress wmedistribution 11998/sctp #WorldMailExpress wmereporting 11999/sctp #WorldMailExpress +bpcd 13782/tcp #Veritas NetBackup +bpcd 13782/udp #Veritas NetBackup sua 14001/sctp #SUA sua 14001/tcp #SUA isode-dua 17007/tcp diff --git a/etc/syslog.conf b/etc/syslog.conf index 702bd664215d..e65db5347bc5 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -30,7 +30,7 @@ cron.* /var/log/cron # news.notice /var/log/news/news.notice # Uncomment this if you wish to see messages produced by devd # !devd -# *.>=info /var/log/devd.log +# *.>=notice /var/log/devd.log !ppp *.* /var/log/ppp.log !* diff --git a/etc/tests/Makefile b/etc/tests/Makefile new file mode 100644 index 000000000000..5aacd5b19e57 --- /dev/null +++ b/etc/tests/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +TESTSDIR= ${TESTSBASE}/etc + +.PATH: ${.CURDIR:H:H}/tests +KYUAFILE= yes + +.include <bsd.test.mk> |