Reload is used for service reconfiguration as well
and lacks a NAME_prepend-like mechanism so it makes
sense to extend the NAME_reload hook into this
action.
precmd may use configuration checks and blocks setup
from doing its designated work (e.g. nginx). In moving
the invoke of the setup script in front allows us to
provide custom scripts for config file generation and
fixing prior to precmd checking configuration integrity.
Also introduce _run_rc_setup to separate the launcher
from the main one. Let it run correctly in the case
of restart_precmd and block further execution as
would be the case in start due to the internal plumbing
of restart being split into calling stop and start
afterwards.
PR: https://reviews.freebsd.org/D36259
These checks use ps(1) with both the '-p' and '-a' flags, which worked
so far as ps(1)'s '-a' option was buggy. Since the fix in commit
"ps(1): Make '-a' and '-A' always show all processes"
(93a94ce731a89b56), such a command-line always selects all processes,
making the specified '-p' useless and the test wrong. Remove the
useless '-a'.
While here, remove the redundant '-x', as '-p' implies '-x' by default.
MFC after: 1 day
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50201
(cherry picked from commit 646375408742dd5ed9abb174a621a3f8f65a56ef)
(cherry picked from commit a69fe62604021f120206e4064ca7463195aeb3a0)
Approved by: re (cperciva)
Using the ntpd -u option to set the credentials ntpd is to run under
while still using rc(8) to invoke causes some FreeBSD installs to fail
to load mac_ntp. The fact that that can_run_nonroot() does not
indicate why failures occur leaves people on the mailing lists
guessing as to why there are failures. Let's revert back to using
the rc(8) provided su. The ntpd rc script will be rewritten when
the ntpd chroot will be implemented.
Reported on: freebsd-stable@
This reverts commit 521f66715afb312b356afafc68cbc044a436a753.
(cherry picked from commit 5ca7754519e8c618968d8acbf54d653b6e968829)
Clean up style and make more consistent.
Replace test with if-then-else to make the script more legible.
Replace the call to dirname with the shell %/* operator avoiding a
fork & exec.
Reorder the test for $var_run_autosave before the test for /var/run on
tmpfs. This avoids gratuitously scanning the mount table for a tmpfs
/var/run.
Initial concept by and in discussion with:
Harry Schmalzbauer <freebsd@omnilan.de>
No functional change intended.
Differnential revision: https://reviews.freebsd.org/D47773
(cherry picked from commit ed9712f8943573136fa92a0e61c8e7c10952eeb0)
Using the rc plumbing to setuid(2) is preferred as it allows the user
to use the -i option in ntpd_flags to chroot ntpd.
Chrooting ntpd by default will be a 2025 project.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D48191
(cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753)
Drivers, including those that support SR-IOV, can be loaded via kld_list
and it makes sense to process iovctl configuration files afer all
drivers have been loaded.
Sponsored by: Chelsio Communications
Reviewed by: 0mp, jhb
Differential Revision: https://reviews.freebsd.org/D47937
(cherry picked from commit 41594021fa8bf02468407e8fc48c2e7a13de1a2f)
The sendmail startup script can run 4 daemons: sendmail, sendmail_submit,
sendmail_outbound, and sendmail_msp_queue. Of the first 3 at most one
can be enabled. There's a run_rc_command call for each and the ones for
sendmail and sendmail_msp_queue run unconditionally. For some rc
commands this triggers warnings or errors when sendmail_enable="NO" or
sendmail_msp_queue_enable="NO". Since d2e7bb630b83 these errors are
propagated and the whole script fails.
Fix this by first determining which daemons are enabled, setting ${name}
and ${rcvar} accordingly, and then always calling run_rc_command
conditionally.
Also replace ${name}.cf with sendmail.cf because ${name} isn't always
sendmail.
PR: 282585
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47757
(cherry picked from commit 6b17d944a1d448dbb797c5fa5b0778242ba02e52)
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
Differential Revision: https://reviews.freebsd.org/D47346
(cherry picked from commit 8d6feaaaa26f444abb209360e52b993e39cb81bb)
It was originally /usr/src/contrib/ipfilter/rules and moved to
/usr/src/share/examples/ipfilter/rules in 41edb306f0.
Point to users to /usr/src/share/examples/ipfilter instead, as the base
directory also contains example rules.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47392
(cherry picked from commit 8934526be1843ba033e1423f6ecd8b3b3f2a9c23)
Some kernel modules will print informative messages when they are
loaded, making the output confusing. Print everything up front instead.
Fixes: 152382e6613d ("rc.d/kld: Print the kernel modules being loaded")
(cherry picked from commit 3e55170e0fa2695f6d662e3ab67201138a6f8698)
Add naive support for openstack network config.
if no config driver have been found, try to detect that we are running a
VM on openstack via the smbios information, use the first iface
available and temporary activate dhcp on it, to be able to fetch the
necessary informations for cloudinit.
While here make the rc script execute after devmatch, some ethernet
device might be attached via devmatch and may be needed for cloudinit.
Tested on OVHCloud Public Cloud.
MFC after: 3 weeks
Sponsored by: OVHCloud
(cherry picked from commit 2775b9b0bcc278dd4183b57784953c26a3fcdc89)
If you have a mail server that is running sendmail daemon
(sendmail_enable=YES) and sendmail queue runner (sendmail_msp_queue=YES)
and the sendmail daemon dies, /etc/rc.d/sendmail status does see the
daemon is not running but returns 0 as the exit code. This prevents
other programs (like puppet) from restarting sendmail to fix the issue.
Make sure that the exit code is propagated towards the end of the script
if any of the sendmail services fail.
This patch does not call exit directly but instead just sets the exit
status code by calling exit in a subshell. This way we do not exit the
current shell in case the service script is sourced (e.g., when
rc_fast_and_loose is active).
PR: 223132
MFC after: 2 weeks
Reported by: pirzyk
Discussed with: jilles, eugen
Reviewed by: christos, gshapiro (previous version), markj
Approved by: christos (mentor), markj (mentor)
Differential Revision: https://reviews.freebsd.org/D46862
Co-authored-by: Jim Pirzyk <pirzyk@FreeBSD.org>
(cherry picked from commit d2e7bb630b83848a774d8213014a9e0747775019)
The sendmail service script needs to be stopped during shutdown
to ensure a clean shutdown of active SMTP connections (and writing
any in memory queue files).
rcorder(8) requires the rcorder block to be an uninterrupted sequence of
REQUIRE, PROVIDE, BEFORE, and KEYWORD lines. Having a comment in between
REQUIRE and KEYWORD makes rcorder stop parsing the block when it reaches
the comment.
Fix that by moving the comment out from the rcorder block.
Reviewed by: bnovkov, christos, gshapiro, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46924
(cherry picked from commit 8751fbe36ff02ed695f02132ee6eac723d2bbe3f)
Silence a warning emitted by fread(3) in fstyp(8)'s read_buf(), when
detecting the file system type of the cloud-init device:
% fstyp /dev/iso9660/cidata
fstyp: fread: Invalid argument
cd9660
Also rephrase slightly a comment while here.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit d71e2c037c942dbe2a9fd2630d5cf155dd1bf7db)
As of 1b5be7204e we setup parts of IPv6
before IPv4 if configured. For consistency change a case in ifn_start()
calling ipv6_up() before ipv4_up() and reverse in ifn_stop().
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D33426
(cherry picked from commit ed4d2a54fc7a0397c2042f496f176305ca03ebdd)
As with various other rc scripts, we don't want the output from this
being visible in the boot log.
Fixes: 6437872c1d66 ("New sysctl to disable NOMATCH until devmatch runs")
MFC after: 1 week
(cherry picked from commit 62775aebf725a79703592f3276118245a74afdac)
Commit 99132daf6f70cb0cc969c555d3612547fa3cf1db prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
(cherry picked from commit 4bf5db113f760619bf754c22864b1d7e2acdeabd)
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
(cherry picked from commit e6e38bc522e29de6299536b547bf11dab11e9679)
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 503adcdf1db35eab0f3d35392947a6da3bd19539)
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920ba
(cherry picked from commit 66f360515d2829d261c0ad7bd516e9dd18c2dd83)
New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
(cherry picked from commit 32a579e4fc69a65e8901111ad5f65ec56a97dfab)
(cherry picked from commit c2db3a0c7d31116028b38b426a9b139d26cbc7e5)
This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG
(cherry picked from commit 72b045386dd3db8b31ec3067cb9e160cbd1cfbc6)
Introduce hw.bus.devctl_nomatch_enabled and use it to suppress NOMATCH
until devmatch runs
There's a lot of NOMATCH events generated at boot. We also run devmatch
once during early boot to load unmatched devices. To avoid redundant
work, don't start generating NOMATCH events until after devmatch runs.
Set hw.bus.devctl_nomatch_enabled=1 just before we run devmatch. The
kernel will suppress NOMATCH events until this is set to true.
This saves about 170ms from the boot on aarch64 running atop Apple
M-series processors and the VMWare Fusion hypervisor.
Reviewed by: imp, cperciva
MFC after: 3 days
Sponsored by: Google Summer of Code
Pull Request: https://github.com/freebsd/freebsd-src/pull/1213
(cherry picked from commit 6437872c1d665c2605f54e8ff040b0ba41edad07)
It prevents the home directory for the new users to be hidden
by late mount of the home directory
(cherry picked from commit b6a4776008519bb4a1d5abfe63c46d5f009ce102)
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
(cherry picked from commit 9e248b7f645cdf05615a49cc15295df49b54d659)
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
Differential Revision: https://reviews.freebsd.org/D44141
(cherry picked from commit a42d6f76018e4ed8324e319ab48aac904bda437c)
(cherry picked from commit c051f22bce42d920abba61bd7cf4ef5b6a270ffa)
(cherry picked from commit b8c053c9a612651d4909f7a323088f3e92485b7b)
(cherry picked from commit 9eae9233fdcc946945f4191e1413f548adfa2943)
Re-apply the -S switch to disable soft-updates in memory disks (commit
8b1292ac52). This might be beneficial when tmpfs(5) is not present in
the kernel, as this can cause mdmfs(8)'s auto keyword to fallback to
using md(4).
PR: 85558
MFC after: 1 week
Reviewed by: imp, emaste, brooks
Differential Revision: https://reviews.freebsd.org/D43242
(cherry picked from commit bb4116576f2edf466ada3885cf851599ce7a4792)
IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.
This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.
Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752
(cherry picked from commit 11da791920ba285f0832f09cb504ac81e35ff8d1)
Some users wishing to use the MIT krb5kdc have discovered the
kdc script workaround applied to the MIT krb5 ports is insufficient.
Let's build into this rc script the smarts to determine whether
base or ports Hiemdal kdc is being invoked or the MIT krb5kdc.
While at it, remove kdc_start_precmd(). This will simplify a future
jail patch.
Suggested by: netchild
Original patch: netchild
Reviewed by: emaste, netchild
Differential Revision: https://reviews.freebsd.org/D43523
(cherry picked from commit 91f78c32befa08bf4010db7afd4407277a3e585f)
IETF is no longer serving leap-seconds.list. Point at IANA instead.
This fixes "service ntpd fetch".
(cherry picked from commit b1c95af45488bef649e9a84890e2414ff80b3a00)
Since 13.1, /etc/rc.d/jail has looked for a per-jail config file in
/etc/jail.conf.d. For RELENG 14, the ".include" directive was added to
jail(8), with a sample line in the jail.conf(5) man page that includes
"/etc/jail.conf.d/*.conf".
These two use cases don't work together. When the jail.conf.d files
are included from a master jail.conf, the files in jail.conf.d are
likely to hold only partial configurations, and shouldn't be directly
loaded by rc.d/jail. But there are existing configurations that depend
on the current rc.d behavior. While users could be advised not to
include from /etc/jail.conf.d, it's the natural choice even if not
mentioned in jail.conf.5.
The workaround is for rc.d/jail to continue to load the individual
files, but only when /etc/jail.conf doesn't include from that
directory (via a simple grep test), This allows the current use
while not breaking the previous use.
Reported by: antranigv at freebsd.am
Differential Revision: https://reviews.freebsd.org/D41962
(cherry picked from commit a2440348eed75bb7682579af0905b652747fd016)
For a service that sets an rcvar, there is a check whether it has been
enabled before the actual command is executed. If the check fails, one
gets a message to enable it and the returned exit status is 0.
However, this is usually undesirable for the status command, which is
a) supposed to check whether the service is running anyway and
b) returns a non-zero exit code if that is not the case.
Thus, skip the check for the status command.
PR: 272282
Reviewed by: emaste
(cherry picked from commit ba793728a840041e93e38bcbff4a7233dc63b722)
