As of 1b5be7204e we setup parts of IPv6
before IPv4 if configured. For consistency change a case in ifn_start()
calling ipv6_up() before ipv4_up() and reverse in ifn_stop().
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D33426
(cherry picked from commit ed4d2a54fc7a0397c2042f496f176305ca03ebdd)
As with various other rc scripts, we don't want the output from this
being visible in the boot log.
Fixes: 6437872c1d66 ("New sysctl to disable NOMATCH until devmatch runs")
MFC after: 1 week
(cherry picked from commit 62775aebf725a79703592f3276118245a74afdac)
in openstack when no user is specified but a sshkey is provided
the information is stored in meta_data.json under "public_keys"
PR: 280461
Reported by: tdb
(cherry picked from commit 19fb9ad746517c7af9d79a982334b2550f285355)
Commit 07d17ca189fcf3cc44b7706040b05ca8135c3b85 set the recommended
permissions for the SSH authorized keys file and directory. The tests,
however, were failing on CI.
Use stat to check for the proper permissions.
Fixes: 07d17ca189f nuageinit: Set recommended SSH permissions
Reported by: Jenkins
(cherry picked from commit 8edd6c07c8dafcc5828bceb5fea0684c7d0d0775)
As stated in sshd(8), the recommended permissions for ~/.ssh are
read/write/execute for the user, and not accessible by others; and the
recommended permissions for ~/.ssh/authorized_keys are read/write for
the user, and not accessible by others.
(cherry picked from commit 07d17ca189fcf3cc44b7706040b05ca8135c3b85)
Per pw(8), when -H is set, the password should be supplied already
encrypted in a form suitable for writing directly to the password
database (passwd in cloud-init tems); -h provides a special interface by
which interactive scripts can set an account password using pw(8) in
plain text (plain_text_passwd in cloud-init terms).
The default user (freebsd) is defined with a plain_text_passwd
(freebsd), not with an encrypted one.
(cherry picked from commit 7b73ecfe648487c7706ac2b854dcf1435e60e4ca)
openstack, ec2 and other implementation of cloudinit disagrees on the
name of the file "user-data" or "user_data", test both and use the first
found
PR: 279876
(cherry picked from commit cde6642431bb0ca21aeebc7c521e99c681d31ffb)
Commit 99132daf6f70cb0cc969c555d3612547fa3cf1db prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
(cherry picked from commit 4bf5db113f760619bf754c22864b1d7e2acdeabd)
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
(cherry picked from commit e6e38bc522e29de6299536b547bf11dab11e9679)
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 503adcdf1db35eab0f3d35392947a6da3bd19539)
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920ba
(cherry picked from commit 66f360515d2829d261c0ad7bd516e9dd18c2dd83)
Add a macro the architectures can use to add per-arch fields to
Struct_Obj_Entry.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45116
(cherry picked from commit 06db20ffeca9898e5802d63f3b06caaa37c3a4ed)
After miss reading the cloudinit spec I ended up writting a wrong
test for basic ssh key setup, nuageinit has been fixed, but not
the test, here is the actual fix.
Reported by: markj
(cherry picked from commit 8d7331e62a5aa75760ac54e3cb1594b0001645c6)
pw(8) allows to seek for users in a custom rootdir, which makes it
easier for a testsuite
MFC After: 3 days
(cherry picked from commit 83fcab792c9d7f13f7e8bd73cf1850ba74f49341)
New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
(cherry picked from commit 32a579e4fc69a65e8901111ad5f65ec56a97dfab)
(cherry picked from commit c2db3a0c7d31116028b38b426a9b139d26cbc7e5)
This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG
(cherry picked from commit 72b045386dd3db8b31ec3067cb9e160cbd1cfbc6)
In 3bfbb521 the behaviour of ls was changed such that -g was no longer
a noop for compatibility with BSD 4.3, but instead changed the output
of long mode to exclude the owner of the file and display only the
group.
Update how FTPd invokes ls to restore the previous behaviour
Reported-by: Andrew Fengler <andrew.fengler@scaleengine.com>
Reviewed-by: jrtc27, des, imp
MFC after: 3 days
Sponsored-by: ScaleEngine Inc.
Fixes: 3bfbb521fe ("ls: Improve POSIX compatibility for -g and -n.")
(cherry picked from commit 5af3225e0448be6af7f0312e10d2a1dfbe150c25)
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D45129
(cherry picked from commit 816c4d3dcf99adcd40a03d93431237ddbd23bbdf)
tftpd: Drop unneeded includes.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D45130
(cherry picked from commit 1111da6b7c612c571453a23a8dd02fd5e7e40b18)
tftpd: Add missing include.
This went unnoticed due to namespace pollution in our headers.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45131
(cherry picked from commit ae285a8cbf1212bdc1b3f81219635bc1395fadee)
tftpd: Satisfy clang-analyzer.
* Replace `random()` with `arc4random()`.
* Change some variable types.
* Drop some unused assignments.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D45132
(cherry picked from commit 4d09eb87c5d5bec2e2832f50537e2ce6f75f4117)
tftpd: silence gcc overflow warnings
GCC 13 complains that we might be writing too much to an on-stack buffer
when createing a filename.
In practice there is a check that filename isn't too long given the
time format and other static characters so GCC is incorrect, but GCC
isn't wrong that we're potentially trying to put a MAXPATHLEN length
string + some other characters into a MAXPATHLEN buffer (if you ignore
the check GCC can't realistically evaluate at compile time).
Switch to snprintf to populate filename to ensure that future logic
errors don't result in a stack overflow.
Shorten the questionably named yyyymmdd buffer enough to slience the
warning (checking the snprintf return value isn't sufficent) while
preserving maximum flexibility for admins who use the -F option.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: brooks
Differential Revision: https://reviews.freebsd.org/D45086
(cherry picked from commit 25945af47e7a1d06c44c8c160045a866e90569ab)
Introduce hw.bus.devctl_nomatch_enabled and use it to suppress NOMATCH
until devmatch runs
There's a lot of NOMATCH events generated at boot. We also run devmatch
once during early boot to load unmatched devices. To avoid redundant
work, don't start generating NOMATCH events until after devmatch runs.
Set hw.bus.devctl_nomatch_enabled=1 just before we run devmatch. The
kernel will suppress NOMATCH events until this is set to true.
This saves about 170ms from the boot on aarch64 running atop Apple
M-series processors and the VMWare Fusion hypervisor.
Reviewed by: imp, cperciva
MFC after: 3 days
Sponsored by: Google Summer of Code
Pull Request: https://github.com/freebsd/freebsd-src/pull/1213
(cherry picked from commit 6437872c1d665c2605f54e8ff040b0ba41edad07)
This was prompted by noticing that '/var/db/portsnap' still exists on
newly-installed machines.
With this change, all mentions of portsnap(8) in the tree are gone,
except for the historical note in the AUTHORS section of manpage
phttpget(8).
locate(1) will thus start indexing again '/var/db/portsnap' on machines
where this directory still exists, which may be a good way to push
administrators to delete it.
Reviewed by: cperciva
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45023
(cherry picked from commit 9b30b96c1fa4ee0dfc540878fbb3247bf92d19eb)
ObsoleteFiles.inc: Remove /var/db/portsnap
This is a followup to commit "Remove remnants of portsnap(8)"
(9b30b96c1fa4). I wasn't aware of OLD_DIRS.
Approved by: markj (mentor)
MFC after: 1 day
MFC with: 9b30b96c1fa4
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45023
(cherry picked from commit 54bbcc09a72b5d7a581f51416c9e635a33c2f884)
Approved by: markj (mentor)
* Limit the use of `ssize_t` to only where it's needed.
* Correct one case of `int` being used for a length.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44954
(cherry picked from commit 1ed44fcc44b2c04db330663589541608135402f4)
tftpd: Clean up the tests.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44955
(cherry picked from commit 7ab7ecfcfe777f7816e3e01df5f277060b2b609a)
tftpd: Check the server status after each test.
* In the setup phase, wait for the server to start (or fail to start)
before proceeding with the test. This makes it possible to write test
cases that don't expect a response from the server without ending up
in a race over the server PID file.
* After running each test, wait up to 30 seconds for the server to exit
and check that the exit status matches what the test case says to
expect (usually 0).
* We still kill and collect the server in the cleanup phase, in case the
test ended early.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44956
(cherry picked from commit 83a6e984ac01657819418746f722163367ec30db)
tftpd: Immediately reject any request shorter than 4 bytes.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44957
(cherry picked from commit 9f231af307b80eb222d9761bbd81fa4e130bb3d7)
tftpd: Untangle a conditional.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D45026
(cherry picked from commit 21b5829d28b1e02e9f30bfa439238c382dd19114)
It prevents the home directory for the new users to be hidden
by late mount of the home directory
(cherry picked from commit b6a4776008519bb4a1d5abfe63c46d5f009ce102)
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
(cherry picked from commit 9e248b7f645cdf05615a49cc15295df49b54d659)
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
Differential Revision: https://reviews.freebsd.org/D44141
(cherry picked from commit a42d6f76018e4ed8324e319ab48aac904bda437c)
(cherry picked from commit c051f22bce42d920abba61bd7cf4ef5b6a270ffa)
(cherry picked from commit b8c053c9a612651d4909f7a323088f3e92485b7b)
(cherry picked from commit 9eae9233fdcc946945f4191e1413f548adfa2943)
Re-apply the -S switch to disable soft-updates in memory disks (commit
8b1292ac52). This might be beneficial when tmpfs(5) is not present in
the kernel, as this can cause mdmfs(8)'s auto keyword to fallback to
using md(4).
PR: 85558
MFC after: 1 week
Reviewed by: imp, emaste, brooks
Differential Revision: https://reviews.freebsd.org/D43242
(cherry picked from commit bb4116576f2edf466ada3885cf851599ce7a4792)
Accept either little-endian or big-endian representation of the ELF
hints magic number in the header of a hints file and convert the
parameters to the native byte-order of the repsective system.
This is a pre-requisite for a planned change to always write the byte
order in little-endian format on all architectures. The only relvant
architecture that uses big-endian data is powerpc64, and it is not
likely that new architectures will choose that representation of data
in memory.
When all supported architectures use little-endian data in the hints
file, the byte swap logic can be enabled for big-endian CPUs at
compile time. Up to that point, there is a very small run-time penalty
that is paid on all systems to check the byte-order of the hints file
and to provide the option to byte-swap the parameters read from the
hints file header.
This commit contains the changes from review D44080 (which had been
split off from this patch for easier review),
Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D44053
(cherry picked from commit 7b77d37a561b47db093a2528b8032dbfe5791698)
rtld-elf: add some debug print statements
The byte-order independent code has been reported to fail on powerpc64.
Add some more debug statements to help identify the parametrs used and
to verify the correct operation of the byte-swap macros used..
(cherry picked from commit 173953182af060dcab43990e179ee91e9f2d1e54)
rtld: fix check for endianess of elf hints file
Don't check if the elf hints file is in host byte order, but check
if it is in little endian by looking at the magic number.
This fixes rtld on big endian platforms.
Reviewed by: se, kib (prior version of the patch)
Fixes: 7b77d37a561b ("rtld-elf: support either byte-order of hints")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D44472
(cherry picked from commit da2d6e2815d7694e3ccbd561508074c547b02dd6)
rtld: reduce debug messages after fix on big-endian hosts
Remove a debug message that had been added to support the debugging
of a mis-detection of the hint files endianness on powerpc64.
MFC after: 3 days
(cherry picked from commit c44bf7d2e9d2292867f2e23f291266af26762354)
dlopen_basic just tests that libthr.so can be dlopen()ed, which will
just serve as a sanity check that "libthr.so" is a thing that can be
dlopened in case we get a weird failure in dlopen_recursing.
dlopen_recursing tests a regression reported after the libsys split,
where some dlopen() may cause infinite recursion and a resulting crash.
This case is inspired by bdrewery's description of what seemed to be
causing his issue.
The corresponding fix landed in commit
968a18975ad ("rtld: ignore load_filtees() calls if we already [...]")
Reviewed by: kib
(cherry picked from commit c5796f1572c82b88e8b6a2810c92f30e5ac3e118)
