A new loader.conf(5) option of geom_eli_passphrase_prompt="YES" will now
allow you to enter your geli(8) root-mount credentials prior to invoking
the kernel.
See check-password.4th(8) for details.
Differential Revision: https://reviews.freebsd.org/D2105
Reviewed by: imp, kmoore
Discussed on: -current
MFC after: 3 days
X-MFC-to: stable/10
Relnotes: yes
Summary:
Add "GELI Passphrase:" prompt to boot loader.
A new loader.conf(5) option of geom_eli_passphrase_prompt="YES" will now
allow you to enter your geli(8) root-mount credentials prior to invoking
the kernel.
See check-password.4th(8) for details.
Differential Revision: https://reviews.freebsd.org/D2105
Reviewed by: (your name[s] here)
MFC after: 3 days
X-MFC-to: stable/10
Relnotes: yes
Test Plan:
Drop a head copy of check-password.4th into /boot and then apply the patch
(only the patch to /boot/check-password.4th is required; no other changes are
required but you do have to have a HEAD copy of check-password.4th to
apply the patch).
NB: The rest of your /boot files can be up to 2 years old but no older.
NB: The test won't work unless your kernel has the following change
https://svnweb.freebsd.org/base?view=revision&revision=273489
Now, put into /boot/loader.conf:
geom_eli_passphrase_prompt="YES"
and reboot.
You should be prompted for a GELI passphrase before the menu (if enabled),
just after loading loader.conf(5).
NB: It doesn't matter if you're using GELI or not. However if you are using
GELI and a sufficiently new enough release (has SVN r273489) and you entered
the proper passphrase to mount your GELI encrypted root device(s), you should
notice that the boot process did not stop (you went from loader all the way to login).
Reviewers: cperciva, allanjude, scottl, kmoore
Subscribers: jkh, imp
Differential Revision: https://reviews.freebsd.org/D2105
bsdconfig's f_package_add doesn't seem to support using the pkg repo from /etc/pkg/FreeBSD.conf, it also tries to run the commands on the installer image, not in the destination chroot
Instead, manually bootstrap pkg in the chroot, and then install the requested packages (in the chroot)
Doesn't use pkg -c, because pkg is not installed on the installer image
PR: 196250
Differential Revision: https://reviews.freebsd.org/D2026
Approved by: bapt
Sponsored by: ScaleEngine Inc.
Previously we used gnop(8) to fake 4K sector size disks but ZFS now has a
sysctl to control this when creating new top level vdev's so use that
instead.
Differential Revision: D566
MFC after: 1 month
Sponsored by: Multiplay
ZFS property canmount=off so that /var/db/pkg and other such directories
are part of the / dataset, and only /var/mail, /var/log, and /var/crash
are excluded from the ZFS boot environment (beadm).
PR: 193971
Approved by: jmg
MFC after: ASAP
Relnotes: yes
Sponsored by: ScaleEngine Inc.
reality. In particular, draw a connection between the auto ZFS script and
the auto UFS one, since they fulfill similar functions. I'm not sure the
auto ZFS code is actually experimental anymore, so it might be worth
changing that label still.
an embedded newline appearing within the options string surrounded by
double-quotes. Rework the logic that goes into setting dataset options on
the root pool dataset while we're here -- added two new variables (which
can be altered via scripting) ZFSBOOT_POOL_CREATE_OPTIONS and also
ZFSBOOT_BOOT_POOL_CREATE_OPTIONS for setting pool/dataset attributes at
the time of pool creation. The former is for setting options on the root
pool (zroot) and the latter is for setting options on the optional separate
boot pool (bootpool) implicitly enabled when using either GELI or MBR. The
default value for the root pool variable (ZFSBOOT_POOL_CREATE_OPTIONS) is
"-O compress=lz4 -O atime=off" and the default value for separate boot pool
variable (ZFSBOOT_BOOT_POOL_CREATE_OPTIONS) is NULL (no additional options
for the separate boot pool dataset).
Reviewed by: allanjude
MFC after: 7 days
X-MFC-with: r266107-266109
It starts off being used to track the grammar for the number of disks
(singular vs plural) and then it is reused as the list of available disks.
Replace the variable with disks_grammar and move 'disk' and 'disks' to
msg_ vars so they can be translated in the future.
Submitted by: Allan Jude <freebsd@allanjude.com>
Reviewed by: roberto
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
Set compress=lz4 for the entire pool, removing it from the individual
datasets
Remove exec=no from /usr/src, breaks the test suite.
Submitted by: Allan Jude <freebsd@allanjude.com>
Reviewed by: roberto
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
encryption for swap, and optional gmirror for swap (which can be combined)
Submitted by: Allan Jude <freebsd@allanjude.com>
Requested By: roberto
Sponsored By: ScaleEngine Inc.
MFC after: 2 weeks
GEOM support (thereby adding GEOM support to the disk selection
menu of bsdinstall(8)'s `zfsboot' module updated herein).
MFC after: 1 week
X-MFC-with: 264840
that the slightly older dialog(1) requires --separate-output when using the
--checklist widget to force response to produce unquoted values (whereas in
stable/10 --checklist widget without --separate-output will only quote the
checklist labels in the response if the label is multi-word (contains any
whitespace).
Since these enhancements (see revisions 263956 and 264437) were developed
originally on 10, the --separate-output option was omitted. When merged to
stable/9, we (Allan Jude) and I found during testing that the "always-
quoting" of the response was causing things like struct interpolation to
fail (`f_struct device_$dev' would produce `f_struct device_\"da0\"' for
example -- literal quotes inherited from dialog(1) --checklist response).
To see the behavior, execute the following on stable/9 versus stable/10:
dialog --checklist disks: 0 0 0 da0 "" off da1 "" off
Check both items and hit enter. On stable/10, the response is:
da0 da1
On stable/9 the response is:
"da0" "da1"
If you use the --separate-output option, the response is the same for both:
da0
da1
So applying --separate-output on every platform until either one of two
things occurs 1) dialog(1,3) gets synchronized between stable/9, higher or
2) we drop support for stable/9.
MFC after: 3 days
Reviewed by: Allan Jude
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
NB: If the zfsboot variables ($ZFSBOOT_*) are set, a script is
assumed to want zfsboot module instead of scriptedpart module.
Submitted by: Loïc Brarda <loic.brarda@cern.ch>
Reviewed by: nwhitehorn@
MFC after: 3 days
in the one-line comment associated with the dumpdev setting was not present
for the case where the user deselects the dumpdev service (restoring pre-
r256348 behaviour.
MFC After: 3 days
only allows basic username/password config, and does not provide the
ability to set any of the other WPA options. Regardless, this is
generally sufficient to associate.
Perhaps in the future this could allow full configuring (e.g. being able
to set "anonymous identity", and perhaps some of the more obscure WPA
options), though perhaps that will better belong in bsdconfig when that
grows wlan config ability.
MFC after: 1 week
location of /etc/rc.local on the install media is more appropriate as it
knows serial vs. non-serial and can also do the change earlier (so that
even the initial Install dialog can benefit from the change).
MFC after: 3 days
installation to 3-4+ (depending on vdev type) vdevs would result in odd
error messages where the zpool `create' command appeared to repeat itself
(an artifact of printf when you supply too many arguments -- caused by
neglecting to properly quote the multi-word expansion of $*vdevs when
creating the pool(s)). Example error below (taken from bsdinstall_log):
DEBUG: zfs_create_boot: Creating root pool...
DEBUG: zfs_create_boot: zpool create -o altroot=/mnt -m none -f "zroot" \
ada0p3.nop ada1p3.nopzpool create ada2p3.nop "ada3p3.nop"
DEBUG: zfs_create_boot: retval=1 <output below>
cannot open 'ada1p3.nopzpool': no such GEOM provider
DEBUG: Running installation step: hostname
rm: /tmp/bsdinstall_etc/fstab: No such file or directory
The two lines are unrelated, and the rm is spurious. Let's add `-f' to
that rm(1) so it doesn't confuse us when debugging an install.
MFC after: 3 days
should not have used DIALOG_CANCEL because dialog.subr wasn't included to
define it. The effect of the error was that you could not cancel the
partition dialog. Discovered by checking bsdinstall_log for something else.
MFC after: 3 days
required in such a case). But don't prevent the user from pointing the
gun at his/her foot -- you can disable 4k alignment after enabling geli).
MFC after: 3 days
and subsequent headaches caused by multiple pools with the same name.
Specifically, blast away any labels on the designated swap partition.
Problem was when you install to a given layout *with* swap and then turn
around and re-install the same layout *without* swap (we weren't doing a
labelclear for the swap device, so would end up with an "UNAVAIL" status
zroot pool that may only exist in the pool cache).
MFC after: 3 days
+ For GPT, always provision zfs# partition after swap [for resizability]
+ For MBR, always use a boot pool to relialy place root vdevs at EOD
NB: Fixes edge-cases where MBR combination failed boot (e.g. swap-less)
+ Generalize boot pool logic so it can be used for any scheme (namely MBR)
+ Update existing comments and some whitespace fixes
+ Change some variable names to make reading/debugging the code easier
in zfs_create_boot() (namely prepend zroot_ or bootpool_ to property)
+ Because zroot vdevs are at EOD, no longer need to calculate partsize
(vdev consumes remaining space after allocating swap)
+ Optimize processing of disks -- no reason to loop over the disks 3-4
separate times when we can logically use a single loop to do everything
Discussed on: -stable
MFC after: 3 days
+ De-obfuscate debugging to show actual values
+ Change graid(8) syntax; s/destroy/delete/ [destroy is not invalid syntax]
+ Log commands that were previously quiet
+ Added some new comemnts and updated some existing ones
+ Add missing local for `disk' used in zfs_create_boot()
+ Use $disks instead of multiply-expanding $* in zfs_create_boot()
+ Pedantically unset variable holding geli(8) passphrase after use
+ Pedantically add double-quotes around zpool names and zfs datasets
+ Fix quotation expansion for zpool_cache entries of loader.conf(5)
+ Some limited whitespace changes
MFC after: 3 days
https://communities.vmware.com/thread/107230https://communities.vmware.com/docs/DOC-11677
Basically, ignore the ``function 62'' and ``function 63'' interpretations
of the left/right command key when we're in the lengthiest portion of the
installation (initiated by the `auto' module).
The net effect is that you can now (once you've started the installer from
the media) escape the VM without prematurely terminating the current action
due to spurious escape sequence.
MFC after: 3 days
===
DEBUG: Running installation step: services
local: Not in a function
/usr/libexec/bsdinstall/services: cannot create : Read-only file system
/usr/libexec/bsdinstall/services: /tmp/bsdinstall/etc/rc.conf.services: \
Permission denied
===
The `local: Not in a function' is obvious, and was introduced by myself in
SVN revision 256348.
The latter two are caused by the attempt to use "\" to continue the line
after using the ">>" redirect. This appears to attempt to write a file with
the name " " in the current directory and subsequently attempts to execute
the file that was originally intended for writing (which is not executable;
hence the `Permission denied'). That was introduced in SVN r228192 about
2 years ago, apparently unnoticed until I started going over the debug
outputs very carefully.
MFC after: 3 days
after attempting to install to encrypted ZFS root (caused by a typo in a
variable name -- ZFSBOOT_BOOT_FSNAME -> ZFSBOOT_BOOTFS_NAME).
MFC after: 3 days
The effects of this patch would only be noticeable if you were purposefully
setting a bad value and trying to see what happens; and leaving the disks
intact if a bad value has been set seems fair.
+ Add a `-D FILE" command-line option for overriding the path to the
bsdinstall log file (BSDINSTALL_LOG env var).
+ Document new `-D FILE' in the man page for bsdinstall.
+ If FILE in `-D FILE' begins with a +, debug output goes to stdout
(interleaved between dialog(1) invocations/output) as well as to FILE
(minus the leading + of course).
+ If BSDINSTALL_LOG cannot be written, then debugging is disabled (except in
the case of a leading + in the pathname, wherein debug will still be
printed to stdout).
+ Update source code formatting style.
+ Fix a dangling participle ("Begun ..." -> "Began ...")
+ Rewrite the docsinstall script (was necessary to abate direct dependency
on BSDINSTALL_LOG (instead, use fault-tolerant bsdconfig framework which
displays appropriate errors for package management).
NB: docsinstall is still using pkg(8) after this change.
+ Add additional debug output for dhclient/rtsol/wpa_cliscan
+ Display script errors in a textbox rather than just on stdout
+ Update many coments.
+ Add new f_show_err() API call (like f_show_msg but changes the dialog
title to "Error")(see bsdconfig's `common.subr').
+ Add new f_eval_catch() API call for executing a command via eval but not
before logging the command to debug. Several example cases documented in
API header for function in bsdconfig's `common.subr'.
+ Fix dialog auto-sizing when launched as an rvalue to a pipe for indirected
scripts (previously would default to 24x80 sizing in this case, now it can
autosize to full size even when in a pipe chain).
+ Fix bug in f_snprintf if $format argument began with "-"; printf would
misinterpret as a flag. (this is in bsdcofig's `strings.subr').
+ Add accompanying f_sprintf() and f_vsprintf() to go along with already
existing f_snprintf() and f_vsnprintf() (see bsdconfig's `strings.subr').
+ Remove some unnecessary default ZFS datasets from the automatic "zfsboot"
script. Such as: /usr/ports/distfiles /usr/ports/packages /usr/obj /var/db
/var/empty /var/mail and /var/run (these can all be created as-needed once
the system is installed).
+ Remove setuid=off for /usr/home (as discussed from last round of CFT).
+ Fix some i18n string violations in "zfsboot".
+ Bolster debugging output in "zfsboot".
+ Fix some string quoting issues in "zfsboot".
+ Fix some variable scope issues in "zfsboot".
+ Change "Create" to "Install" in "zfsboot" main menu.
+ Increase error checking in "zfsboot" (type-check arguments and such).
+ Add call to "graid destroy" killing automatic metadata (part of the series
of pedantic destructions we do when bootstrapping a new/naked disk).
+ Make judicious use of new f_eval_catch() in "zfsboot".
+ Fixup some variable names for consistency (zfsboot).
+ Fix an underride syntax parameter expansion folly (zfsboot).
+ Confirm layout if not explicitly chosen when blindly proceeding (no
longer have to touch anything on the ZFS menu if it scares you, just
choose the omnibus "Install" option at the top and you'll be prompted to
select vdev type and disks in the layout confirmation dialog).
+ Change numbered menu items to alphabetic for more efficient navigation.
+ Consolidate vdev selection and disk selection into a single stateful
menu which performs validation and allows backing out to each previous
menu as you go deeper.
+ Redesign the ``Last Chance'' dialog (still using the same colors, but
make it conform to a tolerable width and make disks appear in a block-
quote style indented region).
+ Fix a bug wherein we used the a lowercase variable name by accident
(actual variable name declared as all-uppercase) at the time of
initializing fstab(5) (not believed to cause any issues though).
+ Update the geli setup infobox for each provider being initialized
(not just at the onset -- since each ``geli init'' causes kernel messages
to push our infobox off-screen).
Reviewed by: Allan Jude <freebsd@allanjude.com>
Discussed on: -current
MFC after: 3 days
and OpenSolaris/Illumos beadm use.
Remove /usr/local and /var/db/pkg datasets. Andriy Gapon writes:
I want to note that a good implementation of BEs should support a dependent
datasets feature. Unfortunately, it seems that we do not have any good BE
implementation for FreeBSD right now. If we had, personally I'd prefer to
have /usr/local in separate filesystem.
NOTE: Until then, remove these datasets.
Discussed on: src-committers
Submitted by: Bryan Drewery <bryan@shatow.net>
Reviewed by: Allan Jude <freebsd@allanjude.com>
MFC after: 3 days
so bootpool is imported after boot:
zpool_cache_load="YES"
zpool_cache_type="/boot/zfs/zpool.cache"
zpool_cache_name="/boot/zfs/zpool.cache"
otherwise /boot is a broken symlink after the system is up.
http://lists.freebsd.org/pipermail/freebsd-fs/2013-July/017891.html
NOTE: Fix a comment while here.
Reviewed by: gjb
services configuration and enable it by default. Committed with
slight change to menu text for length and content.
Submitted by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
Patch from PR modified slightly for whitespace and style.
PR: bin/161547
Submitted by: Warren Block <wblock@wonkity.com>
Reviewed by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
keymaps *and* provide a mechanism for testing the selection. With
this commit, bsdinstall is no longer dependent on kbdmap(1). The
keymap test menu was originally submitted by Warren Block but was
modified).
Submitted by: Warren Block <wblock@wonkity.com>
Reviewed by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
to run interactively but it can be scripted too (optinally completely
non-interactive). Currently supports GELI and all ZFS vdev types. Also
performs validation on selections/settings providing error messages if
necessary, explaining (in plain language) what the issue is. Currently
the auto partitioning of naked disks only supports GPT and MBR (VTOC8
pending for sparc64), so is only available for i386/amd64 install.
Submitted by: Allan Jude <freebsd@allanjude.com>, myself
Reviewed by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
newly installed system. This should greatly increase the amount of
entropy available when SSH host keys are generated during first boot.
Reviewed by: markm, nathanw
Approved by: re (gjb)
directory on the FTP mirrors to fetch distributions, since
these are always pushed to releases/ during the release cycle.
MFC after: 3 days
X-MFC-To: stable/9, releng/9.2
media has one already, copy it in lieu of leaving things blank. This
reduces the foot-shooting potential for PXE installs that immediately
add packages.
Scripts take the form:
------------------------------------
PARTITIONS=ada0
DISTRIBUTIONS="kernel.txz base.txz ports.txz"
#!/bin/sh
echo "sshd_enable=YES" >> /etc/rc.conf
pkg add puppet
echo "System setup complete"
------------------------------------
The second part of the script (beginning with #!) is run in the newly
installed system after the installation onto ada0 (with default partitioning,
see scriptedpart for more complicated scenarios) is complete.
being run to set BSDINSTALL_DISTSITE accordingly. This change allows
non-RELEASE branches to use the FTP snapshots directory for bootonly.iso
installations.
Approved by: simon
any installer-provided configuration files have been copied. This allows
users to edit their fstab, if desired, and to see what the installer has
placed in rc.conf.
Requested by: phk
MFC after: 1 day
giving them a very brief description of the trade-offs. Whether the
user opts in or out add an entry to what will become /etc/rc.conf
explaining what dumpdev is and how to turn on/off crash dumps. The folks
who handle interacting with users submitting PRs have asked for this.
Reviewed by: nwhitehorn
MFC after: 1 day
the text of the menu selections doesn't get displayed properly and it
makes the installer appear to lock up for no obvious reason.
Reviewed by: nwhitehorn
not configure the host's networking if netbooted [1]. Also fix FTP
installations behind some firewalls [2].
PR: bin/159583 [2]
Reported by: stas [1]
Approved by: re (kib)
wpa_supplicant.conf(5). Up to now, the PSK was truncated
to 15 characters (the length of the input field).
PR: 159559
Submitted by: Gavin Chappell <gavin.chappell@gmail.com>
Approved by: re (kib)
1) if no default gateway is given the route command will fail
and the script will abort with an error leading to an endless
loop unless configuration is cancelled or changed. [1]
2) In the IPv6 case add -inet6 to not alter the legacy IP default
route.
Reported by: Oleg Ginzburg (olevole olevole.ru) [1]
Tested by: Oleg Ginzburg (olevole olevole.ru) [1]
Approved by: re (kib)
This follows what the output of make targets looks like, and reduces the
number of directories needed on the FTP server, since we now have only one
architecture with multiple machine types (i386, which has i386 and pc98),
but 3 machines with 9 architectures between them (powerpc, mips, and arm).
Requested by: kensmith, bz
Approved by: re(kensmith)
you were stuck in an endless loop.
Reported by: kensmith
Approved by: re (kib) for BETA1
Pointy hat to: bz - wonder why I had not tested legacy IP thoroughly..
the normal distfile mechanism. Thanks to Marc Fonvieille for the patch and
for putting up with me taking entirely too long to commit this!
Submitted by: blackend
1) do not print out an empty "search ", things do not like it.
2) the search list is not comma separated.
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
to the final name if netconfig was completely finished. This fixes
reentrance problems even better than r222611.
Suggested by: nwhitehorn
Reviewed by: nwhitehorn
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
interface. Otherwise an accidental start of the netowrk configuration
and immediate cancel after the install has finished removes the previously
configured settings.
Discussed with: nwhitehorn
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
- netconfig - what auto will call which in turn will check for
IPv4 and IPv6 to be available and ask the user to configure it
by calling
- netconfig_ipv4 doing DHCP and static IPv4 addresses, and
- netconfig_ipv6 doing rtsol and static IPv6 addresses,
and then checking, querying and updating resolv.conf upon return.
Both DHCP and rtsol (in the future) might update resolv.conf already so
we seed ourselves from that file if available.
Reviewed by: nwhitehorn
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
does. The rc.local wrapper script will also soon grow an option to use the
live environment after installation, so an immediate reboot isn't even
necessarily implied.
(e.g. powerpc64), this looks in a slightly different default path than now,
specifying both $MACHINE and $MACHINE_ARCH:
MIRROR/pub/FreeBSD/releases/`uname -p`/`uname -m`/`uname -r`
How to handle TBEMD properly probably merits some more discussion, but,
since no such 9.0-CURRENT distfiles exist at the moment, all existing
mirrors presently fail anyway.
pc-sysinstall) a replacement for sysinstall in the 9.0 release and beyond.
Currently supported platforms are sparc64, pc98, i386, amd64, powerpc, and
powerpc64. Integration into the build system will occur in the coming
weeks.
Merging with pc-sysinstall will use this code as a frontend, while
temporarily retaining the interactive partition editor here. This work
will be done in parallel with improvements on this code and release
integration.
Thanks to all who have provided testing and comments!
