11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920ba
(cherry picked from commit 66f360515d2829d261c0ad7bd516e9dd18c2dd83)
New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
(cherry picked from commit 32a579e4fc69a65e8901111ad5f65ec56a97dfab)
(cherry picked from commit c2db3a0c7d31116028b38b426a9b139d26cbc7e5)
This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG
(cherry picked from commit 72b045386dd3db8b31ec3067cb9e160cbd1cfbc6)
Introduce hw.bus.devctl_nomatch_enabled and use it to suppress NOMATCH
until devmatch runs
There's a lot of NOMATCH events generated at boot. We also run devmatch
once during early boot to load unmatched devices. To avoid redundant
work, don't start generating NOMATCH events until after devmatch runs.
Set hw.bus.devctl_nomatch_enabled=1 just before we run devmatch. The
kernel will suppress NOMATCH events until this is set to true.
This saves about 170ms from the boot on aarch64 running atop Apple
M-series processors and the VMWare Fusion hypervisor.
Reviewed by: imp, cperciva
MFC after: 3 days
Sponsored by: Google Summer of Code
Pull Request: https://github.com/freebsd/freebsd-src/pull/1213
(cherry picked from commit 6437872c1d665c2605f54e8ff040b0ba41edad07)
It prevents the home directory for the new users to be hidden
by late mount of the home directory
(cherry picked from commit b6a4776008519bb4a1d5abfe63c46d5f009ce102)
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
(cherry picked from commit 9e248b7f645cdf05615a49cc15295df49b54d659)
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
Differential Revision: https://reviews.freebsd.org/D44141
(cherry picked from commit a42d6f76018e4ed8324e319ab48aac904bda437c)
(cherry picked from commit c051f22bce42d920abba61bd7cf4ef5b6a270ffa)
(cherry picked from commit b8c053c9a612651d4909f7a323088f3e92485b7b)
(cherry picked from commit 9eae9233fdcc946945f4191e1413f548adfa2943)
Re-apply the -S switch to disable soft-updates in memory disks (commit
8b1292ac52). This might be beneficial when tmpfs(5) is not present in
the kernel, as this can cause mdmfs(8)'s auto keyword to fallback to
using md(4).
PR: 85558
MFC after: 1 week
Reviewed by: imp, emaste, brooks
Differential Revision: https://reviews.freebsd.org/D43242
(cherry picked from commit bb4116576f2edf466ada3885cf851599ce7a4792)
IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.
This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.
Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752
(cherry picked from commit 11da791920ba285f0832f09cb504ac81e35ff8d1)
Some users wishing to use the MIT krb5kdc have discovered the
kdc script workaround applied to the MIT krb5 ports is insufficient.
Let's build into this rc script the smarts to determine whether
base or ports Hiemdal kdc is being invoked or the MIT krb5kdc.
While at it, remove kdc_start_precmd(). This will simplify a future
jail patch.
Suggested by: netchild
Original patch: netchild
Reviewed by: emaste, netchild
Differential Revision: https://reviews.freebsd.org/D43523
(cherry picked from commit 91f78c32befa08bf4010db7afd4407277a3e585f)
IETF is no longer serving leap-seconds.list. Point at IANA instead.
This fixes "service ntpd fetch".
(cherry picked from commit b1c95af45488bef649e9a84890e2414ff80b3a00)
Since 13.1, /etc/rc.d/jail has looked for a per-jail config file in
/etc/jail.conf.d. For RELENG 14, the ".include" directive was added to
jail(8), with a sample line in the jail.conf(5) man page that includes
"/etc/jail.conf.d/*.conf".
These two use cases don't work together. When the jail.conf.d files
are included from a master jail.conf, the files in jail.conf.d are
likely to hold only partial configurations, and shouldn't be directly
loaded by rc.d/jail. But there are existing configurations that depend
on the current rc.d behavior. While users could be advised not to
include from /etc/jail.conf.d, it's the natural choice even if not
mentioned in jail.conf.5.
The workaround is for rc.d/jail to continue to load the individual
files, but only when /etc/jail.conf doesn't include from that
directory (via a simple grep test), This allows the current use
while not breaking the previous use.
Reported by: antranigv at freebsd.am
Differential Revision: https://reviews.freebsd.org/D41962
(cherry picked from commit a2440348eed75bb7682579af0905b652747fd016)
For a service that sets an rcvar, there is a check whether it has been
enabled before the actual command is executed. If the check fails, one
gets a message to enable it and the returned exit status is 0.
However, this is usually undesirable for the status command, which is
a) supposed to check whether the service is running anyway and
b) returns a non-zero exit code if that is not the case.
Thus, skip the check for the status command.
PR: 272282
Reviewed by: emaste
(cherry picked from commit ba793728a840041e93e38bcbff4a7233dc63b722)
9600 was a standard baud rate decades ago, but 115200 is now more common
so choose defaults that are useful to the largest number of users.
Note that boot0sio does not support rates above 9600 so it remains
unchanged.
Reviewed by: bz, imp, manu
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36295
Summary:
This change moves /usr/bin/cpuset to /bin/cpuset so it is more readily
available on hosts where the /usr partition might not be mounted at the
time / has been mounted.
Remove some complexity from rc.subr(8) since /bin is assumed to always
be present if/when / is mounted.
MFC after: 2 weeks
MFC with: 0661f93892, 271d552379af
Test Plan:
- Test out rc.subr change.
- Confirm that the installation logic does what's needed.
Relnotes: yes (moving cpuset may impact strict file permissions/mode checking)
Reviewers: kevans
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D40057
This better reflects the intent that this directory is indexed by kld
name and removes a conflict with D32128 which aims to split sysctl.conf.
Reviewed by: kevans imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D41043
For kernel modules loaded by scripts in /etc/rc.d and
/usr/local/etc/rc.d, if there is a file in /etc/sysctl.conf.d named <kld
name>.conf, then this will be loaded using the sysctl(8) utility. For
instance, sysctl variable changes for the pf kernel module would be
placed in the file /etc/sysctl.conf.d/pf.conf.
PR: 272129
Reviewed by: imp freebsd_igalic.co
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40886
In 3693d9140e /etc/rc switched to using
find_system_scripts rather than directly including /etc/rc.d/* in the
list of scripts to run in order to skip .pkgsave files. Follow suit
in etc/rc.d/routing.
Sponsored by: DARPA
We have somewhat twisted logic to determine actions for dumpdev
considering three sources of information:
* kenv "dumpdev" tunnable supposed to point to specific device;
* /etc/defaults/rc.conf "dumpdev" variable;
* /etc/rc.conf that may be unset or set to "NO", "AUTO" or device name.
For CURRENT without any setting in kenv or /etc/rc.conf
the default is "AUTO". For STABLE branches the default is "NO".
Current implementation breaks for STABLE branches if kenv points
to specific device but /etc/rc.conf does not set "dumpdev" at all.
Let us fix it commenting out "dumpdev" in /etc/defaults/rc.conf
for STABLE branches and making the code to consult kenv
if "dumpdev" is not set elsewhere.
MFC-after: 1 month
There was a mistake in the previous commit, it used the incorrect
spelling of the FIB variable name and was not functional
Also corrects an issue with the IPv6 default route variable name.
Fixes: 30659d1dcb ("Add support for adding default routes for other FIBs")
Sponsored-by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D37685
In case of source upgrade path from 12.x proper merge of new /etc
installs /etc/motd.template. Becase of that, the system in left
without symlink /etc/motd -> /var/run/motd but with stale /etc/motd contents.
Fix it creating symlink despite of presence of /etc/motd.template.
MFC after: 1 week
This reverts commit 1dcb6ad173.
As of "8cb16fdbea6b Restore original frequency on exit.", powerd
restores the original frequency itself.
Further, if the original frequency is not the same as the
first frequency found in the frequency list, then the restoration
done by the powerd_poststop will restore the wrong frequency.
This can happen on Intel machines where Turbo is not enabled,
but the turbo frequency is first in the list of frequencies.
In this case, turbo will be enabled when the user did not want
it to be.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D40197
Reviewed by: imp, mav
For symmetry with rc.resume, give rc.suspend the ability to execute
rc-scripts. Use the suspend keyword for that.
Use-case is for setting a wake-up time, e.g. via efiwake.
Reviewed by: christos
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D39965
The recent changes to the uname(1) command removed trailing spaces for
better POSIX conformance, but it broke the regular expression used by
the motd script which expected it. This commit addresses this by removing
the requirement, as it is no longer present.
Additionally, a recent change in newvers.sh introduced a new format for
uname -v, which omited the build number and build dates to improve
reproducible build support. This commit adds support for this new format.
Reported-by: Jamie Landeg-Jones <jamie@catflap.org>
Reviewed-by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40225
The code in rc.d/netif waiting for IPv6 Duplicate Address Detection if
any network interfaces support IPv6. Unfortunately, since lo0 *always*
has IPv6 enabled, this means unconditionally sleeping, even on systems
which have no external IPv6 interfaces.
Since we presume that there is little risk of a duplicate address being
assigned on lo0, amend the test to wait only if there is an interface
*other than lo0* which supports IPv6.
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D40141
Summary:
The intention of the original author (I assume) was to add this logic
for testing. This removes the debug statement so it no longer shows up
in calls to `status`.
MFC after: 2 weeks
MFC with: 0661f9389
Reviewers: kevans
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D40055
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
If ${name}_cpuset is specified (and /usr is mounted), cpuset(1) will be
run to limit the service to the configured cpuset.
PR: 142434
Reviewed by: kevans
Drivers like ath1[012]k will not match the current wlans_*-regex as
they have digits followed by letters. Adjust the regex to allow
this combination in order to be able to configure interfaces with
names like wlans_ath11k0="..."
MFC after: 3 days
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D39674
bfb202c455 addresses the CTRL-EVENT-SCAN-FAILED. Upstream d807e289d
caused FreeBSD regression in driver_bsd.c, which this rc.d patch
worked around. As of bfb202c455 this workaround is no longer needed.
Reviewed by: bz (for wireless)
MFC after: 10 days
X-MFC with: bfb202c455
Differential Revision: https://reviews.freebsd.org/D39257
Now that commit cbbb22031f is in main,
it is possible to run nfsd(8), nfsuserd(8), mountd(8),
gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
prison if the "allow.nfsd" option is specified in jail.conf.
This patch fixes the rc scripts for this.
Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
must be set outside of the prisons and applies to all
nfsd(8) instances.
Reviewed by: jamie
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D38809
rc.d/hostid_save saves a UUID generated by rc.d/hostid in /etc/hostid.
Store the same UUID, without hyphens, in /etc/machine-id. The hypĥens
are removed with a shell function because hostid_save runs before file
systems are mounted so other tools may not be available yet.
This eliminates some duplication between hostid and machine-id and for
virtual machines machine-id now contains the UUID configured in the
hypervisor like it does on Linux.
Reviewed by: delphij
Discussed with: bapt
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38811
