Merge sync of head

8 files changed, 252 insertions, 13 deletions

diff --git a/share/man/man7/Makefile b/share/man/man7/Makefile
index 65f30d7..22d29ae 100644
--- a/share/man/man7/Makefile
+++ b/share/man/man7/Makefile
@@ -9,6 +9,7 @@ MAN=	adding_user.7 \
 	bsd.snmpmod.mk.7 \
 	build.7 \
 	clocks.7 \
+	crypto.7 \
 	c99.7 \
 	development.7 \
 	environ.7 \
diff --git a/share/man/man7/build.7 b/share/man/man7/build.7
index a2172ed..6980dc2 100644
--- a/share/man/man7/build.7
+++ b/share/man/man7/build.7
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd June 25, 2014
+.Dd December 31, 2014
 .Dt BUILD 7
 .Os
 .Sh NAME
@@ -445,6 +445,21 @@ process.
 .Bd -literal -offset indent
 make PORTS_MODULES=emulators/kqemu-kmod kernel
 .Ed
+.It Va STRIPBIN
+Command to use at install time when stripping binaries.
+Be sure to add any additional tools required to run
+.Va STRIPBIN
+to the
+.Va LOCAL_ITOOLS
+.Xr make 1
+variable before running the
+.Cm distributeworld
+or
+.Cm installworld
+targets.
+See
+.Xr install 1
+for more details.
 .It Va SUBDIR_OVERRIDE
 Override the default list of sub-directories and only build the
 sub-directory named in this variable.
diff --git a/share/man/man7/c99.7 b/share/man/man7/c99.7
index fcf1476..b968a4e 100644
--- a/share/man/man7/c99.7
+++ b/share/man/man7/c99.7
@@ -142,9 +142,9 @@ Most of the UNIX-like operating systems use GNU C as a system compiler,
 but those addition in GNU C should not be considered as
 standard features.
 .Sh SEE ALSO
-.Xr cc 1 ,
 .Xr c89 1 ,
-.Xr c99 1
+.Xr c99 1 ,
+.Xr cc 1
 .Sh STANDARDS
 .Rs
 .%A ANSI
diff --git a/share/man/man7/crypto.7 b/share/man/man7/crypto.7
new file mode 100644
index 0000000..0bf351a
--- /dev/null
+++ b/share/man/man7/crypto.7
@@ -0,0 +1,141 @@
+.\" Copyright (c) 2014 The FreeBSD Foundation
+.\" All rights reserved.
+.\"
+.\" This documentation was written by John-Mark Gurney under
+.\" the sponsorship of the FreeBSD Foundation and
+.\" Rubicon Communications, LLC (Netgate).
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1.  Redistributions of source code must retain the above copyright
+.\"     notice, this list of conditions and the following disclaimer.
+.\" 2.  Redistributions in binary form must reproduce the above copyright
+.\"     notice, this list of conditions and the following disclaimer in the
+.\"     documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd January 2, 2015
+.Dt CRYPTO 7
+.Os
+.Sh NAME
+.Nm crypto
+.Nd OpenCrypto algorithms
+.Sh SYNOPSIS
+In the kernel configuration file:
+.Cd "device crypto"
+.Pp
+Or load the crypto.ko module.
+.Sh DESCRIPTION
+The following cryptographic algorithms that are part of the OpenCrypto
+framework have the following requirements.
+.Pp
+Cipher algorithms:
+.Bl -tag -width ".Dv CRYPTO_AES_CBC"
+.It Dv CRYPTO_AES_CBC
+.Bl -tag -width "Block size :" -compact -offset indent
+.It IV size :
+16
+.It Block size :
+16
+.It Key size :
+16, 24 or 32
+.El
+.Pp
+This algorithm implements Cipher-block chaining.
+.It Dv CRYPTO_AES_NIST_GCM_16
+.Bl -tag -width "Block size :" -compact -offset indent
+.It IV size :
+12
+.It Block size :
+1
+.It Key size :
+16, 24 or 32
+.It Digest size :
+16
+.El
+.Pp
+This algorithm implements Galois/Counter Mode.
+This is the cipher part of an AEAD
+.Pq Authenticated Encryption with Associated Data
+mode.
+This requires use of the use of a proper authentication mode, one of
+.Dv CRYPTO_AES_128_NIST_GMAC ,
+.Dv CRYPTO_AES_192_NIST_GMAC
+or
+.Dv CRYPTO_AES_256_NIST_GMAC ,
+that corresponds with the number of bits in the key that you are using.
+.Pp
+The associated data (if any) must be provided by the authentication mode op.
+The authentication tag will be read/written from/to the offset crd_inject
+specified in the descriptor for the authentication mode.
+.Pp
+Note: You must provide an IV on every call.
+.It Dv CRYPTO_AES_ICM
+.Bl -tag -width "Block size :" -compact -offset indent
+.It IV size :
+16
+.It Block size :
+1 (aesni), 16 (software)
+.It Key size :
+16, 24 or 32
+.El
+.Pp
+This algorithm implements Integer Counter Mode.
+This is similar to what most people call counter mode, but instead of the
+counter being split into a nonce and a counter part, then entire nonce is
+used as the initial counter.
+This does mean that if a counter is required that rolls over at 32 bits,
+the transaction need to be split into two parts where the counter rolls over.
+The counter incremented as a 128-bit big endian number.
+.Pp
+Note: You must provide an IV on every call.
+.It Dv CRYPTO_AES_XTS
+.Bl -tag -width "Block size :" -compact -offset indent
+.It IV size :
+8
+.It Block size :
+16
+.It Key size :
+32 or 64
+.El
+.Pp
+This algorithm implements XEX Tweakable Block Cipher with Ciphertext Stealing
+as defined in NIST SP 800-38E.
+.Pp
+NOTE: The ciphertext stealing part is not implemented which is why this cipher
+is listed as having a block size of 16 instead of 1.
+.El
+.Pp
+Authentication algorithms:
+.Bl -tag -width ".Dv CRYPTO_AES_256_NIST_GMAC"
+.It CRYPTO_AES_128_NIST_GMAC
+See
+.Dv CRYPTO_AES_NIST_GCM_16
+in the cipher mode section.
+.It CRYPTO_AES_192_NIST_GMAC
+See
+.Dv CRYPTO_AES_NIST_GCM_16
+in the cipher mode section.
+.It CRYPTO_AES_256_NIST_GMAC
+See
+.Dv CRYPTO_AES_NIST_GCM_16
+in the cipher mode section.
+.El
+.Sh SEE ALSO
+.Xr crypto 4 ,
+.Xr crypto 9
+.Sh BUGS
+Not all the implemented algorithms are listed.
diff --git a/share/man/man7/environ.7 b/share/man/man7/environ.7
index 8269488..2870d8e 100644
--- a/share/man/man7/environ.7
+++ b/share/man/man7/environ.7
@@ -250,8 +250,8 @@ built-in command in
 .Xr sh 1 ,
 .Xr execve 2 ,
 .Xr execle 3 ,
-.Xr getenv 3 ,
 .Xr getbsize 3 ,
+.Xr getenv 3 ,
 .Xr setenv 3 ,
 .Xr setlocale 3 ,
 .Xr system 3 ,
diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7
index 76d4f62..5c3a5a1 100644
--- a/share/man/man7/hier.7
+++ b/share/man/man7/hier.7
@@ -28,7 +28,7 @@
 .\"	@(#)hier.7	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd November 10, 2014
+.Dd January 14, 2015
 .Dt HIER 7
 .Os
 .Sh NAME
@@ -50,7 +50,7 @@ default bootstrapping configuration files; see
 .Xr loader.conf 5
 .It Pa dtb/
 Compiled flattened device tree (FDT) files; see
-.Xr fdt 4 
+.Xr fdt 4
 and
 .Xr dtc 1
 .It Pa firmware/
@@ -64,8 +64,8 @@ third-party loadable kernel modules;
 see
 .Xr kldstat 8
 .It Pa zfs/
-Contains 
-.Xr zfs 8 
+Contains
+.Xr zfs 8
 zpool cache files.
 .El
 .It Pa /cdrom/
@@ -159,6 +159,10 @@ floppy disks
 .It Pa /mnt/
 empty directory commonly used by
 system administrators as a temporary mount point
+.It Pa /net/
+automounted NFS shares;
+see
+.Xr auto_master 5
 .It Pa /proc/
 process file system;
 see
@@ -183,8 +187,6 @@ common utilities, programming tools, and applications
 .It Pa compat/
 files needed to support binary compatibility with other operating systems,
 such as Linux
-.It Pa games/
-useful and semi-frivolous programs
 .It Pa include/
 standard C include files
 .Pp
diff --git a/share/man/man7/release.7 b/share/man/man7/release.7
index 93aec89..a213813 100644
--- a/share/man/man7/release.7
+++ b/share/man/man7/release.7
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 2, 2014
+.Dd February 20, 2015
 .Dt RELEASE 7
 .Os
 .Sh NAME
@@ -256,6 +256,15 @@ Set to a non-empty value to compress the release images with
 The original
 .Pq uncompressed
 images are not removed.
+.It Va XZ_THREADS Pq Vt int
+Set to the number of threads
+.Xr xz 1
+should use when compressing images.
+By default,
+.Va XZ_THREADS
+is set to
+.Va 0 ,
+which uses all available cores on the system.
 .It Va VCSCMD
 The command run to obtain the source trees.
 Defaults to
@@ -406,6 +415,57 @@ See
 for valid format values
 .Pq requires version 20140927 or later .
 .El
+.Pp
+For a list of supported
+.Va VMFORMATS
+values
+.Pq including cloud hosting provider formats
+along with a brief description, run:
+.Bd -literal -offset indent
+cd /usr/src
+make -C release list-vmtargets
+.Ed
+.Sh CLOUD HOSTING MACHINE IMAGES
+The
+.Fx
+release build tools support building virtual machine images for various
+cloud hosting providers, each with their own specific configuration to
+include support for each hosting provider by default.
+.Pp
+The following
+.Xr make 1
+environment variables are supported:
+.Pp
+.Bl -tag -width Ev
+.It Va CLOUDWARE
+Set to a list of one or more cloud hosting providers, enclosed in quotes.
+Requires
+.Va WITH_CLOUDWARE
+to also be set.
+.It Va WITH_CLOUDWARE
+Set to a non-empty value to enable building virtual machine images
+for various cloud hosting providers.
+Requires
+.Va CLOUDWARE
+to also be set.
+.El
+.Pp
+Additionally, the
+.Va CLOUDWARE
+and
+.Va WITH_CLOUDWARE
+variables can be added to
+.Pa release.conf ,
+and used in conjunction with
+.Pa release.sh .
+.Pp
+For a list of supported
+.Va CLOUDWARE
+values, run:
+.Bd -literal -offset indent
+cd /usr/src
+make -C release list-cloudware
+.Ed
 .Sh MAKEFILE TARGETS
 The release makefile
 .Pq Pa src/release/Makefile
@@ -470,6 +530,23 @@ target requires the
 .Va WITH_VMIMAGES
 .Xr make 1
 envirionment variable to be set to a non-null value.
+.It Cm vm-cloudware
+Builds
+.Fx
+virtual machine images for various cloud hosting providers.
+See
+.Qq CLOUD HOSTING MACHINE IMAGES
+for implementation details.
+.It Cm list-cloudware
+Displays the list of valid
+.Va CLOUDWARE
+values.
+.It Cm list-vmtargets
+Displays the list of valid
+.Va VMFORMAT
+and
+.Va CLOUDWARE
+values.
 .El
 .Pp
 Major subtargets called by targets above:
@@ -478,7 +555,7 @@ Major subtargets called by targets above:
 Generates all the distribution archives
 .Pq base, kernel, ports, doc
 applicable on this platform.
-.It Cm system
+.It Cm disc1
 Builds a bootable installation system containing all the distribution files
 packaged by the
 .Cm packagesystem
@@ -576,8 +653,11 @@ Typically, one only needs to set
 .It Pa /usr/src/Makefile
 .It Pa /usr/src/Makefile.inc1
 .It Pa /usr/src/release/Makefile
+.It Pa /usr/src/release/Makefile.vm
 .It Pa /usr/src/release/release.sh
 .It Pa /usr/src/release/release.conf.sample
+.It Pa /usr/src/release/tools/*.conf
+.It Pa /usr/src/release/tools/vmimage.subr
 .El
 .Sh EXAMPLES
 The following sequence of commands can be used to build a
diff --git a/share/man/man7/tuning.7 b/share/man/man7/tuning.7
index baf0bcc..12b03c2 100644
--- a/share/man/man7/tuning.7
+++ b/share/man/man7/tuning.7
@@ -747,8 +747,8 @@ over services you export from your box (web services, email).
 .Xr login.conf 5 ,
 .Xr rc.conf 5 ,
 .Xr sysctl.conf 5 ,
-.Xr firewall 7 ,
 .Xr eventtimers 7 ,
+.Xr firewall 7 ,
 .Xr hier 7 ,
 .Xr ports 7 ,
 .Xr boot 8 ,