| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r271893:
Don't install /etc/rc.d/rwho unless MK_RCMDS == yes
Sponsored by: EMC / Isilon Storage Division
r271895:
Don't install /etc/rc.d/ftp-proxy unless MK_PF == yes
Sponsored by: EMC / Isilon Storage Division
r272043:
Don't install /etc/rc.d/keyserv unless MK_OPENSSL == yes
Sponsored by: EMC / Isilon Storage Division
r278249:
Honor the following flags with the following rc.d scripts for services that can
be easily decoupled from the boot process without disrupting other services
- MK_APM && MK_ACPI: powerd
- MK_BOOTPARAMD: bootparams
- MK_FTP: ftpd
- MK_INETD: inetd
- MK_LEGACY_CONSOLE: moused, syscons
- MK_MAIL: othermta
- MK_NS_CACHING: nscd
- MK_NTP: ntpd (ntpdate is required by other services and can't be easily
conditionalized -- yet..)
- MK_ROUTED: routed
- MK_SENDMAIL: sendmail
- MK_TIMED: timed
- MK_VI: virecover
Sponsored by: EMC / Isilon Storage Division
r278282:
Use FILES+= idiom instead of _inetd when referencing inetd rc.d script
This was a discrepancy between ^/projects/building-blocks and ^/head that I
didn't resolve before committing the change to ^/head
Pointyhat to: me
Reported by: jhb
Sponsored by: EMC / Isilon Storage Division
r278466:
Remove explicit routing/sendmail rc.d inclusion in FILES
Reported by: Guy Yur <guyyur@gmail.com>
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r277678:
Add MK_CCD knob for building and installing ccd(4), ccdconfig, etc
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
| |
r277736:
Honor MK_ACCT with etc/rc.d/accounting
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r277741:
Respect MK_KERBEROS with etc/rc.d/ipropd_master and etc/rc.d/ipropd_slave
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r277728:
Add MK_AUTOFS knob for building and installing autofs(4), et al
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r277725:
Add MK_HAST knob for building and installing hastd(8), et al
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r277675:
Add MK_ISCSI knob for building the iscsi initiator, iscsi daemon, kernel
modules, etc
Sponsored by: EMC / Isilon Storage Division
r277726:
Build sbin/iscontrol again if MK_ISCSI != no
Pointyhat to: me
r278070:
Remove duplicate MK_ISCSI block and sort the conditional blocks so this error
won't crop up again in the future
Reported by: gjb
|
|
|
|
|
|
|
|
| |
r277730:
Honor MK_ACPI in etc/devd and etc/rc.d
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r277740:
Honor MK_WIRELESS with etc/rc.d/hostapd and etc/rc.d/wpa_supplicant
Sponsored by: EMC / Isilon Storage Division
r278053:
Remove hostapd and wpa_supplicant from FILES so they're installed conditionally
if MK_WIRELESS != no
|
|
|
|
|
|
|
|
| |
r277733:
Honor MK_AMD with etc/rc.d/amd
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r277732:
Honor MK_API in etc/rc.d
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r277731:
Honor MK_LPR with etc/rc.d/lpd
Sponsored by: EMC / Isilon Storage Division
r277734:
Remove explicit inclusion of lpd from FILES
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r277739:
Honor MK_JAIL with etc/rc.d/jail
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r277686:
Install bsnmp rc.d script if MK_BSNMP != no
Sponsored by: EMC / Isilon Storage Division
r277687:
Fill in entries for MK_BSNMP == no
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
r271892 (by ngie):
Sort the optional rc.d scripts by their knobs
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
| |
- Honer MK_KERBEROS for Heimdal rc.d scripts.
- Add rc.c/kerberos to OLD_FILES.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restructure rc.d scripts for kerberos5 daemons:
- Rename $kerberos5_server_enable with $kdc_enable and rename
rc.d/kerberos with rc.d/kdc.
- Rename $kadmin5_server_enable with $kadmind_enable.
- Rename ${kerberos5,kpasswdd}_server with ${kdc,kpasswdd}_program.
- Fix rc.d/{kadmind,kerberos,kpasswdd,kfd} scripts not to change variables
after load_rc_config().
- Add rc.d/ipropd_master and rc.d/ipropd_slave scripts. These are
for iprop-master(8) and iprop-slave(8). Keytab used for iprop service is
defined in ipropd_{master,slave}_keytab (/etc/krb5.keytab by default).
- Add dependency on rc.d/kdc to SERVERS. rc.d/kdc must be invoked as early
as possible before scripts divided by rc.d/SERVERS.
Note that changes to rc.d/{kdc,kpasswdd,kadmind} are backward-compatible
with the old configuration variables:
${kerberos5,kpasswdd,kadmin5}_server{,_enable,_flags}.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bring in the new automounter, similar to what's provided in most other
UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric: D523
Relnotes: yes
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
| |
Remove remnants of BIND from /etc, since there is no BIND in base now.
Sorry, that would break users running head and BIND from ports, since
ports rely on these scripts. The ports will be fixed soon.
Approved by: re (kib)
|
|
|
|
|
|
| |
Approved by: re (glebius)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf. The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost. Alternatively, a list of forwarders can be provided on the
command line.
To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks. We should consider doing
the same for "status", which is currently pointless.
Add an rc script for unbound, called local_unbound. If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.
Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound. This is necessary so that
unbound can reload its configuration while chrooted. We should
probably provide symlinks in /etc.
Approved by: re (blanket)
|
|
|
|
|
|
| |
Reviewed by: ken (parts)
Approved by: re (delphij)
Sponsored by: FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
device names "md" or "md[0-9]*" and a "file" option are specified in
/etc/fstab like this:
md none swap sw,file=/swap.bin 0 0
- Add GBDE/GELI encrypted swap space specification support, which
rc.d/encswap supported. The /etc/fstab lines are like the following:
/dev/ada1p1.bde none swap sw 0 0
/dev/ada1p2.eli none swap sw 0 0
.eli devices accepts aalgo, ealgo, keylen, and sectorsize as options.
swapctl(8) can understand an encrypted device in the command line
like this:
# swapctl -a /dev/ada2p1.bde
- "-L" flag is added to support "late" option to defer swapon until
rc.d/mountlate runs.
- rc.d script change:
rc.d/encswap -> removed
rc.d/addswap -> just display a warning message if $swapfile is defined
rc.d/swap1 -> renamed to rc.d/swap
rc.d/swaplate -> newly added to support "late" option
These changes alleviate a race condition between device creation/removal
and swapon/swapoff.
MFC after: 1 week
Reviewed by: wblock (manual page)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has the following advantages:
- During boot, the BOOT_TIME record is now written right after the file
systems become writable, but before users are allowed to log in. This
means that they can't cause `hidden logins' by logging in right before
init(8) kicks in.
- The pututxline(3) function may potentially block on file locking,
though this is very rare to occur. By placing it in an rc script, the
user can still kill it with ^C if needed.
- Most importantly: jails don't use init(8). This means that a force
reboot of a system running jails will leave stale entries in the
accounting database of the jails individually.
|
|
|
|
|
|
|
|
|
| |
with FreeBSD easier for vendors.
- For optional files use variables starting with underscore.
Both changes make rc.d/Makefile look similar to sys/modules/Makefile.
Reviewed by: dim
|
|
|
|
|
|
|
|
|
|
| |
Make sure that static ARP and NDP bindings are set before NETWORKING.
As static_ndp is based on static_arp, pass copyright to the project with
permission of the original author (delphij@).
Reviewed by: delphij@FreeBSD.org
MFC after: 3 days
|
|
|
|
|
| |
MFC after: 1 week
Approved by: re (kib)
|
|
|
|
|
|
|
|
| |
longer used by /etc/rc.d/nfsd and it is no longer necessary
to load the old nfs server by default, when nfs_server_enable="YES".
Tested by: sgk at troutmask.apl.washington.edu
Reviewed by: rc (Andrzej Tobola)
|
|
|
|
|
|
|
| |
network to become active.
PR: conf/151063
Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
|
|
|
|
| |
This method is many times faster than doing it in /boot/loader.conf.
|
|
|
|
|
| |
Sponsored by: The FreeBSD Foundation
Reviewed by: kib (ealier version)
|
| |
|
|
|
|
| |
Add it on hastd
|
|
|
|
|
|
|
|
|
|
|
|
| |
- looking for partition with 'bootonce' attribute alone (without 'bootme'
attribute), removing it and logging that we successfully booted from this
partition.
- looking for partitions with 'bootfailed' attribute, removing it and
logging that we failed to boot from this partition.
Reviewed by: arch (Message-ID: <20100917234542.GE1902@garage.freebsd.pl>)
Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after: 2 weeks
|
|
|
|
| |
MFC after: 2 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HAST allows to transparently store data on two physically separated machines
connected over the TCP/IP network. HAST works in Primary-Secondary
(Master-Backup, Master-Slave) configuration, which means that only one of the
cluster nodes can be active at any given time. Only Primary node is able to
handle I/O requests to HAST-managed devices. Currently HAST is limited to two
cluster nodes in total.
HAST operates on block level - it provides disk-like devices in /dev/hast/
directory for use by file systems and/or applications. Working on block level
makes it transparent for file systems and applications. There in no difference
between using HAST-provided device and raw disk, partition, etc. All of them
are just regular GEOM providers in FreeBSD.
For more information please consult hastd(8), hastctl(8) and hast.conf(5)
manual pages, as well as http://wiki.FreeBSD.org/HAST.
Sponsored by: FreeBSD Foundation
Sponsored by: OMCnet Internet Service GmbH
Sponsored by: TransIP BV
|
|
|
|
|
|
|
|
|
|
| |
The rtsol(8) handles just one RA then exit. So, the OtherConfig flag
may not be handled well by rtsol(8) in the environment where there are
multiple RA servers on the segment. In such case, rtsold(8) will be
your friend.
Reviewed by: hrs
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
and rc.d/ip6fw.
Reviewed by: dougb, jhb
MFC after: 1 month
|
|
|
|
|
|
|
|
|
|
| |
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
depends on some sysctl variables.
Reviewed by: brooks
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
statically bind IPv4 <-> MAC address at boot time.
In order to use this, the administrator needs to configure the following
rc.conf(5) variable:
- static_arp_pairs: A list of names for static bind pairs, and,
- a series of static_arp_(name): the arguments that is being passed to
``arp -S'' operation.
Example:
static_arp_pairs="gw"
static_arp_gw="192.168.1.1 00:01:02:03:04:05"
See the rc.conf(5) manual page for more details.
Reviewed by: -rc@
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
top of ZVOLs. The problem is that rc.d/fsck runs before rc.d/zfs. The
latter makes ZVOLs to appear in /dev/. In such case rc.d/fsck cannot
find devfs entry and aborts. We cannot simply move rc.d/zfs before
rc.d/fsck, because we first want kern.hostid to be configured (by
rc.d/hostid). If we won't wait (hostid will be 0) we can reuse disks
which are in use by different systems (eg. in SAN/NAS environment).
We also cannot move rc.d/hostid before rc.d/fsck, because rc.d/hostid on
first system start stores generated kern.hostuuid in /etc/hostid file,
so it needs root file system to be mounted read-write.
The fix is to split rc.d/hostid so that rc.d/hostid (which will now run
before rc.d/fsck) only generates hostid and sets up sysctls, but doesn't
touch root file system and rc.d/hostid_save (which is run after
rc.d/root) and only creates /etc/hostid file.
With that in place, we can move ZVOL initialization to dedicated
rc.d/zvol script which runs before rc.d/fsck.
PR: conf/120194
Reported by: James Snow <snow@teardrop.org>
Reviewed by: brooks
Approved by: re (kib)
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
Reviewed by: dougb
Approved by: kib (mentor)
|
| |
|
|
|
|
|
|
| |
default settings.
Submitted by: Pawel Worach <pawel.worach at gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
|