summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* MFC r307182,307191,307192: rc.d/zfsbe: new script designed for BE supportavg2016-11-033-1/+73
|
* MFC r308148, r308150, r308156:gjb2016-11-031-1/+1
| | | | | | | | | | | | | r308148: Fix packaging calendar(1) files. r308150: Fix packaging /usr/share/examples/etc. r308156: Fix packaging /usr/lib{,32}/libgcc_eh{,_p}.a. Sponsored by: The FreeBSD Foundation
* MFC r307786:bapt2016-10-251-2/+5
| | | | | | | Do not install NIS program rc script if WITHOUT_NIS is set PR: 213375 Submitted by: sergey@akhmatov.ru
* MFC r305706, r305749, r306274gonzo2016-10-221-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r305706: Add evdev protocol implementation evdev is a generic input event interface compatible with Linux evdev API at ioctl level. It allows using unmodified (apart from header name) input evdev drivers in Xorg, Wayland, Qt. This commit has only generic kernel API. evdev support for individual hardware drivers like ukbd, ums, atkbd, etc. will be committed later. Project was started by Jakub Klama as part of GSoC 2014. Jakub's evdev implementation was later used as a base, updated and finished by Vladimir Kondratiev. Submitted by: Vladimir Kondratiev <wulf@cicgroup.ru> Reviewed by: adrian, hans Differential Revision: https://reviews.freebsd.org/D6998 r305749: Remove semicolon from the end of the macro definition Reported by: hans r306274: Handle NULL argument in evdev_free Add check for evdev argument of evdev_free being NULL. This is valid value and should not cause crash. In this case evdev_free does nothing Submitted by: Vladimir Kondratiev <wulf@cicgroup.ru>
* MFC r306696: Make 502.pfdenied find blacklistd/* filter names dynamicallylidl2016-10-131-2/+1
| | | | | | | This change is needed to make the 520.pfdenied script find the new blacklistd/* anchor points for reporting blocked traffic. Sponsored by: The FreeBSD Foundation
* MFC r306048asomers2016-10-032-2/+2
| | | | | | | | | | | Fix periodic scripts when an NFS mount covers a local mount 100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS filesystems. But their logic contains an error. They also search through remote filesystems that are mounted on top of the root of a local filesystem. For example, if a user installs a FreeBSD system with the default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts /usr/home over NFS, these scripts would search through /usr/home.
* MFC r304162asomers2016-09-121-1/+1
| | | | | | | | Decrease the anti-congestion sleep in 480.leapfile-ntpd to 1 hour 24 hours is too long. Periodic scripts are executed serially, so when combined with the sleep in 410.pkg-audit periodic could actually take more than 24 hours and block the next invocation.
* MFC r304779, r304780, r304781, r304782, r304802cy2016-08-272-6/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r304779: Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes to leap-seconds invaldidates validation hash at the end of the file. Remove svn:keywords and replace with fbsd:nokeywords=yes to support this change. r304780: Change the algorithm by which /var/db/leap-seconds is updated. 1. Use the leap-seconds version number (update time) to determine whether to update the file or not. 2. If the version numbers of the files is the same, use the later expiry date to determine which file to use. Suggested by: ian@ r304781: Add logic to replace the working ntp leap-seconds file in /var/db if it contains a $FreeBSD$ header. The header will cause the file to fail checksum of the hash causing ntpd to ignore the file. r304782: Make validation of the leap-seconds file unconditional. r304802: Remove the gratuitous check for $FreeBSD$ and rename the function to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy isn't already there. Reported by: ache@
* MFH (r303716, r303719): drop SSH1 support, disable DSA by defaultdes2016-08-051-1/+1
| | | | | | PR: 208254 Approved by: re (gjb) Relnotes: yes
* MFC r303160.cy2016-07-271-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update leap-seconds to leap-seconds.3676752000. As per https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16: UTC TIME STEP on the 1st of January 2017 A positive leap second will be introduced at the end of December 2016. The sequence of dates of the UTC second markers will be: 2016 December 31, 23h 59m 59s 2016 December 31, 23h 59m 60s 2017 January 1, 0h 0m 0s The difference between UTC and the International Atomic Time TAI is: from 2015 July 1, 0h UTC, to 2017 January 1 0h UTC : UTC-TAI = - 36s from 2017 January 1, 0h UTC, until further notice : UTC-TAI = - 37s Obtained from: ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3676752000 See also: https://www.iers.org/SharedDocs/News/EN/BulletinC.html https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16 Relnotes: yes Approved by: re@ (delphij@)
* MFC r302857:jamie2016-07-171-3/+6
| | | | | | | | Start jails non-parallel if jail_parallel_start is NO. This was true for an explicitly specified jail list; now it's also true for all jails. PR: 209112 Approved by: re (gjb)
* MFC r302855:jamie2016-07-171-15/+16
| | | | | | | | | Wait for jails to complete startup if jail_parallel_start is YES, instead of assuming they'll take less than one second. PR: 203172 Submitted by: dmitry2004@yandex.ru Approved by: re (gjb)
* - Remove debugging from GENERIC* kernel configurationsgjb2016-07-081-1/+1
| | | | | | | | | - Enable MALLOC_PRODUCTION - Default dumpdev=NO - Remove UPDATING entry regarding debugging features Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* Posixify the locales name for variantsbapt2016-07-031-22/+6
| | | | | | | | | | | | | | | | | | | | For all locales with variants: - if no ambiguity on the locale (only one variant) just use the regular name - if ambiguity, pick one as default and append @<variant> to the others respecting POSIX As a result: - All the 3 components locales added recently are renamed to the usual 2 components version for all but sr_RS.UTF-8 - Set sr_RS.UTF-8 to the cyrillic variant - Add sr_RS.UTF-8@latin - Remove the symlinks aliases they were created to represent the 2 components version as aliasas and are now useless - Update the OptionalObsoleteFiles.inc and ObsoleteFiles.inc to reflect those changes Discussed with: ache@ Approved by: re@ (gjb)
* Remove reference to mroute6d in /etc/netstart.bapt2016-06-251-1/+0
| | | | | | | | mroute6d has been removed in r298512. PR: 209405 Submitted by: Trond.Endrestol@ximalas.info Approved by: re (gjb)
* Add support for a /etc/defaults/vendor.conf override filelidl2016-06-231-0/+6
| | | | | | Reviewed by: stas, imp Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D6895
* Commit the bits of nda that were missed. This should fix the build.imp2016-06-101-0/+2
| | | | Approved by: re@
* Implement an NSS backend for netgroups and add getnetgrent_r(3).markj2016-06-091-0/+1
| | | | | | | | | | | | | | | | | | This support appears to have been documented in nsswitch.conf(5) for some time. The implementation adds two NSS netgroup providers to libc. The default, compat, provides the behaviour documented in netgroup(5), so this change does not make any user-visible behaviour changes. A files provider is also implemented. innetgr(3) is implemented as an optional NSS method so that providers such as NIS which are able to implement efficient reverse lookup can do so. A fallback implementation is used otherwise. getnetgrent_r(3) is added for convenience and to provide compatibility with glibc and Solaris. With a small patch to net/nss_ldap, it's possible to specify an ldap netgroup provider, allowing one to query nisNetgroupTriple entries. Sponsored by: EMC / Isilon Storage Division
* Fix typo with description for $ipv6_cpe_wanif (upstram -> upstream)ngie2016-06-081-1/+1
| | | | | | | MFC after: 3 days PR: 210146 Reported by: Sean M. Collins <sean@coreitpro.com> Sponsored by: EMC / Isilon Storage Division
* Separate BLACKLIST vs BLACKLIST_SUPPORT properlylidl2016-06-072-2/+2
| | | | Sponsored by: The FreeBSD Foundation
* Turn off blacklistd daemon in defaultslidl2016-06-061-1/+1
| | | | | | | | Reported by: Matteo Riondato ( matteo @ FreeBSD.org ) Reviewed by: rpaulo Approved by: rpaulo Relnotes: YES Sponsored by: The FreeBSD Foundation
* Connect ypldap(8) script on Makefile, forgotten on my previous commit r301480.araujo2016-06-061-0/+1
|
* Add rc.d script for ypldap(8).araujo2016-06-062-0/+29
|
* Install/Connect ypldap.conf(5) on examples.araujo2016-06-061-0/+2
|
* Enable daily_ntpd_leapfile_enable by default. Otherwise an expiredcy2016-06-041-2/+1
| | | | | | | | | | leapfile will be ignored and ntpd will behave as if it has no leapfile. While here, remove an extraneous blank line. Suggested by: ache MFC after: 1 week
* Add basic blacklist build supportlidl2016-06-026-2/+81
| | | | | | | | Reviewed by: rpaulo Approved by: rpaulo Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5913
* Fix exit status of "service routing start <af> <iface>"asomers2016-06-021-0/+5
| | | | | | | | | | | etc/rc.d/routing Ignore the exit status of options_{inet,inet6,atm}. It's meaningless. Reviewed by: hrs MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D6687
* Revert r301137 and r301163, and implement a correct fixgjb2016-06-012-45/+0
| | | | | | | | | | for the CONFS issue with dma.conf and ppp.conf. Thank you very much to Bryan Drewery for looking into the problem and providing this fix. Pointyhat: gjb Sponsored by: The FreeBSD Foundation
* Implement a hack to re-enable installation of the dma.conf.gjb2016-06-011-0/+4
| | | | | | | | | | | | The 'CONFS' entries in share/mk/bsd.confs.mk explicitly check for the 'installconfig', but does not behave properly with the 'distribute' target. This seems to be related to the previously-reported issues with files within /etc in the past. Reported by: Ben Woods Sponsored by: The FreeBSD Foundation
* Revert r289096:gjb2016-06-012-0/+41
| | | | | | | | | | | | | Files listed in 'CONFS' are not properly included in new installations (missing from base.txz), for reasons I still do not fully understand. This reverts the change excluding /etc/ppp/ppp.conf from a new installation. /etc/dma/dma.conf is also affected, but requires a different solution, still being investigated. Reported by: Ben Woods Sponsored by: The FreeBSD Foundation
* Don't rely on $ntpd_enable to periodically fetch the latestcy2016-06-011-2/+2
| | | | | | | leapfile. Suggested by: cperciva MFC after: 1 week
* Fix indentation in dhclient rc.d scriptvangyzen2016-05-311-1/+1
|
* Cosmetics: add missing space after the ':' in etc/rc.d/random.trasz2016-05-311-2/+2
| | | | | MFC after: 1 month Sponsored by: The FreeBSD Foundation
* Fix circular dependency created after r287197 between ldconfig and ↵ngie2016-05-302-4/+14
| | | | | | | | | | | | | | | | | | | mountcritremote ldconfig is already required by mountcritremote indirectly, as noted by rcorder: > rcorder: Circular dependency on provision `mountcritremote' in file `ldconfig'. Having mountcritremote REQUIRE ldconfig breaks dependency ordering. Making the ldconfig hints be conditionally regenerated from mountcritremote when remote filesystems are mounted is done after this change, similar to cleanvar being conditionally called after the change. Differential Revision: https://reviews.freebsd.org/D6621 PR: 202726 Reviewed by: jilles Sponsored by: EMC / Isilon Storage Division
* Make netif REQUIRE hostidngie2016-05-291-1/+1
| | | | | | | | | | | | | As noted in the PR, if etc/rc.d/zvol is removed, netif will be run before hostid, and the MAC address generated for any bridge devices will be non-deterministic. Make the MAC address generated be deterministic for bridge devices by explicitly REQUIRE'ing hostid. This fixes up the rest of the PR, inadvertently committed in r299844 MFC after: 1 week PR: 195188 Sponsored by: EMC / Isilon Storage Division
* Fix "make installworld" with MK_CDDL == no after r300906 byngie2016-05-291-0/+2
| | | | | | | | | adding a missing entry for ${TESTSBASE}/cddl/sbin X-MFC with: r300906 Pointyhat to: asomers Reported by: Shawn Webb <shawn.webb@hardenedbsd.org> Sponsored by: EMC / Isilon Storage Division
* zfsd(8), the ZFS fault management daemonasomers2016-05-286-3/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add zfsd, which deals with hard drive faults in ZFS pools. It manages hotspares and replements in drive slots that publish physical paths. cddl/usr.sbin/zfsd Add zfsd(8) and its unit tests cddl/usr.sbin/Makefile Add zfsd to the build lib/libdevdctl A C++ library that helps devd clients process events lib/Makefile share/mk/bsd.libnames.mk share/mk/src.libnames.mk Add libdevdctl to the build. It's a private library, unusable by out-of-tree software. etc/defaults/rc.conf By default, set zfsd_enable to NO etc/mtree/BSD.include.dist Add a directory for libdevdctl's include files etc/mtree/BSD.tests.dist Add a directory for zfsd's unit tests etc/mtree/BSD.var.dist Add /var/db/zfsd/cases, where zfsd stores case files while it's shut down. etc/rc.d/Makefile etc/rc.d/zfsd Add zfsd's rc script sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c Fix the resource.fs.zfs.statechange message. It had a number of problems: It was only being emitted on a transition to the HEALTHY state. That made it impossible for zfsd to take actions based on drives getting sicker. It compared the new state to vdev_prevstate, which is the state that the vdev had the last time it was opened. That doesn't make sense, because a vdev can change state multiple times without being reopened. vdev_set_state contains logic that will change the device's new state based on various conditions. However, the statechange event was being posted _before_ that logic took effect. Now it's being posted after. Submitted by: gibbs, asomers, mav, allanjude Reviewed by: mav, delphij Relnotes: yes Sponsored by: Spectra Logic Corp, iX Systems Differential Revision: https://reviews.freebsd.org/D6564
* Always create loopback routes on every fibasomers2016-05-271-10/+26
| | | | | | | | | | | | | | | | | | | | | | | | Always create loopback routes on every fib, for both IPv4 and IPv6 etc/rc.d/routing Create loopback IPv4 and IPv6 routes on every fib at boot. Revert 278302; now that all FIBs have IPv6 loopback routes, the "route add -reject" commands won't fail. tests/etc/rc.d/routing_test.sh Greatly simplify static_ipv6_loopback_route_for_each_fib. It was written under the assumption that loopback routes would be added to a given fib by the kernel as soon as an interface is configured on that fib. However, the logic can be much simpler now that we simply add loopback routes to all fibs at boot. This also removes the need to run the test as root, removes the restriction that net.add_addr_allfibs=0, and removes the need to configure fibs in kyua.conf. Also, add a test case for IPv4 loopback routes Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D6582
* Use the expiry date to determine whether to replace the DB copy ofcy2016-05-251-2/+2
| | | | | | | | leapfile instead of using the leapfile serial number (create timestamp). PR: 209577 MFC after: 3 days
* Better document security_show_{success,info,badconfig} in /etc/periodic.confasomers2016-05-211-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | periodic(8) already handles the security_show_{success,info,badconfig} variables correctly. However, those variables aren't explicitly set in /etc/defaults/periodic.conf or anywhere else, which suggests to the user that they shouldn't be used. etc/defaults/periodic.conf Explicitly set defaults for security_show_{success,info,badconfig} usr.sbin/periodic/periodic.sh Update usage string usr.sbin/periodic/periodic.8 Minor man page updates One thing I'm _not_ doing is recommending setting security_output to /var/log/security.log or adding that file to /etc/newsyslog.conf, because periodic(8) would create it with default permissions, usually 644, and that's probably a bad idea. Reviewed by: brd MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D6477
* Remove DTrace tooklkit from the mtree and add the files to removegnn2016-05-201-2/+0
| | | | | | to the ObsoleteFiles list. Sponsored by: DARPA, AFRL
* Update leap-seconds to leap-seconds.3661459200.cy2016-05-191-6/+6
| | | | | | | | | | NO leap second will be introduced at the end of June 2016. This commit reapplies the r298887 minor spelling fix. Obtained from: ftp://tycho.usno.navy.mil/pub/ntp/. See also: http://www.iers.org/SharedDocs/News/EN/BulletinC.html MFC after: 2 weeks
* Make hostid_save depend on hostidngie2016-05-151-1/+1
| | | | | MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
* Fix broken dependency with routed when MK_ROUTED != nongie2016-05-152-1/+2
| | | | | | | | Remove routed as a requirement in NETWORKING, and put it in routed as a BEFORE requirement instead MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
* Conditionalize installing etc/rc.d/atm{1,2,3}ngie2016-05-152-4/+9
| | | | | | | | `BEFORE: netif` was already in etc/rc.d/atm1, so no additional changes are needed in that script MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
* Conditionalize etc/rc.d/{zfs,zvol} install on MK_ZFS != nongie2016-05-151-2/+7
| | | | | MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
* Make FILESYSTEMS, dumpon, and var not depend on zfs and zvolngie2016-05-155-3/+4
| | | | | | | | Make zfs and zvol come before all of the items that depended on them previously MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
* Reduce redundancy after release-pkg merge to head in r298107ngie2016-05-151-38/+17
| | | | | | | | | | - Use BINDIR instead of FILESDIR - Default all <FILESGROUPS>MODEs to BINMODE with a single for-loop at the bottom of the Makefile - Move all of the conditionals under the relevant MK_* != no build conditional blocks Sponsored by: EMC / Isilon Storage Division
* iconvctl(3): remove superfluous NULL pointer testsvangyzen2016-05-141-0/+2
| | | | | | | | | | | | | | | convname and dst are guaranteed to be non-NULL by iconv_open(3). src is an array. Remove these tests for NULL pointers. While I'm here, eliminate a strlcpy with a correct but suspicious-looking calculation for the third parameter (i.e. not a simple sizeof). Compare the strings in-place instead of copying. Found by: bdrewery Found by: Coverity CID: 1130050, 1130056 MFC after: 3 days Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D6338
* MFV r299425:mm2016-05-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
OpenPOWER on IntegriCloud