| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
ftpd provides the -n option to disable anonymous FTP access, meaning the
username 'ftp' cannot log in to the FTP server without a password stored
in the password database. This feature helps prevent users who lack the
background knowledge of how this special username 'ftp' conventionally
works in FTP from mistakenly creating an account with the username
'ftp,' assuming it behaves like other usernames that require a password
to log in to the FTP server, which it does not.
Differential Revision: https://reviews.freebsd.org/D46547
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
write_files is a list of files that should be created at the first boot
each file content can be either plain text or encoded in base64 (note
that cloudinit specify that gzip is supported, but we do not support it
yet.)
All other specifier from cloudinit should work:
by default all files will juste overwrite exesiting files except if
"append" is set to true, permissions, ownership can be specified.
The files are create before packages are being installed and user
created.
if "defer" is set to true then the file is being created after packages
installation and package manupulation.
This feature is requested for KDE's CI.
|
| |
|
|
| |
Sponsored by: OVHCloud
|
| |
|
|
|
|
|
|
|
| |
This fixes case where vendors or cloudinit consumers are using all
features from yaml.
KDE is using reference for its CI for example.
lima-vm uses syntax for which our previous yaml.lua has bug in the
parser (https://github.com/lima-vm/lima/issues/1508)
|
| | |
|
| |
|
|
|
|
|
|
| |
Add the AT_HWCAP3 and AT_HWCAP4 format strings to auxfmt.
Reviewed by: brooks, kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51007
|
| |
|
|
|
|
|
|
|
|
| |
This fixes the test case libexec.nuageinit.nuageinit.config2_userdata_packages
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1734
|
| |
|
|
| |
Reviewed by: bapt
|
| |
|
|
|
|
|
|
| |
Check for a "#" at the start of the line regardless whether it is its
own token or not. We avoid unecessary calls to rc.d/zpool.
Suggested by: ivy
Fixes: b6e33f0cd536
|
| | |
|
| |
|
|
|
| |
Reviewed by: imp, ziaee (both a previous version)
Differential Revision: https://reviews.freebsd.org/D50878
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refactor nuageinit to allow a 3rd execution point during boot:
1. nuageinit is invoked before NETWORKING with a minimalistic network setup
for openstrack and potentially other network config setup. it tries
to configure everything which is not requiring any network.
2. nuageinit is invoked again post NETWORKING but pre SERVERS, in the
phase it does all that requires network, like dealing with packages.
Note that creating users have been moved to this phase to allow the
installation of shells like bash or zsh prior the creation of the
users, before that the user creation was failing if a non installed
shell was requested.
3. nuageinit will execute at the rc.local time all the specified scripts
and commands.
MFC After: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MIT KRB5 krb5kdc differs from the Heimdal kdc.
- The MIT kdc is named krb5kdc while the Heimdal one is named kdc.
- krb5kdc -d flag has a different meaning. krb5kdc -d specifies a
database name. While the Heimdal kdc uses the -d flag to daemonize
it. krb5kdc automaticially daemonizes itself unless the -n flag is
specified.
We do this by looking at the name of the kdc program to determine if
we assume it's a Heimdal kdc or the MIT krb5kdc.
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50813
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Legacy ZFS uses fstab to mount its datasets. In an attempt to fix
another problem 900bc0206348 broke legacy ZFS in fstab(5). This
comit works around the problem by mountcritlocal scanning /etc/fstab
for zfs mountpoint and if any are found invoke /etc/rc.d/zpool start.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D50844
|
| |
|
|
|
| |
Reported by: Kenneth Raplee
Differential Revision: https://reviews.freebsd.org/D45855
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In cases where the `/boot` directory is mounted from a different disk,
`/boot/zfs/zpool.cache` will not be found during a `rc.d/zpool`
run. This is because `/etc/fstab` mounts are mounted in
`rc.d/mountcritlocal`, which currently runs AFTER (i.e. `REQUIRE:`)
`rc.d/zpool`.
This change swaps the `rcorder` of `rc.d/zpool`'s dependency on
`mountcritlocal` from `BEFORE:` to `REQUIRE:`. This will ensure that
`/boot` (or even `/etc/` in some configurations) to be visible while
searching for `zpool.cache`.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1614
Closes: https://github.com/freebsd/freebsd-src/pull/1614
|
| |
|
|
|
| |
PR: 287503
Reported by: crest@rlwinm.de
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Variables for command-line options like $foo_flags can contain characters
that perform pathname expansions, such as '[', ']', and '*'. They were
passed without escaping, and the matched entries in the working directory
affected the command-line options. This change turns off the expansion
when run_rc_command() is called.
While this changes the current behavior, an invocation of a service
program should not depend on entries in the working directory.
Differential Revision: https://reviews.freebsd.org/D45855
|
| |
|
|
|
|
|
|
| |
Rename path into ni_path (ni stands for nuageinit) which is more
understandable and avoid a shadowing warning because we also use a
variable named path later.
Add a missing local
|
| |
|
|
|
|
| |
Execute the runcmd specified in cloudinit at the same moment as the
user_data script aka late in the boot process, to respect cloudinit
specifications
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In official cloudinit, when a user_data file starts with '#!' it
should be execute late in the boot process. To respect this nuageinit
now copy the user_data script into a /var/cache/nuageinit/user_data if
found and a new "firsboot" rcscript anchored to the 'local' rc script is
responsible to execute it if found.
Note by doing this, we fix another issue we had with nuageinit, if the
cloudinit provider provides the user_data scriptout with the executable
permission, previous implementation was not working, like apparently
what Digital Ocean is doing.
PR: 287183
Reported by: olgeni@
|
| |
|
|
|
|
|
| |
Implement package_update and package_upgrade, which allows to launch
an update of the metadata and an upgrade of the packages.
Sponsored by: OVHCloud
|
| |
|
|
|
|
| |
Installs a list of packages
Sponsored by: OVHCloud
|
| |
|
|
| |
Sponsored by: OVHCloud
|
| |
|
|
|
|
| |
runcmd contains a list of string, each item will be executed in order.
Sponsored by: OVHCloud
|
| |
|
|
|
|
|
| |
To carry out the userdata unit tests, you need to set up the environment in
order to skip adding the default user (nuage.adduser(default_user)
Sponsored by: OVHCloud
|
| |
|
|
| |
Sponsored by: OVHCloud
|
| |
|
|
|
|
|
|
| |
These are no longer specific to iSCSI; always build them.
Reviewed by: kevans, jhb
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50625
|
| |
|
|
|
|
|
|
|
|
| |
This adds a metadata variable, require.kmods, and corresponding functions
or methods in C, C++, and shell, which allow a test to specify that it
requires particular kernel modules to run. If the kernel modules are not
present, the test is skipped. One might want to consider a kyua option
which makes it attempt to load the modules instead.
Differential Revision: https://reviews.freebsd.org/D47470
|
| |
|
|
|
|
|
|
|
|
| |
The only caller already has the current TCB to hand, so just pass it
down rather than get it again. This also makes it clear in the caller
that it depends on the (current) TCB, rather than being storage that
could be assigned to any thread (concurrency issues aside).
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50594
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When this code was first written we didn't have even a struct tcb, so to
make it MI a pointer to the DTV pointer in the TCB was passed around.
Now that we have a struct tcb we can simplify the code by instead
passing around a pointer to that, and the MI code can access the tcb_dtv
member wherever it happens to be in the layout. This reduces boilerplate
in all the various callers of tls_get_addr_common/slow and makes it
clearer that tls_get_addr_common/slow are operating on the TCB, rather
than obfuscating it slightly through the double pointer.
Whilst here, clarify the comments in aarch64's TLSDESC dynamic resolver,
which were using tp without clarifying what this was for (previously a
pointer to the DTV pointer, now a pointer to the TCB, which happen to be
the same thing for Variant I TLS, and in the case of AArch64 are what
TPIDR_EL0 point to directly, with no offset/bias).
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50591
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was applying a NetBSD fix to FreeBSD. However, the original code
was correct for FreeBSD. NetBSD's obj->tlsoffset is relative to the end
of the TCB, not the TCB itself, whilst ours is relative to the TCB[1]
itself. For example, our allocate_tls uses (char *)tcb + obj->tlsoffset
for the memcpy and memset calls.
Without this reverted, for dynamically loaded shared objects, Initial
Exec accesses to TLS variables on variant I architectures (non-x86) use
the correct address, whilst General Dynamic and dlsym(3) use the
incorrect address (TLS_TCB_SIZE past the start). Note that, on arm64,
LLVM only supports TLSDESC (including LLD) and TLSDESC will use the
static resolver if the variable ends up allocated to the static TLS
block, even in the presence of dlopen(3), so only dlsym(3) shows the
discrepancy there.
Whilst here, add a comment to explain this difference to try and avoid
the same mistake being made in future.
[1] In the case of variant II, it's the amount to subtract, so still
positive
This reverts commit e9a38ed2fa61fd264a80f24ceb35f39b0ac6463d.
Reviewed by: kib (prior version)
Fixes: e9a38ed2fa61 ("rtld: fix allocate_module_tls() variant I fallback to static allocation")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50565
|
| |
|
|
|
|
|
|
|
|
|
| |
Provided you don't run out of extra static TLS space this should work,
but it's wholly unnecessary and not how things are supposed to be done.
Only static TLS relocations should allocate static TLS.
Reviewed by: kib
Fixes: 4b1859c0e943 ("Add support for RISC-V architecture.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50563
|
| |
|
|
|
|
|
|
|
| |
Reported and tested: Alex S <iwtcex@gmail.com>
Tested by: pho
Reviewed by: olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D50482
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If either INET or INET6 is not enabled in the kernel, then the jail(8)
options ip4=<new|inherit> resp. ip6=<new|inherit> are not available.
Detect this case and don't try to provide those options, otherwise
svcjs will not start.
Do this automatically (without a warning) so that net_basic, which
includes both netv4 and netv6, continues to work as expected.
If _svcj_ipaddrs is explicitly configured with an address for an IP
version not supported by the kernel, issue a warning but continue to
start the service. This can result in the service being started with
fewer addresses than expected, but never more.
Reviewed by: netchild, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49976
|
| |
|
|
|
|
|
|
|
| |
This leaves the iscsi package for the iSCSI initiator, and the new
package provides the CAM target layer (including the iSCSI target).
Reviewed by: manu, des, jhb
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50287
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When I added libsys I failed to update rtld's reuse of object files
from libc to use ones from libsys instead. This would have turned up
as a broken system in d7847a8d35143, but SHARED_CFLAGS is not being
applied to assembly files.
PR: 286975
Reviewed by: jrtc27, jhb
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D50475
|
| |
|
|
|
|
|
|
| |
This daemon has been removed; also remove things which reference it.
Reviewed by: manu, des, emaste
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50441
|
| |
|
|
|
|
|
|
|
|
|
| |
rc.subr uses sysrc(8) for the 'enable' and 'disable' commands, which
means the entire rc(8) stack depends on bsdconfig. Instead, provide a
minimal amount of rc.conf-editing functionality in rc.subr and use it to
implement these commands.
Reviewed by: des, bapt
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50325
|
| |
|
|
|
|
|
|
|
|
| |
"routing" enables the jail allow.routing permission, which allows the jail to
modify the system routing table. this can be used to run routing daemons
(e.g., BIRD) in a service jail.
Reviewed by: jamie, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49844
|
| |
|
|
|
|
|
|
| |
This matches the interface of lposix, although I do wonder why they went
with execp rather than execvp for the function name here.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50177
|
| |
|
|
|
|
| |
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50176
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The key insight here is that the luaL_check*() and luaL_opt*() functions
will happily take indexes that are larger than the stack top and print a
useful error message.
This means that there is no need to check if too few arguments have been
received prior to checking the types of individual arguments.
This patch also replaces a couple reimplementations of luaL_opt*()
functions with the luaL helpers.
References: https://www.lua.org/manual/5.4/manual.html#4.1.2
Reviewed by: emaste, kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50273
|
| |
|
|
|
| |
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
This was previously an Elf_Addr and was turned into a uintptr_t when
really it should have been made a size_t. Even on CHERI both actually
work in this case, but it's better style (and more consistent with
elsewhere in the file) to use size_t instead.
Fixes: 4642b638a522 ("rtld-elf: Consistently use uintptr_t for TLS implementation")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than treating the DTV as a raw array of uintptr_t, use proper
struct types and gain the benefit of having different types for
different members. In particular, the module slots now have real pointer
types so less casting is generally needed.
Note that, whilst struct dtv_slot may seem a little unnecessary, this
will help downstream in CheriBSD where we wish to be able to easily
alter the layout of a module's slot, which this helps abstract.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50231
|
