aboutsummaryrefslogtreecommitdiff
path: root/release/tools
Commit message (Collapse)AuthorAgeFilesLines
* Revert r333493, which was a temporary fix for 11.2-RELEASE, and insteadEdward Tomasz Napierala2018-05-261-1/+0
| | | | | | | | | | | | | | | switch the default kldxref_enable to YES. The reason is that it's required for every image that's being cross-built, as kldxref(8) cannot handle files for non-native architectures. For the one that is not - amd64 - having it on by default doesn't change anything; the script is noop if the linker.hints already exists. MFC after: 2 weeks Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=334237
* Set kldxref_enable="YES" for ARM images. Without it, the images are missingEdward Tomasz Napierala2018-05-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | the /boot/kernel/linker.hints file, which breaks loading some of the modules with dependencies, eg cfiscsi.ko. This is a minimal fix for ARM images, in order to safely MFC it before 11.2-RELEASE. Afterwards, however, I believe we should actually just change the default (as in, etc/defaults/rc.conf). The reason is that it's required for every image that's being cross-built, as kldxref(1) cannot handle files for non-native architectures. For the one that is not - amd64 - having it on by default doesn't change anything - the script is noop if the linker.hints already exists. The long-term solution would be to rewrite kldxref(1) to handle other architectures, and generate linker.hints at build time. Reviewed by: gjb@ MFC after: 3 days Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14534 Notes: svn path=/head/; revision=333493
* Fix a typo.Glen Barber2018-05-041-1/+1
| | | | | | | | | | Submitted by: lidl MFC after: 3 days MFC with: r333262 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=333264
* Ensure the ports and src trees are available on GCE images,Glen Barber2018-05-041-0/+23
| | | | | | | | | | | satisfying a requirement to allow FreeBSD to be considered a top-tier supported OS in Google Compute Engine. MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=333262
* Move debug.{trace,debugger}_on_panic and kern.panic_reboot_wait_time inColin Percival2018-04-181-3/+3
| | | | | | | | | | | | EC2 instances from sysctl.conf to loader.conf; these can all be set as loader tunables, and setting them in loader.conf gives us the right behaviour in the event of a kernel panic taking place prior to when sysctl.conf is processed. MFC after: 1 week Notes: svn path=/head/; revision=332663
* Escape trailing newlines in a long variable list for consistency.Glen Barber2018-03-261-2/+2
| | | | | | | | | Submitted by: garga MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=331559
* Remove google_accounts_manager from VM_RC_LIST in the GCE configurationGlen Barber2018-03-221-1/+1
| | | | | | | | | | | file, no longer needed. PR: 221714 MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=331364
* Make EC2 instances use Amazon's NTP service for time synchronization.Colin Percival2017-12-051-1/+6
| | | | | | | | | | | | | | | | Since Amazon provides NTP servers within their network, this should be far superior to using the default NTP pools; and since the service is provided by Amazon there's very little risk in enabling it by default. (If someone is able to compromise Amazon's NTP servers and exploit them to attack EC2 instances, they would almost certainly be able to compromise EC2 instances even without ntpd running...) MFC after: 1 week Relnotes: EC2 instances now keep their clocks synchronized using the Amazon Time Sync Service (aka. NTP). Notes: svn path=/head/; revision=326565
* Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs.Colin Percival2017-12-051-0/+6
| | | | | | | | | | | | | | | | | | | | | | | EC2 instances are normally launched with an SSH public key specified, which is then used for logging in (by default, as 'ec2-user'). Having ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config does) has no functional effect in a new EC2 instance, since you can't log in using a password until a password has been set -- but having this enabled results in alerts from automated scanning tools which can detect that sshd advertises support for keyboard-interactive logins (since they can't detect that accounts have no password set). EC2 users who want to use passwords to log in to their instances will need to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later. Discussed with: gjb, gtetlow, emaste, des Requested by: Amazon X-MFC: No Relnotes: ChallengeResponseAuthentication is turned off by default in Amazon EC2 AMIs. Notes: svn path=/head/; revision=326564
* Fix an indentation nit.Glen Barber2017-11-301-2/+2
| | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=326411
* Remove /etc/resolv.conf from virtual machine images, which isGlen Barber2017-11-214-0/+6
| | | | | | | | | | | | copied from the build host. It is renamed to /etc/resolv.conf.bak on boot, so never used anyway. Noticed by: peter MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=326068
* Move sys/boot to stand. Fix all references to new locationWarner Losh2017-11-141-1/+1
| | | | | | | Sponsored by: Netflix Notes: svn path=/head/; revision=325834
* Add option UNIFIED_OBJDIR, on by default, which moves the default build OBJDIR.Bryan Drewery2017-11-011-7/+4
| | | | | | | | | | | | | | | | | | | | | | This changes the build OBJDIR from the older style of /usr/obj/<srcdir> for native builds, and /usr/obj/<target>.<target_arch>/<srcdir> for cross builds to a new simpler format of /usr/obj/<srcdir>/<target>.<target_arch>. This new format is used regardless of cross or native build. It allows easier management of multiple source tree object directories. The UNIFIED_OBJDIR option will be removed and its feature made permanent for the 12.0 release. Relnotes: yes (don't note UNIFIED_OBJDIR option since it will be removed) Prior work: D3711 D874 Reviewed by: gjb, sjg Discussed at: https://lists.freebsd.org/pipermail/freebsd-arch/2016-May/017805.html Discussed with: emaste Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12840 Notes: svn path=/head/; revision=325288
* Add the amazon-ssm-agent package to EC2 AMI builds. This makes itColin Percival2017-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | immediately available on instances which are running without internet access (or which can't rely on firstboot_pkgs to install it for some other reason). Note that this agent is not enabled by default; to enable it, add amazon_ssm_agent_enable="YES" to /etc/rc.conf, e.g., by placing the lines >>/etc/rc.conf amazon_ssm_agent_enable="YES" into the EC2 user-data. In addition to being enabled, the agent requires keys to be provided via IAM Roles; users are encouraged to be very careful in using this functionality due to the inherent vulnerability in the idea of providing credentials via a service accessible to any process which can open an HTTP connection. Requested by: Amazon No objection from: re@ Relnotes: FreeBSD/EC2 AMIs now include the Amazon EC2 Systems Manager (SSM) Agent. Notes: svn path=/head/; revision=325254
* Set a default hostname for virtual machine images.Glen Barber2017-10-301-0/+4
| | | | | | | | | | | | | A recent bug in security/sudo causes segmentation faults when the system is not configured with a hostname, which causes issues with some virtual machine setups, notably Vagrant. Set the default hostname to the output of 'uname -o'. Submitted by: Nicholas Fiorentini Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=325156
* Revert r323812 from release/tools/arm.subr, which has broken theGlen Barber2017-09-221-10/+0
| | | | | | | | | | | | build on arm/armv6 images. Pointyhat: gjb (myself) MFC after: immediate MFC note: releng/10.4 has broken because of this Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=323924
* Bootstrap etcupdate(8) and mergemaster(8) databases when creatingGlen Barber2017-09-202-0/+19
| | | | | | | | | | | | | | virtual machine images and embedded images, similar to what is done when extracting base.txz to the target root filesystem in an new installation. Noticed by: marius Tested with: head@r323729 MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=323812
* Increase the Amazon EC2 AMI image size from 2GB to 3GB to preventGlen Barber2017-08-281-2/+2
| | | | | | | | | image build failures due to a full md(4)-backed filesystem. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=322968
* Use py-google-compute-engine instead for releasing Google ComputeGlen Barber2017-08-221-3/+6
| | | | | | | | | | | | Engine (GCE) images with an updated version of Google's tools. PR: 221714 Submitted by: helen _dot_ koike _@_ collabora_dot_com (original) MFC after: 5 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=322794
* Revert r321659, re-enabling ChallengeResponseAuthentication, which wasGlen Barber2017-07-281-6/+0
| | | | | | | | | | discussed a while back between cperciva@ and so@, and I forgot. Reported by: cperciva Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=321661
* Turn off ChallengeResponseAuthentication for EC2 AMIs, one of EC2'sGlen Barber2017-07-281-0/+6
| | | | | | | | | | requirements. MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=321659
* In release/release.sh:Glen Barber2017-06-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | - Rename chroot_arm_armv6_build_release() to chroot_arm_build_release() and make it hardware agnostic (such as armv6 -vs- armv7 -vs- arm64). - Evaluate EMBEDDED_TARGET differently so release/tools/arm.subr can be used for arm/armv6 and arm64/aarch64. - Update comments and copyright. In release/tools/arm.subr: - In arm_create_disk(), change the default alignment from 63 to 512k, fixing a boot issue on arm64 and EFI. [1] - Update comments and copyright. Add a RPI3 configuration file, pieces obtained from Crochet. Obtained from: Crochet [1] MFC after: 5 days X-MFC-Note: maybe Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=320252
* Turn on support for the Amazon "Elastic Network Adapter" in EC2 AMIs.Colin Percival2017-05-251-0/+3
| | | | | | | X-MFC-after: 318647 + fixes for some lock ordering warnings Notes: svn path=/head/; revision=318894
* Enable DHCP and IPv6 autoconfig on non-cloud VM images.Glen Barber2017-05-251-0/+5
| | | | | | | | | PR: 203653 MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=318872
* Trim trailing '/release/..' when setting _OBJDIR so arm64/aarch64Glen Barber2017-04-191-0/+1
| | | | | | | | | boot1.efifat is properly located when creating virtual machine images. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=317169
* ec2.conf and vmimage.subr can be used from the installation livecd afterAndrew Thompson2017-03-091-1/+2
| | | | | | | | | | | | | install to prepare an AMI image. This can be used to create a ZFS AMI disk image using a virtual machine. Change ec2.conf to use the pkg tool from a chroot rather than trying to bootstrap it and fail from the livecd readonly filesystem. Reviewed by: gjb Notes: svn path=/head/; revision=314935
* Increase the EC2 image size for 12-CURRENT. The recent snapshotGlen Barber2017-03-021-2/+2
| | | | | | | | | | builds of EC2 images for 12-CURRENT failed due to a full filesystem on the md(4) device during creation. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=314561
* Enable IPv6 networking on Amazon EC2.Colin Percival2017-01-151-3/+8
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=312214
* - Resize FreeBSD to the size of the OpenStack flavor (growfs).Glen Barber2016-12-141-0/+27
| | | | | | | | | | | | | | | | | | - Speeds up the boot process by disabling sendmail. - Allows an user to ssh as root with a public key. - Make ssh(1) respond faster by disabling DNS lookups. - Enable DHCP on the vtnet(4) interface. Note: The CLOUDWARE list has not yet been changed to include the OpenStack target by default yet. Submitted by: Diego Casati PR: 215258 MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=310047
* - Use virtualbox-ose-additions-nox11 for vagrant image to reduce sizeLi-Wen Hsu2016-10-301-2/+2
| | | | | | | | Reviewed by: brd, gjb, swills Approved by: gjb Notes: svn path=/head/; revision=308106
* Belatedly revert r303119, which was determined to not beGlen Barber2016-10-241-1/+0
| | | | | | | | | needed. Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=307884
* Add the ability to override the size of the swap partition when buildingNavdeep Parhar2016-10-101-1/+1
| | | | | | | | | | VM images. The default continues to be 1G. Reviewed by: gjb@ Sponsored by: Chelsio Communications Notes: svn path=/head/; revision=307008
* Create a /usr/home -> /home symlink for the arm images toGlen Barber2016-07-201-0/+1
| | | | | | | | | | | avoid /usr/home confusingly being created as a directory. Reported by: Russell Haley MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=303119
* Now that potentially buggy versions of Xen are automatically detectedColin Percival2016-07-161-6/+0
| | | | | | | | | | | (see r302635), there is no need to force msix interrupt migration off via loader.conf. Reverts: r302184 MFC after: 3 days Notes: svn path=/head/; revision=302929
* Enable indirect segment I/Os by default in the Xen blkfront driver whenColin Percival2016-06-291-5/+0
| | | | | | | | | | | | | | | running on EC2. Due to improvements in EC2, the performance penalty which was present on some EC2 instances no longer exists, and enabling this feature now consistently yields ~20% higher throughput with equal or lower latency. Reverts: r286063 Approved by: re (gjb) MFC after: 2 weeks Relnotes: Improved disk throughput on EC2 Notes: svn path=/head/; revision=302288
* Turn off MSI-X interrupt migration by default in EC2 instances; this worksColin Percival2016-06-241-0/+6
| | | | | | | | | | | around a bug in older versions of Xen and unbreaks SR-IOV (aka. "EC2 Enhanced Networking"). Approved by: re (gjb) Thanks to: jhb, Jeremiah Lott Notes: svn path=/head/; revision=302184
* Bump /tmp from 30m to 50m for ARM release images.Emmanuel Vadot2016-06-161-1/+1
| | | | | | | | | | | 30m isn't enough for pkg anymore to extract packagesite.txz. 40m is fine for now but let's take a safer way as we don't know when pkg will need more. Reported by: many Approved by: re (gjb), andrew (mentor) Notes: svn path=/head/; revision=301945
* Switch from console="comconsole" to boot_multicons="YES" in EC2.Colin Percival2016-06-091-2/+4
| | | | | | | | | | Amazon recently introduced an API for capturing screenshots of an emulated VGA device; this commit makes that (somewhat) useful. MFC after: 3 weeks Notes: svn path=/head/; revision=301732
* Turn off nfsv4acls for arm/armv6 builds, which has an impactGlen Barber2016-06-011-1/+0
| | | | | | | | | | | | | on performance, especially with SD cards on certain SoCs. Requested by: trasz Discussed with: ian, kientzle MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=301101
* Fix tmpfs(5) '/tmp' mount point.Glen Barber2015-11-251-1/+1
| | | | | | | | | | | A stray trailing space snuck in with one of the recent changes, making r290550 and r290573 effectively no-op. MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=291306
* Remove noatime from tmpfs(5) fstab(5) entry.Glen Barber2015-11-091-1/+1
| | | | | | | | | | Submitted by: Howard Su MFC after: 3 days X-MFC-With: r290550 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=290573
* Use tmpfs(5) instead of md(4) for '/tmp' mount.Glen Barber2015-11-081-1/+1
| | | | | | | | | | Submitted by: Nikolai Lifanov Differential Revision: D3506 MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=290550
* In vm_copy_base(), turn off SU+J on the resultant filesystem,Glen Barber2015-09-291-1/+1
| | | | | | | | | | | leaving only SU enabled. Discussed with: kib (a few weeks ago) MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=288370
* Disable blkif indirect segment I/Os in EC2 by default due to performanceColin Percival2015-07-301-0/+5
| | | | | | | | | issues on some EC2 instance types. Users may want to experiment with removing this from loader.conf and measuring the performance impact on the EC2 instances they are using. Notes: svn path=/head/; revision=286063
* Fix an out-of-order execution issue regarding pkg(8):Glen Barber2015-07-211-1/+1
| | | | | | | | | | | | | | | | - pkg(8) cannot be removed before subsequent reinvocations - The PKG_CACHEDIR cannot be cleaned after the repo*.sqlite has been removed - pkg(8) cannot be removed as a precursor to any of the other steps involved here MFC after: 3 days X-MFC-With: r285722 X-MFC-Before: 10.2-{BETA3,RC1} (whichever happens next) Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=285733
* Add support for building VirtualBox Vagrant images.Brad Davis2015-07-203-8/+42
| | | | | | | | | Abstract the build, package and upload to handle building either type. Approved by: re (gjb) Notes: svn path=/head/; revision=285722
* Do not mount /var/log and /var/tmp as md(4)-backed devices.Glen Barber2015-07-121-4/+0
| | | | | | | | | Discussed with: ian MFC after: 3 days Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=285427
* Revert r285018, r285019, r285076, r285078, r285082.Glen Barber2015-07-041-8/+0
| | | | | | | | | | | | | | | | The true cause of the missing UFS/MSDOSFS labels has been identified, and only affects stable/10 at the moment. An request for commit to stable/10 will be pending RE approval after this commit. MFC after: 1 day X-MFC-Note: never X-MFC-Never: r285018, r285019, r285076, r285078, r285082 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=285114
* Test for loader.rc existence before attempting to createGlen Barber2015-07-031-2/+5
| | | | | | | | | | | | | | the symlink from loader.rc.sample. Fix paths relative to the CHROOTDIR. MFC after: 3 days X-MFC-With: r285076, r285078 X-MFC-Before: 10.2-BETA1 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=285082
* Revert r285018 and r285019, which attempted to resolveGlen Barber2015-07-031-12/+0
| | | | | | | | | | | | | | | UFS/MSDOSFS label issues on FreeBSD/arm builds, however the real problem was addressed in r285076, which is due to two separate issues, unrelated to md(4) stale device existence. MFC after: 3 days X-MFC-With: r285076 X-MFC-Before: 10.2-BETA1 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=285078