If the disk parameter "DEFAULT" is set in place of an actual device name,
or no disk is specified for the PARTITIONS parameter, the installer will
follow the logic used in the automatic-partitioning mode, in which it
will either provide a selection dialog for one of several disks if
several are present or automatically select it if there is only one. This
simplifies the creation of fully-automatic installation media for
hardware or VMs with varying disk names.
Suggested by: Egoitz Aurrekoetxea <egoitz@sarenet.es>
MFC after: 3 weeks
Relnotes: yes
(cherry picked from commit 5140034cc0)
An NFSv4 only configuration does not register with
rpcbind(). Without this patch a failure to rpcb_unset()
is reported when the daemon is terminated for this case.
This is harmless noise, but this patch avoids calling
rpcb_unset() for the NFSv4 only case, avoiding the noise.
When called with "-d", it still does the rpcb_unset(),
assuming that the configuration might have been
changed to NFSv4 only and unregistering with
rpcbind() might still be needed.
(cherry picked from commit b43fe9eb4b)
freebsd-update compares the dates on man pages with mandoc.db, and if
any newer pages are found it regenerates mandoc.db.
Previously, if mandoc.db did not already exist the check failed and
freebsd-update then failed to create one. Now, check that mandoc.db
exists before performing the check for newer pages.
Reported by: bdrewery (in D10482)
Reviewed by: gordon
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29575
(cherry picked from commit 741223a65c)
In particular:
- There is no need to do anything with gpart (the installer does that
for you).
- There is no need to specify the network interface, since we have
an option for defaults.
(cherry picked from commit f91026bf46)
An install using -DNO_ROOT emits mtree entries containing tags used by
pkgbase. makefs(8) can safely ignore them, so do that rather than
emitting a warning for each entry.
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29384
(cherry picked from commit ed42b22abc)
- Always use distinct sockets for send and recv
- Limit rights on the recv socket
For ICMP6 we were using the same socket for both send and receive, and
we limited rights on the socket such that it's impossible to receive
anything.
PR: 254623
Diagnosed by: Zhenlei Huang <zlei.huang@gmail.com>
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D29523
(cherry picked from commit b8ae450f05)
When lockd is configured with a debug level of > 0 and foreground == 0,
the process is daemonized with a truth noclose argument to daemon().
This doesn't seem to be the desired behavior because that prevents
stdout and stderr from being closed, however, stdout and stderr aren't
used anywhere else. Furthermore, the man pages state that with a higher
debug level it will use the syslog facilities to do so.
Submitted by: Caleb St. John
Discussed with: rmacklem
MFC after: 3 days
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D29415
(cherry picked from commit badcfbacf3)
There are scenarios where an NFS client will mount an NFSv4 export
without specifying a callback address.
When running nfsdumpstate under this circumstance, the column output is
shifted incorrectly which places the "ClientID" value underneath the
"Clientaddr" column.
This diff is a small cosmetic change that prints a blank in the
"Clientaddr" column and ensures the data for the columns are aligned
appropriately.
Submitted by: Caleb St. John
Reviewed by: sef (previous version)
MFC after: 3 days
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D18958
(cherry picked from commit efad9c8ba3)
Daniel reported that NFSv4 mounts were not working despite having
set "nfsv4_server_enable=YES" in /etc/rc.conf. Mountd was logging a
message that there was no /etc/exports file.
He noted that creating a /etc/exports file with a "V4:" line in it
was needed make NFSv4 mounts work.
At least one "V4:" line in one of the exports(5) file(s) is needed to
make NFSv4 mounts work. This patch fixes mountd.c so that it logs a
message indicting that there is no "V4:" line in any exports(5)
file when NFSv4 mounts are enabled.
To avoid this message being generated erroneously, /etc/rc.d/mountd
is updated to make sure vfs.nfsd.server_max_nfsvers is properly set
before mountd(8) is started.
PR: 253901
(cherry picked from commit 09673fc0f3)
We want to allow the UEFI firmware to enumerate and assign
addresses to PCI devices so we can boot from NVMe[1]. Address
assignment of PCI BARs is properly handled by the PCI emulation
code in general, but a few specific cases need additional support.
fbuf and passthru map additional objects into the guest physical
address space and so need to handle address updates. Here we add a
callback to emulated PCI devices to inform them of a BAR
configuration change. fbuf and passthru then watch for these BAR
changes and relocate the frame buffer memory segment and passthru
device mmio area respectively.
We also add new VM_MUNMAP_MEMSEG and VM_UNMAP_PPTDEV_MMIO ioctls
to vmm(4) to facilitate the unmapping needed for addres updates.
[1]: https://github.com/freebsd/uefi-edk2/pull/9/
Originally by: scottph
Sponsored by: Intel Corporation
Reviewed by: grehan
Approved by: philip (mentor)
Differential Revision: https://reviews.freebsd.org/D24066
(cherry picked from commit f8a6ec2d57)
The header specifies the size of the option in multiples of eight bytes.
The option consists of an eight-byte header followed by one or more IPv6
addresses, so the option is invalid if the size is not equal to 1+2n for
some n>0. Check this.
The bug can cause random stack data to be formatted as an IPv6 address
and passed to resolvconf(8), but a host able to trigger the bug may also
specify arbitrary addresses this way.
Reported by: Q C <cq674350529@gmail.com>
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 1af332a7d8)
Because the ESP mount point (/boot/efi) is in mtree, tar will attempt to
extract a directory at that point post-mount when the system is installed.
Normally, this is fine, since tar can happily set whatever properties it
wants. For FAT32 file systems, however, like the ESP, tar will attempt to
set mtime on the root directory, which FAT does not support, and tar will
interpret this as a fatal error, breaking the install (see
https://github.com/libarchive/libarchive/issues/1516). This issue would
also break scripted installs on bare-metal POWER8, POWER9, and PS3
systems, as well as some ARM systems.
This patch solves the problem in two ways:
- If stdout is a TTY, use the distextract stage instead of tar, as in
interactive installs. distextract solves this problem internally and
provides a nicer UI to boot, but requires a TTY.
- If stdout is not a TTY, use tar but, as a stopgap for 13.0, exclude
boot/efi from tarball extraction and then add it by hand. This is a
hack, and better solutions (as in the libarchive ticket above) will
obsolete it, but it solves the most common case, leaving only
unattended TTY-less installs on a few tier-2 platforms broken.
In addition, fix a bug with fstab generation uncovered once the tar issue
is fixed that umount(8) can depend on the ordering of lines in fstab in a
way that mount(8) does not. The partition editor now writes out fstab in
mount order, making sure umount (run at the end of scripted, but not
interactive, installs) succeeds.
PR: 254395
Approved by: re (gjb)
Reviewed by: gjb, imp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29380
(cherry picked from commit c2f16c595e)
These tests create jails with the same name, so they cannot be run in
parallel.
Reviewed By: lwhsu
Differential Revision: https://reviews.freebsd.org/D28482
(cherry picked from commit 72692dfdfe)
Commit 5619d49e07 made the getgrgid() call inside bsm work as
intended so we now print "wheel" instead of a numeric 0 in the rgid field.
Reviewed By: markj
Differential Revision: https://reviews.freebsd.org/D28462
(cherry picked from commit 7791ecf04b)
Based on an idea from dvl's coworker, László DANIELISZ, implement
a new flag, 'E', that prevents newsyslog(8) from rotating the empty
log files. This 'E' flag ist mostly usable in conjunction with 'B'
flag that instructs newsyslog(8) to not insert an informational
message into the log file after rotation, keeping it still empty.
Reviewed by: markj, ian, manpages (rpokala)
Approved by: markj, ian, manpages (rpokala)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28940
(cherry picked from commit c7d27b225d)
Changes in the 2fe5a79425 moved dst sockaddr masking from the
routing control plane to the rtsock code.
It broke arp/ndp deletion.
It turns out, arp/ndp perform RTM_GET request first to get an
interface index necessary for the deletion.
Then they simply stamp the reply with RTF_LLDATA and set the
command to RTM_DELETE.
As a result, kernel receives request with non-empty RTA_NETMASK
and clears RTA_DST host bits before passing the message to the
lla code.
De facto, the only needed bits are RTA_DST, RTA_GATEWAY and the
subset of rtm_flags.
With that in mind, fix the interace by clearing RTA_NETMASK
for every messages with RTF_LLDATA.
While here, cleanup arp/ndp code a bit.
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D28804
(cherry picked from commit f9e1cd6c99)
images.
Per hier(7), the ESP will be mounted at /boot/efi. On UFS systems,
any existing ESP will be reused and mounted there; otherwise, a new one
will be made. On ZFS systems, space for an ESP is allocated on all disks
in the root pool, but only the partition actually used to boot is set up
and mounted.
This makes future upgrades of the EFI loader easier (upgrade scripts can
just change /boot/efi) and also greatly simplifies the parts of the
installer involved in initialization of the ESP. It also makes the
installer's behavior correspond to the documentation in hier(7).
Reviewed by: imp, tsoome, bdragon
Approved by: re (gjb)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D28897
(cherry picked from commit 0b7472b3d8)
(cherry picked from commit 2c26d77d98)
(cherry picked from commit e77cf2a4ab)
(cherry picked from commit e70eb40271)
init(8) sets the "daemon" login class without specifying a pw
entry (so no substitutions are done on the variables). service(8)'s
use of env -L had the effect of specifying root's pw entry, with two
effects: getpwnam and getpwuid are being called, which may not be
entirely safe depending on what nsswitch is up to and what stage of
boot we are at, and substitutions would have been done.
Fix by teaching env(8) to allow -L -/classname to set the class
environment with no pw entry at all specified, and use it in
service(8).
PR: 253959
(cherry picked from commit 55deb0a5f0)
(cherry picked from commit 0c1a5eaae8)
Recent changes have made it such that attaching to a jail will augment
the attaching process' cpu mask with the jail's cpuset. While this is
convenient for allowing the administrator to cpuset arbitrary programs
that will attach to a jail, this is decidedly not convenient for
executing long-running daemons during jail creation.
This change inserts a reset of the process cpuset to the root cpuset
between the fork and attach to execute a command. This allows commands
executed to have the widest mask possible, and the administrator can
cpuset(1) it back down inside the jail as needed.
With this applied, one should be able to change a jail's cpuset at
exec.poststart in addition to exec.created. The former was made
difficult if jail(8) itself was running with a constrained set, as then
some processes may have been spawned inside the jail with a non-root
set. The latter is the preferred option so that processes starting in
the jail are constrained appropriately up front.
Note that all system commands are still run with the process' initial
cpuset applied.
PR: 253724
(cherry picked from commit 466df976ba)
The kernel changes needed for nfs-over-tls have been committed to main.
However, nfs-over-tls requires user space daemons to handle the
TLS handshake and other non-application data TLS records.
There is one daemon (rpc.tlsclntd) for the client side and one daemon
(rpc.tlsservd) for the server side, although they share a fair amount
of code found in rpc.tlscommon.c and rpc.tlscommon.h.
They use a KTLS enabled OpenSSL to perform the actual work and, as such,
are only built when MK_OPENSSL_KTLS is set.
Communication with the kernel is done via upcall RPCs done on AF_LOCAL
sockets and the custom system call rpctls_syscall.
Relnotes: yes
(cherry picked from commit b9cbc85d72)
Reduce copy-paste and use a more typical construct.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28417
(cherry picked from commit fbc57e2df9)
When executing automount(8), it will attempt to create the directory where an
autofs filesystem is to be mounted. Explicity set the root path for this
directory to "/".
This fixes the issue where the directory being created was being treated as a
relative path instead of an absolute path (as expected).
PR: 224601
Reported by: kusumi.tomohiro@gmail.com
Reviewed by: trasz
Differential Revision: https://reviews.freebsd.org/D27832
(cherry picked from commit 63640b2f55)
Move the check for efi variables being supported to after parsing the args. This
allows '-h' to produce both as a normal user as well as on all systems.
(cherry picked from commit 7fe2f504f8)
- One (1) spurious whitespace.
- One (1) occurrence of "random(3) bad, arc4random(3)" good.
- Three (3) writes that will never be seen.
The latter two points are complaints from clang-analyze. Switching to
arc4random(3) is decidedly a good idea because we weren't doing any kind
of PRNG seeding anyways. The discarded assignments are arguably good
for future-proofing, but it's better to improve the S/N ratio from
clang-analyze.
(cherry picked from commit b2c4ca8d28)
This is limited to bootstrap/add because some real pkg(8) commands
have -r flags with an incompatible meaning/usage, e.g., pkg-audit.
pkg(7) will still commence the search as it has, but it will ignore any
repo objects without the given name so that overrides and whatnot still
work as expected.
The use of it for add is noted in the manpage; notably, that the
signature config for that repository will be used over global config if
it's specified. i.e., pkg(7) should assume that the given pkg did come
from that repository and treat it appropriately.
(cherry picked from commit 18418e1936)
The st variable is used as a shortcut for &node->inode->st, but in one
branch just before the exit we update node->inode without changing st.
Reported by: AddressSanitizer
Reviewed By: emaste
(cherry picked from commit 12ad8bdb34)
unsz was always exactly '1' here due to an unfortunate mispositioning
of closing parenthesis. While it's generally irrelevant because bind(2)
is passed the (accurate) sep->se_ctrladdr_size instead, it's not very
helpful for anything locally that wants to use it rather than assuming
that sep->se_ctrladdr_size perfectly fits the end of sun_path.
Just drop unsz entirely and use the result of SUN_LEN() for it.
(cherry picked from commit 1253835121)
Note that this mtree(8) is actually installed as fmtree(8), while
mtree(8) is located in ^/contrib/mtree -- thus, the reference to
mtree(8) makes a lot more sense in the context in which folks would
actually notice it. Shout-out to Ravi for pointing out that this may
not be an obvious fact.
Relnotes: yes
(cherry picked from commit 6fea22cebe)
The first is actually a bitfield. The second is printed in hex by
dmidecode, so uniformidy should be good.
MFC after: 1 week
(cherry picked from commit 92d0d6bb14)
Make the installer more useful, by allowing it to create a bootable
installation. Also, enable the menu option for ZFS-on-root.
Like arm64, RISC-V boots by UEFI only, so arm64's partedit
implementation is renamed and shared among the two platforms.
Reviewed by: gjb
(cherry picked from commit 7b08a307e8)
If the installer is creating a new ESP, then this directory will not
exist and the subsequent cp will fail silently. This is usually of no
consequence if /efi/freebsd/loader.efi is set up correctly.
Reviewed by: imp
(cherry picked from commit 676b7d077c)
