Commit graph

342 commits

Author SHA1 Message Date
Allan Jude
46c380e6db bsdinstall: Make ZFS min_auto_ashift adjustment persistent
Reported by:	feld
Reviewed by:	dteske, tsoome
MFC after:	3 days
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D10895
2017-06-12 19:29:31 +00:00
Roger Pau Monné
d7640440fb bsdinstall: do not use distextract in scripted mode
It requires a tty, which might not be available in scripted installs. Instead
extract the sets manually using tar.

Reviewed by:		tsoome
Sponsored by:		Citrix Systems R&D
MFC after:		1 week
Differential revision:	https://reviews.freebsd.org/D10736
2017-05-22 11:41:17 +00:00
Roger Pau Monné
2f34d6c344 bsdinstall: mount is not needed for the ZFS install case
Because the datasets are already mounted by zfsboot, and the mount script
doesn't know anything about ZFS. Also do not execute the "umount" script for
ZFS for the same reasons.

Reviewed by:		dteske, tsoome
Sponsored by:		Citrix Systems R&D
MFC after:		1 week
Differential revision:	https://reviews.freebsd.org/D10738
2017-05-22 11:38:39 +00:00
Bartek Rutkowski
2434a0528a Revert changes introduced in r314036 on demand by jhb and bapt.
Approved by:	bapt, jhb
2017-03-17 11:45:46 +00:00
Bartek Rutkowski
4bf41040fd Enable bsdinstall hardening options by default.
As discussed previously, in order to introduce new OS hardening
defaults, we've added them to bsdinstall in 'off by default' mode.
It has been there for a while, so the next step is to change them
to 'on by defaul' mode, so that in future we could simply enable
them in base OS.

Reviewed by:	brd
Approved by:	adrian
Differential Revision:	https://reviews.freebsd.org/D9641
2017-02-21 09:37:33 +00:00
Bartek Rutkowski
955255728c Add 0-8 as shortcuts for jumping to menu items in the hardening menu.
Submitted by:	skreuzer
Reviewed by:	allanjude, robak
Approved by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D6826
2017-02-16 19:58:02 +00:00
Renato Botelho
371ce0ebc2 bsdinstall: Make sure chroot filesystems are umounted after use
* DISTDIR_IS_UNIONFS is set every time BSDINSTALL_DISTDIR is mounted inside
  BSDINSTALL_CHROOT. Use this flag to decide if it needs to be umounted
* BSDINSTALL_CHROOT/dev is mounted when 'bsdinstall mount' is called, there is
  no need to mount it again when user goes to shell after installation

Reviewed by:	allanjude
Obtained from:	pfSense
MFC after:	1 week
Sponsored by:	Rubicon Communications (Netgate)
Differential Revision:	https://reviews.freebsd.org/D8573
2017-02-08 17:03:52 +00:00
Devin Teske
a7cc56803c Revert r309918 -- modern POSIX has deprecated -<#>/+<#> syntax
Special thanks to:	jilles
2016-12-13 22:31:49 +00:00
Devin Teske
f3a8471e5f It's completely pointless to replace newlines with space
(this is done automatically for you upon shell expansion)
2016-12-13 02:56:52 +00:00
Devin Teske
be094a3204 The flags of a WLAN need to be quoted (they contain things like brackets) 2016-12-13 02:54:44 +00:00
Devin Teske
19dbb0ba18 Simplify single-line if statements 2016-12-13 02:48:14 +00:00
Devin Teske
afcce2f52d Simplify loop by moving predicate to clause 2016-12-13 02:47:39 +00:00
Devin Teske
b46ca7cefe Wordsmithing 2016-12-13 02:46:36 +00:00
Devin Teske
a9d334210f Why test $? when you can test the command 2016-12-13 02:45:52 +00:00
Devin Teske
6ef8ca674f Restore previous comment 2016-12-13 02:45:07 +00:00
Devin Teske
94f5aec600 Both simplify bringup of interface after changes and catch errors in debug 2016-12-13 02:44:33 +00:00
Devin Teske
b9f60aba8b Calculate proper size of menu list dialog 2016-12-13 02:42:10 +00:00
Devin Teske
9a46c67aed There's an API function for catching errors and displaying them or
logging them to debug output
2016-12-13 02:40:54 +00:00
Devin Teske
7e1166de96 There's an API function for displaying pauses 2016-12-13 02:30:24 +00:00
Devin Teske
d79a135578 There's an API function for displaying yes/no dialogs 2016-12-13 02:29:20 +00:00
Devin Teske
1d92999c48 There's an API function for displaying errors 2016-12-13 02:27:38 +00:00
Devin Teske
35af83c188 Comment 2016-12-13 02:25:23 +00:00
Devin Teske
b45548a80e Whitespace alignment 2016-12-13 02:23:48 +00:00
Devin Teske
d5fddc4dcb Relying on dialog auto-sizing (width/height/rows = 0) is a mistake
Use the provided API for calculating the appropriate size of menus
2016-12-13 02:22:21 +00:00
Devin Teske
7599c85424 Remove unnecessary quotes 2016-12-13 02:16:00 +00:00
Devin Teske
1095816ec3 Add missing quotes 2016-12-13 02:15:36 +00:00
Devin Teske
01a2404c35 In awk, if you're going to append a newline to your printf
AND you're going to print only the argument, just use print
2016-12-13 02:14:40 +00:00
Devin Teske
dba958af5d This statement has too many backslashes 2016-12-13 02:13:20 +00:00
Devin Teske
be34885e2a Neither printf (and as is commonly known) nor print need parens in awk 2016-12-13 02:12:00 +00:00
Devin Teske
5943bcd19f Whitespace and alignment 2016-12-13 02:11:09 +00:00
Devin Teske
191441eed8 You don't need parentheses for awk's printf 2016-12-13 02:07:12 +00:00
Devin Teske
0724c87c95 Continued resolution of conveluted statement
We shouldn't be coding things like "x || (x && x) || x || x || x ..."
2016-12-13 02:04:50 +00:00
Devin Teske
32c34b0361 These two error messages have always been backwards since inception 2016-12-13 02:02:14 +00:00
Devin Teske
7f513d3675 Why use $? when you can use the command itself 2016-12-13 01:59:35 +00:00
Devin Teske
6b77f63e5d If the first ping succeeded, why on Earth should we ping it again? 2016-12-13 01:56:28 +00:00
Devin Teske
a1a6fec1c7 Start deconstructing a conveluted hunk of code 2016-12-13 01:54:44 +00:00
Devin Teske
19cae84e23 Remove completely unnecesary parentheses 2016-12-13 01:52:10 +00:00
Devin Teske
751993945a Why repeat yourself when you can send stderr to the same place as stdout? 2016-12-13 01:50:22 +00:00
Devin Teske
66ef7d9455 Properly quote variable 2016-12-13 01:44:18 +00:00
Devin Teske
a51195769a Use more generic f_yesno() from provided API 2016-12-13 01:42:13 +00:00
Devin Teske
f52733d46e The output of dialog needs to be sanitized
for portability/compatibility requirements
2016-12-13 01:41:06 +00:00
Devin Teske
f20b7768fc Whitespace alignment 2016-12-13 01:39:09 +00:00
Devin Teske
d401d36c04 Sort the domains 2016-12-13 01:36:46 +00:00
Devin Teske
95ee591e83 The --no-items and --stdout options are non-standard and should be avoided
From the dialog(1) manual:
using [--stdout] in portable scripts is not recommended
2016-12-13 01:35:26 +00:00
Devin Teske
6e038cc2eb More efficiently make use of the exit status 2016-12-13 00:27:56 +00:00
Devin Teske
1c61211223 Stop repeating strings (centralize prompt string)
NB: Changes to strings now only affect a single line
2016-12-13 00:22:01 +00:00
Devin Teske
e2577019ed Add missing backslash (no real effect; it's pedantic and correct for
the interpolation level)
2016-12-13 00:18:51 +00:00
Devin Teske
e7f2eb12c2 Use the oft-neglected awk syntax "startcondition, stopcondition { ... }" to
process the range of country labels which appear as columnar list from the
"ifconfig DEV list countries" command. Not only improving maintainability,
but also properly encapsulating arguments in single-quotes instead of
trying to escape whitespace. It is also completely unnecessary to collapse
newlines into whitespace (shell will do this for you automatically upon
expansion of the contents where necessary).

NB: This also changes the sorting algorithm to sort on the country code,
not the country name. The type-ahead feature of dialog is destroyed if the
tags are not sorted properly.
2016-12-13 00:02:59 +00:00
Devin Teske
49748e0a6d Quote WLAN_IFACE (pedantic) 2016-12-12 22:57:07 +00:00
Devin Teske
6c26775c2f In awk, casting a variable as a boolean condition is the same as testing if
the length of the variable contents is greater than zero

This allows us to also move the secondary condition into the action clause
2016-12-12 21:29:48 +00:00
Devin Teske
275c0c0741 Remove an unnecessary call to f_dialog_title_restore() 2016-12-12 21:27:29 +00:00
Devin Teske
1045858386 Whitespace 2016-12-12 21:26:36 +00:00
Devin Teske
d124dfc410 Utilize provided i18n strings 2016-12-12 21:23:47 +00:00
Devin Teske
877ea04721 Remove incomplete and unnecessary creation of fd3
The provided API already provides a passthru descriptor and even
gives you a varaible for referring to it.
2016-12-12 21:20:56 +00:00
Devin Teske
8bcf564644 Remove unnecessary semi-colons 2016-12-12 21:18:24 +00:00
Devin Teske
0b8f01fe99 Use awk the following (more succinct) awk syntax:
condition1 { action1 }
	condition2 { action2 }

instead of the following syntax:

	{
		if (condition1) { action1 }
		else if (condition2) { action2 }
	}
2016-12-12 21:16:37 +00:00
Devin Teske
d9f83eb9f4 1 is the default descriptor for redirects without an fd prefix 2016-12-12 21:11:55 +00:00
Devin Teske
bef42d18c5 Fix invalid parameter expansion (change $@ to "$@")
Without quotes, $@ loses its special meanining (see below)

% sh -c 'echo $@' /bin/sh "   1   " "   2   "
1 2
% sh -c 'echo "$@"' /bin/sh "   1   " "   2   "
   1       2

The quotes are required to get ARGV to be unperterped
2016-12-12 21:04:11 +00:00
Devin Teske
35c8d5eb1b Allow the script path to contain whitespace and special characters 2016-12-12 21:01:20 +00:00
Devin Teske
58ce2edc98 Use provided API to centralize dialog title strings 2016-12-12 21:00:09 +00:00
Devin Teske
7797a5973f Reorder dialog parameters based on commonality for readability 2016-12-12 20:54:20 +00:00
Devin Teske
6ea6e3fa7d Fix incorrect use of provided API
The result of which was incorrectly sized menu dialogs
2016-12-12 20:49:49 +00:00
Devin Teske
ea2e60b01c Use provided API (change "dialog" to "$DIALOG") 2016-12-12 20:43:09 +00:00
Devin Teske
2abc4c242e Whitespace (dialog options separated to minimize diffs) 2016-12-12 20:41:27 +00:00
Devin Teske
b5938e7da3 Consolidate redirects into here documents, with proper code indentation 2016-12-12 19:46:49 +00:00
Devin Teske
15fadc4858 Remove an unnecessary "return $?" at end of function 2016-12-12 19:26:55 +00:00
Devin Teske
7bcf4508be Use ternary operator 2016-12-12 19:24:32 +00:00
Devin Teske
0e638f57e6 If you're not going to make use of the products of a match() in awk
(e.g., RSTART and RLENGTH variables) then use ~ instead of match()
2016-12-12 19:12:31 +00:00
Devin Teske
71ef4d586a Now that these variables do not contain the --default-item flag itself,
change the name of the variable from $def_item_... to $default_...
2016-12-12 19:10:39 +00:00
Devin Teske
86e1d2977f Always pass --default-item parameter to dialog 2016-12-12 19:09:17 +00:00
Devin Teske
48e9fce2f5 There is zero harm in always passing --default-item to dialog 2016-12-12 19:07:42 +00:00
Devin Teske
58dc38bd1c Centralize backtitle string 2016-12-12 19:01:04 +00:00
Devin Teske
5357f8f7c8 Use provided API instead of hard-coded status integers 2016-12-12 18:55:41 +00:00
Devin Teske
76b07bd950 Whitespace 2016-12-12 18:52:22 +00:00
Devin Teske
9ca8b7be34 Remove unnecessary `-n' parameter to head/tail 2016-12-12 18:48:00 +00:00
Devin Teske
3204364296 awk(1) match() takes a regex, use /.../ to remind ourselves of this
NB: The difference between "..." and /.../ for a regex in awk is that
quoted strings go through escape expansion first (e.g., \\ becomes \)
2016-12-12 18:45:52 +00:00
Devin Teske
4fa8c81cc3 Be internally consistent (": > ..." is used elsewhere in this file) 2016-12-12 18:43:42 +00:00
Devin Teske
edcf330372 "echo | sed | sed | awk" is silly (changed to "echo | awk") 2016-12-12 18:42:55 +00:00
Devin Teske
1cac9fc2a3 Add missing `-e' parameter to sed invocations 2016-12-12 18:39:26 +00:00
Devin Teske
8d5182d698 Allow $BSDINSTALL_TMPETC to contain whitespace or special chars 2016-12-12 18:38:18 +00:00
Devin Teske
c62801e26d Group fallbacks together 2016-12-12 18:34:21 +00:00
Devin Teske
0b04945dc0 Remove unnecessary quotes around number in test 2016-12-12 18:33:40 +00:00
Devin Teske
e9c843adc7 Change "[ ! ... ] && ..." to "[ ... ] || ..." 2016-12-12 18:29:24 +00:00
Devin Teske
e20253348d Collapse tiny if statements 2016-12-12 18:28:20 +00:00
Devin Teske
114a587e3b Replace funny block with something easy to digest 2016-12-12 18:24:41 +00:00
Devin Teske
bede070805 Consolidate locals 2016-12-12 18:21:56 +00:00
Devin Teske
5b57fabb45 Remove unnecessary local initializers 2016-12-12 18:20:56 +00:00
Devin Teske
38a9942347 Change "[ ! -z ... ]" => "[ ... ]" and "[ -z ... ]" => "[ ! ... ]" 2016-12-12 18:17:30 +00:00
Devin Teske
138ab67af4 Use $( ... ) instead of ... 2016-12-12 18:10:33 +00:00
Devin Teske
97a4c9f0dc Comments 2016-12-12 18:05:54 +00:00
Devin Teske
f18789d787 Functions in their own section 2016-12-08 19:28:12 +00:00
Devin Teske
3d2b0857bf Remove unnecessary trailing backslashes 2016-12-08 19:26:22 +00:00
Devin Teske
3220bdd85c Add support for "hidden" Wi-Fi networks
PR:		bin/214933
Submitted by:	Maxim Filimonov <che@bein.link>
Reviewed by:	dteske, allanjude, adrian
MFC after:	6 days
X-MFC-with:	Follow-up commit for style
2016-12-08 16:41:18 +00:00
Steven Kreuzer
1d01cb0d72 Write kern.randompid to /etc/sysctl.conf
PR:		211471
Reported by:	survo@protonmail.com
Reviewed by:	robak@
Approved by:	allanjude@
MFC after:	3 days
Differential Revision:	 https://reviews.freebsd.org/D7440
2016-08-09 15:57:37 +00:00
Dimitry Andric
7212134272 Fix non-functional bsdinstall services dialog.
The most recent version of bsdinstall does not seem to respect any of
the checkboxes in the "Choose the services you would like to be started
at boot" dialog.  None of the chosen services end up in the rc.conf file
that is installed onto the target system.

This is caused by the bsdinstall/scripts/hardening script, which
implements the new hardening options dialog.  The script starts by
overwriting the previously written rc.conf.services file:

    echo -n > $BSDINSTALL_TMPETC/rc.conf.services

which is obviously incorrect.  It should clear out rc.conf.hardening
instead.

Reviewed by:	allanjude
PR:		211506
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D7387
2016-08-01 19:49:42 +00:00
Allan Jude
1b63cafb63 A failed installation once restarted will often error out
If an encrypted install is attempted and fails for any reason, the disk
cannot be erased by the installer because the partition is in use by GELI

At the start of the installation process, all ZFS pools are exported and
all GELI instances are detached, to allow a restarted install to proceed

PR:		210814
Reported by:	jonathan
MFC after:	10 days
2016-07-16 19:35:04 +00:00
Allan Jude
4487af02ff Fix encrypted MBR install
The pools are exported and reimported in order to write the bootcode
This causes an error when the bootpool is later mounted by common code
The bootpool is now imported with the -N flag to prevent mounting

Reported by:	Michael Dexter
MFC after:	5 days
2016-07-16 18:28:44 +00:00
Bartek Rutkowski
0e3f233f51 Add new System Hardening menu and options to bsdinstall.
This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
picked system security options (like random process id's, hiding
other users/groups processes and others).

All options are OFF by default in this patch due to POLA principle
with intention to turn change some of them to ON by default in future.

Reviewed by:	adrian, allanjude, bdrewery, nwhitehorn
Approved by:	adrian, allanjude
MFC after:	7 days
2016-07-15 15:07:24 +00:00
Allan Jude
d4e5caaf7d Make the new 'set date and time' dialog default to skip
X-MFC-With:	302790
Requested by:	nwhitehorn
2016-07-14 00:41:19 +00:00
Allan Jude
09c4000afe bsdinstall: Prompt user to set the date and time after selecting timezone
Not having the correct date and time makes many PKI based things not work

In 10 and 11, it can mean that Unbound, ntpd, and sshd won't start

Submitted by:	des (original patch)
MFC after:	7 days
2016-07-13 23:49:45 +00:00