It requires a tty, which might not be available in scripted installs. Instead
extract the sets manually using tar.
Reviewed by: tsoome
Sponsored by: Citrix Systems R&D
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D10736
Because the datasets are already mounted by zfsboot, and the mount script
doesn't know anything about ZFS. Also do not execute the "umount" script for
ZFS for the same reasons.
Reviewed by: dteske, tsoome
Sponsored by: Citrix Systems R&D
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D10738
As discussed previously, in order to introduce new OS hardening
defaults, we've added them to bsdinstall in 'off by default' mode.
It has been there for a while, so the next step is to change them
to 'on by defaul' mode, so that in future we could simply enable
them in base OS.
Reviewed by: brd
Approved by: adrian
Differential Revision: https://reviews.freebsd.org/D9641
* DISTDIR_IS_UNIONFS is set every time BSDINSTALL_DISTDIR is mounted inside
BSDINSTALL_CHROOT. Use this flag to decide if it needs to be umounted
* BSDINSTALL_CHROOT/dev is mounted when 'bsdinstall mount' is called, there is
no need to mount it again when user goes to shell after installation
Reviewed by: allanjude
Obtained from: pfSense
MFC after: 1 week
Sponsored by: Rubicon Communications (Netgate)
Differential Revision: https://reviews.freebsd.org/D8573
process the range of country labels which appear as columnar list from the
"ifconfig DEV list countries" command. Not only improving maintainability,
but also properly encapsulating arguments in single-quotes instead of
trying to escape whitespace. It is also completely unnecessary to collapse
newlines into whitespace (shell will do this for you automatically upon
expansion of the contents where necessary).
NB: This also changes the sorting algorithm to sort on the country code,
not the country name. The type-ahead feature of dialog is destroyed if the
tags are not sorted properly.
Without quotes, $@ loses its special meanining (see below)
% sh -c 'echo $@' /bin/sh " 1 " " 2 "
1 2
% sh -c 'echo "$@"' /bin/sh " 1 " " 2 "
1 2
The quotes are required to get ARGV to be unperterped
The most recent version of bsdinstall does not seem to respect any of
the checkboxes in the "Choose the services you would like to be started
at boot" dialog. None of the chosen services end up in the rc.conf file
that is installed onto the target system.
This is caused by the bsdinstall/scripts/hardening script, which
implements the new hardening options dialog. The script starts by
overwriting the previously written rc.conf.services file:
echo -n > $BSDINSTALL_TMPETC/rc.conf.services
which is obviously incorrect. It should clear out rc.conf.hardening
instead.
Reviewed by: allanjude
PR: 211506
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7387
If an encrypted install is attempted and fails for any reason, the disk
cannot be erased by the installer because the partition is in use by GELI
At the start of the installation process, all ZFS pools are exported and
all GELI instances are detached, to allow a restarted install to proceed
PR: 210814
Reported by: jonathan
MFC after: 10 days
The pools are exported and reimported in order to write the bootcode
This causes an error when the bootpool is later mounted by common code
The bootpool is now imported with the -N flag to prevent mounting
Reported by: Michael Dexter
MFC after: 5 days
This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
picked system security options (like random process id's, hiding
other users/groups processes and others).
All options are OFF by default in this patch due to POLA principle
with intention to turn change some of them to ON by default in future.
Reviewed by: adrian, allanjude, bdrewery, nwhitehorn
Approved by: adrian, allanjude
MFC after: 7 days
Not having the correct date and time makes many PKI based things not work
In 10 and 11, it can mean that Unbound, ntpd, and sshd won't start
Submitted by: des (original patch)
MFC after: 7 days
