permitting the administrator to select a securelevel top operate
at. Include a helpfile summarizing some of the information from
init(8). This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.
Approved by: re (scottl)
selection is used to drive two configuration parameters:
(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels
Replace this with an explicit choice to enable/disable sshd. A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly. This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.
Approved by: re (scottl)
a partition size on ia64. It's not true.
o Ask for a mountpoint for EFI partitions as well and check that it
isn't "/".
o On ia64 we may need to add EFI partitions. Make sure we pass the
right arguments to Create_Chunk_DWIM() in that case.
to better deal with the fact that we need an EFI partition and
that we need to have a mountpoint for it.
o When creating a new partition, add EFI to the list of types
the user can select from. This makes it easy to create an EFI.
o Do not include wizard.c on ia64.
o The user cannot create a partition on ia64 that's a multiple of
the cylinder size. We don't have a notion of cyclinders.
o Also allow swap and filesystem partitions outside a freebsd slice.
This is typically the case for GPT.
o Allow chunks of type "whole" to be displayed at the top. This is
to allow a GPT disk to be labeled. We need a slice out of which we
can make partitions, but a GPT disk doesn't have slices. For GPT
disks a chunk of type "whole" can then be used as a placeholder.
(1) Don't modify the configuration of the NFS server as a result of
selecting a profile. We already explicitly prompt for the NFS
server configuration during install, and the user may not get
much advance notice that we're turning it off again. Instead,
use profiles (for better or for worse) only for security tuning.
(2) Don't modify the sendmail setting as part of the security profile:
use the default from /etc/defaults/rc.conf rather than explicitly
specifying. Note that the default in /etc/defaults/rc.conf is
more conservative than the explicit rc.conf entry added by
sysinstall during install, as it does not permit SMTP delivery.
(3) Update "congratulations on your profile" text to reflect these
changes.
Note that security profiles now affect only the securelevel and sshd
settings. My leaning would be to make sshd an explicit configuration
option, move securelevels to the security menu, and drop security
profiles entirely. However, that requires more plumbing of sendmail
than I'm currently willing to invest.
We may want to add a "permit SMTP delivery" question to the install
process.
archaic at this point in time. Pretend nobody runs FreeBSD 1.x anymore
in order to not confuse people needlessly.
Laplink support probably doesn't even work at this point in time anyway...
- Add 'enable_exim="YES"' to rc.conf(5)
- Use the default exim configuration file from the port
- When using sendmail, disable some more scripts that use sendmail specific
parameters
- Have sysinstall tweak mailer.conf(5) substitution
- Use 'N' flag for newsyslog(8)
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Reviewed by: sheldonh, simon
Tested by: myself (trhodes) and submitter
written by Stuart Walsh and Duncan Barclay (with some kibbitzing by
me). I'm checking it in on Stuart's behalf.
The BCM4401 is built into several x86 laptop and desktop systems. For the
moment, I have only enabled it in the x86 kernel config because although
it's a PCI device, I haven't heard of any standalone NICs that use it. If
somebody knows of one, we can easily add it to the other arches.
This driver uses register/structure data gleaned from the Linux
driver released by Broadcom, but does not contain any of the code
from the Linux driver itself. It uses busdma.
rl(4) driver and put it in a new re(4) driver. The re(4) driver shares
the if_rlreg.h file with rl(4) but is a separate module. (Ultimately
I may change this. For now, it's convenient.)
rl(4) has been modified so that it will never attach to an 8139C+
chip, leaving it to re(4) instead. Only re(4) has the PCI IDs to
match the 8169/8169S/8110S gigE chips. if_re.c contains the same
basic code that was originally bolted onto if_rl.c, with the
following updates:
- Added support for jumbo frames. Currently, there seems to be
a limit of approximately 6200 bytes for jumbo frames on transmit.
(This was determined via experimentation.) The 8169S/8110S chips
apparently are limited to 7.5K frames on transmit. This may require
some more work, though the framework to handle jumbo frames on RX
is in place: the re_rxeof() routine will gather up frames than span
multiple 2K clusters into a single mbuf list.
- Fixed bug in re_txeof(): if we reap some of the TX buffers,
but there are still some pending, re-arm the timer before exiting
re_txeof() so that another timeout interrupt will be generated, just
in case re_start() doesn't do it for us.
- Handle the 'link state changed' interrupt
- Fix a detach bug. If re(4) is loaded as a module, and you do
tcpdump -i re0, then you do 'kldunload if_re,' the system will
panic after a few seconds. This happens because ether_ifdetach()
ends up calling the BPF detach code, which notices the interface
is in promiscuous mode and tries to switch promisc mode off while
detaching the BPF listner. This ultimately results in a call
to re_ioctl() (due to SIOCSIFFLAGS), which in turn calls re_init()
to handle the IFF_PROMISC flag change. Unfortunately, calling re_init()
here turns the chip back on and restarts the 1-second timeout loop
that drives re_tick(). By the time the timeout fires, if_re.ko
has been unloaded, which results in a call to invalid code and
blows up the system.
To fix this, I cleared the IFF_UP flag before calling ether_ifdetach(),
which stops the ioctl routine from trying to reset the chip.
- Modified comments in re_rxeof() relating to the difference in
RX descriptor status bit layout between the 8139C+ and the gigE
chips. The layout is different because the frame length field
was expanded from 12 bits to 13, and they got rid of one of the
status bits to make room.
- Add diagnostic code (re_diag()) to test for the case where a user
has installed a broken 32-bit 8169 PCI NIC in a 64-bit slot. Some
NICs have the REQ64# and ACK64# lines connected even though the
board is 32-bit only (in this case, they should be pulled high).
This fools the chip into doing 64-bit DMA transfers even though
there is no 64-bit data path. To detect this, re_diag() puts the
chip into digital loopback mode and sets the receiver to promiscuous
mode, then initiates a single 64-byte packet transmission. The
frame is echoed back to the host, and if the frame contents are
intact, we know DMA is working correctly, otherwise we complain
loudly on the console and abort the device attach. (At the moment,
I don't know of any way to work around the problem other than
physically modifying the board, so until/unless I can think of a
software workaround, this will have do to.)
- Created re(4) man page
- Modified rlphy.c to allow re(4) to attach as well as rl(4).
Note that this code works for the sample 8169/Marvell 88E1000 NIC
that I have, but probably won't work for the 8169S/8110S chips.
RealTek has sent me some sample NICs, but they haven't arrived yet.
I will probably need to add an rlgphy driver to handle the on-board
PHY in the 8169S/8110S (it needs special DSP initialization).
This option adds Postfix and Exim to the list, however, qmail is not added
due to license restrictions.
Collaborated with: Simon L. Nielsen <simon@nitro.dk>
Reviewed by: jhb, re@, -audit.
'use entire disk'. Neither for ia64 while I'm here - it needs a MBR if
its going to use fdisk+disklabel. The ia64 case is mostly academic though
because you'd be creating two partitions (dos + freebsd) rather than
a single freebsd-only partition.
PC98 boot blocks don't support UFS2. We keep newfs(8) defaulting to
UFS2.
Warn users that FreeBSD can only boot from a root file system smaller
than 1.5TB; hopefully this will get fixed by the patches currently
floating around on -CURRENT.
Reviewed by: nyan
ethernet controller. The driver has been tested with the LinkSys
USB200M adapter. I know for a fact that there are other devices out
there with this chip but don't have all the USB vendor/device IDs.
Note: I'm not sure if this will force the driver to end up in the
install kernel image or not. Special magic needs to be done to exclude
it to keep the boot floppies from bloating again, someone please
advise.
FreeBSD 5.1-RELEASE and later:
- newfs(8) will now create UFS2 file systems unless UFS1 is specifically
requested (-O1). To do this, I just twiddled the Oflag default.
- sysinstall(8) will now select UFS2 as the default layout for new
file systems unless specifically requested (use '1' and '2' to change
the file system layout in the disk labeler). To do this, I inverted
the ufs2 flag into a ufs1 flag, since ufs2 is now the default and
ufs1 is the edge case. There's a slight semantic change in the
key behavior: '2' no longer toggles, it changes the selection to UFS2.
This is very similar to a patch David O'Brien sent me at one point, and
that I couldn't find.
Approved by: re (telecon)
Reviewed by: mckusick, phk, bmah
read from CD from 2k to 16k, because in the modern world of meta-packages
(Gnome et al) the length of this list could easily owerflow limit causing
strange things to happen, ranging from installation failure due to list
truncation to complete stack trashing (there is very vague bounds checking).
For example, x11/gnome2-fifth-toe runtime dependencies list is 2,418 bytes
long.
Due to obvious reasons, this is an immediate MFC candidate.
Sponsored by: Porta Software Ltd
MFC after: 1 day
If we already have a lease and restart sysinstall (or something with
the net configuration goes wrong), we would have to reboot just
because there is a dhclient hanging around.
Reviewed by: murray (re)
MFC after: 5 days
physical memory. The default is still 2x physical memory. The nominal
calculation is used to back-off swap auto-allocation ('A'uto command)
when the disk is not large enough to accomodate all filesystem auto-defaults.
This gives other partitions (like /usr) more priority over swap on smaller
disks.
This should help solve reported auto-sizing failures on machines with small
hard drives and huge amounts of memory. For example, a machine with 2G of
disk and 4G of memory will fail to auto-size without this fix.
MFC after: 3 days
'base' dist rename.
- Rework struct dist to allow for different types of dists. There are
currently three types of dists: DT_TARBALL, the traditonal gzipped and
split tar file; DT_PACKAGE, a package; and DT_SUBDIST, a meta-dist in
the tree that has its own array of dists as its contents. For example,
the 'base' dist is a DT_TARBALL dist, the 'perl' dist is a DT_PACKAGE
dist, and the 'src' dist is a DT_SUBDIST dist with its own dist table
that contains 'sbase', 'ssys', etc.
- Add helper macros for defining array entries for the different types of
dists to try and make the statically defined dist table in dist.c more
readable.
- Split the logic to deal with a DT_TARBALL dist out of distExtract()
and into its own distExtractTarball() function. distExtract() now
calls other functions to extract each dist.
- Tweak the percentage complete calculation in distExtractTarball() to
do the multiply prior to the divide so it doesn't have to use floating
point.
- Axe the installPackage() function along with the special handling for
the perl and XFree86 dists in distExtractAll() since distExtract()
handles package dists directly now.
- Add back in subdists for the X packages based on the split up packages
that XFree86-4 uses that as closely map to the X dists we used with
X 3.3.x.
- Lots of things like distSetX() and the X dist masks are no longer
#ifndef X_AS_PKG since we use them in both cases now.
- Make the entire installFixupXFree() function #ifndef X_AS_PKG, we only
call it in that case anyways, and it's not suitable for the X_AS_PKG
case.
- Add in X dist menus for the X_AS_PKG case.
Approved by: re
load drivers from the driver floppy if the "driver_floppy" variable is set
in the kernel environment and call this function after probing devices but
before displaying the main menu.
X-MFC after: as soon as I finish committing to current
Approved by: re@ (blanket)
i386, remove the seatbelt preventing users from setting the UFS2 flag
on the root file system on i386. This seatbelt did not exist on
other platforms.
MFC candidate.
type of new slices and to change the type of existing slices. This also
has the advantage of moving a few #ifdef PC98's up to where the macros
are defined instead of in the middle of the code.
- Change the behavior of the 'T' option in the slice editor so that the
default value in the dialog box is the current type of the existing
slice rather than defaulting to changing the slice to a FreeBSD slice as
this is more intuitive.
Approved by: re
editor, in order to support specifying UFS2 as a newfs option.
(1) Support three different newfs types: NEWFS_UFS, NEWFS_MSDOS, and
NEWFS_CUSTOM. Don't mix up the arguments to them: you can't use
soft updates on an msdos file system.
(2) Distinguish adding new arguments to the newfs command line from
replacing it. Permit the addition of new arguments by the user for
NEWFS_UFS. If we entirely replace the command line provided by
sysinstall, call it NEWFS_CUSTOM. 'N' will now add additional
arguments; 'Z' will opt to replace the newfs command line entirely,
but will prompt the user with their current command line as a
starting point.
(3) Construct the newfs command line dynamically based on the options
provided by the user at label-time. Right now, this means selecting
UFS1 vs. UFS2, and the soft updates flag. Drop in some variables
to support ACLs and MAC Multilabel in the future also, but don't
expose them now.
This provides sysinstall with the ability to do more "in band" editing
of the newfs command line, so we can provide more support for the user,
but doesn't sacrifice the ability to entirely specify the newfs command
line of the user is willing to give up on the cushiness factor. It
also makes it easier for us to specify defaults in the future, and
define conditional behavior based on user configuration selections.
For now, we default to UFS1, and permit UFS2 to be used as the root
only on non-i386 systems.
While I was there, I dropped the default fragment and block sizes,
since newfs has much more sensible defaults now.
Reviewed by: jhb, marcel
Approved by: re
ia64 bits from: marcel
rather than installX11package().
- Add a perl psuedo-dist that installs the perl package. The perl
distribution is selected by default when a User distribution set is
selected. It is not selected when a Minimal distribution set is
selected. The perl distribution may be toggled manually in the
custom menu just as other distributions.
Approved by: re
bug fixed yesterday. New slices created in the fdisk editor and slices
whose sub-type is changed are of type 'mbr' if their sub-type is not a
magic type, not type 'unknown'.
Approved by: re
o Mount the EFI file system as msdosfs and not ufs as it's a FAT
file system. Introduce Mount_msdos() for this to go side-by-side
with Mount().
o Also, since mounting is performed as a command (which means it's
queued, sorted, lost, found and executed), we cannot create a
directory on the file system by calling mkdir. We must make sure
the mkdir happens after the mount. Introduce Mkdir_command() to
allow mkdir operations to be queued, sorted, lost, found and
executed as well.
Approved by: re (jhb, rwatson)
- Only declare mouse menus if WITH_MICE.
- Only declare syscons menus if WITH_SYSCONS.
- Only declare fdisk editor functions if WITH_SLICES.
Approved by: re
WITH_SYSCONS is defined.
- Only define mouse menus and mouse menu items if WITH_MICE is defined.
- Use WITH_SLICES instead of explicit lists of architectures to control
the layout of menus dependent on if slices are used on this arch or not.
- Only include the linux startup option if WITH_LINUX is defined.
- Only include the SVR4 startup option on i386. It doesn't work on sparc64,
and it is debatable that it even works on i386.
- Change the OSF1 startup option to execute configOSF1() instead of just
setting the variable so that /compat/osf1 gets created.
Tested on: i386, alpha, sparc64
Approved by: re
fdisk editor if WITH_SLICES. Before this on arch's that didn't support
slices such as alpha and sparc64 you would drop into the fdisk editor after
doing an Undo in the label editor.
Approved by: re
of an explicit list of architecture defines.
- Tweak the message prior to the label editor in the !WITH_SLICES case to
make it slightly less awkward since this is the first dialog we see after
starting an install.
- Only offer to customize syscons settings if WITH_SYSCONS.
- Offer to enable Linux compat if WITH_LINUX. Before we only did this for
i386.
- On the alpha, offer to enable OSF/1 compat after asking about Linux
compat.
- Only offer to configure moused(8) if WITH_MICE is defined.
Tested on: i386, alpha, sparc64
Approved by: re
and more maintainable.
- WITH_SYSCONS: defined on all arch's that support syscons (currently i386,
alpha, and ia64)
- WITH_MICE: defined on all arch's that support moused(8) (currently i386,
alpha, and ia64)
- WITH_SLICES: defined on all arch's that use disk slices (currently i386
and ia64)
- WITH_LINUX: defined on all arch's that support Linux binary compat
(currently i386 and alpha)
Approved by: re
the two GNOME 1-based alternatives.
While here, note that a majority of the items in this menu are not
sentences, and remove trailing dots to make the remainder consistent.
Reviewed by: marcus
Approved by: re (bmah)
of the EFI file system. This makes the EFI partition non-optional.
I don't think that the links are actually correct, given that all
the mount points are under /mnt when sysinstall is run as init.
(ie a non-upgrade). Thus: I think I need to go in once more, but
at least this doesn't get lost...
partitions marked as being of type efi. This change adds code to
1. actually run the newfs command at mount time (install.c),
2. display the newfs state on screen (label.c)
3. allow toggling of the newfs state (label.c)
Even though newfs(8)-ing FAT partitions can be of use on i386
machines in general, it has been opted to minimize impact for
now.
With this change there's no a priori difference between EFI and
FAT partitions. With this change and the corresponding change to
libdisk, we can create EFI partitions, just like regular FAT
partitions.
the loop that runs through the environment variables to be a bit more
intuitive. Also, change some 'continue's in failure cases to 'break's
instead. If we are going to fail, we should just do it.
PR: bin/40654
Submitted by: Thomas Zenker <thz@Lennartz-electronic.de> (partially)
argument as of revision 1.52 (July 12, 1996, about a month after I
graduated from high school) when 'newfs -u' support was axed, so remove it.
This also allows us to remove a hack in the create partition case where we
created the partition twice since we didn't have the size the first time.
- Disabled 'Syscons, Font', 'Syscons, Screenmap' and 'Syscons, Ttys' menus
on pc98.
- Fixed the MenuMouseType and MenuMousePort menus for pc98.
- Fixed some comments for pc98.
something applies to. So change #ifndef to an explicit list of defines.
* Treate sparc64 and ia64 as 64-bit platforms, which means larger roots.
* sparc64 should halt back to the firmware, not reset.
* sparc64 doesn't need to play MS-DOS/BIOS partition crap games.
Reviewed by: jake
actually does work. Ignore errors from kldload(2) if the errno value is
EEXIST. It would help if this return value were documented in the
kldload(2) manual page.
one can set the 'noError' variable to ignore any errors that occur for the
next command. However, the code was only unsetting 'noError' when an error
actually occurred, so if you set 'noError', the next command completed ok,
and the command after that failed, the second command's failure would be
ignored. This fixes this by performing the 'noError' check earlier and
then unsetting 'noError' after every command that is run.
Sponsored by: The Weather Channel
temporarily turn off the nonInteractive variable around the DHCP and IPv6
Yes/No questions in a network device setup so that those questions are
asked.
Also add the ability to use Bzip'ed distributions -- but this is exclusive
of being able to use Gzip'ed distributions.
Sponsored by: FreeBSD Mall, Inc.
present, this field specifies the media volume that the disc is
contained on. If the volume of a given packages is different than the
current volume of mediaDevice, then the user is prompted --
"This is disc #%d. Package %s is on disc #%d\n"
"Would you like to switch discs now?\n"
If the user selects yes, then DEVICE_SHUTDOWN is called and the user
is then prompted --
"Please remove disc #%d from you drive, and add disc #%d"
This works well for a carefully crafted INDEX file, but more work
needs to be done to sort dependencies on a given package based on the
volume that they reside on, to minimize the amount of disc flipping
required of the user.
This commit is a no-op for normal INDEX files and FreeBSD CDs. These
additional features are only used if the INDEX and cdrom.inf file have
multi-volume support.
so know we have proper PKG registration and dependency information.
This is a WIP for 5.0 DP #1, so it is still rough around the edges and
does not GC the old XFree86 3.3.6 handling stuff that should be GC'ed.
Sponsored by: FreeBSD Mall, Inc.
from CD-ROM in 4-stable. Note that in 5-current, we use devfs so this
change (hopefully) shouldn't change anything.
I'll MFC to 4-stable later.
Tested with: FreeBSD/i386, 4.5-STABLE-20020330-JPSNAP
While I'm here, make the menu entries on the documentation menu begin
with "1" instead of "2".
Reviewed by: imp, rwatson, murray
Approved by: imp, rwatson, murray
MFC after: 1 week
installed ones under /boot (which we may not even have in the
case of a cross build).
This introduced chicken and egg problem - we need boot images
early in the "depend" stage but they have not yet been built.
Work around this by excluding the generated makeboot.c source
from the "depend" list; it's okay because we hardcode all its
dependencies explicitly. We actually lose the dependency bit
on <sys/types.h> but it's probably okay too as the only thing
we use is the u_char datatype and this is unlikely to change.
After all, it's normal for sloppy cleaning to cause problems.
beast.FreeBSD.org running 5.0-CURRENT alpha has been able to
cross build i386 world with this patch.
Prodded by: gallatin