1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

875 Commits

Author SHA1 Message Date
Matteo Riondato
7c0c5d7027 Allow the use of wildcarded device names in devfs.conf
PR:		conf/90760
Submitted by:	Darren Pilgrim <darren.pilgrim@gmail.com>
Approved by:	philip (mentor)
2006-01-21 14:31:45 +00:00
Wes Peters
243f6516f8 Tell nextboot to clean up after itself. 2006-01-18 04:53:48 +00:00
Philip Paeps
d22761024e Remove the module loading magic again; it's not needed after all.
Pointy hat to:	matteo
Submitted by:	matteo
Reviewed by:	pjd
MFC after:	3 days
2006-01-17 19:29:31 +00:00
Philip Paeps
ebc1e627c8 Load the g_md kernel module if needed.
Pointed out by:	Gianmarco Giovannelli
Submitted by:	matteo
MFC after:	3 days
2006-01-16 13:26:05 +00:00
Doug Barton
6e7b73e090 REQUIRE named. On all systems I've examined running HEAD and
RELENG_6 this will be a noop, however as we introduce local
startup scripts to the base rcorder, we'll see more cases
where the previous status quo will need to be made explicit
to avoid having it disrupted when random local scripts are
added to the mix.
2006-01-16 06:03:42 +00:00
Ceri Davies
f2072da025 Marius Nuennerich pointed out that nextboot(8) configured boot options
were now sticky.  This script was deleting /boot/nextkernel on boot, but
there is no code in the tree that creates that file since revision 1.15
of src/sbin/reboot/reboot.c.
nextboot(8) creates /boot/nextboot.conf, so remove that instead.

Approved by:	jhb (proxy mentor)
MFC after:	1 week
2006-01-15 23:12:26 +00:00
Brooks Davis
de3a554cd4 Be a little more read-only file system friendly when running the Linux
ldconfig.  Build the cache in a temporary directory and only install it
if it's actually different that the installed one.

Also, use "cat tmp > real" to install the temporary file in the real
location to allow the real location to be a symlink to a writable
directory such as /var/run (where the file actually belongs).

MFC After:	5 days
2006-01-11 21:30:41 +00:00
Doug Barton
dfdae5534f Add a mechanism to include files added by ports which contain
the names of directories to include in the base ldconfig script.
This will eliminate the need for each port to install its own
boot script which does nothing but ldocnfig a given directory.

This code was developed by flz (ports committer), discussed on
freebsd-rc@, and modified slightly by me.

Submitted by:	flz
Reviewed by:	brooks
2006-01-08 10:15:31 +00:00
Ralf S. Engelschall
b3d60bd52e 1. Add missing semicolon between "warn" and "return" to make sure
the line continuation backslash doesn't cause "warn" to print "return".
2. Group "warn" and "return" together as the "return 1" should be
   performed only if the "kldload nfsclient" also failed (and not
   already if the "vfs.nfs" sysctl(8) check failed).

MFC after: 3 days
2005-12-30 09:16:23 +00:00
Ralf S. Engelschall
8fc934b8fa Remove superfluous line continuation backslash.
MFC after: 3 days
2005-12-30 08:57:33 +00:00
Doug Barton
cc41555849 Fix another braino, don't remove the X related socket directories
right after creating them.

Twiddle whitespace while I'm here.
2005-12-27 23:22:18 +00:00
Doug Barton
eeb92ff283 Make sure that the prestart routine is run with *start, instead of
just 'start'.

Reminded by:	keramida
2005-12-27 23:08:58 +00:00
Doug Barton
91e7f8f09d syslogd should REQUIRE newsyslog, rather than newsyslog using
BEFORE: syslogd. This does not produce any change in the
ordering at the moment, but is cleaner style for the long term.
2005-12-21 09:54:15 +00:00
Doug Barton
27c4192acb Several users have commented (via filing PRs) that having ntp* depend
on devfs is useful so that a hardware time device can start with its
necessary device nodes already in place. While this ordering happens
as a side effect currently in HEAD, and the PRs were generally fixed
via upgrades, etc; it's better to make it explicit.

While I'm here, ntpd should REQUIRE ntpdate, rather than ntpdate
using BEFORE: ntpd.
2005-12-21 09:48:41 +00:00
Doug Barton
d6209fadb2 REQUIRE: syslogd and BEFORE: NETWORKING are now antithetical,
and including both in this file had nasty side effects on the
ordering of syslogd, as well as producing an error when running
rcorder. Remove the more bogus of the two options, which restores
proper ordering and removes the error.

There is an open question as to whether scripts with the nostart
KEYWORD should even have REQUIRE/BEFORE lines, and indeed, whether
they should be in /etc/rc.d at all, but that's for another time.
2005-12-21 01:19:20 +00:00
Doug Barton
2092fca981 Include a somewhat hackish way to make sure that we *always* test the
new clear_tmp_X variable when start'ing.
2005-12-20 23:22:47 +00:00
Doug Barton
aa5affaf3b Brooks pointed out a potential problem with disabling the X cleaning
by default, so add a new knob that is on by default, and check that
knob in start_precmd so that it can run even if cleaning /tmp is
not enabled. This has the advantage of not violating POLA, while
still allowing the user to disable this behavior if they wish (for
example on a server that will never run X).
2005-12-20 20:36:48 +00:00
Doug Barton
ea871df08c Clear up problems with /etc/rc.d/{abi|cleanvar|cleartmp} brought
to light by the PR.  Specifically, convert these three scripts
into good rc.d citizens, making sure that their functionality
is preserved, but the rc.d framework rules are not broken.

Add support for cleanvar as a regular rc.d script in the
default rc.conf, and document this in the man page.

Add a descriptive comment to rc.conf that regarding the
three emulation/compatibility services provided by abi
so users will not be confused by these services not having
their own startup scripts.

PR:		conf/84574
Submitted by:	Alexander Botero-Lowry
2005-12-19 10:57:00 +00:00
Ian Dowse
2e46a159cc Remove usbd(8) and all references to it. It is no longer necessary
since devd(8) now provides the same functionality.

Submitted by:	Anish Mistry
2005-12-15 01:04:51 +00:00
Doug Barton
af1f094777 Drop rcconf.sh now that it has been removed 2005-12-10 23:23:09 +00:00
Doug Barton
57e561c083 Remove rcconf.sh from /etc/rc.d, and instead load the configuration
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...

Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.

Reviewed by:	brooks
2005-12-10 20:21:46 +00:00
Doug Barton
019cd8e648 Use of REQUIRE is better than BEFORE for most scripts, and very
few scripts should have no REQUIRE at all.
2005-12-10 19:49:03 +00:00
Brooks Davis
b09abb4b2c Don't bogusly depend on dhclient. It's now run either by
/etc/rc.d/netif or from devd rather than by the startup scripts.
2005-12-03 01:33:06 +00:00
Ruslan Ermilov
6affdd3055 "-o rw" is invalid and undocumented mount option that
is only present for fstab(5) compatibility, and is
otherwise ignored by mount(8) (not passed to mount_*
programs, and not passed to nmount(2)).

"-u -o rw" worked with an old mount(8) with mount_ufs.c
because "-o rw" was stripped and simple "-u" caused an
update of UFS from read-only to read-write, due to
inability of mount(2) to track changes in options
(MNT_RDONLY is either set or not).

"-u" no longer causes the transition from RO to RW,
now that mount(8) was converted to use nmount(2), so
an explicit change to RW is required.  Keep up with
this change, and use "-uw" to mount root read-write.
2005-12-02 21:33:43 +00:00
Doug Barton
97ec6eba65 Brooks pointed out a case where tmp needs to be run after
mountcritremote, so force it the other way instead.
2005-12-02 20:35:23 +00:00
Doug Barton
0f3ce2b32c Introduce startup scripts from the local_startup directories to
the base rcorder. This is accomplished by running rcorder twice,
first to get all the disks mounted (through mountcritremote),
then again to include the local_startup directories.

This dramatically changes the behavior of rc.d/localpkg, as
all "local" scripts that have the new rc.d semantics are now
run in the base rcorder, so only scripts that have not been
converted yet will run in rc.d/localpkg.

Make a similar change in rc.shutdown, and add some functions in
rc.subr to support these changes.

Bump __FreeBSD_version to reflect this change.
2005-12-02 20:06:07 +00:00
Doug Barton
0eeba503f6 Force this script to run before mountcritremote to avoid
non-deterministic behavior when introducing local_startup
scripts to rcorder.
2005-12-02 19:54:57 +00:00
Maksim Yevmenkin
f5937f20c1 Remove not needed redirection of kldstat -q output to /dev/null.
Noticed by:	pjd
MFC after:	3 days
2005-11-22 19:17:41 +00:00
Maksim Yevmenkin
e08872c40b Revise hcsecd(8) and sdpd(8) rc.d scripts one more time
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;

- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname"
  to avoid collision with "magic" variables;

Inspired by:	yar
MFC after:	3 days
2005-11-22 18:51:43 +00:00
Maksim Yevmenkin
14dba5fc90 Revise hcsecd(8) and sdpd(8) rc.d scripts.
- Have both scripts automatically kldload ng_btsocket(4). I did not want to
  do it, but its easier for users and it seems other scripts do similar things;

- Assign few variables after load_rc_config, so the /etc/rc.conf overrides
  actually work;

MFC after:	1 week
2005-11-15 20:36:26 +00:00
Brooks Davis
cda39c0193 Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or
more IPv4 address from a ranged list in CIRD notation:

ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"

In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.

Submitted by:	Philipp Wuensche <cryx dash freebsd at h3q dot com>
2005-11-14 23:34:50 +00:00
Maksim Yevmenkin
cdf98ad3e7 Start integrating Bluetooth into rc.d system.
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.

Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)

The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.

The bluetooth.device.conf(5) and handbook update will follow shortly.

Inspired by:	Panagiotis Astithas ( past at ebs dot gr )
Reviewed by:	brooks, yar
MFC after:	1 week
2005-11-10 19:09:22 +00:00
Ralf S. Engelschall
b89ad281dc Backout r1.11...
> >   There is no need to explicitly add "status" to $extra_commands in
> >   the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
> >   run_rc_command() because of the existing $pf_program.
> >
> >   Submitted by:   Christoph Schug <chris@schug.net>

...because as yar@ points out: "[...] you were relying on evil
side-effects of the variable being named *_program. hose side-effect
have been eliminated since rc.subr rev. 1.42. [...] The point is that
the default "status" method is for rc.d scripts that handle startup and
shutdown of conventional daemons, and not for custom tasks like the pf
case."

The change is still valid in RELENG_6 (and still doesn't have to be
backed out) as long as rc.subr:r1.42 is not MFC'ed to RELENG_6, too.
2005-11-10 10:40:15 +00:00
Ralf S. Engelschall
9d14a9a235 There is no need to explicitly add "status" to $extra_commands in
the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's
run_rc_command() because of the existing $pf_program.

Submitted by:	Christoph Schug <chris@schug.net>
MFC after:	1 week
2005-11-03 13:17:49 +00:00
Yaroslav Tykhiy
82b765987d Transforming "ppp-user" into just "ppp", step 5:
Finally, delete the old, unfittingly named file "ppp-user".
2005-10-29 05:12:14 +00:00
Yaroslav Tykhiy
66ba402cd0 Transforming "ppp-user" into just "ppp", step 3:
Install "ppp" (just repocopied) instead of "ppp-user".
2005-10-29 05:05:52 +00:00
Yaroslav Tykhiy
df19ed6a02 Use ${name} in pathnames where appropriate.
The sendmail script already was on this way,
but it didn't reach the end of it yet.
2005-10-28 16:55:38 +00:00
Yaroslav Tykhiy
b29890a328 Use:
command="/path/to/${name}"

since it's applicable here.  It's the current style of rc.d.

Pointed out by:	pjd
2005-10-28 16:10:56 +00:00
Yaroslav Tykhiy
23b50ea745 Transforming "ppp-user" into just "ppp", step 1:
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".

The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.

Discussed with: pjd, -rc
2005-10-28 16:07:52 +00:00
Yaroslav Tykhiy
180e996dfc Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
2005-10-23 14:06:53 +00:00
Jung-uk Kim
c9ea633926 wpa_supplicant(8) requires -D option for ndis(4) now. 2005-10-19 22:26:47 +00:00
Pawel Jakub Dawidek
384c6482df First start rc.d/ipsec and then rc.d/mountcritremote, so we can mount
NFS file system over IPsec.

Suggested by:	Tomasz Pi³at <tomasz.pilat@axelspringer.pl>
2005-10-12 22:14:44 +00:00
Pawel Jakub Dawidek
a0b8a85fc6 setkey(8) was repo-copied from usr.sbin/ to sbin/.
This will allow for NFS mount of /usr over IPsec.

Discussed on:	arch@
2005-10-12 21:40:41 +00:00
Maksim Yevmenkin
b0d089b7f3 Connect rc.d scripts for the hcsecd(8) and sdpd(8) daemons to the build.
MFC after:	1 month
2005-10-12 00:45:58 +00:00
Maksim Yevmenkin
412d0f16d1 Add rc.d scripts for the hcsecd(8) and sdpd(8) daemons. Put defaults into
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.

MFC after:	1 month
2005-10-11 19:16:48 +00:00
Yaroslav Tykhiy
22124484e2 Use available rc.subr features.
Reduce code duplication.
Follow the current style of rc.d scripting.
2005-10-02 19:17:49 +00:00
Yaroslav Tykhiy
b3470f8c82 Record dependency on the newly introduced pfsync.
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)

Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.

Discussed with: mlaier on -pf
MFC after:	5 days
2005-10-02 19:12:42 +00:00
Yaroslav Tykhiy
c8a0dfab83 Add an rc.d script to start pfsync at the right moment of the
system boot, and hook it up in the system.

The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.

Discussed with:	mlaier on -pf
MFC after:	5 days
2005-10-02 18:59:02 +00:00
Yaroslav Tykhiy
932d1eb384 Use rc.subr(8) appropriately:
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
  (pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
  decorate them sufficiently.
2005-10-02 15:54:26 +00:00
Maxim Konovalov
8862edf857 o Remove unfinished code and make it possible to override
bsdextended_script from rc.conf(5):

Not objected by:	trhodes
2005-10-02 07:03:00 +00:00
Yoshihiro Takahashi
4041bad612 Use hw.machine_arch instead of hw.machine. 2005-09-30 13:27:36 +00:00
Yaroslav Tykhiy
eb03e6374a Make it a good-mannered rcNG script respectful to the command line. 2005-09-28 16:24:47 +00:00
Brooks Davis
e5cf486710 Don't print anything if we can't do any localpkg shutdown (start already
does this).

Submitted by:	Andre Albsmeier <Andre dot Albsmeier at siemens dot com>
PR:		conf/86606
2005-09-27 02:05:55 +00:00
Pawel Jakub Dawidek
9d503e9def Simplify the code by making use of 'kldstat -q -m <mod>'.
No objections from:	mlaier
2005-09-24 15:57:17 +00:00
Pawel Jakub Dawidek
bb13d7dc5e Simplify the code a bit by using newly added (to kldstat(8) '-q') option. 2005-09-23 23:53:35 +00:00
Garrett Wollman
09eec2276d If we're not installing OpenSSH in the base, don't install its startup
file either.  This clears the way for third-party SSH ports to install
an RCng startup script.
2005-09-23 16:54:09 +00:00
Robert Watson
1a51e01115 Add a new rc.conf entry, kerberos5_server_flags, which allows the
administrator to specify additional start-up flags to the Kerberos
5 Authentication Server.

MFC after:	3 days
2005-09-20 11:13:28 +00:00
Craig Rodrigues
c33f2417a1 In mountd_precmd(), use rc_args, not mountd_args to
override the value of mountd_args.  This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.

PR:		conf/86260
Submitted by:	Thierry Herbelot <thierry at herbelot dot com>
MFC after:	3 days
2005-09-18 17:04:26 +00:00
Robert Watson
218fe3f1b0 Use kenv -q to extract dumpdev rather than kenv, in order to avoid
spamming the console in the event that a loader tunable 'dumpdev'
isn't defined, which is not a relevant failure to report.

MFC after:	1 week
2005-09-13 19:07:02 +00:00
Giorgos Keramidas
5340ff6caa Remove duplicate "at" from comment. 2005-09-04 21:57:23 +00:00
Brooks Davis
0e412a010b Actually block Ctrl-C (SIGINT=2).
Reported by:	sam
Pointy hat to:	brooks
2005-09-02 18:30:16 +00:00
Brooks Davis
1f1525c556 Block SIGQUIT (Ctrl-C) while running in startup mode. This should allow
dhclient's to be killed without stopping all boot progress.

Minor cleanup of the interface list generation code.
2005-09-02 17:05:07 +00:00
Gregory Neil Shapiro
125ffad4f8 Be sure to execute sendmail_precmd() to check sendmail.cf conflicts and
rebuild the aliases file if necessary.

PR:		conf/72910
Submitted by:	matteo@
MFC after:	3 days
2005-08-30 03:41:59 +00:00
Pawel Jakub Dawidek
adf98e7afa Fix (/usr could not be mounted yet, so there is no grep(1) available) and
simplify checking for g_eli module.

MFC after:	3 days
2005-08-14 22:16:34 +00:00
Pawel Jakub Dawidek
893cdb3d34 Connect geli and geli2 ro the build.
MFC after:	3 days
2005-08-14 18:25:35 +00:00
Pawel Jakub Dawidek
b12cfed25c Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
             detach on last close.

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	3 days
2005-08-14 18:02:22 +00:00
Pawel Jakub Dawidek
b3d1f1fce9 Move 'local_tr' function to rc.subr and change its name to 'ltr'.
MFC after:	3 days
2005-08-14 17:28:15 +00:00
Pawel Jakub Dawidek
2069c3305d Back-out previous commit - we need to skip logging socket when we start a
jail and external syslogd is listening in jail's chroot.

Pointed out by:	csjp

While here, skip also "logpriv" socket.
2005-08-08 09:46:09 +00:00
Pawel Jakub Dawidek
5b3e518936 Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.

It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).

MFC after:	1 week
2005-08-07 23:19:02 +00:00
Pawel Jakub Dawidek
ea16133887 We don't need to skip /var/run/log socket, as syslogd is always started
after rc.d/cleanvar. And if we wanted to skip /var/run/log we still needed
to skip /var/run/logpriv, which wasn't implemented.
2005-08-07 23:10:32 +00:00
Pawel Jakub Dawidek
4558bd977d Allow to give more than one jail's name, eg.:
# /etc/rc.d/jail start www mail

MFC after:	3 days
2005-08-07 22:38:41 +00:00
Pawel Jakub Dawidek
49ad116fcc Teach rc.d/encswap script how to use geli(8) for swap encryption.
MFC after:	3 days
2005-08-05 23:38:51 +00:00
Pawel Jakub Dawidek
e816acc79b gbde_swap has been repo-copied to encswap.
Repo-copy made by:	markm
2005-08-05 21:23:08 +00:00
Brooks Davis
ffbf77eb49 Silence the de-bouncing of dhclient start up. The previous output
caused significant mental anguish for some portions of the user
population. :)
2005-07-26 00:37:19 +00:00
David E. O'Brien
a38c1f6ce8 This depends on syslogd due to logger(1). 2005-07-22 00:57:37 +00:00
David E. O'Brien
aaacd70897 Embellish the dependency lists - this script depends having awk(1),
and it needs syslogd due to using logger(1).
Have it run as early as possible to save battery power for laptop users.
2005-07-22 00:57:04 +00:00
Jung-uk Kim
c687e6de5b `net.inet.ipf.fr_running' can be a negative value, which was introduced by
recent ipfilter import.

Approved by:	re (scottl), anholt (mentor)
2005-07-07 05:59:44 +00:00
Brooks Davis
1985a13e74 Remove REQUIRE and BEFORE lines since this script is not run by rcorder
at startup.  Instead it is called by other scripts.

Approved by:	re (network interface startup blanket)
2005-06-30 17:50:34 +00:00
Brooks Davis
a7e55c1e77 Add support for starting wpa_supplicant by adding the WPA keyword to an
interface's ifconfig_<ifn> entry in /etc/rc.conf.

Approved by:	re (network interface startup blanket)
2005-06-30 04:52:47 +00:00
Brooks Davis
d3a260999d When interfaces are given on the command line, don't attempt to filter
them.  Just try to run the given command on them.  We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.

Approved by:	re (interface startup blanket)
2005-06-30 04:46:21 +00:00
Pawel Jakub Dawidek
7db9a6fcd1 Introduce new per-jail variable jail_<name>_flags, which allows to specify
jail(8) flags (before the change we had hardcoded "-l -U root").

Submitted by:	Frank Behrens <frank@pinky.sax.de>
PR:		conf/80244
Approved by:	re (scottl)
MFC after:	1 week
2005-06-26 16:30:20 +00:00
Dima Dorfman
b5f6d74386 Unbreak the ipfilter_loaded function. There doesn't seem to be a way
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.

Approved by:	re (dwhite)
2005-06-21 09:39:09 +00:00
Dag-Erling Smørgrav
f07bf52735 Honor the "dumpdev" kenv variable if it is set and the "dumpdev" rc
variable is set to "AUTO".

MFC after:	2 weeks
2005-06-07 15:20:10 +00:00
Brooks Davis
8e9e71f817 Support code for the OpenBSD dhclient. This significantly changes the
way interfaces are configured.  Some key points:

  - At startup, all interfaces are configured through /etc/rc.d/netif.
  - ifconfig_<if> variables my now mix real ifconfig commands the with
    DHCP and WPA directives.  For example, this allows media
    configuration prior to running dhclient.
  - /etc/rc.d/dhclient is not run at startup except by netif to start
    dhclient on specific interfaces.
  - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
    it's work.
  - /etc/pccard_ether no longer takes additional arguments to pass to
    ifconfig.  Instead, ifconfig_<if> variables are now honored in favor
    of pccard_ifconfig when available.
  - /etc/pccard_ether will only run on interfaces specified in
    removable_interfaces, even if pccard_ifconfig is set.
2005-06-07 04:49:12 +00:00
David E. O'Brien
737840187b Remove RCng files that were brought in from NetBSD, but we ended up not
using them (or did and no longer do).
2005-06-06 02:51:26 +00:00
Pawel Jakub Dawidek
8f5aed3be4 We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
2005-05-23 12:25:33 +00:00
Christian S.J. Peron
115005468b Do not unconditionally mount devfs to ${jail_devdir}/dev. First check
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.

Discussed with:	pjd
MFC after:	1 week
2005-04-30 00:16:00 +00:00
Brooks Davis
2af94c5d1d To allow /etc to be as minimal as possible in a diskless setup, we need
to run initdiskless before we run rcorder on /etc/rc.d.  To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.

Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.

Discussed on:	freebsd-rc
Repocopy by:	peter
2005-04-29 23:02:56 +00:00
Doug Barton
65db76c1aa Add -h to the ln command to make the -f flag actually do something.
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.

The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
2005-04-24 01:51:22 +00:00
Gleb Smirnoff
8d6e44f80f Add startup script and default configuration file for bsnmpd.
Reviewed by:	harti
2005-04-17 10:47:58 +00:00
Christian S.J. Peron
99a6b61d70 Do not remove logging sockets. This fixes an issue where logging
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).

Discussed with:	pjd, green, cperciva
MFC after:	1 week
2005-04-14 03:56:06 +00:00
Doug Barton
f297a20e30 The alternative suggested for /entropy as a shutdown
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.

In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.

PR:		conf/75722
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
2005-04-11 02:45:05 +00:00
David E. O'Brien
623720bd03 'dumpon' can run before 'initrandom' so make it.
This gives a better chance of debugging /dev/random related panics.
2005-04-05 18:59:24 +00:00
Sean Chittenden
47accd603c When reloading rules via rc.d/pf, flush everything but existing state
entries that way when rules are read in, it doesn't break established
connections.

Approved by:	mlaier
Reviewed by:	rc
MFC after:	3 weeks
2005-04-04 23:06:10 +00:00
Tom Rhodes
bfd02b7da8 Add a ugidfw_load() function and fix up some of the scripting in this file.
This will allow better integration with the ports system.

Submitted by:	clement
2005-04-02 00:01:03 +00:00
Nate Lawson
8971569ca1 Remove the 'usbd' keyword (it isn't necessary for mixer). Also, use
BEFORE instead of REQUIRE.

Probably ok by:	jhb
MFC after:	3 days
2005-03-17 22:36:16 +00:00
Ruslan Ermilov
3e1631ce0a Start natd(8) before loading firewall rules, to give the
ipdivert.ko module a chance to load.
2005-03-16 08:47:48 +00:00
Doug Barton
1a2980c6c7 Unhook the recently departed lomac file from the build.
Forgotten by:	trhodes (the real one)
2005-03-13 08:07:11 +00:00
Tom Rhodes
a7efb70ebd Remove mac_lomac(4) functionality. The proper way is to use loader.conf
or build the policy into a kernel.

Approved by:	rwatson
2005-03-12 21:09:15 +00:00
Brooks Davis
bed34fbfb6 It is sufficent to require rcconf rather than initdiskless. 2005-03-02 19:03:08 +00:00
Brooks Davis
1cd0f19904 Remove stray else.
Reported by:	Tai-hwa Liang <avatar at mmlab dot cse dot yzu dot edu dot tw>
Point hat:	brooks
2005-03-02 16:41:35 +00:00
Brooks Davis
c1c1542199 Allow chkprintcap(8) to be run before lpd is started. Disabled by
default for now.  Default flags create missing directories.

Remove comment about doing this in etc/rc.d/var.

Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.

PR:		conf/71488
Submitted by:	RZ-FreeBSD0904 at fh-karlsruhe dot de
2005-03-02 02:46:47 +00:00
Brooks Davis
ed9e8cc512 If we don't have /usr/sbin/mtree, try to mount /usr. We're only likely
to hit this case when /usr is remote and thus hasn't been mounted (since
you're supposed to have /var before mounting remote file systems).
Normal machines that don't have a /var for some reason will have /usr
already available because it's local.
2005-03-02 00:58:05 +00:00
Brooks Davis
bb4bd97c12 - Update etc/rc.d/newsyslog to FreeBSD standards and install it.
- Enable it by default, running newsyslog with -CN which creates files
   that have the C flag specified in /etc/newsyslog.conf.
 - Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
   newsyslog.
 - Add the C flag to entries in /etc/newsyslog.conf that are currently
   installed as part of the base system.

There are two effects from this change:
 - Users who delete default syslog files to stop logging to them
   will need to set newsyslog_enable=NO in rc.conf or remove the C
   flag from those file in /etc/newsyslog.conf or they will come back
   on the next boot.
 - Diskless systems now create the same set of files that ordinary
   systems have by default instead of every file in newsyslog.conf.
2005-03-02 00:40:55 +00:00
Brooks Davis
a721bd4891 - Remove the dependency of /usr/bin/touch by using "cp /dev/null <target>"
to create /var/log/lastlog.
- Also create /var/log/wtmp if missing.
- Attempt to create these files unless populate_var is NO rather then
  only when /var is empty or populate_var=YES.
2005-03-01 22:08:15 +00:00
Nate Lawson
7f19cfc0ad command_args is redundant.
Submitted by:	Pawel Worach
2005-02-27 07:11:47 +00:00
Nate Lawson
511105017d Add rc.conf options for powerd (disabled by default) and hook the script
up to the build.
2005-02-26 21:19:35 +00:00
Nate Lawson
7c95496b25 Add an rc script for powerd(8). 2005-02-26 21:18:54 +00:00
Nate Lawson
e7b3ae2b58 Add the ability to specify "NONE" if the user wants no change for the
given power profile.

MFC after:	1 day
2005-02-26 20:17:07 +00:00
Nate Lawson
4fbce3b11c Quiet error messages if the requested sysctls are not present.
MFC after:	1 day
2005-02-25 23:14:41 +00:00
Nate Lawson
7b708ac75b Add support for cpufreq to power_profile(8). Values for on/offline cpu
frequencies are specified with performance_cpu_freq and economy_cpu_freq.
Of course, special values LOW and HIGH are also supported.  Also, remove
old throttling support.
2005-02-06 21:12:25 +00:00
Pawel Jakub Dawidek
ffc8a3046c Add a comment which explain why we need to use special function instead of
tr(1)/sed(1)/awk(1).
2005-01-30 11:04:13 +00:00
Pawel Jakub Dawidek
e4d1918415 We cannot use sed(1), because rc.d/gbde has to be called before
rc.d/mountcritlocal and sed(1) is placed in /usr/bin/. Other useful tools
for this task are also placed in /usr/ (tr(1), awk(1)), so I implemented
local_tr() function which works simlar to tr(1).

Reported by:	Amir Shalem <amir@boom.org.il>
MFC after:	1 week
2005-01-23 16:43:55 +00:00
Pawel Jakub Dawidek
b0a99991d9 Fix handling of providers with / in them (e.g. mirror/foo).
Submitted by:	Attila Nagy <bra@fsn.hu>
MFC after:	1 week
2005-01-21 14:38:44 +00:00
Ceri Davies
02f8f932bc s/ntpdate_command/ntpdate_program/ to match rc.conf(5) and
/etc/defaults/rc.conf.

PR:		conf/76188
Submitted by:	Arne Wörner <arne_woerner at yahoo dot com>
Approved by:	murray
MFC After:	7 days
2005-01-17 18:28:09 +00:00
David E. O'Brien
968d164a48 Remove debugging that made it into the commit. 2005-01-16 08:34:30 +00:00
David E. O'Brien
835e0fa318 "REQUIRE: cleanvar" for all RC's writing into /var/run. 2005-01-16 03:12:03 +00:00
Eric Anholt
b9a9947eca Create three additional X socket directories. Using X applications when another
user owns these directories or the sticky bit is unset may open security holes,
so simply create them at startup with the correct owner/mode.

MFC after:	1 day
2005-01-12 07:18:25 +00:00
Peter Edwards
2c8de7dd13 Use "KEYWORD: shutdown" so shutdown commands will actually be executed.
Approved by:	 dougb@
2004-12-20 18:34:10 +00:00
Peter Edwards
9bfeaedfa2 When stopping a chrooted named, unmount the devfs filesystem from
the chroot area. This stops "umount -a" failing when dropping to
single user.

Reviewed by:	dougb@
2004-12-20 10:48:48 +00:00
Poul-Henning Kamp
cb16893698 If /etc/named is a symlink, try to make sure it points the right place. 2004-12-18 15:19:36 +00:00
Brian Somers
f6370f2735 Use rc.subr
PR:		72505
Submitted by:	Amir Shalem <amir@active.ath.cx>
2004-12-15 12:39:28 +00:00
Ralf S. Engelschall
62bb1d78fe Improve the RC framework for the clean booting/shutdown of Jails:
1. Feature: for flexibility reasons and as a prerequisite to clean
   shutdowns, allow the configuration of a stop/shutdown command
   via rc.conf variable "jail_<name>_exec_stop" in addition to the
   start/boot command (rc.conf variable "jail_<name>_exec_start"). For
   backward compatibility reasons, rc.conf variable "jail_<name>_exec"
   is still supported, too.

2. Debug: Add the used boot/shutdown commands to the debug output of
   the /etc/rc.d/jail script, too.

3. Security: Run the Jail start/boot command in a cleaned environment
   to not leak information from the host to the Jail during startup.

4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
   "/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
   before its processes are just killed.

5. Bugfix: When killing the remaining Jail processes give the processes
   time to actually perform their termination sequence. Without this the
   subsequent umount(8) operations usually fail because the resources
   are still in use. Additionally, if after trying to TERM-inate the
   processes there are still processes hanging around, finally just KILL
   them.

6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
   scripts which are flagged with the KEYWORD "nojail" to allow the
   correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
   /etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.

Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:

-----------------------------------------------------------
#  /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
#  /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
#  /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------

Reviewed by:	freebsd-hackers
MFC after:	2 weeks
2004-12-14 14:36:35 +00:00
David E. O'Brien
32e7342827 Use utils from /rescue vs. /stand. Also use pax rather than cpio & gzip. 2004-12-12 08:04:26 +00:00
Maxime Henrion
f89336da41 Fix a typo in an error message.
Spotted by:	ceri
2004-11-24 10:44:39 +00:00
Maxime Henrion
d4d8b79704 Implement per-jail fstab(5) files. Here's a rc.conf sample using
this feature for a jail named foo :

jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"

The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.

MFC after:	3 days
Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2004-11-23 20:09:58 +00:00
Wes Peters
e5624708b1 Convince mergemaster to maintain/merge ramdisk scripts too.
Submitted by:	Ben Kelly <ben.kelly@ieee.org>
PR:		bin/64079
2004-11-16 04:20:09 +00:00
Wes Peters
c1c740a8b1 Shutup debugging output. 2004-11-16 04:14:28 +00:00
David E. O'Brien
38b8d3c441 Unify the ci/co variables now that the the tty drivers now use the same
character for both.
2004-11-14 19:51:34 +00:00
David E. O'Brien
1538d04b82 Catch up with PHK's sio(4) rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-14 19:42:13 +00:00
Giorgos Keramidas
8cfaa2f1f1 Add two new rc.conf options: tmpmfs_flags and varmfs_flags.
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).

Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.

Reviewed by:	mtm
Inspired by:	J. D. Bronson, jbronson at wixb dot com
2004-11-09 10:03:17 +00:00
Pawel Jakub Dawidek
d04ecb5f44 Stop method for swap1 script was introduced, because gmirror needed it.
Now gmirror use shutdown hooks to mark mirrors as clean on shutdown,
so this is not needed anymore.
2004-11-05 12:38:27 +00:00
Mike Makonnen
b18cb583f6 - Make the header conform to standard rc.d style.
- The 'before ipfw' directive seems bogus, and should instead
  be 'before rcconf'.
2004-11-05 07:35:31 +00:00
Poul-Henning Kamp
13e1e760df remove vinum startup script. 2004-11-04 12:59:16 +00:00
Pawel Jakub Dawidek
9e312abcae Sort files properly. 2004-11-02 12:35:54 +00:00
Mike Makonnen
86bade2751 Do a better job of supporting more than one mouse device
on the system.

To start/stop/check on a specific device give the device name as
the second argument to the script:
	# /etc/rc.d/moused start ums0

To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
	moused_ums0_enable=yes
	moused_ums0_flags="-z 4"
	moused_ums0_port="/dev/ums0"

Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.

To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.

To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.

Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.

MFC after: 1 month
2004-11-01 18:05:41 +00:00
Pawel Jakub Dawidek
1f8197cf4d Allow to change interfaces name on boot time.
Now, one should be able to put something like this into /etc/rc.conf:

	ifconfig_fxp0_name="net0"
	ifconfig_net0="inet 10.0.0.1/16"

Reviewed by:	green
2004-10-30 13:44:06 +00:00
Pawel Jakub Dawidek
4fda9f547d - Add 'check' command for checking rules syntax.
- Before flushing rules in 'reload' command, check first if rules are
  correct.
- Do not duplicate checking if $pf_rules file exists.
2004-10-25 08:12:28 +00:00
Dag-Erling Smørgrav
82a21971a6 - use realpath /dev/dumpdev instead of just /dev/dumpdev so messages
will show the real device name
- show different error messages for missing dump device and directory
2004-10-24 13:04:09 +00:00
Mike Makonnen
ec6f2b9b88 Move devfs earlier in the boot sequence. Some system daemons and other
programs may need to use the symlinks and permissions that it sets up.

Discussed on: -current
2004-10-23 06:50:50 +00:00
Andre Oppermann
e3d53beb77 Automatically load the ipdivert module if it was not compiled into the kernel
and natd_enable is true.
2004-10-22 19:36:03 +00:00
Thomas Quinot
e30c35ed0c When dumpdev is set to 'auto', and a suitable swap device is found,
create a symbolic link /dev/dumpdev designating that device so
savecore can find and save a previous kernel dump.
2004-10-18 23:40:13 +00:00
Thomas Quinot
585d0283b0 Remove unused computation of memory size.
Reviewed by:	des
2004-10-18 14:59:53 +00:00
Tom Rhodes
6eaa08deba Remove requirement on FreeBSD keyword.
Skipped by:	mtm (/me glares at mtm)  :)
2004-10-14 04:37:57 +00:00
Mike Makonnen
337338ee00 Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
2004-10-07 13:55:26 +00:00
Pawel Jakub Dawidek
57dd0a90b6 - Be more userfriendly and allow to specify gbde device name in those forms:
device
	device.bde
	/dev/device
	/dev/device.bde
- Fix stop routine:
	+ There don't have to be file system mounted on gbde device,
	  so ignore errors from umount(8).
	+ Only detach existing gbde devices.
2004-10-07 10:02:46 +00:00
Pawel Jakub Dawidek
58a038b845 Only try to attach if parent device actually exists.
I used ugly "/dev/${parent}" instead of "${parentdev}", because "/dev/"
prefix for devices listed in gbde_devices variable is optional.

Reported by:	Sean McNeil <sean@mcneil.com>
2004-10-07 06:00:06 +00:00
Pawel Jakub Dawidek
1446307aaa Lock file for gbde devices is optional. 2004-10-06 14:42:35 +00:00
Doug Barton
4550c56f2a Hide all the devices in the chroot dev except for random and null. 2004-09-30 09:15:21 +00:00
Tom Rhodes
b507bda539 Give users the ability to load a mac_bsdextended(4) ruleset on boot (defaults
to NO of course).  Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.

Discussed with:	rwatson (awhile ago)
2004-09-29 00:12:28 +00:00
Doug Barton
8f1bb3891d Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.
2004-09-28 09:46:00 +00:00
Doug Barton
85aca891e7 It's not necessary to create an rndc.key file if the user already
has an rndc.conf file.

Submitted by:	Sergey Mokryshev <mokr@mokr.net>
2004-09-26 07:01:56 +00:00
Doug Barton
ae00aa68e8 Fix two glitches that appear in the non-chroot case. First, if not
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.

Pointed out by:	Sean McNeil <sean@mcneil.com>
2004-09-24 23:49:38 +00:00
Giorgos Keramidas
2e1114f054 Fix a comment typo: s/neccessary/necessary/ 2004-09-24 11:04:27 +00:00
Doug Barton
fb9540a0dc Update to reflect BIND 9 in the base:
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.

2. named-xfer is not part of the BIND 9 world.

3. BIND 9 needs a /dev/random in the chroot directory if chrooted.

4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.

5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
2004-09-24 04:53:18 +00:00
Dag-Erling Smørgrav
5a70daa23f If $dumpdev is set to AUTO, use the first suitable swap partition listed
in /etc/fstab, or print an error message if no suitable device was found.

MFC after:	4 weeks
2004-09-20 17:48:45 +00:00
Pawel Jakub Dawidek
9468063a70 Teach swap1 script how to remove added swap devices on system shutdown.
Without this change, if one had a swap-on-mirror configuration, gmirror
will rebuild mirror component(s) on boot, because they are dirty (they
were open on shutdown).
2004-09-17 17:58:19 +00:00
Giorgos Keramidas
a73af104ef We don't have any providers of `beforenetlkm' in FreeBSD. Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
2004-09-16 17:04:20 +00:00
Giorgos Keramidas
a71fcfed55 Fix requirement of network' to NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
2004-09-16 17:03:12 +00:00
Sean Chittenden
6e03664cc4 Bring back etc/rc.d/ntpdate as requested by scads of people. This isn't a
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES).  Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).

Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut.  At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).

Requested by:	many
2004-09-15 01:08:33 +00:00
Sean Chittenden
756b0fff51 Stop using ntpdate(1) in our startup procedure. Replace ntpdate(1) with
calls to ntpd -g.  ntpd is noticeably slower than ntpdate, but is also more
accurate.  This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file).  By default, ntpd *will* sync with its listed time servers.  To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf.  If ntpd is not enabled (the default), then time is
not synced on startup.  ntpdate has been depreciated by the ntpd authors
for quite some time so this change shouldn't be unexpected.

Suggested by:	des
Approved by:	roberto (resident ntp guru)
2004-09-14 03:04:50 +00:00
Sean Chittenden
0050f9ec3c Stop using ntpdate(1) in our startup proceedure. Replace ntpdate(1) with
calls to ntpd -g.  ntpd is noticably slower than ntpdate, but is also more
accurate.  This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file).  By default, ntpd *will* sync with its listed time servers.  To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf.  If ntpd is not enabled (the default), then time is
not synced on startup.  ntpdate's use has been depreciated by the ntpd
authors for quite some time so this change shouldn't be unexpected.

Suggested by:	des
Approved by:	roberto (resident ntp guru)
2004-09-14 03:01:38 +00:00
Ruslan Ermilov
e114c8953a A power failure left the temporary /var/.diskless directory
on my system, and since then my /var was always created as
MFS which was very surprising.  Fix this for /tmp and /var.
2004-09-13 17:40:14 +00:00
David E. O'Brien
28b81da2d8 Restore NetBSD SCM ID.
Submitted by:	delphij@beastie.frontfree.net
2004-09-09 16:41:55 +00:00
Max Laier
9b56caaef4 Don't rely on properly setup linker.hints to figure out that pflog is now
part of the pf module.
While here fix a comment that was c'n'ped from rc.d/pf

PR:		bin/71096 (partly)
Submitted by:	Ville-Pertti Keinonen
MFC after:	2 days
2004-08-31 14:23:51 +00:00
Ken Smith
11980247d9 Protect the command flags set in the rc.conf files in case they're
more than one word, adding some quotes.

Advice from:	mtm (my first attempt wasn't quite right)
Reviewed by:	mtm
MFC after:	3 days
2004-08-29 15:02:43 +00:00
Dag-Erling Smørgrav
da5d8b9395 Always quote variables in tests, to ensure correct evaluation even when
they are empty or undefined.

MFC after:	3 days
2004-08-19 08:55:24 +00:00
Thomas Quinot
8f6270dbb4 Skip entries for GBDE swap devices if they are commented out in /etc/fstab.
Reviewed by:	des
2004-08-18 21:54:40 +00:00
Jacques Vidrine
fc94eecc8f Create temporary files safely.
Submitted by:	Jon Passki <cykyc@yahoo.com>
2004-08-16 16:37:06 +00:00
Gregory Neil Shapiro
d1fb385c10 Fix the startup logic for sendmail. If sendmail_enable=yes, don't start
the submit and outbound daemon, else if sendmail_submit_enable=yes, don't
start the outbound daemon.  Only one daemon should be started.

Also, do not rebuild database maps at boot time.  The code didn't pay
attention to SENDMAIL_MAP_TYPE and assumed 'hash'.  Also, admins may
not want maps automatically rebuilt just because the back end database
has changed.  Finally, some maps are built with mode tools than just
makemap (e.g., using cidrexpand on the access text file before sending
it to makemap).

Noticed by:	ache
Reviewed by:	ache
2004-08-05 03:09:54 +00:00
Mark Murray
e46792f8f1 Give sshd a secure startup, but with a tweakable timeout so that
the box won't hang forever at startup.
2004-08-04 08:10:37 +00:00
Mike Makonnen
83f00c3c07 Finish cleanup of rc.d/netif. It's now possible to start/stop more
than one interface from the command line:
	# /etc/rc.d/netif start bfe0 xl0
It's also possible to restart an interface(s):
	# /etc/rc.d/netif restart bfe0

This required some changes to rc.subr(8) so that if the start/stop commands
are overidden the rest of the command line (after the start/stop/etc... cmd)
is passed through to the subroutines.
2004-07-30 17:19:35 +00:00
Oliver Eikemeier
e193a85e5b back out the localkg changes until things have settled.
Discussed with:	mtm
2004-07-28 00:09:19 +00:00
Mike Makonnen
c6cb9d2e4b Even though binaries will give 0 matches, make it explicit. 2004-07-27 16:59:35 +00:00
Mike Makonnen
15eb1e8b45 Ports related rc.d cleanups:
o Separate out local (ports) scripts that use rc.d, and the old style
  startup/shutdown scripts and execute them separately. On startup the
  rc.d style scripts are executed first and then the old-style scripts.
  On shutdown, exactly the reverse happens.
o The rc.d ports scripts should now behave more like base system scripts.
  Scripts ending in .sh will be sourced into the current shell, while the
  rest will be executed in a subshell. Previously, all ports scripts,
  regardless of the .sh suffix, were executed in a subshell.
o The parent script, /etc/rc.d/localpkg, passes its command line arguments
  straight to the rc.d ports scripts. This means they should now honor
  faststop and faststart commands as well. Old style scripts, should not see
  any differences. They will still get either a start or stop command.
o The initial phrase shown during shutdown has been changed to use
  "local packages" instead of "daemon processes" to be more inline with the
  phrase used during local package startup. The phrases are also used only for
  old-style ports script startup/shutdown, whereas previously they were being
  used for both rc.d and old-style scripts. This should make startup/shutdown
  output a bit less ugly.

Discussed with:	portmgr
Has Reservations: eik
2004-07-24 14:56:21 +00:00
Simon L. B. Nielsen
64785dbd46 For the gbde attach script:
- Ask the user up to X times (3 by default) for the pass-phrase, if
  it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
  than /etc.
- Document that it is possible to override the location of each single
  lockfile.

Approved by:	pjd
2004-07-18 18:01:48 +00:00
Max Laier
b78518bb34 Swap order of ruleset load and enabling pf to work around a problem on altq
startup. Moreover, this is the "more logic" order.
2004-06-23 01:42:06 +00:00
Dag-Erling Smørgrav
e0ae81f32a Correct an error carried over from the nsswitch.conf(5) manual page; add
a note to UPDATING since users may have to manually remove an incorrect
nsswitch.conf.

Noticed by:	simon
2004-06-21 19:38:58 +00:00
Brian Feldman
d5ed4f061e Allow setting the system console keyboard via the ${keyboard} rc.conf
directive.
2004-06-18 20:09:30 +00:00
David E. O'Brien
1a32b4cbcf Back out rev 1.3.
This is one of the few RC scripts that doesn't use rc.subr, and thus
doesn't source rc.conf. :-(
2004-06-08 19:53:25 +00:00
David E. O'Brien
749fdbb557 Don't assume everyone's /etc/[default/]rc.conf 'entropy_file' is "/entropy". 2004-06-07 09:16:19 +00:00
Jens Schweikhardt
d8beb0fd3b Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
Hajimu UMEMOTO
b351b78a10 Add ip6addrctl_enable and ip6_addrctl_verbose option. If
ip6addrctl_enable is set to YES, address selection policy is installed
into kernel.
If there is /etc/ip6addrctl.conf, it is used for address selection
policy.  Even if there is no /etc/ip6addrctl.conf, we install default
policy.  In this case, if ipv6_enable is set to YES, we use address
selection policy described in RFC 3484 as default.  Otherwise, we
install priority policy for IPv4 address.
The default of ip6addrctl_enable is NO for now.  However, it may
better to enable it by default.
2004-06-02 09:39:49 +00:00
Dag-Erling Smørgrav
5f3ba2f5d4 Install nsswitch. 2004-05-24 14:17:19 +00:00
Dag-Erling Smørgrav
cba155c0c2 If nsswitch.conf does not exist, create it with the default settings.
The reason for doing this is that (at least some) 4.x binaries are very
unhappy if host.conf does not exist, and if we create host.conf but not
nsswitch.conf, nsswitch.conf will be created at the next reboot, so it
is better to create a correct nsswitch.conf right away.
2004-05-24 11:53:26 +00:00
Dag-Erling Smørgrav
749f60c715 Move the task of updating nsswitch.conf / host.conf into a separate
script called nsswitch.
2004-05-24 11:48:58 +00:00
Mike Makonnen
56d01be439 Really remove the return statement this time. Thanks to
ru for noticing.
2004-05-20 15:53:49 +00:00
Mike Makonnen
63d260104a The err routine requires two arguments: an exit value and a string.
Additionaly, it will exit the script so an return statements after
calling it are superflous.
2004-05-20 14:16:05 +00:00
Nate Lawson
ccc09458fa Change hw.acpi.cpu.cx_lowest to accept values in the form of C1,
C2, ...  Update power_profile to use the new format.  Update the
man page to reflect this and give more info on Cx states.
2004-05-07 05:22:38 +00:00
Poul-Henning Kamp
d8337944e0 Protect som cross-script invocations by checks to see that the target
script exists.  This allows pruning of rc.d scripts without getting
too many ugly boottime error message
2004-04-28 13:20:15 +00:00
Poul-Henning Kamp
8956ceaff0 Initdiskless must run before ipfw, or people will not be able to
use the conf/* stuff for their firewall configuration.

Running ipfw before could seem to make sense in that it would allow
one to setup access to the NFS server on a "default-deny" kernel,
but it is pretty obvious to the casual observer that such a configuration
never makes it far enough to mount the NFS-root in the first place.
2004-04-28 13:18:22 +00:00
Ruslan Ermilov
3ee3cd3165 Replace shell's positional parameters safely. 2004-04-28 09:09:27 +00:00
Poul-Henning Kamp
edf28a672b When using this in non-NFSroot circumstances, mount -t nfs may
return empty.  Add a dummy element to prevent the alternate action
of the shell builtin "set"
2004-04-27 15:42:34 +00:00
Simon L. B. Nielsen
f59f70e231 Removes the check for the existence of the sysctl variable
debug.watchdog since it is not created by hardware watchdog(4) devices.
The watchdog(4) device is always compiled in the kernel, so removing the
check should not cause any problems.

Approved by:	phk
2004-04-26 19:41:37 +00:00
Darren Reed
da48dbe191 apply patch so pr can be closed
PR:		misc/56715
Submitted by:	grant@NetBSD.org
Reviewed by:	darrenr
2004-04-20 13:30:49 +00:00
Max Khon
ca813d2986 sendmail_submit_enable and sendmail_outbound_enable checks were reverted.
Found by:	Morten Rodal <morten@rodal.no>
2004-04-17 19:09:09 +00:00
Brooks Davis
7aa81b88a2 Actually install preseedrandom.
Reported by:	bde
2004-04-17 04:12:27 +00:00
Brooks Davis
21462105eb Remove bogus checks on the value of ${entropy_file} and hardcode out
entropy source to /entropy.  We have to assume there is no rc.conf at
this stage of the boot process.

Reported by:	njl
2004-04-15 18:23:14 +00:00
Brooks Davis
6ea20e1c98 Band-aid diskless booting by running a new preseedrandom script before
initdiskless.  The output of several commands and if available the
contents of /entropy are feed into /dev/random to kickstart the PRNG.
/etc/rc.d/initrandom is left alone to maintain the previous behavior as
much as possiable.

Further work in this area is probably needed.

Discussed with:	markm
2004-04-15 17:52:53 +00:00
Brooks Davis
ff356053a1 Catch up with diskless split "diskless" is no longer provided.
Suggested by:	cperciva
2004-04-12 18:11:00 +00:00
Mark Murray
37c79b8006 Take into account hardware-supplied entropy. If the entropy source
is hardware, the Yarrow initialisations don't need to be done.
2004-04-09 15:56:16 +00:00
Wes Peters
85d4d6aa5b Style fixes, as suggested by Jens Schweikhardt <schweikh@schweikhardt.net> 2004-04-06 23:15:48 +00:00
Wes Peters
6e46025ebf Split ramdisk processing in two so it can actually work. Ownerships
and permissions specified per rc.conf(5) now apply both to the md
device and to the mountpoint directory, after the mount has completed.
This has to be done in two steps, because chown is not available
until after /usr has been mounted, but the mdconfig and newfs steps
have to complete before fstab processing.
2004-04-06 18:26:43 +00:00
Max Khon
a3e34d6908 Add separate script for natd. This fixes race condition with "ipfw restart"
(when new natd is started before old natd died) and allows to manage natd
without touching ipfw.

natd should probably be killed with SIGKILL when stopping natd.
2004-04-05 16:29:45 +00:00
Max Khon
299b2a180b Allow this script to be used for Postfix:
- Use sendmail_foo variables after load_rc_config so that they actually work.
- Utilize sendmail_procname.
- Check sendmail_submit_enable instead of sendmail_enable when dealing
with mail submission MTA.
2004-04-05 16:26:22 +00:00
Max Laier
6cd9ebedd7 Add rc.d script to start pflogd and add rcvars etc. Also document vars in
rc.conf(5) and put a sample entry to newsyslog.conf

Reviewed by:	-current
Approved by:	bms(mentor)
2004-04-02 19:25:27 +00:00
Kirill Ponomarev
0a25d7a9ea - Use "/bin/hostname" explicitly instead of "hostname".
Approved by:	tobez
MFC after:	1 week
2004-04-02 12:18:40 +00:00
Luigi Rizzo
99e9614386 Extensive documentation changes to the script, but only
comments and empty lines have been touched.

All of this should go in the diskless(8) manpage, now if we had
some kind of 'literate programming' tool to extract the comments
from the script and put them in a reasonable nroff format, it
would be a lot easier to keep code and docs in sync
2004-03-31 08:43:20 +00:00
Luigi Rizzo
220ee8be37 Minor changes mostly as discussed on the lists a few days ago:
+ SUBDIR.cpio.gz prevents files from SUBDIR/ to be copied when
   priming the memory filesystems. This restores the old behaviour
   and makes the copy process a lot more efficient

 + look for templates also in the list of directories supplied by
   bootp/dhcp via the T134 option aka kern.bootp_cookie

 + keep track of directories temporarily mounted with "remount"
   or "diskless_remount" commands and unmount them once we are done
   with them (at the end of this script).
2004-03-31 07:24:15 +00:00
Dag-Erling Smørgrav
696733c7fa Fix the case where $ntpdate_hosts was not specified and /etc/ntp.conf
does not exist.

Submitted by:	ru
2004-03-29 20:00:54 +00:00
Doug Barton
af85ab16a3 A few small cleanups:
1. Add the shutdown keyword so that the script is run at shutdown time,
and the mixer* files are saved.
2. Twiddle whitespace.
3. Remove an unecessary function, and therefore collapse one variable.
2004-03-27 09:26:22 +00:00
Max Laier
f5559064a9 Install the pf rc.d-script (missed Makefile update in original commit)
Approved by:	bms(mentor)
2004-03-24 21:54:44 +00:00
Pawel Jakub Dawidek
b4dae77e8b Added 'nojail' keyword for rc.d/mixer script, while mixer(8) is not
usable in jail by default (no /dev/mixer).
2004-03-24 12:49:34 +00:00
Brooks Davis
3e091039ee Overhaul the /etc/rc.d/diskless script by splitting it out into
hostname, resolve, tmp, and var scripts.  The latter three are new and
were repo copied.  These scripts no longer depend on being booted with
and NFS root instead attempt to automaticly create mfs /tmp and /var
volumes if the they are not writable.  This behavior can be overridden
in /etc/rc.conf.

Reviewed by:    luigi, pjd
2004-03-23 23:22:35 +00:00
Max Laier
1f4408f321 Add rc.d script for pf(4) (more to come once pflogd(8) works as well).
Update defaults and write some lines for rc.conf(5) also.
Mostly dup'ed from ipf

Reviewed by:	-current
Approved by:	bms(mentor)
2004-03-23 22:30:15 +00:00
Dag-Erling Smørgrav
75213c3ed7 Set start_cmd and stop_cmd correctly so the code that extracts the names
of the ntp servers from ntp.conf is actually used.  Remove pidfile since
ntpdate is not a daemon.
2004-03-22 16:35:35 +00:00
Brian Feldman
1cc06a21b6 Add a way for rc.d/devfs to set more than just the system devfs up.
Yes, this means for stuff OTHER than jails, too.  Example usage:
#devfs_system_ruleset="root"
devfs_set_rulesets="/dev=root /etc/namedb/dev=named_devfs"
2004-03-20 07:10:16 +00:00
Chad David
450e8255a1 Echo and pass dumpdev as the device argument to savecore.
PR: bin/51655
2004-03-18 15:18:20 +00:00
John Baldwin
659dc72f99 Add a mixer script that saves the current settings of all mixers present
in the system on shutdown and restores the settings on boot.  The settings
can also be reset to the saved values via 'mixer reload'.

Reviewed by:	current@
2004-03-15 23:09:17 +00:00
Wes Peters
68898c7350 Add script for creating ramdisks at boot time, in time to be processed
by fstab.
2004-03-15 18:36:21 +00:00
Doug Barton
0a54defb08 1. Remove the named_rcng variable. Mike's caution in this area was a good
thing, but we're ready to move on.

2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.

3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].

4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.

5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.

There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.

Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
2004-03-14 19:10:06 +00:00
Brooks Davis
14b34e45f8 If /conf/diskless_remount exists, use it to remount the entire /conf
directory.  This allows multiple roots (say for different architectures)
to share the same set of /conf files.
2004-03-12 04:40:16 +00:00
Tim Kientzle
9a7e5d92a7 Don't run fsck if there's no /etc/fstab.
In particular, this allows a "virgin" system installed from
source (installworld, installkernel, cd etc && make distribution)
to boot correctly and modestly simplifies the creation
of single-partition network/cdrom/CF bootable images.
2004-03-11 20:00:10 +00:00
Poul-Henning Kamp
4238829d77 Make this file more generally usable:
Trigger not only on diskless booting sysctls being set, but also
on the existence of the file "/etc/diskless".  But do not try to
extract IP# related keywords in that case.

Add a general "remount" facility to allow non-NFS remounting.
2004-03-09 23:06:50 +00:00
Pawel Jakub Dawidek
bd57d5b0f5 Mark scripts as not usable inside a jail by adding keyword 'nojail'.
Some suggestions from:	rwatson, Ruben de Groot <mail25@bzerk.org>
2004-03-08 12:25:05 +00:00
Bruce Evans
6ed53a0a05 Removed definition of NOPROG. It was just a style bug (a NetBSD macro
that became obsolete in NetBSD 22 months ago).

Submitted by:	ru
2004-03-05 16:13:22 +00:00
Pawel Jakub Dawidek
6be8dbad95 One tab too much. 2004-03-05 09:18:40 +00:00
Pawel Jakub Dawidek
303d38369a Teach 'hostname' script how to act inside a jail.
No objections from:	mtm, arch@
2004-03-05 09:17:01 +00:00
Mike Makonnen
fdf7479859 When this script included NetBSD specific logic, the NetBSD branch
included a start_precmd check for gated. The precommand was not
executed in the FreeBSD branch. When I did a mass removal of
NetBSD specific logic a while back this file apparently got only
a partial treatement. This bug did not have any functional consequences,
however, since the precommand was not declared to the rc.subr routines.

Noticed by: pjd
2004-03-05 08:03:04 +00:00
Mike Makonnen
fc3a64301a The syslogd script should require that /var is cleaned before it runs.
Otherwise it could be in the situation where its log socket is removed
after it has started.

Noticed by: jhay
2004-03-05 07:55:04 +00:00
Mike Makonnen
6e571c7035 Remove scripts we don't use from requirement lines. These were
hold-overs from the initial NetBSD import.
2004-03-05 07:43:38 +00:00
Bruce Evans
10c707cd50 Removed include of bsd.own.mk. It was just a style bug (half-baked
chumminess with the implementation).
2004-03-05 05:48:58 +00:00
Bruce M Simpson
140e05c9db Forgotten commit: Hook /etc/rc.d/ike up to the build. 2004-03-04 21:03:36 +00:00
Mike Makonnen
30c360afba From the PR:
Certain MTA configurations mean that the notifications from
	virecover keep bouncing; so here's a patch to allow administrators
	to turn them off.

PR:		conf/54910
Submitted by:	bms (with a minor cleanup)
2004-03-03 15:21:01 +00:00
Brian Feldman
2e8fe46f97 Further shuffle runcom ordering so that netif does not start before
ipfw, but ipfw and ipfilter do start before dhclient.
2004-02-29 01:42:48 +00:00
Brian Feldman
c9b510efc9 What depends on ipfilter should probably also start ipfw at the same time. 2004-02-27 22:08:19 +00:00
Christian Brueffer
7f69f64c25 Fix typo 2004-02-23 22:00:44 +00:00
Mike Makonnen
3c8e9ebafb Don't forget to enable the ipv6 firewall once the rules are loaded.
PR:		misc/61501
Submitted by:	Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
2004-02-19 06:53:24 +00:00
Mike Makonnen
097b26a617 In-line documentation.
Prodded by: alfred
2004-02-19 05:49:06 +00:00
Johan Karlsson
c1405562c4 Fix typo in comment, s/reebots/reboots/
PR:		62481
Submitted by:	Ulrich Spoerlein <q at uni.de>
2004-02-07 23:13:28 +00:00
Warner Losh
a88ffc6f99 ttys is gone, kill it here too 2004-02-07 15:46:20 +00:00
Mike Makonnen
a8811e9d1d Now that devfs is mandatory, there is no need to muck around
with tty/pty permissions.

Noticed by:	brooks
OKed:		phk
2004-02-07 07:10:25 +00:00
Dag-Erling Smørgrav
4cef3cb0e3 Require initrandom rather than random, since random requires
mountcritlocal, which requires disks, which gbde_swap provides.

Noticed by:	brooks
2004-02-05 21:40:37 +00:00
Dag-Erling Smørgrav
df3ac04211 We don't really need a lockfile, and most likely can't create one at
this point.
2004-02-04 15:53:49 +00:00
Mike Makonnen
33dc111393 o Unbreak the individual jail starting patch that I broke when
I committed it. Apologies to Juergen Unger <j.unger@addict.de>.
o When stopping jails output the hostname of the jails that
  were stopped.
o Refactor
o Remove extraneous empty line
o Correct spelling error
2004-02-03 12:59:30 +00:00
Dag-Erling Smørgrav
607b5a9109 Add support for initializing swap devices with random one-shot keys. Note
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.

Sponsored by:	Teleplan AS
2004-02-03 11:26:08 +00:00
Dag-Erling Smørgrav
87e1ee7afb Missed one in previous commit. 2004-02-03 10:22:55 +00:00
Dag-Erling Smørgrav
b324f932ff Style fixes. 2004-02-03 10:21:35 +00:00
Mike Makonnen
2104ae4ea4 Configure a jail sysctl value only if it is different than
what the rc.conf(5) knob specifies. Also, correct a minor
capitalization error.
2004-02-03 07:15:32 +00:00
Pawel Jakub Dawidek
40c0076346 Teach /etc/rc.d/dumpon script how to stop.
Reviewed by:	gordon
Approved by:	gordon, scottl (mentor)
2004-02-02 19:05:06 +00:00