Set virtual_oss_enable="NO" in /etc/defaults/rc.conf

This prevents 'service -e' from emitting (/var/log/messages):

/usr/sbin/service: WARNING: $virtual_oss_enable is not set properly - see rc.conf(

Set virtual_oss_enable="NO" in /etc/defaults/rc.conf

This prevents 'service -e' from emitting (/var/log/messages):

/usr/sbin/service: WARNING: $virtual_oss_enable is not set properly - see rc.conf(5)

Pull Request: https://github.com/freebsd/freebsd-src/pull/1987
Reviewed by: christos
Signed-off-by: eborisch@gmail.com
MFC after: 1 week

show more ...

rc: Add os-release URL rc.conf variables

Add rc.conf defaults for the os-release URL settings introduced in the
os-release rc.d script. This makes it easier for downstream integrators
and appliances

rc: Add os-release URL rc.conf variables

Add rc.conf defaults for the os-release URL settings introduced in the
os-release rc.d script. This makes it easier for downstream integrators
and appliances to override the URLs via rc.conf instead of patching the
script.

The following variables are added to libexec/rc/rc.conf:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url

These correspond to HOME_URL, DOCUMENTATION_URL, SUPPORT_URL, and
BUG_REPORT_URL in the generated os-release file.

Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961

show more ...

ipfw: create "ipfw0" and "ipfwlog0" bpf tapping points without ifnet(9)

As a free bonus the tapping points are now able to match packet direction.

Reviewed by: ae
Differential Revision: https://re

ipfw: create "ipfw0" and "ipfwlog0" bpf tapping points without ifnet(9)

As a free bonus the tapping points are now able to match packet direction.

Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D53875

show more ...

rc: dmesg: Allow umask to be configurable

Allow umask to be configurable.

Being able to set the umask via an rc variable is useful when setting:

security.bsd.unprivileged_read_msgbuf=0

As it

rc: dmesg: Allow umask to be configurable

Allow umask to be configurable.

Being able to set the umask via an rc variable is useful when setting:

security.bsd.unprivileged_read_msgbuf=0

As it allows a user to configure:

dmesg_umask="066"

Without modifying the rc script, and preventing the contents of the
$dmesg_file (/var/run/dmesg.boot) from being publicly readable.

PR: 272552
Reviewed by: netchild
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53169

show more ...

rc.conf: Fix typo interferring -> interfering

Reviewed by: emaste
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53168

blocklist: Rename blacklist to blocklist

Follow up upstream rename from blacklist to blocklist.

- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anc

blocklist: Rename blacklist to blocklist

Follow up upstream rename from blacklist to blocklist.

- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anchor names should work, but emitting an ugly
warning
- Old MK_BLACKLIST* knobs are wired to the new ones

Although care has been taken not to break current configurations, this
is a large patch containing mostly duplicated code. If issues arise, it
will be swiftly reverted.

Reviewed by: ivy (pkgbase)
Approved by: emaste (mentor)
MFC after: 2 days
Relnotes: yes

show more ...

rc: Improve netwait DAD logic

Disable if IPv6 is not supported, and instead of 10 seconds, default to
one more than the value of net.inet6.ip6.dad_count.

Fixes: 5ead817c3b7a ("rc: Teach netwait to

rc: Improve netwait DAD logic

Disable if IPv6 is not supported, and instead of 10 seconds, default to
one more than the value of net.inet6.ip6.dad_count.

Fixes: 5ead817c3b7a ("rc: Teach netwait to wait for DAD")
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D52905

show more ...

rc: Teach netwait to wait for DAD

In some configurations, especially in jails, it is possible for the
system to boot so fast that we end up launching daemons while duplicate
address detection is sti

rc: Teach netwait to wait for DAD

In some configurations, especially in jails, it is possible for the
system to boot so fast that we end up launching daemons while duplicate
address detection is still ongoing. If that happens, said daemons may
fail to bind to IPv6 addresses, as they are still tentative. Teach the
netwait service to wait (up to 10 seconds, by default) for the tentative
flag to vanish.

MFC after: 1 week
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D51889

show more ...

Remove ftpd(8)

This was previously deprecated and is slated for removal in 15.0.
Users who still need ftpd(8) can install the ftp/freebsd-ftpd port.

Retain the ftp(d) PAM services since other FTP d

Remove ftpd(8)

This was previously deprecated and is slated for removal in 15.0.
Users who still need ftpd(8) can install the ftp/freebsd-ftpd port.

Retain the ftp(d) PAM services since other FTP daemons use them.

Update /etc/inetd.conf to point to /usr/local.

Add ftpd to ObsoleteFiles, but do not list configuration files since
users may want to preserve these to use with the freebsd-ftpd port.

There is still some language in the manual referring to ftpd(8)
which is relevant to the port, which has been retained but updated
to reference the port.

MFC after: 3 days
Relnotes: yes
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D52739

show more ...

moused(8): Start moused with devd

It is appeared that currently starting of moused does not depend on
moused_enable variable value in rc.conf. That leads to missing USB mice
support in default confi

moused(8): Start moused with devd

It is appeared that currently starting of moused does not depend on
moused_enable variable value in rc.conf. That leads to missing USB mice
support in default configuration. Start moused in traditional per
device mode with devd to follow POLA.

One daemon per system mode still can be enabled with setting of
moused_port="auto"
moused_nondefault_enable="NO"
variables in /etc/rc.conf

To revert to sysmouse mode add moused_type="sysmouse" to /etc/rc.conf

Reported by: many
Requested by: glebius
Reviewed by: glebius
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D52430

show more ...

moused(8): Add command line option to restrict interface type

to evdev or sysmouse. It is required to avoid receiving of double events
on hybrid devices supporting both interfaces like ums (4).

MFC

moused(8): Add command line option to restrict interface type

to evdev or sysmouse. It is required to avoid receiving of double events
on hybrid devices supporting both interfaces like ums (4).

MFC after: 1 day
Reviewed by: glebius (via private chat)
Differential Revision: https://reviews.freebsd.org/D52647

show more ...

moused(8): Add support for evdev protocol

The new daemon have following properties as compared with previous
incarnation:
- evdev protocol support for mices and touchpads. Additionally to
relative

moused(8): Add support for evdev protocol

The new daemon have following properties as compared with previous
incarnation:
- evdev protocol support for mices and touchpads. Additionally to
relative PS/2 and USB devices it enables console support for I2C/USB
touchpads and bluetooth mices.
- Other aged protocols like COM, raw PS/2 and X10 are dropped with only
exception of sysmouse. For those who still use them there is an
utility called msconvd(8).
- single daemon per system where hotplug is processed via devd socket.
Per device mode still supported too.
- Configuration and quirks files in libinput-compatible format.
Actually, the new moused config parser is taken from libinput.

The moused(8) can work in 2 modes:
1. Evdev support mode. It enables all previously mentioned devices.
It is enabled by deault.
2. Sysmouse support mode. All should work as before.
No new devices supported. To enable it add following lines to
/etc/rc.conf:
moused_port="/dev/psm0"
moused_nondefault_enable="YES"
One may add hw.usb.usbhid.enable=0 to /boot/loader.conf to enable
ums(4) driver which supports sysmouse protocol.

Differential Revision: https://reviews.freebsd.org/D52164

show more ...

Revert "Remove Secure RPC DES authentication"

This reverts commit 7ac276298b72982189ac1a5b17461936dc00163e.

Requested by: kib

Remove Secure RPC DES authentication

Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.

Remove the relevant symbols from libc's Symbol.map. Leave

Remove Secure RPC DES authentication

Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.

Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.

Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.

Remove the documentation for the old functions.

Remove rpc.ypupdated since it requires DES authentication.

Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442

show more ...

rc.conf: Use user.localbase to determine _localbase

When running an rc.d script outside of boot, ${_localbase} isn't set,
and rc.conf hardcodes the default value to /usr/local. Instead, try
to get

rc.conf: Use user.localbase to determine _localbase

When running an rc.d script outside of boot, ${_localbase} isn't set,
and rc.conf hardcodes the default value to /usr/local. Instead, try
to get the localbase from the user.localbase sysctl, and only fall
back to /usr/local if we can't for some reason.

This fixes e.g. /etc/rc.d/ldconfig when localbase has a non-default
value.

Reviewed by: imp, des
Differential Revision: https://reviews.freebsd.org/D51852

show more ...

random: Treat writes to /dev/random as separate from /entropy

RANDOM_CACHED is overloaded to refer both to entropy obtained from files
loaded by the boot loader, and entropy obtained via writes to
/

random: Treat writes to /dev/random as separate from /entropy

RANDOM_CACHED is overloaded to refer both to entropy obtained from files
loaded by the boot loader, and entropy obtained via writes to
/dev/random. Introduce a new source, RANDOM_RANDOMDEV, to refer to the
latter. This is to enable treating RANDOM_CACHED as a special case in
the NIST health test implementation.

Update the default harvest_mask in rc.conf to include RANDOM_RANDOMDEV,
preserving the old behaviour of accepting writes to /dev/random.

Bump __FreeBSD_version for modules which register a pure source, since
all of their values have now shifted.

Reviewed by: cem
MFC after: 3 months
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D51155

show more ...

rc.d: Add MIT KRB5 krb5kdc support

MIT KRB5 krb5kdc differs from the Heimdal kdc.

- The MIT kdc is named krb5kdc while the Heimdal one is named kdc.
- krb5kdc -d flag has a different meaning. krb5k

rc.d: Add MIT KRB5 krb5kdc support

MIT KRB5 krb5kdc differs from the Heimdal kdc.

- The MIT kdc is named krb5kdc while the Heimdal one is named kdc.
- krb5kdc -d flag has a different meaning. krb5kdc -d specifies a
database name. While the Heimdal kdc uses the -d flag to daemonize
it. krb5kdc automaticially daemonizes itself unless the -n flag is
specified.

We do this by looking at the name of the kdc program to determine if
we assume it's a Heimdal kdc or the MIT krb5kdc.

Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50813

show more ...

Remove vestiges of keyserv(8)

This daemon has been removed; also remove things which reference it.

Reviewed by: manu, des, emaste
Approved by: des (mentor)
Differential Revision: https://reviews.fr

Remove vestiges of keyserv(8)

This daemon has been removed; also remove things which reference it.

Reviewed by: manu, des, emaste
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50441

show more ...

rc.d: Add precious_machine rc.conf knob to create /var/run/noshutdown

Reviewed by: bapt, kevans, olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.fr

rc.d: Add precious_machine rc.conf knob to create /var/run/noshutdown

Reviewed by: bapt, kevans, olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D50166

show more ...

rc: Document rtadvd_flags

PR: 283696
MFC after: 1 week

rc.conf: Update commented examples for lo0 to use CIDR

In particular, a bare IP address no longer works.

Reviewed by: bz, imp, emaste
Differential Revision: https://reviews.freebsd.org/D47716

rc: Update ipfilter example rules location

It was originally /usr/src/contrib/ipfilter/rules and moved to
/usr/src/share/examples/ipfilter/rules in 41edb306f056.

Point to users to /usr/src/share/ex

rc: Update ipfilter example rules location

It was originally /usr/src/contrib/ipfilter/rules and moved to
/usr/src/share/examples/ipfilter/rules in 41edb306f056.

Point to users to /usr/src/share/examples/ipfilter instead, as the base
directory also contains example rules.

Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47392

show more ...

ipfilter: Set ipf -T optionlist at boot

There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.

PR: 130555
Reviewed by: jlduran
MFC

ipfilter: Set ipf -T optionlist at boot

There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.

PR: 130555
Reviewed by: jlduran
MFC 1 week
Differential Revision: https://reviews.freebsd.org/D47346

show more ...

dhclient: rc.conf option to disable ARP resolution

Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to tr

dhclient: rc.conf option to disable ARP resolution

Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.

Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368

show more ...

rc.conf: Leap-seconds sources: Add IANA back

11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only

rc.conf: Leap-seconds sources: Add IANA back

11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.

PR: 279413
Fixes: 11da791920ba
MFC after: 3 days

show more ...