- nss_mdns renamed to nss_multicast_dns for clarity and less chance of
confusion with nss_mdnsd (see next).
- Support using mdnsd for all unicast too with new nss_mdnsd module
(note: this mode requires an updated mdnsd too, not yet committed)
- Implement resolv.conf "search" directive support. Needed for nss_mdnsd,
potentially useful with nss_multicast_dns (you could now do
"search example.com local" in resolv.conf if you wanted to and it would
act as you might expect)
- Add references in nsswitch.conf man page and sample file
- Implement AI_CANONNAME
- Various bug fixes
These match what is really installed.
I know the man links are there too. But this helps in the
case where someone has printed man pages but only has one
man page printed per inode -- so best to refer to the known Dt name.
in rc.subr to be marked as optional. This means that it's not an
error if the file system is not mentioned in /etc/fstab. It is
still an error if something else goes wrong.
Change the defaults for these two variables in /etc/defaults/rc.conf:
critical_filesystems_local="OPTIONAL:/var"
critical_filesystems_remote="OPTIONAL:/usr"
and which can suppress output in silent mode. Silent mode is enabled
via the new rc_silent variable, which defaults to a value that depends
on the kern.boothowto sysctl.
Part of the /etc/rc silent changes requested in PR 41946
and proposed in tech-userlevel.
makes {MK,HAVE_}BINUTILS consistent with {MK,HAVE_}{GCC,GDB}.
Allow MKBFD to defines MKBINUTILS as a backwards compatibility hook.
Update the sets lists and add conditionals for lib{bfd,opcodes}.
NO/FALSE/OFF/0, so explain that.
* Change all "Foo: YES or NO. If not set to YES then ..." to
"Foo: Boolean value. If false then ...".
* Some rewording for clarity.
allows you to invoke rndctl(8) during the boot.
* Add rndctl=NO and rndctl_flags="" to /etc/defaults/rc.conf.
* Document rndctl and rndctl_flags variables in rc.conf(5).
- Make MD poffd(8) retire, and use MI powerd(8) instead of it.
- Make /dev/pow1 retire, because nobody holds /dev/pow0 any longer.
Use /dev/pow0 for pow(4) ioctl.
- POWIOCSSIGNAL ioctl which is for poffd(8) is also obsoleted.
0 Minimal output ("quiet")
1 Describe what is occurring
2 Describe what is occurring and echo the actual command
3 Ignore the effect of the "@" prefix in make commands
4 Trace shell commands using the shell's -x flag
The default remains MAKEVERBOSE=2.
- introduce X11FLAVOUR to choose src/x11 vs src/external/mit/xorg
for the X11 to build if MKX11=yes is set. it takes the values
of either Xorg or XFree86.
- default to Xorg on alpha, i386, macppc, shark, sparc and sparc64
- remove MKXORG_WITH_XSRC_XSERVER, unused and never useful
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"
MAKEVERBOSE MKATF MKGCCCMDS MKINET6 MKISCSI MKLDAP MKNVI
MKPCC MKPCCCMDS MKPIE MKPUFFS MKSTATICLIB MKX11 MKXORG
USE_HESIOD USE_INET6 USE_JEMALLOC USE_KERBEROS USE_LDAP
USE_PAM USE_SKEY USE_SSP USE_YP
Part of PR 29233
We really need one place to document this stuff, or at least the
canonical "installed" reference. Currently we have:
src/share/mk/bsd.README
src/doc/BUILDING.mdoc (for src/BUILDING)
src/share/man/man5/mk.conf.5 (for mk.conf(5))
into the kernel. Based on a patch by jmcneill@, with many fixes and
improvements by me.
- Put MEMORY_DISK_DYNAMIC and MODULAR into the GENERIC kernels, so that
you can load miniroot.kmod from the boot blocks and boot into the
installer!
btuartd(8) should be named btattach(8) for consistency
with other parts of NetBSD
make btattach(8) a single-use tool for less complexity
device specicific initialisation (from btuart(4)) is carried
out prior to activating the line discipline (in btattach(8)),
which simplifies the API somewhat and means that the user
tool and the kernel do not need to be kept in sync.
btuart(4) driver is much reduced; naming is made consistent
and all tsleep() and delay() are removed to userland
/etc/mtree/special not just add new entries.
Explain that check_mtree_follow_symlinks will give reports of links not
being links (notably /etc/localtime)
- Document the signatures file format in a veriexec(5) man-page,
- Document the strict levels and a general Veriexec intro in veriexec(8)
instead of security(8).
Okay blymn@.
will be extended to other appropriate ports in future. Note as such in the
bugs section.
This is an MI man page, so should not be flagged as i386 in the header.
This allows easy configuration of banner text, console device and timeout
as well as allowing menus of commands to be displayed. If /boot.cfg
is not present, then the existing behaviour does not change.
The sections in the boot loader source are surrounded by #ifdef SMALL
allowing this functionality to be removed if space is at a premium.
Thank you, wiz, for the few mandoc suggestions.
I slightly reworded part of the description and removed the
advertising clause from the version I posted to tech-userlevel.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
removed.)
Add rebuild_whatisdb weekly variable that defaults to NO.
This is for running makewhatis weekly.
This defaults to NO because it is not needed using just base sets/default
install which provide the whatis.db file(s).
disable the test. There is no "test". So it is confusing.
Instead say:
The variables described below can be set to ``YES'' or ``NO'' in the
/etc/weekly.conf file. The default settings are in the
/etc/defaults/weekly.conf file. (Note that you should never edit
/etc/defaults/weekly.conf directly, as it is often replaced during system
upgrades.)
(I don't suggest that all are YES because of a possible upcoming
addition.)
Enabled via per_user_tmp in /etc/rc.conf (default off).
See security(8) and rc.conf(5) for more details.
Lots of input from thorpej@ & christos@, thanks!
remove pseudo-device btdev(4) and inherent limitations
add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.
btdevctl(8) and its cache is updated to handle new semantics
etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.
The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.
Drivers for both PCMCIA and USB bluetooth controllers are included.
display or mouse variable should be changed. This is backwards compatible
with the old setvar style: if the argument is not specified, it defaults
to `keyboard'.
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.
Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
headers and LKM.
Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.
Both options default to yes, so nothing changed in the default build.
Reviewed by lukem.
jmmv