The output without the dollar sign is less confusing as it's actual
valid shell syntax:
$ /etc/rc.d/foo rcvar
# food
food=YES
Brought up on tech-userlevel@ by Rocky Hotas with some LGTMs from
other people and no objections.
We still refer to '$food' in warnings/errors though.
The /dev/acpi character device gives an aperture into physical memory
that allows only read access to known ACPI tables: RSDP, XSDT/RSDT, and
the root tables. Adapt acpidump(8) to use this interface by default,
falling back to the old /dev/mem method if it is not available or if
ACPIDUMP_USE_DEVMEM=1 is set in the environment. The user visible benefit
of this change is that "options INSECURE" is no longer required to
dump ACPI tables.
- Use "-6" instead of "--noipv4" as it seems more appropriate based on
the dhcpcd(8) manual page.
- Remove "-f /dev/null" as it seems unnecessary with "-6".
- Remove "--persistent" as it is in the default /etc/dhcpcd.conf,
and this way the user can change it, if they would like to (either
through dhcpcd_flags or by editing /etc/dhcpcd.conf).
The "-b" (or "--background") option is needed to avoid a timeout error
message (and a delay in booting), so it is still left in place.
- Use the "pool" keyword for obtaining servers from ntp.pool.org.
- Add "tos minclock" and "tos maxclock" to limit the number of servers.
- Add "restrict source" to apply appropriate restrictions to servers.
(Specifically "nopeer" cannot be applied to "pool" servers.)
- A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so
that we get both IPv4 and IPv6 addresses. (No addresses are returned
for just "netbsd.pool.ntp.org.")
- Add a comment about "tinker panic 0" -- useful for VMs and laptops.
- Add a comment about "discard minimum" -- useful for some SNTP clients.
- Add an explanation for the "limited" restriction keyword.
- Unify whitespace and comment formatting.
This results in correct updates to /etc/motd even when the value of
motd_release_tag is changed (a likely event).
Add safe quoting to outputting the read kernel version.
Thanks to kre@ for the feedback.
My personal preferencese for /etc/rc.conf:
update_motd_release=YES
motd_release_tag='Binaries: '
This provides an explanation to users about the second version in motd.
builds on modern systems and seems to have been added as a workaround for
some 2004-era Linux NFS bug. Guessing that the issue has been sorted out
in the meantime.
Still planning to replace wgconfig(8) and wg-keygen(8) by one wg(8)
tool compatible with wireguard-tools; update wg(4) for the minor
changes from the 2018-06-30 spec to the 2020-06-01 spec; &c. This just
clarifies the current state of affairs as it exists in the development
tree for now.
Mark the man page EXPERIMENTAL for extra clarity.
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:
# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL
This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.
This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
rndctl -S triggers entropy consolidation, so whatever we gathered
during kernel startup -- interrupt timings, autoconf timings, &c. --
will be incorporated into the seed and into subsequent data read from
/dev/urandom, just like if rndctl -L had run at this boot, and the
seed will carry them into the next boot too.
But it still avoids frequently consolidating entropy on any regular
schedule, in order to continue to mitigate iterative-guessing
attacks.
- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.
XXX pullup
/netbsd/modules respectively instead of /netbsd and
/stand/<arch>/<version>/modules. This is only supported for x86,
and is turned off by default. To try it, add KERNEL_DIR=yes in your
/mk.conf and install a system from that build.
- Move /etc/daily from 03:15 -> 04:15
- Move /etc/weekly from 04:30 -> 05:30 (to keep the spacing)
This should prevent problems during daylight savings changeover (which
is usually between 01:00 -> 04:00, depending upon the region) where the
cronjobs may be executed twice, or never at all...
This expands on the previous fix in revision 1.13 from 1997.
It seems that working kernel should be more smaller.
Strip off most kernel options, and provide by kernel modules.
Also add GENERIC kernel for NFS root instead of FFS.
If you set zfs=YES, presumably you positively want the automatic rc.d
actions, so if there's no /sbin/zfs or if zfs can't find pools with
/etc/zfs/zpool.cache, presumably you would like feedback about that
in rc.log.
At this point it is highly unlikely this 1999 device still has users,
but it still comes up in the context of maxv's USB-fuzzing (and any device
could pretend to be a urio(4)), so it's best to get rid of it.
Renamed all major entries to obsolete, as was done in previous removals.
This still requires an update to sanitizers, but they're located in
"external", perhaps it should be first committed upstream?
Proposed on tech-kern a month ago.
Discussed on tech-kern:
https://mail-index.NetBSD.org/tech-kern/2020/01/13/msg025938.html
This was never (intentionally) enabled by default, and the design has
some shortcomings. You can get mostly the same results with ktrace,
as in usr.bin/make/filemon/filemon_ktrace.c which is now used instead
of filemon for make's meta mode.
If applications require higher performance than ktrace, or nesting
that ktrace doesn't support, we might consider adding something back
into the vfs system calls themselves, without hijacking the syscall
table. (Might want a more reliable output format too, e.g. one that
can handle newlines in file names.)
script takes care of mounting filesystems.
Don't try to unmount all file systems before unloading the ZFS module, leave
that to the operator in preperation or the mountall script to take care
of. Module will of course fail to unload then if file systems are still
mounted.
script from wroking if the system is booted into single user mode & then
moved onto multi-user mode.
Reported by <pgoyette> for NPF but the issue is there in PF too.
With this switch processes (such as xconsole) can open /dev/console
without breaking login on the text or serial console. This can be
trivially triggered by enabling xdm in rc.conf and hitting
Ctrl+Alt+F1 or equivalent once booted.
The changes:
- Add entry for /dev/console or /dev/constty if missing
- If a port's had /dev/console 'on' switch it off and enable /dev/constty
- If a port did not have /dev/console 'on', leave /dev/constty off
Some ports had /dev/console off and /dev/ttyE0 enabled, presumably to
avoid just this issue. It may make sense to adjust these also (but not
in this pass)
As discussed on current-users
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.
Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.
from userland via /dev/vhci. Using this, it becomes possible to test and
fuzz the USB stack and all the USB drivers without having the associated
hardware.
The vHCI device has four ports independently addressable.
For each xfer on each port, we create two packets: a setup packet (which
indicates mostly the type of request) and a data packet (which contains
the raw data). These packets are processed by read and write operations
on /dev/vhci: userland poll-reads it to fetch usb_device_request_t
structures, and dispatches the requests depending on bRequest and
bmRequestType.
A few ioctls are available:
VHCI_IOC_GET_INFO - Get the current status
VHCI_IOC_SET_PORT - Choose a vHCI port
VHCI_IOC_USB_ATTACH - Attach a USB device on the current port
VHCI_IOC_USB_DETACH - Detach the USB device on the current port
vHCI has already allowed me to automatically find several bugs in the USB
stack and its drivers.
Enable in all the supported variations for NetBSD/amd64:
- Address Sanitizer
- Thread Sanitizer
- Memory Sanitizer
- Undefined Behavior Sanitizer
- SafeStack
- libFuzzer
- XRay
This change enables the features on amd64 for start.
We probably don't need more than one pci file, but the code needs to be
changed for it, which might introduce problems, and we're just before a
branch.
Not needed for evbarm because it uses devpubd by default.
Stopgap fix for PR xsrc/54388.
Also add the other gm20x nouveau firmwares to the source tree
to make it easier to add them for someone who can test them.
Installed if MKNOUVEAUFIRMWARE is set to 'yes'.
This defaults to no except on amd64 and i386 (like for radeon).
martin