Commit Graph

4638 Commits

Author SHA1 Message Date
hubertf
384aae98cc use full pathname of tar consistentlc
Patch provided in PR 14072 by Stoned Elipot <seb@script.jussieu.fr>
2001-09-26 13:48:27 +00:00
lukem
6b4ee83154 <sys/stat.h> is unnecessary 2001-09-26 07:05:39 +00:00
agc
ead534127e Print out the name of the detached signature file which is being used to
verify the binary package. Idea from Hubert Feyrer.
2001-09-25 11:42:56 +00:00
agc
03663b89ae Add a "-s verification-type" argument to pkg_add, which adds a callout
to a verification program for a binary package. The following callouts
are defined: "none", "gpg" and "pgp5".

This feature allows you to verify a binary package against a detached
signature file, and to proceed with the installation or not, depending
upon the level of trust you place in the signatory of the binary
package.

Digital signatures will be checked in a recursive manner (i.e. if
pkg_add is called with a verification type which is not "none", the
verification type will be passed to subsequent invocations of pkg_add
for the dependent packages).

At the current time, digital signatures cannot be used with the URL
form of pkg_add(1) - the detached signature file must be in the same
directory as the binary package, either locally or mounted by NFS.

If no -s argument is given, pkg_add(1) retains its current behaviour -
the package will not be verified before installation takes place.
2001-09-25 10:28:16 +00:00
tv
6042281606 Don't override the definition of LEX. 2001-09-25 01:40:09 +00:00
wiz
4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
perry
9864f0aae8 Add a -l flag which does "loose" permissions checks, i.e. a mode 444
matches a check for mode 644 (though obviously not the reverse). This
can be used by the nightly security run, making the output1 more useful
by having it contain fewer spurious permissions violations.

Note that I did not make -l work if you have a sgid/suid/sticky bit
set. I don't know how you could cause security trouble with more
stringent settings and a suid file, but I don't want to find out the
hard way.
2001-09-22 03:56:29 +00:00
thorpej
f189453cbc Pull in fbio.h from <dev/sun/fbio.h> 2001-09-19 16:16:03 +00:00
itojun
9a881fc0f7 typo in IPv6 support. listen to wildcard address correctly. 2001-09-18 04:36:28 +00:00
assar
2a2aa85a8d update infrastructure for krb4 1.1 and heimdal 0.4e 2001-09-17 12:34:40 +00:00
joda
f51bc9e68b use strtol instead of atoi to catch non numeric values 2001-09-17 10:05:57 +00:00
hubertf
5653bfc431 if creategid() fails, don't try to print system error message (use errx()
instead of err()), as all error cases in creategid() are already commented
properly from inside creategid().

This prevents funny errors like:

	miyu# groupadd test2
	miyu# groupadd test2
	groupadd: group `test2' already exists
	groupadd: can't add group: problems with /etc/group file: Inappropriate ioctl for device
2001-09-16 18:08:37 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
manu
171c550e3a Removed the HAVE_CLOCKCTL for now (it should not be enabled until all
ports use clockctl. Silly me!)
2001-09-16 09:12:50 +00:00
manu
98b40d754d Enable use of the clockctl device for ntpd (this feature has not yet been
commited to the ntp CVS)
2001-09-16 07:53:12 +00:00
thorpej
8b531ac998 By poppular demand, don't wildcard "bus" on the "list" command
by default.
2001-09-15 18:35:00 +00:00
enami
a88b4adee6 Zero clear the apm_power_info structure being passed to ioctl. 2001-09-15 02:42:26 +00:00
thorpej
477798fcac Fix missing : in a getopt() string. 2001-09-14 17:28:36 +00:00
thorpej
9ed4e90471 Build pcictl. 2001-09-13 23:51:39 +00:00
thorpej
0c91ac689b pcictl(8) -- a program for frobbing the PCI bus, and also an example
of how to use libpci.

Currently has "list" (list devices within a PCI domain) and "dump" (dump
PCI configuration header for a device) sub-commands.
2001-09-13 23:51:04 +00:00
itojun
de3a065dcc CPPFLAGS, not CFLAGS, for -D. 2001-09-13 13:02:20 +00:00
enami
69af775e86 - Bail out when failed to ioctl.
- Clear args to APM_IOC_GETPOWER.
2001-09-13 11:05:58 +00:00
enami
453bf8d640 KNF and other misc. stylistic changes. 2001-09-13 11:01:49 +00:00
thorpej
dd5462b93f Update for TCP timer changes. 2001-09-11 15:45:01 +00:00
thorpej
85f032ca45 Fix printf format. 2001-09-11 15:10:45 +00:00
enami
54d0f0cc4b Fix off-by-one error; root on sd0i shoule be rejected if maxpartition is 8. 2001-09-11 05:11:59 +00:00
itojun
55e8bc4e8b make sup/supfilesrv IPv6 ready. supfilesrv listens to single socket,
therefore, you will need two instances running for dual stack support
(one with -4 and one with -6).
2001-09-11 03:33:52 +00:00
itojun
c976c20dc0 correct 1st arg to select(). 2001-09-11 03:32:55 +00:00
simonb
2db48f4c88 Add "Remember to update distrib/sets..." lines (and NetBSD RCS IDs in
some cases).
2001-09-10 11:18:41 +00:00
lukem
617a65b6f7 replace home-grown parser with fparseln() 2001-09-10 03:22:24 +00:00
lukem
5c2ee5861d Incorporate the enhanced ffs_dirpref() by Grigoriy Orlov, as found in
FreeBSD (three commits; the initial work, man page updates, and a fix
to ffs_reload()), with the following differences:
- Be consistent between newfs(8) and tunefs(8) as to the options which
  set and control the tuning parameters for this work (avgfilesize & avgfpdir)
- Use u_int16_t instead of u_int8_t to keep track of the number of
  contiguous directories (suggested by Chuck Silvers)
- Work within our FFS_EI framework
- Ensure that fs->fs_maxclusters and fs->fs_contigdirs don't point to
  the same area of memory

The new algorithm has a marked performance increase, especially when
performing tasks such as untarring pkgsrc.tar.gz, etc.

The original FreeBSD commit messages are attached:

=====
mckusick    2001/04/10 01:39:00 PDT
  Directory layout preference improvements from Grigoriy Orlov <gluk@ptci.ru>.
  His description of the problem and solution follow. My own tests show
  speedups on typical filesystem intensive workloads of 5% to 12% which
  is very impressive considering the small amount of code change involved.

  ------

    One day I noticed that some file operations run much faster on
  small file systems then on big ones. I've looked at the ffs
  algorithms, thought about them, and redesigned the dirpref algorithm.

    First I want to describe the results of my tests. These results are old
  and I have improved the algorithm after these tests were done. Nevertheless
  they show how big the perfomance speedup may be. I have done two file/directory
  intensive tests on a two OpenBSD systems with old and new dirpref algorithm.
  The first test is "tar -xzf ports.tar.gz", the second is "rm -rf ports".
  The ports.tar.gz file is the ports collection from the OpenBSD 2.8 release.
  It contains 6596 directories and 13868 files. The test systems are:

  1. Celeron-450, 128Mb, two IDE drives, the system at wd0, file system for
     test is at wd1. Size of test file system is 8 Gb, number of cg=991,
     size of cg is 8m, block size = 8k, fragment size = 1k OpenBSD-current
     from Dec 2000 with BUFCACHEPERCENT=35

  2. PIII-600, 128Mb, two IBM DTLA-307045 IDE drives at i815e, the system
     at wd0, file system for test is at wd1. Size of test file system is 40 Gb,
     number of cg=5324, size of cg is 8m, block size = 8k, fragment size = 1k
     OpenBSD-current from Dec 2000 with BUFCACHEPERCENT=50

  You can get more info about the test systems and methods at:
  http://www.ptci.ru/gluk/dirpref/old/dirpref.html

                                Test Results

               tar -xzf ports.tar.gz               rm -rf ports
    mode  old dirpref new dirpref speedup old dirprefnew dirpref speedup
                               First system
   normal     667         472      1.41       477        331       1.44
   async      285         144      1.98       130         14       9.29
   sync       768         616      1.25       477        334       1.43
   softdep    413         252      1.64       241         38       6.34
                               Second system
   normal     329         81       4.06       263.5       93.5     2.81
   async      302         25.7    11.75       112          2.26   49.56
   sync       281         57.0     4.93       263         90.5     2.9
   softdep    341         40.6     8.4        284          4.76   59.66

  "old dirpref" and "new dirpref" columns give a test time in seconds.
  speedup - speed increasement in times, ie. old dirpref / new dirpref.

  ------

  Algorithm description

  The old dirpref algorithm is described in comments:

  /*
   * Find a cylinder to place a directory.
   *
   * The policy implemented by this algorithm is to select from
   * among those cylinder groups with above the average number of
   * free inodes, the one with the smallest number of directories.
   */

  A new directory is allocated in a different cylinder groups than its
  parent directory resulting in a directory tree that is spreaded across
  all the cylinder groups. This spreading out results in a non-optimal
  access to the directories and files. When we have a small filesystem
  it is not a problem but when the filesystem is big then perfomance
  degradation becomes very apparent.

  What I mean by a big file system ?

    1. A big filesystem is a filesystem which occupy 20-30 or more percent
       of total drive space, i.e. first and last cylinder are physically
       located relatively far from each other.
    2. It has a relatively large number of cylinder groups, for example
       more cylinder groups than 50% of the buffers in the buffer cache.

  The first results in long access times, while the second results in
  many buffers being used by metadata operations. Such operations use
  cylinder group blocks and on-disk inode blocks. The cylinder group
  block (fs->fs_cblkno) contains struct cg, inode and block bit maps.
  It is 2k in size for the default filesystem parameters. If new and
  parent directories are located in different cylinder groups then the
  system performs more input/output operations and uses more buffers.
  On filesystems with many cylinder groups, lots of cache buffers are
  used for metadata operations.

  My solution for this problem is very simple. I allocate many directories
  in one cylinder group. I also do some things, so that the new allocation
  method does not cause excessive fragmentation and all directory inodes
  will not be located at a location far from its file's inodes and data.
  The algorithm is:
  /*
   * Find a cylinder group to place a directory.
   *
   * The policy implemented by this algorithm is to allocate a
   * directory inode in the same cylinder group as its parent
   * directory, but also to reserve space for its files inodes
   * and data. Restrict the number of directories which may be
   * allocated one after another in the same cylinder group
   * without intervening allocation of files.
   *
   * If we allocate a first level directory then force allocation
   * in another cylinder group.
   */

    My early versions of dirpref give me a good results for a wide range of
  file operations and different filesystem capacities except one case:
  those applications that create their entire directory structure first
  and only later fill this structure with files.

    My solution for such and similar cases is to limit a number of
  directories which may be created one after another in the same cylinder
  group without intervening file creations. For this purpose, I allocate
  an array of counters at mount time. This array is linked to the superblock
  fs->fs_contigdirs[cg]. Each time a directory is created the counter
  increases and each time a file is created the counter decreases. A 60Gb
  filesystem with 8mb/cg requires 10kb of memory for the counters array.

    The maxcontigdirs is a maximum number of directories which may be created
  without an intervening file creation. I found in my tests that the best
  performance occurs when I restrict the number of directories in one cylinder
  group such that all its files may be located in the same cylinder group.
  There may be some deterioration in performance if all the file inodes
  are in the same cylinder group as its containing directory, but their
  data partially resides in a different cylinder group. The maxcontigdirs
  value is calculated to try to prevent this condition. Since there is
  no way to know how many files and directories will be allocated later
  I added two optimization parameters in superblock/tunefs. They are:

          int32_t  fs_avgfilesize;   /* expected average file size */
          int32_t  fs_avgfpdir;      /* expected # of files per directory */

  These parameters have reasonable defaults but may be tweeked for special
  uses of a filesystem. They are only necessary in rare cases like better
  tuning a filesystem being used to store a squid cache.

  I have been using this algorithm for about 3 months. I have done
  a lot of testing on filesystems with different capacities, average
  filesize, average number of files per directory, and so on. I think
  this algorithm has no negative impact on filesystem perfomance. It
  works better than the default one in all cases. The new dirpref
  will greatly improve untarring/removing/coping of big directories,
  decrease load on cvs servers and much more. The new dirpref doesn't
  speedup a compilation process, but also doesn't slow it down.

  Obtained from:	Grigoriy Orlov <gluk@ptci.ru>
=====

=====
iedowse     2001/04/23 17:37:17 PDT
  Pre-dirpref versions of fsck may zero out the new superblock fields
  fs_contigdirs, fs_avgfilesize and fs_avgfpdir. This could cause
  panics if these fields were zeroed while a filesystem was mounted
  read-only, and then remounted read-write.

  Add code to ffs_reload() which copies the fs_contigdirs pointer
  from the previous superblock, and reinitialises fs_avgf* if necessary.

  Reviewed by:	mckusick
=====

=====
nik         2001/04/10 03:36:44 PDT
  Add information about the new options to newfs and tunefs which set the
  expected average file size and number of files per directory.  Could do
  with some fleshing out.
=====
2001-09-06 02:16:00 +00:00
christos
9a9926ee57 PR/13874: Hubert Feyrer: Add -L class to useradd 2001-09-05 21:37:32 +00:00
itojun
bc0d6cdd22 sync with the latest kame.
- select() with the right maxfd.
- don't write() with len <= 0.
- no wacky macro ERRSTR.
2001-09-05 01:22:24 +00:00
itojun
a12c72c978 sync with the latest KAME tree.
- don't use FD_SETSIZE on select
- "sin" conflicts with math library, so use sin6
- other minor updates
2001-09-05 01:17:31 +00:00
drochner
e569277f0d -fix uninitialized "verbose" flag
-add iso2, iso7 encodings
2001-09-04 17:59:04 +00:00
wiz
c1434a021e Don't mention /usr/local/lib/isdn, since it's not used (anymore?). 2001-09-03 01:22:54 +00:00
lukem
e3ba61f9f3 Incorporate fix by iedowse @ FreeBSD to allow disks with large numbers of
cylinder groups to work correctly, with minor modifications by me to work
with our FFS_EI code.  From the FreeBSD commit message:

	The ffs superblock includes a 128-byte region for use by temporary
	in-core pointers to summary information. An array in this region
	(fs_csp) could overflow on filesystems with a very large number of
	cylinder groups (~16000 on i386 with 8k blocks). When this happens,
	other fields in the superblock get corrupted, and fsck refuses to
	check the filesystem.

	Solve this problem by replacing the fs_csp array in 'struct fs'
	with a single pointer, and add padding to keep the length of the
	128-byte region fixed. Update the kernel and userland utilities
	to use just this single pointer.

	With this change, the kernel no longer makes use of the superblock
	fields 'fs_csshift' and 'fs_csmask'. Add a comment to newfs/mkfs.c
	to indicate that these fields must be calculated for compatibility
	with older kernels.

	Reviewed by:    mckusick
2001-09-02 01:58:30 +00:00
reinoud
ec98fbc0db Code cleanup; remove all `#ifdef sgi' from the code... this clobbered the
code considerably and was mainly providing SGI specific logging facilities
and some hacks to improve the relyablility on SGI systems by increasing
priorities etc...
2001-09-02 00:13:05 +00:00
itojun
ee42f09d5b upgrade to KAME 2001/8/31. 2001-08-31 10:36:08 +00:00
lukem
c56418af73 some improvements from freebsd/openbsd
- replace the unused fs_headswitch and fs_trkseek with fs_id[2], bringing
  our struct fs closer to that in freebsd & openbsd (& solaris FWIW)
- dumpfs: improve warning message when cpc == 0
2001-08-30 14:37:25 +00:00
itojun
7cdedd5c84 use strlcpy. from openbsd 2001-08-30 00:53:53 +00:00
itojun
c9e786ce9e security fix from openbsd:
Fix buffer oflow reading from queue file.  While we are at it, crank
the size of buffers that can hold filenames to MAXPATHLEN.
2001-08-30 00:51:50 +00:00
wiz
251b3464be heirarchy -> hierarchy 2001-08-24 10:24:45 +00:00
hubertf
c5967dbc76 Fix typo: heirarchies 2001-08-24 00:48:48 +00:00
itojun
d5e1f166e0 sync with latest kame tree. snprintf() return value audit, log() cleanup,
and such.
2001-08-22 08:52:35 +00:00
itojun
029bd4843d sync with kame better. snprintf return value audit. 2001-08-22 05:24:37 +00:00
yamt
7bc6654ad8 disable unnecessary warning when PKG_PATH isn't set. 2001-08-21 18:38:40 +00:00
wiz
1e378c4c12 precede, not preceed. 2001-08-20 12:00:46 +00:00
hubertf
194031e9be Don't do FTP stuff when operating on all pkgs
Adresses PR 13397 by Greg A. Woods <woods@weird.com>
2001-08-19 23:33:35 +00:00
ad
e04fd20395 Clean up previous. 2001-08-19 09:01:47 +00:00