Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).
create a revolve_hostname helper to avoid code duplucation.
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.
- nuageinit: bootcmd() function follows the same pattern as runcmd(),
writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
It is the first entry in the pre_network_calls table.
- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
after /usr/libexec/nuageinit completes, before unmounting the config
drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
The unquote() function took a const char * parameter but modified the
string in-place (removing quote characters). Change the parameter to
char * and update callers that passed const char * to cast explicitly.
The 'name' variable could be left uninitialized if neither the
positional argument nor -n is supplied, leading to undefined
behavior when passed to getgroup().
Some upstream result files introduced in file 5.47 (e.g., bgcode.result)
lack a trailing newline, causing the contrib_file_tests ATF test to
fail with "cmp: EOF on bgcode.result". Generate normalized copies
of the expected results and install those instead.
MFC after: 3 days
Fixes: e949ce9dc0
Fallback to trying the "CentOS Strean Composes" repo for the qcow2
images if the regular URLs fail. The Composes repo contains the daily
autobuilt Stream images.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes#18628
When CONFIG_RCU_CPU_STALL_TIMEOUT is configured an RCU stall which
exceeds the default timeout will trigger an NMI and panic the VM.
Given the heavily virtualized nature of the CI environment we want
to make sure to only trigger this due to a real deadlock and not
due to over-subscription of the systems resources. This timeout
normally defaults to 20-30 seconds and this change increases it
to 120 seconds.
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes#18624
CodeQL Action v3 has been deprecated and will be retired
December 2026. Update codeql.yml to use CodeQL Action v4
and update the runner to ubuntu-24.04.
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes#18629
This workflow was disabled 'on push' recently in commit 1916c2c5
to reduce redundant CI runs. However, this check is fairly quick
and we want it run regularly against the branches. Enable it.
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes#18627
The smartctl exception in /etc/sudoers.d/zfs doesn't cover devices
like NVMe or symlinked devices. Just get rid of it rather than
keep maintaining it.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes#18626
* pipebuf is a size but is listed as a count
PR: 295623
MFC after: 1 week
Fixes: f54f41403d ("usr.bin/limits: support RLIMIT_PIPEBUF")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D57456
Commit 4d80d4913e fixed a long standing bug in the recovery
code. However. glebius@ reported seeing multiple
recovery cycles with this patch during an NFSv4.1/4.2
server reboot.
This commit should minimize the risk of multiple
recovery cycles.
PR: 294925
Reported by: Jov <amutu@amutu.com>
MFC after: 2 weeks
Fixes: 4d80d4913e ("nfs: Fix argument typo to avoid a crash")
Some of our random write benchmarks on a fragmented pool show that
single-threaded portion of sync process (txg_sync_thread) can use
up to 45% of CPU time. Most of it is consumed by metaslab_sync()
and metaslab_sync_done(), during which time the pool is not doing
anything else.
While metaslab_sync() is not trivial to parallelize due to having
single spacemap log, metaslab_sync_done() is doing only per-metaslab
accounting and they can run in parallel. Even better, we can run
them while waiting for vdev label update and cache flush I/Os.
With this patch on my test system similar test randomly writing 12
100GB files with 4KB blocks shows IOPS increase from 176K to 220K.
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin@TrueNAS.com>
Closes#18622
Add missing SSH cloud-config options from cloud-init spec:
- ssh_deletekeys: remove existing SSH host keys on first boot so
new ones are generated automatically by sshd(8).
Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
with a directory existence guard via lfs.attributes().
- disable_root: set PermitRootLogin to 'no' (or a custom value via
disable_root_opts) in /etc/ssh/sshd_config.
- disable_root_opts: optional string or array to override the
PermitRootLogin value used when disable_root is true. Only the
first array element is used.
Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.
Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().
Add test case for missing file creation.
Replace check-then-create patterns with direct creation:
- addsshkey: check what exists before creation, use mkdir_p() for
.ssh directory, handle errors with warnmsg() instead of assert().
Apply chmod/chown only on newly created files/directories.
- adddoas: same pattern for doas.conf and the etc directory.
- addsudo: same pattern for the sudoers file and sudoers.d directory.
All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
- f:close(cmd) -> f:close() in adduser() and exec_change_password():
the 'cmd' argument is not standard Lua and is silently ignored.
- Remove dead 'precmd' variable in adduser().
Validate hostnames before writing them:
- Reject empty hostnames
- Reject hostnames longer than 253 characters
- Reject hostnames with invalid characters
- Reject hostnames starting or ending with dot/hyphen
- Reject labels longer than 63 characters
- Reject labels starting or ending with hyphen
Expand the sethostname test to cover all rejection cases.
Update nuage.sh sethostname_body to ignore stderr (warnings).
The caller wants the parent vnode, which cannot be provided for emptypath
lookups.
Reported and reviewed by: markj
Fixes: 12c590a9ab ("bindat(2)/connectat(2): allow implicit EMPTYPATH for unix domain sockets")
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57448
The main change is switching `unit-coverage` to run
scripts/coverage_report.pl, to get nice coverage summary output on the
commandline. The previous behaviour moves to `unit-coverage-html`.
Calls to lcov and genhtml are now silencing more warnings, and the
output file now gets branch coverage as well.
This should be compatible with both lcov 1.x and 2.x. It takes advantage
of the fact that 1.x is far more forgiving of both options it doesn't
understand, and of various kinds of "inconsistency" in the input data.
The rest is both simplifying and improving the rules. We keep the
coverage output around now, but still rebuild it if the binary changes.
The `clean` target now removes the coverage output too. And we use the
target name more often for building path names, as its far less noisy.
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@truenas.com>
Closes#18619
Instead of performing multiple operations on the path name in
zfs_key_config_modify_session_counter() open the file once and
perform the fchown, fchmod, and openat on the open file handle.
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes#18618
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
* Move settings duplicated in libarchive, bsdcat, bsdcpio, bsdtar, and
bsdunzip into libarchive's Makefile.inc.
* Drop some CFLAGS that merely duplicated some of the contents of our
platform configuration header.
MFC after: 1 week
Reviewed by: mm
Differential Revision: https://reviews.freebsd.org/D57307
style(9) still allows TAB after #define but this is a historical
artifact and by far the minority of uses cases. Going forward, we would
like to promote the use of a single space, as it allows alignment to
survive line prefixing (such as in diffs).
style(9) also has prescribed a single space between '#else' or '#endif'
and a comment recalling the guard since 2002.
So, commit 157c184689 ("assert.h: Remove leading tabs for whitespace
consistency") was good, and in line with rules about whitespace changes
(since the file was heavily modified by surrounding commits).
This commit is thus basically a revert of 439710cf00 ("assert.h:
Revert "Remove leading tabs for whitespace consistency"), which extended
replacing spaces with TABs in the code introduced in the meantime (after
commit 157c184689).
Reviewed by: fuz, imp
Fixes: 439710cf00 ("assert.h: Revert "Remove leading tabs for whitespace consistency")
MAC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57391
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.
Reviewed by: pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797