310119 Commits

Author SHA1 Message Date
Baptiste Daroussin 6e54d00867 nuageinit: add tests for bootcmd, ssh_deletekeys, disable_root, manage_etc_hosts 2026-06-05 08:38:33 +02:00
Baptiste Daroussin ba58e8ad72 nuageinit: implement manage_etc_hosts support
Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).

create a revolve_hostname helper to avoid code duplucation.
2026-06-05 07:49:16 +02:00
Baptiste Daroussin b9be7608cd nuageinit: implement bootcmd support
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.

- nuageinit: bootcmd() function follows the same pattern as runcmd(),
  writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
  It is the first entry in the pre_network_calls table.

- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
  after /usr/libexec/nuageinit completes, before unmounting the config
  drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
2026-06-05 07:00:00 +02:00
Baptiste Daroussin ab478de1f9 pw: fix incorrect metalog path in mkdir_home_parents 2026-06-05 08:01:56 +02:00
Baptiste Daroussin fe1e912d5a pw: fix setmode(NULL) crash when homemode is a boolean value 2026-06-05 08:01:50 +02:00
Baptiste Daroussin 5f9c8f142d pw: fix const qualification in unquote()
The unquote() function took a const char * parameter but modified the
string in-place (removing quote characters). Change the parameter to
char * and update callers that passed const char * to cast explicitly.
2026-06-05 08:01:44 +02:00
Baptiste Daroussin 4fd8a69ec6 pw: fix inverted condition in shell_path error handling 2026-06-05 08:01:35 +02:00
Baptiste Daroussin 13f4a37b53 pw: fix uninitialized name pointer in pw_group_del
The 'name' variable could be left uninitialized if neither the
positional argument nor -n is supplied, leading to undefined
behavior when passed to getgroup().
2026-06-05 08:01:24 +02:00
Baptiste Daroussin 1cc5684b32 pw: remove duplicate pw_user_add declarations 2026-06-05 08:01:09 +02:00
Xin LI f7c0bd206f file: normalize .result files to ensure trailing newline on install
Some upstream result files introduced in file 5.47 (e.g., bgcode.result)
lack a trailing newline, causing the contrib_file_tests ATF test to
fail with "cmp: EOF on bgcode.result".  Generate normalized copies
of the expected results and install those instead.

MFC after:	3 days
Fixes:		e949ce9dc0
2026-06-04 21:48:19 -07:00
Tony Hutter 6cc4492607 CI: Add alternative URLs for CentOS stream
Fallback to trying the "CentOS Strean Composes" repo for the qcow2
images if the regular URLs fail.  The Composes repo contains the daily
autobuilt Stream images.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes #18628
2026-06-04 17:52:36 -07:00
Brian Behlendorf c4d0f3dd41 CI: Increase default RCU stall timeout on Linux
When CONFIG_RCU_CPU_STALL_TIMEOUT is configured an RCU stall which
exceeds the default timeout will trigger an NMI and panic the VM.
Given the heavily virtualized nature of the CI environment we want
to make sure to only trigger this due to a real deadlock and not
due to over-subscription of the systems resources.  This timeout
normally defaults to 20-30 seconds and this change increases it
to 120 seconds.

Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #18624
2026-06-04 17:41:11 -07:00
Brian Behlendorf cae1421e8d CI: Update CodeQL actions to v4
CodeQL Action v3 has been deprecated and will be retired
December 2026.  Update codeql.yml to use CodeQL Action v4
and update the runner to ubuntu-24.04.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #18629
2026-06-04 17:39:39 -07:00
Brian Behlendorf a851ba8eb9 CI: Re-enable CodeQL workflows on push
This workflow was disabled 'on push' recently in commit 1916c2c5
to reduce redundant CI runs.  However, this check is fairly quick
and we want it run regularly against the branches.  Enable it.

Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #18627
2026-06-04 16:55:48 -07:00
Tony Hutter 2076569ce8 Remove /etc/sudoers.d/zfs
The smartctl exception in /etc/sudoers.d/zfs doesn't cover devices
like NVMe or symlinked devices.  Just get rid of it rather than
keep maintaining it.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes #18626
2026-06-04 16:45:13 -07:00
Dag-Erling Smørgrav ad524568f9 limits: Fix pipebuf resource type
* pipebuf is a size but is listed as a count

PR:		295623
MFC after:	1 week
Fixes:		f54f41403d ("usr.bin/limits: support RLIMIT_PIPEBUF")
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D57456
2026-06-05 00:41:41 +02:00
Dag-Erling Smørgrav a85e39030f etcupdate: Make diff -l actually work
While here, remove unnecessary blank lines.

MFC after:	1 week
Fixes:          6d65c91b9a ("etcupdate: fix arguments order of diff command")
Reviewed by:	Boris Lytochkin <lytboris@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D57330
2026-06-05 00:41:27 +02:00
Dag-Erling Smørgrav 823d00b2d4 libc: Constify the getcap API
MFC after:	1 week
Inspired by:	NetBSD
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D57252
2026-06-05 00:41:22 +02:00
Dag-Erling Smørgrav ba0d22eacd libarchive: Fix typo in sed command
MFC after:	1 week
Fixes:		eb3a0a74a0 ("libarchive: Clean up the build configuration")
Reported by:	Shawn Webb <shawn.webb@hardenedbsd.org>
2026-06-05 00:37:23 +02:00
Rick Macklem ea4886f282 nfs_commonkrpc.c: Improve handling of NFSv4.1/4.2 recovery
Commit 4d80d4913e fixed a long standing bug in the recovery
code.  However. glebius@ reported seeing multiple
recovery cycles with this patch during an NFSv4.1/4.2
server reboot.

This commit should minimize the risk of multiple
recovery cycles.

PR:	294925
Reported by:	Jov <amutu@amutu.com>
MFC after:	2 weeks
Fixes:	4d80d4913e ("nfs: Fix argument typo to avoid a crash")
2026-06-04 15:02:48 -07:00
Christos Longros a65ed7afd3 zpool/zfs: accept --help and -? after a subcommand
Print the short usage instead of "invalid option".

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Christos Longros <chris.longros@gmail.com>
Closes #18541
2026-06-04 13:39:00 -07:00
Alexander Motin 5fea0c838a Parallelize metaslab_sync_done() calls
Some of our random write benchmarks on a fragmented pool show that
single-threaded portion of sync process (txg_sync_thread) can use
up to 45% of CPU time.  Most of it is consumed by metaslab_sync()
and metaslab_sync_done(), during which time the pool is not doing
anything else.

While metaslab_sync() is not trivial to parallelize due to having
single spacemap log, metaslab_sync_done() is doing only per-metaslab
accounting and they can run in parallel.  Even better, we can run
them while waiting for vdev label update and cache flush I/Os.

With this patch on my test system similar test randomly writing 12
100GB files with 4KB blocks shows IOPS increase from 176K to 220K.

Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin@TrueNAS.com>
Closes #18622
2026-06-04 13:25:40 -07:00
Baptiste Daroussin 22c1f5d0ec nuageinit: complete SSH support with ssh_deletekeys and disable_root
Add missing SSH cloud-config options from cloud-init spec:

- ssh_deletekeys: remove existing SSH host keys on first boot so
  new ones are generated automatically by sshd(8).
  Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
  with a directory existence guard via lfs.attributes().

- disable_root: set PermitRootLogin to 'no' (or a custom value via
  disable_root_opts) in /etc/ssh/sshd_config.

- disable_root_opts: optional string or array to override the
  PermitRootLogin value used when disable_root is true. Only the
  first array element is used.
2026-06-04 22:17:03 +02:00
Baptiste Daroussin ea0932d71a nuageinit: refactor goto abuse in chpasswd()
Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.
2026-06-04 22:02:58 +02:00
Baptiste Daroussin 0ba9b7b7f8 nuageinit: fix update_sshd_config crash when file does not exist
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.

Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().

Add test case for missing file creation.
2026-06-04 21:10:37 +02:00
Baptiste Daroussin cf5722ed60 nuageinit: fix TOCTOU in addsshkey, adddoas, addsudo
Replace check-then-create patterns with direct creation:

- addsshkey: check what exists before creation, use mkdir_p() for
  .ssh directory, handle errors with warnmsg() instead of assert().
  Apply chmod/chown only on newly created files/directories.

- adddoas: same pattern for doas.conf and the etc directory.

- addsudo: same pattern for the sudoers file and sudoers.d directory.

All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
2026-06-04 21:06:35 +02:00
Baptiste Daroussin fdff89256f nuageinit: fix non-standard f:close(cmd) and remove dead precmd
- f:close(cmd) -> f:close() in adduser() and exec_change_password():
  the 'cmd' argument is not standard Lua and is silently ignored.
- Remove dead 'precmd' variable in adduser().
2026-06-04 20:59:30 +02:00
Baptiste Daroussin 852504a5fa nuageinit: remove dead checkgroup(), inline check in purge_group()
Call getgroups() once instead of N times per call. Inline the
membership check directly, removing the now-unused checkgroup()
helper function.
2026-06-04 20:32:48 +02:00
Baptiste Daroussin 46d1758aa7 nuageinit: add hostname validation (RFC 952/1123) to sethostname()
Validate hostnames before writing them:
- Reject empty hostnames
- Reject hostnames longer than 253 characters
- Reject hostnames with invalid characters
- Reject hostnames starting or ending with dot/hyphen
- Reject labels longer than 63 characters
- Reject labels starting or ending with hyphen

Expand the sethostname test to cover all rejection cases.
Update nuage.sh sethostname_body to ignore stderr (warnings).
2026-06-04 20:26:49 +02:00
Baptiste Daroussin 57807f389a nuageinit: add nil/empty guard to decode_base64()
Return an empty string when input is nil or zero-length instead
of processing it through the decoding loop.
2026-06-04 20:09:06 +02:00
Baptiste Daroussin 9459465308 nuageinit: add config2_network DNS services test 2026-06-04 19:48:32 +02:00
Baptiste Daroussin 5f58d92074 nuageinit: add dirname edge case tests 2026-06-04 19:24:45 +02:00
Rob Norris e03375947c unit: update docs for new coverage report options
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@truenas.com>
Closes #18619
2026-06-04 09:46:12 -07:00
Baptiste Daroussin b813e46e15 nuageinit: fix dirname('/') returning nil instead of '/' 2026-06-04 18:44:31 +02:00
Konstantin Belousov 453968c78d uipc_usrreq: revert addition of EMPTYPATH for bindat(2)
The caller wants the parent vnode, which cannot be provided for emptypath
lookups.

Reported and reviewed by:	markj
Fixes:	12c590a9ab ("bindat(2)/connectat(2): allow implicit EMPTYPATH for unix domain sockets")
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57448
2026-06-04 20:55:11 +03:00
Sourojeet A b551429ad6 linuxkpi: Add dma_unmap_page_attrs
This will be used by amdgpu as of Linux 6.13.

Reviewed by:	bz
Sponsored by:	The FreeBSD Foundation
2026-06-04 12:56:58 -04:00
Rob Norris 9a6dd0e1bc unit: support text & HTML targets; improve coverage rules
The main change is switching `unit-coverage` to run
scripts/coverage_report.pl, to get nice coverage summary output on the
commandline. The previous behaviour moves to `unit-coverage-html`.

Calls to lcov and genhtml are now silencing more warnings, and the
output file now gets branch coverage as well.

This should be compatible with both lcov 1.x and 2.x. It takes advantage
of the fact that 1.x is far more forgiving of both options it doesn't
understand, and of various kinds of "inconsistency" in the input data.

The rest is both simplifying and improving the rules. We keep the
coverage output around now, but still rebuild it if the binary changes.
The `clean` target now removes the coverage output too. And we use the
target name more often for building path names, as its far less noisy.

Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@truenas.com>
Closes #18619
2026-06-04 09:35:47 -07:00
Rob Norris 9f23793d53 coverage_report: produce nice text reports from lcov/geninfo tracefiles
Sponsored-by: TrueNAS
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@truenas.com>
Closes #18619
2026-06-04 09:35:25 -07:00
Steve Kargl fa3f69fa4c libmsun: Fix incorrect MLINK for sincosl(3)
PR:		295704
MFC after:	1 week
2026-06-04 18:31:26 +02:00
Brian Behlendorf 4256f4f8e0 pam: use open fd instead of path
Instead of performing multiple operations on the path name in
zfs_key_config_modify_session_counter() open the file once and
perform the fchown, fchmod, and openat on the open file handle.

Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #18618
2026-06-04 09:24:06 -07:00
Kyle Evans c7ff706b31 lualoader: add be-list and be-switch commands
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu.  Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.

Reviewed by:	imp (previous version)
2026-06-04 08:59:49 -05:00
Olivier Certner 4f7d987015 .git-blame-ignore-revs: <assert.h> whitespace changes: Fix comment
Fixes:          8ee0f80252 (".git-blame-ignore-revs: <assert.h> whitespace changes")
Sponsored by:   The FreeBSD Foundation
2026-06-04 15:33:59 +02:00
Olivier Certner 8ee0f80252 .git-blame-ignore-revs: <assert.h> whitespace changes
Reminded by:    brooks
Sponsored by:   The FreeBSD Foundation
2026-06-04 15:17:44 +02:00
Dag-Erling Smørgrav eb3a0a74a0 libarchive: Clean up the build configuration
* Move settings duplicated in libarchive, bsdcat, bsdcpio, bsdtar, and
  bsdunzip into libarchive's Makefile.inc.

* Drop some CFLAGS that merely duplicated some of the contents of our
  platform configuration header.

MFC after:	1 week
Reviewed by:	mm
Differential Revision:	https://reviews.freebsd.org/D57307
2026-06-04 15:12:23 +02:00
Dag-Erling Smørgrav b3a8659f36 MAINTAINERS, CODEOWNERS: Add myself to fts and stdio 2026-06-04 15:03:49 +02:00
Olivier Certner 7487932f4f assert.h: style(9): Space after #define, between #endif and comment
style(9) still allows TAB after #define but this is a historical
artifact and by far the minority of uses cases.  Going forward, we would
like to promote the use of a single space, as it allows alignment to
survive line prefixing (such as in diffs).

style(9) also has prescribed a single space between '#else' or '#endif'
and a comment recalling the guard since 2002.

So, commit 157c184689 ("assert.h: Remove leading tabs for whitespace
consistency") was good, and in line with rules about whitespace changes
(since the file was heavily modified by surrounding commits).

This commit is thus basically a revert of 439710cf00 ("assert.h:
Revert "Remove leading tabs for whitespace consistency"), which extended
replacing spaces with TABs in the code introduced in the meantime (after
commit 157c184689).

Reviewed by:    fuz, imp
Fixes:          439710cf00 ("assert.h: Revert "Remove leading tabs for whitespace consistency")
MAC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D57391
2026-06-04 13:49:26 +02:00
Olivier Certner 0c2d64ce3d MAC/do: Clarify comments about flags attached per-ID or per-ID-type
No functional change.

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
2026-06-04 13:06:39 +02:00
Olivier Certner 1c0e5c53ff kern_prot.c: Belatedly add copyright
See the commit log for the why.

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
2026-06-04 13:06:34 +02:00
Marek Zarychta d52de9a344 defaultroute: Fix dual-stack and IPv6-only handling
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.

Reviewed by:	pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
2026-06-04 12:19:13 +03:30
Pouria Mousavizadeh Tehrani 4258829c8f Revert "defaultroute: Fix dual-stack and IPv6-only handling"
This reverts commit 5b5a836e72.

Despite using arcpatch for this commit, I attributed the wrong
author of the patch.
2026-06-04 12:17:41 +03:30