Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.
Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).
create a revolve_hostname helper to avoid code duplucation.
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.
- nuageinit: bootcmd() function follows the same pattern as runcmd(),
writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
It is the first entry in the pre_network_calls table.
- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
after /usr/libexec/nuageinit completes, before unmounting the config
drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
The unquote() function took a const char * parameter but modified the
string in-place (removing quote characters). Change the parameter to
char * and update callers that passed const char * to cast explicitly.
The 'name' variable could be left uninitialized if neither the
positional argument nor -n is supplied, leading to undefined
behavior when passed to getgroup().
Some upstream result files introduced in file 5.47 (e.g., bgcode.result)
lack a trailing newline, causing the contrib_file_tests ATF test to
fail with "cmp: EOF on bgcode.result". Generate normalized copies
of the expected results and install those instead.
MFC after: 3 days
Fixes: e949ce9dc0
* pipebuf is a size but is listed as a count
PR: 295623
MFC after: 1 week
Fixes: f54f41403d ("usr.bin/limits: support RLIMIT_PIPEBUF")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D57456
Commit 4d80d4913e fixed a long standing bug in the recovery
code. However. glebius@ reported seeing multiple
recovery cycles with this patch during an NFSv4.1/4.2
server reboot.
This commit should minimize the risk of multiple
recovery cycles.
PR: 294925
Reported by: Jov <amutu@amutu.com>
MFC after: 2 weeks
Fixes: 4d80d4913e ("nfs: Fix argument typo to avoid a crash")
Add missing SSH cloud-config options from cloud-init spec:
- ssh_deletekeys: remove existing SSH host keys on first boot so
new ones are generated automatically by sshd(8).
Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
with a directory existence guard via lfs.attributes().
- disable_root: set PermitRootLogin to 'no' (or a custom value via
disable_root_opts) in /etc/ssh/sshd_config.
- disable_root_opts: optional string or array to override the
PermitRootLogin value used when disable_root is true. Only the
first array element is used.
Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.
Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().
Add test case for missing file creation.
Replace check-then-create patterns with direct creation:
- addsshkey: check what exists before creation, use mkdir_p() for
.ssh directory, handle errors with warnmsg() instead of assert().
Apply chmod/chown only on newly created files/directories.
- adddoas: same pattern for doas.conf and the etc directory.
- addsudo: same pattern for the sudoers file and sudoers.d directory.
All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
- f:close(cmd) -> f:close() in adduser() and exec_change_password():
the 'cmd' argument is not standard Lua and is silently ignored.
- Remove dead 'precmd' variable in adduser().
Validate hostnames before writing them:
- Reject empty hostnames
- Reject hostnames longer than 253 characters
- Reject hostnames with invalid characters
- Reject hostnames starting or ending with dot/hyphen
- Reject labels longer than 63 characters
- Reject labels starting or ending with hyphen
Expand the sethostname test to cover all rejection cases.
Update nuage.sh sethostname_body to ignore stderr (warnings).
The caller wants the parent vnode, which cannot be provided for emptypath
lookups.
Reported and reviewed by: markj
Fixes: 12c590a9ab ("bindat(2)/connectat(2): allow implicit EMPTYPATH for unix domain sockets")
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57448
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
* Move settings duplicated in libarchive, bsdcat, bsdcpio, bsdtar, and
bsdunzip into libarchive's Makefile.inc.
* Drop some CFLAGS that merely duplicated some of the contents of our
platform configuration header.
MFC after: 1 week
Reviewed by: mm
Differential Revision: https://reviews.freebsd.org/D57307
style(9) still allows TAB after #define but this is a historical
artifact and by far the minority of uses cases. Going forward, we would
like to promote the use of a single space, as it allows alignment to
survive line prefixing (such as in diffs).
style(9) also has prescribed a single space between '#else' or '#endif'
and a comment recalling the guard since 2002.
So, commit 157c184689 ("assert.h: Remove leading tabs for whitespace
consistency") was good, and in line with rules about whitespace changes
(since the file was heavily modified by surrounding commits).
This commit is thus basically a revert of 439710cf00 ("assert.h:
Revert "Remove leading tabs for whitespace consistency"), which extended
replacing spaces with TABs in the code introduced in the meantime (after
commit 157c184689).
Reviewed by: fuz, imp
Fixes: 439710cf00 ("assert.h: Revert "Remove leading tabs for whitespace consistency")
MAC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57391
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.
Reviewed by: pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.
Reviewed by: pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
Specifically on the RPi CM4, we currently don't set the controller up
right and it never moves into the ready state (we don't observe the link
active bit). Failure to cleanup here actually results in a panic not
long after, due to a use-after-free in the rman bits. Further down in
pci_host_generic, we have some rman stashed in the softc that are
initialized and placed onto the rman tailq, then the softc is later
freed without an rman_fini() to pull them off of the tailq properly.
Note that PCIe on this board won't come up at boot without something
plugged in, so it currently can't be booted with an empty slot with the
intent to hotplug a supported card. Some issues with controller startup
have been observed with Broadcom NICs in the wild, but no problems have
been observed with other NICs and a variety of different PCIe cards.
Shout-out to Vince <git@darkain.com> for the extensive debugging and
analysis to arrive at this conclusion.
Reviewed by: andrew, imp
Differential Revision: https://reviews.freebsd.org/D56897
If device_attach() fails, we're expected to actually cleanup after
ourselves because device_detach() will not be called. Factor out the
cleanup bits that don't rely on attach having actually succeeded so
that we can cleanup properly in bcm2838_pci.
Reviewed by: andrew, imp
Differential Revision: https://reviews.freebsd.org/D56896
For symmetry with ofw_bus_setup_iinfo, the next commits will use it to
properly cleanup on failure in bcm2838_pci.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D56895
Without this patch, the NFSv4.1/4.2 pNFS server configuration
did not support striping. This was mainly because the Linux
client driver did not support it either. The Linux client
driver for Flexible File layout does now support striping.
(Linux kernel version 6.18 or newer)
As such, this patch adds striping support. The configuration
is currently just two new sysctls called
vfs.nfsd.pnfsstripeunit - Size (in bytes) of a stripe
vfs.nfsd.pnfsstripecnt - # of DSs to stripe across
A setting of 0 for the first sysctl and 1 for the second
disables striping. A patch that allows use of a different
striping configuration for each exported MDS file system
is planned for the future.
The pnfsdscopymr may be broken by this patch, but since
no one reported that they were actually using a pNFS server
configuration, I do not believe that will be a problem at
this time.
Until the FreeBSD NFSv4.1/4.2 client is patched to handle
striped flexible file layouts, mounts to a striped pNFS
configuration must be done without the "pnfs" mount option.
(Linux systems with a kernel version of 6.18 or newer
should be able to handle a striped pNFS configuration.)
Future patches that convert the pNFS server to a
"loosely coupled" configuration (which allows the use
of non-FreeBSD servers as DSs) are anticipated.
Include <linux/types.h> for `false`. This is needed by amdgpu somewhere
between Linux 6.12 and 6.15.
Reviewed by: Minsoo Choo <minsoo@minsoo.io>, bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57415
Cause a write error using a fifo and wait, rather than needing a sleep
to wait for something to terminate. This is faster and avoids a
potential test failure on a heavily loaded system.
Using /dev/full would be simpler, but it is not portable enough (it
tends not to be available in jails, even). Starting programs with stdout
not open or only open for read/execute/search may have unexpected side
effects.
Reviewed by: ngie, des
Differential Revision: https://reviews.freebsd.org/D57213
After git commit c8d40bf8ec, if fd 0 was
not open, it is left with CLOEXEC set and therefore fails. This is an
unlikely situation, but fixing it reduces the size of the code (by using
posix_spawn_file_actions_adddup2's special case if the two file
descriptor numbers are the same).
At the same time, check the error code from
posix_spawn_file_actions_adddup2.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D56910
The five link flags get lost in prose.
Reviewed by: ziaee
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57418