Commit Graph

3494 Commits

Author SHA1 Message Date
Baptiste Daroussin e5ef12ccd0 nuageinit: install certs in /usr/share/certs/trusted
Suggested by:	kevans
2026-06-06 21:31:21 +02:00
Baptiste Daroussin bad3c15dff nuageinit: update documentation for phone_home and final_message 2026-06-06 08:17:04 +02:00
Baptiste Daroussin 68e60bb8b6 nuageinit: expose decode_base64 to fix tests 2026-06-06 08:05:50 +02:00
Baptiste Daroussin 58653bf4d0 nuageinit: implement phone_home support
Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- tries: number of retry attempts (default 1)
2026-06-05 23:28:25 +02:00
Baptiste Daroussin e01f202ecf nuageinit: implement final_message support 2026-06-05 23:03:45 +02:00
Baptiste Daroussin 71e8122b3f nuage.lua: add encode_base64 helper 2026-06-06 08:01:48 +02:00
Baptiste Daroussin 328a76d17f nuageinit: implement power_state_change and locale support 2026-06-05 22:48:18 +02:00
Baptiste Daroussin be711ade6f nuageinit: implement MIME multipart user-data support
Add support for MIME multipart/mixed user-data, allowing a single
user-data blob to contain multiple parts with different content types.
2026-06-05 22:45:54 +02:00
Baptiste Daroussin b56f029add nuageinit: implement ca_certs support
Add support for the 'ca_certs' cloud-config key which manages
CA certificates by writing them to /etc/ssl/certs/ and running
certctl rehash.
2026-06-05 22:27:07 +02:00
Baptiste Daroussin 6d27d52ccd nuageinit: implement ntp support
Add support for the 'ntp' cloud-config key which configures NTP
by writing /etc/ntp.conf with server and pool entries.
2026-06-05 22:25:29 +02:00
Dag-Erling Smørgrav 641e8e3956 Revert "libc: Constify the getcap API"
This broke cross-building on Linux and macOS.

This reverts commit 823d00b2d4.
2026-06-05 19:15:46 +02:00
Dag-Erling Smørgrav b5a96894f6 rc: Bail if /dev/null is not a device
On startup, check that /dev/null exists and is a character device.
Otherwise, one of two things will happen: either /dev is a writable
directory and we will immediately create /dev/null as a regular file
and dump garbage into it, or it does not and we will spit out a stream
of error messages about failing to create /dev/null.

PR:		295782
MFC after:	1 week
Reviewed by:	jhb, emaste
Differential Revision:	https://reviews.freebsd.org/D57447
2026-06-05 17:53:29 +02:00
Baptiste Daroussin d798491238 nuageinit: implement ssh_authkey_fingerprints support
Add support for the 'ssh_authkey_fingerprints' cloud-config key
which logs SSH host key fingerprints to the console via ssh-keygen.
2026-06-05 13:17:55 +02:00
Baptiste Daroussin 58184a301a nuageinit: implement keyboard support 2026-06-05 13:17:22 +02:00
Baptiste Daroussin 4662263c24 nuageinit: implement resolv_conf support
Add support for the 'resolv_conf' cloud-config key which writes
directly to /etc/resolv.conf.
2026-06-05 13:15:37 +02:00
Baptiste Daroussin 797dad91ff nuageinit: implement mounts support
Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.
2026-06-05 13:15:16 +02:00
Baptiste Daroussin 6e54d00867 nuageinit: add tests for bootcmd, ssh_deletekeys, disable_root, manage_etc_hosts 2026-06-05 08:38:33 +02:00
Baptiste Daroussin ba58e8ad72 nuageinit: implement manage_etc_hosts support
Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).

create a revolve_hostname helper to avoid code duplucation.
2026-06-05 07:49:16 +02:00
Baptiste Daroussin b9be7608cd nuageinit: implement bootcmd support
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.

- nuageinit: bootcmd() function follows the same pattern as runcmd(),
  writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
  It is the first entry in the pre_network_calls table.

- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
  after /usr/libexec/nuageinit completes, before unmounting the config
  drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
2026-06-05 07:00:00 +02:00
Dag-Erling Smørgrav 823d00b2d4 libc: Constify the getcap API
MFC after:	1 week
Inspired by:	NetBSD
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D57252
2026-06-05 00:41:22 +02:00
Baptiste Daroussin 22c1f5d0ec nuageinit: complete SSH support with ssh_deletekeys and disable_root
Add missing SSH cloud-config options from cloud-init spec:

- ssh_deletekeys: remove existing SSH host keys on first boot so
  new ones are generated automatically by sshd(8).
  Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
  with a directory existence guard via lfs.attributes().

- disable_root: set PermitRootLogin to 'no' (or a custom value via
  disable_root_opts) in /etc/ssh/sshd_config.

- disable_root_opts: optional string or array to override the
  PermitRootLogin value used when disable_root is true. Only the
  first array element is used.
2026-06-04 22:17:03 +02:00
Baptiste Daroussin ea0932d71a nuageinit: refactor goto abuse in chpasswd()
Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.
2026-06-04 22:02:58 +02:00
Baptiste Daroussin 0ba9b7b7f8 nuageinit: fix update_sshd_config crash when file does not exist
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.

Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().

Add test case for missing file creation.
2026-06-04 21:10:37 +02:00
Baptiste Daroussin cf5722ed60 nuageinit: fix TOCTOU in addsshkey, adddoas, addsudo
Replace check-then-create patterns with direct creation:

- addsshkey: check what exists before creation, use mkdir_p() for
  .ssh directory, handle errors with warnmsg() instead of assert().
  Apply chmod/chown only on newly created files/directories.

- adddoas: same pattern for doas.conf and the etc directory.

- addsudo: same pattern for the sudoers file and sudoers.d directory.

All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
2026-06-04 21:06:35 +02:00
Baptiste Daroussin fdff89256f nuageinit: fix non-standard f:close(cmd) and remove dead precmd
- f:close(cmd) -> f:close() in adduser() and exec_change_password():
  the 'cmd' argument is not standard Lua and is silently ignored.
- Remove dead 'precmd' variable in adduser().
2026-06-04 20:59:30 +02:00
Baptiste Daroussin 852504a5fa nuageinit: remove dead checkgroup(), inline check in purge_group()
Call getgroups() once instead of N times per call. Inline the
membership check directly, removing the now-unused checkgroup()
helper function.
2026-06-04 20:32:48 +02:00
Baptiste Daroussin 46d1758aa7 nuageinit: add hostname validation (RFC 952/1123) to sethostname()
Validate hostnames before writing them:
- Reject empty hostnames
- Reject hostnames longer than 253 characters
- Reject hostnames with invalid characters
- Reject hostnames starting or ending with dot/hyphen
- Reject labels longer than 63 characters
- Reject labels starting or ending with hyphen

Expand the sethostname test to cover all rejection cases.
Update nuage.sh sethostname_body to ignore stderr (warnings).
2026-06-04 20:26:49 +02:00
Baptiste Daroussin 57807f389a nuageinit: add nil/empty guard to decode_base64()
Return an empty string when input is nil or zero-length instead
of processing it through the decoding loop.
2026-06-04 20:09:06 +02:00
Baptiste Daroussin 9459465308 nuageinit: add config2_network DNS services test 2026-06-04 19:48:32 +02:00
Baptiste Daroussin 5f58d92074 nuageinit: add dirname edge case tests 2026-06-04 19:24:45 +02:00
Baptiste Daroussin b813e46e15 nuageinit: fix dirname('/') returning nil instead of '/' 2026-06-04 18:44:31 +02:00
Marek Zarychta d52de9a344 defaultroute: Fix dual-stack and IPv6-only handling
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.

Reviewed by:	pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
2026-06-04 12:19:13 +03:30
Pouria Mousavizadeh Tehrani 4258829c8f Revert "defaultroute: Fix dual-stack and IPv6-only handling"
This reverts commit 5b5a836e72.

Despite using arcpatch for this commit, I attributed the wrong
author of the patch.
2026-06-04 12:17:41 +03:30
Pouria Mousavizadeh Tehrani 5b5a836e72 defaultroute: Fix dual-stack and IPv6-only handling
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.

Reviewed by:	pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
2026-06-04 12:07:21 +03:30
Christos Margiolis b2677d002e rc: virtual_oss: Handle absent pidfile properly
Instead of throwing errors from the programs that use it, print a
warning if the file does not exist.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	0mp, jrm
Pull-Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
2026-05-28 16:06:06 +02:00
Christos Margiolis 803f686938 rc: virtual_oss: Wait for process to exit
Sometimes virtual_oss processes do not exit immediatelly. If we do not
wait for the processes to fully exit before returning from
virtual_oss_stop(), then the service restart operation might call
virtual_oss_start() too early and fail, because it will think the
service wasn't stopped and is still running.

Reported by:	jrm
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	0mp, jrm
Pull-Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
2026-05-28 16:06:06 +02:00
Christos Margiolis a576e5140e rc: virtual_oss: Define some variables in rc.conf
They will now be part of /etc/defaults/rc.conf and be accessible by
sysrc(8).

Fixes:		70e27ecba5 ("virtual_oss: Introduce virtual_oss_default_control_device rc variable")
PR:		295560
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	0mp, jrm
Pull-Reqeust:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
2026-05-28 16:06:06 +02:00
Dag-Erling Smørgrav 05e8f2bf09 ttymsg: Overhaul
* Instead of an error string, return the usual 0 or -1 and let the caller
  figure out what, if anything, to tell the user.

* Avoid string manipulations by opening /dev first and using openat()
  with O_RESOLVE_BENEATH.

* Add a boolean argument which, if false, causes ttymsg() to return
  without sending the message if the tty's group-writable bit is not
  set.  This saves programs that respect this setting (like syslogd(8))
  from having to check before calling ttymsg().

* Update all callers.

The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails.  However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.

PR:		295171
MFC after:	1 week
Reviewed by:	jfree, markj
Differential Revision:	https://reviews.freebsd.org/D57018
2026-05-25 18:52:15 +02:00
Dag-Erling Smørgrav 76c3387024 tftpd: Simplify packet drop macro
The first argument is always the function name, for which we can simply
use __func__.  This leaves only the optional return value, so we can use
a single variadic macro instead of two nearly-identical copies.

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57076
2026-05-22 19:57:35 +02:00
Dag-Erling Smørgrav 9338937713 tftpd: Add missing bounds checks
In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.

Luckily, this code is only ever used by tftp(1), not tftpd(8).

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57075
2026-05-22 19:57:31 +02:00
Christos Margiolis 8532b4a436 rc: virtual_oss: Create a loopback device in the default configuration
The loopback device allows us to record desktop sound by reading from
it, or even use it as an input device, for example during a call.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	emaste
Pull-Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/16
2026-05-21 19:37:34 +02:00
Simon J. Gerraty 701d7be6e4 Add test cases for safe_eval.sh
safe_set is the routine that does all the work.

In safe_set; if we replace one=`cmd arg` or two=$(cmd arg) add quotes
around the result eg. one="_cmd arg_"
Also lines containing `` or $() are too likely to result in syntax
errors, so just delete them.

Differential Revision:	https://reviews.freebsd.org/D56795
2026-05-18 10:51:18 -07:00
Baptiste Daroussin 8b70a203be nuageinit: fix command injection and related issues
- Add shell_escape() helper to safely escape shell arguments
- Apply shell_escape to all user-controlled values in shell commands:
  adduser (usershow, useradd, lock, primary_group, groups)
  addgroup (groupshow, groupadd, members)
  exec_change_password (usermod)
  settimezone (tzsetup root and timezone)
  install_package (pkg package names)
- Escape double quotes in hostname when writing rc.conf.d/hostname
- Add missing 'local' declaration for resolvconf_command in nameservers()
- Escape interface name in resolvconf -a command
- Change open_resolvconf_conf() from 'w' to 'a' mode to prevent
  data loss when nameservers() is called multiple times
- Clean up stale resolvconf.conf at the start of each boot
  (skip on postnet to preserve config written by first call)

MFC After: 1 day
2026-05-12 09:52:32 +02:00
Baptiste Daroussin 8b03193289 nuageinit: add update_sshd_config tests 2026-05-10 17:54:48 +02:00
Baptiste Daroussin 0f92bee2b3 nuageinit: add adddoas tests 2026-05-10 17:54:48 +02:00
Baptiste Daroussin a49b3b10aa nuageinit: add addsudo tests 2026-05-10 17:54:47 +02:00
Baptiste Daroussin 68fd0feacb nuageinit: add decode_base64 tests 2026-05-10 17:50:53 +02:00
Baptiste Daroussin 2a86992ab5 nuageninit: modify the test to show the issue fixed inc316ec259011
Ensure the script used is invalid when parsed by libyaml which
highlight the issue revealed in PR295062

while at here validate the mode of the file is properly changed

PR:		295062
MFC After:	1 day
2026-05-06 23:16:37 +02:00
Baptiste Daroussin c316ec2590 nuageinit: only parse user_data as yaml when necessary
This fixes a regression introduced in cae280931c which prevents
user_data as a shell script to be used

PR:		295062
Reported by:	Ross McKelvie <ross@exitzero.uk>
MFC After:	1 day
2026-05-06 22:20:45 +02:00
Lexi Winter c4b244af42 acpi: Remove userland bits on non-ACPI platforms
ACPI is only supported on amd64, arm64 and i386.  Don't install the
power_profile rc script or devd configuration on other platforms.

This avoids creating a useless FreeBSD-acpi package on those platforms.

MFC after:	2 weeks
Reviewed by:	imp
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56650
2026-04-28 20:50:41 +01:00