_loopback entry in `static_routes` ensures a loopback route
exists in all routing tables.
However, loopback routes may already be added by the kernel.
Therefore, re-adding them triggers an `EEXIST` error on every boot.
This change suppresses those harmless errors.
PR: 259553
MFC after: 1 week
Reviewed by: glebius, jlduran, markj
Differential Revision: https://reviews.freebsd.org/D57470
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.
The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).
Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.
While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.
Reported by: Yazdan Soltani <yazdan.soltani@gmail.com>
Currently, 'write_files' does not create parent directories, and
'runcmd' cannot be used here, since those scripts run after the files
have been written. The only workaround is to create the files in an
existing directory, such as '/root' or '/tmp', and then move those
files using 'runcmd', but this is cumbersome when there are many files,
even if they are small.
With this change, nuageinit now creates the parent directories for each
file using the path field, which mimics the same behavior as in
cloud-init.
Permissions and ownership can also be configured using 'runcmd'.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D57395
Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- tries: number of retry attempts (default 1)
On startup, check that /dev/null exists and is a character device.
Otherwise, one of two things will happen: either /dev is a writable
directory and we will immediately create /dev/null as a regular file
and dump garbage into it, or it does not and we will spit out a stream
of error messages about failing to create /dev/null.
PR: 295782
MFC after: 1 week
Reviewed by: jhb, emaste
Differential Revision: https://reviews.freebsd.org/D57447
Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.
Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).
create a revolve_hostname helper to avoid code duplucation.
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.
- nuageinit: bootcmd() function follows the same pattern as runcmd(),
writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
It is the first entry in the pre_network_calls table.
- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
after /usr/libexec/nuageinit completes, before unmounting the config
drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
Add missing SSH cloud-config options from cloud-init spec:
- ssh_deletekeys: remove existing SSH host keys on first boot so
new ones are generated automatically by sshd(8).
Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
with a directory existence guard via lfs.attributes().
- disable_root: set PermitRootLogin to 'no' (or a custom value via
disable_root_opts) in /etc/ssh/sshd_config.
- disable_root_opts: optional string or array to override the
PermitRootLogin value used when disable_root is true. Only the
first array element is used.
Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.
Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().
Add test case for missing file creation.
Replace check-then-create patterns with direct creation:
- addsshkey: check what exists before creation, use mkdir_p() for
.ssh directory, handle errors with warnmsg() instead of assert().
Apply chmod/chown only on newly created files/directories.
- adddoas: same pattern for doas.conf and the etc directory.
- addsudo: same pattern for the sudoers file and sudoers.d directory.
All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
- f:close(cmd) -> f:close() in adduser() and exec_change_password():
the 'cmd' argument is not standard Lua and is silently ignored.
- Remove dead 'precmd' variable in adduser().
Validate hostnames before writing them:
- Reject empty hostnames
- Reject hostnames longer than 253 characters
- Reject hostnames with invalid characters
- Reject hostnames starting or ending with dot/hyphen
- Reject labels longer than 63 characters
- Reject labels starting or ending with hyphen
Expand the sethostname test to cover all rejection cases.
Update nuage.sh sethostname_body to ignore stderr (warnings).
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.
Reviewed by: pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.
Reviewed by: pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
Instead of throwing errors from the programs that use it, print a
warning if the file does not exist.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: 0mp, jrm
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
Sometimes virtual_oss processes do not exit immediatelly. If we do not
wait for the processes to fully exit before returning from
virtual_oss_stop(), then the service restart operation might call
virtual_oss_start() too early and fail, because it will think the
service wasn't stopped and is still running.
Reported by: jrm
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: 0mp, jrm
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
They will now be part of /etc/defaults/rc.conf and be accessible by
sysrc(8).
Fixes: 70e27ecba5 ("virtual_oss: Introduce virtual_oss_default_control_device rc variable")
PR: 295560
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: 0mp, jrm
Pull-Reqeust: https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
* Instead of an error string, return the usual 0 or -1 and let the caller
figure out what, if anything, to tell the user.
* Avoid string manipulations by opening /dev first and using openat()
with O_RESOLVE_BENEATH.
* Add a boolean argument which, if false, causes ttymsg() to return
without sending the message if the tty's group-writable bit is not
set. This saves programs that respect this setting (like syslogd(8))
from having to check before calling ttymsg().
* Update all callers.
The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails. However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.
PR: 295171
MFC after: 1 week
Reviewed by: jfree, markj
Differential Revision: https://reviews.freebsd.org/D57018
The first argument is always the function name, for which we can simply
use __func__. This leaves only the optional return value, so we can use
a single variadic macro instead of two nearly-identical copies.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57076
In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.
Luckily, this code is only ever used by tftp(1), not tftpd(8).
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57075
The loopback device allows us to record desktop sound by reading from
it, or even use it as an input device, for example during a call.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/16
safe_set is the routine that does all the work.
In safe_set; if we replace one=`cmd arg` or two=$(cmd arg) add quotes
around the result eg. one="_cmd arg_"
Also lines containing `` or $() are too likely to result in syntax
errors, so just delete them.
Differential Revision: https://reviews.freebsd.org/D56795