Index: libexec/configinit/Makefile
===================================================================
--- /dev/null
+++ libexec/configinit/Makefile
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+SCRIPTS=	configinit.sh
+MAN=		configinit.8
+SCRIPTSDIR=	/libexec
+
+.include <bsd.prog.mk>
Index: libexec/configinit/configinit.8
===================================================================
--- /dev/null
+++ libexec/configinit/configinit.8
@@ -0,0 +1,144 @@
+.\"
+.\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+.\"
+.\" Copyright 2020 John-Mark Gurney
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.\" live edit: ls configinit.8 | entr sh -c 'clear; man ./configinit.8 | cat; igor configinit.8'
+.\"
+.\" Note: The date here should be updated whenever a non-trivial
+.\" change is made to the manual page.
+.Dd October 6, 2020
+.Dt CONFIGINIT 8
+.Os
+.Sh NAME
+.Nm configinit
+.Nd "Script to configure system according to config file provided"
+.Sh SYNOPSIS
+.Nm /libexec/configinit
+.Ar configdata
+.Sh DESCRIPTION
+The
+.Nm
+command will process the file specified by
+.Ar configdata
+according to the following rules.
+.Pp
+If the first line starts with:
+.Bl -tag -width ".Ql >>/"
+.It Ql ">/"
+The
+.Ql ">"
+will be removed, and the rest will be used as a file name.
+The remaining lines of the file will be written to the specified
+file name.
+.It Ql ">>/"
+The
+.Ql ">>"
+will be removed, and the rest will be used as a file name.
+The remaining lines of the file will be appened to the specified
+file name.
+.It Ql "#!"
+The file will be executed as a script.
+.El
+.Pp
+If the file does not match any of these rules, it will be extracted using
+.Xr tar 1 ,
+and each extracted file will be run through
+.Nm .
+The ordering of processing is determined by a lexigraphical sort of the
+file names.
+This is the equivalent of
+.Ar s
+to
+.Xr find 1 ,
+in that directories as sorted lexigraphically, visited in the order, and
+then each directory's entries are sorted.
+.Sh EXIT STATUS
+.Ex -std
+.Sh EXAMPLES
+As this program takes a script as an argument, you can use
+.Xr shar 1
+to generate the script to create the files.
+That is, if you have a directory tree that you want to have created, run:
+.Bd -literal -offset indent
+find . -exec shar {} + > config.init
+.Ed
+.Pp
+and use the generated
+.Pa config.init
+file.
+.Pp
+If more control over the permissions is required,
+.Xr tar 1 ,
+using the
+.Cm shardump
+format (documented in
+.Xr libarchive-formats 5 )
+with an
+.Xr mtree 5
+file, can be used.
+The contents option in the mtree file allow the source files to be flat in
+the directory, but extracted at specific points in the destination tree.
+For example, given an mtree file named
+.Pa tree.mtree
+whose contents are:
+.\" The \& is a zero-width space to allow the lines to start with a . (dot)
+.Bd -literal -offset indent
+#mtree v2.0
+\&./etc/rc.conf type=file uname=0 gname=0 mode=0555 contents=rc.conf
+\&./home/example type=dir uname=10000 gname=10000 mode=0755
+\&./home/example/.ssh type=dir uname=10000 gname=10000 mode=0700
+\&./home/example/.ssh/authorized_keys type=file uname=10000 gname=10000 mode=0700 contents=authorized_keys
+.Ed
+.Pp
+can be passed to
+.Xr tar 1 :
+.Bd -literal -offset indent
+tar -cf config.init --format shardump @tree.mtree
+.Ed
+.Pp
+The
+.Cm shardump
+format does require the
+.Xr uudecode 1
+program to be available.
+.Sh SEE ALSO
+.Xr find 1 ,
+.Xr shar 1 ,
+.Xr tar 1 ,
+.Xr uudecode 1 ,
+.Xr libarchive-formats 5 ,
+.Xr mtree 5 ,
+.Xr fs_configinit 8
+.Sh HISTORY
+The
+.Nm
+manual page example first appeared in
+.Fx 13.0 .
+.Sh AUTHORS
+This
+manual page was written by
+.An John-Mark Gurney Aq Mt jmg@FreeBSD.org .
Index: libexec/configinit/configinit.sh
===================================================================
--- /dev/null
+++ libexec/configinit/configinit.sh
@@ -0,0 +1,71 @@
+#!/bin/sh -e
+#
+# Copyright 2010, 2011, 2012, 2013 Colin Percival.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+# Check parameters.
+if [ $# -ne 1 ]; then
+	echo "usage: configinit configdata" >&2
+	exit 1
+fi
+CONFDATA=$1
+
+# Check that the file exists.
+if ! [ -f ${CONFDATA} ]; then
+	echo "Config file does not exist: ${CONFDATA}" >&2
+	exit 1
+fi
+
+# If the first two bytes are '#!', make it executable and run it.
+if [ "`head -c 2 ${CONFDATA}`" = '#!' ]; then
+	chmod +x ${CONFDATA}
+	${CONFDATA}
+	exit 0
+fi
+
+# If the first two bytes are '>/', the first line contains a path for the
+# rest of the file to be written into.
+if [ "`head -c 2 ${CONFDATA}`" = '>/' ]; then
+	TARGETFILE=`head -1 ${CONFDATA} | cut -c 2-`
+	mkdir -p `dirname ${TARGETFILE}`
+	tail +2 ${CONFDATA} > ${TARGETFILE}
+	exit 0
+fi
+
+# If the first three bytes are '>>/', the first line contains a path for the
+# rest of the file to be appended into.
+if [ "`head -c 3 ${CONFDATA}`" = '>>/' ]; then
+	TARGETFILE=`head -1 ${CONFDATA} | cut -c 3-`
+	mkdir -p `dirname ${TARGETFILE}`
+	tail +2 ${CONFDATA} >> ${TARGETFILE}
+	exit 0
+fi
+
+# Otherwise, hope this is an archive containing more files for us to process.
+D=`mktemp -d "${TMPDIR:-/tmp}/configinit.XXXXXX"`
+trap 'rm -r "$D"' EXIT
+tar -xf ${CONFDATA} -C ${D}
+
+# Process files in lexicographical order
+find -s "${D}" -type f -exec sh -e $0 {} \;
Index: libexec/rc/rc.d/Makefile
===================================================================
--- libexec/rc/rc.d/Makefile
+++ libexec/rc/rc.d/Makefile
@@ -30,6 +30,7 @@
 	dhclient \
 	dmesg \
 	dumpon \
+	fs_configinit \
 	fsck \
 	gbde \
 	geli \
Index: libexec/rc/rc.d/fs_configinit
===================================================================
--- /dev/null
+++ libexec/rc/rc.d/fs_configinit
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# KEYWORD: firstboot
+# PROVIDE: fs_configinit
+# REQUIRE: var
+# BEFORE: FILESYSTEMS
+
+# Define fs_configinit_enable=YES in /etc/rc.conf to enable automatic
+# system configuration from EC2 user-data when the system first boots.
+: ${fs_configinit_enable=NO}
+: ${fs_configinit_file=/boot/msdos/config.init}
+
+. /etc/rc.subr
+
+name="fs_configinit"
+rcvar=fs_configinit_enable
+start_cmd="fs_configinit_run"
+stop_cmd=":"
+
+fs_configinit_run()
+{
+	# Process the user-data.
+	echo .
+	echo -n "Processing ${fs_configinit_file} configinit data"
+	/libexec/configinit "${fs_configinit_file}"
+	echo .
+
+	# Signal /etc/rc to reload rc.conf in case it changed.
+	kill -ALRM $$
+}
+
+load_rc_config $name
+run_rc_command "$1"
Index: release/tools/arm.subr
===================================================================
--- release/tools/arm.subr
+++ release/tools/arm.subr
@@ -216,6 +216,7 @@
 	echo 'sendmail_outbound_enable="NO"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf
 	echo 'sendmail_msp_queue_enable="NO"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf
 	echo 'growfs_enable="YES"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf
+	echo 'fs_configinit_enable="YES"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf
 
 	sync
 	umount_loop ${CHROOTDIR}/${DESTDIR}
Index: share/man/man7/fs_configinit.7
===================================================================
--- /dev/null
+++ share/man/man7/fs_configinit.7
@@ -0,0 +1,70 @@
+.\" Copyright 2020 John-Mark Gurney
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd October 6, 2020
+.Dt FS_CONFIGINIT 7
+.Os
+.Sh NAME
+.Nm fs_configinit
+.Nd start up script to initialize system on firstboot
+.Sh DESCRIPTION
+The following options in
+.Pa /etc/rc.conf
+control the behavior of
+.Nm :
+.Bl -tag -width ".Va fs_configinit_enable" -offset indent
+.It Va fs_configinit_enable
+.Pq Dq Li NO
+If set to
+.Dq Li YES ,
+the first time the machine boots, the file specified by
+.Va fs_configinit_file
+will be passed to
+.Xr configinit 8
+to inialize the system.
+.It Va fs_configinit_file
+.Pq Dq Li Pa /boot/msdos/config.init
+The file that will be processed by
+.Xr configinit 8 .
+.El
+.Pp
+See
+.Xr configinit 8
+for examples on how to create the file.
+.Sh FILES
+.Pa /etc/rc.conf
+.Sh EXIT STATUS
+.Ex -std
+.Sh HISTORY
+The
+.Nm
+manual page first appeared in
+.Fx 13.0 .
+.Sh SEE ALSO
+.Xr rc.conf 5 ,
+.Xr configinit 8
+.Sh AUTHORS
+The man page was written by
+.An John-Mark Gurney Aq Mt jmg@FreeBSD.org .