diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 23651cbf8e58..1b0fdc837228 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1,2697 +1,2720 @@ # $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $ # # Copyright (c) 1997-2004 The NetBSD Foundation, Inc. # All rights reserved. # # This code is derived from software contributed to The NetBSD Foundation # by Luke Mewburn. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # rc.subr # functions used by various rc scripts # : ${RC_PID:=$$}; export RC_PID # # Operating System dependent/independent variables # if [ -n "${_rc_subr_loaded}" ]; then return fi _rc_subr_loaded="YES" SYSCTL="/sbin/sysctl" SYSCTL_N="${SYSCTL} -n" SYSCTL_W="${SYSCTL}" PROTECT="/usr/bin/protect" ID="/usr/bin/id" IDCMD="if [ -x $ID ]; then $ID -un; fi" PS="/bin/ps -ww" SERVICE=/usr/sbin/service JAIL_CMD=/usr/sbin/jail _svcj_generic_params="path=/ mount.nodevfs host=inherit" JID=0 CPUSET="/bin/cpuset" # rc_service provides the path to the service script that we are executing. # This is not being set here in an execution context, necessarily, so it's # really just a reasonable guess, and it will get overwritten later if # we are executing from some other means than direct execution by service(8) # or manual invocation of the service script. The prime example of this is # during system startup, all rc scripts will be invoked via /etc/rc, so # run_rc_script will overwrite rc_service with the file being sourced. rc_service="$0" # # functions # --------- # is_verified file # if VERIEXEC is active check that $file is verified # VERIEXEC="/sbin/veriexec" if test -x $VERIEXEC && $VERIEXEC -i active > /dev/null 2>&1; then is_verified() { $VERIEXEC -x $1; } else is_verified() { return 0; } fi # indicate that we have vdot _VDOT_SH=: # current state of O_VERIFY o_verify() { case $(echo $(set -o)) in *verify" "off*) echo off;; *verify" "on*) echo on;; esac } ## # o_verify_set want [save] # # record current state of verify in $save # and set it to $want if different # o_verify_set() { local x=$(o_verify) [ -z "$x" ] && return 0 [ -z "$2" ] || eval $2=$x [ "$x" = "$1" ] && return 0 case "$1" in on) set -o verify ;; off) set +o verify ;; esac } # for unverified files dotted= dot() { local f verify o_verify_set off verify for f in "$@"; do if [ -f $f -a -s $f ]; then dotted="$dotted $f" . $f fi done o_verify_set $verify } # try for verified, fallback to safe sdot() { local f for f in "$@"; do [ -f $f -a -s $f ] || continue vdot $f || safe_dot $f done } # convenience function - skip if not verified vdot() { local f rc=0 verify o_verify_set on verify for f in "$@"; do [ -f $f -a -s $f ] || continue if is_verified $f 2> /dev/null; then dotted="$dotted $f" . $f else rc=80 # EAUTH fi done o_verify_set $verify return $rc } # Exists [test] file ... # report the first "file" that passes "test" (default -s). Exists() { local f _t=-s while :; do : 1=$1 case "$1" in -?) _t=$1 shift ;; *) break ;; esac done for f in "$@"; do [ $_t $f ] || continue echo $f return 0 done return 1 } # do we have $1 (could be a function) have() { type "$1" > /dev/null 2>&1 } # provide consistent means of logging progress rc_log() { date "+@ %s [%Y-%m-%d %H:%M:%S %Z] $*" } # only rc_log if tracing enabled # and $level >= $RC_LEVEL rc_trace() { local level=$1; shift local cf=/etc/rc.conf.d/rc_trace if [ -z "$RC_LEVEL" ]; then [ -f $cf ] || return if [ -s $cf ]; then # don't try to set RC_LEVEL without sed if [ -n "$SED" ]; then RC_LEVEL=$($SED -n '/^RC_LEVEL=/ { s/.*=//p;q; }' $cf) RC_LEVEL=${RC_LEVEL:-0} fi else RC_LEVEL=0 fi fi [ ${RC_LEVEL:-0} -ge ${level:-0} ] || return rc_log "$@" } # list_vars pattern # List variables matching glob pattern. # list_vars() { # Localize 'set' option below. local - local IFS=$'\n' line varname # Disable path expansion in unquoted 'for' parameters below. set -o noglob for line in $(set); do varname="${line%%=*}" case "$varname" in "$line"|*[!a-zA-Z0-9_]*) continue ;; $1) echo $varname ;; esac done } # set_rcvar [var] [defval] [desc] # # Echo or define a rc.conf(5) variable name. Global variable # $rcvars is used. # # If no argument is specified, echo "${name}_enable". # # If only a var is specified, echo "${var}_enable". # # If var and defval are specified, the ${var} is defined as # rc.conf(5) variable and the default value is ${defvar}. An # optional argument $desc can also be specified to add a # description for that. # set_rcvar() { local _var case $# in 0) echo ${name}_enable ;; 1) echo ${1}_enable ;; *) debug "set_rcvar: \$$1=$2 is added" \ " as a rc.conf(5) variable." _var=$1 rcvars="${rcvars# } $_var" eval ${_var}_defval=\"$2\" shift 2 eval ${_var}_desc=\"$*\" ;; esac } # set_rcvar_obsolete oldvar [newvar] [msg] # Define obsolete variable. # Global variable $rcvars_obsolete is used. # set_rcvar_obsolete() { local _var _var=$1 debug "set_rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" rcvars_obsolete="${rcvars_obsolete# } $1" eval ${1}_newvar=\"$2\" shift 2 eval ${_var}_obsolete_msg=\"$*\" } # # force_depend script [rcvar] # Force a service to start. Intended for use by services # to resolve dependency issues. # $1 - filename of script, in /etc/rc.d, to run # $2 - name of the script's rcvar (minus the _enable) # force_depend() { local _depend _dep_rcvar _depend="$1" _dep_rcvar="${2:-$1}_enable" [ -n "$rc_fast" ] && ! checkyesno always_force_depends && checkyesno $_dep_rcvar && return 0 /etc/rc.d/${_depend} forcestatus >/dev/null 2>&1 && return 0 info "${name} depends on ${_depend}, which will be forced to start." if ! /etc/rc.d/${_depend} forcestart; then warn "Unable to force ${_depend}. It may already be running." return 1 fi } # # checkyesno var # Test $1 variable, and warn if not set to YES or NO. # Return 0 if it's "yes" (et al), nonzero otherwise. # checkyesno() { eval _value=\$${1} debug "checkyesno: $1 is set to $_value." case $_value in # "yes", "true", "on", or "1" [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; # "no", "false", "off", or "0" [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;; *) warn "\$${1} is not set properly - see rc.conf(5)." return 1 ;; esac } # # reverse_list list # print the list in reverse order # reverse_list() { _revlist= for _revfile; do _revlist="$_revfile $_revlist" done echo $_revlist } # stop_boot always # If booting directly to multiuser or $always is enabled, # send SIGTERM to the parent (/etc/rc) to abort the boot. # Otherwise just exit. # stop_boot() { local always case $1 in # "yes", "true", "on", or "1" [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) always=true ;; *) always=false ;; esac if [ "$autoboot" = yes -o "$always" = true ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM ${RC_PID} fi exit 1 } # # mount_critical_filesystems type # Go through the list of critical filesystems as provided in # the rc.conf(5) variable $critical_filesystems_${type}, checking # each one to see if it is mounted, and if it is not, mounting it. # mount_critical_filesystems() { eval _fslist=\$critical_filesystems_${1} for _fs in $_fslist; do mount | ( _ismounted=false while read what _on on _type type; do if [ $on = $_fs ]; then _ismounted=true fi done if $_ismounted; then : else mount $_fs >/dev/null 2>&1 fi ) done } # # check_pidfile pidfile procname [interpreter] # Parses the first line of pidfile for a PID, and ensures # that the process is running and matches procname. # Prints the matching PID upon success, nothing otherwise. # interpreter is optional; see _find_processes() for details. # check_pidfile() { _pidfile=$1 _procname=$2 _interpreter=$3 if [ -z "$_pidfile" -o -z "$_procname" ]; then err 3 'USAGE: check_pidfile pidfile procname [interpreter]' fi if [ ! -f $_pidfile ]; then debug "pid file ($_pidfile): not readable." return fi read _pid _junk < $_pidfile if [ -z "$_pid" ]; then debug "pid file ($_pidfile): no pid in file." return fi _find_processes $_procname ${_interpreter:-.} '-p '"$_pid" } # # check_process procname [interpreter] # Ensures that a process (or processes) named procname is running. # Prints a list of matching PIDs. # interpreter is optional; see _find_processes() for details. # check_process() { _procname=$1 _interpreter=$2 if [ -z "$_procname" ]; then err 3 'USAGE: check_process procname [interpreter]' fi _find_processes $_procname ${_interpreter:-.} '-ax' } # # _find_processes procname interpreter psargs # Search for procname in the output of ps generated by psargs. # Prints the PIDs of any matching processes, space separated. # # If interpreter == ".", check the following variations of procname # against the first word of each command: # procname # `basename procname` # `basename procname` + ":" # "(" + `basename procname` + ")" # "[" + `basename procname` + "]" # # If interpreter != ".", read the first line of procname, remove the # leading #!, normalise whitespace, append procname, and attempt to # match that against each command, either as is, or with extra words # at the end. As an alternative, to deal with interpreted daemons # using perl, the basename of the interpreter plus a colon is also # tried as the prefix to procname. # _find_processes() { if [ $# -ne 3 ]; then err 3 'USAGE: _find_processes procname interpreter psargs' fi _procname=$1 _interpreter=$2 _psargs=$3 _pref= if [ $_interpreter != "." ]; then # an interpreted script _script="${_chroot}${_chroot:+/}$_procname" if [ -r "$_script" ]; then read _interp < $_script # read interpreter name case "$_interp" in \#!*) _interp=${_interp#\#!} # strip #! set -- $_interp case $1 in */bin/env) shift # drop env to get real name ;; esac if [ $_interpreter != $1 ]; then warn "\$command_interpreter $_interpreter != $1" fi ;; *) warn "no shebang line in $_script" set -- $_interpreter ;; esac else warn "cannot read shebang line from $_script" set -- $_interpreter fi _interp="$* $_procname" # cleanup spaces, add _procname _interpbn=${1##*/} _fp_args='_argv' _fp_match='case "$_argv" in ${_interp}|"${_interp} "*|"[${_interpbn}]"|"${_interpbn}: ${_procname}"*)' else # a normal daemon _procnamebn=${_procname##*/} _fp_args='_arg0 _argv' _fp_match='case "$_arg0" in $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' fi if checkyesno ${name}_svcj && [ "${_rc_svcj}" != jailing ]; then JID=$(/usr/sbin/jls -j svcj-${name} jid 2>/dev/null) case ${JID} in ''|*[!0-9]*) # svcj-jail doesn't exist, fallback to host-check JID=0 ;; esac fi _proccheck="\ $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | while read _npid _jid '"$_fp_args"'; do '"$_fp_match"' if [ "$JID" -eq "$_jid" ]; then echo -n "$_pref$_npid"; _pref=" "; fi ;; esac done' # debug "in _find_processes: proccheck is ($_proccheck)." eval $_proccheck } # sort_lite [-b] [-n] [-k POS] [-t SEP] # A lite version of sort(1) (supporting a few options) that can be used # before the real sort(1) is available (e.g., in scripts that run prior # to mountcritremote). Requires only shell built-in functionality. # sort_lite() { local funcname=sort_lite local sort_sep="$IFS" sort_ignore_leading_space= local sort_field=0 sort_strict_fields= sort_numeric= local nitems=0 skip_leading=0 trim= local OPTIND flag while getopts bnk:t: flag; do case "$flag" in b) sort_ignore_leading_space=1 ;; n) sort_numeric=1 sort_ignore_leading_space=1 ;; k) sort_field="${OPTARG%%,*}" ;; # only up to first comma # NB: Unlike sort(1) only one POS allowed t) sort_sep="$OPTARG" if [ ${#sort_sep} -gt 1 ]; then echo "$funcname: multi-character tab \`$sort_sep'" >&2 return 1 fi sort_strict_fields=1 ;; \?) return 1 ;; esac done shift $(( $OPTIND - 1 )) # Create transformation pattern to trim leading text if desired case "$sort_field" in ""|[!0-9]*|*[!0-9.]*) echo "$funcname: invalid sort field \`$sort_field'" >&2 return 1 ;; *.*) skip_leading=${sort_field#*.} sort_field=${sort_field%%.*} while [ ${skip_leading:-0} -gt 1 ] 2> /dev/null; do trim="$trim?" skip_leading=$(( $skip_leading - 1 )) done esac # Copy input to series of local numbered variables # NB: IFS of NULL preserves leading whitespace local LINE while IFS= read -r LINE || [ "$LINE" ]; do nitems=$(( $nitems + 1 )) local src_$nitems="$LINE" done # # Sort numbered locals using insertion sort # local curitem curitem_orig curitem_mod curitem_haskey local dest dest_orig dest_mod dest_haskey local d gt n local i=1 while [ $i -le $nitems ]; do curitem_haskey=1 # Assume sort field (-k POS) exists eval curitem=\"\$src_$i\" curitem_mod="$curitem" # for modified comparison curitem_orig="$curitem" # for original comparison # Trim leading whitespace if desired if [ "$sort_ignore_leading_space" ]; then while case "$curitem_orig" in [$IFS]*) : ;; *) false; esac do curitem_orig="${curitem_orig#?}" done curitem_mod="$curitem_orig" fi # Shift modified comparison value if sort field (-k POS) is > 1 n=$sort_field while [ $n -gt 1 ]; do case "$curitem_mod" in *[$sort_sep]*) # Cut text up-to (and incl.) first separator curitem_mod="${curitem_mod#*[$sort_sep]}" # Skip NULLs unless strict field splitting [ "$sort_strict_fields" ] || [ "${curitem_mod%%[$sort_sep]*}" ] || [ $n -eq 2 ] || continue ;; *) # Asked for a field that doesn't exist curitem_haskey= break esac n=$(( $n - 1 )) done # Trim trailing words if sort field >= 1 [ $sort_field -ge 1 -a "$sort_numeric" ] && curitem_mod="${curitem_mod%%[$sort_sep]*}" # Apply optional trim (-k POS.TRIM) to cut leading characters curitem_mod="${curitem_mod#$trim}" # Determine the type of modified comparison to use initially # NB: Prefer numerical if requested but fallback to standard case "$curitem_mod" in ""|[!0-9]*) # NULL or begins with non-number gt=">" [ "$sort_numeric" ] && curitem_mod=0 ;; *) if [ "$sort_numeric" ]; then gt="-gt" curitem_mod="${curitem_mod%%[!0-9]*}" # NB: trailing non-digits removed # otherwise numeric comparison fails else gt=">" fi esac # If first time through, short-circuit below position-search if [ $i -le 1 ]; then d=0 else d=1 fi # # Find appropriate element position # while [ $d -gt 0 ] do dest_haskey=$curitem_haskey eval dest=\"\$dest_$d\" dest_mod="$dest" # for modified comparison dest_orig="$dest" # for original comparison # Trim leading whitespace if desired if [ "$sort_ignore_leading_space" ]; then while case "$dest_orig" in [$IFS]*) : ;; *) false; esac do dest_orig="${dest_orig#?}" done dest_mod="$dest_orig" fi # Shift modified value if sort field (-k POS) is > 1 n=$sort_field while [ $n -gt 1 ]; do case "$dest_mod" in *[$sort_sep]*) # Cut text up-to (and incl.) 1st sep dest_mod="${dest_mod#*[$sort_sep]}" # Skip NULLs unless strict fields [ "$sort_strict_fields" ] || [ "${dest_mod%%[$sort_sep]*}" ] || [ $n -eq 2 ] || continue ;; *) # Asked for a field that doesn't exist dest_haskey= break esac n=$(( $n - 1 )) done # Trim trailing words if sort field >= 1 [ $sort_field -ge 1 -a "$sort_numeric" ] && dest_mod="${dest_mod%%[$sort_sep]*}" # Apply optional trim (-k POS.TRIM), cut leading chars dest_mod="${dest_mod#$trim}" # Determine type of modified comparison to use # NB: Prefer numerical if requested, fallback to std case "$dest_mod" in ""|[!0-9]*) # NULL or begins with non-number gt=">" [ "$sort_numeric" ] && dest_mod=0 ;; *) if [ "$sort_numeric" ]; then gt="-gt" dest_mod="${dest_mod%%[!0-9]*}" # NB: kill trailing non-digits # for numeric comparison safety else gt=">" fi esac # Break if we've found the proper element position if [ "$curitem_haskey" -a "$dest_haskey" ]; then if [ "$dest_mod" = "$curitem_mod" ]; then [ "$dest_orig" ">" "$curitem_orig" ] && break elif [ "$dest_mod" $gt "$curitem_mod" ] \ 2> /dev/null then break fi else [ "$dest_orig" ">" "$curitem_orig" ] && break fi # Break if we've hit the end [ $d -ge $i ] && break d=$(( $d + 1 )) done # Shift remaining positions forward, making room for new item n=$i while [ $n -ge $d ]; do # Shift destination item forward one placement eval dest_$(( $n + 1 ))=\"\$dest_$n\" n=$(( $n - 1 )) done # Place the element if [ $i -eq 1 ]; then local dest_1="$curitem" else local dest_$d="$curitem" fi i=$(( $i + 1 )) done # Print sorted results d=1 while [ $d -le $nitems ]; do eval echo \"\$dest_$d\" d=$(( $d + 1 )) done } # # wait_for_pids pid [pid ...] # spins until none of the pids exist # wait_for_pids() { local _list _prefix _nlist _j _list="$@" if [ -z "$_list" ]; then return fi _prefix= while true; do _nlist=""; for _j in $_list; do if kill -0 $_j 2>/dev/null; then _nlist="${_nlist}${_nlist:+ }$_j" [ -n "$_prefix" ] && sleep 1 fi done if [ -z "$_nlist" ]; then break fi _list=$_nlist echo -n ${_prefix:-"Waiting for PIDS: "}$_list _prefix=", " pwait $_list 2>/dev/null done if [ -n "$_prefix" ]; then echo "." fi } # # get_pidfile_from_conf string file # # Takes a string to search for in the specified file. # Ignores lines with traditional comment characters. # # Example: # # if get_pidfile_from_conf string file; then # pidfile="$_pidfile_from_conf" # else # pidfile='appropriate default' # fi # get_pidfile_from_conf() { if [ -z "$1" -o -z "$2" ]; then err 3 "USAGE: get_pidfile_from_conf string file ($name)" fi local string file line string="$1" ; file="$2" if [ ! -s "$file" ]; then err 3 "get_pidfile_from_conf: $file does not exist ($name)" fi while read line; do case "$line" in *[#\;]*${string}*) continue ;; *${string}*) break ;; esac done < $file if [ -n "$line" ]; then line=${line#*/} _pidfile_from_conf="/${line%%[\"\;]*}" else return 1 fi } # # check_startmsgs # If rc_quiet is set (usually as a result of using faststart at # boot time) check if rc_startmsgs is enabled. # check_startmsgs() { if [ -n "$rc_quiet" ]; then checkyesno rc_startmsgs else return 0 fi } # # startmsg # Preferred method to use when displaying start messages in lieu of echo. # startmsg() { check_startmsgs && echo "$@" } # # run_rc_command argument # Search for argument in the list of supported commands, which is: # "start stop restart rcvar status poll ${extra_commands}" # If there's a match, run ${argument}_cmd or the default method # (see below). # # If argument has a given prefix, then change the operation as follows: # Prefix Operation # ------ --------- # fast Skip the pid check, and set rc_fast=yes, rc_quiet=yes # force Set ${rcvar} to YES, and set rc_force=yes # one Set ${rcvar} to YES # quiet Don't output some diagnostics, and set rc_quiet=yes # # The following globals are used: # # Name Needed Purpose # ---- ------ ------- # name y Name of script. # # command n Full path to command. # Not needed if ${rc_arg}_cmd is set for # each keyword. # # command_args n Optional args/shell directives for command. # # command_interpreter n If not empty, command is interpreted, so # call check_{pidfile,process}() appropriately. # # desc n Description of script. # # extra_commands n List of extra commands supported. # # pidfile n If set, use check_pidfile $pidfile $command, # otherwise use check_process $command. # In either case, only check if $command is set. # # procname n Process name to check for instead of $command. # # rcvar n This is checked with checkyesno to determine # if the action should be run. # # ${name}_program n Full path to command. # Meant to be used in /etc/rc.conf to override # ${command}. # # ${name}_chroot n Directory to chroot to before running ${command} # Requires /usr to be mounted. # # ${name}_chdir n Directory to cd to before running ${command} # (if not using ${name}_chroot). # # ${name}_cpuset n A list of CPUs to run ${command} on. # Requires /usr to be mounted. # # ${name}_flags n Arguments to call ${command} with. # NOTE: $flags from the parent environment # can be used to override this. # # ${name}_env n Environment variables to run ${command} with. # # ${name}_env_file n File to source variables to run ${command} with. # # ${name}_fib n Routing table number to run ${command} with. # # ${name}_nice n Nice level to run ${command} at. # # ${name}_oomprotect n Don't kill ${command} when swap space is exhausted. # # ${name}_umask n The file creation mask to run ${command} with. # # ${name}_user n User to run ${command} as, using su(1) if not # using ${name}_chroot. # Requires /usr to be mounted. # # ${name}_group n Group to run chrooted ${command} as. # Requires /usr to be mounted. # # ${name}_groups n Comma separated list of supplementary groups # to run the chrooted ${command} with. # Requires /usr to be mounted. # # ${name}_prepend n Command added before ${command}. # -# ${name}_setup n Command executed before ${command}. +# ${name}_setup n Command executed during start, restart and +# reload before ${rc_arg}_precmd is run. # # ${name}_login_class n Login class to use, else "daemon". # # ${name}_limits n limits(1) to apply to ${command}. # # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # # ${rc_arg}_precmd n If set, run just before performing the # ${rc_arg}_cmd method in the default # operation (i.e, after checking for required # bits and process (non)existence). # If this completes with a non-zero exit code, # don't run ${rc_arg}_cmd. # # ${rc_arg}_postcmd n If set, run just after performing the # ${rc_arg}_cmd method, if that method # returned a zero exit code. # # required_dirs n If set, check for the existence of the given # directories before running a (re)start command. # # required_files n If set, check for the readability of the given # files before running a (re)start command. # # required_modules n If set, ensure the given kernel modules are # loaded before running a (re)start command. # The check and possible loads are actually # done after start_precmd so that the modules # aren't loaded in vain, should the precmd # return a non-zero status to indicate a error. # If a word in the list looks like "foo:bar", # "foo" is the KLD file name and "bar" is the # module name. If a word looks like "foo~bar", # "foo" is the KLD file name and "bar" is a # egrep(1) pattern matching the module name. # Otherwise the module name is assumed to be # the same as the KLD file name, which is most # common. See load_kld(). # # required_vars n If set, perform checkyesno on each of the # listed variables before running the default # (re)start command. # # Default behaviour for a given argument, if no override method is # provided: # # Argument Default behaviour # -------- ----------------- # start if !running && checkyesno ${rcvar} # ${command} # # stop if ${pidfile} # rc_pid=$(check_pidfile $pidfile $command) # else # rc_pid=$(check_process $command) # kill $sig_stop $rc_pid # wait_for_pids $rc_pid # ($sig_stop defaults to TERM.) # # reload Similar to stop, except use $sig_reload instead, # and don't wait_for_pids. # $sig_reload defaults to HUP. # Note that `reload' isn't provided by default, # it should be enabled via $extra_commands. # # restart Run `stop' then `start'. # # status Show if ${command} is running, etc. # # poll Wait for ${command} to exit. # # rcvar Display what rc.conf variable is used (if any). # # enabled Return true if the service is enabled. # # describe Show the service's description # # extracommands Show the service's extra commands # # Variables available to methods, and after run_rc_command() has # completed: # # Variable Purpose # -------- ------- # rc_arg Argument to command, after fast/force/one processing # performed # # rc_flags Flags to start the default command with. # Defaults to ${name}_flags, unless overridden # by $flags from the environment. # This variable may be changed by the precmd method. # # rc_service Path to the service being executed, in case the service # needs to re-invoke itself. # # rc_pid PID of command (if appropriate) # # rc_fast Not empty if "fast" was provided (q.v.) # # rc_force Not empty if "force" was provided (q.v.) # # rc_quiet Not empty if "quiet" was provided # # run_rc_command() { _return=0 rc_arg=$1 if [ -z "$name" ]; then err 3 'run_rc_command: $name is not set.' fi DebugOn rc:all rc:all:$rc_arg rc:$name rc:$name:$rc_arg $name:$rc_arg # Don't repeat the first argument when passing additional command- # line arguments to the command subroutines. # shift 1 rc_extra_args="$*" _rc_prefix= case "$rc_arg" in fast*) # "fast" prefix; don't check pid rc_arg=${rc_arg#fast} rc_fast=yes rc_quiet=yes ;; force*) # "force" prefix; always run rc_force=yes _rc_prefix=force rc_arg=${rc_arg#${_rc_prefix}} if [ -n "${rcvar}" ]; then eval ${rcvar}=YES fi ;; one*) # "one" prefix; set ${rcvar}=yes _rc_prefix=one rc_arg=${rc_arg#${_rc_prefix}} if [ -n "${rcvar}" ]; then eval ${rcvar}=YES fi ;; quiet*) # "quiet" prefix; omit some messages _rc_prefix=quiet rc_arg=${rc_arg#${_rc_prefix}} rc_quiet=yes ;; esac eval _override_command=\$${name}_program command=${_override_command:-$command} _keywords="start stop restart rcvar enable disable delete enabled describe extracommands $extra_commands" rc_pid= _pidcmd= _procname=${procname:-${command}} eval _cpuset=\$${name}_cpuset # Loose validation of the configured cpuset; just make sure it starts # with a number. There have also been cases in the past where a hyphen # in a service name has caused eval errors, which trickle down into # various variables; don't let a situation like that break a bunch of # services just because of cpuset(1). case "$_cpuset" in [0-9]*) ;; *) _cpuset="" ;; esac _cpusetcmd= if [ -n "$_cpuset" ]; then _cpusetcmd="$CPUSET -l $_cpuset" fi # If a specific jail has a specific svcj request, honor it (YES/NO). # If not (variable empty), evaluate the global svcj catch-all. # A global YES can be overriden by a specific NO, and a global NO is overriden # by a specific YES. eval _svcj=\$${name}_svcj if [ -z "$_svcj" ]; then _svcj=${svcj_all_enable} if [ -z "$_svcj" ]; then eval ${name}_svcj=NO fi fi # setup pid check command if [ -n "$_procname" ]; then if [ -n "$pidfile" ]; then _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')' else _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')' fi _keywords="${_keywords} status poll" else if [ ! -z "${status_cmd}" ] then _keywords="${_keywords} status" fi fi if [ -z "$rc_arg" ]; then rc_usage $_keywords fi if [ "$rc_arg" = "enabled" ] ; then checkyesno ${rcvar} return $? fi if [ -n "$flags" ]; then # allow override from environment rc_flags=$flags else eval rc_flags=\$${name}_flags fi eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ _nice=\$${name}_nice _user=\$${name}_user \ _group=\$${name}_group _groups=\$${name}_groups \ _fib=\$${name}_fib _env=\$${name}_env \ _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ _limits=\$${name}_limits _oomprotect=\$${name}_oomprotect \ _setup=\$${name}_setup _env_file=\$${name}_env_file \ _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file set -a . $_env_file set +a fi if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then unset _user fi fi if [ -n "$_svcj_options" ]; then # translate service jail options _svcj_cmd_options="" for _svcj_option in $_svcj_options; do case "$_svcj_option" in mlock) _svcj_cmd_options="allow.mlock ${_svcj_cmd_options}" ;; netv4) _svcj_cmd_options="ip4=inherit allow.reserved_ports ${_svcj_cmd_options}" ;; netv6) _svcj_cmd_options="ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" ;; net_basic) _svcj_cmd_options="ip4=inherit ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" ;; net_raw) _svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}" ;; net_all) _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=inherit ip6=inherit ${_svcj_cmd_options}" ;; nfsd) _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" ;; sysvipc) _svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}" ;; vmm) _svcj_cmd_options="allow.vmm ${_svcj_cmd_options}" ;; *) echo ${name}: unknown service jail option: $_svcj_option ;; esac done fi [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary for _elem in $_keywords; do if [ "$_elem" != "$rc_arg" ]; then continue fi # if ${rcvar} is set, $1 is not "rcvar", "describe", # "enable", "delete" or "status", and ${rc_pid} is # not set, run: # checkyesno ${rcvar} # and return if that failed # if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" \ -a "$rc_arg" != "delete" -a "$rc_arg" != "enable" \ -a "$rc_arg" != "describe" -a "$rc_arg" != "status" ] || [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then if ! checkyesno ${rcvar}; then if [ -n "${rc_quiet}" ]; then return 0 fi echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to " echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' " echo "instead of '${rc_arg}'." return 0 fi fi if [ $rc_arg = "start" -a -z "$rc_fast" -a -n "$rc_pid" ]; then if [ -z "$rc_quiet" ]; then echo 1>&2 "${name} already running? " \ "(pid=$rc_pid)." fi return 1 fi - # if there's a custom ${XXX_cmd}, - # run that instead of the default - # + # if there's a custom ${XXX_cmd}, + # run that instead of the default + # eval _cmd=\$${rc_arg}_cmd \ _precmd=\$${rc_arg}_precmd \ _postcmd=\$${rc_arg}_postcmd if [ -n "$_cmd" ]; then rc_trace 1 "$_cmd" if [ -n "$_env" ]; then eval "export -- $_env" fi if [ "${_rc_svcj}" != jailing ]; then + # service can redefine all so + # check for valid setup target + if [ "$rc_arg" = 'start' -o \ + "$rc_arg" = 'restart' -o \ + "$rc_arg" = 'reload' ]; then + _run_rc_setup || \ + warn "failed to setup ${name}" + fi _run_rc_precmd || return 1 fi if ! checkyesno ${name}_svcj; then _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || return 1 else case "$rc_arg" in start) if [ "${_rc_svcj}" != jailing ]; then _return=1 $JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \ exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \ exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \ exec.consolelog="/var/log/svcj_${name}_console.log" \ name=svcj-${name} && _return=0 else _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 fi ;; stop) if [ "${_rc_svcj}" != jailing ]; then $SERVICE -E _rc_svcj=jailing -j svcj-${name} ${name} ${_rc_prefix}stop $rc_extra_args || _return=1 $JAIL_CMD -r svcj-${name} 2>/dev/null else _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 fi ;; restart|status) ;; # no special case needed for svcj or handled somewhere else *) eval _rc_svcj_extra_cmd=\$${name}_${rc_arg}_svcj_enable : ${_rc_svcj_extra_cmd:=NO} if checkyesno _rc_svcj_extra_cmd && [ "${_rc_svcj}" != jailing ]; then $SERVICE -v -E _rc_svcj=jailing -j svcj-${name} ${name} ${_rc_prefix}${rc_arg} $rc_extra_args || _return=1 else _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 fi ;; esac fi if [ "${_rc_svcj}" != jailing ]; then _run_rc_postcmd fi return $_return fi case "$rc_arg" in # default operations... describe) if [ -n "$desc" ]; then echo "$desc" fi ;; extracommands) echo "$extra_commands" ;; enable) _out=$(/usr/sbin/sysrc -vs "$name" "$rcvar=YES") && echo "$name enabled in ${_out%%:*}" ;; disable) _out=$(/usr/sbin/sysrc -vs "$name" "$rcvar=NO") && echo "$name disabled in ${_out%%:*}" ;; delete) _files= for _file in $(sysrc -lEs "$name"); do _out=$(sysrc -Fif $_file "$rcvar") && _files="$_files $_file" done /usr/sbin/sysrc -x "$rcvar" && echo "$rcvar deleted in ${_files# }" # delete file in rc.conf.d if desired and empty. checkyesno service_delete_empty || _files= for _file in $_files; do [ "$_file" = "${_file#*/rc.conf.d/}" ] && continue [ $(/usr/bin/stat -f%z $_file) -gt 0 ] && continue /bin/rm "$_file" && echo "Empty file $_file removed" done ;; status) _run_rc_precmd || return 1 if [ -n "$rc_pid" ]; then echo "${name} is running as pid $rc_pid." else echo "${name} is not running." return 1 fi _run_rc_postcmd ;; start) if [ ! -x "${_chroot}${_chroot:+/}${command}" ]; then warn "run_rc_command: cannot run $command" return 1 fi if [ "${_rc_svcj}" != jailing ]; then + _run_rc_setup || warn "failed to setup ${name}" + if ! _run_rc_precmd; then warn "failed precmd routine for ${name}" return 1 fi fi if checkyesno ${name}_svcj; then if [ "${_rc_svcj}" != jailing ]; then $JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options\ exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \ exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \ exec.consolelog="/var/log/svcj_${name}_console.log" \ name=svcj-${name} || return 1 fi fi - # setup the full command to run - # + # setup the full command to run + # startmsg "Starting ${name}." if [ -n "$_chroot" ]; then _cd= _doit="\ ${_nice:+nice -n $_nice }\ $_cpusetcmd \ ${_fib:+setfib -F $_fib }\ ${_env:+env $_env }\ chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ $_chroot $command $rc_flags $command_args" else _cd="${_chdir:+cd $_chdir && }" _doit="\ ${_fib:+setfib -F $_fib }\ ${_env:+env $_env }\ $_cpusetcmd $command $rc_flags $command_args" if [ -n "$_user" ]; then _doit="su -m $_user -c 'sh -c \"$_doit\"'" fi if [ -n "$_nice" ]; then if [ -z "$_user" ]; then _doit="sh -c \"$_doit\"" fi _doit="nice -n $_nice $_doit" fi if [ -n "$_prepend" ]; then _doit="$_prepend $_doit" fi fi - if [ -n "$_setup" ]; then - if ! _run_rc_doit "$_setup"; then - warn "failed to setup ${name}" - fi - fi - - # Prepend default limits + # Prepend default limits _doit="$_cd limits -C $_login_class $_limits $_doit" - local _really_run_it=true if checkyesno ${name}_svcj; then if [ "${_rc_svcj}" != jailing ]; then _really_run_it=false fi fi if [ "$_really_run_it" = true ]; then - # run the full command - # + # run the full command + # if ! _run_rc_doit "$_doit"; then warn "failed to start ${name}" return 1 fi fi if [ "${_rc_svcj}" != jailing ]; then - # finally, run postcmd - # + # finally, run postcmd + # _run_rc_postcmd fi ;; stop) if [ -z "$rc_pid" ]; then [ -n "$rc_fast" ] && return 0 _run_rc_notrunning return 1 fi _run_rc_precmd || return 1 - # send the signal to stop - # + # send the signal to stop + # echo "Stopping ${name}." _doit=$(_run_rc_killcmd "${sig_stop:-TERM}") _run_rc_doit "$_doit" || return 1 - # wait for the command to exit, - # and run postcmd. + # wait for the command to exit, + # and run postcmd. wait_for_pids $rc_pid if checkyesno ${name}_svcj; then # remove service jail $JAIL_CMD -r svcj-${name} 2>/dev/null fi _run_rc_postcmd ;; reload) if [ -z "$rc_pid" ]; then _run_rc_notrunning return 1 fi + _run_rc_setup || warn "failed to setup ${name}" + _run_rc_precmd || return 1 _doit=$(_run_rc_killcmd "${sig_reload:-HUP}") _run_rc_doit "$_doit" || return 1 _run_rc_postcmd ;; restart) - # prevent restart being called more - # than once by any given script - # + _run_rc_setup || warn "failed to setup ${name}" + + # prevent restart being called more + # than once by any given script + # if ${_rc_restart_done:-false}; then return 0 fi _rc_restart_done=true _run_rc_precmd || return 1 # run those in a subshell to keep global variables ( run_rc_command ${_rc_prefix}stop $rc_extra_args ) ( run_rc_command ${_rc_prefix}start $rc_extra_args ) _return=$? [ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1 _run_rc_postcmd ;; poll) _run_rc_precmd || return 1 if [ -n "$rc_pid" ]; then wait_for_pids $rc_pid fi _run_rc_postcmd ;; rcvar) echo -n "# $name" if [ -n "$desc" ]; then echo " : $desc" else echo "" fi echo "#" # Get unique vars in $rcvar $rcvars for _v in $rcvar $rcvars; do case $v in $_v\ *|\ *$_v|*\ $_v\ *) ;; *) v="${v# } $_v" ;; esac done # Display variables. for _v in $v; do if [ -z "$_v" ]; then continue fi eval _desc=\$${_v}_desc eval _defval=\$${_v}_defval _h="-" eval echo \"$_v=\\\"\$$_v\\\"\" # decode multiple lines of _desc while [ -n "$_desc" ]; do case $_desc in *^^*) echo "# $_h ${_desc%%^^*}" _desc=${_desc#*^^} _h=" " ;; *) echo "# $_h ${_desc}" break ;; esac done echo "# (default: \"$_defval\")" done echo "" ;; *) rc_usage $_keywords ;; esac # Apply protect(1) to the PID if ${name}_oomprotect is set. case "$rc_arg" in start) # We cannot use protect(1) inside jails. if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] && [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then [ -z "${rc_pid}" ] && eval $_pidcmd case $_oomprotect in [Aa][Ll][Ll]) ${PROTECT} -d -i -p ${rc_pid} ;; [Yy][Ee][Ss]) ${PROTECT} -p ${rc_pid} ;; esac fi ;; esac return $_return done echo 1>&2 "$0: unknown directive '$rc_arg'." rc_usage $_keywords # not reached } # # Helper functions for run_rc_command: common code. # They use such global variables besides the exported rc_* ones: # # name R/W # ------------------ # _precmd R # _postcmd R # _return W +# _setup R # _run_rc_precmd() { check_required_before "$rc_arg" || return 1 if [ -n "$_precmd" ]; then debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args" eval "$_precmd $rc_extra_args" _return=$? # If precmd failed and force isn't set, request exit. if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then return 1 fi fi check_required_after "$rc_arg" || return 1 return 0 } _run_rc_postcmd() { if [ -n "$_postcmd" ]; then debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args" eval "$_postcmd $rc_extra_args" _return=$? fi return 0 } +_run_rc_setup() +{ + # prevent multiple execution on restart => stop/start split + if ! ${_rc_restart_done:-false} && [ -n "$_setup" ]; then + debug "run_rc_command: ${rc_arg}_setup: $_setup" + eval "$_setup" + _return=$? + if [ $_return -ne 0 ]; then + return 1 + fi + fi + return 0 +} + _run_rc_doit() { local _m debug "run_rc_command: doit: $*" _m=$(umask) ${_umask:+umask ${_umask}} eval "$@" _return=$? umask ${_m} # If command failed and force isn't set, request exit. if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then return 1 fi return 0 } _run_rc_notrunning() { local _pidmsg if [ -n "$pidfile" ]; then _pidmsg=" (check $pidfile)." else _pidmsg= fi echo 1>&2 "${name} not running?${_pidmsg}" } _run_rc_killcmd() { local _cmd _cmd="kill -$1 $rc_pid" if [ -n "$_user" ]; then _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" fi echo "$_cmd" } # # run_rc_script file arg # Start the script `file' with `arg', and correctly handle the # return value from the script. # If `file' ends with `.sh' and lives in /etc/rc.d, ignore it as it's # an old-style startup file. # If `file' ends with `.sh' and does not live in /etc/rc.d, it's sourced # into the current environment if $rc_fast_and_loose is set; otherwise # it is run as a child process. # If `file' appears to be a backup or scratch file, ignore it. # Otherwise if it is executable run as a child process. # run_rc_script() { _file=$1 _arg=$2 if [ -z "$_file" -o -z "$_arg" ]; then err 3 'USAGE: run_rc_script file arg' fi unset name command command_args command_interpreter \ extra_commands pidfile procname \ rcvar rcvars rcvars_obsolete required_dirs required_files \ required_vars eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd rc_trace 0 "$_file $_arg" # don't use it if we don't trust it is_verified $_file || return rc_service="$_file" case "$_file" in /etc/rc.d/*.sh) # no longer allowed in the base warn "Ignoring old-style startup script $_file" ;; *[~#]|*.OLD|*.bak|*.orig|*,v) # scratch file; skip warn "Ignoring scratch file $_file" ;; *) # run in subshell if [ -x $_file ]; then DebugOn $_file $_file:$_arg rc:${_file##*/} rc:${_file##*/}:$_arg ${_file##*/} ${_file##*/}:$_arg if [ -n "$rc_boottrace" ]; then boottrace_fn "$_file" "$_arg" elif [ -n "$rc_fast_and_loose" ]; then set $_arg; . $_file else ( trap "echo Script $_file interrupted >&2 ; kill -QUIT $$" 3 trap "echo Script $_file interrupted >&2 ; exit 1" 2 trap "echo Script $_file running >&2" 29 set $_arg; . $_file ) fi DebugOff $_file $_file:$_arg rc:${_file##*/} rc:${_file##*/}:$_arg ${_file##*/} ${_file##*/}:$_arg fi ;; esac } # # run_rc_scripts [options] file [...] # # Call `run_rc_script' for each "file" unless already listed in # $_rc_elem_done. # # Options: # # --arg "arg" # Pass "arg" to `run_rc_script' default is $_boot. # # --break "marker" # If any "file" matches "marker" stop processing. # _rc_elem_done= run_rc_scripts() { local _arg=${_boot} local _rc_elem local _rc_breaks= while :; do case "$1" in --arg) _arg="$2" shift 2 ;; --break) _rc_breaks="$_rc_breaks $2" shift 2 ;; *) break ;; esac done for _rc_elem in "$@"; do : _rc_elem=$_rc_elem case " $_rc_elem_done " in *" $_rc_elem "*) continue ;; esac run_rc_script ${_rc_elem} ${_arg} _rc_elem_done="$_rc_elem_done $_rc_elem" case " $_rc_breaks " in *" ${_rc_elem##*/} "*) break ;; esac done } boottrace_fn() { local _file _arg _file=$1 _arg=$2 if [ -n "$rc_fast_and_loose" ]; then boottrace_sysctl "$_file start" set $_arg; . $_file boottrace_sysctl "$_file done" else $boottrace_cmd "$_file" "$_arg" fi } boottrace_sysctl() { ${SYSCTL} kern.boottrace.boottrace="$1" } # # load_rc_config [service] # Source in the configuration file(s) for a given service. # If no service is specified, only the global configuration # file(s) will be loaded. # load_rc_config() { local _name _rcvar_val _var _defval _v _msg _new _d _dot _name=$1 _dot=${load_rc_config_reader:-dot} case "$_dot" in dot|[sv]dot) ;; *) warn "Ignoring invalid load_rc_config_reader" _dot=dot ;; esac case "$1" in -s|--safe) _dot=sdot _name=$2 shift ;; -v|--verify) _dot=vdot _name=$2 shift ;; esac DebugOn rc:$_name $_name if ${_rc_conf_loaded:-false}; then : else if [ -r /etc/defaults/rc.conf ]; then debug "Sourcing /etc/defaults/rc.conf" $_dot /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)." $_dot /etc/rc.conf fi _rc_conf_loaded=true fi # If a service name was specified, attempt to load # service-specific configuration if [ -n "$_name" ] ; then for _d in /etc ${local_startup}; do _d=${_d%/rc.d} if [ -f ${_d}/rc.conf.d/"$_name" ]; then debug "Sourcing ${_d}/rc.conf.d/$_name" $_dot ${_d}/rc.conf.d/"$_name" elif [ -d ${_d}/rc.conf.d/"$_name" ] ; then local _rc for _rc in ${_d}/rc.conf.d/"$_name"/* ; do if [ -f "$_rc" ] ; then debug "Sourcing $_rc" $_dot "$_rc" fi done fi done fi # Set defaults if defined. for _var in $rcvar $rcvars; do eval _defval=\$${_var}_defval if [ -n "$_defval" ]; then eval : \${$_var:=\$${_var}_defval} fi done # check obsolete rc.conf variables for _var in $rcvars_obsolete; do eval _v=\$$_var eval _msg=\$${_var}_obsolete_msg eval _new=\$${_var}_newvar case $_v in "") ;; *) if [ -z "$_new" ]; then _msg="Ignored." else eval $_new=\"\$$_var\" if [ -z "$_msg" ]; then _msg="Use \$$_new instead." fi fi warn "\$$_var is obsolete. $_msg" ;; esac done } # # load_rc_config_var name var # Read the rc.conf(5) var for name and set in the # current shell, using load_rc_config in a subshell to prevent # unwanted side effects from other variable assignments. # load_rc_config_var() { if [ $# -ne 2 ]; then err 3 'USAGE: load_rc_config_var name var' fi eval $(eval '( load_rc_config '$1' >/dev/null; if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then echo '$2'=\'\''${'$2'}\'\''; fi )' ) } # # rc_usage commands # Print a usage string for $0, with `commands' being a list of # valid commands. # rc_usage() { echo -n 1>&2 "Usage: $0 [fast|force|one|quiet](" _sep= for _elem; do echo -n 1>&2 "$_sep$_elem" _sep="|" done echo 1>&2 ")" exit 1 } # # err exitval message # Display message to stderr and log to the syslog, and exit with exitval. # err() { exitval=$1 shift if [ -x /usr/bin/logger ]; then logger "$0: ERROR: $*" fi echo 1>&2 "$0: ERROR: $*" exit $exitval } # # warn message # Display message to stderr and log to the syslog. # warn() { if [ -x /usr/bin/logger ]; then logger "$0: WARNING: $*" fi echo 1>&2 "$0: WARNING: $*" } # # info message # Display informational message to stdout and log to syslog. # info() { case ${rc_info} in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -x /usr/bin/logger ]; then logger "$0: INFO: $*" fi echo "$0: INFO: $*" ;; esac } # # debug message # If debugging is enabled in rc.conf output message to stderr. # BEWARE that you don't call any subroutine that itself calls this # function. # debug() { case ${rc_debug} in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -x /usr/bin/logger ]; then logger "$0: DEBUG: $*" fi echo 1>&2 "$0: DEBUG: $*" ;; esac } # # backup_file action file cur backup # Make a backup copy of `file' into `cur', and save the previous # version of `cur' as `backup'. # # The `action' keyword can be one of the following: # # add `file' is now being backed up (and is possibly # being reentered into the backups system). `cur' # is created. # # update `file' has changed and needs to be backed up. # If `cur' exists, it is copied to `back' # and then `file' is copied to `cur'. # # remove `file' is no longer being tracked by the backups # system. `cur' is moved `back'. # # backup_file() { _action=$1 _file=$2 _cur=$3 _back=$4 case $_action in add|update) if [ -f $_cur ]; then cp -p $_cur $_back fi cp -p $_file $_cur chown root:wheel $_cur ;; remove) mv -f $_cur $_back ;; esac } # make_symlink src link # Make a symbolic link 'link' to src from basedir. If the # directory in which link is to be created does not exist # a warning will be displayed and an error will be returned. # Returns 0 on success, 1 otherwise. # make_symlink() { local src link linkdir _me src="$1" link="$2" linkdir="`dirname $link`" _me="make_symlink()" if [ -z "$src" -o -z "$link" ]; then warn "$_me: requires two arguments." return 1 fi if [ ! -d "$linkdir" ]; then warn "$_me: the directory $linkdir does not exist." return 1 fi if ! ln -sf $src $link; then warn "$_me: unable to make a symbolic link from $link to $src" return 1 fi return 0 } # devfs_rulesets_from_file file # Reads a set of devfs commands from file, and creates # the specified rulesets with their rules. Returns non-zero # if there was an error. # devfs_rulesets_from_file() { local file _err _me _opts file="$1" _me="devfs_rulesets_from_file" _err=0 if [ -z "$file" ]; then warn "$_me: you must specify a file" return 1 fi if [ ! -e "$file" ]; then debug "$_me: no such file ($file)" return 0 fi # Disable globbing so that the rule patterns are not expanded # by accident with matching filesystem entries. _opts=$-; set -f debug "reading rulesets from file ($file)" { while read line do case $line in \#*) continue ;; \[*\]*) rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"` if [ -z "$rulenum" ]; then warn "$_me: cannot extract rule number ($line)" _err=1 break fi rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"` if [ -z "$rulename" ]; then warn "$_me: cannot extract rule name ($line)" _err=1 break; fi eval $rulename=\$rulenum debug "found ruleset: $rulename=$rulenum" if ! /sbin/devfs rule -s $rulenum delset; then _err=1 break fi ;; *) rulecmd="${line%%"\#*"}" # evaluate the command incase it includes # other rules if [ -n "$rulecmd" ]; then debug "adding rule ($rulecmd)" if ! eval /sbin/devfs rule -s $rulenum $rulecmd then _err=1 break fi fi ;; esac if [ $_err -ne 0 ]; then debug "error in $_me" break fi done } < $file case $_opts in *f*) ;; *) set +f ;; esac return $_err } # devfs_init_rulesets # Initializes rulesets from configuration files. Returns # non-zero if there was an error. # devfs_init_rulesets() { local file _me _me="devfs_init_rulesets" # Go through this only once if [ -n "$devfs_rulesets_init" ]; then debug "$_me: devfs rulesets already initialized" return fi for file in $devfs_rulesets; do if ! devfs_rulesets_from_file $file; then warn "$_me: could not read rules from $file" return 1 fi done devfs_rulesets_init=1 debug "$_me: devfs rulesets initialized" return 0 } # devfs_set_ruleset ruleset [dir] # Sets the default ruleset of dir to ruleset. The ruleset argument # must be a ruleset name as specified in devfs.rules(5) file. # Returns non-zero if it could not set it successfully. # devfs_set_ruleset() { local devdir rs _me [ -n "$1" ] && eval rs=\$$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_set_ruleset" if [ -z "$rs" ]; then warn "$_me: you must specify a ruleset number" return 1 fi debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })" if ! /sbin/devfs $devdir ruleset $rs; then warn "$_me: unable to set ruleset $rs to ${devdir#-m }" return 1 fi return 0 } # devfs_apply_ruleset ruleset [dir] # Apply ruleset number $ruleset to the devfs mountpoint $dir. # The ruleset argument must be a ruleset name as specified # in a devfs.rules(5) file. Returns 0 on success or non-zero # if it could not apply the ruleset. # devfs_apply_ruleset() { local devdir rs _me [ -n "$1" ] && eval rs=\$$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_apply_ruleset" if [ -z "$rs" ]; then warn "$_me: you must specify a ruleset" return 1 fi debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })" if ! /sbin/devfs $devdir rule -s $rs applyset; then warn "$_me: unable to apply ruleset $rs to ${devdir#-m }" return 1 fi return 0 } # devfs_domount dir [ruleset] # Mount devfs on dir. If ruleset is specified it is set # on the mount-point. It must also be a ruleset name as specified # in a devfs.rules(5) file. Returns 0 on success. # devfs_domount() { local devdir rs _me devdir="$1" [ -n "$2" ] && rs=$2 || rs= _me="devfs_domount()" if [ -z "$devdir" ]; then warn "$_me: you must specify a mount-point" return 1 fi debug "$_me: mount-point is ($devdir), ruleset is ($rs)" if ! mount -t devfs dev "$devdir"; then warn "$_me: Unable to mount devfs on $devdir" return 1 fi if [ -n "$rs" ]; then devfs_init_rulesets devfs_set_ruleset $rs $devdir devfs -m $devdir rule applyset fi return 0 } # Provide a function for normalizing the mounting of memory # filesystems. This should allow the rest of the code here to remain # as close as possible between 5-current and 4-stable. # $1 = size # $2 = mount point # $3 = (optional) extra mdmfs flags mount_md() { if [ -n "$3" ]; then flags="$3" fi /sbin/mdmfs $flags -s $1 ${mfs_type} $2 } # Code common to scripts that need to load a kernel module # if it isn't in the kernel yet. Syntax: # load_kld [-e regex] [-m module] file # where -e or -m chooses the way to check if the module # is already loaded: # regex is egrep'd in the output from `kldstat -v', # module is passed to `kldstat -m'. # The default way is as though `-m file' were specified. load_kld() { local _loaded _mod _opt _re while getopts "e:m:" _opt; do case "$_opt" in e) _re="$OPTARG" ;; m) _mod="$OPTARG" ;; *) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;; esac done shift $(($OPTIND - 1)) if [ $# -ne 1 ]; then err 3 'USAGE: load_kld [-e regex] [-m module] file' fi _mod=${_mod:-$1} _loaded=false if [ -n "$_re" ]; then if kldstat -v | egrep -q -e "$_re"; then _loaded=true fi else if kldstat -q -m "$_mod"; then _loaded=true fi fi if ! $_loaded; then if ! kldload "$1"; then warn "Unable to load kernel module $1" return 1 else info "$1 kernel module loaded." if [ -f "/etc/sysctl.kld.d/$1.conf" ]; then sysctl -f "/etc/sysctl.kld.d/$1.conf" fi fi else debug "load_kld: $1 kernel module already loaded." fi return 0 } # ltr str src dst [var] # Change every $src in $str to $dst. # Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor # awk(1). If var is non-NULL, set it to the result. ltr() { local _str _src _dst _out _com _var _str="$1" _src="$2" _dst="$3" _var="$4" _out="" local IFS="${_src}" for _com in ${_str}; do if [ -z "${_out}" ]; then _out="${_com}" else _out="${_out}${_dst}${_com}" fi done if [ -n "${_var}" ]; then setvar "${_var}" "${_out}" else echo "${_out}" fi } # Creates a list of providers for GELI encryption. geli_make_list() { local devices devices2 local provider mountpoint type options rest # Create list of GELI providers from fstab. while read provider mountpoint type options rest ; do case ":${options}" in :*noauto*) noauto=yes ;; *) noauto=no ;; esac case ":${provider}" in :#*) continue ;; *.eli) # Skip swap devices. if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then continue fi devices="${devices} ${provider}" ;; esac done < /etc/fstab # Append providers from geli_devices. devices="${devices} ${geli_devices}" for provider in ${devices}; do provider=${provider%.eli} provider=${provider#/dev/} devices2="${devices2} ${provider}" done echo ${devices2} } # Originally, root mount hold had to be released before mounting # the root filesystem. This delayed the boot, so it was changed # to only wait if the root device isn't readily available. This # can result in rc scripts executing before all the devices - such # as graid(8), or USB disks - can be accessed. This function can # be used to explicitly wait for root mount holds to be released. root_hold_wait() { local wait waited holders waited=0 while true; do holders="$(sysctl -n vfs.root_mount_hold)" if [ -z "${holders}" ]; then break; fi if [ ${waited} -eq 0 ]; then echo -n "Waiting ${root_hold_delay}s" \ "for the root mount holders: ${holders}" else echo -n . fi if [ ${waited} -ge ${root_hold_delay} ]; then echo break fi sleep 1 waited=$(($waited + 1)) done } # Find scripts in local_startup directories that use the old syntax # find_local_scripts_old() { zlist='' slist='' for dir in ${local_startup}; do if [ -d "${dir}" ]; then for file in ${dir}/[0-9]*.sh; do grep '^# PROVIDE:' $file >/dev/null 2>&1 && continue zlist="$zlist $file" done for file in ${dir}/[!0-9]*.sh; do grep '^# PROVIDE:' $file >/dev/null 2>&1 && continue slist="$slist $file" done fi done } find_local_scripts_new() { local_rc='' for dir in ${local_startup}; do if [ -d "${dir}" ]; then for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do case "$file" in *.sample|*.pkgsave) ;; *) if [ -x "$file" ]; then local_rc="${local_rc} ${file}" fi ;; esac done fi done } find_system_scripts() { system_rc='' for file in /etc/rc.d/*; do case "${file##*/}" in *.pkgsave) ;; *) if [ -x "$file" ]; then system_rc="${system_rc} ${file}" fi ;; esac done } # check_required_{before|after} command # Check for things required by the command before and after its precmd, # respectively. The two separate functions are needed because some # conditions should prevent precmd from being run while other things # depend on precmd having already been run. # check_required_before() { local _f case "$1" in start) for _f in $required_vars; do if ! checkyesno $_f; then warn "\$${_f} is not enabled." if [ -z "$rc_force" ]; then return 1 fi fi done for _f in $required_dirs; do if [ ! -d "${_f}/." ]; then warn "${_f} is not a directory." if [ -z "$rc_force" ]; then return 1 fi fi done for _f in $required_files; do if [ ! -r "${_f}" ]; then warn "${_f} is not readable." if [ -z "$rc_force" ]; then return 1 fi fi done ;; esac return 0 } check_required_after() { local _f _args case "$1" in start) for _f in $required_modules; do case "${_f}" in *~*) _args="-e ${_f#*~} ${_f%%~*}" ;; *:*) _args="-m ${_f#*:} ${_f%%:*}" ;; *) _args="${_f}" ;; esac if ! load_kld ${_args}; then if [ -z "$rc_force" ]; then return 1 fi fi done ;; esac return 0 } # check_jail mib # Return true if security.jail.$mib exists and set to 1. check_jail() { local _mib _v _mib=$1 if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then case $_v in 1) return 0;; esac fi return 1 } # check_kern_features mib # Return existence of kern.features.* sysctl MIB as true or # false. The result will be cached in $_rc_cache_kern_features_ # namespace. "0" means the kern.features.X exists. check_kern_features() { local _v [ -n "$1" ] || return 1; eval _v=\$_rc_cache_kern_features_$1 [ -n "$_v" ] && return "$_v"; if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then eval _rc_cache_kern_features_$1=0 return 0 else eval _rc_cache_kern_features_$1=1 return 1 fi } # check_namevarlist var # Return "0" if ${name}_var is reserved in rc.subr. _rc_namevarlist="program chroot chdir env flags fib nice user group groups prepend setup" check_namevarlist() { local _v for _v in $_rc_namevarlist; do case $1 in $_v) return 0 ;; esac done return 1 } # _echoonce var msg mode # mode=0: Echo $msg if ${$var} is empty. # After doing echo, a string is set to ${$var}. # # mode=1: Echo $msg if ${$var} is a string with non-zero length. # _echoonce() { local _var _msg _mode eval _var=\$$1 _msg=$2 _mode=$3 case $_mode in 1) [ -n "$_var" ] && echo "$_msg" ;; *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;; esac } # If the loader env variable rc.debug is set, turn on debugging. rc.conf will # still override this, but /etc/defaults/rc.conf can't unconditionally set this # since it would undo what we've done here. if kenv -q rc.debug > /dev/null ; then rc_debug=YES fi boottrace_cmd=`command -v boottrace` if [ -n "$boottrace_cmd" ] && [ "`${SYSCTL_N} -q kern.boottrace.enabled`" = "1" ]; then rc_boottrace=YES fi SED=${SED:-$(Exists -x /usr/bin/sed /rescue/sed)} # Allow for local additions and overrides. # Use vdot to ensure the file has not been tampered with. vdot /etc/local.rc.subr # Avoid noise - when we do not have /usr mounted, # and we cannot use safe_dot without sed. if ! have basename; then basename() { local b=${1%$2} echo ${b##*/} } tty() { return 0 } # we cannot use safe_dot without sed [ -z "$SED" ] && _SAFE_EVAL_SH=: fi # safe_eval.sh provides safe_dot - for untrusted files $_SAFE_EVAL_SH vdot /libexec/safe_eval.sh $_DEBUG_SH vdot /libexec/debug.sh # Ensure we can still operate if debug.sh and # safe_eval.sh are not found. if have DebugOn; then # allow DEBUG_SH to be set from loader prompt DEBUG_SH=${DEBUG_SH:-$(kenv -q DEBUG_SH)} else DebugOn() { return 0; } DebugOff() { return 0; } fi if ! have save_dot; then safe_dot() { dot "$@"; } fi diff --git a/share/man/man8/rc.subr.8 b/share/man/man8/rc.subr.8 index 0906ecb2e787..8f7b72e96dc5 100644 --- a/share/man/man8/rc.subr.8 +++ b/share/man/man8/rc.subr.8 @@ -1,1192 +1,1199 @@ .\" $NetBSD: rc.subr.8,v 1.12 2004/01/06 00:52:24 lukem Exp $ .\" .\" Copyright (c) 2002-2004 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Luke Mewburn. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd February 10, 2024 +.Dd May 28, 2024 .Dt RC.SUBR 8 .Os .Sh NAME .Nm rc.subr .Nd functions used by system shell scripts .Sh SYNOPSIS .Bl -item -compact .It .Ic .\& Pa /etc/rc.subr .Pp .It .Ic backup_file Ar action Ar file Ar current Ar backup .It .Ic checkyesno Ar var .It .Ic check_pidfile Ar pidfile Ar procname Op Ar interpreter .It .Ic check_process Ar procname Op Ar interpreter .It .Ic DebugOn Ar tag ... .It .Ic DebugOff Ar tag ... .It .Ic debug Ar message .It .Ic dot Ar file ... .It .Ic err Ar exitval Ar message .It .Ic force_depend Ar name .It .Ic info Ar message .It .Ic is_verified Ar file .It .Ic load_kld Oo Fl e Ar regex Oc Oo Fl m Ar module Oc Ar file .It .Ic load_rc_config Oo Ar flag Oc Op Ar service .It .Ic load_rc_config_var Ar name Ar var .It .Ic mount_critical_filesystems Ar type .It .Ic rc_log Ar message .It .It rc_trace Ar level Ar message .It .Ic rc_usage Ar command ... .It .Ic reverse_list Ar item ... .It .Ic run_rc_command Ar argument .It .Ic run_rc_script Ar file Ar argument .It .Ic run_rc_scripts Oo options Oc Ar file ... .It .Ic safe_dot Ar file ... .It .Ic sdot Ar file ... .It .Ic startmsg Oo Fl n Oc Ar message .It .Ic vdot Ar file ... .It .Ic wait_for_pids Op Ar pid ... .It .Ic warn Ar message .El .Sh DESCRIPTION The .Nm script contains commonly used shell script functions and variable definitions which are used by various scripts such as .Xr rc 8 . Scripts required by ports in .Pa /usr/local/etc/rc.d will also eventually be rewritten to make use of it. .Pp The .Nm functions were mostly imported from .Nx . .Pp They are accessed by sourcing .Pa /etc/rc.subr into the current shell. .Pp The following shell functions are available: .Bl -tag -width 4n .It Ic backup_file Ar action file current backup Make a backup copy of .Ar file into .Ar current . Save the previous version of .Ar current as .Ar backup . .Pp The .Ar action argument may be one of the following: .Bl -tag -width ".Cm remove" .It Cm add .Ar file is now being backed up by or possibly re-entered into this backup mechanism. .Ar current is created. .It Cm update .Ar file has changed and needs to be backed up. If .Ar current exists, it is copied to .Ar backup and then .Ar file is copied to .Ar current . .It Cm remove .Ar file is no longer being tracked by this backup mechanism. .Ar current is moved to .Ar backup . .El .It Ic checkyesno Ar var Return 0 if .Ar var is defined to .Dq Li YES , .Dq Li TRUE , .Dq Li ON , or .Ql 1 . Return 1 if .Ar var is defined to .Dq Li NO , .Dq Li FALSE , .Dq Li OFF , or .Ql 0 . Otherwise, warn that .Ar var is not set correctly. The values are case insensitive. .Em Note : .Ar var should be a variable name, not its value; .Ic checkyesno will expand the variable by itself. .It Ic check_pidfile Ar pidfile procname Op Ar interpreter Parses the first word of the first line of .Ar pidfile for a PID, and ensures that the process with that PID is running and its first argument matches .Ar procname . Prints the matching PID if successful, otherwise nothing. If .Ar interpreter is provided, parse the first line of .Ar procname , ensure that the line is of the form: .Pp .Dl "#! interpreter [...]" .Pp and use .Ar interpreter with its optional arguments and .Ar procname appended as the process string to search for. .It Ic check_process Ar procname Op Ar interpreter Prints the PIDs of any processes that are running with a first argument that matches .Ar procname . .Ar interpreter is handled as per .Ic check_pidfile . .It Ic DebugOn Ar tag ... Enable tracing if not already enabled, and any .Ar tag is found in .Va DEBUG_SH (a comma separated list of tags). .Pp Record the .Ar tag that caused it to be enabled in .Va DEBUG_ON , set .Va DEBUG_DO empty and .Va DEBUG_SKIP to .Ql \&: . .Pp See .Xr debug.sh 8 for more details. .It Ic DebugOff Ar tag ... Disable tracing if enabled and any .Ar tag matches .Va DEBUG_ON , which means it was the reason tracing was enabled. .Pp Set .Va DEBUG_DO to .Ql \&: , and .Va DEBUG_ON , .Va DEBUG_SKIP empty. .It Ic debug Ar message Display a debugging message to .Va stderr , log it to the system log using .Xr logger 1 , and return to the caller. The error message consists of the script name (from .Va $0 ) , followed by .Dq Li ": DEBUG: " , and then .Ar message . This function is intended to be used by developers as an aid to debugging scripts. It can be turned on or off by the .Xr rc.conf 5 variable .Va rc_debug . .It Ic dot Ar file ... For reading in unverified files. .Pp Ensure shell .Li verify option is off. This option is only meaningful when .Xr mac_veriexec 4 is active. .Pp Read each .Ar file if it exists. .Pp Restore previous state of the .Li verify option. .It Ic err Ar exitval message Display an error message to .Va stderr , log it to the system log using .Xr logger 1 , and .Ic exit with an exit value of .Ar exitval . The error message consists of the script name (from .Va $0 ) , followed by .Dq Li ": ERROR: " , and then .Ar message . .It Ic force_depend Ar name Output an advisory message and force the .Ar name service to start. The .Ar name argument is the .Xr basename 1 component of the path to the script located at .Pa /etc/rc.d (scripts stored in other locations such as .Pa /usr/local/etc/rc.d cannot be controlled with .Ic force_depend currently). If the script fails for any reason it will output a warning and return with a return value of 1. If it was successful it will return 0. .It Ic is_verified Ar file If .Xr veriexec 8 does not exist, or .Xr mac_veriexec 4 is not active, just return success. Otherwise use .Xr veriexec 8 to check if .Ar file is verified. If not verified the return code will be 80 (EAUTH). .It Ic info Ar message Display an informational message to .Va stdout , and log it to the system log using .Xr logger 1 . The message consists of the script name (from .Va $0 ) , followed by .Dq Li ": INFO: " , and then .Ar message . The display of this informational output can be turned on or off by the .Xr rc.conf 5 variable .Va rc_info . .It Ic load_kld Oo Fl e Ar regex Oc Oo Fl m Ar module Oc Ar file Load .Ar file as a kernel module unless it is already loaded. For the purpose of checking the module status, either the exact module name can be specified using .Fl m , or an .Xr egrep 1 regular expression matching the module name can be supplied via .Fl e . By default, the module is assumed to have the same name as .Ar file , which is not always the case. .It Ic load_rc_config Oo Ar flag Oc Op Ar service Source in the configuration file(s) for .Ar service . If no .Ar service is specified, only the global configuration file(s) will be loaded. First, .Pa /etc/rc.conf is sourced if it has not yet been read in. Then, .Pa /etc/rc.conf.d/ Ns Ar service is sourced if it is an existing file. The latter may also contain other variable assignments to override .Ic run_rc_command arguments defined by the calling script, to provide an easy mechanism for an administrator to override the behaviour of a given .Xr rc.d 8 script without requiring the editing of that script. .Pp The function named by .Va load_rc_config_reader (default is .Ic dot ) is used to read configuration unless .Ar flag is: .Bl -tag -width Ds .It Fl s use .Ic sdot to read configuration, because we want verified configuration or to use .Ic safe_dot to read an unverified configuration. .It Fl v use .Ic vdot to read in configuration only if it is verified. .El .Pp .Ic DebugOn will be called with tags derived from .Ar name to enable tracing if any appear in .Va DEBUG_SH . .It Ic load_rc_config_var Ar name Ar var Read the .Xr rc.conf 5 variable .Ar var for .Ar name and set in the current shell, using .Ic load_rc_config in a sub-shell to prevent unwanted side effects from other variable assignments. .It Ic mount_critical_filesystems Ar type Go through a list of critical file systems, as found in the .Xr rc.conf 5 variable .Va critical_filesystems_ Ns Ar type , mounting each one that is not currently mounted. .It Ic rc_log Ar message Output .Ar message with a timestamp, which is both human readable and easily parsed for post processing, using: .Bd -literal -offset indent date "+@ %s [%Y-%m-%d %H:%M:%S %Z] $*" .Ed .It Ic rc_trace Ar level Ar message If the file .Pa /etc/rc.conf.d/rc_trace exists and is not empty attempt to set .Va RC_LEVEL based on its content. If the file is empty or does not contain a value for .Va RC_LEVEL , set it to .Li 0 . .Pp If .Ar level is greater than or equal to .Va RC_LEVEL pass .Ar message to .Ic rc_log . .It Ic rc_usage Ar command ... Print a usage message for .Va $0 , with .Ar commands being the list of valid arguments prefixed by .Sm off .Dq Bq Li fast | force | one | quiet . .Sm on .It Ic reverse_list Ar item ... Print the list of .Ar items in reverse order. .It Ic run_rc_command Ar argument Run the .Ar argument method for the current .Xr rc.d 8 script, based on the settings of various shell variables. .Ic run_rc_command is extremely flexible, and allows fully functional .Xr rc.d 8 scripts to be implemented in a small amount of shell code. .Pp .Ar argument is searched for in the list of supported commands, which may be one of: .Bl -tag -width ".Cm restart" -offset indent .It Cm start Start the service. This should check that the service is to be started as specified by .Xr rc.conf 5 . Also checks if the service is already running and refuses to start if it is. This latter check is not performed by standard .Fx scripts if the system is starting directly to multi-user mode, to speed up the boot process. .It Cm stop If the service is to be started as specified by .Xr rc.conf 5 , stop the service. This should check that the service is running and complain if it is not. .It Cm restart Perform a .Cm stop then a .Cm start . Defaults to displaying the process ID of the program (if running). .It Cm enabled Return 0 if the service is enabled and 1 if it is not. This command does not print anything. .It Cm rcvar Display which .Xr rc.conf 5 variables are used to control the startup of the service (if any). .El .Pp If .Va pidfile or .Va procname is set, also support: .Bl -tag -width ".Cm restart" -offset indent .It Cm poll Wait for the command to exit. .It Cm status Show the status of the process. .El .Pp Other supported commands are listed in the optional variable .Va extra_commands . .Pp .Ar argument may have one of the following prefixes which alters its operation: .Bl -tag -width ".Li force" -offset indent .It Li fast Skip the check for an existing running process, and sets .Va rc_fast Ns = Ns Li YES . .It Li force Skip the checks for .Va rcvar being set to .Dq Li YES , and sets .Va rc_force Ns = Ns Li YES . This ignores .Ar argument Ns Va _precmd returning non-zero, and ignores any of the .Va required_* tests failing, and always returns a zero exit status. .It Li one Skip the checks for .Va rcvar being set to .Dq Li YES , but performs all the other prerequisite tests. .It Li quiet Inhibits some verbose diagnostics. Currently, this includes messages .Qq Starting ${name} (as checked by .Ic check_startmsgs inside .Nm ) and errors about usage of services that are not enabled in .Xr rc.conf 5 . This prefix also sets .Va rc_quiet Ns = Ns Li YES . .Em Note : .Va rc_quiet is not intended to completely mask all debug and warning messages, but only certain small classes of them. .El .Pp .Ic run_rc_command uses the following shell variables to control its behaviour. Unless otherwise stated, these are optional. .Bl -tag -width ".Va procname" -offset indent .It Va name The name of this script. This is not optional. .It Va rcvar The value of .Va rcvar is checked with .Ic checkyesno to determine if this method should be run. .It Va command Full path to the command. Not required if .Ar argument Ns Va _cmd is defined for each supported keyword. Can be overridden by .Va ${name}_program . .It Va command_args Optional arguments and/or shell directives for .Va command . .It Va command_interpreter .Va command is started with: .Pp .Dl "#! command_interpreter [...]" .Pp which results in its .Xr ps 1 command being: .Pp .Dl "command_interpreter [...] command" .Pp so use that string to find the PID(s) of the running command rather than .Va command . .It Va extra_commands Extra commands/keywords/arguments supported. .It Va pidfile Path to PID file. Used to determine the PID(s) of the running command. If .Va pidfile is set, use: .Pp .Dl "check_pidfile $pidfile $procname" .Pp to find the PID. Otherwise, if .Va command is set, use: .Pp .Dl "check_process $procname" .Pp to find the PID. .It Va procname Process name to check for. Defaults to the value of .Va command . .It Va required_dirs Check for the existence of the listed directories before running the .Cm start method. The list is checked before running .Va start_precmd . .It Va required_files Check for the readability of the listed files before running the .Cm start method. The list is checked before running .Va start_precmd . .It Va required_modules Ensure that the listed kernel modules are loaded before running the .Cm start method. The list is checked after running .Va start_precmd . This is done after invoking the commands from .Va start_precmd so that the missing modules are not loaded in vain if the preliminary commands indicate a error condition. A word in the list can have an optional .Dq Li \&: Ns Ar modname or .Dq Li ~ Ns Ar pattern suffix. The .Ar modname or .Ar pattern parameter is passed to .Ic load_kld through a .Fl m or .Fl e option, respectively. See the description of .Ic load_kld in this document for details. .It Va required_vars Perform .Ic checkyesno on each of the list variables before running the .Cm start method. The list is checked after running .Va start_precmd . .It Va ${name}_chdir Directory to .Ic cd to before running .Va command , if .Va ${name}_chroot is not provided. .It Va ${name}_chroot Directory to .Xr chroot 8 to before running .Va command . Only supported after .Pa /usr is mounted. .It Va ${name}_env A list of environment variables to run .Va command with. Those variables will be passed as arguments to the .Xr env 1 utility unless .Ar argument Ns Va _cmd is defined. In that case the contents of .Va ${name}_env will be exported via the .Xr export 1 builtin of .Xr sh 1 , which puts some limitations on the names of variables (e.g., a variable name may not start with a digit). .It Va ${name}_env_file A file to source for environmental variables to run .Va command with. .Em Note : all the variables which are being assigned in this file are going to be exported into the environment of .Va command . .It Va ${name}_fib FIB .Pa Routing Table number to run .Va command with. See .Xr setfib 1 for more details. .It Va ${name}_flags Arguments to call .Va command with. This is usually set in .Xr rc.conf 5 , and not in the .Xr rc.d 8 script. The environment variable .Sq Ev flags can be used to override this. .It Va ${name}_nice .Xr nice 1 level to run .Va command as. Only supported after .Pa /usr is mounted. .It Va ${name}_limits Resource limits to apply to .Va command . This will be passed as arguments to the .Xr limits 1 utility. By default, the resource limits are based on the login class defined in .Va ${name}_login_class . .It Va ${name}_login_class Login class to use with .Va ${name}_limits . Defaults to .Dq Li daemon . .It Va ${name}_oomprotect .Xr protect 1 .Va command from being killed when swap space is exhausted. If .Dq Li YES is used, no child processes are protected. If .Dq Li ALL , protect all child processes. .It Va ${name}_program Full path to the command. Overrides .Va command if both are set, but has no effect if .Va command is unset. As a rule, .Va command should be set in the script while .Va ${name}_program should be set in .Xr rc.conf 5 . .It Va ${name}_user User to run .Va command as, using .Xr chroot 8 if .Va ${name}_chroot is set, otherwise uses .Xr su 1 . Only supported after .Pa /usr is mounted. .It Va ${name}_group Group to run the chrooted .Va command as. .It Va ${name}_groups Comma separated list of supplementary groups to run the chrooted .Va command with. .It Va ${name}_prepend Commands to be prepended to .Va command . This is a generic version of .Va ${name}_env , .Va ${name}_fib , or .Va ${name}_nice . .It Va ${name}_setup -Command to be run prior to -.Va command . +Optional command to be run during +.Cm start , +.Cm restart , +and +.Cm reload +prior to the respective +.Ar argument Ns Va _precmd . +If the command fails for any reason it will output a warning, +but execution will continue. .It Ar argument Ns Va _cmd Shell commands which override the default method for .Ar argument . .It Ar argument Ns Va _precmd Shell commands to run just before running .Ar argument Ns Va _cmd or the default method for .Ar argument . If this returns a non-zero exit code, the main method is not performed. If the default method is being executed, this check is performed after the .Va required_* checks and process (non-)existence checks. .It Ar argument Ns Va _postcmd Shell commands to run if running .Ar argument Ns Va _cmd or the default method for .Ar argument returned a zero exit code. .It Va sig_stop Signal to send the processes to stop in the default .Cm stop method. Defaults to .Dv SIGTERM . .It Va sig_reload Signal to send the processes to reload in the default .Cm reload method. Defaults to .Dv SIGHUP . .El .Pp For a given method .Ar argument , if .Ar argument Ns Va _cmd is not defined, then a default method is provided by .Ic run_rc_command : .Bl -tag -width ".Sy Argument" -offset indent .It Sy Argument .Sy Default method .It Cm start If .Va command is not running and .Ic checkyesno Va rcvar succeeds, start .Va command . .It Cm stop Determine the PIDs of .Va command with .Ic check_pidfile or .Ic check_process (as appropriate), .Ic kill Va sig_stop those PIDs, and run .Ic wait_for_pids on those PIDs. .It Cm reload Similar to .Cm stop , except that it uses .Va sig_reload instead, and does not run .Ic wait_for_pids . Another difference from .Cm stop is that .Cm reload is not provided by default. It can be enabled via .Va extra_commands if appropriate: .Pp .Dl "extra_commands=reload" .It Cm restart Runs the .Cm stop method, then the .Cm start method. .It Cm status Show the PID of .Va command , or some other script specific status operation. .It Cm poll Wait for .Va command to exit. .It Cm rcvar Display which .Xr rc.conf 5 variable is used (if any). This method always works, even if the appropriate .Xr rc.conf 5 variable is set to .Dq Li NO . .El .Pp The following variables are available to the methods (such as .Ar argument Ns Va _cmd ) as well as after .Ic run_rc_command has completed: .Bl -tag -width ".Va rc_service" -offset indent .It Va rc_arg Argument provided to .Ic run_rc_command , after fast and force processing has been performed. .It Va rc_flags Flags to start the default command with. Defaults to .Va ${name}_flags , unless overridden by the environment variable .Sq Ev flags . This variable may be changed by the .Ar argument Ns Va _precmd method. .It Va rc_service Path to the service script being executed, in case it needs to re-invoke itself. .It Va rc_pid PID of .Va command (if appropriate). .It Va rc_fast Not empty if .Dq Li fast prefix was used. .It Va rc_force Not empty if .Dq Li force prefix was used. .El .It Ic run_rc_script Ar file argument Start the script .Ar file with an argument of .Ar argument , and handle the return value from the script. .Pp Various shell variables are unset before .Ar file is started: .Bd -ragged -offset indent .Va name , .Va command , .Va command_args , .Va command_interpreter , .Va extra_commands , .Va pidfile , .Va rcvar , .Va required_dirs , .Va required_files , .Va required_vars , .Ar argument Ns Va _cmd , .Ar argument Ns Va _precmd . .Ar argument Ns Va _postcmd . .Ed .Pp Call .Ic rc_trace to indicate that .Ar file is to be run. .Pp However, if .Ic is_verified Ar file fails, just return. .Pp .Ic DebugOn will be called with tags derrived from .Va name and .Va rc_arg to enable tracing if any of those tags appear in .Va DEBUG_SH . .Pp The startup behaviour of .Ar file depends upon the following checks: .Bl -enum .It If .Ar file ends in .Pa .sh , it is sourced into the current shell. .It If .Ar file appears to be a backup or scratch file (e.g., with a suffix of .Pa ~ , # , .OLD , or .Pa .orig ) , ignore it. .It If .Ar file is not executable, ignore it. .It If the .Xr rc.conf 5 variable .Va rc_fast_and_loose is empty, source .Ar file in a sub shell, otherwise source .Ar file into the current shell. .El .It Ic run_rc_scripts Oo options Oc file ... Call .Ic run_rc_script for each .Ar file , unless it is already recorded as having been run. .Pp The .Ar options are: .Bl -tag -width "--break break" .It Ic --arg Ar arg Pass .Ar arg to .Ic run_rc_script , default is .Ar _boot set by .Xr rc 8 . .It Ic --break Ar break Stop processing if any .Ar file matches any .Ar break .El .It Ic safe_dot Ar file ... Used by .Ic sdot when .Xr mac_veriexec 4 is active and .Ar file is not verified. .Pp This function limits the input from .Ar file to simple variable assignments with any non-alphanumeric characters replaced with .Ql _ . .It Ic sdot Ar file ... For reading in configuration files. Skip files that do not exist or are empty. Try using .Ic vdot and if that fails (the file is unverified) fall back to using .Ic safe_dot . .It Ic startmsg Oo Fl n Oc Ar message Display a start message to .Va stdout . It should be used instead of .Xr echo 1 . The display of this output can be turned off if the .Xr rc.conf 5 variable .Va rc_startmsgs is set to .Dq Li NO . .It Ic stop_boot Op Ar always Prevent booting to multiuser mode. If the .Va autoboot variable is set to .Ql yes (see .Xr rc 8 to learn more about .Va autoboot ) , or .Ic checkyesno Ar always indicates a truth value, then a .Dv SIGTERM signal is sent to the parent process, which is assumed to be .Xr rc 8 . Otherwise, the shell exits with a non-zero status. .It Ic vdot Ar file ... For reading in only verified files. .Pp Ensure shell .Li verify option is on. This option is only meaningful when .Xr mac_veriexec 4 is active, otherwise this function is effectively the same as .Ic dot . .Pp Read in each .Ar file if it exists and .Ic is_verfied Ar file is successful, otherwise set return code to 80 (EAUTH). .Pp Restore previous state of the .Li verify option. .It Ic wait_for_pids Op Ar pid ... Wait until all of the provided .Ar pids do not exist any more, printing the list of outstanding .Ar pids every two seconds. .It Ic warn Ar message Display a warning message to .Va stderr and log it to the system log using .Xr logger 1 . The warning message consists of the script name (from .Va $0 ) , followed by .Dq Li ": WARNING: " , and then .Ar message . .El .Sh FILES .Bl -tag -width ".Pa /etc/rc.subr" -compact .It Pa /etc/rc.subr The .Nm file resides in .Pa /etc . .El .Sh SEE ALSO .Xr debug.sh 8 , .Xr rc.conf 5 , .Xr rc 8 .Sh HISTORY The .Nm script appeared in .Nx 1.3 . The .Xr rc.d 8 support functions appeared in .Nx 1.5 . The .Nm script first appeared in .Fx 5.0 .