Index: head/etc/ntp/leap-seconds =================================================================== --- head/etc/ntp/leap-seconds (revision 298886) +++ head/etc/ntp/leap-seconds (revision 298887) @@ -1,221 +1,221 @@ # # $FreeBSD$ # # In the following text, the symbol '#' introduces # a comment, which continues from that symbol until # the end of the line. A plain comment line has a # whitespace character following the comment indicator. # There are also special comment lines defined below. # A special comment will always have a non-whitespace # character in column 2. # # A blank line should be ignored. # # The following table shows the corrections that must # be applied to compute International Atomic Time (TAI) # from the Coordinated Universal Time (UTC) values that # are transmitted by almost all time services. # # The first column shows an epoch as a number of seconds # since 1900.0 and the second column shows the number of # seconds that must be added to UTC to compute TAI for # any timestamp at or after that epoch. The value on # each line is valid from the indicated initial instant # until the epoch given on the next one or indefinitely # into the future if there is no next line. # (The comment on each line shows the representation of # the corresponding initial epoch in the usual # day-month-year format. The epoch always begins at # 00:00:00 UTC on the indicated day. See Note 5 below.) # # Important notes: # # 1. Coordinated Universal Time (UTC) is often referred to # as Greenwich Mean Time (GMT). The GMT time scale is no # longer used, and the use of GMT to designate UTC is # discouraged. # # 2. The UTC time scale is realized by many national # laboratories and timing centers. Each laboratory # identifies its realization with its name: Thus # UTC(NIST), UTC(USNO), etc. The differences among # these different realizations are typically on the # order of a few nanoseconds (i.e., 0.000 000 00x s) # and can be ignored for many purposes. These differences # are tabulated in Circular T, which is published monthly # by the International Bureau of Weights and Measures # (BIPM). See www.bipm.fr for more information. # -# 3. The current defintion of the relationship between UTC +# 3. The current definition of the relationship between UTC # and TAI dates from 1 January 1972. A number of different # time scales were in use before than epoch, and it can be # quite difficult to compute precise timestamps and time # intervals in those "prehistoric" days. For more information, # consult: # # The Explanatory Supplement to the Astronomical # Ephemeris. # or # Terry Quinn, "The BIPM and the Accurate Measurement # of Time," Proc. of the IEEE, Vol. 79, pp. 894-905, # July, 1991. # # 4. The insertion of leap seconds into UTC is currently the # responsibility of the International Earth Rotation Service, # which is located at the Paris Observatory: # # Central Bureau of IERS # 61, Avenue de l'Observatoire # 75014 Paris, France. # # Leap seconds are announced by the IERS in its Bulletin C # # See hpiers.obspm.fr or www.iers.org for more details. # # All national laboratories and timing centers use the # data from the BIPM and the IERS to construct their # local realizations of UTC. # # Although the definition also includes the possibility # of dropping seconds ("negative" leap seconds), this has # never been done and is unlikely to be necessary in the # foreseeable future. # # 5. If your system keeps time as the number of seconds since # some epoch (e.g., NTP timestamps), then the algorithm for # assigning a UTC time stamp to an event that happens during a positive # leap second is not well defined. The official name of that leap # second is 23:59:60, but there is no way of representing that time # in these systems. # Many systems of this type effectively stop the system clock for # one second during the leap second and use a time that is equivalent # to 23:59:59 UTC twice. For these systems, the corresponding TAI # timestamp would be obtained by advancing to the next entry in the # following table when the time equivalent to 23:59:59 UTC # is used for the second time. Thus the leap second which # occurred on 30 June 1972 at 23:59:59 UTC would have TAI # timestamps computed as follows: # # ... # 30 June 1972 23:59:59 (2287785599, first time): TAI= UTC + 10 seconds # 30 June 1972 23:59:60 (2287785599,second time): TAI= UTC + 11 seconds # 1 July 1972 00:00:00 (2287785600) TAI= UTC + 11 seconds # ... # # If your system realizes the leap second by repeating 00:00:00 UTC twice # (this is possible but not usual), then the advance to the next entry # in the table must occur the second time that a time equivlent to # 00:00:00 UTC is used. Thus, using the same example as above: # # ... # 30 June 1972 23:59:59 (2287785599): TAI= UTC + 10 seconds # 30 June 1972 23:59:60 (2287785600, first time): TAI= UTC + 10 seconds # 1 July 1972 00:00:00 (2287785600,second time): TAI= UTC + 11 seconds # ... # # in both cases the use of timestamps based on TAI produces a smooth # time scale with no discontinuity in the time interval. # # This complexity would not be needed for negative leap seconds (if they # are ever used). The UTC time would skip 23:59:59 and advance from # 23:59:58 to 00:00:00 in that case. The TAI offset would decrease by # 1 second at the same instant. This is a much easier situation to deal # with, since the difficulty of unambiguously representing the epoch # during the leap second does not arise. # # Questions or comments to: # Jeff Prillaman # Time Service Department # US Naval Observatory # Washington, DC # jeffrey.prillaman@usno.navy.mil # # Last Update of leap second values: 31 Dec 2015 # # The following line shows this last update date in NTP timestamp # format. This is the date on which the most recent change to # the leap second data was added to the file. This line can # be identified by the unique pair of characters in the first two # columns as shown below. # #$ 3660508800 # # The data in this file will be updated periodically as new leap # seconds are announced. In addition to being entered on the line # above, the update time (in NTP format) will be added to the basic # file name leap-seconds to form the name leap-seconds.. # In addition, the generic name leap-seconds.list will always point to # the most recent version of the file. # # This update procedure will be performed only when a new leap second # is announced. # # The following entry specifies the expiration date of the data # in this file in units of seconds since 1900.0. This expiration date # will be changed at least twice per year whether or not a new leap # second is announced. These semi-annual changes will be made no # later than 1 June and 1 December of each year to indicate what # action (if any) is to be taken on 30 June and 31 December, # respectively. (These are the customary effective dates for new # leap seconds.) This expiration date will be identified by a # unique pair of characters in columns 1 and 2 as shown below. # In the unlikely event that a leap second is announced with an # effective date other than 30 June or 31 December, then this # file will be edited to include that leap second as soon as it is # announced or at least one month before the effective date # (whichever is later). # If an announcement by the IERS specifies that no leap second is # scheduled, then only the expiration date of the file will # be advanced to show that the information in the file is still # current -- the update time stamp, the data and the name of the file # will not change. # # Updated through IERS Bulletin C 50 # File expires on: 1 Jun 2016 # #@ 3673728000 # 2272060800 10 # 1 Jan 1972 2287785600 11 # 1 Jul 1972 2303683200 12 # 1 Jan 1973 2335219200 13 # 1 Jan 1974 2366755200 14 # 1 Jan 1975 2398291200 15 # 1 Jan 1976 2429913600 16 # 1 Jan 1977 2461449600 17 # 1 Jan 1978 2492985600 18 # 1 Jan 1979 2524521600 19 # 1 Jan 1980 2571782400 20 # 1 Jul 1981 2603318400 21 # 1 Jul 1982 2634854400 22 # 1 Jul 1983 2698012800 23 # 1 Jul 1985 2776982400 24 # 1 Jan 1988 2840140800 25 # 1 Jan 1990 2871676800 26 # 1 Jan 1991 2918937600 27 # 1 Jul 1992 2950473600 28 # 1 Jul 1993 2982009600 29 # 1 Jul 1994 3029443200 30 # 1 Jan 1996 3076704000 31 # 1 Jul 1997 3124137600 32 # 1 Jan 1999 3345062400 33 # 1 Jan 2006 3439756800 34 # 1 Jan 2009 3550089600 35 # 1 Jul 2012 3644697600 36 # 1 Jul 2015 # # the following special comment contains the # hash value of the data in this file computed # use the secure hash algorithm as specified # by FIPS 180-1. See the files in ~/sha for # the details of how this hash value is # computed. Note that the hash computation # ignores comments and whitespace characters # in data lines. It includes the NTP values # of both the last modification time and the # expiration time of the file, but not the # white space on those lines. # the hash line is also ignored in the # computation. # #h 44a44c49 35b22601 a9c7054c 8c56cf57 9b6f6ed5 # Index: head/etc/protocols =================================================================== --- head/etc/protocols (revision 298886) +++ head/etc/protocols (revision 298887) @@ -1,158 +1,158 @@ # # Internet protocols # # $FreeBSD$ # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # See also http://www.iana.org/assignments/protocol-numbers # ip 0 IP # internet protocol, pseudo protocol number #hopopt 0 HOPOPT # hop-by-hop options for ipv6 icmp 1 ICMP # internet control message protocol igmp 2 IGMP # internet group management protocol ggp 3 GGP # gateway-gateway protocol ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') st2 5 ST2 # ST2 datagram mode (RFC 1819) (officially ``ST'') tcp 6 TCP # transmission control protocol cbt 7 CBT # CBT, Tony Ballardie egp 8 EGP # exterior gateway protocol igp 9 IGP # any private interior gateway (Cisco: for IGRP) bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring nvp 11 NVP-II # Network Voice Protocol pup 12 PUP # PARC universal packet protocol argus 13 ARGUS # ARGUS emcon 14 EMCON # EMCON xnet 15 XNET # Cross Net Debugger chaos 16 CHAOS # Chaos udp 17 UDP # user datagram protocol mux 18 MUX # Multiplexing protocol dcn 19 DCN-MEAS # DCN Measurement Subsystems hmp 20 HMP # host monitoring protocol prm 21 PRM # packet radio measurement protocol xns-idp 22 XNS-IDP # Xerox NS IDP trunk-1 23 TRUNK-1 # Trunk-1 trunk-2 24 TRUNK-2 # Trunk-2 leaf-1 25 LEAF-1 # Leaf-1 leaf-2 26 LEAF-2 # Leaf-2 rdp 27 RDP # "reliable datagram" protocol irtp 28 IRTP # Internet Reliable Transaction Protocol iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4 netblt 30 NETBLT # Bulk Data Transfer Protocol mfe-nsp 31 MFE-NSP # MFE Network Services Protocol merit-inp 32 MERIT-INP # MERIT Internodal Protocol dccp 33 DCCP # Datagram Congestion Control Protocol 3pc 34 3PC # Third Party Connect Protocol idpr 35 IDPR # Inter-Domain Policy Routing Protocol -xtp 36 XTP # Xpress Tranfer Protocol +xtp 36 XTP # Xpress Transfer Protocol ddp 37 DDP # Datagram Delivery Protocol idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto tp++ 39 TP++ # TP++ Transport Protocol il 40 IL # IL Transport Protocol ipv6 41 IPV6 # ipv6 sdrp 42 SDRP # Source Demand Routing Protocol ipv6-route 43 IPV6-ROUTE # routing header for ipv6 ipv6-frag 44 IPV6-FRAG # fragment header for ipv6 idrp 45 IDRP # Inter-Domain Routing Protocol rsvp 46 RSVP # Resource ReSerVation Protocol gre 47 GRE # Generic Routing Encapsulation dsr 48 DSR # Dynamic Source Routing Protocol bna 49 BNA # BNA esp 50 ESP # encapsulating security payload ah 51 AH # authentication header i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA swipe 53 SWIPE # IP with Encryption narp 54 NARP # NBMA Address Resolution Protocol mobile 55 MOBILE # IP Mobility tlsp 56 TLSP # Transport Layer Security Protocol skip 57 SKIP # SKIP ipv6-icmp 58 IPV6-ICMP icmp6 # ICMP for IPv6 ipv6-nonxt 59 IPV6-NONXT # no next header for ipv6 ipv6-opts 60 IPV6-OPTS # destination options for ipv6 # 61 # any host internal protocol cftp 62 CFTP # CFTP # 63 # any local network sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK kryptolan 65 KRYPTOLAN # Kryptolan rvd 66 RVD # MIT Remote Virtual Disk Protocol ippc 67 IPPC # Internet Pluribus Packet Core # 68 # any distributed filesystem sat-mon 69 SAT-MON # SATNET Monitoring visa 70 VISA # VISA Protocol ipcv 71 IPCV # Internet Packet Core Utility cpnx 72 CPNX # Computer Protocol Network Executive cphb 73 CPHB # Computer Protocol Heart Beat wsn 74 WSN # Wang Span Network pvp 75 PVP # Packet Video Protocol br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary wb-mon 78 WB-MON # WIDEBAND Monitoring wb-expak 79 WB-EXPAK # WIDEBAND EXPAK iso-ip 80 ISO-IP # ISO Internet Protocol vmtp 81 VMTP # Versatile Message Transport secure-vmtp 82 SECURE-VMTP # SECURE-VMTP vines 83 VINES # VINES ttp 84 TTP # TTP #iptm 84 IPTM # Protocol Internet Protocol Traffic nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP dgp 86 DGP # Dissimilar Gateway Protocol tcf 87 TCF # TCF eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) ospf 89 OSPFIGP # Open Shortest Path First IGP sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol larp 91 LARP # Locus Address Resolution Protocol mtp 92 MTP # Multicast Transport Protocol ax.25 93 AX.25 # AX.25 Frames ipip 94 IPIP # Yet Another IP encapsulation micp 95 MICP # Mobile Internetworking Control Pro. scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. etherip 97 ETHERIP # Ethernet-within-IP Encapsulation encap 98 ENCAP # Yet Another IP encapsulation # 99 # any private encryption scheme gmtp 100 GMTP # GMTP ifmp 101 IFMP # Ipsilon Flow Management Protocol pnni 102 PNNI # PNNI over IP pim 103 PIM # Protocol Independent Multicast aris 104 ARIS # ARIS scps 105 SCPS # SCPS qnx 106 QNX # QNX a/n 107 A/N # Active Networks ipcomp 108 IPComp # IP Payload Compression Protocol snp 109 SNP # Sitara Networks Protocol compaq-peer 110 Compaq-Peer # Compaq Peer Protocol ipx-in-ip 111 IPX-in-IP # IPX in IP carp 112 CARP vrrp # Common Address Redundancy Protocol pgm 113 PGM # PGM Reliable Transport Protocol # 114 # any 0-hop protocol l2tp 115 L2TP # Layer Two Tunneling Protocol ddx 116 DDX # D-II Data Exchange iatp 117 IATP # Interactive Agent Transfer Protocol stp 118 STP # Schedule Transfer Protocol srp 119 SRP # SpectraLink Radio Protocol uti 120 UTI # UTI smp 121 SMP # Simple Message Protocol sm 122 SM # SM ptp 123 PTP # Performance Transparency Protocol isis 124 ISIS # ISIS over IPv4 fire 125 FIRE crtp 126 CRTP # Combat Radio Transport Protocol crudp 127 CRUDP # Combat Radio User Datagram sscopmce 128 SSCOPMCE iplt 129 IPLT sps 130 SPS # Secure Packet Shield pipe 131 PIPE # Private IP Encapsulation within IP sctp 132 SCTP # Stream Control Transmission Protocol fc 133 FC # Fibre Channel rsvp-e2e-ignore 134 RSVP-E2E-IGNORE # Aggregation of RSVP for IP reservations mobility-header 135 Mobility-Header # Mobility Support in IPv6 udplite 136 UDPLite # The UDP-Lite Protocol mpls-in-ip 137 MPLS-IN-IP # Encapsulating MPLS in IP manet 138 MANET # MANET Protocols (RFC5498) hip 139 HIP # Host Identity Protocol (RFC5201) shim6 140 SHIM6 # Shim6 Protocol (RFC5533) wesp 141 WESP # Wrapped Encapsulating Security Payload (RFC5840) rohc 142 ROHC # Robust Header Compression (RFC5858) # 138-254 # Unassigned pfsync 240 PFSYNC # PF Synchronization # 253-254 # Use for experimentation and testing (RFC3692) # 255 # Reserved divert 258 DIVERT # Divert pseudo-protocol [non IANA] Index: head/etc/rc.d/sendmail =================================================================== --- head/etc/rc.d/sendmail (revision 298886) +++ head/etc/rc.d/sendmail (revision 298887) @@ -1,222 +1,222 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: mail # REQUIRE: LOGIN FILESYSTEMS # we make mail start late, so that things like .forward's are not # processed until the system is fully operational # KEYWORD: shutdown # XXX - Get together with sendmail mantainer to figure out how to # better handle SENDMAIL_ENABLE and 3rd party MTAs. # . /etc/rc.subr name="sendmail" desc="Electronic mail transport agent" rcvar="sendmail_enable" required_files="/etc/mail/${name}.cf" start_precmd="sendmail_precmd" load_rc_config $name command=${sendmail_program:-/usr/sbin/${name}} pidfile=${sendmail_pidfile:-/var/run/${name}.pid} procname=${sendmail_procname:-/usr/sbin/${name}} CERTDIR=/etc/mail/certs case ${sendmail_enable} in [Nn][Oo][Nn][Ee]) sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" ;; esac # If sendmail_enable=yes, don't need submit or outbound daemon if checkyesno sendmail_enable; then sendmail_submit_enable="NO" sendmail_outbound_enable="NO" fi # If sendmail_submit_enable=yes, don't need outbound daemon if checkyesno sendmail_submit_enable; then sendmail_outbound_enable="NO" fi sendmail_cert_create() { cnname="${sendmail_cert_cn:-`hostname`}" cnname="${cnname:-amnesiac}" # based upon: # http://www.sendmail.org/~ca/email/other/cagreg.html CAdir=`mktemp -d` && certpass=`(date; ps ax ; hostname) | md5 -q` # make certificate authority ( cd "$CAdir" && chmod 700 "$CAdir" && mkdir certs crl newcerts && echo "01" > serial && :> index.txt && cat <<-OPENSSL_CNF > openssl.cnf && RANDFILE = $CAdir/.rnd [ ca ] default_ca = CA_default [ CA_default ] dir = . certs = \$dir/certs # Where the issued certs are kept crl_dir = \$dir/crl # Where the issued crl are kept database = \$dir/index.txt # database index file. new_certs_dir = \$dir/newcerts # default place for new certs. certificate = \$dir/cacert.pem # The CA certificate serial = \$dir/serial # The current serial number crlnumber = \$dir/crlnumber # the current crl number crl = \$dir/crl.pem # The current CRL private_key = \$dir/cakey.pem - x509_extensions = usr_cert # The extentions to add to the cert + x509_extensions = usr_cert # The extensions to add to the cert name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering policy = policy_anything [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes - x509_extensions = v3_ca # The extentions to add to the self signed cert + x509_extensions = v3_ca # The extensions to add to the self signed cert string_mask = utf8only prompt = no [ req_distinguished_name ] countryName = XX stateOrProvinceName = Some-state localityName = Some-city 0.organizationName = Some-org CN = $cnname [ req_attributes ] challengePassword = foobar unstructuredName = An optional company name [ usr_cert ] basicConstraints=CA:FALSE nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = CA:true OPENSSL_CNF # though we use a password, the key is discarded and never used openssl req -batch -passout pass:"$certpass" -new -x509 \ -keyout cakey.pem -out cacert.pem -days 3650 \ -config openssl.cnf -newkey rsa:2048 >/dev/null 2>&1 && # make new certificate openssl req -batch -nodes -new -x509 -keyout newkey.pem \ -out newreq.pem -days 365 -config openssl.cnf \ -newkey rsa:2048 >/dev/null 2>&1 && # sign certificate openssl x509 -x509toreq -in newreq.pem -signkey newkey.pem \ -out tmp.pem >/dev/null 2>&1 && openssl ca -notext -config openssl.cnf \ -out newcert.pem -keyfile cakey.pem -cert cacert.pem \ -key "$certpass" -batch -infiles tmp.pem >/dev/null 2>&1 && mkdir -p "$CERTDIR" && chmod 0755 "$CERTDIR" && chmod 644 newcert.pem cacert.pem && chmod 600 newkey.pem && cp -p newcert.pem "$CERTDIR"/host.cert && cp -p cacert.pem "$CERTDIR"/cacert.pem && cp -p newkey.pem "$CERTDIR"/host.key && ln -s cacert.pem "$CERTDIR"/`openssl x509 -hash -noout \ -in cacert.pem`.0) retVal="$?" rm -rf "$CAdir" return "$retVal" } sendmail_precmd() { # Die if there's pre-8.10 custom configuration file. This check is # mandatory for smooth upgrade. See NetBSD PR 10100 for details. # if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then warn \ "${name} was not started; you have multiple copies of sendmail.cf." return 1 fi fi # check modifications on /etc/mail/aliases if checkyesno sendmail_rebuild_aliases; then if [ -f "/etc/mail/aliases.db" ]; then if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then echo \ "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating" /usr/bin/newaliases fi else echo \ "${name}: /etc/mail/aliases.db not present, generating" /usr/bin/newaliases fi fi if checkyesno sendmail_cert_create && [ ! \( \ -f "$CERTDIR/host.cert" -o -f "$CERTDIR/host.key" -o \ -f "$CERTDIR/cacert.pem" \) ]; then if ! openssl version >/dev/null 2>&1; then warn "OpenSSL not available, but sendmail_cert_create is YES." else info Creating certificate for sendmail. sendmail_cert_create fi fi } run_rc_command "$1" required_files= if checkyesno sendmail_submit_enable; then name="sendmail_submit" rcvar="sendmail_submit_enable" run_rc_command "$1" fi if checkyesno sendmail_outbound_enable; then name="sendmail_outbound" rcvar="sendmail_outbound_enable" run_rc_command "$1" fi name="sendmail_msp_queue" rcvar="sendmail_msp_queue_enable" pidfile="${sendmail_msp_queue_pidfile:-/var/spool/clientmqueue/sm-client.pid}" required_files="/etc/mail/submit.cf" run_rc_command "$1" Index: head/etc/rc.initdiskless =================================================================== --- head/etc/rc.initdiskless (revision 298886) +++ head/etc/rc.initdiskless (revision 298887) @@ -1,381 +1,381 @@ #!/bin/sh # # Copyright (c) 1999 Matt Dillon # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # On entry to this script the entire system consists of a read-only root # mounted via NFS. The kernel has run BOOTP and configured an interface # (otherwise it would not have been able to mount the NFS root!) # # We use the contents of /conf to create and populate memory filesystems # that are mounted on top of this root to implement the writable # (and host-specific) parts of the root filesystem, and other volatile # filesystems. # # The hierarchy in /conf has the form /conf/T/M/ where M are directories # for which memory filesystems will be created and filled, # and T is one of the "template" directories below: # # base universal base, typically a replica of the original root; # default secondary universal base, typically overriding some # of the files in the original root; # ${ipba} where ${ipba} is the assigned broadcast IP address # bcast/${ipba} same as above # ${class} where ${class} is a list of directories supplied by # bootp/dhcp through the T134 option. # ${ipba} and ${class} are typically used to configure features # for group of diskless clients, or even individual features; # ${ip} where ${ip} is the machine's assigned IP address, typically # used to set host-specific features; # ip/${ip} same as above # # Template directories are scanned in the order they are listed above, # with each successive directory overriding (merged into) the previous one; # non-existing directories are ignored. The subdirectory forms exist to # help keep the top level /conf manageable in large installations. # # The existence of a directory /conf/T/M causes this script to create a # memory filesystem mounted as /M on the client. # # Some files in /conf have special meaning, namely: # # Filename Action # ---------------------------------------------------------------- # /conf/T/M/remount # The contents of the file is a mount command. E.g. if # /conf/1.2.3.4/foo/remount contains "mount -o ro /dev/ad0s3", # then /dev/ad0s3 will be be mounted on /conf/1.2.3.4/foo/ # # /conf/T/M/remount_optional # If this file exists, then failure to execute the mount # command contained in /conf/T/M/remount is non-fatal. # # /conf/T/M/remount_subdir # If this file exists, then the behaviour of /conf/T/M/remount # changes as follows: # 1. /conf/T/M/remount is invoked to mount the root of the # filesystem where the configuration data exists on a # temporary mountpoint. # 2. /conf/T/M/remount_subdir is then invoked to mount a # *subdirectory* of the filesystem mounted by # /conf/T/M/remount on /conf/T/M/. # # /conf/T/M/diskless_remount # The contents of the file points to an NFS filesystem, # possibly followed by mount_nfs options. If the server name # is omitted, the script will prepend the root path used when # booting. E.g. if you booted from foo.com:/path/to/root, # an entry for /conf/base/etc/diskless_remount could be any of # foo.com:/path/to/root/etc # /etc -o ro # Because mount_nfs understands ".." in paths, it is # possible to mount from locations above the NFS root with # paths such as "/../../etc". # # /conf/T/M/md_size # The contents of the file specifies the size of the memory # filesystem to be created, in 512 byte blocks. # The default size is 10240 blocks (5MB). E.g. if # /conf/base/etc/md_size contains "30000" then a 15MB MFS # will be created. In case of multiple entries for the same # directory M, the last one in the scanning order is used. # NOTE: If you only need to create a memory filesystem but not -# initialize it from a template, it is preferrable to specify +# initialize it from a template, it is preferable to specify # it in fstab e.g. as "md /tmp mfs -s=30m,rw 0 0" # # /conf/T/SUBDIR.cpio.gz # The file is cpio'd into /SUBDIR (and a memory filesystem is # created for /SUBDIR if necessary). The presence of this file # prevents the copy from /conf/T/SUBDIR/ # # /conf/T/SUBDIR.remove # The list of paths contained in the file are rm -rf'd # relative to /SUBDIR. # # /conf/diskless_remount # Similar to /conf/T/M/diskless_remount above, but allows # all of /conf to be remounted. This can be used to allow # multiple roots to share the same /conf. # # # You will almost universally want to create the following files under /conf # # File Content # ---------------------------- ---------------------------------- # /conf/base/etc/md_size size of /etc filesystem # /conf/base/etc/diskless_remount "/etc" # /conf/default/etc/rc.conf generic diskless config parameters # /conf/default/etc/fstab generic diskless fstab e.g. like this # # foo:/root_part / nfs ro 0 0 # foo:/usr_part /usr nfs ro 0 0 # foo:/home_part /home nfs rw 0 0 # md /tmp mfs -s=30m,rw 0 0 # md /var mfs -s=30m,rw 0 0 # proc /proc procfs rw 0 0 # # plus, possibly, overrides for password files etc. # # NOTE! /var, /tmp, and /dev will be typically created elsewhere, e.g. # as entries in the fstab as above. # Those filesystems should not be specified in /conf. # # (end of documentation, now get to the real code) dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` # DEBUGGING # log something on stdout if verbose. o_verbose=0 # set to 1 or 2 if you want more debugging log() { [ ${o_verbose} -gt 0 ] && echo "*** $* ***" [ ${o_verbose} -gt 1 ] && read -p "=== Press enter to continue" foo } # chkerr: # # Routine to check for error # # checks error code and drops into shell on failure. # if shell exits, terminates script as well as /etc/rc. # if remount_optional exists under the mountpoint, skip this check. # chkerr() { lastitem () ( n=$(($# - 1)) ; shift $n ; echo $1 ) mountpoint="$(lastitem $2)" [ -r $mountpoint/remount_optional ] && ( echo "$2 failed: ignoring due to remount_optional" ; return ) case $1 in 0) ;; *) echo "$2 failed: dropping into /bin/sh" /bin/sh # RESUME ;; esac } # The list of filesystems to umount after the copy to_umount="" handle_remount() { # $1 = mount point local nfspt mountopts b b=$1 log handle_remount $1 [ -d $b -a -f $b/diskless_remount ] || return read nfspt mountopts < $b/diskless_remount log "nfspt ${nfspt} mountopts ${mountopts}" # prepend the nfs root if not present [ `expr "$nfspt" : '\(.\)'` = "/" ] && nfspt="${nfsroot}${nfspt}" mount_nfs $mountopts $nfspt $b chkerr $? "mount_nfs $nfspt $b" to_umount="$b ${to_umount}" } # Create a generic memory disk # mount_md() { /sbin/mdmfs -S -i 4096 -s $1 -M md $2 } # Create the memory filesystem if it has not already been created # create_md() { [ "x`eval echo \\$md_created_$1`" = "x" ] || return # only once if [ "x`eval echo \\$md_size_$1`" = "x" ]; then md_size=10240 else md_size=`eval echo \\$md_size_$1` fi log create_md $1 with size $md_size mount_md $md_size /$1 /bin/chmod 755 /$1 eval md_created_$1=created } # DEBUGGING # # set -v # Figure out our interface and IP. # bootp_ifc="" bootp_ipa="" bootp_ipbca="" class="" if [ ${dlv:=0} -ne 0 ] ; then iflist=`ifconfig -l` for i in ${iflist} ; do set -- `ifconfig ${i}` while [ $# -ge 1 ] ; do if [ "${bootp_ifc}" = "" -a "$1" = "inet" ] ; then bootp_ifc=${i} ; bootp_ipa=${2} ; shift fi if [ "${bootp_ipbca}" = "" -a "$1" = "broadcast" ] ; then bootp_ipbca=$2; shift fi shift done if [ "${bootp_ifc}" != "" ] ; then break fi done # Get the values passed with the T134 bootp cookie. class="`/sbin/sysctl -qn kern.bootp_cookie`" echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca} ${class}" fi log Figure out our NFS root path # set -- `mount -t nfs` while [ $# -ge 1 ] ; do if [ "$2" = "on" -a "$3" = "/" ]; then nfsroot="$1" break fi shift done # The list of directories with template files templates="base default" if [ -n "${bootp_ipbca}" ]; then templates="${templates} ${bootp_ipbca} bcast/${bootp_ipbca}" fi if [ -n "${class}" ]; then templates="${templates} ${class}" fi if [ -n "${bootp_ipa}" ]; then templates="${templates} ${bootp_ipa} ip/${bootp_ipa}" fi # If /conf/diskless_remount exists, remount all of /conf. handle_remount /conf # Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca}, # and /conf/${bootp_ipa}. For each subdirectory found within these # directories: # # - calculate memory filesystem sizes. If the subdirectory (prior to # NFS remounting) contains the file 'md_size', the contents specified # in 512 byte sectors will be used to size the memory filesystem. Otherwise # 8192 sectors (4MB) is used. # # - handle NFS remounts. If the subdirectory contains the file # diskless_remount, the contents of the file is NFS mounted over # the directory. For example /conf/base/etc/diskless_remount # might contain 'myserver:/etc'. NFS remounts allow you to avoid # having to dup your system directories in /conf. Your server must # be sure to export those filesystems -alldirs, however. # If the diskless_remount file contains a string beginning with a # '/' it is assumed that the local nfsroot should be prepended to # it before attemping to the remount. This allows the root to be # relocated without needing to change the remount files. # log "templates are ${templates}" for i in ${templates} ; do for j in /conf/$i/* ; do [ -d $j ] || continue # memory filesystem size specification subdir=${j##*/} [ -f $j/md_size ] && eval md_size_$subdir=`cat $j/md_size` # remount. Beware, the command is in the file itself! if [ -f $j/remount ]; then if [ -f $j/remount_subdir ]; then k="/conf.tmp/$i/$subdir" [ -d $k ] || continue # Mount the filesystem root where the config data is # on the temporary mount point. nfspt=`/bin/cat $j/remount` $nfspt $k chkerr $? "$nfspt $k" # Now use a nullfs mount to get the data where we # really want to see it. remount_subdir=`/bin/cat $j/remount_subdir` remount_subdir_cmd="mount -t nullfs $k/$remount_subdir" $remount_subdir_cmd $j chkerr $? "$remount_subdir_cmd $j" # XXX check order -- we must force $k to be unmounted # after j, as j depends on k. to_umount="$j $k ${to_umount}" else nfspt=`/bin/cat $j/remount` $nfspt $j chkerr $? "$nfspt $j" to_umount="$j ${to_umount}" # XXX hope it is really a mount! fi fi # NFS remount handle_remount $j done done # - Create all required MFS filesystems and populate them from # our templates. Support both a direct template and a dir.cpio.gz # archive. Support dir.remove files containing a list of relative # paths to remove. # # The dir.cpio.gz form is there to make the copy process more efficient, # so if the cpio archive is present, it prevents the files from dir/ # from being copied. for i in ${templates} ; do for j in /conf/$i/* ; do subdir=${j##*/} if [ -d $j -a ! -f $j.cpio.gz ]; then create_md $subdir cp -Rp $j/ /$subdir fi done for j in /conf/$i/*.cpio.gz ; do subdir=${j%*.cpio.gz} subdir=${subdir##*/} if [ -f $j ]; then create_md $subdir echo "Loading /$subdir from cpio archive $j" (cd / ; /rescue/tar -xpf $j) fi done for j in /conf/$i/*.remove ; do subdir=${j%*.remove} subdir=${subdir##*/} if [ -f $j ]; then # doubly sure it is a memory disk before rm -rf'ing create_md $subdir (cd /$subdir; rm -rf `/bin/cat $j`) fi done done # umount partitions used to fill the memory filesystems [ -n "${to_umount}" ] && umount $to_umount