Index: head/share/man/man7/build.7 =================================================================== --- head/share/man/man7/build.7 (revision 360601) +++ head/share/man/man7/build.7 (revision 360602) @@ -1,854 +1,859 @@ .\" Copyright (c) 2000 .\" Mike W. Meyer .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd March 29, 2020 +.Dd May 3, 2020 .Dt BUILD 7 .Os .Sh NAME .Nm build .Nd information on how to build the system .Sh DESCRIPTION The sources for the .Fx system and its applications are contained in three different directories, normally .Pa /usr/src , .Pa /usr/doc , and .Pa /usr/ports . These directories may be initially empty or non-existent until updated with .Xr svn 1 or .Xr svnlite 1 or .Xr portsnap 8 . Directory .Pa /usr/src contains the .Dq "base system" sources, which is loosely defined as the things required to rebuild the system to a useful state. Directory .Pa /usr/doc contains the source for the system documentation, excluding the manual pages. Directory .Pa /usr/ports contains a tree that provides a consistent interface for building and installing third party applications. For more information about the ports build process, see .Xr ports 7 . .Pp The .Xr make 1 command is used in each of these directories to build and install the things in that directory. Issuing the .Xr make 1 command in any directory or subdirectory of those directories has the same effect as issuing the same command in all subdirectories of that directory. With no target specified, the things in that directory are just built. .Pp A source tree is allowed to be read-only. As described in .Xr make 1 , objects are usually built in a separate object directory hierarchy specified by the environment variable .Va MAKEOBJDIRPREFIX , or under .Pa /usr/obj if variable .Va MAKEOBJDIRPREFIX is not set. The canonical object directory is described in the documentation for the .Cm buildworld target below. .Pp The build may be controlled by defining .Xr make 1 variables described in the .Sx ENVIRONMENT section below, and by the variables documented in .Xr make.conf 5 . .Pp The following list provides the names and actions for the targets supported by the build system: .Bl -tag -width ".Cm cleandepend" .It Cm analyze Run Clang static analyzer against all objects and present output on stdout. .It Cm check Run tests for a given subdirectory. The default directory used is .Pa ${.OBJDIR} , but the check directory can be changed with .Pa ${CHECKDIR} . .It Cm checkworld Run the .Fx test suite on installed world. .It Cm clean Remove any files created during the build process. .It Cm cleandepend Remove the .Pa ${.OBJDIR}/${DEPENDFILE}* files generated by prior .Dq Li "make" and .Dq Li "make depend" steps. .It Cm cleandir Remove the canonical object directory if it exists, or perform actions equivalent to .Dq Li "make clean cleandepend" if it does not. This target will also remove an .Pa obj link in .Pa ${.CURDIR} if that exists. .Pp It is advisable to run .Dq Li "make cleandir" twice: the first invocation will remove the canonical object directory and the second one will clean up .Pa ${.CURDIR} . .It Cm depend Generate a list of build dependencies in file .Pa ${.OBJDIR}/${DEPENDFILE} . Per-object dependencies are generated at build time and stored in .Pa ${.OBJDIR}/${DEPENDFILE}.${OBJ} . .It Cm install Install the results of the build to the appropriate location in the installation directory hierarchy specified in variable .Va DESTDIR . .It Cm obj Create the canonical object directory associated with the current directory. .It Cm objlink Create a symbolic link to the canonical object directory in .Pa ${.CURDIR} . .It Cm tags Generate a tags file using the program specified in the .Xr make 1 variable .Va CTAGS . The build system supports .Xr ctags 1 and .Nm "GNU Global" . .El .Pp The other supported targets under directory .Pa /usr/src are: .Bl -tag -width ".Cm distributeworld" .It Cm buildenv Spawn an interactive shell with environment variables set up for building the system or individual components. For cross-building the target architecture needs to be specified with .Xr make 1 variables .Va TARGET_ARCH and .Va TARGET . .Pp This target is only useful after a complete toolchain (including the compiler, linker, assembler, headers and libraries) has been built; see the .Cm toolchain target below. .It Cm buildworld Build everything but the kernel, configure files in .Pa etc , and .Pa release . The object directory can be changed from the default .Pa /usr/obj by setting the .Pa MAKEOBJDIRPREFIX .Xr make 1 variable. The actual build location prefix used depends on the .Va WITH_UNIFIED_OBJDIR option from .Xr src.conf 5 . If enabled it is .Pa ${MAKEOBJDIRPREFIX}${.CURDIR}/${TARGET}.${TARGET_ARCH} for all builds. If disabled it is .Pa ${MAKEOBJDIRPREFIX}${.CURDIR} for native builds, and .Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}${.CURDIR} for cross builds and native builds with variable .Va CROSS_BUILD_TESTING set. .It Cm cleanworld Attempt to clean up targets built by a preceding .Cm buildworld , or similar step built from this source directory. .It Cm cleanuniverse When .Va WITH_UNIFIED_OBJDIR is enabled, attempt to clean up targets built by a preceding .Cm buildworld , .Cm universe , or similar step, for any architecture built from this source directory. .It Cm distributeworld Distribute everything compiled by a preceding .Cm buildworld step. Files are placed in the directory hierarchy specified by .Xr make 1 variable .Va DISTDIR . This target is used while building a release; see .Xr release 7 . .It Cm native-xtools This target builds a cross-toolchain for the given .Sy TARGET and .Sy TARGET_ARCH , as well as a select list of static userland tools for the host system. This is intended to be used in a jail where QEMU is used to improve performance by avoiding emulating binaries that do not need to be emulated. .Sy TARGET and .Sy TARGET_ARCH should be defined. .It Cm native-xtools-install Installs the results to .Pa ${DESTDIR}/${NXTP} where .Va NXTP defaults to .Pa nxb-bin . .Sy TARGET and .Sy TARGET_ARCH must be defined. .It Cm packageworld Archive the results of .Cm distributeworld , placing the results in .Va DISTDIR . This target is used while building a release; see .Xr release 7 . .It Cm installworld Install everything built by a preceding .Cm buildworld step into the directory hierarchy pointed to by .Xr make 1 variable .Va DESTDIR . .Pp If installing onto an NFS file system and running .Xr make 1 with the .Fl j option, make sure that .Xr rpc.lockd 8 is running on both client and server. See .Xr rc.conf 5 on how to make it start at boot time. .It Cm toolchain Create the build toolchain needed to build the rest of the system. For cross-architecture builds, this step creates a cross-toolchain. .It Cm universe For each architecture, execute a .Cm buildworld followed by a .Cm buildkernel for all kernels for that architecture, including .Pa LINT . This command takes a long time. .It Cm kernels Like .Cm universe with .Va WITHOUT_WORLDS defined so only the kernels for each architecture are built. .It Cm worlds Like .Cm universe with .Va WITHOUT_KERNELS defined so only the worlds for each architecture are built. .It Cm update Get updated sources as configured in .Xr make.conf 5 . .It Cm targets Print a list of supported .Va TARGET / .Va TARGET_ARCH pairs for world and kernel targets. .It Cm tinderbox Execute the same targets as .Cm universe . In addition print a summary of all failed targets at the end and exit with an error if there were any. .It Cm toolchains Create a build toolchain for each architecture supported by the build system. .It Cm xdev Builds and installs a cross-toolchain and sysroot for the given .Sy TARGET and .Sy TARGET_ARCH . The sysroot contains target library and headers. The target is an alias for .Cm xdev-build and .Cm xdev-install . The location of the files installed can be controlled with .Va DESTDIR . The target location in .Va DESTDIR is .Pa ${DESTDIR}/${XDTP} where .Va XDTP defaults to .Pa /usr/${XDDIR} and .Va XDDIR defaults to .Pa ${TARGET_ARCH}-freebsd . .It Cm xdev-build Builds for the .Cm xdev target. .It Cm xdev-install Installs the files for the .Cm xdev target. .It Cm xdev-links Installs autoconf-style symlinks to .Pa ${DESTDIR}/usr/bin pointing into the xdev toolchain in .Pa ${DESTDIR}/${XDTP} . .El .Pp Kernel specific build targets in .Pa /usr/src are: .Bl -tag -width ".Cm distributekernel" .It Cm buildkernel Rebuild the kernel and the kernel modules. The object directory can be changed from the default .Pa /usr/obj by setting the .Pa MAKEOBJDIRPREFIX .Xr make 1 variable. .It Cm installkernel Install the kernel and the kernel modules to directory .Pa ${DESTDIR}/boot/kernel , renaming any pre-existing directory with this name to .Pa kernel.old if it contained the currently running kernel. The target directory under .Pa ${DESTDIR} may be modified using the .Va INSTKERNNAME and .Va KODIR .Xr make 1 variables. .It Cm distributekernel Install the kernel to the directory .Pa ${DISTDIR}/kernel/boot/kernel . This target is used while building a release; see .Xr release 7 . .It Cm packagekernel Archive the results of .Cm distributekernel , placing the results in .Va DISTDIR . This target is used while building a release; see .Xr release 7 . .It Cm kernel Equivalent to .Cm buildkernel followed by .Cm installkernel .It Cm kernel-toolchain Rebuild the tools needed for kernel compilation. Use this if you did not do a .Cm buildworld first. .It Cm reinstallkernel Reinstall the kernel and the kernel modules, overwriting the contents of the target directory. As with the .Cm installkernel target, the target directory can be specified using the .Xr make 1 variable .Va INSTKERNNAME . .El .Pp Convenience targets for cleaning up the install destination directory denoted by variable .Va DESTDIR include: .Bl -tag -width ".Cm delete-old-libs" .It Cm check-old Print a list of old files and directories in the system. .It Cm delete-old Delete obsolete base system files and directories interactively. When .Li -DBATCH_DELETE_OLD_FILES is specified at the command line, the delete operation will be non-interactive. The variables .Va DESTDIR , .Va TARGET_ARCH and .Va TARGET should be set as with .Dq Li "make installworld" . .It Cm delete-old-libs Delete obsolete base system libraries interactively. This target should only be used if no third party software uses these libraries. When .Li -DBATCH_DELETE_OLD_FILES is specified at the command line, the delete operation will be non-interactive. The variables .Va DESTDIR , .Va TARGET_ARCH and .Va TARGET should be set as with .Dq Li "make installworld" . .El .Sh ENVIRONMENT Variables that influence all builds include: .Bl -tag -width ".Va MAKEOBJDIRPREFIX" .It Va DEBUG_FLAGS Defines a set of debugging flags that will be used to build all userland binaries under .Pa /usr/src . When .Va DEBUG_FLAGS is defined, the .Cm install and .Cm installworld targets install binaries from the current .Va MAKEOBJDIRPREFIX without stripping, so that debugging information is retained in the installed binaries. .It Va DESTDIR The directory hierarchy prefix where built objects will be installed. If not set, .Va DESTDIR defaults to the empty string. .It Va MAKEOBJDIRPREFIX Defines the prefix for directory names in the tree of built objects. Defaults to .Pa /usr/obj if not defined. This variable should only be set in the environment or .Pa /etc/src-env.conf and not via .Pa /etc/make.conf or .Pa /etc/src.conf or the command line. .It Va NO_WERROR If defined, compiler warnings will not cause the build to halt, even if the makefile says otherwise. .It Va WITH_CTF If defined, the build process will run the DTrace CTF conversion tools on built objects. .El .Pp Additionally, builds in .Pa /usr/src are influenced by the following .Xr make 1 variables: .Bl -tag -width ".Va SUBDIR_OVERRIDE" .It Va KERNCONF Overrides which kernel to build and install for the various kernel make targets. It defaults to .Cm GENERIC . .It Va KERNCONFDIR Overrides the directory in which .Va KERNCONF and any files included by .Va KERNCONF should be found. Defaults to .Pa sys/${ARCH}/conf . .It Va KERNFAST If set, the build target .Cm buildkernel defaults to setting .Va NO_KERNELCLEAN , .Va NO_KERNELCONFIG , and .Va NO_KERNELOBJ . When set to a value other than .Cm 1 then .Va KERNCONF is set to the value of .Va KERNFAST . .It Va LOCAL_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm everything target. The directories are built in parallel with each other, and with the base system directories. Insert a .Va .WAIT directive at the beginning of the .Va LOCAL_DIRS list to ensure all base system directories are built first. .Va .WAIT may also be used as needed elsewhere within the list. .It Va LOCAL_ITOOLS If set, this variable supplies a list of additional tools that are used by the .Cm installworld and .Cm distributeworld targets. .It Va LOCAL_LIB_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm libraries target. The directories are built in parallel with each other, and with the base system libraries. Insert a .Va .WAIT directive at the beginning of the .Va LOCAL_DIRS list to ensure all base system libraries are built first. .Va .WAIT may also be used as needed elsewhere within the list. .It Va LOCAL_MTREE If set, this variable supplies a list of additional mtrees relative to the root of the source tree to use as part of the .Cm hierarchy target. .It Va LOCAL_TOOL_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm build-tools target. .It Va LOCAL_XTOOL_DIRS If set, this variable supplies a list of additional directories relative to the root of the source tree to build as part of the .Cm cross-tools target. .It Va PORTS_MODULES A list of ports with kernel modules that should be built and installed as part of the .Cm buildkernel and .Cm installkernel process. .Bd -literal -offset indent make PORTS_MODULES=emulators/kqemu-kmod kernel .Ed .It Va STRIPBIN Command to use at install time when stripping binaries. Be sure to add any additional tools required to run .Va STRIPBIN to the .Va LOCAL_ITOOLS .Xr make 1 variable before running the .Cm distributeworld or .Cm installworld targets. See .Xr install 1 for more details. .It Va SUBDIR_OVERRIDE Override the default list of sub-directories and only build the sub-directory named in this variable. If combined with .Cm buildworld then all libraries and includes, and some of the build tools will still build as well. Specifying .Cm -DNO_LIBS , and .Cm -DWORLDFAST will only build the specified directory as was done historically. When combined with .Cm buildworld it is necesarry to override .Va LOCAL_LIB_DIRS with any custom directories containing libraries. This allows building a subset of the system in the same way as .Cm buildworld does using its sysroot handling. This variable can also be useful when debugging failed builds. .Bd -literal -offset indent make some-target SUBDIR_OVERRIDE=foo/bar .Ed .It Va TARGET The target hardware platform. This is analogous to the .Dq Nm uname Fl m output. This is necessary to cross-build some target architectures. For example, cross-building for ARM64 machines requires .Va TARGET_ARCH Ns = Ns Li aarch64 and .Va TARGET Ns = Ns Li arm64 . If not set, .Va TARGET defaults to the current hardware platform, unless .Va TARGET_ARCH is also set, in which case it defaults to the appropriate value for that architecture. .It Va TARGET_ARCH The target machine processor architecture. This is analogous to the .Dq Nm uname Fl p output. Set this to cross-build for a different architecture. If not set, .Va TARGET_ARCH defaults to the current machine architecture, unless .Va TARGET is also set, in which case it defaults to the appropriate value for that platform. Typically, one only needs to set .Va TARGET . .El .Pp Builds under directory .Pa /usr/src are also influenced by defining one or more of the following symbols, using the .Fl D option of .Xr make 1 : .Bl -tag -width ".Va -DNO_KERNELCONFIG" .It Va LOADER_DEFAULT_INTERP Defines what interpreter the default loader program will have. Valid values include .Dq 4th , .Dq lua , and .Dq simp . This creates the default link for .Pa /boot/loader to the loader with that interpreter. It also determines what interpreter is compiled into .Pa userboot . .It Va NO_CLEANDIR If set, the build targets that clean parts of the object tree use the equivalent of .Dq make clean instead of .Dq make cleandir . .It Va NO_CLEAN If set, no object tree files are cleaned at all. This is the default when .Va WITH_META_MODE is used with .Xr filemon 4 loaded. See .Xr src.conf 5 for more details. Setting .Va NO_CLEAN implies .Va NO_KERNELCLEAN , so when .Va NO_CLEAN is set no kernel objects are cleaned either. .It Va NO_CTF If set, the build process does not run the DTrace CTF conversion tools on built objects. .It Va NO_SHARE If set, the build does not descend into the .Pa /usr/src/share subdirectory (i.e., manual pages, locale data files, timezone data files and other .Pa /usr/src/share files will not be rebuild from their sources). .It Va NO_KERNELCLEAN If set, the build process does not run .Dq make clean as part of the .Cm buildkernel target. .It Va NO_KERNELCONFIG If set, the build process does not run .Xr config 8 as part of the .Cm buildkernel target. .It Va NO_KERNELOBJ If set, the build process does not run .Dq make obj as part of the .Cm buildkernel target. .It Va NO_DOCUPDATE If set, the update process does not update the source of the .Fx documentation as part of the .Dq make update target. .It Va NO_LIBS If set, the libraries phase will be skipped. .It Va NO_OBJWALK If set, no object directories will be created. This should only be used if object directories were created in a previous build and no new directories are connected. .It Va NO_PORTSUPDATE If set, the update process does not update the Ports tree as part of the .Dq make update target. .It Va NO_WWWUPDATE If set, the update process does not update the www tree as part of the .Dq make update target. .It Va WORLDFAST If set, the build target .Cm buildworld defaults to setting .Va NO_CLEAN , .Va NO_OBJWALK , and will skip most bootstrap phases. It will only bootstrap libraries and build all of userland. This option should be used only when it is known that none of the bootstrap needs changed and that no new directories have been connected to the build. .El .Pp Builds under directory .Pa /usr/doc are influenced by the following .Xr make 1 variables: .Bl -tag -width ".Va DOC_LANG" .It Va DOC_LANG If set, restricts the documentation build to the language subdirectories specified as its content. The default action is to build documentation for all languages. .El .Pp Builds using the .Cm universe and related targets are influenced by the following .Xr make 1 variables: .Bl -tag -width ".Va MAKE_JUST_KERNELS" .It Va JFLAG Pass the value of this variable to each .Xr make 1 invocation used to build worlds and kernels. This can be used to enable multiple jobs within a single architecture's build while still building each architecture serially. .It Va MAKE_JUST_KERNELS Only build kernels for each supported architecture. .It Va MAKE_JUST_WORLDS Only build worlds for each supported architecture. .It Va WITHOUT_WORLDS Only build kernels for each supported architecture. .It Va WITHOUT_KERNELS Only build worlds for each supported architecture. .It Va UNIVERSE_TARGET Execute the specified .Xr make 1 target for each supported architecture instead of the default action of building a world and one or more kernels. This variable implies .Va WITHOUT_KERNELS . .It Va TARGETS Only build the listed targets instead of each supported architecture. .It Va EXTRA_TARGETS In addition to the supported architectures, build the semi-supported architectures. A semi-supported architecture has build support in the .Fx tree, but receives significantly less testing and is generally for fringe uses that do not have a wide appeal. .El .Sh FILES .Bl -tag -width ".Pa /usr/share/examples/etc/make.conf" -compact .It Pa /usr/doc/Makefile .It Pa /usr/doc/share/mk/doc.project.mk .It Pa /usr/ports/Mk/bsd.port.mk .It Pa /usr/ports/Mk/bsd.sites.mk .It Pa /usr/share/examples/etc/make.conf .It Pa /usr/src/Makefile .It Pa /usr/src/Makefile.inc1 .El .Sh EXAMPLES For an .Dq approved method of updating your system from the latest sources, please see the .Sx COMMON ITEMS section in .Pa src/UPDATING . .Pp The following sequence of commands can be used to cross-build the system for the armv6 architecture on an amd64 host: .Bd -literal -offset indent cd /usr/src make TARGET_ARCH=armv6 buildworld buildkernel make TARGET_ARCH=armv6 DESTDIR=/clients/arm installworld installkernel .Ed +.Sh HISTORY +The +.Nm +manpage first appeared in +.Fx 4.3 . .Sh SEE ALSO .Xr cc 1 , .Xr install 1 , .Xr make 1 , .Xr svn 1 , .Xr svnlite 1 , .Xr make.conf 5 , .Xr src.conf 5 , .Xr arch 7 , .Xr ports 7 , .Xr release 7 , .Xr tests 7 , .Xr config 8 , .Xr mergemaster 8 , .Xr portsnap 8 , .Xr reboot 8 , .Xr shutdown 8 .Sh AUTHORS .An Mike W. Meyer Aq Mt mwm@mired.org Index: head/share/man/man7/crypto.7 =================================================================== --- head/share/man/man7/crypto.7 (revision 360601) +++ head/share/man/man7/crypto.7 (revision 360602) @@ -1,119 +1,124 @@ .\" Copyright (c) 2014 The FreeBSD Foundation .\" All rights reserved. .\" .\" This documentation was written by John-Mark Gurney under .\" the sponsorship of the FreeBSD Foundation and .\" Rubicon Communications, LLC (Netgate). .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd March 27, 2020 +.Dd May 3, 2020 .Dt CRYPTO 7 .Os .Sh NAME .Nm crypto .Nd OpenCrypto algorithms .Sh SYNOPSIS In the kernel configuration file: .Cd "device crypto" .Pp Or load the crypto.ko module. .Sh DESCRIPTION The following cryptographic algorithms that are part of the OpenCrypto framework have the following requirements. .Pp Cipher algorithms: .Bl -tag -width ".Dv CRYPTO_AES_CBC" .It Dv CRYPTO_AES_CBC .Bl -tag -width "Block size :" -compact -offset indent .It IV size : 16 .It Block size : 16 .It Key size : 16, 24 or 32 .El .Pp This algorithm implements Cipher-block chaining. .It Dv CRYPTO_AES_NIST_GCM_16 .Bl -tag -width "Block size :" -compact -offset indent .It IV size : 12 .It Block size : 1 .It Key size : 16, 24 or 32 .It Digest size : 16 .El .Pp This algorithm implements Galois/Counter Mode. This cipher uses AEAD .Pq Authenticated Encryption with Associated Data mode. .Pp The authentication tag will be read/written from/to the offset .Va crp_digest_start specified in the request. .Pp Note: You must provide an IV on every call. .It Dv CRYPTO_AES_ICM .Bl -tag -width "Block size :" -compact -offset indent .It IV size : 16 .It Block size : 1 (aesni), 16 (software) .It Key size : 16, 24 or 32 .El .Pp This algorithm implements Integer Counter Mode. This is similar to what most people call counter mode, but instead of the counter being split into a nonce and a counter part, then entire nonce is used as the initial counter. This does mean that if a counter is required that rolls over at 32 bits, the transaction need to be split into two parts where the counter rolls over. The counter incremented as a 128-bit big endian number. .Pp Note: You must provide an IV on every call. .It Dv CRYPTO_AES_XTS .Bl -tag -width "Block size :" -compact -offset indent .It IV size : 8 .It Block size : 16 .It Key size : 32 or 64 .El .Pp This algorithm implements XEX Tweakable Block Cipher with Ciphertext Stealing as defined in NIST SP 800-38E. .Pp NOTE: The ciphertext stealing part is not implemented which is why this cipher is listed as having a block size of 16 instead of 1. .El +.Sh HISTORY +The +.Nm +manpage first appeared in +.Fx 10.1 . .Sh SEE ALSO .Xr crypto 4 , .Xr crypto 9 .Sh BUGS Not all the implemented algorithms are listed. Index: head/share/man/man7/ffs.7 =================================================================== --- head/share/man/man7/ffs.7 (revision 360601) +++ head/share/man/man7/ffs.7 (revision 360602) @@ -1,325 +1,330 @@ .\" Copyright (c) 2001 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by Chris .\" Costello at Safeport Network Services and NAI Labs, the Security .\" Research Division of Network Associates, Inc. under DARPA/SPAWAR .\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS .\" research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd August 25, 2019 +.Dd May 3, 2020 .Dt FFS 7 .Os .Sh NAME .Nm ffs .Nd Berkeley fast file system .Sh SYNOPSIS In the kernel configuration file: .Cd "options FFS" .Cd "options QUOTA" .Cd "options SOFTUPDATES" .Cd "options SUIDDIR" .Cd "options UFS_ACL" .Cd "options UFS_DIRHASH" .Cd "options UFS_EXTATTR" .Cd "options UFS_EXTATTR_AUTOSTART" .Cd "options UFS_GJOURNAL" .Pp In .Xr fstab 5 : .Bd -literal -compact /dev/disk0a /mnt ufs rw 1 1 .Ed .Sh DESCRIPTION The Berkeley fast file system provides facilities to store file system data onto a disk device. .Nm has been optimized over the years for speed and reliability and is the default .Fx file system. .Ss Quotas .Bl -tag -width 2n .It Cd "options QUOTA" This option allows system administrators to set limits on disk usage on a per-user basis. Quotas can be used only on file systems mounted with the .Cm quota option; see .Xr quota 1 and .Xr edquota 8 . .El .Ss Soft Updates .Bl -tag -width 2n .It Cd "options SOFTUPDATES" The soft updates feature tracks writes to the disk and enforces metadata update dependencies (e.g., updating free block maps) to ensure that the file system remains consistent. .Pp To create a new file system with the soft updates enabled, use .Xr newfs 8 command: .Pp .D1 Nm newfs Fl U Ar fs .Pp .Ar fs can be either a mount point listed in .Xr fstab 5 .Pq e.g. , Pa /usr , or a disk device .Pq e.g., Pa /dev/da0a . .Pp It is possible to enable soft updates on an .Em unmounted file system by using .Xr tunefs 8 command: .Pp .D1 Nm tunefs Fl n Cm enable Ar fs .Pp Soft updates can also add journaling that reduces the time spent by .Xr fsck_ffs 8 cleaning up a filesystem after a crash from several minutes to a few seconds. The journal is placed in an inode named .Pa .sujournal , and is kept as a circular log of segments containing records that describe metadata operations. .Pp To create a new file system with both the soft updates and soft updates journaling enabled, use the following command: .Pp .D1 Nm newfs Fl j Ar fs .Pp This runs .Xr tunefs 8 command after .Xr newfs 8 command with .Fl U flag enabled. It is possible to enable soft updates journaling on an .Em unmounted file system by using .Xr tunefs 8 command: .Pp .D1 Nm tunefs Fl j Cm enable Ar fs .Pp This flag automatically enables the soft updates feature when it is not enabled. Note that this .Xr tunefs 8 command will fail if a file .Pa .sujournal already exists before enabling the soft updates journaling. .El .Ss File Ownership Inheritance .Bl -tag -width 2n .It Cd "options SUIDDIR" For use in file sharing environments on networks including .Tn "Microsoft Windows" and .Tn "Apple Macintosh" computers, this option allows files on file systems mounted with the .Cm suiddir option to inherit the ownership of its directory, i.e., .Dq "if it's my directory, it must be my file." .El .Ss Access Control Lists .Bl -tag -width 2n .It Cd "options UFS_ACL" Access control lists allow the association of fine-grained discretionary access control information with files and directories. This option requires the presence of the .Dv UFS_EXTATTR option, and it is recommended that .Dv UFS_EXTATTR_AUTOSTART is included as well, so that ACLs are enabled atomically upon mounting the file system. .El .Pp In order to enable support for ACLs, two extended attributes must be available in the .Dv EXTATTR_NAMESPACE_SYSTEM namespace: .Pa posix1e.acl_access , which holds the access ACL, and .Pa posix1e.acl_default , which holds the default ACL for directories. If you are using file system extended attributes, the following commands may be used to allocate space for and create the necessary EA backing files for ACLs in the root of each file system. In these examples, the root file system is used; see .Sx "Extended Attributes" for more details. .Bd -literal -offset indent mkdir -p /.attribute/system cd /.attribute/system extattrctl initattr -p / 388 posix1e.acl_access extattrctl initattr -p / 388 posix1e.acl_default .Ed .Pp On the next mount of the root file system, the attributes will be automatically started if .Dv UFS_EXTATTR_AUTOSTART is included in the kernel configuration, and ACLs will be enabled. .Ss Directory Hashing .Bl -tag -width 2n .It Cd "options UFS_DIRHASH" Implements a hash-based lookup scheme for directories in order to speed up accesses to very large directories. .El .Ss Extended Attributes .Bl -tag -width 2n .It Cd "options UFS_EXTATTR" Extended attributes allow the association of additional arbitrary metadata with files and directories, which can be assigned and retrieved from userland as well as from within the kernel; see .Xr extattrctl 8 . .It Cd "options UFS_EXTATTR_AUTOSTART" If this option is defined, .Nm will search for a .Pa .attribute subdirectory of the file system root during the mount operation. If found, extended attribute support will be automatically started for that file system. .El .Ss GEOM-based Journaling .Bl -tag -width 2n .It Cd "options UFS_GJOURNAL" Implements a block level journaling of a UFS file system, which is for both data and metadata. To enable this, create a .Xr gjournal 8 GEOM provider for a block device by using the following command: .Pp .D1 Nm gjournal label Ar da0 .Pp In this example, .Pa /dev/da0 is used as the target block device, and .Pa /dev/da0.journal is created. Then create a new file system by using .Xr newfs 8 with the block level journaling flag and mount it: .Pp .D1 Nm newfs Fl J Ar /dev/da0.journal .D1 Nm mount Fl o Cm async Ar /dev/da0.journal Ar /mnt .Pp .Cm async option is not mandatory but recommended for better performance because the journaling guarantees the consistency of an .Cm async mount. .Pp It is also possible to enable the block level journaling on an existing file system. To do so, use .Xr gjournal 8 utility to label the underlying block device and .Xr tunefs 8 utility to enable the block level journaling flag: .Pp .D1 Nm gjournal label Ar da0 .D1 Nm tunefs Fl J Cm enable Ar /dev/da0.journal .D1 Nm mount Fl o Cm async Ar /dev/da0.journal Ar /mnt .El .Ss Xr sysctl 8 MIBs The following .Xr sysctl 8 MIBs are defined for use with .Nm : .Bl -hang -width ".Va vfs.ffs.doreallocblk" .It Va vfs.ffs.doasyncfree Asynchronously write out modified i-node and indirect blocks upon reallocating file system blocks to be contiguous. .Pq Default: 1 . .It Va vfs.ffs.doreallocblks Enable support for the rearrangement of blocks to be contiguous. .Pq Default: 1 . .El +.Sh HISTORY +The +.Nm +manual page first appeared in +.Fx 4.5 . .Sh SEE ALSO .Xr quota 1 , .Xr acl 3 , .Xr extattr 3 , .Xr edquota 8 , .Xr extattrctl 8 , .Xr fsck_ffs 8 , .Xr sysctl 8 , .Xr tunefs 8 .Rs .%A M. McKusick .%A W. Joy .%A S. Leffler .%A R. Fabry .%D August 1984 .%T "A Fast File System for UNIX" .%J "ACM Transactions on Computer Systems" .%N 2 .%V 3 .%P 181-197 .Re .Rs .%A M. McKusick .%D June 2000 .%T "Soft Updates: A Technique for Eliminating Most Synchronous Writes in the Fast Filesystem" .%J "Proceedings of the Freenix Track at the 1999 Usenix Annual Technical Conference" .%P 71-84 .Re .Rs .%A M. McKusick .%A J. Roberson .%D May 2010 .%T "Journaled Soft-updates" .%J "BSD Canada Conference 2010 (BSDCan)" .Re Index: head/share/man/man7/growfs.7 =================================================================== --- head/share/man/man7/growfs.7 (revision 360601) +++ head/share/man/man7/growfs.7 (revision 360602) @@ -1,64 +1,69 @@ .\" Copyright 2014 John-Mark Gurney .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd November 1, 2014 +.Dd May 3, 2020 .Dt GROWFS 7 .Os .Sh NAME .Nm growfs .Nd start up script to grow the root file-system .Sh DESCRIPTION The following options in .Pa /etc/rc.conf control the behavior of .Nm : .Bl -tag -width ".Va growfs_enable" -offset indent .It Va growfs_enable .Pq Dq Li NO If set to .Dq Li YES , the first time the machine boots, the root file-system will be automatically expanded, if possible, to fill up all available space after it. .El .Pp To expand the root file-system with-out rebooting, run the following command: .Dl % /etc/rc.d/growfs onestart .Sh IMPLEMENTATION NOTES The script requires that .Pa awk be present and on the path. This usually means that .Pa /usr should be mounted prior to running the script. .Sh FILES .Pa /etc/rc.conf .Sh EXIT STATUS .Ex -std +.Sh HISTORY +The +.Nm +manual page first appeared in +.Fx 10.1 . .Sh SEE ALSO .Xr rc.conf 5 .Sh AUTHORS The man page and script were written by .An John-Mark Gurney Aq Mt jmg@FreeBSD.org . Index: head/share/man/man8/diskless.8 =================================================================== --- head/share/man/man8/diskless.8 (revision 360601) +++ head/share/man/man8/diskless.8 (revision 360602) @@ -1,480 +1,485 @@ .\" Copyright (c) 1994 Gordon W. Ross, Theo de Raadt .\" Updated by Luigi Rizzo, Robert Watson .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote products .\" derived from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd September 10, 2018 +.Dd May 3, 2020 .Dt DISKLESS 8 .Os .Sh NAME .Nm diskless .Nd booting a system over the network .Sh DESCRIPTION The ability to boot a machine over the network is useful for .Em diskless or .Em dataless machines, or as a temporary measure while repairing or re-installing file systems on a local disk. This file provides a general description of the interactions between a client and its server when a client is booting over the network. .Sh OPERATION When booting a system over the network, there are three phases of interaction between client and server: .Bl -enum .It The stage-1 bootstrap, typically PXE built into your Ethernet card, loads a second-stage boot program. .It The second-stage boot program, typically .Xr pxeboot 8 , loads modules and the kernel, and boots the kernel. .It The kernel .Tn NFS mounts the root directory and continues from there. .El .Pp Each of these phases are described in further detail below. .Pp First, the stage-1 bootstrap loads the stage-2 boot program over the network. The stage-1 bootstrap typically uses .Tn BOOTP or .Tn DHCP to obtain the filename to load, then uses .Tn TFTP to load the file. This file is typically called .Pa pxeboot , and should be copied from .Pa /boot/pxeboot into the .Tn TFTP directory on the server, which is typically .Pa /tftpdir . .Pp The stage-2 boot program then loads additional modules and the kernel. These files may not exist on the .Tn DHCP or .Tn BOOTP server. You can use the .Ic next-server option available in .Tn DHCP configurations to specify the server holding the second stage boot files and kernel. The stage-2 program uses .Tn NFS or .Tn TFTP to obtain these files. By default, .Tn NFS is used. If you are using .Xr pxeboot 8 , you can install a version that uses .Tn TFTP by setting .Li LOADER_TFTP_SUPPORT=YES in your .Xr make.conf 5 , then recompiling and reinstalling .Xr pxeboot 8 via the command listed below. It is often necessary to use .Tn TFTP here so you can place a custom kernel in .Pa /tftpdir/ . If you use .Tn NFS and do not have a custom root file system for the .Nm client, the stage-2 boot will load your server's kernel as the kernel for the .Nm machine, which may not be what you want to have happen. .Bd -literal -offset indent cd /usr/src/stand make clean; make; make install cp /boot/pxeboot /tftpdir/ .Ed .Pp In phase 3, the kernel acquires IP networking configuration in one of two ways, and then proceeds to mount the root file system and start operation. If the phase 2 loader supports passing network configuration to the kernel using the kernel environment, then the kernel will configure the network interface using that information. Otherwise, it must use .Tn DHCP or .Tn BOOTP to acquire configuration information. The boot scripts recognize a .Nm startup and perform the actions found in .Pa /etc/rc.d/resolv , .Pa /etc/rc.d/tmp , .Pa /etc/rc.d/var , and .Pa /etc/rc.initdiskless . .Sh CONFIGURATION In order to run a .Nm client, you need the following: .Bl -bullet .It An .Tn NFS server which exports a root and .Pa /usr partitions with appropriate permissions. The .Nm scripts work with read-only partitions, as long as root is exported with .Fl maproot Ns =0 so that some system files can be accessed. As an example, .Pa /etc/exports can contain the following lines: .Bd -literal -offset indent -ro -maproot=0 -alldirs /usr -ro -alldirs .Ed .Pp where .Aq ROOT is the mount point on the server of the root partition. The script .Pa /usr/share/examples/diskless/clone_root can be used to create a shared read-only root partition, but in many cases you may decide to export (again as read-only) the root directory used by the server itself. .It A .Tn BOOTP or .Tn DHCP server. .Xr bootpd 8 can be enabled by uncommenting the .Dq Li bootps line in .Pa /etc/inetd.conf . A sample .Pa /etc/bootptab can be the following: .Bd -literal -offset indent .default:\\ hn:ht=1:vm=rfc1048:\\ :sm=255.255.255.0:\\ :sa=:\\ :gw=:\\ :rp=":": :ha=0123456789ab:tc=.default .Ed .Pp where .Aq SERVER , .Aq GATEWAY and .Aq ROOT have the obvious meanings. .It A properly initialized root partition. The script .Pa /usr/share/examples/diskless/clone_root can help in creating it, using the server's root partition as a reference. If you are just starting out, you should simply use the server's own root directory, .Pa / , and not try to clone it. .Pp You often do not want to use the same .Pa rc.conf or .Pa rc.local files for the .Nm boot as you do on the server. The .Nm boot scripts provide a mechanism through which you can override various files in .Pa /etc (as well as other subdirectories of root). .Pp One difference that you should pay particular attention to is the value of .Va local_startup in .Pa /etc/defaults/rc.conf . A typical value for a .Nm boot is .Va mountcritremote , however your needs may be different. .Pp The scripts provide four overriding directories situated in .Pa /conf/base , .Pa /conf/default , .Pa /conf/ , and .Pa /conf/ . You should always create .Pa /conf/base/etc , which will entirely replace the server's .Pa /etc on the .Nm machine. You can clone the server's .Pa /etc here or you can create a special file which tells the .Nm boot scripts to remount the server's .Pa /etc onto .Pa /conf/base/etc . You do this by creating the file .Pa /conf/base/etc/diskless_remount containing the mount point to use as a basis of the .Nm machine's .Pa /etc . For example, the file might contain: .Pp .Dl 10.0.0.1:/etc .Pp Alternatively, if the server contains several independent roots, the file might contain: .Pp .Dl 10.0.0.1:/usr/diskless/4.7-RELEASE/etc .Pp This would work, but if you copied .Pa /usr/diskless/4.7-RELEASE to .Pa /usr/diskless/4.8-RELEASE and upgraded the installation, you would need to modify the .Pa diskless_remount files to reflect that move. To avoid that, paths in .Pa diskless_remount files beginning with .Pa / have the actual path of the client's root prepended to them so the file could instead contain: .Pp .Dl /etc .Pp The .Nm scripts create memory file systems to hold the overridden directories. Only a 5MB partition is created by default, which may not be sufficient for your purposes. To override this, you can create the file .Pa /conf/base/etc/md_size containing the size, in 512 byte sectors, of the memory disk to create for that directory. .Pp You then typically provide file-by-file overrides in the .Pa /conf/default/etc directory. At a minimum, you must provide overrides for .Pa /etc/fstab , /etc/rc.conf , and .Pa /etc/rc.local via .Pa /conf/default/etc/fstab , /conf/default/etc/rc.conf , and .Pa /conf/default/etc/rc.local . .Pp Overrides are hierarchical. You can supply network-specific defaults in the .Pa /conf/ Ns Ao Ar BROADCASTIP Ac Ns Pa /etc directory, where .Aq Ar BROADCASTIP represents the broadcast IP address of the .Nm system as given to it via .Tn BOOTP . The .Pa diskless_remount and .Pa md_size features work in any of these directories. The configuration feature works on directories other then .Pa /etc , you simply create the directory you wish to replace or override in .Pa /conf/{base,default,,}/* and work it in the same way that you work .Pa /etc . .Pp Since you normally clone the server's .Pa /etc using the .Pa /conf/base/etc/diskless_remount , you might wish to remove unneeded files from the memory file system. For example, if the server has a firewall but you do not, you might wish to remove .Pa /etc/ipfw.conf . You can do this by creating a .Pa /conf/base/ Ns Ao Ar DIRECTORY Ac Ns Pa .remove file. For example, .Pa /conf/base/etc.remove , which contains a list of relative paths that the boot scripts should remove from the memory file systems. .Pp As a minimum, you normally need to have the following in .Pa /conf/default/etc/fstab .Bd -literal -offset indent : / nfs ro 0 0 :/usr /usr nfs ro 0 0 .Ed .Pp You also need to create a customized version of .Pa /conf/default/etc/rc.conf which should contain the startup options for the .Nm client, and .Pa /conf/default/etc/rc.local which could be empty but prevents the server's own .Pa /etc/rc.local from leaking onto the .Nm system. .Pp In .Pa rc.conf , most likely you will not need to set .Va hostname and .Va ifconfig_* because these will be already set by the startup code. Finally, it might be convenient to use a .Ic case statement using .Li `hostname` as the switch variable to do machine-specific configuration in case a number of .Nm clients share the same configuration files. .It The kernel for the .Nm clients, which will be loaded using .Tn NFS or .Tn TFTP , must include support for the NFS client: .Pp .D1 Cd "options NFSCL" .D1 Cd "options NFS_ROOT" .Pp If you are using a boot mechanism that does not pass network configuration to the kernel using the kernel environment, you will also need to include the following options: .Pp .D1 Cd "options BOOTP" .D1 Cd "options BOOTP_NFSROOT" .D1 Cd "options BOOTP_COMPAT" .Pp .Em Note : the PXE environment does not require these options. .Pp The .Nm booting environment relies on memory-backed file systems to support temporary local storage in the event that the root file system is mounted read-only; as such, it is necessary to add the following to the device section of the kernel configuration: .Pp .D1 Cd "device md" .Pp If you use the firewall, remember to default to .Dq open , or your kernel will not be able to send/receive the .Tn BOOTP packets. .El .Sh SECURITY ISSUES Be warned that using unencrypted .Tn NFS to mount root and user partitions may expose information such as encryption keys. +.Sh HISTORY +The +.Nm +environment first appeared in +.Fx 2.2.5 . .Sh SEE ALSO .Xr ethers 5 , .Xr exports 5 , .Xr make.conf 5 , .Xr bootpd 8 , .Xr mountd 8 , .Xr nfsd 8 , .Xr pxeboot 8 , .Xr reboot 8 , .Xr tftpd 8 .Pp .Pa ports/net/etherboot .Sh BUGS This manpage is probably incomplete. .Pp .Fx sometimes requires to write onto the root partition, so the startup scripts mount MFS file systems on some locations (e.g.\& .Pa /etc and .Pa /var ) , while trying to preserve the original content. The process might not handle all cases.