nuageinit: by default to not enable nuageinit

MFC After: 1 day
Reported by: karels@

Remove GBDE rc support

kdc: Add restart option

Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.

Set kdc_restart="YES" to auto restart kdc on abnormal termination.

Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.

Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898

nfsserver: Default to nfs_reserved_port_only="YES"

This setting causes the NFS server to check that all RPCs are sent from
a privileged (<= 1023) port, rejecting those that are not. This
slightly raises the bar for a user with network access to an
unauthenticated NFS server to access exported NFS filesystems.

Users that use traditional NFS clients (e.g., those provided by FreeBSD
or Linux) should not see any difference, assuming that unprivileged
filesystem mounting is disallowed.

Note that the setting is per-VNET, so may be overridden in VNET jails
without affecting the rest of the system.

Discussed with: freebsd-arch@
Reviewed by: rmacklem, bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44906

defaults/rc.conf: Remove /usr/lib32 from ldconfig32_paths

Commit 99132daf6f70cb0cc969c555d3612547fa3cf1db prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.

Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752

rc: Set var_run_enable to enable by default

This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.

Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG

leapseconds: Update to the canonical place.

IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.

This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.

Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752

rc.conf: correct $ntp_leapfile_sources

IETF is no longer serving leap-seconds.list. Point at IANA instead.

This fixes "service ntpd fetch".

MFC after: 1 day

defaults: oomprotect sshd and local_unbound

Add sshd and local_unbound to the oom protected services.
syslogd is protected by default already, document it.

This was discussed on arch@, see
https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html

sshd is protected to be able to investigate and fix oom issues on systems
which don't have out-of-band console access.
local_unbound is protected as it may be enabled for local use and without
DNS a lot grinds to a halt (including sshd).

Relnotes: yes
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D42544

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

dumpdev: respect kenv for stable branches

We have somewhat twisted logic to determine actions for dumpdev
considering three sources of information:

* kenv "dumpdev" tunnable supposed to point to specific device;
* /etc/defaults/rc.conf "dumpdev" variable;
* /etc/rc.conf that may be unset or set to "NO", "AUTO" or device name.

For CURRENT without any setting in kenv or /etc/rc.conf
the default is "AUTO". For STABLE branches the default is "NO".

Current implementation breaks for STABLE branches if kenv points
to specific device but /etc/rc.conf does not set "dumpdev" at all.

Let us fix it commenting out "dumpdev" in /etc/defaults/rc.conf
for STABLE branches and making the code to consult kenv
if "dumpdev" is not set elsewhere.

MFC-after: 1 month

rc.conf: update comment referring to /etc/motd

rc.d: Generate machine-id from hostid_save

rc.d/hostid_save saves a UUID generated by rc.d/hostid in /etc/hostid.
Store the same UUID, without hyphens, in /etc/machine-id. The hypĥens
are removed with a shell function because hostid_save runs before file
systems are mounted so other tools may not be available yet.

This eliminates some duplication between hostid and machine-id and for
virtual machines machine-id now contains the UUID configured in the
hypervisor like it does on Linux.

Reviewed by: delphij
Discussed with: bapt
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38811

hostid: Generate random UUID by default

This way MAC addresses are no longer exposed.

Discussed with: bapt
MFC after: 3 days

rc.conf(5): describe what unbound(8) does

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/650

utx: Allow disabling user accounting

Make it possible to not run utx at boot.
Default to yes so this is a no-op for everyone.

Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38292

Add new rc: machine_id to generate /etc/machine-id

This new default-enabled rc will generate a /etc/machine-id file if it
does not exist, and pre-fill it with a newly generated UUID of version 4
[2].

The file is generated in /var/db/machine-id and symlinked to
/etc/machine-id to allow for read-only root partitions.

This file is amongst other things used by libraries like GLib.

Bump FreeBSD version 1400076 to be able to easily add support for older
version of FreeBSD via a package.

[1] Linux machine-id(5): https://www.man7.org/linux/man-pages/man5/machine-id.5.html
[2] f176fe8e7f638e585afcd2f4dd52a522c4648f63

Approved by: bapt
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37722

default rc.conf: Add new growfs_swap_size variable

Add new growfs_swap_size variable with a default value of the empty
string, along with comments on other settings. Used by the growfs
script.

Differential Revision: https://reviews.freebsd.org/D37464

sendmail: revert to use use NONE

The NONE parameter has been deprecated for more than 20 years
but was never removed, its useful to simplify the sendmail
management.

This reverts commit 7cadc5263887374c50c3e3f500ef6fb7b7c3dd98.

Add dnctl rc.d service

As PF now also supports dummynet but can not configure it on its own,
the service which configures pipes, queues and schedulers is needed.

Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D37451

othermta: remove leftover from 20 years ago

othermta (along with mta_start_script configuration entry in rc.conf)
was a mechanism used to be able to run another mta than sendmail(8) before
"rcng" time 20 years ago.

othermta has not been used since.

rc.sendmail: remove unused script

20 years ago the use of rc.sendmail script was dropped in favor
of /etc/rc.d/sendmail, it is time to retire the script entirely
now.

MFC after: 1 week

sendmail: Add back a comment about "NONE"

Differential Revision: https://reviews.freebsd.org/D37315

sendmail: do not use NONE

NONE is deprecated, instead of using NONE, switch to "NO" all
the sendmail_*_enable which sendmail_enable=NONE would have done

sendmail: document that sendmail_enable can be set to NONE

setting sendmail_enable to NONE (which is now the default)
turns all the sendmail_*_enable variables to NO

Reported by: many

mail: make The Dragonfly Mail Agent (dma) the default mta.

dma accepts mail from a local Mail User Agent (MUA) and delivers it
locally or to a smarthost for delivery. dma does not accept inbound
mail (i.e., it does not listen on port 25) and is not intended to
provide the same functionality as a full MTA like postfix or sendmail.
It is intended for use cases such as delivering cron(8) mail. which
is the default configuration and usage of sendmail in the default
setup of the base system.

In order to switch the default from sendmail to dma, we teach
mailwrapper to fallback on dma directly if the mailer.conf file cannot
be opened.
We install by default a mailer.conf file which points at dma
We install a mailer.conf file for sendmail in the examples.

Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D37035

rc(8): Add a zpoolupgrade rc.d script

If a zpool is created by makefs(8), its version is 5000, i.e., all
feature flags are off. Introduce an rc script to run `zpool upgrade`
over the assigned zpools on the first boot. This is useful to the
ZFS based VM images built from release(7).

Reviewed by: imp, markj, mav
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37282

libexec/rc: Add var_run rc script

Users with a tmpfs /var/run will lose the directory tree state of
/var/run at reboot. This rc script will optionally (by default)
capture the state of the directory structure in /var/run prior to
shutdown and recreate it at system boot.

Alternatively a user can save the state of the /var/run directories
manually using service var_run save and disable the autosaving of
/var/run state using the var_run_autosave variable, for those
paranoid SSD users.

PR: 259585, 259699
Reported by: freebsd@walstatt-de.de,
Reviewed by: philip, gbe (previous version)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36386

rc.conf: Fix a typo in a comment

- s/overriden/overridden/

MFC after: 3 days

rc: Add a zpoolreguid rc.d script

If one boots up multiple copies of a template VM image containing a
zpool, the pool GUIDs will be identical, making it impossible to, e.g.,
share datasets between them.

This diff introduces a simple workaround for the problem: one can use
the script to, upon first boot, assign a new GUID to one or more zpools.
This will be useful when building ZFS-based VM images from release(7).

Reviewed by: mav, allanjude, asomers
Reviewed by: Pau Amma (docs)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35336

rc.d/ggated: Simplify service script

- Use the standard *_flags variable for additional flags.
- Style: do not create unnecessary variables
- Do not set the defaults in the service script. This is what
/etc/defaults/rc.conf is for.
- Do not set additional flags via commands_args. ggated_flags are
already included in the final invocation. See rc.subr(8) for details.
- Document the meaning of ggated_config in /etc/defaults/rc.conf.

Approved by: eugen (src)
Fixes: c068632981eb Add ggated rc script
Differential Revision: https://reviews.freebsd.org/D34439

Add ggated rc script

Reviewed by: asomers, peterj
Submitted by: Johannes Totz <jo@bruelltuete.com>
Differential Revision: https://reviews.freebsd.org/D31709

etc/defaults/rc.conf: set default of zfskeys_enable to NO

This addresses the following boot message:
/etc/rc: WARNING: $zfskeys_enable is not set properly - see rc.conf(5).

Reported by: Mark Millard
Sponsored by: Modirum MDPay
Sponsored by: Klara Inc.
Fixes: bfb7a31b6a22 ("rc: Hook zfskeys to the build")
Fixes: 33ff39796ffe ("Add zfskeys rc.d script for auto-loading encryption keys")

libsoft: Remove runtime ldconfig support for libsoft

Remove the runtime support for running ldconfig at boot to cache lists
of libsoft libbraries.

Sponsored by: Netflix

etc/defaults/rc.conf: Add -i flag to rtsol/rtsold

This disables the random (between zero and one seconds) delay before
rtsol and rtsold send a a Router Solicitation packet. This delay is
specified as a SHOULD by RFC 4861 for avoidance of network congestion,
but network speeds have increased enough in the 25 years since this
first appeared (in RFC 1970) that it seems unnecessary as a default
at this point.

This speeds up the FreeBSD boot process by an average of 500 ms.

Reviewed by: kp
MFC after: 1 week
Relnotes: yes
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D33089

nfsd: Add a new rc variable nfs_server_maxio

Since vfs.nfsd.srvmaxio can only be set when nfsd.ko
is loaded, but nfsd is not running, setting it in
/etc/sysctl.conf is not feasible when "options NFSD"
was not specified for the kernel.

This patch adds a new rc variable nfs_server_maxio,
which sets vfs.nfsd.srvmaxio at the correct time.

rc.conf.5 will be patched separately.

Reviewed by: 0mp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32997

Retire synchronous PPP kernel driver sppp(4).

The last two drivers that required sppp are cp(4) and ce(4).

These devices are still produced and can be purchased
at Cronyx <http://cronyx.ru/hardware/wan.html>.

Since Roman Kurakin <rik@FreeBSD.org> has quit them, they no
longer support FreeBSD officially. Later they have dropped
support for Linux drivers to. As of mid-2020 they don't even
have a developer to maintain their Windows driver. However,
their support verbally told me that they could provide aid to
a FreeBSD developer with documentaion in case if there appears
a new customer for their devices.

These drivers have a feature to not use sppp(4) and create an
interface, but instead expose the device as netgraph(4) node.
Then, you can attach ng_ppp(4) with help of ports/net/mpd5 on
top of the node and get your synchronous PPP. Alternatively
you can attach ng_frame_relay(4) or ng_cisco(4) for HDLC.
Actually, last time I used cp(4) back in 2004, using netgraph(4)
instead of sppp(4) was already the right way to do.

Thus, remove the sppp(4) related part of the drivers and enable
by default the negraph(4) part. Further maintenance of these
drivers in the tree shouldn't be a big deal.

While doing that, remove some cruft and enable cp(4) compilation
on amd64. The ce(4) for some unknown reason marks its internal
DDK functions with __attribute__ fastcall, which most likely is
safe to remove, but without hardware I'm not going to do that, so
ce(4) remains i386-only.

Reviewed by: emaste, imp, donner
Differential Revision: https://reviews.freebsd.org/D32590
See also: https://reviews.freebsd.org/D23928

Remove obsolete amd(8) rc.conf configuration

The script that used these was removed in 13f7dbe822d5f along with amd
itself.

Fixes: 13f7dbe822d5 ("retire amd(8)")
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/548

pf: fallback if $pf_rules fails to load

Support loading a default pf ruleset in case of invalid pf.conf.

If no pf rules are loaded pf will pass/allow all traffic, assuming the
kernel is compiled without PF_DEFAULT_TO_DROP, as is the case in
GENERIC.

In other words: if there's a typo in the main pf_rules we would allow
all traffic. The new default rules minimise the impact of this.

If $pf_program (i.e. pfctl) fails to set $pf_fules and
$pf_fallback_rules_enable is YES we will load $pf_fallback_rules_file if
set, or $pf_fallback_rules.

$pf_fallback_rules can include multiple rules, for example to permit
traffic on a management interface.

$pf_fallback_rules_enable defaults to "NO", preserving historic behaviour.

man page changes by ceri@.

PR: 256410
Reviewed by: donner, kp
Sponsored by: semaphor.dk
Differential Revision: https://reviews.freebsd.org/D30791

devmatch: improve naming of devmatch config variable

Accept the old rc.conf variable if the new one is not present for
compatability.

Approved by: imp
Differential Revision: https://reviews.freebsd.org/D30806

Remove references to timed(8)

There are still references to timed(8) and timedc(8) in the base system,
which were removed in 2018.

PR: 255425
Reported by: Ceri Davies <ceri at submonkey dot net>
Reviewed by: ygy, gbe
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30232

Add support for adding default routes for other FIBs

Make rc.d/routing read defaultrouter_fibN and ipv6_defaultrouter_fibN, and
set it as the default gateway for FIB N, where N is from 1 to (net.fibs - 1)
This allows adding gateways for multiple FIBs in the same format as the main
gateway. (FIB 0)

Reviewed by: olivier, rgrimes, bcr (man page)
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D22706

Remove the redundant ipfilter IPv6 rc rules load.

As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
The ipf(8) -6 option has been a NOP since then. Currently the additional
ipf -6 load statement in rc.d/ipfilter simply added the second ipfilter
rules file to the table already populated by the previous ipf command.
Plenty of time has passed since ipfilter 5.1.2 was imported. It is time to
remove the option from rc.conf and the rc script.

Differential Revision: https://reviews.freebsd.org/D28615

nfs-over-tls: add rc scripts for rpc.tlsclntd and rpc.tlsservd

Add rc.d scripts that control the recently committed rpc.tlsclntd(8)
and rpc.tlsservd(8) daemons.

Reviewed by: gbe
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28432

Add support for the new mountd -R option.

r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.

This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.

Reviewed by: 0mp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26938

Replace literal uses of /usr/local with a variable

The variable defaults to "/usr/local", unless sysctl returns some other
value for "user.localbase".

The value of user.localbase defaults to _PATH_LOCALBASE as defined in
paths.h and thus this commit has no immediate effect.

The purpose of this change is to make /etc/defaults/rc.conf automatically
use the value of _PATH_LOCALBASE when not set to the default value.

Reviewed by: imp, scottl
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D27014

loader: zfs should support bootonce an nextboot

bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.

By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.

By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.

bootonce dataset name is recorded in boot pool labels, bootenv area.

in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.

bootonce and nextboot features are usable in both UEFI and BIOS boot.

To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).

At this time, only lua loader is updated.

Sponsored by: Netflix, Klara Inc.
Differential Revision: https://reviews.freebsd.org/D25512

Remove ldconfig_paths_aout from rc.conf after r362543

Approved by: imp
Differential Revision: https://reviews.freebsd.org/D25415

Make ICMP redirect processing depend on routing daemon.

Submitted by: lutz at donnerhacke.de
Reviewed by: melifaro,rgrimes
Differential Revision: https://reviews.freebsd.org/D23329

Add fsck_flags config option

On UFS with SU+J, sometimes fsck's default recovery from journal marks the
filesystem as clean but some errors remain.

With SU only, default fsck in preen mode sometimes thinks all errors have
been fixed but some still remain.

To address the issues above, this change adds a new config option:
fsck_flags. By default it's set to -p, but the user may change it to -y
or -f -y, for instance, to force a full fsck after a system crash.

Submitted by: jhibbits@ (original version)
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D24087

Create /etc/os-release file.

Each boot, regenerate /var/run/os-release based on the currently running
system. Create a /etc/os-release symlink pointing to this file (so that this
doesn't create a new reason /etc can not be mounted read-only).

This is compatible with what other systems do and is what the sysutil/os-release
port attempted to do, but in an incomplete way. Linux, Solaris and DragonFly all
implement this natively as well. The complete standard can be found at
https://www.freedesktop.org/software/systemd/man/os-release.html

Moving this to the base solves both the non-standard location problem with the
port, as well as the lack of update of this file on system update.

Bump __FreeBSD_version to 1300060

PR: 238953
Differential Revision: https://reviews.freebsd.org/D22271

Add 'linux_mounts_enable' rc.conf(5) variable, to make it possible
to disable mounting Linux-specific filesystems under /compat/linux
when 'linux_enable' is set to YES.

Reviewed by: netchild, ian (earlier version)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22320

add ability to set watchdog timeout for a shutdown

This change allows to specify a watchdog(9) timeout for a system
shutdown. The timeout is activated when the watchdogd daemon is
stopped. The idea is to a prevent any indefinite hang during late
stages of the shutdown. The feature is implemented in rc.d/watchdogd,
it builds upon watchdogd -x option.

Note that the shutdown timeout is not actiavted when the watchdogd
service is individually stopped by an operator. It is also not
activated for the 'shutdown' to the single-user mode. In those cases it
is assumed that the operator knows what they are doing and they have
means to recover the system should it hang.

Significant subchanges and implementation details:
- the argument to rc.shutdown, completely unused before, is assigned to
rc_shutdown variable that can be inspected by rc scripts
- init(8) passes "single" or "reboot" as the argument, this is not
changed
- the argument is not mandatory and if it is not set then rc_shutdown is
set to "unspecified"
- however, the default jail management scripts and jail configuration
examples have been updated to pass "jail" to rc.shutdown, just in case
- the new timeout can be set via watchdogd_shutdown_timeout rc option
- for consistency, the regular timeout can now be set via
watchdogd_timeout rc option
- watchdogd_shutdown_timeout and watchdogd_timeout override timeout
specifications in watchdogd_flags
- existing configurations, where the new rc options are not set, should
keep working as before

I am not particularly wed to any of the implementation specifics.
I am open to changing or removing any of them as long as the provided
functionality is the same (or very close) to the proposed one.
For example, I think it can be implemented without using watchdogd -x,
by means of watchdog(1) alone. In that case there would be a small
window between stopping watchdogd and running watchdog, but I think that
that is acceptable.

Reviewed by: bcr (man page changes)
MFC after: 5 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D21221

Move the SysV IPC stuff out of the 'abi' rc script, into a new one:
'sysvipc' - it has nothing to do with ABIs, and I'd like to later
rename 'abi' to 'linux', which better describes its purpose and also
matches the rcvar name.

Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21615

Allow the hostapd program to be specified. This allows users to use
hostapd from ports instead of the one in base. The default is the hostapd
in base.

PR: 238571
MFC after: 1 week

Change ed(4), ep(4), and fxp(4) examples to em(4).

ed(4) and ep(4) have been removed. fxp(4) remains popular in older
systems, but isn't as future proof as em(4).

Reviewed by: bz, jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D20311

Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf

Reported by: Andrey Fesenko
X-MFC after: r345450

Add rc.d support for ippool(8).

I've been using ippool at my site for approximately two years. It's
about time this was committed.

PR: 218433
MFC after: 2 weeks

Extend descriptions and comments about the need to create /etc/pf.conf.

FreeBSD removed the default /etc/pf.conf file in previous releases, but
the documentation kept mentioning it like any other file present in the
system. Change pf.conf(5) to mention in the description of the default
ruleset location that this file needs to be created manually. Also, the
default rc.conf file had it's comment extended a bit to let people know
that this file does not exist by default.

PR: 231977
Submitted by: koobs@
Reviewed by: kp@, 0mp@
Approved by: kp@
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D19530

Remove iBCS2, part1: userspace

iBCS2 was disconnected from the build in 2015 (see r291419)

bsdconfig parts submitted by dteske.

Reviewed by: kib (previous version)
Sponsored by: The FreeBSD Foundation

Move definition of $jail_conf variable to /etc/defaults/rc.conf
from jail startup script so it can be successfully queried
with the command "sysrc jail_conf".

MFC after: 1 month

Add new rc keywords: enable, disable, delete

This adds new keywords to rc/service to enable/disable a service's
rc.conf(5) variable and "delete" to remove the variable.

When the "service_delete_empty" variable in rc.conf(5) is set to "YES"
(default is "NO") an rc.conf.d file (in /etc/ or /usr/local/etc) is
deleted if empty after modification using "service $foo delete".

Submitted by: lme (modified)
Reviewed by: 0mp (previous version), lme, bcr
Relnotes: yes
Sponsored by: Smule, Inc.
Differential Revision: https://reviews.freebsd.org/D17113

Add default value for local_unbound_tls + fix nearby style bugs.

Reported by: bcran@
MFC after: 3 days

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)