#
ffbaa453 |
|
07-May-2024 |
Mark Johnston <markj@FreeBSD.org> |
bsdinstall: Stop loading cryptodev for ZFS installations - zfs depends on the crypto module, not cryptodev, and most arm64 kernel configs include std.dev, which includes "device crypto" anyway. - This config works around a problem with kldxref lacking cross-target support, but that has since been fixed. - Loading cryptodev creates /dev/crypto, which gives unprivileged users access to the kernel's opencrypto framework. Very few applications need it, so we're needlessly increasing the kernel's surface area. Thus, stop auto-loading cryptodev. Reviewed by: kevans, allanjude, des Differential Revision: https://reviews.freebsd.org/D45127
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
9ed05409 |
|
17-Sep-2020 |
Kyle Evans <kevans@FreeBSD.org> |
Revert r361257: bsdinstall: do a `certctl rehash` upon installation [...] As of r365829, any given base distribution set will now include the /etc/ssl symlinks that this rehash would've otherwise installed. This extra step is no longer required. MFC after: 1 week X-MFC-With: r365837
|
#
60403b98 |
|
25-Aug-2020 |
Ryan Moeller <freqlabs@FreeBSD.org> |
bsdinstall: Update loader.conf for new OpenZFS deps zfs.ko now includes the SPL but relies on cryptodev instead. Reported by: D Scott Phillips Sponsored by: iXsystems, Inc.
|
#
1840a4fa |
|
19-May-2020 |
Kyle Evans <kevans@FreeBSD.org> |
bsdinstall: do a `certctl rehash` upon installation of configuration If certctl is installed on the system we're configuring, do a certctl rehash. Note that certctl may not be present if the world we've installed was built either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't currently see if the host has a certctl as this may be an indication that the system *shouldn't* have certs installed into /etc/ssl. Reviewed by: allanjude, dteske MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D24640
|
#
e7a71e6d |
|
02-Oct-2019 |
Glen Barber <gjb@FreeBSD.org> |
Add a comment explaining why the opensolaris_load line in loader.conf is explicitly added. Requested by: rgrimes MFC after: 3 days MFC with: r353004 Sponsored by: Rubicon Communications, LLC (Netgate)
|
#
8cdae52e |
|
02-Oct-2019 |
Glen Barber <gjb@FreeBSD.org> |
Explicitly add opensolaris_load="YES" to loader.conf through the installer when installing the system on a ZFS root filesystem. For arm64, zfs_load="YES" does not add opensolaris.ko as a kld dependency, so add it explicitly to prevent boot-time failures out-of-box. PR: 240478 MFC after: 3 days Sponsored by: Rubicon Communications, LLC (Netgate)
|
#
33a5ef35 |
|
20-Sep-2018 |
Mark Johnston <markj@FreeBSD.org> |
Fix variable name typo in the bsdinstall ttys hardening code. Submitted by: Jörg Pernfuß <code.jpe@gmail.com> Reviewed by: allanjude, dab, emaste Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D12476
|
#
c12530ca |
|
11-Sep-2017 |
Ed Maste <emaste@FreeBSD.org> |
Ignore error return from newaliases(1) This was originally added as "exit $SUCCESS" but with nothing to set the SUCCESS variable. Thus it became an exit with no argument, which just exits with the status of the preceding command. MFC after: 3 days Sponsored by: The FreeBSD Foundation
|
#
82ec242f |
|
05-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add option to bsdinstall to disable insecure console, update stack guard option This patch adds new bsdinstall option to hardening section that allows users to change this behaviour to secure one and updates stack guard option so it would set the value of relevant sysctl to 512 (2MB) Submitted by: Bartek Rutkowski Reviewed by: adrian, bapt, emaste Approved by: bapt, emaste MFC after: 1 day Sponsored by: Pixeware LTD Differential Revision: https://reviews.freebsd.org/D9700
|
#
98b9d384 |
|
20-Jun-2017 |
Steven Hartland <smh@FreeBSD.org> |
Fixed bsdinstall location of vfs.zfs.min_auto_ashift vfs.zfs.min_auto_ashift is a sysctl only not a tunable so updated bsdinstall to use the correct location /etc/sysctl.conf instead of /boot/loader.conf Reported by: Aaron Caza Reviewed by: allanjude MFC after: 2 days Sponsored by: Multiplay Differential Revision: https://reviews.freebsd.org/D11278
|
#
0e3f233f |
|
15-Jul-2016 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add new System Hardening menu and options to bsdinstall. This patch add new 'hardening' file responsible for new bsdinstall 'System Hardening' menu allowing users to set some sane and carefully picked system security options (like random process id's, hiding other users/groups processes and others). All options are OFF by default in this patch due to POLA principle with intention to turn change some of them to ON by default in future. Reviewed by: adrian, allanjude, bdrewery, nwhitehorn Approved by: adrian, allanjude MFC after: 7 days
|
#
fef95330 |
|
11-Sep-2015 |
Devin Teske <dteske@FreeBSD.org> |
Update copyrights MFC after: 3 days X-MFC-to: stable/10
|
#
ff7b134c |
|
11-Sep-2015 |
Devin Teske <dteske@FreeBSD.org> |
Ignore error results from newaliases(1) MFC after: 3 days X-MFC-to: stable/10
|
#
6e15678a |
|
13-Sep-2014 |
Nathan Whitehorn <nwhitehorn@FreeBSD.org> |
Add ZFS support to the bsdinstall partition editor and sade. Submitted by: Kurt Lidl (original version) MFC after: 6 weeks
|
#
a7fb3c62 |
|
16-Dec-2013 |
Devin Teske <dteske@FreeBSD.org> |
Mask error from newaliases(1) when the hostname is not fully qualified. MFC after: 3 days
|
#
cd28e9c5 |
|
08-Nov-2013 |
Devin Teske <dteske@FreeBSD.org> |
I often forget that debugFile can begin with a + for deciding that debug should be sent to both the file (minus the leading +) and stdout.
|
#
66fd3214 |
|
08-Nov-2013 |
Devin Teske <dteske@FreeBSD.org> |
Copy the install log to the deployed /var/log directory so that we have post-mortem data on how the machine was configured/installed.
|
#
9e513d31 |
|
08-Nov-2013 |
Devin Teske <dteske@FreeBSD.org> |
Semi-revert this one file out of r257842. The ttys(5) stuff, as we discussed on -current, was not supposed to go in but get solved in a different way -- e.g., init(8) logic). Discussed on: -current
|
#
bc4a673f |
|
08-Nov-2013 |
Devin Teske <dteske@FreeBSD.org> |
A series of changes tested together as a whole: + Add a `-D FILE" command-line option for overriding the path to the bsdinstall log file (BSDINSTALL_LOG env var). + Document new `-D FILE' in the man page for bsdinstall. + If FILE in `-D FILE' begins with a +, debug output goes to stdout (interleaved between dialog(1) invocations/output) as well as to FILE (minus the leading + of course). + If BSDINSTALL_LOG cannot be written, then debugging is disabled (except in the case of a leading + in the pathname, wherein debug will still be printed to stdout). + Update source code formatting style. + Fix a dangling participle ("Begun ..." -> "Began ...") + Rewrite the docsinstall script (was necessary to abate direct dependency on BSDINSTALL_LOG (instead, use fault-tolerant bsdconfig framework which displays appropriate errors for package management). NB: docsinstall is still using pkg(8) after this change. + Add additional debug output for dhclient/rtsol/wpa_cliscan + Display script errors in a textbox rather than just on stdout + Update many coments. + Add new f_show_err() API call (like f_show_msg but changes the dialog title to "Error")(see bsdconfig's `common.subr'). + Add new f_eval_catch() API call for executing a command via eval but not before logging the command to debug. Several example cases documented in API header for function in bsdconfig's `common.subr'. + Fix dialog auto-sizing when launched as an rvalue to a pipe for indirected scripts (previously would default to 24x80 sizing in this case, now it can autosize to full size even when in a pipe chain). + Fix bug in f_snprintf if $format argument began with "-"; printf would misinterpret as a flag. (this is in bsdcofig's `strings.subr'). + Add accompanying f_sprintf() and f_vsprintf() to go along with already existing f_snprintf() and f_vsnprintf() (see bsdconfig's `strings.subr'). + Remove some unnecessary default ZFS datasets from the automatic "zfsboot" script. Such as: /usr/ports/distfiles /usr/ports/packages /usr/obj /var/db /var/empty /var/mail and /var/run (these can all be created as-needed once the system is installed). + Remove setuid=off for /usr/home (as discussed from last round of CFT). + Fix some i18n string violations in "zfsboot". + Bolster debugging output in "zfsboot". + Fix some string quoting issues in "zfsboot". + Fix some variable scope issues in "zfsboot". + Change "Create" to "Install" in "zfsboot" main menu. + Increase error checking in "zfsboot" (type-check arguments and such). + Add call to "graid destroy" killing automatic metadata (part of the series of pedantic destructions we do when bootstrapping a new/naked disk). + Make judicious use of new f_eval_catch() in "zfsboot". + Fixup some variable names for consistency (zfsboot). + Fix an underride syntax parameter expansion folly (zfsboot). + Confirm layout if not explicitly chosen when blindly proceeding (no longer have to touch anything on the ZFS menu if it scares you, just choose the omnibus "Install" option at the top and you'll be prompted to select vdev type and disks in the layout confirmation dialog). + Change numbered menu items to alphabetic for more efficient navigation. + Consolidate vdev selection and disk selection into a single stateful menu which performs validation and allows backing out to each previous menu as you go deeper. + Redesign the ``Last Chance'' dialog (still using the same colors, but make it conform to a tolerable width and make disks appear in a block- quote style indented region). + Fix a bug wherein we used the a lowercase variable name by accident (actual variable name declared as all-uppercase) at the time of initializing fstab(5) (not believed to cause any issues though). + Update the geli setup infobox for each provider being initialized (not just at the onset -- since each ``geli init'' causes kernel messages to push our infobox off-screen). Reviewed by: Allan Jude <freebsd@allanjude.com> Discussed on: -current MFC after: 3 days
|
#
cd88b886 |
|
11-Oct-2013 |
Devin Teske <dteske@FreeBSD.org> |
Add zfsboot module as an option for automatic configuration. Default is to run interactively but it can be scripted too (optinally completely non-interactive). Currently supports GELI and all ZFS vdev types. Also performs validation on selections/settings providing error messages if necessary, explaining (in plain language) what the issue is. Currently the auto partitioning of naked disks only supports GPT and MBR (VTOC8 pending for sparc64), so is only available for i386/amd64 install. Submitted by: Allan Jude <freebsd@allanjude.com>, myself Reviewed by: Allan Jude <freebsd@allanjude.com> Approved by: re (glebius)
|
#
d71e85ce |
|
13-Jul-2011 |
Nathan Whitehorn <nwhitehorn@FreeBSD.org> |
Run newaliases at the end of the install process. Submitted by: kevlo
|
#
2118f387 |
|
18-Feb-2011 |
Nathan Whitehorn <nwhitehorn@FreeBSD.org> |
Import bsdinstall. This is meant to be (eventually in conjunction with pc-sysinstall) a replacement for sysinstall in the 9.0 release and beyond. Currently supported platforms are sparc64, pc98, i386, amd64, powerpc, and powerpc64. Integration into the build system will occur in the coming weeks. Merging with pc-sysinstall will use this code as a frontend, while temporarily retaining the interactive partition editor here. This work will be done in parallel with improvements on this code and release integration. Thanks to all who have provided testing and comments!
|