The tight limit of 2176M for other 64-bit architectures was not enough for
sparc64. On 64-bit systems we can afford to be a bit more generous.
login.conf merges are always a bit fiddly.
ok jca sthen
relayd supports interface name, DNS hostname or interface group at
listen on but it binds only to the first discovered IP address which is
usually IPv4.
Here I changed parser to create a dedicated listener for each discovered
and confiugred on a local inerface address.
This means that listen on egress port 80 binds to all IPv4 and IPv6
addresses on the egress group.
OK: rsadowski@
See unbound r1.10 and r.11 for context; in base only unbound and spamlogd
use getopts and the problem is in rc.subr's getopts, parsing options when
the service script is used directly: /etc/rc.d/unbound [-dqf] ...
Reset getopts in rc.subr once for anything that comes afterwards instead of
in every script using it.
'rcctl [-dqf] ...' and netstart are not affected as they run rc.subr in its
own process and use FUNCS_ONLY=1, respectively.
tested by obsd@mulh.net
OK aja
ksh(1)'s OPTIND is global and only saved/restored for `function' style functions.
That means passing, e.g. -d to rcctl(8) would leave OPTIND=2 for rc_pre() in
rc.subr(8) scripts using getopts, thus starting (continuing, really) parsing
options at the second argument.
maxpartitions value. It is expected things using this will set it to 16,
and it creates less inodes for the disk entries.
This is intentionally not documented since only a few install media need
this, and use of it is discouraged.
ok visa
to 52. That will happen to most or all architectures, but we don't
need to so yet.
I'm also considering adding a environment-variable knob to be used on
a single MAKEDEV run which wants to avoid the extra node creations,
as a way to help out some tight install media (only a few of those)
A differing -c argument breaks rc_pre()'s assumption about it;
the trust anchor file is equally hard coded, possibly not matching.
Use ksh(1)'s getopts to peek into daemon_flags use that if found.
Report and initial diff from obsd@mulh.net on bugs@
tweaks kn
OK sthen
If LOGIN_SETXDGENV is passed in the flags, ensure the presence and
usability of a runtime directory dedicated to <uid>. Set the
XDG_RUNTIME_DIR variable only if the directory is usable.
With feedback from deraadt@, matthieu@ and guenther@.
ok deraadt@ robert@
When using SEV-enabled VMs, we let vmd(8) launch the kernel directly.
With this, we do not have to trust a firmware like OVMF. However,
with this approach, sysupgrade(8) can not be used as the kernel
resides outside the VM in the host file system. Thus maintainig
SEV-enabled VMs is hard.
With vmboot, we use a small ramdisk kernel that runs the actual
kernel using the kexec facility. vmboot can be launched directly
by vmd(8). The actual kernel is loaded from the disk image of the
SEV-enabled VM. With this, sysupgrade(8) can be used, and there
is no need for additional firmware.
This approach is similar to vmboot for powerpc64 and octeon.
Discussed with bluhm@ for a while.
ok mlarkin@
Then use this in MAKEDEV.common and MAKEDEV.mi for various places to
create the right number of partitions (a-p or a-zA-Z) as required.
reviewed mostly by krw and sthen
There could still be some glitches. This is being done step by step,
because I hope to cross some architectures at different times because
some of them have "emulated disklabels" which could be tricky.
for all disks which currently have a block '*a' partition. We don't
need this quite yet, but having it ahead of time in 7.8 might help
someone when we do transition during 7.8-current.
ok krw
returns false positives in an attempt to encourage users to deconfigure
it. As this was the only list in the default spamd.conf, and the linked
wikipedia page that used to show other lists was removed in April 2024,
the default spamd.conf doesn't really seem useful any more, so remove it.
Pointed out by Peter Hansteen. ok phessler@
happens, the first device nodes for the "first drive" of a family (sd or wd or
whatever) remain the same, but higher ones change in inconvenient ways, which
affects the root partition. This change creates /dev/root and /dev/rroot nodes
which match the FUTURE dev_t layout, so that a user can fix their machine.
We think this cross-over is going to be transparent for sysupgrade users, and
users who build will have a good scheme for manual repair.
ok krw kettenis florian
Regression fix for r1.225 from 2022: dry-run mode wouldn't show how IPv6
routes are set up since I accidentially skipped the entire ip6routes() call,
although the function itself already handles -n aka. PRINT_ONLY.
OK deraadt
deraadt