libpam: Move to a new "pam" package
OpenPAM is a discrete, largely self-contained system component.
Users may not need PAM for many use-cases (e.g. jails, containers),
so move it to its own package.
Use LIB_PACKAGE to create a separate pam-lib package for libpam,
so that applications that support PAM don't need to bring in all
the PAM modules if PAM isn't actually in use.
Add pam to the minimal sets, since this is a core system component that
people expect to be installed. This means all supported installation
methods will install the PAM modules by default, so don't add explicit
dependencies on the PAM modules from things that use PAM (e.g. runtime),
allowing custom/embedded systems to omit these easily.
This change adds a new package to the system so, until we have a proper
policy on how to handle this in release/stable branches, it should not
be MFC'd.
[5 lines not shown]
libpam: Don't put man8 in the dev package
These are user-facing manpages, but were installed in the runtime-dev
package since the PAM modules use bsd.lib.mk. Use MANNODEV instead of
MAN to put them in the base runtime package instead.
Fixes: 031e711647c3 ("packages: Install development manpages in the -dev package")
MFC after: 3 days
Reviewed by: bapt
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53601
bsdinstall: Fix newfs bsddialog menu
The second and third members of struct bsddialog_menuitem are `bool on`
and `unsigned int depth`. The newfs dialog options in bsdinstall's
partition tool had these two swapped, so the default selection did not
work.
PR: 290857
Reviewed by: asiciliano
Fixes: 50e244964e9b ("bsdinstall/partedit: Replace libdialog with libbsddialog")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53639
(cherry picked from commit 4e36942420712c2ab6ebc2c646e61d47b2b68e7b)
newfs_msdos: Improve error messages
- Report overly long OEM string as too long, not just "bad".
- Use warn instead of warnx for open or ftruncate failure to report the
error string.
Reviewed by: se
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53649
sysutils/waitforssh: New port: Wait for a target to be up and running using SSH
waitforssh is a lightweight utility, written in POSIX shell, that waits
for a target to be up and running via SSH and, if so, executes a command.
kern: RACCT: Keep process credentials alive via references
In system calls changing process credentials, on RACCT, calls to
racct_proc_ucred_changed() must be issued on the new credentials.
Currently, this is done after the new credentials have been installed on
the process via proc_set_cred() or proc_set_cred_enforce_proc_lim(),
which modifies 'p_ucred'. Only the process lock guarantees that the new
credentials pointed to by 'p_ucred' cannot themselves be concurrently
modified, which would cause their 'struct ucred' to potentially lose its
last reference from the process before the call to
racct_proc_ucred_changed(), which needs one.
For better code understandability and to avoid errors in future
modifications, stop relying on proc_set_cred*() storing the passed
'struct ucred' in the process 'p_ucred' and on the process lock to avoid
the reference taken by proc_set_cred*() to vanish. Instead, ensure that
a reference is held when racct_proc_ucred_changed() is called.
As racct_proc_ucred_changed() is actually passed explicit pointers to
[24 lines not shown]
