libsys: install manpage links for jail_attach_jd/jail_remove_jd
This was a minor oversight from their introduction.
Commit message by kevans@.
Fixes: 851dc7f859c23 ("jail: add jail descriptors")
Reviewed by: kevans
15.0: Add BETA5 to schedule
Package set builds are ongoing; I'm going to call this week BETA5 but
hopefully next week we can have RC1.
With hat: re (cperciva)
Sponsored by: https://www.patreon.com/cperciva
random: CTASSERT check sizeof random_source_descr[]
Ensure that the number of elements of random_source_descr[]
and fxrng_ent_char[] matches that of enum random_entropy_source.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D53255
(cherry picked from commit 8bd9a9e9e4cb3e293c1639319692ce201eb8fc53)
etc/mtree/BSD.include.dist: Remove libipt-dev
This package only exists on amd64, which means on other platforms we
produce an empty package containing nothing but this directory, and
without a base package (libipt) that package fails to install due to
a missing dependency.
For now, fix this by removing the libipt-dev package tag, which moves
this directory to clibs.
Approved by: re (cperciva)
Fixes: 436618a427b4 ("etc/mtree: Add package tags for /usr/include")
Reported by: cperciva
MFC after: 3 seconds
(cherry picked from commit 2a8a6179eb6cef8ba1a417a4c8a1f7063c704533)
(cherry picked from commit ccd948829cc8e2456123fbafcb694261f0109d94)
release: Don't try to fetch distfiles for pkgbase
In order to comply with the require that GCE images must include their
source code, we fetch distfiles for all of the packages installed into
GCE images. This fails for obvious reasons for packages with an origin
of base/*; filter those out to generate the list to fetch.
Approved by: re (cperciva)
Reviewed by: ivy
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53568
(cherry picked from commit 05b3a45cd065c93cc1262d31675e3e102784400a)
(cherry picked from commit 92ab9516c8a5d196b60ac8f6df777de745aaa219)
release: GCE builds depend on ftp
GCE images are required by Google to include their source code; we do
this by extracting {src,ports}.txz into the images, from the (legacy)
distribution sets.
Make sure those distribution sets actually exist.
Approved by: re (cperciva)
Reviewed by: ivy
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53567
(cherry picked from commit 7f536b1c1146c4bc5cde336e1fe7a083f2874f11)
(cherry picked from commit a1b00e368926198a163015bfe21171f2d582c703)
vmimage.subr: pkg autoremove after pkg install
A bug in pkg, which somehow only surfaced as a consequence of pkgbase,
results in pkg install sometimes pulling in false dependencies. This
problem might be limited to cases when the lib32 pkgbase packages are
not installed. In the case of EC2 "small" images, installing the
ebsnvme-id package results in binutils, gcc12-devel, gmp, indexinfo,
liblz4, mpc, mpfr, and zstd packages being installed.
These false dependencies are however not recorded as dependencies --
at some level pkg does understand that they're not needed -- so running
pkg autoremove immediately after pkg install cleans them up.
Note: This does not remove lines from METALOG corresponding to these
packages, and makefs emits an error when it attempts to create the
filesystem but cannot find the files listed in METALOG -- but makefs
does seem to complete normally despite the error messages.
This change should be reverted once the pkg issue has been located and
[10 lines not shown]
Makefile.incl1: .WAIT before distribute in etc
In order to make sure that man pages are all installed before we run
makewhatis to generate mandoc.db files, we have long placed etc at the
end of the list of subdirectories being recursed into by the build.
In order to support installworld -jN, a .WAIT was more recently added
here.
With the recent adoption by the release engineering team of parallel
*release* builds (aka 'make release -jN') it is now also necessary to
add the same .WAIT before recursing for the 'distribute' target, as we
otherwise end up with distribution sets containing incomplete mandoc.db
files.
Approved by: re (cperciva)
Reviewed by: bdrewery
PR: 289683
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
[4 lines not shown]
setcred(): Fix RACCT resource accounting on credentials change
When credentials are changed, we need to adjust the sum of resources
associated to the initial and new process' user IDs (and old and new
login classes and jails, but setcred() does not change them) for them to
stay consistent.
Approved by: re (cperciva)
PR: 290352
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53457
(cherry picked from commit 2be5127c4a31bacac9b4158395bfa844f6033626)
(cherry picked from commit 2e76660cb71dc113a4f4e0eb05eb190d7fc99e7f)
kern: Fix credentials leaks on RACCT but no RCTL
Affected system calls: setuid(), setreuid(), setresuid(), jail_attach(),
setloginclass().
In these system calls, the crhold() calls that, on RACCT, make the
just-installed process credentials survive a concurrent change of the
same credentials just after PROC_UNLOCK() were not matched by
a corresponding crfree() when RCTL is off. In fact, in that latter
case, they are simply not necessary, so wrap them with '#ifdef RCTL'
stances. 'kern_rctl.c' causes a compile error if RACCT is not defined
but RCTL is, so ease reading by not nesting '#ifdef's.
Approved by: re (cperciva)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53456
(cherry picked from commit f4315ff8b3fee71eb0098864a84618f2f8ba85d5)
(cherry picked from commit 4db768b01cd78666949bbd67ba611e9e47ed710d)
pf: improve DIOCRCLRTABLES validation
Unterminated strings in the anchor or name could cause crashes.
Validate them, and add a test case.
Approved by: re (cperciva)
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 1da3c0ca5b1decaa9cf55859cd134bdcd1218116)
(cherry picked from commit 909528f8a13004e15c08c4793a6a349716f90447)
pf: improve add state validation
Both for the DIOCADDSTATE ioctl and for states imported through pfsync packets.
Add a test case to exercise this code path.
Approved by: re (cperciva)
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit faacc0d968816cf8714c974b6d8df6191cfb0e0d)
(cherry picked from commit 4891e6f1c0ee9d81ca36b9d74d8ef4ef20690621)
fusefs: Fix intermittency in the BadServer.ShortWrite test case
We were using the m_quit bit for two similar but distinct uses:
* To instruct the server to quit
* To cope with the kernel forcibly unmounting the fs
Fix the intermittent test failure by adding a separate bit,
m_expect_unmount, to handle cases like the latter.
Approved by: re (cperciva)
Reported by: Siva Mahadevan <me at svmhdvn.name>
MFC after: 1 week
Revied by: Siva Mahadevan <me at svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D53357
(cherry picked from commit d86025c1d49c84c4dc8c3635c83c078ad56e5a53)
(cherry picked from commit f0cf086c05d86f962d259895bcb50ba8ca4c10e0)
fusefs: fix intermittency in the BadServer.ShortWrite test
This test implicitly depended on the order in which two threads
completed. If the test thread finished first, the test would pass. But
if the mock file system thread did, it would attempt to read from an
unmounted file system, and fail. As a result, the test would randomly
fail once out of every several thousand executions. Fix it by telling
the mock file system's event loop to exit without attempting to read any
more events.
Approved by: re (cperciva)
Reported by: Siva Mahadevan <me at svmhdvn.name>
MFC after: 1 week
Reviewed by: Siva Mahadevan <me at svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D53080
(cherry picked from commit d1bd541b385d49d2ae3a8bad9df72779b606e208)
(cherry picked from commit a1c3537148a59f6a1c86ebcb686b2e2c8e404b5f)
fusefs: respect the server's FUSE_SETXATTR_EXT flag
FUSE protocol 7.33 extended the FUSE_SETXATTR request format. But the
extension is optional. The server must opt-in by setting the
FUSE_SETXATTR_IN flag during FUSE_INIT. We were wrongly using the
extended format for any server using protocol 7.33 or later.
Approved by: re (cperciva)
PR: 290547
Co-authored-by: CismonX <admin at cismon.net>
Fixes: d5e3cf41e89 ("fusefs: Upgrade FUSE protocol to version 7.33")
MFC after: 3 days
(cherry picked from commit e8449c0e0fcb8a3eb5872cbee5c3dde4b05a5f50)
(cherry picked from commit a23bd71deaad478cbe41ae756b96ea7a32537311)
libkadm5clnt: Fix library symlink install
libkadm5clnt_mit installs a symlink from libkadm5clnt.so for backward
compatibility, but it neglected to include the package tags, so the
symlink was missing from pkgbase builds. Add ${DEV_TAG_ARGS} to the
install command.
Approved by: re (cperciva)
Reported by: Mark Millard <marklmi at yahoo.com>
MFC after: 1 day
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53574
(cherry picked from commit 707507c27f69f16de0ce3efee21b20d4f76328f8)
(cherry picked from commit dd9ba3201b1c46a9412b499289e65f5ebebb6ee5)
libcasper: Move everything to the libcasper package
The libcasper package exists to contain libcasper, but for some reason
only the libcap_net service was in the package, with libcasper itself
and the rest of the services being in runtime. Move everything to the
libcasper package, except tests which stay in the tests package.
Approved by: re (cperciva)
MFC after: 1 day
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53576
(cherry picked from commit b8697ac70ebfce2d8e3df6c67bbf37910793b199)
(cherry picked from commit 25eb50f68bd59c28364fd187e935885e6e360f17)
