Add required files from FreeBSD 13.1 base release, update config

CHANGELOG

@@ -3,6 +3,7 @@
 ======================
 Version    Description
 
+1.1.15......Add required files from FreeBSD 13.1 base release, update config.
 1.1.14......Automatically deal with spaces on the fstab utility.
 1.1.13......Cosmetic changes, add note about space escaping in fstab.
 1.1.12......Fix for PHP 8.1 compatibility.

conf/bastille.conf.ext

@@ -25,5 +25,6 @@ bastille_network_gateway=""
 bastille_template_base="default/base"
 bastille_template_empty=""
 bastille_template_thick="default/thick"
+bastille_template_clone="default/clone"
 bastille_template_thin="default/thin"
 bastille_template_vnet="default/vnet"

conf/system/freebsd-update/13.1/freebsd-update.conf

@@ -0,0 +1,79 @@
+# $FreeBSD$
+
+# Trusted keyprint.  Changing this is a Bad Idea unless you've received
+# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
+# change it and explaining why.
+KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
+
+# Server or server pool from which to fetch updates.  You can change
+# this to point at a specific server if you want, but in most cases
+# using a "nearby" server won't provide a measurable improvement in
+# performance.
+ServerName update.FreeBSD.org
+
+# Components of the base system which should be kept updated.
+Components src world kernel
+
+# Example for updating the userland and the kernel source code only:
+# Components src/base src/sys world
+
+# Paths which start with anything matching an entry in an IgnorePaths
+# statement will be ignored.
+IgnorePaths
+
+# Paths which start with anything matching an entry in an IDSIgnorePaths
+# statement will be ignored by "freebsd-update IDS".
+IDSIgnorePaths /usr/share/man/cat
+IDSIgnorePaths /usr/share/man/whatis
+IDSIgnorePaths /var/db/locate.database
+IDSIgnorePaths /var/log
+
+# Paths which start with anything matching an entry in an UpdateIfUnmodified
+# statement will only be updated if the contents of the file have not been
+# modified by the user (unless changes are merged; see below).
+UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
+
+# When upgrading to a new FreeBSD release, files which match MergeChanges
+# will have any local changes merged into the version from the new release.
+MergeChanges /etc/ /boot/device.hints
+
+### Default configuration options:
+
+# Directory in which to store downloaded updates and temporary
+# files used by FreeBSD Update.
+# WorkDir /var/db/freebsd-update
+
+# Destination to send output of "freebsd-update cron" if an error
+# occurs or updates have been downloaded.
+# MailTo root
+
+# Is FreeBSD Update allowed to create new files?
+# AllowAdd yes
+
+# Is FreeBSD Update allowed to delete files?
+# AllowDelete yes
+
+# If the user has modified file ownership, permissions, or flags, should
+# FreeBSD Update retain this modified metadata when installing a new version
+# of that file?
+# KeepModifiedMetadata yes
+
+# When upgrading between releases, should the list of Components be
+# read strictly (StrictComponents yes) or merely as a list of components
+# which *might* be installed of which FreeBSD Update should figure out
+# which actually are installed and upgrade those (StrictComponents no)?
+# StrictComponents no
+
+# When installing a new kernel perform a backup of the old one first
+# so it is possible to boot the old kernel in case of problems.
+# BackupKernel yes
+
+# If BackupKernel is enabled, the backup kernel is saved to this
+# directory.
+# BackupKernelDir /boot/kernel.old
+
+# When backing up a kernel also back up debug symbol files?
+# BackupKernelSymbolFiles no
+
+# Create a new boot environment when installing patches
+# CreateBootEnv yes

conf/system/include/13.1/jib

@@ -0,0 +1,418 @@
+#!/bin/sh
+#-
+# Copyright (c) 2016 Devin Teske
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD: releng/12.1/share/examples/jails/jib 339977 2018-10-31 23:07:47Z dteske $
+#
+############################################################ IDENT(1)
+#
+# $Title: if_bridge(4) management script for vnet jails $
+#
+############################################################ INFORMATION
+#
+# Use this tool with jail.conf(5) (or rc.conf(5) ``legacy'' configuration) to
+# manage `vnet' interfaces for jails. Designed to automate the creation of vnet
+# interface(s) during jail `prestart' and destroy said interface(s) during jail
+# `poststop'.
+#
+# In jail.conf(5) format:
+#
+# ### BEGIN EXCERPT ###
+#
+# xxx {
+# 	host.hostname = "xxx.yyy";
+# 	path = "/vm/xxx";
+# 
+# 	#
+# 	# NB: Below 2-lines required
+# 	# NB: The number of eNb_xxx interfaces should match the number of
+# 	#     arguments given to `jib addm xxx' in exec.prestart value.
+# 	#
+# 	vnet;
+# 	vnet.interface = e0b_xxx, e1b_xxx, ...;
+# 
+# 	exec.clean;
+# 	exec.system_user = "root";
+# 	exec.jail_user = "root";
+# 
+# 	#
+# 	# NB: Below 2-lines required
+# 	# NB: The number of arguments after `jib addm xxx' should match
+# 	#     the number of eNb_xxx arguments in vnet.interface value.
+# 	#
+# 	exec.prestart += "jib addm xxx em0 em1 ...";
+# 	exec.poststop += "jib destroy xxx";
+# 
+# 	# Standard recipe
+# 	exec.start += "/bin/sh /etc/rc";
+# 	exec.stop = "/bin/sh /etc/rc.shutdown";
+# 	exec.consolelog = "/var/log/jail_xxx_console.log";
+# 	mount.devfs;
+#
+# 	# Optional (default off)
+# 	#allow.mount;
+# 	#allow.set_hostname = 1;
+# 	#allow.sysvipc = 1;
+# 	#devfs_ruleset = "11"; # rule to unhide bpf for DHCP
+# }
+#
+# ### END EXCERPT ###
+#
+# In rc.conf(5) ``legacy'' format (used when /etc/jail.conf does not exist):
+#
+# ### BEGIN EXCERPT ###
+#
+# jail_enable="YES"
+# jail_list="xxx"
+#
+# #
+# # Global presets for all jails
+# #
+# jail_devfs_enable="YES"	# mount devfs
+#
+# #
+# # Global options (default off)
+# #
+# #jail_mount_enable="YES"		# mount /etc/fstab.{name}
+# #jail_set_hostname_allow="YES"	# Allow hostname to change
+# #jail_sysvipc_allow="YES"		# Allow SysV Interprocess Comm.
+# 
+# # xxx
+# jail_xxx_hostname="xxx.shxd.cx"		# hostname
+# jail_xxx_rootdir="/vm/xxx"			# root directory
+# jail_xxx_vnet_interfaces="e0b_xxx e1bxxx ..."	# vnet interface(s)
+# jail_xxx_exec_prestart0="jib addm xxx em0 em1 ..."	# bridge interface(s)
+# jail_xxx_exec_poststop0="jib destroy xxx"	# destroy interface(s)
+# #jail_xxx_mount_enable="YES"			# mount /etc/fstab.xxx
+# #jail_xxx_devfs_ruleset="11"			# rule to unhide bpf for DHCP
+#
+# ### END EXCERPT ###
+#
+# Note that the legacy rc.conf(5) format is converted to
+# /var/run/jail.{name}.conf by /etc/rc.d/jail if jail.conf(5) is missing.
+#
+# ASIDE: dhclient(8) inside a vnet jail...
+#
+# To allow dhclient(8) to work inside a vnet jail, make sure the following
+# appears in /etc/devfs.rules (which should be created if it doesn't exist):
+#
+# 	[devfsrules_jail=11]
+# 	add include $devfsrules_hide_all
+# 	add include $devfsrules_unhide_basic
+# 	add include $devfsrules_unhide_login
+# 	add path 'bpf*' unhide
+#
+# And set ether devfs.ruleset="11" (jail.conf(5)) or
+# jail_{name}_devfs_ruleset="11" (rc.conf(5)).
+#
+# NB: While this tool can't create every type of desirable topology, it should
+# handle most setups, minus some which considered exotic or purpose-built.
+#
+############################################################ GLOBALS
+
+pgm="${0##*/}" # Program basename
+
+#
+# Global exit status
+#
+SUCCESS=0
+FAILURE=1
+
+############################################################ FUNCTIONS
+
+usage()
+{
+	local action usage descr
+	exec >&2
+	echo "Usage: $pgm action [arguments]"
+	echo "Actions:"
+	for action in \
+		addm		\
+		show		\
+		show1		\
+		destroy		\
+	; do
+		eval usage=\"\$jib_${action}_usage\"
+		[ "$usage" ] || continue
+		eval descr=\"\$jib_${action}_descr\"
+		printf "\t%s\n\t\t%s\n" "$usage" "$descr"
+	done
+	exit $FAILURE
+}
+
+action_usage()
+{
+	local usage descr action="$1"
+	eval usage=\"\$jib_${action}_usage\"
+	echo "Usage: $pgm $usage" >&2
+	eval descr=\"\$jib_${action}_descr\"
+	printf "\t%s\n" "$descr"
+	exit $FAILURE
+}
+
+derive_mac()
+{
+	local OPTIND=1 OPTARG __flag
+	local __mac_num= __make_pair=
+	while getopts 2n: __flag; do
+		case "$__flag" in
+		2) __make_pair=1 ;;
+		n) __mac_num=${OPTARG%%[^0-9]*} ;;
+		esac
+	done
+	shift $(( $OPTIND - 1 ))
+
+	if [ ! "$__mac_num" ]; then
+		eval __mac_num=\${_${iface}_num:--1}
+		__mac_num=$(( $__mac_num + 1 ))
+		eval _${iface}_num=\$__mac_num
+	fi
+
+	local __iface="$1" __name="$2" __var_to_set="$3" __var_to_set_b="$4"
+	local __iface_devid __new_devid __num __new_devid_b
+	#
+	# Calculate MAC address derived from given iface.
+	#
+	# The formula I'm using is ``NP:SS:SS:II:II:II'' where:
+	# + N denotes 4 bits used as a counter to support branching
+	#   each parent interface up to 15 times under the same jail
+	#   name (see S below).
+	# + P denotes the special nibble whose value, if one of
+	#   2, 6, A, or E (but usually 2) denotes a privately
+	#   administered MAC address (while remaining routable).
+	# + S denotes 16 bits, the sum(1) value of the jail name.
+	# + I denotes bits that are inherited from parent interface.
+	#
+	# The S bits are a CRC-16 checksum of NAME, allowing the jail
+	# to change link numbers in ng_bridge(4) without affecting the
+	# MAC address. Meanwhile, if...
+	#   + the jail NAME changes (e.g., it was duplicated and given
+	#     a new name with no other changes)
+	#   + the underlying network interface changes
+	#   + the jail is moved to another host
+	# the MAC address will be recalculated to a new, similarly
+	# unique value preventing conflict.
+	#
+	__iface_devid=$( ifconfig $__iface ether | awk '/ether/,$0=$2' )
+	# ??:??:??:II:II:II
+	__new_devid=${__iface_devid#??:??:??} # => :II:II:II
+	# => :SS:SS:II:II:II
+	__num=$( set -- `echo -n "$__name" | sum` && echo $1 )
+	__new_devid=$( printf :%02x:%02x \
+		$(( $__num >> 8 & 255 )) $(( $__num & 255 )) )$__new_devid
+	# => P:SS:SS:II:II:II
+	case "$__iface_devid" in
+	   ?2:*) __new_devid=a$__new_devid __new_devid_b=e$__new_devid ;;
+	?[Ee]:*) __new_devid=2$__new_devid __new_devid_b=6$__new_devid ;;
+	      *) __new_devid=2$__new_devid __new_devid_b=e$__new_devid
+	esac
+	# => NP:SS:SS:II:II:II
+	__new_devid=$( printf %x $(( $__mac_num & 15 )) )$__new_devid
+	__new_devid_b=$( printf %x $(( $__mac_num & 15 )) )$__new_devid_b
+
+	#
+	# Return derivative MAC address(es)
+	#
+	if [ "$__make_pair" ]; then
+		if [ "$__var_to_set" -a "$__var_to_set_b" ]; then
+			eval $__var_to_set=\$__new_devid
+			eval $__var_to_set_b=\$__new_devid_b
+		else
+			echo $__new_devid $__new_devid_b
+		fi
+	else
+		if [ "$__var_to_set" ]; then
+			eval $__var_to_set=\$__new_devid
+		else
+			echo $__new_devid
+		fi
+	fi
+}
+
+mustberoot_to_continue()
+{
+	if [ "$( id -u )" -ne 0 ]; then
+		echo "Must run as root!" >&2
+		exit $FAILURE
+	fi
+}
+
+jib_addm_usage="addm [-b BRIDGE_NAME] NAME [!]iface0 [[!]iface1 ...]"
+jib_addm_descr="Creates e0b_NAME [e1b_NAME ...]"
+jib_addm()
+{
+	local OPTIND=1 OPTARG flag bridge=bridge
+	while getopts b: flag; do
+		case "$flag" in
+		b) bridge="${OPTARG:-bridge}" ;;
+		*) action_usage addm # NOTREACHED
+		esac
+	done
+	shift $(( $OPTIND - 1 ))
+
+	local name="$1"
+	[ "${name:-x}" = "${name#*[!0-9a-zA-Z_]}" -a $# -gt 1 ] ||
+		action_usage addm # NOTREACHED
+	shift 1 # name
+
+	mustberoot_to_continue
+
+	local iface eiface_devid_a eiface_devid_b
+	local new no_derive num quad i=0
+	for iface in $*; do
+
+		no_derive=
+		case "$iface" in
+		!*) iface=${iface#!} no_derive=1 ;;
+		esac
+
+		# Make sure the interface doesn't exist already
+		if ifconfig "e${i}a_$name" > /dev/null 2>&1; then
+			i=$(( $i + 1 ))
+			continue
+		fi
+
+		# Bring the interface up
+		ifconfig $iface up || return
+
+		# Make sure the interface has been bridged
+		if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then
+			new=$( ifconfig bridge create ) || return
+			ifconfig $new addm $iface || return
+			ifconfig $new name "$iface$bridge" || return
+			ifconfig "$iface$bridge" up || return
+		fi
+
+		# Create a new interface to the bridge
+		new=$( ifconfig epair create ) || return
+		ifconfig "$iface$bridge" addm $new || return
+
+		# Rename the new interface
+		ifconfig $new name "e${i}a_$name" || return
+		ifconfig ${new%a}b name "e${i}b_$name" || return
+		ifconfig "e${i}a_$name" up || return
+		ifconfig "e${i}b_$name" up || return
+
+		#
+		# Set the MAC address of the new interface using a sensible
+		# algorithm to prevent conflicts on the network.
+		#
+		eiface_devid_a= eiface_devid_b=
+		[ "$no_derive" ] || derive_mac -2 $iface "$name" \
+			eiface_devid_a eiface_devid_b
+		if [ "$eiface_devid_a" -a "$eiface_devid_b" ]; then
+			ifconfig "e${i}a_$name" ether $eiface_devid_a
+			ifconfig "e${i}b_$name" ether $eiface_devid_b
+		fi > /dev/null 2>&1
+
+		i=$(( $i + 1 ))
+	done # for iface
+}
+
+jib_show_usage="show"
+jib_show_descr="List possible NAME values for \`show NAME'"
+jib_show1_usage="show NAME"
+jib_show1_descr="Lists e0b_NAME [e1b_NAME ...]"
+jib_show2_usage="show [NAME]"
+jib_show()
+{
+	local OPTIND=1 OPTARG flag
+	while getopts "" flag; do
+		case "$flag" in
+		*) action_usage show2 # NOTREACHED
+		esac
+	done
+	shift $(( $OPTIND - 1 ))
+	if [ $# -eq 0 ]; then
+		ifconfig | awk '
+			/^[^:[:space:]]+:/ {
+				iface = $1
+				sub(/:.*/, "", iface)
+				next
+			}
+			$1 == "groups:" {
+				for (n = split($0, group); n > 1; n--) {
+					if (group[n] != "bridge") continue
+					print iface
+					next
+				}
+			}' |
+			xargs -rn1 ifconfig |
+			awk '$1 == "member:" &&
+				sub(/^e[[:digit:]]+a_/, "", $2), $0 = $2' |
+			sort -u
+		return
+	fi
+	ifconfig | awk -v name="$1" '
+		match($0, /^e[[:digit:]]+a_/) && sub(/:.*/, "") &&
+			substr($1, RSTART + RLENGTH) == name
+	' | sort
+}
+
+jib_destroy_usage="destroy NAME"
+jib_destroy_descr="Destroy e0b_NAME [e1b_NAME ...]"
+jib_destroy()
+{
+	local OPTIND=1 OPTARG flag
+	while getopts "" flag; do
+		case "$flag" in
+		*) action_usage destroy # NOTREACHED
+		esac
+	done
+	shift $(( $OPTIND -1 ))
+	local name="$1"
+	[ "${name:-x}" = "${name#*[!0-9a-zA-Z_]}" -a $# -eq 1 ] ||
+		action_usage destroy # NOTREACHED
+	mustberoot_to_continue
+	jib_show "$name" | xargs -rn1 -I eiface ifconfig eiface destroy
+}
+
+############################################################ MAIN
+
+#
+# Command-line arguments
+#
+action="$1"
+[ "$action" ] || usage # NOTREACHED
+
+#
+# Validate action argument
+#
+if [ "$BASH_VERSION" ]; then
+	type="$( type -t "jib_$action" )" || usage # NOTREACHED
+else
+	type="$( type "jib_$action" 2> /dev/null )" || usage # NOTREACHED
+fi
+case "$type" in
+*function)
+	shift 1 # action
+	eval "jib_$action" \"\$@\"
+	;;
+*) usage # NOTREACHED
+esac
+
+################################################################################
+# END
+################################################################################

version

@@ -1 +1 @@
-1.1.14
+1.1.15