mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
aa3b7a2fbc
Debugging boot issues can be helped by logging each rc.d script as it is run and being able to selectively enable/disable set -x debug.sh provides an elaborate framework for debugging shell scripts. For secure systems, we want to be paranoid about what we read during boot. dot() simply reads (.) arg file if it exists vdot() if mac_veriexec is active, ignore unverified files otherwise behaves much the same as dot() safe_dot() in safe_eval.sh allows reading an untrusted file; limiting the input to simple variable assignments. In load_rc_config allow caller to provide an option to indicate how to handle its arg: -v use vdot() -s use sdot() which will try to use vdot() and fallback to safe_dot() The default is to read using dot() rc_run_scripts() encapsulate the running of rc.d scripts so that we can easily call it more than twice. We vdot local.rc.subr to pick up extensions (like run_rc_scripts_final) and overrides. We also allow rc.subr.local or rc.conf to set rc_config_xtra eg (rc_config_xtra=XXX for historic compatibility) rc use set -o verify around the reading in of rc.subr This has no effect if mac_veriexec is not active, but if it is; ensures rc.subr has not been tampered with. Reviewed by: imp Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D43671
148 lines
4.9 KiB
Bash
148 lines
4.9 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (c) 2000-2004 The FreeBSD Project
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions
|
|
# are met:
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
# documentation and/or other materials provided with the distribution.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
# SUCH DAMAGE.
|
|
|
|
# System startup script run by init on autoboot
|
|
# or after single-user.
|
|
# Output and error are redirected to console by init,
|
|
# and the console is the controlling terminal.
|
|
|
|
# Note that almost all of the user-configurable behavior is no longer in
|
|
# this file, but rather in /etc/defaults/rc.conf. Please check that file
|
|
# first before contemplating any changes here. If you do need to change
|
|
# this file for some reason, we would like to know about it.
|
|
|
|
stty status '^T' 2> /dev/null
|
|
|
|
# Set shell to ignore SIGINT (2), but not children;
|
|
# shell catches SIGQUIT (3) and returns to single user.
|
|
#
|
|
trap : 2
|
|
trap "echo 'Boot interrupted'; exit 1" 3
|
|
|
|
HOME=/
|
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
|
export HOME PATH
|
|
|
|
if [ "$1" = autoboot ]; then
|
|
autoboot=yes
|
|
_boot="faststart"
|
|
rc_fast=yes # run_rc_command(): do fast booting
|
|
else
|
|
autoboot=no
|
|
_boot="quietstart"
|
|
fi
|
|
|
|
_localbase=`/sbin/sysctl -n user.localbase 2> /dev/null`
|
|
|
|
dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null`
|
|
if [ ${dlv:=0} -ne 0 -o -f /etc/diskless ]; then
|
|
sh /etc/rc.initdiskless
|
|
fi
|
|
|
|
# Run these after determining whether we are booting diskless in order
|
|
# to minimize the number of files that are needed on a diskless system,
|
|
# and to make the configuration file variables available to rc itself.
|
|
#
|
|
# -o verify has no effect if mac_veriexec is not active
|
|
set -o verify
|
|
. /etc/rc.subr
|
|
set +o verify
|
|
load_rc_config $rc_config_xtra
|
|
|
|
# If we receive a SIGALRM, re-source /etc/rc.conf; this allows rc.d
|
|
# scripts to perform "boot-time configuration" including enabling and
|
|
# disabling rc.d scripts which appear later in the boot order.
|
|
trap "_rc_conf_loaded=false; load_rc_config" ALRM
|
|
|
|
skip="-s nostart"
|
|
if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
|
|
skip="$skip -s nojail"
|
|
if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then
|
|
skip="$skip -s nojailvnet"
|
|
fi
|
|
fi
|
|
|
|
# If the firstboot sentinel doesn't exist, we want to skip firstboot scripts.
|
|
if ! [ -e ${firstboot_sentinel} ]; then
|
|
skip_firstboot="-s firstboot"
|
|
fi
|
|
|
|
# Do a first pass to get everything up to $early_late_divider so that
|
|
# we can do a second pass that includes $local_startup directories
|
|
#
|
|
unset system_rc
|
|
find_system_scripts
|
|
files=`rcorder ${skip} ${skip_firstboot} ${system_rc} 2>/dev/null`
|
|
run_rc_scripts --break ${early_late_divider} ${rc_early_flags} $files
|
|
|
|
unset files local_rc system_rc
|
|
|
|
# Now that disks are mounted, for each dir in $local_startup
|
|
# search for init scripts that use the new rc.d semantics.
|
|
#
|
|
case ${local_startup} in
|
|
[Nn][Oo] | '') ;;
|
|
*) find_local_scripts_new ;;
|
|
esac
|
|
|
|
# The firstboot sentinel might be on a newly mounted filesystem; look for it
|
|
# again and unset skip_firstboot if we find it.
|
|
if [ -e ${firstboot_sentinel} ]; then
|
|
skip_firstboot=""
|
|
fi
|
|
|
|
find_system_scripts
|
|
files=`rcorder ${skip} ${skip_firstboot} ${system_rc} ${local_rc} 2>/dev/null`
|
|
run_rc_scripts ${rc_late_flags} $files
|
|
unset files local_rc system_rc
|
|
|
|
# allow for more complicated setups
|
|
if have run_rc_scripts_final; then
|
|
run_rc_scripts_final
|
|
fi
|
|
|
|
# Remove the firstboot sentinel, and reboot if it was requested.
|
|
# Be a bit paranoid about removing it to handle the common failure
|
|
# modes since the consequence of failure can be big.
|
|
# Note: this assumes firstboot_sentinel is on / when we have
|
|
# a read-only /, or that it is on media that's writable.
|
|
if [ -e ${firstboot_sentinel} ]; then
|
|
checkyesno root_rw_mount || mount -uw /
|
|
chflags -R 0 ${firstboot_sentinel}
|
|
rm -rf ${firstboot_sentinel}
|
|
if [ -e ${firstboot_sentinel}-reboot ]; then
|
|
chflags -R 0 ${firstboot_sentinel}-reboot
|
|
rm -rf ${firstboot_sentinel}-reboot
|
|
checkyesno root_rw_mount || mount -ur /
|
|
kill -INT 1
|
|
fi
|
|
checkyesno root_rw_mount || mount -ur /
|
|
fi
|
|
|
|
echo ''
|
|
date
|
|
exit 0
|