From owner-dev-commits-src-branches@freebsd.org Fri Mar 5 21:57:34 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EB23D5695F7; Fri, 5 Mar 2021 21:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DshRf6KGfz3ndc; Fri, 5 Mar 2021 21:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BD4CB18128; Fri, 5 Mar 2021 21:57:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 125LvYUi090825; Fri, 5 Mar 2021 21:57:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 125LvYHB090824; Fri, 5 Mar 2021 21:57:34 GMT (envelope-from git) Date: Fri, 5 Mar 2021 21:57:34 GMT Message-Id: <202103052157.125LvYHB090824@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 59f6f5e23c1a - stable/13 - nfs-over-tls: add rc scripts for rpc.tlsclntd and rpc.tlsservd MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 59f6f5e23c1a33ce0b335b52870fdd9c0223284a Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2021 21:57:35 -0000 The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=59f6f5e23c1a33ce0b335b52870fdd9c0223284a commit 59f6f5e23c1a33ce0b335b52870fdd9c0223284a Author: Rick Macklem AuthorDate: 2021-02-18 22:38:01 +0000 Commit: Rick Macklem CommitDate: 2021-03-05 21:55:44 +0000 nfs-over-tls: add rc scripts for rpc.tlsclntd and rpc.tlsservd Add rc.d scripts that control the recently committed rpc.tlsclntd(8) and rpc.tlsservd(8) daemons. (cherry picked from commit 2f48313ab26ef257ca8d46052a33fb6ad6abdb4f) --- libexec/rc/rc.conf | 4 ++++ libexec/rc/rc.d/Makefile | 4 ++++ libexec/rc/rc.d/tlsclntd | 21 +++++++++++++++++++++ libexec/rc/rc.d/tlsservd | 25 +++++++++++++++++++++++++ 4 files changed, 54 insertions(+) diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 56d6bb30f811..53bd8c81c2d7 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -385,6 +385,10 @@ nfscbd_enable="NO" # NFSv4 client side callback daemon nfscbd_flags="" # Flags for nfscbd nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon nfsuserd_flags="" # Flags for nfsuserd +tlsclntd_enable="NO" # Run rpc.tlsclntd needed for NFS-over-TLS mount +tlsclntd_flags="" # Flags for rpc.tlsclntd +tlsservd_enable="NO" # Run rpc.tlsservd needed for NFS-over-TLS nfsd +tlsservd_flags="" # Flags for rpc.tlsservd ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile index a8277e08932c..1a61e89aa215 100644 --- a/libexec/rc/rc.d/Makefile +++ b/libexec/rc/rc.d/Makefile @@ -271,6 +271,10 @@ _opensm= opensm .if ${MK_OPENSSL} != "no" CONFS+= keyserv +.if ${MK_OPENSSL_KTLS} != "no" +CONFS+= tlsclntd \ + tlsservd +.endif .endif .if ${MK_OPENSSH} != "no" diff --git a/libexec/rc/rc.d/tlsclntd b/libexec/rc/rc.d/tlsclntd new file mode 100755 index 000000000000..4566ceb67abd --- /dev/null +++ b/libexec/rc/rc.d/tlsclntd @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: tlsclntd +# REQUIRE: NETWORKING root mountcritlocal sysctl +# BEFORE: nfscbd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="tlsclntd" +desc="NFS over TLS client side daemon" +rcvar="tlsclntd_enable" +command="/usr/sbin/rpc.${name}" +pidfile="/var/run/rpc.${name}.pid" + +load_rc_config $name + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd new file mode 100755 index 000000000000..cca28ed60ffe --- /dev/null +++ b/libexec/rc/rc.d/tlsservd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: tlsservd +# REQUIRE: NETWORKING root mountcritlocal sysctl +# BEFORE: nfsd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="tlsservd" +desc="NFS over TLS server side daemon" +rcvar="tlsservd_enable" +command="/usr/sbin/rpc.${name}" + +pidfile="/var/run/rpc.${name}.pid" +required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem" +extra_commands="reload" + + +load_rc_config $name + +run_rc_command "$1"