GitLab

Provide automated setup of an ssh keypair enabling root to login without
a password between nodes. The biggest challenge here is to get the private
key onto nodes in such a way that a non-root user on those nodes cannot
obtain it. Otherwise that user would be able to ssh as root to any node.
This precludes simple distribution of the private key using tmcd/tmcc as
any user can do a tmcc (tmcd authentication is based on the node, not the
user).

This version does a post-imaging "push" of the private key from boss using
ssh. The key is pushed from tbswap after nodes are imaged but before the
event system, and thus any user startup scripts, are started. We actually
use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
PSSH PACKAGE INSTALLED. So be sure to do a:

    pkg install -r Emulab pssh

on your boss node. See the new utils/pushrootkeys.in script for more.

The public key is distributed via the "tmcc localization" comma...

Make sure git is in all packages due to the way our instructions
work (i.e., checkout emulab repo, craft a defs-* file).

No more DISABLE_VULNERABILITIES in extras package.

 * add www/p5-CGI package which is deprecated in CORE and will be removed
   in perl 5.22,
 * rename xerces-c2-devel port to xerces-c2 to avoid needing to fix our
   scripts that check for a particular package

Big changes a comin' to try to get us back on the supported path.

 * perl 5.14 -> 5.20
 * mysql 5.1 -> 5.5
 * php 5.4   -> 5.6
 * tcl 8.4   -> 8.6
 * number of vim patches up to 683.

Not everything tested yet, but getting there.

Specific changes:

 * New install/ports directory. New packages for FreeBSD 10.1 are version
   6.1. Cleaned up the ports' Makefiles getting rid of conditionals for
   all older versions. Also got rid of ports we don't use. Old ports tree
   is now install/oports.

 * Install script changes. Make sure /usr/bin/perl and /usr/local/bin/python
   links exist. Ports no longer make these but we use them in '#!'. Changes
   to mysql install and startup script--mysql has changed a LOT since we did
   the support in 4.x. Create syslog entry for named.log. Make sure php.conf
   loads the legacy "mysql" module rather than using "mysqli".

 * Elabinelab support. reflect new packages, remove all old packages
   (except perl) before installing new...

The biggest changes were related to 10.0's replacing gcc with clang
and the switch to a new package system. The former required various
fixes to Makefiles that hardwired "gcc" and also missing prototypes
in source files that clang is particularly obnoxious about.

There was also accomodating the normal evolution of the ports tree.
New variables were needed in many of the Makefiles for this. Hopefully,
all the changes I made are backward compatible, but I don't actually
care that much since I hope to never, ever have to remake those older
packages! A new emulab version of the m2crypto port was needed to
reflect that m2crypto is no longer installed as an .egg file.

Casualties:

  * Emulab assign. As of this commit, assign does not build with
    clang. It will build, but immediately core dumps if built with
    a gcc port (gcc46 below). THIS NEEDS TO BE FIXED!

  * Emulab nsverify. This requires building a pure ns-2.34, which
    is old and does not compile with clang. You will need to set
    NSVERIFY=0 in your defs file. I did this in defs-elabinelab
    (iff FBSD==10) but no where else right now.

  * Bind in the base distro. Bind is no longer part of FreeBSD
    (it has been replaced with something called "unbound"). So we
    install bind99 from a port and we make the /etc/namedb symlink
    to /usr/local/etc/namedb which is where it now lives.

  * Perl 5.12. It has been totally removed from the ports tree.
    We now install 5.14, the next-most obsolete version of Perl!

  * pkg_{add,delete,info}. As mentioned, the packages tools have
    changed. For the most part "pkg <cmd>" is the same as "pkg_<cmd>"
    but not always. This required considerable violence in the
    install/phases code. But it is actually cleaner now.

  * GCC in the base distro. I added installation of the gcc46 port
    to the boss and ops meta packages, just for old-times sake
    (we might wind up needing it, if still more stuff doesn't work
    with clang).

Works for 32-bit build.

It is really a dependency on the version of perl installed.
(cherry picked from commit 544f16c1)

(cherry picked from commit b17e841b)

It is really a dependency on the version of perl installed.

Tipserv port only includes libtelnet which is only needed for the icebox,
so this port is not "linked in" to the documentation yet and is not required
anywhere but on our PRObE cluster.

Added a couple of missing ports to "boss" and "extras".

Uses the "5.0" package set (like FBSD 9.0, but unlike FBSD 8.2) which
includes perl 5.12, python 2.7 and apache 2.22. This is what will be
installed on our boss and ops later this month.

Some additional updates to the meta ports as well to make them "work better".

NOTE: currently only for FreeBSD 7.3 installs because that is the only
set of boss/ops/fs packages I have built so far!

This mostly involved minor changes to event agents. Too often we were
passing a pointer to a "long" to *get_int32, which on a 64-bit x86 OS would
fill the wrong half of a 64-bit variable. There was also one instance of
TCL code that had to be tweaked to account for 32- vs 64-bit.

These changes also required regeneration of SWIG stubs and an ugly change
to the SWIG generated code to use va_copy rather than direct assignment in
a couple of places.

Also related to SWIG is ensuring that the components that go into the
perl/python stub .so files are built with PIC. The amd64 linker requires
this.

The meta-ports had to be changed to reflect that linuxthreads and
ulsshxmlrpcpp don't work on amd64. The former had little effect as we
had mostly eliminated uses of linuxthreads already. The one thing that
did change was that we do not build nfstrace on amd64 (and we don't
currently use this anyway). Removing ulsshxmlrpcpp required switching
to the new event scheduler (event/new_sched) that Ryan did awhile back.
Note that it is only "new" in the sense that it uses a standard XMLRPC
package, there should be no functional differences. However, to be safe
we only use new_sched as the standard scheduler on 64-bit server installs.

Finally, added support to elabinelab setup to do a 64-bit server install.
Just specify FBSD73-64-STD as the boss/ops/fs osid and rc.mkelab should
do the rest.

That is pretty much it other than some random nits here and there.

no longer included in their original ports.

Add xauth since it is needed for proper x11 agent forwarding, and
should always be installed.

Upgrade to perl 5.12 means no more "suidperl" (setuid perl scripts).
So we now have yet another little wrapper (security/runsuid.c) which
runs suid and whose sole function is to exec the perl script of the
same name in the /usr/testbed/suidbin directory. So a formerly setuid
perl script install now goes like:
  create /usr/testbed/sbin/mkproj as a symlink to /usr/testbed/libexec/runsuid
  install real mkproj perl script in /usr/testbed/suidbin/mkproj
When the setuid-wrapper is invoked under the name "mkproj" it execs
/usr/testbed/suidbin/mkproj. We could almost use sudo for this purpose
instead (see security/sudoers.in) but sudo loses one of the groups in
the group list.

/usr/include/utmp.h is gone in FreeBSD 9.0. In most places we nevered
needed it, but in the one case that did (tg source), it just used a
couple of the constants exposed (UT_*) and not the struct, so I just
hardwired values for the constants.

The usual tweakage to the install stuff to reflect yet another set of
packages!

Still a work in progress.

Mostly some missing dependencies that turned up during our upgrade.

Mostly this means a new package set emulab-*-3.1 and some corresponding
tweaks to the install scripts and elabinelab scripts.

PLEASE NOTE: a 7.3 install uses PHP5, Perl 5.10.1 and Python 2.6.

We introduced this port or an older version of GD long ago to get around an
incompatibility with perl.  Our perl has since moved on and we no longer
need this.  To be safe, we still install this on 4.x-based installs (though
I am sure many, many other things would break if someone tried to install
Emulab on FreeBSD 4.x now!)

All we really do is apply one non-standard patch to avoid SSL certificate
mismatches due to "www.emulab.net" vs. "boss.emulab.net".  In older versions
of m2crypto we just patched the installed library files, but the newer versions
get installed as a .egg file, so it is easiest to just patch it while the
port is being built.

I really don't like creating a separate port for this, but the alternative
was to modify the standard port, adding a new option.  That seemed even worse.