config: prepare for 18.7

2018-06-27 08:16:33 +02:00 · 2018-06-27 08:16:33 +02:00 · 8d5f94880d
parent 8cea03a8fb
commit 8d5f94880d
12 changed files with 42347 additions and 0 deletions
--- a/config/18.7/SMP
+++ b/config/18.7/SMP
@ -0,0 +1,54 @@
+include		GENERIC
+
+ident		SMP
+
+# Remove to build a debug kernel:
+nomakeoptions	DEBUG
+
+options		DDB
+options		GEOM_BDE
+options		GEOM_ELI
+options		GEOM_MIRROR
+options		GEOM_UZIP
+options		IPFIREWALL_DEFAULT_TO_ACCEPT
+options		IPFIREWALL_VERBOSE
+options		IPSTEALTH
+options		MROUTING
+options		PPS_SYNC
+options		TCP_SIGNATURE
+
+# Additional built-in devices
+device		bwi
+device		bwn
+device		rum
+device		run
+device		siba_bwn
+device		u3g
+device		uark
+device		uath
+device		uftdi
+device		umct
+device		umodem
+device		upgt
+device		uplcom
+device		ural
+device		urtw
+device		uvisor
+device		uvscom
+device		zyd
+
+# Wireless features
+device		wlan_acl
+device		wlan_xauth
+
+# Not all architectures have a consistent GENERIC
+device		netmap
+
+# Crashes when added to loader.conf
+device		speaker
+
+# HardenedBSD goodies
+options		PAX
+options		PAX_ASLR
+options		PAX_HARDENING
+options		PAX_SEGVGUARD
--- a/config/18.7/build.conf
+++ b/config/18.7/build.conf
@ -0,0 +1,3 @@
+COREBRANCH?=	master
+PLUGINSBRANCH?=	master
+SRCBRANCH?=	master
--- a/config/18.7/extras.conf
+++ b/config/18.7/extras.conf
@ -0,0 +1,80 @@
+loader_conf_fixup()
+{
+	# XXX core package needs a little help here...
+        if [ -f ${1}/usr/local/etc/rc.loader ]; then
+		chroot ${1} /usr/local/etc/rc.loader
+	fi
+
+	cat >> ${1}/boot/loader.conf << EOF
+kern.cam.boot_delay="10000"
+EOF
+}
+
+arm_hook()
+{
+	loader_conf_fixup ${1}
+}
+
+dvd_hook()
+{
+	loader_conf_fixup ${1}
+}
+
+nano_hook()
+{
+	loader_conf_fixup ${1}
+
+	cat > ${1}/tmp/nano.xml << EOF
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>${PRODUCT_SPEED}</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+EOF
+	sed -i '' -e "/<system>/r ${1}/tmp/nano.xml" ${1}${CONFIG_XML}
+	rm ${1}/tmp/nano.xml
+
+	sed -i '' -e '/<rrd>/,/<\/rrd>/d' ${1}${CONFIG_XML}
+
+	echo "-S${PRODUCT_SPEED} -D" > ${1}/boot.config
+
+	cat >> ${1}/boot/loader.conf << EOF
+comconsole_speed="${PRODUCT_SPEED}"
+console="comconsole,vidconsole"
+kern.geom.part.check_integrity=0
+boot_multicons="YES"
+boot_serial="YES"
+EOF
+
+	touch ${1}/.probe.for.growfs.nano
+}
+
+serial_hook()
+{
+	loader_conf_fixup ${1}
+
+	cat > ${1}/tmp/serial.xml << EOF
+    <serialspeed>${PRODUCT_SPEED}</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+EOF
+	sed -i '' -e "/<system>/r ${1}/tmp/serial.xml" ${1}${CONFIG_XML}
+	rm ${1}/tmp/serial.xml
+
+	echo "-S${PRODUCT_SPEED} -D" > ${1}/boot.config
+
+	cat >> ${1}/boot/loader.conf << EOF
+comconsole_speed="${PRODUCT_SPEED}"
+console="comconsole"
+boot_serial="YES"
+EOF
+}
+
+vga_hook()
+{
+	loader_conf_fixup ${1}
+}
+
+vm_hook()
+{
+	loader_conf_fixup ${1}
+}
--- a/config/18.7/make.conf
+++ b/config/18.7/make.conf
@ -0,0 +1,77 @@
+# stand-alone glue for dependency detection
+
+PRODUCT_OPENSSL?=	/usr/local/bin/openssl
+_PRODUCT_FLAVOUR!=	if [ -f ${PRODUCT_OPENSSL} ]; \
+				then ${PRODUCT_OPENSSL} version; \
+			else \
+				echo Base; \
+			fi
+PRODUCT_FLAVOUR?=	${_PRODUCT_FLAVOUR:[1]}
+
+PRODUCT_PHPBIN?=	/usr/local/bin/php
+_PRODUCT_PHP!=		if [ -f ${PRODUCT_PHPBIN} ]; \
+				then ${PRODUCT_PHPBIN} -v; \
+			fi
+PRODUCT_PHP?=		${_PRODUCT_PHP:[2]:S/./ /g:[1..2]:tW:S/ //}
+
+# XXX hardcoded for now
+PRODUCT_PERL?=		5.26
+PRODUCT_PYTHON?=	27
+PRODUCT_RUBY?=		25
+
+PRODUCT_GSSAPI?=	GSSAPI_MIT
+
+# global options
+OPTIONS_UNSET=		DOCS EXAMPLES GSSAPI_BASE NLS X11
+DEFAULT_VERSIONS=	python=${PRODUCT_PYTHON:C/^./&./}
+DEFAULT_VERSIONS+=	ruby=${PRODUCT_RUBY:C/^./&./}
+DEFAULT_VERSIONS+=	ssl=${PRODUCT_FLAVOUR:tl}
+DEFAULT_VERSIONS+=	perl5=${PRODUCT_PERL}
+DEFAULT_VERSIONS+=	php=${PRODUCT_PHP}
+HARDENING_LOCK=		yes # remove disabled options
+HARDENING_OFF=		cfi retpoline # pie relro safestack
+WRKDIRPREFIX=		/usr/obj
+WANT_OPENLDAP_SASL=	yes
+PACKAGE_BUILDING=	yes
+#DEVELOPER=		yes
+BATCH=			yes
+
+# per-port options
+databases_rrdtool_UNSET=	DEJAVU GRAPH
+devel_git_UNSET=		GITWEB SEND_EMAIL
+ftp_curl_UNSET=			TLS_SRP
+graphics_graphviz_UNSET=	XPM DIGCOLA IPSEPCOLA ICONV PANGOCAIRO
+lang_php${PRODUCT_PHP}_UNSET=	EMBED
+mail_rspamd_SET=		HYPERSCAN
+net-mgmt_flowd_SET=		PYTHON
+net-mgmt_flowd_UNSET=		PERL
+net-mgmt_zabbix3-proxy_SET=	GNUTLS SQLITE
+net-mgmt_zabbix3-proxy_UNSET=	MYSQL OPENSSL
+net-mgmt_zabbix34-agent_SET=	GNUTLS
+net-mgmt_zabbix34-agent_UNSET=	OPENSSL
+net_asterisk13_UNSET=		DAHDI XMPP
+net_freeradius3_SET=		LDAP MITKRB_PORT SQLITE3
+net_freeradius3_UNSET=		HEIMDAL
+net_haproxy-devel_SET=		LUA
+net_miniupnpd_SET=		CHECK_PORTINUSE PF_FILTER_RULES
+net_openldap24-server_SET=	MEMBEROF REFINT SASL
+net_vnstat_UNSET=		GUI
+opnsense_suricata-devel_SET=	GEOIP HYPERSCAN
+opnsense_suricata-devel_UNSET=	PRELUDE
+security_autossh_SET=		SSH_PORTABLE
+security_cyrus-sasl2-gssapi_SET=${PRODUCT_GSSAPI}
+security_openssh-portable_UNSET=HPN
+security_openssl_UNSET=		SSL2 SSL3
+security_openvpn_SET=		TUNNELBLICK
+security_openvpn_UNSET=		EASYRSA TEST
+security_strongswan_SET=	GCM EAPRADIUS
+security_strongswan_UNSET=	CURL
+security_suricata_SET=		GEOIP HYPERSCAN
+security_suricata_UNSET=	PRELUDE
+sysutils_flashrom_UNSET=	FTDI
+sysutils_msktutil_SET=		${PRODUCT_GSSAPI}
+www_lighttpd_UNSET=		LUA
+www_nginx_SET=			BROTLI NAXSI MAIL_IMAP MAIL_POP3
+www_squid_SET=			AUTH_LDAP ${PRODUCT_GSSAPI} TP_PF
+www_squid_UNSET=		AUTH_NIS TP_IPFW
+www_webgrind_SET=		CALLGRAPH
--- a/config/18.7/plist.base.amd64
+++ b/config/18.7/plist.base.amd64
--- a/config/18.7/plist.base.i386
+++ b/config/18.7/plist.base.i386
--- a/config/18.7/plist.obsolete.amd64
+++ b/config/18.7/plist.obsolete.amd64
--- a/config/18.7/plist.obsolete.i386
+++ b/config/18.7/plist.obsolete.i386
--- a/config/18.7/plugins.conf
+++ b/config/18.7/plugins.conf
@ -0,0 +1,56 @@
+#ORIGIN						IGNORE
+benchmarks/iperf				arm
+databases/redis					arm
+devel/debug					arm
+devel/helloworld
+dns/dyndns
+dns/rfc2136					arm
+mail/postfix					arm
+mail/rspamd					arm
+misc/theme-cicada
+misc/theme-rebellion
+misc/theme-tukan
+net-mgmt/collectd				arm
+net-mgmt/lldpd					arm
+net-mgmt/net-snmp				arm
+net-mgmt/snmp
+net-mgmt/telegraf				arm,i386
+net-mgmt/zabbix-agent				arm
+net-mgmt/zabbix-proxy				arm
+net/arp-scan
+net/freeradius					arm
+net/frr						arm
+net/ftp-proxy
+net/haproxy					arm
+net/igmp-proxy
+net/l2tp
+net/mdns-repeater
+net/pppoe
+net/pptp
+net/quagga					arm
+net/relayd					arm
+net/shadowsocks					arm
+net/siproxd					arm
+net/upnp
+net/wol
+net/zerotier					arm
+security/acme-client				arm
+security/clamav					arm
+security/intrusion-detection-content-et-pro
+security/intrusion-detection-content-pt-open
+security/intrusion-detection-content-snort-vrt
+security/openconnect				arm
+security/tinc					arm
+security/tor					arm
+sysutils/boot-delay
+sysutils/lcdproc-sdeclcd			arm
+sysutils/monit					arm
+sysutils/node_exporter				arm
+sysutils/nut					arm
+sysutils/smart					arm
+sysutils/vmware					arm
+sysutils/xen					arm
+www/c-icap					arm
+www/cache
+www/web-proxy-sso				arm
+www/web-proxy-useracl
--- a/config/18.7/ports.conf
+++ b/config/18.7/ports.conf
@ -0,0 +1,215 @@
+#ORIGIN						IGNORE
+archivers/php${PRODUCT_PHP}-zlib
+archivers/zip
+audio/beep					arm,quick
+benchmarks/iperf3				arm
+comms/gnokii					arm
+comms/kermit					arm
+converters/php${PRODUCT_PHP}-mbstring		arm
+databases/php${PRODUCT_PHP}-mysqli		arm
+databases/php${PRODUCT_PHP}-sqlite3
+databases/py-sqlite3@py${PRODUCT_PYTHON}
+databases/redis					arm
+databases/rrdtool
+databases/rrdtool12
+devel/automake
+devel/bison
+devel/cmake
+devel/gdb
+devel/gettext
+devel/gettext-runtime
+devel/gettext-tools
+devel/git
+devel/gmake
+devel/libtool
+devel/ninja
+devel/p5-File-Slurp				arm
+devel/p5-Locale-Maketext-Lexicon		arm
+devel/patch
+devel/pear-PHP_CodeSniffer@php${PRODUCT_PHP}	arm
+devel/pecl-xdebug
+devel/php${PRODUCT_PHP}-gettext
+devel/php${PRODUCT_PHP}-json
+devel/phpunit6
+devel/pkgconf
+devel/py-Jinja2@py${PRODUCT_PYTHON}
+devel/py-pycodestyle@py${PRODUCT_PYTHON}
+devel/py-ujson@py${PRODUCT_PYTHON}
+devel/scons
+dns/bind913					arm
+dns/ddclient					arm
+dns/dnscrypt-proxy				arm
+dns/dnscrypt-proxy2				arm
+dns/dnsmasq
+dns/maradns					arm
+dns/py-dnspython@py${PRODUCT_PYTHON}
+dns/unbound
+editors/emacs@nox
+editors/joe
+editors/nano
+editors/vim-console
+emulators/open-vm-tools-nox11			arm
+ftp/curl
+ftp/php${PRODUCT_PHP}-curl
+ftp/uftp					arm
+ftp/wget					arm
+lang/perl${PRODUCT_PERL}
+lang/php${PRODUCT_PHP}
+lang/python${PRODUCT_PYTHON}
+lang/ruby${PRODUCT_RUBY}			arm
+mail/opensmtpd					arm
+mail/pecl-mailparse				arm
+mail/postfix-sasl				arm
+mail/rspamd					arm
+mail/smtp-cli					arm
+math/php${PRODUCT_PHP}-bcmath			arm
+misc/gnu-watch					arm
+misc/help2man
+misc/mc-light					arm
+net-im/py-telepot@py${PRODUCT_PYTHON}		arm
+net-mgmt/bandwidthd				arm
+net-mgmt/bsnmp-regex
+net-mgmt/bsnmp-ucd
+net-mgmt/bwm-ng					arm
+net-mgmt/choparp
+net-mgmt/collectd5				arm
+net-mgmt/darkstat				arm
+net-mgmt/flowd
+net-mgmt/iftop
+net-mgmt/lldpd					arm
+net-mgmt/mk-livestatus				arm
+net-mgmt/net-snmp				arm
+net-mgmt/nrpe3					arm
+net-mgmt/rate
+net-mgmt/telegraf				arm,i386
+net-mgmt/yaf					arm
+net-mgmt/zabbix3-proxy				arm
+net-mgmt/zabbix34-agent				arm
+net/arp-scan
+net/asterisk13					arm
+net/dpinger
+net/freeradius3					arm
+net/freevrrpd					arm
+net/frr3					arm
+net/haproxy-devel				arm
+net/hostapd
+net/igmpproxy
+net/isc-dhcp44-relay
+net/isc-dhcp44-server
+net/mdns-repeater
+net/miniupnpd
+net/mosquitto					arm
+net/mpd5
+net/mtr						arm
+net/ntp
+net/openldap24-server				arm
+net/pecl-radius
+net/php${PRODUCT_PHP}-ldap
+net/php${PRODUCT_PHP}-soap			arm
+net/php${PRODUCT_PHP}-sockets
+net/proxy-suite
+net/py-ipaddress@py${PRODUCT_PYTHON}
+net/py-netaddr@py${PRODUCT_PYTHON}
+net/quagga					arm
+net/radvd
+net/relayd					arm
+net/rsync					arm
+net/samplicator
+net/shadowsocks-libev				arm
+net/siproxd					arm
+net/sslh
+net/tayga					arm
+net/vnstat					arm
+net/wireguard					arm,i386
+net/wol
+net/zerotier					arm
+opnsense/apinger
+opnsense/bsdinstaller				arm,quick
+opnsense/cpustats
+opnsense/dhcpleases
+opnsense/dhcp6c
+opnsense/filterlog
+opnsense/ifinfo
+opnsense/opnsense-lang
+opnsense/opnsense-update
+opnsense/pam_opnsense
+opnsense/sshlockout_pf
+opnsense/suricata-devel
+opnsense/syslogd
+print/texinfo
+security/acme-client				arm
+security/acme.sh
+security/autossh				arm
+security/ca_root_nss
+security/clamav					arm
+security/cyrus-sasl2-gssapi			arm
+security/expiretable
+security/honeybadger				arm,i386
+security/nmap					arm
+security/obfsclient				arm
+security/openconnect				arm
+security/openssh-portable
+security/openvpn
+security/pam_ldap				arm
+security/php${PRODUCT_PHP}-filter
+security/php${PRODUCT_PHP}-hash
+security/php${PRODUCT_PHP}-mcrypt
+security/php${PRODUCT_PHP}-openssl
+security/py-fail2ban@py${PRODUCT_PYTHON}
+security/snuffleupagus@php${PRODUCT_PHP}
+security/softether				arm
+security/strongswan
+security/sudo
+security/suricata
+security/tcpcrypt				arm
+security/tinc					arm
+security/tor					arm
+security/vault					arm,i386
+security/wpa_supplicant
+security/yara					arm
+sysutils/ansible@py${PRODUCT_PYTHON}		arm
+sysutils/apcupsd				arm
+sysutils/beadm					arm
+sysutils/beats					arm,i386
+sysutils/cciss_vol_status			arm
+sysutils/consul					arm,i386
+sysutils/devcpu-data				arm
+sysutils/dmidecode				arm
+sysutils/flashrom				arm
+sysutils/flock
+sysutils/iohyve					arm
+sysutils/ipmitool				arm
+sysutils/lcdproc				arm
+sysutils/monit					arm
+sysutils/msktutil				arm
+sysutils/node_exporter				arm
+sysutils/nut					arm
+sysutils/pftop
+sysutils/screen
+sysutils/smartmontools				arm
+sysutils/sysinfo
+sysutils/syslog-ng
+sysutils/tarsnap
+sysutils/tmux
+sysutils/usb_modeswitch
+sysutils/xe-guest-utilities			arm
+textproc/php${PRODUCT_PHP}-ctype
+textproc/php${PRODUCT_PHP}-dom
+textproc/php${PRODUCT_PHP}-simplexml
+textproc/php${PRODUCT_PHP}-xml
+www/c-icap					arm
+www/c-icap-modules				arm
+www/lightsquid					arm
+www/lighttpd
+www/nginx					arm
+www/phalcon@php${PRODUCT_PHP}
+www/php${PRODUCT_PHP}-opcache
+www/php${PRODUCT_PHP}-session
+www/polipo					arm
+www/privoxy					arm
+www/py-requests@py${PRODUCT_PYTHON}
+www/sarg					arm
+www/squid
+www/tinyproxy					arm
+www/webgrind					arm
+x11-fonts/urwfonts				arm
--- a/config/18.7/skim.conf
+++ b/config/18.7/skim.conf
@ -0,0 +1,7 @@
+net/dhcp6
+net/ntopng
+ports-mgmt/pkg
+security/krb5
+security/libressl
+security/openssl
+security/vuxml
--- a/config/18.7/src.conf
+++ b/config/18.7/src.conf
@ -0,0 +1,43 @@
+WITHOUT_ASSERT_DEBUG=yes
+WITHOUT_ATM=yes
+WITHOUT_AUDIT=yes
+WITHOUT_AUTHPF=yes
+WITHOUT_BSDINSTALL=yes
+WITHOUT_CALENDAR=yes
+WITHOUT_CLANG_EXTRAS=yes
+WITHOUT_CLANG_FULL=yes
+WITHOUT_DEBUG_FILES=yes
+WITHOUT_DICT=yes
+WITHOUT_EXAMPLES=yes
+WITHOUT_FREEBSD_UPDATE=yes
+WITHOUT_GAMES=yes
+WITHOUT_GCOV=yes
+WITHOUT_GDB=yes
+WITHOUT_HTML=yes
+WITHOUT_IPFILTER=yes
+WITHOUT_KERBEROS=yes
+WITHOUT_LIB32=yes
+WITHOUT_MAIL=yes
+WITHOUT_NCP=yes
+WITHOUT_NIS=yes
+WITHOUT_NLS=yes
+WITHOUT_NLS_CATALOGS=yes
+WITHOUT_NS_CACHING=yes
+WITHOUT_NTP=yes
+WITHOUT_OFED=yes
+WITHOUT_OPENSSH=yes
+WITHOUT_PC_SYSINSTALL=yes
+WITHOUT_PORTSNAP=yes
+WITHOUT_PROFILE=yes
+WITHOUT_QUOTAS=yes
+WITHOUT_RCMDS=yes
+WITHOUT_RCS=yes
+WITHOUT_RESCUE=yes
+WITHOUT_SETUID_LOGIN=yes
+WITHOUT_SHAREDOCS=yes
+WITHOUT_SVN=yes
+WITHOUT_SVNLITE=yes
+WITHOUT_TALK=yes
+WITHOUT_TESTS=yes
+WITHOUT_UNBOUND=yes
+WITH_REPRODUCIBLE_BUILD=yes