git: 59f6f5e23c1a - stable/13 - nfs-over-tls: add rc scripts for rpc.tlsclntd and rpc.tlsservd

Rick Macklem rmacklem at FreeBSD.org
Fri Mar 5 21:57:35 UTC 2021


The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=59f6f5e23c1a33ce0b335b52870fdd9c0223284a

commit 59f6f5e23c1a33ce0b335b52870fdd9c0223284a
Author:     Rick Macklem <rmacklem at FreeBSD.org>
AuthorDate: 2021-02-18 22:38:01 +0000
Commit:     Rick Macklem <rmacklem at FreeBSD.org>
CommitDate: 2021-03-05 21:55:44 +0000

    nfs-over-tls: add rc scripts for rpc.tlsclntd and rpc.tlsservd
    
    Add rc.d scripts that control the recently committed rpc.tlsclntd(8)
    and rpc.tlsservd(8) daemons.
    
    (cherry picked from commit 2f48313ab26ef257ca8d46052a33fb6ad6abdb4f)
---
 libexec/rc/rc.conf       |  4 ++++
 libexec/rc/rc.d/Makefile |  4 ++++
 libexec/rc/rc.d/tlsclntd | 21 +++++++++++++++++++++
 libexec/rc/rc.d/tlsservd | 25 +++++++++++++++++++++++++
 4 files changed, 54 insertions(+)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 56d6bb30f811..53bd8c81c2d7 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -385,6 +385,10 @@ nfscbd_enable="NO"		# NFSv4 client side callback daemon
 nfscbd_flags=""			# Flags for nfscbd
 nfsuserd_enable="NO"		# NFSv4 user/group name mapping daemon
 nfsuserd_flags=""		# Flags for nfsuserd
+tlsclntd_enable="NO"		# Run rpc.tlsclntd needed for NFS-over-TLS mount
+tlsclntd_flags=""		# Flags for rpc.tlsclntd
+tlsservd_enable="NO"		# Run rpc.tlsservd needed for NFS-over-TLS nfsd
+tlsservd_flags=""		# Flags for rpc.tlsservd
 
 ### Network Time Services options: ###
 timed_enable="NO"		# Run the time daemon (or NO).
diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile
index a8277e08932c..1a61e89aa215 100644
--- a/libexec/rc/rc.d/Makefile
+++ b/libexec/rc/rc.d/Makefile
@@ -271,6 +271,10 @@ _opensm=	opensm
 
 .if ${MK_OPENSSL} != "no"
 CONFS+=		keyserv
+.if ${MK_OPENSSL_KTLS} != "no"
+CONFS+=		tlsclntd \
+		tlsservd
+.endif
 .endif
 
 .if ${MK_OPENSSH} != "no"
diff --git a/libexec/rc/rc.d/tlsclntd b/libexec/rc/rc.d/tlsclntd
new file mode 100755
index 000000000000..4566ceb67abd
--- /dev/null
+++ b/libexec/rc/rc.d/tlsclntd
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: tlsclntd
+# REQUIRE: NETWORKING root mountcritlocal sysctl
+# BEFORE: nfscbd
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="tlsclntd"
+desc="NFS over TLS client side daemon"
+rcvar="tlsclntd_enable"
+command="/usr/sbin/rpc.${name}"
+pidfile="/var/run/rpc.${name}.pid"
+
+load_rc_config $name
+
+run_rc_command "$1"
diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd
new file mode 100755
index 000000000000..cca28ed60ffe
--- /dev/null
+++ b/libexec/rc/rc.d/tlsservd
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: tlsservd
+# REQUIRE: NETWORKING root mountcritlocal sysctl
+# BEFORE: nfsd
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="tlsservd"
+desc="NFS over TLS server side daemon"
+rcvar="tlsservd_enable"
+command="/usr/sbin/rpc.${name}"
+
+pidfile="/var/run/rpc.${name}.pid"
+required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem"
+extra_commands="reload"
+
+
+load_rc_config $name
+
+run_rc_command "$1"


More information about the dev-commits-src-all mailing list