3 # Copyright (c) 2010-2015 Devin Teske
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
15 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 ############################################################ INCLUDES
31 # Prevent `-d' from being interpreted as a debug flag by common.subr
32 DEBUG_SELF_INITIALIZE=
34 BSDCFG_SHARE="/usr/share/bsdconfig"
35 [ "$_COMMON_SUBR" ] || . $BSDCFG_SHARE/common.subr || exit 1
36 [ "$_SYSRC_SUBR" ] || f_include $BSDCFG_SHARE/sysrc.subr
38 ############################################################ GLOBALS
43 SYSRC_VERSION="6.5 Sep-1,2015"
62 ############################################################ FUNCTIONS
64 # die [$fmt [$opts ...]]
66 # Optionally print a message to stderr before exiting with failure status.
71 [ $# -gt 0 ] && shift 1
72 [ "$fmt" ] && f_err "$fmt\n" "$@"
79 # Prints a short syntax statement and exits.
83 f_err "Usage: %s [OPTIONS] name[[+|-]=value] ...\n" "$pgm"
84 f_err "Try \`%s --help' for more information.\n" "$pgm"
90 # Prints a full syntax statement and exits.
94 local optfmt="\t%-11s%s\n"
95 local envfmt="\t%-17s%s\n"
97 f_err "Usage: %s [OPTIONS] name[[+|-]=value] ...\n" "$pgm"
100 f_err "$optfmt" "-a" \
101 "Dump a list of all non-default configuration variables."
102 f_err "$optfmt" "-A" \
103 "Dump a list of all configuration variables (incl. defaults)."
104 f_err "$optfmt" "-c" \
105 "Check. Return success if set or no changes, else error."
106 f_err "$optfmt" "-d" \
107 "Print a description of the given variable."
108 f_err "$optfmt" "-D" \
109 "Show default value(s) only (this is the same as setting"
111 "RC_CONFS to NULL or passing \`-f' with a NULL file-argument)."
112 f_err "$optfmt" "-e" \
113 "Print query results as \`var=value' (useful for producing"
115 "output to be fed back in). Ignored if \`-n' is specified."
116 f_err "$optfmt" "-f file" \
117 "Operate on the specified file(s) instead of rc_conf_files."
119 "Can be specified multiple times for additional files."
120 f_err "$optfmt" "-F" \
121 "Show only the last rc.conf(5) file each directive is in."
122 f_err "$optfmt" "-h" \
123 "Print a short usage statement to stderr and exit."
124 f_err "$optfmt" "--help" \
125 "Print this message to stderr and exit."
126 f_err "$optfmt" "-i" \
127 "Ignore unknown variables."
128 f_err "$optfmt" "-j jail" \
129 "The jid or name of the jail to operate within (overrides"
131 "\`-R dir'; requires jexec(8))."
132 f_err "$optfmt" "-n" \
133 "Show only variable values, not their names."
134 f_err "$optfmt" "-N" \
135 "Show only variable names, not their values."
136 f_err "$optfmt" "-q" \
137 "Quiet. Disable verbose and hide certain errors."
138 f_err "$optfmt" "-R dir" \
139 "Operate within the root directory \`dir' rather than \`/'."
140 f_err "$optfmt" "-v" \
141 "Verbose. Print the pathname of the specific rc.conf(5)"
143 "file where the directive was found."
144 f_err "$optfmt" "--version" \
145 "Print version information to stdout and exit."
146 f_err "$optfmt" "-x" \
147 "Remove variable(s) from specified file(s)."
150 f_err "ENVIRONMENT:\n"
151 f_err "$envfmt" "RC_CONFS" \
152 "Override default rc_conf_files (even if set to NULL)."
153 f_err "$envfmt" "RC_DEFAULTS" \
154 "Location of \`/etc/defaults/rc.conf' file."
161 # Dump dependencies such as language-file variables and include files to stdout
162 # to be piped-into sh(1) running via jexec(8)/chroot(8). As a security measure,
163 # this prevents existing language files and library files from being loaded in
164 # the jail. This also relaxes the requirement to have these files in every jail
165 # before sysrc can be used on said jail.
170 # Indicate that we are jailed
172 echo export _SYSRC_JAILED=1
175 # Print i18n language variables (their current values are sanitized
176 # and re-printed for interpretation so that the i18n language files
177 # do not need to exist within the jail).
181 msg_cannot_create_permission_denied \
182 msg_permission_denied \
183 msg_previous_syntax_errors \
185 val=$( eval echo \"\$$var\" |
186 awk '{ gsub(/'\''/, "'\''\\'\'\''"); print }' )
191 # Print include dependencies
193 echo DEBUG_SELF_INITIALIZE=
194 cat $BSDCFG_SHARE/common.subr
195 cat $BSDCFG_SHARE/sysrc.subr
198 # escape $string [$var_to_set]
200 # Escape $string contents so that the contents can be properly encapsulated in
201 # single-quotes (making for safe evaluation).
203 # NB: See `bsdconfig includes -dF escape' for relevant information/discussion.
204 # NB: Abridged version of `f_shell_escape()' from bsdconfig(8) `strings.subr'.
208 local __start="$1" __var_to_set="$2" __string=
209 while [ "$__start" ]; do
210 case "$__start" in *\'*)
211 __string="$__string${__start%%\'*}'\\''"
212 __start="${__start#*\'}" continue
216 __string="$__string$__start"
217 if [ "$__var_to_set" ]; then
218 setvar "$__var_to_set" "$__string"
224 ############################################################ MAIN SOURCE
227 # Perform sanity checks
229 [ $# -gt 0 ] || usage # NOTREACHED
232 # Check for `--help' and `--version' command-line option
237 --help) help ;; # NOTREACHED
238 --version) # see GLOBALS
239 echo "$SYSRC_VERSION"
246 # Process command-line flags
248 while getopts aAcdDef:Fhij:nNqR:vxX flag; do
250 a) SHOW_ALL=${SHOW_ALL:-1} ;;
256 f) RC_CONFS="$RC_CONFS${RC_CONFS:+ }$OPTARG" ;;
258 h) usage ;; # NOTREACHED
259 i) IGNORE_UNKNOWNS=1 ;;
261 die "%s: Missing or null argument to \`-j' flag" "$pgm"
265 q) QUIET=1 VERBOSE= ;;
267 die "%s: Missing or null argument to \`-R' flag" "$pgm"
269 v) VERBOSE=1 QUIET= ;;
270 x) DELETE=${DELETE:-1} ;;
272 \?) usage ;; # NOTREACHED
275 shift $(( $OPTIND - 1 ))
278 # [More] Sanity checks (e.g., "sysrc --")
280 [ $# -eq 0 -a ! "$SHOW_ALL" ] && usage # NOTREACHED
283 # Taint-check all rc.conf(5) files
285 errmsg="$pgm: Exiting due to previous syntax errors"
286 if [ "${RC_CONFS+set}" ]; then
287 ( for i in $RC_CONFS; do
288 [ -e "$i" ] || continue
289 /bin/sh -n "$i" || exit $FAILURE
294 /bin/sh -n "$RC_DEFAULTS" || die "$errmsg"
296 for i in $rc_conf_files; do
297 [ -e "$i" ] || continue
298 /bin/sh -n "$i" || exit $FAILURE
305 # Process `-x' (and secret `-X') command-line options
307 errmsg="$pgm: \`-x' option incompatible with \`-a'/\`-A' options"
308 errmsg="$errmsg (use \`-X' to override)"
309 if [ "$DELETE" -a "$SHOW_ALL" ]; then
310 [ "$DELETE" = "2" ] || die "$errmsg"
314 # Pre-flight for `-c' command-line option
316 [ "$CHECK_ONLY" -a "$SHOW_ALL" ] &&
317 die "$pgm: \`-c' option incompatible with \`-a'/\`-A' options"
320 # Process `-e', `-n', and `-N' command-line options
323 [ "$SHOW_FILE" ] && SHOW_EQUALS=
324 [ "$SHOW_NAME" ] || SHOW_EQUALS=
325 [ "$VERBOSE" = "0" ] && VERBOSE=
326 if [ ! "$SHOW_VALUE" ]; then
330 [ "$SHOW_EQUALS" ] && SEP='="'
333 # Process `-j jail' and `-R dir' command-line options
335 if [ "$JAIL" -o "$ROOTDIR" ]; then
337 # Reconstruct the arguments that we want to carry-over
342 $( [ "$DELETE" = "1" ] && echo \ -x )
343 $( [ "$DELETE" = "2" ] && echo \ -X )
344 $( [ "$SHOW_ALL" = "1" ] && echo \ -a )
345 $( [ "$SHOW_ALL" = "2" ] && echo \ -A )
349 ${IGNORE_UNKNOWNS:+-i}
350 $( [ "$SHOW_NAME" ] || echo \ -n )
351 $( [ "$SHOW_VALUE" ] || echo \ -N )
352 $( [ "$SHOW_FILE" ] && echo \ -F )
354 if [ "${RC_CONFS+set}" ]; then
355 escape "$RC_CONFS" _RC_CONFS
356 args="$args -f '$_RC_CONFS'"
365 # If both are supplied, `-j jail' supercedes `-R dir'
369 # Re-execute ourselves with sh(1) via jexec(8)
374 ) | env - RC_DEFAULTS="$RC_DEFAULTS" \
375 /usr/sbin/jexec "$JAIL" /bin/sh
377 elif [ "$ROOTDIR" ]; then
379 # Make sure that the root directory specified is not to any
382 # NOTE: To maintain backward compatibility with older jails on
383 # older systems, we will not perform this check if either the
384 # jls(1) or jexec(8) utilities are missing.
386 if f_have jexec && f_have jls; then
387 jid=$( jls jid path |
388 while read JID JROOT; do
389 [ "$JROOT" = "$ROOTDIR" ] || continue
395 # If multiple running jails match the specified root
396 # directory, exit with error.
398 if [ "$jid" -a "${jid%[$IFS]*}" != "$jid" ]; then
399 die "%s: %s: %s" "$pgm" "$ROOTDIR" \
400 "$( echo "Multiple jails claim this" \
401 "directory as their root." \
402 "(use \`-j jail' instead)" )"
406 # If only a single running jail matches the specified
407 # root directory, implicitly use `-j jail'.
411 # Re-execute outselves with sh(1) via jexec(8)
416 ) | env - RC_DEFAULTS="$RC_DEFAULTS" \
417 /usr/sbin/jexec "$jid" /bin/sh
421 # Otherwise, fall through and allow chroot(8)
425 # Re-execute ourselves with sh(1) via chroot(8)
430 ) | env - RC_DEFAULTS="$RC_DEFAULTS" \
431 /usr/sbin/chroot "$ROOTDIR" /bin/sh
437 # Process `-a' or `-A' command-line options
439 if [ "$SHOW_ALL" ]; then
441 # Get a list of variables that are currently set in the rc.conf(5)
442 # files (included `/etc/defaults/rc.conf') by performing a call to
443 # source_rc_confs() in a clean environment.
445 ( # Operate in a sub-shell to protect the parent environment
447 # Set which variables we want to preserve in the environment.
448 # Append the pipe-character (|) to the list of internal field
449 # separation (IFS) characters, allowing us to use the below
450 # list both as an extended grep (-E) pattern and argument list
451 # (required to first get f_clean_env() to preserve these in the
452 # environment and then later to prune them from the list of
453 # variables produced by set(1)).
456 EXCEPT="IFS|EXCEPT|PATH|RC_DEFAULTS|OPTIND|DESCRIBE|SEP"
457 EXCEPT="$EXCEPT|DELETE|SHOW_ALL|SHOW_EQUALS|SHOW_NAME"
458 EXCEPT="$EXCEPT|SHOW_VALUE|SHOW_FILE|VERBOSE|RC_CONFS"
459 EXCEPT="$EXCEPT|pgm|SUCCESS|FAILURE|CHECK_ONLY"
460 EXCEPT="$EXCEPT|f_sysrc_desc_awk|f_sysrc_delete_awk"
463 # Clean the environment (except for our required variables)
464 # and then source the required files.
466 f_clean_env --except $EXCEPT
467 if [ -f "$RC_DEFAULTS" -a -r "$RC_DEFAULTS" ]; then
471 # If passed `-a' (rather than `-A'), re-purge the
472 # environment, removing the rc.conf(5) defaults.
474 [ "$SHOW_ALL" = "1" ] &&
475 f_clean_env --except rc_conf_files $EXCEPT
478 # If `-f file' was passed, set $rc_conf_files to an
479 # explicit value, modifying the default behavior of
482 [ "${RC_CONFS+set}" ] && rc_conf_files="$RC_CONFS"
487 # If passed `-a' (rather than `-A'), remove
488 # `rc_conf_files' unless it was defined somewhere
489 # other than rc.conf(5) defaults.
491 [ "$SHOW_ALL" = "1" -a \
492 "$( f_sysrc_find rc_conf_files )" = "$RC_DEFAULTS" \
493 ] && unset rc_conf_files
497 awk -F= '/^[[:alpha:]_][[:alnum:]_]*=/ {print $1}' |
498 grep -Ev "^($EXCEPT)$"
501 # If enabled, describe rather than expand value
503 if [ "$DESCRIBE" ]; then
504 echo "$NAME: $( f_sysrc_desc "$NAME" )"
509 # If `-F' is passed, find it and move on
511 if [ "$SHOW_FILE" ]; then
512 [ "$SHOW_NAME" ] && echo -n "$NAME: "
518 # If `-X' is passed, delete the variables
520 if [ "$DELETE" = "2" ]; then
521 f_sysrc_delete "$NAME"
526 echo -n "$( f_sysrc_find "$NAME" ): "
529 # If `-N' is passed, simplify the output
531 if [ ! "$SHOW_VALUE" ]; then
536 echo "${SHOW_NAME:+$NAME$SEP}$(
537 f_sysrc_get "$NAME" )${SHOW_EQUALS:+\"}"
543 # Ignore the remainder of positional arguments.
549 # Process command-line arguments
552 while [ $# -gt 0 ]; do
556 *+) mode=APPEND NAME="${NAME%+}" ;;
557 *-) mode=REMOVE NAME="${NAME%-}" ;;
562 echo "$NAME: $( f_sysrc_desc "$NAME" )"
567 # Like sysctl(8), if both `-d' AND "name=value" is passed,
568 # first describe (done above), then attempt to set
571 # If verbose, prefix line with where the directive lives
572 if [ "$VERBOSE" -a ! "$CHECK_ONLY" ]; then
573 file=$( f_sysrc_find "$NAME" )
574 [ "$file" = "$RC_DEFAULTS" -o ! "$file" ] &&
575 file=$( f_sysrc_get 'rc_conf_files%%[$IFS]*' )
576 if [ "$SHOW_EQUALS" ]; then
584 # If `-x' or `-X' is passed, delete the variable and ignore the
585 # desire to set some value
587 if [ "$DELETE" ]; then
588 f_sysrc_delete "$NAME" || status=$FAILURE
594 # If `-c' is passed, simply compare and move on
596 if [ "$CHECK_ONLY" ]; then
597 if ! IGNORED=$( f_sysrc_get "$NAME?" ); then
600 echo "$NAME: not currently set"
604 value=$( f_sysrc_get "$NAME" )
605 if [ "$value" != "${1#*=}" ]; then
607 if [ "$VERBOSE" ]; then
608 echo -n "$( f_sysrc_find "$NAME" ): "
609 echo -n "$NAME: would change from "
610 echo "\`$value' to \`${1#*=}'"
612 elif [ "$VERBOSE" ]; then
613 echo -n "$( f_sysrc_find "$NAME" ): "
614 echo "$NAME: already set to \`$value'"
621 # Determine both `before' value and appropriate `new' value
625 before=$( f_sysrc_get "$NAME" )
627 delim="${add%"${add#?}"}" # first character
630 ""|[$IFS]|[a-zA-Z0-9]) delim=" " ;;
638 [ "$b" = "$a" ] && skip=1 break
640 [ "$skip" ] || new="$new$delim$a"
642 new="${new#"$delim"}" IFS="$oldIFS"
643 unset add delim oldIFS a skip b
644 [ "$SHOW_FILE" ] && before=$( f_sysrc_find "$NAME" )
647 before=$( f_sysrc_get "$NAME" )
649 delim="${remove%"${remove#?}"}" # first character
652 ""|[$IFS]|[a-zA-Z0-9]) delim=" " ;;
660 [ "$r" = "$b" ] && add= break
662 [ "$add" ] && new="$new$delim$b"
664 new="${new#"$delim"}" IFS="$oldIFS"
665 unset remove delim oldIFS b add r
666 [ "$SHOW_FILE" ] && before=$( f_sysrc_find "$NAME" )
669 if [ "$SHOW_FILE" ]; then
670 before=$( f_sysrc_find "$NAME" )
672 before=$( f_sysrc_get "$NAME" )
678 # If `-N' is passed, simplify the output
680 if [ ! "$SHOW_VALUE" ]; then
682 f_sysrc_set "$NAME" "$new"
684 if f_sysrc_set "$NAME" "$new"; then
685 if [ "$SHOW_FILE" ]; then
686 after=$( f_sysrc_find "$NAME" )
688 after=$( f_sysrc_get "$NAME" )
690 echo -n "${SHOW_NAME:+$NAME$SEP}"
691 echo -n "$before${SHOW_EQUALS:+\" #}"
692 echo -n " -> ${SHOW_EQUALS:+\"}$after"
693 echo "${SHOW_EQUALS:+\"}"
698 if ! IGNORED=$( f_sysrc_get "$NAME?" ); then
699 [ "$IGNORE_UNKNOWNS" -o "$QUIET" ] ||
700 echo "$pgm: unknown variable '$NAME'"
706 # The above check told us what we needed for `-c'
707 if [ "$CHECK_ONLY" ]; then
713 # Like sysctl(8), when `-d' is passed, desribe it
714 # (already done above) rather than expanding it
717 if [ "$DESCRIBE" ]; then
723 # If `-x' or `-X' is passed, delete the variable
725 if [ "$DELETE" ]; then
726 f_sysrc_delete "$NAME" || status=$FAILURE
732 # If `-F' is passed, find it and move on
734 if [ "$SHOW_FILE" ]; then
735 [ "$SHOW_NAME" ] && echo -n "$NAME: "
741 if [ "$VERBOSE" ]; then
742 if [ "$SHOW_EQUALS" ]; then
743 echo -n ": $( f_sysrc_find "$NAME" ); "
745 echo -n "$( f_sysrc_find "$NAME" ): "
750 # If `-N' is passed, simplify the output
752 if [ ! "$SHOW_VALUE" ]; then
755 echo "${SHOW_NAME:+$NAME$SEP}$(
756 f_sysrc_get "$NAME" )${SHOW_EQUALS:+\"}"
762 exit $status # $SUCCESS unless error occurred with either `-c' or `-x'
764 ################################################################################
766 ################################################################################