MFC r352948-r352951, r353002, r353066, r353070: caroot infrastructure

Infrastructure only -- no plans in place currently to commit any certs to
these branches.

r352948:
[1/3] Initial infrastructure for SSL root bundle in base

This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions

A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.

This work was done primarily by allanjude@, with minor contributions by
myself.

r352949:
[2/3] Add certctl(8)

This is a simple utility to hash all trusted on the system into
/etc/ssl/certs. It also allows the user to blacklist certificates they do
not trust.

This work was done primarily by allanjude@, with minor contributions by
myself.

r352950:
[3/3] etcupdate and mergemaster support for certctl

This commit add support for certctl in mergemaster and etcupdate. Both will
either rehash or prompt for rehash as new certificates are
trusted/blacklisted.

This work was done primarily by allanjude@, with minor contributions by
myself.

r352951:
caroot: add @generated tags to extracted .pem

As is the current trend; while these files are manually curated, they are
still generated. If they end up in a review, it would be helpful to also
take the hint and hide them.

r353002:
Unbreak etcupdate(8) and mergemaster(8) after r352950

r352950 introduced improper case fall-through for shell scripts. Fix it with
a pipe.

r353066:
certctl(8): realpath the file before creating the symlink

Otherwise we end up creating broken relative symlinks in
/etc/ssl/blacklisted.

r353070:
certctl(8): let one blacklist based on hashed filenames

It seems reasonable to allow, for instance:

$ certctl list
# reviews output -- ah, yeah, I don't trust that one
$ certctl blacklist ce5e74ef.0
$ certctl rehash

We can unambiguously determine what cert "ce5e74ef.0" refers to, and we've
described it to them in `certctl list` output -- I see little sense in
forcing another level of filesystem inspection to determien what cert file
this physically corresponds to.

Relnotes: yes

MFC r335527, r335529, r335593

r335527:
Add spi(8), a utility for communicating with a device on a SPI bus from
userland, conceptually similar to what i2c(8) provides for i2c devices.

Submitted by: Bob Frazier
Differential Revision: https://reviews.freebsd.org/D15029

r335529:
Eliminate gcc "shadowed declaration" warnings by using idx rather than
index as a variable name.

r335593:
Add an example for displaying the manufacturer and size info from a
standard spiflash chip.

MFC r343118: new small tool trim(8) to delete contents for blocks
on flash based storage devices that use wear-leveling algorithms.

MFC efibootmgr: r326725-r326728, r326771, r326800-r326804, r326806, r327163
r327572-r327573, r327610-r327611, r327877, r331069

r326725:
Import Netflix's efibootmgr to help manage UEFI boot variables

efibootmgr manages the UEFI BootXXXX variables that implement the UEFI
Boot Manager protocol defined in the UEFI standards. It is modeled
after the Linux program of the same name with a mostly compatible set
of command line options. Since there's a fair amount of OS specifioc
code due to differeing names and methods of doing things, the
compatibility isn't 100%.

Basic functionality is implemented, though the more advanced next boot
functionality that's been defined elsewhere is unimplemented.

Submitted by: Matt Williams (with unix / efi path xlate by me)
Sponsored by: Netflix

r326726:
Forgotten in 326725

Release Notes: Yes

r326727:
Remove vestiges of -d and -p commands.
Fix two core dumps when optional data isn't specified.

Sponsored by: Netflix

r326728:
Indent multiple device path entries correctly.

Sponsored by: Netflix

r326771:
Unbreak gcc build by using (void) for functions that take no args.

Sponsored by: Netflix

r326800:
Check return value for set_bootvar and give a good error message.

CID: 1383601
Sponsored by: Netflix

r326801:
Don't leak new_data.

CID: 1383605
Sponsored by: Netflix

r326802:
Fix resource leak. Free converted description after printing it.
Also minor style sort of local vars.

CID: 1383606
Sponsored by: Netflix

r326803:
Free load_opt_buf after we're done with it.

CID: 1383607
Sponsored by: Netflix

r326804:
Add sanity testing against maximum sane lengths for device paths for
loader and kernel.

CID: 1383608
Sponsored by: Netflix

r326806:
Actually insert the free(d) call missed in r326802.

Noticed by: rpokala@

r327163:
Remove write-only opt and useless optlen variables.

This squashes the warning gebnerated by GCC 6.x. Since
variables that are now removed had come documentation
value, put relevant bits in comment, so they can be
resurrected from there when actually needed.

r327572:
Ensure that we have a description string. When unspecified, default to "".

Sponsored by: Netflix

r327573:
Free options before setting them. This will prevent us from leaking
memory when we have multiple copies of the same option from being
specified.

Sponsored by: Netflix

r327610:
Fix usage strings. -d and -p were removed before this was committed to
FreeBSD, but the strings weren't updated.

Sponsored by: Netflix

r327611:
There's no need / benefit from deleting the variable before we set it.

Sponsored by: Netflix

r327877:
Fix error in determining the next available boot slot.

Sponsored by: Netflix

r331069:
Make not getting BootOrder a warning, not a fatal error when printing.

Sponsored by: Netflix

Relnotes: yes

MFC r330653:
Add kernel and userspace code to dump the firmware state of supported
ConnectX-4/5 devices in mlx5core.

The dump is obtained by reading a predefined register map from the
non-destructive crspace, accessible by the vendor-specific PCIe
capability (VSC). The dump is stored in preallocated kernel memory and
managed by the mlx5tool(8), which communicates with the driver using a
character device node.

The utility allows to store the dump in format
<address> <value>
into a file, to reset the dump content, and to manually initiate the
dump.

A call to mlx5_fwdump() should be added at the places where a dump
must be fetched automatically. The most likely place is right before a
firmware reset request.

Submitted by: kib@
Sponsored by: Mellanox Technologies

MFC r322277 by jlh:

rwho/ruptime/rwhod shouldn't be gated by RCMDS.

As peter@ points out in pr/220953:
"rwho, rwhod and ruptime are not part of the remote login suite (rsh, rlogin
etc).

They should *not* be in the rcmds package which is disabled by default. We
rely on rwho/rwhod/ruptime in the freebsd.org cluster."

This commit is a re-commit of r322029 and r322031 with a better commit log, as
pointed out by ngie@.

This also includes the necesary changes to OptionalObsoleteFiles.inc, as
requested by jhb@.

PR: 220953

MFC r320701:

Remove SUBDIR ordering/uniquifying in *bin/Makefile

After the addition of SUBDIR.yes, uniquifying/ordering the SUBDIRs doesn't
make a whole lot of sense, and it's in effect a half measure.

Ordering SUBDIR (after adding SUBDIR.yes to it) in bsd.subdir.mk is a
separate change that warrants more discussion/testing, because while
the SUBDIR_PARALLEL work largely fixed dependency ordering for SUBDIRs,
there might be downstream FreeBSD consumers that rely on the SUBDIR
ordering.

MFC r314579,r314785:

r314579 (by np):

Add cxgbetool(8) to the base system.

Move cxgbetool from tools/tools to usr.sbin. Compile and install it on
platforms where cxgbe(4) is built by default. Knobs (WITH_CXGBETOOL and
WITHOUT_CXGBETOOL) have been added so that the user can override the
default setting.

r314785:

Fix some trivial manlint warnings

Sentences should begin on new lines, per manlint.

Bump .Dd for the change

MFC r306375,r307802:

r306375 (by emaste):

Add a WITHOUT_DIALOG src.conf(5) knob

It also turns off dependencies (bsdinstall, bsdconfig, dpv, tzsetup).

r307802 (by bapt):

Fix build of tzsetup when WITHOUT_DIALOG is set

Hide dialog specific code behind HAVE_DIALOG. It allows to build a stripped
down version (missing the dialog UI) but perfectly function tzsetup when
world is built WITHOUT_DIALOG

Reorganise a bit the code to limit the number of blocks under HAVE_DIALOG

MFC efivar(8) (by imp):

List of revisions merged:
r307070
r307071
r307072
r307074
r307189
r307224
r307339
r307390
r307391
r309776
r314231
r314232
r314615
r314616
r314617
r314618
r314619
r314620
r314621
r314623
r314890
r314925
r314926
r314927
r314928
r315770
r315771

Discussed with: gjb (re), imp
Sponsored by: The FreeBSD Foundation

MFC r303784, r303785, r305620:

r303784:
etcupdate: directly use diff3(1) instead of merge(1)

During the last attempt to rmeove GNU rcs, 2 blockers were spotted:
We need an ident(1) and etcupdate(8) uses merge(1).

Now nothing should prevent to remove rcs from base

Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D7401

r303785:
always install etcupdate

Now that etcupdate does not depend on rcs anymore there is no need to
conditionnally install it

r305620: (by vangyzen )
etcupdate: preserve the metadata of the destination file

When using diff3 to perform a three-way merge, etcupdate lost the destination
file's metadata. The metadata from the temporary file were used instead.
This was unpleasant for rc.d scripts, which require execute permission.
Use "cat >" to overwrite the destination file's contents while preserving its
metadata.

Reviewed by: bapt
Sponsored by: Dell Technologies
Differential Revision: https://reviews.freebsd.org/D7817

MFC r303410,r303419:

r303410:
Reconnect pmcstudy, lost in r291021
r303419:
Fix non-amd64 build from r292043 after reconnecting in r303410.

Approved by: re (kib)