docs: OpenBSD Man Pages Added

57 files changed, 20126 insertions, 0 deletions

diff --git a/static/openbsd/man5/Makefile b/static/openbsd/man5/Makefile
new file mode 100644
index 00000000..89fe1284
--- /dev/null
+++ b/static/openbsd/man5/Makefile
@@ -0,0 +1,58 @@
+MAN = acct.5 \
+      ar.5 \
+      bsd.port.arch.mk.5 \
+      bsd.port.mk.5 \
+      bsd.regress.mk.5 \
+      cabal-module.5 \
+      cargo-module.5 \
+      changelist.5 \
+      core.5 \
+      defaultdomain.5 \
+      dir.5 \
+      disktab.5 \
+      elf.5 \
+      ethers.5 \
+      fbtab.5 \
+      files.conf.5 \
+      fs.5 \
+      fstab.5 \
+      genassym.cf.5 \
+      gnome-module.5 \
+      go-module.5 \
+      group.5 \
+      hostname.if.5 \
+      hosts.5 \
+      install.site.5 \
+      installurl.5 \
+      intro.5 \
+      login.conf.5 \
+      mandoc.db.5 \
+      mixerctl.conf.5 \
+      mk.conf.5 \
+      moduli.5 \
+      motd.5 \
+      mygate.5 \
+      myname.5 \
+      netgroup.5 \
+      opam-module.5 \
+      passwd.5 \
+      pf.conf.5 \
+      pf.os.5 \
+      port-modules.5 \
+      printcap.5 \
+      protocols.5 \
+      python-module.5 \
+      qmake-module.5 \
+      ranlib.5 \
+      remote.5 \
+      resolv.conf.5 \
+      rpc.5 \
+      ruby-module.5 \
+      services.5 \
+      shells.5 \
+      spamd.conf.5 \
+      sysctl.conf.5 \
+      utmp.5 \
+      wsconsctl.conf.5
+
+include ../../mandoc.mk
diff --git a/static/openbsd/man5/acct.5 b/static/openbsd/man5/acct.5
new file mode 100644
index 00000000..82ea470b
--- /dev/null
+++ b/static/openbsd/man5/acct.5
@@ -0,0 +1,157 @@
+.\"	$OpenBSD: acct.5,v 1.27 2024/02/25 00:07:14 deraadt Exp $
+.\"	$NetBSD: acct.5,v 1.4 1995/10/22 01:40:10 ghudson Exp $
+.\"
+.\" Copyright (c) 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)acct.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: February 25 2024 $
+.Dt ACCT 5
+.Os
+.Sh NAME
+.Nm acct
+.Nd execution accounting file
+.Sh SYNOPSIS
+.In sys/acct.h
+.Sh DESCRIPTION
+The kernel maintains the following
+.Fa acct
+information structure for all
+processes.
+If a process terminates or misbehaves in specific ways,
+and accounting is enabled, the kernel calls the
+.Xr acct 2
+function call to prepare and append the record
+to the accounting file.
+.Bd -literal
+/*
+ * Accounting structures; these use a comp_t type which is a 3 bits base 8
+ * exponent, 13 bit fraction floating point number.  Units are 1/AHZ
+ * seconds.
+ */
+typedef u_int16_t comp_t;
+
+struct acct {
+	char	  ac_comm[24];	/* command name, incl NUL */
+	comp_t	  ac_utime;	/* user time */
+	comp_t	  ac_stime;	/* system time */
+	comp_t	  ac_etime;	/* elapsed time */
+	comp_t	  ac_io;	/* count of IO blocks */
+	time_t	  ac_btime;	/* starting time */
+	uid_t	  ac_uid;	/* user id */
+	gid_t	  ac_gid;	/* group id */
+	u_int32_t ac_mem;	/* average memory usage */
+	dev_t	  ac_tty;	/* controlling tty, or -1 */
+	pid_t	  ac_pid;	/* process id */
+
+	u_int32_t ac_flag;	/* accounting flags */
+#define	AFORK	0x00000001	/* fork'd but not exec'd */
+#define	AMAP	0x00000004	/* killed by syscall or stack mapping violation */
+#define	ACORE	0x00000008	/* dumped core */
+#define	AXSIG	0x00000010	/* killed by a signal */
+#define	APLEDGE	0x00000020	/* killed due to pledge violation */
+#define	ATRAP	0x00000040	/* memory access violation */
+#define	AUNVEIL	0x00000080	/* unveil access violation */
+#define APINSYS 0x00000200      /* killed by syscall pin violation */
+#define ABTCFI  0x00000400      /* BT CFI violation */
+};
+
+/*
+ * 1/AHZ is the granularity of the data encoded in the comp_t fields.
+ * This is not necessarily equal to hz.
+ */
+#define	AHZ	64
+
+#ifdef _KERNEL
+int	acct_process(struct proc *p);
+int	acct_shutdown(void);
+#endif
+.Ed
+.Pp
+If a terminated or misbehaving process was created by an
+.Xr execve 2 ,
+the name of the executed file (at most ten characters of it)
+is saved in the field
+.Fa ac_comm
+and its status is saved by setting one or more of the following flags in
+.Fa ac_flag :
+.Bl -tag -width "AUNVEIL"
+.It Dv AFORK
+A new process was created via
+.Xr fork 2
+that was not followed by a call to
+.Xr execve 2 .
+.It Dv AMAP
+The process terminated abnormally due to a system call or stack mapping
+violation.
+.It Dv ACORE
+The process terminated abnormally due to a signal and dumped
+.Xr core 5 .
+.It Dv AXSIG
+The process was killed by a
+.Xr signal 3 .
+.It Dv APLEDGE
+The process was killed due to a
+.Xr pledge 2
+violation.
+.It Dv ATRAP
+The process was killed due to a memory access violation
+detected by a processor trap.
+.It Dv AUNVEIL
+The process attempted a file access that was prevented by
+.Xr unveil 2
+restrictions.
+Note that this does not cause the process to terminate.
+.It Dv APINSYS
+The command tried to execute a system call from the wrong
+system call instruction, see
+.Xr pinsyscalls 2 .
+.It Dv ABTCFI
+The command executed an indirect branch to a location that did not
+start with a
+.Ql BTI
+instruction, and terminated with signal
+.Dv SIGILL ,
+.Va code
+.Dv ILL_BTCFI .
+.El
+.Sh SEE ALSO
+.Xr lastcomm 1 ,
+.Xr acct 2 ,
+.Xr execve 2 ,
+.Xr pledge 2 ,
+.Xr unveil 2 ,
+.Xr signal 3 ,
+.Xr core 5 ,
+.Xr accton 8 ,
+.Xr sa 8
+.Sh HISTORY
+An
+.Nm
+file format first appeared in
+.At v7 .
diff --git a/static/openbsd/man5/ar.5 b/static/openbsd/man5/ar.5
new file mode 100644
index 00000000..4d455df6
--- /dev/null
+++ b/static/openbsd/man5/ar.5
@@ -0,0 +1,157 @@
+.\"	$OpenBSD: ar.5,v 1.5 2015/12/24 01:47:25 bentley Exp $
+.\"	$NetBSD: ar.5,v 1.2 1995/03/25 06:39:38 glass Exp $
+.\"
+.\" Copyright (c) 1990, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)ar.5.5	8.1 (Berkeley) 6/9/93
+.\"
+.Dd $Mdocdate: December 24 2015 $
+.Dt AR 5
+.Os
+.Sh NAME
+.Nm ar
+.Nd archive (library) file format
+.Sh SYNOPSIS
+.In ar.h
+.Sh DESCRIPTION
+The archive command
+.Nm ar
+combines several files into one.
+Archives are mainly used as libraries of object files intended to be
+loaded using the link-editor
+.Xr ld 1 .
+.Pp
+A file created with
+.Nm ar
+begins with the magic string
+.Dq !<arch>\en .
+The rest of the archive is made up of objects, each of which is composed
+of a header for a file, a possible file name, and the file contents.
+The header is portable between machine architectures and, if the file
+contents are printable, the archive is itself printable.
+.Pp
+The header is made up of six variable length ASCII fields, followed by a
+two character trailer.
+The fields are the object name (16 characters), the file last modification
+time (12 characters), the user and group IDs (each 6 characters), the file
+mode (8 characters) and the file size (10 characters).
+All numeric fields are in decimal, except for the file mode which is in
+octal.
+.Pp
+The modification time is the file
+.Fa st_mtime
+field, i.e.,
+.Dv CUT
+seconds since
+the Epoch.
+The user and group IDs are the file
+.Fa st_uid
+and
+.Fa st_gid
+fields.
+The file mode is the file
+.Fa st_mode
+field.
+The file size is the file
+.Fa st_size
+field.
+The two-byte trailer is the string "\`\en".
+.Pp
+Only the name field has any provision for overflow.
+If any file name is more than 16 characters in length or contains an
+embedded space, the string "#1/" followed by the ASCII length of the
+name is written in the name field.
+The file size (stored in the archive header) is incremented by the length
+of the name.
+The name is then written immediately following the archive header.
+.Pp
+Any unused characters in any of these fields are written as space
+characters.
+If any fields are their particular maximum number of characters in
+length, there will be no separation between the fields.
+.Pp
+Objects in the archive are always an even number of bytes long; files
+which are an odd number of bytes long are padded with a newline
+.Pq Ql \en
+character, although the size in the header does not reflect this.
+.Sh SEE ALSO
+.Xr ar 1 ,
+.Xr stat 2
+.Sh STANDARDS
+No archive format is currently specified by any standard.
+.At V
+has historically distributed archives in a different format from
+all of the above.
+.Sh HISTORY
+There have been at least four
+.Nm ar
+formats.
+The first was denoted by the leading magic number 0177555 (stored as
+type
+.Vt int ) .
+These archives were almost certainly created on a 16-bit machine, and
+contain headers made up of five fields.
+The fields are the object name (8 characters), the file last modification
+time (type
+.Vt long ) ,
+the user ID (type
+.Vt char ) ,
+the file mode (type
+.Vt char )
+and the file size (type
+.Vt unsigned int ) .
+Files were padded to an even number of bytes.
+.Pp
+The second was denoted by the leading magic number 0177545 (stored as
+type
+.Vt int ) .
+These archives may have been created on either 16 or 32-bit machines, and
+contain headers made up of six fields.
+The fields are the object name (14 characters), the file last modification
+time (type
+.Vt long ) ,
+the user and group IDs (each type
+.Vt char ) ,
+the file mode (type
+.Vt int )
+and the file size (type
+.Vt long ) .
+Files were padded to an even number of bytes.
+.\" For more information on converting from this format see
+.\" .Xr arcv 8 .
+.Pp
+The current archive format (without support for long character names and
+names with embedded spaces) was introduced in
+.Bx 4.0 .
+The headers were the same as the current format, with the exception that
+names longer than 16 characters were truncated, and names with embedded
+spaces (and often trailing spaces) were not supported.
+It has been extended for these reasons,
+as described above.
+This format first appeared in
+.Bx 4.4 .
diff --git a/static/openbsd/man5/bsd.port.arch.mk.5 b/static/openbsd/man5/bsd.port.arch.mk.5
new file mode 100644
index 00000000..36dc0646
--- /dev/null
+++ b/static/openbsd/man5/bsd.port.arch.mk.5
@@ -0,0 +1,160 @@
+.\" $OpenBSD: bsd.port.arch.mk.5,v 1.15 2025/10/24 08:10:37 rsadowski Exp $
+.\"
+.\" Copyright (c) 2011 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: October 24 2025 $
+.Dt BSD.PORT.ARCH.MK 5
+.Os
+.Sh NAME
+.Nm bsd.port.arch.mk
+.Nd ports tree Makefile fragment, concerned with arch issues
+.Sh SYNOPSIS
+.Bd -literal
+# Set up such as
+MULTI_PACKAGES = -main -special
+ONLY_FOR_ARCHS-special = i386
+.Ed
+.Pp
+.Fd .include <bsd.port.arch.mk>
+.Bd -literal
+#some more lines such as
+\&.if ${BUILD_PACKAGES:M-special}
+CONFIGURE_ARGS += --enable-special
+\&.endif
+.Ed
+.Pp
+.Fd .include <bsd.port.mk>
+.Sh DESCRIPTION
+.Nm
+holds the logic used for arch-dependent builds in the ports tree.
+It is normally included as part of the larger
+.Xr bsd.port.mk 5 ,
+but it is also available separately for ports that require it.
+.Bl -bullet
+.It
+multi-packages ports that need to remove some subpackages based
+on pseudo-flavors or architecture constraints.
+.It
+ports that need to make explicit tests on arch-dependent constants.
+.El
+.Pp
+.Nm
+assumes the following variables are already defined:
+.Bl -tag -offset indent -compact -width ONLY_FOR_ARCH-<sub>
+.It MULTI_PACKAGES
+.It FLAVOR
+.It FLAVORS
+.It PSEUDO_FLAVORS
+.It Ev NOT_FOR_ARCHS[-<sub>]
+.It Ev ONLY_FOR_ARCHS[-<sub>]
+.El
+and optionally, if the default won't be appropriate
+.Bl -tag -offset indent -compact -width ONLY_FOR_ARCH-<sub>
+.It Ev IGNORE[-<sub>]
+.El
+.Pp
+It will set up the following variables for use in the rest of the
+.Pa Makefile :
+.Bl -tag -offset indent -compact -width ONLY_FOR_ARCH-<sub>
+.It Ev ARCH
+.It Ev ALL_ARCHS
+.It Ev APM_ARCHS
+.It Ev BE_ARCHS
+.It Ev CLANG_ARCHS
+.It Ev COMPILER_VERSION
+.It Ev CX11_ARCHS
+.It Ev DEBUGINFO_ARCHS
+.It Ev GCC4_ARCHS
+.It Ev GCC49_ARCHS
+.It Ev GO_ARCHS
+.It Ev LE_ARCHS
+.It Ev LIBCXX
+.It Ev LLD_ARCHS
+.It Ev LLD_EMUL
+.It Ev LLVM_ARCHS
+.It Ev LP64_ARCHS
+.It Ev LUAJIT_ARCHS
+.It Ev MONO_ARCHS
+.It Ev OCAML_NATIVE_ARCHS
+.It Ev OCAML_NATIVE_DYNLINK_ARCHS
+.It Ev PROPERTIES
+.It Ev RUST_ARCHS
+.It Ev IGNORE-<sub>
+.It Ev BUILD_PACKAGES
+.El
+.Pp
+Most importantly,
+.Ev BUILD_PACKAGES
+will be correctly set up, taking
+.Ev ONLY_FOR_ARCHS[-<sub>]
+and
+.Ev NOT_FOR_ARCHS[-<sub>]
+limitations into account, as well as pseudo-flavors.
+.Pp
+Note that thanks to the way
+.Xr make 1
+variables are evaluated, a setup such as
+.Bd -literal -offset indent
+ONLY_FOR_ARCHS-foo = ${LP64_ARCHS}
+\&.include <bsd.port.arch.mk>
+.Ed
+.Pp
+is perfectly admissible, since
+.Ev ONLY_FOR_ARCHS-foo
+will be used only after
+.Ev LP64_ARCHS
+is defined.
+.Pp
+Also, you do not need to explicitly include
+.Pa bsd.port.arch.mk
+just to define
+.Bd -literal -offset indent
+ONLY_FOR_ARCHS = ${LP64_ARCHS}
+.Ed
+.Pp
+since
+.Pa bsd.port.mk
+does define arch constants before evaluating
+.Ev ONLY_FOR_ARCHS .
+A more detailed description of each variable is available in
+.Xr bsd.port.mk 5 .
+.Pp
+All the constant values
+.Ev ARCH , ALL_ARCHS , COMPILER_VERSION ,
+.Ev GCC4_ARCHS , LP64_ARCHS
+and
+.Ev PROPERTIES
+are also available from
+.Ev MODULES
+and from
+.Pa ${.CURDIR}/../Makefile.inc .
+.Sh SEE ALSO
+.Xr bsd.port.mk 5
+.Sh HISTORY
+.Nm
+was split from
+.Xr bsd.port.mk 5
+in
+.Ox 5.1 .
diff --git a/static/openbsd/man5/bsd.port.mk.5 b/static/openbsd/man5/bsd.port.mk.5
new file mode 100644
index 00000000..216e5d1e
--- /dev/null
+++ b/static/openbsd/man5/bsd.port.mk.5
@@ -0,0 +1,4804 @@
+.\" $OpenBSD: bsd.port.mk.5,v 1.654 2025/11/04 12:52:28 tb Exp $
+.\"
+.\" Copyright (c) 2000-2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 4 2025 $
+.Dt BSD.PORT.MK 5
+.Os
+.Sh NAME
+.Nm bsd.port.mk
+.Nd ports tree master Makefile fragment
+.Sh SYNOPSIS
+.Fd .include <bsd.port.mk>
+.Sh DESCRIPTION
+.Nm
+contains the
+.Xr ports 7
+tree
+.Xr make 1
+framework, in the form of documented public targets,
+variables and paths.
+.Pp
+The actual
+.Nm
+file lives under
+.Pa ${PORTSDIR}/infrastructure/mk ,
+with
+.Xr make 1 Ns 's
+system include file redirecting to it.
+.Pp
+Optional parts of this framework have been moved to
+.Xr port-modules 5
+in an effort to shrink the main file
+.Po
+see also
+.Ev MODULES
+.Pc .
+.Pp
+Identifiers beginning with an underscore
+are internal-use only and likely to change without
+notice.
+.Pp
+This documentation contains sections covering targets, variables,
+diagnostics, and filenames, ordered in alphabetic order, followed
+by a section covering the fake framework, a section covering debug
+packages generation, a section explaining flavors and multi-packages,
+and a section covering the generation of package information.
+.Pp
+It ends with sections covering some obsolete targets, variables and files,
+outlining conversion
+methods from older incarnations of the ports tree or from other
+.Bx
+variants.
+.Pp
+.Nm
+also uses quite a few helper scripts which live under
+.Pa ${PORTSDIR}/infrastructure/bin .
+.Pp
+Binary package details are mostly covered in
+.Xr pkg_create 1
+for the packing-list details,
+and in
+.Xr pkg_add 1
+for the installation semantics.
+.Pp
+Common usage such as building every package in
+the system is covered by
+.Xr ports 7
+and
+.Xr bulk 8
+instead, with
+.Xr packages 7
+providing an overview of the result.
+.Sh TARGETS
+.Bl -tag -width Ds
+.It Cm {build,run,all,test}-dir-depends
+Print all dependencies for a port in order to build it, run it, build and
+run it, or to run regression tests.
+The output is formatted as package specification pairs, in a form suitable
+for
+.Xr tsort 1 .
+.Pp
+Note that it is possible to obtain reverse dependency information by
+using the
+.Nm show-reverse-deps
+script from the
+.Pa sqlports
+package.
+.It Cm full-{build,run,all,test}-depends
+Print all dependencies a package depends upon for building, running,
+or both, as a list of package names, sorted by dependency order with
+.Xr tsort 1 ,
+most dependent port first.
+.It Cm {build,lib,test,run}-depends-list
+Print a list of first level package specifications a port depends as
+build dependencies, library dependencies, test dependencies or
+run dependencies.
+.It Cm print-{build,run}-depends
+User convenience target that displays the result of
+.Cm full-{build,run}-depends
+in a more readable way.
+.It Cm {pre,do,post}-*
+Most standard targets can be specialized according to a given port's needs.
+If defined,
+the
+.Cm pre-*
+hook will be invoked before running the normal action;
+the
+.Cm do-*
+hook will be invoked instead of the normal action;
+the
+.Cm post-*
+hook will be invoked after the normal action.
+Specialization hooks exist for
+.Cm build ,
+.Cm configure ,
+.Cm distpatch ,
+.Cm extract ,
+.Cm fake ,
+.Cm gen ,
+.Cm install ,
+.Cm patch ,
+.Cm test .
+See individual targets for exceptions.
+.It Cm all-lib-depends-args
+Process the full
+.Ev LIB_DEPENDS
+list into a form suitable for
+.Xr pkg_create 1 ,
+see
+.Cm print-package-args .
+.It Cm build , Cm all
+Default target.
+Build the port.
+Essentially invoke
+.Bd -literal
+env -i ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \e
+	-f ${MAKE_FILE} ${ALL_TARGET}
+.Ed
+.It Cm check-register
+Introspection target.
+Verify from the ports tree, without building anything, that the current
+subpackage will register okay
+.Po
+see
+.Ev PLIST_REPOSITORY
+.Pc .
+.It Cm check-register-all
+Apply
+.Cm check-register
+to all subpackages of the current port.
+.It Cm checkpatch
+Check that patches would apply cleanly, but do not modify anything.
+.It Cm checksum
+Compute a
+.Xr sha256 1
+digest
+of ${CHECKSUMFILES} (files listed in DISTFILES* and PATCHFILES*) and
+check it against ${CHECKSUM_FILE}, normally
+.Pa distinfo .
+In case of a mismatch, running
+.Cm checksum
+with
+.Ev REFETCH Ns = Ns Cm true
+will fetch alternative versions of files keyed on their checksum
+from the
+.Ox
+main archive site.
+.It Cm clean
+Clean ports contents.
+By default, it will clean the work directory.
+It can be invoked as
+make clean='[depends build bulk work fake flavors dist install sub package
+packages plist test]'.
+.Bl -tag -width packages
+.It Va work
+Clean work directory.
+.It Va bulk
+Clean bulk cookie.
+.It Va build
+Clean the
+.Ev WRKBUILD
+directory (only useful if
+.Ev SEPARATE_BUILD
+is set).
+.It Va depends
+Recurse into dependencies.
+.It Va dist
+Clean distribution files.
+.It Va fake
+Clean fake installation directory.
+.It Va flavors
+Clean all work directories.
+.It Va install
+Uninstall package.
+.It Va package
+Remove all copies of package file.
+.It Va plist
+Remove registered packing-lists of all subpackages.
+.It Va test
+Clean test cookie.
+.It Va sub
+With
+.Va install
+or
+.Va package ,
+clean subpackages as well.
+.It Va packages
+Shorthand for
+.Sq sub package .
+.It Va all
+Shorthand for
+.Sq work flavors packages plist .
+.El
+.It Cm clean-depends
+Shorthand for
+.Ql make clean=depends .
+.It Cm configure
+Configure the port.
+By default,
+.Cm configure
+creates the ${WRKBUILD} directory (see
+.Ev SEPARATE_BUILD ) ,
+and runs whatever configuration methods are recorded in
+.Ev CONFIGURE_STYLE .
+.It Cm distclean
+Shorthand for
+.Ql make clean=dist .
+.It Cm distpatch
+Apply distribution patches only.
+See
+.Cm patch ,
+.Ev PATCH_CASES
+and
+.Ev FIX_CRLF_FILES
+for details.
+.It Cm dump-vars
+Dump the values of all relevant variables in a port, prepended with the
+port's FULLPKGPATH.
+.Pp
+Can be limited to some specific information by setting
+.Ev DPB
+to nothing or
+.Sq fetch .
+Mostly used by
+.Xr dpb 1
+for obtaining vital information from the ports tree.
+.It Cm extract
+Extract the distribution files under
+.Pa ${WRKDIR}
+(but see
+.Ev EXTRACT_ONLY ,
+.Ev FIX_EXTRACT_PERMISSIONS
+and
+.Ev NO_DEPENDS ) .
+Refer to
+.Ev EXTRACT_CASES
+for a complete description.
+Do not use
+.Cm pre-extract
+and
+.Cm do-extract
+hooks.
+.It Cm fake
+Do a fake port installation, that is, simulate the port installation into
+the staging area ${WRKINST}.
+There is no
+.Cm do-fake
+and
+.Cm post-fake
+hooks:
+instead
+.Cm fake
+runs
+.Cm pre-fake ,
+.Cm pre-install ,
+.Cm do-install
+and
+.Cm post-install .
+Override
+.Cm pre-install ,
+.Cm do-install ,
+or
+.Cm post-install
+to change behavior.
+.Pp
+There are only a handful of ports that use
+.Cm pre-fake :
+that hook can be used to finish setting up a
+.Pa fake
+directory before starting the installation proper.
+Stuff run during
+.Cm pre-fake
+will not register with
+.Cm update-plist ,
+whereas stuff run during
+.Cm pre-install
+will be considered part of the installation process.
+.Pp
+See
+.Sx THE FAKE FRAMEWORK
+section below.
+.It Cm fake-wantlib-args
+Check
+.Ev WANTLIB
+against the list of installed packages and libraries in the ports tree.
+See
+.Cm print-package-args .
+.It Cm fetch
+Fetch the list of files in
+.Ev DISTFILES*
+and
+.Ev PATCHFILES*
+using ${FETCH_CMD}.
+Files are normally retrieved from the list of sites in
+.Ev SITES* .
+.Pp
+Adding a suffix to
+.Ev DISTFILES ,
+.Ev PATCHFILES ,
+.Ev SUPDISTFILES
+will switch the site entry to the corresponding
+.Ev SITES
+variable, e.g.,
+.Bd -literal -offset indent
+DISTFILES.go = ...
+SITES.go = ...
+.Ed
+.Pp
+If the rest of the entry parses as
+.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
+${FETCH_CMD} will fetch
+.Ar url Ns Ar sufx
+instead, but store the result as
+.Ar filename Ns Ar sufx .
+.Pp
+Transfers in progress are stored as
+.Ar filenamesufx.part
+and moved after completion.
+.Pp
+The actual filesystem paths to all distfiles (resp. patchfiles) after
+url/filename substitution, including suffixed sources, is conveniently
+stored as
+.Ev ALL_DISTFILES
+.Po
+resp.
+.Ev ALL_PATCHFILES
+.Pc .
+The ports framework uses
+.Pa ${DISTDIR}/${DIST_SUBDIR}
+(aliased to
+.Pa ${FULLDISTDIR} )
+to save the ports distribution files and patch files.
+.Pp
+If you want to fetch a significant number of distfiles quickly, say
+all files relevant to a port,
+.Cm dpb Fl F
+is more efficient.
+.Pp
+There are no
+.Cm {pre,do,post}-fetch
+hooks, as this would break
+.Xr dpb 1 .
+.Pp
+See
+.Ev ALL_DISTFILES ,
+.Ev ALL_PATCHFILES ,
+.Ev ALL_SUPDISTFILES ,
+.Ev CHECKSUMFILES ,
+.Ev DISTDIR ,
+.Ev DISTFILES* ,
+.Ev DIST_SUBDIR ,
+.Ev FETCH_CMD ,
+.Ev FETCH_MANUALLY ,
+.Ev FULLDISTDIR ,
+.Ev MAKESUMFILES ,
+.Ev PATCHFILES* ,
+.Ev SUPDISTFILES* ,
+.Ev REFETCH .
+.Ev SITES* ,
+.It Cm fetch-all
+Like
+.Cm fetch ,
+but also fetches
+.Ev SUPDISTFILES* ,
+for use by e.g.,
+.Cm makesum .
+.It Cm fix-permissions
+Ensure permissions are correct when using
+.Ev PORTS_PRIVSEP
+and/or
+.Xr dpb 1 .
+.Pp
+If necessary, creates directory
+.Ev DISTDIR
+owned by
+.Ev FETCH_USER ,
+and creates directories
+.Ev LOCKDIR ,
+.Ev PACKAGE_REPOSITORY ,
+.Ev PLIST_REPOSITORY
+and
+.Ev WRKOBJDIR
+owned by
+.Ev BUILD_USER .
+.Pp
+If these directories already exist,
+ownership of their contents is modified to conform to
+.Ev PORTS_PRIVSEP
+and
+.Xr dpb 1
+requirements.
+.It Cm gen
+Generate configure script when needed, either after patching
+input files, or from scratch for some ports,
+generally using automake, autoconf, autoreconf and similar GNU tools.
+This target only has modules
+.Po Ev MODxxx_gen Pc
+and a
+.Ar do-gen
+hooks.
+Then adjust timestamps to avoid regeneration during build
+.Po
+see
+.Ev REORDER_DEPENDENCIES
+.Pc .
+.It Cm generate-readmes
+Generate READMEs, rc scripts and login.conf.d files from
+.Pa ${PKGDIR}
+into
+.Pa ${WRKINST} .
+Run after
+.Cm fake
+and before
+.Cm package
+or
+.Cm update-plist .
+Always rerun, as it is cheap enough.
+.It Cm install-depends
+Before package installation, install and verify dependencies constructed from
+.Ev RUN_DEPENDS , LIB_DEPENDS ,
+and
+.Ev WANTLIB .
+.It Cm install
+Install the package after building.
+See the description of
+.Sx THE FAKE FRAMEWORK
+for the non-intuitive details of the way
+.Cm {pre,do,post}-install
+hooks are actually used by the ports tree.
+.It Cm install-all
+Install all packages in a multi-packages port.
+.It Cm lib-depends-args
+Filter
+.Ev LIB_DEPENDS
+to keep only entries required by
+.Ev WANTLIB ,
+and output a list of dependencies suitable for
+.Xr pkg_create 1 ,
+see
+.Cm print-package-args .
+.It Cm lib-depends-check
+Verify that the
+.Ev LIB_DEPENDS
+and
+.Ev WANTLIB
+recorded in the port's packages are accurate.
+See
+.Cm port-lib-depends-check ,
+which checks files under the fake staging directory instead,
+and thus has faster turn-around.
+.It Cm license-check
+Check that
+.Ev PERMIT_PACKAGE
+settings match:
+if any dependency has a more restrictive setting, warn about it.
+This warning is advisory, because automated license checking cannot
+know that some ports were only used for building and did not taint
+the current port.
+.It Cm lock
+Manually obtain a lock on a given directory.
+Output must be used to update environment variables.
+The lock can be released with
+.Cm unlock .
+Seldom used, see
+.Xr ports 7
+for details.
+.It Cm makesum
+Uses
+.Cm fetch-all
+to fetch missing ${MAKESUMFILES}
+without verifying their digest, then run
+.Xr sha256 1
+on them that is,
+files listed in ${DISTFILES*}, ${SUPDISTFILES*} and ${PATCHFILES*}.
+The result is stored in ${CHECKSUM_FILE}, normally
+.Pa distinfo .
+Also store the lengths of all files for a quick check during
+.Cm fetch ,
+.Cm fetch-all .
+.It Cm no-lib-depends-args
+Degenerate form of
+.Cm lib-depends-args
+that does not do anything.
+See
+.Cm print-package-args .
+.It Cm no-wantlib-args
+Degenerate form of
+.Cm wantlib-args
+that does not do anything.
+See
+.Cm print-package-args .
+.It Cm package
+Build a port package (or packages in a
+.Ev MULTI_PACKAGES
+case) from the fake installation.
+Involves creating packaging information from templates
+(see
+.Ev COMMENT ,
+.Ev SUBST_VARS
+among others) and invoking
+.Xr pkg_create 1
+for each package in the
+.Ev MULTI_PACKAGES
+list.
+If the repository already contains up-to-date packages, they are not rebuilt.
+If PLIST_REPOSITORY is set (the default), the resulting packaging
+information is compared with existing stuff, and saved if new,
+with loud complaints if it changed without a
+.Ev REVISION
+bump.
+.Pp
+if
+.Ev DEBUG_PACKAGES
+is set, some debug information may also be set aside and saved
+in
+.Pa debug-*
+packages transparently.
+.Pp
+Also note that
+.Pa ${PLIST_REPOSITORY}/${MACHINE_ARCH}/history
+contains LRU caches for all files
+.Po
+see
+.Xr package 5
+.Pc .
+Arch-independent packages are created in ${PACKAGE_REPOSITORY}/no-arch,
+and copied into ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/all as needed.
+If ${PERMIT_PACKAGE} is set to
+.Sq Yes ,
+copies built packages into ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/ftp, using
+hard links if possible.
+.It Cm patch
+Apply distribution and
+.Ox
+specific patches.
+Because of historical accident,
+.Cm patch
+does not follow the exact same scheme other standard targets do.
+Namely,
+.Cm patch
+invokes
+.Cm pre-patch
+(if defined),
+.Cm do-patch ,
+and
+.Cm post-patch ,
+but the default
+.Cm do-patch
+target invokes
+.Cm distpatch
+directly.
+So, if the
+.Cm do-patch
+target is overridden, it should still begin by calling
+.Ql make distpatch ,
+before applying
+.Ox
+specific patches.
+Accordingly, the exact sequence of hooks is:
+.Cm pre-patch ,
+.Cm do-distpatch ,
+.Cm post-distpatch ,
+.Cm do-patch ,
+.Cm post-patch .
+If
+.Pa ${PATCHDIR}
+exists, the files described under
+.Ev PATCH_LIST
+will be applied under
+.Ev WRKDIST .
+.It Cm peek-ftp
+Connect to the first site in
+.Ev SITES ,
+in the right directory, and leaves user at
+.Xr ftp 1 Ns 's
+prompt.
+.It Cm pkglocatedb
+Top-level target, see
+.Xr ports 7 .
+.It Cm port-lib-depends-check
+Verify that the
+.Ev LIB_DEPENDS
+and
+.Ev WANTLIB
+hold all shared libraries used for every package in the port.
+See
+.Xr library-specs 7 .
+This makes use of
+.Cm print-plist-with-depends
+to avoid actually building the packages, it only needs the
+completion of the
+.Cm fake
+stage, and thus is quicker than
+.Cm lib-depends-check ,
+unless you already have all binary packages.
+.It Cm port-wantlib-args
+Resolve
+.Ev WANTLIB
+against the ports tree itself and system libraries, without looking at built
+or installed packages, and writes a list of options suitable for
+.Xr pkg_create 1 .
+See
+.Cm print-package-args .
+.It Cm prepare
+Before port building, install and verify dependencies constructed from
+.Ev BUILD_DEPENDS ,
+.Ev LIB_DEPENDS
+and
+.Ev WANTLIB .
+In
+.Ev MULTI_PACKAGES
+setups,
+see
+.Sx FLAVORS AND MULTI_PACKAGES .
+.It Cm print-package-args
+Print all dependency-related information that will be passed as parameters
+to
+.Xr pkg_create 1 ,
+e.g.,
+.Fl W Ar wantlib
+and
+.Fl P Ar depends
+lines.
+.Pp
+Those parameters are generated by
+.Cm run-depends-args
+for
+.Ev RUN_DEPENDENCIES
+handling, a form of
+.Cm lib-depends-args
+for
+.Ev LIB_DEPENDS
+and
+.Ev WANTLIB
+interaction,
+and a form of
+.Cm wantlib-args
+for
+.Ev WANTLIB
+resolution.
+.Pp
+Variables
+.Ev lib_depends_args
+and
+.Ev wantlib_args
+control the exact behavior:
+.Ev lib_depends_args
+is normally set to
+.Cm lib-depends-args ,
+but will be set to
+.Cm all-lib-depends-args
+by
+.Cm port-lib-depends-check ,
+in order to have access to the full list of LIB_DEPENDS for figuring
+out missing WANTLIB.
+.Ev wantlib_args
+is normally set to
+.Cm wantlib-args
+but it may be set to
+.Cm port-wantlib-args
+for introspection purposes,
+to
+.Cm fake-wantlib-args
+to avoid some checks, or to
+.Cm no-wantlib-args
+to avoid expensive WANTLIB checks entirely.
+.It Cm print-update-signature
+Print the update signature, as computed using information from the ports tree,
+in the same format used for
+.Xr pkg_info 1
+.Fl S .
+.It Cm print-plist
+Generate and print a package packing-list from the static information
+present in the port.
+.It Cm print-plist-all
+Iterate over
+.Cm print-plist
+for all subpackages in a given port.
+.It Cm print-plist-all-with-depends
+Iterate over
+.Cm print-plist-with-depends
+for all subpackages in a given port.
+.It Cm print-plist-contents
+Generate and print package contents from the static information
+present in the port.
+In contrast with
+.Cm print-plist ,
+the package contents only consists of files, all tagged with category
+markers such as @file.
+See
+.Xr pkg_create 1 .
+.It Cm print-plist-libs
+Generate and print the list of static and dynamic libraries present in the port.
+See
+.Xr pkg_create 1 .
+.It Cm print-plist-all-libs
+Iterate over
+.Cm print-plist-libs
+for all subpackages in a given port.
+.It Cm print-plist-libs-with-depends
+Like
+.Cm print-plist-libs ,
+but slower.
+It also handles
+.Ev LIB_DEPENDS ,
+.Ev RUN_DEPENDS ,
+and
+.Ev WANTLIB ,
+so that the packing-list has complete dependency information.
+.It Cm print-plist-with-depends
+Like
+.Cm print-plist ,
+but slower.
+It also handles
+.Ev LIB_DEPENDS ,
+.Ev RUN_DEPENDS ,
+and
+.Ev WANTLIB ,
+so that the packing-list is complete.
+.It Cm rebuild
+Force rebuild of the port.
+.It Cm regen
+Force rebuilding configure scripts using
+.Ar gen
+steps.
+.It Cm reinstall
+Force reinstallation of a port, by first cleaning the old installation.
+This will obviously not work for software used as dependencies of other
+installed software.
+In that case,
+.Cm update
+might do the right thing.
+.It Cm repackage
+Rebuild the packages of a port after removing existing packages.
+.It Cm run-depends-args
+Process
+.Ev RUN_DEPENDS
+and outputs a list of dependencies suitable for
+.Xr pkg_create 1 ,
+see
+.Cm print-package-args .
+.It Cm reprepare
+Force running the
+.Ar prepare
+target again.
+.It Cm retest
+Force running the
+.Ar test
+target again.
+.It Cm show
+Invoked as make show=name, show the contents of ${name}.
+Invoked as make show="name1 name2 ...",
+show the contents of ${name1} ${name2} ...,
+one variable value per line.
+Mostly used from recursive makes, or to know the contents of another
+port's variables without guessing wrongly.
+.It Cm show-debug-info
+Displays the information that was generated by
+.Xr build-debug-info 1 .
+.It Cm show-fake-size
+Print the size of ${WRKINST}, in kilobytes.
+Used by some options of
+.Xr dpb 1 ,
+suitable for
+.Ev BULK_TARGETS .
+.It Cm show-indexed
+Similar to
+.Cm show .
+Invoked as make show-indexed=name, show the contents of ${name${SUBPACKAGE}},
+or ${name} if the variable
+.Ev name
+is not
+.Ev SUBPACKAGE
+dependent.
+.It Cm show-list
+Similar to
+.Cm show .
+Shows "list-like" variables, one entry per line.
+Mostly useful as a debugging target, since some internal variables may now
+exceed
+.Dv ARG_MAX .
+.It Cm show-prepare-results
+Print the list of actual installed packages found out by
+.Cm prepare .
+.It Cm show-prepare-test-results
+Print the list of actual installed packages found out by
+.Cm prepare
+and
+.Cm test-depends .
+.It Cm show-required-by
+Print the list of
+.Xr pkgpath 7
+for all ports that will be affected by the
+current port changing.
+Works by walking the full list of all dependencies of all ports, in reverse.
+.Pp
+Very slow, prefer installing the
+.Pa sqlports
+package and using
+.Nm show-reverse-deps .
+.It Cm show-run-depends
+Print all running dependencies for a port, one per-line, without duplicates.
+.It Cm subpackage
+Build a port package.
+Exactly like
+.Cm package ,
+but affects only one single subpackage in multi-packages ports.
+.It Cm show-size
+Print the size of the work directory, in kilobytes.
+Used by some options of
+.Xr dpb 1 ,
+suitable for
+.Ev BULK_TARGETS .
+.It Cm subupdate
+Update an existing installation to a newer package, exactly
+like
+.Cm update ,
+but affects only one single subpackage in multi-packages ports.
+.It Cm test
+Run regression tests for the port.
+Essentially depend on a correct build and invoke
+.Bd -literal
+env -i ${ALL_TEST_ENV} ${MAKE_PROGRAM} ${ALL_TEST_FLAGS} \e
+	-f ${MAKE_FILE} ${TEST_TARGET} ${TEST_LOG}
+.Ed
+.Pp
+If a port needs some other ports installed to run regression tests,
+use
+.Ev TEST_DEPENDS .
+If a port needs special configuration or build options to enable regression
+testing, define a
+.Sq test
+.Ev FLAVOR .
+.It Cm test-depends
+Before running regression tests, Install and verify dependencies
+constructed from
+.Ev TEST_DEPENDS .
+.It Cm unlock
+Manually release a lock on a given directory.
+See
+.Cm lock .
+.It Cm update-patches
+Create or update patches for a port, using
+.Xr update-patches 1 .
+See
+.Ev EDIT_PATCHES .
+.It Cm update
+Update an existing installation to a newer package:
+scan the installation for a package with the same
+.Ev FULLPKGPATH ,
+and update it using
+.Sq pkg_add -r
+if a newer package is available.
+In multi-packages ports, all relevant packages are updated.
+See
+.Ev UPDATE_COOKIES_DIR
+and
+.Ev FORCE_UPDATE
+as well.
+.Pp
+However, see
+.Sx CAVEATS
+in
+.Xr ports 7 :
+.Cm update
+is always
+.Sq best-effort
+and will often not work correctly when
+updating to a significantly different newer version.
+.It Cm update-or-install
+Update an installed package or perform a fresh installation,
+by using
+.Sq pkg_add -r .
+Handles one single package in multi-packages ports.
+See
+.Ev UPDATE_COOKIES_DIR
+and
+.Ev FORCE_UPDATE
+as well.
+.It Cm update-or-install-all
+Update installed packages or perform a fresh installation,
+by using
+.Sq pkg_add -r .
+Handles all packages in multi-packages ports.
+See
+.Ev UPDATE_COOKIES_DIR
+and
+.Ev FORCE_UPDATE
+as well.
+.It Cm update-plist
+Update the packing-lists for a port, using the fake installation and the
+existing packing lists, by invoking
+.Xr update-plist 1
+with the correct parameters, along with
+port-specific options
+.Po
+.Ev UPDATE_PLIST_ARGS
+.Pc
+and user settings
+.Po
+.Ev UPDATE_PLIST_OPTS
+.Pc .
+Also see
+.Ev SUBST_VARS
+for details about the default handling of variable substitution.
+.It Cm verbose-show
+Similar to
+.Cm show ,
+except that it prefixes each value with the variable name, e.g.,
+.Li VAR=value .
+Also note that it does not show undefined variables, contrary to
+.Cm show
+which outputs blank lines for these.
+.It Cm wantlib-args
+Call
+.Cm port-wantlib-args
+and
+.Cm fake-wantlib-args
+and compare the results, errors out in case of discrepancies.
+See
+.Cm print-package-args .
+.El
+.Sh VARIABLES
+Note that some variables are marked as
+.Sq User settings ,
+which means that individual ports should not modify them,
+and that some variables are marked as
+.Sq read-only ,
+which means that they shouldn't ever be changed.
+In a
+.Ev MULTI_PACKAGES
+setup, some variables have settings specific to a given subpackage.
+See
+.Sx FLAVORS AND MULTI_PACKAGES .
+.Bl -tag -width Ds
+.It Ev show
+Invoked as make show=name, show the contents of ${name}.
+Invoked as make show="name1 name2 ...", show the contents of
+${name1} ${name2} ...,
+one variable value per line.
+.It Ev ALL_DISTFILES
+List of all actual files coming from every
+.Ev DISTFILES*
+setting, after applying the
+.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
+conversion, occasionally useful for setting
+.Ev EXTRACT_ONLY
+manually.
+Read-only.
+.It Ev ALL_FAKE_FLAGS
+Flags passed to ${MAKE} invocations during the fake process.
+Equals
+.Li ${MAKE_FLAGS} ${DESTDIRNAME}=${WRKINST} ${FAKE_FLAGS} .
+Read-only.
+.It Ev ALL_PATCHFILES
+List of all actual files coming from every
+.Ev PATCHFILES*
+setting, after applying the
+.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
+conversion.
+Read-only.
+.It Ev ALL_SUPDISTFILES
+List of all actual files coming from every
+.Ev SUPDISTFILES*
+setting, after applying the
+.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
+conversion.
+Read-only.
+.It Ev ALL_TEST_ENV
+Environment passed to test.
+Equals
+.Li ${MAKE_ENV} ${TEST_ENV} .
+Read-only.
+.It Ev ALL_TEST_FLAGS
+Flags passed to ${MAKE} invocations during test.
+Equals
+.Li ${MAKE_FLAGS} ${TEST_FLAGS} .
+Read-only.
+.It Ev ALL_TARGET
+Target used to build software.
+Default is
+.Sq all .
+Can be set to empty, to yield a package's default target.
+.It Ev APM_ARCHS
+Set to the list of
+.Xr apm 4
+architectures.
+Read-only.
+Use with
+.Ev ONLY_FOR_ARCHS .
+.It Ev ARCH
+Current machine architecture.
+Read-only.
+.It Ev AUTOCONF
+Location of the autoconf binary if needed.
+Defaults to autoconf.
+.It Ev AUTOCONF_DIR
+Where to invoke autoconf or autoreconf if ${CONFIGURE_STYLE} includes
+.Sq autoconf
+or
+.Sq autoreconf ,
+respectively.
+Defaults to ${WRKSRC}.
+.\" AUTOCONF_DIR should probably be a list, and be renamed to AUTOCONF_DIRS ?
+.It Ev AUTOCONF_ENV
+Environment values that should be passed to all runs of autoconf, automake
+and related tools.
+Specifically, version numbers and PATH.
+Automatically set as soon as
+.Ev CONFIGURE_STYLE
+is gnu or higher.
+.It Ev AUTOCONF_VERSION
+Several versions of autoconf may coexist peacefully.
+The main autoconf script is a shell wrapper in the
+.Pa devel/metaauto
+package, and similarly for automake.
+Setting
+.Ev AUTOCONF_VERSION
+along with
+.Ev CONFIGURE_STYLE
+set to autoconf is the correct way to specify which one to use.
+.Ev AUTOCONF_VERSION
+defaults to 2.13.
+If autoconf must be run manually,
+.Ev MODGNU_AUTOCONF_DEPENDS
+can be used to specify what packages to depend upon.
+.It Ev AUTOHEADER
+Location of the autoheader binary.
+Defaults to autoheader.
+.It Ev AUTOMAKE_VERSION
+Several versions of automake may coexist peacefully.
+.Ev AUTOMAKE_VERSION
+must be set before trying to run automake.
+Defaults to 1.4.
+.It Ev AUTORECONF
+Location of the autoreconf binary and the arguments it is invoked with.
+Can be set to
+.Sq autogen.sh
+if such a script is available.
+Defaults to autoreconf --force --install.
+.It Ev BASE_PKGPATH
+Full
+.Xr pkgpath 7
+to the current port, taking flavors into account.
+See also
+.Ev BUILD_PKGPATH ,
+which also includes pseudo-flavors.
+Read-only.
+.It Ev BASELOCALSTATEDIR
+User settings.
+Base location for system-wide state directory.
+Defaults to
+.Pa ${VARBASE} .
+See
+.Ev LOCALSTATEDIR .
+.It Ev BASESYSCONFDIR
+User settings.
+Base location for system-wide configuration files.
+Defaults to
+.Pa /etc .
+See
+.Ev SYSCONFDIR .
+.It Ev BATCH
+User settings.
+Set to
+.Sq Yes
+to avoid ports that require user-interaction.
+Use in conjunction with
+.Ev INTERACTIVE
+to simplify bulk-package builds.
+.Pq See IGNORE .
+.It Ev BE_ARCHS
+Set to the list of big-endian architectures.
+Read-only.
+Use with
+.Ev NOT_FOR_ARCHS
+and
+.Ev ONLY_FOR_ARCHS .
+.It Ev BUILD_DEPENDS
+List of other ports the current port needs to build correctly.
+Each item has the form
+.Sq [pkgspec:]pkgpath[:target] .
+.Sq target
+defaults to
+.Sq install .
+The package installed must conform to the
+.Sq pkgspec ,
+which is by default obtained from the dependent
+.Sq pkgpath
+.Po
+see
+.Ev PKGSPEC
+.Pc .
+If no installation is involved, the infrastructure will still check
+that the directory would provide a package conforming to the
+.Sq pkgspec .
+.Sq pkgpath
+is set relative to ${PORTSDIR},
+see
+.Xr pkgpath 7
+for details.
+Build dependencies are checked before the
+.Cm extract
+stage during
+.Cm prepare .
+.Pp
+Build dependencies with a
+.Cm patch ,
+.Cm configure
+or
+.Cm build
+target will be processed in a subdirectory of the working directory,
+specifically, in ${WRKDIR}/some/directory,
+with
+.Pa some/directory
+the directory part of the
+.Sq pkgpath .
+.It Ev BUILD_ONCE
+User settings.
+Defaults to
+.Sq \&No .
+Set to
+.Sq Yes
+during bulk builds.
+.Pp
+When
+.Ev BUILD_ONCE
+is set to
+.Sq Yes ,
+all
+.Ev PSEUDO_FLAVORS
+matching
+.Sq no_*
+will be disabled, unless the special pseudo-flavor
+.Sq bootstrap
+is also set.
+.Pp
+This is a bulk build optimisation, automatically set by
+.Xr dpb 1 :
+to avoid rebuilding the same package several times, a full bulk build will
+strip most ports of pseudo-packages variations that remove subpackages.
+.Pp
+For instance, an individual package may depend on
+.Pa databases/db/v4,no_java,no_tcl ,
+to avoid bringing a jdk in during a quick build.
+Nevertheless, during a full bulk build,
+.Pa databases/db/v4
+will only be built once, as the pseudo-flavor will be automatically removed.
+.Pp
+However, the extra
+.Sq bootstrap
+rule is needed to take build cycles into account.
+For instance, the
+.Pa x11/gnome/gvfs,-goa
+subpackage depends on gnome-online-accounts, which in turn requires
+.Pa x11/gnome/gvfs,-main
+to build (through its dependencies).
+So
+.Pa x11/gnome/gvfs
+has
+.Li PSEUDO_FLAVORS = no_smb no_goa bootstrap
+and the GNOME build first builds
+.Pa x11/gnome/gvfs,no_smb,no_goa,bootstrap,-main
+which is later used to rebuild
+.Pa x11/gnome/gvfs .
+.It Ev BUILD_PKGPATH
+Full
+.Xr pkgpath 7
+to the current port, taking flavors and pseudo-flavors
+into account.
+See also
+.Ev BASE_PKGPATH ,
+which doesn't include pseudo-flavors.
+Mostly useful to write dependencies for subpackages like this:
+.Li "LIB_DEPENDS-foo=${BUILD_PKGPATH}"
+and avoid starting to build a package with some other flavor combination.
+See
+.Xr pkgpath 7
+on the subject of
+.Sq pkgpath normalisation .
+Read-only.
+.It Ev BUILD_PACKAGES
+The actual list of packages that will be built, once architecture problems
+and pseudo-flavors have been taken into account.
+See
+.Sx FLAVORS AND MULTI_PACKAGES .
+.It Ev BROKEN
+Define only for broken ports, set to reason the port is broken.
+See also
+.Ev NO_IGNORE ,
+.Ev TRY_BROKEN .
+.It Ev BUILD_UNLINKED
+User settings.
+List of tags that shouldn't be
+.Ev IGNORE Ns d
+even though the ports are currently
+.Ev UNLINKED .
+.It Ev BUILD_USER
+User to switch to when using
+.Ev PORTS_PRIVSEP ,
+defaults to
+.Sq _pbuild .
+.It Ev BROKEN-<arch>
+Define only for ports broken on a given architecture.
+Distinct from
+.Ev ONLY_FOR_ARCHS
+and
+.Ev NOT_FOR_ARCHS ,
+which are used to mark ports for which support for some architectures
+does not exist at all, or is completely obsolete.
+.It Ev BSD_INSTALL_{PROGRAM,SCRIPT,DATA,MAN}[_DIR]
+Macros passed to make and configure invocations.
+Set based on corresponding INSTALL_* variables.
+.It Ev BULK
+User settings.
+If set to
+.Sq Yes ,
+all successful package builds and installations will clean
+their working directories, after invoking
+any targets mentioned in BULK_TARGETS,
+and commands mentioned in BULK_DO.
+Can be set on a per-${PKGPATH} basis.
+For instance, setting BULK_misc/screen=No
+will override any BULK=Yes passed on the command line.
+If set to
+.Sq Auto ,
+it will apply to dependencies, but not to the current port itself.
+See
+.Ev BULK_COOKIES_DIR .
+Defaults to
+.Sq Auto .
+.It Ev BULK_COOKIES_DIR
+User settings.
+Used to store cookies for successful bulk-package builds, defaults to
+.Pa ${PORTSDIR}/bulk/${MACHINE_ARCH} .
+.It Ev BULK_DO
+Commands to run after each bulk package build before cleaning up the
+working directory.
+Empty defaults.
+Can be set on a per-${PKGPATH} basis, e.g.,
+BULK_DO_${PKGPATH}=...
+.It Ev BULK_FLAGS
+Flags to pass to build each target in
+.Ev BULK_TARGETS .
+.It Ev BULK_TARGETS
+Targets to run after each bulk package build before cleaning up the
+working directory.
+Empty defaults.
+Can be set on a per-${PKGPATH} basis, e.g.,
+BULK_TARGETS_${PKGPATH}=...
+.It Ev BZIP2
+Name of the bzip2 binary.
+.It Ev CATEGORIES
+List of descriptive categories into which this port falls.
+Mandatory.
+One entry must match the current pkgpath:
+.Pa devel/gmake
+must belong to the
+.Sq devel
+category.
+.It Ev CCACHE_DIR
+Sets the cache directory used when
+.Ev USE_CCACHE
+is set to yes.
+Defaults to ${WRKOBJDIR}/.ccache.
+.It Ev CCACHE_ENV
+Sets additional environment variables when
+.Ev USE_CCACHE
+is set to yes.
+For instance, to enable verbose logging, set
+CCACHE_ENV="CCACHE_LOGFILE=/tmp/ccache.log"
+.It Ev CDIAGFLAGS
+Flags appended to
+.Ev CFLAGS
+if
+.Ev WARNINGS
+is set.
+.It Ev CFLAGS
+Default flags passed to the compiler for building.
+Many ports ignore it.
+See also
+.Ev COPTS ,
+.Ev CDIAGFLAGS .
+.It Ev CFLAGS_${CHOSEN_COMPILER}
+Additional flags that will be appended to
+.Ev CFLAGS
+depending on the value of
+.Ev CHOSEN_COMPILER .
+Common usage pattern:
+.Bd -literal -offset indent
+CFLAGS_base-clang =      -Wno-error=unused-but-set-variable
+.Ed
+.Pp
+See also
+.Ev COMPILER , COMPILER_LANGS
+and
+.Ev CHOSEN_COMPILER .
+.It Ev CHECK_LIB_DEPENDS
+User settings.
+If set to
+.Sq Yes ,
+every package build will verify that shared libraries are correctly
+registered.
+This is essentially the same as running
+.Ql make lib-depends-check
+after each package build.
+Defaults to
+.Sq \&No ,
+as this can be a big performance hit, and also because
+.Ev lib-depends-check
+doesn't know about library subdirectories or dynamic loading through
+.Xr dlopen 3 .
+.It Ev CHECK_LIB_DEPENDS_ARGS
+List of extra arguments for
+.Xr check-lib-depends 1 .
+.It Ev CHECKSUMFILES
+List of all files that need to be retrieved by
+.Cm fetch ,
+with
+.Ev DIST_SUBDIR
+prepended and with the master site selection extension removed.
+Read-only.
+See also
+.Ev MAKESUMFILES .
+.It Ev CHECKSUM_FILE
+Location for this port's checksums, used by
+.Cm checksum ,
+.Cm makesum ,
+and
+.Xr dpb 1 .
+Defaults to
+.Pa distinfo .
+.It Ev CHECKSUM_PACKAGES
+User settings.
+Choose whether or not to checksum packages while building.
+Deposits result in
+.Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/cksums/${FULLPKGNAME}.sha256 .
+Can be set to
+.Sq Yes
+to compute a checksum for all packages,
+or to
+.Sq ftp
+to compute it only for
+.Ev PERMIT_PACKAGE
+packages.
+Defaults to
+.Sq no ,
+which does not compute a checksum at all.
+.It Ev CHOSEN_COMPILER
+Read-only.
+Compiler suite chosen by the
+.Ev COMPILER
+mechanism.
+Set to
+.Sq irrelevant
+to disable
+.Ev COMPILER .
+.It Ev CLEANDEPENDS
+If set to
+.Sq Yes ,
+the
+.Cm clean
+target will also clean dependencies.
+Can be overridden on a per-${PKGPATH} basis,
+by setting CLEANDEPENDS_${PKGPATH}.
+.It Ev COMMENT
+Short (no more than 60 characters) description of the port, used for
+the package and the INDEX.
+It should not start with an uppercase letter unless semantically
+significant.
+.It Ev COMMENT-foo
+Same as COMMENT but used for sub package -foo in a multi-package setup.
+.It Ev COMMENT-vanilla
+Same as COMMENT but used for a flavored package, if the non-flavored comment
+is inappropriate.
+.It Ev COMMENT-foo-vanilla
+Same as COMMENT but used for a sub-, flavored package.
+.It Ev COMES_WITH
+The first release where the port was made part of the standard
+distribution.
+If the current
+.Ox
+version is >= this version then a notice
+will be displayed instead of the port being built.
+.It Ev COMPILER
+Select preferred compiler.
+First element in the list that matches will be chosen.
+.Bl -tag -width ports-gccxx
+.It base-gcc
+gcc 4.2 compiler from base
+.It base-clang
+clang compiler from base
+.It ports-gcc
+gcc 8 compiler from ports
+(heeds
+.Ev MODGCC4_ARCHS
+from the module)
+.It ports-clang
+clang compiler from ports
+(heeds
+.Ev MODCLANG_ARCHS
+from the module)
+.El
+.Pp
+The first compiler that matches criteria will be chosen.
+On clang-based architectures
+.Sq base-gcc
+never matches.
+.Pp
+Defaults to base compilers, e.g.,
+.Sq base-clang base-gcc .
+.Pp
+Common reasons for explicitly setting
+.Ev COMPILER
+will most often be C++11 support, thread-local-storage support (emulated),
+atomic operations on some arches, sometimes assembler support, ABI
+compatibility with dependent/depending ports, or plain old internal compiler
+errors.
+.Pp
+With
+.Ev COMPILER
+in effect,
+.Ev MODGCC4_ARCHS
+and
+.Ev MODCLANG_ARCHS
+default to
+.Sq ${GCC49_ARCHS}
+and
+.Sq ${LLVM_ARCHS}
+respectively.
+.Pp
+.Ev ONLY_FOR_ARCHS
+will also be set if applicable.
+.It Ev COMPILER_LANGS
+The value of
+.Ev COMPILER_LANGS
+will be added to the respective module's supported langs.
+Defaults to
+.Sq c c++ .
+Only
+.Sq c
+and
+.Sq c++
+are supported by this mechanism.
+.Sq fortran
+or
+.Sq java
+still need old modules annotations, so that it's possible
+to select, e.g.,
+.Sq gfortran
+from gcc 8 while having clang from base.
+See also
+.Ev CHOSEN_COMPILER .
+.It Ev COMPILER_LINKS
+Used by
+.Nm
+and compiler
+.Ev MODULES
+to build scripts in
+.Pa ${WRKDIR}/bin
+to force setting compiler flags
+.Po
+.Fl B
+is required for clang to find
+.Pa ${WRKDIR}/bin/ld
+as used by
+.Ev USE_WXNEEDED
+.Pc
+and call
+.Ev COMPILER_WRAPPER
+if used.
+.It Ev COMPILER_WRAPPER
+External program used to "wrap" compilers.
+Populated automatically by
+.Ev USE_CCACHE
+or can be set explicitly for other purposes (e.g. distcc).
+.It Ev CONFIG_SITE_LIST
+Used when
+.Li CONFIGURE_STYLE=gnu ,
+or with
+.Li MODULES += gnu .
+List of
+.Pa config.site
+fragments that will speed up gnu-configure, and prevent it from
+preferring various gnu programs, unless
+.Ev BUILD_DEPENDS
+explicitly ask for them.
+Read-only, available for debugging purposes.
+.It Ev CLANG_ARCHS, GCC4_ARCHS
+List of architectures using Clang or GCC 4.2.1 as the base compiler.
+Read-only.
+Use with
+.Ev NOT_FOR_ARCHS
+or
+.Ev ONLY_FOR_ARCHS
+to limit ports to architectures where they compile.
+.It Ev CONFIGURE_ARGS
+Arguments to pass to configure script.
+Defaults are empty, except for
+GNU-style configure, where prefix and sysconfdir are set.
+.It Ev CONFIGURE_ENV
+Basic environment passed to configure script (path and libtool setup).
+GNU-style configure adds a lot more variables.
+.It Ev CONFIGURE_SCRIPT
+Set to name of script invoked by the
+.Cm configure
+target, if appropriate.
+Should be either an absolute path, or relative to ${WRKSRC}.
+.It Ev CONFIGURE_STYLE
+Set to style of configuration that needs to happen.
+.Pp
+If
+.Sq perl ,
+assume
+.Xr perl 1 Ns 's
+.Xr ExtUtils::MakeMaker 3p
+style.
+Add
+.Sq modbuild
+to enable
+.Xr Module::Build 3p ,
+.Sq modbuild tiny
+to enable
+.Xr Module::Build::Tiny 3p ,
+or
+.Sq modinst
+for
+.Xr Module::Install 3p
+style.
+.Pp
+If
+.Sq gnu ,
+.Sq autoconf ,
+or
+.Sq autoreconf ,
+assume
+GNU configure style.
+Add
+.Sq dest
+if port does not handle DESTDIR correctly, and needs to be configured to
+add DESTDIR to prefixes
+.Po
+see also
+.Ev DESTDIRNAME
+.Pc .
+Add
+.Sq old
+if port is an older autoconf port that does not recognize --sysconfdir.
+Use
+.Sq autoconf
+if autoconf needs to be rerun first,
+but set
+.Sq no-autoheader
+to prevent autoheader from running.
+Alternatively, use
+.Sq autoreconf
+to rerun autoconf, automake, and related tools to completely regenerate
+the GNU build framework.
+.Pp
+If
+.Sq imake ,
+assume port configures using X11 ports Imakefile framework.
+Add
+.Sq noman
+if port has no man pages the Imakefile should try installing.
+.Pp
+If
+.Sq simple ,
+there is a configure script, but it does not fit the normal GNU configure
+conventions.
+.Pp
+Extensions may be defined by specific MODULES.
+See
+.Xr port-modules 5
+for details.
+.It Ev COPTS
+User settings.
+Supplementary options appended to ${CFLAGS} for building.
+Since most ports ignore the COPTS convention, they are actually told to use
+${CFLAGS} ${COPTS} as CFLAGS.
+.It Ev CXXDIAGFLAGS
+Flags appended to
+.Ev CXXFLAGS
+if
+.Ev WARNINGS
+is set.
+.It Ev CXXFLAGS
+Default flags passed to the C++ compiler for building.
+Many ports ignore it.
+.It Ev CXXFLAGS_${CHOSEN_COMPILER}
+Additional flags that will be appended to
+.Ev CXXFLAGS
+depending on the
+value of
+.Ev CHOSEN_COMPILER .
+See also
+.Ev COMPILER , COMPILER_LANGS
+and
+.Ev CHOSEN_COMPILER .
+.It Ev CXXOPTS
+User settings.
+Supplementary options appended to ${CXXFLAGS} for building.
+.It Ev DEBUG_CONFIGURE_ARGS
+Supplementary ${CONFIGURE_ARGS}
+for enabling the generation of debugging information.
+.It Ev DEBUG_PACKAGES
+List of ${SUBPACKAGES} for which debug packages should be built "on the side".
+Usually set as
+.Li DEBUG_PACKAGES=${BUILD_PACKAGES}
+for packages where debug information is desirable.
+Note the subpackages with
+.Li PKG_ARCH=*
+will automatically be stripped from that list.
+See
+.Sx THE DEBUG_PACKAGES INFRASTRUCTURE
+below for details.
+.It Ev DEBUGINFO_ARCHS
+List of archs for which debug information may be provided as extra packages.
+Normally only amd64 and aarch64, for performance reasons.
+.It Ev DESCR
+Location of description file for the package, defaults to
+.Pa ${PKGDIR}/DESCR
+(or
+.Pa ${PKGDIR}/DESCR${SUBPACKAGE}
+for multi-packages).
+.It Ev DESTDIR
+See
+.Ev DESTDIRNAME .
+.It Ev DESTDIRNAME
+Name of variable to set to ${WRKINST} while faking.
+Usually DESTDIR.
+To be used in the rare cases where a port heeds DESTDIR in a few
+directories and needs to be configured with
+.Sq gnu dest ,
+so that those few directories do not get in the way.
+.It Ev DIST_TUPLE
+List of distfile templates to use, each consisting of five entries:
+.Ar name account project tagname/commithash targetdir .
+The template
+.Ar name
+should be one of
+.Sq codeberg ,
+.Sq fdo ,
+.Sq github ,
+.Sq gitlab ,
+.Sq gnome ,
+.Sq kde ,
+or
+.Sq srht
+at the moment
+.Po see
+.Pa ${PORTSDIR}/infrastructure/db/dist-tuple.pattern ,
+additional
+.Ev TEMPLATE_DISTFILES.<name>
+and
+.Ev TEMPLATE_HOMEPAGE.<name>
+entries can be added as needed
+.Pc .
+The components are used to build
+.Ev SITES.name
+.Ev DISTFILES.name
+and (optionally)
+.Ev HOMEPAGE .
+.Pp
+At the end of
+.Cm post-extract ,
+the files are moved to
+.Pa ${WRKDIST}/<targetdir> .
+Using
+.Sq \&.
+for
+.Ar targetdir
+will disable the move.
+.It Ev DISTDIR
+User settings.
+Directory where all ports distribution files and patchfiles are stashed.
+Defaults to
+.Pa ${PORTSDIR}/distfiles .
+Override if distribution files are stored elsewhere.
+Always use
+.Ev FULLDISTDIR
+to refer to ports' distribution files location, as it takes an eventual
+.Ev DIST_SUBDIR
+into account.
+.It Ev DISTFILES*
+The main port's distribution files (the actual software source, except
+for binary-only ports).
+Will be retrieved from the corresponding SITES* (see
+.Cm fetch ) ,
+checksummed and extracted (see
+.Cm checksum ,
+.Cm extract ) .
+.Ev DISTFILES
+normally holds a list of files.
+.Pp
+Preferably, adding a suffix to
+.Ev DISTFILES ,
+will switch the site entry to the corresponding
+.Ev SITES
+variable, e.g.,
+.Bd -literal -offset indent
+DISTFILES.go = ...
+SITES.go = ...
+.Ed
+.Pp
+Each entry may optionally be of the form
+.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
+to deal with sites that only offer archives as weird urls, doing the transfer
+of
+.Ar url Ns Ar sufx
+into result file
+.Ar filename Ns Ar sufx .
+For instance, if
+.Bd -literal
+DISTFILES = minetest-{minetest/archive/}${V}${EXTRACT_SUFX}
+.Ed
+.Pp
+then
+.Cm fetch
+will retrieve from url
+.Sq minetest/archive/${V}${EXTRACT_SUFX}
+into
+.Sq minetest-${V}${EXTRACT_SUFX} .
+.Pp
+If ${DISTFILES*} varies depending on
+.Ev FLAVORS
+or architecture, use
+.Ev SUPDISTFILES*
+to ensure distfiles mirroring and
+.Cm makesum Ns 's
+proper operation.
+.Pp
+If no
+.Ev DISTFILES*
+is set and if
+.Ev SITES
+is not null, then
+.Ev DISTFILES
+will be set to
+.Pa ${DISTNAME}${EXTRACT_SUFX} .
+.It Ev DISTNAME
+Name used to identify the port.
+See
+.Ev DISTFILES*
+and
+.Ev PKGNAME .
+.It Ev DISTORIG
+Suffix used by
+.Cm distpatch
+to rename original files.
+Defaults to
+.Pa .bak.orig .
+Distinct from
+.Ev PATCHORIG
+to avoid confusing
+.Cm update-patches .
+.It Ev DIST_SUBDIR
+Optional subdirectory of ${DISTDIR} where the current port's distribution
+files and patchfiles will be located.
+See target
+.Cm fetch .
+.It Ev DPB
+Set by the Distributed Ports Builder to only get the information it needs
+from
+.Cm dump-vars .
+.It Ev DPB_LOCKNAME
+If set,
+.Xr dpb 1
+will use this instead of the default
+.Ev PKGPATH Ns - Ns
+derived name.
+This feature comes with large restrictions and shouldn't be used unless
+absolutely necessary.
+Specifically, it can allow
+.Nm dpb
+to build several flavors of the same port at the same time,
+but beware: under
+.Ev MULTI_PACKAGES
+and
+.Ev PSEUDO_FLAVORS
+conditions, if some of these packages are identical across flavors,
+this will not work.
+This also makes it harder to interact with locks if the names are not obvious.
+.It Ev DPB_PROPERTIES
+Annotations for the Distributed Ports Builder.
+See
+.Xr dpb 1
+for semantics.
+.It Ev DUMMY_PACKAGE
+If defined,
+.Nm
+will provide dummy values for variables mandatory for a minimally functional
+port.
+Used by the
+.Pa sqlports
+package and
+.Xr dpb 1
+to perform introspection and obtain
+.Nm Ns 's
+default values for variables without needing to access any specific port.
+.It Ev DWZ
+Command line invocation of
+.Xr dwz 1
+to shrink debug information while building debug packages.
+Defaults to
+.Sq dwz -L 100000000
+Can be set to
+.Sq \&:
+to not run
+.Xr dwz 1
+at all.
+See
+.Sx THE DEBUG_PACKAGES INFRASTRUCTURE
+for details.
+.It Ev ECHO_MSG
+User settings.
+Used to display
+.Sq ===> Configuring for foo
+and similar informative messages.
+Override to turn off, for instance.
+.It Ev ECHO_REORDER
+User settings.
+Set it to
+.Sq echo
+to see
+.Ev REORDER_DEPENDENCIES
+actions.
+Silent by default.
+.It Ev EDIT_PATCHES
+User settings.
+If set to
+.Sq \&No ,
+.Cm update-patches
+will not open changed files in an editor.
+.It Ev EPOCH
+Epoch number of the current package.
+Used when the port version is changed but the new version is not regarded by
+.Xr packages-specs 7
+as being newer.
+Once added, it cannot be removed or go backwards.
+Defaults to empty (no need for numbering changes), then
+numbering starts at 0.
+Gets automatically incorporated into
+.Ev FULLPKGNAME
+as
+.Sq v${EPOCH}
+to form a full package-name conforming to
+.Xr packages-specs 7 .
+.It Ev ERRORS
+List of errors found while parsing the port's Makefile.
+Display the errors before making any target, and if any error starts with
+.Qq Fatal : ,
+do not make anything.
+For instance:
+.Bd -literal -offset indent
+\&.if !defined(COMMENT)
+ERRORS+="Fatal: Missing comment"
+\&.endif
+.Ed
+Porter can add to
+.Ev ERRORS ,
+for instance to flag erroneous combinations of
+.Ev FLAVORS
+(but see
+.Ev ONLY_FOR_ARCHS
+.Ev NOT_FOR_ARCHS
+and
+.Ev BROKEN
+for other common issues).
+.Pp
+Note that setting fatal errors defeats all introspection mechanisms and breaks
+the
+.Pa sqlports
+package.
+.Pp
+Tip: if you need to debug a fatal error, you can always override
+.Ev ERRORS
+on the command line, e.g.,
+.Bd -literal -offset indent
+make ERRORS= show=<var>
+.Ed
+.It Ev EXTRACT_CASES
+The extraction stage runs a loop under
+.Pa ${WRKDIR}
+with
+.Ev archive
+(shell variable) set to each element of
+.Ev EXTRACT_ONLY
+in order, which is then processed by a case switch: ${EXTRACT_CASES}.
+.Pp
+.Nm
+detects extensions in ${CHECKSUMFILES}
+and automatically adds
+.Ev BUILD_DEPENDS
+and fragments to handle the following archives:
+.Pp
+.Bl -tag -width archivers/lzip/lunzip -offset indent -compact
+.It gzip
+tar.gz, tgz
+.It tar
+tar
+.It archivers/bzip2
+tar.bz2, tbz2, tbz
+.It archivers/xz
+tar.xz, tar.lzma, tar.lz
+.It archivers/unzip
+zip
+.It archivers/zstd
+tar.zst, tar.zstd
+.It converters/rpm2cpio
+rpm
+.El
+.Pp
+Other cases not supported directly in
+.Nm
+can be added, and existing cases can be overridden.
+For example the following snippet sets extra conversion flags to unzip,
+and adds support for rar:
+.Bd -literal
+	*.zip) ${UNZIP} -Laq ${FULLDISTDIR}/$$archive -d ${WRKDIR};; \\
+	*.rar) ${LOCALBASE}/bin/unrar x -idq ${DISTDIR}/$$archive;;
+.Ed
+.It Ev EXTRACT_ONLY
+Set to the list of distfiles to actually extract if some distfiles
+should not be extracted during the
+.Cm do-extract
+stage.
+Defaults to ${ALL_DISTFILES}, can even be set to empty.
+.It Ev EXTRACT_SUFX
+Used to set
+.Ev DISTFILES
+default value to ${DISTNAME}${EXTRACT_SUFX}.
+Default value is
+.Pa .tar.gz .
+.Pp
+Note that
+.Ev DISTFILES
+will only be set in the absence of
+.Ev DISTFILES.sufx
+as well, or if
+.Ev SITES
+is not empty.
+.It Ev EXTRACT_SUFX.<name>
+The
+.Ev EXTRACT_SUFX
+value for a template defined through
+.Ev DIST_TUPLE .
+.It Ev EXTRACT_FILES
+Set to the list of files to actually extract from distfiles.
+Its content is subject to shell evaluation as part of
+.Ev EXTRACT_CASES
+and passed as
+.Ar file ...
+argument to
+.Xr tar 1
+or
+.Xr unzip 1 ,
+e.g.,
+.Xr glob 7
+patterns and shell brace expansion may be used.
+Empty by default to extract all files.
+.It Ev FAKE_FLAGS
+Extra flags passed to ${MAKE_PROGRAM} during the
+fake invocation.
+Empty by default.
+Also see
+.Ev ALL_FAKE_FLAGS .
+.It Ev FAKE_SETUP
+List of environment values normally set during fake invocations.
+Exposed so that modules may provide their own
+.Cm do-install .
+Read-only,
+see
+.Sx THE FAKE FRAMEWORK
+section for details.
+.It Ev FAKE_TARGET
+Target built by ${MAKE_PROGRAM} on fake invocation.
+Defaults to ${INSTALL_TARGET}.
+.It Ev FAKEOBJDIR
+User settings.
+If non empty, used as a base for the fake staging area.
+The real fake directory ${WRKINST} is created there.
+Can be set on a per-${PKGPATH} basis.
+For instance, setting FAKEOBJDIR_www/mozilla-firefox=/tmp/obj
+will affect only the mozilla-firefox port.
+.It Ev FETCH_CMD
+User settings.
+Command used to fetch distribution files for this port.
+Defaults to
+.Xr ftp 1 .
+Can be used to go through excessively paranoid firewalls.
+Note that
+.Ev FETCH_CMD
+should support a few ftp options, chief among them
+being
+.Fl C
+and
+.Fl o Ar dest ,
+but also
+.Fl m ,
+.Fl S ,
+.Fl v ,
+.Fl V .
+Most of these can be no-ops in a FETCH_CMD script,
+See
+.Pa ${PORTSDIR}/infrastructure/template/fetch_cmd.template
+for a skeleton script.
+.It Ev FETCH_MANUALLY
+Some ports' distfiles cannot be fetched automatically for licensing reasons.
+In this case, set
+.Ev FETCH_MANUALLY
+to a list of strings that will be displayed, one per line, e.g.,
+.Bd -literal
+FETCH_MANUALLY= "You must fetch foo-1.0.tgz"
+FETCH_MANUALLY+="from http://www.fubar.com/ manually,"
+FETCH_MANUALLY+="after reading and agreeing to the license."
+.Ed
+Behaves like
+.Ev IS_INTERACTIVE
+if some distribution files are missing.
+.It Ev FETCH_PACKAGES
+User settings, defaults to
+.Sq \&No .
+Set to
+.Xr pkg_add 1
+options.
+Instruct the
+.Cm package
+target to download packages missing from the repository from locations in
+${PKG_PATH} and place them into
+.Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/cache/ ,
+only building them if no suitable packages are found.
+For instance,
+.Bd -literal -offset indent
+make FETCH_PACKAGES=
+.Ed
+.Pp
+to use without any options, or
+.Bd -literal -offset indent
+make FETCH_PACKAGES=-Dsnap
+.Ed
+.Pp
+to use close to release.
+.It Ev FILESDIR
+Location of other files related to the current port.
+Default: files.
+.It Ev FETCH_USER
+User to use to fetch distfiles when using
+.Ev PORTS_PRIVSEP ,
+defaults to
+.Sq _pfetch .
+.It Ev FIX_CLEANUP_PERMISSIONS
+If
+.Sq Yes ,
+restore read, write and directory search permissions for the build user on
+.Pa ${WRKDIR}
+before running
+.Cm clean .
+Used for build systems which set paranoid permissions at build time.
+Defaults to
+.Sq \&No .
+.It Ev FIX_CRLF_FILES
+Name(s) of files with line endings to correct at the end of
+.Cm distpatch .
+Sometimes a port will include files with MS-DOS line endings (CR LF).
+To avoid problems with patches (especially when sent by email)
+these should be converted to LF.
+.Nm
+changes to WRKDIST before converting files - shell wildcards may be used.
+.It Ev FIX_EXTRACT_PERMISSIONS
+If
+.Sq Yes ,
+restore contents of
+.Pa ${WRKDIR}
+to world-readable at the end of
+.Cm extract .
+Used for some distfile contents which have paranoid permissions for no reason.
+Defaults to
+.Sq \&No .
+.It Ev FLAVOR
+The port's current options.
+Set by the user, and tested by the port to activate wanted functionalities.
+.It Ev FLAVORS
+List of all flavors keywords a port may match.
+Used to sort
+.Ev FLAVOR
+into a canonical order to build the package name,
+or to select the packing-list, and as a quick validity check.
+See also
+.Ev PSEUDO_FLAVORS .
+.It Ev FLAVOR_EXT
+Canonical list of flavors being set for the current build, dash-separated.
+See
+.Ev FULLPKGNAME .
+.It Ev FORCE_UPDATE
+User settings.
+If set to
+.Sq Yes ,
+the
+.Cm update
+target will always update an installed package,
+as soon as its signature differs,
+and all dependencies that install packages will
+also force an update.
+If set to
+.Sq hard ,
+the
+.Cm update
+target will also update installed packages even when the signature
+did not change.
+.It Ev FULLDISTDIR
+Complete path to directory where ${DISTFILES*} ${SUPDISTFILES*} and
+${PATCHFILES*} will be located, to be used in hand-crafted extraction targets.
+Read-only.
+.It Ev FULLPKGNAME
+Full name of the created package, taking flavors into account.
+Defaults to ${PKGNAME}${FLAVOR_EXT}.
+See also
+.Ev EPOCH
+and
+.Ev REVISION .
+.It Ev FULLPKGPATH
+Path to the current port's directory, relative to ${PORTSDIR},
+including flavors and subpackages.
+See
+.Xr pkgpath 7 .
+.It Ev GH_*
+Simple support for GitHub-hosted projects.
+Leave empty for non hosted projects.
+Yields a suitable default for
+.Ev SITES_GITHUB
+and
+.Ev DISTNAME .
+.Pp
+Use
+.Ev DIST_TUPLE
+for more complicated situations.
+.It Ev GH_ACCOUNT
+Account name of the GitHub user hosting the project.
+.It Ev GH_COMMIT
+SHA1 commit id to fetch.
+It is an error to specify ${GH_COMMIT} when ${GH_TAGNAME} is specified.
+.It Ev GH_DISTFILE
+Set by
+.Nm
+to the generated name of the distribution file.
+This can be useful for ports listing multiple
+.Ev DISTFILES* .
+.It Ev GH_PROJECT
+Name of the project on GitHub.
+.It Ev GH_TAGNAME
+Name of the tag to download.
+Setting ${GH_TAGNAME} to master is invalid
+and will throw an error.
+${WRKDIST} is auto-generated based on the
+${GH_TAGNAME} if specified, otherwise ${GH_COMMIT} will be used to generate
+${WRKDIST}.
+.It Ev GMAKE
+Location of the GNU make binary, if needed.
+Defaults to gmake.
+.It Ev HOMEPAGE
+URL to the homepage of the software, if applicable.
+.It Ev IGNORE
+For ignored ports, set to the reasons for which the port is ignored.
+If non-empty, most common targets that do something (e.g.,
+.Cm fetch ,
+.Cm build ,
+.Cm install No ... )
+will be ignored.
+See also
+.Ev BATCH ,
+.Ev BUILD_UNLINKED ,
+.Ev BROKEN ,
+.Ev FETCH_MANUALLY ,
+.Ev IGNORE_IS_FATAL ,
+.Ev IGNORE_SILENT ,
+.Ev INTERACTIVE ,
+.Ev IS_INTERACTIVE ,
+.Ev NOT_FOR_ARCHS ,
+.Ev NO_IGNORE ,
+.Ev ONLY_FOR_ARCHS ,
+.Ev UNLINKED .
+.It Ev IGNORE_IS_FATAL
+User settings.
+If set to
+.Sq Yes ,
+ignored ports will become fatal errors.
+.It Ev IGNORE_SILENT
+User settings.
+If set to
+.Sq Yes ,
+do not print anything when ignoring a port.
+.It Ev INSTALL_DEBUG_PACKAGES
+User settings.
+Defaults to
+.Sq \&No .
+If
+.Sq Yes ,
+install available debug packages during all install/update targets.
+.It Ev INSTALL_{PROGRAM,SCRIPT,DATA,MAN}[_DIR]
+Macros to use to install a program, a script, data, or a man page (or the
+corresponding directory), respectively.
+.It Ev INSTALL_TARGET
+Target invoked to install the software, during fake installation.
+Default is
+.Sq install .
+.It Ev INTERACTIVE
+User settings.
+Set to
+.Sq Yes
+to skip all non-interactive ports.
+Used in conjunction with
+.Ev BATCH
+to simplify bulk-package builds.
+.It Ev IS_INTERACTIVE
+Set to
+.Sq Yes
+if port needs human interaction to build.
+.Pp
+Note that
+.Ev IS_INTERACTIVE
+ports won't be built as official packages,
+so avoid at all cost.
+.Pp
+Human intervention should be moved to binary package
+installation and/or post-installation configuration instead.
+.Pp
+Discrete Yes/No choices are better modelled as
+.Ev FLAVORS .
+.It Ev LE_ARCHS
+Set to the list of little-endian architectures.
+Read-only.
+Use with
+.Ev NOT_FOR_ARCHS
+and
+.Ev ONLY_FOR_ARCHS .
+.It Ev LIB_DEPENDS
+List of packages used by a port for its library dependencies.
+Each item has the form
+.Sq [pkgspec:]pkgpath .
+Similar to
+.Ev BUILD_DEPENDS
+and
+.Ev RUN_DEPENDS ,
+but with specific rules:
+.Ev LIB_DEPENDS
+always turn into
+.Ev BUILD_DEPENDS
+.Po
+but see
+.Sx FLAVORS AND MULTI PACKAGES
+.Pc .
+.Pp
+.Ev LIB_DEPENDS
+is also used as a run-time dependency, and recorded in the package as
+such, if any of the libraries mentioned in
+.Ev WANTLIB
+is a shared library that originates within the dependent port.
+.Pp
+See
+.Xr library-specs 7
+for more details.
+.It Ev lib_depends_args
+Controls the behavior of
+.Xr pkg_create 1
+related targets, see
+.Cm print-package-args
+for details.
+.It Ev LIBCXX
+List of standard C++ libraries for the base compiler.
+Read-only.
+Use in
+.Ev WANTLIB .
+.It Ev LIBTOOL
+Location of the libtool binary.
+Default:
+.Pa /usr/bin/libtool .
+.It Ev LIBTOOL_FLAGS
+Arguments to pass to libtool.
+If USE_LIBTOOL is set, the environment variable LIBTOOL is set
+to ${LIBTOOL} ${LIBTOOL_FLAGS}.
+.It Ev LLD_EMUL
+As
+.Xr ld.lld 1
+does not have a default emulation mode,
+if it is the linker in-use,
+.Ev LLD_EMUL
+defaults to the correct option to set the emulation mode;
+Otherwise, it stays empty.
+Read-only.
+Seldom used, as it is only needed to link binary data without using the
+compiler.
+.It Ev LLVM_ARCHS
+Set to the list of architectures where LLVM/Clang could be used,
+e.g., via
+.Sq lang/clang
+port module, see
+.Xr port-modules 5 .
+Read-only.
+Use with
+.Ev NOT_FOR_ARCHS
+or
+.Ev ONLY_FOR_ARCHS .
+.It Ev LOCALBASE
+where other ports have already been installed.
+Default:
+.Pa /usr/local .
+.It Ev LOCALSTATEDIR
+Location for this port's state directory, should always be derived
+from
+.Ev BASELOCALSTATEDIR ,
+which defaults to
+.Pa /var .
+Passed to gnu configure scripts.
+.It Ev LOCKDIR
+User settings.
+Defaults to
+.Pa ${WRKOBJDIR}/locks .
+If set, points to a local directory common for all instances of
+concurrent ports builds.
+.It Ev LOCK_CMD
+User settings.
+Expands to a command that will acquire a lock, namely
+.Xr portlock 1 .
+See also
+.Xr ports 7 .
+.It Ev LOCK_VERBOSE
+User settings.
+Defaults to
+.Sq \&No .
+Set to
+.Sq Yes
+to show every acquire/release lock operation.
+.It Ev LP64_ARCHS
+Set to the list of 64-bit architectures.
+Read-only.
+Use with
+.Ev NOT_FOR_ARCHS .
+.It Ev MAINTAINER
+Email address with full name of the port's maintainer.
+Defaults to
+.Mt ports@openbsd.org .
+.It Ev MAKE_ENV
+Environment variables passed to make invocations and tests.
+Sets at least PATH, PREFIX, LOCALBASE, X11BASE, CFLAGS, TRUEPREFIX, DESTDIR,
+and the BSD_INSTALL_* macros.
+.It Ev MAKE_FLAGS
+Flags used for all make invocations, except for the
+.Cm fake
+stage, which adds
+.Ev FAKE_FLAGS
+(see
+.Ev ALL_FAKE_FLAGS )
+and for the
+.Cm test
+stage, which adds
+.Ev TEST_FLAGS
+(see
+.Ev ALL_TEST_FLAGS ) .
+.It Ev MAKE_FILE
+Name of the Makefile used for ports building.
+Defaults to Makefile.
+Used after changing directory to ${WRKBUILD}.
+.It Ev MAKE_JOBS
+Number of jobs to use when building the port, normally passed to
+.Ev MAKE_PROGRAM
+through
+.Ev PARALLEL_MAKE_FLAGS .
+Mostly set automatically when
+.Ev DPB_PROPERTIES
+contains
+.Sq parallel .
+.Pp
+Note that
+.Xr make 1
+still has bugs that may prevent parallel build from working correctly!
+.It Ev MAKE_PROGRAM
+The make program that is used for building the port.
+Set to ${MAKE} or ${GMAKE} depending on USE_GMAKE.
+Read-only.
+.It Ev MAKEFILE_LIST
+Introspection variable, see
+.Xr make 1 .
+.It Ev MAKESUMFILES
+List of all files that need to be retrieved by
+.Cm fetch-all ,
+with
+.Ev DIST_SUBDIR
+prepended and with master site selection extension removed.
+Read-only.
+See also
+.Ev CHECKSUMFILES .
+.It Ev MESSAGE
+File recorded in the package and displayed during installation.
+Defaults to ${PKGDIR}/MESSAGE if this file exists.
+Leave empty if no message is needed.
+.It Ev MISSING_FILES
+When
+.Ev FETCH_MANUALLY
+is set,
+.Ev MISSING_FILES
+will contain the list of missing distfiles or patchfiles that need to
+be fetched manually.
+Read-only.
+.It Ev MODGNU_CONFIG_GUESS_DIRS
+If a port uses config.guess outside WRKSRC, the directories
+containing the other copies must be set here.
+.It Ev MODPERL_ADJ_FILES
+If any files have a Perl shebang line, which needs to be replaced
+with
+.Dq #!/usr/bin/perl ,
+list them in
+.Ev MODPERL_ADJ_FILES .
+File paths here should be relative to
+.Ev WRKSRC .
+These files are patched automatically at the end of
+.Cm pre-configure .
+.It Ev MODPERL_BIN_ADJ
+Shell fragment to patch the Perl interpreter path in executable scripts.
+Used by
+.Ev MODPERL_ADJ_FILES .
+.It Ev MODPERL_BUILD_TARGET
+Normal content of
+.Cm do-build
+when
+.Ev CONFIGURE_STYLE
+uses perl.
+Provided as a separate variable if a port wants to override
+.Cm do-build
+for its own reasons.
+.It Ev MODPERL_INSTALL_TARGET
+Likewise for
+.Cm do-install .
+.It Ev MODPERL_TEST_TARGET
+Likewise for
+.Cm do-test .
+.It Ev MODPERL_REGEN_PPPORT
+Normally, if ppport.h is present,
+it will be regenerated using a current version of
+.Xr Devel::PPPort 3p .
+Set to the filename under
+.Pa ${WRKSRC} ,
+or
+.Sq \&No
+to disable.
+Defaults to
+.Sq ppport.h .
+.It Ev MODULES
+External modules mechanism, documented separately.
+Modules such as
+.Sq imake
+and
+.Sq gnu
+are normally included automatically with the right
+.Ev CONFIGURE_STYLE .
+Note that it is possible to
+.Li CONFIGURE_STYLE = simple ,
+.Li MODULES += gnu
+to just get the effects of
+.Ev CONFIG_SITE
+and
+.Ev MODGNU_CONFIG_GUESS_DIRS
+along with the default
+.Ev TEST_TARGET ,
+in case the normal GNU configure script was wrapped in a separate script that
+takes different arguments.
+See
+.Xr port-modules 5 .
+.It Ev MULTI_PACKAGES
+Set to a list of subpackage extensions for ports that create multiple packages.
+See
+.Sx FLAVORS AND MULTI_PACKAGES
+below.
+Especially read the part about
+.Ev ONLY_FOR_ARCHS
+when some of the packages only exist for some architectures.
+.It Ev NO_ARCH
+Location for arch-independent packages.
+Defaults to
+.Sq no-arch .
+Normally, packages are generated under ${PACKAGE_REPOSITORY}/${MACHINE_ARCH},
+except for packages where PKG_ARCH=*, which end up under
+${PACKAGE_REPOSITORY}/${NO_ARCH}.
+.It Ev NOT_FOR_ARCHS
+List of architectures on which this port does not build.
+See also
+.Ev ONLY_FOR_ARCHS .
+.It Ev NO_BUILD
+Set to
+.Sq Yes
+if port does not need any build stage.
+.It Ev NO_CCACHE
+Set to
+.Sq Yes
+to prevent ccache from being used when building a certain port,
+even when
+.Ev USE_CCACHE
+is set.
+.It Ev NO_CHECKSUM
+Set to
+.Sq Yes
+by
+.Xr dpb 1
+to avoid
+.Cm checksum
+entirely,
+as
+.Xr dpb 1
+already deals with checksums internally.
+.It Ev NO_DEPENDS
+User settings.
+Don't verify build of dependencies.
+Do not use in any ports Makefile.
+This is only meant as a user convenience when, e.g., you just want to browse
+through a given port's source and do not wish to trigger the build of
+dependencies.
+.It Ev NO_IGNORE
+User settings.
+If set to
+.Sq Yes ,
+avoid ignoring a port for the usual reasons.
+Use, for instance, for fetching all distribution files, or for fixing a
+broken port.
+See also
+.Ev IGNORE
+and
+.Ev TRY_BROKEN .
+.It Ev NO_SCCACHE
+Set to
+.Sq Yes
+to prevent sccache from being used when building a certain port,
+even when
+.Ev USE_SCCACHE
+is set.
+.It Ev NO_TEST
+Port does not have any regression tests.
+Only set to
+.Sq Yes
+for ports with no regression test.
+It should be left alone for ports with empty regression tests, and for
+ports with failing tests.
+That way, if a subsequent update of a port acquires actual regression tests,
+they will be picked up automatically.
+.It Ev ONLY_FOR_ARCHS
+List of architectures on which this port builds.
+Can hold both processor-specific information (e.g., powerpc), and more
+specific model information (e.g., macppc).
+This is subpackage dependent.
+Read the corresponding part of
+.Sx FLAVORS AND MULTI_PACKAGES
+if some subpackages should only be built on some architectures.
+.It Ev OSREV
+Revision number of
+.Ox .
+Read-only.
+.It Ev PACKAGE_REPOSITORY
+User settings.
+Location for built packages.
+Defaults to
+.Pa ${PORTSDIR}/packages .
+See the
+.Cm package
+target for details.
+.It Ev PARALLEL_MAKE_FLAGS
+Used when
+.Ev DPB_PROPERTIES
+contains
+.Sq parallel .
+Flags to pass to
+.Ev MAKE_PROGRAM
+to yield a parallel build.
+Defaults to
+.Li -j${MAKE_JOBS} .
+Mostly set to empty by ports that use other mechanisms for setting the number
+of jobs.
+.It Ev PARALLEL_MAKE_JOBS
+User settings.
+Value of
+.Ev MAKE_JOBS
+to use when building manually a port with
+.Ev DPB_PROPERTIES
+containing
+.Sq parallel .
+Defaults to the number of online cpus.
+.It Ev PATCH
+Command to use to apply all patches.
+Defaults to
+.Pa /usr/bin/patch .
+.It Ev PATCHORIG
+Suffix used by
+.Cm patch
+to rename original files, and
+.Cm update-patches
+to re-generate
+.Pa ${PATCHDIR}/${PATCH_LIST}
+by looking for files using this suffix.
+Defaults to
+.Pa .orig.port .
+In the unlikely event that one of the ${DISTFILES*} already contains
+.Pa .orig.port
+files, set this to something else, such as
+.Pa .orig.obsdport .
+See also
+.Cm distpatch ,
+.Ev DISTORIG .
+.It Ev PATCH_CASES
+In the normal
+.Cm distpatch
+stage (when
+.Ev PATCHFILES*
+is not empty), this is the contents of a case statement, used to apply
+distribution patches.
+Fragments are automatically appended to handle gzip'ed, bzip'ed and lzip'ed
+patches, so that the default case is more or less equivalent to the following
+shell fragment:
+.Bd -literal
+set -e
+cd ${FULLDISTDIR}
+for patchfile in ${ALL_PATCHFILES}
+do
+    case $$patchfile in
+	*.bz2)
+	  ${BZIP2} -d <$$patchfile | ${PATCH} ${PATCH_DIST_ARGS};;
+	*.zst|*.zstd)
+	  zstdcat -c <$$patchfile | ${PATCH} ${PATCH_DIST_ARGS};;
+	*.Z|*.gz)
+	  ${GZIP_CMD} -d <$$patchfile | ${PATCH} ${PATCH_DIST_ARGS};;
+	*)
+	  ${PATCH} ${PATCH_DIST_ARGS} <$$patchfile;;
+    esac
+done
+.Ed
+.It Ev PATCHDIR
+Location for patches applied by the
+.Cm patch
+target.
+Default:
+.Pa patches .
+.It Ev PATCHFILES*
+Files to fetch from the master sites like
+.Ev DISTFILES* ,
+but serving a different purpose, as they hold distribution patches that
+will be applied at the
+.Cm patch
+stage.
+See also
+.Ev SUPDISTFILES* .
+.It Ev PATCH_ARGS
+Full list of options used while applying port's patches.
+.It Ev PATCH_CHECK_ONLY
+Set to
+.Sq Yes
+by the
+.Cm checkpatch
+target.
+Don't touch unless the default
+.Cm checkpatch
+target needs to be redefined.
+Ideally, user-defined patch subtargets ought to test checkpatch.
+In practice, they don't.
+.It Ev PATCH_DIST_ARGS
+Full list of options used while applying distribution patches.
+.It Ev PATCH_DIST_STRIP
+Patch option used to strip directory levels while applying distribution
+patches.
+Defaults to -p0.
+.It Ev PATCH_LIST
+Wildcard pattern of patches to select under ${PATCHDIR}.
+Defaults to patch-*.
+Note that filenames ending in .orig, or ~ are never applied.
+Note that
+.Ev PATCH_LIST
+can hold absolute pathnames, for instance to share patches among similar
+ports:
+.Bd -literal
+PATCH_LIST=${PORTSDIR}/x11/kde/libs2/patches/p-* patch-*
+.Ed
+.Pp
+But beware that minor variations will result in
+.Cm update-patches
+creating useless churn !
+.It Ev PATCH_QUIET
+User settings.
+If set to
+.Sq Yes ,
+.Ev PATCH
+will work quietly.
+.It Ev PATCH_STRIP
+Patch option used to strip directory levels while applying port's patches.
+Defaults to -p0.
+.It Ev PERMIT_DISTFILES , PERMIT_PACKAGE
+Set to
+.Sq Yes
+if the distribution files or the package can be allowed on FTP sites without
+legal issues.
+Set to reason not to otherwise.
+PERMIT_* lines in the Makefile should be preceded with a comment explaining
+details about licensing and patents issues the port may have.
+Porters must be very thorough in their checks.
+In case of doubt, ask.
+.Pp
+If
+.Ev PERMIT_PACKAGE
+is set to
+.Sq Yes ,
+.Ev PERMIT_DISTFILES
+will default to
+.Sq Yes .
+.It Ev PKG_ADD
+User settings.
+Path to
+.Xr pkg_add 1
+command, with possible options.
+.It Ev PKG_ARCH
+Comma-separated list of architectures on which this package may install.
+Defaults to ${MACHINE_ARCH},${ARCH}.
+.Pp
+For instance:
+.Ev MACHINE_ARCH Ns = Ns Ar powerpc ,
+.Ev ARCH Ns = Ns Ar macppc .
+.Pp
+Most (if not all packages) will install correctly according to
+.Ev MACHINE_ARCH .
+.Pp
+Use * for arch-independent packages
+.Po
+see also
+.Sx THE DEBUG_PACKAGES INFRASTRUCTURE
+.Pc .
+.It Ev PKG_ARGS
+Special arguments to pass to
+.Xr pkg_create 1 ,
+in addition to the default ones.
+.It Ev PKG_CREATE
+User settings.
+Path to
+.Xr pkg_create 1
+command, with possible options.
+.It Ev PKG_CREATE_NO_CHECKS
+Porters switch.
+Set to
+.Sq Yes
+to avoid checking the ports tree when solving
+.Ev WANTLIB
+.Po
+see
+.Cm wantlib-args
+.Pc .
+May result in bogus packages that mix
+.Cm @depends
+lines obtained from
+the ports tree with
+.Cm @wantlib
+lines that come from the installed system.
+Set to
+.Sq Warn
+to have the differences printed as a warning instead of an error
+.Po
+the default
+.Pc .
+.It Ev PKG_DBDIR
+User settings.
+Path to package installation records.
+Defaults to
+.Pa /var/db/pkg .
+.It Ev PKG_DELETE
+User settings.
+Path to
+.Xr pkg_delete 1
+command, with possible options.
+.It Ev PKG_INFO
+User settings.
+Path to
+.Xr pkg_info 1
+command, with possible options.
+.It Ev PKG_TMPDIR
+See
+.Xr pkg_add 1 .
+Normally points to
+.Pa /var/tmp ,
+as per default.
+.It Ev PORTHOME
+Setting of env variable
+.Ev HOME
+for most shell invocations.
+Default will trip ports that try to write into $HOME while building:
+non-existent
+.Pa /${PKGPATH}_writes_to_HOME/ .
+.It Ev PORTPATH
+Path used by most shell invocations.
+Don't override unless really needed.
+.It Ev PORTSDIR
+Root of the ports tree (default:
+.Pa /usr/ports ) .
+.It Ev PORTSDIR_PATH
+Path used by dependencies and
+.Pa bsd.port.subdir.mk
+to look up package specifications.
+Defaults to
+.Pa ${PORTSDIR}:${PORTSDIR}/mystuff .
+.It Ev PORTS_PRIVSEP
+If set to
+.Sq Yes ,
+will build ports as
+.Ev BUILD_USER
+and fetch distfiles
+as
+.Ev FETCH_USER .
+.Pp
+To work fully, this does require the ports tree
+to be world-readable, and
+.Pa ${WRKDIR}
+to be world-readable as well
+.Po
+.Cm update-patches
+and friends won't work otherwise
+.Pc .
+.Pp
+Meant to use in concert with
+.Xr dpb 1 ,
+which uses the same permissions
+.Po
+see
+.Sq THE SECURITY MODEL OF DPB
+in
+.Xr dpb 1
+.Pc .
+.Pp
+Basically,
+.Ev BUILD_USER
+must be able to write into
+.Pa ${WRKOBJDIR} , ${PACKAGE_REPOSITORY} , ${PLIST_REPOSITORY}
+and
+.Ev FETCH_USER
+must be able to write into
+.Pa ${DISTDIR} .
+The directories and permissions can be set correctly using
+.Cm fix-permissions .
+.Pp
+The regular user must be allowed to execute commands as
+.Ev BUILD_USER
+and
+.Ev FETCH_USER .
+Running commands as another user can be achieved with
+.Xr doas 1
+by setting
+.Ev SUDO=doas
+in
+.Xr mk.conf 5
+and using the following minimal
+.Xr doas.conf 5 :
+.Bd -literal -offset indent
+permit keepenv nopass solene as _pbuild
+permit keepenv nopass solene as _pfetch
+.Ed
+.Pp
+It is reasonably safe to allow your user id to run commands as the
+.Ev BUILD_USER
+or
+.Ev FETCH_USER
+and using
+.Ic nopass
+for these can save a lot of password entry, however it is inadvisable
+to allow commands like
+.Xr pkg_add 1
+to run as root without a password.
+.Pp
+Note that this also means that
+.Xr doas 1
+must be configured to work within the chroot
+created by
+.Xr proot 1 .
+.Pp
+As
+.Xr dpb 1
+does its own privilege dropping when run as root,
+it will automatically override
+.Ev PORTS_PRIVSEP .
+.Pp
+User settings, defaults to
+.Sq \&No .
+.It Ev PKGDIR
+Location for packaging information (packing-list, port description, messages).
+.Cm update-plist
+may create it.
+Must be a valid directory.
+Default: pkg.
+.It Ev PKGFILE
+Full path to the created package for the given subpackage.
+Read-only.
+.It Ev PKGFILES
+Full path to all created packages.
+Read-only.
+.It Ev PKGNAME
+Name of the created package.
+Default is ${DISTNAME}.
+This does not take flavors into account.
+See
+.Ev FULLPKGNAME
+for that.
+Specific revisions and epoch changes should be
+handled by
+.Ev REVISION
+and
+.Ev EPOCH
+instead.
+.It Ev PKGNAMES
+Read-only.
+List of all package names generated by the port, with
+.Ev FLAVORS
+and
+.Ev BUILD_PACKAGES
+taken into account.
+Mostly used as
+.Ql make show=PKGNAMES
+to verify that bumped package names are correct.
+.It Ev PKGNAME-foo
+Package name for sub-package foo, if the default value
+of ${PKGNAME}${SUBPACKAGE} is not appropriate.
+.It Ev PKGPATH
+Path to the current port's directory, relative to ${PORTSDIR}.
+Read-only.
+.It Ev PKGPATHS
+Read-only.
+List of all package paths generated by the port, with
+.Ev FLAVORS
+and
+.Ev MULTI_PACKAGES
+taken into account.
+Order matches
+.Ev PKGNAMES
+exactly.
+.It Ev PKGSPEC
+Default package spec for using this port as a dependency.
+Defaults to
+.Sq stem-* ,
+derived from the
+.Ev FULLPKGNAME .
+Do not override without very good reasons,
+namely software that coexist as different incompatible versions with the
+same stem, e.g., already a mess.
+Also See the description of
+.Fl P
+in
+.Xr pkg_create 1
+.It Ev PKGSTEM
+Base for the package name without any version number.
+Used in
+.Pa READMEs
+file names and actual contents, can be overridden for ports
+with branches, like php, e.g.,
+.Li PKGSTEM-main = php-5.6
+.It Ev PLIST
+Location of package packing-list.
+Defaults to
+.Pa ${PKGDIR}/PLIST ,
+or to
+.Pa ${PKGDIR}/PLIST${SUBPACKAGE}
+for multi-packages.
+.It Ev PLIST_DB
+Deprecated, see
+.Ev PLIST_REPOSITORY .
+.It Ev PLIST_REPOSITORY
+User settings.
+Base directory used to save generated packing-lists, as persistent information.
+Packing-lists are processed by a script,
+.Xr register-plist 1 ,
+which complains when packing-lists change without a
+.Ev REVISION
+bump.
+It also knows enough about package version numbers when something in the
+package or its dependencies goes backward, thus catching
+.Ev EPOCH
+issues.
+This directory is never cleaned during normal operation.
+.Ql make clean=plist
+should only ever be used during debugging by port maintainers.
+Defaults to
+.Pa ${PORTSDIR}/plist
+.Po
+plists actually get saved into
+.Pa ${PLIST_REPOSITORY}/${MACHINE_ARCH}
+.Pc .
+If set to empty, will not register anything: very much unsafe.
+.It Ev PORTROACH
+Controls the behavior of
+.Pa misc/portroach
+as documented in detail at
+.Lk https://jasperla.github.io/portroach/docs/portroach-portconfig.txt
+.It Ev PREFIX
+Base directory for the current port installation.
+Usually ${LOCALBASE}, though some ports may elect a location under
+.Pa ${VARBASE} ,
+and some multi-package ports may install under several locations.
+Additionally, firmware files generally install under
+.Pa ${BASESYSCONFDIR} .
+.It Ev PREPARE_CHECK_ONLY
+Build settings.
+Prevent the
+.Cm prepare
+stage from installing anything, let it just check dependencies, and
+handle [:target] dependencies.
+Mostly used by
+.Xr dpb 1 ,
+which already installs everything before running
+.Cm prepare .
+.It Ev PROGRESS_METER
+User settings.
+Defaults to
+.Sq Yes .
+Forces commands like
+.Xr ftp 1
+and
+.Xr pkg_create 1
+to use their progress-meter even in the absence of a terminal.
+.It Ev PROPERTIES
+List of properties specific to a given machine architecture,
+obtained through the inclusion of
+.Xr bsd.port.arch.mk 5 .
+These can be checked like this
+.Bd -literal -offset indent
+\&.include <bsd.port.arch.mk>
+\&.if ${PROPERTIES:Mapm}
+# then add build options specific to apm arches
+\&...
+\&.if !${PROPERTIES:Mlp64}
+# build options specific to lp32 arches
+\&...
+.Ed
+For
+.Ev MULTI_PACKAGES
+setup, use of
+.Ev ONLY_FOR_ARCHS-sub
+and
+.Ev BUILD_PACKAGES
+is generally preferred (and simpler).
+Possible properties include
+.Bl -tag -width mono
+.It apm
+architecture possesses suspend (apm) support.
+.It be
+architecture is big-endian.
+.It gccN
+gccN architecture.
+.It le
+architecture is little-endian.
+.It lp64
+lp64 architecture.
+.It llvm
+there is
+.Pa lang/llvm
+support on this architecture.
+.It mono
+there is
+.Pa lang/mono
+support on this architecture.
+.El
+.It Ev PSEUDO_FLAVOR
+List of flavors in
+.Ev FLAVOR
+that are actually pseudo-flavors.
+Only for introspection purposes.
+Read-only.
+.It Ev PSEUDO_FLAVORS
+Extra list of flavors that do not register in package names, but are still
+used to control build logic, and work directory names.
+Its only use should be for disabling part of a multi-packages build,
+for instance:
+.Bd -literal
+FLAVOR=no_gnome make package
+.Ed
+.Pp
+Pseudo-flavors should be named as
+.Sq no_something
+to disable the build of subpackage
+.Sq -something
+.Po
+and possibly some others, by restricting
+.Ev BUILD_PACKAGES
+.Pc .
+Pseudo-flavors should always be handled through
+.Xr bsd.port.arch.mk 5 .
+A pseudo-flavor can remove several subpackages through the following
+construct.
+.Bd -literal -offset indent
+# pseudo-flavor no_gui will also remove gtk and gtk3
+MULTI_PACKAGES = -main -gtk -gtk3 -gui
+# ...
+\&.include <bsd.port.arch.mk>
+
+# remove extra build components
+\&.if !${BUILD_PACKAGES:M-gui}
+BUILD_PACKAGES := ${BUILD_PACKAGES:N-gtk:N-gtk3}
+\&.endif
+
+# normal configure setup, e.g.,
+\&.if ${BUILD_PACKAGES:M-gtk}
+# ...
+.Ed
+.Pp
+Caveat: creation of a separate working directory is mandatory for a
+pseudo-flavor.
+If, at a later time, a full build with all subpackages is required,
+all the work will need to be done again.
+.Pp
+See also
+.Ev BUILD_ONCE .
+.It Ev RANDOMIZE_SUBDIRS
+Actually lives in
+.Pa bsd.port.subdir.mk .
+Set to
+.Sq Yes
+to randomize tree traversal, as used by
+.Xr dpb 1 Ns 's Fl r
+option.
+Defaults to
+.Sq \&No Ns .
+.It Ev RCDIR
+Location for daemon startup scripts.
+Defaults to
+.Pa /etc/rc.d .
+Do not change.
+.It Ev REFETCH
+User settings.
+If set to true,
+.Cm checksum
+will analyze ${CHECKSUM_FILE}, and try retrieving files with the correct
+checksum off
+.Lk https://ftp.openbsd.org ,
+in the directory
+.Pa /pub/OpenBSD/distfiles/$cipher/$value/$file .
+.It Ev REGISTER_PLIST_OPTS
+User settings.
+User options added to
+.Xr register-plist 1 .
+.It Ev REORDER_DEPENDENCIES
+Points to a list of files that specify inter-dependencies for
+.Xr make 1 .
+If defined, each line of the file is either a comment (starting with #)
+or a pair of two files: most_recent older.
+At the end of
+.Cm post-patch ,
+.Xr touch 1
+will be used to ensure those files are put in the proper order.
+The files are assumed to be under
+.Pa ${WRKSRC} .
+The notation /file can be used to ask for a recursive search, e.g.,
+to make sure that all Makefile.in are up to date.
+See
+.Pa ${PORTSDIR}/infrastructure/mk/automake.dep
+for an example.
+.It Ev REPORT_PROBLEM
+See
+.Xr ports 7 .
+.It Ev REPORT_PROBLEM_LOGFILE
+See
+.Xr ports 7 .
+.It Ev REVISION
+Revision number of the current package.
+Defaults to empty (very first package), then
+numbering starts at 0.
+Gets automatically incorporated into
+.Ev FULLPKGNAME
+as
+.Sq p${REVISION}
+to form a full package-name conforming to
+.Xr packages-specs 7 .
+.It Ev ROACH_SITES
+Selects the correct list of sites corresponding to
+.Ev ROACH_URL ,
+in order to help portroach.
+.It Ev ROACH_URL
+The canonical url corresponding to the current port.
+Gets deduced from ${DISTFILES} by default, using the first value
+or the first entry in ${DISTFILES.sufx} if there's only one suffix.
+Conversion rules for
+.Ev DISTFILES
+are applied to yield only the url part of the distfile.
+Set manually if the automatic rules don't find the right one.
+.It Ev RUN_DEPENDS
+Specification of ports this port needs installed to be functional.
+Same format as
+.Ev LIB_DEPENDS .
+The corresponding packages will be built right before the
+.Cm install
+stage, and
+.Xr pkg_add 1
+will take care of installing them.
+.It Ev SCCACHE_DIR
+Sets the cache directory used when
+.Ev USE_SCCACHE
+is set to yes.
+Defaults to ${WRKOBJDIR}/.sccache.
+.It Ev SCCACHE_ENV
+Sets additional environment variables when
+.Ev USE_SCCACHE
+is set to yes.
+.It Ev SEPARATE_BUILD
+Many GNU configure ports can be built in a directory distinct from the
+place they were unpacked.
+For some specific ports, this is even mandatory.
+Set to
+.Sq yes
+if this is the case.
+The ports infrastructure will generate a separate ${WRKBUILD} directory
+in which the port will be configured and built.
+Wipe ${WRKBUILD} to start anew, but skipping the extract/patch stage.
+.It Ev SETENV
+Normally set to
+.Li /usr/bin/env -i .
+Prepended to every command invocation that requires a clean environment.
+Do not override.
+.It Ev SHARED_LIBS
+List of shared libraries that the port may build, as a list of the form
+.Sq libname
+.Sq libversion .
+Used to set variables of the form
+.Ev LIBlibname_VERSION
+that are then used for substitution by
+.Xr pkg_create 1 .
+The porter is responsible for making sure the port uses those version numbers
+when shared libraries are built.
+.Pp
+The intent is that the
+.Ox
+ports system must have control over shared library versions because of global
+changes that may require bumping the major version of every shared library in
+the system, or simply because the third party programmers do not understand
+the rules for shared library versions, thus breaking the update mechanism.
+For that reason it is advised to set libversion to 0.0 when first importing a
+port.
+.Pp
+Porters of software using libtool should make sure
+.Ev MAKE_FLAGS
+get propagated to the libtool invocations.
+.Pp
+Most common build systems in the ports tree have been modified
+to handle this mechanism correctly.
+.It Ev SITE_BACKUP
+User settings.
+List of sites to try after normal master sites.
+Normally includes ${SITE_OPENBSD} and ${SITE_FREEBSD}.
+.It Ev SITE_*
+Lists of standard sites to retrieve files from, refer to
+.Pa ${PORTSDIR}/infrastructure/db/network.conf
+for a complete list.
+.Pp
+Generally used with the standard
+.Xr make 1 Ns 's
+.Li ${VARIABLE:=subdir/}
+construct to append the relevant subdir at the end of each entry, e.g.,
+.Dl SITES = ${SITE_GNU:=cgicc/}
+.It Ev SITES
+List of primary locations from which distribution files and patchfiles are
+retrieved.
+See the
+.Cm fetch
+target for details.
+Defaults to ${SITES_GITHUB} for GitHub-hosted projects,
+see
+.Ev GH_* .
+See
+.Xr ports 7
+for user configuration.
+.It Ev SITES*
+List of alternate locations from which ${DISTFILES*}, ${PATCHFILES*},
+${SUPDISTFILES*} are retrieved.
+See
+.Cm fetch
+for details.
+Suffix should start with
+.Sq \&.
+and be all lowercase for consistency.
+.It Ev SKIPDIR
+See
+.Xr ports 7 .
+.It Ev STATIC_PLIST
+Normally set to
+.Sq yes .
+Can be set to no for ports that do not have a static plist.
+Do not change without a very good reason.
+Note that the only good reason to not have a static plist is for ports such
+as
+.Pa databases/ports-readmes
+which actually build a bunch of files depending on the current ports tree.
+This breaks all introspection mechanisms within the ports tree, including
+.Pa databases/pkglocatedb
+which will not include that port.
+.It Ev STARTAFTER
+See
+.Xr ports 7 .
+.It Ev STARTDIR
+See
+.Xr ports 7 .
+.It Ev SUBPACKAGE
+Set to the subpackage suffix when building a package in a multi-package port.
+Read-only.
+Used to test for dependencies or to adjust the package name.
+.It Ev SUBST_CMD
+A command that can be used to perform
+.Ev SUBST_VARS
+substitution on arbitrary files.
+In normal mode,
+.Pp
+.Dl ${SUBST_CMD} file1 file2 ...
+.Pp
+will substitute files in place, creating backup copies of them.
+In copy mode,
+.Pp
+.Dl ${SUBST_CMD} -c src1 dest1 src2 dest2
+.Pp
+will copy files over while performing the substitution, as suitable for
+copying template files over from
+.Pa ${FILESDIR}
+to
+.Pa ${PREFIX} ,
+for instance.
+This uses
+.Xr pkg_subst 1
+with suitable parameters.
+Read-only.
+.Pp
+${SUBST_CMD}
+can be used like
+.Xr install 1 :
+.Dl ${SUBST_CMD} Oo Fl g Ar group Oc Oo Fl o Ar owner Oc Oo Fl m Ar mode Oc file...
+to set file
+.Ar owner ,
+.Ar group
+and/or
+.Ar mode .
+.Pp
+Note that
+.Ev SUBST_CMD
+is not really appropriate when variables have subpackage variations, like
+.Ev PREFIX
+or
+.Ev FULLPKGNAME .
+Use the appropriate
+.Ev SUBST_CMD-sub
+instead.
+.It Ev SUBST_CMD-sub
+.Ev SUBST_CMD
+with subpackage-dependent semantics, like packing-list substitution.
+It will substitute the right variable depending on the desired subpackage,
+e.g.,
+.Ev SUBST_CMD-foo
+will substitute the value of
+.Ev FULLPKGNAME-foo
+for
+.Li ${FULLPKGNAME} .
+.It Ev SUBST_DATA , SUBST_MAN , SUBST_PROGRAM
+Specialized versions of
+.Ev SUBST_CMD
+that use
+.Fl c
+and appropriate owner/group/mode for data, manpages and programs respectively.
+.It Ev SUBST_VARS
+Make variables whose values get substituted to create the actual package
+information.
+Always holds
+.Ev ARCH ,
+.Ev BASE_PKGPATH ,
+.Ev FLAVOR_EXT ,
+.Ev FULLPKGNAME ,
+.Ev HOMEPAGE ,
+.Ev LOCALBASE ,
+.Ev MACHINE_ARCH ,
+.Ev MAINTAINER ,
+.Ev PREFIX ,
+.Ev PKGSTEM ,
+.Ev RCDIR ,
+.Ev SYSCONFDIR ,
+.Ev TRUEPREFIX ,
+and
+.Ev X11BASE .
+The special construct
+.Sq ${FLAVORS}
+can be used in the packing-list to specify the current list of dash
+separated flavors the port is compiled with (useful for cross-dependencies
+in
+.Ev MULTI_PACKAGES ) .
+Add other
+variables as needed.
+.Pp
+.Ev TRUEPREFIX
+is never passed to
+.Xr pkg_create 1
+as it is identical to
+.Ev PREFIX .
+.Pp
+By default,
+.Xr update-plist 1
+is run with the following options:
+.Bd -literal -offset indent
+update-plist -i ARCH -i BASE_PKGPATH -i FULLPKGNAME
+-i FULLPKGPATH -i LOCALSTATEDIR -i MACHINE_ARCH
+-s BASE_PKGPATH -s LOCALBASE -s LOCALSTATEDIR -s PREFIX
+-s RCDIR -s SYSCONFDIR -s X11BASE
+.Ed
+.It Ev SUDO
+User settings.
+If set to
+.Xr doas 1
+in
+.Xr mk.conf 5 ,
+the ports tree will only invoke root's privileges for the parts that
+really require it.
+.It Ev SUPDISTFILES*
+Supplementary distribution files for mirroring and creating checksums with
+.Cm makesum .
+For instance, a port might need architecture-specific files, or have
+some flavor that requires more code.
+.Ev SUPDISTFILES*
+should hold a list of all those distribution files and patchfiles
+that are not always needed.
+Having an overlap between
+.Ev SUPDISTFILES*
+and
+.Ev DISTFILES* ,
+.Ev PATCHFILES*
+is admissible, and in fact, expected, as it is much simpler to build
+an error-free list of files to retrieve in that way.
+See the
+.Pa devel/jdk/1.8
+port for an example.
+.It Ev SYSCONFDIR
+Location for this port's configuration files, should always be derived
+from
+.Ev BASESYSCONFDIR ,
+which defaults to
+.Pa /etc .
+Passed to gnu configure scripts and substituted in packing-lists.
+.It Ev TAR
+Name of the tar binary.
+.It Ev TARGETS
+Read-only.
+Set to the list of special targets for a port
+.Po
+.Cm {pre,do,post}-*
+and module hooks
+.Pc .
+Used by introspection tools such as the
+.Pa sqlports
+package.
+.It Ev TEMPLATE_DISTFILES.<name>
+Template used to construct
+.Ev DISTFILES.name
+based on a
+.Ev DIST_TUPLE
+entry by filling in placeholder strings.
+For instance,
+.Ev TEMPLATE_DISTFILES.github
+defaults to
+.Bd -literal
+<account>-<project>-{<account>/<project>/archive/<subdir>}<id>.tar.gz
+.Ed
+.Pp
+with
+.Li DIST_TUPLE += github foo bar baz qux.
+We end up with the following
+.Ev DISTFILES.github
+entry:
+.Bd -literal -offset indent
+foo-bar-{foo/bar/archive/ref/tags}baz.tar.gz
+.Ed
+.Pp
+Placeholders
+.Sq account ,
+.Sq project ,
+.Sq id
+are self-explanatory.
+.Sq subdir
+is set automatically by figuring out whether
+.Ar id
+is a
+.Ar tagname
+or a
+.Ar hash .
+.It Ev TEMPLATE_HOMEPAGE.<name>
+Template for automatically generated
+.Ev HOMEPAGE
+when using
+.Ev DIST_TUPLE .
+Very similar to
+.Ev TEMPLATE_DISTFILES.<name> .
+.It Ev TEST_DEPENDS
+See
+.Ev BUILD_DEPENDS
+for specification.
+Test dependencies are only checked if the
+.Cm test
+stage is invoked.
+.It Ev TEST_ENV
+Additional environment variables passed to tests.
+Empty by default.
+.It Ev TEST_FLAGS
+Extra flags passed to ${MAKE_PROGRAM} to run the regression tests.
+Empty by default.
+.It Ev TEST_IS_INTERACTIVE
+Set to
+.Sq Yes
+if port needs human interaction to run its tests, or set to
+.Sq X11
+if the tests need an active X11 display to work.
+.It Ev TEST_LOG
+Command used to log the results of regression tests to TEST_LOGFILE.
+Read-only.
+.It Ev TEST_LOGFILE
+Log file containing the results of regression tests.
+.It Ev TEST_TARGET
+Target to run regression tests.
+Defaults to
+.Sq test ,
+except for
+.Sq perl
+and
+.Sq gnu
+.Ev CONFIGURE_STYLE ,
+which default to
+.Sq test
+and
+.Sq check ,
+respectively.
+.It Ev TRUEPREFIX
+Read-only.
+Mostly the same as ${PREFIX}, except it never gets ${DESTDIR} prepended
+during
+.Cm fake .
+Refer to
+.Sx THE FAKE FRAMEWORK
+section for details.
+.It Ev TRY_BROKEN
+User settings.
+If set to
+.Sq Yes ,
+don't set
+.Ev IGNORE
+for
+.Ev BROKEN
+ports, so that we will attempt to build them.
+.It Ev UNLOCK_CMD
+User settings.
+If set, expands to a command that will release a lock.
+This lock will reside in
+.Pa ${LOCKDIR} .
+.It Ev UNLINKED
+Some ports should not be built by default for various reasons:
+not fully integrated into the system yet, bootstrap-specific
+ports, flavors that conflict badly with the default installation,
+but these ports should still be indexed by tools like
+.Pa sqlports
+for consistency.
+Instead, set
+.Ev UNLINKED
+to a
+.Sq tag
+that will make the port
+.Ev IGNORE Ns d
+unless
+.Ev BUILD_UNLINKED
+contains that specific tag.
+.It Ev UNMESSAGE
+File recorded in the package and displayed during deinstallation.
+Defaults to ${PKGDIR}/UNMESSAGE if this file exists.
+Leave empty if no message is needed.
+.It Ev UNZIP
+Name of the unzip binary.
+.It Ev UPDATE_COOKIES_DIR
+User settings.
+Used to store cookies for package updates and defaults to
+.Pa ${PORTSDIR}/update/${MACHINE_ARCH} .
+If set to empty, will revert to a file under
+.Pa ${WRKDIR} .
+.It Ev UPDATE_PLIST_ARGS
+Tweaks to
+.Xr update-plist 1
+behavior for some specific ports, such as variable handling.
+.It Ev UPDATE_PLIST_OPTS
+User settings.
+User options added to
+.Xr update-plist 1 ,
+mostly
+.Fl v
+for now.
+.It Ev USE_CCACHE
+User settings.
+Set to
+.Sq Yes
+to use ccache when building ports.
+Sets up the build environment so that it is used.
+.It Ev USE_GMAKE
+Set to
+.Sq Yes
+if GNU make (${GMAKE}) is needed for correct behavior of this port.
+.It Ev USE_GROFF
+Set to
+.Sq Yes
+to use groff to build manpages.
+This sets groff as a build dependency, and also tells
+.Xr pkg_create 1
+to format manpages behind the scene using groff while building packages.
+.It Ev USE_LIBTOOL
+Defaults to
+.Sq Yes .
+Set to
+.Sq gnu
+if the base
+.Xr libtool 1
+is insufficient and GNU libtool is required.
+Set to
+.Sq \&No
+to disable the use of
+.Xr libtool 1
+entirely; this should not be set under normal circumstances.
+Adds dependencies if necessary, and passes LIBTOOL environment variable to
+scripts invocations.
+.Pp
+Many ports using GNU autoconf need an m4 file from the GNU libtool package
+but otherwise work with base
+.Xr libtool 1 .
+In those cases do not set
+.Ev USE_LIBTOOL ,
+instead just set
+.Li BUILD_DEPENDS = devel/libtool .
+.It Ev USE_LLD
+Set to
+.Sq Yes ,
+.Sq \&No
+or
+.Sq ports
+to force the use of
+.Xr ld.lld 1
+.Po
+as opposed to
+bfd's
+.Xr ld 1
+.Pc .
+.Sq ports
+forces the use of
+.Xr ld.lld 1
+from lang/clang module.
+Defaults to the appropriate value for the current architecture
+.Po
+see
+.Ev LLD_ARCHS
+in
+.Xr bsd.port.arch.mk 5
+.Pc .
+.It Ev USE_MFS
+Set to
+.Sq Yes
+to build ports under an MFS filesystem
+(see
+.Xr mount_mfs 8 ) .
+Mostly for use by
+.Xr dpb 1
+and not intended to be a user setting.
+See
+.Ev WRKOBJDIR_MFS
+for configuration.
+.It Ev USE_NOBTCFI
+If set to
+.Sq Yes ,
+writes a wrapper script to
+.Pa ${WRKDIR}/bin/ld
+in
+.Cm patch
+to request that the linker adds a
+.Dv PT_OPENBSD_NOBTCFI
+ELF section.
+Use when a port does not work with the default strict enforcement of
+indirect branch targets.
+.Pp
+Applies to all architectures; set
+.Ev USE_NOBTCFI-${MACHINE_ARCH}
+to apply to only a specific architecture.
+.It Ev USE_NOEXECONLY
+If set to
+.Sq Yes ,
+writes a wrapper script to
+.Pa ${WRKDIR}/bin/ld
+in
+.Cm patch
+adding
+.Fl -no-execute-only .
+Use when a port does not work with execute-only (unreadable) code sections
+which are used by default by the linker on some architectures.
+.It Ev USE_SCCACHE
+User settings.
+Set to
+.Sq Yes
+to use sccache when building Rust ports.
+.It Ev USE_WXNEEDED
+If set to
+.Sq Yes ,
+writes a wrapper script to
+.Pa ${WRKDIR}/bin/ld
+in
+.Cm patch
+to request that the linker adds a
+.Dv PT_OPENBSD_WXNEEDED
+ELF section.
+Use when a port requires memory mappings that are both executable
+and writable and cannot be modified to avoid this.
+.It Ev USE_X11
+Normally, presence of ${X11BASE} is enforced by default for building ports.
+But there is an experimental way to hook the xenocara build into
+.Xr dpb 1 ,
+which requires knowing whether a port requires X11 to already
+be there.
+.Pp
+The infrastructure mostly sets
+.Ev USE_X11
+automatically based on
+.Ev WANTLIB
+values, there are a few ports (about 20) that require X11 components without
+any library telltale.
+.It Ev VARBASE
+User settings.
+Base location for ports that install stuff outside of
+.Pa ${LOCALBASE} .
+Defaults to
+.Pa /var .
+.It Ev WANTLIB
+List of library specifications that a package will need.
+May include system and X11 libraries.
+See
+.Xr library-specs 7
+for more details.
+.Pp
+As a special extension,
+.Ev WANTLIB
+may include absolute paths, e.g.,
+.Pa ${LOCALBASE}/lib/expat=4
+to distinguish between base libraries and port libraries.
+Use with caution, this is very seldom needed.
+.It Ev wantlib_args
+Controls the behavior of
+.Xr pkg_create 1
+related targets, see
+.Cm print-package-args
+for details.
+.It Ev WARNINGS
+User settings.
+If set to
+.Sq Yes ,
+add
+.Ev CDIAGFLAGS
+to
+.Ev CFLAGS
+and
+.Ev CXXDIAGFLAGS
+to
+.Ev CXXFLAGS .
+.It Ev WRKBUILD
+Subdirectory of ${WRKDIR} where the actual build occurs.
+Defaults to ${WRKSRC}, unless
+.Ev SEPARATE_BUILD
+is involved, in which case it is set to an appropriate value.
+.It Ev WRKCONF
+Subdirectory of ${WRKDIR} where the actual configure set occurs.
+Defaults to ${WRKBUILD}.
+.It Ev WRKDIR
+Location where all port activity occurs.
+Apart from the actual port, may
+hold all kinds of cookies that checkpoint the port's build.
+Read-only.
+Note that WRKDIR may be a symbolic link.
+During ports building,
+.Pa ${WRKDIR}/bin
+is put at the front of the
+.Ev PATH .
+.It Ev WRKDIST
+Subdirectory of ${WRKDIR} in which the distribution files normally unpack.
+Base for all patches.
+Defaults to
+.Pa ${WRKDIR}/${DISTNAME} .
+Note that WRKDIST may be a symbolic link, if set to ${WRKDIR}.
+.It Ev WRKSRC
+Subdirectory of ${WRKDIR} where the actual source is.
+Base for configuration (default: ${WRKDIST}).
+Note that WRKSRC may be a symbolic link, if set to ${WRKDIR}.
+.It Ev WRKINST
+Subdirectory of ${WRKDIR} used as a staging area for installing the port.
+(See
+.Cm fake
+target).
+.It Ev WRKOBJDIR
+Used as a base for the actual port working directory.
+Defaults to
+.Pa ${PORTSDIR}/pobj .
+The real working directory ${WRKDIR} is created there.
+Can be set on a per-${PKGPATH} basis.
+For instance, setting WRKOBJDIR_www/mozilla=/tmp/obj
+will affect only the mozilla port.
+If explicitly unset (WRKOBJDIR=), the working directory is
+created within the port directory.
+.It Ev WRKOBJDIR_MFS
+Alternate location for the port working directory.
+The intent is to use an MFS based filesystem for small ports with
+.Xr dpb 1 .
+Active when
+.Ev USE_MFS
+is
+.Sq Yes .
+Defaults to
+.Pa /tmp/pobj .
+.It Ev X11BASE
+Where X11 has been installed.
+Default:
+.Pa /usr/X11R6 .
+.It Ev XAUTHORITY
+Points to a suitable authority file for X11 interactive regression tests.
+Defaults to
+.Pa ${HOME}/.Xauthority .
+.It Ev XMKMF
+Invocation of xmkmf for a
+.Li CONFIGURE_STYLE=imake
+port.
+Defaults to xmkmf -a -DPorts.
+The -DPorts is specific to
+.Ox
+and is always appended.
+.It Ev YACC
+Name of yacc program to pass to GNU-configure, defaults to yacc.
+GNU-configure would always try to use bison otherwise, which leads to
+unreproducible builds.
+Set to bison if needed.
+.El
+.Sh THE FAKE FRAMEWORK
+The
+.Cm fake
+target is used to install the port under a staging directory first, ready for
+packaging by the
+.Cm package
+target, so that the actual
+.Cm install
+target will use the binary package instead.
+.Pp
+Essentially,
+.Cm fake
+invokes the install process after tweaking a few variables.
+.Pp
+.Cm fake
+first creates a skeleton tree under ${WRKINST}, using
+.Xr mkdir 1
+.Fl p .
+.Pp
+A
+.Cm pre-fake
+target may be used to complete that skeleton tree.
+For instance, a few ports may need supplementary stuff to be present (as
+it would be installed if the port's dependencies were present).
+.Pp
+In most cases,
+.Cm pre-install
+is preferred.
+.Pp
+If
+.Cm {pre,do,post}-install
+overrides are present, they are used with some
+important changes, listed in
+.Ev FAKE_SETUP :
+.Bd -literal -offset indent
+TRUEPREFIX=${PREFIX}
+PREFIX=${WRKINST}${PREFIX}
+${DESTDIRNAME}=${WRKINST}
+.Ed
+.Pp
+Essentially, old install targets work transparently, except for a need to
+change
+.Ev PREFIX
+to
+.Ev TRUEPREFIX
+for symbolic links and similar path lookups.
+Specific traditional post install work can be simply removed, as it will
+be taken care of by the package itself (for instance, ldconfig, or
+texinfo's install-info).
+.Pp
+If no
+.Cm do-install
+override is present, the port is installed using
+.Bd -literal -offset 2n
+env -i ${MAKE_ENV} ${FAKE_SETUP} ${MAKE_PROGRAM} ${ALL_FAKE_FLAGS} -f ${MAKE_FILE} ${FAKE_TARGET}
+.Ed
+.Pp
+Note that this does set both PREFIX and ${DESTDIRNAME}.
+If a port's Makefile both heeds ${DESTDIRNAME},
+and references PREFIX explicitly,
+FAKE_FLAGS may rectify the problem by setting PREFIX=${PREFIX}
+(which will do the right thing, since ${PREFIX} is a
+.Xr make 1
+construct which will not be seen by the shell).
+.Pp
+${FAKE_FLAGS} is used to set variables on
+.Xr make 1
+command line, which will override the port Makefile contents.
+Thus, a port that mentions DESTDIR= does not need any patch to work with fake.
+.Pp
+Files such as
+.Pa ${PKGDIR}/README*
+or
+.Pa ${PKGDIR}/*.rc
+get copied to
+.Pa ${WRKINST}
+right after the end of
+.Cm fake ,
+during
+.Cm generate-readmes
+(see the
+.Sx FILES
+section above for details).
+.Sh THE DEBUG_PACKAGES INFRASTRUCTURE
+If
+.Ev DEBUG_PACKAGES
+is not empty, debug packages will be built "on the side".
+Since debug information is usually large, this is controlled on a per-arch
+basis with
+.Ev DEBUGINFO_ARCHS
+controlling the behavior (set to amd64 by default).
+.Pp
+During the normal
+.Cm package
+target ,
+.Xr build-debug-info 1
+will be invoked to deduce debug packing-lists from the normal packing-lists,
+and some extra makefile rules will be invoked to set aside the debug
+information, and shrink it by processing it through ${DWZ}.
+.Pp
+Then each normal package will have a "shadow" debug-* package built alongside
+it, with the exact same package signature, except it will also be tied closely
+with the normal package.
+.Pp
+Figuring out what files contain debug information is entirely achieved through
+.Cm @bin ,
+.Cm @lib ,
+.Cm @so
+and
+.Cm @static-lib
+annotations in the base packing-lists.
+.Pp
+Debug packages will be produced for all subpackages in
+.Ev DEBUG_PACKAGES .
+Usually, the heuristics of trimming arch-independent packages
+from
+.Ev BUILD_PACKAGES
+is enough.
+In case this still produces empty debug packages, the
+.Ev DEBUG_PACKAGES
+list should be produced manually.
+.Pp
+The actual debug packages are not registered through
+.Xr register-plist 1
+since the information was automatically generated.
+.Pp
+debug package names and debug package filenames are added to
+.Ev PKGNAMES
+and
+.Ev PKGFILES
+respectively for introspection purpose.
+.Pp
+.Xr egdb 1
+from ports can read debug information from a separate file, as long as
+the original ELF file was annotated with a debuginfo link.
+.Pp
+That feature is used to set debug information on the side, in
+.Pa .debug/
+subdirectories alongside the normal binaries, shared objects and shared
+libraries.
+.Pp
+For static libraries, the information can't be separated, instead the full
+static library with debug information is provided in the
+.Pa .debug/
+subdirectory, while the normal static library gets stripped.
+.Sh FLAVORS AND MULTI_PACKAGES
+Starting with
+.Ox 2.7 ,
+each port can generate distinct packages through two orthogonal mechanisms:
+.Ev FLAVORS
+and
+.Ev MULTI_PACKAGES .
+.Pp
+The current
+.Ev MULTI_PACKAGES
+mechanism was introduced after
+.Ox 4.0 .
+.Pp
+The arch-dependent part was refined after
+.Ox 5.0 .
+.Pp
+If a port can be compiled with several options, these options
+should be turned into
+.Ev FLAVORS .
+The port maintainer will set
+.Ev FLAVORS
+to be the list of possible options in the Makefile.
+When building the port, the package builder will set
+.Li "FLAVOR='option1 option2...'"
+to build a specific flavor of the port.
+The Makefile should test the value of FLAVOR as follows:
+.Bd -literal -offset indent
+FLAVOR?=
+\&.if ${FLAVOR:Moption1}
+# what to do if option1
+\&.endif
+\&.if ${FLAVOR:Moption2}
+# what to do if option2
+\&.endif
+.Ed
+.Pp
+.Nm
+takes care of a few details, such as generating a distinct work directory for
+each flavor, or creating a FULLPKGNAME by adding a dash separated list of
+flavors to the base package name.
+The order in which
+.Ev FLAVOR
+is specified does not matter: this dash separated list will be
+reordered to match the ordering of
+.Ev FLAVORS .
+.Pp
+It is an error to specify an option in
+.Ev FLAVOR
+that does not appear in
+.Ev FLAVORS ,
+to prevent misspellings.
+.Pp
+In bulk package building, flavors can be specified as a comma
+separated list after the package directory, e.g., SUBDIR+=vim,no_x11
+.Po
+see
+.Xr pkgpath 7
+.Pc
+.Pp
+Finally, package information will use templates with the canonical package
+extension if they are available: if FLAVOR='option1 option2' and both
+COMMENT and COMMENT-option1-option2 are available, COMMENT-option1-option2 will
+be used.
+.Pp
+If one build of a port can generate several distinct packages, set
+.Ev MULTI_PACKAGES
+accordingly.
+Each extension of a
+.Ev MULTI_PACKAGES
+name should start with a dash, so that they cannot be confused with
+.Ev FLAVORS .
+In dependency checking and bulk builds, a subpackage can be
+specified after a comma, e.g.,
+.Li SUBDIR+=quake,-server .
+.Ev MULTI_PACKAGES
+only affects the actual package building step.
+.Pp
+If
+.Ev MULTI_PACKAGES
+is set, the packaging stage happens once for every
+subpackage, using subpackage-specific variables.
+For instance, if
+.Li MULTI_PACKAGES=-main -lib -server ,
+.Ev PKG_ARCH-main ,
+.Ev PKG_ARCH-lib
+and
+.Ev PKG_ARCH-server
+will be used for the subpackages respectively called
+.Ev FULLPKGNAME-main ,
+.Ev FULLPKGNAME-lib
+and
+.Ev FULLPKGNAME-server .
+.Pp
+All package information is also derived from
+templates with SUBPACKAGE appended.
+In the preceding example, the packing-list template for FULLPKGNAME-lib
+must be in PLIST-lib.
+.Pp
+The following variables are subpackage dependent:
+.Ev COMMENT ,
+.Ev PKG_ARCH ,
+.Ev PERMIT_PACKAGE ,
+.Ev PKGFILE ,
+.Ev PKGNAME ,
+.Ev PKGSTEM ,
+.Ev FULLPKGNAME ,
+.Ev REVISION ,
+.Ev EPOCH ,
+.Ev FULLPKGPATH ,
+.Ev RUN_DEPENDS ,
+.Ev WANTLIB ,
+.Ev LIB_DEPENDS ,
+.Ev IGNORE ,
+.Ev ONLY_FOR_ARCHS ,
+.Ev NOT_FOR_ARCHS ,
+.Ev PKG_ARGS ,
+.Ev PREFIX ,
+.Ev CATEGORIES ,
+.Ev MESSAGE ,
+.Ev UNMESSAGE ,
+.Ev DESCR ,
+.Ev PLIST ,
+.Ev STATIC_PLIST ,
+.Ev PKGSPEC .
+.Pp
+The usual non-MULTI_PACKAGES variables are simply used as default values
+for all subpackages.
+So, if you set
+.Li "PKG_ARCH=*"
+.Li "PKG_ARCH-main=i386"
+then
+.Ev PKG_ARCH-lib
+and
+.Ev PKG_ARCH-server
+will both be
+.Sq * .
+.Pp
+.Ev WANTLIB
+and
+.Ev LIB_DEPENDS
+are special.
+At the beginning of the build, during
+.Cm prepare ,
+all build dependencies will be checked,
+which includes
+.Ev LIB_DEPENDS ,
+.Ev WANTLIB
+for every subpackage.
+As an exception, any
+.Ev LIB_DEPENDS-sub
+that references the current port will be ignored as a build dependency,
+in order to avoid recursion.
+.Pp
+.Ev FULLPKGPATH
+and
+.Ev FULLPKGNAME
+are special as well.
+If
+.Ev PKGNAME
+is <stem>-<version>,
+then
+.Ev PKGNAME-sub
+will be set to
+<stem>-sub-<version>
+by default, except for
+.Ev PKGNAME-main
+which has
+.Ev PKGNAME
+as a default.
+Normally,
+.Ev FULLPKGPATH-sub
+is automatically set to the right value,
+but in very rare cases, one may need to override the default:
+for instance, if one specific subpackage is not affected by flavor
+settings that affect other subpackages, e.g., for include files packs,
+then the flavoring part of the fullpkgpath may need to be dropped.
+.Pp
+In terms of using the port, quite a few targets will have a subpackage
+specific subtarget:
+invoking
+.Cm package
+is the same as invoking
+.Cm subpackage
+for all subpackages,
+invoking
+.Cm install-all
+is the same as invoking
+.Cm install
+for all subpackages,
+and invoking
+.Cm update
+is the same as invoking
+.Cm subupdate
+for all subpackages.
+.Pp
+.Ev ONLY_FOR_ARCHS
+and
+.Ev NOT_FOR_ARCHS
+interact with
+.Ev MULTI_PACKAGES
+and
+.Ev IGNORE .
+The infrastructure will automatically filter subpackages
+that are not suitable for the current architecture.
+Thus,
+.Ev MULTI_PACKAGES
+should always list all subpackages,
+even things not buildable on the current architecture,
+for indexing purposes.
+.Pp
+Starting with
+.Ox 5.1 ,
+.Xr bsd.port.arch.mk 5
+should be used to simplify the handling of
+.Ev MULTI_PACKAGES
+in arch-dependent setups:
+.Pp
+Make sure
+.Ev MULTI_PACKAGES ,
+.Ev ONLY_FOR_ARCHS* ,
+and
+.Ev PSEUDO_FLAVORS
+are defined correctly, then
+.Bd -literal -offset indent
+\&.include <bsd.port.arch.mk>
+.Ed
+.Pp
+This will compute
+.Ev BUILD_PACKAGES ,
+the list of actual subpackages to build with the current setup,
+by taking arch constraints and pseudo-flavors into account.
+Then test
+.Ev BUILD_PACKAGES
+to set up the right configuration, e.g., to check if
+.Ev SUBPACKAGE
+.Ar -mono
+should be built:
+.Bd -literal -offset indent
+\&.if ${BUILD_PACKAGES:M-mono}
+.Ed
+.Pp
+The
+.Pa lang/gcc/8
+or
+.Pa print/poppler
+ports should provide examples of proper use.
+.Pp
+Note that
+.Xr dpb 1
+will break if all subpackages are not properly listed.
+.Sh THE GENERATION OF PACKAGE INFORMATION
+Starting after
+.Ox 4.1
+all package information is processed directly by
+.Xr pkg_create 1
+from templates in ${PKG_DIR}.
+.Pp
+.Bl -bullet -compact
+.It
+If not overridden by the user, determine which set of templates to use,
+depending on the current SUBPACKAGE and FLAVOR information.
+Set PLIST${SUBPACKAGE}, DESCR${SUBPACKAGE}, COMMENT${SUBPACKAGE},
+MESSAGE${SUBPACKAGE}, UNMESSAGE${SUBPACKAGE} accordingly.
+.It
+Generate the actual DESCR, and if needed, MESSAGE, UNMESSAGE,
+from the templates in ${DESCR}, ${MESSAGE}, ${UNMESSAGE}, by
+substituting the variables in ${SUBST_VARS}, and by substituting
+${FLAVORS} with the canonical flavor extension for this port,
+e.g., if
+.Li FLAVORS=no_map gfx qt2 ,
+if
+.Li FLAVOR=gfx no_map ,
+this is
+.Sq -no_map-gfx .
+.It
+Generate the actual packing-list from the template ${PLIST},
+by inserting fragments
+and applying the same variable substitutions as other package information.
+.El
+.Pp
+Note that ${COMMENT} is currently not substituted.
+.Pp
+To avoid substitution, variables can be escaped as follows:
+.Li "$\e{PREFIX}"
+.Pp
+If
+.Ev FLAVORS
+lists flv, then constructs such as the line
+.Li "%%flv%%"
+or
+.Li "!%%flv%%"
+in the packing-list template trigger the inclusion of
+.Pa ${PKGDIR}/PFRAG.flv${SUBPACKAGE}
+or
+.Pa ${PKGDIR}/PFRAG.no-flv${SUBPACKAGE} .
+Other fragments can be defined by simply adding
+.Li "-Dfrag=1"
+or
+.Li "-Dfrag=0"
+to
+.Ev PKG_ARGS .
+.Pp
+.Xr pkg_add 1
+now calls
+.Xr ldconfig 8
+directly, provided dynamic libraries have been annotated with
+.Li "@lib libthingy.so.5.0" .
+Adding new directories to the dynamic loader cache has been
+deprecated.
+It is often better to let libraries be visible as a link
+under ${LOCALBASE}.
+Having a separate directory is enough to trick
+.Xr ld 1
+into grabbing the right version.
+Libraries used only for
+.Xr dlopen 3
+do not need to be visible.
+Some programs will prefer to use rpath to find their own libraries.
+.Pp
+The special
+.Cm update-plist
+target does a fairly good job of automatically generating the packing-list
+information.
+.Pp
+If
+.Ev PLIST_REPOSITORY
+points to a directory, all packing-lists from packages generated by
+.Xr pkg_create 1
+during the
+.Cm package
+stage are saved in
+.Pa ${PLIST_REPOSITORY}/${MACHINE_ARCH}
+by a script:
+.Pa ${PORTSDIR}/infrastructure/bin/register-plist .
+This script strips some irrelevant information and normalizes the
+packing-list somehow, and compares it to existing information, looking
+for relevant changes.
+Since a package name must always be changed when the packing-list changes,
+any attempt to replace a packing-list of a given name with a different
+packing-list will be flagged as an error.
+.Pp
+In
+.Ev MULTI_PACKAGES
+mode, there must be separate COMMENT, DESCR, and PLIST
+templates for each SUBPACKAGE (and optional distinct MESSAGE, UNMESSAGE
+files in a similar way).
+This contrasts with the
+.Ev FLAVORS
+situation, where all these files will automatically default to the
+non-flavor version if there is no flavor-specific file around.
+.Sh OBSOLETE TARGETS
+.Bl -tag -width Ds
+.It Cm {build,run,lib}-depends
+The dependency mechanism now meshes
+.Ev BUILD_DEPENDS , LIB_DEPENDS , RUN_DEPENDS, WANTLIB
+and
+.Ev MULTI_PACKAGES .
+Refer to
+.Cm prepare , install-depends , test-depends .
+.El
+.Sh OBSOLETE VARIABLES
+.Bl -tag -width Ds
+.It Ev FETCH_BEFORE_ARGS , FETCH_AFTER_ARGS
+Set
+.Ev FETCH_CMD
+to point to a script that does any required special treatment instead.
+.It Ev FETCH_DEPENDS
+Used to specify dependencies that were needed to fetch files.
+It is much easier to mirror locally weird distribution files.
+.It Ev NO_EXTRACT
+Set EXTRACT_ONLY= instead.
+.It Ev NO_WRKDIR
+All ports should have a working directory, as this is necessary to store
+cookies and keep state.
+.It Ev NO_WRKSUBDIR
+The same functionality is obtained by setting WRKDIST=${WRKDIR}.
+.It Ev OPSYS_VER
+Use
+.Ev OSREV
+instead.
+.It Ev PKGNAME
+Used to refer to the full package name, has been superseded by
+.Ev FULLPKGNAME-foo ,
+for
+.Ev SUBPACKAGE
+-foo.
+.Ev PKGNAME
+now holds the package name, not taking multi-packages or flavors
+into account.
+Most ports are not concerned by this change.
+.It Ev PLIST_SUBST
+From
+.Nx
+and
+.Fx .
+Use SUBST_VARS instead.
+.Ox
+does not allow general substitutions of the form VAR=value, but uses
+only a list of variables instead.
+Most package files gets transformed, instead of only the packing-list.
+.It Ev SCRIPTDIR
+Old location for scripts related to the current port.
+There is no reason for the semantic distinction, use
+.Ev FILESDIR
+for those.
+.It Ev SITES0 , ... , SITES9
+Supplementary locations from which distribution files and patchfiles were
+retrieved, superseded by the more generic
+.Ev SITES.sufx
+matching
+.Ev DISTFILES.sufx
+construct.
+.It Ev USE_BZIP2
+The framework will automatically detect the presence of
+.Pa .tar.bz2
+files to extract.
+See also
+.Ev BZIP2 , EXTRACT_CASES ,
+and
+.Ev EXTRACT_SUFX .
+.It Ev USE_ZIP
+The framework will automatically detect the presence of
+.Pa .zip
+files to extract.
+See also
+.Ev ZIP , EXTRACT_CASES ,
+and
+.Ev EXTRACT_SUFX .
+.El
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa ../Makefile.inc
+Common Makefile fragment for a set of ports, included automatically.
+.It Pa ${PORTSDIR}/distfiles
+Default setup of ${DISTDIR}.
+.It Pa ${DISTDIR}
+Cache of all distribution files.
+.It Pa distinfo
+Checksum file.
+Holds the output of
+.Xr cksum 1 ,
+using
+.Xr sha256 1
+for the port's ${DISTFILES*}, ${SUPDISTFILES*} and ${PATCHFILES*},
+as well as the sizes of these files.
+.It Pa ${DISTDIR}/${CHECKSUMFILES}
+Cache of normal distribution files for a given port.
+.It Pa ${DISTDIR}/${MAKESUMFILES}
+Cache of all distribution files for a given port.
+.It Pa ${PORTSDIR}/infrastructure/mk/*.mk
+Actual location of the
+.Xr make 1
+glue for the ports tree.
+.Xr make 1
+looks for
+.Pa bsd.port.mk
+.Po
+and
+.Pa bsd.port.subdir.mk
+.Pc
+under
+.Pa /usr/share/mk/bsd.port.mk ,
+but that file is just a stub that redirects to the real location.
+.It Pa ${PKGDIR}/DESCR
+Description for the port.
+Variables such as ${HOMEPAGE} and ${MAINTAINER} will be expanded
+(see SUBST_VARS).
+Multi-package ports will use DESCR${SUBPACKAGE}.
+.It Pa ${PKGDIR}/README
+.Ox
+specific documentation for a port, that will be installed as
+.Pa ${LOCALBASE}/share/doc/pkg-readmes/${PKGSTEM}
+at the end of
+.Cm fake .
+Variables from
+.Ev SUBST_VARS
+will be expanded.
+Multi-package ports will use
+.Pa README${SUBPACKAGE} .
+.It Pa ${PKGDIR}/<foo>.login
+login.conf.d file for class <foo>.
+Will be installed as
+.Ar ${PREFIX}/share/examples/login.conf.d/foo
+at the end of
+.Cm fake .
+When a port provides a daemon started by
+.Xr rc.d 8
+requiring non-default
+.Xr login.conf 5
+attributes, a sample file should be provided
+and used as a template by adding
+.Cm @sample /etc/login.conf.d/${ Ns Va class Ns }
+to the packing list.
+.It Pa ${PKGDIR}/<foo>.rc
+Startup script for <foo>.
+Will be installed as
+.Ar ${RCDIR}/<foo>
+at the end of
+.Cm fake .
+Variables from
+.Ev SUBST_VARS
+will be expanded.
+.It Pa ${PORTSDIR}/plist
+Default setup of ${PLIST_REPOSITORY}.
+.It Pa ${PORTSDIR}/packages
+Default setup of ${PACKAGE_REPOSITORY}.
+.It Pa ${PACKAGE_REPOSITORY}/no-arch
+Location of arch-independent packages.
+.It Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/all
+Location of all built packages.
+.It Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/cache
+Location of packages retrieved through the network.
+.It Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/cksums
+Location of checksums, see
+.Ev CHECKSUM_PACKAGES .
+.It Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/cdrom
+Location of packages suitable for the CD.
+.It Pa ${PACKAGE_REPOSITORY}/${MACHINE_ARCH}/ftp
+Location of packages suitable for FTP.
+.It Pa ${PORTSDIR}/bulk/${MACHINE_ARCH}
+Default setup of ${BULK_COOKIES_DIR}.
+.It Pa ${PORTSDIR}/update/${MACHINE_ARCH}
+Default setup of ${UPDATE_COOKIES_DIR}.
+.It Pa ${PORTSDIR}/mystuff
+Extra directory used to store local ports before committing them.
+All depend targets will normally look there after the normal lookup fails.
+See
+.Ev PORTSDIR_PATH .
+.El
+.Sh DIAGNOSTICS
+Note that some of these messages are actually emitted by some other external
+commands, but grouped here for convenience: easier to look for in
+.Xr dpb 1 Ns 's
+logs.
+.Pp
+See
+.Ev ERRORS
+for more details about internal diagnostics.
+.Bl -diag
+.It "/bin/sh: cd .../pkg - No such file or directory"
+Emitted during
+.Cm generate-readmes .
+.Pa ${PKGDIR}
+must point to an existing directory, so that
+.Nm
+can be certain there are no
+.Pa MESSAGEs
+or
+other files pertinent to the package.
+.It "===> Building from scratch in ..."
+Emitted when a build creates the
+.Pa ${WRKDIR}
+for a port.
+Used by
+.Xr dpb 1
+to separate clean builds from builds restarted after a crash
+for statistics collection.
+.It "Discovered old directory in ..."
+This message comes from
+.Xr update-plist 1 .
+A directory was found in the packing-list file mentioned in the diagnostic.
+That directory line used to be needed but is no longer,
+because it's now accounted for through dependencies.
+Indicates the old directory has been removed.
+.It "Error: change in plist between ..."
+Error message comes from
+.Xr register-plist 1 .
+.It "Error: duplicate item in packing-list"
+Error message comes from
+.Xr pkg_create 1 ,
+and will result from incorrect packing-lists, such as including several
+fragments with the same file, or having incorrect
+.Ev PKG_ARGS-sub .
+.It "Error: Libraries in packing-lists...and libraries from installed packages don't match"
+The ports tree and the installed packages are out-of-sync.
+Mixing library information from both sources might produce packages that can't
+be installed elsewhere.
+Cleanest fix is to update the out-of-date source (e.g., update the ports tree,
+or build and install new packages).
+Developers may use
+.Ev PKG_CREATE_NO_CHECKS
+instead, assuming they understand the implications.
+See
+.Cm print-package-args Pq Cm wantlib-args
+for details.
+.It "Fatal: can't flavor a SUBDIR"
+A dependency mentions top_subdir,flavor.
+Flavor would then be ignored, as it is only applied to individual ports.
+.It "Fatal: can't subpackage a SUBDIR"
+A dependency mentions top_subdir,-sub.
+Subpackage would then be ignored, as it is only applied to individual ports.
+.It "Fatal: flavor should never start with a digit"
+This would utterly confuse
+.Xr pkg_add 1 .
+See
+.Xr packages-specs 7 .
+.It "Fatal: inclusion of <file> from <file>"
+.Pa bsd.port.mk
+or
+.Pa bsd.port.subdir.mk
+has been included from a
+.Ev MODULE
+or from
+.Pa Makefile.inc ,
+resulting in a double inclusion.
+This would lead to weird results, such as
+.Ev PKG_ARGS
+being defined twice.
+.It "Fatal: SITES* is not defined but referenced by <file> in <DISTFILES*/PATCHFILES*/SUPDISTFILES*>"
+Pretty much self-explanatory.
+.It "Fatal: SUBPACKAGES should always begin with -: <offending list>"
+That is the only way to differentiate between
+.Ev FLAVOR
+and
+.Ev SUBPACKAGE
+in
+.Xr pkgpath 7
+specifications.
+.It "Fatal: building ports requires correctly installed X11"
+All file sets of the base OS, including xenocara, must be installed
+before building ports.
+.It "Fatal: /usr/local/lib/X11/app-defaults should exist and be a symlink"
+.Pa /usr/local/lib/X11/app-defaults
+is distributed as a symlink in the
+.Pa xshare*.tgz
+file set.
+If xenocara was not fully installed before packages were added, it may
+have been created as a directory instead.
+.It "Fatal: the licensing info for <pkgname> is incomplete..."
+Every port must have explicit defines of all
+.Ev PERMIT_*
+values.
+.It "Fatal: Use 'env FLAVOR=flavor make' instead"
+Arguments specified after
+.Xr make 1
+are hardcoded for all recursive sub-makes, and very difficult to override.
+Thus,
+.Ev FLAVOR
+must be specified in the environment instead.
+.It "Fatal: Use 'env SUBPACKAGE=-sub make' instead"
+Arguments specified after
+.Xr make 1
+are hardcoded for all recursive sub-makes, and very difficult to override.
+Thus,
+.Ev SUBPACKAGE
+must be specified in the environment instead.
+.It "ldconfig: <dir>: No such file or directory"
+Usually produced by
+.Xr pkg_add 1
+running
+.Xr ldconfig 8 .
+Some tools such as GNU libtool will add directories living under
+.Pa ${WRKINST}
+to the shared library path during the
+.Cm fake
+stage.
+Of course,
+.Xr ldconfig 8
+will later complain after the directory no longer exists.
+The bogus tool should be fixed to conform to
+.Ox
+usage.
+.It LIB_DEPENDS <spec> not needed for <FULLPKGPATH>
+There doesn't seem to be any WANTLIB to match the given LIB_DEPENDS.
+Thus, the LIB_DEPENDS won't turn into a @depends line in the created package.
+This is often because of confusion between LIB_DEPENDS and RUN_DEPENDS:
+RUN_DEPENDS is needed for dlopen'd libraries.
+.Pp
+Might be intentional sometimes, if some compile flavors create static binaries,
+for instance.
+Also, will happen for multi-packages, where one sets LIB_DEPENDS to have
+a given build dependency (and corresponding WANTLIB for a given SUBPACKAGE).
+.Pp
+See
+.Cm print-package-args Pq Cm lib-depends-args
+for details.
+.It "Not built because unlinked (<tag>)"
+See
+.Ev UNLINKED .
+.It "Warning: FULLPKGNAME-sub defined but not FULLPKGPATH-sub"
+.Ev FULLPKGNAME-sub
+has been explicitly defined by the port, instead of relying on the default,
+but no value of
+.Ev FULLPKGPATH-sub
+has been given.
+This is often an error.
+.It "Warning: no debug-info in ..."
+Port uses
+.Ev DEBUG_PACKAGES
+so the
+.Xr build-debug-info 1
+script expects debug information on all binaries and libraries.
+Most probably, the build machinery for that specific port omitted -g
+somewhere, or it runs strips during fake anyway.
+It can also occur if
+.Ev DEBUG_PACKAGES
+includes subpackages with no files holding debug info.
+.It "Warning: old style distfiles <files>... found"
+See
+.Cm fetch
+for the newer way.
+.It "Warning: symlink(s) point to non existent file."
+Warning message comes from
+.Xr pkg_create 1 .
+The symlink resides in the fake area, under
+.Pa ${WRKINST} .
+This is only a warning because the symlink may point to a run-time dependency,
+which obviously won't exist under
+.Pa ${WRKINST}
+at the time
+.Ql make package
+is run.
+.It "Warning: @option no-default-conflict with no @conflict"
+Warning message comes from
+.Xr pkg_create 1 .
+Most packages that waive "default-conflict" will have explicit conflict markers
+instead.
+Otherwise, the package will only conflict with the exact same version, with
+some possible
+.Ev REVISION
+bumps.
+Any other version or
+.Ev FLAVOR
+won't conflict.
+This is generally an error, apart from very few ports like
+.Pa devel/autoconf/* .
+.It "groff produced empty result for <manpage>..."
+Warning message comes from
+.Xr pkg_create 1 .
+Manpages are automatically formatted with
+.Xr groff 1
+if
+.Ev USE_GROFF
+is set.
+The above message denotes an actual problem while formatting the page,
+which should be addressed.
+In the meantime,
+.Xr pkg_create 1
+still produces a package, but leaves the manpage unformatted, in the hope
+that something will be able to make sense of it.
+.El
+.Sh SEE ALSO
+.Xr clean-old-distfiles 1 ,
+.Xr ftp 1 ,
+.Xr pkg_add 1 ,
+.Xr pkg_create 1 ,
+.Xr OpenBSD::Intro 3p ,
+.Xr bsd.port.arch.mk 5 ,
+.Xr mk.conf 5 ,
+.Xr port-modules 5 ,
+.Xr library-specs 7 ,
+.Xr mirroring-ports 7 ,
+.Xr packages-specs 7 ,
+.Xr pkgpath 7 ,
+.Xr ports 7
+.Sh HISTORY
+The ports mechanism originally came from
+.Fx .
+A lot of additions were taken from
+.Nx
+over the seminal years.
+.Pp
+Since 1998, the framework has been systematically cleaned-up and reorganized
+to remove bugs.
+New features have been carefully introduced, trying hard to avoid
+inconsistencies.
+.Pp
+.Ev FLAVORS ,
+.Ev MULTI_PACKAGES ,
+.Ev SEPARATE_BUILD
+and FAKE are
+.Ox
+improvements.
+Most recent additions do not come from another
+.Bx .
+.\" Voluntarily undocumented:
+.\" AUTOCONF_ENV: probably not needed anyway, should be internal.
+.Sh BUGS
+.Ev LOCALBASE ,
+.Ev X11BASE ,
+.Ev BASESYSCONFDIR ,
+.Ev VARBASE
+and
+.Ev PREFIX
+are not heeded consistently.
+Using anything but the default values has not been heavily tested.
+Some ports may not build if you change them.
diff --git a/static/openbsd/man5/bsd.regress.mk.5 b/static/openbsd/man5/bsd.regress.mk.5
new file mode 100644
index 00000000..b795afb3
--- /dev/null
+++ b/static/openbsd/man5/bsd.regress.mk.5
@@ -0,0 +1,235 @@
+.\" $OpenBSD: bsd.regress.mk.5,v 1.27 2025/09/17 08:52:05 tb Exp $
+.\"
+.\" Copyright (c) 2002 Anil Madhavapeddy
+.\" Copyright (c) 2000 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: September 17 2025 $
+.Dt BSD.REGRESS.MK 5
+.Os
+.Sh NAME
+.Nm bsd.regress.mk
+.Nd regression test master Makefile fragment
+.Sh SYNOPSIS
+.Fd .include <bsd.regress.mk>
+.Sh DESCRIPTION
+.Nm
+holds the standard routines used by the source regression tests.
+Some variables and targets are for its internal use only.
+The rest are documented here.
+.Pp
+Since this file also includes
+.Nm bsd.prog.mk ,
+all of the usual
+.Ox
+Makefile variables may be used to build the regression
+test programs.
+.Sh TARGETS
+.Bl -tag -width regress
+.It Cm depend
+Build any dependencies required to carry out the current set
+of regression tests.
+.It Cm regress
+Executes the regression targets defined in the Makefile.
+If a test fails, the line
+.Qq FAILED
+is printed to the standard output.
+By default, execution stops after the first test failure and
+.Sy make Cm regress
+exits with a non-zero status.
+.It Cm run-regress-*
+Runs an individual regression test.
+If the exit status of the program indicates an error or timeout,
+then a failure is logged, otherwise the test is marked as a success.
+.El
+.Sh VARIABLES
+.Bl -tag -width Ds
+.It Ev REGRESS_CLEANUP
+If this variable is set, it contains a target that is executed
+after all regress targets.
+.It Ev REGRESS_EXPECTED_FAILURES
+Targets which are expected to fail.
+Specifically: sometimes tests are added for features that should be
+supported eventually, but are somewhat complicated to fix right away.
+.It Ev REGRESS_FAIL_EARLY
+If this variable is set to anything but
+.Dq no ,
+the
+.Cm regress
+target will abort as soon as a test fails.
+Defaults to
+.Dq yes
+unless
+.Ev REGRESS_LOG
+is set.
+.It Ev REGRESS_LOG
+Points to the fully-qualified path of a file to which regression
+results are appended.
+Defaults to
+.Pa /dev/null .
+If set to any other path,
+.Ev REGRESS_FAIL_EARLY
+defaults to
+.Dq no .
+.It Ev REGRESS_ROOT_TARGETS
+Targets for which root access is required to run the test.
+The
+.Ev SUDO
+variable should be used in the test parts that require root.
+See also
+.Ev SUDO .
+.It Ev REGRESS_SETUP
+If this variable is set, it contains a target that is executed
+before each regress target.
+Regress targets depend on this one to enforce setup.
+.It Ev REGRESS_SETUP_ONCE
+If this variable is set, it contains a target that is executed
+once before all regress targets.
+Regress targets depend on a stamp file generated during setup.
+.It Ev REGRESS_SKIP_SLOW
+If this variable is not empty, skip over all the regression
+tests which have been marked as being 'slow' using the
+.Ev REGRESS_SLOW_TARGETS
+variable.
+.It Ev REGRESS_SKIP_TARGETS
+Targets which are unconditionally skipped.
+.It Ev REGRESS_SLOW_TARGETS
+Targets which are defined as 'slow'.
+All of these tests can be skipped by setting the
+.Ev REGRESS_SKIP_SLOW
+variable.
+.It Ev REGRESS_TARGETS
+Targets which are invoked to run the set of regression tests
+for this Makefile.
+Defaults to
+.Cm run-regress-${PROG} .
+.It Ev SUDO
+Location of a command used to switch to root for certain
+test targets which require it.
+See
+.Xr doas 1 .
+.El
+.Pp
+Some variables are intended to be set at runtime in the environment
+or in
+.Xr mk.conf 5 ,
+but not in the regress Makefile itself.
+.Sh GUIDELINES
+If an individual test passes,
+.Sy make Ar testname
+should return with an exit status of 0.
+If it fails, it should return with a non-zero exit status.
+.Pp
+If a test cannot be executed because a package is not installed or
+some environment variable is not set,
+.Sy make Ar testname
+should print
+.Qq SKIPPED
+to stdout and exit with status 0.
+To skip everything, implement the
+.Cm regress
+target with a command that prints
+.Qq SKIPPED .
+.Pp
+Some tests may require a special setup on the test machine that has
+to be done manually before testing.
+This requirement has to be documented in the Makefile or in a
+.Pa README
+file.
+The test should find out whether the setup exists before running
+and print
+.Qq SKIPPED
+and exit if it is missing.
+.Pp
+Tests should not fail because an intended feature has not been
+implemented yet.
+To avoid such false failures, a test should show the reason, print
+.Qq DISABLED
+to stdout and exit with status 0.
+.Pp
+Tests must be able to run with an
+.Pa obj
+directory.
+In case the test is not linked to the build or the tester forgot
+to run
+.Sy make Cm obj
+before, this directory or symlink may not exist.
+Then the test should run anyway.
+.Pp
+Tests are executed with
+.Sy make Cm regress ,
+but running
+.Sy make Cm all
+or
+.Sy make
+should have the same effect.
+Tests must be runnable by root, and may also succeed when run as a
+regular user.
+Tests must not assume they have a controlling tty,
+to allow them to be run by
+.Xr cron 8 .
+An individual regress test may create a pseudo tty if it needs one.
+.Pp
+Tests should use the binaries installed and the kernel running on
+the local system.
+They may use environment variables to test alternative binaries or
+remote kernels running on other machines.
+In some cases a test may need binaries or libraries or object files
+to be present in
+.Pa /usr/obj/
+that exist only after
+.Sy make Cm build
+was run in
+.Pa /usr/src/ .
+The test must not assume that they have already been built, but
+should run
+.Sy make
+in the appropriate source directory as a dependency.
+For missing generated source or header files a target called
+.Sy make Cm generated
+is common.
+The
+.Pa /usr/src/
+tree can be found with a relative path or with the
+.Ev BSDSRCDIR
+variable.
+.Pp
+Tests should generally not set or modify
+.Ev MALLOC_OPTIONS
+unless it is testing specific behaviour that depends on a particular
+flag or combination of flags.
+When running tests, the appropriate sysctl
+.Pq vm.malloc_conf
+could be used instead.
+.Sh SEE ALSO
+.Xr bsd.port.mk 5
+.Sh HISTORY
+The regression system originally came from
+.Nx ,
+with many tests added by
+.Ox
+since.
+The current Makefile framework was written by Artur Grabowski
+and Marc Espie for
+.Ox 3.1 .
diff --git a/static/openbsd/man5/cabal-module.5 b/static/openbsd/man5/cabal-module.5
new file mode 100644
index 00000000..c032d847
--- /dev/null
+++ b/static/openbsd/man5/cabal-module.5
@@ -0,0 +1,140 @@
+.\"	$OpenBSD: cabal-module.5,v 1.3 2025/08/16 16:43:06 daniel Exp $
+.\"
+.\" Copyright (c) 2021 Greg Steuck
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 16 2025 $
+.Dt CABAL-MODULE 5
+.Os
+.Sh NAME
+.Nm cabal-module
+.Nd devel/cabal port module for building Haskell programs
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=devel/cabal
+in the
+.Xr ports 7
+tree.
+.Pp
+Uses
+.Xr cabal 1
+to automate packaging Haskell binary projects.
+During
+.Cm fetch ,
+the dependent packages enumerated in
+.Ev MODCABAL_MANIFEST
+are downloaded into the
+.Pa hackage
+subdirectory of
+.Ev DIST_SUBDIR .
+During
+.Cm post-extract ,
+the dependency sources are unpacked into
+.Ev WORKDIR .
+Special care is taken to replace .cabal files if they are updated
+post-release on hackage.
+A custom
+.Pa cabal.project.local
+file gets created to direct
+.Xr cabal 1
+to the extracted packages and prevent any network interaction.
+In rare cases a custom
+.Pa cabal.project
+is required.
+This module automatically copies such files from port's
+.Pa files
+into
+.Ev WRKSRC .
+During
+.Cm build ,
+.Xr cabal 1
+is invoked to build the executables listed in
+.Ev MODCABAL_EXECUTABLES .
+.Pp
+.Pa lang/ghc
+and
+.Pa devel/cabal-install
+are added to
+.Ev BUILD_DEPENDS .
+This module uses
+.Ev SITES.hs
+to download the sources from hackage.
+.Pp
+This module parameters:
+.Bl -tag -width MODCABAL_EXECUTABLES
+.It MODCABAL_STEM
+Name of the package on hackage (required).
+.It MODCABAL_VERSION
+Version of the package (required).
+.It MODCABAL_MANIFEST
+Hackage dependencies required by this package, see below.
+.It MODCABAL_DATA_DIR
+data-dir from .cabal file (if executable needs this)
+.It MODCABAL_REVISION
+Numeric revision of .cabal file on hackage if one is
+needed on top of .cabal file contained in the .tar.gz file.
+.It MODCABAL_BUILD_ARGS
+passed to cabal v2-build
+.It MODCABAL_FLAGS
+custom feature
+.Fl -flags
+for
+.Xr cabal 1 .
+.It MODCABAL_EXECUTABLES
+Executable target in .cabal file, defaults to hackage package name in
+.Ev MODCABAL_STEM .
+.El
+.Pp
+This module adds currently adds no
+.Xr make 1
+targets.
+.Sh DEPENDENCY MANIFEST
+Hackage dependencies are listed in
+.Ev MODCABAL_MANIFEST
+as space separate triples of
+.Em package
+.Em version
+.Em revision .
+They correspond to the main package values of
+.Ev MODCABAL_STEM
+.Ev MODCABAL_VERSION
+.Ev MODCABAL_REVISION .
+.Pp
+The contents of
+.Ev MODCABAL_MANIFEST
+is normally generated by
+.Pa devel/cabal-bundler
+which creates a working build plan from hackage dependency information.
+.Sh EXAMPLES
+To create a new Haskell binary port one would install cabal-bundler
+port, look up the chosen package version number on hackage.
+E.g.
+.Pp
+$
+.Cm cabal-bundler
+.Fl -openbsd
+.Ar cpphs-1.20
+.Sh SEE ALSO
+.Xr cabal 1 ,
+.Xr port-modules 5
diff --git a/static/openbsd/man5/cargo-module.5 b/static/openbsd/man5/cargo-module.5
new file mode 100644
index 00000000..8b3f973d
--- /dev/null
+++ b/static/openbsd/man5/cargo-module.5
@@ -0,0 +1,147 @@
+.\"	$OpenBSD: cargo-module.5,v 1.10 2025/01/13 18:20:47 kirill Exp $
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\" Copyright (c) 2017 Daniel Jakots
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: January 13 2025 $
+.Dt CARGO-MODULE 5
+.Os
+.Sh NAME
+.Nm cargo-module
+.Nd devel/cargo port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=devel/cargo
+in the
+.Xr ports 7
+tree.
+.Pp
+Automates download and compilation of dependencies of a Rust project using
+.Xr cargo 1 .
+.Pp
+During
+.Cm fetch ,
+static dependencies ("crates") listed in
+.Ev MODCARGO_CRATES
+are downloaded using
+.Ev MODCARGO_DIST_SUBDIR
+as
+.Ev DIST_SUBDIR .
+.Pp
+During
+.Cm post-extract ,
+crates defined in
+.Ev MODCARGO_CRATES
+are moved to the
+.Ev MODCARGO_VENDOR_DIR
+directory.
+.Pp
+During
+.Cm post-patch ,
+crate-metadata are generated using
+.Pa devel/cargo-generate-vendor .
+.Pp
+With
+.Ev CONFIGURE_STYLE
+set to
+.Sq cargo ,
+cargo is configured to use
+.Ev MODCARGO_VENDOR_DIR
+instead of the standard crates-io network source.
+Finally, any crates listed in
+.Ev MODCARGO_CRATES_UPDATE
+are updated.
+.Pp
+.Ev MODCARGO_RUSTFLAGS
+can be used to pass custom flags to all
+.Xr rustc 1
+invocations.
+.Pp
+.Pa lang/rust
+is added to
+.Ev MODULES ,
+and
+.Pa devel/cargo-generate-vendor
+is added to
+.Ev BUILD_DEPENDS .
+.Pp
+This module defines:
+.Bl -tag -width MODCARGO_INSTALL_TARGET_PATHS
+.It Ev MODCARGO_CARGOTOML
+Path to cargo manifest.
+Defaults to
+.Pa ${WRKSRC}/Cargo.toml .
+.It Ev MODCARGO_CARGOLOCK
+Path to
+.Pa Cargo.lock ,
+which is used only by the
+.Cm modcargo-gen-crates
+target.
+Defaults to
+.Pa ${MODCARGO_CARGOTOML:toml=lock} .
+.It Ev MODCARGO_CRATES
+Crates that will be downloaded by the module.
+.It Ev MODCARGO_CRATES_UPDATE
+List of crates to update, overriding the version listed in Cargo.lock.
+.It Ev MODCARGO_FEATURES
+List of features to be used when building.
+.It Ev MODCARGO_INSTALL_TARGET_PATHS
+List of paths to pass to
+.Cm cargo install
+instead of
+.Pa \&. .
+Needs to be set for some virtual manifests.
+.It Ev MODCARGO_VENDOR_DIR
+Name of the local directory for vendoring crates.
+Defaults to
+.Pa ${WRKSRC}/modcargo-crates .
+.It Ev MODCARGO_WANTLIB
+Architecture-specific
+.Ev WANTLIB
+entries required by all Rust code.
+It is a copy of
+.Ev MODRUST_WANTLIB
+provided for simplicity.
+.El
+.Pp
+This module adds three
+.Xr make 1
+targets:
+.Bl -tag -width modcargo-gen-crates-licenses
+.It Cm modcargo-metadata
+Rerun the generation of crates' metadata.
+.It Cm modcargo-gen-crates
+Generate the
+.Ev MODCARGO_CRATES
+list from Cargo.lock (a preliminary crates list is not required).
+.It Cm modcargo-gen-crates-licenses
+Generate the
+.Ev MODCARGO_CRATES
+list with license information from crates present in the
+.Ev MODCARGO_VENDOR_DIR
+directory.
+.El
+.Sh SEE ALSO
+.Xr port-modules 5
diff --git a/static/openbsd/man5/changelist.5 b/static/openbsd/man5/changelist.5
new file mode 100644
index 00000000..34b1af79
--- /dev/null
+++ b/static/openbsd/man5/changelist.5
@@ -0,0 +1,140 @@
+.\"	$OpenBSD: changelist.5,v 1.11 2025/03/26 09:51:08 schwarze Exp $
+.\"
+.\" Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: March 26 2025 $
+.Dt CHANGELIST 5
+.Os
+.Sh NAME
+.Nm changelist
+.Nd list of backup files
+.Sh DESCRIPTION
+The
+.Pa /etc/changelist
+file is a simple text file containing the names of files to be backed up
+and checked
+.Xr daily 8
+by the system
+.Xr security 8
+script.
+.Pp
+Each line of the file contains the absolute pathname of one file.
+By default, several configuration files in
+.Pa /etc ,
+.Pa /root ,
+and
+.Pa /var
+are added during system install.
+Administrators may add additional files at their discretion.
+Shell globbing is supported in pathnames.
+.Pp
+Backup files are held in the directory
+.Pa /var/backups .
+A backup of the current version of a file is kept in this directory, marked
+.Qq current .
+When the file is altered, the old version is marked as
+.Qq backup
+and the new version becomes
+.Qq current .
+.Pp
+For example,
+the system shell database,
+.Pa /etc/shells ,
+is held as
+.Pa /var/backups/etc_shells.current .
+When this file is modified, it is renamed to
+.Pa /var/backups/etc_shells.backup
+and the new version becomes
+.Pa /var/backups/etc_shells.current .
+Thereafter, these files are rotated.
+.Pp
+Diffs are mailed to the root administrator, in unified
+.Xr diff 1
+format, via
+.Xr daily 8 ,
+in the following format:
+.Bd -unfilled -offset indent
+=====
+/etc/shells diffs (-OLD  +NEW)
+=====
+.Ed
+.Pp
+Files in
+.Pa /etc/changelist
+prefixed by a
+.Sq +
+character are stored as
+.Xr sha256 1
+checksums.
+During installation, that prefix is used for non-text files
+and for files that may contain secrets.
+Results are mailed in the following format:
+.Bd -unfilled -offset indent
+======
+/etc/ssh/ssh_host_ed25519_key SHA-256 checksums
+======
+OLD:
+NEW:
+.Ed
+.Pp
+Lines beginning with the comment character
+.Pq Sq # ,
+blank lines,
+and non-existent files are all silently ignored.
+.\" .Sh ENVIRONMENT
+.Sh FILES
+.Bl -tag -width /etc/changelist -compact
+.It Pa /etc/changelist
+Default changelist.
+.It Pa /etc/daily
+Maintenance script which runs
+.Xr security 8 .
+.It Pa /var/backups/
+Directory containing file backups.
+.El
+.Sh SEE ALSO
+.Xr diff 1 ,
+.Xr sha256 1 ,
+.Xr daily 8 ,
+.Xr security 8
+.Sh HISTORY
+The
+.Nm
+manual page first appeared in
+.Ox 3.5 .
+.Sh CAVEATS
+Anyone with the privileges to alter system configuration files
+could also alter the backup files in
+.Pa /var/backups .
+It is important that this directory be owned by root:wheel
+and have permissions 0700 set.
+.Pp
+Removal of the
+.Pa /etc/changelist
+file itself could cause confusion.
+.Pp
+.Nm
+cannot warn about files being added to the system, although
+.Xr security 8
+will pick up on any files listed in
+.Pa /etc/changelist
+being added or deleted.
+Removals are only noticed for files listed explicitly,
+but not for files matched by globbing.
+.Pp
+If you hose your system configuration files,
+you just might be able to find the information you need in
+.Pa /var/backups .
+This is not a CAVEAT, but we had to let you know somehow!
diff --git a/static/openbsd/man5/core.5 b/static/openbsd/man5/core.5
new file mode 100644
index 00000000..29841f83
--- /dev/null
+++ b/static/openbsd/man5/core.5
@@ -0,0 +1,145 @@
+.\"	$OpenBSD: core.5,v 1.25 2021/05/01 16:11:10 visa Exp $
+.\"	$NetBSD: core.5,v 1.4 1994/11/30 19:31:11 jtc Exp $
+.\"
+.\" Copyright (c) 1980, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)core.5	8.3 (Berkeley) 12/11/93
+.\"
+.Dd $Mdocdate: May 1 2021 $
+.Dt CORE 5
+.Os
+.Sh NAME
+.Nm core
+.Nd memory image file format
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/exec_elf.h
+.Sh DESCRIPTION
+A small number of signals which cause abnormal termination of a process
+also cause a record of the process's in-core state to be written
+to disk for later examination by one of the available debuggers (see
+.Xr sigaction 2 ) .
+.Pp
+By default, this memory image is written to a file named
+.Pa programname.core
+in the working directory, provided the terminated process had write
+permission in the directory,
+and the terminated process either had an effective user ID of zero or
+had never changed user or group ID.
+See the description of
+.Dv KERN_NOSUIDCOREDUMP
+in
+.Xr sysctl 2
+for other options.
+.Pp
+The maximum size of a
+.Pa programname.core
+file is limited by
+.Xr setrlimit 2 .
+Files which would be larger than the limit are not created.
+.Pp
+The
+.Pa programname.core
+file is in the ELF binary file format with an
+.Va e_type
+of
+.Dv ET_CORE .
+It has no section header table and a segment header that contains
+.Dv PT_LOAD
+and
+.Dv PT_NOTE
+segments that describe the state of the process when terminated.
+.Pp
+The
+.Dv PT_LOAD
+segments hold images of the process memory when it was terminated.
+Device mappings are excluded,
+as are read-only mappings that do not have private mapping changes.
+Each segment's
+.Va p_vaddr ,
+.Va p_memsz ,
+and
+.Va p_flags
+specify the address, size, and access protection of the memory
+segment it describes.
+.Pp
+The
+.Dv PT_NOTE
+segment contains notes describing the kernel state and CPU registers
+of each thread in the process.
+Notes describing the process as a whole have the name
+.Dq OpenBSD .
+An
+.Dv NT_OPENBSD_PROCINFO
+note is included containing an
+.Vt elfcore_procinfo
+structure with information about the kernel state of the process.
+An
+.Dv NT_OPENBSD_AUXV
+note is included containing a copy of the original process environment strings.
+On sparc64, an
+.Dv NT_OPENBSD_WCOOKIE
+note is included containing the process's
+.Sq window cookie .
+.Pp
+Notes describing the individual threads in the process have names
+in the format
+.Dq OpenBSD@%d
+where the suffix is the thread ID.
+For each thread, an
+.Dv NT_OPENBSD_REGS
+note is included containing the state of the regular registers of
+the thread and, on architectures other than luna88k, an
+.Dv NT_OPENBSD_FPREGS
+note is also included containing the state of the floating-point
+registers of the thread.
+.Sh SEE ALSO
+.Xr gdb 1 ,
+.Xr setrlimit 2 ,
+.Xr sigaction 2 ,
+.Xr sysctl 2
+.Sh HISTORY
+A
+.Nm
+file format appeared in
+.At v1 .
+.Ox 2.0
+started using the ELF format for some architectures.
+All architectures used ELF starting in
+.Ox 5.4 .
+.Sh CAVEATS
+Programs which are started with either the set-user-ID or
+set-group-ID bits set,
+or which change their UID or GID after starting, will normally not
+dump core.
+This is to prevent sensitive information from inadvertently ending
+up on disk.
+This behaviour can be changed (for debugging purposes) by changing the
+.Li kern.nosuidcoredump
+.Xr sysctl 2
+variable to the right settings.
diff --git a/static/openbsd/man5/defaultdomain.5 b/static/openbsd/man5/defaultdomain.5
new file mode 100644
index 00000000..4ba0b269
--- /dev/null
+++ b/static/openbsd/man5/defaultdomain.5
@@ -0,0 +1,33 @@
+.\" $OpenBSD: defaultdomain.5,v 1.5 2017/07/13 19:16:33 jmc Exp $
+.\" Written by Jared Yanovich
+.\" This file belongs to the public domain.
+.Dd $Mdocdate: July 13 2017 $
+.Dt DEFAULTDOMAIN 5
+.Os
+.Sh NAME
+.Nm defaultdomain
+.Nd default YP domain name
+.Sh DESCRIPTION
+The
+.Nm
+file is read by
+.Xr rc 8
+at system startup time.
+It is used to set the YP domain name of the host machine (see
+.Xr yp 8 ) .
+.Pp
+This file should contain a single line specifying the system domain name as
+supplied to
+.Xr domainname 1 .
+Empty lines and lines beginning with
+.Sq #
+in the file are ignored.
+.Sh FILES
+.Bl -tag -width "/etc/defaultdomain" -compact
+.It Pa /etc/defaultdomain
+default domain name
+.El
+.Sh SEE ALSO
+.Xr domainname 1 ,
+.Xr rc 8 ,
+.Xr yp 8
diff --git a/static/openbsd/man5/dir.5 b/static/openbsd/man5/dir.5
new file mode 100644
index 00000000..78b0fdfa
--- /dev/null
+++ b/static/openbsd/man5/dir.5
@@ -0,0 +1,126 @@
+.\"	$OpenBSD: dir.5,v 1.20 2019/09/07 10:28:27 schwarze Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)dir.5	8.4 (Berkeley) 5/3/95
+.\"
+.Dd $Mdocdate: September 7 2019 $
+.Dt DIR 5
+.Os
+.Sh NAME
+.Nm dir ,
+.Nm dirent
+.Nd directory file format
+.Sh SYNOPSIS
+.In dirent.h
+.Sh DESCRIPTION
+Directories provide a convenient hierarchical method of grouping
+files while obscuring the underlying details of the storage medium.
+A directory file is differentiated from a plain file by a flag in its
+.Xr inode 5
+entry.
+It consists of records (directory entries) each of which contains
+information about a file and a pointer to the file itself.
+Directory entries may contain other directories as well as plain files;
+such nested directories are referred to as subdirectories.
+A hierarchy of directories and files is formed in this manner
+and is called a file system (or referred to as a file system tree).
+.\" An entry in this tree,
+.\" nested or not nested,
+.\" is a pathname.
+.Pp
+Each directory file contains two special directory entries; one is a pointer
+to the directory itself called dot
+.Pq Dq \&.
+and the other a pointer to its parent directory called dot-dot
+.Pq Dq \&.. .
+Dot and dot-dot are valid pathnames, however, the system root directory
+.Pq Dq / ,
+has no parent and dot-dot points to itself like dot.
+.Pp
+File system nodes are ordinary directory files on which has
+been grafted a file system object, such as a physical disk or a
+partitioned area of such a disk (see
+.Xr mount 8 ) .
+.Pp
+The directory entry format is defined in the file
+.In dirent.h :
+.Bd -literal
+/*
+ * A directory entry has a struct dirent at the front of it, containing
+ * its inode number, the length of the entry, and the length of the name
+ * contained in the entry.  These are followed by the name padded to some
+ * alignment (currently 8 bytes) with NUL bytes.  All names are guaranteed
+ * NUL terminated.  The maximum length of a name in a directory is MAXNAMLEN.
+ */
+
+struct dirent {
+	ino_t		d_fileno;	/* file number of entry */
+	off_t		d_off;		/* offset of next entry */
+	u_int16_t	d_reclen;	/* length of this record */
+	u_int8_t	d_type;		/* file type, see below */
+	u_int8_t	d_namlen;	/* length of string in d_name */
+#define MAXNAMLEN       255
+	char    d_name[MAXNAMLEN + 1];  /* maximum name length */
+};
+
+#define	d_ino		d_fileno	/* backward compatibility */
+
+/*
+ * File types
+ */
+#define DT_UNKNOWN	0
+#define DT_FIFO		1
+#define DT_CHR		2
+#define DT_DIR		4
+#define DT_BLK		6
+#define DT_REG		8
+#define DT_LNK		10
+#define DT_SOCK		12
+.Ed
+.Sh SEE ALSO
+.Xr getdents 2 ,
+.Xr fs 5 ,
+.Xr inode 5
+.Sh HISTORY
+A
+.Nm dir
+file format appeared in
+.At v1 .
+A predecessor
+.Vt struct direct
+first appeared in
+.At v7 .
+The
+.Vt dirent
+structure first appeared in
+.Bx 4.3 Reno .
+The
+.Fa d_off
+member was added in
+.Ox 5.5 .
diff --git a/static/openbsd/man5/disktab.5 b/static/openbsd/man5/disktab.5
new file mode 100644
index 00000000..6ff8bab7
--- /dev/null
+++ b/static/openbsd/man5/disktab.5
@@ -0,0 +1,151 @@
+.\"	$OpenBSD: disktab.5,v 1.23 2022/11/07 10:21:17 krw Exp $
+.\"	$NetBSD: disktab.5,v 1.4 1994/11/30 19:31:15 jtc Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)disktab.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: November 7 2022 $
+.Dt DISKTAB 5
+.Os
+.Sh NAME
+.Nm disktab
+.Nd disk description file
+.Sh DESCRIPTION
+.Nm
+is a simple database which describes disk geometries and
+disk partition characteristics.
+It is used
+to initialize the disk label on the disk.
+The format is patterned after the
+.Xr termcap 5
+terminal database.
+Entries in
+.Nm
+consist of a number of colon
+.Pq Ql \&:
+separated fields.
+The first entry for each disk gives the names which are
+known for the disk, separated by
+.Dq \&|
+characters.
+The last name given should be a long name fully identifying the disk.
+.Pp
+The following list indicates the normal values stored for each disk entry:
+.Bl -column "d[0-4]" "bool" "Description"
+.It Sy Name Ta Sy Type Ta Sy Description
+.It \&dt Ta str Ta "Type of controller (e.g., SMD, ESDI, floppy)."
+.It \&ns Ta num Ta "Number of sectors per track."
+.It \&nt Ta num Ta "Number of tracks per cylinder."
+.It \&nc Ta num Ta "Total number of cylinders on the disk."
+.It \&sc Ta num Ta "Number of sectors per cylinder (default: ns*nt)."
+.It \&su Ta num Ta "Number of sectors per unit (default: sc*nc)."
+.It \&se Ta num Ta "Sector size in bytes (default:"
+.Dv DEV_BSIZE ) .
+.Pp
+.It \&ba Ta num Ta "Block size for partition"
+.Dq a
+(bytes).
+.It \&bd Ta num Ta "Block size for partition"
+.Dq d
+(bytes).
+.It \&be Ta num Ta "Block size for partition"
+.Dq e
+(bytes).
+.It [...] Ta "" Ta ""
+.It \&bp Ta num Ta "Block size for partition"
+.Dq p
+(bytes).
+.Pp
+.It \&fa Ta num Ta "Fragment size for partition"
+.Dq a
+(bytes).
+.It \&fd Ta num Ta "Fragment size for partition"
+.Dq d
+(bytes).
+.It \&fe Ta num Ta "Fragment size for partition"
+.Dq e
+(bytes).
+.It [...] Ta "" Ta ""
+.It \&fp Ta num Ta "Fragment size for partition"
+.Dq p
+(bytes).
+.Pp
+.It \&oa Ta num Ta "Offset of partition"
+.Dq a
+(sectors).
+.It \&ob Ta num Ta "Offset of partition"
+.Dq b
+(sectors).
+.It \&oc Ta num Ta "Offset of partition"
+.Dq c
+(sectors).
+.It [...] Ta "" Ta ""
+.It \&op Ta num Ta "Offset of partition"
+.Dq p
+(sectors).
+.Pp
+.It \&pa Ta num Ta "Size of partition"
+.Dq a
+(sectors).
+.It \&pb Ta num Ta "Size of partition"
+.Dq b
+(sectors).
+.It \&pc Ta num Ta "Size of partition"
+.Dq c
+(sectors).
+.It [...] Ta "" Ta ""
+.It \&pp Ta num Ta "Size of partition"
+.Dq p
+(sectors).
+.Pp
+.It \&ta Ta str Ta "Type of partition"
+.Dq a
+(4.2BSD, swap, etc.).
+.It \&tb Ta str Ta "Type of partition"
+.Dq b .
+.It \&tc Ta str Ta "Type of partition"
+.Dq c .
+.It [...] Ta "" Ta ""
+.It \&tp Ta str Ta "Type of partition"
+.Dq p .
+.El
+.Sh FILES
+.Bl -tag -width /etc/disktab -compact
+.It Pa /etc/disktab
+.El
+.Sh SEE ALSO
+.Xr getdiskbyname 3 ,
+.Xr disklabel 5 ,
+.Xr disklabel 8 ,
+.Xr newfs 8
+.Sh HISTORY
+The
+.Nm
+description file appeared in
+.Bx 4.2 .
diff --git a/static/openbsd/man5/elf.5 b/static/openbsd/man5/elf.5
new file mode 100644
index 00000000..db5541db
--- /dev/null
+++ b/static/openbsd/man5/elf.5
@@ -0,0 +1,1427 @@
+.\"	$OpenBSD: elf.5,v 1.42 2022/03/31 17:27:22 naddy Exp $
+.\"Copyright (c) 1999 Jeroen Ruigrok van der Werven
+.\"All rights reserved.
+.\"
+.\"Redistribution and use in source and binary forms, with or without
+.\"modification, are permitted provided that the following conditions
+.\"are met:
+.\"1. Redistributions of source code must retain the above copyright
+.\"   notice, this list of conditions and the following disclaimer.
+.\"2. Redistributions in binary form must reproduce the above copyright
+.\"   notice, this list of conditions and the following disclaimer in the
+.\"   documentation and/or other materials provided with the distribution.
+.\"
+.\"THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\"ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\"IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\"ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\"FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\"DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\"OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\"HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\"LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\"OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\"SUCH DAMAGE.
+.\"
+.\"	$FreeBSD: src/share/man/man5/elf.5,v 1.21 2001/10/01 16:09:23 ru Exp $
+.\"
+.Dd $Mdocdate: March 31 2022 $
+.Dt ELF 5
+.Os
+.Sh NAME
+.Nm elf
+.Nd format of ELF executable binary files
+.Sh SYNOPSIS
+.In elf.h
+.Sh DESCRIPTION
+The header file
+.In elf.h
+defines the format of ELF executable binary files.
+Amongst these files are
+normal executable files, relocatable object files, core files and shared
+libraries.
+.Pp
+An executable file using the ELF file format consists of an ELF header,
+followed by a program header table or a section header table, or both.
+The ELF header is always at offset zero of the file.
+The program header
+table and the section header table's offset in the file are defined in the
+ELF header.
+The two tables describe the rest of the particularities of
+the file.
+.Pp
+Applications which wish to process ELF binary files for their native
+architecture only should include
+.In elf.h
+in their source code.
+These applications should need to refer to
+all the types and structures by their generic names
+.Dq Elf_xxx
+and to the macros by
+.Dq ELF_xxx .
+Applications written this way can be compiled on any architecture,
+regardless of whether the host is 32-bit or 64-bit.
+.Pp
+Should an application need to process ELF files of an unknown
+architecture, then the application needs to explicitly use either
+.Dq Elf32_xxx
+or
+.Dq Elf64_xxx
+type and structure names.
+Likewise, the macros need to be identified by
+.Dq ELF32_xxx
+or
+.Dq ELF64_xxx .
+.Pp
+This header file describes the above mentioned headers as C structures
+and also includes structures for dynamic sections, relocation sections and
+symbol tables.
+.Pp
+The following types are used for 32-bit architectures:
+.Bd -literal -offset indent
+Elf32_Addr	Unsigned 32-bit program address
+Elf32_Half	Unsigned 16-bit field
+Elf32_Lword	Unsigned 64-bit field
+Elf32_Off	Unsigned 32-bit file offset
+Elf32_Sword	Signed 32-bit field or integer
+Elf32_Word	Unsigned 32-bit field or integer
+.Ed
+.Pp
+And the following types are used for 64-bit architectures:
+.Bd -literal -offset indent
+Elf64_Addr	Unsigned 64-bit program address
+Elf64_Half	Unsigned 16-bit field
+Elf64_Lword	Unsigned 64-bit field
+Elf64_Off	Unsigned 64-bit file offset
+Elf64_Sword	Signed 32-bit field
+Elf64_Sxword	Signed 64-bit field or integer
+Elf64_Word	Unsigned 32-bit field
+Elf64_Xword	Unsigned 64-bit field or integer
+.Ed
+.Pp
+All data structures that the file format defines follow the
+.Dq natural
+size and alignment guidelines for the relevant class.
+If necessary,
+data structures contain explicit padding to ensure 4-byte alignment
+for 4-byte objects, to force structure sizes to a multiple of 4, etc.
+.Pp
+The ELF header is described by the type Elf32_Ehdr or Elf64_Ehdr:
+.Bd -literal -offset indent
+typedef struct {
+        unsigned char   e_ident[EI_NIDENT];
+        Elf32_Half      e_type;
+        Elf32_Half      e_machine;
+        Elf32_Word      e_version;
+        Elf32_Addr      e_entry;
+        Elf32_Off       e_phoff;
+        Elf32_Off       e_shoff;
+        Elf32_Word      e_flags;
+        Elf32_Half      e_ehsize;
+        Elf32_Half      e_phentsize;
+        Elf32_Half      e_phnum;
+        Elf32_Half      e_shentsize;
+        Elf32_Half      e_shnum;
+        Elf32_Half      e_shstrndx;
+} Elf32_Ehdr;
+.Ed
+.Bd -literal -offset indent
+typedef struct {
+	unsigned char   e_ident[EI_NIDENT];
+	Elf64_Half      e_type;
+	Elf64_Half      e_machine;
+	Elf64_Word      e_version;
+	Elf64_Addr      e_entry;
+	Elf64_Off       e_phoff;
+	Elf64_Off       e_shoff;
+	Elf64_Word      e_flags;
+	Elf64_Half      e_ehsize;
+	Elf64_Half      e_phentsize;
+	Elf64_Half      e_phnum;
+	Elf64_Half      e_shentsize;
+	Elf64_Half      e_shnum;
+	Elf64_Half      e_shstrndx;
+} Elf64_Ehdr;
+.Ed
+.Pp
+The fields have the following meanings:
+.Bl -tag -width "e_phentsize" -offset indent
+.It Dv e_ident
+This array of bytes specifies how to interpret the file,
+independent of the processor or the file's remaining contents.
+Within this array everything is named by macros, which start with
+the prefix
+.Sy EI_
+and may contain values which start with the prefix
+.Sy ELF .
+The following macros are defined:
+.Bl -tag -width "EI_VERSION"
+.It Dv EI_MAG0
+The first byte of the magic number.
+It must be filled with
+.Dv ELFMAG0 .
+.It Dv EI_MAG1
+The second byte of the magic number.
+It must be filled with
+.Dv ELFMAG1 .
+.It Dv EI_MAG2
+The third byte of the magic number.
+It must be filled with
+.Dv ELFMAG2 .
+.It Dv EI_MAG3
+The fourth byte of the magic number.
+It must be filled with
+.Dv ELFMAG3 .
+.It Dv EI_CLASS
+The fifth byte identifies the architecture for this binary:
+.Pp
+.Bl -tag -width "ELFCLASSNONE" -compact
+.It Dv ELFCLASSNONE
+This class is invalid.
+.It Dv ELFCLASS32
+This defines the 32-bit architecture.
+It supports machines with files
+and virtual address spaces up to 4 Gigabytes.
+.It Dv ELFCLASS64
+This defines the 64-bit architecture.
+.El
+.It Dv EI_DATA
+The sixth byte specifies the data encoding of the processor-specific
+data in the file.
+Currently these encodings are supported:
+.Pp
+.Bl -tag -width "ELFDATA2LSB" -compact
+.It Dv ELFDATANONE
+Unknown data format.
+.It Dv ELFDATA2LSB
+Two's complement, little-endian.
+.It Dv ELFDATA2MSB
+Two's complement, big-endian.
+.El
+.It Dv EI_VERSION
+The version number of the ELF specification:
+.Pp
+.Bl -tag -width "EV_CURRENT" -compact
+.It Dv EV_NONE
+Invalid version.
+.It Dv EV_CURRENT
+Current version.
+.El
+.It Dv EI_OSABI
+This byte identifies the OS- or ABI-specific ELF extensions used by
+this object.
+Some fields in other ELF structures have flags and values that have
+platform specific meanings; the interpretation of those fields is
+determined by the value of this byte.
+The following values are currently defined:
+.Pp
+.Bl -tag -width "ELFOSABI_STANDALONE" -compact
+.It Dv ELFOSABI_SYSV
+UNIX System V ABI.
+.It Dv ELFOSABI_HPUX
+HP-UX operating system ABI.
+.It Dv ELFOSABI_NETBSD
+.Nx
+operating system ABI.
+.It Dv ELFOSABI_LINUX
+GNU/Linux operating system ABI.
+.It Dv ELFOSABI_HURD
+GNU/Hurd operating system ABI.
+.It Dv ELFOSABI_86OPEN
+86Open Common IA32 ABI.
+.It Dv ELFOSABI_SOLARIS
+Solaris operating system ABI.
+.It Dv ELFOSABI_MONTEREY
+Monterey project ABI.
+.It Dv ELFOSABI_IRIX
+IRIX operating system ABI.
+.It Dv ELFOSABI_FREEBSD
+.Fx
+operating system ABI.
+.It Dv ELFOSABI_TRU64
+TRU64 UNIX operating system ABI.
+.It Dv ELFOSABI_MODESTO
+Novell Modesto operating system ABI.
+.It Dv ELFOSABI_OPENBSD
+.Ox
+operating system ABI.
+.It Dv ELFOSABI_ARM
+ARM architecture ABI.
+.It Dv ELFOSABI_STANDALONE
+Stand-alone (embedded) ABI.
+.El
+.It Dv EI_ABIVERSION
+This byte identifies the version of the ABI
+to which the object is targeted.
+This field is used to distinguish among incompatible versions of an ABI.
+The interpretation of this version number
+is dependent on the ABI identified by the EI_OSABI field.
+.It Dv EI_PAD
+Start of padding.
+These bytes are reserved and set to zero.
+Programs which read them should ignore them.
+The value for EI_PAD will change in
+the future if currently unused bytes are given meanings.
+.It Dv EI_NIDENT
+The size of the e_ident array.
+.El
+.It Dv e_type
+This member of the structure identifies the object file type:
+.Pp
+.Bl -tag -width "ET_NONE" -compact
+.It Dv ET_NONE
+An unknown type.
+.It Dv ET_REL
+A relocatable file.
+.It Dv ET_EXEC
+An executable file.
+.It Dv ET_DYN
+A shared object.
+.It Dv ET_CORE
+A core file.
+.El
+.It Dv e_machine
+This member specifies the required architecture for an individual file:
+.Pp
+.Bl -tag -width "EM_MIPS_RS4_BE" -compact
+.It Dv EM_NONE
+An unknown machine.
+.It Dv EM_M32
+AT&T WE 32100.
+.It Dv EM_SPARC
+Sun Microsystems SPARC.
+.It Dv EM_386
+Intel 80386.
+.It Dv EM_68K
+Motorola 68000.
+.It Dv EM_88K
+Motorola 88000.
+.It Dv EM_486
+Intel 80486.
+.It Dv EM_860
+Intel 80860.
+.It Dv EM_MIPS
+MIPS RS3000 (big-endian only).
+.It Dv EM_MIPS_RS4_BE
+MIPS RS4000 (big-endian only).
+.It Dv EM_SPARC64
+SPARC v9 64-bit (unofficial).
+.It Dv EM_PARISC
+HPPA.
+.It Dv EM_SPARC32PLUS
+SPARC with enhanced instruction set.
+.It Dv EM_PPC
+PowerPC.
+.It Dv EM_PPC64
+PowerPC 64-bit.
+.It Dv EM_ARM
+Advanced RISC Machines ARM.
+.It Dv EM_ALPHA
+Compaq [DEC] Alpha.
+.It Dv EM_SH
+Hitachi/Renesas Super-H.
+.It Dv EM_SPARCV9
+SPARC v9 64-bit.
+.It Dv EM_IA_64
+Intel IA-64.
+.It Dv EM_AMD64
+AMD64.
+.It Dv EM_VAX
+DEC Vax.
+.It Dv EM_AARCH64
+ARM 64-bit.
+.It Dv EM_RISCV
+RISC-V.
+.It Dv EM_ALPHA_EXP
+Compaq [DEC] Alpha with enhanced instruction set.
+.El
+.It Dv e_version
+This member identifies the file version:
+.Pp
+.Bl -tag -width "EV_CURRENT" -compact
+.It Dv EV_NONE
+Invalid version.
+.It Dv EV_CURRENT
+Current version.
+.El
+.It Dv e_entry
+This member gives the virtual address to which the system first transfers
+control, thus starting the process.
+If the file has no associated entry
+point, this member holds zero.
+.It Dv e_phoff
+This member holds the program header table's file offset in bytes.
+If
+the file has no program header table, this member holds zero.
+.It Dv e_shoff
+This member holds the section header table's file offset in bytes.
+If the
+file has no section header table, this member holds zero.
+.It Dv e_flags
+This member holds processor-specific flags associated with the file.
+Flag names take the form EF_`machine_flag'.
+Currently no flags have been defined.
+.It Dv e_ehsize
+This member holds the ELF header's size in bytes.
+.It Dv e_phentsize
+This member holds the size in bytes of one entry in the file's program header
+table; all entries are the same size.
+.It Dv e_phnum
+This member holds the number of entries in the program header
+table.
+Thus the product of
+.Sy e_phentsize
+and
+.Sy e_phnum
+gives the table's size
+in bytes.
+If a file has no program header,
+.Sy e_phnum
+holds the value zero.
+.It Dv e_shentsize
+This member holds a sections header's size in bytes.
+A section header is one
+entry in the section header table; all entries are the same size.
+.It Dv e_shnum
+This member holds the number of entries in the section header table.
+Thus
+the product of
+.Sy e_shentsize
+and
+.Sy e_shnum
+gives the section header table's size in bytes.
+If a file has no section
+header table,
+.Sy e_shnum
+holds the value of zero.
+.It Dv e_shstrndx
+This member holds the section header table index of the entry associated
+with the section name string table.
+If the file has no section name string
+table, this member holds the value
+.Dv SHN_UNDEF .
+.El
+.Pp
+An executable or shared object file's program header table is an array of
+structures, each describing a segment or other information the system needs
+to prepare the program for execution.
+An object file
+.Em segment
+contains one or more
+.Em sections .
+Program headers are meaningful only for executable and shared object files.
+A file specifies its own program header size with the ELF header's
+.Sy e_phentsize
+and
+.Sy e_phnum
+members.
+As with the ELF executable header, the program header
+also has different versions depending on the architecture:
+.Bd -literal -offset indent
+typedef struct {
+        Elf32_Word      p_type;
+        Elf32_Off       p_offset;
+        Elf32_Addr      p_vaddr;
+        Elf32_Addr      p_paddr;
+        Elf32_Word      p_filesz;
+        Elf32_Word      p_memsz;
+        Elf32_Word      p_flags;
+        Elf32_Word      p_align;
+} Elf32_Phdr;
+.Ed
+.Bd -literal -offset indent
+typedef struct {
+        Elf64_Word      p_type;
+        Elf64_Word      p_flags;
+        Elf64_Off       p_offset;
+        Elf64_Addr      p_vaddr;
+        Elf64_Addr      p_paddr;
+        Elf64_Xword     p_filesz;
+        Elf64_Xword     p_memsz;
+        Elf64_Xword     p_align;
+} Elf64_Phdr;
+.Ed
+.Pp
+The main difference between the 32-bit and the 64-bit program header lies
+only in the location of a
+.Sy p_flags
+member in the total struct.
+.Bl -tag -width "p_offset" -offset indent
+.It Dv p_type
+This member of the Phdr struct tells what kind of segment this array
+element describes or how to interpret the array element's information.
+.Bl -tag -width "PT_DYNAMIC"
+.It Dv PT_NULL
+The array element is unused and the other members' values are undefined.
+This lets the program header have ignored entries.
+.It Dv PT_LOAD
+The array element specifies a loadable segment, described by
+.Sy p_filesz
+and
+.Sy p_memsz .
+The bytes from the file are mapped to the beginning of the memory
+segment.
+If the segment's memory size
+.Pq Sy p_memsz
+is larger than the file size
+.Pq Sy p_filesz ,
+the
+.Dq extra
+bytes are defined to hold the value 0 and to follow the segment's
+initialized area.
+The file size may not be larger than the memory size.
+Loadable segment entries in the program header table appear in ascending
+order, sorted on the
+.Sy p_vaddr
+member.
+.It Dv PT_DYNAMIC
+The array element specifies the location and size of the dynamic section,
+both in the file and in the memory image of the program.
+This segment type may not occur more than once in a file and may
+only occur if the dynamic section is part of the memory image of
+the program.
+.It Dv PT_INTERP
+The array element specifies the location and size of a null-terminated
+path name to invoke as an interpreter.
+This segment type is meaningful
+only for executable files (though it may occur for shared objects).
+However it may not occur more than once in a file.
+If it is present, it must precede any loadable segment entry.
+.It Dv PT_NOTE
+The array element specifies the location and size for auxiliary information.
+.It Dv PT_SHLIB
+This segment type is reserved but has unspecified semantics.
+Programs that
+contain an array element of this type do not conform to the ABI.
+.It Dv PT_PHDR
+The array element specifies the location and size of the program
+header table itself, both in the file and in the memory image of the program.
+This segment type may not occur more than once in a file and may
+only occur if the program header table is part of the memory image
+of the program.
+If it is present, it must precede any loadable segment entry.
+.It Dv PT_TLS
+The array element specifies the location and size of the
+thread-local storage for this file.
+Each thread in a process loading this file will have the segment's
+memory size
+.Pq Sy p_memsz
+allocated for it, where the bytes up to the segment's file size
+.Pq Sy p_filesz
+will be initialized with the data in this segment and the remaining
+.Dq extra
+bytes will be set to zero.
+This segment type may not occur more than once in a file and may
+only occur if the thread-local storage is part of the memory image
+of the program.
+.It Dv PT_GNU_EH_FRAME
+The array element specifies the location and size of the GNU exception
+frame header, both in the file and in the memory image of the program.
+This segment type may not occur more than once in a file and may
+only occur if the GNU exception frame header is part of the memory
+image of the program.
+.It Dv PT_GNU_RELRO
+The array element specifies the location and size of a part of the
+memory image of the program that should be made read-only once all
+immediate relocation processing for the file has been performed.
+This segment type may not occur more than once in a file.
+.It Dv PT_OPENBSD_RANDOMIZE
+The array element specifies the location and size of a part of the
+memory image of the program that must be filled with random data
+before any code in the object is executed.
+The memory region specified by a segment of this type may overlap
+the region specified by a
+.Dv PT_GNU_RELRO
+segment, in which case the intersection will be filled with random
+data before being marked read-only.
+This segment type may occur more than once in a file, but a limit
+on the total number of bytes in the segments for an object of no
+less than 65536 bytes may be imposed.
+.It Dv PT_OPENBSD_WXNEEDED
+The array element specifies that a process executing this file may
+need to be able to map or protect memory regions as simultaneously
+executable and writable.
+If the system is unable or unwilling to permit that for this executable
+then it may fail immediately.
+This segment type is meaningful only for executable files and is
+ignored in other objects.
+.It Dv PT_LOOS
+This value up to and including
+.Dv PT_HIOS
+is reserved for operating system-specific semantics.
+.It Dv PT_HIOS
+This value down to and including
+.Dv PT_LOOS
+is reserved for operating system-specific semantics.
+.It Dv PT_LOPROC
+This value up to and including
+.Dv PT_HIPROC
+is reserved for processor-specific semantics.
+.It Dv PT_HIPROC
+This value down to and including
+.Dv PT_LOPROC
+is reserved for processor-specific semantics.
+.El
+.It Dv p_offset
+This member holds the offset from the beginning of the file at which
+the first byte of the segment resides.
+.It Dv p_vaddr
+This member holds the virtual address at which the first byte of the
+segment resides in memory.
+.It Dv p_paddr
+On systems for which physical addressing is relevant, this member is
+reserved for the segment's physical address.
+Under
+.Bx
+this member is
+not used and must be zero.
+.It Dv p_filesz
+This member holds the number of bytes in the file image of the segment.
+It may be zero.
+.It Dv p_memsz
+This member holds the number of bytes in the memory image of the segment.
+It may be zero.
+.It Dv p_flags
+This member holds flags relevant to the segment:
+.Pp
+.Bl -tag -width "PF_X" -compact
+.It Dv PF_X
+An executable segment.
+.It Dv PF_W
+A writable segment.
+.It Dv PF_R
+A readable segment.
+.El
+.Pp
+A text segment commonly has the flags
+.Dv PF_X
+and
+.Dv PF_R .
+A data segment commonly has
+.Dv PF_X ,
+.Dv PF_W
+and
+.Dv PF_R .
+.It Dv p_align
+This member holds the value to which the segments are aligned in memory
+and in the file.
+Loadable process segments must have congruent values for
+.Sy p_vaddr
+and
+.Sy p_offset ,
+modulo the page size.
+Values of zero and one mean no alignment is required.
+Otherwise,
+.Sy p_align
+should be a positive, integral power of two, and
+.Sy p_vaddr
+should equal
+.Sy p_offset ,
+modulo
+.Sy p_align .
+.El
+.Pp
+A file's section header table lets one locate all the file's sections.
+The
+section header table is an array of Elf32_Shdr or Elf64_Shdr structures.
+The
+ELF header's
+.Sy e_shoff
+member gives the byte offset from the beginning of the file to the section
+header table.
+.Sy e_shnum
+holds the number of entries the section header table contains.
+.Sy e_shentsize
+holds the size in bytes of each entry.
+.Pp
+A section header table index is a subscript into this array.
+Some section
+header table indices are reserved.
+An object file does not have sections for
+these special indices:
+.Bl -tag -width "SHN_LORESERVE"
+.It Dv SHN_UNDEF
+This value marks an undefined, missing, irrelevant or otherwise meaningless
+section reference.
+For example, a symbol
+.Dq defined
+relative to section number
+.Dv SHN_UNDEF
+is an undefined symbol.
+.It Dv SHN_LORESERVE
+This value specifies the lower bound of the range of reserved indices.
+.It Dv SHN_LOPROC
+This value up to and including
+.Dv SHN_HIPROC
+is reserved for processor-specific semantics.
+.It Dv SHN_HIPROC
+This value down to and including
+.Dv SHN_LOPROC
+is reserved for processor-specific semantics.
+.It Dv SHN_ABS
+This value specifies the absolute value for the corresponding reference.
+For
+example, a symbol defined relative to section number
+.Dv SHN_ABS
+has an absolute value and is not affected by relocation.
+.It Dv SHN_COMMON
+Symbols defined relative to this section are common symbols, such as FORTRAN
+COMMON or unallocated C external variables.
+.It Dv SHN_HIRESERVE
+This value specifies the upper bound of the range of reserved indices.
+The
+system reserves indices between
+.Dv SHN_LORESERVE
+and
+.Dv SHN_HIRESERVE ,
+inclusive.
+The section header table does not contain entries for the
+reserved indices.
+.El
+.Pp
+The section header has the following structure:
+.Bd -literal -offset indent
+typedef struct {
+	Elf32_Word      sh_name;
+	Elf32_Word      sh_type;
+	Elf32_Word      sh_flags;
+	Elf32_Addr      sh_addr;
+	Elf32_Off       sh_offset;
+	Elf32_Word      sh_size;
+	Elf32_Word      sh_link;
+	Elf32_Word      sh_info;
+	Elf32_Word      sh_addralign;
+	Elf32_Word      sh_entsize;
+} Elf32_Shdr;
+.Ed
+.Bd -literal -offset indent
+typedef struct {
+	Elf64_Word      sh_name;
+	Elf64_Word      sh_type;
+	Elf64_Xword     sh_flags;
+	Elf64_Addr      sh_addr;
+	Elf64_Off       sh_offset;
+	Elf64_Xword     sh_size;
+	Elf64_Word      sh_link;
+	Elf64_Word      sh_info;
+	Elf64_Xword     sh_addralign;
+	Elf64_Xword     sh_entsize;
+} Elf64_Shdr;
+.Ed
+.Bl -tag -width "sh_addralign"
+.It Dv sh_name
+This member specifies the name of the section.
+Its value is an index
+into the section header string table section, giving the location of
+a null-terminated string.
+.It Dv sh_type
+This member categorizes the section's contents and semantics.
+.Bl -tag -width "SHT_PROGBITS"
+.It Dv SHT_NULL
+This value marks the section header as inactive.
+It does not
+have an associated section.
+Other members of the section header
+have undefined values.
+.It Dv SHT_PROGBITS
+This section holds information defined by the program, whose
+format and meaning are determined solely by the program.
+.It Dv SHT_SYMTAB
+This section holds a symbol table.
+Typically,
+.Dv SHT_SYMTAB
+provides symbols for link editing, though it may also be used
+for dynamic linking.
+As a complete symbol table, it may contain
+many symbols unnecessary for dynamic linking.
+An object file can
+also contain a
+.Dv SHT_DYNSYM
+section.
+.It Dv SHT_STRTAB
+This section holds a string table.
+An object file may have multiple
+string table sections.
+.It Dv SHT_RELA
+This section holds relocation entries with explicit addends, such
+as type
+.Sy Elf32_Rela
+for the 32-bit class of object files.
+An object may have multiple
+relocation sections.
+.It Dv SHT_HASH
+This section holds a symbol hash table.
+An object participating in
+dynamic linking must contain a symbol hash table.
+An object file may
+have only one hash table.
+.It Dv SHT_DYNAMIC
+This section holds information for dynamic linking.
+An object file may
+have only one dynamic section.
+.It Dv SHT_NOTE
+This section holds information that marks the file in some way.
+.It Dv SHT_NOBITS
+A section of this type occupies no space in the file but otherwise
+resembles
+.Dv SHT_PROGBITS .
+Although this section contains no bytes, the
+.Sy sh_offset
+member contains the conceptual file offset.
+.It Dv SHT_REL
+This section holds relocation offsets without explicit addends, such
+as type
+.Sy Elf32_Rel
+for the 32-bit class of object files.
+An object file may have multiple
+relocation sections.
+.It Dv SHT_SHLIB
+This section is reserved but has unspecified semantics.
+.It Dv SHT_DYNSYM
+This section holds a minimal set of dynamic linking symbols.
+An
+object file can also contain a
+.Dv SHT_SYMTAB
+section.
+.It Dv SHT_LOPROC
+This value up to and including
+.Dv SHT_HIPROC
+is reserved for processor-specific semantics.
+.It Dv SHT_HIPROC
+This value down to and including
+.Dv SHT_LOPROC
+is reserved for processor-specific semantics.
+.It Dv SHT_LOUSER
+This value specifies the lower bound of the range of indices reserved for
+application programs.
+.It Dv SHT_HIUSER
+This value specifies the upper bound of the range of indices reserved for
+application programs.
+Section types between
+.Dv SHT_LOUSER
+and
+.Dv SHT_HIUSER
+may be used by the application, without conflicting with current or future
+system-defined section types.
+.El
+.It Dv sh_flags
+Sections support one-bit flags that describe miscellaneous attributes.
+If a flag bit is set in
+.Sy sh_flags ,
+the attribute is
+.Dq on
+for the section.
+Otherwise, the attribute is
+.Dq off
+or does not apply.
+Undefined attributes are set to zero.
+.Pp
+.Bl -tag -width "SHF_EXECINSTR" -compact
+.It Dv SHF_WRITE
+This section contains data that should be writable during process
+execution.
+.It Dv SHF_ALLOC
+This section occupies memory during process execution.
+Some control
+sections do not reside in the memory image of an object file.
+This
+attribute is off for those sections.
+.It Dv SHF_EXECINSTR
+This section contains executable machine instructions.
+.It Dv SHF_TLS
+This section is for thread-local storage.
+.It Dv SHF_MASKPROC
+All bits included in this mask are reserved for processor-specific
+semantics.
+.El
+.It Dv sh_addr
+If this section appears in the memory image of a process, this member
+holds the address at which the section's first byte should reside.
+Otherwise, the member contains zero.
+.It Dv sh_offset
+This member's value holds the byte offset from the beginning of the file
+to the first byte in the section.
+One section type,
+.Dv SHT_NOBITS ,
+occupies no space in the file, and its
+.Sy sh_offset
+member locates the conceptual placement in the file.
+.It Dv sh_size
+This member holds the section's size in bytes.
+Unless the section type
+is
+.Dv SHT_NOBITS ,
+the section occupies
+.Sy sh_size
+bytes in the file.
+A section of type
+.Dv SHT_NOBITS
+may have a non-zero size, but it occupies no space in the file.
+.It Dv sh_link
+This member holds a section header table index link, whose interpretation
+depends on the section type.
+.It Dv sh_info
+This member holds extra information, whose interpretation depends on the
+section type.
+.It Dv sh_addralign
+Some sections have address alignment constraints.
+If a section holds a
+doubleword, the system must ensure doubleword alignment for the entire
+section.
+That is, the value of
+.Sy sh_addr
+must be congruent to zero, modulo the value of
+.Sy sh_addralign .
+Only zero and positive integral powers of two are allowed.
+Values of zero
+or one mean the section has no alignment constraints.
+.It Dv sh_entsize
+Some sections hold a table of fixed-sized entries, such as a symbol table.
+For such a section, this member gives the size in bytes for each entry.
+This member contains zero if the section does not hold a table of
+fixed-size entries.
+.El
+.Pp
+Various sections hold program and control information:
+.Bl -tag -width ".shstrtab"
+.It .SUNW_ctf
+This section contains the (un)compressed Compact C-Type Format data
+describing the object's types and symbols.
+This section is of type
+.Dv SHT_PROGBITS .
+.It .bss
+This section holds uninitialized data that contribute to the program's
+memory image.
+By definition, the system initializes the data with zeros
+when the program begins to run.
+This section is of type
+.Dv SHT_NOBITS .
+The attribute types are
+.Dv SHF_ALLOC
+and
+.Dv SHF_WRITE .
+.It .comment
+This section holds version control information.
+This section is of type
+.Dv SHT_PROGBITS .
+No attribute types are used.
+.It .ctors
+This section holds initialized pointers to the C++ constructor functions.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute types are
+.Dv SHF_ALLOC
+and
+.Dv SHF_WRITE .
+.It .data
+This section holds initialized data that contribute to the program's
+memory image.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute types are
+.Dv SHF_ALLOC
+and
+.Dv SHF_WRITE .
+.It .data1
+This section holds initialized data that contribute to the program's
+memory image.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute types are
+.Dv SHF_ALLOC
+and
+.Dv SHF_WRITE .
+.It .debug
+This section holds information for symbolic debugging.
+The contents
+are unspecified.
+This section is of type
+.Dv SHT_PROGBITS .
+No attribute types are used.
+.It .dtors
+This section holds initialized pointers to the C++ destructor functions.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute types are
+.Dv SHF_ALLOC
+and
+.Dv SHF_WRITE .
+.It .dynamic
+This section holds dynamic linking information.
+The section's attributes
+will include the
+.Dv SHF_ALLOC
+bit.
+Whether the
+.Dv SHF_WRITE
+bit is set is processor-specific.
+This section is of type
+.Dv SHT_DYNAMIC .
+See the attributes above.
+.It .dynstr
+This section holds strings needed for dynamic linking, most commonly
+the strings that represent the names associated with symbol table entries.
+This section is of type
+.Dv SHT_STRTAB .
+The attribute type used is
+.Dv SHF_ALLOC .
+.It .dynsym
+This section holds the dynamic linking symbol table.
+This section is of type
+.Dv SHT_DYNSYM .
+The attribute used is
+.Dv SHF_ALLOC .
+.It .fini
+This section holds executable instructions that contribute to the process
+termination code.
+When a program exits normally, the system arranges to
+execute the code in this section.
+This section is of type
+.Dv SHT_PROGBITS .
+The attributes used are
+.Dv SHF_ALLOC
+and
+.Dv SHF_EXECINSTR .
+.It .got
+This section holds the global offset table.
+This section is of type
+.Dv SHT_PROGBITS .
+The attributes are processor-specific.
+.It .hash
+This section holds a symbol hash table.
+This section is of type
+.Dv SHT_HASH .
+The attribute used is
+.Dv SHF_ALLOC .
+.It .init
+This section holds executable instructions that contribute to the process
+initialization code.
+When a program starts to run, the system arranges to
+execute the code in this section before calling the main program entry point.
+This section is of type
+.Dv SHT_PROGBITS .
+The attributes used are
+.Dv SHF_ALLOC
+and
+.Dv SHF_EXECINSTR .
+.It .interp
+This section holds the pathname of a program interpreter.
+If the file has
+a loadable segment that includes the section, the section's attributes will
+include the
+.Dv SHF_ALLOC
+bit.
+Otherwise, that bit will be off.
+This section is of type
+.Dv SHT_PROGBITS .
+.It .line
+This section holds line number information for symbolic debugging, which
+describes the correspondence between the program source and the machine code.
+The contents are unspecified.
+This section is of type
+.Dv SHT_PROGBITS .
+No attribute types are used.
+.It .note
+This section holds information in the
+note section
+format described below.
+This section is of type
+.Dv SHT_NOTE .
+No attribute types are used.
+.Ox
+native executables contain a
+.Sy .note.openbsd.ident
+section to identify themselves.
+.It .plt
+This section holds the procedure linkage table.
+This section is of type
+.Dv SHT_PROGBITS .
+The attributes are processor-specific.
+.It .relNAME
+This section holds relocation information as described below.
+If the file
+has a loadable segment that includes relocation, the section's attributes
+will include the
+.Dv SHF_ALLOC
+bit.
+Otherwise the bit will be off.
+By convention,
+.Dq NAME
+is supplied by the section to which the relocations apply.
+Thus a relocation
+section for
+.Sy .text
+normally would have the name
+.Sy .rel.text .
+This section is of type
+.Dv SHT_REL .
+.It .relaNAME
+This section holds relocation information as described below.
+If the file
+has a loadable segment that includes relocation, the section's attributes
+will include the
+.Dv SHF_ALLOC
+bit.
+Otherwise the bit will be off.
+By convention,
+.Dq NAME
+is supplied by the section to which the relocations apply.
+Thus a relocation
+section for
+.Sy .text
+normally would have the name
+.Sy .rela.text .
+This section is of type
+.Dv SHT_RELA .
+.It .rodata
+This section holds read-only data that typically contribute to a
+non-writable segment in the process image.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute used is
+.Dv SHF_ALLOC .
+.It .rodata1
+This section holds read-only data that typically contribute to a
+non-writable segment in the process image.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute used is
+.Dv SHF_ALLOC .
+.It .shstrtab
+This section holds section names.
+This section is of type
+.Dv SHT_STRTAB .
+No attribute types are used.
+.It .strtab
+This section holds strings, most commonly the strings that represent the
+names associated with symbol table entries.
+If the file has a loadable
+segment that includes the symbol string table, the section's attributes
+will include the
+.Dv SHF_ALLOC
+bit.
+Otherwise the bit will be off.
+This section is of type
+.Dv SHT_STRTAB .
+.It .symtab
+This section holds a symbol table.
+If the file has a loadable segment
+that includes the symbol table, the section's attributes will include
+the
+.Dv SHF_ALLOC
+bit.
+Otherwise the bit will be off.
+This section is of type
+.Dv SHT_SYMTAB .
+.It .tbss
+This section is the thread-local storage version of
+.Sy .bss ,
+holding uninitialized data that contribute to the program's memory
+image on a per-thread basis.
+By definition, the system allocates and initializes the data with
+zeros for each thread before it first accesses it.
+This section is of type
+.Dv SHT_NOBITS .
+The attribute types are
+.Dv SHF_ALLOC ,
+.Dv SHF_WRITE ,
+and
+.Dv SHF_TLS .
+.It .tdata
+This section is the thread-local storage version of
+.Sy .data ,
+holding initialized data that contribute to the program's memory
+image on a per-thread basis.
+The system allocates and initializes the data for each thread before
+it first accesses it.
+This section is of type
+.Dv SHT_PROGBITS .
+The attribute types are
+.Dv SHF_ALLOC ,
+.Dv SHF_WRITE ,
+and
+.Dv SHF_TLS .
+.It .text
+This section holds the
+.Dq text ,
+or executable instructions, of a program.
+This section is of type
+.Dv SHT_PROGBITS .
+The attributes used are
+.Dv SHF_ALLOC
+and
+.Dv SHF_EXECINSTR .
+.El
+.Pp
+String table sections hold null-terminated character sequences, commonly
+called strings.
+The object file uses these strings to represent symbol
+and section names.
+One references a string as an index into the string
+table section.
+The first byte, which is index zero, is defined to hold
+a null character.
+Similarly, a string table's last byte is defined to
+hold a null character, ensuring null termination for all strings.
+.Pp
+An object file's symbol table holds information needed to locate and
+relocate a program's symbolic definitions and references.
+A symbol table
+index is a subscript into this array.
+.Bd -literal -offset indent
+typedef struct {
+	Elf32_Word      st_name;
+	Elf32_Addr      st_value;
+	Elf32_Word      st_size;
+	unsigned char   st_info;
+	unsigned char   st_other;
+	Elf32_Half      st_shndx;
+} Elf32_Sym;
+.Ed
+.Bd -literal -offset indent
+typedef struct {
+	Elf64_Word      st_name;
+	unsigned char	st_info;
+	unsigned char	st_other;
+	Elf64_Half   	st_shndx;
+	Elf64_Addr	st_value;
+	Elf64_Xword     st_size;
+} Elf64_Sym;
+.Ed
+.Bl -tag -width "st_value"
+.It Dv st_name
+This member holds an index into the object file's symbol string table,
+which holds character representations of the symbol names.
+If the value
+is non-zero, it represents a string table index that gives the symbol
+name.
+Otherwise, the symbol table has no name.
+.It Dv st_value
+This member gives the value of the associated symbol.
+.It Dv st_size
+Many symbols have associated sizes.
+This member holds zero if the symbol
+has no size or an unknown size.
+.It Dv st_info
+This member specifies the symbol's type and binding attributes:
+.Bl -tag -width "STT_SECTION"
+.It Dv STT_NOTYPE
+The symbol's type is not defined.
+.It Dv STT_OBJECT
+The symbol is associated with a data object.
+.It Dv STT_FUNC
+The symbol is associated with a function or other executable code.
+.It Dv STT_SECTION
+The symbol is associated with a section.
+Symbol table entries of
+this type exist primarily for relocation and normally have
+.Dv STB_LOCAL
+bindings.
+.It Dv STT_FILE
+By convention, the symbol's name gives the name of the source file
+associated with the object file.
+A file symbol has
+.Dv STB_LOCAL
+bindings, its section index is
+.Dv SHN_ABS ,
+and it precedes the other
+.Dv STB_LOCAL
+symbols of the file, if it is present.
+.It Dv STT_TLS
+The symbol is associated with an object in thread-local storage.
+The symbol's value is its offset in the TLS storage for this file.
+.It Dv STT_LOPROC
+This value up to and including
+.Dv STT_HIPROC
+is reserved for processor-specific semantics.
+.It Dv STT_HIPROC
+This value down to and including
+.Dv STT_LOPROC
+is reserved for processor-specific semantics.
+.El
+.Bl -tag -width "STB_GLOBAL"
+.It Dv STB_LOCAL
+Local symbols are not visible outside the object file containing their
+definition.
+Local symbols of the same name may exist in multiple files
+without interfering with each other.
+.It Dv STB_GLOBAL
+Global symbols are visible to all object files being combined.
+One file's
+definition of a global symbol will satisfy another file's undefined
+reference to the same symbol.
+.It Dv STB_WEAK
+Weak symbols resemble global symbols, but their definitions have lower
+precedence.
+.It Dv STB_LOPROC
+This value up to and including
+.Dv STB_HIPROC
+is reserved for processor-specific semantics.
+.It Dv STB_HIPROC
+This value down to and including
+.Dv STB_LOPROC
+is reserved for processor-specific semantics.
+.Pp
+There are macros for packing and unpacking the binding and type fields:
+.Pp
+.Bl -tag -width "ELF32_ST_INFO(bind, type)" -compact
+.It Xo
+.Fn ELF32_ST_BIND info
+.Xc
+or
+.Fn ELF64_ST_BIND info
+extract a binding from an st_info value.
+.It Xo
+.Fn ELF64_ST_TYPE info
+.Xc
+or
+.Fn ELF32_ST_TYPE info
+extract a type from an st_info value.
+.It Xo
+.Fn ELF32_ST_INFO bind type
+.Xc
+or
+.Fn ELF64_ST_INFO bind type
+convert a binding and a type into an st_info value.
+.El
+.El
+.It Dv st_other
+This member currently holds zero and has no defined meaning.
+.It Dv st_shndx
+Every symbol table entry is
+.Dq defined
+in relation to some section.
+This member holds the relevant section
+header table index.
+.El
+.Pp
+Relocation is the process of connecting symbolic references with
+symbolic definitions.
+Relocatable files must have information that
+describes how to modify their section contents, thus allowing executable
+and shared object files to hold the right information for a process'
+program image.
+Relocation entries are these data.
+.Pp
+Relocation structures that do not need an addend:
+.Bd -literal -offset indent
+typedef struct {
+	Elf32_Addr      r_offset;
+	Elf32_Word      r_info;
+} Elf32_Rel;
+.Ed
+.Bd -literal -offset indent
+typedef struct {
+	Elf64_Addr      r_offset;
+	Elf64_Xword     r_info;
+} Elf64_Rel;
+.Ed
+.Pp
+Relocation structures that need an addend:
+.Bd -literal -offset indent
+typedef struct {
+	Elf32_Addr      r_offset;
+	Elf32_Word      r_info;
+	Elf32_Sword     r_addend;
+} Elf32_Rela;
+.Ed
+.Bd -literal -offset indent
+typedef struct {
+	Elf64_Addr      r_offset;
+	Elf64_Xword     r_info;
+	Elf64_Sxword    r_addend;
+} Elf64_Rela;
+.Ed
+.Bl -tag -width "r_offset"
+.It Dv r_offset
+This member gives the location at which to apply the relocation action.
+For a relocatable file, the value is the byte offset from the beginning
+of the section to the storage unit affected by the relocation.
+For an
+executable file or shared object, the value is the virtual address of
+the storage unit affected by the relocation.
+.It Dv r_info
+This member gives both the symbol table index with respect to which the
+relocation must be made and the type of relocation to apply.
+Relocation
+types are processor-specific.
+When the text refers to a relocation
+entry's relocation type or symbol table index, it means the result of
+applying
+.Dv ELF[32|64]_R_TYPE
+or
+.Dv ELF[32|64]_R_SYM ,
+respectively, to the entry's
+.Sy r_info
+member.
+.It Dv r_addend
+This member specifies a constant addend used to compute the value to be
+stored into the relocatable field.
+.El
+.Pp
+The note section is used to hold vendor-specific information that
+may be used to help identify a binary's ABI.
+It should start with an Elf_Note struct,
+followed by the section name and the section description.
+The actual note contents follow thereafter.
+.Bd -literal -offset indent
+typedef struct {
+	Elf32_Word namesz;
+	Elf32_Word descsz;
+	Elf32_Word type;
+} Elf32_Note;
+
+typedef struct {
+	Elf64_Word namesz;
+	Elf64_Word descsz;
+	Elf64_Word type;
+} Elf64_Note;
+.Ed
+.Bl -tag -width "r_offset"
+.It Dv namesz
+Length of the note name, rounded up to a 4-byte boundary.
+.It Dv descsz
+Length of the note description, rounded up to a 4-byte boundary.
+.It Dv type
+A vendor-specific note type.
+.El
+.Pp
+The name and description strings follow the note structure.
+Each string is aligned on a 4-byte boundary.
+.Sh SEE ALSO
+.Xr as 1 ,
+.Xr gdb 1 ,
+.Xr ld 1 ,
+.Xr objdump 1 ,
+.Xr execve 2 ,
+.Xr core 5
+.Rs
+.%A Hewlett-Packard
+.%B Elf-64 Object File Format
+.Re
+.Rs
+.%A Santa Cruz Operation
+.%B System V Application Binary Interface
+.Re
+.Rs
+.%A Unix System Laboratories
+.%T Object Files
+.%B "Executable and Linking Format (ELF)"
+.Re
+.Sh HISTORY
+.Ox
+ELF support first appeared in
+.Ox 1.2 .
+Starting with
+.Ox 5.4 ,
+all supported platforms use it as the native binary file format.
+ELF in itself first appeared in
+.At V .
+The ELF format is an adopted standard.
+.Sh AUTHORS
+This manual page was written by
+.An Jeroen Ruigrok van der Werven Aq Mt asmodai@FreeBSD.org
+with inspiration from BSDi's
+.Bsx
+.Nm elf
+manpage.
diff --git a/static/openbsd/man5/ethers.5 b/static/openbsd/man5/ethers.5
new file mode 100644
index 00000000..aadd45fc
--- /dev/null
+++ b/static/openbsd/man5/ethers.5
@@ -0,0 +1,50 @@
+.\"	$OpenBSD: ethers.5,v 1.20 2019/08/30 19:34:04 deraadt Exp $
+.\"	$NetBSD: ethers.5,v 1.2 1994/11/30 19:31:16 jtc Exp $
+.\"
+.\"     Written by Roland McGrath <roland@frob.com>.  Public domain.
+.\"
+.Dd $Mdocdate: August 30 2019 $
+.Dt ETHERS 5
+.Os
+.Sh NAME
+.Nm ethers
+.Nd Ethernet host name database
+.Sh DESCRIPTION
+The
+.Nm
+file maps Ethernet addresses to host names.
+Lines consist of an address and a host name, separated by any number
+of blanks and/or tab characters.
+A
+.Ql #
+indicates the beginning of a comment; characters up to the end of
+the line are not interpreted by routines which search the file.
+.Pp
+Ethernet addresses are expressed as six hexadecimal numbers separated by
+colons.
+The functions described in
+.Xr ether_aton 3
+can read and produce this format.
+.Sh FILES
+.Bl -tag -width /etc/ethers -compact
+.It Pa /etc/ethers
+.El
+.Sh SEE ALSO
+.Xr ether_aton 3 ,
+.Xr diskless 8
+.Sh HISTORY
+The
+.Nm
+file format was adopted from SunOS and appeared in
+.Nx
+0.9b.
+.Sh BUGS
+A name server should be used instead of a static file.
+.Pp
+Lines in
+.Pa /etc/ethers
+are limited to
+.Dv BUFSIZ
+characters
+.Pq currently 1024 .
+Longer lines will be ignored.
diff --git a/static/openbsd/man5/fbtab.5 b/static/openbsd/man5/fbtab.5
new file mode 100644
index 00000000..f49dcade
--- /dev/null
+++ b/static/openbsd/man5/fbtab.5
@@ -0,0 +1,85 @@
+.\"	$OpenBSD: fbtab.5,v 1.16 2022/04/21 05:27:53 jmc Exp $
+.\"
+.\" Copyright (c) 1996 Theo de Raadt
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: April 21 2022 $
+.Dt FBTAB 5
+.Os
+.Sh NAME
+.Nm fbtab
+.Nd change device protection upon login
+.Sh DESCRIPTION
+The
+.Nm
+file contains lines which specify how the permissions and ownership of
+various system files should be changed based on the user's login device name.
+.Pp
+Comments start with a
+.Ql #
+and extend to the end of the line.
+Blank lines or lines with only a comment are ignored.
+.Pp
+All other lines consist of three fields delimited by whitespace.
+.Bl -tag -width xxxxxxxxxxxxxxxxxxxx
+.It Login Device
+The device you have logged in on (e.g.,
+.Dq /dev/ttyv0 ) .
+.It File Permission
+An octal permission number (0600), as used by
+.Xr chmod 2 .
+.It Other devices
+The final field is a colon
+.Pq Ql \&:
+delimited list of device paths (e.g.,
+.Dq /dev/console:/dev/fd0a:/dev/wskbd* ) .
+Device paths may include shell-style globbing patterns (see
+.Xr glob 7 ) ,
+potentially matching multiple devices.
+.El
+.Pp
+The
+.Nm
+file is used by
+.Xr login 1
+to
+.Xr chown 2
+the specified files to the user who has performed a login.
+Additionally,
+.Xr chmod 2
+is used to set the devices to the specified permission.
+When a user logs out,
+.Xr init 8
+is responsible for performing the inverse operation, which results in
+the files once again belonging to root.
+.Sh FILES
+.Bl -tag -width /etc/fbtab -compact
+.It Pa /etc/fbtab
+.El
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr login_fbtab 3 ,
+.Xr glob 7 ,
+.Xr init 8
+.Sh AUTHORS
+.An Guido van Rooij
diff --git a/static/openbsd/man5/files.conf.5 b/static/openbsd/man5/files.conf.5
new file mode 100644
index 00000000..648508c0
--- /dev/null
+++ b/static/openbsd/man5/files.conf.5
@@ -0,0 +1,359 @@
+.\"	$OpenBSD: files.conf.5,v 1.23 2016/03/02 15:04:20 naddy Exp $
+.\"
+.\" Copyright (c) 2002 Miodrag Vallat.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistribution of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\"
+.Dd $Mdocdate: March 2 2016 $
+.Dt FILES.CONF 5
+.Os
+.Sh NAME
+.Nm files.conf
+.Nd rules base for the config utility
+.Sh DESCRIPTION
+The various
+.Pa files.*\&
+files located in the kernel source tree
+contain all the necessary information needed by
+.Xr config 8
+to parse a kernel configuration file and determine the list of files to
+compile.
+.Pp
+The
+.Pa files.*\&
+rules base are simple, human-readable, text files.
+Empty lines, as well as text prefixed by the
+.Sq #
+character, are ignored.
+.Sh DEVICE TREE CONCEPT
+The
+.Ox
+kernel
+.Dq sees
+the various devices as a hierarchical tree, where the various devices
+.Dq attach
+to parent entities, which can either be physical devices themselves
+.Pq such as a computer bus ,
+or logical entities, designed to make the driver code simpler.
+Usually, the top-most devices are attached to the pseudo-device
+.Dq mainbus ,
+which is itself reported as attached to a fictitious
+.Dq root
+node.
+There is no restriction on the
+.Dq children
+a device node may have;
+some device drivers can attach themselves to different kinds of parent devices.
+For example, the logical
+.Xr scsibus 4
+device can either attach at a SCSI controller device,
+or at the logical
+.Xr atapiscsi 4
+bus.
+.Sh LOCATORS
+Some device attachments need to provide attachment information.
+For example, an
+.Xr isa 4
+device will use a range of I/O ports, one or more DMA channels, and one
+interrupt vector.
+This attachment information is known as the
+.Dq locators
+for the device.
+Most of the buses support default values for unspecified locators, for devices
+that either do not require them
+.Po
+such as
+.Xr isa 4
+cards not using interrupts
+.Pc ,
+or which can autoconfigure themselves
+.Po
+such as
+.Xr pci 4
+devices
+.Pc .
+.Pp
+Attachment lines in the kernel configuration file must match the locators of
+the device they are attaching to.
+For example:
+.Bd -literal -offset indent
+define pci {[dev = -1], [function = -1]}
+.Ed
+.Pp
+With the rule above,
+the following kernel configuration lines are valid:
+.Bd -literal -offset indent
+pciknob0 at pci? dev 2 function 42 # use fixed values
+pciknob* at pci? dev ? function ?  # use default values
+pciknob* at pci?                   # use default locators
+.Ed
+.Pp
+But the following are not:
+.Bd -literal -offset indent
+pciknob* at pci? trick ? treat ?               # unknown locators
+pciknob* at pci? dev ? function ? usefulness ? # unknown locators
+.Ed
+.Sh ATTRIBUTES
+The following syntax defines a simple attribute,
+which can be later used to factorize code dependencies:
+.Pp
+.Dl define attribute
+.Pp
+An attachment-like attribute will also require locators to be specified.
+If no locators are necessary:
+.Pp
+.Dl define attribute {}
+.Pp
+If locators are provided:
+.Pp
+.Dl define attribute {[locator1 = default1], [locator2 = default2]}
+.Sh DEVICES
+For simple device attachment, the following syntax
+defines a simple device, with no locators:
+.Pp
+.Dl device devicename {}
+.Pp
+If locators are necessary, they are specified as:
+.Pp
+.Dl device devicename {[locator1 = default1], [locator2 = default2]}
+.Pp
+A device can also reference an attribute with locators.
+This is in fact a dependency rule.
+For example,
+.Pa sys/conf/files
+defines the following attribute for SCSI controllers:
+.Pp
+.Dl define scsi {}			# no locators
+.Pp
+And SCSI drivers can then be defined as:
+.Pp
+.Dl device scsictrl: scsi
+.Pp
+A device may depend on as many attributes as necessary:
+.Pp
+.Dl device complexdev: simpledev, otherdev, specialattribute
+.Sh PSEUDO DEVICES
+Pseudo devices are defined as regular devices, except that they do not
+need locators, and use a different keyword:
+.Bd -literal -offset indent
+pseudo-device loop: inet
+pseudo-device ksyms
+.Ed
+.Pp
+The rules above define, respectively,
+the loopback network interface and the kernel symbols pseudo-device.
+.Sh DEVICE ATTACHMENT RULES
+Due to the tree structure of the device nodes, every device but the pseudo
+devices need to attach to some parent node.
+A device driver has to specify to which parents it can attach, with the
+following syntax:
+.Pp
+.Dl attach device at parent, parent2, parent3
+.Pp
+The rule above lists all the parent attributes a device may attach to.
+For example, given the following:
+.Bd -literal -offset indent
+device smartknob: bells, whistles
+attach smartknob at brainbus
+.Ed
+.Pp
+The following configuration line is then valid:
+.Pp
+.Dl smartknob* at brainbus?
+.Pp
+Whilst the following is not:
+.Pp
+.Dl smartknob* at dumbbus?
+.Pp
+If a device supports attachments to multiple parents, using different
+.Dq glue
+routines every time, the following syntax specifies the details:
+.Bd -literal -offset indent
+attach device at parent with device_parent_glue
+attach device at parent2 with device_parent2_glue
+.Ed
+.Pp
+This will define more required attributes, depending on the kernel
+configuration file's contents.
+.Sh RULE FILE INCLUSION
+It is possible to include other rules files anywhere in a file, using the
+.Dq include
+keyword:
+.Pp
+.Dl include \&"dev/pci/files.pci\&"
+.Pp
+The above rule will include the rules for machine-independent PCI code.
+.Pp
+The files
+.Pa sys/arch/machine/conf/files.machine ,
+for every
+.Dq machine
+listed in the machine line in the kernel configuration file, as well as
+.Pa sys/conf/files ,
+are always processed, and do not need to be included.
+.Sh ATTRIBUTE REQUIREMENTS
+The kernel configuration file description passed to
+.Xr config 8
+lists several compilation options, as well as several device definitions.
+From this list,
+.Xr config 8
+will build a list of required attributes, which are:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+The
+.Dq option
+lines, with the option name translated to lowercase (for example, an
+.Dq option INET6
+line will produce the
+.Dq inet6
+attribute).
+.It
+The device and pseudo-device names, except for
+.Dq root .
+.El
+.Sh KERNEL FILE LIST
+Kernel source files are defined as:
+.Bd -literal -offset indent
+file file-list	dependencies	need-rules
+.Ed
+.Pp
+.Dq file-list
+typically only specifies a single filename.
+If instead it contains a list of filenames separated by the
+.Sq \&|
+character,
+.Xr config 8
+will select the first file from the list which exists.
+If
+.Dq ${MACHINE_ARCH}
+or
+.Dq ${MACHINE}
+is found in the filename, it will be substituted with the
+relevant base architecture name.
+.Pp
+If the
+.Dq dependencies
+part is empty, the file will always be compiled in.
+This is the case for the core kernel files.
+Otherwise, the file will only be added to the list if the dependencies are met.
+Dependencies are based upon attributes and device names.
+Multiple dependencies can be written using the
+.Dq \&|
+and
+.Dq &
+operators.
+For example:
+.Pp
+.Dl file netinet/ipsec_input.c	(inet | inet6) & ipsec
+.Pp
+The above rule teaches
+.Xr config 8
+to only add
+.Pa sys/netinet/ipsec_input.c
+to the filelist if the
+.Dq ipsec
+attribute, and at least one of the
+.Dq inet
+and
+.Dq inet6
+attributes, are required.
+.Pp
+The
+.Dq need
+rules can be empty, or one of the following keywords:
+.Pp
+.Bl -tag -width "needs-count" -compact
+.It Ar needs-flag
+Create an attribute header file, defining whether or not this
+attribute is compiled in.
+.It Ar needs-count
+Create an attribute header file, defining how many instances of this
+attribute are to be compiled in.
+This rule is mostly used for pseudo-devices.
+.El
+.Pp
+The
+.Dq attribute header files
+are simple C header files created in the kernel compilation directory,
+with the name
+.Pa attribute.h
+and containing the following line:
+.Pp
+.Dl #define NATTRIBUTE	0
+.Pp
+This would substitute the attribute name and its uppercase form, prefixed with
+the letter
+.Dq N ,
+to
+.Dq attribute
+and
+.Dq NATTRIBUTE ,
+respectively.
+For a
+.Dq needs-flag
+rule, the value on the
+.Dq #define
+line is either 1 if the attribute is required, or 0 if it is not required.
+For a
+.Dq needs-count
+rule, the value is the number of device instances required, or 0
+if the device is not required.
+.Pp
+Attribute files are created for every attribute listed with a
+.Dq need
+rule, even if it is never referenced from the kernel configuration file.
+.Sh MISCELLANEOUS ITEMS
+.Pa sys/arch/machine/conf/files.machine
+must also supply the following special commands:
+.Bl -tag -width maxpartitions
+.It Ar maxpartitions
+Defines how many partitions are available on disk block devices, usually 16.
+This value is used by
+.Xr config 8
+to set up various device information structures.
+.It Ar maxusers
+Defines the bounds, and the default value, for the
+.Dq maxusers
+parameter in the kernel configuration file.
+The usual values are 2 8 64 ;
+.Xr config 8
+will report an error if the
+.Dq maxusers parameter
+in the kernel configuration file does not fit in the specified range.
+.El
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa sys/arch/machine/conf/files.machine
+Rules for architecture-dependent files, for the
+.Dq machine
+architecture.
+.It Pa sys/dev/class/files.class
+Rules for the
+.Dq class
+class of devices.
+.It Pa sys/scsi/files.scsi
+Rules for the common SCSI subsystem.
+.El
+.Sh SEE ALSO
+.Xr config 8
diff --git a/static/openbsd/man5/fs.5 b/static/openbsd/man5/fs.5
new file mode 100644
index 00000000..73cc418d
--- /dev/null
+++ b/static/openbsd/man5/fs.5
@@ -0,0 +1,383 @@
+.\"	$OpenBSD: fs.5,v 1.20 2024/02/03 18:51:57 beck Exp $
+.\"	$NetBSD: fs.5,v 1.3 1994/11/30 19:31:17 jtc Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)fs.5	8.2 (Berkeley) 4/19/94
+.\"
+.Dd $Mdocdate: February 3 2024 $
+.Dt FS 5
+.Os
+.Sh NAME
+.Nm fs ,
+.Nm inode
+.Nd format of file system volume
+.Sh SYNOPSIS
+.In sys/types.h
+.In ufs/ffs/fs.h
+.In ufs/ufs/inode.h
+.Sh DESCRIPTION
+The files
+.In ufs/ffs/fs.h
+and
+.In ufs/ufs/inode.h
+declare several structures and define variables and macros
+which are used to create and manage the underlying format of
+file system objects on random access devices (disks).
+.Pp
+The block size and number of blocks which
+comprise a file system are parameters of the file system.
+Sectors beginning at
+.Dv BBLOCK
+and continuing for
+.Dv BBSIZE
+are used
+for a disklabel and for some hardware primary
+and secondary bootstrapping programs.
+.Pp
+The actual file system begins at sector
+.Dv SBLOCK
+with the
+.Em super-block
+that is of size
+.Dv SBSIZE .
+The following structure describes the super-block and is
+from the file
+.In ufs/ffs/fs.h :
+.Bd -literal
+#define	FS_MAGIC 0x011954
+struct fs {
+	int32_t	 fs_firstfield;	/* historic file system linked list, */
+	int32_t	 fs_unused_1;	/*     used for incore super blocks */
+	int32_t	 fs_sblkno;	/* addr of super-block / frags */
+	int32_t	 fs_cblkno;	/* offset of cyl-block / frags */
+	int32_t	 fs_iblkno;	/* offset of inode-blocks / frags */
+	int32_t	 fs_dblkno;	/* offset of first data / frags */
+	int32_t	 fs_cgoffset;	/* cylinder group offset in cylinder */
+	int32_t	 fs_cgmask;	/* used to calc mod fs_ntrak */
+	int32_t	 fs_ffs1_time;	/* last time written */
+	int32_t	 fs_ffs1_size;	/* # of blocks in fs / frags */
+	int32_t	 fs_ffs1_dsize;	/* # of data blocks in fs */
+	int32_t	 fs_ncg;	/* # of cylinder groups */
+	int32_t	 fs_bsize;	/* size of basic blocks / bytes */
+	int32_t	 fs_fsize;	/* size of frag blocks / bytes */
+	int32_t	 fs_frag;	/* # of frags in a block in fs */
+/* these are configuration parameters */
+	int32_t	 fs_minfree;	/* minimum percentage of free blocks */
+	int32_t	 fs_rotdelay;	/* # of ms for optimal next block */
+	int32_t	 fs_rps;	/* disk revolutions per second */
+/* these fields can be computed from the others */
+	int32_t	 fs_bmask;	/* ``blkoff'' calc of blk offsets */
+	int32_t	 fs_fmask;	/* ``fragoff'' calc of frag offsets */
+	int32_t	 fs_bshift;	/* ``lblkno'' calc of logical blkno */
+	int32_t	 fs_fshift;	/* ``numfrags'' calc # of frags */
+/* these are configuration parameters */
+	int32_t	 fs_maxcontig;	/* max # of contiguous blks */
+	int32_t	 fs_maxbpg;	/* max # of blks per cyl group */
+/* these fields can be computed from the others */
+	int32_t	 fs_fragshift;	/* block to frag shift */
+	int32_t	 fs_fsbtodb;	/* fsbtodb and dbtofsb shift constant */
+	int32_t	 fs_sbsize;	/* actual size of super block */
+	int32_t	 fs_csmask;	/* csum block offset (now unused) */
+	int32_t	 fs_csshift;	/* csum block number (now unused) */
+	int32_t	 fs_nindir;	/* value of NINDIR */
+	int32_t	 fs_inopb;	/* inodes per file system block */
+	int32_t	 fs_nspf;	/* DEV_BSIZE sectors per frag */
+/* yet another configuration parameter */
+	int32_t	 fs_optim;	/* optimization preference, see below */
+/* these fields are derived from the hardware */
+	int32_t	 fs_npsect;	/* DEV_BSIZE sectors/track + spares */
+	int32_t	 fs_interleave;	/* DEV_BSIZE sector interleave */
+	int32_t	 fs_trackskew;	/* sector 0 skew, per track */
+/* fs_id takes the space of unused fs_headswitch and fs_trkseek fields */
+	int32_t	 fs_id[2];	/* unique filesystem id */
+/* sizes determined by number of cylinder groups and their sizes */
+	int32_t	 fs_ffs1_csaddr; /* blk addr of cyl grp summary area */
+	int32_t	 fs_cssize;	/* cyl grp summary area size / bytes */
+	int32_t	 fs_cgsize;	/* cyl grp block size / bytes */
+/* these fields are derived from the hardware */
+	int32_t	 fs_ntrak;	/* tracks per cylinder */
+	int32_t	 fs_nsect;	/* DEV_BSIZE sectors per track */
+	int32_t	 fs_spc;	/* DEV_BSIZE sectors per cylinder */
+/* this comes from the disk driver partitioning */
+	int32_t	 fs_ncyl;	/* cylinders in file system */
+/* these fields can be computed from the others */
+	int32_t	 fs_cpg;	/* cylinders per group */
+	int32_t	 fs_ipg;	/* inodes per group */
+	int32_t	 fs_fpg;	/* blocks per group * fs_frag */
+/* this data must be re-computed after crashes */
+	struct	csum fs_ffs1_cstotal; /* cylinder summary information */
+/* these fields are cleared at mount time */
+	int8_t	 fs_fmod;	/* super block modified flag */
+	int8_t	 fs_clean;	/* file system is clean flag */
+	int8_t	 fs_ronly;	/* mounted read-only flag */
+	int8_t	 fs_ffs1_flags;	/* see FS_ below */
+	u_char	 fs_fsmnt[MAXMNTLEN]; /* name mounted on */
+	u_char	 fs_volname[MAXVOLLEN]; /* volume name */
+	u_int64_t fs_swuid;	/* system-wide uid */
+	int32_t	 fs_pad;	/* due to alignment of fs_swuid */
+/* these fields retain the current block allocation info */
+	int32_t	 fs_cgrotor;	 /* last cg searched */
+	void	*fs_ocsp[NOCSPTRS]; /* padding; was list of fs_cs bufs */
+	u_int8_t *fs_contigdirs; /* # of contiguously allocated dirs */
+	struct csum *fs_csp;	 /* cg summary info buffer for fs_cs */
+	int32_t	*fs_maxcluster;	 /* max cluster in each cyl group */
+	u_char	*fs_active;	 /* reserved for snapshots */
+	int32_t	 fs_cpc;	 /* cyl per cycle in postbl */
+/* this area is only allocated if fs_ffs1_flags & FS_FLAGS_UPDATED */
+	int32_t	 fs_maxbsize;	/* maximum blocking factor permitted */
+	int64_t	 fs_spareconf64[17]; /* old rotation block list head */
+	int64_t	 fs_sblockloc;	/* offset of standard super block */
+	struct csum_total fs_cstotal; /* cylinder summary information */
+	int64_t	 fs_time;	/* time last written */
+	int64_t	 fs_size;	/* number of blocks in fs */
+	int64_t	 fs_dsize;	/* number of data blocks in fs */
+	int64_t	 fs_csaddr;	/* blk addr of cyl grp summary area */
+	int64_t	 fs_pendingblocks; /* blocks in process of being freed */
+	int32_t	 fs_pendinginodes; /* inodes in process of being freed */
+	int32_t	 fs_snapinum[FSMAXSNAP];/* space reserved for snapshots */
+/* back to stuff that has been around a while */
+	int32_t	 fs_avgfilesize; /* expected average file size */
+	int32_t	 fs_avgfpdir;	 /* expected # of files per directory */
+	int32_t	 fs_sparecon[26];/* reserved for future constants */
+	u_int32_t fs_flags;	/* see FS_ flags below */
+	int32_t	 fs_fscktime;	 /* last time fsck(8)ed */
+	int32_t	 fs_contigsumsize; /* size of cluster summary array */
+	int32_t	 fs_maxsymlinklen; /* max length of an internal symlink */
+	int32_t	 fs_inodefmt;	 /* format of on-disk inodes */
+	u_int64_t fs_maxfilesize;/* maximum representable file size */
+	int64_t	 fs_qbmask;	 /* ~fs_bmask - for use with quad size */
+	int64_t	 fs_qfmask;	 /* ~fs_fmask - for use with quad size */
+	int32_t	 fs_state;	 /* validate fs_clean field */
+	int32_t	 fs_postblformat;/* format of positional layout tables */
+	int32_t	 fs_nrpos;	 /* number of rotational positions */
+	int32_t	 fs_postbloff;	 /* (u_int16) rotation block list head */
+	int32_t	 fs_rotbloff;	 /* (u_int8) blocks for each rotation */
+	int32_t	 fs_magic;	 /* magic number */
+	u_int8_t fs_space[1];	 /* list of blocks for each rotation */
+/* actually longer */
+};
+.Ed
+.Pp
+Each disk drive contains some number of file systems.
+A file system consists of a number of cylinder groups.
+Each cylinder group has inodes and data.
+.Pp
+A file system is described by its super-block, which in turn
+describes the cylinder groups.
+The super-block is critical
+data and is replicated in each cylinder group to protect against
+catastrophic loss.
+This is done at file system creation time and the critical
+super-block data does not change, so the copies need not be
+referenced further unless disaster strikes.
+.Pp
+Addresses stored in inodes are capable of addressing fragments
+of
+.Dq blocks .
+File system blocks of at most size
+.Dv MAXBSIZE
+can
+be optionally broken into 2, 4, or 8 pieces, each of which is
+addressable; these pieces may be
+.Dv DEV_BSIZE ,
+or some multiple of a
+.Dv DEV_BSIZE
+unit.
+.Pp
+Large files consist of exclusively large data blocks.
+To avoid undue wasted disk space, the last data block of a small file is
+allocated only as many fragments of a large block as are
+necessary.
+The file system format retains only a single pointer
+to such a fragment, which is a piece of a single large block that
+has been divided.
+The size of such a fragment is determinable from
+information in the inode, using the
+.Fn blksize fs ip lbn
+macro.
+.Pp
+The file system records space availability at the fragment level;
+to determine block availability, aligned fragments are examined.
+.Pp
+The root inode is the root of the file system.
+Inode 0 can't be used for normal purposes and
+historically bad blocks were linked to inode 1
+(inode 1 is no longer used for
+this purpose; however, numerous dump tapes make this
+assumption, so we are stuck with it).
+Thus the root inode is 2.
+.Pp
+The
+.Va fs_minfree
+element gives the minimum acceptable percentage of file system
+blocks that may be free.
+If the freelist drops below this level,
+only the superuser may continue to allocate blocks.
+The
+.Va fs_minfree
+element
+may be set to 0 if no reserve of free blocks is deemed necessary,
+although severe performance degradations will be observed if the
+file system is run at greater than 95% full; thus the default
+value of
+.Va fs_minfree
+is 5%.
+.Pp
+Empirically the best trade-off between block fragmentation and
+overall disk utilization at a loading of 95% comes with a
+fragmentation of 8; thus the default fragment size is an eighth
+of the block size.
+.Pp
+The element
+.Va fs_optim
+specifies whether the file system should try to minimize the time spent
+allocating blocks
+.Pq Dv FS_OPTTIME ,
+or if it should attempt to minimize the space fragmentation on the disk
+.Pq Dv FS_OPTSPACE .
+If the value of
+.Va fs_minfree
+(see above) is less than 5%,
+then the file system defaults to optimizing for space to avoid
+running out of full sized blocks.
+If the value of
+.Va fs_minfree
+is greater than or equal to 5%,
+fragmentation is unlikely to be problematical, and
+the file system defaults to optimizing for time.
+.Pp
+The
+.Va fs_flags
+element specifies how the filesystem was mounted:
+.Pp
+.Bl -tag -width FS_UNCLEAN -offset ind -compact
+.It Dv FS_UNCLEAN
+The filesystem was mounted uncleanly.
+.El
+.Ss Cylinder group related limits
+Each cylinder keeps track of the availability of blocks at different
+rotational positions, so that sequential blocks can be laid out
+with minimum rotational latency.
+With the default of 1 distinct
+rotational position, the resolution of the
+summary information is 16ms for a typical 3600 RPM drive.
+.Pp
+The element
+.Va fs_rotdelay
+was once used to tweak block layout.
+.Pp
+Each file system has a statically allocated number of inodes, determined
+by its size and the desired number of file data bytes per inode at the
+time it was created.
+See
+.Xr newfs 8
+for details on how to set this (and other) filesystem parameters.
+By default, the inode allocation strategy is extremely conservative.
+.Pp
+.Dv MINBSIZE
+is the smallest allowable block size.
+With a
+.Dv MINBSIZE
+of 4096
+it is possible to create files of size
+2^32 with only two levels of indirection.
+.Dv MINBSIZE
+must be big enough to hold a cylinder group block,
+thus changes to
+.Va struct cg
+must keep its size within
+.Dv MINBSIZE .
+Note that super-blocks are never more than size
+.Dv SBSIZE .
+.Pp
+The path name on which the file system is mounted is maintained in
+.Va fs_fsmnt .
+.Dv MAXMNTLEN
+defines the amount of space allocated in
+the super-block for this name.
+.Pp
+Per cylinder group information is summarized in blocks allocated
+from the first cylinder group's data blocks.
+These blocks are read in from
+.Va fs_csaddr
+(of size
+.Va fs_cssize )
+in addition to the super-block.
+.Pp
+Note that
+.Fn sizeof "struct csum"
+must be a power of two in order for
+the
+.Fn fs_cs
+macro to work.
+.Ss Super-block for a file system
+The size of the rotational layout tables
+is limited by the fact that the super-block is of size
+.Dv SBSIZE .
+The size of these tables is inversely
+proportional to the block
+size of the file system.
+The size of the tables is
+increased when sector sizes are not powers of two,
+as this increases the number of cylinders
+included before the rotational pattern repeats
+.Pq Va fs_cpc .
+The size of the rotational layout
+tables is derived from the number of bytes remaining in
+.Va struct fs .
+.Pp
+The number of blocks of data per cylinder group
+is limited because cylinder groups are at most one block.
+The inode and free block tables
+must fit into a single block after deducting space for
+the cylinder group structure
+.Va struct cg .
+.Ss Inodes
+The
+.Em inode
+is the focus of all file activity in the
+.Tn UNIX
+file system.
+There is a unique inode allocated
+for each active file,
+each current directory, each mounted-on file,
+text file, and the root.
+An inode is
+.Dq named
+by its device/i-number pair.
+For further information, see the include file
+.In ufs/ufs/inode.h .
+.Sh HISTORY
+A super-block structure named
+.Em filsys
+appeared in
+.At v6 .
+The file system described in this manual appeared
+in
+.Bx 4.2 .
diff --git a/static/openbsd/man5/fstab.5 b/static/openbsd/man5/fstab.5
new file mode 100644
index 00000000..28671e59
--- /dev/null
+++ b/static/openbsd/man5/fstab.5
@@ -0,0 +1,314 @@
+.\"	$OpenBSD: fstab.5,v 1.55 2023/07/07 13:21:28 job Exp $
+.\"	$NetBSD: fstab.5,v 1.5.2.1 1995/11/16 20:11:11 pk Exp $
+.\"
+.\" Copyright (c) 1980, 1989, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)fstab.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: July 7 2023 $
+.Dt FSTAB 5
+.Os
+.Sh NAME
+.Nm fstab
+.Nd static information about the filesystems
+.Sh SYNOPSIS
+.In fstab.h
+.Sh DESCRIPTION
+The
+.Nm
+file contains descriptive information about the various file systems.
+.Nm
+is only read by programs, and not written;
+it is the duty of the system administrator to properly create
+and maintain this file.
+Each filesystem is described on a separate line;
+fields on each line are separated by tabs or spaces.
+Lines beginning with the
+.Sq #
+character are comments and are ignored.
+The order of records in
+.Nm
+is important because
+.Xr fsck 8
+and
+.Xr mount 8
+sequentially iterate through
+.Nm
+doing their thing.
+.Pp
+A line has the following format:
+.Bd -literal -offset indent
+fs_spec fs_file fs_vfstype fs_mntops fs_freq fs_passno
+.Ed
+.Pp
+The first field,
+.Fa fs_spec ,
+describes the block special device or remote filesystem to be mounted.
+A block special device may be specified by pathname
+or by
+.Xr disklabel 8
+UID (DUID).
+For filesystems of type MFS
+the special file name is typically that of the primary swap area;
+if the keyword
+.Dq swap
+is used instead of a special file name,
+default configuration parameters are used.
+If a program needs the character special file name,
+the program must create it by appending an
+.Sq r
+after the last
+.Sq /
+in the special file name.
+.Pp
+The second field,
+.Fa fs_file ,
+describes the mount point for the filesystem.
+For swap partitions, this field should be specified as
+.Dq none .
+.Pp
+The third field,
+.Fa fs_vfstype ,
+describes the type of the filesystem.
+The system currently supports the following types of filesystems:
+.Pp
+.Bl -tag -width indent -offset indent -compact
+.It cd9660
+An ISO 9660 CD-ROM filesystem.
+.It ext2fs
+A local Linux compatible ext2fs
+filesystem.
+.It ffs
+A local
+.Ux
+filesystem.
+.It mfs
+A local memory-based
+.Ux
+filesystem.
+.It msdos
+An
+.Tn MS-DOS
+FAT filesystem.
+.It nfs
+A Sun Microsystems compatible Network File System.
+.It ntfs
+An NTFS filesystem.
+.It swap
+A disk partition to be used for swapping.
+.It tmpfs
+A local memory-based
+.Ux
+filesystem.
+.It udf
+A UDF filesystem.
+.It vnd
+A VND image file.
+.El
+.Pp
+The fourth field,
+.Fa fs_mntops ,
+describes the mount options associated with the filesystem.
+It is formatted as a comma separated list of options.
+It contains at least the type of mount (see
+.Fa fs_type
+below) plus any additional options appropriate to the filesystem type.
+.Pp
+The option
+.Dq auto
+can be used in the
+.Dq noauto
+form to cause
+a file system not to be mounted automatically (with
+.Ic mount -A
+or
+.Ic mount -a ,
+or at system boot time).
+Similarly, the option
+.Dq net
+can be used to cause a file system to be considered only if the
+.Fl N
+flag is passed to
+.Xr mount 8
+or
+.Xr fsck 8 .
+.Pp
+If the options
+.Dq userquota
+and/or
+.Dq groupquota
+are specified, the filesystem is automatically processed by the
+.Xr quotacheck 8
+command, and user and/or group disk quotas are enabled with
+.Xr quotaon 8 .
+By default, filesystem quotas are maintained in files named
+.Pa quota.user
+and
+.Pa quota.group
+which are located at the root of the associated filesystem.
+These defaults may be overridden by putting an equal sign
+and an alternative absolute pathname following the quota option.
+Thus, if the user quota file for
+.Pa /tmp
+is stored in
+.Pa /var/quotas/tmp.user ,
+this location can be specified as:
+.Bd -literal -offset indent
+userquota=/var/quotas/tmp.user
+.Ed
+.Pp
+The type of the mount is extracted from the first parameter of the
+.Fa fs_mntops
+field and stored separately in the
+.Fa fs_type
+field (it is not deleted from the
+.Fa fs_mntops
+field).
+If
+.Fa fs_type
+is
+.Dq rw ,
+.Dq rq ,
+or
+.Dq ro
+then the filesystem whose name is given in the
+.Fa fs_file
+field is normally mounted read-write or read-only on the
+specified special file.
+If
+.Fa fs_type
+is
+.Dq sw
+then the special file is made available as a piece of swap space by the
+.Xr swapon 8
+command at the end of the system reboot procedure.
+The fields other than
+.Fa fs_spec
+and
+.Fa fs_type
+are unused.
+If
+.Fa fs_type
+is specified as
+.Dq xx ,
+the entry is ignored.
+This is useful to show disk partitions which are currently unused.
+.Pp
+The fifth field,
+.Fa fs_freq ,
+is used by the
+.Fl W
+and
+.Fl w
+options of
+.Xr dump 8
+to recommend which filesystems should be backed up.
+The value specifies the number of days
+after which a dump is regarded as being old;
+if it is not present, a value of zero is returned and
+.Xr dump 8
+will assume that the filesystem does not need to be dumped.
+.Pp
+The sixth field,
+.Fa fs_passno ,
+is used by the
+.Xr fsck 8
+program to determine the order in which filesystem checks are done
+at reboot time.
+The root filesystem should be specified with a
+.Fa fs_passno
+of 1, and other filesystems should have a
+.Fa fs_passno
+of 2.
+Filesystems within a drive will be checked sequentially,
+but filesystems on different drives will be checked at the
+same time to utilize parallelism available in the hardware.
+If the sixth field is not present or is zero,
+a value of zero is returned and
+.Xr fsck 8
+will assume that the filesystem does not need to be checked.
+.Bd -literal
+#define	FSTAB_RW	"rw"	/* read/write device */
+#define	FSTAB_RQ	"rq"	/* read/write with quotas */
+#define	FSTAB_RO	"ro"	/* read-only device */
+#define	FSTAB_SW	"sw"	/* swap device */
+#define	FSTAB_XX	"xx"	/* ignore totally */
+
+struct fstab {
+	char	*fs_spec;	/* block special device name */
+	char	*fs_file;	/* filesystem path prefix */
+	char	*fs_vfstype;	/* type of filesystem */
+	char	*fs_mntops;	/* comma separated mount options */
+	char	*fs_type;	/* rw, rq, ro, sw, or xx */
+	int	fs_freq;	/* dump frequency, in days */
+	int	fs_passno;	/* pass number on parallel fsck */
+};
+.Ed
+.Pp
+The proper way to read records from
+.Pa fstab
+is to use the routines
+.Xr getfsent 3 ,
+.Xr getfsspec 3 ,
+and
+.Xr getfsfile 3 .
+.Sh FILES
+.Bl -tag -width /etc/fstab -compact
+.It Pa /etc/fstab
+.El
+.Sh EXAMPLES
+Here is a sample
+.Pa /etc/fstab
+file:
+.Bd -literal -offset indent
+/dev/sd0b none swap sw
+/dev/sd1b none swap sw
+/dev/sd0a / ffs rw 1 1
+/dev/sd0e /var ffs rw,nodev,nosuid 1 2
+#/dev/sd0f /tmp ffs rw,nodev,nosuid 1 2
+swap /tmp mfs rw,nodev,nosuid,-s=153600 0 0
+/dev/sd0g /usr ffs rw,nodev 1 2
+/dev/sd0h /usr/local ffs rw,nodev 1 2
+/dev/sd0i /home ffs rw,nodev,nosuid 1 2
+/dev/sd0j /usr/src ffs rw,nodev,nosuid 1 2
+/dev/cd0a /cdrom cd9660 ro,noauto 0 0
+5b27c2761a9b0b06.i /mnt/key msdos rw,noauto 0 0
+server:/export/ports /usr/ports nfs rw,nodev,nosuid,soft,intr 0 0
+.Ed
+.Sh SEE ALSO
+.Xr quota 1 ,
+.Xr getfsent 3 ,
+.Xr fsck 8 ,
+.Xr mount 8 ,
+.Xr quotacheck 8 ,
+.Xr quotaon 8
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.0 .
diff --git a/static/openbsd/man5/genassym.cf.5 b/static/openbsd/man5/genassym.cf.5
new file mode 100644
index 00000000..3f587fcd
--- /dev/null
+++ b/static/openbsd/man5/genassym.cf.5
@@ -0,0 +1,139 @@
+.\"	$OpenBSD: genassym.cf.5,v 1.10 2014/07/05 07:18:33 jsg Exp $
+.\"	$NetBSD: genassym.cf.5,v 1.8 2001/06/19 12:34:27 wiz Exp $
+.\"
+.\" Copyright (c) 1997 Matthias Pfaller.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: July 5 2014 $
+.Dt GENASSYM.CF 5
+.Os
+.Sh NAME
+.Nm genassym.cf
+.Nd assym.h definition file
+.Sh DESCRIPTION
+The
+.Nm
+file is used by
+.Xr genassym.sh 8
+to make constant C expressions known to assembler source files.
+.Pp
+Lines starting with '#' are discarded by
+.Xr genassym.sh 8 .
+Lines starting with
+.Em include ,
+.Em ifdef ,
+.Em if ,
+.Em else
+or
+.Em endif
+are preceded with '#' and passed otherwise unmodified to the C compiler.
+.Pp
+Lines starting with
+.Em quote
+get passed on with the
+.Em quote
+command removed.
+.Pp
+The first word after a
+.Em define
+command is taken as a CPP identifier and the rest of the line has to be
+a constant C expression.
+The output of
+.Xr genassym.sh 8
+will assign the numerical value of this expression to the CPP identifier.
+.Pp
+.Em "export foo"
+.br
+is a shorthand for
+.br
+.Em "define foo foo" .
+.Pp
+.Em "struct foo"
+.br
+remembers foo for the
+.Em member
+command and does a
+.br
+.Em "define FOO_SIZEOF sizeof(foo)" ,
+.br
+with the structure name converted to upper
+case.
+.Pp
+.Em "member foo"
+.br
+does a
+.br
+.Em "define FOO offsetof(<last struct>, foo)" .
+.br
+The two argument form of
+.Em "member" ,
+as
+.br
+.Em "member foo bar"
+.br
+does a
+.br
+.Em "define FOO offsetof(<last struct>, bar)" ,
+.br
+with its first argument converted to upper case.
+In the case where struct was
+invoked with an extra argument, as in
+.br
+.Em "struct foo PREFIX_" ,
+.br
+the first argument of member will be prefixed by the remembered prefix, before
+being converted to upper case.
+.Pp
+.Em "union foo"
+.br
+is similar to the
+.Em struct
+command, but applies to a union instead of a struct.
+.Pp
+.Em "config <ctype> <gcc constraint> <asm print modifier>"
+.br
+can be used to customize the output of
+.Xr genassym.sh 8 .
+.br
+When producing C output, values are cast to <ctype> (default: long)
+before they get handed to printf.
+<gcc constraint> (default: n) is the constraint used in the __asm__ statements.
+<asm print modifier> (default: empty) can be used to force gcc to output
+operands in different ways than normal.
+The "a" modifier e.g. stops gcc from emitting immediate
+prefixes in front of constants for the i386 port.
+.Sh FILES
+.Pa /sys/arch/${MACHINE}/${MACHINE}/genassym.cf
+.Sh SEE ALSO
+.Xr genassym.sh 8
+.Sh HISTORY
+The first use of
+.Nm
+files occurred in
+.Ox 2.2 .
+Its use was generalized to all ports for
+.Ox 3.0 .
+The
+.Em union
+command appeared in
+.Ox 3.5 .
diff --git a/static/openbsd/man5/gnome-module.5 b/static/openbsd/man5/gnome-module.5
new file mode 100644
index 00000000..3bd19723
--- /dev/null
+++ b/static/openbsd/man5/gnome-module.5
@@ -0,0 +1,209 @@
+.\"	$OpenBSD: gnome-module.5,v 1.10 2025/08/16 16:43:06 daniel Exp $
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 16 2025 $
+.Dt GNOME-MODULE 5
+.Os
+.Sh NAME
+.Nm gnome-module
+.Nd x11/gnome port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=x11/gnome
+in the
+.Xr ports 7
+tree.
+.Pp
+This module has full support for the
+.Ar gnu ,
+.Ar simple ,
+.Ar meson
+and
+.Ar cmake
+CONFIGURE_STYLE.
+.Pp
+If
+.Ev DIST_TUPLE
+is set and the
+.Em gnome
+template is used, this module will set default values for
+.Ev GNOME_PROJECT,
+.Ev GNOME_VERSION,
+.Ev WRKDIST,
+and
+.Ev EXTRACT_SUFX .
+.Pp
+If both
+.Ev GNOME_PROJECT
+and
+.Ev GNOME_VERSION
+are set, this module defines
+.Ev DISTNAME ,
+.Ev SITES ,
+adds x11/gnome to
+.Ev CATEGORIES
+and
+.Ev EXTRACT_SUFX
+will default to .tar.xz if unset.
+.Pp
+Unless
+.Li NO_BUILD=Yes ,
+.Pa devel/gettext,-tools
+is appended to
+.Ev MODGNOME_BUILD_DEPENDS
+for ports built using
+.Xr meson 1
+and
+.Pa textproc/intltool
+is appended to
+.Ev MODULES
+for other ports.
+.Pp
+.Ev USE_GMAKE
+is set to "Yes".
+.Pp
+When CONFIGURE_STYLE is set to
+.Ar gnu
+or
+.Ar simple ,
+if none of
+.Ev AUTOCONF_VERSION
+nor
+.Ev AUTOMAKE_VERSION
+are defined, then "--disable-maintainer-mode" is appended to
+.Ev CONFIGURE_ARGS .
+When CONFIGURE_STYLE is set to
+.Ar cmake ,
+"-DENABLE_MAINTAINER_MODE=OFF" and -DSYSCONF_INSTALL_DIR=${SYSCONFDIR}
+are appended to CONFIGURE_ARGS.
+.Pp
+MODGNOME_CPPFLAGS and MODGNOME_LDFLAGS can be used to add compiler and linker
+flags.
+.Li CPPFLAGS="-I${LOCALBASE}/include"
+and
+.Li LDFLAGS="-L${LOCALBASE}/lib"
+are always appended to
+.Ev CONFIGURE_ENV
+unless MODGNOME_CPPFLAGS or MODGNOME_LDFLAGS is set to "no".
+.Pp
+Certain build/run dependencies and configure arguments and environment
+can be set by appending desktop-file-utils, docbook, gi-docgen,
+gobject-introspection, gtk-update-icon-cache, shared-mime-info,
+vala and/or yelp to
+.Ev MODGNOME_TOOLS .
+They are disabled otherwise.
+.Pp
+If
+.Ev MODGNOME_TOOLS
+includes desktop-file-utils,
+a dependency on
+.Pa devel/desktop-file-utils
+is appended to
+.Ev MODGNOME_RUN_DEPENDS
+and a link to /usr/bin/true is created under
+.Pa ${WRKDIR}/bin/desktop-file-validate .
+.Pp
+If
+.Ev MODGNOME_TOOLS
+includes docbook,
+.Pa textproc/docbook-xsl
+is appended to
+.Ev MODGNOME_BUILD_DEPENDS .
+This option is used when the generation of the man pages included in the
+source tarball requires docbook XML/SGML/XSL definitions and stylesheets.
+.Pp
+If
+.Ev MODGNOME_TOOLS
+includes gi-docgen,
+.Pa textproc/gi-docgen
+is appended to
+.Ev MODGNOME_BUILD_DEPENDS .
+This option is used to generate documentation using GI-Docgen.
+.Pp
+If
+.Ev MODGNOME_TOOLS
+includes gtk-update-icon-cache, a dependency on
+.Pa x11/gtk+4,-guic
+is appended to
+.Ev MODGNOME_RUN_DEPENDS .
+.Pp
+If
+.Ev MODGNOME_TOOLS
+includes shared-mime-info, a dependency on
+.Pa misc/shared-mime-info
+is appended to
+.Ev MODGNOME_RUN_DEPENDS
+and a link to /usr/bin/true is created under
+.Pa ${WRKDIR}/bin/update-mime-database .
+.Pp
+If
+.Ev MODGNOME_TOOLS
+includes yelp,
+.Pa textproc/itstool
+and
+.Pa x11/gnome/doc-utils
+are appended to
+.Ev MODGNOME_BUILD_DEPENDS .
+Furthermore,
+.Pa x11/gnome/yelp
+is appended to
+.Ev MODGNOME_RUN_DEPENDS
+if
+.Ev MODGNOME_TOOLS
+also contains "desktop-file-utils"
+This option is to be used when any files are installed into
+.Pa share/gnome/help/
+or page files are installed into
+.Pa share/help/ .
+.Pp
+.Ev MODGNOME_BUILD_DEPENDS
+and
+.Ev MODGNOME_RUN_DEPENDS
+are appended to the
+corresponding
+.Ev BUILD_DEPENDS
+and
+.Ev RUN_DEPENDS .
+.Pp
+Some tools require the following tag in the PLIST:
+.Pp
+.Ar desktop-file-utils
+.Bd -literal -offset indent
+@tag update-desktop-database
+.Ed
+.Pp
+.Ar gtk-update-icon-cache
+($icon-theme is the theme directory)
+.Bd -literal -offset indent
+@tag gtk-update-icon-cache %D/share/icons/$icon-theme
+.Ed
+.Pp
+.Ar shared-mime-info
+.Bd -literal -offset indent
+@tag update-mime-database
+.Ed
+.Sh SEE ALSO
+.Xr port-modules 5
diff --git a/static/openbsd/man5/go-module.5 b/static/openbsd/man5/go-module.5
new file mode 100644
index 00000000..953b0458
--- /dev/null
+++ b/static/openbsd/man5/go-module.5
@@ -0,0 +1,208 @@
+.\"	$OpenBSD: go-module.5,v 1.5 2025/02/07 02:53:30 lucas Exp $
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: February 7 2025 $
+.Dt GO-MODULE 5
+.Os
+.Sh NAME
+.Nm go-module
+.Nd lang/go port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=lang/go
+in the
+.Xr ports 7
+tree.
+.Pp
+Adds Go toolchain support.
+Requires
+.Ev ALL_TARGET
+to be set to canonical Go import path of port.
+(Module sets it automatically for ports that use
+.Ev GH_ACCOUNT
+and
+.Ev GH_PROJECT
+macros.)
+.Pp
+During execution of
+.Cm pre-configure
+target module moves source code from
+.Pa ${MODGO_SUBDIR}
+to
+.Pa ${WRKSRC} ,
+subdirectory of
+.Pa ${MODGO_WORKSPACE}
+- specially-crafted Go workspace located at
+.Pa ${WRKDIR}/go .
+During
+.Cm do-build
+module calls
+.Dq go install
+with
+.Ev GOPATH
+set to
+.Pa ${MODGO_WORKSPACE} ,
+runs its output through sed to prevent writes outside
+.Ev WRKDIR
+sandbox and sends output to
+.Xr sh 1 .
+During
+.Cm do-install
+it copies executables from
+.Pa ${MODGO_WORKSPACE}/bin
+to
+.Pa ${PREFIX}/bin ,
+and/or directories
+.Pa ${MODGO_WORKSPACE}/pkg
+and
+.Pa ${MODGO_WORKSPACE}/src
+to
+.Pa ${PREFIX}/go ,
+depending on
+.Ev MODGO_TYPE
+contents.
+.Pp
+Sets
+.Ev BUILD_DEPENDS ,
+.Ev RUN_DEPENDS ,
+.Ev ALL_TARGET ,
+.Ev TEST_TARGET ,
+.Ev ONLY_FOR_ARCHS ,
+.Ev SEPARATE_BUILD ,
+and
+.Ev WRKSRC .
+.Pp
+Appends to
+.Ev CATEGORIES .
+.Pp
+Defines:
+.Bl -tag -width MODGO_WORKSPACE
+.It Ev MODGO_TYPE
+Type of port.
+May be any combination of:
+.Bl -tag -width lib
+.It bin
+ordinary binary, which should be installed to
+.Pa ${PREFIX}/bin ,
+.It lib
+library, which should come with source code.
+.El
+.Pp
+Defaults to
+.Ar bin .
+.It Ev MODGO_WORKSPACE
+Path to Go workspace set up for port build process.
+Defaults to
+.Pa ${WRKDIR}/go .
+See Go documentation for details.
+.It Ev MODGO_SUBDIR
+Path to Go source code within port's sources tarball.
+Defaults to
+.Pa ${WRKDIST} .
+.It Ev MODGO_SETUP_WORKSPACE
+Commands setting up Go workspace for building ports.
+By default, happens during execution of
+.Cm pre-configure
+target.
+.It Ev MODGO_BUILDDEP
+Controls whether contents of
+.Ev MODGO_BUILD_DEPENDS
+are appended to port's
+.Ev BUILD_DEPENDS .
+Defaults to
+.Ar Yes .
+.It Ev MODGO_MODNAME
+Name of Go module as defined in the
+.Pa go.mod
+file contained in a project.
+If this is set,
+.Ev MODGO_MODULES ,
+.Ev MODGO_MODFILES
+and
+.Ev MODGO_VERSION
+need to be defined as well.
+Setting this will also set
+.Ev ALL_TARGET .
+When
+.Ev MODGO_MODFILES
+is set, and a "cmd" directory is found in
+.Ev WRKSRC ,
+"./cmd/..." is also built by
+.Cm do-build
+automatically.
+.It Ev MODGO_VERSION
+Sets the specific version of a Go module to use.
+For example: v0.1.3.
+.It Ev MODGO_MODULES
+List of modules and their specific versions that an application depends on.
+.It Ev MODGO_MODFILES
+List of go.mod files and their versions that are required for dependency
+resolution.
+These are required by Go to determine the full dependency graph.
+.El
+.Pp
+Additionally defines
+.Ev MODGO_ARCH
+(application architecture name used by Go),
+.Ev MODGO_PACKAGES ,
+.Ev MODGO_SOURCES
+and
+.Ev MODGO_TOOLS
+(paths for installed Go packages, sources and tools respectively),
+.Ev MODGO_CMD
+and
+.Ev MODGO_FLAGS
+(source code build command and flags passed as its arguments),
+.Ev MODGO_LDFLAGS ,
+.Ev MODGO_BUILD_CMD
+and
+.Ev MODGO_TEST_CMD
+(commands for building and testing go packages; normally called with canonical
+Go package names as arguments),
+.Ev MODGO_{BUILD,INSTALL,TEST}_TARGET
+and
+.Ev MODGO_{BUILD,RUN}_DEPENDS .
+.Pp
+This module adds one
+.Xr make 1
+target:
+.Bl -tag -width modgo-gen-modules
+.It Cm modgo-gen-modules
+Generate the
+.Ev MODGO_MODULES
+and the
+.Ev MODGO_MODFILES
+lists.
+If
+.Ev MODGO_VERSION
+is set to "latest", the latest known-to-Go version of a package will be used
+to build the list of modules.
+Similarly, if
+.Ev MODGO_VERSION
+is empty, the latest version will be fetched.
+.El
+.Sh SEE ALSO
+.Xr port-modules 5
diff --git a/static/openbsd/man5/group.5 b/static/openbsd/man5/group.5
new file mode 100644
index 00000000..a23349bf
--- /dev/null
+++ b/static/openbsd/man5/group.5
@@ -0,0 +1,176 @@
+.\"	$OpenBSD: group.5,v 1.15 2012/06/20 22:15:13 schwarze Exp $
+.\"	$NetBSD: group.5,v 1.4 1995/07/28 06:41:39 phil Exp $
+.\"
+.\" Copyright (c) 1980, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\" Portions Copyright(c) 1994, Jason Downs. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)group.5	8.3 (Berkeley) 4/19/94
+.\"
+.Dd $Mdocdate: June 20 2012 $
+.Dt GROUP 5
+.Os
+.Sh NAME
+.Nm group
+.Nd format of the group permissions file
+.Sh DESCRIPTION
+The file
+.Pa /etc/group
+consists of newline separated
+.Tn ASCII
+records, one per group, containing four colon
+.Pq Ql \&:
+separated fields.
+These fields are as follows:
+.Pp
+.Bl -tag -width password -offset indent -compact
+.It group
+Name of the group.
+.It passwd
+Group's encrypted password.
+.It gid
+The group's decimal ID.
+.It member
+Group members.
+.El
+.Pp
+The
+.Ar group
+field is the group name used for granting file access to users
+who are members of the group.
+The
+.Ar gid
+field is the number associated with the group name.
+They should both be unique across the system (and often
+across a group of systems) since they control file access.
+The
+.Ar passwd
+field is an optional encrypted password.
+This field is rarely used and an asterisk is normally placed in it
+rather than leaving it blank.
+The
+.Ar member
+field contains the names of users granted the privileges of
+.Ar group .
+The member names are separated by commas without spaces or newlines.
+A user is automatically in a group if that group was specified in their
+.Xr passwd 5
+entry and does not need to be added to that group in the
+.Nm
+file.
+.\" .Pp
+.\" When the system reads the file
+.\" .Pa /etc/group
+.\" the fields are read into the structure
+.\" .Fa group
+.\" declared in
+.\" .Aq Pa grp.h :
+.\" .Bd -literal -offset indent
+.\" struct group {
+.\"	char    *gr_name;        /* group name */
+.\"	char    *gr_passwd;      /* group password */
+.\"	int     gr_gid;          /* group id */
+.\"	char    **gr_mem;        /* group members */
+.\" };
+.\" .Ed
+.Sh YP SUPPORT
+If YP is active, the
+.Nm
+file also supports YP exclusions and inclusions.
+.Pp
+Lines beginning with a
+.Ql \&-
+(minus sign) are entries marked as being excluded from any following
+inclusions, which are marked with a `+' (plus sign).
+.Pp
+Lines of the format
+.Bd -literal -offset indent
++name:*::
+.Ed
+.Pp
+cause the specified group to be included from the
+.Pa group.byname
+YP map.
+If no group name is specified, or the
+.Ql +
+(plus sign) appears alone on a line, all groups are included from the YP map.
+.Pp
+YP references may appear anywhere in the file, but the single
+.Ql +
+form should be on the last line, for historical reasons.
+Only the first group with a specific name encountered, whether in the
+.Nm
+file itself, or included via YP, will be used.
+.Pp
+Proper YP group support requires consistent
+.Pa group.byname ,
+.Pa group.bygid
+and
+.Pa netid.byname
+YP maps.
+See
+.Xr getgrent 3
+and
+.Xr getgrouplist 3
+for details.
+.Pp
+When YP is enabled but temporarily unavailable, login becomes impossible
+for all users except those having an entry in the
+.Xr netid 5
+file.
+.Sh FILES
+.Bl -tag -width /etc/group -compact
+.It Pa /etc/group
+.El
+.Sh SEE ALSO
+.Xr passwd 1 ,
+.Xr setgroups 2 ,
+.Xr crypt 3 ,
+.Xr initgroups 3 ,
+.Xr netid 5 ,
+.Xr passwd 5 ,
+.Xr yp 8
+.Sh HISTORY
+The
+.Nm
+file format first appeared in
+.At v6 .
+.Pp
+The YP file format first appeared in SunOS.
+.Sh BUGS
+The
+.Xr passwd 1
+command does not change the
+.Nm
+passwords.
+.Pp
+Lines in
+.Pa /etc/group
+are limited to 1024 characters.
+YP groups are not affected by this limit.
+.Pp
+Groups are limited to a maximum of 200 members per group.
diff --git a/static/openbsd/man5/hostname.if.5 b/static/openbsd/man5/hostname.if.5
new file mode 100644
index 00000000..9505d6be
--- /dev/null
+++ b/static/openbsd/man5/hostname.if.5
@@ -0,0 +1,273 @@
+.\"	$OpenBSD: hostname.if.5,v 1.82 2022/12/16 04:04:25 afresh1 Exp $
+.\"	$NetBSD: hosts.5,v 1.4 1994/11/30 19:31:20 jtc Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)hosts.5	8.2 (Berkeley) 12/11/93
+.\"
+.Dd $Mdocdate: December 16 2022 $
+.Dt HOSTNAME.IF 5
+.Os
+.Sh NAME
+.Nm hostname.if
+.Nd interface-specific configuration files
+.Sh DESCRIPTION
+The
+.Nm hostname.*\&
+files contain information regarding the configuration of each network interface.
+Interfaces are referenced by name and unit,
+such as
+.Dq hostname.fxp0 .
+For some machines,
+autoconfiguration makes this system inconsistent,
+so interfaces can alternatively be referenced by
+their link layer address (lladdr),
+such as
+.Dq hostname.00:00:5e:00:53:af .
+Priority is given to configuration by interface lladdr over name/unit.
+A configuration file is not needed for lo0.
+.Pp
+The configuration information is expressed in a line-by-line packed format
+which makes the most common cases simpler; those dense formats are described
+below.
+Any lines not matching these packed formats are passed directly to
+.Xr ifconfig 8 .
+The packed formats are converted using a somewhat inflexible parser and
+the administrator should not expect magic \(em if in doubt study
+.Xr ifconfig 8
+and the
+per-driver manual pages to see what arguments are permitted.
+.Pp
+Arguments containing either whitespace or single quote
+characters must be double quoted.
+For example:
+.Bd -literal -offset indent
+inet 10.0.0.1 255.255.255.0 10.0.0.255 description "Bob's uplink"
+.Ed
+.Pp
+Each line is processed separately and in order.
+For example:
+.Bd -literal -offset indent
+join mynwid wpakey mywpakey
+inet6 autoconf
+inet autoconf
+.Ed
+.Pp
+would run ifconfig three times to add a wireless network using WPA to the
+join list and enable dynamic address configuration for IPv6 and IPv4.
+.Sh STATIC ADDRESS CONFIGURATION
+The following packed formats are valid for configuring network
+interfaces with static addresses.
+.Pp
+Regular IPv4 network setup:
+.Bd -ragged -offset indent
+.Li inet
+.Op Li alias
+.Va addr
+.Va netmask
+.Va broadcast_addr
+.Va options
+.br
+.Li dest
+.Va dest_addr
+.Ed
+.Pp
+Regular IPv6 network setup:
+.Bd -ragged -offset indent
+.Li inet6
+.Op Li alias
+.Va addr
+.Va prefixlen
+.Va options
+.br
+.Li dest
+.Va dest_addr
+.Ed
+.Pp
+Other network setup:
+.Bd -ragged -offset indent
+.Va addr_family
+.Va options
+.Ed
+.Pp
+A typical file contains only one line, but more extensive files are possible,
+for example:
+.Bd -literal -offset 1n
+media 100baseTX description Uplink
+inet 10.0.1.12 255.255.255.0 10.0.1.255
+inet alias 10.0.1.13 255.255.255.255 10.0.1.13
+inet alias 10.0.1.14 255.255.255.255 NONE
+inet alias 10.0.1.15 255.255.255.255
+inet alias 10.0.1.16 0xffffffff
+# This is an example comment line.
+inet6 alias fec0::1 64
+inet6 alias fec0::2 64 anycast
+!route add 65.65.65.65 10.0.1.13
+up
+.Ed
+.Pp
+The above formats have the following field values:
+.Bl -tag -width indent -offset indent
+.It Va addr_family
+The address family of the interface, generally
+.Dq inet
+or
+.Dq inet6 .
+.It Li alias
+The literal string
+.Dq alias
+if this is an additional network address for the interface.
+.It Va addr
+The optional address that belongs to the interface, such as
+190.191.192.1 or fe80:2::1.
+It is also feasible to use a hostname as specified in
+.Pa /etc/hosts .
+It is recommended that an address be used instead of symbolic information,
+since the latter might activate resolver library routines.
+.Pp
+If no address is specified, the
+.Va netmask ,
+.Va broadcast_addr ,
+.Li dest ,
+and
+.Va dest_addr
+options are invalid and will be ignored.
+.It Va netmask
+The optional network mask for the interface, e.g.,
+255.255.255.0.
+If
+.Va addr
+is specified but
+.Va netmask
+is not, the classful mask based on
+.Va addr
+is used.
+.It Va broadcast_addr
+The optional broadcast address for the interface, e.g.,
+190.191.192.255.
+The word
+.Dq NONE
+can also be specified in order to configure the broadcast address based
+on the
+.Va netmask .
+The
+.Va netmask
+option must be present in order to use this option.
+.It Va options
+Miscellaneous options to set on the interface, e.g.,
+.Dq media 100baseTX mediaopt full-duplex .
+Valid options for a particular interface type can be found in
+.Xr ifconfig 8 .
+When used, the
+.Va netmask
+and
+.Va broadcast_addr
+options must also be present.
+.It Li dest
+If the interface needs a destination address set, this is the literal text
+.Dq dest .
+As shown in the example, this declaration should start on a separate line.
+.It Va dest_addr
+The destination address to be set on the interface, such as
+190.191.192.2.
+It is also feasible to use a hostname as specified in
+.Pa /etc/hosts .
+It is recommended that an address be used instead of symbolic information
+which might activate resolver library routines.
+.It Va prefixlen
+The prefixlen number, or number of bits in the netmask, to be set on
+the interface, such as 64.
+.It Li #
+Comments are allowed.
+Anything following a comment character is treated as a comment.
+.It Li \&! Ns Ar command
+Arbitrary shell commands can be executed using this directive, as
+long as they are available in the single-user environment (for
+instance,
+.Pa /bin
+or
+.Pa /sbin ) .
+Useful for doing interface-specific configuration such as
+setting up custom routes or default source IP address using
+.Xr route 8
+or establishing tunnels using
+.Xr ifconfig 8 .
+It is worth noting that
+.Dq \e$if
+in a command line will be replaced by the interface name.
+.Pp
+For example,
+to set 192.0.2.1 and 2001:db8::1 as source IP addresses for
+outgoing connections:
+.Bd -literal -offset indent
+inet 192.0.2.1/32
+inet6 2001:db8::1/128
+up
+!route sourceaddr -ifp \e$if
+.Ed
+.El
+.Sh DYNAMIC ADDRESS CONFIGURATION
+IPv4 dynamic addressing via DHCP is requested using
+.Dq inet autoconf
+followed by any options to be passed to
+.Xr ifconfig 8 .
+.Bd -ragged -offset indent
+.Li inet autoconf
+.Op Va ifconfig_options
+.Ed
+.Pp
+The token
+.Dq dhcp
+on its own line without any options is short for
+.Dq inet autoconf .
+.Pp
+IPv6 stateless address autoconfiguration is requested using
+the literal string
+.Dq inet6 autoconf
+followed by any options to be passed to
+.Xr ifconfig 8 .
+.Bd -ragged -offset indent
+.Li inet6 autoconf
+.Op Va ifconfig_options
+.Ed
+.Pp
+The
+.Va autoconf
+configurations will communicate learned DNS information to
+.Xr resolvd 8 .
+.Sh FILES
+.Bl -tag -width "/etc/hostname.XXXXXX"
+.It Pa /etc/hostname.XXX
+Interface-specific configuration files.
+.El
+.Sh SEE ALSO
+.Xr hosts 5 ,
+.Xr ifconfig 8 ,
+.Xr netstart 8 ,
+.Xr rc 8 ,
+.Xr slaacd 8
diff --git a/static/openbsd/man5/hosts.5 b/static/openbsd/man5/hosts.5
new file mode 100644
index 00000000..c15d19b7
--- /dev/null
+++ b/static/openbsd/man5/hosts.5
@@ -0,0 +1,118 @@
+.\"	$OpenBSD: hosts.5,v 1.27 2023/11/25 08:14:43 florian Exp $
+.\"	$NetBSD: hosts.5,v 1.4 1994/11/30 19:31:20 jtc Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)hosts.5	8.2 (Berkeley) 12/11/93
+.\"
+.Dd $Mdocdate: November 25 2023 $
+.Dt HOSTS 5
+.Os
+.Sh NAME
+.Nm hosts
+.Nd host and network name database
+.Sh DESCRIPTION
+The
+.Nm
+file associates names and IP addresses.
+Each line has the following format:
+.Bd -unfilled -offset indent
+Internet address
+Host or network name
+Aliases
+.Ed
+.Pp
+Items are separated by any number of blanks and/or tab characters.
+A
+.Ql #
+indicates the beginning of a comment; characters up to the end of the line
+are not interpreted by routines which search the file.
+.Pp
+The system configuration file
+.Xr resolv.conf 5
+controls where host name information will be searched for.
+The mechanism provided permits the administrator to describe the
+databases to search; the databases currently known include
+DNS
+and the
+.Nm hosts
+database.
+.Pp
+When using a name server,
+this file provides a backup when the name server is not running.
+For the name server, it is suggested that only a few addresses
+be included in this file.
+These include addresses for the local interfaces that
+.Xr ifconfig 8
+needs at boot time and a few machines on the local network.
+.Pp
+Internet addresses are specified using either
+dot notation (IPv4) or colon separated notation (IPv6) as described in
+.Xr inet_pton 3 .
+Host names may contain any printable character other than a field delimiter,
+newline, or comment character.
+.Pp
+The host "localhost" and all names underneath the localhost domain will
+always resolve to the loopback addresses 127.0.0.1 or ::1.
+.Sh FILES
+.Bl -tag -width /etc/hosts -compact
+.It Pa /etc/hosts
+.El
+.Sh SEE ALSO
+.Xr getaddrinfo 3 ,
+.Xr gethostbyname 3 ,
+.Xr getnameinfo 3 ,
+.Xr inet_pton 3 ,
+.Xr resolv.conf 5 ,
+.Xr ifconfig 8 ,
+.Xr nsd 8 ,
+.Xr unbound 8
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.2 .
+.Pp
+An official host database used to be maintained at
+the Network Information Control Center (NIC).
+.Pp
+Up to
+.Ox 6.3 ,
+a separate file
+.Pa /etc/networks
+could be used to store network names.
+.Sh BUGS
+A name server should be used instead of a static file.
+.Pp
+Lines in
+.Pa /etc/hosts
+are limited to
+.Dv BUFSIZ
+characters
+.Pq currently 1024 .
+Longer lines will be ignored.
diff --git a/static/openbsd/man5/install.site.5 b/static/openbsd/man5/install.site.5
new file mode 100644
index 00000000..3545bda3
--- /dev/null
+++ b/static/openbsd/man5/install.site.5
@@ -0,0 +1,95 @@
+.\"     $OpenBSD: install.site.5,v 1.1 2021/11/08 16:12:09 kn Exp $
+.\"
+.\" Copyright (c) 2021 Klemens Nanni <kn@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 8 2021 $
+.Dt INSTALL.SITE 5
+.Os
+.Sh NAME
+.Nm install.site ,
+.Nm upgrade.site
+.Nd OpenBSD installation and upgrade customization
+.Sh DESCRIPTION
+The
+.Ox
+installer allows user-created sets and scripts to complement
+and modify the files from a default install prior to rebooting.
+.Pp
+Like the official file sets, generic
+.Pa site${ Ns Va VERSION Ns }.tgz
+and
+hostname-specific
+.Pa site${ Ns Va VERSION Ns }-$( Ns Ic hostname Fl s Ns ).tgz
+sets are
+.Xr gzip 1
+compressed
+.Xr tar 1
+archives rooted in
+.Pa /
+and untarred with the
+.Fl xzphf
+options.
+.Pp
+.Em siteXY
+sets
+must be included in
+.Pa index.txt
+in order to be fetched via
+HTTP(S) and selectable in the installer.
+.Pp
+If they exist and are executable,
+.Pa /install.site
+and
+.Pa /upgrade.site
+are run at the end of the install and upgrade process, respectively, with
+.Xr chroot 8
+based at the system's root.
+.Sh FILES
+.Bl -tag -width "site${VERSION}-$(hostname -s).tgz" -compact
+.It Pa site${ Ns Va VERSION Ns }.tgz
+Generic set.
+.It Pa site${ Ns Va VERSION Ns }-$( Ns Ic hostname Fl s Ns ).tgz
+Host-specific set.
+.It Pa /upgrade.site
+Generic post-upgrade script.
+.It Pa /install.site
+Generic post-install script.
+.El
+.Sh EXAMPLES
+Create
+.Em site70
+sets and update the index:
+.Bd -literal -offset indent
+# tar -czhf site70.tgz generic/
+# tar -czhf site70-puffy.tgz puffy/
+# ls -lT > index.txt
+.Ed
+.Pp
+Upgrade
+.Xr packages 7
+upon reboot after
+.Xr sysupgrade 8
+upgraded the system:
+.Bd -literal -offset indent
+# cat <<- EOF >> /upgrade.site
+	echo 'pkg_add -Iu' >>/etc/rc.firsttime
+EOF
+# chmod +x /upgrade.site
+# sysupgrade
+.Ed
+.Sh SEE ALSO
+.Xr autoinstall 8 ,
+.Xr rc 8 ,
+.Xr sysupgrade 8
diff --git a/static/openbsd/man5/installurl.5 b/static/openbsd/man5/installurl.5
new file mode 100644
index 00000000..3c5e9ba8
--- /dev/null
+++ b/static/openbsd/man5/installurl.5
@@ -0,0 +1,44 @@
+.\"	$OpenBSD: installurl.5,v 1.8 2019/04/27 22:30:05 tj Exp $
+.\"
+.\" Copyright (c) 2017 Robert Peichaer <rpe@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 27 2019 $
+.Dt INSTALLURL 5
+.Os
+.Sh NAME
+.Nm installurl
+.Nd OpenBSD mirror server location
+.Sh DESCRIPTION
+The
+.Pa /etc/installurl
+file contains a single line specifying an
+.Ox
+mirror server URL, such as
+.Pp
+.Dl https://cdn.openbsd.org/pub/OpenBSD
+.Pp
+It is created by the installer script during installations and upgrades.
+.Pp
+Empty lines and lines beginning with
+.Sq #
+in the file are ignored.
+.Sh FILES
+.Bl -tag -width /etc/installurl -compact
+.It Pa /etc/installurl
+.El
+.Sh SEE ALSO
+.Xr pkg_add 1 ,
+.Xr syspatch 8 ,
+.Xr sysupgrade 8
diff --git a/static/openbsd/man5/intro.5 b/static/openbsd/man5/intro.5
new file mode 100644
index 00000000..63a5d77d
--- /dev/null
+++ b/static/openbsd/man5/intro.5
@@ -0,0 +1,48 @@
+.\"	$OpenBSD: intro.5,v 1.9 2018/09/30 13:24:32 schwarze Exp $
+.\"
+.\" Copyright (c) 1999 Hugh Graham
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: September 30 2018 $
+.Dt INTRO 5
+.Os
+.Sh NAME
+.Nm intro
+.Nd introduction to file formats
+.Sh DESCRIPTION
+The manual pages in section 5 contain information related to
+file formats, including:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+ASCII configuration and resource files
+.It
+system binary file structures
+.It
+composition of database files
+.El
+.Sh HISTORY
+An
+.Nm
+manual for section 5 appeared in
+.Ox 2.5 .
diff --git a/static/openbsd/man5/login.conf.5 b/static/openbsd/man5/login.conf.5
new file mode 100644
index 00000000..f97f449d
--- /dev/null
+++ b/static/openbsd/man5/login.conf.5
@@ -0,0 +1,948 @@
+.\"
+.\" Copyright (c) 1995,1996,1997 Berkeley Software Design, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by Berkeley Software Design,
+.\"	Inc.
+.\" 4. The name of Berkeley Software Design, Inc.  may not be used to endorse
+.\"    or promote products derived from this software without specific prior
+.\"    written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $OpenBSD: login.conf.5,v 1.73 2025/01/26 05:47:17 semarie Exp $
+.\" BSDI $From: login.conf.5,v 2.20 2000/06/26 14:50:38 prb Exp $
+.\"
+.Dd $Mdocdate: January 26 2025 $
+.Dt LOGIN.CONF 5
+.Os
+.Sh NAME
+.Nm login.conf
+.Nd login class capability database
+.Sh DESCRIPTION
+The
+.Nm
+file describes the various attributes of login classes.
+A login class determines what styles of authentication are available
+as well as session resource limits and environment setup.
+While designed primarily for the
+.Xr login 1
+program,
+it is also used by other programs, such as
+.Xr ftpd 8 ,
+to determine what means of authentication are available.
+It is also used by programs which need to set up a user environment.
+.Pp
+A special record,
+.Dq default ,
+in
+.Pa /etc/login.conf
+is used for any user without a valid login class in
+.Pa /etc/master.passwd .
+.Pp
+In case the
+.Pa /etc/login.conf.d/${ Ns Va class Ns }
+file exists, it will take precedence over the same login class
+defined in
+.Pa /etc/login.conf .
+.Pp
+Sites with very large
+.Pa /etc/login.conf
+files may wish to create a database version of the file,
+.Pa /etc/login.conf.db ,
+for improved performance.
+Using a database version for small files does not result in a
+performance improvement.
+To build
+.Pa /etc/login.conf.db
+from
+.Pa /etc/login.conf
+the following command may be used:
+.Pp
+.Dl # cap_mkdb /etc/login.conf
+.Pp
+Note that
+.Xr cap_mkdb 1
+must be run after each edit of
+.Pa /etc/login.conf
+or the
+.Pa /etc/login.conf.d/${class}
+file to keep the database version in sync with the plain file.
+.Sh CAPABILITIES
+Refer to
+.Xr cgetent 3
+for a description of the file layout.
+All entries in the
+.Nm
+file are either boolean or use a
+.Ql =
+to separate the capability from the value.
+The types are described after the capability table.
+.Bl -column "approve-service" "program" "bcrypt,8" "Description"
+.It Sy Name Ta Sy Type Ta Sy Default Ta Sy Description
+.\"
+.It approve Ta program Ta "" Ta
+Default program to approve login.
+.\"
+.Pp
+.It approve- Ns Ar service Ta program Ta "" Ta
+Program to approve login for
+.Ar service .
+.\"
+.Pp
+.It auth Ta list Ta Dv passwd Ta
+Allowed authentication styles.
+The first value is the default style.
+.\"
+.Pp
+.It auth- Ns Ar type Ta list Ta "" Ta
+Allowed authentication styles for the authentication type
+.Ar type .
+.\"
+.Pp
+.It classify Ta program Ta "" Ta
+Classify type of login.
+.\"
+.Pp
+.It copyright Ta file Ta "" Ta
+File containing additional copyright information.
+.\"
+.Pp
+.It coredumpsize Ta size Ta "" Ta
+Maximum coredump size limit.
+.\"
+.Pp
+.It cputime Ta time Ta "" Ta
+CPU usage limit.
+.\"
+.Pp
+.It datasize Ta size Ta "" Ta
+Maximum data size limit.
+.\"
+.Pp
+.It expire-warn Ta time Ta Dv 2w Ta
+If the user's account will expire within this length of time then
+warn the user of this.
+.\"
+.Pp
+.It filesize Ta size Ta "" Ta
+Maximum file size limit.
+.\"
+.Pp
+.It hushlogin Ta bool Ta Dv false Ta
+Same as having a
+.Pa $HOME/.hushlogin
+file.
+See
+.Xr login 1 .
+.\"
+.Pp
+.It ignorenologin Ta bool Ta Dv false Ta
+Not affected by
+.Pa nologin
+files.
+See
+.Xr login 1 .
+.\"
+.Pp
+.It localcipher Ta string Ta bcrypt,a Ta
+The cipher to use for encrypting passwords.
+Refer to
+.Xr crypt_newhash 3
+for possible values.
+.\"
+.Pp
+.It login-backoff Ta number Ta 3 Ta
+After
+.Ar login-backoff
+unsuccessful login attempts during a single session,
+.Xr login 1
+will start sleeping a bit in between attempts.
+.\"
+.Pp
+.It login-timeout Ta time Ta 300 Ta
+Number of seconds before
+.Xr login 1
+times out at the password prompt.
+Note that this setting is only valid for the
+.Li default
+record.
+.\"
+.Pp
+.It login-tries Ta number Ta 10 Ta
+Number of tries a user gets to successfully login before
+.Xr login 1
+closes the connection.
+.\"
+.Pp
+.It stacksize Ta size Ta "" Ta
+Maximum stack size limit.
+.\"
+.Pp
+.It maxproc Ta number Ta "" Ta
+Maximum number of processes.
+.\"
+.Pp
+.It memorylocked Ta size Ta "" Ta
+Maximum locked in core memory size limit.
+.\"
+.Pp
+.It memoryuse Ta size Ta "" Ta
+Maximum in core memoryuse size limit.
+.\"
+.Pp
+.It minpasswordlen Ta number Ta 6 Ta
+The minimum length a local password may be.
+If a negative value or zero, no length restrictions are enforced.
+Used by the
+.Xr passwd 1
+utility.
+.\"
+.Pp
+.It nologin Ta file Ta "" Ta
+If the file exists, it will be displayed
+and the login session will be terminated.
+.\"
+.Pp
+.It openfiles Ta number Ta "" Ta
+Maximum number of open file descriptors per process.
+.\"
+.Pp
+.It password-dead Ta time Ta Dv 0 Ta
+Length of time a password may be expired but not quite dead yet.
+When set (for both the client and remote server machine when doing
+remote authentication), a user is allowed to log in just one more
+time after their password (but not account) has expired.
+This allows a grace period for updating their password.
+.\"
+.Pp
+.It password-warn Ta time Ta Dv 2w Ta
+If the user's password will expire within this length of time then
+warn the user of this.
+.\"
+.Pp
+.It passwordcheck Ta program Ta "" Ta
+An external program that checks the quality of the password.
+The password is passed to the program on
+.Pa stdin .
+An exit code of 0 indicates that the quality of the password is
+sufficient, an exit code of 1 signals that the password failed the check.
+.\"
+.Pp
+.It passwordtime Ta time Ta "" Ta
+The lifetime of a password in seconds, reset every time a user
+changes their password.
+When this value is exceeded, the user will no longer be able to
+login unless the
+.Li password-dead
+option has been specified.
+Used by the
+.Xr passwd 1
+utility.
+.\"
+.Pp
+.It passwordtries Ta number Ta 3 Ta
+The number of times the
+.Xr passwd 1
+utility enforces a check on the password.
+If 0, the new password will only be accepted if it passes the password
+quality check.
+.\"
+.Pp
+.It path Ta path Ta value of Dv _PATH_DEFPATH Ta
+.br
+Default search path.
+See
+.Pa /usr/include/paths.h .
+.\"
+.Pp
+.It priority Ta number Ta "" Ta
+Initial priority (nice) level.
+.\"
+.Pp
+.It requirehome Ta bool Ta Dv false Ta
+Require home directory to login.
+.\"
+.Pp
+.It rtable Ta number Ta "" Ta
+Rtable to be set for the class.
+.\"
+.Pp
+.It setenv Ta envlist Ta "" Ta
+A list of environment variables and associated values to be set for the class.
+.\"
+.Pp
+.It shell Ta program Ta "" Ta
+Session shell to execute rather than the shell specified in the password file.
+The
+.Ev SHELL
+environment variable will contain the shell specified in the password file.
+.\"
+.Pp
+.It tc Ta string Ta "" Ta
+Interpolate/expands records from corresponding
+.Pa login.conf .
+See
+.Xr cgetent 3 .
+.\"
+.Pp
+.It term Ta string Ta Dv su Ta
+Default terminal type if not able to determine from other means.
+.\"
+.Pp
+.It umask Ta number Ta Dv 022 Ta
+Initial umask.
+Should always have a leading
+.Li 0
+to ensure octal interpretation.
+See
+.Xr umask 2 .
+.\"
+.Pp
+.It vmemoryuse Ta size Ta "" Ta
+Maximum virtual memoryuse size limit.
+.\"
+.Pp
+.It welcome Ta file Ta Pa /etc/motd Ta
+File containing welcome message.
+.El
+.Pp
+The resource limit entries
+.Va ( cputime , filesize , datasize , stacksize , coredumpsize ,
+.Va memoryuse , memorylocked , maxproc ,
+and
+.Va openfiles )
+actually specify both the maximum and current limits (see
+.Xr getrlimit 2 ) .
+The current limit is the one normally used, although the user is permitted
+to increase the current limit to the maximum limit.
+The maximum and current limits may be specified individually by appending a
+.Va \-max
+or
+.Va \-cur
+to the capability name (e.g.,
+.Va openfiles-max
+and
+.Va openfiles-cur ) .
+.Pp
+.Ox
+will never define capabilities which start with
+.Li x-
+or
+.Li X- ,
+these are reserved for external use (unless included through contributed
+software).
+.Pp
+The argument types are defined as:
+.Bl -tag -width programxx
+.\"
+.It envlist
+A comma-separated list of environment variables of the form
+.Ev variable Ns No = Ns value .
+If no value is specified, the
+.Sq =
+is optional.
+A
+.Li ~
+in the path name is expanded to the user's home directory
+if it is at the end of a string or is followed by a slash
+.Pq Sq /
+or the user's login name.
+A
+.Li $
+in the path name is expanded to the user's login name.
+.\"
+.It file
+Path name to a text file.
+.\"
+.It list
+A comma-separated list of values.
+.\"
+.It number
+A number, or
+.Cm infinity
+for no limit.
+A leading
+.Li 0x
+implies the number is expressed in hexadecimal.
+A leading
+.Li 0
+implies the number is expressed in octal.
+Any other number is treated as decimal.
+.\"
+.It path
+A space-separated list of path names.
+Login name and directory are substituted as for
+.Em envlist .
+Additionally, a
+.Li ~
+is only expanded at the beginning of a path name.
+.\"
+.It program
+A path name to program.
+.\"
+.It size
+A number which expresses a size, or
+.Cm infinity
+for no limit.
+By default, the size is specified in bytes.
+It may have a trailing
+.Li b ,
+.Li k ,
+.Li m ,
+.Li g
+or
+.Li t
+to indicate that the value is in 512-byte blocks,
+kilobytes, megabytes, gigabytes, or terabytes, respectively.
+.\"
+.It time
+A time in seconds, or
+.Cm infinity
+for no limit.
+A time may be expressed as a series of numbers which are added together.
+Each number may have a trailing character to represent time units:
+.Bl -tag -width xxx
+.\"
+.It y
+Indicates a number of 365 day years.
+.\"
+.It w
+Indicates a number of 7 day weeks.
+.\"
+.It d
+Indicates a number of 24 hour days.
+.\"
+.It h
+Indicates a number of 60 minute hours.
+.\"
+.It m
+Indicates a number of 60 second minutes.
+.\"
+.It s
+Indicates a number of seconds.
+.El
+.Pp
+For example, to indicate 1 and 1/2 hours, the following string could be used:
+.Li 1h30m .
+.El
+.\"
+.Sh AUTHENTICATION
+.Ox
+uses
+.Bx
+Authentication, which is made up of a variety of
+authentication styles.
+The authentication styles currently provided are:
+.Bl -tag -width lchpassxx
+.\"
+.It Li activ
+Authenticate using an ActivCard token.
+See
+.Xr login_activ 8 .
+.\"
+.It Li chpass
+Change user's password.
+See
+.Xr login_chpass 8 .
+.\"
+.It Li crypto
+Authenticate using a CRYPTOCard token.
+See
+.Xr login_crypto 8 .
+.\"
+.It Li lchpass
+Change user's local password.
+See
+.Xr login_lchpass 8 .
+.\"
+.It Li ldap
+Authenticate using an LDAP server.
+See
+.Xr login_ldap 8 .
+.\"
+.It Li passwd
+Request a password and check it against the password in the master.passwd file.
+See
+.Xr login_passwd 8 .
+.\"
+.It Li radius
+Normally linked to another authentication type, contact a RADIUS server
+to do authentication.
+See
+.Xr login_radius 8 .
+.\"
+.It Li reject
+Request a password and reject any request.
+See
+.Xr login_reject 8 .
+.\"
+.It Li skey
+Send a challenge and request a response, checking it
+with S/Key (tm) authentication.
+See
+.Xr login_skey 8 .
+.\"
+.It Li snk
+Authenticate using a SecureNet Key token.
+See
+.Xr login_snk 8 .
+.\"
+.It Li token
+Authenticate using a generic X9.9 token.
+See
+.Xr login_token 8 .
+.\"
+.It Li yubikey
+Authenticate using a Yubico YubiKey token.
+See
+.Xr login_yubikey 8 .
+.El
+.Pp
+Local authentication styles may be added by creating a login script
+for the style (see below).
+To prevent collisions with future official
+.Bx
+Authentication style names, all local style names should start with a dash (-).
+Current plans are for all official
+.Bx
+Authentication style names to begin
+with a lower case alphabetic character.
+For example, if you have a new style you refer to as
+.Li slick
+then you should create an authentication script named
+.Pa /usr/libexec/auth/login_-slick
+using the style name
+.Li -slick .
+When logging in via the
+.Xr login 1
+program, the syntax
+.Ar user Ns Li :-slick
+would be used.
+.Pp
+Authentication requires several pieces of information:
+.Bl -tag -width usernamexx
+.\"
+.It Ar class
+The login class being used.
+.It Ar service
+The type of service requesting authentication.
+The service type is used to determine what information the authentication
+program can provide to the user and what information the user can provide
+to the authentication program.
+.Pp
+The service type
+.Li login
+is appropriate for most situations.
+Two other service types,
+.Li challenge
+and
+.Li response ,
+are provided for use by programs like
+.Xr ftpd 8
+and
+.Xr radiusd 8 .
+If no service type is specified,
+.Li login
+is used.
+.It Ar style
+The authentication style being used.
+.It Ar type
+The authentication type,
+used to determine the available authentication styles.
+.It Ar username
+The name of the user to authenticate.
+The name may contain an instance.
+If the authentication style being used does not support such instances,
+the request will fail.
+.El
+.Pp
+The program requesting authentication must specify a username and an
+authentication style.
+(For example,
+.Xr login 1
+requests a username from the user.
+Users may enter usernames of the form
+.Dq user:style
+to optionally specify the authentication style.)
+The requesting program may also specify the type of authentication
+that will be done.
+Most programs will only have a single type, if any at all, i.e.,
+.Xr ftpd 8
+will always request the
+.Li ftp
+type authentication, and
+.Xr su 1
+will always request the
+.Li su
+type authentication.
+The
+.Xr login 1
+utility is special in that it may select an authentication type based
+on information found in the
+.Pa /etc/ttys
+file for the appropriate tty (see
+.Xr ttys 5 ) .
+.Pp
+The class to be used is normally determined by the
+.Li class
+field in the password file (see
+.Xr passwd 5 ) .
+.Pp
+The class is used to look up a corresponding entry in the
+.Pa login.conf
+file.
+If an authentication type is defined and a value for
+.Li auth- Ns Ar type
+exists in that entry,
+it will be used as a list of potential authentication styles.
+If an authentication type is not defined, or
+.Li auth- Ns Ar type
+is not specified for the class,
+the value of
+.Li auth
+is used as the list of available authentication styles.
+.Pp
+If the user did not specify an authentication style, the first style
+in the list of available styles is used.
+If the user did specify an authentication style and the style is in the
+list of available styles it will be used, otherwise the request is
+rejected.
+.Pp
+For any given style, the program
+.Pa /usr/libexec/auth/login_ Ns Va style
+is used to perform the authentication.
+The synopsis of this program is:
+.Pp
+.Li /usr/libexec/auth/login_ Ns Va style
+.Op Fl v Va name=value
+.Op Fl s Va service
+.Va username class
+.Pp
+The
+.Fl v
+option is used to specify arbitrary information to the authentication
+programs.
+Any number of
+.Fl v
+options may be used.
+The
+.Xr login 1
+program provides the following through the
+.Fl v
+option:
+.Bl -tag -width remote_addrxxx
+.It Li auth_type
+The type of authentication to use.
+.It Li fqdn
+The hostname provided to login by the
+.Fl h
+option.
+.It Li hostname
+The name
+.Xr login 1
+will place in the utmp file
+for the remote hostname.
+.It Li local_addr
+The local IP address given to
+.Xr login 1
+by the
+.Fl L
+option.
+.It Li lastchance
+Set to
+.Dq yes
+when a user's password has expired but the user is being given one last
+chance to login and update the password.
+.It Li login
+This is a new login session (as opposed to a simple identity check).
+.It Li remote_addr
+The remote IP address given to
+.Xr login 1
+by the
+.Fl R
+option.
+.It Li style
+The style of authentication used for this user
+(see approval scripts below).
+.El
+.Pp
+The
+.Xr su 1
+program provides the following through the
+.Fl v
+option:
+.Bl -tag -width remote_addrxxx
+.It Li wheel
+Set to either
+.Dq yes
+or
+.Dq no
+to indicate if the user is in group wheel when they are trying to become root.
+Some authentication types require the user to be in group wheel when using
+the
+.Xr su 1
+program to become super user.
+.El
+.Pp
+When the authentication program is executed,
+the environment will only contain the values
+.Ev PATH=/bin:/usr/bin
+and
+.Ev SHELL=/bin/sh .
+File descriptor 3 will be open for reading and writing.
+The authentication program should write one or more of the following
+strings to this file descriptor:
+.Bl -tag -width authorize
+.\"
+.It Li authorize
+The user has been authorized.
+.\"
+.It Li authorize secure
+The user has been authorized and root should be allowed to
+login even if this is not a secure terminal.
+This should only be sent by authentication styles that are secure
+over insecure lines.
+.\"
+.It Li reject
+Authorization is rejected.
+This overrides any indication that the user was authorized (though
+one would question the wisdom in sending both a
+.Va reject
+and an
+.Va authorize
+command).
+.\"
+.It Li reject challenge
+Authorization was rejected and a challenge has been made available
+via the value
+.Li challenge .
+.\"
+.It Li reject silent
+Authorization is rejected, but no error messages should be generated.
+.\"
+.It Li remove Va file
+If the login session fails for any reason, remove
+.Va file
+before termination.
+.\"
+.It Li setenv Va name Va value
+If the login session succeeds, the environment variable
+.Va name
+should be set to the specified
+.Va value .
+.\"
+.It Li unsetenv Va name
+If the login session succeeds, the environment variable
+.Va name
+should be removed.
+.\"
+.It Li value Va name Va value
+Set the internal variable
+.Va name
+to the specified
+.Va value .
+The
+.Va value
+should only contain printable characters.
+Several \e sequences may be used to introduce non printing characters.
+These are:
+.Bl -tag -width indent
+.It Li \en
+A newline.
+.It Li \er
+A carriage return.
+.It Li \et
+A tab.
+.It Li \e Ns Va xxx
+The character represented by the octal value
+.Va xxx .
+The value may be one, two, or three octal digits.
+.It Li \e Ns Va c
+The string is replaced by the value of
+.Va c .
+This allows quoting an initial space or the \e character itself.
+.El
+.Pp
+The following values are currently defined:
+.Bl -tag -width indent
+.It Li challenge
+See section on challenges below.
+.It Li errormsg
+If set, the value is the reason authentication failed.
+The calling program may choose to display this when rejecting the user, but
+display is not required.
+.El
+.El
+.Pp
+In order for authentication to be successful,
+the authentication program must exit with a value of 0 as well
+as provide an
+.Li authorize
+or
+.Li "authorize root"
+statement on file descriptor 3.
+.Pp
+An authentication program must not assume it will be called as root,
+nor must it assume it will not be called as root.
+If it needs special permissions to access files, it should be setuid or
+setgid to the appropriate user/group.
+See
+.Xr chmod 1 .
+.Sh CHALLENGES
+When an authentication program is called with a service of
+.Li challenge
+it should do one of three things:
+.Pp
+If this style of authentication supports challenge response,
+it should set the internal variable
+.Li challenge
+to be the appropriate challenge for the user.
+This is done by the
+.Li value
+command listed above.
+The program should also issue a
+.Li reject challenge
+and then exit with a 0 status.
+See the section on responses below.
+.Pp
+If this style of authentication does not support challenge response,
+but does support the
+.Li response
+service (described below) it should issue
+.Li reject silent
+and then exit with a 0 status.
+.Pp
+If this style of authentication does not support the
+.Li response
+service it should simply fail, complaining about an unknown service type.
+It should exit with a non-zero status.
+.Sh RESPONSES
+When an authentication program is called with a service of
+.Li response ,
+and this style supports this mode of authentication,
+it should read two null terminated strings from file descriptor 3.
+The first string is a challenge that was issued to the user
+(obtained from the
+.Li challenge
+service above).
+The second string is the response the user gave (i.e., the password).
+If the response is correct for the specified challenge, the authentication
+should be accepted, else it should be rejected.
+It is possible for the challenge to be an empty string, which implies
+the calling program did first obtain a challenge prior to getting a
+response from the user.
+Not all authentication styles support empty challenges.
+.Sh APPROVAL
+An approval program has the synopsis of:
+.Bd -filled -offset indent
+.Va approve
+.Op Fl v Ar name=value
+.Va username class service
+.Ed
+.Pp
+Just as with an authentication program, file descriptor 3 will be
+open for writing when the approval program is executed.
+The
+.Fl v
+option is the same as in the authentication program.
+Unlike an authentication program,
+the approval program need not explicitly send an
+.Li authorize
+or
+.Li "authorize root"
+statement,
+it only need exit with a value of 0 or non-zero.
+An exit value of 0 is equivalent to an
+.Li authorize
+statement, and non-zero to a
+.Li reject
+statement.
+This allows for simple programs which have no information to provide
+other than approval or denial.
+.Sh CLASSIFICATION
+A classify program has the synopsis of:
+.Bd -filled -offset indent
+.Va classify
+.Op Fl v Ar name=value
+.Op Fl f
+.Op user
+.Ed
+.Pp
+See
+.Xr login 1
+for a description of the
+.Fl f ,
+option.
+The
+.Fl v
+option is the same as for the authentication programs.
+The
+.Va user
+is the username passed to
+.Xr login 1
+login, if any.
+.Pp
+The typical job of the classify program is to determine what authentication
+type should actually be used, presumably based on the remote IP address.
+It might also re-specify the hostname to be included in the
+.Xr utmp 5
+file, reject the login attempt outright,
+or even print an additional login banner (e.g.,
+.Pa /etc/issue ) .
+.Pp
+The classify entry is only valid for the
+.Li default
+class as it is used prior to knowing who the user is.
+The classify script may pass environment variables or other commands
+back to
+.Xr login 1
+on file descriptor 3, just as an authentication program does.
+The two variables
+.Nm AUTH_TYPE
+and
+.Nm REMOTE_NAME
+are used to specify a new authentication type (the type must have the
+form
+.Li auth- Ns Ar type )
+and override the
+.Fl h
+option to login, respectively.
+.Sh FILES
+.Bl -tag -width "/etc/login.conf"
+.It Pa /etc/login.conf
+Login class capability database.
+.It Pa /etc/login.conf.d/${ Ns Va class Ns }
+Login class capability database for the specified
+login class.
+.El
+.Sh SEE ALSO
+.Xr cap_mkdb 1 ,
+.Xr login 1 ,
+.Xr auth_subr 3 ,
+.Xr authenticate 3 ,
+.Xr cgetent 3 ,
+.Xr login_cap 3 ,
+.Xr passwd 5 ,
+.Xr ttys 5 ,
+.Xr ftpd 8
diff --git a/static/openbsd/man5/mandoc.db.5 b/static/openbsd/man5/mandoc.db.5
new file mode 100644
index 00000000..0e2cfcc9
--- /dev/null
+++ b/static/openbsd/man5/mandoc.db.5
@@ -0,0 +1,228 @@
+.\"	$OpenBSD: mandoc.db.5,v 1.4 2016/08/01 12:24:37 schwarze Exp $
+.\"
+.\" Copyright (c) 2014, 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 1 2016 $
+.Dt MANDOC.DB 5
+.Os
+.Sh NAME
+.Nm mandoc.db
+.Nd manual page database
+.Sh DESCRIPTION
+The
+.Nm
+file format is used to store information about installed manual
+pages to facilitate semantic searching for manuals.
+Each manual page tree contains its own
+.Nm
+file; see
+.Sx FILES
+for examples.
+.Pp
+Such database files are generated by
+.Xr makewhatis 8
+and used by
+.Xr man 1 ,
+.Xr apropos 1
+and
+.Xr whatis 1 .
+.Pp
+The file format uses three datatypes:
+.Pp
+.Bl -dash -compact -offset 2n -width 1n
+.It
+32-bit signed integer numbers in big endian (network) byte ordering
+.It
+NUL-terminated strings
+.It
+lists of NUL-terminated strings, terminated by a second NUL character
+.El
+.Pp
+Numbers are aligned to four-byte boundaries; where they follow
+strings or lists of strings, padding with additional NUL characters
+occurs.
+Some, but not all, numbers point to positions in the file.
+These pointers are measured in bytes, and the first byte of the
+file is considered to be byte 0.
+.Pp
+Each file consists of:
+.Pp
+.Bl -dash -compact -offset 2n -width 1n
+.It
+One magic number, 0x3a7d0cdb.
+.It
+One version number, currently 1.
+.It
+One pointer to the macros table.
+.It
+One pointer to the final magic number.
+.It
+The pages table (variable length).
+.It
+The macros table (variable length).
+.It
+The magic number once again, 0x3a7d0cdb.
+.El
+.Pp
+The pages table contains one entry for each physical manual page
+file, no matter how many hard and soft links it may have in the
+file system.
+The pages table consists of:
+.Pp
+.Bl -dash -compact -offset 2n -width 1n
+.It
+The number of pages in the database.
+.It
+For each page:
+.Bl -dash -compact -offset 2n -width 1n
+.It
+One pointer to the list of names.
+.It
+One pointer to the list of sections.
+.It
+One pointer to the list of architectures
+or 0 if the page is machine-independent.
+.It
+One pointer to the one-line description string.
+.It
+One pointer to the list of filenames.
+.El
+.It
+For each page, the list of names.
+Each name is preceded by a single byte indicating the sources of the name.
+The meaning of the bits is:
+.Bl -dash -compact -offset 2n -width 1n
+.It
+0x10: The name appears in a filename.
+.It
+0x08: The name appears in a header line, i.e. in a .Dt or .TH macro.
+.It
+0x04: The name is the first one in the title line, i.e. it appears
+in the first .Nm macro in the NAME section.
+.It
+0x02: The name appears in any .Nm macro in the NAME section.
+.It
+0x01: The name appears in an .Nm block in the SYNOPSIS section.
+.El
+.It
+For each page, the list of sections.
+Each section is given as a string, not as a number.
+.It
+For each architecture-dependent page, the list of architectures.
+.It
+For each page, the one-line description string taken from the .Nd macro.
+.It
+For each page, the list of filenames relative to the root of the
+respective manpath.
+This list includes hard links, soft links, and links simulated
+with .so
+.Xr roff 7
+requests.
+The first filename is preceded by a single byte
+having the following significance:
+.Bl -dash -compact -offset 2n -width 1n
+.It
+.Dv FORM_SRC No = 0x01 :
+The file format is
+.Xr mdoc 7
+or
+.Xr man 7 .
+.It
+.Dv FORM_CAT No = 0x02 :
+The manual page is preformatted.
+.El
+.It
+Zero to three NUL bytes for padding.
+.El
+.Pp
+The macros table consists of:
+.Pp
+.Bl -dash -compact -offset 2n -width 1n
+.It
+The number of different macro keys, currently 36.
+The ordering of macros is defined in
+.In mansearch.h
+and the significance of the macro keys is documented in
+.Xr apropos 1 .
+.It
+For each macro key, one pointer to the respective macro table.
+.It
+For each macro key, the macro table (variable length).
+.El
+.Pp
+Each macro table consists of:
+.Pp
+.Bl -dash -compact -offset 2n -width 1n
+.It
+The number of entries in the table.
+.It
+For each entry:
+.Bl -dash -compact -offset 2n -width 1n
+.It
+One pointer to the value of the macro key.
+Each value is a string of text taken from some macro invocation.
+.It
+One pointer to the list of pages.
+.El
+.It
+For each entry, the value of the macro key.
+.It
+Zero to three NUL bytes for padding.
+.It
+For each entry, one or more pointers to pages in the pages table,
+pointing to the pointer to the list of names,
+followed by the number 0.
+.El
+.Sh FILES
+.Bl -tag -width /usr/share/man/mandoc.db -compact
+.It Pa /usr/share/man/mandoc.db
+The manual page database for the base system.
+.It Pa /usr/X11R6/man/mandoc.db
+The same for the
+.Xr X 7
+Window System.
+.It Pa /usr/local/man/mandoc.db
+The same for
+.Xr packages 7 .
+.El
+.Pp
+A program to dump
+.Nm
+files in a human-readable format suitable for
+.Xr diff 1
+is provided in the directory
+.Pa /usr/src/regress/usr.bin/mandoc/db/dbm_dump/ .
+.Sh SEE ALSO
+.Xr apropos 1 ,
+.Xr man 1 ,
+.Xr whatis 1 ,
+.Xr makewhatis 8
+.Sh HISTORY
+A manual page database
+.Pa /usr/lib/whatis
+first appeared in
+.Bx 2 .
+The present format first appeared in
+.Ox 6.1 .
+.Sh AUTHORS
+.An -nosplit
+The original version of
+.Xr makewhatis 8
+was written by
+.An Bill Joy
+in 1979.
+The present database format was designed by
+.An Ingo Schwarze Aq Mt schwarze@openbsd.org
+in 2016.
diff --git a/static/openbsd/man5/mixerctl.conf.5 b/static/openbsd/man5/mixerctl.conf.5
new file mode 100644
index 00000000..3a3e1934
--- /dev/null
+++ b/static/openbsd/man5/mixerctl.conf.5
@@ -0,0 +1,149 @@
+.\"	$OpenBSD: mixerctl.conf.5,v 1.10 2020/04/21 21:32:26 deraadt Exp $
+.\"
+.\" Copyright (c) 2008 Jason McIntyre <jmc@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 21 2020 $
+.Dt MIXERCTL.CONF 5
+.Os
+.Sh NAME
+.Nm mixerctl.conf
+.Nd mixerctl configuration file
+.Sh DESCRIPTION
+.Nm
+is the configuration file for
+.Xr mixerctl 8 .
+It allows the user to specify settings for the audio mixer
+at system startup.
+The exact set of variables available are
+largely dependent on the audio device driver,
+and vary from device to device.
+The file is made up of variable assignments
+.Pq Ar name Ns = Ns Ar value
+with comments designated by a hash mark
+.Pq Sq # .
+.Pp
+Some audio devices have _sense variables
+which can help identify connectors.
+The connectors' state will be one of
+.Ar plugged
+or
+.Ar unplugged ,
+depending on whether a jack is inserted.
+.Pp
+The connectors on audio cards are generally as follows:
+.Pp
+.Bl -tag -width "orangeXXX" -offset 3n -compact
+.It pink
+Microphone in.
+Used to record from a microphone.
+.It green
+Line out.
+Used for stereo speakers or headphones.
+.It blue
+Line in.
+Used to record from an external source.
+.It orange
+Speaker out; subwoofer.
+.It brown
+Speaker out; rear speakers.
+.It S/PDIF
+Optical connector;
+TOSLink, RCA, or 1/8" mini stereo.
+.El
+.Sh PLAYBACK
+Most devices have a number of digital to analogue converters (DACs),
+used for sound playback,
+and each DAC has a corresponding output mixer.
+The mixers are labelled
+.Dq mix
+or
+.Dq sel .
+Each DAC represents two channels of playback.
+.Pp
+Verify that playback works by playing an audio file
+(see
+.Xr aucat 1 )
+or CD
+(see
+.Xr cdio 1 ) .
+Check that any relevant inputs.* variables are unmuted
+and set to a high enough value to permit playback.
+For example, if playing a CD,
+.Xr grep 1
+for cd variables to adjust.
+Check also that the variable governing the general audio level,
+such as
+.Ic outputs.master ,
+is set to a sufficiently high value.
+.Pp
+Some cards are capable of multi-channel sound.
+In some cases _dir variables detail the direction
+(input or output)
+of the various connectors.
+Check that the direction of the corresponding connectors is set to
+.Ar output .
+Other devices may need to set _source variables to work correctly.
+The maximum possible value of the
+.Xr audioctl 8
+variable
+.Ic play.channels
+shows the number of channels available.
+.Sh RECORDING
+Most devices have a number of analogue to digital converters (ADCs),
+used for recording sound,
+and each ADC has a corresponding input mixer.
+The mixers are labelled
+.Dq mix
+or
+.Dq sel .
+Each ADC represents two channels of recording.
+.Pp
+Connect line in on the audio card to an audio source,
+such as an amplifier.
+Many devices have an auxiliary connector
+.Pq Dq aux
+available for recording,
+or a headphone socket could be used.
+.Pp
+Check that the variable that determines recording volume,
+such as
+.Ic record.volume ,
+is set high enough to provide a high enough sound level,
+but not so high as to distort the sound being recorded.
+It is also a good idea to mute any record.* variables not being
+used for recording.
+Obviously the recording source itself will have to be unmuted.
+.Pp
+A simple test that recording works may be done using
+.Xr aucat 1
+whilst playing back audio from an external source.
+The example below creates a .wav file of any audio being played.
+The file can then be played back to determine quality.
+.Pp
+.Dl $ aucat -o test.wav
+.Sh FILES
+.Bl -tag -width /etc/examples/mixerctl.conf -compact
+.It Pa /dev/audioctl0
+Default audio mixing device.
+.It Pa /etc/mixerctl.conf
+.Xr mixerctl 8
+configuration file.
+.It Pa /etc/examples/mixerctl.conf
+Example configuration file.
+.El
+.Sh SEE ALSO
+.Xr aucat 1 ,
+.Xr audioctl 8 ,
+.Xr mixerctl 8
diff --git a/static/openbsd/man5/mk.conf.5 b/static/openbsd/man5/mk.conf.5
new file mode 100644
index 00000000..0c9a5e20
--- /dev/null
+++ b/static/openbsd/man5/mk.conf.5
@@ -0,0 +1,266 @@
+.\"	$OpenBSD: mk.conf.5,v 1.38 2019/08/08 12:06:50 jmc Exp $
+.\"
+.\" Copyright (c) 2003 Jason McIntyre
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 8 2019 $
+.Dt MK.CONF 5
+.Os
+.Sh NAME
+.Nm mk.conf
+.Nd system-specific configuration parameters
+.Sh SYNOPSIS
+.Fd .include <bsd.own.mk>
+.Sh DESCRIPTION
+To get system-specific configuration parameters,
+.In bsd.own.mk
+will try to include the file specified by the
+.Ev MAKECONF
+variable.
+If
+.Ev MAKECONF
+is not set, or no such file exists, the system make configuration file
+.Pa /etc/mk.conf
+is included, if it exists.
+By default, this file does not exist,
+and must be created from scratch.
+For more information on how the make process works,
+and details of the format of make files,
+see
+.Xr make 1 .
+.Pp
+.In bsd.own.mk
+is generally useful when building Makefiles, so that
+they use the same default owners, etc. as the rest of the tree.
+These files may define any of the variables described below.
+Additionally, see
+.Xr bsd.port.mk 5
+for a list of variables that can be set by the
+.Xr ports 7
+subsystem.
+.Sh VARIABLES
+The following variables are set by
+.In bsd.own.mk ,
+if they are not already defined.
+Defaults are in brackets.
+.Bl -tag -width INSTALL_STRIP
+.It Ev BINGRP
+Binary group.
+.Bq bin
+.It Ev BINMODE
+Binary mode.
+.Bq 555
+.It Ev BINOWN
+Binary owner.
+.Bq root
+.It Ev BSDOBJDIR
+The real path to the system "obj" tree, so that "make obj" will work correctly.
+.Bq Pa /usr/obj
+.It Ev BSDSRCDIR
+The real path to the system sources, so that "make obj" will work correctly.
+.Bq Pa /usr/src
+.It Ev DIRMODE
+Mode for new directories.
+.Bq 755
+.It Ev DOCDIR
+Base path for system documentation installation.
+.Bq Pa /usr/share/doc
+.It Ev DOCGRP
+Documentation group.
+.Bq bin
+.It Ev DOCMODE
+Documentation mode.
+.Bq Ev ${NONBINMODE}
+.It Ev DOCOWN
+Documentation owner.
+.Bq root
+.It Ev INSTALL_COPY
+The old usage of this flag is obsolescent, since
+.Xr install 1
+now copies by default.
+However, it can also be used to specify that a file not be copied unless it
+is different (via the
+.Fl p
+option).
+See
+.Xr install 1
+for details.
+This is to be used when building an install script so that the entire
+system can either be installed with copies, or copy-if-different using a
+single knob.
+.Bq Fl c
+.It Ev INSTALL_STRIP
+The flag passed to the install program to cause the binary to be stripped.
+This is to be used when building an install script so that the entire
+system can be made stripped/not-stripped using a single knob.
+Note that
+.Ev INSTALL_STRIP
+is not set if
+.Ev ${DEBUG}
+is defined.
+.Bq Fl s
+.It Ev LIBDIR
+Base path for library installation.
+.Bq Pa /usr/lib
+.It Ev LIBGRP
+Library group.
+.Bq Ev ${BINGRP}
+.It Ev LIBMODE
+Library mode.
+.Bq Ev ${NONBINMODE}
+.It Ev LIBOWN
+Library owner.
+.Bq Ev ${BINOWN}
+.It Ev MANDIR
+Base path for manual installation.
+.Bq Pa /usr/share/man/man
+.It Ev MANGRP
+Manual group.
+.Bq bin
+.It Ev MANMODE
+Manual mode.
+.Bq Ev ${NONBINMODE}
+.It Ev MANOWN
+Manual owner.
+.Bq root
+.It Ev NONBINMODE
+Mode for non-executable files.
+.Bq 444
+.It Ev XOBJDIR
+The real path to the "obj" tree for building the X Window System.
+.Bq Pa /usr/xobj
+.It Ev XSRCDIR
+The real path to the X Window System sources.
+.Bq Pa /usr/xenocara
+.El
+.Sh ADDITIONAL VARIABLES
+Additionally, the following variables may be set by
+.In bsd.own.mk
+or in a make configuration file to modify the behaviour of the system build
+process (default values are in brackets along with comments, if set by
+.In bsd.own.mk ) :
+.Bl -tag -width GLOBAL_AUTOCONF_CACHE
+.It Ev BUILDUSER
+De-escalate privileges to user
+.Ev BUILDUSER
+when building the base system from source
+or making release tarballs.
+.Bq build
+.It Ev DEBUG
+Added to assembly, C compiler and linking passes.
+Typically set to
+.Fl g
+to build with debugging symbols.
+Also doesn't set
+.Ev INSTALL_STRIP
+to
+.Fl s
+per default if defined.
+.It Ev GLOBAL_AUTOCONF_CACHE
+Set to the name of a file that all cached GNU autoconf test results will be
+saved in.
+Reduces redundant tests.
+Be careful!
+Redundant tests may not be redundant when installing substantially
+updated GNU programs.
+.It Ev KEEPKERNELS
+If set to "yes", the kernel object directories will not be cleaned out
+during "make build".
+.It Ev NOPIC
+Do not build shared libraries.
+.It Ev NOPIE
+Do not build PIE objects or executables.
+.It Ev NOPROFILE
+Do not build profiled versions of system libraries.
+.It Ev PIPE
+If set to
+.Qq -pipe ,
+.Xr gcc 1
+will be given the
+.Fl pipe
+option which can speed up compiles on machines with memory to spare.
+Instead of using temp files,
+.Xr gcc 1
+uses pipes for the temporary data.
+.It Ev SKEY
+Compile in support for S/key authentication.
+.Bq yes; set unconditionally
+.It Ev SKIPDIR
+A space separated list of directories,
+relative to
+.Ev BSDSRCDIR ,
+to be skipped during "make build".
+.It Ev SUDO
+Command run by
+.Xr make 1
+when doing certain operations requiring root privileges.
+.It Ev SYS_INCLUDE
+Copy or symlink kernel include files into
+.Pa /usr/include .
+Possible values are "symlinks" or "copies"
+(which is the same as the variable being unset).
+.It Ev WARNINGS
+Adds appropriate warning flags (defined in
+.Ev CDIAGFLAGS ,
+e.g.\&
+.Fl Wall . . . )
+to compiles.
+.Bq no
+.It Ev WOBJGROUP
+Group having write access to
+.Ev BSDOBJDIR
+and
+.Ev XOBJDIR .
+.Bq wobj
+.It Ev WOBJUMASK
+.Xr umask 2
+with which the "obj" tree will be created by "make obj".
+.Bq 007
+.It Ev XENOCARA_BUILD_DRI
+Build X with Direct Rendering Infrastructure (DRI) support,
+providing some hardware acceleration.
+This is on by default for amd64/i386 architectures.
+.It Ev XENOCARA_RERUN_AUTOCONF
+Forces X builds to re-run automake and autoconf in each module before
+configuring them.
+This option requires that the automake, autoconf and libtool
+packages are installed.
+.Bq no
+.El
+.Sh FILES
+.Bl -tag -width XXXXXXXXXXXXXXX -compact
+.It Pa /etc/mk.conf
+System make configuration file.
+.It Pa /usr/share/mk/*
+System include make files.
+.El
+.Sh SEE ALSO
+.Xr make 1 ,
+.Xr bsd.port.mk 5 ,
+.Xr ports 7
+.Sh HISTORY
+The
+.Nm
+manual page first appeared in
+.Ox 3.4 .
diff --git a/static/openbsd/man5/moduli.5 b/static/openbsd/man5/moduli.5
new file mode 100644
index 00000000..5086a6d4
--- /dev/null
+++ b/static/openbsd/man5/moduli.5
@@ -0,0 +1,126 @@
+.\"	$OpenBSD: moduli.5,v 1.19 2022/04/16 04:30:10 dtucker Exp $
+.\"
+.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.Dd $Mdocdate: April 16 2022 $
+.Dt MODULI 5
+.Os
+.Sh NAME
+.Nm moduli
+.Nd Diffie-Hellman moduli
+.Sh DESCRIPTION
+The
+.Pa /etc/moduli
+file contains prime numbers and generators for use by
+.Xr sshd 8
+in the Diffie-Hellman Group Exchange key exchange method.
+.Pp
+New moduli may be generated with
+.Xr ssh-keygen 1
+using a two-step process.
+An initial
+.Em candidate generation
+pass, using
+.Ic ssh-keygen -M generate ,
+calculates numbers that are likely to be useful.
+A second
+.Em primality testing
+pass, using
+.Ic ssh-keygen -M screen ,
+provides a high degree of assurance that the numbers are prime and are
+safe for use in Diffie-Hellman operations by
+.Xr sshd 8 .
+This
+.Nm
+format is used as the output from each pass.
+.Pp
+The file consists of newline-separated records, one per modulus,
+containing seven space-separated fields.
+These fields are as follows:
+.Bl -tag -width Description -offset indent
+.It timestamp
+The time that the modulus was last processed as YYYYMMDDHHMMSS.
+.It type
+Decimal number specifying the internal structure of the prime modulus.
+Supported types are:
+.Pp
+.Bl -tag -width 0x00 -compact
+.It 0
+Unknown, not tested.
+.It 2
+"Safe" prime; (p-1)/2 is also prime.
+.It 4
+Sophie Germain; 2p+1 is also prime.
+.El
+.Pp
+Moduli candidates initially produced by
+.Xr ssh-keygen 1
+are Sophie Germain primes (type 4).
+Further primality testing with
+.Xr ssh-keygen 1
+produces safe prime moduli (type 2) that are ready for use in
+.Xr sshd 8 .
+Other types are not used by OpenSSH.
+.It tests
+Decimal number indicating the type of primality tests that the number
+has been subjected to represented as a bitmask of the following values:
+.Pp
+.Bl -tag -width 0x00 -compact
+.It 0x00
+Not tested.
+.It 0x01
+Composite number \(en not prime.
+.It 0x02
+Sieve of Eratosthenes.
+.It 0x04
+Probabilistic Miller-Rabin primality tests.
+.El
+.Pp
+The
+.Xr ssh-keygen 1
+moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02).
+Subsequent
+.Xr ssh-keygen 1
+primality tests are Miller-Rabin tests (flag 0x04).
+.It trials
+Decimal number indicating the number of primality trials
+that have been performed on the modulus.
+.It size
+Decimal number indicating the size of the prime in bits.
+.It generator
+The recommended generator for use with this modulus (hexadecimal).
+.It modulus
+The modulus itself in hexadecimal.
+.El
+.Pp
+When performing Diffie-Hellman Group Exchange,
+.Xr sshd 8
+first estimates the size of the modulus required to produce enough
+Diffie-Hellman output to sufficiently key the selected symmetric cipher.
+.Xr sshd 8
+then randomly selects a modulus from
+.Fa /etc/moduli
+that best meets the size requirement.
+.Sh SEE ALSO
+.Xr ssh-keygen 1 ,
+.Xr sshd 8
+.Sh STANDARDS
+.Rs
+.%A M. Friedl
+.%A N. Provos
+.%A W. Simpson
+.%D March 2006
+.%R RFC 4419
+.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
+.Re
diff --git a/static/openbsd/man5/motd.5 b/static/openbsd/man5/motd.5
new file mode 100644
index 00000000..968e6f93
--- /dev/null
+++ b/static/openbsd/man5/motd.5
@@ -0,0 +1,41 @@
+.\"	$OpenBSD: motd.5,v 1.10 2009/05/06 19:43:16 jmc Exp $
+.\"	$NetBSD: motd.5,v 1.2 1994/12/28 18:58:53 glass Exp $
+.\"
+.\" This file is in the public domain.
+.\"
+.Dd $Mdocdate: May 6 2009 $
+.Dt MOTD 5
+.Os
+.Sh NAME
+.Nm motd
+.Nd message of the day
+.Sh DESCRIPTION
+The
+.Pa /etc/motd
+file is normally displayed by
+.Xr login 1
+after a user has logged in but before the shell is run.
+It is generally used for important system-wide announcements.
+During system startup, a line containing the kernel version string
+replaces all lines up to (but not including) the first blank line of
+this file.
+Customised messages can be added to this file after
+that first blank line.
+.Pp
+Individual users may suppress the display of this file by creating a file named
+.Pa .hushlogin
+in their home directories.
+.Sh FILES
+.Bl -tag -width /etc/motd -compact
+.It Pa /etc/motd
+.El
+.Sh EXAMPLES
+.Bd -literal
+OpenBSD 3.0 (GENERIC) #5: Sat Jan 26 20:13:07 MST 2002
+
+Make sure you have a .forward file...
+
+4/17	Machine will be down for backups all day Saturday.
+.Ed
+.Sh SEE ALSO
+.Xr login 1
diff --git a/static/openbsd/man5/mygate.5 b/static/openbsd/man5/mygate.5
new file mode 100644
index 00000000..f6217fcd
--- /dev/null
+++ b/static/openbsd/man5/mygate.5
@@ -0,0 +1,88 @@
+.\"	$OpenBSD: mygate.5,v 1.3 2025/03/29 11:24:02 schwarze Exp $
+.\"
+.\" Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: March 29 2025 $
+.Dt MYGATE 5
+.Os
+.Sh NAME
+.Nm mygate
+.Nd default gateway
+.Sh DESCRIPTION
+The
+.Nm mygate
+file is read by
+.Xr netstart 8
+at system startup time.
+.Pp
+.Pa /etc/mygate ,
+if it exists,
+contains the address of the gateway host.
+The gateway is added to the routing tables by the
+.Xr route 8
+utility.
+If
+.Pa /etc/mygate
+does not exist, no default gateway is added to the routing tables.
+The file may contain gateway addresses for both IPv4 and IPv6 networks
+in dotted quad notation for v4
+.Pq e.g. 192.0.2.1
+or in colon notation for v6
+.Pq e.g. 2001:db8::1 .
+Each address must be specified on a separate line.
+If more than one address of a specific family is found,
+only the first is used \- all other addresses of that family are ignored.
+.Pp
+.Pa /etc/mygate
+is processed after all interfaces have been configured.
+If any
+.Xr hostname.if 5
+files contain
+.Dq inet autoconf
+directives,
+IPv4 entries in
+.Pa /etc/mygate
+will be ignored.
+If they contain
+.Dq inet6 autoconf
+directives,
+IPv6 entries will be ignored.
+.Pp
+Additionally, arbitrary shell commands can be executed during processing
+of this file, using
+.Ar \&! Ns Ar command
+directives similar to
+.Xr hostname.if 5 .
+This is useful for doing additional configuration after all interfaces
+are configured by
+.Xr netstart 8 .
+.Pp
+Empty lines and lines beginning with
+.Sq #
+are ignored.
+.Sh FILES
+.Bl -tag -width "/etc/mygate" -compact
+.It Pa /etc/mygate
+Default gateway address(es).
+.El
+.Sh SEE ALSO
+.Xr hostname.if 5 ,
+.Xr netstart 8 ,
+.Xr route 8
+.Sh HISTORY
+Support for the file
+.Pa /etc/mygate
+first appeared in
+.Nx 0.8 .
diff --git a/static/openbsd/man5/myname.5 b/static/openbsd/man5/myname.5
new file mode 100644
index 00000000..3655e9e4
--- /dev/null
+++ b/static/openbsd/man5/myname.5
@@ -0,0 +1,69 @@
+.\"	$OpenBSD: myname.5,v 1.13 2025/03/29 11:24:02 schwarze Exp $
+.\"
+.\" Copyright (c) 2003 Jason McIntyre <jmc@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: March 29 2025 $
+.Dt MYNAME 5
+.Os
+.Sh NAME
+.Nm myname
+.Nd default hostname
+.Sh DESCRIPTION
+The
+.Nm myname
+file is read by
+.Xr rc 8
+at system startup time.
+.Pp
+.Pa /etc/myname
+contains the symbolic name of the host machine.
+The file should contain a single line specifying the
+fully qualified domain name
+.Pq FQDN
+of the system
+.Pq e.g. host.example.com .
+The name must be resolvable, either by matching a hostname specified in
+.Pa /etc/hosts
+(see
+.Xr hosts 5 )
+or through DNS
+(see
+.Xr resolv.conf 5 ) .
+The hostname is set via the
+.Xr hostname 1
+utility at boot time.
+See
+.Xr hostname 7
+for a description of hostname resolution.
+.Pp
+Empty lines and lines beginning with
+.Sq #
+are ignored.
+.Sh FILES
+.Bl -tag -width "/etc/myname" -compact
+.It Pa /etc/myname
+Default hostname.
+.El
+.Sh SEE ALSO
+.Xr hostname 1 ,
+.Xr hostname.if 5 ,
+.Xr hosts 5 ,
+.Xr resolv.conf 5 ,
+.Xr hostname 7 ,
+.Xr rc 8
+.Sh HISTORY
+Support for the file
+.Pa /etc/myname
+first appeared in 386BSD 0.1.
diff --git a/static/openbsd/man5/netgroup.5 b/static/openbsd/man5/netgroup.5
new file mode 100644
index 00000000..e36152cd
--- /dev/null
+++ b/static/openbsd/man5/netgroup.5
@@ -0,0 +1,119 @@
+.\"	$OpenBSD: netgroup.5,v 1.17 2020/01/25 17:08:34 schwarze Exp $
+.\"	$NetBSD: netgroup.5,v 1.3 1995/03/18 14:58:34 cgd Exp $
+.\"
+.\" Copyright (c) 1992, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)netgroup.5	8.2 (Berkeley) 12/11/93
+.\"
+.Dd $Mdocdate: January 25 2020 $
+.Dt NETGROUP 5
+.Os
+.Sh NAME
+.Nm netgroup
+.Nd defines network groups
+.Sh DESCRIPTION
+The
+.Nm
+file specifies
+.Dq netgroups ,
+which are sets of
+.Sy (host, user, domain)
+tuples that are to be given similar network access.
+.Pp
+Each line in the file consists of a netgroup name followed by a list of
+the members of the netgroup.
+Each member can be either the name of another netgroup or a specification
+of a tuple as follows:
+.Bd -literal -offset indent
+(host, user, domain)
+.Ed
+.Pp
+where the
+.Ar host ,
+.Ar user ,
+and
+.Ar domain
+are character string names for the corresponding component.
+Any of the comma separated fields may be empty to specify a
+.Dq wildcard
+value or may consist of the single character
+.Dq \&-
+to specify
+.Dq no valid value .
+The members of the list may be separated by whitespace; the
+.Dq \e
+character may be used at the end of a line to specify line continuation.
+.Pp
+Lines that begin with a
+.Ql #
+are treated as comments.
+.Pp
+After modification of
+.Pa /etc/netgroup ,
+.Xr netgroup_mkdb 8
+should be run, as the
+.Xr getnetgrent 3
+functions only operate on the Berkeley DB file
+.Pa /etc/netgroup.db .
+.Pp
+If that file is not present, and the system supports NIS, then the
+.Nm
+NIS maps are used.
+The NIS maps are also used if the
+.Nm
+file contains a
+.Dq +
+entry.
+.Sh FILES
+.Bl -tag -width /etc/netgroup.db -compact
+.It Pa /etc/netgroup
+default netgroup list
+.It Pa /etc/netgroup.db
+netgroup database
+.El
+.Sh EXAMPLES
+Define a group of three machines:
+.Pp
+.Dl friends (10.0.0.2,,) (10.0.0.3,,) (10.0.0.4,,)
+.Pp
+This group can be used in
+.Xr exports 5
+as follows:
+.Pp
+.Dl /home -maproot=nobody friends
+.Sh SEE ALSO
+.Xr dbopen 3 ,
+.Xr getnetgrent 3 ,
+.Xr exports 5 ,
+.Xr netgroup_mkdb 8
+.Sh STANDARDS
+The file format is compatible with that of various vendors, although it
+appears that not all vendors use an identical format.
+.Sh BUGS
+The interpretation of access restrictions based on the member tuples of a
+netgroup is left up to the various network applications.
diff --git a/static/openbsd/man5/opam-module.5 b/static/openbsd/man5/opam-module.5
new file mode 100644
index 00000000..262dba40
--- /dev/null
+++ b/static/openbsd/man5/opam-module.5
@@ -0,0 +1,139 @@
+.\"	$OpenBSD: opam-module.5,v 1.2 2025/02/18 22:08:17 jsg Exp $
+.\"
+.\" Copyright (c) 2025 Sebastien Marie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: February 18 2025 $
+.Dt OPAM-MODULE 5
+.Os
+.Sh NAME
+.Nm opam-module
+.Nd sysutils/opam port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=sysutils/opam
+in the
+.Xr ports 7
+tree.
+.Pp
+The module provides helpers for packaging a program using
+.Xr opam 1
+(OCaml Package Manager).
+.Pp
+.Ev WRKSRC
+is expected to contains opam packages, possibly with local customization.
+All .opam files, at any depth, will be registered.
+Unmodified dependencies should be omitted, which will be managed separately.
+.Pp
+To generate a standalone opam repository containing only the dependencies and
+the sources files for compiling the specified sources tree,
+the
+.Xr make 1
+.Cm modopam-repository
+target should be used.
+It downloads an opam repository from
+.Ev MODOPAM_REPO_URL
+(defaults to official opam repository hosted on github), using
+.Ev MODOPAM_REPO_COMMIT
+commit (it is preferable to explicitly specify it for reproducibility,
+but "master" is the default value).
+The repository is named according to the
+.Ev MODOPAM_REPO_NAME
+variable.
+Next, the repository is stripped to contain only the build dependencies of
+.Ev MODOPAM_PACKAGES_REPOSITORY
+(default to
+.Ev MODOPAM_PACKAGES ).
+After that the repository is filled with a local cache of package archives.
+The resulting directory can be packaged and distributed.
+It contains source code for building the opam packages.
+.Pp
+External dependencies can be hinted using the
+.Xr make 1
+target
+.Cm modopam-external .
+The list of packages expected to be present at build time is shown.
+.Pp
+The module appends to
+.Ev BUILD_DEPENDS
+unless
+.Ev MODOPAM_BUILDDEP
+is set to `No'.
+.Pp
+It sets the
+.Ev MODOPAM_PACKAGES
+variable to
+.Ev PKGSTEM ,
+as the default value for opam packages to build and install.
+.Pp
+It sets
+.Ev MODOPAM_OPAMROOT ,
+.Ev MODOPAM_ENV ,
+.Ev MODOPAM_OPAM_BIN
+and
+.Ev MODOPAM_OPAM_RUN
+accordingly.
+.Pp
+The opam options
+.Fl --with-doc
+and
+.Fl --with-test
+are available using
+.Ev MODOPAM_WITH_DOC
+and
+.Ev MODOPAM_WITH_TEST .
+They default to `No'.
+.Pp
+A
+.Ev CONFIGURE_STYLE
+"opam" is provided.
+It is initialized to opam with the opam repository at
+.Ev MODOPAM_REPO_DIR
+(defaults to
+.Pa ${WRKDIR}/${MODOPAM_REPO_NAME} ).
+It is expected to have been generated previously by the
+.Cm modopam-repository
+target and distributed separately.
+It will also pin the opam packages present in
+.Ev WRKSRC ,
+possibly overriding opam packages from the repository.
+.Pp
+A default build target is used (except if
+.Ev MODOPAM_BUILD
+is set to `No'.
+It uses the
+.Ev MODOPAM_PACKAGES_BUILD
+variable to list the opam packages to build (default to
+.Ev MODOPAM_PACKAGES ).
+.Pp
+A default install target is used (except if
+.Ev MODOPAM_INSTALL
+is set to `No').
+It uses the
+.Ev MODOPAM_PACKAGES_INSTALL
+variable to list the opam packages to install (defaults to
+.Ev MODOPAM_PACKAGES ).
+.Sh SEE ALSO
+.Xr opam 1 ,
+.Xr port-modules 5
diff --git a/static/openbsd/man5/passwd.5 b/static/openbsd/man5/passwd.5
new file mode 100644
index 00000000..845c185b
--- /dev/null
+++ b/static/openbsd/man5/passwd.5
@@ -0,0 +1,318 @@
+.\"	$OpenBSD: passwd.5,v 1.41 2014/11/02 05:33:04 tedu Exp $
+.\"	$NetBSD: passwd.5,v 1.4 1995/07/28 06:46:05 phil Exp $
+.\"
+.\" Copyright (c) 1988, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\" Portions Copyright (c) 1994, Jason Downs.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)passwd.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: November 2 2014 $
+.Dt PASSWD 5
+.Os
+.Sh NAME
+.Nm passwd ,
+.Nm master.passwd
+.Nd format of the password file
+.Sh DESCRIPTION
+The
+.Nm master.passwd
+file, readable only by root, consists of newline-separated records,
+one per user, containing ten colon separated fields.
+These fields are as follows:
+.Pp
+.Bl -tag -width password -offset indent -compact
+.It name
+User's login name.
+.It password
+User's
+.Em encrypted
+password.
+.It uid
+User's login user ID.
+.It gid
+User's login group ID.
+.It class
+User's general classification (see
+.Xr login.conf 5 ) .
+.It change
+Password change time.
+.It expire
+Account expiration time.
+.It gecos
+General information about the user.
+.It home_dir
+User's home directory.
+.It shell
+User's login shell.
+.El
+.Pp
+The publicly-readable
+.Nm passwd
+file is generated from the
+.Nm master.passwd
+file by
+.Xr pwd_mkdb 8
+and has the class, change, and expire fields removed.
+Also, the encrypted password field is replaced by an asterisk.
+.Pp
+The password files should never be edited by hand;
+.Xr vipw 8
+should be used instead.
+.Pp
+The
+.Ar name
+field is the login used to access the computer account, and the
+.Ar uid
+field is the number associated with it.
+They should both be unique across the system (and often across a group of
+systems) since they control file access.
+.Pp
+While it is possible to have multiple entries with identical login names
+and/or identical user IDs, it is usually a mistake to do so.
+Routines that manipulate these files will often return only one of the
+multiple entries, and that one by random selection.
+.Pp
+The login name may be up to 31 characters long.
+For compatibility with legacy software, a login name should start
+with a letter and consist solely of letters, numbers, dashes and
+underscores.
+The login name must never begin with a dash
+.Pq Ql \&- ;
+also, it is strongly
+suggested that neither uppercase characters nor dots
+.Pq Ql \&.
+be part of the name, as this tends to confuse mailers.
+No field may contain a colon
+as this has been used historically to separate the fields
+in the user database.
+.Pp
+The password field is the
+.Em encrypted
+form of the password.
+If the
+.Ar password
+field is empty, no password will be required to gain access to the machine.
+This is almost invariably a mistake.
+By convention, accounts that are not intended to be logged in to
+(e.g. bin, daemon, sshd) only contain a single asterisk in the
+.Ar password
+field.
+Note that there is nothing special about
+.Ql * ,
+it is just one of many characters that cannot occur in a
+valid encrypted password
+(see
+.Xr crypt 3 ) .
+Similarly, login accounts not allowing password authentication
+but allowing other authentication methods, for example public key
+authentication, conventionally have 13 asterisks in the
+.Ar password
+field.
+Because
+.Nm master.passwd
+contains the encrypted user passwords, it should not be readable by anyone
+without appropriate privileges.
+.Pp
+Configuration for the cipher used to encrypt the password information
+is contained in
+.Xr login.conf 5 .
+.Pp
+The
+.Ar group
+field is the primary group that the user will be placed in upon login.
+Note that the
+.Xr group 5
+file may grant the user access to supplementary groups.
+.Pp
+The
+.Ar class
+field is used by
+.Xr login 1
+and other programs to determine which entry in the
+.Xr login.conf 5
+database should be used.
+.Pp
+The
+.Ar change
+field is the number in seconds, GMT, from the Epoch, until the
+password for the account must be changed.
+This field may be left empty to turn off the password aging feature.
+.Pp
+The
+.Ar expire
+field is the number in seconds, GMT, from the Epoch, until the
+account expires.
+This field may be left empty to turn off the account aging feature.
+.Pp
+The
+.Ar gecos
+field normally contains comma separated subfields as follows:
+.Pp
+.Bl -tag -width office -offset indent -compact
+.It name
+User's full name.
+.It office
+User's office location.
+.It wphone
+User's work phone number.
+.It hphone
+User's home phone number.
+.El
+.Pp
+The full name may contain an ampersand
+.Pq Ql \&& ,
+which will be replaced by the capitalized login name when the gecos field
+is displayed or used by various programs such as
+.Xr finger 1 ,
+.Xr sendmail 8 ,
+etc.
+.Pp
+The office and phone number subfields, if they exist, are used by the
+.Xr finger 1
+program and possibly by other applications.
+.Pp
+The
+.Ar home_dir
+field is the full path name of a directory to be used as the initial
+working directory for the user's login shell.
+Usually, it is owned by the user and by the user's primary
+.Ar group .
+.Pp
+The
+.Ar shell
+field is the command interpreter the user prefers.
+If there is nothing in the
+.Ar shell
+field, the default shell
+.Pq Pa /bin/sh
+is assumed.
+Accounts that are not intended to be logged in to usually have
+a shell of
+.Pa /sbin/nologin .
+.Sh YP SUPPORT
+If YP is active, the
+.Nm passwd
+file also supports standard YP exclusions and inclusions, based on user
+names and netgroups.
+.Pp
+Lines beginning with a
+.Ql \&-
+(minus sign) are entries marked as being excluded
+from any following inclusions, which are marked with a
+.Ql +
+(plus sign).
+.Pp
+If the second character of the line is a
+.Ql @
+(at sign), the operation involves the user fields of all entries in the
+netgroup specified by the remaining characters of the
+.Ar name
+field.
+Otherwise, the remainder of the
+.Ar name
+field is assumed to be a specific user name.
+.Pp
+The
+.Ql +
+token may also be alone in the
+.Ar name
+field, which causes all users from the
+.Pa passwd.byname
+and
+.Pa passwd.byuid
+YP maps to be included.
+.Pp
+If the entry contains non-empty
+.Ar uid
+or
+.Ar gid
+fields, the specified numbers will override the information retrieved
+from the YP maps.
+Additionally, if the
+.Ar gecos ,
+.Ar dir ,
+or
+.Ar shell
+entries contain text, it will override the information included via YP.
+On some systems, the
+.Ar passwd
+field may also be overridden.
+It is recommended that the standard way to enable YP passwd support in
+.Pa /etc/master.passwd
+is:
+.Pp
++:*::::::::
+.Pp
+which after
+.Xr pwd_mkdb 8
+will result in
+.Pa /etc/passwd
+containing:
+.Pp
++:*:0:0:::
+.Pp
+When YP is enabled but temporarily unavailable, login becomes impossible
+for all users except those having an entry in the
+.Xr netid 5
+file.
+.Sh SEE ALSO
+.Xr chpass 1 ,
+.Xr login 1 ,
+.Xr passwd 1 ,
+.Xr crypt 3 ,
+.Xr getpwent 3 ,
+.Xr login.conf 5 ,
+.Xr netgroup 5 ,
+.Xr netid 5 ,
+.Xr adduser 8 ,
+.Xr Makefile.yp 8 ,
+.Xr pwd_mkdb 8 ,
+.Xr vipw 8 ,
+.Xr yp 8
+.Pp
+.%T "Managing NFS and NIS"
+(O'Reilly & Associates)
+.Sh HISTORY
+A
+.Nm passwd
+file format first appeared in
+.At v1 .
+The gecos field first appeared in
+.At v3 ;
+since the same version, the passwords are encrypted.
+The gid field first appeared in
+.At v5 ;
+the class, change and expire fields as well as the
+.Nm master.passwd
+file in
+.Bx 4.3 Reno .
+.Pp
+The YP file format first appeared in SunOS.
+.Sh CAVEATS
+Placing YP exclusions in the file after any inclusions does not cancel
+the earlier inclusions.
diff --git a/static/openbsd/man5/pf.conf.5 b/static/openbsd/man5/pf.conf.5
new file mode 100644
index 00000000..3a383b23
--- /dev/null
+++ b/static/openbsd/man5/pf.conf.5
@@ -0,0 +1,3171 @@
+.\"	$OpenBSD: pf.conf.5,v 1.609 2026/01/18 16:38:01 schwarze Exp $
+.\"
+.\" Copyright (c) 2002, Daniel Hartmeier
+.\" Copyright (c) 2003 - 2013 Henning Brauer <henning@openbsd.org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\"    - Redistributions of source code must retain the above copyright
+.\"      notice, this list of conditions and the following disclaimer.
+.\"    - Redistributions in binary form must reproduce the above
+.\"      copyright notice, this list of conditions and the following
+.\"      disclaimer in the documentation and/or other materials provided
+.\"      with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: January 18 2026 $
+.Dt PF.CONF 5
+.Os
+.Sh NAME
+.Nm pf.conf
+.Nd packet filter configuration file
+.Sh DESCRIPTION
+The
+.Xr pf 4
+packet filter modifies, drops, or passes packets according to rules or
+definitions specified in
+.Nm .
+.Pp
+This is an overview of the sections in this manual page:
+.Bl -inset
+.It Sx PACKET FILTERING
+including network address translation (NAT).
+.It Sx OPTIONS
+globally tune the behaviour of the packet filtering engine.
+.It Sx QUEUEING
+provides rule-based bandwidth and traffic control.
+.It Sx TABLES
+provide a method for dealing with large numbers of addresses.
+.It Sx ANCHORS
+are containers for rules and tables.
+.It Sx STATEFUL FILTERING
+tracks packets by state.
+.It Sx TRAFFIC NORMALISATION
+includes scrub, fragment handling, and blocking spoofed traffic.
+.It Sx OPERATING SYSTEM FINGERPRINTING
+is a method for detecting a host's operating system.
+.It Sx EXAMPLES
+provides some example rulesets.
+.It Sx GRAMMAR
+provides a complete BNF grammar reference.
+.El
+.Pp
+The current line can be extended over multiple lines using a backslash
+.Pq Sq \e .
+Comments can be put anywhere in the file using a hash mark
+.Pq Sq # ,
+and extend to the end of the current line.
+Care should be taken when commenting out multi-line text:
+the comment is effective until the end of the entire block.
+.Pp
+Arguments not beginning with a letter, digit, or underscore
+must be quoted.
+.Pp
+Additional configuration files can be included with the
+.Ic include
+keyword, for example:
+.Bd -literal -offset indent
+include "/etc/pf/sub.filter.conf"
+.Ed
+.Pp
+A macro is defined with a command of the form
+.Ar name Ns = Ns Ar value .
+The macro
+.Ar name
+can contain letters, digits, and underscores and cannot be a reserved word
+(for example,
+.Ic pass ,
+.Cm in ,
+or
+.Cm out ) .
+Within unquoted arguments, the string
+.Pf $ Ar name
+is later expanded to
+.Ar value .
+.Pp
+For example:
+.Bd -literal -offset indent
+ext_if = "kue0"
+all_ifs = "{" $ext_if lo0 "}"
+pass out on $ext_if from any to any
+pass in  on $ext_if proto tcp from any to any port 25
+.Ed
+.Sh PACKET FILTERING
+.Xr pf 4
+has the ability to
+.Ic block ,
+.Ic pass ,
+and
+.Ic match
+packets based on attributes of their layer 3
+and layer 4 headers.
+Filter rules determine which of these actions are taken;
+filter parameters specify the packets to which a rule applies.
+.Pp
+Each time a packet processed by the packet filter comes in on or
+goes out through an interface, the filter rules are evaluated in
+sequential order, from first to last.
+For
+.Ic block
+and
+.Ic pass ,
+the last matching rule decides what action is taken;
+if no rule matches the packet, the default action is to pass
+the packet without creating a state.
+For
+.Ic match ,
+rules are evaluated every time they match;
+the pass/block state of a packet remains unchanged.
+.Pp
+Most parameters are optional.
+If a parameter is specified, the rule only applies to packets with
+matching attributes.
+The matching for some parameters can be inverted with the
+.Cm !\&
+operator.
+Certain parameters can be expressed as lists, in which case
+.Xr pfctl 8
+generates all needed rule combinations.
+.Pp
+By default
+.Xr pf 4
+filters packets statefully:
+the first time a packet matches a
+.Ic pass
+rule, a state entry is created.
+The packet filter examines each packet to see if it matches an existing state.
+If it does, the packet is passed without evaluation of any rules.
+After the connection is closed or times out, the state entry is automatically
+removed.
+.Pp
+The following actions can be used in the filter:
+.Bl -tag -width Ds
+.It Ic block
+The packet is blocked.
+There are a number of ways in which a
+.Ic block
+rule can behave when blocking a packet.
+The default behaviour is to
+.Cm drop
+packets silently, however this can be overridden or made
+explicit either globally, by setting the
+.Cm block-policy
+option, or on a per-rule basis with one of the following options:
+.Pp
+.Bl -tag -width return-icmp6 -compact
+.It Cm drop
+The packet is silently dropped.
+.It Cm return
+This causes a TCP RST to be returned for TCP packets
+and an ICMP UNREACHABLE for other types of packets.
+.It Cm return-icmp
+.It Cm return-icmp6
+This causes ICMP messages to be returned for packets which match the rule.
+By default this is an ICMP UNREACHABLE message, however this
+can be overridden by specifying a message as a code or number.
+.It Cm return-rst
+This applies only to TCP packets,
+and issues a TCP RST which closes the connection.
+An optional parameter,
+.Cm ttl ,
+may be given with a TTL value.
+.El
+.Pp
+Options returning ICMP packets currently have no effect if
+.Xr pf 4
+operates on a
+.Xr bridge 4 ,
+as the code to support this feature has not yet been implemented.
+.Pp
+The simplest mechanism to block everything by default and only pass
+packets that match explicit rules is specify a first filter rule of:
+.Pp
+.Dl block all
+.It Ic match
+The packet is matched.
+This mechanism is used to provide fine grained filtering
+without altering the block/pass state of a packet.
+.Ic match
+rules differ from
+.Ic block
+and
+.Ic pass
+rules in that parameters are set every time a packet matches the
+rule, not only on the last matching rule.
+For the following parameters,
+this means that the parameter effectively becomes
+.Dq sticky
+until explicitly overridden:
+.Cm nat-to ,
+.Cm binat-to ,
+.Cm rdr-to ,
+.Cm queue ,
+.Cm rtable ,
+and
+.Cm scrub .
+.Pp
+.Cm log
+is different still,
+in that the action happens every time a rule matches
+i.e. a single packet can get logged more than once.
+.It Ic pass
+The packet is passed;
+state is created unless the
+.Cm no state
+option is specified.
+.El
+.Pp
+The following parameters can be used in the filter:
+.Bl -tag -width Ds
+.It Cm in No or Cm out
+A packet always comes in on, or goes out through, one interface.
+.Cm in
+and
+.Cm out
+apply to incoming and outgoing packets;
+if neither are specified,
+the rule will match packets in both directions.
+.It Cm log Pq Cm all | matches | to Ar interface | Cm user
+In addition to any action specified,
+log the packet.
+Only the packet that establishes the state is logged,
+unless the
+.Cm no state
+option is specified.
+The logged packets are sent to a
+.Xr pflog 4
+interface, by default
+.Pa pflog0 ;
+pflog0 is monitored by the
+.Xr pflogd 8
+logging daemon which logs to the file
+.Pa /var/log/pflog
+in pcap binary format.
+.Pp
+The keywords
+.Cm all , matches , to ,
+and
+.Cm user
+are optional and can be combined using commas,
+but must be enclosed in parentheses if given.
+.Pp
+Use
+.Cm all
+to force logging of all packets for a connection.
+This is not necessary when
+.Cm no state
+is explicitly specified.
+.Pp
+If
+.Cm matches
+is specified,
+it logs the packet on all subsequent matching rules.
+It is often combined with
+.Cm to Ar interface
+to avoid adding noise to the default log file.
+.Pp
+The keyword
+.Cm user
+logs the UID and PID of the
+socket on the local host used to send or receive a packet,
+in addition to the normal information.
+.Pp
+To specify a logging interface other than
+.Pa pflog0 ,
+use the syntax
+.Cm to Ar interface .
+.It Cm quick
+If a packet matches a rule which has the
+.Cm quick
+option set, this rule
+is considered the last matching rule, and evaluation of subsequent rules
+is skipped.
+.It Cm on Ar interface | Cm any
+This rule applies only to packets coming in on, or going out through, this
+particular interface or interface group.
+For more information on interface groups,
+see the
+.Ic group
+keyword in
+.Xr ifconfig 8 .
+.Cm any
+will match any existing interface except loopback ones.
+.It Cm on rdomain Ar number
+This rule applies only to packets coming in on, or going out through, this
+particular routing domain.
+.It Cm inet | inet6
+This rule applies only to packets of this address family.
+.It Cm proto Ar protocol
+This rule applies only to packets of this protocol.
+Common protocols are ICMP, ICMP6, TCP, and UDP.
+For a list of all the protocol name to number mappings used by
+.Xr pfctl 8 ,
+see the file
+.Pa /etc/protocols .
+.It Xo
+.Cm from Ar source
+.Cm port Ar source
+.Cm os Ar source
+.Cm to Ar dest
+.Cm port Ar dest
+.Xc
+This rule applies only to packets with the specified source and destination
+addresses and ports.
+.Pp
+Addresses can be specified in CIDR notation (matching netblocks), as
+symbolic host names, interface names or interface group names, or as any
+of the following keywords:
+.Pp
+.Bl -tag -width urpf-failed -compact
+.It Cm any
+Any address.
+.It Cm no-route
+Any address which is not currently routable.
+.It Cm route Ar label
+Any address matching the given
+.Xr route 8
+.Ar label .
+.It Cm self
+Expands to all addresses assigned to all interfaces.
+.It Pf < Ar table Ns >
+Any address matching the given
+.Ar table .
+.It Cm urpf-failed
+Any source address that fails a unicast reverse path forwarding (URPF)
+check, i.e. packets coming in on an interface other than that which holds
+the route back to the packet's source address.
+.El
+.Pp
+Ranges of addresses are specified using the
+.Sq -
+operator.
+For instance:
+.Dq 10.1.1.10 - 10.1.1.12
+means all addresses from 10.1.1.10 to 10.1.1.12,
+hence addresses 10.1.1.10, 10.1.1.11, and 10.1.1.12.
+.Pp
+Interface names, interface group names, and
+.Cm self
+can have modifiers appended:
+.Pp
+.Bl -tag -width :broadcast -compact
+.It Cm :0
+Do not include interface aliases.
+.It Cm :broadcast
+Translates to the interface's broadcast address(es).
+.It Cm :network
+Translates to the network(s) attached to the interface.
+.It Cm :peer
+Translates to the point-to-point interface's peer address(es).
+.El
+.Pp
+Host names may also have the
+.Cm :0
+modifier appended to restrict the name resolution to the first of each
+v4 and v6 address found.
+.Pp
+Host name resolution and interface to address translation are done at
+ruleset load-time.
+When the address of an interface (or host name) changes (under DHCP or PPP,
+for instance), the ruleset must be reloaded for the change to be reflected
+in the kernel.
+Surrounding the interface name (and optional modifiers) in parentheses
+changes this behaviour.
+When the interface name is surrounded by parentheses, the rule is
+automatically updated whenever the interface changes its address.
+The ruleset does not need to be reloaded.
+This is especially useful with NAT.
+.Pp
+Ports can be specified either by number or by name.
+For example, port 80 can be specified as
+.Cm www .
+For a list of all port name to number mappings used by
+.Xr pfctl 8 ,
+see the file
+.Pa /etc/services .
+.Pp
+Ports and ranges of ports are specified using these operators:
+.Bd -literal -offset indent
+=	(equal)
+!=	(unequal)
+<	(less than)
+<=	(less than or equal)
+>	(greater than)
+>=	(greater than or equal)
+:	(range including boundaries)
+><	(range excluding boundaries)
+<>	(except range)
+.Ed
+.Pp
+.Sq >< ,
+.Sq <>
+and
+.Sq \&:
+are binary operators (they take two arguments).
+For instance:
+.Bl -tag -width Ds
+.It Li port 2000:2004
+means
+.Sq all ports \(>= 2000 and \(<= 2004 ,
+hence ports 2000, 2001, 2002, 2003, and 2004.
+.It Li port 2000 >< 2004
+means
+.Sq all ports > 2000 and < 2004 ,
+hence ports 2001, 2002, and 2003.
+.It Li port 2000 <> 2004
+means
+.Sq all ports < 2000 or > 2004 ,
+hence ports 1\(en1999 and 2005\(en65535.
+.El
+.Pp
+The operating system of the source host can be specified in the case of TCP
+rules with the
+.Cm os
+modifier.
+See the
+.Sx OPERATING SYSTEM FINGERPRINTING
+section for more information.
+.Pp
+The
+.Cm host ,
+.Cm port ,
+and
+.Cm os
+specifications are optional, as in the following examples:
+.Bd -literal -offset indent
+pass in all
+pass in from any to any
+pass in proto tcp from any port < 1024 to any
+pass in proto tcp from any to any port 25
+pass in proto tcp from 10.0.0.0/8 port >= 1024 \e
+      to ! 10.1.2.3 port != ssh
+pass in proto tcp from any os "OpenBSD"
+pass in proto tcp from route "DTAG"
+.Ed
+.El
+.Pp
+The following additional parameters can be used in the filter:
+.Pp
+.Bl -tag -width Ds -compact
+.It Cm all
+This is equivalent to
+.Ql from any to any .
+.Pp
+.It Cm allow-opts
+By default, packets with IPv4 options or IPv6 hop-by-hop or destination
+options header are blocked.
+When
+.Cm allow-opts
+is specified for a
+.Ic pass
+rule, packets that pass the filter based on that rule (last matching)
+do so even if they contain options.
+For packets that match state, the rule that initially created the
+state is used.
+The implicit pass rule, that is used when a packet does not match
+any rules, does not allow IP options or option headers.
+Note that IPv6 packets with type 0 routing headers are always dropped.
+.Pp
+.It Cm divert-packet port Ar port
+Used to send matching packets to
+.Xr divert 4
+sockets bound to port
+.Ar port .
+If the default option of fragment reassembly is enabled, scrubbing with
+.Cm reassemble tcp
+is also enabled for
+.Cm divert-packet
+rules.
+.Pp
+.It Cm divert-reply
+Used to receive replies for sockets that are bound to addresses
+which are not local to the machine.
+See
+.Xr setsockopt 2
+for information on how to bind these sockets.
+.Pp
+.It Cm divert-to Ar host Cm port Ar port
+Used to redirect packets to a local socket bound to
+.Ar host
+and
+.Ar port .
+The packets will not be modified, preserving the original destination
+address for the application to access.
+.Dv SOCK_STREAM
+connections can access the original destination address using
+.Xr getsockname 2 .
+.Dv SOCK_DGRAM
+sockets can be configured with the
+.Xr ip 4
+.Dv IP_RECVDSTADDR
+and
+.Dv IP_RECVDSTPORT
+socket options when receiving IPv4 packets, or the
+.Xr ip6 4
+.Dv IPV6_RECVPKTINFO
+and
+.Dv IPV6_RECVDSTPORT
+socket options when receiving IPv6 packets.
+.Pp
+.It Cm flags Ar a Ns / Ns Ar b | Cm any
+This rule only applies to TCP packets that have the flags
+.Ar a
+set out of set
+.Ar b .
+Flags not specified in
+.Ar b
+are ignored.
+For stateful connections, the default is
+.Cm flags S/SA .
+To indicate that flags should not be checked at all, specify
+.Cm flags any .
+The flags are: (F)IN, (S)YN, (R)ST, (P)USH, (A)CK, (U)RG, (E)CE, and C(W)R.
+.Bl -tag -width "flags /SFRA"
+.It Cm flags S/S
+Flag SYN is set.
+The other flags are ignored.
+.It Cm flags S/SA
+This is the default setting for stateful connections.
+Out of SYN and ACK, exactly SYN may be set.
+SYN, SYN+PSH, and SYN+RST match, but SYN+ACK, ACK, and ACK+RST do not.
+This is more restrictive than the previous example.
+.It Cm flags /SFRA
+If the first set is not specified, it defaults to none.
+All of SYN, FIN, RST, and ACK must be unset.
+.El
+.Pp
+Because
+.Cm flags S/SA
+is applied by default (unless
+.Cm no state
+is specified), only the initial SYN packet of a TCP handshake will create
+a state for a TCP connection.
+It is possible to be less restrictive, and allow state creation from
+intermediate
+.Pq non-SYN
+packets, by specifying
+.Cm flags any .
+This will cause
+.Xr pf 4
+to synchronize to existing connections, for instance
+if one flushes the state table.
+However, states created from such intermediate packets may be missing
+connection details such as the TCP window scaling factor.
+States which modify the packet flow, such as those affected by
+.Cm af-to ,
+.Cm modulate state ,
+.Cm nat-to ,
+.Cm rdr-to ,
+or
+.Cm synproxy state
+options, or scrubbed with
+.Cm reassemble tcp ,
+will also not be recoverable from intermediate packets.
+Such connections will stall and time out.
+.Pp
+.It Cm group Ar group
+Similar to
+.Cm user ,
+this rule only applies to packets of sockets owned by the specified
+.Ar group .
+.Pp
+.It Cm icmp-type Ar type Op Cm code Ar code
+.It Cm icmp6-type Ar type Op Cm code Ar code
+This rule only applies to ICMP or ICMP6 packets with the specified type
+and code.
+Text names for ICMP types and codes are listed in
+.Xr icmp 4
+and
+.Xr icmp6 4 .
+The protocol and the ICMP type indicator
+.Po
+.Cm icmp-type
+or
+.Cm icmp6-type
+.Pc
+must match.
+.Pp
+ICMP responses are not permitted unless they either match an
+existing request, or unless
+.Cm no state
+or
+.Cm keep state (sloppy)
+is specified.
+.Pp
+.It Cm label Ar string
+Adds a label to the rule, which can be used to identify the rule.
+For instance,
+.Ql pfctl -s labels
+shows per-rule statistics for rules that have labels.
+.Pp
+The following macros can be used in labels:
+.Pp
+.Bl -tag -width "$srcaddrXXX" -compact -offset indent
+.It Va $dstaddr
+The destination IP address.
+.It Va $dstport
+The destination port specification.
+.It Va $if
+The interface.
+.It Va $nr
+The rule number.
+.It Va $proto
+The protocol name.
+.It Va $srcaddr
+The source IP address.
+.It Va $srcport
+The source port specification.
+.El
+.Pp
+For example:
+.Bd -literal -offset indent -compact
+ips = "{ 1.2.3.4, 1.2.3.5 }"
+pass in proto tcp from any to $ips \e
+      port > 1023 label "$dstaddr:$dstport"
+.Ed
+.Pp
+Expands to:
+.Bd -literal -offset indent -compact
+pass in inet proto tcp from any to 1.2.3.4 \e
+      port > 1023 label "1.2.3.4:>1023"
+pass in inet proto tcp from any to 1.2.3.5 \e
+      port > 1023 label "1.2.3.5:>1023"
+.Ed
+.Pp
+The macro expansion for the
+.Cm label
+directive occurs only at configuration file parse time, not during runtime.
+.Pp
+.It Cm max-pkt-rate Ar number Ns / Ns Ar seconds
+Measure the rate of packets matching the rule and states created by it.
+When the specified rate is exceeded, the rule stops matching.
+Only packets in the direction in which the state was created are considered,
+so that typically requests are counted and replies are not.
+For example,
+to pass up to 100 ICMP packets per 10 seconds:
+.Bd -literal -offset indent
+block in proto icmp
+pass in proto icmp max-pkt-rate 100/10
+.Ed
+.Pp
+When the rate is exceeded, all ICMP is blocked until the rate falls below
+100 per 10 seconds again.
+.Pp
+.It Cm once
+Create a one shot rule.
+The first matching packet marks the rule as expired.
+Expired rules are skipped and hidden, unless
+.Xr pfctl 8
+is used in debug or verbose mode.
+.Pp
+.It Cm probability Ar number Ns %
+A probability attribute can be attached to a rule,
+with a value set between 0 and 100%,
+in which case the rule is honoured using the given probability value.
+For example, the following rule will drop 20% of incoming ICMP packets:
+.Pp
+.Dl block in proto icmp probability 20%
+.Pp
+.It Cm state limiter Ar name Oo Cm (limiter options) Oc
+Use the specified state limiter to restrict the creation of states
+by this rule.
+By default if capacity is not available, the packet gets blocked
+and ruleset evaluation stops.
+Use
+.Ic no-match
+option to change default behavior such rule is ignored and ruleset
+evaluation continues with next rule.
+See the
+.Sx State Limiters
+section for more information.
+.Pp
+.It Cm source limiter Ar name Oo Cm (limiter options) Oc
+Use the specified source limiter to restrict the creation of states
+by this rule.
+By default if capacity is not available, the packet gets blocked
+and ruleset evaluation stops.
+Use
+.Ic no-match
+option to change default behavior such rule is ignored and ruleset
+evaluation continues with next rule.
+See the
+.Sx Source Limiters
+section for more information.
+.Pp
+.It Cm prio Ar number
+Only match packets which have the given queueing priority assigned.
+.Pp
+.It Oo Cm \&! Oc Ns Cm received-on Ar interface
+Only match packets which were received on the specified
+.Cm interface
+(or interface group).
+.Cm any
+will match any existing interface except loopback ones.
+.Pp
+.It Cm rtable Ar number
+Used to select an alternate routing table for the routing lookup.
+Only effective before the route lookup happened, i.e. when filtering inbound.
+.Pp
+.It Cm set delay Ar milliseconds
+Packets matching this rule will be delayed at the outbound interface by the
+given number of milliseconds.
+.Pp
+.It Cm set prio Ar priority | Pq Ar priority , priority
+Packets matching this rule will be assigned a specific queueing priority.
+Priorities are assigned as integers 0 through 7,
+with a default priority of 3.
+If the packet is transmitted on a
+.Xr vlan 4
+interface, the queueing priority will also be written as the priority
+code point in the 802.1Q VLAN header.
+If two priorities are given, TCP ACKs with no data payload and packets
+which have a TOS of
+.Cm lowdelay
+will be assigned to the second one.
+Packets with a higher priority number are processed first,
+and packets with the same priority are processed
+in the order in which they are received.
+.Pp
+For example:
+.Bd -literal -offset indent
+pass in proto tcp to port 25 set prio 2
+pass in proto tcp to port 22 set prio (2, 5)
+.Ed
+.Pp
+The interface priority queues accessed by the
+.Cm set prio
+keyword are always enabled and do not require any additional
+configuration, unlike the queues described below and in the
+.Sx QUEUEING
+section.
+.Pp
+.It Cm set queue Ar queue | Pq Ar queue , queue
+Packets matching this rule will be assigned to the specified
+.Ar queue .
+If two queues are given, packets which have a TOS of
+.Cm lowdelay
+and TCP ACKs with no data payload will be assigned to the second one.
+See
+.Sx QUEUEING
+for setup details.
+.Pp
+For example:
+.Bd -literal -offset indent
+pass in proto tcp to port 25 set queue mail
+pass in proto tcp to port 22 set queue(ssh_bulk, ssh_prio)
+.Ed
+.Pp
+.It Cm set tos Ar string | number
+Enforces a TOS for matching packets.
+.Ar string
+may be one of
+.Cm critical ,
+.Cm inetcontrol ,
+.Cm lowdelay ,
+.Cm netcontrol ,
+.Cm throughput ,
+.Cm reliability ,
+or one of the DiffServ Code Points:
+.Cm ef ,
+.Cm af11 No ... Cm af43 ,
+.Cm cs0 No ... Cm cs7 ;
+.Ar number
+may be either a hex or decimal number.
+.Pp
+.It Cm tag Ar string
+Packets matching this rule will be tagged with the specified
+.Ar string .
+The tag acts as an internal marker that can be used to
+identify these packets later on.
+This can be used, for example, to provide trust between
+interfaces and to determine if packets have been
+processed by translation rules.
+Tags are
+.Dq sticky ,
+meaning that the packet will be tagged even if the rule
+is not the last matching rule.
+Further matching rules can replace the tag with a
+new one but will not remove a previously applied tag.
+A packet is only ever assigned one tag at a time.
+Tags take the same macros as labels (see above).
+.Pp
+.It Oo Cm \&! Oc Ns Cm tagged Ar string
+Used with filter or translation rules
+to specify that packets must already
+be tagged with the given
+.Ar string
+in order to match the rule.
+.Pp
+.It Cm tos Ar string | number
+This rule applies to packets with the specified TOS bits set.
+.Ar string
+may be one of
+.Cm critical ,
+.Cm inetcontrol ,
+.Cm lowdelay ,
+.Cm netcontrol ,
+.Cm throughput ,
+.Cm reliability ,
+or one of the DiffServ Code Points:
+.Cm ef ,
+.Cm af11 No ... Cm af43 ,
+.Cm cs0 No ... Cm cs7 ;
+.Ar number
+may be either a hex or decimal number.
+.Pp
+For example, the following rules are identical:
+.Bd -literal -offset indent
+pass all tos lowdelay
+pass all tos 0x10
+pass all tos 16
+.Ed
+.Pp
+.It Cm user Ar user
+This rule only applies to packets of sockets owned by the specified
+.Ar user .
+For outgoing connections initiated from the firewall, this is the user
+that opened the connection.
+For incoming connections to the firewall itself, this is the user that
+listens on the destination port.
+.Pp
+When listening sockets are bound to the wildcard address,
+.Xr pf 4
+cannot determine if a connection is destined for the firewall itself.
+To avoid false matches on just the destination port, combine a
+.Cm user
+rule with source or destination address
+.Cm self .
+.Pp
+All packets, both outgoing and incoming, of one connection are associated
+with the same user and group.
+Only TCP and UDP packets can be associated with users.
+.Pp
+The
+.Ar user
+and
+.Ar group
+arguments refer to the effective (as opposed to the real) IDs, in
+case the socket is created by a setuid/setgid process.
+User and group IDs are stored when a socket is created;
+when a process creates a listening socket as root (for instance, by
+binding to a privileged port) and subsequently changes to another
+user ID (to drop privileges), the credentials will remain root.
+.Pp
+User and group IDs can be specified as either numbers or names.
+The syntax is similar to the one for ports.
+The following example allows only selected users to open outgoing
+connections:
+.Bd -literal -offset indent
+block out proto tcp all
+pass  out proto tcp from self user { < 1000, dhartmei }
+.Ed
+.Pp
+The example below permits users with uid between 1000 and 1500
+to open connections:
+.Bd -literal -offset indent
+block out proto tcp all
+pass  out proto tcp from self user { 999 >< 1501 }
+.Ed
+.Pp
+The
+.Sq \&:
+operator, which works for port number matching, does not work for
+.Cm user
+and
+.Cm group
+match.
+.El
+.Ss Translation
+Translation options modify either the source or destination address and
+port of the packets associated with a stateful connection.
+.Xr pf 4
+modifies the specified address and/or port in the packet and recalculates
+IP, TCP, and UDP checksums as necessary.
+.Pp
+If specified on a
+.Ic match
+rule, subsequent rules will see packets as they look
+after any addresses and ports have been translated.
+These rules will therefore have to filter based on the translated
+address and port number.
+.Pp
+The state entry created permits
+.Xr pf 4
+to keep track of the original address for traffic associated with that state
+and correctly direct return traffic for that connection.
+.Pp
+Different types of translation are possible with pf:
+.Bl -tag -width binat-to
+.It Cm af-to
+Translation between different address families (NAT64) is handled
+using
+.Cm af-to
+rules.
+Because address family translation overrides the routing table, it's
+only possible to use
+.Cm af-to
+on inbound rules, and a source address for the resulting translation
+must always be specified.
+.Pp
+The optional second argument is the host or subnet the original
+addresses are translated into for the destination.
+The lowest bits of the original destination address form the host
+part of the new destination address according to the specified subnet.
+It is possible to embed a complete IPv4 address into an IPv6 address
+using a network prefix of /96 or smaller.
+.Pp
+When a destination address is not specified, it is assumed that the host
+part is 32-bit long.
+For IPv6 to IPv4 translation this would mean using only the lower 32
+bits of the original IPv6 destination address.
+For IPv4 to IPv6 translation the destination subnet defaults to the
+subnet of the new IPv6 source address with a prefix length of /96.
+See RFC 6052 Section 2.2 for details on how the prefix determines the
+destination address encoding.
+.Pp
+For example, the following rules are identical:
+.Bd -literal -offset indent
+pass in inet af-to inet6 from 2001:db8::1 to 2001:db8::/96
+pass in inet af-to inet6 from 2001:db8::1
+.Ed
+.Pp
+In the above example the matching IPv4 packets will be modified to
+have a source address of 2001:db8::1 and a destination address will
+get prefixed with 2001:db8::/96, e.g. 198.51.100.100 will be
+translated to 2001:db8::c633:6464.
+.Pp
+In the reverse case the following rules are identical:
+.Bd -literal -offset indent
+pass in inet6 from any to 64:ff9b::/96 af-to inet \e
+	from 198.51.100.1 to 0.0.0.0/0
+pass in inet6 from any to 64:ff9b::/96 af-to inet \e
+	from 198.51.100.1
+.Ed
+.Pp
+The destination IPv4 address is assumed to be embedded inside the
+original IPv6 destination address, e.g. 64:ff9b::c633:6464 will be
+translated to 198.51.100.100.
+.Pp
+The current implementation will only extract IPv4 addresses from the
+IPv6 addresses with a prefix length of /96 and greater.
+.It Cm binat-to
+A
+.Cm binat-to
+rule specifies a bidirectional mapping between an external IP
+netblock and an internal IP netblock.
+It expands to an outbound
+.Cm nat-to
+rule and an inbound
+.Cm rdr-to
+rule.
+.It Cm nat-to
+A
+.Cm nat-to
+option specifies that IP addresses are to be changed as the packet
+traverses the given interface.
+This technique allows one or more IP addresses
+on the translating host to support network traffic for a larger range of
+machines on an
+.Dq inside
+network.
+Although in theory any IP address can be used on the inside, it is strongly
+recommended that one of the address ranges defined by RFC 1918 be used.
+Those netblocks are:
+.Bd -literal -offset indent
+10.0.0.0 \(en 10.255.255.255 (all of net 10, i.e. 10/8)
+172.16.0.0 \(en 172.31.255.255 (i.e. 172.16/12)
+192.168.0.0 \(en 192.168.255.255 (i.e. 192.168/16)
+.Ed
+.Pp
+.Cm nat-to
+is usually applied outbound.
+If applied inbound, nat-to to a local IP address is not supported.
+.It Cm rdr-to
+The packet is redirected to another destination and possibly a
+different port.
+.Cm rdr-to
+can optionally specify port ranges instead of single ports.
+For instance:
+.Bl -tag -width Ds
+.It match in ... port 2000:2999 rdr-to ... port 4000
+redirects ports 2000 to 2999 (inclusive) to port 4000.
+.It match in ... port 2000:2999 rdr-to ... port 4000:*
+redirects port 2000 to 4000, port 2001 to 4001, ..., port 2999 to 4999.
+.El
+.Pp
+.Cm rdr-to
+is usually applied inbound.
+If applied outbound, rdr-to to a local IP address is not supported.
+.El
+.Pp
+In addition to modifying the address, some translation rules may modify
+source or destination ports for TCP or UDP connections;
+implicitly in the case of
+.Cm nat-to
+options and explicitly in the case of
+.Cm rdr-to
+ones.
+Port numbers are never translated with a
+.Cm binat-to
+rule.
+.Pp
+Translation options apply only to packets that pass through the specified
+interface, and if no interface is specified, translation is applied
+to packets on all interfaces.
+For instance, redirecting port 80 on an external interface to an internal
+web server will only work for connections originating from the outside.
+Connections to the address of the external interface from local hosts will
+not be redirected, since such packets do not actually pass through the
+external interface.
+Redirections cannot reflect packets back through the interface they arrive
+on, they can only be redirected to hosts connected to different interfaces
+or to the firewall itself.
+.Pp
+However packets may be redirected to hosts connected to the interface the
+packet arrived on by using redirection with NAT.
+For example:
+.Bd -literal -offset indent
+pass in on $int_if proto tcp from $int_net to $ext_if port 80 \e
+	rdr-to $server
+pass out on $int_if proto tcp to $server port 80 \e
+	received-on $int_if nat-to $int_if
+.Ed
+.Pp
+Note that redirecting external incoming connections to the loopback address
+will effectively allow an external host to connect to daemons
+bound solely to the loopback address, circumventing the traditional
+blocking of such connections on a real interface.
+For example:
+.Bd -literal -offset indent
+pass in on egress proto tcp from any to any port smtp \e
+	rdr-to 127.0.0.1 port spamd
+.Ed
+.Pp
+Unless this effect is desired, any of the local non-loopback addresses
+should be used instead as the redirection target, which allows external
+connections only to daemons bound to this address or not bound to
+any address.
+.Pp
+For
+.Cm af-to ,
+.Cm nat-to
+and
+.Cm rdr-to
+options for which there is a single redirection address which has a
+subnet mask smaller than 32 for IPv4 or 128 for IPv6 (more than one IP
+address), a variety of different methods for assigning this address can be
+used:
+.Bl -tag -width xxxx
+.It Cm bitmask
+The
+.Cm bitmask
+option applies the network portion of the redirection address to the address
+to be modified (source with
+.Cm nat-to ,
+destination with
+.Cm rdr-to ) .
+.It Cm least-states Op Cm sticky-address
+The
+.Cm least-states
+option selects the address with the least active states from
+a given address pool and considers given weights
+associated with address(es).
+Weights can be specified between 1 and 65535.
+Addresses with higher weights are selected more often.
+.Pp
+.Cm sticky-address
+can be specified to ensure that multiple connections from the
+same source are mapped to the same redirection address.
+Associations are destroyed as soon as there are
+no longer states which refer to them;
+in order to make the mappings last
+beyond the lifetime of the states,
+increase the global options with
+.Ic set Cm timeout src.track .
+.It Cm random Op Cm sticky-address
+The
+.Cm random
+option selects an address at random within the defined block of addresses.
+.Cm sticky-address
+is as described above.
+.It Cm round-robin Op Cm sticky-address
+The
+.Cm round-robin
+option loops through the redirection address(es) and considers given weights
+associated with address(es).
+Weights can be specified between 1 and 65535.
+Addresses with higher weights are selected more often.
+.Cm sticky-address
+is as described above.
+.It Cm source-hash Oo Ar key Oc Op Cm sticky-address
+The
+.Cm source-hash
+option uses a hash of the source address to determine the redirection address,
+ensuring that the redirection address is always the same for a given source.
+An optional
+.Ar key
+can be specified after this keyword either in hex or as a string;
+by default
+.Xr pfctl 8
+randomly generates a key for source-hash every time the
+ruleset is reloaded.
+.Cm sticky-address
+is as described above.
+.It Cm static-port
+With
+.Cm nat-to
+rules, the
+.Cm static-port
+option prevents
+.Xr pf 4
+from modifying the source port on TCP and UDP packets.
+.El
+.Pp
+When more than one redirection address or a table is specified,
+.Cm bitmask
+is not permitted as a pool type.
+.Ss Routing
+If a packet matches a rule with one of the following route options set,
+the packet filter will route the packet according to the type of route option.
+When such a rule creates state, the route option is also applied to all
+packets matching the same connection.
+.Bl -tag -width route-to
+.It Cm dup-to
+The
+.Cm dup-to
+option creates a duplicate of the packet and routes it like
+.Cm route-to .
+The original packet gets routed as it normally would.
+.It Cm reply-to
+The
+.Cm reply-to
+option is similar to
+.Cm route-to ,
+but routes packets that pass in the opposite direction (replies) to the
+specified address.
+Opposite direction is only defined in the context of a state entry, and
+.Cm reply-to
+is useful only in rules that create state.
+It can be used on systems with multiple paths to the internet to ensure
+that replies to an incoming network connection to a particular address
+are sent using the path associated with that address (symmetric routing
+enforcement).
+.It Cm route-to
+The
+.Cm route-to
+option routes the packet to the specified destination address instead
+of the destination address in the packet header.
+When a
+.Cm route-to
+rule creates state, only packets that pass in the same direction as the
+filter rule specifies will be routed in this way.
+Packets passing in the opposite direction (replies) are not affected
+and are routed normally.
+.El
+.Pp
+For the
+.Cm dup-to ,
+.Cm reply-to ,
+and
+.Cm route-to
+route options
+for which there is a single redirection address which has a
+subnet mask smaller than 32 for IPv4 or 128 for IPv6 (more than one IP
+address),
+the methods
+.Cm least-states ,
+.Cm random ,
+.Cm round-robin ,
+and
+.Cm source-hash ,
+as described above,
+can be used.
+.Sh OPTIONS
+.Xr pf 4
+may be tuned for various situations using the
+.Ic set
+command.
+.Bl -tag -width Ds
+.It Ic set Cm block-policy drop | return
+The
+.Cm block-policy
+option sets the default behaviour for the packet
+.Ic block
+action:
+.Pp
+.Bl -tag -width return -compact
+.It Cm drop
+Packet is silently dropped.
+.It Cm return
+A TCP RST is returned for blocked TCP packets,
+an ICMP UNREACHABLE is returned for blocked UDP packets,
+and all other packets are silently dropped.
+.El
+.Pp
+The default value is
+.Cm drop .
+.It Ic set Cm debug Ar level
+Set the debug
+.Ar level ,
+which limits the severity of log messages printed by
+.Xr pf 4 .
+This should be a keyword from the following ordered list
+(highest to lowest):
+.Cm emerg ,
+.Cm alert ,
+.Cm crit ,
+.Cm err ,
+.Cm warning ,
+.Cm notice ,
+.Cm info ,
+and
+.Cm debug .
+These keywords correspond to the similar (LOG_) values specified to the
+.Xr syslog 3
+library routine.
+The default value is
+.Cm err .
+.It Cm set Cm fingerprints Ar filename
+Load fingerprints of known operating systems from the given
+.Ar filename .
+By default fingerprints of known operating systems are automatically
+loaded from
+.Xr pf.os 5 ,
+but can be overridden via this option.
+Setting this option may leave a small period of time where the fingerprints
+referenced by the currently active ruleset are inconsistent until the new
+ruleset finishes loading.
+The default location for fingerprints is
+.Pa /etc/pf.os .
+.It Ic set Cm hostid Ar number
+The 32-bit hostid
+.Ar number
+identifies this firewall's state table entries to other firewalls
+in a
+.Xr pfsync 4
+failover cluster.
+By default the hostid is set to a pseudo-random value, however it may be
+desirable to manually configure it, for example to more easily identify the
+source of state table entries.
+The hostid may be specified in either decimal or hexadecimal.
+.It Ic set Cm limit Ar limit-item number
+Sets hard limits on the memory pools used by the packet filter.
+See
+.Xr pool 9
+for an explanation of memory pools.
+.Pp
+Limits can be set on the following:
+.Bl -tag -width pktdelay_pkts
+.It Cm states
+Set the maximum number of entries in the memory pool used by state table
+entries (those generated by
+.Ic pass
+rules which do not specify
+.Cm no state ) .
+The default is 100000.
+.It Cm src-nodes
+Set the maximum number of entries in the memory pool used for tracking
+source IP addresses (generated by the
+.Cm sticky-address
+and
+.Cm src.track
+options).
+The default is 10000.
+.It Cm frags
+Set the maximum number of entries in the memory pool used for fragment
+reassembly.
+The maximum may not exceed, and should be well below,
+the maximum number of mbuf clusters
+.Pq sysctl kern.maxclusters
+in the system.
+The default is NMBCLUSTERS/32.
+.Dv NMBCLUSTERS
+defines the total number of packets which can exist in-system at any one time.
+Refer to
+.In machine/param.h
+for the platform-specific value.
+.It Cm tables
+Set the number of tables that can exist.
+The default is 1000.
+.It Cm table-entries
+Set the number of addresses that can be stored in tables.
+The default is 200000, or 100000 on machines with
+less than 100MB of physical memory.
+.It Cm pktdelay_pkts
+Set the maximum number of packets that can be held in the delay queue.
+The default is 10000.
+.It Cm anchors
+Set the number of anchors that can exist.
+The default is 512.
+.El
+.Pp
+Multiple limits can be combined on a single line:
+.Bd -literal -offset indent
+set limit { states 20000, frags 2000, src-nodes 2000 }
+.Ed
+.It Ic set Cm loginterface Ar interface | Cm none
+Enable collection of packet and byte count statistics for the given
+interface or interface group.
+These statistics can be viewed using:
+.Pp
+.Dl # pfctl -s info
+.Pp
+In this example
+.Xr pf 4
+collects statistics on the interface named dc0:
+.Pp
+.Dl set loginterface dc0
+.Pp
+One can disable the loginterface using:
+.Pp
+.Dl set loginterface none
+.Pp
+The default value is
+.Cm none .
+.It Ic set Cm optimization Ar environment
+Optimize state timeouts for one of the following network environments:
+.Pp
+.Bl -tag -width Ds -compact
+.It Cm aggressive
+Aggressively expire connections.
+This can greatly reduce the memory usage of the firewall at the cost of
+dropping idle connections early.
+.It Cm conservative
+Extremely conservative settings.
+Avoid dropping legitimate connections at the
+expense of greater memory utilization (possibly much greater on a busy
+network) and slightly increased processor utilization.
+.It Cm high-latency
+A high-latency environment (such as a satellite connection).
+.It Cm normal
+A normal network environment.
+Suitable for almost all networks.
+.It Cm satellite
+Alias for
+.Cm high-latency .
+.El
+.Pp
+The default value is
+.Cm normal .
+.It Ic set Cm reassemble yes | no Op Cm no-df
+The
+.Cm reassemble
+option is used to enable or disable the reassembly of fragmented packets,
+and can be set to
+.Cm yes
+(the default) or
+.Cm no .
+If
+.Cm no-df
+is also specified, fragments with the
+.Dq dont-fragment
+bit set are reassembled too,
+instead of being dropped;
+the reassembled packet will have the
+.Dq dont-fragment
+bit cleared.
+The default value is
+.Cm yes .
+.It Ic set Cm ruleset-optimization Ar level
+.Bl -tag -width profile -compact
+.It Cm basic
+Enable basic ruleset optimization.
+This is the default behaviour.
+Basic ruleset optimization does four things to improve the
+performance of ruleset evaluations:
+.Pp
+.Bl -enum -compact
+.It
+remove duplicate rules
+.It
+remove rules that are a subset of another rule
+.It
+combine multiple rules into a table when advantageous
+.It
+reorder the rules to improve evaluation performance
+.El
+.Pp
+.It Cm none
+Disable the ruleset optimizer.
+.It Cm profile
+Uses the currently loaded ruleset as a feedback profile to tailor the
+ordering of
+.Cm quick
+rules to actual network traffic.
+.El
+.Pp
+It is important to note that the ruleset optimizer will modify the ruleset
+to improve performance.
+A side effect of the ruleset modification is that per-rule accounting
+statistics will have different meanings than before.
+If per-rule accounting is important for billing purposes or whatnot,
+either the ruleset optimizer should not be used or a label field should
+be added to all of the accounting rules to act as optimization barriers.
+.Pp
+Optimization can also be set as a command-line argument to
+.Xr pfctl 8 ,
+overriding the settings in
+.Nm .
+.It Ic set Cm skip on Ar ifspec
+List interfaces for which packets should not be filtered.
+Packets passing in or out on such interfaces are passed as if pf was
+disabled, i.e. pf does not process them in any way.
+This can be useful on loopback and other virtual interfaces, when
+packet filtering is not desired and can have unexpected effects.
+PF filters traffic on all interfaces by default.
+.It Ic set Cm state-defaults Ar state-option , ...
+The
+.Cm state-defaults
+option sets the state options for states created from rules
+without an explicit
+.Cm keep state .
+For example:
+.Pp
+.Dl set state-defaults pflow, no-sync
+.It Ic set Cm state-policy if-bound | floating
+The
+.Cm state-policy
+option sets the default behaviour for states:
+.Pp
+.Bl -tag -width if-bound -compact
+.It Cm if-bound
+States are bound to an interface.
+.It Cm floating
+States can match packets on any interfaces (the default).
+.El
+.It Ic set Cm syncookies never | always | adaptive
+When
+.Cm syncookies
+are active, pf will answer each and every incoming TCP SYN with a
+syncookie SYNACK, without allocating any resources.
+Upon reception of the client's ACK in response to the syncookie
+SYNACK, pf will evaluate the ruleset and create state if the ruleset
+permits it, complete the three way handshake with the target host,
+and continue the connection with synproxy in place.
+This allows pf to be resilient against large synflood attacks,
+which could otherwise exhaust the state table.
+Due to the blind answers to each and every SYN,
+syncookies share the caveats of synproxy:
+seemingly accepting connections that will be dropped later on.
+.Pp
+.Bl -tag -width adaptive -compact
+.It Cm never
+pf will never send syncookie SYNACKs (the default).
+.It Cm always
+pf will always send syncookie SYNACKs.
+.It Cm adaptive
+pf will enable syncookie mode when a given percentage of the state table
+is used up by half-open TCP connections, such as those that saw the initial
+SYN but didn't finish the three way handshake.
+The thresholds for entering and leaving syncookie mode can be specified using:
+.Bd -literal -offset indent
+set syncookies adaptive (start 25%, end 12%)
+.Ed
+.El
+.It Ic set Cm timeout Ar variable value
+.Bl -tag -width "src.track" -compact
+.It Cm frag
+Seconds before an unassembled fragment is expired (60 by default).
+.It Cm interval
+Interval between purging expired states and fragments (10 seconds by default).
+.It Cm src.track
+Length of time to retain a source tracking entry after the last state
+expires (0 by default, which means there is no global limit.
+The value is defined by the rule which creates the state.).
+.El
+.Pp
+When a packet matches a stateful connection, the seconds to live for the
+connection will be updated to that of the
+protocol and modifier
+which corresponds to the connection state.
+Each packet which matches this state will reset the TTL.
+Tuning these values may improve the performance of the
+firewall at the risk of dropping valid idle connections.
+Alternatively, these values may be adjusted collectively
+in a manner suitable for a specific environment using
+.Cm set optimization
+(see above).
+.Pp
+.Bl -tag -width Ds -compact
+.It Cm tcp.closed Pq 90 seconds by default
+The state after one endpoint sends an RST.
+.It Cm tcp.closing Pq 900 seconds by default
+The state after the first FIN has been sent.
+.It Cm tcp.established Pq 24 hours by default
+The fully established state.
+.It Cm tcp.finwait Pq 45 seconds by default
+The state after both FINs have been exchanged and the connection is closed.
+Some hosts (notably web servers on Solaris) send TCP packets even after closing
+the connection.
+Increasing
+.Cm tcp.finwait
+(and possibly
+.Cm tcp.closing )
+can prevent blocking of such packets.
+.It Cm tcp.first Pq 120 seconds by default
+The state after the first packet.
+.It Cm tcp.opening Pq 30 seconds by default
+The state after the second packet but before both endpoints have
+acknowledged the connection.
+.It Cm tcp.tsdiff Pq 30 seconds by default
+Maximum allowed time difference between RFC 1323 compliant packet timestamps.
+.El
+.Pp
+ICMP and UDP are handled in a fashion similar to TCP, but with a much more
+limited set of states:
+.Pp
+.Bl -tag -width Ds -compact
+.It Cm icmp.error Pq 10 seconds by default
+The state after an ICMP error came back in response to an ICMP packet.
+.It Cm icmp.first Pq 20 seconds by default
+The state after the first packet.
+.It Cm udp.first Pq 60 seconds by default
+The state after the first packet.
+.It Cm udp.multiple Pq 60 seconds by default
+The state if both hosts have sent packets.
+.It Cm udp.single Pq 30 seconds by default
+The state if the source host sends more than one packet but the destination
+host has never sent one back.
+.El
+.Pp
+Other protocols are handled similarly to UDP:
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm other.first Pq 60 seconds by default
+.It Cm other.multiple Pq 60 seconds by default
+.It Cm other.single Pq 30 seconds by default
+.El
+.Pp
+Timeout values can be reduced adaptively as the number of state table
+entries grows.
+.Pp
+.Bl -tag -width Ds -compact
+.It Cm adaptive.start Pq 60000 states by default
+When the number of state entries exceeds this value, adaptive scaling
+begins.
+All timeout values are scaled linearly with factor
+(adaptive.end \- number of states) / (adaptive.end \- adaptive.start).
+.It Cm adaptive.end Pq 120000 states by default
+When reaching this number of state entries, all timeout values become
+zero, effectively purging all state entries immediately.
+This value is used to define the scale factor; it should not actually
+be reached (set a lower state limit, see below).
+.El
+.Pp
+Adaptive timeouts are enabled by default, with an adaptive.start value
+equal to 60% of the state limit, and an adaptive.end value equal to
+120% of the state limit.
+They can be disabled by setting both adaptive.start and adaptive.end to 0.
+.Pp
+The adaptive timeout values can be defined both globally and for each rule.
+When used on a per-rule basis, the values relate to the number of
+states created by the rule, otherwise to the total number of
+states.
+.Pp
+For example:
+.Bd -literal -offset indent
+set timeout tcp.first 120
+set timeout tcp.established 86400
+set timeout { adaptive.start 60000, adaptive.end 120000 }
+set limit states 100000
+.Ed
+.Pp
+With 90000 state table entries, the timeout values are scaled to 50%
+(tcp.first 60, tcp.established 43200).
+.El
+.Pp
+.Dq pfctl -F Reset
+restores default values for the following options: debug, all limit options,
+loginterface, reassemble, skip, syncookies, all timeouts.
+.Sh QUEUEING
+Packets can be assigned to queues for the purpose of bandwidth
+control.
+At least one declaration is required to configure queues, and later
+any packet filtering rule can reference the defined queues by name.
+When filtering, the last referenced
+.Ar queue
+name is where any passed packets will be queued, while for
+blocked packets it specifies where any resulting ICMP or TCP RST
+packets should be queued.
+If the referenced queue does not exist on the outgoing interface,
+the default queue for that interface is used.
+Queues attached to an interface build a tree,
+thus each queue can have further child queues.
+Only leaf queues, i.e. queues without children, can be used to assign
+packets to.
+The root queue must specifically reference an interface, all other queues
+pick up the interfaces they should be created on from their parent queues.
+.Pp
+In the following example, a queue named std is created on the interface em0,
+with 3 child queues ssh, mail and http:
+.Bd -literal -offset indent
+queue std on em0 bandwidth 100M
+queue ssh parent std bandwidth 10M
+queue mail parent std bandwidth 10M
+queue http parent std bandwidth 80M default
+.Ed
+.Pp
+The specified bandwidth is the target bandwidth, every queue can receive
+more bandwidth as long as the parent still has some available.
+The maximum bandwidth that should be assigned to a given queue can be limited
+using the
+.Cm max
+keyword.
+If a limitation isn't imposed on the root queue, borrowing can result in
+saturating the bandwidth of the outgoing interface.
+Similarly, a minimum (reserved) bandwidth can be specified:
+.Pp
+.Dl queue ssh parent std bandwidth 10M min 5M max 25M
+.Pp
+For each of these 3 bandwidth specifications an additional burst bandwidth and
+time can be specified:
+.Pp
+.Dl queue ssh parent std bandwidth 10M burst 90M for 100ms
+.Pp
+All
+.Cm bandwidth
+values are specified as bits per second or using the suffixes
+.Cm K ,
+.Cm M ,
+and
+.Cm G
+to represent kilobits, megabits, and gigabits per second, respectively.
+The value must not exceed the interface bandwidth.
+.Pp
+If multiple connections are assigned the same queue, they're not guaranteed
+to share the queue bandwidth fairly.
+An alternative flow queue manager can be used to achieve fair sharing by
+indicating how many simultaneous states are expected with a
+.Cm flows
+option, unless a minimum bandwidth has been specified as well.
+.Pp
+When packets are classified by the stateful inspection engine, a flow
+identifier is assigned to all packets belonging to the state,
+thus limiting the number of individual flows that can be recognized
+by the resolution of a flow identifier.
+The current implementation is able to classify traffic into 32767 distinct
+flows.
+However, efficient fair sharing is observed even with a much smaller number
+of flows.
+For example on a 10Mbit/s DSL or a cable modem uplink, the following simple
+configuration can be used:
+.Bd -literal -offset 4n
+queue outq on em0 bandwidth 9M max 9M flows 1024 qlimit 1024 \e
+      default
+.Ed
+.Pp
+It's important to specify the upper bound within 90-95% of the expected
+bandwidth and raise the default queue limit.
+.Pp
+If a
+.Cm flows
+option appears without a
+.Cm bandwidth
+specification, the flow queue manager is selected as the queueing discipline
+for the corresponding interface acting as a default queue for all outgoing
+packets.
+In such a scenario, a queueing hierarchy is not supported.
+.Pp
+In addition to the bandwidth and flow specifications, queues support the
+following options:
+.Bl -tag -width xxxx
+.It Cm default
+Packets not matched by another queue are assigned to this queue.
+Exactly one default queue per interface is required.
+.It Cm on Ar interface
+Specifies the interface the queue operates on.
+If not given, it operates on all matching interfaces.
+.It Cm parent Ar name
+Defines which parent queue the queue should be attached to.
+Mandatory for all queues except root queues.
+The parent queue must exist.
+.It Cm quantum Ar size
+Specifies the quantum of service for the flow queue manager.
+The lower the quantum size the more advantage is given to streams of smaller
+packets at the expense of bulk transfers.
+The default value is set to the configured Maximum Transmission Unit (MTU)
+of the specified interface.
+.It Cm qlimit Ar limit
+The maximum number of packets held in the queue.
+The default is 50.
+.El
+.Pp
+Packets can be assigned to queues based on filter rules by using the
+.Cm queue
+keyword.
+Normally only one
+.Ar queue
+is specified; when a second one is specified it will instead be used for
+packets which have a TOS of
+.Cm lowdelay
+and for TCP ACKs with no data payload.
+.Pp
+To continue the previous example, the examples below would specify the
+four referenced
+queues, plus a few child queues.
+Interactive
+.Xr ssh 1
+sessions get a queue with a minimum bandwidth;
+.Xr scp 1
+and
+.Xr sftp 1
+bulk transfers go to a separate queue.
+The queues are then referenced by filtering rules.
+.Bd -literal -offset 4n
+queue rootq on em0 bandwidth 100M max 100M
+queue http parent rootq bandwidth 60M burst 90M for 100ms
+queue  developers parent http bandwidth 45M
+queue  employees parent http bandwidth 15M
+queue mail parent rootq bandwidth 10M
+queue ssh parent rootq bandwidth 20M
+queue  ssh_interactive parent ssh bandwidth 10M min 5M
+queue  ssh_bulk parent ssh bandwidth 10M
+queue std parent rootq bandwidth 20M default
+
+block return out on em0 inet all set queue std
+pass out on em0 inet proto tcp from $developerhosts to any port 80 \e
+      set queue developers
+pass out on em0 inet proto tcp from $employeehosts to any port 80 \e
+      set queue employees
+pass out on em0 inet proto tcp from any to any port 22 \e
+      set queue(ssh_bulk, ssh_interactive)
+pass out on em0 inet proto tcp from any to any port 25 \e
+      set queue mail
+.Ed
+.Sh TABLES
+Tables are named structures which can hold a collection of addresses and
+networks.
+Lookups against tables in
+.Xr pf 4
+are relatively fast, making a single rule with tables much more efficient,
+in terms of
+processor usage and memory consumption, than a large number of rules which
+differ only in IP address (either created explicitly or automatically by rule
+expansion).
+.Pp
+Tables can be used as the source or destination of filter
+or translation rules.
+They can also be used for the redirect address of
+.Cm nat-to
+and
+.Cm rdr-to
+and in the routing options of filter rules, but not for
+.Cm bitmask
+pools.
+.Pp
+Tables can be defined with any of the following
+.Xr pfctl 8
+mechanisms.
+As with macros, reserved words may not be used as table names.
+.Bl -tag -width "manually"
+.It manually
+Persistent tables can be manually created with the
+.Cm add
+or
+.Cm replace
+option of
+.Xr pfctl 8 ,
+before or after the ruleset has been loaded.
+.It Nm
+Table definitions can be placed directly in this file and loaded at the
+same time as other rules are loaded, atomically.
+Table definitions inside
+.Nm
+use the
+.Ic table
+statement, and are especially useful to define non-persistent tables.
+The contents of a pre-existing table defined without a list of addresses
+to initialize it is not altered when
+.Nm
+is loaded.
+A table initialized with the empty list,
+.Li { } ,
+will be cleared on load.
+.El
+.Pp
+Tables may be defined with the following attributes:
+.Bl -tag -width counters
+.It Cm const
+The
+.Cm const
+flag prevents the user from altering the contents of the table once it
+has been created.
+Without that flag,
+.Xr pfctl 8
+can be used to add or remove addresses from the table at any time, even
+when running with
+.Xr securelevel 7
+= 2.
+.It Cm counters
+The
+.Cm counters
+flag enables per-address packet and byte counters, which can be displayed with
+.Xr pfctl 8 .
+.It Cm persist
+The
+.Cm persist
+flag forces the kernel to keep the table even when no rules refer to it.
+If the flag is not set, the kernel will automatically remove the table
+when the last rule referring to it is flushed.
+.El
+.Pp
+This example creates a table called
+.Dq private ,
+to hold RFC 1918 private network blocks,
+and a table called
+.Dq badhosts ,
+which is initially empty.
+A filter rule is set up to block all traffic coming from addresses listed in
+either table:
+.Bd -literal -offset indent
+table <private> const { 10/8, 172.16/12, 192.168/16 }
+table <badhosts> persist
+block on fxp0 from { <private>, <badhosts> } to any
+.Ed
+.Pp
+The private table cannot have its contents changed and the badhosts table
+will exist even when no active filter rules reference it.
+Addresses may later be added to the badhosts table, so that traffic from
+these hosts can be blocked by using the following:
+.Pp
+.Dl # pfctl -t badhosts -Tadd 204.92.77.111
+.Pp
+A table can also be initialized with an address list specified in one or more
+external files, using the following syntax:
+.Bd -literal -offset indent
+table <spam> persist file "/etc/spammers" file "/etc/openrelays"
+block on fxp0 from <spam> to any
+.Ed
+.Pp
+The files
+.Pa /etc/spammers
+and
+.Pa /etc/openrelays
+list IP addresses, one per line.
+Any lines beginning with a
+.Sq #
+are treated as comments and ignored.
+In addition to being specified by IP address, hosts may also be
+specified by their hostname.
+When the resolver is called to add a hostname to a table,
+.Em all
+resulting IPv4 and IPv6 addresses are placed into the table.
+IP addresses can also be entered in a table by specifying a valid interface
+name, a valid interface group, or the
+.Cm self
+keyword, in which case all addresses assigned to the interface(s) will be
+added to the table.
+.Sh ANCHORS
+Besides the main ruleset,
+.Nm
+can specify anchor attachment points.
+An anchor is a container that can hold rules,
+address tables, and other anchors.
+When evaluation of the main ruleset reaches an
+.Ic anchor
+rule,
+.Xr pf 4
+will proceed to evaluate all rules specified in that anchor.
+.Pp
+The following example blocks all packets on the external interface by default,
+then evaluates all rules in the anchor named "spam",
+and finally passes all outgoing connections and
+incoming connections to port 25:
+.Bd -literal -offset indent
+ext_if = "kue0"
+block on $ext_if all
+anchor spam
+pass out on $ext_if all
+pass in on $ext_if proto tcp from any to $ext_if port smtp
+.Ed
+.Pp
+Anchors can be manipulated through
+.Xr pfctl 8
+without reloading the main ruleset or other anchors.
+This loads a single rule into the anchor,
+which blocks all packets from a specific address:
+.Bd -literal -offset indent
+# echo "block in quick from 1.2.3.4 to any" | pfctl -a spam -f -
+.Ed
+.Pp
+The anchor can also be populated by adding a
+.Ic load anchor
+rule after the anchor rule.
+When
+.Xr pfctl 8
+loads
+.Nm ,
+it will also load all the rules from the file
+.Pa /etc/pf-spam.conf
+into the anchor.
+.Bd -literal -offset indent
+anchor spam
+load anchor spam from "/etc/pf-spam.conf"
+.Ed
+.Pp
+An anchor rule can also contain a filter ruleset
+in a brace-delimited block.
+In that case, no separate loading of rules into the anchor
+is required.
+Brace delimited blocks may contain rules or other brace-delimited blocks.
+When an anchor is populated this way, the anchor name becomes optional.
+Since the parser specification for anchor names is a string,
+double quote characters
+.Pq Sq \&"
+should be placed around the anchor name.
+.Bd -literal -offset indent
+anchor "external" on egress {
+	block
+	anchor out {
+		pass proto tcp from any to port { 25, 80, 443 }
+	}
+	pass in proto tcp to any port 22
+}
+.Ed
+.Pp
+Anchor rules can also specify packet filtering parameters
+using the same syntax as filter rules.
+When parameters are used,
+the anchor rule is only evaluated for matching packets.
+This allows conditional evaluation of anchors, like:
+.Bd -literal -offset indent
+block on $ext_if all
+anchor spam proto tcp from any to any port smtp
+pass out on $ext_if all
+pass in on $ext_if proto tcp from any to $ext_if port smtp
+.Ed
+.Pp
+The rules inside anchor "spam" are only evaluated
+for TCP packets with destination port 25.
+Hence, the following
+will only block connections from 1.2.3.4 to port 25:
+.Bd -literal -offset indent
+# echo "block in quick from 1.2.3.4 to any" | pfctl -a spam -f -
+.Ed
+.Pp
+Matching filter and translation rules marked with the
+.Cm quick
+option are final and abort the evaluation of the rules in other
+anchors and the main ruleset.
+If the anchor itself is marked with the
+.Cm quick
+option,
+ruleset evaluation will terminate when the anchor is exited if the packet is
+matched by any rule within the anchor.
+.Pp
+An anchor references other anchor attachment points
+using the following syntax:
+.Bl -tag -width xxxx
+.It Ic anchor Ar name
+Evaluates the filter rules in the specified anchor.
+.El
+.Pp
+An anchor has a name which specifies the path where
+.Xr pfctl 8
+can be used to access the anchor to perform operations on it, such as
+attaching child anchors to it or loading rules into it.
+Anchors may be nested, with components separated by
+.Sq /
+characters, similar to how file system hierarchies are laid out.
+The main ruleset is actually the default anchor, so filter and
+translation rules, for example, may also be contained in any anchor.
+.Pp
+Anchor rules are evaluated relative to the anchor in which they are contained.
+For example,
+all anchor rules specified in the main ruleset will reference
+anchor attachment points underneath the main ruleset,
+and anchor rules specified in a file loaded from a
+.Ic load anchor
+rule will be attached under that anchor point.
+.Pp
+Anchors may end with the asterisk
+.Pq Sq *
+character, which signifies that all anchors attached at that point
+should be evaluated in the alphabetical ordering of their anchor name.
+For example,
+the following
+will evaluate each rule in each anchor attached to the "spam" anchor:
+.Bd -literal -offset indent
+anchor "spam/*"
+.Ed
+.Pp
+Note that it will only evaluate anchors that are directly attached to the
+"spam" anchor, and will not descend to evaluate anchors recursively.
+.Pp
+Since anchors are evaluated relative to the anchor in which they are
+contained, there is a mechanism for accessing the parent and ancestor
+anchors of a given anchor.
+Similar to file system path name resolution, if the sequence
+.Sq ..
+appears as an anchor path component, the parent anchor of the current
+anchor in the path evaluation at that point will become the new current
+anchor.
+As an example, consider the following:
+.Bd -literal -offset indent
+# printf 'anchor "spam/allowed"\en' | pfctl -f -
+# printf 'anchor "../banned"\enpass\en' | pfctl -a spam/allowed -f -
+.Ed
+.Pp
+Evaluation of the main ruleset will lead into the
+spam/allowed anchor, which will evaluate the rules in the
+spam/banned anchor, if any, before finally evaluating the
+.Ic pass
+rule.
+.Sh STATEFUL FILTERING
+.Xr pf 4
+filters packets statefully,
+which has several advantages.
+For TCP connections, comparing a packet to a state involves checking
+its sequence numbers, as well as TCP timestamps if a rule using the
+.Cm reassemble tcp
+parameter applies to the connection.
+If these values are outside the narrow windows of expected
+values, the packet is dropped.
+This prevents spoofing attacks, such as when an attacker sends packets with
+a fake source address/port but does not know the connection's sequence
+numbers.
+Similarly,
+.Xr pf 4
+knows how to match ICMP replies to states.
+For example,
+to allow echo requests (such as those created by
+.Xr ping 8 )
+out statefully and match incoming echo replies correctly to states:
+.Pp
+.Dl pass out inet proto icmp all icmp-type echoreq
+.Pp
+Also, looking up states is usually faster than evaluating rules.
+If there are 50 rules, all of them are evaluated sequentially in O(n).
+Even with 50000 states, only 16 comparisons are needed to match a
+state, since states are stored in a binary search tree that allows
+searches in O(log2\~n).
+.Pp
+Furthermore, correct handling of ICMP error messages is critical to
+many protocols, particularly TCP.
+.Xr pf 4
+matches ICMP error messages to the correct connection, checks them against
+connection parameters, and passes them if appropriate.
+For example if an ICMP source quench message referring to a stateful TCP
+connection arrives, it will be matched to the state and get passed.
+.Pp
+Finally, state tracking is required for
+.Cm nat-to
+and
+.Cm rdr-to
+options, in order to track address and port translations and reverse the
+translation on returning packets.
+.Pp
+.Xr pf 4
+will also create state for other protocols which are effectively stateless by
+nature.
+UDP packets are matched to states using only host addresses and ports,
+and other protocols are matched to states using only the host addresses.
+.Pp
+If stateless filtering of individual packets is desired,
+the
+.Cm no state
+keyword can be used to specify that state will not be created
+if this is the last matching rule.
+Note that packets which match neither block nor pass rules,
+and thus are passed by default,
+are effectively passed as if
+.Cm no state
+had been specified.
+.Pp
+A number of parameters can also be set to affect how
+.Xr pf 4
+handles state tracking,
+as detailed below.
+.Ss State Modulation
+Much of the security derived from TCP is attributable to how well the
+initial sequence numbers (ISNs) are chosen.
+Some popular stack implementations choose
+.Em very
+poor ISNs and thus are normally susceptible to ISN prediction exploits.
+By applying a
+.Cm modulate state
+rule to a TCP connection,
+.Xr pf 4
+will create a high quality random sequence number for each connection
+endpoint.
+.Pp
+The
+.Cm modulate state
+directive implicitly keeps state on the rule and is
+only applicable to TCP connections.
+.Pp
+For instance:
+.Bd -literal -offset indent
+block all
+pass out proto tcp from any to any modulate state
+pass in  proto tcp from any to any port 25 flags S/SFRA \e
+      modulate state
+.Ed
+.Pp
+Note that modulated connections will not recover when the state table
+is lost (firewall reboot, flushing the state table, etc.).
+.Xr pf 4
+will not be able to infer a connection again after the state table flushes
+the connection's modulator.
+When the state is lost, the connection may be left dangling until the
+respective endpoints time out the connection.
+It is possible on a fast local network for the endpoints to start an ACK
+storm while trying to resynchronize after the loss of the modulator.
+The default
+.Cm flags
+settings (or a more strict equivalent) should be used on
+.Cm modulate state
+rules to prevent ACK storms.
+.Pp
+Note that alternative methods are available
+to prevent loss of the state table
+and allow for firewall failover.
+See
+.Xr carp 4
+and
+.Xr pfsync 4
+for further information.
+.Ss SYN Proxy
+By default,
+.Xr pf 4
+passes packets that are part of a
+TCP handshake between the endpoints.
+The
+.Cm synproxy state
+option can be used to cause
+.Xr pf 4
+itself to complete the handshake with the active endpoint, perform a handshake
+with the passive endpoint, and then forward packets between the endpoints.
+.Pp
+No packets are sent to the passive endpoint before the active endpoint has
+completed the handshake, hence so-called SYN floods with spoofed source
+addresses will not reach the passive endpoint, as the sender can't complete the
+handshake.
+.Pp
+The proxy is transparent to both endpoints; they each see a single
+connection from/to the other endpoint.
+.Xr pf 4
+chooses random initial sequence numbers for both handshakes.
+Once the handshakes are completed, the sequence number modulators
+(see previous section) are used to translate further packets of the
+connection.
+.Cm synproxy state
+includes
+.Cm modulate state .
+.Pp
+Rules with
+.Cm synproxy state
+will not work if
+.Xr pf 4
+operates on a
+.Xr bridge 4 .
+Also they act on incoming SYN packets only.
+.Pp
+Example:
+.Bd -literal -offset indent
+pass in proto tcp from any to any port www synproxy state
+.Ed
+.Ss State Limiters
+State limiters provide a mechanism to limit the number of states created,
+or the rate of state creation,
+by a set of rules.
+State limiters are configured and loaded with the main ruleset, but
+can be used by rules in any anchor.
+The overall number of states is still subject to the limit set with
+.Cm set limit states ,
+but the number of states created by a subset of rules can be provided
+by a state limiter.
+.Pp
+A state limiter is configured with the following statement:
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm state limiter Ar name
+Each state limiter is identified by a unique name.
+.El
+.Pp
+State limiters support the following configuration:
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm id Ar number
+A unique identifier between 1 and 255.
+This configuration is required.
+.It Cm limit Ar number
+Specify the maximum number of states.
+This configuration is required.
+.It Cm rate Ar number Ns / Ns Ar seconds
+Limit the rate at which states can be created over a time interval.
+The connection rate is an approximation calculated as a moving
+average.
+.El
+.Pp
+Pass rules can specify a state limiter using the
+.Cm state limiter Ar name
+option.
+If the number of states allowed has hit the limit, the pass rule
+does not match and ruleset evaluation continues past it.
+.Pp
+An example use case for a state limiter is to restrict the number of
+connections allowed to a service that is accessible via multiple
+protocols, e.g. a DNS server that can be accessed by both TCP and
+UDP on port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS
+on TCP port 443 can be limited to 1000 concurrent connections:
+.Pp
+.Bd -literal -offset indent -compact
+state limiter "dns-server" id 1 limit 1000
+
+pass in proto { tcp udp } to port domain state limiter "dns-server"
+pass in proto tcp to port { 853 443 } state limiter "dns-server"
+.Ed
+.Ss Source Limiters
+Source limiters apply limits on the number of states,
+or the rate of state creation,
+for connections coming from a source address or network for a set
+of rules.
+Source limiters are configured and loaded with the main ruleset, but
+can be used by rules in any anchor.
+The overall number of states is still subject to the limit set with
+.Cm set limit states ,
+but limits on states for a subset of source addresses and rules can
+be provided with source limiters.
+.Pp
+Source address entries in source pools are created on demand,
+and are used to account for the states created for each source
+address or network.
+A source limiter specifies the maximum number of source address
+entries it will track, and can be configured to mask bits in network
+prefixes to have source entries cover larger portions of the address
+space if needed.
+.Pp
+A source limiter is configured with the following statement:
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm source limiter Ar name
+Each source limiter is uniquely identified by the specified name.
+.El
+.Pp
+Source limiter support the following configuration:
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm id Ar number
+A unique identifier between 1 and 255.
+This configuration is required.
+.It Cm entries Ar number
+Specify the maximum number of source address entries.
+This configuration is required.
+.It Cm limit Ar number
+Specify the maximum number of states for each source address entry.
+This configuration is required.
+.It Cm rate Ar number Ns / Ns Ar seconds
+Limit the rate at which states can be created by each source address
+entry over a time interval.
+The connection rate is an approximation calculated as a moving
+average.
+.It Cm inet mask Ar prefixlen
+Mask IPv4 source addresses using the prefix length specified with
+.Ar prefixlen
+when creating an address entry.
+The default IPv4 prefix length is 32 bits.
+.It Cm inet6 mask Ar prefixlen
+Mask IPv6 source addresses using the prefix length specified with
+.Ar prefixlen
+when creating an address entry.
+The default IPv6 prefix length is 128 bits.
+.It Cm table < Ns Ar table Ns > Cm above Ar hwm Op Cm below Ar lwm
+Add the address to the specified
+.Ar table
+when the number of states goes above the
+.Ar hwm
+high water mark.
+The address will be removed from the table when the number of states
+drops below the
+.Ar lwm
+low water mark.
+The default low water mark is 0.
+.El
+.Pp
+Pass rules can specify a source limiter using the
+.Cm source limiter Ar name
+option.
+.Pp
+An example use for a source limiter is the mitigation of denial of
+service caused by the exhaustion of firewall resources by network
+or port scans from outside the network.
+The states created by any one scanner from any one source address
+can be limited to avoid impacting other sources.
+Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the external
+network are each limited to a maximum of 1000 connections, and are
+rate limited to creating 100 states over a 10 second interval:
+.Pp
+.Bd -literal -offset indent -compact
+source limiter "internet" id 1 entries 10000 \e
+	limit 1000 rate 100/10 \e
+	inet6 mask 64
+
+block in on egress
+pass in on egress source limiter "internet"
+.Ed
+.Ss Stateful Tracking Options
+A number of options related to stateful tracking can be applied on a
+per-rule basis.
+One of
+.Cm keep state ,
+.Cm modulate state ,
+or
+.Cm synproxy state
+must be specified explicitly to apply these options to a rule.
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm floating
+States can match packets on any interfaces
+(the opposite of
+.Cm if-bound ) .
+This is the default.
+.It Cm if-bound
+States are bound to an interface
+(the opposite of
+.Cm floating ) .
+.It Cm max Ar number
+Limits the number of concurrent states the rule may create.
+When this limit is reached, further packets that would create
+state are dropped until existing states time out.
+.It Cm no-sync
+Prevent state changes for states created by this rule from appearing on the
+.Xr pfsync 4
+interface.
+.It Cm pflow
+States created by this rule are exported on the
+.Xr pflow 4
+interface.
+.It Cm sloppy
+For TCP, uses a sloppy connection tracker that does not check sequence
+numbers at all, which makes insertion and ICMP teardown attacks way
+easier.
+This is intended to be used in situations where one does not see all
+packets of a connection, e.g. in asymmetric routing situations.
+It cannot be used with
+.Cm modulate state
+or
+.Cm synproxy state .
+For ICMP, this option allows states to be created from replies,
+not just requests.
+.It Ar timeout seconds
+Changes the
+.Ar timeout
+values used for states created by this rule.
+For a list of all valid
+.Ar timeout
+names, see
+.Sx OPTIONS
+above.
+.El
+.Pp
+Multiple options can be specified, separated by commas:
+.Bd -literal -offset indent
+pass in proto tcp from any to any \e
+      port www keep state \e
+      (max 100, source-track rule, max-src-nodes 75, \e
+      max-src-states 3, tcp.established 60, tcp.closing 5)
+.Ed
+.Pp
+When the
+.Cm source-track
+keyword is specified, the number of states per source IP is tracked.
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm source-track global
+The number of states created by all rules that use this option is limited.
+Each rule can specify different
+.Cm max-src-nodes
+and
+.Cm max-src-states
+options, however state entries created by any participating rule count towards
+each individual rule's limits.
+.It Cm source-track rule
+The maximum number of states created by this rule is limited by the rule's
+.Cm max-src-nodes
+and
+.Cm max-src-states
+options.
+Only state entries created by this particular rule count toward the rule's
+limits.
+.El
+.Pp
+The following limits can be set:
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm max-src-nodes Ar number
+Limits the maximum number of source addresses which can simultaneously
+have state table entries.
+.It Cm max-src-states Ar number
+Limits the maximum number of simultaneous state entries that a single
+source address can create with this rule.
+.El
+.Pp
+For stateful TCP connections, limits on established connections (connections
+which have completed the TCP 3-way handshake) can also be enforced
+per source IP.
+.Pp
+.Bl -tag -width xxxx -compact
+.It Cm max-src-conn Ar number
+Limits the maximum number of simultaneous TCP connections which have
+completed the 3-way handshake that a single host can make.
+.It Cm max-src-conn-rate Ar number Ns / Ns Ar seconds
+Limit the rate of new connections over a time interval.
+The connection rate is an approximation calculated as a moving average.
+.El
+.Pp
+When one of these limits is reached, further packets that would create
+state are dropped until existing states time out.
+.Pp
+Because the 3-way handshake ensures that the source address is not being
+spoofed, more aggressive action can be taken based on these limits.
+With the
+.Cm overload Pf < Ar table Ns >
+state option, source IP addresses which hit either of the limits on
+established connections will be added to the named
+.Ar table .
+This table can be used in the ruleset to block further activity from
+the offending host, redirect it to a tarpit process, or restrict its
+bandwidth.
+.Pp
+The optional
+.Cm flush
+keyword kills all states created by the matching rule which originate
+from the host which exceeds these limits.
+The
+.Cm global
+modifier to the
+.Cm flush
+command kills all states originating from the
+offending host, regardless of which rule created the state.
+.Pp
+For example, the following rules will protect the webserver against
+hosts making more than 100 connections in 10 seconds.
+Any host which connects faster than this rate will have its address added
+to the <bad_hosts> table and have all states originating from it flushed.
+Any new packets arriving from this host will be dropped unconditionally
+by the block rule.
+.Bd -literal -offset indent
+block quick from <bad_hosts>
+pass in on $ext_if proto tcp to $webserver port www keep state \e
+      (max-src-conn-rate 100/10, overload <bad_hosts> flush global)
+.Ed
+.Sh TRAFFIC NORMALISATION
+Traffic normalisation is a broad umbrella term
+for aspects of the packet filter which deal with
+verifying packets, packet fragments, spoof traffic,
+and other irregularities.
+.Ss Scrub
+Scrub involves sanitising packet content in such a way
+that there are no ambiguities in packet interpretation on the receiving side.
+It is invoked with the
+.Cm scrub
+option, added to regular rules.
+.Pp
+Parameters are specified enclosed in parentheses.
+At least one of the following parameters must be specified:
+.Bl -tag -width xxxx
+.It Cm max-mss Ar number
+Reduces the maximum segment size (MSS)
+on TCP SYN packets to be no greater than
+.Ar number .
+This is sometimes required in scenarios where the two endpoints
+of a TCP connection are not able to carry similar sized packets
+and the resulting mismatch can lead to packet fragmentation or loss.
+Note that setting the MSS this way can have undesirable effects,
+such as interfering with the OS detection features of
+.Xr pf 4 .
+.It Cm min-ttl Ar number
+Enforces a minimum TTL for matching IP packets.
+.It Cm no-df
+Clears the
+.Dq dont-fragment
+bit from a matching IPv4 packet.
+Some operating systems have NFS implementations
+which are known to generate fragmented packets with the
+.Dq dont-fragment
+bit set.
+.Xr pf 4
+will drop such fragmented
+.Dq dont-fragment
+packets unless
+.Cm no-df
+is specified.
+.Pp
+Unfortunately some operating systems also generate their
+.Dq dont-fragment
+packets with a zero IP identification field.
+Clearing the
+.Dq dont-fragment
+bit on packets with a zero IP ID may cause deleterious results if an
+upstream router later fragments the packet.
+Using
+.Cm random-id
+is recommended in combination with
+.Cm no-df
+to ensure unique IP identifiers.
+.It Cm random-id
+Replaces the IPv4 identification field with random values to compensate
+for predictable values generated by many hosts.
+This option only applies to packets that are not fragmented
+after the optional fragment reassembly.
+.It Cm reassemble tcp
+Statefully normalises TCP connections.
+.Cm reassemble tcp
+performs the following normalisations:
+.Bl -ohang
+.It TTL
+Neither side of the connection is allowed to reduce their IP TTL.
+An attacker may send a packet such that it reaches the firewall, affects
+the firewall state, and expires before reaching the destination host.
+.Cm reassemble tcp
+will raise the TTL of all packets back up to the highest value seen on
+the connection.
+.It Timestamp Modulation
+Modern TCP stacks will send a timestamp on every TCP packet and echo
+the other endpoint's timestamp back to them.
+Many operating systems will merely start the timestamp at zero when
+first booted, and increment it several times a second.
+The uptime of the host can be deduced by reading the timestamp and multiplying
+by a constant.
+Also observing several different timestamps can be used to count hosts
+behind a NAT device.
+And spoofing TCP packets into a connection requires knowing or guessing
+valid timestamps.
+Timestamps merely need to be monotonically increasing and not derived off a
+guessable base time.
+.Cm reassemble tcp
+will cause
+.Cm scrub
+to modulate the TCP timestamps with a random number.
+.It Extended PAWS Checks
+There is a problem with TCP on long fat pipes, in that a packet might get
+delayed for longer than it takes the connection to wrap its 32-bit sequence
+space.
+In such an occurrence, the old packet would be indistinguishable from a
+new packet and would be accepted as such.
+The solution to this is called PAWS: Protection Against Wrapped Sequence
+numbers.
+It protects against it by making sure the timestamp on each packet does
+not go backwards.
+.Cm reassemble tcp
+also makes sure the timestamp on the packet does not go forward more
+than the RFC allows.
+By doing this,
+.Xr pf 4
+artificially extends the security of TCP sequence numbers by 10 to 18
+bits when the host uses appropriately randomized timestamps, since a
+blind attacker would have to guess the timestamp as well.
+.El
+.El
+.Pp
+For example:
+.Pp
+.Dl match in all scrub (no-df random-id max-mss 1440)
+.Ss Fragment Handling
+The size of IP datagrams (packets) can be significantly larger than the
+maximum transmission unit (MTU) of the network.
+In cases when it is necessary or more efficient to send such large packets,
+the large packet will be fragmented into many smaller packets that will each
+fit onto the wire.
+Unfortunately for a firewalling device, only the first logical fragment will
+contain the necessary header information for the subprotocol that allows
+.Xr pf 4
+to filter on things such as TCP ports or to perform NAT.
+.Pp
+One alternative is to filter individual fragments with filter rules.
+If packet reassembly is turned off, it is passed to the filter.
+Filter rules with matching IP header parameters decide whether the
+fragment is passed or blocked, in the same way as complete packets
+are filtered.
+Without reassembly, fragments can only be filtered based on IP header
+fields (source/destination address, protocol), since subprotocol header
+fields are not available (TCP/UDP port numbers, ICMP code/type).
+The
+.Cm fragment
+option can be used to restrict filter rules to apply only to
+fragments, but not complete packets.
+Filter rules without the
+.Cm fragment
+option still apply to fragments, if they only specify IP header fields.
+For instance:
+.Bd -literal -offset indent
+pass in proto tcp from any to any port 80
+.Ed
+.Pp
+The rule above never applies to a fragment,
+even if the fragment is part of a TCP packet with destination port 80,
+because without reassembly this information
+is not available for each fragment.
+This also means that fragments cannot create new or match existing
+state table entries, which makes stateful filtering and address
+translation (NAT, redirection) for fragments impossible.
+.Pp
+In most cases, the benefits of reassembly outweigh the additional
+memory cost,
+so reassembly is on by default.
+.Pp
+The memory allocated for fragment caching can be limited using
+.Xr pfctl 8 .
+Once this limit is reached, fragments that would have to be cached
+are dropped until other entries time out.
+The timeout value can also be adjusted.
+.Pp
+When forwarding reassembled IPv6 packets, pf refragments them with
+the original maximum fragment size.
+This allows the sender to determine the optimal fragment size by
+path MTU discovery.
+.Ss Blocking Spoofed Traffic
+Spoofing is the faking of IP addresses,
+typically for malicious purposes.
+The
+.Ic antispoof
+directive expands to a set of filter rules which will block all
+traffic with a source IP from the network(s) directly connected
+to the specified interface(s) from entering the system through
+any other interface.
+.Pp
+For example:
+.Dl antispoof for lo0
+.Pp
+Expands to:
+.Bd -literal -offset indent -compact
+block drop in on ! lo0 inet from 127.0.0.1/8 to any
+block drop in on ! lo0 inet6 from ::1 to any
+.Ed
+.Pp
+For non-loopback interfaces, there are additional rules to block incoming
+packets with a source IP address identical to the interface's IP(s).
+For example, assuming the interface wi0 had an IP address of 10.0.0.1 and a
+netmask of 255.255.255.0:
+.Pp
+.Dl antispoof for wi0 inet
+.Pp
+Expands to:
+.Bd -literal -offset indent -compact
+block drop in on ! wi0 inet from 10.0.0.0/24 to any
+block drop in inet from 10.0.0.1 to any
+.Ed
+.Pp
+Caveat: Rules created by the
+.Ic antispoof
+directive interfere with packets sent over loopback interfaces
+to local addresses.
+One should pass these explicitly.
+.Sh OPERATING SYSTEM FINGERPRINTING
+Passive OS fingerprinting is a mechanism to inspect nuances of a TCP
+connection's initial SYN packet and guess at the host's operating system.
+Unfortunately these nuances are easily spoofed by an attacker so the
+fingerprint is not useful in making security decisions.
+But the fingerprint is typically accurate enough to make policy decisions
+upon.
+.Pp
+The fingerprints may be specified by operating system class, by
+version, or by subtype/patchlevel.
+The class of an operating system is typically the vendor or genre
+and would be
+.Ox
+for the
+.Xr pf 4
+firewall itself.
+The version of the oldest available
+.Ox
+release on the main FTP site
+would be 2.6 and the fingerprint would be written as:
+.Pp
+.Dl \&"OpenBSD 2.6\&"
+.Pp
+The subtype of an operating system is typically used to describe the
+patchlevel if that patch led to changes in the TCP stack behavior.
+In the case of
+.Ox ,
+the only subtype is for a fingerprint that was
+normalised by the
+.Cm no-df
+scrub option and would be specified as:
+.Pp
+.Dl \&"OpenBSD 3.3 no-df\&"
+.Pp
+Fingerprints for most popular operating systems are provided by
+.Xr pf.os 5 .
+Once
+.Xr pf 4
+is running, a complete list of known operating system fingerprints may
+be listed by running:
+.Pp
+.Dl # pfctl -so
+.Pp
+Filter rules can enforce policy at any level of operating system specification
+assuming a fingerprint is present.
+Policy could limit traffic to approved operating systems or even ban traffic
+from hosts that aren't at the latest service pack.
+.Pp
+The
+.Cm unknown
+class can also be used as the fingerprint which will match packets for
+which no operating system fingerprint is known.
+.Pp
+Examples:
+.Bd -literal -offset indent
+pass  out proto tcp from any os OpenBSD
+block out proto tcp from any os Doors
+block out proto tcp from any os "Doors PT"
+block out proto tcp from any os "Doors PT SP3"
+block out from any os "unknown"
+pass on lo0 proto tcp from any os "OpenBSD 3.3 lo0"
+.Ed
+.Pp
+Operating system fingerprinting is limited only to the TCP SYN packet.
+This means that it will not work on other protocols and will not match
+a currently established connection.
+.Pp
+Caveat: operating system fingerprints are occasionally wrong.
+There are three problems: an attacker can trivially craft packets to
+appear as any operating system;
+an operating system patch could change the stack behavior and no fingerprints
+will match it until the database is updated;
+and multiple operating systems may have the same fingerprint.
+.Sh EXAMPLES
+In this example,
+the external interface is
+.Pa kue0 .
+We use a macro for the interface name, so it can be changed easily.
+All incoming traffic is "normalised",
+and everything is blocked and logged by default.
+.Bd -literal -offset 4n
+ext_if = "kue0"
+match in all scrub (no-df max-mss 1440)
+block return log on $ext_if all
+.Ed
+.Pp
+Here we specifically block packets we don't want:
+anything coming from source we have no back routes for;
+packets whose ingress interface does not match the one in
+the route back to their source address;
+anything that does not have our address (157.161.48.183) as source;
+broadcasts (cable modem noise);
+and anything from reserved address space or invalid addresses.
+.Bd -literal -offset 4n
+block in from no-route to any
+block in from urpf-failed to any
+block out log quick on $ext_if from ! 157.161.48.183 to any
+block in quick on $ext_if from any to 255.255.255.255
+block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, \e
+    192.168.0.0/16, 255.255.255.255/32 } to any
+.Ed
+.Pp
+For ICMP,
+pass out/in ping queries.
+State matching is done on host addresses and ICMP ID (not type/code),
+so replies (like 0/0 for 8/0) will match queries.
+ICMP error messages (which always refer to a TCP/UDP packet)
+are handled by the TCP/UDP states.
+.Bd -literal -offset 4n
+pass on $ext_if inet proto icmp all icmp-type 8 code 0
+.Ed
+.Pp
+For UDP,
+pass out all UDP connections.
+DNS connections are passed in.
+.Bd -literal -offset 4n
+pass out on $ext_if proto udp all
+pass in on $ext_if proto udp from any to any port domain
+.Ed
+.Pp
+For TCP,
+pass out all TCP connections and modulate state.
+SSH, SMTP, DNS, and IDENT connections are passed in.
+We do not allow Windows 9x SMTP connections since they are typically
+a viral worm.
+.Bd -literal -offset 4n
+pass out on $ext_if proto tcp all modulate state
+pass in on $ext_if proto tcp from any to any \e
+    port { ssh, smtp, domain, auth }
+block in on $ext_if proto tcp from any \e
+    os { "Windows 95", "Windows 98" } to any port smtp
+.Ed
+.Pp
+Here we pass in/out all IPv6 traffic:
+note that we have to enable this in two different ways,
+on both our physical interface and our tunnel.
+.Bd -literal -offset 4n
+pass quick on gif0 inet6
+pass quick on $ext_if proto ipv6
+.Ed
+.Pp
+This example illustrates packet tagging.
+There are three interfaces: $int_if, $ext_if, and $wifi_if (wireless).
+NAT is being done on $ext_if for all outgoing packets.
+Packets in on $int_if are tagged and passed out on $ext_if.
+All other outgoing packets
+(i.e. packets from the wireless network)
+are only permitted to access port 80.
+.Bd -literal -offset 4n
+pass in on $int_if from any to any tag INTNET
+pass in on $wifi_if from any to any
+
+block out on $ext_if from any to any
+pass out quick on $ext_if tagged INTNET
+pass out on $ext_if proto tcp from any to any port 80
+.Ed
+.Pp
+In this example,
+we tag incoming packets as they are redirected to
+.Xr spamd 8 .
+The tag is used to pass those packets through the packet filter.
+.Bd -literal -offset 4n
+match in on $ext_if inet proto tcp from <spammers> to port smtp \e
+     tag SPAMD rdr-to 127.0.0.1 port spamd
+
+block in on $ext_if
+pass in on $ext_if inet proto tcp tagged SPAMD
+.Ed
+.Pp
+This example maps incoming requests on port 80 to port 8080, on
+which a daemon is running (because, for example, it is not run as root,
+and therefore lacks permission to bind to port 80).
+.Bd -literal -offset 4n
+match in on $ext_if proto tcp from any to any port 80 \e
+      rdr-to 127.0.0.1 port 8080
+.Ed
+.Pp
+If a
+.Ic pass
+rule is used with the
+.Cm quick
+modifier, packets matching the translation rule are passed without
+inspecting subsequent filter rules.
+.Bd -literal -offset 4n
+pass in quick on $ext_if proto tcp from any to any port 80 \e
+      rdr-to 127.0.0.1 port 8080
+.Ed
+.Pp
+In the example below, vlan12 is configured as 192.168.168.1;
+the machine translates all packets coming from 192.168.168.0/24 to 204.92.77.111
+when they are going out any interface except vlan12.
+This has the net effect of making traffic from the 192.168.168.0/24
+network appear as though it is the Internet routable address
+204.92.77.111 to nodes behind any interface on the router except
+for the nodes on vlan12.
+Thus, 192.168.168.1 can talk to the 192.168.168.0/24 nodes.
+.Bd -literal -offset 4n
+match out on ! vlan12 from 192.168.168.0/24 to any nat-to 204.92.77.111
+.Ed
+.Pp
+In the example below, the machine sits between a fake internal
+144.19.74.* network, and a routable external IP of 204.92.77.100.
+The last rule excludes protocol AH from being translated.
+.Bd -literal -offset 4n
+pass out on $ext_if from 144.19.74.0/24 nat-to 204.92.77.100
+pass out on $ext_if proto ah from 144.19.74.0/24
+.Ed
+.Pp
+In the example below, packets bound for one specific server, as well as those
+generated by the sysadmins are not proxied; all other connections are.
+.Bd -literal -offset 4n
+pass in on $int_if proto { tcp, udp } from any to any port 80 \e
+      rdr-to 127.0.0.1 port 80
+pass in on $int_if proto { tcp, udp } from any to $server port 80
+pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80
+.Ed
+.Pp
+This example maps outgoing packets' source port
+to an assigned proxy port instead of an arbitrary port.
+In this case, proxy outgoing isakmp with port 500 on the gateway.
+.Bd -literal -offset 4n
+match out on $ext_if inet proto udp from any port isakmp to any \e
+    nat-to ($ext_if) port 500
+.Ed
+.Pp
+One more example uses
+.Cm rdr-to
+to redirect a TCP and UDP port to an internal machine.
+.Bd -literal -offset 4n
+match in on $ext_if inet proto tcp from any to ($ext_if) port 8080 \e
+      rdr-to 10.1.2.151 port 22
+match in on $ext_if inet proto udp from any to ($ext_if) port 8080 \e
+      rdr-to 10.1.2.151 port 53
+.Ed
+.Pp
+In this example, a NAT gateway is set up to translate internal addresses
+using a pool of public addresses (192.0.2.16/28).
+A given source address is always translated to the same pool address by
+using the
+.Cm source-hash
+keyword.
+The gateway also translates incoming web server connections
+to a group of web servers on the internal network.
+.Bd -literal -offset 4n
+match out on $ext_if inet from any to any nat-to 192.0.2.16/28 \e
+    source-hash
+match in  on $ext_if proto tcp from any to any port 80 \e
+    rdr-to { 10.1.2.155 weight 2, 10.1.2.160 weight 1, \e
+             10.1.2.161 weight 8 } round-robin
+.Ed
+.Pp
+The bidirectional address translation example uses a single
+.Cm binat-to
+rule that expands to a
+.Cm nat-to
+and an
+.Cm rdr-to
+rule.
+.Bd -literal -offset 4n
+pass on $ext_if from 10.1.2.120 to any binat-to 192.0.2.17
+.Ed
+.Pp
+The previous example is identical to the following set of rules:
+.Bd -literal -offset 4n
+pass out on $ext_if inet from 10.1.2.120 to any \e
+      nat-to 192.0.2.17 static-port
+pass in on $ext_if inet from any to 192.0.2.17 rdr-to 10.1.2.120
+.Ed
+.Pp
+In the example below, a router handling both address families
+translates an internal IPv4 subnet to IPv6 using the well-known
+64:ff9b::/96 prefix:
+.Bd -literal -offset 4n
+pass in on $v4_if inet af-to inet6 from ($v6_if) to 64:ff9b::/96
+.Ed
+.Pp
+Paired with the example above, the example below can be used on
+another router handling both address families to translate back
+to IPv4:
+.Bd -literal -offset 4n
+pass in on $v6_if inet6 to 64:ff9b::/96 af-to inet from ($v4_if)
+.Ed
+.Sh GRAMMAR
+Syntax for
+.Nm
+in BNF:
+.Bd -literal
+line           = ( option | pf-rule |
+                 antispoof-rule | queue-rule | anchor-rule |
+                 anchor-close | load-anchor | table-rule | include )
+
+option         = "set" ( [ "timeout" ( timeout | "{" timeout-list "}" ) ] |
+                 [ "ruleset-optimization" [ "none" | "basic" |
+                 "profile" ] ] |
+                 [ "optimization" [ "default" | "normal" | "high-latency" |
+                 "satellite" | "aggressive" | "conservative" ] ]
+                 [ "limit" ( limit-item | "{" limit-list "}" ) ] |
+                 [ "loginterface" ( interface-name | "none" ) ] |
+                 [ "block-policy" ( "drop" | "return" ) ] |
+                 [ "state-policy" ( "if-bound" | "floating" ) ]
+                 [ "state-defaults" state-opts ]
+                 [ "fingerprints" filename ] |
+                 [ "skip on" ifspec ] |
+                 [ "debug" ( "emerg" | "alert" | "crit" | "err" |
+                 "warning" | "notice" | "info" | "debug" ) ] |
+                 [ "reassemble" ( "yes" | "no" ) [ "no-df" ] ] )
+
+pf-rule        = action [ ( "in" | "out" ) ]
+                 [ "log" [ "(" logopts ")"] ] [ "quick" ]
+                 [ "on" ( ifspec | "rdomain" number ) ] [ af ]
+                 [ protospec ] [ hosts ] [ filteropts ]
+
+logopts        = logopt [ [ "," ] logopts ]
+logopt         = "all" | "matches" | "user" | "to" interface-name
+
+filteropts     = filteropt [ [ "," ] filteropts ]
+filteropt      = user | group | flags | icmp-type | icmp6-type |
+                 "tos" tos |
+                 ( "no" | "keep" | "modulate" | "synproxy" ) "state"
+                 [ "(" state-opts ")" ] | "scrub" "(" scrubopts ")" |
+                 "fragment" | "allow-opts" | "once" |
+                 "divert-packet" "port" port | "divert-reply" |
+                 "divert-to" host "port" port |
+                 "label" string | "tag" string | [ "!" ] "tagged" string |
+                 "max-pkt-rate" number "/" seconds |
+                 "set delay" number |
+                 "set prio" ( number | "(" number [ [ "," ] number ] ")" ) |
+                 "set queue" ( string | "(" string [ [ "," ] string ] ")" ) |
+                 "rtable" number | "probability" number"%" |
+                 "state limiter" name |
+                 "state limiter" name "(" limiter-opts ")" |
+                 "source limiter" name |
+                 "source limiter" name "(" limiter-opts ")" | "prio" number |
+                 "af-to" af "from" ( redirhost | "{" redirhost-list "}" )
+                 [ "to" ( redirhost | "{" redirhost-list "}" ) ] |
+                 "binat-to" ( redirhost | "{" redirhost-list "}" )
+                 [ portspec ] [ pooltype ] |
+                 "rdr-to" ( redirhost | "{" redirhost-list "}" )
+                 [ portspec ] [ pooltype ] |
+                 "nat-to" ( redirhost | "{" redirhost-list "}" )
+                 [ portspec ] [ pooltype ] [ "static-port" ] |
+                 [ route ] | [ "set tos" tos ] |
+                 [ [ "!" ] "received-on" ( interface-name | interface-group ) ]
+
+scrubopts      = scrubopt [ [ "," ] scrubopts ]
+scrubopt       = "no-df" | "min-ttl" number | "max-mss" number |
+                 "reassemble tcp" | "random-id"
+
+antispoof-rule = "antispoof" [ "log" ] [ "quick" ]
+                 "for" ifspec [ af ] [ "label" string ]
+
+table-rule     = "table" "<" string ">" [ tableopts ]
+tableopts      = tableopt [ tableopts ]
+tableopt       = "persist" | "const" | "counters" |
+                 "file" string | "{" [ tableaddrs ] "}"
+tableaddrs     = tableaddr-spec [ [ "," ] tableaddrs ]
+tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ]
+tableaddr      = hostname | ifspec | "self" |
+                 ipv4-dotted-quad | ipv6-coloned-hex
+
+queue-rule     = "queue" string [ "on" interface-name ] queueopts-list
+
+anchor-rule    = "anchor" [ string ] [ ( "in" | "out" ) ] [ "on" ifspec ]
+                 [ af ] [ protospec ] [ hosts ] [ filteropt-list ] [ "{" ]
+
+anchor-close   = "}"
+
+load-anchor    = "load anchor" string "from" filename
+
+queueopts-list = queueopts-list queueopts | queueopts
+queueopts      = ([ "bandwidth" bandwidth ] | [ "min" bandwidth ] |
+                 [ "max" bandwidth ] | [ "parent" string ] |
+                 [ "default" ]) |
+                 ([ "flows" number ] | [ "quantum" number ]) |
+                 [ "qlimit" number ]
+
+bandwidth      = bandwidth-spec [ "burst" bandwidth-spec "for" number "ms" ]
+bandwidth-spec = number ( "" | "K" | "M" | "G" )
+
+action         = "pass" | "match" | "block" [ return ]
+return         = "drop" | "return" |
+                 "return-rst" [ "(" "ttl" number ")" ] |
+                 "return-icmp" [ "(" icmpcode [ [ "," ] icmp6code ] ")" ] |
+                 "return-icmp6" [ "(" icmp6code ")" ]
+icmpcode       = ( icmp-code-name | icmp-code-number )
+icmp6code      = ( icmp6-code-name | icmp6-code-number )
+
+ifspec         = ( [ "!" ] ( interface-name | interface-group ) ) |
+                 "{" interface-list "}"
+interface-list = [ "!" ] ( interface-name | interface-group )
+                 [ [ "," ] interface-list ]
+route          = ( "route-to" | "reply-to" | "dup-to" )
+                 ( redirhost | "{" redirhost-list "}" )
+af             = "inet" | "inet6"
+
+protospec      = "proto" ( proto-name | proto-number |
+                 "{" proto-list "}" )
+proto-list     = ( proto-name | proto-number ) [ [ "," ] proto-list ]
+
+hosts          = "all" |
+                 "from" ( "any" | "no-route" | "urpf-failed" | "self" |
+                 host | "{" host-list "}" | "route" string ) [ port ]
+                 [ os ]
+                 "to"   ( "any" | "no-route" | "self" | host |
+                 "{" host-list "}" | "route" string ) [ port ]
+
+ipspec         = "any" | host | "{" host-list "}"
+host           = [ "!" ] ( address [ "weight" number ] |
+                 address [ "/" mask-bits ] [ "weight" number ] |
+                 "<" string ">" )
+redirhost      = address [ "/" mask-bits ]
+address        = ( interface-name | interface-group |
+                 "(" ( interface-name | interface-group ) ")" |
+                 hostname | ipv4-dotted-quad | ipv6-coloned-hex )
+host-list      = host [ [ "," ] host-list ]
+redirhost-list = redirhost [ [ "," ] redirhost-list ]
+
+port           = "port" ( unary-op | binary-op | "{" op-list "}" )
+portspec       = "port" ( number | name ) [ ":" ( "*" | number | name ) ]
+os             = "os"  ( os-name | "{" os-list "}" )
+user           = "user" ( unary-op | binary-op | "{" op-list "}" )
+group          = "group" ( unary-op | binary-op | "{" op-list "}" )
+
+unary-op       = [ "=" | "!=" | "<" | "<=" | ">" | ">=" ]
+                 ( name | number )
+binary-op      = number ( "<>" | "><" | ":" ) number
+op-list        = ( unary-op | binary-op ) [ [ "," ] op-list ]
+
+os-name        = operating-system-name
+os-list        = os-name [ [ "," ] os-list ]
+
+flags          = "flags" ( [ flag-set ] "/"  flag-set | "any" )
+flag-set       = [ "F" ] [ "S" ] [ "R" ] [ "P" ] [ "A" ] [ "U" ] [ "E" ]
+                 [ "W" ]
+
+icmp-type      = "icmp-type" ( icmp-type-code | "{" icmp-list "}" )
+icmp6-type     = "icmp6-type" ( icmp-type-code | "{" icmp-list "}" )
+icmp-type-code = ( icmp-type-name | icmp-type-number )
+                 [ "code" ( icmp-code-name | icmp-code-number ) ]
+icmp-list      = icmp-type-code [ [ "," ] icmp-list ]
+
+tos            = ( "lowdelay" | "throughput" | "reliability" |
+                 [ "0x" ] number )
+
+state-opts     = state-opt [ [ "," ] state-opts ]
+state-opt      = ( "max" number | "no-sync" | timeout | "sloppy" |
+                 "pflow" | "source-track" [ ( "rule" | "global" ) ] |
+                 "max-src-nodes" number | "max-src-states" number |
+                 "max-src-conn" number |
+                 "max-src-conn-rate" number "/" number |
+                 "overload" "<" string ">" [ "flush" [ "global" ] ] |
+                 "if-bound" | "floating" )
+
+timeout-list   = timeout [ [ "," ] timeout-list ]
+timeout        = ( "tcp.first" | "tcp.opening" | "tcp.established" |
+                 "tcp.closing" | "tcp.finwait" | "tcp.closed" | "tcp.tsdiff" |
+                 "udp.first" | "udp.single" | "udp.multiple" |
+                 "icmp.first" | "icmp.error" |
+                 "other.first" | "other.single" | "other.multiple" |
+                 "frag" | "interval" | "src.track" |
+                 "adaptive.start" | "adaptive.end" ) number
+
+limit-list     = limit-item [ [ "," ] limit-list ]
+limit-item     = ( "states" | "frags" | "src-nodes" | "tables" |
+                 "table-entries" ) number
+
+pooltype       = ( "bitmask" | "least-states" |
+                 "random" | "round-robin" |
+                 "source-hash" [ ( hex-key | string-key ) ] )
+                 [ "sticky-address" ]
+
+limiter-opts   = "block" | "no-match"
+
+include        = "include" filename
+.Ed
+.Sh FILES
+.Bl -tag -width /etc/examples/pf.conf -compact
+.It Pa /etc/hosts
+Host name database.
+.It Pa /etc/pf.conf
+Default location of the ruleset file.
+.It Pa /etc/examples/pf.conf
+Example ruleset file.
+.It Pa /etc/pf.os
+Default location of OS fingerprints.
+.It Pa /etc/protocols
+Protocol name database.
+.It Pa /etc/services
+Service name database.
+.El
+.Sh SEE ALSO
+.Xr pf 4 ,
+.Xr pflow 4 ,
+.Xr pfsync 4 ,
+.Xr pf.os 5 ,
+.Xr pfctl 8 ,
+.Xr pflogd 8
+.Sh HISTORY
+The
+.Nm
+file format first appeared in
+.Ox 3.0 .
diff --git a/static/openbsd/man5/pf.os.5 b/static/openbsd/man5/pf.os.5
new file mode 100644
index 00000000..aaf432cb
--- /dev/null
+++ b/static/openbsd/man5/pf.os.5
@@ -0,0 +1,220 @@
+.\"	$OpenBSD: pf.os.5,v 1.8 2007/05/31 19:19:58 jmc Exp $
+.\"
+.\" Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.Dd $Mdocdate: May 31 2007 $
+.Dt PF.OS 5
+.Os
+.Sh NAME
+.Nm pf.os
+.Nd format of the operating system fingerprints file
+.Sh DESCRIPTION
+The
+.Xr pf 4
+firewall and the
+.Xr tcpdump 8
+program can both fingerprint the operating system of hosts that
+originate an IPv4 TCP connection.
+The file consists of newline-separated records, one per fingerprint,
+containing nine colon
+.Pq Ql \&:
+separated fields.
+These fields are as follows:
+.Pp
+.Bl -tag -width Description -offset indent -compact
+.It window
+The TCP window size.
+.It TTL
+The IP time to live.
+.It df
+The presence of the IPv4 don't fragment bit.
+.It packet size
+The size of the initial TCP packet.
+.It TCP options
+An ordered list of the TCP options.
+.It class
+The class of operating system.
+.It version
+The version of the operating system.
+.It subtype
+The subtype of patchlevel of the operating system.
+.It description
+The overall textual description of the operating system, version and subtype.
+.El
+.Pp
+The
+.Ar window
+field corresponds to the th->th_win field in the TCP header and is the
+source host's advertised TCP window size.
+It may be between zero and 65,535 inclusive.
+The window size may be given as a multiple of a constant by prepending
+the size with a percent sign
+.Sq %
+and the value will be used as a modulus.
+Three special values may be used for the window size:
+.Pp
+.Bl -tag -width xxx -offset indent -compact
+.It *
+An asterisk will wildcard the value so any window size will match.
+.It S
+Allow any window size which is a multiple of the maximum segment size (MSS).
+.It T
+Allow any window size which is a multiple of the maximum transmission unit
+(MTU).
+.El
+.Pp
+The
+.Ar ttl
+value is the initial time to live in the IP header.
+The fingerprint code will account for the volatility of the packet's TTL
+as it traverses a network.
+.Pp
+The
+.Ar df
+bit corresponds to the Don't Fragment bit in an IPv4 header.
+It tells intermediate routers not to fragment the packet and is used for
+path MTU discovery.
+It may be either a zero or a one.
+.Pp
+The
+.Ar packet size
+is the literal size of the full IP packet and is a function of all of
+the IP and TCP options.
+.Pp
+The
+.Ar TCP options
+field is an ordered list of the individual TCP options that appear in the
+SYN packet.
+Each option is described by a single character separated by a comma and
+certain ones may include a value.
+The options are:
+.Pp
+.Bl -tag -width Description -offset indent -compact
+.It Mnnn
+maximum segment size (MSS) option.
+The value is the maximum packet size of the network link which may
+include the
+.Sq %
+modulus or match all MSSes with the
+.Sq *
+value.
+.It N
+the NOP option (NO Operation).
+.It T[0]
+the timestamp option.
+Certain operating systems always start with a zero timestamp in which
+case a zero value is added to the option; otherwise no value is appended.
+.It S
+the Selective ACKnowledgement OK (SACKOK) option.
+.It Wnnn
+window scaling option.
+The value is the size of the window scaling which may include the
+.Sq %
+modulus or match all window scalings with the
+.Sq *
+value.
+.El
+.Pp
+No TCP options in the fingerprint may be given with a single dot
+.Sq \&. .
+.Pp
+An example of OpenBSD's TCP options are:
+.Pp
+.Dl M*,N,N,S,N,W0,N,N,T
+.Pp
+The first option
+.Ar M*
+is the MSS option and will match all values.
+The second and third options
+.Ar N
+will match two NOPs.
+The fourth option
+.Ar S
+will match the SACKOK option.
+The fifth
+.Ar N
+will match another NOP.
+The sixth
+.Ar W0
+will match a window scaling option with a zero scaling size.
+The seventh and eighth
+.Ar N
+options will match two NOPs.
+And the ninth and final option
+.Ar T
+will match the timestamp option with any time value.
+.Pp
+The TCP options in a fingerprint will only match packets with the
+exact same TCP options in the same order.
+.Pp
+The
+.Ar class
+field is the class, genre or vendor of the operating system.
+.Pp
+The
+.Ar version
+is the version of the operating system.
+It is used to distinguish between different fingerprints of operating
+systems of the same class but different versions.
+.Pp
+The
+.Ar subtype
+is the subtype or patch level of the operating system version.
+It is used to distinguish between different fingerprints of operating
+systems of the same class and same version but slightly different
+patches or tweaking.
+.Pp
+The
+.Ar description
+is a general description of the operating system, its version,
+patchlevel and any further useful details.
+.Sh EXAMPLES
+The fingerprint of a plain
+.Ox 3.3
+host is:
+.Bd -literal
+  16384:64:1:64:M*,N,N,S,N,W0,N,N,T:OpenBSD:3.3::OpenBSD 3.3
+.Ed
+.Pp
+The fingerprint of an
+.Ox 3.3
+host behind a PF scrubbing firewall with a no-df rule would be:
+.Bd -literal
+  16384:64:0:64:M*,N,N,S,N,W0,N,N,T:OpenBSD:3.3:!df:OpenBSD 3.3 scrub no-df
+.Ed
+.Pp
+An absolutely braindead embedded operating system fingerprint could be:
+.Bd -literal
+  65535:255:0:40:.:DUMMY:1.1:p3:Dummy embedded OS v1.1p3
+.Ed
+.Pp
+The
+.Xr tcpdump 8
+output of
+.Bd -literal
+  # tcpdump -s128 -c1 -nv 'tcp[13] == 2'
+  03:13:48.118526 10.0.0.1.3377 > 10.0.0.2.80: S [tcp sum ok] \e
+      534596083:534596083(0) win 57344 <mss 1460> (DF) [tos 0x10] \e
+      (ttl 64, id 11315, len 44)
+.Ed
+.Pp
+almost translates into the following fingerprint
+.Bd -literal
+  57344:64:1:44:M1460:	exampleOS:1.0::exampleOS 1.0
+.Ed
+.Sh SEE ALSO
+.Xr pf 4 ,
+.Xr pf.conf 5 ,
+.Xr pfctl 8 ,
+.Xr tcpdump 8
diff --git a/static/openbsd/man5/port-modules.5 b/static/openbsd/man5/port-modules.5
new file mode 100644
index 00000000..18d2bb81
--- /dev/null
+++ b/static/openbsd/man5/port-modules.5
@@ -0,0 +1,1400 @@
+.\"	$OpenBSD: port-modules.5,v 1.283 2026/03/16 15:41:19 stu Exp $
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: March 16 2026 $
+.Dt PORT-MODULES 5
+.Os
+.Sh NAME
+.Nm port-modules
+.Nd documentation and conventions used in port modules
+.Sh DESCRIPTION
+The
+.Ox
+Ports framework is based on a gigantic makefile named
+.Xr bsd.port.mk 5 .
+.Pp
+In order to curb unwieldy growth, parts of the framework
+that are not always needed have been set apart in optional
+files called
+.Nm port modules ,
+which are retrieved as needed through the
+.Ev MODULES
+variable of
+.Xr bsd.port.mk 5 .
+.Pp
+Some of these modules correspond to basic mechanisms which are not
+always needed, such as GNU autoconf, or perl5.
+.Pp
+For convenience, setting
+.Ev CONFIGURE_STYLE
+in a port's main Makefile is enough to get perl5 or autoconf support, but
+.Ar gnu ,
+.Ar imake
+and
+.Ar perl5
+are actually modules, and there is some glue in
+.Xr bsd.port.mk 5
+that magically adds the required module in that case.
+This doesn't work when parsing modules.
+For instance, if you set
+.Li CONFIGURE_STYLE=gnu
+in a module, you also need to
+.Li MODULES += gnu .
+.Pp
+Other modules correspond to shortcuts for using some other ports as
+dependencies without needing to hardcode too much, such as
+the qt ports.
+.Sh THE MODULES LOOK-UP MECHANISM
+The variable
+.Ev MODULES
+should contain a list of module names.
+Some core modules are a single word, all other modules should be
+${PKGPATH}.
+If the module is
+.Pa some/dir/portname ,
+the ports framework will look for a file named
+.Pa ${PORTSDIR}/some/dir/portname/portname.port.mk
+and include it.
+.Pp
+Most modules should conform to this syntax.
+The historic practice of having a redirection file directly under
+.Pa ${PORTSDIR}/infrastructure/mk
+is deprecated for new modules.
+.Pp
+Modules may refer to each other.
+The modules mechanism has specific recursion handling such that
+adding
+.Li MODULES += foo/bar
+to a module will work as expected.
+.Sh NAMING CONVENTIONS
+Since there is no actual scope in makefiles, everything defined within
+a module will be global to the ports framework, and thus may interfere
+with other ports.
+.Pp
+As far as possible, all variables and targets belonging to a module named
+.Pa some/dir/foo
+should be named
+.Ev MODFOO_*
+and
+.Ar modfoo_* .
+.Pp
+Following the same conventions as
+.Xr bsd.port.mk 5 ,
+internal variables and targets not intended for user consumption should be
+named
+.Ev _MODFOO_*
+and
+.Ar _modfoo_* .
+.Pp
+For instance, if a module wants some value to be available for the rest
+of the world, it should define
+.Ev MODFOO_VARNAME ,
+with a name matching the basic infrastructure as far as possible.
+That is, a port that defines specific dependencies will usually
+define
+.Ev MODFOO_WANTLIB ,
+.Ev MODFOO_LIB_DEPENDS ,
+and
+.Ev MODFOO_RUN_DEPENDS ,
+as appropriate.
+.Pp
+As an exception to the naming mechanism, some ports have several distinct
+versions in the ports tree, say
+.Pa x11/qt5
+and
+.Pa x11/qt6 .
+Instead of using the namespace
+.Ev MODQT5* ,
+variables will usually drop the version suffix and be simply called
+.Ev MODQT_*
+so that a port using the module can be switched from version to version
+without needing to change everything.
+.Pp
+It is highly desirable to define names in both namespaces for such ports,
+for example to define both
+.Ev MODQT4_LIB_DEPENDS
+and
+.Ev MODQT_LIB_DEPENDS .
+Normal client ports will use
+.Ev MODQT_LIB_DEPENDS ,
+but a port may exceptionally import both modules with
+.Li MODULES += x11/qt5 x11/qt6
+and differentiate between qt5 and qt6 needs with
+.Ev MODQT5_LIB_DEPENDS
+and
+.Ev MODQT6_LIB_DEPENDS .
+See
+.Pa print/poppler
+for an example.
+.Sh OVERRIDING TARGET BEHAVIOR
+The main framework contains several hooks that allow ports to override
+normal behavior.
+This evolved as an ad-hoc framework, where only hooks that turned out
+to be needed were added.
+If several modules define the same hook, hook behaviors will be
+invoked in sequence.
+.Bl -tag -width do-configure
+.It Cm extract
+There is a
+.Cm post-extract
+hook that can be activated by defining
+.Ev MODFOO_post-extract .
+It will be run right after
+.Cm post-extract .
+.It Cm patch
+There is a
+.Cm post-patch
+hook that can be activated by defining
+.Ev MODFOO_post-patch .
+It will be run right after
+.Cm post-patch .
+.It Cm gen
+There is a
+.Cm gen
+hook that can be activated by defining
+.Ev MODFOO_gen .
+It will be run right after
+.Cm do-gen
+and before
+.Ev REORDER_DEPENDENCIES
+touches things.
+.It Cm configure
+There is a
+.Cm pre-configure
+hook that can be activated by defining
+.Ev MODFOO_pre-configure .
+It will be run right after
+.Cm pre-configure .
+The normal
+.Cm do-configure
+behavior is to invoke all
+.Ev MODFOO_configure
+contents that are defined in
+.Ev CONFIGURE_STYLE .
+By default,
+.Cm configure
+will do nothing.
+.Pp
+Some
+.Ev CONFIGURE_STYLE
+values, namely perl, gnu, imake, and autoconf,
+will automatically import the correct module.
+User-defined modules must both add to
+.Ev CONFIGURE_STYLE
+and import the correct module to override behavior.
+.Pp
+Contrary to other hooks, module behavior is not invoked in
+addition to
+.Cm do-configure ,
+but as the normal configure process.
+If
+.Cm do-configure
+is overridden, normal hook processing will not happen.
+.It Cm fake
+There is a
+.Cm pre-fake
+hook that can be activated by defining
+.Ev MODFOO_pre-fake .
+This will be invoked right after
+.Xr mtree 8 ,
+and before the normal
+.Cm pre-fake
+behavior.
+.Pp
+This can occasionally be used for ports that require some specific
+fake installation setup that will be provided by runtime dependencies.
+.It Cm install
+There is a
+.Cm post-install
+hook that can be activated by defining
+.Ev MODFOO_post-install .
+This will be invoked at the end of
+.Cm install ,
+right after the normal
+.Cm post-install
+behavior.
+.El
+.Pp
+Some targets, such as
+.Cm do-build
+or
+.Cm do-install ,
+can't be overridden simply.
+A module that, for instance, requires specific
+.Cm do-build
+behavior should do so in two steps:
+.Bl -bullet
+.It
+Define a variable named
+.Ev MODFOO_BUILD_TARGET
+that contains the commands necessary for
+.Cm do-build :
+.Bd -literal -offset indent
+MODFOO_BUILD_TARGET = cmd1; cmd2
+.Ed
+.It
+Override
+.Cm do-build
+only if it's not already defined by the port proper:
+.Bd -literal -offset indent
+\&.if !target(do-build)
+do-build:
+	@${MODFOO_BUILD_TARGET}
+\&.endif
+.Ed
+.El
+That way, if several modules require specific actions for those targets,
+the end user can choose the appropriate order in which to run the actions:
+.Bd -literal -offset indent
+do-build:
+	@${MODBAR_BUILD_TARGET}
+	@${MODFOO_BUILD_TARGET}
+	...
+.Ed
+.Sh OVERRIDING VARIABLE BEHAVIOR
+Some variables can be overridden by modules.
+Be very cautious, as this can make the module difficult to use,
+or interact badly with other modules.
+As a rule, always provide the override as:
+.Pp
+.Dl VARIABLE ?= value
+.Pp
+and provide a module-specific variable with the same value:
+.Pp
+.Dl MODFOO_VARIABLE = value .
+.Pp
+The following variables can be overridden in a relatively safe fashion:
+.Ev ALL_TARGET ,
+.Ev CONFIGURE_SCRIPT ,
+.Ev DESTDIRNAME ,
+.Ev DIST_SUBDIR ,
+.Ev DISTNAME ,
+.Ev DISTFILES ,
+.Ev EXTRACT_SUFX ,
+.Ev FAKE_FLAGS ,
+.Ev FETCH_MANUALLY ,
+.Ev HOMEPAGE ,
+.Ev IGNORE ,
+.Ev IS_INTERACTIVE ,
+.Ev LIBTOOL_FLAGS ,
+.Ev MAKE_FILE ,
+.Ev MULTI_PACKAGES ,
+.Ev NO_BUILD ,
+.Ev NO_TEST ,
+.Ev PATCH_LIST ,
+.Ev PKG_ARCH ,
+.Ev PKGNAME* ,
+.Ev PREFIX ,
+.Ev TEST_TARGET ,
+.Ev TEST_IS_INTERACTIVE ,
+.Ev REORDER_DEPENDENCIES ,
+.Ev SEPARATE_BUILD ,
+.Ev SITES ,
+.Ev USE_GMAKE ,
+.Ev USE_LIBTOOL .
+.Pp
+The following variables can be added to in a relatively safe fashion:
+.Ev BUILD_DEPENDS ,
+.Ev CATEGORIES ,
+.Ev CONFIGURE_ARGS ,
+.Ev CONFIGURE_ENV ,
+.Ev ERRORS ,
+.Ev FAKE_FLAGS ,
+.Ev FLAVOR ,
+.Ev FLAVORS ,
+.Ev INSTALL_TARGET ,
+.Ev LIB_DEPENDS ,
+.Ev MAKE_ENV ,
+.Ev MAKE_FLAGS ,
+.Ev PKG_ARGS ,
+.Ev PSEUDO_FLAVORS ,
+.Ev TEST_DEPENDS ,
+.Ev REORDER_DEPENDENCIES ,
+.Ev RUN_DEPENDS ,
+.Ev SUBST_VARS ,
+.Ev WANTLIB .
+.Sh SPECIFIC MODULE INTERACTIONS
+Some modules correspond to extra ports that will be used mostly as
+.Ev BUILD_DEPENDS
+or
+.Ev RUN_DEPENDS .
+Such modules can safely append values directly to the
+.Ev BUILD_DEPENDS ,
+.Ev RUN_DEPENDS ,
+.Ev LIB_DEPENDS ,
+and
+.Ev WANTLIB
+variables, as long as they also define module-specific variables for
+all runtime dependencies.
+.Pp
+Simple client ports will use the module directly, and thus inherit extra
+build and runtime dependencies.
+.Pp
+More sophisticated ports can use
+.Ev MULTI_PACKAGES
+to select specific behavior: build-time dependencies will always be
+needed.
+Runtime dependencies will be selected on a subpackage basis,
+since runtime dependencies such as
+.Ev LIB_DEPENDS-sub
+do not inherit the default
+.Ev LIB_DEPENDS
+value.
+The client port's author must only bear in mind that external modules
+may add values to the default
+.Ev WANTLIB ,
+.Ev LIB_DEPENDS ,
+and
+.Ev RUN_DEPENDS ,
+and thus that it is not safe to inherit from it blindly.
+.Pp
+Modules are imported during
+.Pp
+.Dl .include <bsd.port.mk>
+.Pp
+Thus they can be affected by user choices such as setting a variable
+to Yes or No.
+Modules may make decisions based on documented
+.Ev MODFOO_BEHAVIOR
+values.
+.Pp
+When modules are processed, only a few
+.Xr bsd.port.mk 5
+variables are already defined.
+Modules may depend upon the following variables already having a sane
+value:
+.Ev DISTDIR ,
+.Ev LOCALBASE ,
+.Ev NO_DEPENDS ,
+.Ev PKGPATH ,
+.Ev PORTSDIR ,
+.Ev X11BASE
+and all arch-dependent constants from
+.Xr bsd.port.arch.mk 5 ,
+such as
+.Ev PROPERTIES
+or
+.Ev LP64_ARCHS .
+Note that this is only relevant for tests.
+It is perfectly okay to define variables or targets that depend on the
+basic ports framework without having to care whether that variable is
+already defined, since
+.Xr make 1
+performs lazy evaluation.
+.Sh CORE MODULES DOCUMENTATION
+The following modules are available.
+.Bl -tag -width do-configure
+.It cpan
+For perl ports coming from CPAN.
+Wrapper around the normal perl module that fetches the file from
+the correct location depending on
+.Ev DISTNAME ,
+and sets a default
+.Ev PKGNAME .
+Also affects
+.Ev TEST_DEPENDS ,
+.Ev CONFIGURE_STYLE ,
+.Ev PKG_ARCH ,
+and
+.Ev CATEGORIES .
+.Pp
+Some CPAN modules are only indexed by author, set
+.Li CPAN_AUTHOR=ID
+to locate the right directory.
+.Pp
+If no
+.Ev HOMEPAGE
+is defined, it will default to
+.Pa http://search.cpan.org/dist/${DISTNAME:C/-[^-]*$//}/
+.Pp
+User settings: set
+.Ev CPAN_REPORT
+to Yes,
+.Ev CPAN_REPORT_DB
+to a valid directory,
+and
+.Ev CPAN_REPORT_FROM
+to a valid email address to automate the reporting
+of regression tests to CPAN.
+.Pp
+If
+.Ev MODCPAN_EXAMPLES
+is set, the following variables will be set.
+.Ev MODCPAN_EXAMPLES_DIST
+will hold the default directory in the distfile with
+example scripts.
+.Ev MODCPAN_EXAMPLES_DIR
+will be set to the standard installation directory for
+examples.
+Sets the
+.Cm post-install
+target if none has been defined to install the examples,
+otherwise
+.Ev MODCPAN_POST_INSTALL
+should be used as such:
+.Bd -literal
+post-install:
+	...
+	${MODCPAN_POST_INSTALL}
+.Ed
+.It databases/mariadb
+Adds small framework for testing ports that require running MariaDB.
+Defines
+.Ev MODMARIADB_TEST_TARGET
+which consists actual commands to run in
+.Cm do-test
+target.
+If this target isn't defined, it will be added automatically.
+.Pp
+The actual test command to be run could be specified in the
+.Ev MODMARIADB_TEST_CMD .
+Default is similar to what
+.Xr bsd.port.mk 5
+runs itself.
+.Pp
+The MariaDB server being started will listen on UNIX domain socket
+only, minimizing impact on running system.
+The path to socket is recorded in
+.Ev MODMARIADB_TEST_SOCKET .
+Any local user will be able to connect without password.
+.Pp
+If the
+.Ev MODMARIADB_TEST_DBNAME
+variable is set, the database with such name will be set up before
+running actual test command.
+Otherwise (default), the test is responsible to call
+.Xr mysqladmin 1
+itself, if needed.
+.Pp
+The
+.Pa databases/mariadb,-server
+will get added to
+.Ev TEST_DEPENDS ,
+but not to any other
+.Ev *_DEPENDS .
+The
+.Ev MODMARIADB_CLIENT_ARGS
+and
+.Ev MODMARIADB_ADMIN_ARGS
+variables hold arguments for
+.Xr mysql 1
+and
+.Xr mysqladmin 1 ,
+respectively; those argument lists could be used in test scripts
+for connecting to test server, if they aren't satisfied by environment.
+.It databases/postgresql
+Adds small framework for testing ports that require running Postgres.
+Defines
+.Ev MODPOSTGRESQL_TEST_TARGET
+which consists actual commands to run in
+.Cm do-test
+target.
+If this target isn't defined, it will be added automatically.
+.Pp
+The actual test command to be run could be specified in the
+.Ev MODPOSTGRESQL_TEST_CMD .
+Default is similar to what
+.Xr bsd.port.mk 5
+runs itself.
+.Pp
+The Postgres server being started will listen on UNIX domain socket
+only, minimizing impact on running system.
+The path to directory where socket will be created is set by
+.Ev MODPOSTGRESQL_TEST_PGHOST ,
+defaulting to
+.Pa ${WRKDIR} .
+Any local user will be able to connect without password.
+.Pp
+If the
+.Ev MODPOSTGRESQL_TEST_DBNAME
+variable is set, the database with such name will be set up before
+running actual test command.
+Otherwise (default), the test is responsible to call
+.Xr initdb 1
+itself.
+.Pp
+The
+.Pa databases/postgresql,-server
+will get added to
+.Ev TEST_DEPENDS ,
+but not to any other
+.Ev *_DEPENDS .
+.It devel/cmake
+Adds
+.Pa devel/cmake
+to
+.Ev BUILD_DEPENDS
+and fills up
+.Ev CONFIGURE_ARGS ,
+.Ev CONFIGURE_ENV
+and
+.Ev MAKE_ENV .
+Sets up
+.Cm configure
+target.
+If
+.Ev CONFIGURE_STYLE
+was not set before, sets its value to `cmake'.
+Changes default value of
+.Ev SEPARATE_BUILD
+to `Yes' because modern CMake requires out-of-source build anyway.
+Changes
+.Ev TEST_TARGET
+to `test' as this is standard for CMake projects.
+Also this module has the following knobs:
+.Bl -tag -width Ds
+.It MODCMAKE_DEBUG
+If set to `Yes', CMake will produce a debug build instead of a release
+build.
+The exact effects on the build process depend on settings specified in
+the CMake config files.
+Default value is `No'.
+.It MODCMAKE_LDFLAGS
+If set, the value will be passed to CMake via the
+.Ev LDFLAGS
+environment variable during configuration.
+CMake uses this only on the first configuration to set
+.Ev CMAKE_EXE_LINKER_FLAGS_INIT ,
+.Ev CMAKE_SHARED_LINKER_FLAGS_INIT ,
+and
+.Ev CMAKE_MODULE_LINKER_FLAGS_INIT .
+Default value is empty.
+.It MODCMAKE_VERBOSE
+If set to `Yes', CMake will print details during configure and build
+stages about exact command being run, etc.
+Should not be used in ports Makefiles.
+Default value is `Yes'.
+.It MODCMAKE_WANTCOLOR
+If set to `Yes', CMake will colorize its output.
+Should not be used in ports Makefiles.
+Default value is `No'.
+.It USE_NINJA
+If set to `Yes', use
+.Xr ninja 1
+as the build system instead of
+.Xr make 1 .
+Adds
+.Pa devel/ninja
+to
+.Ev BUILD_DEPENDS .
+If set to `No', uses Unix Makefiles generator and adds
+.Sq nojunk
+to
+.Ev DPB_PROPERTIES .
+Default value is `Yes'.
+.El
+.Pp
+When used together with other modules, appropriate variables are
+automatically passed to CMake:
+.Bl -tag -width "lang/python" -compact
+.It java
+.Ev JAVA_HOME
+is set in
+.Ev CONFIGURE_ENV
+and
+.Ev MAKE_ENV .
+.It lang/python
+Python executable, library, and include paths are set for FindPython,
+FindPython3, and FindPythonN modules.
+.It lang/lua
+Lua include directory and library path are set for FindLua.
+.It lang/ruby
+Ruby executable is set for FindRuby.
+.It lang/tcl
+Tcl version, include, library directories and library name are set in
+.Ev CONFIGURE_ENV .
+.It x11/tk
+Tk version, include, library directories and library name are set in
+.Ev CONFIGURE_ENV .
+.El
+.Pp
+The environment variable
+.Ev MODCMAKE_PORT_BUILD
+is automatically set to `yes' in
+.Ev CONFIGURE_ENV
+and
+.Ev MAKE_ENV .
+This disables CMake's default optimization flags, putting them under
+ports control, and prevents network operations
+.Pq file DOWNLOAD/UPLOAD
+during the build.
+.It devel/cabal
+See
+.Xr cabal-module 5
+for porting Haskell applications.
+.It devel/cargo
+See
+.Xr cargo-module 5 .
+.It devel/dconf
+Sets
+.Ev CONFIGURE_ARGS ,
+.Ev BUILD_DEPENDS
+and
+.Ev RUN_DEPENDS .
+This module is used by ports installing gsettings schemas under
+.Pa ${PREFIX}/share/glib-2.0/schemas/ .
+PLIST must contain:
+.Bd -literal -offset indent
+@tag glib-compile-schemas
+.Ed
+.It devel/gconf2
+A link from
+.Xr gconftool-2 1
+to
+.Xr true 1
+will be put at the front of the
+.Ev PATH .
+Sets
+.Ev CONFIGURE_ARGS ,
+.Ev BUILD_DEPENDS
+and
+.Ev RUN_DEPENDS .
+According to the values of
+.Ev MODGCONF2_LIBDEP ,
+sets
+.Ev LIB_DEPENDS .
+User settings: set
+.Ev MODGCONF2_SCHEMAS_DIR
+to the directory name under
+.Pa ${LOCALBASE}/share/schemas/
+where schemas files will be installed.
+.It devel/meson
+Adds
+.Pa devel/meson
+and
+.Pa devel/ninja
+to
+.Ev BUILD_DEPENDS .
+Sets up
+.Cm configure
+target.
+If
+.Ev CONFIGURE_STYLE
+was not set before, sets its value to `meson'.
+Changes default value of
+.Ev SEPARATE_BUILD
+to `Yes' because meson requires out-of-source build.
+If
+.Ev CONFIGURE_STYLE
+is 'meson',
+.Ev MODMESON_CONFIGURE_ARGS
+and
+.Ev MODMESON_CONFIGURE_ENV
+will add default values to
+.Ev CONFIGURE_ARGS
+and
+.Ev CONFIGURE_ENV .
+.Pp
+To figure out some dependencies,
+.Xr meson 1
+uses
+.Xr pkg-config 1
+then falls back to
+.Xr cmake 1 .
+As we do not want to enforce a dependency on devel/cmake/core,
+.Xr dpb 1
+might junk it if it's found.
+This could create a race between finding foo.cmake and junking
+.Xr cmake 1
+at
+configure time.
+To prevent this, unless devel/cmake/core is explicitly part of
+.Ev BUILD_DEPENDS ,
+.Xr cmake 1
+will be disabled by creating a link to false in ${WRKDIR}/bin/.
+.Pp
+This module supports the following knob:
+.Bl -tag -width Ds
+.It MODMESON_WANTCOLOR
+If set to `Yes', meson will colorize its output.
+Should not be used in ports Makefiles.
+Default value is `No'.
+.El
+.It devel/qmake
+See
+.Xr qmake-module 5 .
+.It devel/scons
+Adds
+.Pa devel/scons
+to
+.Ev BUILD_DEPENDS .
+Sets
+.Ev MODSCONS_BIN
+and
+.Ev MODSCONS_ENV .
+Also defines an overridable
+.Ev MODSCONS_FLAGS .
+It provides a
+.Cm do-build
+and
+.Cm do-install
+targets that can be overridden in the port Makefile.
+.It font
+Used for ports which primarily install fonts.
+Affects
+.Ev PKG_ARCH
+and
+.Ev EXTRACT_SUFX .
+Appends to
+.Ev CATEGORIES .
+When
+.Ev MODFONT_FAMILY
+is set in combination with
+.Ev MODFONT_VERSION ,
+it sets
+.Ev PKGNAME .
+.Ev MODFONT_FAMILY
+should be set to the name of the font family.
+This sets
+.Ev MODFONT_FONTDIR ,
+.Ev MODFONT_DOCDIR ,
+and
+.Ev MODFONT_WEBDIR
+using said family name.
+A
+.Cm do-install
+target is provided if the port itself does not provide it.
+This installs fonts from
+.Ev WRKSRC
+in the distribution.
+If one or more filenames (relative to
+.Ev WRKSRC )
+are listed in
+.Ev MODFONT_FONTFILES ,
+they will be installed to
+.Ev MODFONT_FONTDIR .
+Otherwise, otf files in
+.Ev WRKSRC
+will be installed, with a fallback to ttf.
+If filenames (relative to
+.Ev WRKSRC )
+are listed in
+.Ev MODFONT_DOCFILES ,
+they will be installed to
+.Ev MODFONT_DOCDIR .
+If filenames (relative to
+.Ev WRKSRC )
+are listed in
+.Ev MODFONT_WEBFILES ,
+they will be installed to
+.Ev MODFONT_WEBDIR ;
+ports that set
+.Ev MODFONT_WEBFILES
+must also declare a -web subpackage in
+.Ev MULTI_PACKAGES .
+.It fortran
+Sets
+.Ev MODFORTRAN_LIB_DEPENDS ,
+.Ev MODFORTRAN_WANTLIB ,
+.Ev MODFORTRAN_BUILD_DEPENDS .
+Set
+.Ev MODFORTRAN_COMPILER
+to `gfortran', or `flang', depending on what the port requires.
+The default is `gfortran'.
+The dependencies are chosen according to
+.Ev MODFORTRAN_COMPILER .
+.It gcc4
+If
+.Ev COMPILER_VERSION
+is not gcc4 (defined by
+.Pa /usr/share/mk/bsd.own.mk ) ,
+and architecture is in
+.Ev MODGCC4_ARCHS ,
+then the gcc4 compilers will be put at the front of the path.
+By default, only C language support is included by this module.
+If other languages are needed, they must be listed in
+.Ev MODGCC4_LANGS
+(e.g. c++, fortran).
+The
+.Ev MODGCC4_VERSION
+variable can be used to change the version of gcc.
+By default gcc 4.9 is used.
+If
+.Ev MODGCC4_LANGS
+contains c++, this module provides
+.Ev MODGCC4_CPPLIBDEP
+and
+.Ev MODGCC4_CPPWANTLIB .
+.It gnu
+This module is documented in the main
+.Xr bsd.port.mk 5
+manpage.
+.It imake
+This module is documented in the main
+.Xr bsd.port.mk 5
+manpage.
+.It java
+Set
+.Li MODJAVA_VER=x.y
+to use exactly the JDK x.y,
+.Li MODJAVA_VER=x.y+
+to use any x.y or higher version.
+Set
+.Li MODJAVA_JRERUN=Yes
+if the port only needs the JRE at runtime.
+The module sets
+.Ev JAVA_HOME ,
+.Ev ONLY_FOR_ARCHS ,
+.Ev MODJAVA_RUN_DEPENDS ,
+.Ev MODJAVA_SHARE_DIR ,
+.Ev MODJAVA_JAR_DIR ,
+.Ev MODJAVA_EXAMPLE_DIR
+and
+.Ev MODJAVA_DOC_DIR .
+It appends to
+.Ev BUILD_DEPENDS ,
+.Ev RUN_DEPENDS ,
+.Ev CATEGORIES
+and
+.Ev SUBST_VARS .
+If
+.Li MODJAVA_BUILD=ant
+then this module provides
+.Ev MODJAVA_BUILD_DIR ,
+.Ev MODJAVA_BUILD_FILE
+and
+.Ev MODJAVA_BUILD_TARGET_NAME ,
+as well as a
+.Cm do-build
+target (if not already defined).
+It heeds
+.Ev NO_BUILD .
+.It lang/clang
+Similar to gcc4 module.
+If architecture is in MODCLANG_ARCHS, the Clang compilers will be
+put at the front of the path.
+By default, only C language support is included by this module.
+If other languages are needed, they must be listed in
+.Ev MODCLANG_LANGS
+(e.g. c++).
+Sets
+.Ev MODCLANG_VERSION
+which is also appended to
+.Ev SUBST_VARS .
+.It lang/erlang
+.It lang/go
+See
+.Xr go-module 5 .
+.It lang/lua
+Sets
+.Ev MODLUA_BIN ,
+.Ev MODLUA_DATADIR ,
+.Ev MODLUA_DEP ,
+.Ev MODLUA_DEP_VERSION ,
+.Ev MODLUA_DOCDIR ,
+.Ev MODLUA_EXAMPLEDIR ,
+.Ev MODLUA_INCL_DIR ,
+.Ev MODLUA_LIB ,
+.Ev MODLUA_LIBDIR ,
+.Ev MODLUA_VERSION ,
+.Ev MODLUA_WANTLIB .
+Appends to
+.Ev CATEGORIES .
+Also appends to
+.Ev BUILD_DEPENDS ,
+unless
+.Ev NO_BUILD
+has been set to Yes.
+Also appends to
+.Ev RUN_DEPENDS ,
+unless
+.Ev MODLUA_RUNDEP
+is set to No.
+Appends
+.Ev MODLUA_VERSION ,
+.Ev MODLUA_LIB ,
+.Ev MODLUA_INCL_DIR ,
+.Ev MODLUA_EXAMPLEDIR ,
+.Ev MODLUA_DOCDIR ,
+.Ev MODLUA_LIBDIR ,
+.Ev MODLUA_DATADIR ,
+.Ev MODLUA_DEP ,
+.Ev MODLUA_DEP_VERSION ,
+.Ev MODLUA_BIN
+to
+.Ev SUBST_VARS .
+.Ev MODLUA_DEFAULT_VERSION
+is set to 5.1.
+.Ev MODLUA_VERSION is set to
+.Ev MODLUA_DEFAULT_VERSION
+by default.
+Ports can be built with several lua versions.
+If no FLAVOR is set, it defaults to MODLUA_DEFAULT_VERSION.
+Otherwise the FULLPKGNAME is adjusted, if MODLUA_SA is not set.
+In order to set a build, run or test dependency on a lua port,
+use the following, which will propagate the currently used flavor:
+.Ev MODLUA_BUILD_DEPENDS ,
+.Ev MODLUA_TEST_DEPENDS ,
+.Ev MODLUA_RUN_DEPENDS .
+.It lang/mono
+Sets
+.Ev MODMONO_ONLY_FOR_ARCHS ,
+.Ev CONFIGURE_ENV ,
+.Ev MAKE_FLAGS ,
+.Ev MODMONO_BUILD_DEPENDS
+and
+.Ev MODMONO_RUN_DEPENDS .
+If
+.Ev MODMONO_DEPS
+is set to Yes,
+.Pa lang/mono
+is appended to
+.Ev BUILD_DEPENDS
+and
+.Ev RUN_DEPENDS .
+.Ev DLLMAP_FILES
+defines in which files the module will substitute hardcoded
+shared library versions using a
+.Cm post-configure
+target.
+.It lang/ocaml
+Appends to
+.Ev BUILD_DEPENDS
+and
+.Ev MAKE_ENV .
+Appends to
+.Ev RUN_DEPENDS
+unless
+.Ev MODOCAML_RUNDEP
+is set to No, or set to if-not-native and native compilation
+is supported on this architecture.
+Including this module selects a %%native%% plist fragment and
+.Ev ocaml_native
+property depending on whether the architecture supports native
+compilation.
+If dynamic linking is supported on the native architecture,
+the %%dynlink%% plist fragment and
+.Ev ocaml_native_dynlink
+property is set.
+When
+.Ev CONFIGURE_STYLE
+is set to `oasis',
+overrides for the
+.Cm do-build ,
+.Cm do-install ,
+and
+.Cm do-test
+targets are added.
+.It lang/php
+Used for ports using PHP in some way:
+either extensions to PHP, or software written in PHP.
+Sets
+.Ev MODPHP_RUN_DEPENDS ,
+.Ev MODPHP_LIB_DEPENDS ,
+.Ev MODPHP_WANTLIB ,
+.Ev MODPHP_BIN ,
+.Ev MODPHP_PHPIZE ,
+.Ev MODPHP_PHP_CONFIG ,
+.Ev MODPHP_INCDIR
+and
+.Ev MODPHP_LIBDIR .
+Adds to
+.Ev RUN_DEPENDS
+unless
+.Ev MODPHP_RUNDEP
+is set to No.
+Adds to
+.Ev BUILD_DEPENDS
+if
+.Ev MODPHP_BUILDDEP
+is set to Yes.
+If
+.Ev MODPHP_DO_PHPIZE
+is set, prepares a build environment for extensions that use phpize.
+.Pp
+Ports using PDO for database connectivity often have a choice of
+dependencies (pdo_sqlite, pdo_mysql, pdo_pgsql and others).
+The module constructs
+.Ev MODPHP_PDO_DEPENDS
+from the PDO types listed in
+.Ev MODPHP_PDO_ALLOWED
+(defaulting to "sqlite mysql pgsql").
+This can be added to
+.Ev RUN_DEPENDS
+and allows any of these PDO packages to satisfy the dependency, with
+.Ev MODPHP_PDO_PREF
+(sqlite by default) chosen if none are installed.
+.It lang/php/pecl
+Used for ports for PHP PECL extensions.
+Sets default
+.Ev SITES ,
+.Ev HOMEPAGE ,
+.Ev EXTRACT_SUFX ,
+.Ev DESTDIRNAME ,
+.Ev MODPHP_DO_SAMPLE ,
+.Ev MODPHP_DO_PHPIZE ,
+.Ev AUTOCONF_VERSION ,
+.Ev AUTOMAKE_VERSION ,
+.Ev LIBTOOL_FLAGS .
+Provides a default
+.Ev TEST_TARGET
+and
+.Ev TEST_FLAGS
+unless
+.Ev NO_TEST
+or a
+.Cm do-test
+target is defined.
+Adds common dependencies to
+.Ev RUN_DEPENDS
+and
+.Ev BUILD_DEPENDS .
+Sets a default
+.Ev PKGNAME
+and appends to
+.Ev CATEGORIES .
+.It lang/python
+See
+.Xr python-module 5 .
+.It lang/ruby
+See
+.Xr ruby-module 5 .
+.It lang/rust
+Ports using Rust must use this module so a rebuild can be triggered via
+.Ev SYSTEM_VERSION-rust
+on updates of the lang/rust port or changes to the Rust standard library.
+Sets
+.Ev MODRUST_WANTLIB
+as appropriate for the architecture so it can be added to
+.Ev WANTLIB .
+It adds lang/rust to the
+.Ev BUILD_DEPENDS
+unless
+.Ev MODRUST_BUILDDEP
+is set to anything but
+.Dq yes .
+.It lang/tcl
+Sets
+.Ev MODTCL_VERSION ,
+.Ev MODTCL_BIN ,
+.Ev MODTCL_INCDIR ,
+.Ev MODTCL_LIBDIR ,
+.Ev MODTCL_BUILD_DEPENDS ,
+.Ev MODTCL_RUN_DEPENDS ,
+.Ev MODTCL_LIB_DEPENDS ,
+and
+.Ev MODTCL_LIB .
+.Ev MODTCL_VERSION
+is the default version used by all Tcl ports and may be overridden.
+Provides
+.Ev MODTCL_TCLSH_ADJ
+and
+.Ev MODTCL_WISH_ADJ
+shell fragments to patch the interpreter path in executable scripts.
+Also affects
+.Ev CATEGORIES .
+.It perl
+This module is documented in the main
+.Xr bsd.port.mk 5
+manpage.
+.It security/heimdal
+A link from ${LOCALBASE}/heimdal/bin/krb5-config
+to
+.Xr krb5-config 1
+will be put at the front of the path.
+Sets
+.Ev LIB_DEPENDS
+and
+.Ev WANTLIB
+according to the values of
+.Ev MODHEIMDAL_LIB_DEPENDS ,
+and
+.Ev MODHEIMDAL_WANTLIB .
+.It textproc/intltool
+Sets
+.Ev MODINTLTOOL_OVERRIDE .
+.Pa textproc/intltool
+is added to
+.Ev BUILD_DEPENDS .
+.Ev MODINTLTOOL_OVERRIDE
+changes the paths of
+.Ev INTLTOOL_EXTRACT ,
+.Ev INTLTOOL_MERGE
+and
+.Ev INTLTOOL_UPDATE
+to use the installed versions of intltool-extract,
+intltool-merge and intltool-update, instead of the version's packages into the
+distfile of the port using this module.
+Also affects
+.Ev CONFIGURE_ENV ,
+.Ev MAKE_ENV
+and
+.Ev MAKE_FLAGS
+by appending
+.Ev MODINTLTOOL_OVERRIDE
+to them.
+.It www/mozilla
+Sets
+.Ev PKGNAME ,
+.Ev HOMEPAGE ,
+.Ev SITES ,
+.Ev DISTNAME ,
+.Ev USE_GMAKE ,
+and
+.Ev ONLY_FOR_ARCHS .
+.Ev EXTRACT_SUFX
+defaults to .tar.bz2.
+.Pp
+Adds common dependencies to
+.Ev LIB_DEPENDS ,
+.Ev WANTLIB ,
+.Ev RUN_DEPENDS
+and
+.Ev BUILD_DEPENDS .
+Sets common
+.Ev CONFIGURE_ARGS ,
+.Ev MAKE_ENV
+and
+.Ev CONFIGURE_ENV .
+Sets
+.Ev MOB
+variable as source directory
+and
+.Ev MOZ
+as target directory within
+.Cm do-install .
+.Pp
+Individual port Makefile must set
+.Ev MOZILLA_PROJECT ,
+.Ev MOZILLA_CODENAME ,
+.Ev MOZILLA_VERSION ,
+.Ev MOZILLA_BRANCH ,
+.Ev MOZILLA_LIBS
+and
+.Ev MOZILLA_DATADIRS
+variables.
+Port can also append values to
+.Ev MOZILLA_SUBST_FILES
+which contains the list of
+files to run
+.Ev SUBST_CMD
+on during
+.Cm pre-configure ,
+and
+.Ev MOZILLA_AUTOCONF_DIRS
+which
+contains the list of dirs where
+.Ev AUTOCONF
+will be run during
+.Cm pre-configure .
+.It wayland/wlroots
+Used for Wayland ports using the wlroots library.
+Sets
+.Ev MODWLROOTS_LIB_DEPENDS ,
+.Ev MODWLROOTS_WANTLIB
+and
+.Ev MODWLROOTS_VERSION .
+Appends the corresponding values to
+.Ev LIB_DEPENDS
+and
+.Ev WANTLIB ,
+unless
+. Ev MODWLROOTS_LIBDEP
+is set to No.
+.It www/pear
+Used for PHP PEAR ports.
+Sets default
+.Ev SITES ,
+.Ev EXTRACT_SUFX ,
+.Ev PKGNAME .
+Sets
+.Ev PREFIX
+to
+.Pa /var/www .
+Sets
+.Ev NO_TEST
+unless a
+.Cm do-test
+target is defined.
+Adds common dependencies to
+.Ev RUN_DEPENDS
+and
+.Ev BUILD_DEPENDS ,
+sets
+.Ev MAKE_FILE
+and
+.Ev FAKE_FLAGS
+appropriately.
+Makes
+.Ev PEAR_LIBDIR
+and
+.Ev PEAR_PHPBIN
+available for use in the port.
+Sets a default
+.Ev PKGNAME
+and appends to
+.Ev CATEGORIES .
+.It x11/gnome
+See
+.Xr gnome-module 5 .
+.It x11/gnustep
+.It x11/qt5 and x11/qt6
+All qt* modules share a common
+.Ev MODQT_*
+namespace for simple ports.
+The qt5 module also defines the same variables under
+.Ev MODQT5_*
+and the qt6 module also defines the same variables under
+.Ev MODQT6_* ,
+to allow ports to use both modules, such as
+.Pa print/poppler .
+.Pp
+Those modules define
+.Ev MODQT*_LIBDIR
+as the libraries location,
+.Ev MODQT*_INCDIR
+as the include files location,
+.Ev MODQT*_QTDIR
+as the global qt directory location,
+.Ev MODQT*_CONFIGURE_ARGS
+as standard GNU configure-style parameters to locate the include and libraries.
+.Pp
+The location of Qt-specific tools
+.Nm lrelease ,
+.Nm moc ,
+.Nm qmake
+and
+.Nm uic
+is available through
+.Ev MODQT*_LRELEASE ,
+.Ev MODQT*_MOC ,
+.Ev MODQT*_QMAKE
+and
+.Ev MODQT*_UIC .
+.Ev MODQT*_OVERRIDE_UIC
+controls whether the default setup will force a value of
+.Ev UIC
+or not.
+The value of
+.Ev MOC
+is always forced to ${MODQT*_MOC}.
+.Pp
+In most cases the
+.Pa devel/qmake
+module should be used instead of using
+.Ev MODQT*_QMAKE
+directly.
+.Pp
+The modules add to
+.Ev CONFIGURE_ENV , MAKE_ENV
+and
+.Ev MAKE_FLAGS .
+They define appropriate
+.Ev MODQT*_LIB_DEPENDS
+and
+.Ev MODQT*_WANTLIB .
+.Pp
+Note that Qt5 and Qt6 have their code split over several libraries.
+Both modules qt5 and qt6 doesn't set
+.Ev MODQT*_WANTLIB
+at all.
+Qt5 and Qt6 consist of many so called Qt modules, these Qt modules should be
+added to
+.Ev LIB_DEPENDS ,
+.Ev BUILD_DEPENDS
+or
+.Ev RUN_DEPENDS
+manually.
+.It x11/tk
+Sets
+.Ev MODTK_VERSION ,
+.Ev MODTK_BIN ,
+.Ev MODTK_INCDIR ,
+.Ev MODTK_LIBDIR ,
+.Ev MODTK_BUILD_DEPENDS ,
+.Ev MODTK_RUN_DEPENDS ,
+.Ev MODTK_LIB_DEPENDS ,
+and
+.Ev MODTK_LIB .
+.Ev MODTK_VERSION
+is the default version used by all Tk ports and
+may be overridden.
+Automatically adds the
+.Pa lang/tcl
+module, provides a default
+.Ev MODTCL_VERSION
+to match
+.Ev MODTK_VERSION ,
+and affects
+.Ev CATEGORIES .
+Note the
+.Ev MODTCL_WISH_ADJ
+shell fragment in the
+.Pa lang/tcl
+module.
+.It x11/xfce4
+Sets
+.Ev DIST_SUBDIR ,
+.Ev EXTRACT_SUFX ,
+.Ev CONFIGURE_STYLE ,
+.Ev CONFIGURE_ENV
+and
+.Ev USE_GMAKE .
+If
+.Ev MODXFCE_ICON_CACHE
+is set to yes, it adds
+.Pa x11/gtk+4,-guic
+to
+.Ev RUN_DEPENDS .
+Unless
+.Ev XFCE_NO_SRC
+is set,
+.Pa textproc/intltool
+is added to
+.Ev MODULES .
+Also affects
+.Ev CATEGORIES .
+.Pp
+Xfce ports can be divided into five categories: core libraries and
+applications, goodies, artwork, thunar plugins, and panel plugins.
+.Ev HOMEPAGE ,
+.Ev SITES
+and
+.Ev DISTNAME
+are built using
+.Ev XFCE_VERSION
+(which defaults to
+.Ev XFCE_DESKTOP_VERSION
+if not set) and either
+.Ev XFCE_PROJECT ,
+.Ev XFCE_GOODIE ,
+.Ev XFCE_ARTWORK ,
+.Ev THUNAR_PLUGIN
+or
+.Ev XFCE_PLUGIN .
+One of the latter has to be provided by the port Makefile.
+.El
+.Sh SEE ALSO
+.Xr make 1 ,
+.Xr bsd.port.mk 5 ,
+.Xr cabal-module 5 ,
+.Xr cargo-module 5 ,
+.Xr gnome-module 5 ,
+.Xr go-module 5 ,
+.Xr python-module 5 ,
+.Xr qmake-module 5 ,
+.Xr ruby-module 5 ,
+.Xr ports 7
diff --git a/static/openbsd/man5/printcap.5 b/static/openbsd/man5/printcap.5
new file mode 100644
index 00000000..a813dfea
--- /dev/null
+++ b/static/openbsd/man5/printcap.5
@@ -0,0 +1,285 @@
+.\"	$OpenBSD: printcap.5,v 1.30 2025/08/09 02:03:33 deraadt Exp $
+.\"	$NetBSD: printcap.5,v 1.7 1998/02/20 12:24:50 hubertf Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)printcap.5	8.2 (Berkeley) 12/11/93
+.\"
+.Dd $Mdocdate: August 9 2025 $
+.Dt PRINTCAP 5
+.Os
+.Sh NAME
+.Nm printcap
+.Nd printer capability database
+.Sh DESCRIPTION
+The
+.Nm
+file is a simplified version of the
+.Xr termcap 5
+database used to describe line printers.
+The spooling system accesses the
+.Nm
+file every time it is used, allowing dynamic addition and deletion of printers.
+Each entry in the database is used to describe one printer.
+This database may not be substituted for, as is possible for
+.Xr termcap 5 ,
+because it may allow accounting to be bypassed.
+.Pp
+The default printer is normally
+.Dq lp ,
+though the environment variable
+.Ev PRINTER
+may be used to override this.
+Each spooling utility supports an option,
+.Fl P Ns Ar printer ,
+to allow explicit naming of a destination printer.
+.Pp
+Refer to the
+.%T "4.3 BSD Line Printer Spooler Manual"
+for a complete discussion on how to set up the database for a given printer.
+.Sh CAPABILITIES
+Refer to
+.Xr termcap 5
+for a description of the file layout.
+.Bl -column "Name" "Type" "/var/spool/output/lpd" "Description"
+.It Sy Name Ta Sy Type Ta Sy Default Ta Sy Description
+.It "af	str" Ta Dv NULL Ta "name of accounting file"
+.It "br" Ta "num" Ta "none" Ta "if lp is a tty, set baud rate"
+.Pf ( Xr ioctl 2
+call)
+.It "cf" Ta "str" Ta Dv NULL Ta "cifplot data filter"
+.It "df" Ta "str" Ta Dv NULL Ta "tex data filter (DVI format)"
+.It "ff" Ta "str" Ta So Li \ef Sc Ta "string to send for a form feed"
+.It "fo" Ta "bool" Ta "false" Ta "print a form feed when device is opened"
+.It "gf" Ta "str" Ta Dv NULL Ta "graph data filter"
+.Pf ( Xr plot 3
+format)
+.It "hl" Ta "bool" Ta "false" Ta "print the burst header page last"
+.It "ic" Ta "bool" Ta "false" Ta "supports non-standard ioctl to indent printout"
+.It "if" Ta "str" Ta Dv NULL Ta "name of text filter which does accounting"
+.It "lf" Ta "str" Ta Pa /dev/console Ta "error logging file name"
+.It "lo" Ta "str" Ta Pa lock Ta "name of lock file"
+.It "lp" Ta "str" Ta Pa /dev/lp Ta "local printer device, or port@host for remote"
+.It "mc" Ta "num" Ta "0" Ta "maximum number of copies allowed; 0=unlimited"
+.It "ms" Ta "str" Ta Dv NULL Ta "if lp is a tty, a comma-separated,"
+.Xr stty 1 Ns -like
+list describing the tty modes
+.It "mx" Ta "num" Ta "0" Ta "max file size (in"
+.Dv BUFSIZ
+blocks); 0=unlimited
+.It "nd" Ta "str" Ta Dv NULL Ta "next directory for queues list (unimplemented)"
+.It "nf" Ta "str" Ta Dv NULL Ta "ditroff data filter (device independent troff)"
+.It "of" Ta "str" Ta Dv NULL Ta "name of output filtering program"
+.It "pc" Ta "num" Ta "200" Ta "price per foot or page in hundredths of cents"
+.It "pl" Ta "num" Ta "66" Ta "page length (in lines)"
+.It "pw" Ta "num" Ta "132" Ta "page width (in characters)"
+.It "px" Ta "num" Ta "0" Ta "page width in pixels (horizontal)"
+.It "py" Ta "num" Ta "0" Ta "page length in pixels (vertical)"
+.It "rf" Ta "str" Ta Dv NULL Ta "filter for printing FORTRAN style text files"
+.It "rg" Ta "str" Ta Dv NULL Ta "restricted group-only group members can access"
+.It "rm" Ta "str" Ta Dv NULL Ta "machine name for remote printer"
+.It "rp" Ta "str" Ta "``lp''" Ta "remote printer name argument"
+.It "rs" Ta "bool" Ta "false" Ta "remote users must have a local account"
+.It "rw" Ta "bool" Ta "false" Ta "open printer device for reading and writing"
+.It "sb" Ta "bool" Ta "false" Ta "short banner (one line only)"
+.It "sc" Ta "bool" Ta "false" Ta "suppress multiple copies"
+.It "sd" Ta "str" Ta Pa /var/spool/output/lpd Ta "spool directory"
+.It "sf" Ta "bool" Ta "false" Ta "suppress form feeds"
+.It "sh" Ta "bool" Ta "false" Ta "suppress printing of burst page header"
+.It "st" Ta "str" Ta Pa status Ta "status file name"
+.It "tf" Ta "str" Ta Dv NULL Ta "troff data filter (C/A/T phototypesetter)"
+.It "tr" Ta "str" Ta Dv NULL Ta "trailer string to print when queue empties"
+.It "vf" Ta "str" Ta Dv NULL Ta "raster image filter"
+.El
+.Pp
+The classic port number used for remote printing is
+.Vt printer
+(515).
+Many newer printers work better with
+.Vt jetdirect
+(9100).
+.Pp
+If the local line printer driver supports indentation, the daemon
+must understand how to invoke it.
+.Sh FILTERS
+If a printer is specified via
+.Sy lp
+(either local or remote),
+the
+.Xr lpd 8
+daemon creates a pipeline of
+.Dq filters
+to process files for various printer types.
+The pipeline is not set up for remote printers specified via
+.Sy rm
+unless the local host is the same as the remote printer host given.
+The filters selected depend on the flags passed to
+.Xr lpr 1 .
+The pipeline set up is:
+.Bd -literal -offset indent
+p	pr | if	regular text + pr(1)
+none	if	regular text
+c	cf	cifplot
+d	df	DVI (tex)
+g	gf	plot(3)
+n	nf	ditroff
+f	rf	Fortran
+t	tf	troff
+v	vf	raster image
+.Ed
+.Pp
+The
+.Sy if
+filter is invoked with arguments:
+.Bd -filled -offset indent
+.Sy if
+.Op Fl c
+.Fl w Ns Ar width
+.Fl l Ns Ar length
+.Fl i Ns Ar indent
+.Fl n Ar login
+.Fl h Ar host acct-file
+.Ed
+.Pp
+The
+.Fl c
+flag is passed only if the
+.Fl l
+flag (pass control characters literally) is specified to
+.Xr lpr 1 .
+.Ar width
+and
+.Ar length
+specify the page width and length
+(from
+.Sy pw
+and
+.Sy pl ,
+respectively) in characters.
+The
+.Fl n
+and
+.Fl h
+parameters specify the login name and host name of the owner
+of the job, respectively.
+The
+.Ar acct-file
+function is passed from the
+.Sy af
+.Nm
+entry.
+.Pp
+If no
+.Sy if
+is specified,
+.Sy of
+is used instead, with the distinction that
+.Sy of
+is opened only once, while
+.Sy if
+is opened for every individual job.
+Thus,
+.Sy if
+is better suited to performing accounting.
+The
+.Sy of
+is only given the
+.Ar width
+and
+.Ar length
+flags.
+.Pp
+All other filters are called as:
+.Bd -filled -offset indent
+.Nm filter
+.Fl x Ns Ar width
+.Fl y Ns Ar length
+.Fl n Ar login
+.Fl h Ar host acct-file
+.Ed
+.Pp
+where
+.Ar width
+and
+.Ar length
+are represented in pixels, specified by the
+.Sy px
+and
+.Sy py
+entries, respectively.
+All filters take
+.Em stdin
+as the file,
+.Em stdout
+as the printer,
+may log either to
+.Em stderr
+or using
+.Xr syslog 3 ,
+and must not ignore
+.Dv SIGINT .
+.Sh LOGGING
+Error messages generated by the line printer programs themselves
+are logged by
+.Xr syslog 3
+using the
+.Dv LPR
+facility.
+Messages printed on
+.Em stderr
+by the filters are sent to the corresponding
+.Sy lf
+file.
+The filters may, of course, use
+.Xr syslog 3
+themselves.
+.Pp
+Error messages sent to the console have a carriage return and a line
+feed appended to them, rather than just a line feed.
+.Sh FILES
+.Bl -tag -width /etc/examples/printcap -compact
+.It Pa /etc/printcap
+Default location of the database file.
+.It Pa /etc/examples/printcap
+Example database file.
+.El
+.Sh SEE ALSO
+.Xr lpq 1 ,
+.Xr lpr 1 ,
+.Xr lprm 1 ,
+.Xr termcap 5 ,
+.Xr lpc 8 ,
+.Xr lpd 8
+.Rs
+.%T "4.3 BSD Line Printer Spooler Manual"
+.Re
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.2 .
diff --git a/static/openbsd/man5/protocols.5 b/static/openbsd/man5/protocols.5
new file mode 100644
index 00000000..15505101
--- /dev/null
+++ b/static/openbsd/man5/protocols.5
@@ -0,0 +1,79 @@
+.\"	$OpenBSD: protocols.5,v 1.12 2019/03/03 17:04:17 deraadt Exp $
+.\"	$NetBSD: protocols.5,v 1.3 1994/11/30 19:31:27 jtc Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)protocols.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: March 3 2019 $
+.Dt PROTOCOLS 5
+.Os
+.Sh NAME
+.Nm protocols
+.Nd protocol name database
+.Sh DESCRIPTION
+The
+.Nm
+file contains information regarding the known protocols used in the
+Internet.
+For each protocol, a single line should be present
+with the following information:
+.Bd -unfilled -offset indent
+official protocol name
+protocol number
+aliases
+.Ed
+.Pp
+Items are separated by any number of blanks and/or tab characters.
+.Pp
+A hash mark
+.Pq Ql #
+indicates the beginning of a comment; subsequent characters up to the
+end of the line are not interpreted by the routines which search the file.
+.Pp
+Protocol names may contain any printable character other than a
+field delimiter, newline, or comment character.
+.Sh FILES
+.Bl -tag -width /etc/protocols -compact
+.It Pa /etc/protocols
+.El
+.Sh SEE ALSO
+.Xr getprotoent 3
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.2 .
+.Sh BUGS
+A name server should be used instead of a static file.
+Lines in
+.Pa /etc/protocols
+are limited to
+.Dv BUFSIZ
+characters (currently 1024).
+Longer lines will be ignored.
diff --git a/static/openbsd/man5/python-module.5 b/static/openbsd/man5/python-module.5
new file mode 100644
index 00000000..4c5f88de
--- /dev/null
+++ b/static/openbsd/man5/python-module.5
@@ -0,0 +1,259 @@
+.\"	$OpenBSD: python-module.5,v 1.24 2026/03/22 13:56:06 sthen Exp $
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: March 22 2026 $
+.Dt PYTHON-MODULE 5
+.Os
+.Sh NAME
+.Nm python-module
+.Nd lang/python port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=lang/python
+in the
+.Xr ports 7
+tree.
+.Pp
+By default, the module builds ports using Python 3.
+For legacy ports using Python 2,
+.Ev MODPY_VERSION
+may be set manually to ${MODPY_DEFAULT_VERSION_2}.
+.Pp
+The module then sets
+.Ev MODPY_BIN ,
+.Ev MODPY_INCDIR ,
+.Ev MODPY_LIBDIR ,
+.Ev MODPY_SITEPKG ,
+.Ev MODPY_SETUP ,
+.Ev MODPY_TEST_DIR ,
+.Ev MODPY_TEST_LOCALE ,
+.Ev MODPY_WANTLIB ,
+.Ev MODPY_LIB_DEPENDS ,
+.Ev MODPY_RUN_DEPENDS ,
+.Ev MODPY_TEST_DEPENDS ,
+.Ev MODPY_BUILD_DEPENDS ,
+and
+.Ev MODPY_ADJ_FILES
+accordingly.
+.Pp
+The module also adds a dependency on the Python interpreter to
+.Bl -bullet
+.It
+.Ev RUN_DEPENDS
+unless
+.Ev MODPY_RUNDEP
+is set to No,
+.It
+.Ev BUILD_DEPENDS
+unless
+.Ev MODPY_BUILDDEP
+is set to No or
+.Ev NO_BUILD
+is set to Yes,
+.It
+.Ev TEST_DEPENDS
+if
+.Ev MODPY_PYTEST
+is set to Yes
+unless
+.Ev MODPY_TESTDEP
+is set to No.
+.El
+.Pp
+It also appends
+.Ev MODPY_TEST_LOCALE
+to
+.Ev TEST_ENV
+and changes to the directory specified in
+.Ev MODPY_TEST_DIR
+.Po
+by default ${WRKSRC}
+.Pc
+before running tests.
+.Pp
+Most modern Python software can be packaged using a PEP 517 build
+frontend (in the
+.Pa devel/py-build
+port).
+To use this, set
+.Ev MODPY_PYBUILD
+to the name of the build backend.
+If the port provides a
+.Pa pyproject.toml
+file, check the "build-backend" line in the [build-system] section.
+If no
+.Pa pyproject.toml
+is provided then it most likely uses setuptools.
+Checks for some common
+.Ev MODPY_PYBUILD
+misconfigurations are performed during build and, if found, warnings are
+displayed after fake-install.
+.Pp
+.Nm
+currently supports
+flit,
+flit_core,
+flit_scm,
+hatch-vcs,
+hatchling,
+jupyter_packaging,
+maturin,
+mesonpy,
+pbr,
+pdm,
+poetry-core,
+poetry-dynamic-versioning,
+scikit-build-core,
+setuptools,
+setuptools-rust,
+setuptools_scm,
+and
+uv_build.
+In cases where an uncommon backend is used, or where the build backend is
+distributed with the software itself,
+.Ev MODPY_PYBUILD
+can be set to
+.Sq other
+to use the PEP 517 build mechanism without adding a dependency
+for a backend.
+.Pp
+Setting
+.Ev MODPY_PYBUILD
+adds the backend to
+.Ev MODPY_BUILD_DEPENDS ,
+and sets
+.Ev MODPY_PYTEST .
+The build is run in
+.Ev MODPY_BUILD_DIR ,
+defaulting to
+.Ev WRKSRC .
+.Pp
+If using the maturin backend, it is usually necessary to set
+.Ev MODCARGO_CARGOTOML
+to the file specified by
+.Ev manifest-path
+in
+.Pa pyproject.toml .
+.Pp
+Python 2 ports using setuptools set
+.Ev MODPY_SETUPTOOLS
+to Yes, which appends to
+.Ev MODPY_BUILD_DEPENDS
+and calls the relevant commands to build (these ports are built
+using the deprecated mechanism of calling
+.Pa setup.py
+directly).
+Arguments can be passed to setup.py during
+.Cm configure
+with
+.Ev MODPY_SETUP_ARGS .
+Extra arguments to the build and install commands can be passed via
+.Ev MODPY_DISTUTILS_BUILDARGS
+and
+.Ev MODPY_DISTUTILS_INSTALLARGS .
+.Ev MODPY_SETUPTOOLS
+should not be used for new ports.
+.Pp
+Ports using pytest should set
+.Ev MODPY_PYTEST
+to Yes unless
+.Ev MODPY_PYBUILD
+is used, when it is already set by default.
+Arguments can be passed to pytest during
+.Cm test
+with
+.Ev MODPY_PYTEST_ARGS ,
+for example to list names of test scripts if the automatic
+detection fails,
+to disable certain test scripts with
+.Sq --ignore ,
+or to disable certain individual tests with
+.Sq -k .
+User setting
+.Ev MODPY_PYTEST_USERARGS ,
+if present, is passed on the command line.
+This allows setting pytest flags to increase verbosity,
+show test durations, enable colours, etc.
+.Pp
+If
+.Ev MODPY_TEST_LINK_SO
+is set to Yes, symbolic links to all .so files in the build directory
+will be created before running tests.
+These are created in
+.Ev MODPY_TEST_LINK_SRC ,
+which defaults to ${WRKSRC}.
+This is required when tests load .so files via relative imports.
+.Pp
+All ports that generate egg-info or dist-info files should set
+.Ev MODPY_DISTV
+to the version string used by the
+.Fn setup
+function in the port's
+.Pa setup.py
+or the version in
+.Pa pyproject.toml .
+.Pp
+If any files have a python shebang line where the interpreter should be
+${MODPY_BIN}, list them in
+.Ev MODPY_ADJ_FILES .
+These filenames can be relative to ${WRKSRC} and will be modified
+at the end of
+.Cm pre-configure .
+.Pp
+For ports not using standard Python build infrastructure,
+it may be necessary to bytecode-compile installed .py files.
+This can be done by using
+.Ev ${MODPY_COMPILEALL} ,
+usually in a post-install target.
+This passes flags to use MAKE_JOBS, strip off WRKINST, and use
+standard optimization passes.
+File or directory names can be given.
+Directories are handled recursively.
+.Pp
+This module also affects
+.Ev CATEGORIES ,
+.Ev MAKE_ENV ,
+.Ev CONFIGURE_ENV ,
+and
+.Ev SUBST_VARS ,
+and it may affect the
+.Cm test
+target.
+.Pp
+If
+.Ev MODPY_PI
+is set to
+.Sq Yes ,
+the module will provide a default for
+.Ev HOMEPAGE
+and set
+.Ev SITES
+.Po
+the subdirectory can be overridden with
+.Ev MODPY_PI_DIR
+.Pc .
+.Sh SEE ALSO
+.Xr port-modules 5
diff --git a/static/openbsd/man5/qmake-module.5 b/static/openbsd/man5/qmake-module.5
new file mode 100644
index 00000000..21917123
--- /dev/null
+++ b/static/openbsd/man5/qmake-module.5
@@ -0,0 +1,114 @@
+.\"	$OpenBSD: qmake-module.5,v 1.4 2022/11/27 15:27:17 kn Exp $
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 27 2022 $
+.Dt QMAKE-MODULE 5
+.Os
+.Sh NAME
+.Nm qmake-module
+.Nd devel/qmake port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULES=devel/qmake
+in the
+.Xr ports 7
+tree.
+.Pp
+This module automates usage of qmake, independently of the actual
+version of Qt being used.
+This module requires that one of the
+.Pa x11/qt*
+to be used as well.
+.Pp
+If
+.Ev CONFIGURE_STYLE
+was not set before, sets its value to
+.Sq qmake .
+If
+.Ev CONFIGURE_STYLE
+contains
+.Sq qmake
+the module will define each of the
+.Ar do-build
+and
+.Ar do-install
+targets, unless port already defines one; also,
+.Ev SEPARATE_BUILD
+will be set to
+.Sq Yes
+unless it's already set to some value.
+Also, unless
+.Ev NO_TEST
+is set, the
+.Ar do-test
+target will be defined.
+.Pp
+The following variables could be used in qmake-based ports:
+.Bl -tag -width 1234
+.It Ev MODQMAKE_ARGS
+Additional arguments for qmake invocation.
+The module already defines some.
+.It Ev MODQMAKE_INSTALL_ROOT
+Root directory for fake install.
+Normally, it's a WRKINST, but some (broken) ports require another value,
+like PREFIX.
+.It Ev MODQMAKE_PROJECTS
+List of qmake project files to be used, relative to WRKSRC.
+Directories containing those projects could be used as well,
+see qmake documentation for details.
+Defaults to
+.Sq \&. ,
+which means the (only) project in WRKSRC directory.
+.It Ev MODQMAKE_RECURSIVE
+If
+.Sq Yes ,
+then qmake will be run recursively during configure stage;
+otherwise, only projects mentioned in
+.Ev MODQMAKE_PROJECTS
+will be processed during configure stage, and their descendants will
+be visited during main build phase.
+Sometimes a qmake project processing depends on files generated
+by other qmake project during build, and recursive builds break this.
+Defaults to
+.Sq Yes .
+.It Ev MODQMAKE_build
+Actual commands that module will use to build all
+.Ev MODQMAKE_PROJECTS
+provided.
+To be used in complicated cases, when port have to use its own
+.Ar do-build
+target or mix different
+.Ev CONFIGURE_STYLE
+values.
+.It Ev MODQMAKE_install
+Same as for
+.Ev MODQMAKE_build ,
+but used in
+.Ar do-install
+stage.
+.El
+.Sh SEE ALSO
+.Xr port-modules 5
diff --git a/static/openbsd/man5/ranlib.5 b/static/openbsd/man5/ranlib.5
new file mode 100644
index 00000000..4785c836
--- /dev/null
+++ b/static/openbsd/man5/ranlib.5
@@ -0,0 +1,73 @@
+.\"	$OpenBSD: ranlib.5,v 1.3 2022/09/11 06:38:11 jmc Exp $
+.\"
+.\" Copyright (c) 1990, 1991 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     from: @(#)ranlib.5.5	5.2 (Berkeley) 5/10/91
+.\"
+.Dd $Mdocdate: September 11 2022 $
+.Dt RANLIB 5
+.Os
+.Sh NAME
+.Nm ranlib
+.Nd archive (library) table-of-contents format
+.Sh SYNOPSIS
+.In ranlib.h
+.Sh DESCRIPTION
+The archive table-of-contents command
+.Nm ranlib
+creates a table of contents for archives, containing object files, to
+be used by the link-editor
+.Xr ld 1 .
+It operates on archives created with the utility
+.Xr ar 1 .
+.Pp
+The
+.Nm ranlib
+function
+prepends a new file to the archive which has three separate parts.
+The first part is a standard archive header, which has a special name
+field,
+.Dq __.SYMDEF .
+.Pp
+The second part is a
+.Vt long
+followed by a list of ranlib structures.
+The long is the size, in bytes, of the list of ranlib structures.
+Each of the ranlib structures consists of a zero based offset into the
+next section (a string table of symbols) and an offset from the beginning
+of the archive to the start of the archive file which defines the symbol.
+The actual number of ranlib structures is this number divided by the size
+of an individual ranlib structure.
+.Pp
+The third part is a
+.Vt long
+followed by a string table.
+The long is the size, in bytes, of the string table.
+.Sh SEE ALSO
+.Xr ar 1 ,
+.Xr ranlib 1
diff --git a/static/openbsd/man5/remote.5 b/static/openbsd/man5/remote.5
new file mode 100644
index 00000000..c6c53ccc
--- /dev/null
+++ b/static/openbsd/man5/remote.5
@@ -0,0 +1,105 @@
+.\"	$OpenBSD: remote.5,v 1.28 2020/02/10 13:18:20 schwarze Exp $
+.\"	$NetBSD: remote.5,v 1.4 1997/04/20 00:05:27 mellon Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)remote.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: February 10 2020 $
+.Dt REMOTE 5
+.Os
+.Sh NAME
+.Nm remote
+.Nd remote host description file
+.Sh DESCRIPTION
+The
+.Nm
+file describes remote hosts known by
+.Xr cu 1 .
+It is an ASCII file structured somewhat like the
+.Xr termcap 5
+file.
+Each line in the file provides a description for a single remote host.
+Fields are separated by a colon
+.Pq Sq \&: .
+Lines ending with a
+.Sq \e
+character immediately followed by a newline are continued on the next line.
+.Pp
+The first entry is the name(s) of the host system.
+If there is more than one name for a system, the names are separated by
+vertical bars
+.Pq Sq \&| .
+After the name of the system comes the fields of the description (the
+capabilities).
+.Pp
+Capabilities are either strings (str), numbers (num), or boolean flags (bool).
+A string capability is specified by
+.Em capability Ns Ar = Ns Em value ;
+for example,
+.Sq dv=/dev/harris .
+A numeric capability is specified by
+.Em capability Ns Ar # Ns Em value ;
+for example,
+.Sq br#19200 .
+A boolean capability is specified by simply listing the capability.
+.Bl -tag -width indent
+.It Sy \&br
+(num)
+The baud rate used in establishing
+a connection to the remote host.
+This is a decimal number.
+The default baud rate is 9600 baud.
+.It Sy \&dc
+(bool)
+This host is directly connected, and
+.Xr cu 1
+should not expect carrier detect to be high, nor should it exit if
+carrier detect drops.
+.It Sy \&dv
+(str)
+Device to open to establish a connection.
+If this file refers to a terminal line,
+.Xr cu 1
+attempts to perform an exclusive open on the device to ensure only
+one user at a time has access to the port.
+.El
+.Sh FILES
+.Bl -tag -width /etc/examples/remote -compact
+.It Pa /etc/remote
+Global database.
+.It Pa /etc/examples/remote
+Example database.
+.El
+.Sh SEE ALSO
+.Xr cu 1
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.2 .
diff --git a/static/openbsd/man5/resolv.conf.5 b/static/openbsd/man5/resolv.conf.5
new file mode 100644
index 00000000..907fd896
--- /dev/null
+++ b/static/openbsd/man5/resolv.conf.5
@@ -0,0 +1,321 @@
+.\"	$OpenBSD: resolv.conf.5,v 1.65 2023/11/25 08:14:43 florian Exp $
+.\"	$NetBSD: resolv.conf.5,v 1.7 1996/03/06 18:22:16 scottr Exp $
+.\"
+.\" Copyright (c) 1986, 1991 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)resolver.5	5.12 (Berkeley) 5/10/91
+.\"
+.Dd $Mdocdate: November 25 2023 $
+.Dt RESOLV.CONF 5
+.Os
+.Sh NAME
+.Nm resolv.conf
+.Nd resolver configuration files
+.Sh DESCRIPTION
+The
+.Nm
+file specifies how the resolver routines in the C library
+(which provide access to the Internet Domain Name System) should operate.
+The resolver configuration file contains information that is read
+by the resolver routines the first time they are invoked by a process.
+If the
+.Nm resolv.conf
+file does not exist, only the local host file
+.Pa /etc/hosts
+will be consulted,
+i.e. the Domain Name System will not be used to resolve hosts.
+.Pp
+The host "localhost" and all names underneath the localhost domain will
+always resolve to the loopback addresses 127.0.0.1 or ::1.
+.Pp
+The file is designed to be human readable and contains a list of
+keywords with values that provide various types of resolver information.
+A resolv.conf file is not required for some setups, so this file is optional.
+It can be created manually, and is also created as part of the
+.Ox
+install process
+if use of the DHCP protocol is specified for any interface
+or if any DNS name servers are configured.
+.Pp
+A keyword and its values must appear on a single line, and the keyword (e.g.\&
+.Ic nameserver )
+must start the line.
+The value follows the keyword, separated by whitespace.
+A hash mark
+.Pq #
+or semicolon
+.Pq \&;
+in the file indicates the beginning of a comment;
+subsequent characters up to the end of the line are not interpreted by
+the routines that read the file.
+.Pp
+The configuration options are:
+.Bl -tag -width nameserver
+.It Ic nameserver
+IPv4 address (in dot notation)
+or IPv6 address (in hex-and-colon notation)
+of a name server that the resolver should query.
+Scoped IPv6 address notation is accepted as well
+(see
+.Xr inet6 4
+for details).
+.Pp
+Up to
+.Dv ASR_MAXNS
+(currently 5) name servers may be listed, one per line.
+If there are multiple servers, the resolver library queries them in the
+order listed.
+If no
+.Ic nameserver
+entries are present, the default is to use the name server on the local machine.
+(The algorithm used is to try a name server, and if the query times out,
+try the next, until out of name servers, then repeat trying all name servers
+until a maximum number of retries are performed.)
+.It Ic domain
+Local domain name.
+Most queries for names within this domain can use short names
+relative to the local domain.
+If no
+.Ic domain
+entry is present, the domain is determined
+from the local host name returned by
+.Xr gethostname 3 \(en
+the domain part is taken to be everything after the first dot.
+Finally, if the host name does not contain a domain part, the root
+domain is assumed.
+.It Ic lookup
+This keyword is used by the library routines
+.Xr gethostbyname 3
+and
+.Xr gethostbyaddr 3 .
+It specifies which databases should be searched, and the order to do so.
+The legal space-separated values are:
+.Pp
+.Bl -tag -width bind -offset indent -compact
+.It Cm bind
+Query a domain name server.
+.It Cm file
+Search for entries in
+.Pa /etc/hosts .
+.El
+.Pp
+If the
+.Ic lookup
+keyword is not used in the system's
+.Nm resolv.conf
+file then the assumed order is
+.Cm bind file .
+Furthermore, if the system's
+.Nm resolv.conf
+file does not exist, then the only database used is
+.Cm file .
+.It Ic search
+Search list for hostname lookup.
+The search list is normally determined from the local domain name;
+by default, it begins with the local domain name, then successive
+parent domains that have at least two components in their names.
+This may be changed by listing the desired domain search path following the
+.Ic search
+keyword with spaces or tabs separating the names.
+Most resolver queries will be attempted using each component
+of the search path in turn until a match is found.
+Note that this process may be slow and will generate a lot of network
+traffic if the servers for the listed domains are not local,
+and that queries will time out if no server is available
+for one of the domains.
+.Pp
+The search list is currently limited to six domains
+with a total of 1024 characters.
+Only one
+.Ic search
+line should appear; if more than one is present, the last one found
+overwrites any values found in earlier lines.
+.It Ic sortlist
+Allows addresses returned by
+.Xr gethostbyname 3
+to be sorted.
+A
+.Ic sortlist
+is specified by IP address netmask pairs.
+The netmask is optional and defaults to the natural netmask of the net.
+The IP address and optional network pairs are separated by slashes.
+Up to 10 pairs may be specified.
+For example:
+.Pp
+.Dl sortlist 130.155.160.0/255.255.240.0 130.155.0.0
+.It Ic family
+Specify which type of Internet protocol family to prefer,
+if a host is reachable using different address families.
+By default IPv4 addresses are queried first,
+and then IPv6 addresses.
+The syntax is:
+.Bd -ragged -offset indent
+.Ic family Ar family Op Ar family
+.Ed
+.Pp
+A maximum of two families can be specified, where
+.Ar family
+can be any of:
+.Pp
+.Bl -tag -width "inet4XXX" -offset indent -compact
+.It Cm inet4
+IPv4 queries.
+.It Cm inet6
+IPv6 queries.
+.El
+.Pp
+If only one family is specified,
+only that family is tried.
+.It Ic options
+Allows certain internal resolver variables to be modified.
+The syntax is:
+.Bd -ragged -offset indent
+.Ic options Ar option ...
+.Ed
+.Pp
+Where
+.Ar option
+is one of the following:
+.Bl -tag -width insecure1
+.It Cm debug
+Print debugging messages,
+if libc is compiled with
+.Dv DEBUG .
+By default on
+.Ox
+this option does nothing.
+.It Cm edns0
+Attach an OPT pseudo-RR for the EDNS0 extension,
+as specified in RFC 2671.
+This informs DNS servers of a client's receive buffer size,
+allowing them to take advantage of a non-default receive buffer size,
+and thus send larger replies.
+DNS query packets with the EDNS0 extension are not compatible with
+non-EDNS0 DNS servers,
+so the option must be used only when all the servers listed in
+.Ic nameserver
+lines are able to handle the extension.
+.Pp
+To verify whether a server supports EDNS,
+query it using the
+.Xr dig 1
+query option
+.Li +edns=0 :
+the reply indicates compliance (EDNS version 0)
+and whether a UDP packet larger than 512 bytes can be used.
+Note that EDNS0 can cause the server to send packets
+large enough to require fragmentation.
+Other factors such as packet filters may impede these,
+particularly if there is a reduced MTU,
+as is often the case with
+.Xr pppoe 4
+or with tunnels.
+.It Cm inet6
+On
+.Ox
+this option does nothing.
+On some operating systems, this option enables IPv6 support in
+.Xr gethostbyname 3
+by setting RES_USE_INET6 in _res.options (see
+.Xr res_init 3 ) .
+.It Cm insecure1
+Do not require IP source address on the reply packet to be equal to the
+server's address.
+.It Cm insecure2
+Do not check if the query section of the reply packet is equal
+to that of the query packet.
+For testing purposes only.
+.It Cm ndots : Ns Ar n
+Sets a threshold for the number of dots which
+must appear in a name given to
+.Xr res_query 3
+before an initial absolute query will be made.
+The default for
+.Ar n
+is 1, meaning that if there are any dots in a name, the name will be tried
+first as an absolute name before any search list elements are appended to it.
+.It Cm tcp
+Forces the use of TCP for queries.
+Normal behaviour is to query via UDP but fall back to TCP on failure.
+.It Cm trust-ad
+A name server indicating that it performed DNSSEC validation by setting the
+Authentic Data (AD) flag in the answer can only be trusted if the
+name server itself is trusted and the network path is trusted.
+Generally this is not the case and the AD flag is cleared in the answer.
+The
+.Cm trust-ad
+option lets the system administrator indicate that the name server and the
+network path are trusted.
+This option is automatically enabled if
+.Nm resolv.conf
+only lists name servers on localhost.
+.El
+.El
+.Pp
+The
+.Ic domain
+and
+.Ic search
+keywords are mutually exclusive.
+If more than one instance of these keywords is present, the last instance
+will override.
+.Sh ENVIRONMENT
+.Bl -tag -width "RES_OPTIONSXXX"
+.It Ev LOCALDOMAIN
+A space-separated list of search domains,
+overriding the
+.Ic search
+keyword of a system's
+.Nm resolv.conf
+file.
+.It Ev RES_OPTIONS
+A space-separated list of resolver options,
+overriding the
+.Ic options
+keyword of a system's
+.Nm resolv.conf
+file.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/resolv.confXX" -compact
+.It Pa /etc/resolv.conf
+.El
+.Sh SEE ALSO
+.Xr gethostbyname 3 ,
+.Xr res_init 3 ,
+.Xr hosts 5 ,
+.Xr hostname 7 ,
+.Xr nsd 8 ,
+.Xr resolvd 8 ,
+.Xr unbound 8 ,
+.Xr unwind 8
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.3 .
diff --git a/static/openbsd/man5/rpc.5 b/static/openbsd/man5/rpc.5
new file mode 100644
index 00000000..729b56f0
--- /dev/null
+++ b/static/openbsd/man5/rpc.5
@@ -0,0 +1,106 @@
+.\"	$OpenBSD: rpc.5,v 1.9 2010/09/01 14:43:34 millert Exp $
+.\"	$NetBSD: rpc.5,v 1.2 1994/11/30 19:31:30 jtc Exp $
+.\"	@(#)rpc.5	2.2 88/08/03 4.0 RPCSRC; from 1.4 87/11/27 SMI;
+.\"
+.\" Copyright (c) 2010, Oracle America, Inc.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions are
+.\" met:
+.\"
+.\"     * Redistributions of source code must retain the above copyright
+.\"       notice, this list of conditions and the following disclaimer.
+.\"     * Redistributions in binary form must reproduce the above
+.\"       copyright notice, this list of conditions and the following
+.\"       disclaimer in the documentation and/or other materials
+.\"       provided with the distribution.
+.\"     * Neither the name of the "Oracle America, Inc." nor the names of its
+.\"       contributors may be used to endorse or promote products derived
+.\"       from this software without specific prior written permission.
+.\"
+.\"   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+.\"   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+.\"   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+.\"   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+.\"   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+.\"   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\"   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+.\"   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\"   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\"   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+.\"   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+.\"   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: September 1 2010 $
+.Dt RPC 5
+.Os
+.Sh NAME
+.Nm rpc
+.Nd rpc program number database
+.Sh DESCRIPTION
+The
+.Nm
+file contains user readable names that
+can be used in place of rpc program numbers.
+Each line has the following information:
+.Pp
+.Bl -item -offset indent -compact
+.It
+name of server for the rpc program
+.It
+rpc program number
+.It
+aliases
+.El
+.Pp
+Items are separated by any number of blanks and/or tab characters.
+.Pp
+A hash mark
+.Pq Ql #
+indicates the beginning of a comment; subsequent characters up to the end of
+the line are not interpreted by the routines which search the file.
+.Sh FILES
+.Bl -tag -width /etc/rpc -compact
+.It Pa /etc/rpc
+.El
+.Sh EXAMPLES
+Here is an example of the
+.Pa /etc/rpc
+file from the Sun RPC Source distribution.
+.Bd -literal -offset indent
+#
+# rpc 88/08/01 4.0 RPCSRC; from 1.12   88/02/07 SMI
+#
+portmapper	100000	portmap sunrpc
+rstatd		100001	rstat rstat_svc rup perfmeter
+rusersd		100002	rusers
+nfs		100003	nfsprog
+ypserv		100004	ypprog
+mountd		100005	mount showmount
+ypbind		100007
+walld		100008	rwall shutdown
+yppasswdd	100009	yppasswd
+etherstatd	100010	etherstat
+rquotad		100011	rquotaprog quota rquota
+sprayd		100012	spray
+3270_mapper	100013
+rje_mapper	100014
+selection_svc	100015	selnsvc
+database_svc	100016
+rexd		100017	rex
+alis		100018
+sched		100019
+llockmgr	100020
+nlockmgr	100021
+x25.inr		100022
+statmon		100023
+status		100024
+bootparam	100026
+ypupdated	100028	ypupdate
+keyserv		100029	keyserver
+tfsd		100037
+nsed		100038
+nsemntd		100039
+.Ed
+.Sh SEE ALSO
+.Xr getrpcent 3
diff --git a/static/openbsd/man5/ruby-module.5 b/static/openbsd/man5/ruby-module.5
new file mode 100644
index 00000000..c56afaf9
--- /dev/null
+++ b/static/openbsd/man5/ruby-module.5
@@ -0,0 +1,394 @@
+.\"	$OpenBSD: ruby-module.5,v 1.52 2025/12/27 16:31:19 jeremy Exp $
+.\"
+.\" Copyright (c) 2011-2015, 2023 Jeremy Evans <jeremy@openbsd.org>
+.\" Copyright (c) 2008, 2011 Marc Espie <espie@openbsd.org>
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 27 2025 $
+.Dt RUBY-MODULE 5
+.Os
+.Sh NAME
+.Nm ruby-module
+.Nd lang/ruby port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Ev MODULES Ns Li =lang/ruby
+in the
+.Xr ports 7
+tree.
+.Pp
+The main usage of the lang/ruby module is to allow a single Ruby gem-based
+port to build packages for multiple versions of Ruby.
+The lang/ruby module also simplifies ports that depend on Ruby by
+automatically setting up the correct dependencies and defining commonly
+needed variables.
+.Pp
+To allow a single Ruby gem-based port to build packages for multiple versions
+of Ruby, set a specific
+.Ev CONFIGURE_STYLE ,
+which modifies some additional parameters:
+.Bl -tag -width Ds
+.It Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem
+For pure Ruby gems without C extensions.
+This adds
+.Ev PKG_ARCH
+= * to the port.
+.It Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem ext
+For Ruby gems with C extensions.
+To pass additional arguments to
+.Sy gem Cm install
+when building the port, set
+those via
+.Ev CONFIGURE_ARGS .
+.El
+.Pp
+.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem
+and
+.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem ext
+both add ruby33, ruby34, and ruby40
+.Ev FLAVOR Ns s
+to the port.
+They also cause the
+.Ev FULLPKGNAME
+to use the
+.Ev FLAVOR Ns \-
+instead of ruby\- as the package prefix.
+.Pp
+The ports system defaults to using Ruby 3.4 if the version of Ruby is not
+specified.
+To specify a version for a gem port, use a specific
+.Ev FLAVOR ,
+such as ruby33 to use Ruby 3.3.
+To specify the Ruby version to use for a non Ruby-gem port, set
+.Ev MODRUBY_REV
+to 3.3, 3.4, or 4.0.
+.Pp
+To ensure that dependencies use the same Ruby implementation as the
+current port, all Ruby gem dependencies specified in the port
+should use this format:
+.Pp
+.Dl category/ruby\-foo,${MODRUBY_FLAVOR}
+.Pp
+To prevent the ports system from automatically setting up
+.Ev FLAVOR Ns s
+in a gem port, set
+.Ev MODRUBY_HANDLE_FLAVORS
+to
+.Cm \&No .
+Similarly, to let the ports system automatically set up
+.Ev FLAVOR Ns s
+in a non-gem port, set
+.Ev MODRUBY_HANDLE_FLAVORS
+to
+.Cm Yes .
+When
+.Ev MODRUBY_HANDLE_FLAVORS
+is
+.Cm Yes ,
+the ports system automatically adds the appropriate prefix to the
+.Ev FULLPKGNAME
+(e.g. ruby40\- for ruby 4.0, ruby34\- for ruby 3.4).
+.Pp
+For Ruby gem ports that can work on multiple Ruby versions, append
+.Ev GEM_BIN_SUFFIX
+to every binary file entry in the PLIST.
+This is because the gem binaries for multiple Ruby versions are all
+installed to
+.Pa ${LOCALBASE}/bin ,
+and the binaries all use a version-specific suffix.
+Any man pages and other files that would be installed to locations not
+specific to a Ruby implementation (such as under
+.Pa ${LOCALBASE}/share ) ,
+should use
+.Ev GEM_MAN_SUFFIX
+before the extension so the different
+.Ev FLAVOR Ns s
+do not conflict.
+.Pp
+make update\-plist may remove
+.Ev GEM_BIN_SUFFIX
+and
+.Ev GEM_MAN_SUFFIX
+from the PLIST, or use them in inappropriate places, so be careful when
+updating gem ports with binaries or man pages.
+Additionally, for gem ports with C extensions, make update\-plist will add back
+files used by the specific
+.Ev FLAVOR
+(such as files under the extension source directory), which may
+not exist for other
+.Ev FLAVOR Ns s ,
+so always manually check the result of make update\-plist and manually test that
+all supported
+.Ev FLAVOR Ns s
+are buildable before committing.
+Additionally, for gems with C extensions, make update\-plist may add back the
+extension source files, which shouldn't be included in the files, so make sure
+to double check that all files added by make update\-plist should be included
+in the package.
+.Pp
+The lang/ruby module creates a do\-test target if
+.Ev MODRUBY_TEST
+is used and one is not already defined.
+.Pp
+The lang/ruby module appends to the following variables:
+.Bl -tag -width Ds
+.It Ev BUILD_DEPENDS
+Adds dependency on version of Ruby in use unless
+.Ev MODRUBY_BUILDDEP
+is set to
+.Cm \&No ,
+or
+.Ev NO_BUILD
+is set to
+.Cm Yes .
+.It Ev CATEGORIES
+Adds the lang/ruby category.
+.It Ev RUN_DEPENDS
+Adds dependency on version of Ruby in use unless
+.Ev MODRUBY_RUNDEP
+is set to
+.Cm \&No .
+.It Ev TEST_DEPENDS
+Adds the rspec dependency if
+.Ev MODRUBY_TEST
+is set to rspec3.
+.It Ev SUBST_VARS
+Adds
+.Ev GEM_EXTENSIONS_DIR ,
+.Ev MODRUBY_RELEXAMPLEDIR ,
+.Ev MODRUBY_SITEARCHDIR ,
+.Ev MODRUBY_SITEDIR ,
+.Ev MODRUBY_LIBREV ,
+.Ev MODRUBY_ARCH ,
+.Ev GEM_LIB ,
+.Ev GEM_BIN ,
+and
+.Ev DISTNAME .
+.It Ev UPDATE_PLIST_ARGS
+Adds options so that
+.Ev MODRUBY_RELEXAMPLEDIR ,
+.Ev MODRUBY_SITEARCHDIR ,
+.Ev MODRUBY_SITEDIR ,
+.Ev GEM_LIB ,
+and
+.Ev GEM_BIN
+are only substituted at the start of paths.
+.El
+.Pp
+If using
+.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem
+or
+.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem ext ,
+it also appends to the following variables:
+.Bl -tag -width Ds
+.It Ev EXTRACT_CASES
+Adds support for extracting .gem files.
+.El
+.Pp
+If using
+.Ev CONFIGURE_STYLE Ns = Ns Qq ruby gem ext ,
+it also appends to the following variables:
+.Bl -tag -width Ds
+.It Ev WANTLIB
+Adds libraries used by Ruby.
+.It Ev LIB_DEPENDS
+Adds
+.Ev MODRUBY_LIB_DEPENDS .
+.It Ev PKG_ARGS
+Adds additional PLIST so that loading native extensions will not attempt to
+rebuild them at runtime.
+.It Ev SUBST_VARS
+Adds
+.Ev GEM_EXTENSIONS_DIR .
+.El
+.Pp
+If using
+.Ev MODRUBY_HANDLE_FLAVORS Ns = Ns Yes ,
+it also appends to the following variables:
+.Bl -tag -width Ds
+.It Ev SUBST_VARS
+Adds
+.Ev GEM_BIN_SUFFIX
+and
+.Ev GEM_MAN_SUFFIX
+to
+.Ev SUBST_VARS
+so that the PLISTs work on multiple Ruby versions.
+.El
+.Pp
+The lang/ruby module sets the following variables:
+.Bl -tag -width Ds
+.It Ev GEM
+The path to the appropriate
+.Sy gem
+binary for the current Ruby version (/usr/local/bin/gem${MODRUBY_BINREV}).
+.It Ev GEM_BASE_BIN
+The absolute path where the
+.Sy gem
+program will install the executable
+files provided by the gem (if any) during the fake target.
+.It Ev GEM_BASE_LIB
+The absolute path where the
+.Sy gem
+program will install library files
+provided by the gem during the fake target.
+.It Ev GEM_BIN
+The relative path under
+.Ev PREFIX
+where the package installs the gem's executable files.
+.It Ev GEM_BIN_SUFFIX
+The suffix to use for the gem's executable files, so that separate
+.Ev FLAVOR Ns s
+of the port do not conflict.
+.It Ev GEM_EXTENSIONS_DIR
+The relative path under
+.Ev PREFIX
+where the package installs Ruby-version specific files for Ruby gems
+with C extensions.
+.It Ev GEM_FLAGS
+Option flags for
+.Sy gem Cm install
+when building the port.
+.It Ev GEM_LIB
+The relative path under
+.Ev PREFIX
+where Ruby gem files are stored for the Ruby version in use.
+.It Ev GEM_MAN_SUFFIX
+The suffix to use for the gem's manual pages, so that separate
+.Ev FLAVOR Ns s
+of the port do not conflict.
+.It Ev MODRUBY_ADJ_FILES
+A list of filename patterns that will automatically have
+.Ev MODRUBY_RUBY_ADJ
+called on them during pre\-configure.
+.It Ev MODRUBY_ARCH
+The platform-specific string used by Ruby for files installed
+into platform-specific directories.
+.It Ev MODRUBY_BINREV
+The same as
+.Ev MODRUBY_REV
+except without the dot
+.Pq Ql \&. ,
+reflecting the suffix used by the
+programs for the Ruby version in use.
+.It Ev MODRUBY_BIN_RSPEC
+The path to the rspec (rspec 3) binaries for the Ruby
+version in use.
+.It Ev MODRUBY_BUILD_DEPENDS
+The same as
+.Ev MODRUBY_RUN_DEPENDS .
+It is designed to be used in
+.Ev BUILD_DEPENDS
+values for other ports depending on Ruby.
+.It Ev MODRUBY_BUILDDEP
+If Ruby does not need to be installed
+while building the package(s), set to
+.Cm \&No .
+The default is
+.Cm Yes .
+.It Ev MODRUBY_FLAVOR
+The FLAVOR to use for Ruby dependencies to ensure that
+they use the same version of Ruby as the current port.
+.It Ev MODRUBY_HANDLE_FLAVORS
+Determines whether the port allows building with multiple
+.Ev FLAVOR Ns s,
+with each
+.Ev FLAVOR
+supporting a separate Ruby version.
+.It Ev MODRUBY_LIBREV
+The same as
+.Ev MODRUBY_REV .
+.It Ev MODRUBY_LIB_DEPENDS
+The same as
+.Ev MODRUBY_RUN_DEPENDS .
+It is designed to be used in
+.Ev LIB_DEPENDS
+values for other ports depending on Ruby.
+.It Ev MODRUBY_PKG_PREFIX
+The prefix to use for packages built using the lang/ruby module,
+if the port support building with multiple Ruby versions.
+.It Ev MODRUBY_RELEXAMPLEDIR
+The relative path under
+.Ev PREFIX
+where the package installs example files for non-Ruby gem ports.
+.It Ev MODRUBY_REV
+Includes the major and minor versions of the version of Ruby in use,
+separated by a dot
+.Pq Ql \&. .
+The port can override the value to specify which Ruby version to use,
+if the port sets or defaults to
+.Ev MODRUBY_HANDLE_FLAVORS Ns =Yes .
+.It Ev MODRUBY_RUBY_ADJ
+A command that takes filename arguments and replaces
+the
+.Pa /usr/bin/env
+ruby shebang lines with
+.Ev RUBY .
+.It Ev MODRUBY_RUN_DEPENDS
+The port path for the Ruby version in use.
+It is designed to be used in
+.Ev RUN_DEPENDS
+values for other ports depending on Ruby.
+.It Ev MODRUBY_RUNDEP
+If the packages do not depend on Ruby at runtime, set to
+.Cm \&No .
+The default is
+.Cm Yes .
+.It Ev MODRUBY_SITEARCHDIR
+The relative path under
+.Ev PREFIX
+where the package installs platform-specific library files for non-Ruby gem
+ports.
+.It Ev MODRUBY_SITEDIR
+The relative path under
+.Ev PREFIX
+where the package installs non-platform-specific library files for non-Ruby
+gem ports.
+.It Ev MODRUBY_TEST
+Set to
+.Cm ruby ,
+.Cm rake ,
+.Cm rspec3 ,
+or
+.Cm testrb
+to choose the appropriate program to run the regress tests, if the port
+includes tests.
+.It Ev MODRUBY_TEST_ENV
+Sets environment variables for the regress tests.
+.It Ev MODRUBY_TEST_TARGET
+Sets the argument to the regress test program.
+.It Ev MODRUBY_WANTLIB
+Includes the library-specs for the Ruby version in use.
+.It Ev RAKE
+The path to the
+.Sy rake
+program for the Ruby version in use (/usr/local/bin/rake${MODRUBY_BINREV}).
+.It Ev RUBY
+The path to the
+.Xr ruby 1
+program for the Ruby version in use (/usr/local/bin/ruby${MODRUBY_BINREV}).
+.El
+.Sh SEE ALSO
+.Xr bsd.port.mk 5 ,
+.Xr port-modules 5
diff --git a/static/openbsd/man5/services.5 b/static/openbsd/man5/services.5
new file mode 100644
index 00000000..5b5b9cb4
--- /dev/null
+++ b/static/openbsd/man5/services.5
@@ -0,0 +1,98 @@
+.\"	$OpenBSD: services.5,v 1.14 2021/05/05 11:49:17 sthen Exp $
+.\"	$NetBSD: services.5,v 1.3 1994/11/30 19:31:31 jtc Exp $
+.\"
+.\" Copyright (c) 1983, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)services.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: May 5 2021 $
+.Dt SERVICES 5
+.Os
+.Sh NAME
+.Nm services
+.Nd service name database
+.Sh DESCRIPTION
+The
+.Nm
+file contains information regarding the known services available in the
+Internet.
+For each service, a single line should be present with the
+following information:
+.Bd -unfilled -offset indent
+official service name
+port number
+protocol name
+aliases
+.Ed
+.Pp
+Items are separated by any number of blanks and/or tab characters.
+The port number and protocol name are considered a single item; a slash
+.Pq Ql /
+is used to separate the port and protocol (e.g.,
+.Dq 512/tcp ) .
+.Pp
+A hash mark
+.Pq Ql #
+indicates the beginning of a comment; subsequent characters up to the
+end of the line are not interpreted by the routines which search the file.
+.Pp
+Service names may contain any printable character other than a
+field delimiter, newline, or comment character.
+.Pp
+To protect service ports from being used for dynamic port assignment,
+.Xr rc 8
+reads
+.Nm
+at boot and uses the contents to populate
+.Va net.inet.tcp.baddynamic
+and
+.Va net.inet.udp.baddynamic .
+.Pp
+While it is the policy of IANA to assign a single well-known port number
+for both TCP and UDP, to avoid reducing the dynamic port range unnecessarily,
+the unused entries are not always listed in
+.Nm .
+.Sh FILES
+.Bl -tag -width /etc/services -compact
+.It Pa /etc/services
+.El
+.Sh SEE ALSO
+.Xr getservent 3
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.2 .
+.Sh BUGS
+A name server should be used instead of a static file.
+Lines in
+.Pa /etc/services
+are limited to
+.Dv BUFSIZ
+characters (currently 1024).
+Longer lines will be ignored.
diff --git a/static/openbsd/man5/shells.5 b/static/openbsd/man5/shells.5
new file mode 100644
index 00000000..d8b5345d
--- /dev/null
+++ b/static/openbsd/man5/shells.5
@@ -0,0 +1,77 @@
+.\"	$OpenBSD: shells.5,v 1.8 2007/05/31 19:19:58 jmc Exp $
+.\"	$NetBSD: shells.5,v 1.3 1994/11/30 19:31:32 jtc Exp $
+.\"
+.\" Copyright (c) 1986, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)shells.5	8.1 (Berkeley) 6/5/93
+.\"
+.Dd $Mdocdate: May 31 2007 $
+.Dt SHELLS 5
+.Os
+.Sh NAME
+.Nm shells
+.Nd shell database
+.Sh DESCRIPTION
+The
+.Nm
+file contains a list of valid shells available on the system.
+A shell is a command line interpreter that reads user input and executes
+commands.
+For each shell a single line should be present, consisting of the
+shell's path, relative to root.
+.Pp
+A hash mark
+.Pq Sq #
+indicates the beginning of a comment; subsequent
+characters up to the end of the line are not interpreted by the
+routines which search the file.
+Blank lines are also ignored.
+.Pp
+The
+.Xr chpass 1
+program will not let regular users change their default shell to one not
+listed in the
+.Nm
+file.
+The
+.Xr ftpd 8
+daemon denies access to users who are not using one of the listed shells.
+.Sh FILES
+.Bl -tag -width /etc/shells -compact
+.It Pa /etc/shells
+.El
+.Sh SEE ALSO
+.Xr chpass 1 ,
+.Xr login 1 ,
+.Xr getusershell 3 ,
+.Xr nologin 8
+.Sh HISTORY
+The
+.Nm
+file format appeared in
+.Bx 4.3 tahoe .
diff --git a/static/openbsd/man5/spamd.conf.5 b/static/openbsd/man5/spamd.conf.5
new file mode 100644
index 00000000..a880bc5b
--- /dev/null
+++ b/static/openbsd/man5/spamd.conf.5
@@ -0,0 +1,200 @@
+.\"	$OpenBSD: spamd.conf.5,v 1.24 2025/11/12 07:58:16 sthen Exp $
+.\"
+.\" Copyright (c) 2003 Jason L. Wright (jason@thought.net)
+.\" Copyright (c) 2003 Bob Beck
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 12 2025 $
+.Dt SPAMD.CONF 5
+.Os
+.Sh NAME
+.Nm spamd.conf
+.Nd spamd-setup configuration file
+.Sh DESCRIPTION
+The
+.Nm
+file is read by
+.Xr spamd-setup 8
+to configure
+.Em blacklists
+for
+.Xr spamd 8 .
+Blacklists are lists of addresses of likely spammers.
+Mail from these addresses never reaches the actual mail server,
+but is instead redirected to
+.Xr spamd 8
+and tarpitted.
+.Pp
+.Nm
+follows the syntax of configuration databases as documented in
+.Xr cgetent 3 .
+Here is an example:
+.Bd -literal -offset indent
+all:\e
+	:somelist:override:myblack:
+
+somelist:\e
+	:black:\e
+	:msg="Your address %A is in an anti-spam list\en\e
+	See http://www.example.org/dnsbl/ for details":\e
+	:method=https:\e
+	:file=www.example.org/spamd/somelist.gz
+
+override:\e
+	:white:\e
+	:method=file:\e
+	:file=/etc/mail/override.txt:
+
+myblack:\e
+	:black:\e
+	:msg=/etc/mail/myblackmsg.txt:\e
+	:method=file:\e
+	:file=/etc/mail/myblack.txt:
+.Ed
+.Pp
+The default configuration file must include the entry
+.Ar all ,
+which specifies the order in which lists
+are to be applied.
+Lists are constructed by name:
+blacklists are identified by the capability
+.Pf : Ar black : .
+If a list is instead given the
+.Pf : Ar white :
+capability,
+addresses in it will not be blacklisted.
+The addresses in such a list are removed from the preceding blacklist.
+.Pp
+In the above example,
+if an address was present in all three lists,
+blacklists
+.Ar somelist
+and
+.Ar myblack ,
+as well as the exceptions list
+.Ar override ,
+the address would be removed from list
+.Ar somelist
+by the subsequent
+.Ar override
+list.
+However, the address would not be removed from the
+.Ar myblack
+list.
+To remove all the addresses in
+.Ar override
+from
+.Ar myblack ,
+the following configuration
+would be used instead:
+.Bd -literal -offset indent
+all:\e
+	:somelist:override:myblack:override:
+.Ed
+.Pp
+The source of the addresses for lists is
+specified using the
+.Ar method
+and
+.Ar file
+capability entries.
+.Pp
+.Ar method
+specifies the method by which to retrieve a file containing a list of
+addresses and may be one of
+.Ar http ,
+.Ar https ,
+.Ar ftp ,
+.Ar file ,
+or
+.Ar exec .
+The
+.Ar http ,
+.Ar https ,
+.Ar ftp ,
+and
+.Ar file
+methods will make
+.Nm
+retrieve the file from the location specified by the
+.Ar file
+capability.
+The
+.Ar exec
+method will make
+.Nm
+spawn the program with arguments indicated in the
+.Ar file
+capability for the list, and reads a list of addresses
+from the output of the program.
+.Pp
+The format of the list of addresses is expected to consist of one
+network block or address per line (optionally followed by a space and
+text that is ignored).
+Comment lines beginning with
+.Ar #
+are ignored.
+Network blocks may be specified in any of the formats as in
+the following example:
+.Bd -literal -offset indent
+# CIDR format
+192.168.20.0/24
+# A start - end range
+192.168.21.0 - 192.168.21.255
+# As a single IP address
+192.168.23.1
+.Ed
+.Pp
+Each blacklist must include a message, specified in the
+.Ar msg
+capability as a string.
+If the
+.Ar msg
+string is enclosed in double quotes, the characters in the quoted string
+are escaped as specified in
+.Xr cgetent 3
+with the exception that a colon (:) is allowed in the quoted string.
+The resulting string is used as the message.
+Alternatively, if the
+.Ar msg
+string is not specified in quotes, it is assumed to be a local filename
+from which the message text may be read.
+.Pp
+The message is configured in
+.Xr spamd 8
+to be displayed in the SMTP dialogue to any connections that match
+addresses in the blacklist.
+The sequence \e" in the message will produce a double quote in the output.
+The sequence %% will produce a single % in the output,
+and the sequence \&%A will be expanded in the message by
+.Xr spamd 8
+to display the connecting IP address in the output.
+.Sh FILES
+.Bl -tag -width "/etc/mail/spamd.conf"
+.It Pa /etc/mail/spamd.conf
+Configuration file for
+.Xr spamd-setup 8 .
+.El
+.Sh SEE ALSO
+.Xr spamd 8 ,
+.Xr spamd-setup 8
diff --git a/static/openbsd/man5/sysctl.conf.5 b/static/openbsd/man5/sysctl.conf.5
new file mode 100644
index 00000000..d4bdcfd2
--- /dev/null
+++ b/static/openbsd/man5/sysctl.conf.5
@@ -0,0 +1,60 @@
+.\" $OpenBSD: sysctl.conf.5,v 1.15 2025/04/05 16:56:29 kn Exp $
+.\"
+.\" Copyright (c) 1998 Todd C. Miller <millert@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 5 2025 $
+.Dt SYSCTL.CONF 5
+.Os
+.Sh NAME
+.Nm sysctl.conf
+.Nd sysctl variables to set at system startup
+.Sh DESCRIPTION
+.Nm
+is made up of
+.Xr sysctl 8
+variable assignments
+.Pq Ar variable Ns = Ns Ar value
+with comments designated by a hash mark
+.Pq Sq # .
+.Pp
+.Pa /etc/sysctl.conf
+is read at system startup by
+.Xr rc 8
+early on in the boot sequence.
+.Sh FILES
+.Bl -tag -width /etc/examples/sysctl.conf -compact
+.It Pa /etc/sysctl.conf
+.It Pa /etc/examples/sysctl.conf
+.El
+.Sh EXAMPLES
+To turn on IP forwarding, one would use the following line:
+.Bd -literal -offset indent
+net.inet.ip.forwarding=1
+.Ed
+.Pp
+To cause the kernel to reboot on a panic, instead of dropping into
+the debugger, the following can be used:
+.Bd -literal -offset indent
+ddb.panic=0
+.Ed
+.Sh SEE ALSO
+.Xr sysctl 2 ,
+.Xr rc 8 ,
+.Xr sysctl 8
+.Sh HISTORY
+A
+.Nm
+file first appeared in
+.Ox 2.3 .
diff --git a/static/openbsd/man5/utmp.5 b/static/openbsd/man5/utmp.5
new file mode 100644
index 00000000..77978d9b
--- /dev/null
+++ b/static/openbsd/man5/utmp.5
@@ -0,0 +1,218 @@
+.\"	$OpenBSD: utmp.5,v 1.26 2019/09/06 19:25:08 schwarze Exp $
+.\"	$NetBSD: utmp.5,v 1.5 1994/11/30 19:31:35 jtc Exp $
+.\"
+.\" Copyright (c) 1980, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)utmp.5	8.2 (Berkeley) 3/17/94
+.\"
+.Dd $Mdocdate: September 6 2019 $
+.Dt UTMP 5
+.Os
+.Sh NAME
+.Nm utmp ,
+.Nm wtmp ,
+.Nm lastlog
+.Nd login records
+.Sh SYNOPSIS
+.In utmp.h
+.Sh DESCRIPTION
+The
+.In utmp.h
+file declares the structures used to record information about current
+users in the
+.Nm utmp
+file, logins and logouts in the
+.Nm wtmp
+file, and last logins in the
+.Nm lastlog
+file.
+The timestamps of date changes, shutdowns, and reboots are also logged in the
+.Nm wtmp
+file.
+.Pp
+.Nm wtmp
+can grow rapidly on busy systems, so daily or weekly rotation is recommended.
+If any one of these files does not exist, it is not created.
+They must be created manually and are maintained by
+.Xr newsyslog 8 .
+.Bd -literal -offset indent
+#define _PATH_UTMP      "/var/run/utmp"
+#define _PATH_WTMP      "/var/log/wtmp"
+#define _PATH_LASTLOG   "/var/log/lastlog"
+
+#define UT_NAMESIZE     32
+#define UT_LINESIZE     8
+#define UT_HOSTSIZE     256
+
+struct lastlog {
+        time_t  ll_time;
+        char    ll_line[UT_LINESIZE];
+        char    ll_host[UT_HOSTSIZE];
+};
+
+struct utmp {
+        char    ut_line[UT_LINESIZE];
+        char    ut_name[UT_NAMESIZE];
+        char    ut_host[UT_HOSTSIZE];
+        time_t	ut_time;
+};
+.Ed
+.Pp
+Each time a user logs in, the
+.Xr login 1
+program looks up the user's
+.Tn UID
+in the
+.Nm lastlog
+file.
+If it is found, the timestamp of the last time the user logged
+in, the terminal line, and the hostname
+are written to the standard output (provided the login is not
+.Dq quiet ;
+see
+.Xr login 1 ) .
+The
+.Xr login 1
+program then records the new login time in the
+.Nm lastlog
+file.
+.Pp
+After the new
+.Fa lastlog
+record is written,
+.\" the
+.\" .Xr libutil 3
+.\" routine
+the
+.Nm utmp
+file is opened and the
+.Fa utmp
+record for the user is inserted.
+This record remains until the user logs out at which time it is deleted.
+The
+.Nm utmp
+file is used by the programs
+.Xr users 1 ,
+.Xr w 1 ,
+and
+.Xr who 1 .
+.Pp
+Next, the
+.Xr login 1
+program opens the
+.Nm wtmp
+file and appends the user's
+.Fa utmp
+record.
+When the user logs out, a
+.Fa utmp
+record with the tty line, an updated timestamp, and zeroed name and host
+fields is appended to the file (see
+.Xr init 8 ) .
+The
+.Nm wtmp
+file is used by the programs
+.Xr last 1
+and
+.Xr ac 8 .
+.Pp
+In the event of a date change, shutdown, or reboot, the
+following items are logged in the
+.Nm wtmp
+file:
+.Pp
+.Bl -tag -width shutdownxx -compact
+.It Li reboot
+.It Li shutdown
+A system reboot or shutdown has been initiated.
+A tilde
+.Pq Sq \&~
+character is placed in the field
+.Fa ut_line ,
+and
+.Dq reboot
+or
+.Dq shutdown
+in the field
+.Fa ut_name
+(see
+.Xr shutdown 8
+and
+.Xr reboot 8 ) .
+.Pp
+.It Li date
+The system time has been manually or automatically updated (see
+.Xr date 1 ) .
+The command name
+.Xr date 1
+is recorded in the field
+.Fa ut_name .
+In the field
+.Fa ut_line ,
+the
+.Dq \&|
+character indicates the time prior to the change and the
+.Dq \&{
+character indicates the new time.
+.El
+.Sh FILES
+.Bl -tag -width /var/log/lastlog -compact
+.It Pa /var/run/utmp
+.It Pa /var/log/wtmp
+.It Pa /var/log/lastlog
+.El
+.Sh SEE ALSO
+.Xr last 1 ,
+.Xr login 1 ,
+.Xr who 1 ,
+.Xr ac 8 ,
+.Xr init 8 ,
+.Xr newsyslog 8
+.Sh HISTORY
+A file
+.Pa /tmp/utmp
+first appeared in
+.At v1
+and a file
+.Pa /tmp/wtmp
+in
+.At v2 .
+The
+.Nm lastlog
+file format appeared in
+.Bx 3.0 .
+.Sh CAVEATS
+The strings in the
+.Fa utmp
+and
+.Fa lastlog
+structures are
+.Em not
+normal
+.Sq C
+strings and are thus not guaranteed to be null terminated.
diff --git a/static/openbsd/man5/wsconsctl.conf.5 b/static/openbsd/man5/wsconsctl.conf.5
new file mode 100644
index 00000000..29a08a4f
--- /dev/null
+++ b/static/openbsd/man5/wsconsctl.conf.5
@@ -0,0 +1,74 @@
+.\" $OpenBSD: wsconsctl.conf.5,v 1.7 2020/02/10 13:18:20 schwarze Exp $
+.\"
+.\" Copyright (c) 2001 Brian J. Kifiak <bk@rt.fm>
+.\" All rights reserved.
+.\"
+.\" Based on sysctl.conf.5 found in OpenBSD 2.3+:
+.\" Copyright (c) 1998 Todd C. Miller <millert@openbsd.org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: February 10 2020 $
+.Dt WSCONSCTL.CONF 5
+.Os
+.Sh NAME
+.Nm wsconsctl.conf
+.Nd wsconsctl variables to set at system startup
+.Sh DESCRIPTION
+.Nm
+contains a list of
+.Xr wsconsctl 8
+variable assignments that is read at system startup by
+.Xr rc 8
+during the boot sequence.
+.Pp
+The file is made up of
+.Xr wsconsctl 8
+variable assignments
+.Pq Ar variable Ns = Ns Ar value
+with comments designated by a hash mark
+.Pq Sq # .
+.Sh FILES
+.Bl -tag -width /etc/examples/wsconsctl.conf -compact
+.It Pa /etc/wsconsctl.conf
+.It Pa /etc/examples/wsconsctl.conf
+.El
+.Sh EXAMPLES
+To load a Russian keyboard encoding, one would use the following line:
+.Bd -literal -offset indent
+keyboard.encoding=ru
+.Ed
+.Pp
+To set the screen burner timeout to 60 seconds, the following can be used:
+.Bd -literal -offset indent
+display.screen_off=60000
+.Ed
+.Sh SEE ALSO
+.Xr rc 8 ,
+.Xr wsconsctl 8
+.Sh HISTORY
+A
+.Nm
+file first appeared in
+.Ox 3.0 .