20060303-partial

37 files changed, 4672 insertions, 0 deletions

diff --git a/man/8/0intro b/man/8/0intro
new file mode 100644
index 00000000..7ab31322
--- /dev/null
+++ b/man/8/0intro
@@ -0,0 +1,13 @@
+.TH INTRO 8
+.SH NAME
+intro \- introduction to system configuration and administration, and system utilities
+.SH DESCRIPTION
+This section of the manual describes commands that provide
+system configuration and support system administration.
+There are commands to start and shut down native and hosted environments,
+administer authentication,
+build file system images,
+initialise disks and flash memory, and
+configure devices.
+It also documents the commands and interfaces to service
+programs, including those providing services on the network.
diff --git a/man/8/INDEX b/man/8/INDEX
new file mode 100644
index 00000000..c520eacb
--- /dev/null
+++ b/man/8/INDEX
@@ -0,0 +1,59 @@
+intro 0intro
+applylog applylog
+updatelog applylog
+bootpd bootpd
+tftpd bootpd
+changelogin changelogin
+convpasswd changelogin
+collabsrv collabsrv
+create create
+info create
+inst create
+createsignerkey createsignerkey
+cs cs
+csquery cs
+dhcp dhcp
+dns dns
+dnsquery dns
+fpgaload fpgaload
+ftl ftl
+getauthinfo getauthinfo
+echo httpd
+httpd httpd
+stats httpd
+emuinit init
+init init
+osinit init
+kfscmd kfscmd
+logind logind
+mangaload mangaload
+manufacture manufacture
+mkext mkfs
+mkfs mkfs
+ping ping
+plumber plumber
+fdisk prep
+format prep
+mbr prep
+prep prep
+rdbgsrv rdbgsrv
+register register
+rip rip
+rstyxd rstyxd
+styxd rstyxd
+shutdown shutdown
+countersigner signer
+signer signer
+verify signer
+sntp sntp
+srv srv
+styxchat styxchat
+styxmon styxmon
+auth svc
+net svc
+registry svc
+rstyx svc
+styx svc
+svc svc
+touchcal touchcal
+virgild virgild
diff --git a/man/8/applylog b/man/8/applylog
new file mode 100644
index 00000000..19f9c6fe
--- /dev/null
+++ b/man/8/applylog
@@ -0,0 +1,237 @@
+.TH APPLYLOG 8
+.SH NAME
+applylog, updatelog \- log-based updates
+.SH SYNOPSIS
+.B install/applylog
+[
+.B -c
+] [
+.B -e
+] [
+.B -n
+] [
+.B -s
+] [
+.B -u
+] [
+.B -g
+] [
+.B -v
+] [
+.BI -T " timefile"
+]
+.I clientlog
+.I clientroot
+.I serverroot
+[
+.I path
+\&...
+]
+.PP
+.B install/updatelog
+[
+.BI -p " proto"
+] [
+.BI -r " root"
+] [
+.BI -t " now gen"
+] [
+.B -c
+] [
+.BI -x " path"
+]
+.I log
+[
+.I path
+\&...
+]
+.SH DESCRIPTION
+These two commands allow distribution of updates (eg, to the Inferno tree)
+based on a log of changes since a previous update.
+Notionally, one
+.I server
+system is the primary for a set of files, and one or more
+.I client
+systems maintain replicas of that set,
+although in some applications server and client might be the same machine.
+.PP
+.I Applylog
+is run on a client, to update the file tree rooted at
+.IR clientroot .
+The server's version of the tree is rooted at
+.I serverroot
+on the client,
+typically by being mounted there (see
+.IR bind (1)).
+.I Applylog
+takes the current state of the replica from the entries in
+.IR clientlog ,
+and applies a set of changes represented by log entries read from its standard input.
+Those entries are provided by the server.
+Each change is examined to see whether the file to which it applies is in the expected state.
+If so, the change is applied without comment; otherwise, there is a conflict caused by
+a local change to the replica tree independently from the primary.
+By default,
+.I applylog
+diagnoses the conflict and does not apply the change.
+It accepts the following options:
+.TP
+.B -c
+Resolve inconsistencies in favour of the client: leave the replica as is.
+.TP
+.B -e
+Exit with an error status on any error, including inconsistency between client and server.
+.TP
+.B -n
+Print on standard output a list of changes that would be made, and list any conflicts,
+but do not change the tree or update the log.
+.TP
+.B -s
+Resolve inconsistencies in favour of the server: make the replica match the server's state.
+.TP
+.B -u
+Make file ownership in the replica match that on the server.
+.TP
+.B -g
+Make group ownership in the replica match that on the server.
+.TP
+.B -v
+Print a summary of each log entry as it is examined.
+.TP
+.BI -T " timefile"
+Read a time and sequence number from
+.I timefile
+and apply only log entries with stamps greater than that.
+On successful completion, if the
+.B -n
+option is not given, update the
+.I timefile
+with the stamp of the last log entry processed successfully.
+.PP
+The scope of an update in a tree can be restricted to a particular set of
+.I paths
+listed on the command line.
+They should all be relative path names.
+.PP
+.I Updatelog
+is run on a server to produce a sequence of log entries representing changes
+to the primary tree since a previous log was produced.
+It can also be run on a client to see how its replica state differs from that recorded in a log.
+It accepts the following options:
+.TP
+.BI -p " proto"
+Use
+.I proto
+as the prototype for the file system, as described by
+.IR proto (6)
+(default:
+.BR /lib/proto/all ).
+.TP
+.BI -r " root"
+The replica is rooted at
+.I root
+(default:
+the current directory,
+.BR . ).
+.TP
+.BI -t " now gen"
+Make log entries use time
+.I now
+and initial sequence number
+.IR gen .
+The defaults are the current time and 0.
+.TP
+.B -c
+Produce output only for content and metadata changes, not additions or deletions.
+.TP
+.BI -x " path"
+Exclude
+.I path
+and its subtrees from consideration.
+.PP
+By default,
+.I updatelog
+produces log entries describing changes, additions and deletions to all files in
+.I root
+but the scope can be limited by giving a different
+.IR proto ,
+explicitly listing trees to consider as
+.I paths
+on the command line, and
+by giving one or more
+.B -x
+options to exclude particular paths,
+in any desired combination.
+.SS Log file format
+.PP
+A log file is a text file with one line representing each change to the tree.
+Each line has the form:
+.IP
+.I "time gen verb path serverpath mode uid gid mtime length"
+[
+.I sum
+\&...
+]
+.PP
+where:
+.RS
+.TP
+.I "time, gen"
+are decimal numbers that order the sequence of requests:
+.I time
+is typically the time in seconds of the epoch at which the entry was made;
+.I gen
+is a monotonically increasing sequence number
+.PD
+.TP
+.I verb
+is an action:
+.RS
+.PD0
+.TP
+.B a
+add file
+.I path
+.TP
+.B c
+change the contents of file
+.I path
+.TP
+.B d
+delete
+.I path
+.TP
+.B m
+change the metadata (permissions, ownership) for
+.I path
+.RE
+.PD
+.TP
+.I path
+the name of the file on the client
+.TP
+.I serverpath
+the name of the file on the server with the contents for
+.IR path ,
+or simply
+.L -
+when the server and client file names are the same
+.TP
+.I "mode, uid, gid, length, mtime"
+the resulting metadata (except for
+.B d
+where the metadata is that for the file to be deleted)
+.TP
+.I sum
+is the MD5 checksum of the file's contents
+.RE
+.SH SOURCE
+.B /appl/cmd/install/applylog.b
+.br
+.B /appl/cmd/install/logs.b
+.br
+.B /appl/cmd/install/updatelog.b
+.SH SEE ALSO
+.IR fs (1),
+.IR kfs (4),
+.IR proto (6)
diff --git a/man/8/bootpd b/man/8/bootpd
new file mode 100644
index 00000000..47e74c09
--- /dev/null
+++ b/man/8/bootpd
@@ -0,0 +1,163 @@
+.TH BOOTPD 8
+.SH NAME
+bootpd, tftpd \- Internet booting
+.SH SYNOPSIS
+.B ip/bootpd
+[
+.B -dsq
+] [
+.BI -f " dbfile"
+] [
+.BI -x " network"
+]
+.PP
+.B ip/tftpd
+.RB [ -dr ]
+[
+.BI -p " port"
+] [
+.BI -h " homedir"
+] [
+.BI -x " network"
+]
+.SH DESCRIPTION
+.I Bootpd
+listens for Internet BOOTP requests and broadcasts a suitable reply
+to each request that matches an entry
+in the network database
+.I dbfile
+(default:
+.BR /lib/ndb/local ).
+The BOOTP protocol is typically used by a remote system as it boots, to obtain its Internet address
+and other configuration data such as the addresses of servers
+(see for instance the
+.B bootp
+file in
+.IR ip (3)).
+.PP
+.I Dbfile
+is in
+.IR ndb (6)
+format, as interpreted by
+.IR attrdb (2).
+.I Bootpd
+uses the following attributes:
+.TF ipmask
+.TP
+.B auth
+authentication server name or address
+.TP
+.B bootf
+name of the client's boot file
+.TP
+.B dom
+fully-qualified domain name
+.TP
+.B ether
+hardware (MAC) address; only Ethernet is supported
+.TP
+.B fs
+file server name or address
+.TP
+.B ip
+client's Internet address
+.TP
+.B ipgw
+gateway from client's subnet (IP address)
+.TP
+.B ipmask
+subnet mask
+.TP
+.B ipnet
+network name
+.TP
+.B sys
+system name (client identifier)
+.PD
+.PP
+.I Bootpd
+replies to an incoming request only if its hardware address matches the value of the
+.B ether
+attribute of an entry in
+.I dbfile .
+If found, the reply contains all the other requested data that is contained in the entry;
+if an item is missing, it is sought in the entries for successively higher networks (described by
+.B ipnet
+entries) that contain the requesting system's address.
+The `vendor specific' part of the reply conveys the file server and authentication server addresses
+to Inferno clients.
+Before answering a request,
+.I bootpd
+rereads
+.I dbfile
+if it has changed since last read.
+.PP
+The
+.B -s
+option causes
+.I bootpd
+to sniff the network for BOOTP traffic and print it, but not reply.
+The
+.B -d
+option prints debugging information; giving it twice prints even more.
+The
+.B -x
+option tells
+.I bootpd
+to use a
+.I network
+other than
+.BR /net .
+Currently
+.I bootpd
+prints a message to standard output each time it replies; the
+.B -q
+option keeps it quiet.
+.PP
+.I Tftpd
+is mainly used to send kernels and configuration files to machines booting from the network.
+It listens for incoming TFTP file transfer requests on the given UDP
+.I port
+(default: 69) and responds by sending or receiving a file as requested.
+.I Homedir
+is the current directory for transfers,
+.B /services/tftpd
+by default,
+and requests that use a relative path name refer to files in or below that directory.
+If the
+.B -r
+option is given, absolute path names are also restricted to
+.IR homedir .
+.I Tftpd
+runs as
+.B none
+(the least privileged user) and can send only files with general read permission, or write files
+that are generally writable.
+Normally
+.I tftpd
+uses the network directory
+.BR /net ,
+but another can be specified with the
+.B -x
+option.
+The
+.B -d
+option prints a debugging trace on standard output.
+.SH FILES
+.TF /services/tftpd/xxxxx
+.TP
+.B /lib/ndb/local
+network configuration file
+.TP
+.B /services/tftpd
+default directory for relative pathnames
+.SH SOURCE
+.B /appl/cmd/ip/bootpd.b
+.br
+.B /appl/cmd/ip/tftpd.b
+.SH SEE ALSO
+.IR attrdb (2),
+.IR ip (3),
+.IR ndb (6),
+.IR cs (8),
+.IR dns (8)
diff --git a/man/8/changelogin b/man/8/changelogin
new file mode 100644
index 00000000..57e89145
--- /dev/null
+++ b/man/8/changelogin
@@ -0,0 +1,113 @@
+.TH CHANGELOGIN 8
+.SH NAME
+changelogin, convpasswd \- create/update the password file
+.SH SYNOPSIS
+.BI auth/changelogin " name"
+.PP
+.B auth/convpasswd
+[
+.B -f
+] [
+.B -v
+] [
+.BI -m " keydir"
+]
+[
+.I pwfile
+]
+.SH DESCRIPTION
+.I Changelogin
+helps to administer a password file
+.B /keydb/keys
+(see
+.IR keys (6)),
+a requirement of `signer' servers
+(see
+.IR logind (8),
+.IR signer (8),
+and
+.B svc/auth
+in
+.IR svc (8)).
+.I Changelogin
+can only be used on the signing host itself,
+after
+.IR keyfs (4)
+has been started (eg, by
+.BR svc/auth )
+to make the entries visible in the name space.
+.PP
+If a password file entry for
+.I name
+exists, it is modified; otherwise, a new entry is created.
+The user is prompted for the following items:
+.TP
+password
+A string at least 8 characters in length. The SHA-1 digest of the entered string is stored in the password file. See
+.IR keyring-sha1 (2).
+By default, the password for an existing entry is unchanged.
+.TP
+expiration date
+An expiration time in the format
+.IR DDMMYYYY .
+The user input is checked for valid day, month, and year; moreover, the new date must be later than the current time.
+By default, the current value, if any, is unchanged for an existing entry and one year from the current time for a new entry.
+.ig
+.TP
+free form info
+Arbitrary administrative information.
+..
+.PP
+Note that the
+password expiration date is also used as the default expiration date
+for any certificate later produced;
+see
+.IR getauthinfo (8).
+.PP
+.I Convpasswd
+converts a Third Edition
+password file
+to the
+.IR keys (6)
+file used by the current Edition of the system.
+It reads password entries from
+.IR pwfile ,
+.B /keydb/password
+by default,
+and writes corresponding entries into
+a name space served by
+.IR keyfs (4),
+mounted at
+.IR keydir ,
+.B /mnt/keys
+by default.
+It copies passwords and expiry times.
+The `free form' administrative data is discarded.
+If
+.I keydir
+already has got an entry for a user, it is left as-is, unless
+the
+.B -f
+option is given to force
+.I convpasswd
+to copy across the entry in
+.I pwfile .
+The
+.B -v
+option causes
+.I convpasswd
+to print each user name after it successfully installs it.
+.SH FILES
+.TF /keydb/keys
+.TP
+.B /keydb/keys
+.SH SOURCE
+.B /appl/cmd/auth/changelogin.b
+.SH "SEE ALSO"
+.IR passwd (1),
+.IR keyfs (4),
+.IR keysrv (4),
+.IR keys (6),
+.IR logind (8),
+.IR signer (8),
+.IR svc (8)
diff --git a/man/8/collabsrv b/man/8/collabsrv
new file mode 100644
index 00000000..43939187
--- /dev/null
+++ b/man/8/collabsrv
@@ -0,0 +1,334 @@
+.TH COLLABSRV 8
+.SH NAME
+collabsrv \- multi-user collaboration
+.SH SYNOPSIS
+.B collabsrv/collabsrv
+[
+.BI "-f " keyfile
+] [
+.BI "-n " netaddress
+] [
+.I dir
+]
+.PP
+.B collabsrv/servers/chatsrv
+.PP
+.B collabsrv/servers/mpx
+.PP
+.B collabsrv/servers/wbsrv
+.SH DESCRIPTION
+.I Collabsrv
+listens on network address
+.I netaddress
+(default:
+.BR tcp!*!9999 )
+for incoming requests to attach to services
+it offers.
+The services are defined by the contents of directory
+.IR dir
+(default:
+.BR /services/collab ).
+.I Collabsrv
+serves an authenticated Styx connection that exports the contents of
+.IB dir /export
+(default:
+.BR /services/collab/export ).
+The exported name space can contain directories from a shared file server,
+but it will also contain a directory
+.B services
+giving access to any collaborative activity services that have been configured.
+.PP
+The
+.B services
+directory contains a single
+.B ctl
+file and a set of subdirectories, numbered
+.BR 0 ,
+.BR 1
+and so on.
+The
+.B ctl
+is used to activate and access services.
+Each service instance is identified by a name;
+clients connect to a given instance by presenting its name.
+Each directory represents one instance of a service.
+Each service instance corresponds to a name space; the clients
+all share that name space.
+The name space is determined by the service.
+.PP
+A client wishing to make use of the services must first
+.IR sys-dial (2)
+to connect to
+.IR collabsrv,
+and authenticate and mount the resulting Styx connection.
+It can do so using the
+.I mount
+command
+(see
+.IR bind (1)),
+or by
+using
+.IR security-auth (2)
+and
+.B Sys->mount
+(see
+.IR sys-bind (2)).
+Normally, this is done by
+.IR collab (1).
+.PP
+A new connection to a particular service is requested by opening the
+.B ctl
+file for reading and writing,
+writing a service request to it, and reading back
+the number of the directory corresponding to the requested service.
+A service request written to
+.B ctl
+is text of the following form:
+.IP
+.DS
+.I "service id"
+.DE
+.PP
+where
+.I service
+is a string specifying the type of service (eg,
+.BR chat )
+and
+.I id
+is a string identifying the instance.
+The server does not interpret
+.IR id ;
+it is up to the clients to agree a naming convention (often
+using the name of a shared file as an
+.IR id ).
+.I Collabsrv
+will connect to instance
+.I id
+of the requested
+.I service
+type
+if one is already running, or start one if necessary;
+the write request returns an error if the service cannot be started.
+Following a successful write to
+.BR ctl ,
+a read will return the number of the service
+directory containing the client's private connection to that service instance.
+Closing the
+.B ctl
+file disconnects from the service.
+.PP
+Available services are defined by a configuration file
+.BR /services/collab/services.cfg ,
+which contains a sequence of configuration
+entries of the following form:
+.IP
+.EX
+.I service
+.br
+\f5	path=\fIdisfile\fP
+.EE
+.PP
+where
+.I service
+is the name presented in a service request, and
+.I disfile
+names a Dis file implementing that service;
+path names are interpreted relative to
+.BR /services/collab ,
+but usually refer to files in
+.BR /dis/collabsrv/servers .
+.PP
+Each
+.I collabsrv
+service is represented by a name space peculiar to that service.
+The interface to the service is therefore implemented by a service-specific Styx server
+.RI ( disfile
+in the configuration file).
+Current services are described below.
+.SS "Chat"
+.I Chatsrv
+provides a simple service for the exchange of text messages.
+It serves a name space containing two files.
+The files together represent a single messaging group:
+.TF users
+.TP
+.B users
+A read-only file that lists the user names of the current members of the group, one per line.
+The version number of the file's Qid
+(see
+.IR sys-stat (2))
+is incremented each time a client arrives or leaves.
+.TP
+.B msgs
+.RS
+A client connects to the messaging group by opening this file.
+A message is sent to the group by writing to the file.
+Each read returns the next unread message, prefixed by the name of the sender,
+or
+.B <you>
+for a message sent by the current client.
+A client sees no messages sent before it connects.
+Messages are delivered in the same order to all clients; clients receive their own messages.
+Two special messages are generated by the server:
+.IP
+.EX
++++ \fIname\fP has arrived
+--- \fIname\fP has left
+.EE
+.PP
+as clients come and go.
+.RE
+.SS "Multiplexor"
+.I Mpx
+offers a general fan-out/fan-in multiplexing service for a tree of processes,
+with one controlling or root process at the root of the tree,
+and a set of client processes at the leaves of the tree.
+It serves three files:
+.TF users
+.TP
+.B root
+An exclusive-use file read and written by the root process
+to communicate with the leaf processes.
+.TP
+.B leaf
+Client processes read and write this file to communicate with the
+root process (each
+.B open
+of
+.B leaf
+is independent).
+It cannot be opened until a process has opened
+.BR root .
+After
+.B root
+has been closed, and any remaining messages on
+.B leaf
+have been read,
+subsequent reads will return zero bytes (end-of-file).
+.TP
+.B users
+A read-only text file that lists the user names of processes that currently have
+.B leaf
+open.
+There is one line per leaf, containing a unique numeric ID for the leaf, a space, and then the users's name.
+.PP
+A message written to
+.B root
+is replicated on all instances of
+.B leaf
+that are currently open.
+A message written to any instance of
+.B leaf
+will be read by the process reading
+.BR root .
+Data written to both
+.B root
+and
+.B leaf
+has a prefix added to identify the sender, causing messages
+to have the following format:
+.IP
+.EX
+.I "seq clientid op name data"
+.EE
+.PP
+where
+.I seq
+is a unique message sequence number;
+.I clientid
+is a unique number identifying the process amongst currently connected clients,
+with 0 identifying the root process;
+.I op
+is a single character giving the message type (see below);
+.I name
+is the sending process's user name; and
+.I data
+is the data written by the process, which can be text or binary (the message header is always text).
+.I Mpx
+also generates messages as root and leaf processes arrive and leave.
+These are identified by
+.IR op .
+The various
+.I op
+values and the direction in which they can occur are listed below:
+.TP
+.B a
+New leaf process has arrived (leaf to root)
+.TP
+.B M
+Message from root process (root to leaf)
+.TP
+.B m
+Message from leaf process (leaf to root)
+.TP
+.B L
+Root process has left (root to leaf)
+.TP
+.B l
+Leaf process has left (leaf to root)
+.PP
+Messages are only ever sent from the root to all leaves, or from a leaf to the root,
+never from leaf to leaf; the root process could of course rebroadcast a message from a leaf.
+The multiplexor service is used to implement
+a real-time poll
+(see
+.B poll
+and
+.B poller
+in
+.IR collab-clients (1)),
+but could be used for several other services, such as auctions.
+.SS "Whiteboard"
+.I Wbsrv
+offers a service for sharing a simple line drawing.
+It serves two files:
+.TP
+.B wb.bit
+A read-only file containing an uncompressed
+.IR image (6)
+with the current state of the drawing.
+.TP
+.B strokes
+This file is read and written to exchange strokes with other clients.
+A stroke has the following representation:
+.RS
+.IP
+.IR "colour width x0 y0 x1 y1 " ...
+.PP
+where all values are space-separated decimal numbers:
+.I colour
+is an index into the
+.IR rgbv (6)
+colour map;
+.I width
+is the width of the line in pixels, and
+the sequence of coordinate pairs defines the connected line segments to draw.
+A stroke is transmitted from one client to all others by writing a stroke description to the file in a single write.
+Each read returns a description of a stroke made by another client.
+.RE
+.PP
+A whiteboard client should read the
+.B wb.bit
+file to obtain its image, then read the
+.B strokes
+file for instructions to keep it up to date.
+.SH FILES
+.TF /services/collab/export/services
+.TP
+.B /services/collab/export/services
+active service directory
+.TP
+.B /services/collab/services.cfg
+maps service names to modules
+.TP
+.B /dis/collabsrv/servers
+service implementation modules
+.SH SOURCE
+.B /appl/collabsrv
+.br
+.B /appl/collabsrv/servers
+.br
+.B /appl/collabsrv/lib
+.SH SEE ALSO
+.IR collab (1),
+.IR collab-clients (1)
diff --git a/man/8/create b/man/8/create
new file mode 100644
index 00000000..7615d481
--- /dev/null
+++ b/man/8/create
@@ -0,0 +1,204 @@
+.TH CREATE 8
+.SH NAME
+create, inst, info \- archive or update a file system
+.SH SYNOPSIS
+.B install/create
+.RB [ -u ]
+.RB [ -U ]
+.RB [ -v ]
+.RB [ -x ]
+.RB [ -o ]
+.RB [ -p
+.IR proto ]
+.RB [ -r
+.IR root ]
+.RB [ -s
+.IR source ]
+.RB [ -N
+.IR uid ]
+.RB [ -G
+.IR gid ]
+.RB [ -d
+.IR description ]
+.I name
+.PP
+.B install/inst
+.RB [ -c ]
+.RB [ -h ]
+.RB [ -t ]
+.RB [ -u ]
+.RB [ -v ]
+.RB [ -F ]
+.RB [ -r
+.IR root ]
+.I name
+.RI [ prefix
+.IR ... ]
+.PP
+.B install/info
+.RB [ -r ]
+.I package
+.SH DESCRIPTION
+.I Create
+copies files from the file tree
+.I source
+(default
+.BR / )
+to an output file in archive format appropriate for a software distribution. The name of the output
+file is the time that the archive was made. The latter includes wrap headers that describe
+the distribution.
+.I Name
+is typically the name of the product or software package. The
+.B -p
+option specifies the prototype file
+.I proto
+to use to build the archive.
+.PP
+Each line of the
+.I proto
+file specifies a file to copy.
+Indentation is significant,
+with each level of indentation corresponding to a level in the file tree.
+Fields within a line are separated by white space.
+The first field is the last path element in the destination file tree.
+The second field specifies the permissions.
+The third field is the owner of the file,
+and the fourth is the group owning the file.
+The fifth field is the name of the file from which to copy;
+this file is read from the current name space,
+not the source file tree.
+All fields except the first are optional.
+.PP
+Names beginning with a
+.L $
+are expanded as environment variables.
+If the first file specified in a directory is
+.LR * ,
+all of the files in that directory are copied.
+If the first file is
+.LR % ,
+all of the non-directory files in that directory are copied.
+If the first file is
+.LR + ,
+all of the files are copied, and all subdirectories
+are recursively copied.
+.PP
+Files in the source tree that are not specified in the
+.I proto
+file
+are not placed in the archive.
+.PP
+The remaining options to
+.I create
+are:
+.TP 10
+.B -u
+Build an update distribution rather than a base distribution. In this case 
+.I name
+should be the name of the previous archive file built for this product. Only files
+that are out of date with respect to the latter are included in the archive. Files which
+no longer exist will be marked for removal.
+.TP
+.B -U
+Build an update package distribution instead. This is a hybrid of a base
+distribution and an update distribution.
+.TP
+.B -v
+Print out the files as they go into the archive.
+.TP
+.B -x
+Print out the files that would go into the archive but do not actually archive them.
+.TP
+.B -o
+Copy the archive file to the standard output rather than putting it in a date stamped output file.
+.TP
+.B -r root
+Specifies the location of any previous archives for this product.
+.TP
+.B -N uid
+Give all the files in the archive the user id specified.
+.TP
+.B -G gid
+Give all the files in the archive the group id specified,
+.TP
+.B -d description
+Give a description of the distribution. This is placed in the wrap header files.
+.PD
+.PP
+.I Inst
+installs archive files made by
+.I create .
+.I Name
+is the name of the archive file to install. Any further names after this are treated as path
+prefixes and only files in the archive that have one of the given prefixes are actually installed.
+The option to
+.I inst
+are :
+.TP 10
+.B -c
+Carry on regardless when errors occur. The default behaviour is to exit on encountering an error.
+.TP
+.B -h
+Only print the names of the files in the archive.
+.TP
+.B -t
+Give each installed file the same date stamp as indicated by that file's entry in the archive.
+.TP
+.B -u
+Give each installed file the same date stamp, user id and group id as shown in the archive.
+.TP
+.B -v
+Print out the names of directories as they are installed.
+.TP
+.B -F
+Force the installation of the files in the archive even when the corresponding local file
+has apparently been locally updated or already exists.
+.TP
+.B -r root
+Specifies the root of destination tree where the files will be copied to.
+.PD
+.PP
+.I Info
+prints information about either a specific file produced by
+.I create
+or about all files making up a package in the
+.B /wrap
+tree. In particular base packages,
+full updates and partial updates are distinguished. The 
+.B -r
+option
+specifies the the root of the tree to look in. This defaults to
+.BR / .
+.SH EXAMPLES
+.PP
+Make an archive to establish a new base package for an Inferno distribution:
+.IP
+.EX
+install/create -o -N inferno -G inf -d InfernoOS -p PROTO Inferno.1.0 > inferno.arch
+.EE
+.PP
+Here the name of the product is Inferno.1.0.
+.PP
+Install that archive on another machine:
+.IP
+.EX
+install/inst -r / inferno.arch
+.EE
+.PP
+Here the product is placed in / with the user and group ids being set to those of the
+person doing the installation.
+.SH SOURCE
+.B /appl/cmd/install/arch.b
+.br
+.B /appl/cmd/install/create.b
+.br
+.B /appl/cmd/install/info.b
+.br
+.B /appl/cmd/install/inst.b
+.br
+.B /appl/cmd/install/proto.b
+.br
+.B /appl/cmd/install/wrap.b
+.SH "SEE ALSO"
+.IR archfs (4)
+
diff --git a/man/8/createsignerkey b/man/8/createsignerkey
new file mode 100644
index 00000000..b40a0f46
--- /dev/null
+++ b/man/8/createsignerkey
@@ -0,0 +1,67 @@
+.TH CREATESIGNERKEY 8
+.SH NAME
+createsignerkey \- create signer key on authentication server
+.SH SYNOPSIS
+.B auth/createsignerkey
+[
+.BI -a " alg"
+] [
+.BI -f " keyfile"
+] [
+.BI -e " expiry"
+] [
+.BI -b " bitsize"
+]
+.I name
+.SH DESCRIPTION
+.I Createsignerkey
+creates public and private keys that are used by a server acting as `signer' to generate certificates for users.
+.I Name
+appears as signer in each certificate.
+The
+.I expiry
+date has the form
+.IR ddmmyyyy ,
+is converted to seconds since the epoch
+(see
+.IR daytime (2))
+and stored in the
+.IR keyfile ;
+by default the server's certificate never expires.
+.PP
+The key will be
+.I bitsize
+long (default: 512 bits) with a minimum of 32 bits and a maximum of 4096 bits.
+.I Keyfile
+is the file in which the server stores its keys;
+the default is
+.BR /keydb/signerkey ,
+and many authentication programs such as
+.IR logind (8)
+by default expect to find their server key there.
+Creating a signer's default key afresh typically invalidates all certificates previously issued by that signer,
+because their signatures will not verify.
+The mode of the
+.I keyfile
+should be set to be readable only by the user running
+those programs.
+.PP
+The
+.B -a
+option specifies the signature algorithm.
+Currently
+.I alg
+can be either
+.B elgamal
+or
+.BR rsa .
+RSA keys are now used by default.
+.SH FILES
+.B /keydb/signerkey
+.SH SOURCE
+.B /appl/cmd/auth/createsignerkey.b
+.SH SEE ALSO
+.IR security-auth (2),
+.IR keyring-gensk (2),
+.IR logind (8),
+.IR signer (8)
diff --git a/man/8/cs b/man/8/cs
new file mode 100644
index 00000000..dbd12c0f
--- /dev/null
+++ b/man/8/cs
@@ -0,0 +1,242 @@
+.TH CS 8
+.SH NAME
+cs, csquery \- connection server
+.SH SYNOPSYS
+.B ndb/cs
+[
+.BI -f " database"
+] [
+.B -v
+] [
+.BI -x " net"
+]
+.PP
+.B ndb/csquery
+[
+.B -x
+.I net
+] [
+.B -s
+.I server
+] [
+.I address
+\&... ]
+.SH DESCRIPTION
+.I Cs
+spawns a process that
+serves a single file
+.BR /net/cs ,
+in the current name space,
+answering requests by client processes
+to translate symbolic network and service names into
+instructions for connecting to the given service.
+It is normally accessed indirectly by calls to
+.IR sys-dial (2).
+.PP
+The network data is taken from the network database files,
+described in
+.IR ndb (6).
+By default, it is
+.B /lib/ndb/local
+but the
+.B -f
+option can specify a different one.
+.PP
+Each write to
+.B /net/cs
+makes a query, expressed in one of two forms.
+The first form is a network address of the same form
+as the
+.I addr
+parameter to
+.IR dial :
+.IB network ! netaddr ! service
+where
+.I service
+and
+.I network
+are optional.
+The write returns an error if the address cannot be translated.
+Otherwise, the file offset should be reset to 0 using
+.IR sys-seek (2)
+and each subsequent read will return either
+end-of-file (if there are no further translations),
+or a single line containing a translation of the form:
+.IP
+.BI /net/ proto /clone " address" ! port
+.PP
+The first field is the name of the
+.I clone
+file for a network protocol or interface.
+To make a connection or announce a service, open that file, and write the
+text in the second field
+preceded by
+.B connect
+or
+.B announce
+as required.
+(All this activity is normally encapsulated in a call to
+.IR sys-dial (2)).
+.I Cs
+produces a translation for each network and for each network address on which a symbolic
+.I netaddr
+is found.
+When announcing a service,
+.I netaddr
+can be
+.B *
+to represent any local interface, and the resulting recipes read
+from
+.B /net/cs
+will not include an
+.IB address !
+part.
+.PP
+.I Cs
+interprets a
+.I netaddr
+of the form
+.BI $ server
+specially: it looks for an attribute
+.I server
+in the database in the entry for the current host, then in the entry for
+each network that contains it (if specified), and finally in a site-wide
+entry labelled with the attribute
+.BR infernosite .
+If found, the value of the attribute replaces the
+.I netaddr
+before further translation.
+.PP
+In the second form of query, the text written contains space-separated attribute/value pairs:
+.IP
+.IB attr1 = val1
+[
+.IB attr2 = val2
+\& ...
+]
+.PP
+.I Cs
+looks for an
+.IR ndb (6)
+entry that contains attribute/value pairs matching those in the query.
+Any value but
+.I val1
+may be
+.RB ` * ',
+to signify that the entry must contain the given attribute but with any value.
+As before, the write returns an error if no entry matches.
+Otherwise, each subsequent read returns the whole of the next matching entry, in
+.IR ndb (6)
+form.
+.PP
+The file
+.B /net/cs
+persists until it is removed or unmounted from
+.BR /net ,
+or the
+.I cs
+process is killed
+(see
+.IR kill (1)).
+The
+.B \-v
+option causes
+.I cs
+to print each translation request and results (if any) on standard error.
+The
+.B -x
+option gives an alternative mount point for
+.IR cs ,
+when there is more than one network stack
+(see
+.IR ip (3)).
+It causes it
+.I cs
+to serve
+.IB net /cs
+instead of
+.BR /net/cs .
+.PP
+.I Cs
+is normally started  once,
+after
+.IR dns (8)
+if used, but
+before most other applications including
+the various listeners described in
+.IR svc (8).
+If another instance of
+.IR cs (8)
+is started on the same mount point, the file it serves replaces the
+earlier one if permissions allow.
+(On Plan 9, Plan 9's native connection service will be used by default if Inferno's
+.I cs
+is not started.)
+.PP
+.I Csquery
+queries the given
+.I server
+(default:
+.BR /net/cs )
+for a translation of each
+.I address
+and prints the results, one per line.
+If no
+.I address
+is given,
+.I csquery
+prompts for address(es) to translate which it reads from the standard input,
+printing the results of each translation on the standard output.
+The
+.B -x
+option gives an alternative mount point for
+.IR cs ,
+when there is more than one network stack
+(see
+.IR ip (3)).
+.PP
+.IR Cs (8)
+uses
+.IR services (6)
+to map protocol and service names to Internet port numbers.
+Finally, if all else fails, it applies the built-in
+.IR srv (2),
+if available.
+Consequently, entries in
+.IR services (6)
+and
+.IR dns (6)
+take precedence over the host's system-wide configuration.
+(This is helpful for adding symbolic names for Inferno services
+without requiring administrative privileges on the host system.)
+.SH EXAMPLE
+Check the translation of the symbolic name
+.BR $signer :
+.IP
+.EX
+ndb/csquery
+> net!$signer!inflogin
+/net/tcp/clone 200.1.1.67!6673
+.EE
+.SH FILES
+.TF /lib/ndb/inferno
+.TP
+.B #scs*
+service directory
+.TP
+.B /net/cs
+connection service
+.TP
+.B /net/dns
+domain name service
+.TP
+.B /lib/ndb/local
+map from symbolic service names to servers
+.SH SOURCE
+.B /appl/cmd/ndb/cs.b
+.br
+.B /appl/cmd/ndb/csquery.b
+.SH "SEE ALSO"
+.IR sys-dial (2),
+.IR db (6),
+.IR dns (8)
diff --git a/man/8/dhcp b/man/8/dhcp
new file mode 100644
index 00000000..ee64935f
--- /dev/null
+++ b/man/8/dhcp
@@ -0,0 +1,117 @@
+.TH DHCP 8
+.SH NAME
+dhcp \- configure network interface details using DHCP
+.SH SYNOPSIS
+.B ip/dhcp
+[
+.B -bdmpr
+] [
+.BI -g " gateway"
+] [
+.BI -h " hostname"
+] [
+.BI -x " net
+]
+.I ifcdir
+[
+.I localip
+[
+.I localmask
+]]
+.SH DESCRIPTION
+.I Dhcp
+uses the Dynamic Host Configuration Protocol (DHCP) to configure the
+.IR ip (3)
+interface represented by
+.I ifcdir
+(eg,
+.BR /net/ipifc/1 ).
+The interface must have a device already bound to it.
+.I Dhcp
+uses the MAC address of that device in its requests.
+.PP
+.I Dhcp
+broadcasts a DHCP request for an address and various network parameters.
+It takes the first acceptable offer, sets the interface to that address, and writes the address and
+parameter values, in
+.IR ndb (6)
+format, to
+.BR /net/ndb ,
+where
+.IR cs (8),
+.IR dns (8)
+and others will find them.
+If the address is provided with a limited lease,
+.I dhcp
+itself returns, but it leaves
+a process in the background that periodically renews the lease (or requests a new address if the lease is not renewed).
+.PP
+If
+.I localip
+is given,
+.I dhcp
+attempts to reacquire that address.
+If successful, it configures the interface with that address (and mask if supplied),
+maintaining any lease as before.
+If it cannot reacquire the address, it broadcasts a request for a new address, as above.
+.PP
+The options are:
+.TP
+.B -b
+Use plain BOOTP without the DHCP options
+.TP
+.B -d
+Enable debugging output on standard output
+.TP
+.BI -g " gateway"
+Suggest
+.I gateway
+as the default gateway (the server might change it)
+.TP
+.BI -h " hostname"
+Use
+.I hostname
+as the current host's name in DHCP messages
+.TP
+.B -m
+Monitor the DHCP status and print a summary on standard output whenever it changes
+.TP
+.B -n
+Do not configure the interface
+.TP
+.B -p
+Print the resulting configuration on standard output
+.TP
+.B -r
+Retry DHCP periodically until it succeeds
+.TP
+.BI -x " net"
+Use mount point
+.I net
+to access the network,
+and write the results to
+.IB net /ndb
+(default:
+.BR /net )
+.PD
+.SH EXAMPLE
+Allocate a new interface, bind an ether device to it, and configure it with
+.IR dhcp :
+.IP
+.EX
+x=`{cat /net/ipifc/clone}
+echo bind ether /net/ether0 >/net/ipifc/$x/ctl &&
+ip/dhcp /net/ipifc/$x
+.EE
+.SH SOURCE
+.B /appl/cmd/ip/dhcp.b
+.SH SEE ALSO
+.IR ip (3),
+.IR ndb (6),
+.IR cs (8),
+.IR dns (8)
+.SH DIAGNOSTICS
+.I Dhcp
+returns an error status if it receives no acceptable reply, unless the
+.B -r
+option is given to force retries.
diff --git a/man/8/dns b/man/8/dns
new file mode 100644
index 00000000..a64a0172
--- /dev/null
+++ b/man/8/dns
@@ -0,0 +1,156 @@
+.TH DNS 8
+.SH NAME
+dns, dnsquery \- domain name service
+.SH SYNOPSIS
+.B ndb/dns
+[
+.BI -f " dnsfile"
+] [
+.B -h
+] [
+.B -r
+] [
+.BI -x " net"
+]
+.PP
+.B ndb/dnsquery
+[
+.BI -x " net"
+] [
+.I "address ..."
+]
+.SH DESCRIPTION
+.I Dns
+is an Internet Domain Name Service (DNS) resolver.
+By default it serves a file
+.BR /net/dns ,
+that clients such as
+.IR cs (8)
+write and read to retrieve network data associated with domain names and Internet addresses.
+The
+.B -f
+option specifies the network database that contains the local DNS data (default:
+.BR /lib/ndb/local ).
+The
+.B -x
+option specifies an alternative mount point for the network (default:
+.BR /net ).
+When Inferno is running hosted,
+.I dns
+normally uses the host's own DNS resolver first (via
+.IR srv (2)),
+before searching the DNS itself; that way domain names can be
+used in Inferno with minimal configuration.
+The
+.B -h
+option stops
+.I dns
+from using the host data.
+In the absence of local data, by default
+.I dns
+consults the external DNS directly using some bootstrap data, but if
+.B -r
+is specified and local resolvers are given in the configuration file,
+.IR dns (6),
+.I dns
+will query them first for all addresses, before resorting to external DNS servers.
+.PP
+.I Dnsquery
+queries the given
+.I server
+(default:
+.BR /net/cs )
+for a translation of each
+.I address
+and prints the results, one per line.
+If no
+.I address
+is given,
+.I dnsquery
+prompts for something to find in the DNS, one per line on the standard input,
+of the form:
+.IP
+.EX
+.IR "name" " [" attribute "]"
+.EE
+.PP
+where
+.I name
+is the label of something in the DNS, and
+.I attribute
+is one of its attributes from the list below:
+.TF hinfox
+.TP
+.B all
+all data currently known locally for
+.I name
+.TP
+cname
+name for which
+.I name
+is an alias
+.TP
+hinfo
+host and operating system type
+.TP
+.B ip
+for an IP address when
+.I name
+is a domain name
+.TP
+.B mx
+mail exchanger
+.TP
+.B ns
+for a list of name servers
+.TP
+.B ptr
+for the domain name when
+.I name
+is an Internet address
+.TP
+.B soa
+statement-of-authority
+.PD
+.PP
+.I Dnsquery
+queries the
+.I server
+for that name/attribute combination and prints the results, one per line.
+If an
+.I attribute
+is not given,
+.I dnsquery
+uses
+.B ip
+if
+.I name
+looks like a domain name,
+and
+.B ptr
+if it looks like an Internet address.
+.SH FILES
+.TF /lib/ndb/local
+.TP
+.B #sdns*
+service directory
+.TP
+.B /net/dns
+domain name service
+.TP
+.B /lib/ndb/local
+network database
+.TP
+.B /lib/ndb/dns
+DNS bootstrap data
+.SH SOURCE
+.B /appl/cmd/ndb/dns.b
+.br
+.B /appl/cmd/ndb/dnsquery.b
+.SH "SEE ALSO"
+.IR dns (6),
+.IR cs (8)
+.SH BUGS
+.I Dns
+does not yet offer an external DNS server, mainly
+for lack of a suitable database for local zone data.
diff --git a/man/8/fpgaload b/man/8/fpgaload
new file mode 100644
index 00000000..c6cf440a
--- /dev/null
+++ b/man/8/fpgaload
@@ -0,0 +1,24 @@
+.TH FPGALOAD 8
+.SH NAME
+fpgaload \- configure FPGA
+.SH SYNOPSIS
+.B auxi/fpgaload
+[
+.BI -c " clk"
+]
+.I file.rbf
+.SH DESCRIPTION
+.I Fpgaload
+configures the directly-attached Altera Flex6000 FPGA on the Bright Star Engineering ip-Engine.
+It enables the FPGA and output of the external system clocks, then loads the FPGA with the contents of
+.IR file.rbf
+which should be in the `raw binary format' produced for example by the Altera tools.
+After successful configuration, the BCLK is set to
+.I clk
+MHz;
+.I clk
+must be a divisor of the ip-Engine's system clock (currently 48 MHz).
+.SH SOURCE
+.B /appl/cmd/auxi/fpgaload.b
+.SH SEE ALSO
+.IR fpga (3)
diff --git a/man/8/ftl b/man/8/ftl
new file mode 100644
index 00000000..dad34bc9
--- /dev/null
+++ b/man/8/ftl
@@ -0,0 +1,63 @@
+.TH FTL 8
+.SH NAME
+ftl \- Flash Translation Layer formatter
+.SH SYNOPSIS
+.B disk/ftl
+.I flashsize
+.I secsize
+.I kfsfile
+.I output
+.SH DESCRIPTION
+.I Ftl
+reads a file system image in
+.IR kfs (3)
+format from
+.I kfsfile
+and adds the data structures needed to make it a valid image for
+the Flash Translation Layer driver
+.IR ftl (3).
+The result is written to the
+.I output
+file, which can be copied to initialise the
+flash memory of a suitable device
+(see
+.IR flash (3)).
+.PP
+The other arguments describe the characteristics of the flash memory:
+.TF \fIflashsize\fP
+.PD
+.TP
+.I flashsize
+The size in bytes of the flash memory to which
+.I output
+will be copied; exactly
+.I flashsize
+bytes will be written to
+.IR output .
+.TP
+.I secsize
+The effective erase unit (sector) size in bytes of the flash memory, as seen
+by the processor, having
+allowed for bus width.
+For example, a bank of flash
+formed from byte-wide flash chips, each with 16kbyte sectors,
+wired across a 4 byte bus, might have an effective erase unit size of
+64kbytes.
+.PP
+The
+.I kfsfile
+must not be larger than the size (length) of the
+.B ftldata
+file provided by
+.IR ftl (3)
+for the target flash device or partition.
+(That size is invariably less than the size of the raw flash,
+owing to the overhead of FTL data structures
+and a reserve pool of 5% to reduce the number of erase cycles; see
+.IR ftl (3)).
+.SH SOURCE
+.B /appl/cmd/disk/ftl.b
+.SH SEE ALSO
+.IR flash (3),
+.IR ftl (3),
+.IR kfs (3)
diff --git a/man/8/getauthinfo b/man/8/getauthinfo
new file mode 100644
index 00000000..3e8bd56f
--- /dev/null
+++ b/man/8/getauthinfo
@@ -0,0 +1,127 @@
+.TH GETAUTHINFO 8
+.SH NAME
+getauthinfo \- obtain a certificate for authentication
+.SH SYNOPSIS
+.BI getauthinfo " keyname"
+.PP
+.B wm/getauthinfo
+.SH DESCRIPTION
+.I Getauthinfo
+makes contact with
+.IR logind (8)
+on a `signer', or certifying authority, with which the user
+has previously been registered using
+.IR changelogin (8),
+to obtain a certificate that
+can later be presented to other Inferno services to authenticate the user.
+If
+.I keyname
+starts with a `/', the certificate is stored there; otherwise, it is stored in the file
+.BI /usr/ user /keyring/ keyname,
+where
+.I user
+is the name in
+.B /dev/user
+(see
+.IR cons (3)).
+The directory
+.BI /usr/ user /keyring
+must exist.
+.PP
+The user is prompted for the following:
+.TP
+signer
+The name of the signing server, for example
+.BR signer.froop.com .
+The default is the default signer for the site:
+the value of
+.B SIGNER
+in the local network configuration database
+(see
+.IR ndb (6)).
+.TP
+remote user name
+The name of the user for whom a certificate is to be obtained. The default is the current user name in
+.BR /dev/user .
+.TP
+password
+The user's password. The password entered on the client must match the password
+previously stored on the server using
+.IR changelogin (8),
+or a certificate will be refused.
+.TP
+save in file?
+The default is `no'. If the user responds `yes', the certificate is written directly to the file.
+Otherwise,
+.I getauthinfo
+becomes a file server, serving
+a secure temporary file bound over
+the file name above (because that is where applications look for it).
+The temporary will disappear if the name is unmounted, or Inferno is rebooted.
+.PP
+Note that the certificate will expire at or before expiry of the password entry
+on the signer.
+.PP
+The signer needs its own key to endorse the certificates that it gives to clients.
+If a user requests a certificate with
+.IR getauthinfo (8)
+before the signer's key is created on the signer (eg,
+using
+.IR createsignerkey (8)),
+then the request will be rejected with a suitable diagnostic
+by
+.IR logind (8).
+.SS "File servers"
+.PP
+Machines that will be file servers must obtain a certificate and save the certificate in a key file named
+.BR default ,
+thus:
+.IP
+.B "getauthinfo default"
+.PP
+The user invoking
+.I getauthinfo
+must be the same user who later runs
+.IR svc (8)
+to start the machine's services.
+.SS "File server clients"
+Machines that wish to be authenticated clients of file servers must obtain a certificate and store the certificate in a file named
+.IB net ! machine.
+The file name must match exactly the
+server address given to
+.I mount
+(see
+.IR bind (1)).
+To set the key, use
+.IP
+.BI getauthinfo " net" ! host
+.SS Window system interface
+.I Getauthinfo
+has a visual counterpart
+.B wm/getauthinfo
+for use under
+.IR wm (1).
+It takes no arguments.
+It displays a window prompting for all the information it needs,
+and offering apparently sensible defaults.
+Apart from the different interface, its function is otherwise
+the same as the command line version.
+.SH FILES
+.TF /usr/username/keyring/net!machine
+.TP
+.BI /usr/ user /keyring/ net ! machine
+where a certificate is stored on a client machine
+.TP
+.BI /usr/ user /keyring/default
+where a certificate is stored on a file server
+.TP
+.B /lib/ndb/local
+contains the default host name of the signer
+.SH SOURCE
+.B /appl/cmd/getauthinfo.b
+.br
+.B /appl/wm/getauthinfo.b
+.SH "SEE ALSO"
+.IR bind (1),
+.IR changelogin (8),
+.IR createsignerkey (8)
diff --git a/man/8/httpd b/man/8/httpd
new file mode 100644
index 00000000..414bb304
--- /dev/null
+++ b/man/8/httpd
@@ -0,0 +1,112 @@
+.TH HTTPD 8
+.SH NAME
+httpd, echo, stats \- HTTP server
+.SH SYNOPSIS
+.B svc/httpd/httpd
+[
+.BI -c cachesize
+] [
+.B -D
+] [
+.BI -p port
+]
+.PP
+.BI svc/httpd/echo " meth vers uri search"
+.PP
+.BI svc/httpd/stats " meth vers uri search"
+.SH DESCRIPTION
+.I Httpd
+is a simple HTTP daemon, serving version 1.0 of the HTTP protocol.
+It listens for incoming calls on a given TCP/IP
+.I port
+(default: 80).
+It serves content rooted at
+.L /services/httpd/root
+in its name space.
+.PP
+The
+.I httpd
+program supports only the
+.L GET
+and
+.L HEAD
+methods of the HTTP protocol. The
+.L Content-type
+(default
+.LR application/octet-stream )
+and
+.L Content-encoding
+(default
+.LR binary )
+of a file are determined by looking for suffixes of the file name in
+.BR /services/http/http.suff .
+.PP
+If the requested URI begins with
+.BR /magic/ ,
+.I httpd
+loads the module associated with the remaining part of the URI.
+Take care to configure the name space sensibly.
+Simple servers
+.I echo
+and
+.I stats
+are provided (see below).
+.PP
+.I Httpd
+has the following options:
+.TP
+.BI -c cachesize
+Set the size of the daemon's cache to
+.I cachesize
+kilobytes. The default is a five megabyte cache.
+.TP
+.B -D
+Debugging information is written to the file
+.BR /services/httpd/httpd.debug .
+.TP
+.BI -p port
+Listen for requests on the given
+.IR port .
+.PP
+.I Echo
+is a trivial server that just returns the method, URI, any search, and the headers sent by the client.
+.PP
+.I Stats
+is an equally simple server that queries the cache and returns information to the user about pages stored in the cache.
+.PP
+More complex services can be written to
+.IR httpd 's
+private interface.
+The file
+.B httpd.m
+(in
+.BR /appl/svc/httpd )
+defines constants and adts used by
+.IR httpd .
+The file
+.B cgi.m
+defines the
+module
+.L Cgi
+which is the interface for programs called using the URI
+.BR /magic/ .
+.SH FILES
+.TF "/services/httpd/httpd.rewrite  "
+.TP
+.B /services/httpd/root
+Root of the served web content.
+.TP
+.B /services/httpd/httpd.debug
+Logfile for debugging information.
+.TP
+.B /services/httpd/httpd.log
+.I httpd
+logfile.
+.TP
+.B /services/httpd/httpd.rewrite
+File to redirect specific URI requests.
+.TP
+.B /services/httpd/httpd.suff
+File of recognizable suffixes and their content type.
+.SH SOURCE
+.B /appl/svc/httpd
diff --git a/man/8/init b/man/8/init
new file mode 100644
index 00000000..d39aa348
--- /dev/null
+++ b/man/8/init
@@ -0,0 +1,99 @@
+.TH INIT 8
+.SH NAME
+init: emuinit, osinit \- Inferno initialisation
+.SH SYNOPSIS
+.EX
+Init: module
+{
+	init: fn();
+};
+.EE
+.PP
+.B /dis/emuinit.dis
+.PP
+.B #/./osinit.dis
+.SH DESCRIPTION
+Both
+.IR emu (1)
+and the native kernels run a Dis program to initialise the system.
+.PP
+.I Emuinit
+is the default initialisation
+program for
+.IR emu (1).
+.I Emu
+sets the environment variable
+(see
+.IR env (3))
+.B /env/emuargs
+to the command line originally given to
+.IR emu ,
+which has the following form:
+.IP
+.B emu
+.RB [ \-d ]
+[
+.I command
+.RI [ " arg ..." ]
+]
+.PP
+.I Emuinit
+uses the value of
+.B emuargs
+to decide which command to start and its arguments.
+The default
+.I command
+is
+.BR /dis/sh.dis ,
+unless the
+.B \-d
+option is given, in which case
+.B /dis/lib/srv.dis
+is used by default instead, to cause
+.I emu
+to run on the host system as a server (`daemon' mode).
+.PP
+.I Osinit
+is built-in to the
+.IR root (3)
+of native kernels.
+Although the kernel uses the fixed name
+.B #/./osinit.dis
+the contents are taken from one of the files in
+.B /os/init
+selected by the
+.B init
+section of the kernel configuration file.
+.IR Osinit 's
+action is platform-specific in detail, but might include:
+building an initial
+.B /dev
+by mounting device drivers;
+binding the physical network driver (eg,
+.IR ether (3))
+into
+.B /net
+and initialising
+.IR ip (3),
+usually setting addresses and routes using
+.BR bootp ;
+attaching to a remote file system;
+setting up flash translation using
+.IR ftl (3);
+starting
+.I dossrv
+or
+.I 9660srv
+(see
+.IR dossrv (4)),
+or
+.IR kfs (3)
+to serve local files from disk or flash memory.
+.SH FILES
+.B /env/emuargs
+.SH SOURCE
+.B /appl/cmd/emuinit.b
+.br
+.B /os/init/*.b
+.SH SEE ALSO
+.IR emu (1)
diff --git a/man/8/kfscmd b/man/8/kfscmd
new file mode 100644
index 00000000..50756164
--- /dev/null
+++ b/man/8/kfscmd
@@ -0,0 +1,142 @@
+.TH KFSCMD 8
+.SH NAME
+kfscmd \- kfs administration
+.SH SYNOPSIS
+.B disk/kfscmd
+.RB [ -n
+.IR name ]
+.IR cmd " ..."
+.SH DESCRIPTION
+.I Kfscmd
+issues commands to a
+.IR kfs (4)
+server that was started with the
+.B -n
+option to create a control file.
+.IR Kfscmd 's
+own
+.B -n
+option names the file system to which the
+.I cmd
+applies; it is
+.B main
+by default.
+.PP
+The known commands are described below.
+Note that some commands are multiple words (eg,
+.B check
+and its flags) and
+should be quoted to appear as a single argument to
+.IR sh (1).
+.TP \w'\fLallowoff\ \fIn'u
+.B allow
+Turn permission checking off (to simplify administration).
+Equivalent to the
+.B -P
+and
+.B -W
+options to
+.IR kfs (4).
+.TP
+.B allowoff
+.PD 0
+.TP
+.B disallow
+Turn permission checking on (again).
+.PD
+.ig
+.TP
+.B halt
+write all changed blocks and stop the file system.
+.TP
+.B help
+print the list of commands.
+.TP
+.BI "rename " "file name"
+Change the name of
+.I file
+to
+.IR name .
+.TP
+.BI "newuser " user
+Add
+.I user
+to
+.B /adm/users
+and make the standard directories needed for booting.
+.TP
+.BI "remove " file
+Remove
+.I file
+and place its blocks on the free list.
+.TP
+.BI "clri " file
+Remove 
+.I file
+but do not place the blocks on the free list.
+This command can be used to remove files that have duplicated blocks.
+The non-duplicate blocks can be retrieved by checking the file system
+with option
+.B f
+(see below).
+.TP
+.BI create \ file\ owner\ group\ mode\  [adl]
+Create the file.  Owner and group are users in
+.B /adm/users
+and mode is an octal number.
+If present,
+.L a
+creates an append only file,
+.L d
+creates a directory, and
+.L l
+creates a file that is exclusive-use.
+..
+.TP
+.B sync
+write to disk all of the dirty blocks in the memory cache.
+.TP
+.B users
+Reinitialise authentication information by reading
+.BR /adm/users .
+.TP
+.B check [cdfpPqrtw]
+Check the file system and print summary information.
+The options are
+.PD 0
+.RS
+.TP
+.B c
+fix bad tags and clear the contents of the block.
+.TP
+.B d
+delete redundant references to a block.
+.TP
+.B f
+rebuild the list of free blocks.
+.TP
+.B p
+print the names of directories as they are checked.
+.TP
+.B P
+print the names of all files as they are checked.
+.TP
+.B q
+quiet mode: report errors, but suppress summary information.
+.TP
+.B r
+read all of the data blocks and check the tags.
+.TP
+.B t
+fix bad tags.
+.TP
+.B w
+write all of the blocks that are touched.
+.RE
+.PD
+.SH SOURCE
+.B /appl/cmd/disk/kfscmd.b
+.SH "SEE ALSO"
+.IR sd (3),
+.IR kfs (4),
+.IR mkfs (8)
diff --git a/man/8/logind b/man/8/logind
new file mode 100644
index 00000000..bb914be0
--- /dev/null
+++ b/man/8/logind
@@ -0,0 +1,52 @@
+.TH LOGIND 8
+.SH NAME
+logind \- login daemon
+.SH SYNOPSIS
+.B auth/logind
+.SH DESCRIPTION
+.I Logind
+is normally started by
+.IR svc (8)
+to service requests on the
+.B inflogin
+TCP/IP port,
+to provide a `signing' service (identity authentication) for a network.
+Ultimately, the client receives a certificate that can be used to establish its identity
+with any host that is willing to honour certificates from the certificate's signer.
+.PP
+The signer constructs the certificate from the contents
+of the signer's key file
+.BR /keydb/signerkey ,
+typically created by
+.IR createsignerkey (8),
+and
+the ID string and password supplied by the client (which are used to access
+.IR keyfs (4)
+to check identity).
+.PP
+The protocol involves an exchange of information between the client and server,
+as summarised in
+.IR login (6).
+The client side of this exchange can be managed by the
+.B Login
+module; see
+.IR security-login (2).
+.PP
+Client and server communicate over the Secure Socket Layer device
+.IR ssl (3).
+.SH FILES
+.TF /keydb/signerkey
+.TP
+.B /keydb/keys
+.TP
+.B /keydb/signerkey
+.SH SOURCE
+.B /appl/cmd/auth/logind.b
+.SH "SEE ALSO"
+.IR security-login (2),
+.IR ssl (3),
+.IR keyfs (4),
+.IR keys (6),
+.IR changelogin (8),
+.IR createsignerkey (8),
+.IR svc (8)
diff --git a/man/8/mangaload b/man/8/mangaload
new file mode 100644
index 00000000..5a39a876
--- /dev/null
+++ b/man/8/mangaload
@@ -0,0 +1,49 @@
+.TH MANGALOAD 8
+.SH NAME
+mangaload \- send new kernel to MANGA bootstrap
+.SH SYNOPSIS
+.B auxi/mangaload
+[
+.B -48dr
+]
+.I host
+.I image
+.SH DESCRIPTION
+.I Mangaload
+uses an ICMP protocol unique to the Peplink MANGA™ firewall to send a new kernel
+.I image
+to the MANGA bootstrap monitor to burn into flash, replacing
+the existing kernel image.
+To start the loading process, connect to the device's console on its serial port
+(38400 baud, 8 bits, no parity, 1 stop bit, no flow control),
+power the device off then on again, and when the
+.B MANGA
+prompt appears, quickly type the letter
+.BR f .
+Then run
+.I mangaload
+to load the kernel; the device should give status updates as the kernel loads,
+and as it burns the image into flash.
+When it has finished, power the device off and on again to start the new kernel.
+.PP
+By default,
+.I mangaload
+assumes a 4 Mbyte flash on the device; the
+.B -8
+option sets it to 8 Mbytes.
+The
+.B -r
+option causes the
+.I image
+to be loaded into another, larger flash region, used by Linux for its initial root,
+which can be used by Inferno for general storage.
+The
+.B -d
+option prints a trace of the protocol, for debugging.
+.SH SOURCE
+.B /appl/cmd/auxi/mangaload.b
+.br
+.B /os/manga
+.SH SEE ALSO
+.IR bootpd (8),
+.IR tftpd (8)
diff --git a/man/8/manufacture b/man/8/manufacture
new file mode 100644
index 00000000..1684de0c
--- /dev/null
+++ b/man/8/manufacture
@@ -0,0 +1,31 @@
+.TH MANUFACTURE 8 mux
+.SH NAME
+manufacture \- command to emulate set-top-box-id in ROM
+.SH SYNOPSIS
+.BI manufacture box-id
+.SH DESCRIPTION
+.I Manufacture
+initialises the file
+.B /nvfs/ID
+with the string
+.IR box-id .
+The file emulates the serial number that the manufacturer of a real set top box would
+normally burn into ROM
+(see also
+.B rtcid
+in
+.IR rtc (3)).
+The
+.I box-id
+is used by
+.IR register (8).
+.SH FILES
+.TF /nvfs/ID
+.TP
+.B /nvfs/ID
+.TP
+.B /nvfs/default
+.SH SOURCE
+.B /appl/cmd/manufacture.b
+.SH "SEE ALSO"
+.IR register (8)
diff --git a/man/8/mkfs b/man/8/mkfs
new file mode 100644
index 00000000..9c4bad8a
--- /dev/null
+++ b/man/8/mkfs
@@ -0,0 +1,181 @@
+.TH MKFS 8
+.SH NAME
+mkfs, mkext \- archive or update a file system
+.SH SYNOPSIS
+.B disk/mkfs
+.RB [ -aprvx ]
+.RB [ -n
+.IR name ]
+.RB [ -s
+.IR source ]
+.RB [ -u
+.IR users ]
+.RB [ -z
+.IR n ]
+.I proto ...
+.PP
+.B disk/mkext
+.RB [ -d
+.IR name ]
+.RB [ -u ]
+.RB [ -h ]
+.RB [ -v ]
+.I file ...
+.SH DESCRIPTION
+.I Mkfs
+copies files from the file tree
+.I source
+(default
+.BR / )
+to a
+.B kfs
+file system (see
+.IR kfs (4)).
+The kfs service is mounted on
+.BR /n/kfs ,
+and
+.BR /adm/users ,
+if it exists, is copied to
+.BR /n/kfs/adm/users .
+The
+.I proto
+files are read,
+and any files specified in them that are out of date are copied to
+.BR /n/kfs .
+See
+.IR proto (6)
+for the description of file system prototype files.
+.PP
+.I Mkfs
+copies only those files that are out of date.
+Such a file is first copied into a temporary
+file in the appropriate destination directory
+and then moved to the destination file.
+Files in the
+.I kfs
+file system that are not specified in the
+.I proto
+file
+are not updated and not removed.
+.PP
+The options to
+.I mkfs
+are:
+.TF "s source"
+.TP
+.B a
+Instead of writing to a
+.B kfs
+file system, write an archive file to standard output, suitable for
+.IR mkext .
+All files in
+.IR proto ,
+not just those out of date, are archived.
+.TP
+.B x
+For use with
+.BR -a ,
+this option writes a list of file names, dates, and sizes to standard output
+rather than producing an archive file.
+.TP
+.BI "n " name
+Use
+.RI kfs. name
+as the name of the kfs service (default
+.BR kfs ).
+.TP
+.B p
+Update the permissions of a file even if it is up to date.
+.TP
+.B r
+Copy all files.
+.TP
+.BI "s " source
+Copy from files rooted at the tree
+.IR source .
+.TP
+.BI "u " users
+Copy file
+.I users
+into
+.B /adm/users
+in the new system.
+.TP
+.B v
+Print the names of all of the files as they are copied.
+.TP
+.BI "z " n
+Copy files assuming kfs block
+.I n
+(default 1024)
+bytes long.
+If a block contains only 0-valued bytes, it is not copied.
+.PD
+.PP
+.I Mkext
+unpacks archive files made by the
+.B -a
+option of
+.IR mkfs .
+The
+.B -d
+option specifies a directory (default
+.BR /n/kfs )
+to serve as the root of the unpacked file system.
+The
+.B -u
+option, to be used only when initializing a new
+.IR kfs (4)
+file system, sets the owners of the files created to correspond to
+those in the archive and restores the modification times of the files.
+(This is only permitted at the initial load of the files into a file
+system.)
+Each file on the command line is unpacked in one pass through the archive.
+If the file is a directory,
+all files and subdirectories of that directory are also unpacked.
+When a file is unpacked, the entire path is created if it
+does not exist.
+If no files are specified, the entire archive is unpacked;
+in this case, missing intermediate directories are not created.
+The
+.B -v
+option prints the names and sizes of files as they are extracted;
+.B -h
+prints headers for the files on standard output
+instead of unpacking the files.
+.SH EXAMPLES
+.PP
+Make an archive to establish a new file system
+(assuming that the output file
+.B arch
+is not referenced by
+.BR proto ):
+.IP
+.EX
+bind '#U' /n/local
+disk/mkfs -a -u files/adm.users -s /n/local proto > arch
+.EE
+.PP
+Unpack that archive on another machine:
+.IP
+.EX
+mount tcp!server /n/remote
+disk/mkext -u -d /n/remote < arch
+.EE
+.SH FILES
+.TF /lib/proto/portproto
+.TP
+.B /lib/proto
+directory of prototype files.
+.TP
+.B /lib/proto/portproto
+generic prototype file.
+.SH SOURCE
+.B /appl/cmd/disk/mkfs.b
+.br
+.B /appl/cmd/disk/mkext.b
+.SH "SEE ALSO"
+.IR fs (1),
+.IR kfs (4),
+.IR proto (6),
+.IR kfscmd (8)
diff --git a/man/8/ping b/man/8/ping
new file mode 100644
index 00000000..441ff0f2
--- /dev/null
+++ b/man/8/ping
@@ -0,0 +1,64 @@
+.TH 8 PING
+.SH NAME
+ping \- probe the Internet
+.SH SYNOPSIS
+.B ip/ping
+.RB [ -alq ]
+[
+.BI -i " interval"
+] [
+.BI -s " size"
+] [
+.BI -n " nping"
+]
+.I destination
+.SH DESCRIPTION
+.I Ping
+sends ICMP echo requests to a network
+.I destination
+(which has the syntax accepted by
+.IR sys-dial (2)).
+The target host, if up, should send a corresponding reply.
+By default, one line is printed for each reply,
+containing the sequence number (starting at 0) of the message it answers,
+the round trip time for that reply, the average round trip time so far,
+and the `time to live' value from the reply packet.
+.PP
+The options are:
+.TP
+.B -a
+include source and destination IP addresses in the output
+.TP
+.BI -i " interval"
+send requests with the given
+.I interval
+between messages,
+in milliseconds (default: 1 second)
+.TP
+.B -l
+list only lost messages
+.TP
+.BI -n " nping"
+send
+.I nping
+messages in all (default: 32)
+.TP
+.B -q
+suppress per-packet output, giving summary data only
+.TP
+.BI -s " size"
+send request packets of the given
+.I size
+in bytes
+(default: 64, minimum 32)
+.SH SOURCE
+.B /appl/cmd/ip/ping.b
+.SH SEE ALSO
+.IR sys-dial (2),
+.IR ip (3)
+.SH DIAGNOSTICS
+.I Ping
+yields an error status if any request had no corresponding reply.
+.SH BUGS
+Works only on native Inferno and when hosted on Plan 9, owing to the lack of
+access to ICMP on other hosted systems.
diff --git a/man/8/plumber b/man/8/plumber
new file mode 100644
index 00000000..3c691991
--- /dev/null
+++ b/man/8/plumber
@@ -0,0 +1,94 @@
+.TH PLUMBER 8
+.SH NAME
+plumber \- plumber for interapplication message routing
+.SH SYNOPSIS
+.B plumber
+[
+.B -v
+] [
+.B -w
+] [
+.BI -c " wmchan"
+] [
+.I rulefile
+\&...
+]
+.SH DESCRIPTION
+.I Plumber
+provides high-level message-passing between applications.
+In a plumbed environment,
+applications can receive messages on an input port, which is given a logical name.
+Messages are not sent directly between applications but are routed via
+the plumber, following user-specified rules.
+.PP
+.I Plumber
+is typically started by
+.IR wm (1)'s
+startup script.
+It reads each
+.I rulefile
+(default:
+.BI /usr/ user /lib/plumbing )
+in turn.
+Each file has the form described in
+.IR plumbing (6);
+the rules direct the routing of each message
+.I plumber
+receives.
+.I Plumber
+then lurks in the background with its mate,
+awaiting plumbing requests sent by
+.IR plumbmsg (2),
+by windowing applications in response to events such as button clicks or drag-and-drop,
+or by
+.IR plumb (1).
+.PP
+When a message arrives,
+.I plumber
+applies the rules to decide how to route it.
+It forwards the message to the selected application's input port, starting it if necessary.
+If no rule applies (or some other error occurs),
+.I plumber
+returns an error to the message's sender.
+The
+.B -v
+option causes
+.I plumber
+to log the contents of messages it receives, to help debug plumbing rules and applications.
+.PP
+.I Plumber
+normally starts applications directly.
+For use on devices that have specialised
+window managers, not
+.IR wm (1),
+the
+.B -w
+option causes
+.I plumber
+to start applications indirectly, by sending a message to
+a window manager listening on
+.BR /chan/wm ,
+allowing
+the window manager to track every application started.
+The
+.B -c
+option can select an alternative
+.I wmchan
+to
+.BR /chan/wm .
+
+.SH FILES
+.TF /usr/user/lib/plumbing
+.TP
+.BI /usr/ user /lib/plumbing
+default plumbing rules for
+.I user
+.SH SOURCE
+.B /appl/cmd/plumber.b
+.br
+.B /appl/lib/plumbing.b
+.SH SEE ALSO
+.IR plumb (1),
+.IR wm (1),
+.IR plumbmsg (2),
+.IR plumbing (6)
diff --git a/man/8/prep b/man/8/prep
new file mode 100644
index 00000000..d9775a6f
--- /dev/null
+++ b/man/8/prep
@@ -0,0 +1,710 @@
+.TH PREP 8
+.SH NAME
+prep, fdisk, format, mbr \- prepare hard and floppy diskettes, flashes
+.SH SYNOPSIS
+.B disk/prep
+[
+.B -bcfnprw
+]
+[
+.B -a
+.I name
+]...
+[
+.B -s 
+.I sectorsize
+]
+.I plan9partition
+.PP
+.B disk/fdisk
+[
+.B -abfprw
+]
+[
+.B -s
+.I sectorsize
+]
+.I disk
+.PP
+.B disk/format
+[
+.B -dfvx
+]
+[
+.B -b 
+.I bootblock
+]
+[
+.B -c
+.I csize
+]
+[
+.B -l
+.I label
+]
+[
+.B -r
+.I nresrv
+]
+[
+.B -t
+.I type
+]
+.I disk
+[
+.IR file ...
+]
+.PP
+.B disk/mbr
+[
+.B -9
+]
+[
+.B -m
+.I mbrfile
+]
+.SH DESCRIPTION
+A partition table is stored on a hard disk to specify the division of
+the physical disk into a set of logical units.
+On PCs, the partition table is stored at the end of the master boot record
+of the disk.
+Partitions of type
+.B 0x39
+are Plan 9 partitions.
+Inferno uses the same type and follows other Plan 9 conventions described here.
+The names of PC partitions are chosen by convention from the type:
+.BR dos ,
+.BR plan9 ,
+etc.
+Second and subsequent partitions of the same type on a given disk are given
+unique names by appending a number (or a period and a number if the name
+already ends in a number).
+.PP
+Plan 9 partitions (and Plan 9 disks on non-PCs) are
+themselves divided, using a textual partition table, called the Plan 9 partition table, in the second
+sector of the partition (the first is left for architecture-specific boot data, such as PC boot blocks).
+Inferno again uses the same conventions.
+The table is a sequence of lines of the format
+.BI part " name start end" \fR,
+where
+.I start
+and
+.I end
+name the starting and ending sector.
+Sector 0 is the first sector of the Plan 9 partition or disk,
+regardless of its position in a larger disk.
+Partition extents do not contain the ending sector,
+so a partition from 0 to 5 and a partition from 5 to 10
+do not overlap.
+.PP
+The Plan 9 partition often contains a number of
+conventionally named subpartitions.
+Only
+.BR 9fat ,
+.BR fs
+and
+.BR nvram
+are currently used by Inferno, but the others are included for reference.
+They include:
+.TF arenas
+.TP 
+.B 9fat
+A small FAT file system used to hold
+configuration information 
+(such as
+.B plan9.ini
+and
+.BR plan9.nvr )
+and kernels.
+This typically begins in the first sector
+of the partition, and contains the partition
+table as a ``reserved'' sector.
+See the discussion of the
+.B -r
+option to
+.IR format .
+.TP
+.B arenas
+A Plan 9
+.IR venti
+arenas partition.
+.TP
+.B cache
+A Plan 9
+.IR cfs
+file system cache.
+.TP
+.B fossil
+A Plan 9
+.IR fossil
+file system.
+.TP
+.B fs
+A
+.IR kfs (4)
+file system.
+.TP
+.B fscfg
+A one-sector partition used to store a
+.IR ds (3)
+configuration.
+.TP
+.B isect
+A Plan 9
+.IR venti
+index section.
+.TP
+.B nvram
+A one-sector partition used to simulate non-volatile RAM on PCs.
+.TP
+.B other
+A non-archived Plan 9
+.IR fossil
+file system.
+.TP
+.B swap
+A Plan 9
+swap partition.
+.PD
+.PP
+.I Fdisk
+edits the PC partition table and is usually
+invoked with a disk like
+.B /dev/sdC0/data 
+as its argument, while
+.I prep
+edits the Plan 9 partition table
+and is usually invoked with a disk partition
+like
+.B /dev/sdC0/plan9
+as its argument.
+.I Fdisk
+works in units of disk ``cylinders'': the cylinder
+size in bytes is printed when
+.I fdisk
+starts.
+.I Prep
+works in units of disk sectors, which are almost always 512 bytes.
+.I Fdisk
+and
+.I prep
+share most of their options:
+.TP
+.B -a
+Automatically partition the disk.
+.I Fdisk
+will create a Plan 9
+partition in the largest unused area on the disk,
+doing nothing if a
+Plan 9 partition already exists.
+If no other partition on the disk is marked active (i.e. marked as the boot partition),
+.I fdisk
+will mark the new partition active.
+.IR Prep 's
+.B -a
+flag takes the name of a partition to create.
+(See the list above for partition names.)
+It can be repeated to specify a list of partitions to create.
+If the disk is currently unpartitioned, 
+.I prep
+will create the named partitions on the disk,
+attempting to use the entire disk in a sensible manner.
+The partition names must be from the list given above.
+.TP
+.B -b
+Start with a blank disk, ignoring any extant partition table.
+.TP
+.B -p
+Print a sequence of commands that when sent to the disk device's
+.B ctl 
+file 
+will bring the partition
+table information kept by
+the 
+.IR sd (3) 
+driver up to date.
+Then exit.
+.I Prep
+will check to see if it is being called with a disk partition
+(rather than an entire disk) as its argument; if so, it
+will translate the printed sectors by the partition's offset
+within the disk.
+Since 
+.I fdisk
+operates on a table of unnamed partitions,
+it assigns names based on the partition type
+(e.g.,
+.BR plan9 ,
+.BR dos ,
+.BR ntfs ,
+.BR linux ,
+.BR linuxswap )
+and resolves collisions by appending a numbered suffix.
+(e.g.,
+.BR dos ,
+.BR dos1 ,
+.BR dos2 ).
+.TP
+.B -r
+In the absence of the 
+.B -p
+and
+.B -w
+flags, 
+.I prep
+and
+.I fdisk
+enter an interactive partition editor;
+the 
+.B -r
+flag runs the editor in read-only mode.
+.TP
+.BI -s " sectorsize"
+Specify the disk's sector size.
+In the absence of this flag,
+.I prep
+and
+.I fdisk
+look for a disk
+.B ctl
+file and read it to find the disk's sector size.
+If the
+.B ctl
+file cannot be found, a message is printed and
+a sector size of 512 bytes is assumed.
+.TP
+.B -w
+Write the partition table to the disk and exit.
+This is useful when used in conjunction with
+.B -a
+or
+.BR -b .
+.PP
+If neither the
+.B -p
+flag nor the
+.B -w
+flag is given,
+.I prep
+and
+.I fdisk
+enter an interactive partition editor that
+operates on named partitions.
+The PC partition table distinguishes between
+primary partitions, which can be listed in the boot
+sector at the beginning of the disk,
+and secondary (or extended) partitions, arbitrarily
+many of which may be chained together in place
+of a primary partition.
+Primary partitions are named
+.BR p \fIn\fR,
+secondary partitions
+.BR s \fIn\fR.
+The number of primary partitions plus number of contiguous chains of
+secondary partitions cannot exceed four.
+.PP
+The commands are as follows.
+In the descriptions, read ``sector'' as ``cylinder'' when using
+.IR fdisk .
+.TP
+.B "a\fR \fIname\fR [ \fIstart\fR [ \fIend\fR ] ]"
+Create a partition named
+.I name
+starting at sector offset
+.I start
+and ending at offset
+.IR end .
+The new partition will not be created if
+it overlaps an extant partition.
+If
+.I start
+or
+.I end
+are omitted,
+.I prep
+and
+.I fdisk
+will prompt for them.
+In
+.IR fdisk ,
+the newly created partition has type
+.RB `` PLAN9 ;''
+to set a different type, use the
+.B t
+command (q.v.).
+.I Start
+and
+.I end
+may be expressions using the operators
+.BR + ,
+.BR - ,
+.BR * ,
+and
+.BR / ,
+numeric constants, and the
+pseudovariables
+.B .
+and
+.BR $ .
+At the start of the program,
+.B .
+is set to zero; each time a partition is
+created, it is set to the end sector
+of the new partition.
+It can also be explicitly set using the
+.B .
+command.
+When evaluating
+.IR start ,
+.B $
+is set to one past the last disk sector.
+When evaluating
+.IR end ,
+.B $
+is set to the maximum value that 
+.I end
+can take on without running off the disk
+or into another partition.
+Finally, the expression
+.IB n %
+evaluates to 
+.RI ( n × disksize )/100.
+As an example, 
+.B a
+.B .
+.B .+20%
+creates a new partition starting at
+.B .
+that takes up a fifth of the disk,
+and 
+.B a
+.B 1000
+.B $
+creates a new partition starting at
+sector 1000 and
+extending as far as possible.
+.TP
+.B ".\fR \fInewdot"
+Set the value of the variable
+.B .
+to
+.IR newdot ,
+which is an arithmetic expression as described
+in the discussion of the
+.B a
+command.
+.TP
+.BI d " name"
+Delete the named partition.
+.TP
+.B h
+Print a help message listing command synopses.
+.TP
+.B p
+Print the disk partition table.
+Unpartitioned regions are also listed.
+The table consists of a number of lines containing
+partition name, beginning and ending sectors,
+and total size.
+A 
+.B '
+is prefixed to the names of partitions
+whose entries have been modified but not written to disk.
+.I Fdisk
+adds to the end of each line a textual partition type,
+and places a 
+.B *
+next to the name of the active partition
+(see the
+.B A
+command below).
+.TP
+.B P
+Print the partition table in the format accepted by the disk's
+.B ctl
+file, which is also the format of the output of the
+.B -p
+option.
+.TP
+.B w
+Write the partition table to disk.
+.I Prep
+will also inform the kernel of the changed
+partition table.
+The write will fail if any programs have any
+of the disk's partitions open.
+If the write fails (for this or any other reason),
+.I prep
+and
+.I fdisk
+will attempt to restore the partition table to
+its former state.
+.TP
+.B q
+Quit the program.
+If the partition table has been modified but not written,
+a warning is printed.
+Typing
+.B q
+again will quit the program.
+.PP
+.I Fdisk
+also has the following commands.
+.TP
+.BI A " name
+Set the named partition active.
+The active partition is the one whose boot block is used
+when booting a PC from disk.
+.TP
+.B e
+Print the names of empty slots in the partition table, i.e., the
+valid names to use when creating a new partition.
+.TP
+.BI t " \fR[\fI type \fR]
+Set the partition type.  If it is not given, 
+.I fdisk
+will display a list of choices and then prompt for it.
+.PD
+.PP
+.I Format
+prepares for use the floppy diskette or hard disk partition in the file named
+.IR disk ,
+for example
+.B /dev/fd0disk 
+or
+.BR /dev/sdC0/9fat .
+The options are:
+.TP
+.B -f
+Do not physically format the disc. Used
+to install a FAT file system on a
+previously formatted disc. If
+.I disk
+is not a floppy device, this flag is a no-op.
+.TP
+.B -t
+specify a density and type of disk to be prepared.
+The possible
+.I types
+are:
+.RS
+.TP
+.B 3½DD
+3½" double density, 737280 bytes
+.TP
+.B 3½HD
+3½" high density, 1474560 bytes
+.TP
+.B 5¼DD
+5¼" double density, 368640 bytes
+.TP
+.B 5¼HD
+5¼"  high density, 1146880 bytes
+.TP
+.B hard
+fixed disk
+.PD
+.PP
+The default when
+.I disk
+is a floppy drive is the highest possible on the device.
+When 
+.I disk
+is a regular file, the default is
+.BR 3½HD .
+When 
+.I disk
+is an
+.IR sd (3)
+device, the default is 
+.BR hard .
+.RE
+.TP
+.B -d
+initialize a FAT file system on the
+.IR disk .
+.TP
+.B -b
+use the contents of
+.I bootblock
+as a bootstrap block
+to be installed in sector 0.
+.PD
+.PP
+The remaining options have effect only when
+.B -d
+is specified:
+.TP
+.B -c
+use a FAT cluster size of
+.I csize
+sectors when creating the FAT.
+.TP
+.B -l
+add a
+.I label
+when creating the FAT file system.
+.TP
+.BI -r
+mark the first 
+.I nresrv
+sectors of the partition as ``reserved''.
+Since the first sector always contains the
+FAT parameter block, this really marks
+the
+.IR nresrv -1
+sectors starting at sector 1 as ``reserved''.
+When formatting the
+.B 9fat
+partition, 
+.B -r
+.B 2
+should be used to jump over the partition table sector.
+.PD
+.PP
+Again under
+.BR -d ,
+any
+.I files
+listed are added, in order,
+to the root
+directory of the FAT file system.  The files are
+contiguously allocated.
+If a file is named
+.BR 9load ,
+it will be created with the
+.B SYSTEM
+attribute set so that
+.IR dossrv (4) 
+keeps it contiguous when modifying it.
+.PP
+.I Format
+checks for a number of common mistakes; in particular,
+it will refuse to format a 
+.B 9fat
+partition unless 
+.B -r
+is specified with 
+.I nresrv 
+larger than two.
+It also refuses to format a raw
+.IR sd (3)
+partition that begins at offset zero in the disk.
+(The beginning of the disk should contain an
+.I fdisk
+partition table with master boot record,
+not a FAT file system or boot block.)
+Both checks are disabled by the
+.B -x
+option.
+The
+.B -v
+option prints debugging information.
+.PP
+The file
+.B /Inferno/386/pbs
+is an example of a suitable
+.I bfile
+to make the disk a boot disk.
+It gets loaded by the BIOS at 0x7C00,
+reads the root directory into address 0x7E00, and looks at
+the first root directory entry.
+If that file is called
+.BR 9LOAD ,
+it uses
+single sector reads to load the file into address 0x10000 and then
+jumps to the loaded file image.
+The file
+.B /Inferno/386/pbslba
+is similar, but because it uses LBA addressing (not supported
+by all BIOSes), it can access more than the first 8.5GB of the disk.
+.PP
+.I Mbr
+installs a new boot block in sector 0 (the master boot record)
+of a disk such as
+.BR /dev/sdC0/data .
+This boot block should not be confused with the
+boot block used by 
+.IR format ,
+which goes in sector 0 of a partition.
+Typically, the boot block in the master boot record
+scans the PC partition table to find an active
+partition and then executes the boot block for
+that partition.
+The partition boot block then loads a bootstrap
+program such as
+.IR 9load (10.8),
+which then loads the operating system.
+If MS-DOS or Windows 9[58] is already installed
+on your hard disk, the master boot record
+already has a suitable boot block.
+Otherwise, 
+.B /Inferno/386/mbr
+is an appropriate 
+.IR mbrfile .
+It detects and uses LBA addressing when available
+from the BIOS (the same could not
+be done in the case of
+.B pbs
+due to space considerations).
+If the
+.I mbrfile
+is not specified, a boot block is installed that
+prints a message explaining that the disk is not bootable.
+The
+.B -9
+option initialises the partition table to consist of one
+.BR plan9
+partition which spans the entire disc starting at the end of the
+first track.
+.SH EXAMPLES
+Initialize the kernel disk driver with the partition information
+from the FAT boot sectors.
+If Plan 9 partitions exist, pass that partition information as well.
+.IP
+.EX
+for(disk in /dev/sd??) {
+	if(ftest -f $disk/data && ftest -f $disk/ctl){
+		disk/fdisk -p $disk/data >$disk/ctl
+	}
+	for(part in $disk/plan9*){
+		if(ftest -f $part){
+			disk/prep -p $part >$disk/ctl
+		}
+	}
+}
+.EE
+.PP
+Create a boot floppy on a previously formatted diskette:
+.IP
+.EX
+disk/format -b /Inferno/386/pbs -df /dev/fd0disk /Inferno/386/9load /tmp/plan9.ini
+.EE
+.PP
+Initialize the blank hard disk
+.BR /dev/sdC0/data .
+.IP
+.EX
+disk/mbr -m /Inferno/386/mbr /dev/sdC0/data
+disk/fdisk -baw /dev/sdC0/data
+disk/prep -bw -a^(9fat fs) /dev/sdC0/plan9
+disk/format -b /Inferno/386/pbslba -d -r 2 /dev/sdC0/9fat 9load 9pcdisk plan9.ini
+.EE
+.PP
+.SH SOURCE
+.B /appl/cmd/disk/prep
+.br
+.B /appl/cmd/disk/format.b
+.br
+.B /os/boot/pc
+.SH SEE ALSO
+.IR floppy (3),
+.IR sd (3),
+.IR 9load (10.8),
+.IR plan9.ini (10.8)
+.SH BUGS
+.I Format
+can create FAT12 and FAT16
+file systems, but not FAT32 file systems.
+The boot block can only read from
+FAT12 and FAT16 file systems.
diff --git a/man/8/rdbgsrv b/man/8/rdbgsrv
new file mode 100644
index 00000000..139cd4c5
--- /dev/null
+++ b/man/8/rdbgsrv
@@ -0,0 +1,111 @@
+.TH RDBGSRV 8
+.SH NAME
+rdbgsrv \- remote debug server
+.SH SYNOPSIS
+.B "bind -b '#t' /dev"
+.PP
+.B auxi/rdbgsrv
+[
+.BI \-d n
+] [
+.BI \-s baud
+] [
+.BI \-f dev
+]
+.I mountpoint
+.SH DESCRIPTION
+.I Rdbgsrv
+is intended for use with versions of
+.IR sboot (10.8)
+that do not use
+.IR styxmon (10.8),
+but serve Styx directly.
+.I Rdbgsrv
+interposes itself between
+.I dev
+(default:
+.BR /dev/eia0 )
+and
+.I mountpoint
+to convey Styx messages via the serial port to and from a Styx server program
+running on a board running native Inferno.
+The
+.B \-f
+option specifies the serial device; the default is
+.BR /dev/eia0 .
+The
+.B \-s
+option sets the line speed; the default is 38400 baud.
+The
+.B \-d
+option selects debugging options by a bit mask:
+1, print trace of Styx message types;
+2, print actual Styx message contents.
+.PP
+The monitor program on the board must be started first.
+.I Rdbgsrv
+writes the two byte message
+.BR go ,
+and keeps reading the device until it sees the reply
+.BR ok .
+It then attempts to mount the exported name space, and
+copies Styx messages to and from the device.
+.PP
+Once
+.I rdbgsrv
+is running, several device files provided by the program
+will be visible at
+.IR mountpoint .
+The files include flash partitions, a console file, and a file representing
+temporary storage in the device's memory:
+.TF sbootconsole
+.PD
+.TP
+.B sbootconsole
+Accepts
+.IR sboot (10.8)
+commands.
+When read, it returns output from recent commands.
+.TP
+.B tmp
+Temporary memory buffer that accepts data to be copied to the flash.
+.TP
+.BI F! partition
+Represents the flash partition with the name
+.IR partition .
+.PP
+The following example
+Inferno
+session on the host mounts the serial device on
+.BR /n/rdbg ,
+and sends commands by writing to
+.BR /n/rdbg/sbootconsole .
+.IP
+.EX
+% bind -b '#t' /dev           # ensure /dev/eia0 is visible
+% auxi/rdbgsrv /n/rdbg
+% ls /n/rdbg
+/n/rdbg/F!kern
+/n/rdbg/F!fs
+/n/rdbg/sbootconsole
+/n/rdbg/tmp
+% cp /os/sa1100/isword.p9.gz /n/rdbg/F!kern # copy kernel
+% cp /tmp/fs.tgz /n/rdbg/tmp  # copy compressed file system
+% echo c/u T! F!fs >/n/rdbg/sbootconsole
+% cat /n/rdbg/sbootconsole
+% echo P >/n/rdbg/sbootconsole
+% echo b F!kern >/n/rdbg/sbootconsole       # boot from F!kern
+.EE
+.PP
+Copying a file containing
+.I sboot
+commands to
+.B /n/rdbg/sbootconsole
+has the same effect as writing the individual commands to the console.
+.SH SOURCE
+.B /appl/auxi/rdbgsrv.b
+.SH SEE ALSO
+.IR sboot (10.8),
+.IR styxmon (10.8)
+.SH BUGS
+No error recovery is applied, let alone error correction.
diff --git a/man/8/register b/man/8/register
new file mode 100644
index 00000000..daa0998b
--- /dev/null
+++ b/man/8/register
@@ -0,0 +1,85 @@
+.TH REGISTER 8 mux
+.SH NAME
+register \- command to register set-top-box identity with signer
+.SH SYNOPSIS
+.B mux/register
+[
+.I signer
+]
+.SH DESCRIPTION
+.I Register
+is intended for use on a set top box (or similar device).
+It connects to
+.IR signer ,
+a machine configured to sign certificates,
+and obtains an authenticated certificate based on the contents of
+.L /nvfs/ID
+(the set top box ID in non-volatile memory).
+The certificate is saved in the file
+.L /nvfs/default
+for later use.
+If no
+.I signer
+is named explicitly, the
+.B $SIGNER
+named in
+.IR db (6)
+is used instead.
+.PP
+There are several phases to obtaining the certificate.
+.IP 1.
+The register command interacts with
+.IR signer (8)
+on the signing host
+to construct the certificate. This certificate is `blinded' by a random bit mask, sent back to
+.I register
+which displays it in textual or graphical form to
+the user.
+.IP 2.
+The user running
+.I register
+must use an independent,
+secure mechanism (for example, an untapped telephone call)
+to communicate with a human agent at the
+site acting as
+.IR signer .
+That agent runs
+.I verify
+(see
+.IR signer (8))
+to display the same `blinded' certificate that was
+shown to
+.IR register 's
+user at the client.
+Once the agent is convinced that the `blinded' certificate has been delivered to the correct party, the agent tells
+.I verify
+to accept the identity of the caller.
+.IP 3.
+.I Register
+then connects to the
+.I countersigner
+process (see
+.IR signer (8))
+to obtain the bitmask needed to `unblind' the previously received certificate.
+This step can only validly be performed after the successful
+completion of
+.I verify
+on the
+.I signer.
+.SH FILES
+.TF /services/cs/db
+.TP
+.B /nvfs/ID
+File emulating set top box-id in ROM.
+.TP
+.B /nvfs/default
+Repository of authenticated certificate.
+.TP
+.B /services/cs/db
+Default definition of `signer' host.
+.SH SOURCE
+.B /appl/mux/register.b
+.SH "SEE ALSO"
+.IR db (6),
+.IR manufacture (8),
+.IR signer (8)
diff --git a/man/8/rip b/man/8/rip
new file mode 100644
index 00000000..11937f86
--- /dev/null
+++ b/man/8/rip
@@ -0,0 +1,98 @@
+.TH RIP 8
+.SH NAME
+rip \- routing information protocol
+.SH SYNOPSIS
+.B ip/rip
+.RB [ -2 ]
+.RB [ -b ]
+.RB [ -d ]
+.RB [ -n ]
+[
+.BI -x " mntpt"
+] [
+.I net
+\&...
+]
+.B &
+.SH DESCRIPTION
+.I Rip
+implements the Internet RIP routing protocol
+described by RFC1058 and RFC2453.
+It watches the network and makes appropriate changes
+to the machine's Internet routing table
+(see
+.B iproute
+in
+.IR ip (3)),
+based on routing packets
+broadcast by gateways on the network.
+.I Rip
+is only used when a single default gateway is inadequate,
+typically because a machine sits on a network directly connected to
+several others,
+having no common gateway or router.
+On networks where there is just one gateway, it is usually simpler and more efficient
+to configure that statically using
+.IR ndb (6)
+or dynamically using DHCP/BOOTP,
+rather than running
+.IR rip .
+.PP
+.I Rip
+serves the network on
+.I mntpt
+(default:
+.BR /net ).
+When it starts,
+.I rip
+learns its own interfaces and directly attached networks by reading
+.IB mntpt /ipifc ,
+and notes any routes currently in
+.IB mntpt /iproute .
+.PP
+By default,
+.I rip
+neither broadcasts routes nor replies to requests for its route table.
+If the
+.B \-b
+option is given,
+.I rip
+periodically broadcasts changes to its routing table to each of its interfaces.
+If at least one explicit
+.I net
+address is given, the broadcasts are restricted to just the interfaces listed
+(and
+.B \-b
+is implied).
+.PP
+The
+.B \-d
+option causes
+.I routed
+to record changes it makes to the routing tables.
+This can be helpful when locating misleading announcements
+from rogue gateways.
+A second
+.B \-d
+will include detailed information about every packet.
+The
+.B \-n
+option tells
+.I rip
+not to change the local routing table, but only say what changes it would have made.
+.PP
+.I Rip
+understands both version1 and version 2 of the protocol,
+and interprets updates from gateways appropriately.
+By default, it transmits updates using version 1; if the
+.B -2
+option is given, it uses version 2 instead, which is preferable when
+the network has subnets.
+.\".SH FILES
+.\".LR /sys/log/iproute "	debugging information"
+.SH SOURCE
+.B /appl/cmd/ip/rip.b
+.SH "SEE ALSO"
+.IR ip (3),
+.IR ndb (6)
+.\" .IR ipconfig (8)
diff --git a/man/8/rstyxd b/man/8/rstyxd
new file mode 100644
index 00000000..9ee6254b
--- /dev/null
+++ b/man/8/rstyxd
@@ -0,0 +1,104 @@
+.TH RSTYXD 8
+.SH NAME
+rstyxd, styxd \- Styx-based remote execution and file service
+.SH SYNOPSIS
+.B auxi/rstyxd
+.I alg
+\&...
+.PP
+.B auxi/styxd
+.I alg
+\&...
+.SH DESCRIPTION
+These services are normally started by
+.IR svc (8)
+in response to incoming network calls.
+Each expects the standard input to be connected to the client;
+unusually, it is both read and written.
+.PP
+Both commands first authenticate the incoming call using
+.IR keyring-auth (2)
+via
+.IR security-auth (2).
+On successful authorisation, the server sets
+its user identity to that of the caller,
+and the client can request that a digest and/or encryption
+algorithm be applied using
+.IR ssl (3)
+to protect the data exchanged with the server.
+Each
+.I alg
+names a digest or encryption algorithm that the server will allow
+the client to use,
+in any form accepted by
+.IR ssl ;
+the special name
+.B none
+is usually listed, to allow the client to choose not to use
+.IR ssl .
+.PP
+.I Styxd
+provides Styx file service to its client.
+Having authorised the client and optionally established
+.IR ssl ,
+as described above,
+it exports its name space (usually the name space inherited from
+.IR svc (8))
+on the connection using
+.B Sys->export
+(see
+.IR sys-dial (2)).
+.PP
+.I Rstyxd
+provides a remote-execution service.
+Having authorised the client and optionally established
+.IR ssl ,
+as described above,
+it reads a single line from its standard input.
+The line contains a decimal value that is the count of the number
+of bytes that follow,
+which
+.I rstyxd
+reads as a
+.IR utf (6)-encoded
+string.
+The string contains a command, which is parsed into arguments,
+following the quoting
+conventions of
+.IR sh (1).
+The first argument is the command name.
+.I Rstyxd
+prepares a modified name space in which
+to run the command.
+It mounts the connection (standard input) on
+.BR /n/client ,
+binds
+.BR /n/client/dev
+onto
+.BR /dev ,
+and opens the new
+.B /dev/cons
+(ie, the remote client's
+.BR /dev/cons )
+on file descriptors 0, 1 and 2.
+Finally, it executes the command.
+.SH FILES
+.TF /usr/user/keyring/default
+.TP
+.B /n/client
+mount point used by
+.I rstyxd
+.TP
+.BI /usr/ user /keyring/default
+server's authentication data when
+.IR svc (8)
+run as given
+.I user
+.SH SOURCE
+.B /appl/cmd/auxi/rstyxd.b
+.br
+.B /appl/cmd/auxi/styxd.b
+.SH SEE ALSO
+.IR keyring-auth (2),
+.IR security-auth (2),
+.IR getauthinfo (8)
diff --git a/man/8/shutdown b/man/8/shutdown
new file mode 100644
index 00000000..5385f91e
--- /dev/null
+++ b/man/8/shutdown
@@ -0,0 +1,26 @@
+.TH SHUTDOWN 8
+.SH NAME
+shutdown \- shut down system/emulator
+.SH SYNOPSIS
+.B shutdown
+.B -h
+.PP
+.B shutdown
+.B -r
+.SH DESCRIPTION
+.I Shutdown
+halts
+.RB ( -h )
+or restarts
+.RB ( -r )
+.IR emu (1)
+or a native kernel.
+If restarted,
+.IR emu (1)
+will be given the same options as were given it when it started.
+.SH FILES
+.B /dev/sysctl
+.SH SOURCE
+.B /appl/cmd/shutdown.b
+.SH "SEE ALSO"
+.IR cons (3)
diff --git a/man/8/signer b/man/8/signer
new file mode 100644
index 00000000..1cb9d8e1
--- /dev/null
+++ b/man/8/signer
@@ -0,0 +1,117 @@
+.TH SIGNER 8
+.SH NAME
+signer, verify, countersigner \- set-top box authentication
+.SH SYNOPSIS
+.B auth/signer
+.PP
+.BI auth/verify " set-top-box-id"
+.PP
+.B auth/countersigner
+.SH DESCRIPTION
+.I Signer
+and
+.I countersigner
+listen for requests on the service ports
+.B infsigner
+and
+.BR infcsigner ,
+respectively.
+They are typically run via
+.IR svc (8)
+on a machine acting as authentication server for a network.
+.I Verify
+is invoked on the same server, after
+.I signer
+but before
+.IR countersigner ,
+following an independent check of a caller's credentials.
+.PP
+.I Signer
+constructs an authentication certificate from the signer's key (in
+.BR /keydb/signerkey )
+and information from the requesting client, including
+the set top box ID.
+The signer's key can be created using
+.IR createsignerkey (8),
+but if the key does not yet exist,
+.I signer
+creates and initialises
+.B /keydb/signerkey
+itself, with an owner name of
+.LR * .
+.PP
+.I Signer
+`blinds'
+the certificate by XOR-ing it with a random bit mask, then sends the result to the requesting client.
+The client machine's user uses that information to establish identity with a human agent on the
+signing machine.
+.I Signer
+also saves the both the `blinded' and `unblinded' result from the input in
+.BI /keydb/signed/ set-top-box-id
+for
+.I verify
+(see below).
+.PP
+.I Verify
+is run on the signing server
+by the agency running the authentication server, in response to
+a call from a remote user who has invoked
+.IR register (8)
+or an equivalent.
+.I Verify
+checks a caller's identity using information from the file
+.BI /keydb/signed/ set-top-box-id
+created by
+.IR signer .
+The file contains the previously crafted authentication certificate and the `blinded' version of the certificate that was sent to the requesting client.
+.PP
+.I Verify
+displays the `blinded' version textually or graphically, as appropriate, so that it can be compared to that reported by the set-top-box owner over a secure independent mechanism (for example, telephone). If the operator of
+.I verify
+is convinced of the identity of the caller, the operator should accept when prompted by
+.IR verify .
+.I Verify
+then writes the authentication certificate to
+.BI /keydb/countersigned/ set-top-box-id,
+as input for
+.I countersigner
+(see
+.IR signer (8)).
+.PP
+.I Note:
+if the operator of
+.I verify
+accepts the identity, the set-top-box owner should be requested
+to answer `yes' to the prompt displayed by
+.IR register (8).
+The order of
+acceptance\-first on the signer, then on the client\-is essential,
+to produce the countersigned certificate before invoking
+.I countersigner
+to read it.
+.PP
+.I Countersigner
+sends the blinding data in
+.BI /keydb/countersigned/ set-top-box-id
+to the requesting client.
+.SH FILES
+.TF /keydb/countersigned/set-top-box-id
+.TP
+.B /keydb/signerkey
+Secret key of the `signer' host.
+.TP
+.BI /keydb/signed/ set-top-box-id
+Repository of `blinded' and clear certificates.
+.TP
+.BI /keydb/countersigned/ set-top-box-id
+Repository of `unblinded' certificates.
+.SH SOURCE
+.B /appl/cmd/auth/signer.b
+.br
+.B /appl/cmd/auth/verify.b
+.br
+.B /appl/cmd/auth/countersigner.b
+.SH SEE ALSO
+.IR createsignerkey (8),
+.IR register (8),
+.IR svc (8)
diff --git a/man/8/sntp b/man/8/sntp
new file mode 100644
index 00000000..be21fab9
--- /dev/null
+++ b/man/8/sntp
@@ -0,0 +1,41 @@
+.TH SNTP 8
+.SH NAME
+sntp \- simple network time protocol client
+.SH SYNOPSIS
+.B ip/sntp
+[
+.B -di
+]
+[
+.I server
+]
+.SH DESCRIPTION
+.I Sntp
+is a simple client for the Simple Network Time Protocol (RFC1361).
+It requests the time from the SNTP service on
+.I server
+(default:
+.BR udp!$ntp!ntp ),
+and if it receives a plausible reply,
+sets the local time accordingly, in both
+.IR rtc (3)
+and
+.BR /dev/time .
+The
+.B -d
+option prints debugging text, including the time received;
+the
+.B -i
+option stops
+.I sntp
+from actually updating the local time.
+.SH FILES
+.B #r/rtc
+.br
+.B /dev/time
+.SH SOURCE
+.B /appl/cmd/ip/sntp.b
+.SH SEE ALSO
+.IR date (1),
+.IR cons (3)
+
diff --git a/man/8/srv b/man/8/srv
new file mode 100644
index 00000000..b1f5984a
--- /dev/null
+++ b/man/8/srv
@@ -0,0 +1,112 @@
+.TH SRV 8 obsolete
+.SH NAME
+srv \- start services
+.SH SYNOPSIS
+.B lib/srv
+[
+.BI -n " nsfile"
+]
+[
+.B -v
+]
+[
+.B -s
+]
+.SH DESCRIPTION
+.I Srv
+starts listeners for local network services.
+It is now considered obsolete: see
+.IR svc (8),
+which replaces it using
+.IR sh (1)
+and
+.IR listen (1).
+.PP
+If the file
+.B /services/namespace
+exists,
+.I srv
+builds a new name space using
+.IR newns (2).
+The
+.B -n
+option may be used to supply a different file.
+.I Srv
+then starts a listener for each service configured in
+.BR /services/server/config .
+.PP
+The configuration file is a text file.
+Empty lines and lines beginning
+.B #
+are comments, and ignored.
+Each non-comment line has at least four fields:
+the server type, the service name, the network name on which to announce the service
+(typically
+.B tcp
+or
+.BR udp ),
+and the path name of the service command (module).
+Any further arguments are passed as arguments to that command.
+.PP
+Normally the server type field contains the letter
+.BR S ,
+and
+.I srv
+announces the service on the network itself, listens for incoming calls,
+and on each call invokes the command with any arguments given.
+The standard input and output of the command are set to refer to the
+network connection.
+If the server type field contains the letter
+.BR M ,
+however,
+.I srv
+starts the given command once during its own initialisation, and leaves the server
+to announce and manage its incoming calls.
+This is typically used to start self-contained services such as
+.B bootp
+and
+.BR tftpd .
+The diagnostics from all servers will appear on the standard
+error of
+.I srv
+itself.
+.PP
+For example, the default configuration file includes the following lines:
+.PP
+.EX
+.ps -2
+S infsigner       tcp /dis/auth/signer.dis 
+S infcsigner      tcp /dis/auth/countersigner.dis
+S inflogin        tcp /dis/auth/logind.dis         
+S styx            tcp /dis/lib/styxd.dis none clear sha md5 rc4 sha/rc4 md5/rc4
+S rstyx           tcp /dis/lib/rstyxd.dis none clear sha md5 rc4 sha/rc4 md5/rc4
+S infdb           tcp /dis/lib/dbsrv.dis  none clear sha md5 rc4 sha/rc4 md5/rc4
+S virgil          udp /dis/lib/virgild.dis
+.ps +2
+.EE
+.PP
+The arguments to
+.IR rstyxd
+and
+.IR stxyd
+(see
+.IR rstyxd (8)),
+and
+.IR dbsrv (7)
+should list the security algorithms supported by the server's
+.IR ssl (3).
+.SH FILES
+.B /services/namespace
+.br
+.B /services/server/config
+.SH SOURCE
+.B /appl/lib/srv.b
+.SH SEE ALSO
+.IR listen (1),
+.IR services (6),
+.IR cs (8),
+.IR dbsrv (7),
+.IR rstyxd (8),
+.IR svc (8)
+.SH BUGS
+Each service should arguably start in a minimal name space.
diff --git a/man/8/styxchat b/man/8/styxchat
new file mode 100644
index 00000000..11fdb378
--- /dev/null
+++ b/man/8/styxchat
@@ -0,0 +1,244 @@
+.TH STYXCHAT 8
+.SH NAME
+styxchat \- exchange Styx messages with a server or client
+.SH SYNOPSIS
+.B styxchat
+[
+.RI -m " messagesize"
+] [
+.B -s
+] [
+.B -v
+] [
+.B -n
+] [
+.I destination
+]
+.SH DESCRIPTION
+.I Styxchat
+exchanges messages with a Styx service.
+See
+.IR intro (5)
+for the protocol definition.
+It makes a connection to a given
+.IR destination ,
+(or waits for a connection on
+.IR destination,
+if the
+.B -s
+option is specified),
+then reads a textual representation of Styx T-messages from the standard
+input and writes them on the connection, with a copy on standard output,
+simultaneously reading Styx R-messages from the connection and printing a representation of them
+on standard output.
+Each message is represented by one line
+on the standard output in the form of a literal of either
+.B Tmsg
+or
+.B Rmsg
+types defined in
+.IR styx (2).
+The
+.B -v
+option causes a second line to be written for
+.B Rmsg.Read
+and
+.B Tmsg.Write
+that shows the data transmitted, as text or binary as appropriate;
+if
+.B -v
+appears a second time, a third line is written that
+shows the text equivalent of apparently binary data (useful to see text that is surrounded by binary data).
+.PP
+By default,
+.I destination
+is the name of a file, typically one end of a named pipe.
+The
+.B \-n
+option causes
+.I destination
+to be interpreted as a network address, as accepted by
+.IR sys-dial (2)
+(or
+.I listen
+with
+.BR -s ).
+If
+.I destination
+is not provided,
+.B styxchat
+reads and writes Styx messages on its standard input,
+using
+.B /dev/cons
+where it would usually use its standard input and output.
+.PP
+Each line of standard input has the form:
+.IP
+.br
+.BI  Tversion " messagesize version"
+.br
+.BI Tauth " afid uname aname"
+.br
+.BI Tflush " oldtag"
+.br
+.BI Tattach " fid afid uname aname"
+.br
+.BI Twalk " fid newfid \f1[\fP name \f1... ]\fP"
+.br
+.BI Topen " fid mode"
+.br
+.BI Tcreate " fid name perm mode"
+.br
+.BI Tread " fid offset count"
+.br
+.BI Twrite " fid offset data"
+.br
+.BI Tclunk " fid"
+.br
+.BI Tremove " fid"
+.br
+.BI Tstat " fid"
+.br
+.BI Twstat " fid name uid gid mode mtime length"
+.br
+.BI nexttag " \f1[\fP tag \f1]\fP"
+.br
+.B dump
+.PD
+.PP
+The input is interpreted as space-separated fields
+using the quoting conventions of
+.IR sh (1),
+allowing fields to contain spaces.
+Empty lines and lines beginning with
+.B #
+are ignored.
+The first field on each line is normally the name of a T-message.
+Subsequent fields provide parameter values for
+the corresponding message.
+Integers are given in the format accepted for integers
+by the Limbo compiler (e.g.
+.BR 16rffff ):
+a
+.I tag
+is 16 bits,
+.I offset
+and
+.I length
+are 64 bits, and all others are 32-bit integers.
+If the an integer parameter field contains
+.BR ~0 ,
+it is taken to be the `all ones' value of appropriate size for that parameter;
+this is particularly useful with
+.BR Twstat ,
+where that value represents `no change'.
+In the ``mode'' field of a qid, letters can be given, representing
+mode bits:
+.B d
+for
+.BR QTDIR ,
+.B l
+for
+.BR QTEXCL ,
+.B a
+for
+.BR QTAPPEND ,
+and
+.B u
+for
+.BR QTAUTH .
+In an
+.B Rstat
+message, the qid mode bits are copied into the
+.B Rstat
+mode field in the appropriate place.
+.PP
+Following the
+.IR sh (1)
+quoting rules,
+an empty string is represented by a field containing \f5''\f1.
+The
+.I data
+field is sent as its UTF-8 representation as an array of bytes.
+The value for
+.I fid
+can be
+.B nofid
+(or
+.BR NOFID )
+to represent the `no fid' value in the protocol.
+The
+.I tag
+for each message is automatically supplied by
+.IR styxchat ,
+starting from 1, and incremented with each successful message transmission.
+The
+.B nexttag
+command will cause subsequent tags to start from
+.IR tag ;
+if none is given, it will print the next tag value.
+The
+.I tag
+may be
+.B notag
+to represent the `no tag' value
+.RB ( 16rFFFF ).
+.PP
+The
+.B dump
+command has the same effect as a
+.B -v
+option, allowing data display to be enabled later.
+.PP
+By default,
+.I styxchat
+sends a Styx client's T-messages and prints a server's R-messages.
+The
+.B -s
+option causes it to present a server's view: it prints the T-messages from Styx clients, and sends R-messages
+as it reads a textual representation of them from standard input:
+.IP
+.br
+.BI Rversion " tag messagesize version"
+.br
+.BI Rauth " tag aqid"
+.br
+.BI Rflush " tag"
+.br
+.BI Rerror " tag ename"
+.br
+.BI Rattach " tag qid"
+.br
+.BI Rwalk " tag qid ..."
+.br
+.BI Ropen " tag qid iounit"
+.br
+.BI Rcreate " tag qid iounit"
+.br
+.BI Rread " tag data"
+.br
+.BI Rwrite " tag count"
+.br
+.BI Rclunk " tag"
+.br
+.BI Rremove " tag"
+.br
+.BI Rstat " tag qid mode atime mtime length name uid gid muid"
+.br
+.BI Rwstat " tag"
+.br
+.B dump
+.PD
+.PP
+The input conventions are as above, except that tags
+are required.
+A
+.I qid
+is a single field of the form \fIpath\f1\f5.\f1\fIvers\f1[\f5.\f1\fItype\f1],
+where the three values are decimal integers.
+.SH SOURCE
+.B /appl/cmd/styxchat.b
+.SH SEE ALSO
+.IR styx (2),
+.IR intro (5),
+.IR styxmon (8)
diff --git a/man/8/styxmon b/man/8/styxmon
new file mode 100644
index 00000000..48012736
--- /dev/null
+++ b/man/8/styxmon
@@ -0,0 +1,50 @@
+.TH STYXMON 8
+.SH NAME
+styxmon \- monitor a Styx conversation
+.SH SYNOPSIS
+.B styxmon
+[
+.B -r
+] [
+.B -t
+]
+.I cmd
+[
+.IR arg ...
+]
+.SH DESCRIPTION
+.I Styxmon
+allows the monitoring of styx messages sent and received
+by
+.IR cmd ,
+which should serve Styx through its standard input.
+.I Styxmon
+in its turn serves Styx through its standard input,
+and writes information on the Styx messages that
+it sees to the standard error.
+The
+.B -r
+and
+.B -t
+options restrict the messages printed to R-messages
+and T-messages respectively.
+.SH EXAMPLE
+Mount an instance of
+.IR export (4)
+of the current name space through
+.I styxmon
+on
+.B /n/remote
+to monitor all access to it through that name:
+.IP
+.EX
+mount {styxmon {export /}} /n/remote
+ls /n/remote
+cp /n/remote/lib/unicode /n/remote/dev/null
+.EE
+.SH SOURCE
+.B /appl/cmd/styxmon.b
+.SH SEE ALSO
+.IR styx (2),
+.IR intro (5),
+.IR styxchat (8)
diff --git a/man/8/svc b/man/8/svc
new file mode 100644
index 00000000..38d00c55
--- /dev/null
+++ b/man/8/svc
@@ -0,0 +1,137 @@
+.TH SVC 8
+.SH NAME
+svc: auth, net, registry, rstyx, styx \- start Inferno network services
+.SH SYNOPSIS
+.B svc/net
+.br
+.B svc/auth
+.br
+.B svc/registry
+.br
+.B svc/rstyx
+.br
+.B svc/styx
+.SH DESCRIPTION
+The directory
+.B /dis/svc
+contains several
+.IR sh (1)
+scripts to start network listeners (see
+.IR listen (1))
+that give remote hosts access to specific Inferno services on the current host.
+The scripts can be edited to suit (or configure themselves to suit) the
+requirements of a particular site.
+.PP
+A host that is not an authentication server and wishes to start the usual network services
+can simply invoke
+.BR svc/net ,
+which runs all the others
+.I except
+authentication.
+Authentication servers should normally run
+.B svc/auth
+instead, to start local name and authentication services, and a listener
+for each authentication service but
+.I not
+file service or remote execution.
+.PP
+.I Auth
+must be run (only) on a host that is to act as an authentication server,
+providing signing and other authentication services to itself and the network.
+The files
+.BR /keydb/signerkey ,
+created by
+.IR createsignerkey (8),
+and
+.BR /keydb/keys ,
+managed by
+.IR changelogin (8),
+must exist.
+If so,
+.I auth
+starts
+.IR keyfs (4),
+which prompts for the password that protects
+.BR /keydb/keys ,
+the file of secrets shared
+with registered users.
+If the key file is empty, the confirmed password will be used in future to encrypt and decrypt the file;
+otherwise the password must match the one used to encrypt the key file.
+If the password is valid, listeners are started for
+.IR keysrv (4),
+to allow passwords to be changed remotely,
+.IR logind (8),
+to provide signed certificates,
+and
+.IR signer (8).
+Note that although an authentication server must be present to run
+.IR getauthinfo (8)
+to obtain credentials to access another service, once those have been
+issued, the recipient can subsequently present them (if still valid) to
+access that service without further involvement by the service (ie, it
+need not then be running).
+See
+.IR changelogin (8)
+for the user registration program, which can be used once
+.I auth
+has started.
+.PP
+.I Registry
+starts the dynamic service registry (see
+.IR registry (4))
+if it is not already running,
+putting it at the conventional location for the local registry,
+.BR /mnt/registry .
+Initial (static) service descriptions are taken from
+.B /lib/ndb/registry
+if it exists.
+It then starts a listener to give other hosts access to the registry as a Styx
+service at
+.BR tcp!*!registry ,
+normally port 6675.
+.PP
+.I Rstyx
+listens for incoming calls to the
+.B rstyx
+service, and invokes
+.IR rstyxd (8)
+to deal with each one.
+.PP
+.I Styx
+listens for incoming calls to the
+.B styx
+service,
+and for each one, authenticates the caller, then calls
+.IR export (4)
+to export the current root.
+.SH FILES
+.TF /keydb/signerkey
+.TP
+.B /keydb/keys
+encrypted file containing user secrets
+.TP
+.B /keydb/signerkey
+private key of authentication server
+.SH SOURCE
+.B /appl/svc/auth.sh
+.br
+.B /appl/svc/net.sh
+.br
+.B /appl/svc/registry.sh
+.br
+.B /appl/svc/rstyx.sh
+.br
+.B /appl/svc/styx.sh
+.SH SEE ALSO
+.IR listen (1),
+.IR export (4),
+.IR keyfs (4),
+.IR keysrv (4),
+.IR registry (4),
+.IR changelogin (8),
+.IR createsignerkey (8),
+.IR cs (8),
+.IR dns (8),
+.IR logind (8),
+.IR rstyxd (8),
+.IR signer (8)
diff --git a/man/8/touchcal b/man/8/touchcal
new file mode 100644
index 00000000..d18bc35e
--- /dev/null
+++ b/man/8/touchcal
@@ -0,0 +1,39 @@
+.TH TOUCHCAL 8
+.SH NAME
+touchcal \- touch screen calibration
+.SH SYNOPSIS
+.B touchcal
+.SH DESCRIPTION
+.I Touchcal
+draws a cross-hair in each corner of the screen in turn (clockwise from the lower left hand corner),
+and waits each time for the user to touch the centre of the cross-hair with the stylus.
+It then prompts with a final cross-hair in the centre of the screen, and waits once
+more for the user to touch its centre with the stylus.
+The process is repeated until
+.I touchcal
+can calculate a transformation matrix that consistently maps the touch panel to screen
+coordinates.
+It then writes corresponding calibration commands for
+.IR touch (3)
+on its standard output, which
+can be saved in a file on the device, perhaps
+provided in NVRAM by
+.IR tinyfs (3)
+or a file system in
+.IR ftl (3).
+.PP
+.I Touchcal
+can be used both inside and outside the
+.IR wm (1)
+environment,
+allowing calibration when the system is initialised, and whilst
+the window system is running.
+.SH FILES
+.TF "/dev/touchctl    "
+.TP
+.B /dev/touchctl
+reset or read existing settings
+.SH SOURCE
+.B /appl/cmd/touchcal.b
+.SH SEE ALSO
+.IR touch (3)
diff --git a/man/8/virgild b/man/8/virgild
new file mode 100644
index 00000000..30a61f10
--- /dev/null
+++ b/man/8/virgild
@@ -0,0 +1,55 @@
+.TH VIRGILD 8
+.SH NAME
+virgild \- connection service for remote clients
+.SH SYNOPSIS
+.B ndb/cs
+.br
+.B ip/virgild
+.SH DESCRIPTION
+.I Virgild
+receives requests for name service on UDP/IP
+port
+.BR virgil ,
+defined as
+2202 by
+.IR services (6),
+and hard-coded in
+.IR virgil (2).
+Each request has the form:
+.IP
+.IB userid ? machine-name
+.PP
+.I Virgild
+translates the
+.I machine-name
+using the local connection server
+(see
+.IR cs (8)),
+and sends a response of the following form to the requesting client:
+.IP
+.IB userid ? machine-name = network-address
+.PP
+If the
+.I machine-name
+cannot be translated,
+.I virgild
+makes no response;
+unless another server replies, the client's request will time out.
+.PP
+.I Virgild
+requires that
+.IR cs (8)
+be running before it is started.
+.SH SOURCE
+.B /appl/cmd/ip/virgild.b
+.SH "SEE ALSO"
+.IR rcmd (1),
+.IR cs (8)
+.SH BUGS
+The
+.I userid
+part is currently unused but must still be included.
+.br
+.I Virgild
+is single threaded: a delay in translating a name for one client will delay response
+to any subsequent clients.