Set WITH_ELFTOOLCHAIN_TOOLS in src.conf to use the elftoolchain version
of the following tools:
* addr2line
* elfcopy (strip / mcs)
* nm
* size
* strings
Reviewed by: bapt (earlier version)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D1224
- bootparamd
- bootpd
- finger/fingerd
- ftp/ftpd
- hastctl/hastd
- iscsid, et al
- rbootd
- talk/talkd
- tcpd, et al
- tftp/tftpd
Add src.conf entries for the various components and do a best effort
at adding components to tools/build/mk/OptionalObsoleteFiles.inc
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.
No objections from: net@
pjdfstest execution is opt-in and must be done as root due to some of the
assumptions made by the test suite and lack of error checking in the non-root
case
A description of how to execute pjdfstest with kyua is provided in
share/pjdfstest/README
Phabric: D824 (an earlier prototype patch)
MFC after: 1 month
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
While I'm there also correct typos in OptionalObsoleteFiles and add
information of the command line options for hv_kvp_daemon(8).
Reported by: jmg [1]
Reviewed by: jmg
MFC after: 2 weeks
gperf is used as a build tool for g++ and is not needed for Clang
architectures. Ports and third-party software that need it can use the
up-to-date devel/gperf port.
PR: 194103 (exp-run)
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D886
This is cleaner and eliminates the unneeded startup of KVP daemon on
systems that do not run as a Hyper-V guest.
Submitted by: hrs
X-MFC-with: 271493, 271688, 271699
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
This is a stable/10 candidate for inclusion with 10.1-RELEASE.
Submitted by: Wei Hu <weh microsoft com>
MFC after: 1 week
merge(1), which is part of the RCS package, it must not be installed if
WITHOUT_RCS update is set. Otherwise, it will produce confusing errors.
CR: https://reviews.freebsd.org/D691
MFC after: 1 week
Sponsored by: Spectra Logic
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
The new code uses a "test discovery mechanism" to determine
what tests are available for execution
The test shell can be specified via:
kyua test -v test_suites.FreeBSD.bin.sh.test_shell=/path/to/test/sh
Sponsored by: EMC / Isilon Storage Division
Approved by: jmmv (mentor)
Reviewed by: jilles (maintainer)
submitted via r268811
- Install the Kyuafile by adding FILES to FILESGROUPS
- Run the testcases with an unprivileged user
Some of the testcases depend upon behavior that's broken when
run as root on FreeBSD because of how permissions are treated
with access(2) vs eaccess(2), open(2), etc
- Simplify the test driver to just inspect the exit code from
run_test because it now exits with 0 if successful and exits
with !0 if unsuccessful
- Don't do ad hoc temporary directory creation/deletion; let Kyua
handle that
- Add entries for files removed in r268811 to
OptionalObsoleteFiles.inc
PR: 191020
X-MFC with: r268811
Approved by: jmmv (mentor)
Reviewed by: bapt
Sponsored by: EMC / Isilon Storage Division
- Make sure the tests go into the right directory. The location was
wrong so they were overwriting the bin/chown tests!
- Use the right naming scheme for the test program.
- Remove the svn:executable property from the shell script.
This is a redo of r267424, which was reverted in r267432 because it broke
"make buildworld" from FreeBSD 9.x. This issue has been resolved and this
change is still "make tinderbox" clean.
statically linked into consumers (GDB and variants) in the base
system, and the shared library is no longer installed.
That also allows ports to be able to use a modern version of readline
PR: 162948
Reviewed by: emaste
The test locale1.0 depends on locale support; it is meaningless without a
working LC_MESSAGES.
I added an OptionalObsoleteFiles.inc entry.
PR: 181151
Submitted by: Garrett Cooper (original version)
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
The _SUPPORT knobs have a consistent meaning which differs from the
behaviour controlled by this knob. As the knob is opt-out and has not
appeared in a release the impact should be low.
Suggested by: imp, wblock
MFC after: 1 week
This was never intended to be off by default but was done this way
because the initial patches broke the build. Things seem stable now
(have been so for a while too) and "make tinderbox" is clean so let's
try again.
Announced in freebsd-current; all reported shortcomings have been
addressed.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.
This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/. Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".
Committing this now to ride the UPDATING notice added with r267172 today.
The libatf-* major version numbers in FreeBSD were one version ahead of
upstream because, when atf was first imported into FreeBSD, the upstream
numbers were not respected. This is just confusing and bound to cause
problems down the road.
Fix this by taking advantage of the fact that libatf-* are now private
and that atf is not yet built by default. However, and unfortunately, a
clean build is needed for tests to continue working once "make
delete-old-libs" has been run; hence the note in UPDATING.
The description of WITH/WITHOUT tweaks should only document the non-default
option. TESTS still defaults to no, so the option to be documented is
WITH_TESTS.
We should not be leaking these interfaces to the outside world given
that it's much easier for third-party components to use the devel/atf
package from ports.
As a side-effect, we can also drop the ATF pkgconfig and aclocal files
from the base system. Nothing in the base system needs these, and it
was quite ugly to have to get them installed only so that a few ports
could build. The offending ports have been fixed to depend on
devel/atf explicitly.
Reviewed by: bapt
install it as fmake. This defaults to no. This should be viewed as the
first step towards evental migration of this historic code to ports
and removal from the tree.
building clang and/or gcc as the bootstrap compiler. Normally, the
default compiler is used. WITH_CLANG_BOOTSTRAP and/or
WITH_GCC_BOOTSTRAP will enable building these compilers as part
bootstrap phase. WITH/WITHOUT_CLANG_IS_CC controls which compiler is
used by default for the bootstrap phase, as well as which compiler is
installed as cc. buildworld now successfully completes building the
cross compiler with WITHOUT_CLANG=t and WITHOUT_GCC=t and produces a
built system with neither of these included.
Similarlly, MK_BINUTILS_BOOTSTRAP controls whether binutils is built
during this phase.
WITHOUT_CROSS_COMPILER will now force MK_BINUTILS_BOOTSTRAP=no,
MK_CLANG_BOOTSTRAP=no and MK_GCC_BOOTSTRAP=no.
BOOTSTRAP_COMPILER was considered, but rejected, since pc98 needs both
clang and gcc to bootstrap still. It should be revisisted in the
future if this requirement goes away. Values should be gcc, clang or
none. It could also be a list.
The odd interaction with Xfoo cross/external tools needs work, but
is beyond the scope of this change as well.
issues with vendors that needed 7.x support have been resolved. Many
vendors are still using 8.x build platforms, however, so bumping this
up to 9.0 will have to wait until that is resolved. Actual support for
building from 8.x still relies on those vendors fixing bugs that are
present as most developers have moved onto 9.x or newer platforms.
Reviewed by: marcel@
Note that these tests are for fmake, not bmake, and thus they are not
installed nor run when bmake is selected (the default). Yes, I have
wasted a *ton* of time on moving tests for no real reason other than
ensuring they are not left behind.
But maybe, just maybe, it was not work in vain: the majority of these
tests also work with bmake and the few that don't may point at broken
stuff. For example, the tests for the "archive" feature do not work
with bmake, but bmake's manpage and source tree seem to imply that they
should. So... to be investigated later; need to poke sjg@.
IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.
Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
It is a small and lightweight Mail Transport Agent.
It accepts mails from locally installed Mail User Agents (MUA) and delivers the
mails either locally or to a remote destination. Remote delivery includes
several features like TLS/SSL support, SMTP authentication and NULLCLIENT.
Make dma conditional to new WITHOUT_DMA option and make it respect WITHOUT_MAIL
Reviewed by: peter
Discussed with: emaste, bz, peter
all of the features in the current working draft of the upcoming C++
standard, provisionally named C++1y.
The code generator's performance is greatly increased, and the loop
auto-vectorizer is now enabled at -Os and -O2 in addition to -O3. The
PowerPC backend has made several major improvements to code generation
quality and compile time, and the X86, SPARC, ARM32, Aarch64 and SystemZ
backends have all seen major feature work.
Release notes for llvm and clang can be found here:
<http://llvm.org/releases/3.4/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.4/tools/clang/docs/ReleaseNotes.html>
MFC after: 1 month
commit 6b569451b9
Author: Brooks Davis <brooks@one-eyed-alien.net>
Date: Mon Jan 27 22:50:46 2014 +0000
Always install nmtree as mtree.
For compability, link mtree to nmtree.
X-MFC after: never
Sponsored by: DARPA, AFRL
Put test programs for internal modules into a 'detail' subdirectory of the
libatf-c and libatf-c++ test directories, just as the upstream distribution
does. This is necessary because the tests assume such layout to find the
process_helper program, and currently fail because of this divergence.
MFC after: 1 week
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.
Start with the following services:
- system.dns - provides API compatible to:
- gethostbyname(3),
- gethostbyname2(3),
- gethostbyaddr(3),
- getaddrinfo(3),
- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.
Sponsored by: The FreeBSD Foundation
Add all files from /usr/tests to the obsoleted files list when the
build of the tests is disabled via the WITHOUT_TESTS knob. Do this
automatically so that we do not have to suffer the pain of maintaining
such list by hand.
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary. Keeping the two just serves
to complicate the build.
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
good. This caused libc to spoof the ports libiconv namespace and
provide a colliding libiconv.so.3 to fool rtld. This should have
been removed some time ago.
r256095:
- Add gnu/usr.bin/rcs back to the base system.
r256120:
- Add WITHOUT_RCS back to src.conf.5.
r256121:
- Remove UPDATING entry regarding gnu/usr.bin/rcs removal.
Requested by: many
Approved by: re (marius)
Discussed with: core
The libarchive-based replacements have been used since 2009; the GNU
ones were kept to support source upgrades from FreeBSD 6.
Approved by: re@ (delphij)
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf. The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost. Alternatively, a list of forwarders can be provided on the
command line.
To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks. We should consider doing
the same for "status", which is currently pointless.
Add an rc script for unbound, called local_unbound. If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.
Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound. This is necessary so that
unbound can reload its configuration while chrooted. We should
probably provide symlinks in /etc.
Approved by: re (blanket)
This connects LLDB to the build, but it is disabled by default. Add
WITH_LLDB= to src.conf to build it.
Note that LLDB requires a C++11 compiler so is disabled on platforms
using GCC.
Approved by: re (gjb)
Sponsored by: DARPA, AFRL
The c++filt binary is only installed if ${MK_GCC} == yes && ${MK_CXX} ==
yes. This means that it should be removed if ${MK_GCC} == no ||
${MK_CXX} == no. In its current form, it actually uses a conjunction
instead of a disjunction.
As there is already a separate block for ${MK_CXX} == no listing
c++filt, simply remove the conditional entirely.
Approved by: re (gjb)
private shared libraries, instead of hacked-together archives of PIC
objects. This makes it possible to build a static libkrb5 that works.
Reviewed by: stas
Approved by: re (gjb)
To enable them, set WITH_GCC and WITH_GNUCXX in src.conf.
Make clang default to using libc++ on FreeBSD 10.
Bumped __FreeBSD_version for the change.
GCC is still enabled on PC98, because the PC98 bootloader requires GCC to build
(or, at least, hard-codes the use of gcc into its build).
Thanks to everyone who helped make the ports tree ready for this (and bapt
for coordinating them all). Also to imp for reviewing this and working on the
forward-porting of the changes in our gcc so that we're getting to a much
better place with regard to external toolchains.
Sorry to all of the people who helped who I forgot to mention by name.
Reviewed by: bapt, imp, dim, ...
As promised, drop the option to make the older GNU patch
the default.
GNU patch is still being built but something drastic may
happen to it to it before Release.
extensions and also tried to be link time compatible with ports libiconv.
This splits that functionality and enables the parts that shouldn't
interfere with the port by default.
WITH_ICONV (now on by default) - adds iconv.h, iconv_open(3) etc.
WITH_LIBICONV_COMPAT (off by default) adds the libiconv_open etc API, linker
symbols and even a stub libiconv.so.3 that are good enough to be able
to 'pkg delete -f libiconv' on a running system and reasonably expect it
to work.
I have tortured many machines over the last few days to try and reduce
the possibilities of foot-shooting as much as I can. I've successfully
recompiled to enable and disable the libiconv_compat modes, ports that use
libiconv alongside system iconv etc. If you don't enable the
WITH_LIBICONV_COMPAT switch, they don't share symbol space.
This is an extension of behavior on other system. iconv(3) is a standard
libc interface and libiconv port expects to be able to run alongside it on
systems that have it.
Bumped osreldate.
Remove it if the knob isn't tweaked. Certain ports seem to think that
if /usr/bin/iconv exists, then libc has built in libiconv things and will
blow up pretty nicely when built.
Reviewed by: gjb@
MFC after: 2 weeks
The BSD-licensed patch(1) command has matured and it's behaviour
can be considered equivalent to the older version of GNU patch
in the tree.
The switch has been extensively tested [1] and only two ports
presented regressions, which have since been fixed.
For convenience a new WITH_GNU_PATCH option is available,
but it will likely be removed in the near future.
PR: 176313
Approved by: portmgr
make the ARM EABI the default ABI on arm, armeb, armv6 and armv6eb.
This is intended to be the default ABI from now on with the old ABI to be
retired. Because of this all users are strongly suggested to upgrade to the
ARM EABI.
As the two ABIs are incompatible it is unlikely upgrading in place will
work. Users should perform a full backup and either use an external machine
to upgrade, or install to an alternative location on their media. They
should also reinstall all ports or packages when these are available.
The only known issues are:
- pkg incorrectly detects the ABI. This is fixed upstream, and will a
patch will be made to the port.
- GDB can have issues with executables built with clang.
__FreeBSD_version has been bumped.
This is a workaround for WITH_LDNS_UTILS forcing BIND_UTILS off. It can
be reverted when we no longer have these conflicting options, or made more
general if we grow more cases like this.
debug files for userland programs and libraries. The "-g" debug flag
is automatically applied when WITH_DEBUG_FILES is set.
The debug files are now named ${prog}.debug and ${shlib}.debug for
consistency with other systems and documentation. In addition they are
installed under /usr/lib/debug, to simplify the process of installing
them if needed after a crash. Users of bsd.{prog,lib}.mk outside of the
base system place the standalone debug files in a .debug subdirectory.
GDB automatically searches both of these directories for standalone
debug files.
Thanks to everyone who contributed changes, review, and testing during
development.
specified by passing the XCC, XCXX, and XCPP variables (corresponding to
CC, CXX, and CPP) to buildworld/buildkernel. The compiler must be clang
or be configured to target the appropriate architecture.
To speed build times, if XCC is an absolute path or
WITHOUT_CROSS_COMPILER is defined then no cross compiler will be built
during the cross-tools stage.
Limited documentation of this feature can currently be found at:
https://wiki.freebsd.org/ExternalToolchain
This functionality should be considered experimental and is subject to
change without notice.
Sponsored by: DARPA, AFRL
Discussed with: imp, sjg
The European version of the patent expired in 2011.
The US version of the patent expired in 2012 or prior.
Reviewed by: des
No objection from: cperciva, ehaupt
upcoming 3.3 release (branching and freezing expected in a few weeks).
Preliminary release notes can be found at the usual location:
<http://llvm.org/docs/ReleaseNotes.html>
An MFC is planned once the actual 3.3 release is finished.
Dont use/link ARCMT, StaticAnalyzer and Rewriter to clang when the user
specifies not to. Dont build ASTMatchers with Rewriter disabled and
StaticAnalyzer when it's disabled.
Without all those three, the clang binary shrinks (x86_64) from ~36MB
to ~32MB (unstripped).
To disable these clang components, and get a smaller clang binary built
and installed, set WITHOUT_CLANG_FULL in src.conf(5). During the
initial stages of buildworld, those extra components are already
disabled automatically, to save some build time.
MFC after: 1 week
DragonflyBSD and install it as bsdpatch. WITH_BSD_PATCH makes it
default and installs GNU patch as gnupatch.
Submitted by: pfg
Obtained from: The DragonflyBSD Project
ARM EABI support is disabled by default and can be enabled by setting
WITH_ARM_EABI when building, however only the kernel-toolchain target will
work with this flag until the rest of the support is added.
which, only after authentication, disables crypto, and only for sessions
without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com)
PR: bin/163095
MFC after: 10 days
but committing it helps to get everyone on the same page and makes
sure we make progress.
Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.
Credits follow:
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@
1. Don't do upgrade_checks when using bmake. As long as we have WITH_BMAKE,
there's a bootstrap complication in ths respect. Avoid it. Make the
necessary changes to have upgrade_checks work wth bmake anyway.
2. Remove the use of -E. It's not needed in our build because we use ?= for
the respective variables, which means that we'll take the environment
value (if any) anyway.
3. Properly declare phony targets as phony as bmake is a lot smarter (and
thus agressive) about build avoidance.
4. Make sure CLEANFILES is complete and use it on .NOPATH. bmake is a lot
smarter about build avoidance and should not find files we generate in
the source tree. We should not have files in the repository we want to
generate, but this is an easier way to cross this hurdle.
5. Have behavior under bmake the same as it is under make with respect to
halting when sub-commands fail. Add "set -e" to compound commands so
that bmake is informed when sub-commands fail.
6. Make sure crunchgen uses the same make as the rest of the build. This
is important when the make utility isn't called make (but bmake for
example).
7. While here, add support for using MAKEOBJDIR to set the object tree
location. It's the second alternative bmake looks for when determining
the actual object directory (= .OBJDIR).
Submitted by: Simon Gerraty <sjg@juniper.net>
Submitted by: John Van Horne <jvanhorne@juniper.net>
of FreeBSD's make by setting WITH_BMAKE. The WITH_BMAKE build makes it
easy for people to switch while working out the kinks -- think ports
tree here. The option will be removed in due time.
Submitted by: Simon Gerraty (sjg@juniper.net)
versions. Instead use Imp's good work on "legacy" and follow the outcome
of the previous TRB discussions on this topic.
Now use the libc getline() if it exists, and only where it doesn't
create a bootstraping version.
deprecated sysinstall(8). NOTE: WITH_BSDCONFIG is currently required.
Submitted by: Devin Teske (dteske), Ron McDowell <rcm@fuzzwad.org>
Reviewed by: Ron McDowell <rcm@fuzzwad.org>
Approved by: Ed Maste (emaste)
to build FreeBSD (they are used in Perl man pages). We never needed embedded
"!" in targets that I can find.
We got this from OpenBSD and I cannot find any other make that supports
such things -- contrary to their commit message claim: "This behaviour
is also consistent with other versions of make.".
Do not condition usr.sbin/pkg building on WITHOUT_PKGTOOLS anymore, so that users can
remove the old pkg_* tools without removing the pkgng boostrap
Approved by: des (mentor)
MFC after: 1 month
"gnusort". Most of the BSD sort development work was done by
Oleg Moskalenko <oleg.moskalenko@citrix.com>.
- GNU grep can be set to default by setting WITH_GNU_GREP. It will cause
BSD sort to be installed as "bsdsort".
Portbuild tested by: linimon
The NAND Flash environment consists of several distinct components:
- NAND framework (drivers harness for NAND controllers and NAND chips)
- NAND simulator (NANDsim)
- NAND file system (NAND FS)
- Companion tools and utilities
- Documentation (manual pages)
This work is still experimental. Please use with caution.
Obtained from: Semihalf
Supported by: FreeBSD Foundation, Juniper Networks
"bsdsort" and GNU sort will be the default "sort". When WITH_BSD_SORT
is set, BSD sort will be the default "sort" and GNU sort will be installed
as "gnusort".
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
installs clang as /usr/bin/cc, /usr/bin/c++ and /usr/bin/cpp.
Note this does *not* disable building and installing gcc, which will
still be available as /usr/bin/gcc, /usr/bin/g++ and /usr/bin/gcpp. If
you want to disable gcc completely, you must use WITHOUT_GCC.
MFC after: 2 weeks
At first, I added a utility called utxrm(8) to remove stale entries from
the user accounting database. It seems there are cases in which we need
to perform different operations on the database as well. Simply rename
utxrm(8) to utx(8) and place the old code under the "rm" command.
In addition to "rm", this tool supports "boot" and "shutdown", which are
going to be used by an rc-script which I am going to commit separately.
kernel modules that include binary-only code.
More fine-grained control is provided via MK_SOURCELESS_HOST (for native code
that runs on host CPU) and MK_SOURCELESS_UCODE (for microcode).
Reviewed by: julian, delphij, freebsd-arch
Approved by: kib (mentor)
MFC after: 2 weeks
The wtmpcvt(1) utility converts wtmp files to the new format used by
utmpx(3). Now that HEAD has been branched to stable/9 and 9.0 is
released, there is no need for it in HEAD.
MFC after: never
allow the built-in operations to be redefined, at least not without
excessive force).
Instead, just disable LLVM's support for atomic operations for now.
Nothing in either clang or the tablegen tools currently depends on it.
This still allows users of head built before r198344 to upgrade to
top-of-head seamlessly.
emits calls for them, rather than expanding them inline. Older FreeBSD
versions compile for i386 by default and as such we end up with
unresolved symbols when we build LLVM's TableGen utility as a build
tool on them. Add the functions that GCC emits here, but don't bother
to make them atomic. Such is not needed.
Submitted by: marcel
MFC after: 1 week
