- Treat old engine DSOs from OpenSSL 1.1.1 as OLD_LIBS, not OLD_FILES.
These should only be deleted by make delete-old-libs similar to how
PAM modules are treated.
- Add /usr/lib32/engines to OLD_DIRS. lib32 automation does not apply
to OLD_DIRS.
Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org>
Differential Revision: https://reviews.freebsd.org/D41034
These are present (and empty) on a system installed post-GCC removal.
Reviewed by: imp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D40878
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.
Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0. For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0. Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1. The process of updating to contemporary APIs can continue after
this merge.
Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit. Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.
There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy).
Investigation will continue for these.
Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.
Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.
PR: 271615
PR: 271656 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
The untrusted certs directory was renamed a while ago and these
files were moved to the new location. Various upgrade paths cause
these files to be missed and prevent deletion of the directory.
* Overhaul the GNU compatibility mode to more closely emulate what the GNU tools do.
* Add a Perl compatibility mode which emulates the shasum tool that ships with Perl. This is currently not installed.
* Overhaul the tests.
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D39446
Rather than having a tool in the FreeBSD base system for obtaining
the FreeBSD ports tree, users are encouraged to `pkg install git`
and then `git clone https://git.FreeBSD.org/ports.git /usr/ports`.
The portsnap servers will continue operating until FreeBSD 13 reaches
its End-of-Life, and portsnap is available from the ports tree as
ports-mgmt/portsnap.
Requested by: portmgr
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D39563
X-MFC: no
These libraries are linked to directly by applications rather than
opened at runtime via dlopen().
Discussed with: oshogbo
Reviewed by: markj, emaste
Differential Revision: https://reviews.freebsd.org/D39245
These functions, vcount() and count_dev(), no longer exist in the source
tree.
Reviewed by: rpokala
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39128
As in 76b6a59f9d, encode upper-case flag tests with a leading
underbar to avoid collisions (thus, erroneously dirty git repos) on
case-sensitive filesystems.
Sponsored by: Klara, Inc.
This standalone module is the last vestage of ATM support in the tree so
send it on its way.
Reviewed by: manu, emaste
Relnotes: yes
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D38880
Most ATM support was removed prior to FreeBSD 12. The netgraph support
was kept as it was less intrusive, but it is presumed to be unused.
Reviewed by: manu
Relnotes: yes
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D38879
rc.d/hostid_save saves a UUID generated by rc.d/hostid in /etc/hostid.
Store the same UUID, without hyphens, in /etc/machine-id. The hypĥens
are removed with a shell function because hostid_save runs before file
systems are mounted so other tools may not be available yet.
This eliminates some duplication between hostid and machine-id and for
virtual machines machine-id now contains the UUID configured in the
hypervisor like it does on Linux.
Reviewed by: delphij
Discussed with: bapt
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38811
Sponsored by: The FreeBSD Foundation
Fixes: d1c7405ef6 ("PCBGROUP.9: remove obsolete man page")
Fixes: 52f9a2823c ("rtalloc.9: remove obsolete man page")
These ports have been removed so these knobs are no longer meaningful.
This reverts commit 608289394f.
This reverts commit 39eb07f172.
Reviewed by: imp, bapt, emaste
Differential Revision: https://reviews.freebsd.org/D38562
Since f5024381ac we have also built and installed several clang
runtime support libraries (for sanitizers) on powerpc64le, so add
entries to properly clean these up when upgrading.
Reported by: pkubaj
PR: 269423
MFC after: 2 weeks
Since f5024381ac we have also built and installed several clang
runtime support libraries (for sanitizers) on powerpc64, so add entries
to properly clean these up when upgrading.
Reported by: pkubaj
PR: 269423
MFC after: 2 weeks
Address two issues with current help file logic:
The existing condition prevents the common help file from being
installed when there are no additional help files defined. This results
in no loader.help on EFI platforms, for example.
Second, due to the fact that we build and install multiple loader types,
each successive install will clobber the previous loader.help. The
result is that we could lose type-specific commands, or possibly list
them in loaders that do not have such commands.
Instead, give each loader type a uniquely named help file. The EFI
loader will look for /boot/loader.help.efi, userboot will look for
/boot/loader.help.userboot, etc. The interpreter variant has no effect
on which help file is loaded.
This leaves the old /boot/loader.help unused.
Some credit for the final approach goes to Mathieu <sigsys@gmail.com>
for their version of the fix in https://reviews.freebsd.org/D22951.
PR: 267134
Reported by: Daniel O'Connor <darius@dons.net.au>
Reviewed by: imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28591
timeout(1) is used by /etc/rc.d/zfskeys. Unfortunately, having
timeout(1) installed in /usr/bin causes problems when /usr is an
encrypted ZFS partition.
Implementing timeout(1) in sh(1) is not trivial. A more elegant solution
is to move timeout(1) to /bin so that it is available to early services
in the boot process.
PR: 265221
Reviewed by: allanjude, des, imp
Approved by: allanjude, des, imp
Reported by: Ivan <r4@sovserv.ru>
Fixes: 33ff39796f Add zfskeys rc.d script for auto-loading encryption keys
MFC after: 1 week
Relnotes: yes
Sponsored by: Modirum MDPay
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D38344
This KPI was removed in d223372545. Note that there are a handful of
references remaining in the src tree to these rtalloc functions that
could be cleaned up by someone with more domain knowledge.
Reviewed by: pauamma (manpages), glebius, melifaro
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38188
The PCBGROUP option and KPI were removed entirely in 93c67567e0.
Reviewed by: pauamma (manpages), glebius, melifaro
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38187
This subsystem is superseded by modern debugging facilities,
e.g. DTrace probes and TCP black box logging.
We intentionally leave SO_DEBUG in place, as many utilities may
set it on a socket. Also the tcp::debug DTrace probes look at
this flag on a socket.
Reviewed by: gnn, tuexen
Discussed with: rscheff, rrs, jtl
Differential revision: https://reviews.freebsd.org/D37694
Sync serial (e.g. T1/T1/G.703) interfaces are obsolete, this driver
includes obfuscated source, and has reported potential security issues.
Differential Revision: https://reviews.freebsd.org/D33468
trpt(8) was utility to pull TCP debugging data from the kernel
originating back from 4.2BSD. It is not used nowadays by TCP
developers. We have more powerful debugging facilities, e.g.
the Dtrace probing, the TCP black box logging and siftr.
Discussed with: rscheff, tuexen, rrs, jtl and others
othermta (along with mta_start_script configuration entry in rc.conf)
was a mechanism used to be able to run another mta than sendmail(8) before
"rcng" time 20 years ago.
othermta has not been used since.