into ffs_sbsearch() to allow use by other parts of the system.
Historically only fsck_ffs(8), the UFS filesystem checker, had code
to track down and use alternate UFS superblocks. Since fsdb(8) used
much of the fsck_ffs(8) implementation it had some ability to track
down alternate superblocks.
This change extracts the code to track down alternate superblocks
from fsck_ffs(8) and puts it into a new function ffs_sbsearch() in
sys/ufs/ffs/ffs_subr.c. Like ffs_sbget() and ffs_sbput() also found
in ffs_subr.c, these functions can be used directly by the kernel
subsystems. Additionally they are exported to the UFS library,
libufs(8) so that they can be used by user-level programs. The new
functions added to libufs(8) are sbfind(3) that is an alternative
to sbread(3) and sbsearch(3) that is an alternative to sbget(3).
See their manual pages for further details.
The utilities that have been changed to search for superblocks are
dumpfs(8), fsdb(8), ffsinfo(8), and fsck_ffs(8). Also, the prtblknos(8)
tool found in tools/diag/prtblknos searches for superblocks.
The UFS specific mount code uses the superblock search interface
when mounting the root filesystem and when the administrator doing
a mount(8) command specifies the force flag (-f). The standalone UFS
boot code (found in stand/libsa/ufs.c) uses the superblock search
code in the hope of being able to get the system up and running so
that fsck_ffs(8) can be used to get the filesystem cleaned up.
The following utilities have not been changed to search for
superblocks: clri(8), tunefs(8), snapinfo(8), fstyp(8), quot(8),
dump(8), fsirand(8), growfs(8), quotacheck(8), gjournal(8), and
glabel(8). When these utilities fail, they do report the cause of
the failure. The one exception is the tasting code used to try and
figure what a given disk contains. The tasting code will remain
silent so as not to put out a slew of messages as it trying to taste
every new mass storage device that shows up.
Reviewed by: kib
Reviewed by: Warner Losh
Tested by: Peter Holm
Differential Revision: https://reviews.freebsd.org/D36053
Sponsored by: The FreeBSD Foundation
A future commit will actually implement //IGNORE so that applications
using base iconv can, e.g., sanitize UTF-8 strings. To do this, the
iconv_std module needs to be able to determine the minimum width for any
given encoding so that it can skip that many bytes in the input buffer.
This is mainly an issue for UTF-16 and UTF-32.
This commit bumps shlib versions to 5 for libiconv modules to reflect
the ABI change. It also fixes OptionalObsoleteFiles to remove the
libiconv modules if WITHOUT_ICONV is in use.
re: _ENCODING_MB_CUR_MIN, note that this file (citrus_stdenc_template.h)
is included at the bottom of an encoding *implementation*, so the
implementation is free to #define it prior. UTF1632 is a good example,
as it redefines the minimum to be a property on the encodinginfo, and
the minimum is set to 2 or 4 bytes for UTF-16 and UTF-32 respectively.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34344
Record error condition when iconv_open() fails rather than leaving a
bogus iconv_t that iconv_close() can later choke on; this is one failure
mode.
If we opened MAX_LIMIT files with success, we need to rewind one so that
we don't iconv_close() one past the end of cd; this is the second
failure mode.
Sponsored by: Klara, Inc.
By convention, kernel threads must call kthread_exit() instead of
blindly returning from the thread function. We have some safety measure
in fork_exit(), which checks for the P_KPROC p_flag and does
kthread_exit() for kernel thread that forgot to do it itself.
But this workaround only works for kernel threads belonging to the
kernel process. If a kernel thread is attached to the normal process
with live userspace, and does not call kthread_exit(), then the
workaround is not activated, and for amd64 at least, the return from the
thread function/fork_exit() results in the return to userspace with the
copy of frame from the thread that did kthread_add().
Practically for smrstress, this destroys the user stack of the still
active frame in the other thread, which was the caller of kthread_add().
Fix it by adding kthread_exit() to the thread function.
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D35999
MK_LOADER_ZFS is the current spelling of enabling or disabling ZFS
builds. Use it instead of MK_ZFS.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D35896
When WITHOUT_SENDMAIL is enabled and WITHOUT_MAILWRAPPER is disabled
we install /bin/rmail as a link to the /usr/sbin/mailwrapper.
Ensure make delete-old does not unlink /bin/rmail in that case.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35874
MFC after: 2 weeks
libnv and libnvpair have aliased symbols, and as a result a single process which
dlopens a shared object that is dynamically linked to libnv and another to
libnvpair will wind up with a single set of resolved symbols for those in
conflict. A source file also cannot include both libnv and libnvpair headers
because of aliased identifiers. To resolve the situation, libnv types and
functions are namespaced via nv_namespace.h, and libnv symbols are
versioned. The msgio functions are not namespaced or exported as they are not
part of the external API.
Reviewed by: kevans
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35261
bmake will not think that object files such as read.o are out of date
due to common.h changing since the dependency is only recorded in
.depend.kqtest.read.o in an old object directory.
Reviewed by: markj
Fixes: 68fe988a40 kqueue tests: Simplify the test runner
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D35820
We build lua by default, so we don't need another build to build it
enabled w/o FORTH. That gives little value over the without forth
builds. Remove all mips, they are no longer relevant. Build aarch64
everywhere we build amd64 (except firewire which is x86 only). Build a
few more architectures once so we have at least one of every arch we
support in at least the default build. This should increase coverage
and still take less time than before.
Sponsored by: Netflix
Add an option to enable/disable DTrace without disabling ZFS. New
architectures such as CHERI may support ZFS before they support DTrace
and the old model of WITHOUT_CDDL disabling both wasn't helpful.
For compatiblity, the CDDL option remains and WITHOUT_CDDL implies
WITHOUT_DTRACE. WITHOUT_DTRACE also implies WITHOUT_CTF.
As part of this change, largely convert cddl/*/Makefile to using the
more compact SUBDIR.${MK_<FOO>}+= form rather than using intermediate
variables.
Reviewed by: markj
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D35718
Note that lld enables relro by default, so that we already had either
partial or full RELRO, depending on the state of the BIND_NOW knob.
Add a RELRO knob so that the option can be disabled if desired, and so
that builds using the GNU toolchain are equivalent to those using the
standard Clang/LLVM toolchain.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35545
Prior to 9b6edf364e WITHOUT_KERNEL_SYMBOLS split kernel debug data
into standalone debug files at build time, but did not install those
files. As of 9b6edf364e it stopped splitting the debug data, leaving
it in the kernel and modules (the default kernel configs include
DEBUG=-g).
Revert 9b6edf364e and introduce a new build-time SPLIT_KERNEL_DEBUG
knob, as some people rely on the pre-9b6edf364eb0 WITHOUT_KERNEL_SYMBOLS
behaviour and that was imp's original intent.
PR: 264433
Reviewed by: eugen, imp
MFC after: 3 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35437
Debug data is enabled via `makeoptions DEBUG=-g` in the kernel config
file (e.g. GENERIC).
If debug data is enabled and WITHOUT_KERNEL_SYMBOLS is set then debug
data is included in the kernel and module files.
PR: 264433
Discussed with: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
I completely forgot about updating the generated llvm-project config
files, which also contain version numbers, etc. Sorry for the churn.
PR: 261742
Fixes: ab9d54731f
MFC after: 3 days
... to take into account programs and libraries which might implement
some ZFS-specific features without being exclusive to ZFS.
Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35337
Some of the sanitizers from compiler-rt can use ignore lists, which are
loosely modeled on valgrind's example. Upstream provides default lists
for AddressSanitizer, CFI, and MemorySanitizer, so install these in the
expected location, /usr/lib/clang/14.0.3/share.
Reviewed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35338
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-14-init-18294-gdb01b123d012, the last commit before
the upstream release/14.x branch was created.
PR: 261742
MFC after: 2 weeks
src.conf(5) previously stated they would be removed before FreeBSD 12.0,
but that did not happen. Change it to "a future version of FreeBSD."
Also pick up LOADER_KBOOT change (enabled on x86) in src.conf regen.
Reported by: jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
GCC still wants to link against (for example) libc_p.a when -pg is in
use, and it's unclear when and how this will be addressed. Change the
WITH_PROFILE option description to claim that it may be removed from an
unspecified future version of FreeBSD, rather than FreeBSD 14.
Reported by: Steve Kargl
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
usage: mfc-candidates.sh [-ah] [-f from_branch] [-t to_branch]
[-u user] [-X exclude_file] [path ...]
This tool compares git commit hashes that are in from_branch and not in
to_branch with hashes listed in "cherry picked from" lines, finding
commits that may be MFC candidates. By default it searches for commits
by ${USER} but that can be overridden with -u for a specific user or -a
for all.
gonzo@'s MFC tracker is a web application that presents this sort of
information in a more convenient way, and unlike this script it tracks
"MFC After" status and timing. However, it is sometimes useful to be
able to perform an offline search against a local repo.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34208
FreeBSD's shell permits [^bar] to match characters not in [bar] like
common regular expressions. This is non-portable and '!' should be
used in place of '^' for portability.
Reported by: Nathaniel Wesley Filardo
Issue: https://github.com/CTSRD-CHERI/cheribsd/issues/1321
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D34597
When there are multiple devices sharing the same USB vendor and product ID,
the wrong device may be selected. Fix this by also matching the bus and
device address, ugen<X>.<Y> .
MFC after: 1 week
Sponsored by: NVIDIA Networking
Use it instead of the existing ctf.h from OpenSolaris. This makes it
easier to use CTF in the core kernel, and to extend the CTF format to
support wider type IDs.
The imported ctf.h is modified to depend only on _types.h, and also to
provide macros which use the "parent" bit of a type ID to refer to types
in a parent CTF container.
No functional change intended.
Reviewed by: Domagoj Stolfa, emaste
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34358
FreeBSD sh supports this but other common POSIX shells do not; in
particular, dash does not, unlike bash and zsh. This allows the script
to be used on non-FreeBSD systems for release media building.
Reviewed by: emaste, brooks
Differential Revision: https://reviews.freebsd.org/D34000
net/pfvar.h is installed unconditionally, but depends on files that are
installed conditionally. Until that can be sorted out, temporarily add
this back to badfiles.inc to cope with MK_PF=no failing.
Sponsored by: Netflix
I intend to move these into lib/libthr/tests/ and connect to kyua. This
is a first step to address warnings emitted when building using standard
make infrastructure.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34306
Properly handle the case where the title of one commit is a suffix or
prefix of the title of a second commit, and one wishes to create reviews
for both.
Reported by: chuck
We have a directory structure for the FAT partition now with EFI and DTC
overlays, so we need to recursively copy it.
Differential Revision: https://reviews.freebsd.org/D34241
Install headers from LLVM's libunwind in place of the headers from
libcxxrt and allow C applications to use the library.
As part of this, remove include/unwind.h and switch libthr over to
using the installed unwind.h.
Reviewed by: dim, emaste
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D34065
s=/=_=g in tested names so that all the objects live in $OBJDIR. This is
more robust than depending on side effects of auto OBJDIR features and
should fix buildworld issues some people have seen.
Suggested by: sjg@
Sponsored by: Netflix
manu@ removed support for loading ubldr* from uboot last year. No need
to copy them to the image. This may be needed for some 32-bit platforms
in theory, but those platforms weren't ever the target for nanobsd that
I'm aware of. Should there be platforms where this is used, we can add
it to building those platforms.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34191
The text after .error et al is emitted verbatim.
Reviewed by: sjg
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33904
- Add usr/lib32/libfoo.so.N for lib/libfoo.so.N.
- Add usr/lib32/foo for usr/lib/foo.
- Treat casper libraries special since they are installed to
/usr/lib32 instead of /usr/lib32/casper and thus map
usr/lib/casper/foo to usr/lib32/foo.
Note that OLD_DIRS and MOVED_LIBS entries are not duplicated, only
OLD_FILES and OLD_LIBS.
Reviewed by: imp, emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33324
- Be more explicit in the difference between OLD_DIRS and OLD_FILES
(the former is only in delete-old-libs whereas the latter is in
delete-old).
- Document that debug symbols in /usr/lib/debug/ for files in
OLD_FILES and OLD_LIBS are removed as well.
Reviewed by: emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33847
Add some test cases, based on the existing nullfs10 scenario, to
ensure that unionfs write references are propagated between the
unionfs and underlying vnodes, including unionfs copy-on-write
operations
Reviewed by: kib (prior version), markj, pho
Differential Revision: https://reviews.freebsd.org/D33729
Entries for foo.debug files matching an existing entry in OLD_FILES or
OLD_LIBS are unnecessary as they are auto-generated.
Reviewed by: imp, emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33777
This file does not build for WITHOUT_PF sometimes. Looking at various
ways to cope (it exposes other issues too), but in the mean time just
add it back here to unbreak WITHOUT_PF in some scenarios.
Sponsored by: Netflix
Previously algorithms such as AES-CBC would provide an algorithm
without a key size for the smallest key size and additional algorithms
with an explicit key size, e.g. "aes-cbc" (128 bits), "aes-cbc192",
and "aes-cbc256".
Instead, always make the key size name explicit and reuse the
"generic" name to request running tests against all of the key sizes.
For example, for AES-CBC this means "aes-cbc128" is now the name of
the variant with a 128-bit key and "aes-cbc" runs tests of AES-CBC
with all three key sizes.
This makes it easier to run tests on all combinations of ciphers like
AES-GCM or AES-CCM with -z in a single invocation.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33759
Shortlinks occupy the space of both di_db and di_ib when used. However,
everywhere that wants to read or write a shortlink takes a pointer do
di_db and promptly runs off the end of it into di_ib. This is fine on
most architectures, if a little dodgy. However, on CHERI, the compiler
can optionally restrict the bounds on pointers to subobjects to just
that subobject, in order to mitigate intra-object buffer overflows, and
this is enabled in CheriBSD's pure-capability kernels.
Instead, clean this up by inserting a union such that a new di_shortlink
can be added with the right size and element type, avoiding the need to
cast and allowing the use of the DIP macro to access the field. This
also mirrors how the ext2fs code implements extents support, with the
exact same structure other than having a uint32_t i_data[] instead of a
char di_shortlink[].
Reviewed by: mckusick, jhb
Differential Revision: https://reviews.freebsd.org/D33650
This hasn't been updated in 10 years in any real way. It's time to
retire it. It hasn't worked in some time due to drivers being removed
starting in FreeBSD 10. All the interesting bits have already been
hoisted into other parts of base. The google code site hasn't had any
commits since 2011 and claims to Target FreeBSD 5, 6, 7, and 8.
Should someone fix the numerous issues, it can be restored.
Sponsored by: Netflix
Reviewed by: brooks
Differential Revision: https://reviews.freebsd.org/D33450
This ensures we don't end up listing files we've excluded (e.g. those
starting with _).
Add a slight hack to preserve the existing order (sys, then net) in
badfiles.inc.
Reviewed by: imp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33505
We need to build the .o's, but don't need to link. Build a static
library instead of a binary to accmoplish this. This removes the need to
have all the libc and crt stuff built, which is required for a
binary. In addition, trying to build a non-standard binary runs into
trouble with undefined symbols on arm related to EABI, even when using a
simplified startup with -nostdlib -e start.
Turn back on testing includes, now that it works.
Sponsored by: Netflix
Reviewed by: brooks, markj (prior version)
Differential Revision: https://reviews.freebsd.org/D33452
Whilst the commit message documented some of the details, I had intended
to include this comment in the actual header, but failed to amend the
commit properly.
Fixes: 9e5b0d9eac ("cross-build: Fix bmake bootstrap with glibc 2.34")
MFC after: 1 week
As of glibc 2.34, our unistd.h wrapper's inclusion of stdlib.h exposes
fragility in glibc's sys/wait.h and corresponding part of stdlib.h,
leading to "error: use of undeclared identifier 'WNOHANG'" and similar
errors when bootstrapping bmake.
Work around this by wrapping sys/wait.h to force stdlib.h's inclusion
first before it's implicitly included during the problematic window in
sys/wait.h.
MFC after: 1 week
A number of header files in sys/* have, going back to 7th Edition Unix
in 1979, reqiured other files (like sys/types.h) to compile. Likewise
the 4BSD networking code has had prerequisites. However, going back to
around the turn of the 21st century, other systems have made them be
independently include-able (wide-spread header include protection
post-dates 7th edition Unix by maybe 3 or so years judging from USENET
source postings). Start down the path of making them all independently
include-able by creating this test that fails buildworld when they are
not.
The file 'badfiles.inc' contains a list of the currently broken files
that cannot be included w/o any prerequisites. As files are fixed, 'make
badfiles.inc' should be re-run to remove them from the list. Note: All
files that start with an underscore are considered internal and not
tested.
Please note: once a file is removed from badfiles.inc, it must pass on
all architectures. Buildworld through at least the _includes target is
needed to ensure its working (though a buildkernel should also be done
on all architectures as well).
Sponsored by: Netflix
Reviewed by: brooks, markj
Differential Revision: https://reviews.freebsd.org/D32498
That commit changed libc to use the MI pdfork implementation, but with
an incremental build the object file for the pdfork.S stub lingers and
causes a linker error.
Cleaning the depend file is not enouch, so modify clean_deps() to remove
object files as well, and add a call to ensure that pdfork.*o is
cleaned. The new file is _pdfork.o.
Reported by: jhb
Reviewed by: emaste
Fixes: cbdec8db18 ("libc: Add pdfork to the list of interposed system calls")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33322
Linux's pwd.h does not define _PASSWORD_EFMT1 (macOS's does), so we need
to define it in order to be able to bootstrap libcrypt (crypt-des.c uses
it) on non-FreeBSD, which will be done in a subsequent commit.
MFC after: 1 week
This is where it's defined in the base system, so is where libcrypt
expects it to exist when being built, and will be needed when being
bootstrapped in a subsequent commit.
MFC after: 1 week
This is needed for the next commit which will make libz a bootstrap
library as needed by ctfconvert. We could just not install the .pc file
as it's not needed, but that requires a per-library hack every time a
bootstrap library gains a .pc file, so this keeps bootstrap-tools
looking as much like a normal build as possible.
MFC after: 1 week
GCC doesn't have this warning and so also doesn't have the flag to
disable it, resulting in it spewing a bunch of warnings about the
command line option being unrecognised.
MFC after: 1 week
Use OLD_FILES for a few symbolic links and static libraries previously
included in OLD_LIBS.
Add a missing shared library major number to an old libroken entry.
This reverts commit 266f97b5e9, reversing
changes made to a10253cffe.
A mismerge of a merge to catch up to main resulted in files being
committed which should not have been.
Contrary to the previous description WITHOUT_CXX does not disable
/usr/bin/c++, which is just a link to Clang. We also no longer have
gperf.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
The ports tree now has its own prepare-commit-msg Git hook, so there is
not need to keep ports-specific metadata fields around in the src tree.
Differential Revision: https://reviews.freebsd.org/D29860
In fact MK_CXX does not control whether /usr/bin/c++ is built -- it is
installed as a link to Clang (which is always a C/C++ compiler), and it
already exists in OptionalObsoleteFiles under MK_TOOLCHAIN.
Sponsored by: The FreeBSD Foundation
/usr/bin/CC is installed by usr.bin/clang/clang/Makefile, as with
/usr/bin/cc, /usr/bin/cpp, etc., and is not controlled by MK_CXX.
Move it to the same section as those tools.
(It may be that these should all be under
MK_TOOLCHAIN == no || MK_CLANG_IS_CC == no, but that seems like
unnecessary complexity.)
Sponsored by: The FreeBSD Foundation
g++ and cc1plus were GCC components that are already removed
unconditionally in ObsoleteFiles.inc.
Reported by: jhb (in review D33108)
Fixes: 57f804675e ("remove GCC 4.2.1 build infrastructure")
Sponsored by: The FreeBSD Foundation
Belatedly remove twa(4). It was supposed to go before 13.0, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33114
Belatedly remove esp(4). It was tagged as gone in 13, but was overlooked
until now.
Sponsored by: Netflix
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33115
Belatedly remove amr(4). It was slated to depart before 13.0 but was
overlooked until now.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33113
Belatedly remove iir(4). It was slated to go before 13, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33112
We'd said this was going away in 13, but was overlooked. Belatedly
remove.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33111
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-13-init-16847-g88e66fa60ae5, the last commit before
the upstream release/13.x branch was created.
PR: 258209
MFC after: 2 weeks
Description of FIDO/U2F support (from OpenSSH 8.2 release notes,
https://www.openssh.com/txt/release-8.2):
This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication. In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.
ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly
authorise operations by touching or tapping them.
Generating a FIDO key requires the token be attached, and will
usually require the user tap the token to confirm the operation:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your security key to authorize key generation.
Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub
This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any
other supported key in OpenSSH and may be listed in authorized_keys,
added to ssh-agent(1), etc. The only additional stipulation is that
the FIDO token that the key belongs to must be attached when the key
is used.
To enable FIDO/U2F support, this change regenerates ssh_namespace.h,
adds ssh-sk-helper, and sets ENABLE_SK_INTERNAL (unless building
WITHOUT_USB).
devd integration is not included in this change, and is under
investigation for the base system. In the interim the security/u2f-devd
port can be installed to provide appropriate devd rules.
Reviewed by: delphij, kevans
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32509
The upgrade to libdialog 1.3 included changes to the ABI.
Bump libdpv to 3 since it links against libdialog.
Reported by: Mark Millard <marklmi@yahoo.com>
Reviewed by: bapt
Fixes: a96ef45019 dialog: import dialog 1.3-20210117
Differential Revision: https://reviews.freebsd.org/D32675
The new iSCSI initiator iscsi(4) was introduced with FreeBSD 10.0, and
the old intiator was marked obsolete shortly thereafter (in commit
d32789d95c, MFC'd to stable/10 in ba54910169). Remove it now.
Reviewed by: jhb, mav
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32673