Contrary to the previous description WITHOUT_CXX does not disable
/usr/bin/c++, which is just a link to Clang. We also no longer have
gperf.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
The ports tree now has its own prepare-commit-msg Git hook, so there is
not need to keep ports-specific metadata fields around in the src tree.
Differential Revision: https://reviews.freebsd.org/D29860
In fact MK_CXX does not control whether /usr/bin/c++ is built -- it is
installed as a link to Clang (which is always a C/C++ compiler), and it
already exists in OptionalObsoleteFiles under MK_TOOLCHAIN.
Sponsored by: The FreeBSD Foundation
/usr/bin/CC is installed by usr.bin/clang/clang/Makefile, as with
/usr/bin/cc, /usr/bin/cpp, etc., and is not controlled by MK_CXX.
Move it to the same section as those tools.
(It may be that these should all be under
MK_TOOLCHAIN == no || MK_CLANG_IS_CC == no, but that seems like
unnecessary complexity.)
Sponsored by: The FreeBSD Foundation
g++ and cc1plus were GCC components that are already removed
unconditionally in ObsoleteFiles.inc.
Reported by: jhb (in review D33108)
Fixes: 57f804675e ("remove GCC 4.2.1 build infrastructure")
Sponsored by: The FreeBSD Foundation
Belatedly remove twa(4). It was supposed to go before 13.0, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33114
Belatedly remove esp(4). It was tagged as gone in 13, but was overlooked
until now.
Sponsored by: Netflix
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33115
Belatedly remove amr(4). It was slated to depart before 13.0 but was
overlooked until now.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33113
Belatedly remove iir(4). It was slated to go before 13, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33112
We'd said this was going away in 13, but was overlooked. Belatedly
remove.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33111
This updates llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and
openmp to llvmorg-13-init-16847-g88e66fa60ae5, the last commit before
the upstream release/13.x branch was created.
PR: 258209
MFC after: 2 weeks
Description of FIDO/U2F support (from OpenSSH 8.2 release notes,
https://www.openssh.com/txt/release-8.2):
This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication. In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.
ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly
authorise operations by touching or tapping them.
Generating a FIDO key requires the token be attached, and will
usually require the user tap the token to confirm the operation:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your security key to authorize key generation.
Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub
This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any
other supported key in OpenSSH and may be listed in authorized_keys,
added to ssh-agent(1), etc. The only additional stipulation is that
the FIDO token that the key belongs to must be attached when the key
is used.
To enable FIDO/U2F support, this change regenerates ssh_namespace.h,
adds ssh-sk-helper, and sets ENABLE_SK_INTERNAL (unless building
WITHOUT_USB).
devd integration is not included in this change, and is under
investigation for the base system. In the interim the security/u2f-devd
port can be installed to provide appropriate devd rules.
Reviewed by: delphij, kevans
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32509
The upgrade to libdialog 1.3 included changes to the ABI.
Bump libdpv to 3 since it links against libdialog.
Reported by: Mark Millard <marklmi@yahoo.com>
Reviewed by: bapt
Fixes: a96ef45019 dialog: import dialog 1.3-20210117
Differential Revision: https://reviews.freebsd.org/D32675
The new iSCSI initiator iscsi(4) was introduced with FreeBSD 10.0, and
the old intiator was marked obsolete shortly thereafter (in commit
d32789d95c, MFC'd to stable/10 in ba54910169). Remove it now.
Reviewed by: jhb, mav
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32673
From https://github.com/Yubico/libfido2:
libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.
libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448
Add necessary bits to detect ELF format on Linux/aarch64; note that
Linux calls it aarch64 where we would typically call it arm64 (uname -m)
Reviewed by: arichardson, emaste, imp
Sponsored by: Ampere Computing LLC
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D32542
From https://github.com/PJK/libcbor:
libcbor is a C library for parsing and generating CBOR, the general-
purpose schema-less binary data format.
libcbor will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
cbor_export.h and configuration.h were generated by the upstream CMake
build. We could create them with bmake rules instead (as NetBSD has
done) but this is a fine start.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h, and there is
no need for libcbor without libfido2.
Reviewed by: kevans
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32347
I forgot to update this file so make delete-old would incorrectly remove
the newly-installed LLVM binutils. While touching the file also update
for 8e1c989abb since ObsoleteFiles.inc now inludes the tablegen binaries.
Reported by: Herbert J. Skuhra <herbert@gojira.at>
Reviewed By: emaste, imp
Differential Revision: https://reviews.freebsd.org/D32022
There's two identical gid_from_group lines in a row. We only need one.
Ditto for uid_from_user().
Sponsored by: Netflix
Reviewed by: bapt, jrtc27
Differential Revision: https://reviews.freebsd.org/D32442