several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
the cross-tools stage, if CC=clang and WITH_CLANG_IS_CC is not set.
This causes no 'cc' to be installed in the temporary cross-tools tree,
making lint fall over later in the build, because it ignores ${CC} and
attempts to run 'cc' anyway.
To fix this, only skip building gcc during cross-tools, if WITHOUT_GCC
is set, or if WITH_CLANG_IS_CC is set.
Pointy hat to: dim
MFC after: 2 weeks
installs clang as /usr/bin/cc, /usr/bin/c++ and /usr/bin/cpp.
Note this does *not* disable building and installing gcc, which will
still be available as /usr/bin/gcc, /usr/bin/g++ and /usr/bin/gcpp. If
you want to disable gcc completely, you must use WITHOUT_GCC.
MFC after: 2 weeks
to the default from the top-level Makefile. Therefore, invocations of
lex and yacc (used during building of aicasm) will use the executables
in /usr/bin, not those optionally built during the previous buildworld
or kernel-toolchain. This makes kernel builds from older FreeBSD
releases more difficult than necessary.
Fix this by setting PATH to ${BPATH}:${PATH} in stage 2.3, so the
bootstrap tools directories are searched before the regular ones.
Silence from: svn-src-{all,head}
MFC after: 1 week
kernels specified by KERNCONF are built and packed into release.
The first one is packed into kernel.txz, all others to
kernel.CONFIG.txz.
The first one is installed on bootables in /boot.
Things such as "sh" require local tools to be built before
cross-compiling. This allows for extra software (that's
built via LOCAL_DIRS) to also have a build-tools target where
required.
for our gcc since more than three years (see r181534, which is also in
stable/9 and stable/8). This flag used to be for the benefit of the old
in-kernel math emulator, which was removed more than eight years ago.
Pointed out by: arundel
MFC after: 1 week
defined based on WITH/WITHOUT_CTF settings, default is WITHOUT_CTF,
NO_CTF overrides WITH_CTF (used by Makefile.inc1)
- CTFCONVERT_CMD/NORMAL_CTFCONVERT are now defined to empty string
if make(1) can handle empty commands
not disabled in the usual way (by adding it to __DEFAULT_NO_OPTIONS in
share/mk/bsd.own.mk), and because the test for MK_LIBCPLUSPLUS in
Makefile.inc1 was incorrect.
Pointy hat to: dim
MK_LIBCPLUSPLUS=yes to enable). This is a work-in-progress. It works for
me, but is not guaranteed to work for anyone else and may eat your dog.
To build C++ using libc++, add -stdlib=libc++ to your CXX and LD flags.
Bug reports welcome, bug fixes even more welcome...
Approved by: dim (mentor)
doesn't have ${WORLDTMP}/usr/bin in its PATH, if you build world with
CC=clang, tblgen tools from /usr/bin will be used instead of the ones
built under ${WORLDTMP}. This can lead to various errors, especially if
you upgrade from an older clang.
Note that building world with gcc would not experience these problems,
because it only uses the tblgen tools in the world stage, where PATH
does contain ${WORLDTMP}/usr/bin.
Pointy hat to: dim
bootstrap-tools stage to the cross-tools stage. These tools are only
needed for generating llvm/clang include files, and are not necessary
for bootstrapping the build itself.
This shaves off some build time, because the required libraries are now
just built twice (during the cross-tools and world stages), instead of
three times.
Also, if you build world using WITHOUT_CLANG= in src.conf(5), no llvm or
clang code will be compiled at all anymore.
MFC after: 1 week
make.conf(5), while allowing the build32 stage on 64-bit architectures
to still override them, so that stage can successfully build 32-bit
compatibility libraries.
Explanation:
1) The build32 stage sets environment variables CC, CXX, AS and LD for
its sub-make, to add 32-bit specific flags (-m32 and such).
2) The sub-make reads sys.mk, encounters CC?= and CXX?= assignments, so
does not alter them.
3) After some other stuff, sys.mk reads /etc/make.conf. When you have
"CC=xxx" and "CXX=yyy" statements in there, they will *override* the
build32-supplied CC/CXX values, nullifying the 32-bit specific flags.
4) Thus all objects get built as 64-bit anyway, and since LD is usually
not set in make.conf, it still has the 32-bit flags!
5) Now, whenever something is linked, you will get a "ld: Relocatable
linking with relocations from format elf64-x86-64-freebsd (foo.o) to
format elf32-i386-freebsd (bar.o) is not supported" error.
Fix this by adding "-ECC -ECXX -EAS -ELD" to the build32 sub-make
invocation, which forces those environment variables to always override
any assignment in makefiles. Thus making it possible to simply set:
CC=my-cc
CXX=my-c++
in your make.conf, or specify a path, even:
CC=/usr/local/bin/other-cc
CXX=/usr/local/bin/other-c++
Note this was never a problem on i386, since it has no build32 stage.
Silence from: current@
MFC after: 1 week
There are two problems with the existing logic. It builds gensnmptree
on <700018, even if WITHOUT_BSNMP is set, but more importantly, we must
not forget to build gensnmptree on systems that have originally been
built without. This causes a buildworld on those systems to fail.
MFC after: 1 week
digit beyond your time.
Various sysinstall dependencies (e.g. libftpio, libdisk, libodialog, etc.)
will be cleaned up in coming days. Some will take longer than others due to
a few other consumers (tzsetup and sade).
kerberos libraries were not linked properly (missing dependencies),
which causes 3rd party applications linking to fail when --as-needed
ld flag is used. I also added the --no-undefined ld(1) flag to make
sure that there're no missing dependencies.
MFC after: 3 days
doc/, and now www/ trees, but only using the "cvsup" transport.
When "make update" is run using a tree's makefile, it can also use
"cvs" (except for www/) and "svn" (only src/).
Clean up documentation and code regarding "make update":
- Increase oddness by adding support for WWWSUPFILE and NO_WWWUPDATE to
Makefile.inc1 (analogous to PORTSSUPFILE/NO_PORTSUPDATE and
DOCSUPFILE/NO_DOCUPDATE; WWWSUPFILE already supported by www/Makefile).
- Document all trees that support CVS_UPDATE.
- Document all trees that support SUP_UPDATE.
- Document SVN_UPDATE.
- Document NO_WWWUPDATE.
- make.conf(5) mistakenly said that *SUPFILE* had defaults.
- Add an example entry for WWWSUPFILE.
one. Without this, we don't have ar or randlib in the tool path,
leading to much pain for some users. This pain is exposed by the
external toolchain enhancements that I'm working on.
Submitted by: John Hein (ages ago, and dropped on the floor by me: sorry)
Some files keep the SUN4V tags as a code reference, for the future,
if any rewamped sun4v support wants to be added again.
Reviewed by: marius
Tested by: sbruno
Approved by: re
WITHOUT_CLANG.
Don't build clang bootstrap/build-tools depending on this flag. We also
keep gperf, devd and libstdc++ around to prevent foot-shooting and to
make this a two-way street.
Make fdt default on arm and powerpc.
This now includes cross compiled targets, where before we tried to
make it host-based.
Also, move the lists of default yes and no options to a variable.
In general, only build tools should get this treatment in bsd.own.mk.
Also, the use of TARGET* in the bsd.*mk files is discouraged, but
necessary here due to the ordering of things in buildworld. We make
the native case work by testing MACHINE_ARCH after TARGET_ARCH.
OLD_FILES/OLD_DIRS/OLD_LIBS lists.
If you specify enough WITHOUT_FOO flags, the argument list passed to the
shell will be too long. Using .for/.endfor make(1) "loop" will make the
parser of the Makefile explode. Hack around this with good old pipes.
No objections: netchild
Reported by: b.f.
infrastructure to use it. make distributeworld can now be used without
preparing its environment first and installs games into its distribution
using the regular make distribute logic instead of post-processing with
a script.
Also add two new targets, packageworld and packagekernel, that tar up the
results of distributeworld and distributekernel (also new), respectively.
setting. It can be built by setting the WITH_ICONV knob. While this
knob is unset, the library part, the binaries, the header file and
the metadata files will not be built or installed so it makes no impact
on the system if left turned off.
This work is based on the iconv implementation in NetBSD but a great
number of improvements and feature additions have been included:
- Some utilities have been added. There is a conversion table generator,
which can compare conversion tables to reference data generated by
GNU libiconv. This helps ensuring conversion compatibility.
- UTF-16 surrogate support and some endianness issues have been fixed.
- The rather chaotic Makefiles to build metadata have been refactored
and cleaned up, now it is easy to read and it is also easier to add
support for new encodings.
- A bunch of new encodings and encoding aliases have been added.
- Support for 1->2, 1->3 and 1->4 mappings, which is needed for
transliterating with flying accents as GNU does, like "u.
- Lots of warnings have been fixed, the major part of the code is
now WARNS=6 clean.
- New section 1 and section 5 manual pages have been added.
- Some GNU-specific calls have been implemented:
iconvlist(), iconvctl(), iconv_canonicalize(), iconv_open_into()
- Support for GNU's //IGNORE suffix has been added.
- The "-" argument for stdin is now recognized in iconv(1) as per POSIX.
- The Big5 conversion module has been fixed.
- The iconv.h header files is supposed to be compatible with the
GNU version, i.e. sources should build with base iconv.h and
GNU libiconv. It also includes a macro magic to deal with the
char ** and const char ** incompatibility.
- GNU compatibility: "" or "char" means the current local
encoding in use
- Various cleanups and style(9) fixes.
Approved by: delphij (mentor)
Obtained from: The NetBSD Project
Sponsored by: Google Summer of Code 2009
A full featured groff is required during buildworld, so build it always
and don't rely on it being present on the host system.
vgrind(1) is tightly coupled to a roff processor and will not be
built/installed when groff is disabled. Also much of the roff'ed
documentation under share/doc will not be built/installed when
WITHOUT_GROFF is defined.
Reviewed by: ru (partial)