- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
a bogus partition table and puts the file system on the whole
partition. geom_part doesn't expose the 'c' partition as it's an
artifact of the BSD label and not to be used. Secondly, gpart(8)
is the preferred tool for partitioning disks on ia64.
binaries for the fixit floppy bin/ed/main.c causes a gcc warning
message about argc possibly being clobbered by longjmp or vfork.
We have threatened to ditch floppies for 8.0 but I don't want to
do quite that much rototilling yet so for now turn off -Werror while
building ed (and everything else) for the fixit floppy.
Thanks to jb for pointing out NO_WERROR.
is enabled). This saves around 80MB (for i386) on the ISO images.
Note that this is only from the install media, not the installed
system where the symbols are still installed, if part of the release.
Should anybody want the symbols which match disc1/livecd, they can
just be extracted from the kernel distribution files.
Reviewed by: kensmith
floppies or ISO images). We retain the concept of MD
release documentation for now, although it's fairly unlikely
that we'll ever do this again.
Approved by: re (blanket for installation guide removal)
packages on disc2. This will also let users decide if they want to
have a CD of the docs at all - unless they're disconnected from the
net they will probably find the Web site more useful.
Reviewed by: ru
MFC after: 3 days
it possible to e.g. distribute kernels with config names larger
than eight symbols, without the clash. Previousy, LALALALA
and LALALALA-SMP would be the same tarball. (I think this
comes from the old days where tarballs were put on the MS-DOS
formatted diskettes.)
MFC after: 3 days
pass the "-empty" flag to find(1). This change has no effect other
than to get rid of a few pages of "rmdir: ...: Directory not empty"
error messages. (Note that the "-empty" flag has been supported by
find(1) since 4.3-RELEASE.)
we might get surprises later, like /dev/null having error in the 4th line
reported by make(1). :-)
Tested by: Dmitriy Kirhlarov (who attempted to make release in a jail)
at runtime and to support distributing additional kernels:
o remove kernel from the base tarball
o add new kernel tarballs
o build + package both SMP and GENERIC kernels when an <arch>/conf/SMP
config file is present
o add sysinstall support for multiple kernels
o update sysinstall to probe for the number of cpus on a system
and auto-select smp/up kernel accordingly
o add a post-kernels install hook to fixup /boot/kernel
o add -ldevinfo to boot crunch for sysinstall's cpu probing logic
Notes:
1. On HEAD this code is not currently used because GENERIC kernels
include SMP. This work is mainly intended for RELENG_6 where the
GENERIC kernel is UP. If HEAD changes to match then just enable
WITH_SMP in sysinstall/Makefile.
2. The cpu probing support is done with acpi and MPTable; this means
some systems will require work for auto-detection to work.
3. The handling of /boot/kernel may need to be revisited; for now
we rename one kernel at the last moment (SMP if installed, otherwise
GENERIC). There are other, possibly better, approaches.
Lots of help from ru, emaste, scottl, and jhb.
livecd != disc1 case (i.e. ia64). The line was appended to the
non-existing cdrom.inf file, which was created only later. Move the
line to after the file is created.
MFC after: 1 day
Try to make everyone happy: David (to have debug kernels installed
by default), Warner (to be able to override that), and myself (for
actually making it all work and to be consistent).
Now, if kernel was configured for debugging (through DEBUG=-g in
the kernel config file or "config -g"), doing "make install" will
install debug versions of kernel and module objects with their
canonical names,
kernel.debug -> /boot/kernel/kernel
if_fxp.ko.debug -> /boot/kernel/if_fxp.ko
Installing a kernel not configured for debugging, or debug kernel
with INSTALL_NODEBUG variable defined, will install non-debug
kernel and module objects.
Also, restore the install.debug and reinstall.debug targets that
are part of the existing API (they cause some additional gdb(1)
scripts to be installed).
This involves having passwd bits available so that seteuid("_dhcp") work,
and creating /var/empty so that chroot(_VAR_EMPTY) works. My gut feeling
is that the better solution is to make privsep and chroot optional in
dhclient, but this works well for now and is low-risk.
Approved by: re
the INDEX file is taken from the package source tree as defined by the
PKG_TREE variable. This change allows using the (possibly incomplete)
packages on pointyhat.
MFC after: 2 days
