kernel.ucl uses a hardcoded boot/kernel for kldxref, which is the incorrect
directory when we're installing extra kernels that aren't the "default"
kernel (placed at boot/kernel).
Fix this by instead using a new %KERNELDIR% that we now replace in
Makefile.inc1 with "kernel" for the default kernel and "kernel.${_kernel}"
for these extra kernels so that, e.g. /boot/kernel.SHIVA, will get properly
kldxref'd upon update and avoid outdated linker.hints.
Reviewed by: gjb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D14689
providing more space for a local buildworld to succeed without
attaching separate disks for /usr/src and /usr/obj.
Reported by: mckusick
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
The Pine64 root filesystem was incorrectly created directly on the MBR
partition. This can cause the loader to get confused when loading the
kernel from this filesystem.
The loader will see this as a small partition meaning later checks to
ensure it doesn't read past the end of the disk incorrectly report a
failure. This seems to work mostly by accident with the released images as
they are smaller than the reported size, however after growfs has run the
image may no longer boot.
Reviewed by: gjb, emaste, imp
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D14343
within the CHROOTDIR. If it does not exist, unset CHROOTBUILD_SKIP
to prevent build failures.
Requested by: swills
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Since Amazon provides NTP servers within their network, this should
be far superior to using the default NTP pools; and since the service
is provided by Amazon there's very little risk in enabling it by
default. (If someone is able to compromise Amazon's NTP servers and
exploit them to attack EC2 instances, they would almost certainly be
able to compromise EC2 instances even without ntpd running...)
MFC after: 1 week
Relnotes: EC2 instances now keep their clocks synchronized using
the Amazon Time Sync Service (aka. NTP).
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user'). Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).
EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.
Discussed with: gjb, gtetlow, emaste, des
Requested by: Amazon
X-MFC: No
Relnotes: ChallengeResponseAuthentication is turned off by default in
Amazon EC2 AMIs.
EMBEDDEDPORTS. [1]
Remove and update stale documentation from release(7) while here.
PR: 206344 [1]
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
chroot(8) to avoid mtime changes within the ports checkout,
which can cause checksum differences.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
copied from the build host. It is renamed to /etc/resolv.conf.bak
on boot, so never used anyway.
Noticed by: peter
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D13133
not already exist within ${CHROOTDIR}. This allows re-using a build
chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR
set to '/' in release.conf.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
The u-boot port for RPI-2 was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.
Update the release files to copy the right files from the right location.
Reviewed by: gjb
MFC after: 3 days
THe u-boot port for RPI-B was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.
Update the release files to copy the right files from the right location.
Reviewed by: gjb
MFC after: 3 days
Update the TARGET/TARGET_ARCH matching in release/release.sh and
release/Makefile.mirrors for simplification.
Discussed with: mmel
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
ubldr is the non-pie version of ubldr.bin, do not install two
copies of the same binary. This will allow us to remove ubldr
in the future.
All the u-boot ports know how to load ubldr.bin
Reviewed by: gjb (earlier version)
make(1) invocations following the OBJDIR restructuring to
ensure the output arm SoC image is in the correct directory.
Sponsored by: The FreeBSD Foundation
This changes the build OBJDIR from the older style of /usr/obj/<srcdir> for
native builds, and /usr/obj/<target>.<target_arch>/<srcdir> for cross builds to
a new simpler format of /usr/obj/<srcdir>/<target>.<target_arch>. This
new format is used regardless of cross or native build. It allows
easier management of multiple source tree object directories.
The UNIFIED_OBJDIR option will be removed and its feature made permanent
for the 12.0 release.
Relnotes: yes (don't note UNIFIED_OBJDIR option since it will be removed)
Prior work: D3711 D874
Reviewed by: gjb, sjg
Discussed at: https://lists.freebsd.org/pipermail/freebsd-arch/2016-May/017805.html
Discussed with: emaste
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12840
immediately available on instances which are running without internet
access (or which can't rely on firstboot_pkgs to install it for some
other reason).
Note that this agent is not enabled by default; to enable it, add
amazon_ssm_agent_enable="YES" to /etc/rc.conf, e.g., by placing the lines
>>/etc/rc.conf
amazon_ssm_agent_enable="YES"
into the EC2 user-data. In addition to being enabled, the agent requires
keys to be provided via IAM Roles; users are encouraged to be very careful
in using this functionality due to the inherent vulnerability in the idea
of providing credentials via a service accessible to any process which can
open an HTTP connection.
Requested by: Amazon
No objection from: re@
Relnotes: FreeBSD/EC2 AMIs now include the Amazon EC2 Systems Manager
(SSM) Agent.
A recent bug in security/sudo causes segmentation faults when
the system is not configured with a hostname, which causes issues
with some virtual machine setups, notably Vagrant. Set the default
hostname to the output of 'uname -o'.
Submitted by: Nicholas Fiorentini
Sponsored by: The FreeBSD Foundation
The original change was dealing with the build wanting to run a newer
install(1) that was not yet installed. The solution to look into the private
legacy directory of the existing build conflicts with 2 upcoming features: a
changed OBJDIR format, and splitting the host tools into arch-dependent and
arch-independent directories. Rather than hardcoding and changing the paths in
this script, just let kernel-toolchain do the work, while disabling much of the
meat. With -j15 this finishes in 25 seconds for me and 117 seconds with -j1.
All that is really needed is bootstrap-tools, but the system is not currently
written in a way that all previous dependent steps will have ran. The previous
steps, such as _worldtmp, are being reworked and renamed and so cannot be
relied upon to be right.
Sponsored by: Dell EMC Isilon
Make armv7 as a new MACHINE_ARCH.
Copy all the places we do armv6 and add armv7 as basically an
alias. clang appears to generate code for armv7 by default. armv7 hard
float isn't supported by the the in-tree gcc, so it hasn't been
updated to have a new default.
Support armv7 as a new valid MACHINE_ARCH (and by extension
TARGET_ARCH).
Add armv7 to the universe build.
Differential Revision: https://reviews.freebsd.org/D12010
build on arm/armv6 images.
Pointyhat: gjb (myself)
MFC after: immediate
MFC note: releng/10.4 has broken because of this
Sponsored by: The FreeBSD Foundation
virtual machine images and embedded images, similar to what is
done when extracting base.txz to the target root filesystem in
an new installation.
Noticed by: marius
Tested with: head@r323729
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
There's not much practical difference as far as install media is
concerned but newfs creates UFSv2 by default and it is sensible to use
the contemporary UFS version.
I also intend to change makefs to create UFSv2 by default (to match
newfs) so we'll want make-memstick.sh to be explicit, rather than
relying on the host tool's default.
Reviewed by: andrew, gjb, jhibbits
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D12231
This Makefile relies on Makefile.fat providing the correct value for
BOOT1_MAXSIZE and BOOT1_OFFSET. Since BOOT1_OFFSET had no default value
here the build would already fail if Makefile.fat did not provide
correct values.
Sponsored by: The FreeBSD Foundation
Also remove the now-redundant error handling that was only for makefs.
This change applies arm64's r308171 to the other make-memstick.sh
versions.
Reviewed by: gjb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D12195
Engine (GCE) images with an updated version of Google's tools.
PR: 221714
Submitted by: helen _dot_ koike _@_ collabora_dot_com (original)
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Disconnect the dependency on the kernel package from the runtime
package. There are a number of problems here:
1) The runtime package installed into a chroot or a jail would
include the kernel package, changing the behavior of how jails
work now [1];
2) As result of (1), it is possible a binary may incorrectly
resolve kernel symbols [2]; in addition, it is possible there
will be unexpected fallout with 32-bit jails on a 64-bit host
kernel [2].
Noticed by: brd [1]
Discussed with: kib [2]
MFC after: 3 days
MFC note: record-only to wipe from the merge tracker
Sponsored by: The FreeBSD Foundation
svnversion metadata to the runtime and kernel packages.
Instead of traversing src/sys, as is done by newvers.sh for uname(1),
a full tree walk is done to prevent userland and/or modifications
from not being reflected in a modified tree (M).
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Use PPID and PID to kill off the pre-install and parent pkg(8)
processes unless 'Y' or 'y' are entered at the prompt if the user
wants to proceed with upgrading the kernel and userland at the same
time.
This restores some of the logic and intent of r322327, with the
caveat of printing "child process terminated unexpectedly."
MFC after: 5 days
MFC with: r322327, r322352
Sponsored by: The FreeBSD Foundation
It appears I misunderstand process forking and signal handling in
how the pre-/post-install scripts are executed internally by pkg(8).
In some cases (not all), ^C when prompted to cancel the kernel
package update will stop the pre-install script from executing, but
allow pkg(8) to continue extracting the package when it is not the
intent.
In order to keep somewhat of an anti-footshooting measure in place,
print the recommendation to install the kernel package first if
ASSUME_ALWAYS_YES is false and TERM is set, then sleep for 5 seconds
to allow the user to see the message.
MFC after: 5 days
MFC with: r322327
X-MFC-Note: Maybe not until I am happy with this..
Sponsored by: The FreeBSD Foundation
The idea here is that, provided upstream pkg(8) maintainers accept
the proposed change, the kernel.ucl will contain a post-install
script causing pkg(8) to emit a message informing to reboot the
system after the kernel is upgraded using 'pkg upgrade', so the
new userland is installed on the running new kernel. At present,
this functionality does not exist in pkg(8), but will help ensure
the upgrade path follows that from UPDATING. To work around this
for now, evaluate ASSUME_ALWAYS_YES, and prompt the user if they
wish to proceed if not set to true.
Since there is a kernel dependency, and a non-GENERIC kernel may
be in use, update Makefile.inc1 to replace '%KERNCONF%' in the
runtime.ucl with the first-built kernel set either via command line
or in make.conf(5).
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
- Update ATLAS_UPLOAD_URL to avoid various regular expressions
from failing to match due to redirections.
- Use ATLAS_UPLOAD_URL throughout the script.
- Adjust several regular expression patterns.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
- Rename chroot_arm_armv6_build_release() to chroot_arm_build_release()
and make it hardware agnostic (such as armv6 -vs- armv7 -vs- arm64).
- Evaluate EMBEDDED_TARGET differently so release/tools/arm.subr can
be used for arm/armv6 and arm64/aarch64.
- Update comments and copyright.
In release/tools/arm.subr:
- In arm_create_disk(), change the default alignment from 63 to 512k,
fixing a boot issue on arm64 and EFI. [1]
- Update comments and copyright.
Add a RPI3 configuration file, pieces obtained from Crochet.
Obtained from: Crochet [1]
MFC after: 5 days
X-MFC-Note: maybe
Sponsored by: The FreeBSD Foundation
All manpages in base are now compatible with mandoc(1), all roff documentation
will be relocated in the doc tree. man(1) can now use groff from the ports tree
if it needs.
Also remove checknr(1) and colcrt(1) which are only useful with groff.
Approved by: (no objections on the mailing lists)
otherwise with 'CLOUDWARE=vagrant-virtualbox', the path to the
configuration file may be incorrect.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
made recently by Atlas Hashicorp. The data returned from GET and
POST requests has changed, which caused a number of regex patterns
to fail to be properly identified as 'success' or 'failure', which
ended up in upload/publish failures.
Tested with: 12-CURRENT
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
to 1.5G.
- Use the 'conv=sync' dd(1) option to fix writing the u-boot.imx
file to the md(4) device for IMX6-based boards.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
install to prepare an AMI image. This can be used to create a ZFS AMI disk
image using a virtual machine.
Change ec2.conf to use the pkg tool from a chroot rather than trying to
bootstrap it and fail from the livecd readonly filesystem.
Reviewed by: gjb
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
- Speeds up the boot process by disabling sendmail.
- Allows an user to ssh as root with a public key.
- Make ssh(1) respond faster by disabling DNS lookups.
- Enable DHCP on the vtnet(4) interface.
Note: The CLOUDWARE list has not yet been changed to include the
OpenStack target by default yet.
Submitted by: Diego Casati
PR: 215258
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
to create a repo during 'make packages'
This would have been useful for a situation I found myself in where
pkg(8) had been upgraded to a version that wanted the FBSD_1.5 ABI
version but libc.so.7 had not been upgraded, and only provided
FBSD_1.4. I found I needed to update libc in order to run pkg, and I
also needed to use pkg to update libc... Which is why pkg-static
exists, but there's currently no way to tell the build system to use
pkg-static instead of pkg.
This creates a variable PKG_CMD, default value 'pkg', that can be
overridden from the command line.
Reviewed by: gjb
Approved by: gjb
Differential Revision: https://reviews.freebsd.org/D8120
During the upgrade of clang/llvm etc to 3.9.0 in r309124, the PACKAGE
directive in the usr.bin/clang/*.mk files got dropped accidentally.
Restore it, with a few minor changes and additions:
* Correct license in clang.ucl to NCSA
* Add PACKAGE=clang for clang and most of the "ll" tools
* Put lldb in its own package
* Put lld in its own package
Reviewed by: gjb, jmallett
X-MFC-With: 309124
Differential Revision: https://reviews.freebsd.org/D8666
The default pkg(8) from pkg.freebsd.org requires libjail.so,
so mark the jail package as vital along with the runtime
package to avoid errors when libjail.so is removed. This is
a no-op for systems with WITHOUT_JAIL in src.conf(5) and pkg(8)
built from the Ports Collection.
In order to make this work without marking packages such as
the jail-lib32, for example, the jail.ucl file needed to be
split out into separate files similarly to the runtime-*.ucl
files.
Glanced at by: brd
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Also remove the now-redundant error handling that was only for makefs.
This script was run on an older FreeBSD host that lacked efi-on-mbr
support in makefs. A warning was emitted on the console (from makefs)
but the script continued running and exited with 0.
Reviewed by: gjb
Sponsored by: The FreeBSD Foundation
The wl(4) driver supports pre-802.11 PCCard wireless adapters that
are slower than 802.11b. They do not work with any of the 802.11
framework and the driver hasn't been reported to actually work in a
long time.
Relnotes: yes
targets, similar to what is done for the run-autotools-fixup
override for non-arm targets.
MFC after: 3 days
Tested on: 12-CURRENT building 10-STABLE
Sponsored by: The FreeBSD Foundation
Notably, this removes the toolchain from the CD-ROM image (it remains on DVD
images) and pushes the CD-ROM image well below the 700 MB mark.
MFC after: 10 days
running on EC2. Due to improvements in EC2, the performance penalty which
was present on some EC2 instances no longer exists, and enabling this
feature now consistently yields ~20% higher throughput with equal or lower
latency.
Reverts: r286063
Approved by: re (gjb)
MFC after: 2 weeks
Relnotes: Improved disk throughput on EC2
30m isn't enough for pkg anymore to extract packagesite.txz.
40m is fine for now but let's take a safer way as we don't know when pkg will need more.
Reported by: many
Approved by: re (gjb), andrew (mentor)
avoid environment pollution problems. That port uses <bsd.prog.mk> but
is not compatible with the latest mk bits in HEAD.
Reported by: gjb
No rush, but make sure it's in the tree before tomorrow by: gjb
it's defined, installation image is shipped without source distribution
(src.txz)
Add the hability of defining NOSRC in release.conf and pass it to
'make release' argument
Approved by: gjb
Sponsored by: Rubicon Communications (Netgate)
Differential Revision: https://reviews.freebsd.org/D6710
on performance, especially with SD cards on certain SoCs.
Requested by: trasz
Discussed with: ian, kientzle
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
All operations are performed on the original output file,
and nothing is ever done with the copied file (as in, no
modifications and/or publication from the copied file).
Sponsored by: The FreeBSD Foundation
This was reported to not work as expected, and feedback
following the report was never received. In addition, we
do not publish these anywhere publicly.
The configuration file is not (yet) removed, in hopes that
the remaining details on the original issues can be resolved,
and we can publish the resulting images in the future.
Sponsored by: The FreeBSD Foundation
Microsoft has graciously overtaken publication of FreeBSD
on Azure since 10.3-RELEASE.
Many thanks to Microsoft for their support of FreeBSD on
Azure.
The configuration file and Makefile.azure are not (yet)
planned to be removed, as they may be useful in the future.
Sponsored by: The FreeBSD Foundation
it is expected in pkg-1.8.0, which will cause 'pkg del -afy' to not
destroy a system by forcefully removing everything.
As there are valid use cases for doing such (test jails, for example),
it will be overrideable.
In addition, ensure /dev and /tmp exist, as /dev is not created by
default currently, and pkg(8) requires /tmp to exist, which is also
not created by default.
This needs to be moved to the clibs package, since runtime depends on
that package, however I need to first verify that it will work as it
is expected.
Sponsored by: The FreeBSD Foundation
architectures we do not provide upstream pkg(8) packages.
This is not tied to anything as-is, and likely will break
your system if used (based on experience with testing with
powerpc).
There is an overwhelming amount of evil happening here,
so until the issues are fixed, it will not be tied into the
'packages' target.
Sponsored by: The FreeBSD Foundation