giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.
Start with the following services:
- system.dns - provides API compatible to:
- gethostbyname(3),
- gethostbyname2(3),
- gethostbyaddr(3),
- getaddrinfo(3),
- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.
Sponsored by: The FreeBSD Foundation
by hastctl(8), hastd(8) and auditdistd(8) and will soon be also used
by casperd(8) and its services. There is no documentation and pjdlog.h
header file is not installed in /usr/include/ to keep it private.
Unfortunately we don't have /lib/private/ at this point, only
/usr/lib/private/, so the library is installed in /lib/.
Sponsored by: The FreeBSD Foundation
FreeBSD systems usually implemented this as a third party module and
our implementation hasn't played as nicely with the old way as it could
have.
To that end:
* Rename the iconv* symbols in libc.so.7 to have a __bsd_ prefix.
* Provide .symver compatability with existing 10.x+ binaries that
referenced the iconv symbols. All existing binaries should work.
* Like on Linux/glibc systems, add a libc_nonshared.a to the ldscript
at /usr/lib/libc.so.
* Move the "iconv*" wrapper symbols to libc_nonshared.a
This should solve the runtime ambiguity about which symbols resolve
to where. If you compile against the iconv in libc, your runtime
dependencies will be unambiguous.
Old 9.x libraries and binaries will always resolve against their
libiconv.so.3 like they did on 9.x. They won't resolve against libc.
Old 10.x binaries will be satisified by the .symver helpers.
This should allow ports to selectively compile against the libiconv
port if needed and it should behave without ambiguity now.
Discussed with: kib
This is to ensure that test-related directories don't get needlessly
created (and later deleted) when MK_TESTS=no.
Problem found by jhb@.
Approved by: rpaulo (mentor)
CTF data. Otherwise FreeBSD Update builds think every kernel file has
changed every time there's a security advisory, since the FreeBSD Update
build code isn't smart enough to look inside CTF data to ignore those
changes.
Pointy hat to: cperciva
MFC after: 1 day, or before the next BETA
the kernel itself: If building for the same architecture as the build host,
the kernel build assumes that the host toolchain is capable of building the
kernel. If it's not, "make kernel-toolchain" will bootstrap a new set of
tools that will work.
With this change the same assumptions are made for building kernel tools,
and the existing host toolchain is used to do the build (notably, the build
doesn't link the tools with the legacy libraries, which may not even exist).
If ever for some reason the host toolchain isn't capable of building the
kernel tools, then doing a "make kernel-toolchain" will bootstrap newer
tools to get the job done.
So when built as part of buildworld or kernel-toolchain, the kernel tools
are built using the XMAKE (via BMAKE) commands and environment. When built
as part of building just the kernel on a same-target host, the tools are
built using the new KTMAKE commands and environment. What doesn't jump
out at you in the diffs is that the difference between BMAKE and KTMAKE
is that BMAKE contains this magic line which changes how the build is done
because it changes what files get included for .include <bsd.prog.mk> and
other standard includes:
MAKEFLAGS="-m ${.CURDIR}/tools/build/mk ${.MAKEFLAGS}"
and KTMAKE doesn't, and contains this instead:
TOOLS_PREFIX=${WORLDTMP}
Hopefully this brings the "how to build aicasm with the right toolchain"
saga to a conclusion that works in all usage scenarios that have
historically been supported.
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary. Keeping the two just serves
to complicate the build.
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
Some tests may require C++ so we must ensure this library exists as part
of the bootstrap process or else they will fail to build. Do this by
just depending on lib/atf as part of the bootstrap libraries instead of
using lib/atf/libatf-c.
Submitted by: Garrett Cooper <yaneurabeya at gmail dot com>
Approved by: rpaulo (mentor)
The addition of the TESTS knob and its enabling of the build of tests in
lib/libcrypt/tests/ broke the build. The reason is that we cannot descend
into tests/ subdirectories until all prerequisites have been built, which
in the case of tests may be "a lot of things" (libatf-c in this case).
Ensure that we do not walk tests/ directories during the bootstrapping of
the libraries as part of buildworld.
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
during kernel build (if they didn't get done with world). This will make
-DMODULES_WITH_WORLD work, and it ensures the kernel tools are built
as part of 'make kernel-toolchain'.
kernel tools the way cross-tools get built. This seems to result in the
tool getting installed in the right place. It also seems more correct in
retrospect, because if a tool emitted code or binary data as part of
building the kernel, it should do so in target-specific ways (endianess,
architecture, whatever). That issue is moot for aicasm, our only current
tool, but it still seems to be more correct in principle.
proper kernel-tools step/target modeled after the world build-tools stuff.
This is a re-do of r257730 which was backed out in r257734, but this time
it's one byte smaller... a leftover trailing backslash resulted in a .for
loop with no rules, so no compiler stuff got built and later steps built
with the wrong toolset.
Make head/ buildable again, instead of spewing garbage like:
/src/gnu/lib/csu/../../../contrib/gcc/config/rs6000/crtsavres.asm:280:
Error: no such instruction: `lwz 28,-16(11)'
components instead of with the kernel and/or modules. This ensures that it
gets built with the host compiler, not the compiler in obj/... used to build
the target components (which may be a cross-compiler outputting code for a
different architecture and using header files with types and options set up
for the wrong architecture).
Reviewed by: imp
Makefile.inc1 is being called in sub-make's where make(1) would,
by default, implicitly chdir(2) to ${.OBJDIR} before executing any
targets. This would make some targets, like delete-old, when trying
to derive various variables introduced by change r256921 using
``make -f Makefile.inc1'' that also rely on SRCDIR to fail.
This changeset adds an explicit cd ${.CURDIR} before these unwrapped
make calls, making them in line with the other ones that are already
being wrapped with the explicit chdir's.
Tested by: gjb
MFC after: 5 days
Populate /usr/tests with the only test programs that currently live
in the tree (those in lib/libcrypt/tests/) and add all the build
machinery to accompany this change.
In particular:
- Add a WITHOUT_TESTS variable that users can define to request that
no tests be put in /usr/tests.
- Add a top-level Kyuafile for /usr/tests and a way to create similar
Kyuafiles in top-level subdirectories.
- Add a BSD.tests.dist file to define the directory layout of
/usr/tests.
Submitted by: Julio Merino jmmv google.com
Reviewed by: sjg
MFC after: 2 weeks
This should have been reverted with the stable/10/Makefile.inc1
revert, but apparently my commit did not go through.
Discussed with: cperciva (originally)
The VERSION variable is encoded into the SUNW_ctf sections of the kernel
and every kernel module when dtrace is enabled; starting with 9.2-RELEASE
(when dtrace was turned on in GENERIC) this means that different host kernels
will result in very different kernel binaries being generated. This tripped
up freebsd-update builds after the build boxes were updated from 9.x to 10.x.
MFC after: 3 days (stable/9)
X-MFC after: 0 days (stable/10)
Security: Rendered two members of so@ temporarily insane
bootstrapping a copy of clang without building clang for the base system
which is useful for nanobsd and similar setups. It's still probably
wrong to conflate what is installed as /usr/bin/cc with the selection
of a bootstrap compiler under WITH*_CLANG_IS_CC, but that's for another
day.
MFC after: 1 week
Sponsored by: DARPA/AFRL
files created by WITH_DEBUG_FILES. Also cleanup .symbols files from
the period between r244236 when .symbols were supported and r251512
when they were renamed to .debug.
Only propose to delete a .debug file if the corresponding library
itself was deleted already.
Reported by: des
Reviewed by: emaste (earlier version)
Approved by: bapt
MFC after: 3 days
broken. None of our kernels can boot armv6eb. The little-endian kernels do
not have the required code to be able to switch endian when running a
big-endian executable.
Approved by: re (gjb)
since r249893, by adding a separate _installcheck_world and
_installcheck_kernel so the destination targets can be more explicit
on which they are needed for.
installcheck will call both, while installworld only calls
_installcheck_world and installkernel only calls _installcheck_kernel
While here, mark the internal targets as starting with _.
Reported by: des
Reviewed by: des
Pointyhat to: bdrewery
Approved by: re (delphij)
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
we don't want to expose but which can't or shouldn't be static.
To mark a library as private, define PRIVATELIB in its Makefile. It
will be installed in LIBPRIVATEDIR, which is normally /usr/lib/private
(or /usr/lib32/private for 32-bit libraries on 64-bit platforms).
To indicate that a program or library depends on a private library,
define USEPRIVATELIB in its Makefile. The correct version of
LIBPRIVATEDIR will be added to its run-time library search path.
Approved by: re (blanket)
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.
USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.
USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now. This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8. iconv is used to transcode the characters for
display.
Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
we could never use in base anyway.
* It uses ncursesw when in widechar mode. This could be interesting.
GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2
Obtained from: Zhihao Yuan <lichray@gmail.com>
If WITH_DEBUG_FILES is set the standalone debug data will be excluded
from each ${dist}.txz and placed in a ${dist}.debug.txz.
Submitted by: gjb
Reviewed by: brooks
Run hierarchy with WORLDTMP in the path so it works when it is invoked
directly. Such use is nearly alwasy wrong but appears to be common.[1]
PR: conf/178209 [0], conf/178547 [1]
Submitted by: Garrett Cooper <yaneurabeya@gmail.com> [0]
MFC after: 5 days
so that job token pipe is passed to them.
To avoid surprising anyone, only add .MAKE to ${TGTS} when -n
has not been specified (at least for Makefile).
Reviewed by: obrien
debug files for userland programs and libraries. The "-g" debug flag
is automatically applied when WITH_DEBUG_FILES is set.
The debug files are now named ${prog}.debug and ${shlib}.debug for
consistency with other systems and documentation. In addition they are
installed under /usr/lib/debug, to simplify the process of installing
them if needed after a crash. Users of bsd.{prog,lib}.mk outside of the
base system place the standalone debug files in a .debug subdirectory.
GDB automatically searches both of these directories for standalone
debug files.
Thanks to everyone who contributed changes, review, and testing during
development.
For example, WITHOUT_SHAREDOCS= in src.conf creates an empty doc
distribution.
Submitted by: Kurt Lidl
Tested by: Kurt Lidl
Discussed with: gjb
MFC after: 1 week
or SUP_UPDATE.
CVS exporter for head/ is turned off for nearly one month now.
It is finally time to swing the ax at these update methods.
Reviewed by: eadler
MFC after: 1 month