Commit Graph

843 Commits

Author SHA1 Message Date
pjd
1073fb03ac Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
2013-12-02 08:21:28 +00:00
pjd
6ad9bfc0c5 Move my simple logging API to a separate library. It is now already used
by hastctl(8), hastd(8) and auditdistd(8) and will soon be also used
by casperd(8) and its services. There is no documentation and pjdlog.h
header file is not installed in /usr/include/ to keep it private.
Unfortunately we don't have /lib/private/ at this point, only
/usr/lib/private/, so the library is installed in /lib/.

Sponsored by:	The FreeBSD Foundation
2013-12-01 09:41:06 +00:00
peter
6ba7ed93e2 Attempt to move the POSIX iconv* symbols out of runtime linker space.
FreeBSD systems usually implemented this as a third party module and
our implementation hasn't played as nicely with the old way as it could
have.

To that end:
* Rename the iconv* symbols in libc.so.7 to have a __bsd_ prefix.
* Provide .symver compatability with existing 10.x+ binaries that
  referenced the iconv symbols. All existing binaries should work.
* Like on Linux/glibc systems, add a libc_nonshared.a to the ldscript
  at /usr/lib/libc.so.
* Move the "iconv*" wrapper symbols to libc_nonshared.a

This should solve the runtime ambiguity about which symbols resolve
to where.  If you compile against the iconv in libc, your runtime
dependencies will be unambiguous.

Old 9.x libraries and binaries will always resolve against their
libiconv.so.3 like they did on 9.x.  They won't resolve against libc.

Old 10.x binaries will be satisified by the .symver helpers.

This should allow ports to selectively compile against the libiconv
port if needed and it should behave without ambiguity now.

Discussed with:	 kib
2013-11-17 22:52:17 +00:00
jmmv
6678a6d034 Move all atf directories to the tests mtree.
This is to ensure that test-related directories don't get needlessly
created (and later deleted) when MK_TESTS=no.

Problem found by jhb@.

Approved by:	rpaulo (mentor)
2013-11-16 19:42:40 +00:00
cperciva
c917df04fa Strip the -pN patch level from the VERSION string which gets encoded into
CTF data.  Otherwise FreeBSD Update builds think every kernel file has
changed every time there's a security advisory, since the FreeBSD Update
build code isn't smart enough to look inside CTF data to ignore those
changes.

Pointy hat to:	cperciva
MFC after:	1 day, or before the next BETA
2013-11-13 08:08:56 +00:00
ian
bacc1e5cc3 This change builds kernel tools based on the same assumption as building
the kernel itself:  If building for the same architecture as the build host,
the kernel build assumes that the host toolchain is capable of building the
kernel.  If it's not, "make kernel-toolchain" will bootstrap a new set of
tools that will work.

With this change the same assumptions are made for building kernel tools,
and the existing host toolchain is used to do the build (notably, the build
doesn't link the tools with the legacy libraries, which may not even exist).
If ever for some reason the host toolchain isn't capable of building the
kernel tools, then doing a "make kernel-toolchain" will bootstrap newer
tools to get the job done.

So when built as part of buildworld or kernel-toolchain, the kernel tools
are built using the XMAKE (via BMAKE) commands and environment.  When built
as part of building just the kernel on a same-target host, the tools are
built using the new KTMAKE commands and environment.  What doesn't jump
out at you in the diffs is that the difference between BMAKE and KTMAKE
is that BMAKE contains this magic line which changes how the build is done
because it changes what files get included for .include <bsd.prog.mk> and
other standard includes:

    MAKEFLAGS="-m ${.CURDIR}/tools/build/mk ${.MAKEFLAGS}"

and KTMAKE doesn't, and contains this instead:

    TOOLS_PREFIX=${WORLDTMP}

Hopefully this brings the "how to build aicasm with the right toolchain"
saga to a conclusion that works in all usage scenarios that have
historically been supported.
2013-11-09 00:15:36 +00:00
jmmv
627bb4f0bd Subsume the functionality of MK_ATF into MK_TESTS.
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary.  Keeping the two just serves
to complicate the build.

Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:24:47 +00:00
jmmv
74f0db8200 Add libatf-c++ to the prebuild libs.
Some tests may require C++ so we must ensure this library exists as part
of the bootstrap process or else they will fail to build.  Do this by
just depending on lib/atf as part of the bootstrap libraries instead of
using lib/atf/libatf-c.

Submitted by:	Garrett Cooper <yaneurabeya at gmail dot com>
Approved by:	rpaulo (mentor)
2013-11-08 14:22:16 +00:00
jmmv
eaa9118896 Fix buildworld when WITH_TESTS is enabled.
The addition of the TESTS knob and its enabling of the build of tests in
lib/libcrypt/tests/ broke the build.  The reason is that we cannot descend
into tests/ subdirectories until all prerequisites have been built, which
in the case of tests may be "a lot of things" (libatf-c in this case).

Ensure that we do not walk tests/ directories during the bootstrapping of
the libraries as part of buildworld.

Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:20:22 +00:00
ian
af80f0c4c5 Build kernel tools along with other tools during world build, as well as
during kernel build (if they didn't get done with world).  This will make
-DMODULES_WITH_WORLD work, and it ensures the kernel tools are built
as part of 'make kernel-toolchain'.
2013-11-08 05:11:32 +00:00
ian
b7b6449f7c Instead of modeling the kernel-tools build after the bootstrap tools, build
kernel tools the way cross-tools get built.  This seems to result in the
tool getting installed in the right place.  It also seems more correct in
retrospect, because if a tool emitted code or binary data as part of
building the kernel, it should do so in target-specific ways (endianess,
architecture, whatever).  That issue is moot for aicasm, our only current
tool, but it still seems to be more correct in principle.
2013-11-07 22:50:42 +00:00
ian
ebbf5b2ae0 Do not build aicasm with the cross-tools/kernel-toolchain, instead add a
proper kernel-tools step/target modeled after the world build-tools stuff.

This is a re-do of r257730 which was backed out in r257734, but this time
it's one byte smaller... a leftover trailing backslash resulted in a .for
loop with no rules, so no compiler stuff got built and later steps built
with the wrong toolset.
2013-11-07 04:31:21 +00:00
gjb
401ebaa81f Revert r257730:
Make head/ buildable again, instead of spewing garbage like:
 /src/gnu/lib/csu/../../../contrib/gcc/config/rs6000/crtsavres.asm:280:
  Error: no such instruction: `lwz 28,-16(11)'
2013-11-06 04:38:49 +00:00
ian
dfede8d111 Do not build aicasm with the cross-tools/kernel-toolchain, instead add a
proper kernel-tools step/target modeled after the world build-tools stuff.
2013-11-06 00:32:40 +00:00
ian
fdadfb92be Rework the aicasm build machinery so that it gets built along with toolchain
components instead of with the kernel and/or modules.  This ensures that it
gets built with the host compiler, not the compiler in obj/... used to build
the target components (which may be a cross-compiler outputting code for a
different architecture and using header files with types and options set up
for the wrong architecture).

Reviewed by:	imp
2013-11-04 15:55:04 +00:00
delphij
8b5f9ff354 In r257079, SRCDIR is pointed to ${.CURDIR} when not set. However,
Makefile.inc1 is being called in sub-make's where make(1) would,
by default, implicitly chdir(2) to ${.OBJDIR} before executing any
targets.  This would make some targets, like delete-old, when trying
to derive various variables introduced by change r256921 using
``make -f Makefile.inc1'' that also rely on SRCDIR to fail.

This changeset adds an explicit cd ${.CURDIR} before these unwrapped
make calls, making them in line with the other ones that are already
being wrapped with the explicit chdir's.

Tested by:	gjb
MFC after:	5 days
2013-10-29 17:46:26 +00:00
nyan
3a33e2248b Fix build. Both clang and gcc are required on pc98.
X-MFC with:	r256915
2013-10-29 12:34:11 +00:00
rpaulo
d57a569a3a Set up the /usr/tests hierarchy.
Populate /usr/tests with the only test programs that currently live
in the tree (those in lib/libcrypt/tests/) and add all the build
machinery to accompany this change.

In particular:

- Add a WITHOUT_TESTS variable that users can define to request that
  no tests be put in /usr/tests.
- Add a top-level Kyuafile for /usr/tests and a way to create similar
  Kyuafiles in top-level subdirectories.
- Add a BSD.tests.dist file to define the directory layout of
  /usr/tests.

Submitted by:	Julio Merino jmmv google.com
Reviewed by:	sjg
MFC after:	2 weeks
2013-10-25 05:25:19 +00:00
gjb
bbc50ebc63 Fix build host pollution by avoiding calling 'uname -srp' to
determine values for 'VERSION'.

Looked at by:	cperciva
2013-10-24 22:55:15 +00:00
gjb
fbca6d28fb Revert r256921 to prevent error output when in the wrong directory.
This should have been reverted with the stable/10/Makefile.inc1
revert, but apparently my commit did not go through.

Discussed with:	cperciva (originally)
2013-10-24 15:00:19 +00:00
cperciva
3a45219eeb Thou shalt not leak build host state into the system being compiled.
The VERSION variable is encoded into the SUNW_ctf sections of the kernel
and every kernel module when dtrace is enabled; starting with 9.2-RELEASE
(when dtrace was turned on in GENERIC) this means that different host kernels
will result in very different kernel binaries being generated.  This tripped
up freebsd-update builds after the build boxes were updated from 9.x to 10.x.

MFC after:	3 days (stable/9)
X-MFC after:	0 days (stable/10)
Security:	Rendered two members of so@ temporarily insane
2013-10-22 18:36:39 +00:00
brooks
715a26c72a Stop conflating WITHOUT_CLANG with WITHOUT_CLANG_IS_CC. This allows
bootstrapping a copy of clang without building clang for the base system
which is useful for nanobsd and similar setups.  It's still probably
wrong to conflate what is installed as /usr/bin/cc with the selection
of a bootstrap compiler under WITH*_CLANG_IS_CC, but that's for another
day.

MFC after:	1 week
Sponsored by:	DARPA/AFRL
2013-10-22 15:53:29 +00:00
bdrewery
ef6ea497b5 Fix 'make delete-old-libs' and 'make check-libs' to delete .debug
files created by WITH_DEBUG_FILES. Also cleanup .symbols files from
the period between r244236 when .symbols were supported and r251512
when they were renamed to .debug.

Only propose to delete a .debug file if the corresponding library
itself was deleted already.

Reported by:	des
Reviewed by:	emaste (earlier version)
Approved by:	bapt
MFC after:	3 days
2013-10-21 10:09:48 +00:00
ian
dfbba4bbdc Allow 'make xdev' to work when DESTDIR is set.
Submitted by:	Patrick Kelsey <kelsey@ieee.org>
2013-10-16 16:46:25 +00:00
dim
bde695ba4c Bump OS versions in the toolchain triples to 11.0, and bump the
__FreeBSD_cc_version predefined macros in clang and gcc.

Approved by:	re (gjb)
2013-10-10 20:47:11 +00:00
delphij
b9aa7441da Revert-and-redo r255955: the sort -r should be added to delete-old-dirs.
Approved by:	re (gjb)
2013-10-01 22:53:27 +00:00
delphij
88e9d84421 Reverse directories order when doing 'make delete-old-dir'. This
ensures subdirectories gets removed before their parents when doing
make delete-old.

Approved by:	re (gjb)
MFC after:	2 weeks
2013-09-30 20:33:56 +00:00
des
aa2e4b623c Remove BIND.
Approved by:	re (gjb)
2013-09-30 17:23:45 +00:00
jhb
b23486b244 Don't parse NO_ROOT metadata for extra kernels if NO_ROOT isn't defined.
Approved by:	re (gjb)
MFC after:	1 week
2013-09-24 19:09:21 +00:00
andrew
79894c6080 Remove the armv6eb architecture as it is unused, and almost certainly
broken. None of our kernels can boot armv6eb. The little-endian kernels do
not have the required code to be able to switch endian when running a
big-endian executable.

Approved by:	re (gjb)
2013-09-22 07:30:17 +00:00
bdrewery
1567e13140 Fix 'make installcheck' to check for missing UID/GID as well, broken
since r249893, by adding a separate _installcheck_world and
_installcheck_kernel so the destination targets can be more explicit
on which they are needed for.

installcheck will call both, while installworld only calls
_installcheck_world and installkernel only calls _installcheck_kernel

While here, mark the internal targets as starting with _.

Reported by:	des
Reviewed by:	des
Pointyhat to:	bdrewery
Approved by:	re (delphij)
2013-09-18 00:33:24 +00:00
des
7dcff093d5 Add unbound to the list of UIDs / GIDs to check fore before installing.
Approved by:	re (blanket)
2013-09-17 12:59:37 +00:00
des
2a9ec0fc3e Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
2013-09-10 22:26:11 +00:00
des
fcb1c0aa6d Create a private library directory (LIBPRIVATEDIR) for libraries which
we don't want to expose but which can't or shouldn't be static.

To mark a library as private, define PRIVATELIB in its Makefile.  It
will be installed in LIBPRIVATEDIR, which is normally /usr/lib/private
(or /usr/lib32/private for 32-bit libraries on 64-bit platforms).

To indicate that a program or library depends on a private library,
define USEPRIVATELIB in its Makefile.  The correct version of
LIBPRIVATEDIR will be added to its run-time library search path.

Approved by:	re (blanket)
2013-09-08 09:40:23 +00:00
bdrewery
8496d41517 - Fix LOCAL_MTREE so it properly handles multiple files and quotes
its value into submakes

PR:		conf/179466
Submitted by:	Garrett Cooper <yaneurabeya@gmail.com>
Approved by:	bapt
MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
2013-08-30 01:32:47 +00:00
peter
5f2a1d6536 Update nvi-1.79 to 2.1.1-4334a8297f
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.

USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.

USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now.  This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8.  iconv is used to transcode the characters for
display.

Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
  we could never use in base anyway.
* It uses ncursesw when in widechar mode.  This could be interesting.

GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2

Obtained from:  Zhihao Yuan <lichray@gmail.com>
2013-08-11 20:03:12 +00:00
emaste
5cb590fc37 Generate debug data release dist sets
If WITH_DEBUG_FILES is set the standalone debug data will be excluded
from each ${dist}.txz and placed in a ${dist}.debug.txz.

Submitted by:	gjb
Reviewed by:	brooks
2013-07-23 19:34:09 +00:00
sjg
2d1ac4aa3e Sprinkle some .MAKE magic 2013-07-06 00:13:08 +00:00
sjg
6759835495 Use && rather than ; when success of previous job matters. 2013-06-30 15:00:07 +00:00
brooks
b69b3510d9 Simplify the hierarchy target's logic. [0]
Run hierarchy with WORLDTMP in the path so it works when it is invoked
directly.  Such use is nearly alwasy wrong but appears to be common.[1]

PR:		conf/178209 [0], conf/178547 [1]
Submitted by:	Garrett Cooper <yaneurabeya@gmail.com> [0]
MFC after:	5 days
2013-06-14 22:32:47 +00:00
sjg
a6ae521803 Flag recursive make targets with .MAKE
so that job token pipe is passed to them.
To avoid surprising anyone, only add .MAKE to ${TGTS} when -n
has not been specified (at least for Makefile).

Reviewed by:	obrien
2013-06-14 16:30:11 +00:00
brooks
30bbe141bf Be more agressive about bootstrapping ctfmerge and ctfconvert so
builds from existing releases have a chance of working properly.

Sponsored by:	DARPA, AFRL
MFC after:	3 days
2013-06-13 18:26:04 +00:00
emaste
390d8402e0 Add a new knob WITH_DEBUG_FILES to control the building of standalone
debug files for userland programs and libraries.  The "-g" debug flag
is automatically applied when WITH_DEBUG_FILES is set.

The debug files are now named ${prog}.debug and ${shlib}.debug for
consistency with other systems and documentation.  In addition they are
installed under /usr/lib/debug, to simplify the process of installing
them if needed after a crash.  Users of bsd.{prog,lib}.mk outside of the
base system place the standalone debug files in a .debug subdirectory.
GDB automatically searches both of these directories for standalone
debug files.

Thanks to everyone who contributed changes, review, and testing during
development.
2013-06-07 21:40:02 +00:00
jilles
67e543ecf1 release: Allow empty extra distributions.
For example, WITHOUT_SHAREDOCS= in src.conf creates an empty doc
distribution.

Submitted by:	Kurt Lidl
Tested by:	Kurt Lidl
Discussed with:	gjb
MFC after:	1 week
2013-06-05 22:27:49 +00:00
brooks
9017ad677c Restore (at least temporarily) SHARED=symlinks in the build includes
stage of buildworld.  This was accidentally included in r251140.

Reported by:	jhb
2013-05-30 15:25:54 +00:00
brooks
064e79f7c3 Always define INSTALL_DDIR and define it such that it contains no extra
/ characters rather than removing them later on.  This should fix
release builds.

PR:		conf/178963
Reviewed by:	gjb, hrs
2013-05-30 14:09:58 +00:00
gjb
515cfc581f r245757 introduced warning output if update method is set to CVS_UPDATE
or SUP_UPDATE.

CVS exporter for head/ is turned off for nearly one month now.

It is finally time to swing the ax at these update methods.

Reviewed by:	eadler
MFC after:	1 month
2013-05-28 23:43:47 +00:00
gjb
b3dc141a1d Update comments to reflect use of svn/svnup to keep the src/ tree up
to date.

MFC after:	3 days
2013-05-28 21:57:55 +00:00
peter
8f9d1da159 Temporarily revert r251058 - it breaks documented use of makeoptions
including the tinderbox.

 http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-i386-i386.full
 make: don't know how to make modules-all. Stop
 make: stopped in /obj/i386.i386/src/sys/PAE
 *** Error code 2
2013-05-28 21:29:05 +00:00
des
eefd68b0fb During buildkernel, print a banner before building modules. 2013-05-28 09:52:28 +00:00