several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
installs clang as /usr/bin/cc, /usr/bin/c++ and /usr/bin/cpp.
Note this does *not* disable building and installing gcc, which will
still be available as /usr/bin/gcc, /usr/bin/g++ and /usr/bin/gcpp. If
you want to disable gcc completely, you must use WITHOUT_GCC.
MFC after: 2 weeks
At first, I added a utility called utxrm(8) to remove stale entries from
the user accounting database. It seems there are cases in which we need
to perform different operations on the database as well. Simply rename
utxrm(8) to utx(8) and place the old code under the "rm" command.
In addition to "rm", this tool supports "boot" and "shutdown", which are
going to be used by an rc-script which I am going to commit separately.
kernel modules that include binary-only code.
More fine-grained control is provided via MK_SOURCELESS_HOST (for native code
that runs on host CPU) and MK_SOURCELESS_UCODE (for microcode).
Reviewed by: julian, delphij, freebsd-arch
Approved by: kib (mentor)
MFC after: 2 weeks
The wtmpcvt(1) utility converts wtmp files to the new format used by
utmpx(3). Now that HEAD has been branched to stable/9 and 9.0 is
released, there is no need for it in HEAD.
MFC after: never
allow the built-in operations to be redefined, at least not without
excessive force).
Instead, just disable LLVM's support for atomic operations for now.
Nothing in either clang or the tablegen tools currently depends on it.
This still allows users of head built before r198344 to upgrade to
top-of-head seamlessly.
emits calls for them, rather than expanding them inline. Older FreeBSD
versions compile for i386 by default and as such we end up with
unresolved symbols when we build LLVM's TableGen utility as a build
tool on them. Add the functions that GCC emits here, but don't bother
to make them atomic. Such is not needed.
Submitted by: marcel
MFC after: 1 week
This knob removes the tools that are exclusively used to view and
maintain the databases maintained by utmpx, namely last, users, who,
wtmpcvt, ac, lastlogin and utxrm.
The tool w is not in this list, because it has some other functionality
which is unrelated to utmpx; it is hardlinked to the uptime tool.
The WITHOUT_ACCT switch is supposed to omit tools related to process
accounting, namely accton and sa. ac(8) is just a simple tool that
prints statistics based on data in the utx.log database. It has nothing
to do with the former.
If WITH_BSD_GREP is not set, it will be 'bsdgrep' and GNUgrep will be
'[ef]grep'. Otherwise, BSD-grep will be the grep family, and GNUgrep
will be 'gnugrep'.
Discussed with: brooks
the architecture, reflect this in documentation. For such
options, both WITH_FOO and WITHOUT_FOO description files should
be provided.
Prodded by: des
- Setting a build option may enforce other build options, try harder
to detect this case.
- Setting a build option may change other option's default value,
try harder to detect this case.
with INET6 equivalents. Patch reather than re-genenerating src.conf
(given the current problem with the script that does the re-gen).
Reviewed by: gnn
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 2 weeks
flags, so remove that part from WITHOUT_CXX again.
This is only partially regenerated, as the entries for FDT and GPIO seem to
have switched their default state, too.
WITHOUT_CLANG.
Don't build clang bootstrap/build-tools depending on this flag. We also
keep gperf, devd and libstdc++ around to prevent foot-shooting and to
make this a two-way street.
A full featured groff is required during buildworld, so build it always
and don't rely on it being present on the host system.
vgrind(1) is tightly coupled to a roff processor and will not be
built/installed when groff is disabled. Also much of the roff'ed
documentation under share/doc will not be built/installed when
WITHOUT_GROFF is defined.
Reviewed by: ru (partial)
Deliverables: Small and clean code (1,4 KSLOC vs GNU's 8,5 KSLOC),
lower memory usage than GNU grep, GNU compatibility,
BSD license.
TODO: Performance is somewhat behind GNU grep but it is only
significant for bigger searches. The reason is complex, the
most important factor is that GNU grep uses lots of
optimizations to improve the speed of the regex library.
First, we need a modern regex library (practically by adopting
TRE), add support for GNU-style non-standard regexes and then
reevalute the performance issues and look for bottlenecks. In
the meantime, for those, who need better performance, it is
possible to build GNU grep by setting WITH_GNU_GREP.
Approved by: delphij (mentor)
Obtained from: OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/grep/),
freegrep (http://github.com/howardjp/freegrep)
Sponsored by: Google SoC 2008
Portbuild tests run by: kris, pav, erwin
Acknowledgements to: fjoe (as SoC 2008 mentor),
everyone who helped in reviewing and testing