BIO_new_mem_buf takes a void* buf, but internally it never modifies the
buf. It assigns the buffer to another pointer and then marks it as
read-only. So deconsting it should be safe here.
Also fix warning about 'buf' possibly being unused in parse_cert()
Approved by: bapt
MFC after: 2 days
X-MFC-With: r257147
added with "pkg add". If the pkg.conf is configured to check for
signature, then the pkg.txz.sig file will be expected and validated
per r257147
Approved by: bapt
MFC after: 2 days
If the pkg.conf is configured with SIGNATURE_TYPE: FINGERPRINTS,
and FINGERPRINTS: /etc/keys/pkg then a pkg.sig file is fetched along
with pkg.txz. The signature contains the signature provided by the
signing server, and the public key. The .sig is the exact output
from the signing server in the following format:
SIGNATURE
<openssl signed>
CERT
<rsa public key>
END
The signature is verified with the following logic:
- If the .sig file is missing, it fails.
- If the .sig doesn't validate, it fails.
- If the public key in the .sig is not in the known trusted fingerprints,
it fails.
- If the public key is in the revoked key list, it fails.
Approved by: bapt
MFC after: 2 days
Discussed by: bapt with des, jonathan, gavin
For now only /etc/pkg/FreeBSD.conf is supported. Its style is:
Repo: {
URL: "...",
MIRROR_TYPE: "...",
...
}
The configuration will be read from /usr/local/etc/pkg.conf if exists,
otherwise /etc/pkg/FreeBSD.conf
Approved by: bapt
MFC after: 2 days
where a pin assertion while a source was masked would result in
the interrupt being lost, with the symptom being a console hang.
The condition is now recorded, and the interrupt generated when
the source is unmasked.
Discovered by: OpenBSD 5.4 MP
Reviewed by: neel
MFC after: 3 days
pkg 1.2 is adding this support as well. This should help
lessen the confusion on why the default SRV PACKAGESITE
does not load in a browser.
Adapated from: matthew's upstream pkg change
Approved by: bapt
MFC after: 2 days
at the end of the upgrade process, after warning users to upgrade any
3rd party software (e.g., from the ports tree) which might link to the
libraries being removed.
Prior to this commit, the line
/usr/lib/libc.so|...|/lib/libc.so.7
matched the regex, which -- upgrading from 9.x to 10.x, where libc.so is
a regular file and thus was not part of a line which matched the regex --
resulted in freebsd-update thinking that /usr/lib/libc.so was a shared
library which was being removed as part of the upgrade. This had some
unfortunate consequences.
This will be part of an upcoming Errata Notice.
- Use #defines for capability bits
- Export the VTBLK_F_BLK_SIZE capability
- Fix bug in calculating capacity: it is in
512-byte units, not the underlying sector size
This allows virtio-blk to have backing devices
with non 512-byte sector sizes e.g. /dev/cd0, and
4K-block harddrives.
Reviewed by: neel
MFC after: 3 days
- order srv records by priorities
- for all entries of the same priority, order randomly respect the weight
- select the port where to fetch from respect the port provided in the SRV record
Obtained from: pkg git repo
MFC after: 3 days
- remove assumption that the backing file/device had
512-byte sectors
- fix incorrect iovec size variable that would result
in a buffer overrun when an o/s issued an i/o request
with more s/g elements than the blockif api
Reviewed by: Zhixiang Yu (zxyu.core@gmail.com)
MFC after: 3 days
the cfi(4) driver. It remained in the tree longer than would be ideal
due to the time required to bring cfi(4) to feature parity.
Sponsored by: DARPA/AFRL
MFC after: 3 days
- Allow a hostbridge to be created with AMD as a vendor.
This passes the OpenBSD check to allow the use of MSI
on a PCI bus.
- Enable the i/o interrupt section of the mptable, and
populate it with unity ISA mappings. This allows the
'legacy' IRQ mappings of the PCI serial port to be
set up. Delete unused print routine that was obscuring code.
- Use the '-W' option to enable virtio single-vector MSI
rather than an environment variable. Update the virtio
net/block drivers to query this flag when setting up
interrupts.: bhyverun.c
- Fix the arithmetic used to derive the century byte in
RTC CMOS, as well as encoding it in BCD.
Reviewed by: neel
MFC after: 3 days
Linux writes to these nominally read-only registers,
so avoid having bhyve write warning messages to stdout
when the reg writes can be safely ignored. Change the
WPRINTF to DPRINTF which is conditional.
Reviewed by: mav
Discussed with: mav, Zhixiang Yu
MFC after: 3 days
from the command line.
The option syntax is "-e <name=value>". It may be used multiple times to set
multiple environment variables.
Reviewed by: grehan
Requested by: alfred
directories last.
This is generally handled by the fact that the list of filesystem objects
is sorted, but this sorting is broken by code which moves .so files ahead
(so that they're present before any binaries which use them)... that code
also moved .so files ahead of directories, which is a problem for upgrading
to 10.0 where there's a new directory containing new .so files.
Errata Notice Candidate.
'invpcid' instruction to the guest. Currently bhyve will try to enable this
capability unconditionally if it is available.
Consolidate code in bhyve to set the capabilities so it is no longer
duplicated in BSP and AP bringup.
Add a sysctl 'vm.pmap.invpcid_works' to display whether the 'invpcid'
instruction is available.
Reviewed by: grehan
MFC after: 3 days
forking lots of processes to run echo|cut. In one test this reduced
the CPU time from 980s to 134s and the wallclock time from 806s to
132s.
Submitted by: Oleg Ginzburg
and OpenSolaris/Illumos beadm use.
Remove /usr/local and /var/db/pkg datasets. Andriy Gapon writes:
I want to note that a good implementation of BEs should support a dependent
datasets feature. Unfortunately, it seems that we do not have any good BE
implementation for FreeBSD right now. If we had, personally I'd prefer to
have /usr/local in separate filesystem.
NOTE: Until then, remove these datasets.
Discussed on: src-committers
Submitted by: Bryan Drewery <bryan@shatow.net>
Reviewed by: Allan Jude <freebsd@allanjude.com>
MFC after: 3 days
so bootpool is imported after boot:
zpool_cache_load="YES"
zpool_cache_type="/boot/zfs/zpool.cache"
zpool_cache_name="/boot/zfs/zpool.cache"
otherwise /boot is a broken symlink after the system is up.
http://lists.freebsd.org/pipermail/freebsd-fs/2013-July/017891.html
NOTE: Fix a comment while here.
Reviewed by: gjb
annoying verbose boot error of the form
g_handleattr: vtbd0 bio_length 24 len 28 -> EFAULT
The ident returned by bhyve is a text string 'BHYVE-XXXX-XXXX', where
the X's are the first bytes of the md5 hash of the backing filename.
Reviewed by: neel
Approved by: re (gjb)
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.
- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.
Approved by: re (gjb)
services configuration and enable it by default. Committed with
slight change to menu text for length and content.
Submitted by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
Patch from PR modified slightly for whitespace and style.
PR: bin/161547
Submitted by: Warren Block <wblock@wonkity.com>
Reviewed by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
keymaps *and* provide a mechanism for testing the selection. With
this commit, bsdinstall is no longer dependent on kbdmap(1). The
keymap test menu was originally submitted by Warren Block but was
modified).
Submitted by: Warren Block <wblock@wonkity.com>
Reviewed by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
to run interactively but it can be scripted too (optinally completely
non-interactive). Currently supports GELI and all ZFS vdev types. Also
performs validation on selections/settings providing error messages if
necessary, explaining (in plain language) what the issue is. Currently
the auto partitioning of naked disks only supports GPT and MBR (VTOC8
pending for sparc64), so is only available for i386/amd64 install.
Submitted by: Allan Jude <freebsd@allanjude.com>, myself
Reviewed by: Allan Jude <freebsd@allanjude.com>
Approved by: re (glebius)
newly installed system. This should greatly increase the amount of
entropy available when SSH host keys are generated during first boot.
Reviewed by: markm, nathanw
Approved by: re (gjb)
