1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
variants. This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.
Exp-run: antoine
PR: 189842
Discussed with: bapt
Sponsored by: DARPA, AFRL
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
{readline,history}.h are in /usr/include/edit so as to not conflict with
the GNU libreadline versions. To use the libedit readline(3) one should
add "-I/usr/include/edit" to their Makefile
(spelled "-I${DESTDIR}/${INCLUDEDIR}/edit" within the FreeBSD source tree).
* Enable its use in the BSD licensed utilities that support readline(3).
* To make it easier to sync libedit development with NetBSD, histedit.h
is moved into libedit's directory as history shows shown we keep merging
it into that location.
Obtained from: NetBSD
Sponsored by: Juniper Networks
sntp includes a copy of libopts in itself in vendor code, rewrite the
Makefile to compile and use only one copy. It is an internal library, not
installed.
MFC after: 2 weeks
This bring us several things:
- updated drivers
- IPv6 support at last
- ntp-genkeys is replaced by ntp-keygen
- ntptrace is now a script (courtesy of John Hay)
- lots of renamed files from .htm to .html (while I prefer .html, I
find the change a bit gratuitous)
- still no manpages :(
Please test and report.
Commit very much helped by: GNU arch (http://gnuarch.org/)
added but not its postrequisite -ltermcap.
Fixed breakage of DPADD in previous commit. ${LIBREADLINE} was misspelled
-lreadline. This should have been fatal since there is no file named
-lreadline, but it worked because of an undcumented bugfeature in make(1)
(or its configuration files): missing source files named -l* are silently
assumed to be up to date libraries. `make checkdpadd' also fails to detect
this error.
This is the second part of the commit (the third -- link in usr.sbin/Makefile)
will be done after a more complete review by phk & obrien.
NOTE: the number of drivers included in the default configuration is very
minimal, mainly local clocks and the one I use RAWDCF. Anyone wanting to
have a more complete version will find recompilation very easy.
It builds and runs on both alpha & i386. It also does survive "make world".
Reviewed by: phk, obrien (partly)
