d586165577
* GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij)
1299 lines
53 KiB
Plaintext
1299 lines
53 KiB
Plaintext
Updating Information for FreeBSD current users.
|
|
|
|
This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
|
|
See end of file for further details. For commonly done items, please see the
|
|
COMMON ITEMS: section later in the file. These instructions assume that you
|
|
basically know what you are doing. If not, then please consult the FreeBSD
|
|
handbook:
|
|
|
|
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
|
|
|
|
Items affecting the ports and packages system can be found in
|
|
/usr/ports/UPDATING. Please read that file before running portupgrade.
|
|
|
|
NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
|
|
from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
|
|
the tip of head, and then rebuild without this option. The bootstrap process from
|
|
older version of current across the gcc/clang cutover is a bit fragile.
|
|
|
|
NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
|
|
FreeBSD 11.x has many debugging features turned on, in both the kernel
|
|
and userland. These features attempt to detect incorrect use of
|
|
system primitives, and encourage loud failure through extra sanity
|
|
checking and fail stop semantics. They also substantially impact
|
|
system performance. If you want to do performance measurement,
|
|
benchmarking, and optimization, you'll want to turn them off. This
|
|
includes various WITNESS- related kernel options, INVARIANTS, malloc
|
|
debugging flags in userland, and various verbose features in the
|
|
kernel. Many developers choose to disable these features on build
|
|
machines to maximize performance. (To completely disable malloc
|
|
debugging, define MALLOC_PRODUCTION in /etc/make.conf, or to merely
|
|
disable the most expensive debugging functionality run
|
|
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
|
|
|
20150630:
|
|
The default kernel entropy-processing algorithm is now
|
|
Fortuna, replacing Yarrow.
|
|
|
|
Assuming you have 'device random' in your kernel config
|
|
file, the configurations allow a kernel option to override
|
|
this default. You may choose *ONE* of:
|
|
|
|
options RANDOM_YARROW # Legacy /dev/random algorithm.
|
|
options RANDOM_DUMMY # Blocking-only driver.
|
|
|
|
If you have neither, you get Fortuna. For most people,
|
|
read no further, Fortuna will give a /dev/random that works
|
|
like it always used to, and the difference will be irrelevant.
|
|
|
|
If you remove 'device random', you get *NO* kernel-processed
|
|
entopy at all. This may be acceptable to folks building
|
|
embedded systems, but has complications. Carry on reading,
|
|
and it is assumed you know what you need.
|
|
|
|
*PLEASE* read random(4) and random(9) if you are in the
|
|
habit of tweeking kernel configs, and/or if you are a member
|
|
of the embedded community, wanting specific and not-usual
|
|
behaviour from your security subsystems.
|
|
|
|
NOTE!! If you use RANDOM_DUMMY and/or have no 'device
|
|
random', you will NOT have a functioning /dev/random, and
|
|
many cryptographic features will not work, including SSH.
|
|
You may also find strange behaviour from the random(3) set
|
|
of library functions, in particular sranddev(3), srandomdev(3)
|
|
and arc4random(3). The reason for this is that the KERN_ARND
|
|
sysctl only returns entropy if it thinks it has some to
|
|
share, and with RANDOM_DUMMY or no 'device random' this
|
|
will never happen.
|
|
|
|
20150623:
|
|
An additional fix for the issue described in the 20150614 sendmail
|
|
entry below has been been committed in revision 284717.
|
|
|
|
20150616:
|
|
FreeBSD's old make (fmake) has been removed from the system. It is
|
|
available as the devel/fmake port or via pkg install fmake.
|
|
|
|
20150615:
|
|
The fix for the issue described in the 20150614 sendmail entry
|
|
below has been been committed in revision 284436. The work
|
|
around described in that entry is no longer needed unless the
|
|
default setting is overridden by a confDH_PARAMETERS configuration
|
|
setting of '5' or pointing to a 512 bit DH parameter file.
|
|
|
|
20150614:
|
|
ALLOW_DEPRECATED_ATF_TOOLS/ATFFILE support has been removed from
|
|
atf.test.mk (included from bsd.test.mk). Please upgrade devel/atf
|
|
and devel/kyua to version 0.20+ and adjust any calling code to work
|
|
with Kyuafile and kyua.
|
|
|
|
20150614:
|
|
The import of openssl to address the FreeBSD-SA-15:10.openssl
|
|
security advisory includes a change which rejects handshakes
|
|
with DH parameters below 768 bits. sendmail releases prior
|
|
to 8.15.2 (not yet released), defaulted to a 512 bit
|
|
DH parameter setting for client connections. To work around
|
|
this interoperability, sendmail can be configured to use a
|
|
2048 bit DH parameter by:
|
|
|
|
1. Edit /etc/mail/`hostname`.mc
|
|
2. If a setting for confDH_PARAMETERS does not exist or
|
|
exists and is set to a string beginning with '5',
|
|
replace it with '2'.
|
|
3. If a setting for confDH_PARAMETERS exists and is set to
|
|
a file path, create a new file with:
|
|
openssl dhparam -out /path/to/file 2048
|
|
4. Rebuild the .cf file:
|
|
cd /etc/mail/; make; make install
|
|
5. Restart sendmail:
|
|
cd /etc/mail/; make restart
|
|
|
|
A sendmail patch is coming, at which time this file will be
|
|
updated.
|
|
|
|
20150604:
|
|
Generation of legacy formatted entries have been disabled by default
|
|
in pwd_mkdb(8), as all base system consumers of the legacy formatted
|
|
entries were converted to use the new format by default when the new,
|
|
machine independent format have been added and supported since FreeBSD
|
|
5.x.
|
|
|
|
Please see the pwd_mkdb(8) manual page for further details.
|
|
|
|
20150525:
|
|
Clang and llvm have been upgraded to 3.6.1 release. Please see the
|
|
20141231 entry below for information about prerequisites and upgrading,
|
|
if you are not already using 3.5.0 or higher.
|
|
|
|
20150521:
|
|
TI platform code switched to using vendor DTS files and this update
|
|
may break existing systems running on Beaglebone, Beaglebone Black,
|
|
and Pandaboard:
|
|
|
|
- dtb files should be regenerated/reinstalled. Filenames are the
|
|
same but content is different now
|
|
- GPIO addressing was changed, now each GPIO bank (32 pins per bank)
|
|
has its own /dev/gpiocX device, e.g. pin 121 on /dev/gpioc0 in old
|
|
addressing scheme is now pin 25 on /dev/gpioc3.
|
|
- Pandaboard: /etc/ttys should be updated, serial console device is
|
|
now /dev/ttyu2, not /dev/ttyu0
|
|
|
|
20150501:
|
|
soelim(1) from gnu/usr.bin/groff has been replaced by usr.bin/soelim.
|
|
If you need the GNU extension from groff soelim(1), install groff
|
|
from package: pkg install groff, or via ports: textproc/groff.
|
|
|
|
20150423:
|
|
chmod, chflags, chown and chgrp now affect symlinks in -R mode as
|
|
defined in symlink(7); previously symlinks were silently ignored.
|
|
|
|
20150415:
|
|
The const qualifier has been removed from iconv(3) to comply with
|
|
POSIX. The ports tree is aware of this from r384038 onwards.
|
|
|
|
20150416:
|
|
Libraries specified by LIBADD in Makefiles must have a corresponding
|
|
DPADD_<lib> variable to ensure correct dependencies. This is now
|
|
enforced in src.libnames.mk.
|
|
|
|
20150324:
|
|
From legacy ata(4) driver was removed support for SATA controllers
|
|
supported by more functional drivers ahci(4), siis(4) and mvs(4).
|
|
Kernel modules ataahci and ataadaptec were removed completely,
|
|
replaced by ahci and mvs modules respectively.
|
|
|
|
20150315:
|
|
Clang, llvm and lldb have been upgraded to 3.6.0 release. Please see
|
|
the 20141231 entry below for information about prerequisites and
|
|
upgrading, if you are not already using 3.5.0 or higher.
|
|
|
|
20150307:
|
|
The 32-bit PowerPC kernel has been changed to a position-independent
|
|
executable. This can only be booted with a version of loader(8)
|
|
newer than January 31, 2015, so make sure to update both world and
|
|
kernel before rebooting.
|
|
|
|
20150217:
|
|
If you are running a -CURRENT kernel since r273872 (Oct 30th, 2014),
|
|
but before r278950, the RNG was not seeded properly. Immediately
|
|
upgrade the kernel to r278950 or later and regenerate any keys (e.g.
|
|
ssh keys or openssl keys) that were generated w/ a kernel from that
|
|
range. This does not affect programs that directly used /dev/random
|
|
or /dev/urandom. All userland uses of arc4random(3) are affected.
|
|
|
|
20150210:
|
|
The autofs(4) ABI was changed in order to restore binary compatibility
|
|
with 10.1-RELEASE. The automountd(8) daemon needs to be rebuilt to work
|
|
with the new kernel.
|
|
|
|
20150131:
|
|
The powerpc64 kernel has been changed to a position-independent
|
|
executable. This can only be booted with a new version of loader(8),
|
|
so make sure to update both world and kernel before rebooting.
|
|
|
|
20150118:
|
|
Clang and llvm have been upgraded to 3.5.1 release. This is a bugfix
|
|
only release, no new features have been added. Please see the 20141231
|
|
entry below for information about prerequisites and upgrading, if you
|
|
are not already using 3.5.0.
|
|
|
|
20150107:
|
|
ELF tools addr2line, elfcopy (strip), nm, size, and strings are now
|
|
taken from the ELF Tool Chain project rather than GNU binutils. They
|
|
should be drop-in replacements, with the addition of arm64 support.
|
|
The WITHOUT_ELFTOOLCHAIN_TOOLS= knob may be used to obtain the
|
|
binutils tools, if necessary.
|
|
|
|
20150105:
|
|
The default Unbound configuration now enables remote control
|
|
using a local socket. Users who have already enabled the
|
|
local_unbound service should regenerate their configuration
|
|
by running "service local_unbound setup" as root.
|
|
|
|
20150102:
|
|
The GNU texinfo and GNU info pages have been removed.
|
|
To be able to view GNU info pages please install texinfo from ports.
|
|
|
|
20141231:
|
|
Clang, llvm and lldb have been upgraded to 3.5.0 release.
|
|
|
|
As of this release, a prerequisite for building clang, llvm and lldb is
|
|
a C++11 capable compiler and C++11 standard library. This means that to
|
|
be able to successfully build the cross-tools stage of buildworld, with
|
|
clang as the bootstrap compiler, your system compiler or cross compiler
|
|
should either be clang 3.3 or later, or gcc 4.8 or later, and your
|
|
system C++ library should be libc++, or libdstdc++ from gcc 4.8 or
|
|
later.
|
|
|
|
On any standard FreeBSD 10.x or 11.x installation, where clang and
|
|
libc++ are on by default (that is, on x86 or arm), this should work out
|
|
of the box.
|
|
|
|
On 9.x installations where clang is enabled by default, e.g. on x86 and
|
|
powerpc, libc++ will not be enabled by default, so libc++ should be
|
|
built (with clang) and installed first. If both clang and libc++ are
|
|
missing, build clang first, then use it to build libc++.
|
|
|
|
On 8.x and earlier installations, upgrade to 9.x first, and then follow
|
|
the instructions for 9.x above.
|
|
|
|
Sparc64 and mips users are unaffected, as they still use gcc 4.2.1 by
|
|
default, and do not build clang.
|
|
|
|
Many embedded systems are resource constrained, and will not be able to
|
|
build clang in a reasonable time, or in some cases at all. In those
|
|
cases, cross building bootable systems on amd64 is a workaround.
|
|
|
|
This new version of clang introduces a number of new warnings, of which
|
|
the following are most likely to appear:
|
|
|
|
-Wabsolute-value
|
|
|
|
This warns in two cases, for both C and C++:
|
|
* When the code is trying to take the absolute value of an unsigned
|
|
quantity, which is effectively a no-op, and almost never what was
|
|
intended. The code should be fixed, if at all possible. If you are
|
|
sure that the unsigned quantity can be safely cast to signed, without
|
|
loss of information or undefined behavior, you can add an explicit
|
|
cast, or disable the warning.
|
|
|
|
* When the code is trying to take an absolute value, but the called
|
|
abs() variant is for the wrong type, which can lead to truncation.
|
|
If you want to disable the warning instead of fixing the code, please
|
|
make sure that truncation will not occur, or it might lead to unwanted
|
|
side-effects.
|
|
|
|
-Wtautological-undefined-compare and
|
|
-Wundefined-bool-conversion
|
|
|
|
These warn when C++ code is trying to compare 'this' against NULL, while
|
|
'this' should never be NULL in well-defined C++ code. However, there is
|
|
some legacy (pre C++11) code out there, which actively abuses this
|
|
feature, which was less strictly defined in previous C++ versions.
|
|
|
|
Squid and openjdk do this, for example. The warning can be turned off
|
|
for C++98 and earlier, but compiling the code in C++11 mode might result
|
|
in unexpected behavior; for example, the parts of the program that are
|
|
unreachable could be optimized away.
|
|
|
|
20141222:
|
|
The old NFS client and server (kernel options NFSCLIENT, NFSSERVER)
|
|
kernel sources have been removed. The .h files remain, since some
|
|
utilities include them. This will need to be fixed later.
|
|
If "mount -t oldnfs ..." is attempted, it will fail.
|
|
If the "-o" option on mountd(8), nfsd(8) or nfsstat(1) is used,
|
|
the utilities will report errors.
|
|
|
|
20141121:
|
|
The handling of LOCAL_LIB_DIRS has been altered to skip addition of
|
|
directories to top level SUBDIR variable when their parent
|
|
directory is included in LOCAL_DIRS. Users with build systems with
|
|
such hierarchies and without SUBDIR entries in the parent
|
|
directory Makefiles should add them or add the directories to
|
|
LOCAL_DIRS.
|
|
|
|
20141109:
|
|
faith(4) and faithd(8) have been removed from the base system. Faith
|
|
has been obsolete for a very long time.
|
|
|
|
20141104:
|
|
vt(4), the new console driver, is enabled by default. It brings
|
|
support for Unicode and double-width characters, as well as
|
|
support for UEFI and integration with the KMS kernel video
|
|
drivers.
|
|
|
|
You may need to update your console settings in /etc/rc.conf,
|
|
most probably the keymap. During boot, /etc/rc.d/syscons will
|
|
indicate what you need to do.
|
|
|
|
vt(4) still has issues and lacks some features compared to
|
|
syscons(4). See the wiki for up-to-date information:
|
|
https://wiki.freebsd.org/Newcons
|
|
|
|
If you want to keep using syscons(4), you can do so by adding
|
|
the following line to /boot/loader.conf:
|
|
kern.vty=sc
|
|
|
|
20141102:
|
|
pjdfstest has been integrated into kyua as an opt-in test suite.
|
|
Please see share/doc/pjdfstest/README for more details on how to
|
|
execute it.
|
|
|
|
20141009:
|
|
gperf has been removed from the base system for architectures
|
|
that use clang. Ports that require gperf will obtain it from the
|
|
devel/gperf port.
|
|
|
|
20140923:
|
|
pjdfstest has been moved from tools/regression/pjdfstest to
|
|
contrib/pjdfstest .
|
|
|
|
20140922:
|
|
At svn r271982, The default linux compat kernel ABI has been adjusted
|
|
to 2.6.18 in support of the linux-c6 compat ports infrastructure
|
|
update. If you wish to continue using the linux-f10 compat ports,
|
|
add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
|
|
encouraged to update their linux-compat packages to linux-c6 during
|
|
their next update cycle.
|
|
|
|
20140729:
|
|
The ofwfb driver, used to provide a graphics console on PowerPC when
|
|
using vt(4), no longer allows mmap() of all physical memory. This
|
|
will prevent Xorg on PowerPC with some ATI graphics cards from
|
|
initializing properly unless x11-servers/xorg-server is updated to
|
|
1.12.4_8 or newer.
|
|
|
|
20140723:
|
|
The xdev targets have been converted to using TARGET and
|
|
TARGET_ARCH instead of XDEV and XDEV_ARCH.
|
|
|
|
20140719:
|
|
The default unbound configuration has been modified to address
|
|
issues with reverse lookups on networks that use private
|
|
address ranges. If you use the local_unbound service, run
|
|
"service local_unbound setup" as root to regenerate your
|
|
configuration, then "service local_unbound reload" to load the
|
|
new configuration.
|
|
|
|
20140709:
|
|
The GNU texinfo and GNU info pages are not built and installed
|
|
anymore, WITH_INFO knob has been added to allow to built and install
|
|
them again.
|
|
UPDATE: see 20150102 entry on texinfo's removal
|
|
|
|
20140708:
|
|
The GNU readline library is now an INTERNALLIB - that is, it is
|
|
statically linked into consumers (GDB and variants) in the base
|
|
system, and the shared library is no longer installed. The
|
|
devel/readline port is available for third party software that
|
|
requires readline.
|
|
|
|
20140702:
|
|
The Itanium architecture (ia64) has been removed from the list of
|
|
known architectures. This is the first step in the removal of the
|
|
architecture.
|
|
|
|
20140701:
|
|
Commit r268115 has added NFSv4.1 server support, merged from
|
|
projects/nfsv4.1-server. Since this includes changes to the
|
|
internal interfaces between the NFS related modules, a full
|
|
build of the kernel and modules will be necessary.
|
|
__FreeBSD_version has been bumped.
|
|
|
|
20140629:
|
|
The WITHOUT_VT_SUPPORT kernel config knob has been renamed
|
|
WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
|
|
which differs from the behaviour controlled by this knob.)
|
|
|
|
20140619:
|
|
Maximal length of the serial number in CTL was increased from 16 to
|
|
64 chars, that breaks ABI. All CTL-related tools, such as ctladm
|
|
and ctld, need to be rebuilt to work with a new kernel.
|
|
|
|
20140606:
|
|
The libatf-c and libatf-c++ major versions were downgraded to 0 and
|
|
1 respectively to match the upstream numbers. They were out of
|
|
sync because, when they were originally added to FreeBSD, the
|
|
upstream versions were not respected. These libraries are private
|
|
and not yet built by default, so renumbering them should be a
|
|
non-issue. However, unclean source trees will yield broken test
|
|
programs once the operator executes "make delete-old-libs" after a
|
|
"make installworld".
|
|
|
|
Additionally, the atf-sh binary was made private by moving it into
|
|
/usr/libexec/. Already-built shell test programs will keep the
|
|
path to the old binary so they will break after "make delete-old"
|
|
is run.
|
|
|
|
If you are using WITH_TESTS=yes (not the default), wipe the object
|
|
tree and rebuild from scratch to prevent spurious test failures.
|
|
This is only needed once: the misnumbered libraries and misplaced
|
|
binaries have been added to OptionalObsoleteFiles.inc so they will
|
|
be removed during a clean upgrade.
|
|
|
|
20140512:
|
|
Clang and llvm have been upgraded to 3.4.1 release.
|
|
|
|
20140508:
|
|
We bogusly installed src.opts.mk in /usr/share/mk. This file should
|
|
be removed to avoid issues in the future (and has been added to
|
|
ObsoleteFiles.inc).
|
|
|
|
20140505:
|
|
/etc/src.conf now affects only builds of the FreeBSD src tree. In the
|
|
past, it affected all builds that used the bsd.*.mk files. The old
|
|
behavior was a bug, but people may have relied upon it. To get this
|
|
behavior back, you can .include /etc/src.conf from /etc/make.conf
|
|
(which is still global and isn't changed). This also changes the
|
|
behavior of incremental builds inside the tree of individual
|
|
directories. Set MAKESYSPATH to ".../share/mk" to do that.
|
|
Although this has survived make universe and some upgrade scenarios,
|
|
other upgrade scenarios may have broken. At least one form of
|
|
temporary breakage was fixed with MAKESYSPATH settings for buildworld
|
|
as well... In cases where MAKESYSPATH isn't working with this
|
|
setting, you'll need to set it to the full path to your tree.
|
|
|
|
One side effect of all this cleaning up is that bsd.compiler.mk
|
|
is no longer implicitly included by bsd.own.mk. If you wish to
|
|
use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
|
|
as well.
|
|
|
|
20140430:
|
|
The lindev device has been removed since /dev/full has been made a
|
|
standard device. __FreeBSD_version has been bumped.
|
|
|
|
20140424:
|
|
The knob WITHOUT_VI was added to the base system, which controls
|
|
building ex(1), vi(1), etc. Older releases of FreeBSD required ex(1)
|
|
in order to reorder files share/termcap and didn't build ex(1) as a
|
|
build tool, so building/installing with WITH_VI is highly advised for
|
|
build hosts for older releases.
|
|
|
|
This issue has been fixed in stable/9 and stable/10 in r277022 and
|
|
r276991, respectively.
|
|
|
|
20140418:
|
|
The YES_HESIOD knob has been removed. It has been obsolete for
|
|
a decade. Please move to using WITH_HESIOD instead or your builds
|
|
will silently lack HESIOD.
|
|
|
|
20140405:
|
|
The uart(4) driver has been changed with respect to its handling
|
|
of the low-level console. Previously the uart(4) driver prevented
|
|
any process from changing the baudrate or the CLOCAL and HUPCL
|
|
control flags. By removing the restrictions, operators can make
|
|
changes to the serial console port without having to reboot.
|
|
However, when getty(8) is started on the serial device that is
|
|
associated with the low-level console, a misconfigured terminal
|
|
line in /etc/ttys will now have a real impact.
|
|
Before upgrading the kernel, make sure that /etc/ttys has the
|
|
serial console device configured as 3wire without baudrate to
|
|
preserve the previous behaviour. E.g:
|
|
ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
|
|
|
|
20140306:
|
|
Support for libwrap (TCP wrappers) in rpcbind was disabled by default
|
|
to improve performance. To re-enable it, if needed, run rpcbind
|
|
with command line option -W.
|
|
|
|
20140226:
|
|
Switched back to the GPL dtc compiler due to updates in the upstream
|
|
dts files not being supported by the BSDL dtc compiler. You will need
|
|
to rebuild your kernel toolchain to pick up the new compiler. Core dumps
|
|
may result while building dtb files during a kernel build if you fail
|
|
to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
|
|
|
|
20140216:
|
|
Clang and llvm have been upgraded to 3.4 release.
|
|
|
|
20140216:
|
|
The nve(4) driver has been removed. Please use the nfe(4) driver
|
|
for NVIDIA nForce MCP Ethernet adapters instead.
|
|
|
|
20140212:
|
|
An ABI incompatibility crept into the libc++ 3.4 import in r261283.
|
|
This could cause certain C++ applications using shared libraries built
|
|
against the previous version of libc++ to crash. The incompatibility
|
|
has now been fixed, but any C++ applications or shared libraries built
|
|
between r261283 and r261801 should be recompiled.
|
|
|
|
20140204:
|
|
OpenSSH will now ignore errors caused by kernel lacking of Capsicum
|
|
capability mode support. Please note that enabling the feature in
|
|
kernel is still highly recommended.
|
|
|
|
20140131:
|
|
OpenSSH is now built with sandbox support, and will use sandbox as
|
|
the default privilege separation method. This requires Capsicum
|
|
capability mode support in kernel.
|
|
|
|
20140128:
|
|
The libelf and libdwarf libraries have been updated to newer
|
|
versions from upstream. Shared library version numbers for
|
|
these two libraries were bumped. Any ports or binaries
|
|
requiring these two libraries should be recompiled.
|
|
__FreeBSD_version is bumped to 1100006.
|
|
|
|
20140110:
|
|
If a Makefile in a tests/ directory was auto-generating a Kyuafile
|
|
instead of providing an explicit one, this would prevent such
|
|
Makefile from providing its own Kyuafile in the future during
|
|
NO_CLEAN builds. This has been fixed in the Makefiles but manual
|
|
intervention is needed to clean an objdir if you use NO_CLEAN:
|
|
# find /usr/obj -name Kyuafile | xargs rm -f
|
|
|
|
20131213:
|
|
The behavior of gss_pseudo_random() for the krb5 mechanism
|
|
has changed, for applications requesting a longer random string
|
|
than produced by the underlying enctype's pseudo-random() function.
|
|
In particular, the random string produced from a session key of
|
|
enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
|
|
be different at the 17th octet and later, after this change.
|
|
The counter used in the PRF+ construction is now encoded as a
|
|
big-endian integer in accordance with RFC 4402.
|
|
__FreeBSD_version is bumped to 1100004.
|
|
|
|
20131108:
|
|
The WITHOUT_ATF build knob has been removed and its functionality
|
|
has been subsumed into the more generic WITHOUT_TESTS. If you were
|
|
using the former to disable the build of the ATF libraries, you
|
|
should change your settings to use the latter.
|
|
|
|
20131025:
|
|
The default version of mtree is nmtree which is obtained from
|
|
NetBSD. The output is generally the same, but may vary
|
|
slightly. If you found you need identical output adding
|
|
"-F freebsd9" to the command line should do the trick. For the
|
|
time being, the old mtree is available as fmtree.
|
|
|
|
20131014:
|
|
libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
|
|
This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
|
|
1.1.4_8 and verify bsdyml not linked in, before running "make
|
|
delete-old-libs":
|
|
# make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
|
|
or
|
|
# pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
|
|
|
|
20131010:
|
|
The rc.d/jail script has been updated to support jail(8)
|
|
configuration file. The "jail_<jname>_*" rc.conf(5) variables
|
|
for per-jail configuration are automatically converted to
|
|
/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
|
|
This is transparently backward compatible. See below about some
|
|
incompatibilities and rc.conf(5) manual page for more details.
|
|
|
|
These variables are now deprecated in favor of jail(8) configuration
|
|
file. One can use "rc.d/jail config <jname>" command to generate
|
|
a jail(8) configuration file in /var/run/jail.<jname>.conf without
|
|
running the jail(8) utility. The default pathname of the
|
|
configuration file is /etc/jail.conf and can be specified by
|
|
using $jail_conf or $jail_<jname>_conf variables.
|
|
|
|
Please note that jail_devfs_ruleset accepts an integer at
|
|
this moment. Please consider to rewrite the ruleset name
|
|
with an integer.
|
|
|
|
20130930:
|
|
BIND has been removed from the base system. If all you need
|
|
is a local resolver, simply enable and start the local_unbound
|
|
service instead. Otherwise, several versions of BIND are
|
|
available in the ports tree. The dns/bind99 port is one example.
|
|
|
|
With this change, nslookup(1) and dig(1) are no longer in the base
|
|
system. Users should instead use host(1) and drill(1) which are
|
|
in the base system. Alternatively, nslookup and dig can
|
|
be obtained by installing the dns/bind-tools port.
|
|
|
|
20130916:
|
|
With the addition of unbound(8), a new unbound user is now
|
|
required during installworld. "mergemaster -p" can be used to
|
|
add the user prior to installworld, as documented in the handbook.
|
|
|
|
20130911:
|
|
OpenSSH is now built with DNSSEC support, and will by default
|
|
silently trust signed SSHFP records. This can be controlled with
|
|
the VerifyHostKeyDNS client configuration setting. DNSSEC support
|
|
can be disabled entirely with the WITHOUT_LDNS option in src.conf.
|
|
|
|
20130906:
|
|
The GNU Compiler Collection and C++ standard library (libstdc++)
|
|
are no longer built by default on platforms where clang is the system
|
|
compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
|
|
options in src.conf.
|
|
|
|
20130905:
|
|
The PROCDESC kernel option is now part of the GENERIC kernel
|
|
configuration and is required for the rwhod(8) to work.
|
|
If you are using custom kernel configuration, you should include
|
|
'options PROCDESC'.
|
|
|
|
20130905:
|
|
The API and ABI related to the Capsicum framework was modified
|
|
in backward incompatible way. The userland libraries and programs
|
|
have to be recompiled to work with the new kernel. This includes the
|
|
following libraries and programs, but the whole buildworld is
|
|
advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
|
|
kdump, procstat, rwho, rwhod, uniq.
|
|
|
|
20130903:
|
|
AES-NI intrinsic support has been added to gcc. The AES-NI module
|
|
has been updated to use this support. A new gcc is required to build
|
|
the aesni module on both i386 and amd64.
|
|
|
|
20130821:
|
|
The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
|
|
Thus "device padlock_rng" and "device rdrand_rng" should be
|
|
used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
|
|
|
|
20130813:
|
|
WITH_ICONV has been split into two feature sets. WITH_ICONV now
|
|
enables just the iconv* functionality and is now on by default.
|
|
WITH_LIBICONV_COMPAT enables the libiconv api and link time
|
|
compatability. Set WITHOUT_ICONV to build the old way.
|
|
If you have been using WITH_ICONV before, you will very likely
|
|
need to turn on WITH_LIBICONV_COMPAT.
|
|
|
|
20130806:
|
|
INVARIANTS option now enables DEBUG for code with OpenSolaris and
|
|
Illumos origin, including ZFS. If you have INVARIANTS in your
|
|
kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
|
|
explicitly.
|
|
DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
|
|
locks if WITNESS option was set. Because that generated a lot of
|
|
witness(9) reports and all of them were believed to be false
|
|
positives, this is no longer done. New option OPENSOLARIS_WITNESS
|
|
can be used to achieve the previous behavior.
|
|
|
|
20130806:
|
|
Timer values in IPv6 data structures now use time_uptime instead
|
|
of time_second. Although this is not a user-visible functional
|
|
change, userland utilities which directly use them---ndp(8),
|
|
rtadvd(8), and rtsold(8) in the base system---need to be updated
|
|
to r253970 or later.
|
|
|
|
20130802:
|
|
find -delete can now delete the pathnames given as arguments,
|
|
instead of only files found below them or if the pathname did
|
|
not contain any slashes. Formerly, the following error message
|
|
would result:
|
|
|
|
find: -delete: <path>: relative path potentially not safe
|
|
|
|
Deleting the pathnames given as arguments can be prevented
|
|
without error messages using -mindepth 1 or by changing
|
|
directory and passing "." as argument to find. This works in the
|
|
old as well as the new version of find.
|
|
|
|
20130726:
|
|
Behavior of devfs rules path matching has been changed.
|
|
Pattern is now always matched against fully qualified devfs
|
|
path and slash characters must be explicitly matched by
|
|
slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
|
|
subdirectories must be reviewed.
|
|
|
|
20130716:
|
|
The default ARM ABI has changed to the ARM EABI. The old ABI is
|
|
incompatible with the ARM EABI and all programs and modules will
|
|
need to be rebuilt to work with a new kernel.
|
|
|
|
To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
|
|
|
|
NOTE: Support for the old ABI will be removed in the future and
|
|
users are advised to upgrade.
|
|
|
|
20130709:
|
|
pkg_install has been disconnected from the build if you really need it
|
|
you should add WITH_PKGTOOLS in your src.conf(5).
|
|
|
|
20130709:
|
|
Most of network statistics structures were changed to be able
|
|
keep 64-bits counters. Thus all tools, that work with networking
|
|
statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
|
|
|
|
20130629:
|
|
Fix targets that run multiple make's to use && rather than ;
|
|
so that subsequent steps depend on success of previous.
|
|
|
|
NOTE: if building 'universe' with -j* on stable/8 or stable/9
|
|
it would be better to start the build using bmake, to avoid
|
|
overloading the machine.
|
|
|
|
20130618:
|
|
Fix a bug that allowed a tracing process (e.g. gdb) to write
|
|
to a memory-mapped file in the traced process's address space
|
|
even if neither the traced process nor the tracing process had
|
|
write access to that file.
|
|
|
|
20130615:
|
|
CVS has been removed from the base system. An exact copy
|
|
of the code is available from the devel/cvs port.
|
|
|
|
20130613:
|
|
Some people report the following error after the switch to bmake:
|
|
|
|
make: illegal option -- J
|
|
usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
|
|
...
|
|
*** [buildworld] Error code 2
|
|
|
|
this likely due to an old instance of make in
|
|
${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
|
|
which src/Makefile will use that blindly, if it exists, so if
|
|
you see the above error:
|
|
|
|
rm -rf `make -V MAKEPATH`
|
|
|
|
should resolve it.
|
|
|
|
20130516:
|
|
Use bmake by default.
|
|
Whereas before one could choose to build with bmake via
|
|
-DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
|
|
make. The goal is to remove these knobs for 10-RELEASE.
|
|
|
|
It is worth noting that bmake (like gmake) treats the command
|
|
line as the unit of failure, rather than statements within the
|
|
command line. Thus '(cd some/where && dosomething)' is safer
|
|
than 'cd some/where; dosomething'. The '()' allows consistent
|
|
behavior in parallel build.
|
|
|
|
20130429:
|
|
Fix a bug that allows NFS clients to issue READDIR on files.
|
|
|
|
20130426:
|
|
The WITHOUT_IDEA option has been removed because
|
|
the IDEA patent expired.
|
|
|
|
20130426:
|
|
The sysctl which controls TRIM support under ZFS has been renamed
|
|
from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
|
|
enabled by default.
|
|
|
|
20130425:
|
|
The mergemaster command now uses the default MAKEOBJDIRPREFIX
|
|
rather than creating it's own in the temporary directory in
|
|
order allow access to bootstrapped versions of tools such as
|
|
install and mtree. When upgrading from version of FreeBSD where
|
|
the install command does not support -l, you will need to
|
|
install a new mergemaster command if mergemaster -p is required.
|
|
This can be accomplished with the command (cd src/usr.sbin/mergemaster
|
|
&& make install).
|
|
|
|
20130404:
|
|
Legacy ATA stack, disabled and replaced by new CAM-based one since
|
|
FreeBSD 9.0, completely removed from the sources. Kernel modules
|
|
atadisk and atapi*, user-level tools atacontrol and burncd are
|
|
removed. Kernel option `options ATA_CAM` is now permanently enabled
|
|
and removed.
|
|
|
|
20130319:
|
|
SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
|
|
and socketpair(2). Software, in particular Kerberos, may
|
|
automatically detect and use these during building. The resulting
|
|
binaries will not work on older kernels.
|
|
|
|
20130308:
|
|
CTL_DISABLE has also been added to the sparc64 GENERIC (for further
|
|
information, see the respective 20130304 entry).
|
|
|
|
20130304:
|
|
Recent commits to callout(9) changed the size of struct callout,
|
|
so the KBI is probably heavily disturbed. Also, some functions
|
|
in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
|
|
by macros. Every kernel module using it won't load, so rebuild
|
|
is requested.
|
|
|
|
The ctl device has been re-enabled in GENERIC for i386 and amd64,
|
|
but does not initialize by default (because of the new CTL_DISABLE
|
|
option) to save memory. To re-enable it, remove the CTL_DISABLE
|
|
option from the kernel config file or set kern.cam.ctl.disable=0
|
|
in /boot/loader.conf.
|
|
|
|
20130301:
|
|
The ctl device has been disabled in GENERIC for i386 and amd64.
|
|
This was done due to the extra memory being allocated at system
|
|
initialisation time by the ctl driver which was only used if
|
|
a CAM target device was created. This makes a FreeBSD system
|
|
unusable on 128MB or less of RAM.
|
|
|
|
20130208:
|
|
A new compression method (lz4) has been merged to -HEAD. Please
|
|
refer to zpool-features(7) for more information.
|
|
|
|
Please refer to the "ZFS notes" section of this file for information
|
|
on upgrading boot ZFS pools.
|
|
|
|
20130129:
|
|
A BSD-licensed patch(1) variant has been added and is installed
|
|
as bsdpatch, being the GNU version the default patch.
|
|
To inverse the logic and use the BSD-licensed one as default,
|
|
while having the GNU version installed as gnupatch, rebuild
|
|
and install world with the WITH_BSD_PATCH knob set.
|
|
|
|
20130121:
|
|
Due to the use of the new -l option to install(1) during build
|
|
and install, you must take care not to directly set the INSTALL
|
|
make variable in your /etc/make.conf, /etc/src.conf, or on the
|
|
command line. If you wish to use the -C flag for all installs
|
|
you may be able to add INSTALL+=-C to /etc/make.conf or
|
|
/etc/src.conf.
|
|
|
|
20130118:
|
|
The install(1) option -M has changed meaning and now takes an
|
|
argument that is a file or path to append logs to. In the
|
|
unlikely event that -M was the last option on the command line
|
|
and the command line contained at least two files and a target
|
|
directory the first file will have logs appended to it. The -M
|
|
option served little practical purpose in the last decade so its
|
|
use is expected to be extremely rare.
|
|
|
|
20121223:
|
|
After switching to Clang as the default compiler some users of ZFS
|
|
on i386 systems started to experience stack overflow kernel panics.
|
|
Please consider using 'options KSTACK_PAGES=4' in such configurations.
|
|
|
|
20121222:
|
|
GEOM_LABEL now mangles label names read from file system metadata.
|
|
Mangling affect labels containing spaces, non-printable characters,
|
|
'%' or '"'. Device names in /etc/fstab and other places may need to
|
|
be updated.
|
|
|
|
20121217:
|
|
By default, only the 10 most recent kernel dumps will be saved. To
|
|
restore the previous behaviour (no limit on the number of kernel dumps
|
|
stored in the dump directory) add the following line to /etc/rc.conf:
|
|
|
|
savecore_flags=""
|
|
|
|
20121201:
|
|
With the addition of auditdistd(8), a new auditdistd user is now
|
|
required during installworld. "mergemaster -p" can be used to
|
|
add the user prior to installworld, as documented in the handbook.
|
|
|
|
20121117:
|
|
The sin6_scope_id member variable in struct sockaddr_in6 is now
|
|
filled by the kernel before passing the structure to the userland via
|
|
sysctl or routing socket. This means the KAME-specific embedded scope
|
|
id in sin6_addr.s6_addr[2] is always cleared in userland application.
|
|
This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
|
|
__FreeBSD_version is bumped to 1000025.
|
|
|
|
20121105:
|
|
On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
|
|
This means that the world and kernel will be compiled with clang
|
|
and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
|
|
and /usr/bin/cpp. To disable this behavior and revert to building
|
|
with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
|
|
of current may need to bootstrap WITHOUT_CLANG first if the clang
|
|
build fails (its compatibility window doesn't extend to the 9 stable
|
|
branch point).
|
|
|
|
20121102:
|
|
The IPFIREWALL_FORWARD kernel option has been removed. Its
|
|
functionality now turned on by default.
|
|
|
|
20121023:
|
|
The ZERO_COPY_SOCKET kernel option has been removed and
|
|
split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
|
|
NB: SOCKET_SEND_COW uses the VM page based copy-on-write
|
|
mechanism which is not safe and may result in kernel crashes.
|
|
NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
|
|
driver supports disposeable external page sized mbuf storage.
|
|
Proper replacements for both zero-copy mechanisms are under
|
|
consideration and will eventually lead to complete removal
|
|
of the two kernel options.
|
|
|
|
20121023:
|
|
The IPv4 network stack has been converted to network byte
|
|
order. The following modules need to be recompiled together
|
|
with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
|
|
pf(4), ipfw(4), ng_ipfw(4), stf(4).
|
|
|
|
20121022:
|
|
Support for non-MPSAFE filesystems was removed from VFS. The
|
|
VFS_VERSION was bumped, all filesystem modules shall be
|
|
recompiled.
|
|
|
|
20121018:
|
|
All the non-MPSAFE filesystems have been disconnected from
|
|
the build. The full list includes: codafs, hpfs, ntfs, nwfs,
|
|
portalfs, smbfs, xfs.
|
|
|
|
20121016:
|
|
The interface cloning API and ABI has changed. The following
|
|
modules need to be recompiled together with kernel:
|
|
ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
|
|
vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
|
|
faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
|
|
|
|
20121015:
|
|
The sdhci driver was split in two parts: sdhci (generic SD Host
|
|
Controller logic) and sdhci_pci (actual hardware driver).
|
|
No kernel config modifications are required, but if you
|
|
load sdhc as a module you must switch to sdhci_pci instead.
|
|
|
|
20121014:
|
|
Import the FUSE kernel and userland support into base system.
|
|
|
|
20121013:
|
|
The GNU sort(1) program has been removed since the BSD-licensed
|
|
sort(1) has been the default for quite some time and no serious
|
|
problems have been reported. The corresponding WITH_GNU_SORT
|
|
knob has also gone.
|
|
|
|
20121006:
|
|
The pfil(9) API/ABI for AF_INET family has been changed. Packet
|
|
filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
|
|
with new kernel.
|
|
|
|
20121001:
|
|
The net80211(4) ABI has been changed to allow for improved driver
|
|
PS-POLL and power-save support. All wireless drivers need to be
|
|
recompiled to work with the new kernel.
|
|
|
|
20120913:
|
|
The random(4) support for the VIA hardware random number
|
|
generator (`PADLOCK') is no longer enabled unconditionally.
|
|
Add the padlock_rng device in the custom kernel config if
|
|
needed. The GENERIC kernels on i386 and amd64 do include the
|
|
device, so the change only affects the custom kernel
|
|
configurations.
|
|
|
|
20120908:
|
|
The pf(4) packet filter ABI has been changed. pfctl(8) and
|
|
snmp_pf module need to be recompiled to work with new kernel.
|
|
|
|
20120828:
|
|
A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
|
|
to -HEAD. Pools that have empty_bpobj in active state can not be
|
|
imported read-write with ZFS implementations that do not support
|
|
this feature. For more information read the zpool-features(5)
|
|
manual page.
|
|
|
|
20120727:
|
|
The sparc64 ZFS loader has been changed to no longer try to auto-
|
|
detect ZFS providers based on diskN aliases but now requires these
|
|
to be explicitly listed in the OFW boot-device environment variable.
|
|
|
|
20120712:
|
|
The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
|
|
libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
|
|
configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
|
|
|
|
20120712:
|
|
The following sysctls and tunables have been renamed for consistency
|
|
with other variables:
|
|
kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
|
|
kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
|
|
|
|
20120628:
|
|
The sort utility has been replaced with BSD sort. For now, GNU sort
|
|
is also available as "gnusort" or the default can be set back to
|
|
GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
|
|
installed as "bsdsort".
|
|
|
|
20120611:
|
|
A new version of ZFS (pool version 5000) has been merged to -HEAD.
|
|
Starting with this version the old system of ZFS pool versioning
|
|
is superseded by "feature flags". This concept enables forward
|
|
compatibility against certain future changes in functionality of ZFS
|
|
pools. The first read-only compatible "feature flag" for ZFS pools
|
|
is named "com.delphix:async_destroy". For more information
|
|
read the new zpool-features(5) manual page.
|
|
Please refer to the "ZFS notes" section of this file for information
|
|
on upgrading boot ZFS pools.
|
|
|
|
20120417:
|
|
The malloc(3) implementation embedded in libc now uses sources imported
|
|
as contrib/jemalloc. The most disruptive API change is to
|
|
/etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
|
|
delete it prior to installworld, and optionally re-create it using the
|
|
new format after rebooting. See malloc.conf(5) for details
|
|
(specifically the TUNING section and the "opt.*" entries in the MALLCTL
|
|
NAMESPACE section).
|
|
|
|
20120328:
|
|
Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
|
|
is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
|
|
now spelled mips. This is to aid compatibility with third-party
|
|
software that expects this naming scheme in uname(3). Little-endian
|
|
settings are unchanged. If you are updating a big-endian mips64 machine
|
|
from before this change, you may need to set MACHINE_ARCH=mips64 in
|
|
your environment before the new build system will recognize your machine.
|
|
|
|
20120306:
|
|
Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
|
|
platforms.
|
|
|
|
20120229:
|
|
Now unix domain sockets behave "as expected" on nullfs(5). Previously
|
|
nullfs(5) did not pass through all behaviours to the underlying layer,
|
|
as a result if we bound to a socket on the lower layer we could connect
|
|
only to the lower path; if we bound to the upper layer we could connect
|
|
only to the upper path. The new behavior is one can connect to both the
|
|
lower and the upper paths regardless what layer path one binds to.
|
|
|
|
20120211:
|
|
The getifaddrs upgrade path broken with 20111215 has been restored.
|
|
If you have upgraded in between 20111215 and 20120209 you need to
|
|
recompile libc again with your kernel. You still need to recompile
|
|
world to be able to configure CARP but this restriction already
|
|
comes from 20111215.
|
|
|
|
20120114:
|
|
The set_rcvar() function has been removed from /etc/rc.subr. All
|
|
base and ports rc.d scripts have been updated, so if you have a
|
|
port installed with a script in /usr/local/etc/rc.d you can either
|
|
hand-edit the rcvar= line, or reinstall the port.
|
|
|
|
An easy way to handle the mass-update of /etc/rc.d:
|
|
rm /etc/rc.d/* && mergemaster -i
|
|
|
|
20120109:
|
|
panic(9) now stops other CPUs in the SMP systems, disables interrupts
|
|
on the current CPU and prevents other threads from running.
|
|
This behavior can be reverted using the kern.stop_scheduler_on_panic
|
|
tunable/sysctl.
|
|
The new behavior can be incompatible with kern.sync_on_panic.
|
|
|
|
20111215:
|
|
The carp(4) facility has been changed significantly. Configuration
|
|
of the CARP protocol via ifconfig(8) has changed, as well as format
|
|
of CARP events submitted to devd(8) has changed. See manual pages
|
|
for more information. The arpbalance feature of carp(4) is currently
|
|
not supported anymore.
|
|
|
|
Size of struct in_aliasreq, struct in6_aliasreq has changed. User
|
|
utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
|
|
need to be recompiled.
|
|
|
|
20111122:
|
|
The acpi_wmi(4) status device /dev/wmistat has been renamed to
|
|
/dev/wmistat0.
|
|
|
|
20111108:
|
|
The option VFS_ALLOW_NONMPSAFE option has been added in order to
|
|
explicitely support non-MPSAFE filesystems.
|
|
It is on by default for all supported platform at this present
|
|
time.
|
|
|
|
20111101:
|
|
The broken amd(4) driver has been replaced with esp(4) in the amd64,
|
|
i386 and pc98 GENERIC kernel configuration files.
|
|
|
|
20110930:
|
|
sysinstall has been removed
|
|
|
|
20110923:
|
|
The stable/9 branch created in subversion. This corresponds to the
|
|
RELENG_9 branch in CVS.
|
|
|
|
COMMON ITEMS:
|
|
|
|
General Notes
|
|
-------------
|
|
Avoid using make -j when upgrading. While generally safe, there are
|
|
sometimes problems using -j to upgrade. If your upgrade fails with
|
|
-j, please try again without -j. From time to time in the past there
|
|
have been problems using -j with buildworld and/or installworld. This
|
|
is especially true when upgrading between "distant" versions (eg one
|
|
that cross a major release boundary or several minor releases, or when
|
|
several months have passed on the -current branch).
|
|
|
|
Sometimes, obscure build problems are the result of environment
|
|
poisoning. This can happen because the make utility reads its
|
|
environment when searching for values for global variables. To run
|
|
your build attempts in an "environmental clean room", prefix all make
|
|
commands with 'env -i '. See the env(1) manual page for more details.
|
|
|
|
When upgrading from one major version to another it is generally best
|
|
to upgrade to the latest code in the currently installed branch first,
|
|
then do an upgrade to the new branch. This is the best-tested upgrade
|
|
path, and has the highest probability of being successful. Please try
|
|
this approach before reporting problems with a major version upgrade.
|
|
|
|
When upgrading a live system, having a root shell around before
|
|
installing anything can help undo problems. Not having a root shell
|
|
around can lead to problems if pam has changed too much from your
|
|
starting point to allow continued authentication after the upgrade.
|
|
|
|
ZFS notes
|
|
---------
|
|
When upgrading the boot ZFS pool to a new version, always follow
|
|
these two steps:
|
|
|
|
1.) recompile and reinstall the ZFS boot loader and boot block
|
|
(this is part of "make buildworld" and "make installworld")
|
|
|
|
2.) update the ZFS boot block on your boot drive
|
|
|
|
The following example updates the ZFS boot block on the first
|
|
partition (freebsd-boot) of a GPT partitioned drive ada0:
|
|
"gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
|
|
|
|
Non-boot pools do not need these updates.
|
|
|
|
To build a kernel
|
|
-----------------
|
|
If you are updating from a prior version of FreeBSD (even one just
|
|
a few days old), you should follow this procedure. It is the most
|
|
failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
|
|
|
|
make kernel-toolchain
|
|
make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
|
|
make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
|
|
|
|
To test a kernel once
|
|
---------------------
|
|
If you just want to boot a kernel once (because you are not sure
|
|
if it works, or if you want to boot a known bad kernel to provide
|
|
debugging information) run
|
|
make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
|
|
nextboot -k testkernel
|
|
|
|
To just build a kernel when you know that it won't mess you up
|
|
--------------------------------------------------------------
|
|
This assumes you are already running a CURRENT system. Replace
|
|
${arch} with the architecture of your machine (e.g. "i386",
|
|
"arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
|
|
|
|
cd src/sys/${arch}/conf
|
|
config KERNEL_NAME_HERE
|
|
cd ../compile/KERNEL_NAME_HERE
|
|
make depend
|
|
make
|
|
make install
|
|
|
|
If this fails, go to the "To build a kernel" section.
|
|
|
|
To rebuild everything and install it on the current system.
|
|
-----------------------------------------------------------
|
|
# Note: sometimes if you are running current you gotta do more than
|
|
# is listed here if you are upgrading from a really old current.
|
|
|
|
<make sure you have good level 0 dumps>
|
|
make buildworld
|
|
make kernel KERNCONF=YOUR_KERNEL_HERE
|
|
[1]
|
|
<reboot in single user> [3]
|
|
mergemaster -Fp [5]
|
|
make installworld
|
|
mergemaster -Fi [4]
|
|
make delete-old [6]
|
|
<reboot>
|
|
|
|
To cross-install current onto a separate partition
|
|
--------------------------------------------------
|
|
# In this approach we use a separate partition to hold
|
|
# current's root, 'usr', and 'var' directories. A partition
|
|
# holding "/", "/usr" and "/var" should be about 2GB in
|
|
# size.
|
|
|
|
<make sure you have good level 0 dumps>
|
|
<boot into -stable>
|
|
make buildworld
|
|
make buildkernel KERNCONF=YOUR_KERNEL_HERE
|
|
<maybe newfs current's root partition>
|
|
<mount current's root partition on directory ${CURRENT_ROOT}>
|
|
make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
|
|
make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
|
|
make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
|
|
cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
|
|
<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
|
|
<reboot into current>
|
|
<do a "native" rebuild/install as described in the previous section>
|
|
<maybe install compatibility libraries from ports/misc/compat*>
|
|
<reboot>
|
|
|
|
|
|
To upgrade in-place from stable to current
|
|
----------------------------------------------
|
|
<make sure you have good level 0 dumps>
|
|
make buildworld [9]
|
|
make kernel KERNCONF=YOUR_KERNEL_HERE [8]
|
|
[1]
|
|
<reboot in single user> [3]
|
|
mergemaster -Fp [5]
|
|
make installworld
|
|
mergemaster -Fi [4]
|
|
make delete-old [6]
|
|
<reboot>
|
|
|
|
Make sure that you've read the UPDATING file to understand the
|
|
tweaks to various things you need. At this point in the life
|
|
cycle of current, things change often and you are on your own
|
|
to cope. The defaults can also change, so please read ALL of
|
|
the UPDATING entries.
|
|
|
|
Also, if you are tracking -current, you must be subscribed to
|
|
freebsd-current@freebsd.org. Make sure that before you update
|
|
your sources that you have read and understood all the recent
|
|
messages there. If in doubt, please track -stable which has
|
|
much fewer pitfalls.
|
|
|
|
[1] If you have third party modules, such as vmware, you
|
|
should disable them at this point so they don't crash your
|
|
system on reboot.
|
|
|
|
[3] From the bootblocks, boot -s, and then do
|
|
fsck -p
|
|
mount -u /
|
|
mount -a
|
|
cd src
|
|
adjkerntz -i # if CMOS is wall time
|
|
Also, when doing a major release upgrade, it is required that
|
|
you boot into single user mode to do the installworld.
|
|
|
|
[4] Note: This step is non-optional. Failure to do this step
|
|
can result in a significant reduction in the functionality of the
|
|
system. Attempting to do it by hand is not recommended and those
|
|
that pursue this avenue should read this file carefully, as well
|
|
as the archives of freebsd-current and freebsd-hackers mailing lists
|
|
for potential gotchas. The -U option is also useful to consider.
|
|
See mergemaster(8) for more information.
|
|
|
|
[5] Usually this step is a noop. However, from time to time
|
|
you may need to do this if you get unknown user in the following
|
|
step. It never hurts to do it all the time. You may need to
|
|
install a new mergemaster (cd src/usr.sbin/mergemaster && make
|
|
install) after the buildworld before this step if you last updated
|
|
from current before 20130425 or from -stable before 20130430.
|
|
|
|
[6] This only deletes old files and directories. Old libraries
|
|
can be deleted by "make delete-old-libs", but you have to make
|
|
sure that no program is using those libraries anymore.
|
|
|
|
[8] In order to have a kernel that can run the 4.x binaries needed to
|
|
do an installworld, you must include the COMPAT_FREEBSD4 option in
|
|
your kernel. Failure to do so may leave you with a system that is
|
|
hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
|
|
required to run the 5.x binaries on more recent kernels. And so on
|
|
for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
|
|
|
|
Make sure that you merge any new devices from GENERIC since the
|
|
last time you updated your kernel config file.
|
|
|
|
[9] When checking out sources, you must include the -P flag to have
|
|
cvs prune empty directories.
|
|
|
|
If CPUTYPE is defined in your /etc/make.conf, make sure to use the
|
|
"?=" instead of the "=" assignment operator, so that buildworld can
|
|
override the CPUTYPE if it needs to.
|
|
|
|
MAKEOBJDIRPREFIX must be defined in an environment variable, and
|
|
not on the command line, or in /etc/make.conf. buildworld will
|
|
warn if it is improperly defined.
|
|
FORMAT:
|
|
|
|
This file contains a list, in reverse chronological order, of major
|
|
breakages in tracking -current. It is not guaranteed to be a complete
|
|
list of such breakages, and only contains entries since October 10, 2007.
|
|
If you need to see UPDATING entries from before that date, you will need
|
|
to fetch an UPDATING file from an older FreeBSD release.
|
|
|
|
Copyright information:
|
|
|
|
Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
|
|
|
|
Redistribution, publication, translation and use, with or without
|
|
modification, in full or in part, in any form or format of this
|
|
document are permitted without further permission from the author.
|
|
|
|
THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
|
|
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
|
|
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
Contact Warner Losh if you have any questions about your use of
|
|
this document.
|
|
|
|
$FreeBSD$
|