Commit Graph

3915 Commits

Author SHA1 Message Date
Ka Ho Ng 0a2cfd653e libkldelf: add a private library for kernel/kld-related ELF parsing
The libkldelf library was originally a part of kldxref(8). It exposed
ELF parsing helpers specialized in parsing KLDs and the kernel
executable. The library can be used to read metadata such as linker_set,
mod_depend, mod_version and PNP match info, and raw data from the ELF.

To promote the reuse of the facilities the ELF parsing code is separated
from kldxref(8) into a new private library.

kldxref(8) is modified to link against the libkldelf library.

Sponsored by:	Juniper Networks, Inc.
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D46719
2024-10-08 04:24:07 +00:00
Konstantin Belousov eade2001aa jemalloc: set LG_VADDR to 64 on amd64
and allow to revert it back to 48 with WITHOUT_JEMALLOC_LG_VADDR_WIDE build
option.

Reviewed by:	andrew, emaste
Sponsored by:	Advanced Micro Devices (AMD)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D46686
2024-09-27 01:54:25 +03:00
Ahmad Khalifa fe3f792f9a Add build option for the ia32 loader
In preparation for supporting 64-bit machines with 32-bit UEFI firmware,
add a build option for compiling the ia32 loader. Currently unused.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
2024-09-20 08:45:05 -06:00
Mark Johnston 24affded3d src.conf: Add a MK_ZFS_TESTS knob
The in-tree ZFS test suite is somewhat outdated and I see a number of
failures there.  I tend to think that we want to integrate the OpenZFS
test suite somehow, replacing the legacy one, though it's also possible
to run that as a separate test suite.

In any case, if one wants to run the OpenZFS test suite separately, it's
useful to be able to disable installation of the legacy ZFS test suite,
so let's provide a src.conf option to do that.

Reviewed by:	asomers
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D46476
2024-09-07 14:36:28 +00:00
Jose Luis Duran 973bbdab47 mk: Add a BTI-report linker feature
Add support for specifying how to report the missing Branch Target
Identification (BTI) linker feature on AArch64.

For:

Kernel:    bti-report on when the linker supports it
Userspace: bti-report on when the linker supports it and
           BTI_REPORT_ERROR is defined

Fixes:	43e8849bc2 ("conf: Enable BTI checking in the arm64 kernel")
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1393
2024-08-30 16:03:17 +00:00
Ed Maste aa0bc761d2 bsd.symver.mk: pass $CFLAGS to $CPP invocation
This allows us to support symbols optionally available based on
configuration, not just on compiler built-in #defines.

Reviewed by:	brooks, jrtc27
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45346
2024-08-20 21:17:52 -04:00
Warner Losh 20d35d5817 loader: Add WITH/WITHOUT_LOADER_PXEBOOT build option
Make it possible to disable pxeboot. This loader will fail to build when
it's too large. When /boot/loader needs to be larger like that, this
options will disable a component whose build will fail. It is an explicit
option rather than implicit when things are too large to force the user to
make the explicit tradeoffs rather than wonder why they have a stale pxeboot
or other odd failure mode.

MFC After:		3 days
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D46212
2024-08-06 17:22:36 -06:00
Simon J. Gerraty a2b67d4a6e Update dirdeps.mk to latest
Also add meta2deps.{py,sh} to FILES so they get installed/staged

Reviewed by: stevek
2024-07-29 12:48:56 -07:00
Ed Maste ba373fca78 Do not clean (in buildworld/buildkernel) by default
As discussed on the freebsd-arch mailing list[1].  For historical
reasons FreeBSD's buildworld and buildkernel targets started by cleaning
the object tree, for traditional (non-metamode) builds.

Cleaning is not necessary when dependencies are properly tracked, and we
have a somewhat kludgey script[2] to handle some known cases where deps
were mishandled by traditional builds.  Be consistent with the vast
majority of open source build systems by default, and do not clean at
the beginning of buildworld or buildkernel.

Users may set WITH_CLEAN in src.conf(5) to restore the previous
behaviour, or run `make cleanworld` and/or `make cleankernel` before
starting a build.

[1] https://lists.freebsd.org/archives/freebsd-arch/2024-July/000727.html
[2] tools/build/depend-cleanup.sh

Reviewed by:	jhb, imp
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46172
2024-07-29 13:16:52 -04:00
Cy Schubert a90b9d0159 wpa: Import 2.11
Following is a changelog of new features and fixes to wpa:

hostapd:
* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
  drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
  - use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
  to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
  - this is based on additional details being added in the IEEE 802.11
    standard
  - the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
  (a mitigation for CVE-2023-52424; disabled by default for now, can be
  enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions

wpa_supplicant:
* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* MACsec
  - add support for GCM-AES-256 cipher suite
  - remove incorrect EAP Session-Id length constraint
  - add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
  - support BSS color updates
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
  - discard unencrypted EAPOL frames in additional cases
  - use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
  to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
  - extend support for secure ranging
  - allow PASN implementation to be used with external programs for
    Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
  - this is based on additional details being added in the IEEE 802.11
    standard
  - the new implementation is not backwards compatible, but PMKSA
    caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
  for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
  to improve security for still unfortunately common invalid
  configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
  (a mitigation for CVE-2023-52424; disabled by default for now, can be
  enabled with ssid_protection=1)
  - in addition, verify SSID after key setup when beacon protection is
    used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions

MFC after:	2 months

Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
2024-07-23 12:49:40 -07:00
Warner Losh e9ac41698b Remove residual blank line at start of Makefile
This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
2024-07-15 16:43:39 -06:00
Andrew Turner 06999c8a3a share/mk: Remove armv6 support
It is being removed from the tree. Remove the build infrastructure to
configure armv6 builds.

Reviewed by:	manu, imp, emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D45643
2024-07-12 11:31:54 +00:00
Colin Percival 19597c0233 Fix typo in previous commit
I fixed this when I tested the patch, but apparently forgot to commit
the typo fix into my local git tree.  ".ORDER" -> ".ORDER:".

MFC after:	5 minutes
Fixes:	187d696a0a "bsd.progs.mk: Create directories first"
Sponsored by:	Amazon
2024-07-10 08:08:20 -07:00
Colin Percival 187d696a0a bsd.progs.mk: Create directories first
Order installdirs before the $p.install targets; this is necessary
when a user of <bsd.progs.mk> also creates the directory into which
the binaries are installed.

In particular, without this patch running `make installworld -jN` can
break when installing tests since the /usr/tests/foo/bar directories
are created during installworld; this has been causing the stable/14
weekly snapshot builds to intermittently fail for months.

MFC after:	5 minutes
Sponsored by:	Amazon
Differential Revision:	https://reviews.freebsd.org/D45923
2024-07-10 07:47:18 -07:00
Andrew Turner e726eed75d share/mk: Remove pre-armv7 example architectures
These are already removed from the tree, or are in the process of being
removed.

Reviewed by:	manu, imp, emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D45638
2024-06-20 09:26:14 +00:00
Jessica Clarke 3cc91b7751 Revert "src.sys.obj.mk: Export OBJTOP"
Unfortunately this results in make universe's environment, i.e.
corresponding to the host, being used for every one of its sub-makes, so
they're in the wrong place and trample over each other.

This reverts commit 2b7c1402f9.
2024-06-03 00:33:52 +01:00
Simon J. Gerraty 2b7c1402f9 src.sys.obj.mk: Export OBJTOP
If we had to set OBJTOP we want to .export it (if .MAKE.LEVEL > 0)
for the benefit of things like x!= ${.MAKE} -r ... and similar.

Without OBJTOP, the default MAKEOBJDIR setting will result in
attempting to use an objdir like /lib or /bin etc in some cases.

This patch is based on D30990
with the addition of the check for level > 0.

Reviewed by: jrtc27
Differential Revision:        <https://reviews.freebsd.org/D30990>
2024-05-28 11:51:31 -07:00
Andrew Turner 82854693ae arm64: Allow userspace to be built with PAC and BTI
Add the WITH/WITHOUT_BRANCH_PROTECTION build flags. This can be used
to enable the use of pointer authentication (FEAT_PAuth) and branch
target identification (FEAT_BTI) in userspace.

The kernel already handles both of these is userspace, we just need
to enable it.

Leave disabled for a short period for this to settle before enabling.

Reviewed by:	emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D42596
2024-05-22 17:02:26 +00:00
Brooks Davis 6edb14c006 Make WITHOUT_UNDEFINED_VERSION the default
Link with --no-undefined-version by default.  Will detect and prevent
the accidental removal of symbols from versioned libraries.

(cherry picked from commit 4510f2ca91)
This reverts commit b25ceb97ed.

Reviewed by:	arichardson, kib, dim, emaste
Differential Revision:	https://reviews.freebsd.org/D44216
2024-05-20 15:40:19 +01:00
Brooks Davis 16d8dfde0c aarch64: disable LIB32 with gcc
gcc doesn't have -m32 support on aarch64 so mark LIB32 broken there.

We have to check both COMPILER_TYPE and X_COMPILER_TYPE becuase
X_COMPILER_TYPE is only conditionally set and COMPILER_TYPE is the host
compiler in Makefile.inc1.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D45089
2024-05-17 17:01:18 +01:00
Kyle Evans 9bfd3b4076 Add a build knob for _FORTIFY_SOURCE
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0.  For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.

include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.

Reviewed by:	des, markj
Relnotes:	yes
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D32308
2024-05-13 00:23:50 -05:00
John Baldwin 2da066ef6d libnvmf: Add internal library to support NVMe over Fabrics
libnvmf provides APIs for transmitting and receiving Command and
Response capsules along with data associated with NVMe commands.
Capsules are represented by 'struct nvmf_capsule' objects.

Capsules are transmitted and received on queue pairs represented by
'struct nvmf_qpair' objects.

Queue pairs belong to an association represented by a 'struct
nvmf_association' object.

libnvmf provides additional helper APIs to assist with constructing
command capsules for a host, response capsules for a controller,
connecting queue pairs to a remote controller and optionally
offloading connected queues to an in-kernel host, accepting queue pair
connections from remote hosts and optionally offloading connected
queues to an in-kernel controller, constructing controller data
structures for local controllers, etc.

libnvmf also includes an internal transport abstraction as well as an
implementation of a userspace TCP transport.

libnvmf is primarily intended for ease of use and low-traffic use cases
such as establishing connections that are handed off to the kernel.
As such, it uses a simple API built on blocking I/O.

For a host, a consumer first populates an 'struct
nvmf_association_params' with a set of parameters shared by all queue
pairs for a single association such as whether or not to use SQ flow
control and header and data digests and creates a 'struct
nvmf_association' object.  The consumer is responsible for
establishing a TCP socket for each queue pair.  This socket is
included in the 'struct nvmf_qpair_params' passed to 'nvmf_connect' to
complete transport-specific negotiation, send a Fabrics Connect
command, and wait for the Connect reply. Upon success, a new 'struct
nvmf_qpair' object is returned.  This queue pair can then be used to
send and receive capsules.  A command capsule is allocated, populated
with an SQE and optional data buffer, and transmitted via
nvmf_host_transmit_command.  The consumer can then wait for a reply
via nvmf_host_wait_for_response.  The library also provides some
wrapper functions such as nvmf_read_property and nvmf_write_property
which send a command and wait for a response synchronously.

For a controller, a consumer uses a single association for a set of
incoming connections.  A consumer can choose to use multiple
associations (e.g. a separate association for connections to a
discovery controller listening on a different port than I/O
controllers).  The consumer is responsible for accepting TCP sockets
directly, but once a socket has been accepted it is passed to
nvmf_accept to perform transport-specific negotiation and wait for the
Connect command.  Similar to nvmf_connect, nvmf_accept returns a newly
construct nvmf_qpair.  However, in contrast to nvmf_connect,
nvmf_accept does not complete the Fabrics negotiation.  The consumer
must explicitly send a response capsule before waiting for additional
command capsules to arrive.  In particular, in the kernel offload
case, the Connect command and data are provided to the kernel
controller and the Connect response capsule is sent by the kernel once
it is ready to handle the new queue pair.

For userspace controller command handling, the consumer uses
nvmf_controller_receive_capsule to wait for a command capsule.
nvmf_receive_controller_data is used to retrieve any data from a
command (e.g. the data for a WRITE command).  It can be called
multiple times to split the data transfer into smaller sizes.
nvmf_send_controller_data is used to send data to a remote host in
response to a command.  It also sends a response capsule indicating
success, or an error if an internal error occurs.  nvmf_send_response
is used to send a response without associated data.  There are also
several convenience wrappers such as nvmf_send_success and
nvmf_send_generic_error.

Reviewed by:	imp
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D44710
2024-05-02 16:28:16 -07:00
Brooks Davis b25ceb97ed Revert "Make WITHOUT_UNDEFINED_VERSION the default"
This is causing failures on gcc13 CI builds so those need to be fixed
or worked around.

This reverts commit 4510f2ca91.
2024-05-02 22:55:08 +01:00
Brooks Davis 4510f2ca91 Make WITHOUT_UNDEFINED_VERSION the default
Link with --no-undefined-version by default.  Will detect and prevent
the accidental removal of symbols from versioned libraries.

Reviewed by:	arichardson, kib, dim, emaste
Differential Revision:	https://reviews.freebsd.org/D44216
2024-05-02 18:13:39 +01:00
Brooks Davis 68cbb072fd Revert "config.mk: Add MK_VIMAGE knob"
This commit broke "make makeman" checks in github CI due to a lack of
option description files.  The split between VIMAGE and VIMAGE_SUPPORT
is not clearly justified and the code is broken because there is no
opt_vimage.h (it's in opt_global.h).

This reverts commit 22ca6db50f.
2024-04-25 22:43:36 +01:00
Simon J. Gerraty 0135101e23 meta.autodep.mk do not override start_utc
Update meta.autodep.mk
If included at level 0 it is important not to override start_utc
2024-04-24 12:25:42 -07:00
John Baldwin ee3187f6fa Remove the MK_NVME build option
The drivers and utilities are now built and installed unconditionally.

Reviewed by:	imp, emaste
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D44843
2024-04-23 11:47:44 -07:00
Ed Maste 91d35fb663 Remove WITHOUT_CAPSICUM build support
Capsicum is non-optional as of c24c117b96 ("Remove
WITHOUT_{CAPSICUM,CASPER} options").

`#ifndef WITHOUT_CAPSICUM` is left in the source for the benefit of
downstream consumers, but is never defined in FreeBSD.

Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D42077
2024-04-23 08:26:28 -04:00
Enji Cooper b571bcea54 bsd.subdir.mk: improve SUBDIR.${MK_FOO} advice
- Remove superfluous whitespace by removing trailing whitespace
  before `\` (line continuation character)
- Quote `SUBDIR.` to clarify the fact that this is a variable
  reference--not the end of a sentence.
2024-04-21 09:30:09 -07:00
Simon J. Gerraty f697b9d03d Update sys.dirdeps.mk set default DEP_*
Even at level 0 it is handy to default DEP_*
used by Makefile.depend* to aid the first include if
in a leaf dir.

Reviewed by: stevek
2024-04-18 14:07:24 -07:00
Dimitry Andric 2fd73b7126 share/mk/bsd.cpu.mk: add F16C feature for i386 and amd64 architectures
As discussed in bug 278417, some ports require the F16C instruction set
to compile, but there is no way yet to detect whether the currently
chosen CPUTYPE supports this feature.

Add the feature to the MACHINE_CPU variable, for each processor that
supports it. The list of processors was extracted from clang 18's -dM
output, filtered on the __F16C__ define.

PR:		278417
Reviewed by:	brooks, emaste
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D44848
2024-04-18 20:42:21 +02:00
Warner Losh 2fda3ab0ac WITH_NVME: Remove from broken.
NVME works everywhere, so we can eliminate this. We may remove the
option altogether.

Sponsored by:		Netflix
Discussed with:		ken, jhb
2024-04-16 21:30:19 -06:00
Lexi Winter 3075939da4 src.libnames.mk: fix LIBPFCTL definition
Following the convention used in the rest of this file, ${LIBPFCTLDIR}
should refer to the directory, and ${LIBPFCTL} to the library itself.

Instead, both values were assigned to ${LIBPFCTL}, and ${LIBPFCTLDIR} was
not set at all.

This appears to be a simple typo and not a deliberate choice, so fix it
by assigning the directory name to ${LIBPFCTLDIR} instead.
2024-04-15 23:27:05 +02:00
Stephen J. Kiernan 22ca6db50f config.mk: Add MK_VIMAGE knob
Default to VIMAGE as yes.
Add VIMAGE to __DEFAULT_DEPENDENT_OPTIONS (to define VIMAGE_SUPPORT)

Only output VIMAGE to opt_global.h when VIMAGE support is wanted.

Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D39636
2024-04-09 13:05:56 -04:00
Stephen J. Kiernan 3abd36c68f sys.mk: Define HOST_CC as CC by default.
This allows for setting a different compiler for building hostprogs
when cross compiling.

Obtained from:	Juniper Networks, Inc.
Reviewed by:	sjg
Differential Revision:	https://reviews.freebsd.org/D44536
2024-03-27 18:21:50 -04:00
Dag-Erling Smørgrav d9a9f23d0b diff: Integrate libdiff from OpenBSD GoT.
This adds support for two new diff algorithms, Myers diff and Patience
diff.

These algorithms perform a different form of search compared to the
classic Stone algorithm and support escapes when worst case scenarios
are encountered.

Add the -A flag to allow selection of the algorithm, but default to
using the new Myers diff implementation.

The libdiff implementation currently only supports a subset of input and
output options supported by diff.  When these options are used, but the
algorithm is not selected, automatically fallback to the classic Stone
algorithm until support for these modes can be added.

Based on work originally done by thj@ with contributions from kevans@.

Sponsored by:	Klara, Inc.
Reviewed by:	thj
Differential Revision:	https://reviews.freebsd.org/D44302
2024-03-27 11:03:33 +01:00
Mark Johnston f29af8618b libfdt: Make an internal FDT library available
This will be used by bhyve to build a device tree when booting arm64
guests.

Reviewed by:	corvink, jhb
MFC after:	1 week
Sponsored by:	Innovate UK
Differential Revision:	https://reviews.freebsd.org/D40994
2024-03-21 01:05:05 -04:00
Brooks Davis 66957ade1e bsd.opts.mk: drop transtion aid for NO_* options
Setting NO_CTF, NO_DEBUG_FILES, NO_INSTALLLIB, NO_MAN, NO_PROFILE,
and NO_WARNS was deprecated in 2014 and made an error prior to the
13.0.0 release in commit d3a5bf95f2.
Likewise, NO_WERROR was made an error prior to 13.0.0 in commit
7fa2f2a62f.

Remove this transition aid making these variables no-ops as setting them
will result in an error on all supported releases.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D44345
2024-03-15 23:00:46 +00:00
Warner Losh d2a824c29d share/mk: Don't install only differing in case files on case insensitive fs
MacOS has case insensitive filesystems by default. So trying to link
between foo.X and FOO.X causes an error of some sort since we unlink the
old foo file destroying the newly installed foo due to the insensitive
nature of the FS. Assume that this is true on darwin/macos, though it is
only try by default there.

Perhaps install should grow smarts to know when this is the case, though
that looked much trickier. There didn't seem to be a flag to check. This
would be better, imho, since we could still write the METALOG data
correctly (images created from these metalogs are imperfect due to this
relatively issue...).

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D44347
2024-03-15 09:01:25 -06:00
Baptiste Daroussin a42d6f7601 nuageinit: add basic support for cloudinit.
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.

It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)

The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
  'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4

With this one is able to use the 'bring your own image feature" out of
box.

It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.

It is designed to be only run once via the firstboot mecanism.

Sponsored by:	OVHCloud
MFC After:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D44141
2024-03-15 09:22:16 +01:00
Simon J. Gerraty f974ced38a Update dirdeps.mk et al
bmake-20240309 includes updates to dirdeps and meta mode makefiles
2024-03-13 22:51:08 -07:00
Brooks Davis 2956f5885c Add an UNDEFINED_VERSION option
When enabled (current default) link with --undefined-version to allow
symbol maps to contain symbols not defined by libraries.  When disabled,
link with --no-undefined-version to disallow these bugs.

WITHOUT_UNDEFINED_VERSION is currently broken.  Once it is fixed it
should be made the default and this option should likely be removed.

Reviewed by:	dim, emaste
Differential Revision:	https://reviews.freebsd.org/D44169
2024-03-01 23:22:11 +00:00
Simon J. Gerraty 8aea77bc3b Add share/mk/local.dirdeps-targets.mk
To include site.dirdeps-targets.mk
2024-02-27 13:37:50 -08:00
Warner Losh 0da51f1f6a Add missing .endif
Last second move from inside the prior block to outside bites me.

Noticed by: jrtc23
Fixes: dcb621efd6
Sponsored by:		Netflix
2024-02-22 10:17:34 -07:00
Warner Losh dcb621efd6 loader: Mark BEARSSL broken on powerpc
When BEARSSL is enabled, we pull in libsecureboot, which has EFI
dependencies which don't exist on powerpc. This needs to be detangled,
but until then mark it as broken.

Sponsored by:		Netflix
2024-02-22 10:08:12 -07:00
Brooks Davis 99ea675731 lib{c,sys}: move auxargs more firmly into libsys
Continue to filter the public interface (elf_aux_info()), but entierly
relocate the private interfaces (_elf_aux_info(),
__init_elf_aux_vector(), and __elf_aux_vector) to libsys.

This ensures that rtld updates the correct (only) copy of
__elf_aux_vector.  After 968a18975a
updates were confused and __getosreldate was failing, causing
the system to fall back to compat compat12 syscalls in some cases.

Return to explicitly linking libc to libsys and link libthr with libc
and libsys (in that order).

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D43910
2024-02-19 22:44:08 +00:00
Warner Losh 63e9c97664 loader: Add new option WITH_LOADER_BIOS_TEXTONLY
This option will omit all the graphics support, the teken terminal
library, video mode support, etc and support a simple, basic, text-only
video console for the x86 BIOS boot loader. It uses the FreeBSD 12
version of vidconsole.c. It defaults to NO.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D43912
2024-02-17 23:29:07 -07:00
Dimitry Andric 73ff7384e0 Optionally create full debuginfo for llvm-related executables
Commit de6feefdb7 limited the amount of debuginfo generated for clang
and other llvm-related executables. This was done to save disk space and
memory during building, but it makes debugging any of these executables
much harder.

Add a new src.conf(5) setting, WITH_LLVM_FULL_DEBUGINFO, to generate
full debuginfo instead. This is off by default, but could for example be
enabled for release builds or snapshots, so llvm executables are easier
to debug.

Reviewed by:	emaste
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D43839
2024-02-17 00:15:32 +01:00
Martin Matuska a4e5e0106a zfs: merge openzfs/zfs@229b9f4ed
Notable upstream pull request merges:
 #15769 082338875 Add 'zpool status -e' flag to see unhealthy vdevs
 #15804 a0d3fe72b libzdb: Initial breakout of libzdb
 #15847 229b9f4ed LUA: Backport CVE-2020-24370's patch

Obtained from:	OpenZFS
OpenZFS commit:	229b9f4ed0
2024-02-08 16:51:08 +01:00
Brooks Davis 49076f376a libc: don't directly link libsys
It is sufficent to add it as a filter.

Reported by:	kib
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D43781
2024-02-07 19:50:47 +00:00