- also use new .St -ieee754-2008 request in *pi.3
Reviewed by: imp
Approved by markj (mentor)
See also: D53784
Differential Revision: https://reviews.freebsd.org/D53783
Make libesecureboot build, enabled when WITH_BEARSSL=y
WITH_LOADER_EFI_SECUREBOOT=y.
Copy EDK2 files related to secure boot to sys/contrib/edk2 and delete
duplicates under libsecreboot/efi/include.
Adjust efi_variables.c to build in the new environment.
Undefine MIN and MAX before include sys/param.h in libsecureboot.h. I'm
not sure that sys/param.h is needed here, but either the param.h or the
Base.h definitions are fine.
Fix include paths to reflect the new way.
Fixes: 43b8edb320
Sponsored by: Netflix
Have our own ProcessorBind.h. It just includes sys/efi-edk2.h, but
undefines TRUE, FALSE and MAC. The first two are from acpica and are
redefined to something almost the same. MAC is a global option that,
well, interferes with using EDK2, dangit. I suppose I should redefine it
after, but I don't think you can save the value of a pre-processor
variable.
This breaks a little with the tradition of having this in a seprate
directory and using build magic. However, the build is already magical
enough and having this here makes things less magical. Also, EDK2 puts
this in a processor specific directory, so we won't have conflicts (they
need it there since they run on more processors than we do: we can just
include sys/efi-edk2.h which covers the smallar variance we have in
processors).
Sponsored by: Netflix
Create efi-freebsd.h, which is safe to include from the FreeBSD context
(all of userland, except the small bits we share with edk2 and the
kernel). This defines anything that we need. At the moment, it just
includes NULL definitions.
Create efi-edk2.h, which is approximately ProcessorBind.h from edk2 that
we can include in FreeBSD compontents that are re-using edk2 components
(bits of the boot laoder, and libefi*). Update the efi_gid definitions
to match edk2 better. Add this file to badfiles.inc, since we can't
write it in a way that's compatible. This is copied from the old
efi-osdep.h.
This has to be done in one commit that's bigger than I like since we
can't easily move things piecemeal around they are so inter-related.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D53651
This new function computes the alignment of a pointer.
It is part of ISO/IEC 9899:2024, the new C standard.
If the pointer is a null pointer, null is returned.
I have tried to write an implementation that can cope
with traditional address-based architectures, even if
size_t and uintptr_t are of different length. Adjustments
may be needed for CHERI though.
A man page is provided, too. No unit test for now.
Reviewed by: kib, imp, ziaee (manpages), pauamma@gundo.com
Approved by: markj (mentor)
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D53673
OpenPAM is a discrete, largely self-contained system component.
Users may not need PAM for many use-cases (e.g. jails, containers),
so move it to its own package.
Use LIB_PACKAGE to create a separate pam-lib package for libpam,
so that applications that support PAM don't need to bring in all
the PAM modules if PAM isn't actually in use.
Add pam to the minimal sets, since this is a core system component that
people expect to be installed. This means all supported installation
methods will install the PAM modules by default, so don't add explicit
dependencies on the PAM modules from things that use PAM (e.g. runtime),
allowing custom/embedded systems to omit these easily.
This change adds a new package to the system so, until we have a proper
policy on how to handle this in release/stable branches, it should not
be MFC'd.
MFC after: never
Reviewed by: des, bapt
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53602
These are user-facing manpages, but were installed in the runtime-dev
package since the PAM modules use bsd.lib.mk. Use MANNODEV instead of
MAN to put them in the base runtime package instead.
Fixes: 031e711647 ("packages: Install development manpages in the -dev package")
MFC after: 3 days
Reviewed by: bapt
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53601
We have an existing rdma package for IB/rdma-related files, but most
of ofed isn't in that package, making it rather useless. Move all of
lib/ofed to the rdma package.
Add a separate rdma-lib package using LIB_PACKAGE, since utilities
depends on the rdma libraries and we don't want that to pull in all
of rdma.
This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.
PR: 263227
MFC after: never
Reviewed by: manu
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53604
gtest/gmock are not normally used by users unless running the tests,
so they shouldn't be in the utilities package. Move them to a new
googletest package, to match what we did with ATF/Kyua.
While here, move tests dependencies from tests-all.ucl to tests.ucl,
which is the canonical place for that.
This change adds a new package to the system so, until we have a proper
policy on how to handle this in release/stable branches, it should not
be MFC'd.
MFC after: never
Reported by: emaste
Reviewed by: manu
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53607
The libcasper package exists to contain libcasper, but for some reason
only the libcap_net service was in the package, with libcasper itself
and the rest of the services being in runtime. Move everything to the
libcasper package, except tests which stay in the tests package.
MFC after: 1 day
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53576
ZFS has since been changed to use EOPNOTSUPP instead of EINVAL, and
fusefs/nfs are following suit. POSIX Issue 8 had also made this move,
so it makes sense for us to standardize on EOPNOTSUPP.
Note in the HISTORY section where we're diverging from our previous
versions to align with the new standard.
Reviewed by: asomers, imp (both previous version), kib
Differential Revision: https://reviews.freebsd.org/D53537
Add: slider dialog.
Imported to enable testing and to complete the geomman(8) utility.
Developed as part of the "Full Disk Administration Tool for FreeBSD"
project, Braulio Rivas (brauliorivas@), Google Summer of Code 2025.
Sponsored by: Google LLC (GSoC 2025)
Merge commit '5a70558d32b9680c10ab579c7491652e0838cee4'
Add: slider dialog.
Imported to enable testing and to complete the geomman(8) utility.
Developed as part of the "Full Disk Administration Tool for FreeBSD"
project, Braulio Rivas (brauliorivas@), Google Summer of Code 2025.
Sponsored by: Google LLC (GSoC 2025)
Commit d6864221d8 added support for the _PC_CASE_INSENSITIVE
name for pathconf, to indicate if case insensitive lookups
are configured.
This patch documents this new name and also updates
the description for _PC_HAS_HIDDENSYSTEM to also
include UF_ARCHIVE.
This is a content change.
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D53508
static_libpam's Makefile includes libpam's Makefile after setting some
variables (like MAN) to empty to avoid installing the manpages twice.
After commit 031e711647, it neglected to do this for MANNODEVLINKS,
causing pam.d.5.gz to be installed twice. This is harmless for
installworld, but breaks some things that rely on METALOG (NO_ROOT
installs) since it causes two METALOG entries to be generated for
the same file.
Fixes: 031e711647 ("packages: Install development manpages in the -dev package")
MFC after: 3 days
PR: 290708
Reported by: emaste
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53512
The list of addresses is potentially very large. Larger than we can fit in a
single netlink request, so we indicate via the PFR_FLAG_START/PFR_FLAG_DONE
flags when we start and finish, so the kernel can work out which addresses need
to be removed.
Sponsored by: Rubicon Communications, LLC ("Netgate")
This picks up the accelerated string functions written by
strajabot@.
Event: Google Summer of Code 2024
MFC after: 1 month
MFC to: stable/15
See also: 79e01e7e64
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D53248
We don't support CPU hotplug, but we do support cpuset(8) restrictions
on jails (including prison0, which uses cpuset 1). The process cannot
widen its cpuset beyond its root set, so it makes sense to instead
report the number of cpus enabled there rather than the total number
in the system.
This change is effectively a nop for the majority of systems and jails
in the wild, though it does reduce the performance of this query now
that we can't take advantage of AT_NCPUS being provided in the auxinfo.
The implementation here is notably different than Linux, which would not
take cgroups into account. They do, however, take CPU hotplug into
account, so the possibility for it to diverge from (and be lower than)
the # configured count to reflect what the process can actually be
scheduled on doesn't really diverge in semantics.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52295
MAC policies, like mac_biba(4), may forbid changing the login class once
a label has been applied. For setting up the initial login context,
this isn't really expected and in-fact may break some class-based
configuration.
Defer setting the MAC label until after the login class is set, and
remove the requirement that we have a pwd entry since the label is
pulled from the login class -- we only use pwd for syslog in this path.
Patch is largely by Kevin Barry, with some modifications and this commit
message by kevans@.
PR: 177698
Reviewed by: des, olce
MFC after: 3 days
Co-authored-by: Kevin Barry <ta0kira gmail com>
Differential Revision: https://reviews.freebsd.org/D53362
zlib is a standalone third-party component, and deserves its own
package rather than living in runtime. For example, this will make
future security updates less invasive. This also means there's no
dependency on runtime for ports that just require zlib, which is
useful for service jails.
MFC after: 3 days
Reviewed by: bapt, emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53058
Set the number of rulesets (i.e., anchors) directly attached to the
anchor and its path in pfctl_get_ruleset().
While here, add a test to document this behavior.
PR: 290478
Reviewed by: kp
Fixes: 041ce1d690 ("pfctl: recursively flush rules and tables")
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53358
Also provide the pointer to the latest POSIX standard that justifies the
requirement.
Reviewed by: emaste
Discussed with: rmacklem
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53361
mac_text(3) as-written would seem to indicate that a `mac_t` should be
freed with free(3), but this isn't the case. One can derive from
context from when the change was introduced and COMPATIBILITY that this
was intended to talk about *text in `mac_to_text`, so move the comment
there.
PR: 179832
Co-authored-by: Priit Järv <priit cc ttu ee>
MFC after: 3 days
Add a new per-group SUBPACKAGE option to bsd.man.mk. When MANSPLITPKG
is enabled, this is forced to "-man", otherwise it defaults to empty
but can be overridden by the caller.
Use this in bsd.lib.mk to install library manpages in the -dev package
instead of the base package. This is nearly always preferable, since
library manpages are usually in section 2 or 3 and are only relevant
to people with development packages installed.
For manpages which should be installed in the base package even for
libraries, add a new MANNODEV group in bsd.lib.mk. Update existing
Makefiles to use this where appropriate.
MFC after: 3 days
Discussed with: olce
Reviewed by: olce
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D52832
The ffs() function conforms to IEEE Std 1003.1-2008 ("POSIX.1").
The ffsl() and ffsll() functions conform to IEEE Std 1003.1-2024 ("POSIX.1").
Reviewed by: ziaee
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D53352
Add 14.2, as this was cherry-picked prior to release.
Reported by: Harald Eilertsen
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53320