FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
images. amd64 gets a single kernel; i386 images gets 3 kernels:
- netbsd, copy from netbsd-INSTALL_LARGE.gz, loaded by default
- nbsd-l, copy from netbsd-INSTALL_LAPTOP.gz
- nbsd-i, copy from netbsd-INSTALL.gz for those who want the traditionnal
non-ACPI kernel
- drop the bootcd-laptop image
both gets an installcd image, which is the same as bootcd but with the
binary sets in addition to kernels.
GENERIC kernels. If ACPI is an issue on your hardware, 'boot -c' and
'disable acpi' should be a workaround. ACPI-enabled kernels works fine
on pre-acpi hardware.
for amd64:
- add ACPI to INSTALL and GENERIC, remove the *_ACPI config files.
- get rid of the bootfloppy-big.fs boot image, and got to a 3-floppy boot
image
for i386:
- introduce INSTALL_LARGE which has ACPI and some devices with big firmware
- move some devices from INSTALL to INSTALL_LARGE
- Boot floppies still use INSTALL, and bootfloppy-big.fs is still there
(for thoses who want to build el-torito floppy emulation boot CD) and use
INSTALL.
For both, drop the 'iso-image' code in etc/ to make the iso bootable, we'll
use something else to build bootable CDs.
updating. Probably to an ACPI kernel that need not fit into an 'emulated floppy'
and a 'legacy' kernel that will fit.
In any case the small/tiny kernels which are really for i386 systems with
< 16MB of memory (some are sized for a 5.25" floppy) don't need to be built.
Remove bootfloppy-small, bootfloppy-tiny, rescue-tiny and bootfloppy-ps2
and associated ramdisks.
as the bootcd* CDs just with the install sets added to
the CD as well.
XXX 1) The implementation of this is rather cludgy (copying sets around),
as our makefs(8) can't put files from multiple directories into
one image -- something that mkisofs can do with 'graft' points
XXX 2) This should be run after 'build.sh release' - It would be nice
if we had a seperate stage to add such hooks in our build framework
floppies. (The build is broken again without this.) "boot-big1.fs", from
the same ramdisk as "bootN.fs", still just fits in 2880KB by virtue of the
fact that the 9KB of padding is only added once per floppy image.
The kernfs filesystem is no longer in the install kernel, and the mbrlabel
is not needed because the kernel will generate a disklabel from the mbr
information.
- Add xen devices to MAKEDEV
- Add Xen kernels to list of kernel to build
- Add INSTALL_XENU to the install kernels
- introduce the xbd disk devices to sysinst.
This will add 3 kernels to the i386 release:
XEN0 for use as a Xen domain0 kernel
XENU for use on a non-privileged domain
INSTALL_XENU to install NetBSD on a non-privileged domain virtual disk.
expect those where at least one of the language variants isn't built,
and those that are known not to have enough space (i386 ramdisk-tiny).
Files added to list.sysinst, list.sysinst.en is used when these files
cannot be added.
This might hit a size limit on another build - but I have no (sane) way of
testing it.
(I must have forgotten to commit this at the same time).
sysinst still runs in 16MB (and hasn't run in 8MB for a while).
The extra space costs almost nothing on the compressed 'floppies', but
gives more working room for the install system (eg sysinst can coredump
without filling /).
<sys/bootblock.h>:
* Added definitions for the Master Boot Record (MBR) used by
a variety of systems (primarily i386), including the format
of the BIOS Parameter Block (BPB).
This information was cribbed from a variety of sources
including <sys/disklabel_mbr.h> which this is a superset of.
As part of this, some data structure elements and #defines
were renamed to be more "namespace friendly" and consistent
with other bootblocks and MBR documentation.
Update all uses of the old names to the new names.
<sys/disklabel_mbr.h>:
* Deprecated in favor of <sys/bootblock.h> (the latter is more
"host tool" friendly).
amd64 & i386:
* Renamed /usr/mdec/bootxx_dosfs to /usr/mdec/bootxx_msdos, to
be consistent with the naming convention of the msdosfs tools.
* Removed /usr/mdec/bootxx_ufs, as it's equivalent to bootxx_ffsv1
and it's confusing to have two functionally equivalent bootblocks,
especially given that "ufs" has multiple meanings (it could be
a synonym for "ffs", or the group of ffs/lfs/ext2fs file systems).
* Rework pbr.S (the first sector of bootxx_*):
+ Ensure that BPB (bytes 11..89) and the partition table
(bytes 446..509) do not contain code.
+ Add support for booting from FAT partitions if BOOT_FROM_FAT
is defined. (Only set for bootxx_msdos).
+ Remove "dummy" partition 3; if people want to installboot(8)
these to the start of the disk they can use fdisk(8) to
create a real MBR partition table...
+ Compile with TERSE_ERROR so it fits because of the above.
Whilst this is less user friendly, I feel it's important
to have a valid partition table and BPB in the MBR/PBR.
* Renamed /usr/mdec/biosboot to /usr/mdec/boot, to be consistent
with other platforms.
* Enable SUPPORT_DOSFS in /usr/mdec/boot (stage2), so that
we can boot off FAT partitions.
* Crank version of /usr/mdec/boot to 3.1, and fix some of the other
entries in the version file.
installboot(8) (i386):
* Read the existing MBR of the filesystem and retain the BIOS
Parameter Block (BPB) in bytes 11..89 and the MBR partition
table in bytes 446..509. (Previously installboot(8) would
trash those two sections of the MBR.)
mbrlabel(8):
* Use sys/lib/libkern/xlat_mbr_fstype.c instead of homegrown code
to map the MBR partition type to the NetBSD disklabel type.
Test built "make release" for i386, and new bootblocks verified to work
(even off FAT!).
Update lists for ramdisks to include the required files.
NB /usr/sbin/installboot is not used by sysinst and is only in ramdisk-big.
Increase the sizes of the ramdisks, there is plenty of space in all the
boot floppies except rescue-tiny (2k) and boot-tiny (32k).