This way they match the mtree and make sense and don't cause editors
to ask to override read-only files when editing them.
Exception: Not sure /etc/bluetooth/protocols makes as much sense to
edit, but the mtree says 644, so if you want to change it, make sure
to change it in both places -- Makefile and mtree.
XXX pullup-8
XXX pullup-9
Previously we would:
1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as
requested in src/etc/root/Makefile and as echoed in
/etc/mtree/special.
2. Create hard links at /.cshrc and /.profile through CONFIGLINKS.
3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change
the mode to 444.
This scenario is confusing, and mtree objects to it, which is bad for
warning fatigue in a security-relevant mechanism. (There are also
several other files mtree objects to out of the box -- we should fix
those too.)
With this change we install the links with the same mode as the
original files, in agreement with the mtree. The files, .cshrc and
.profile, are intended to be editable configuration files, so 644
makes sense while 444 makes no sense and gets in the way of editors
like vi.
Discussed on tech-userlevel:
https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html
XXX pullup-8
XXX pullup-9
The previous commit introduced the ability to install a set of
bootable images as a normal part of a release build. While this made
it easy to install bootable images, the contents of a release build
depend on whether or not U-Boot packages are installed in /usr/pkgsrc,
which is the default location searched by installboot(8).
This commit requires users to explicitly list the bootable images to
be installed, which by default is none (i.e., prior behavior).
Release builds for arm platforms create compressed images in
${RELEASEDIR}/${RELEASEMACHINEDIR}/binary/gzimg. However, in some
cases, e.g., armv7.img.gz, they are not bootable. Consequently, boot
blocks must be manually installed in the images, which is an extra
barrier for testing systems or adopting NetBSD. This has prompted
creation of external repositories, e.g., armbsd.org, to host a
collection of bootable images. However, this does not ease the burden
on developers compiling their own systems; for them, manual
installation of boot blocks is still required.
For arm platforms, etc/etc.evbarm/Makefile.inc contains the commands
used to create system images. Because installboot(8) can write boot
blocks directly to system images, a loop through possible boards can
create a series of bootable images during the normal build process.
In the case of many arm platforms, installboot(8) uses U-Boot boot
blocks, which are not part of the NetBSD source code. Developers can,
however, install as many U-Boot boot blocks as desired, either in the
default location of /usr/pkg/share/u-boot or in a set of directories
pointed to by the U-Boot search path, the INSTALLBOOT_UBOOT_PATHS
environment variable. For each board with an available boot block, a
board-specific bootable image will be created in
${RELEASEDIR}/${RELEASEMACHINEDIR}/binary/gzimg. If a boot block is
not available, which is the typical situation currently, no additional
image will be created.
This facility creates opportunities to build bootable images for any
number of boards within the scope of a standard release build.
However, that is not required and will not occur without the
intervention of installing U-Boot boot blocks prior to the build.
Remove support for building extsrc/:
1. Makefile: remove do-extsrc target.
2. build.sh: remove options -y and -Y extsrcdir.
3. distrib/sets: remove support for extsrc in various tools
including the options -L ext and -y, and the extsrc sets.
4. doc/BUILDING.mdoc: remove docs for extsrc/, EXTSRCSRCDIR, MKEXTSRC (etc)
5. bsd.own.mk and various Makefiles: remove support for extsrc/,
EXTSRCSRCDIR, MKEXTSRC.
As proposed on tech-kern and tech-userlevel on 2022-01-07
and followed up on 2022-08-21.
viocon* at virtio?
/dev/ttyVI??
Tested under qemu with:
qemu-system-aarch64 ... \
-device virtio-serial \
-chardev socket,path=/tmp/ttyVI00,server=on,wait=off,id=ttyVI00 \
-device virtconsole,chardev=ttyVI00,name=org.NetBSD.dev.ttyVI00 \
...
I updated MAKEDEV.conf to create /dev/ttyVI?? on all ports where it
looks likely to work based on:
(a) having pci or a non-pci virtio attachment,
(b) `qemu-system-$ARCH -M ?' mentioned something resembling the port,
and
(c) `qemu-system-$ARCH -device virtio-serial' launched without
complaining about the virtio-serial device.
(Criterion (c) excluded sparc and sparc64.)
Note that realpath can act differently for root than for other users
(where an ordinary user will see EACCESS root just barrels right through).
The tests adapt themselves, when run as root, less error cases can be
tested than when run as some other user.
in /etc/conf/raid/raidN (as well as in /etc/raidN.conf) (less
clutter in /etc).
Allow config files to exist for raids that are autoconfigured (just
skip anything autoconfigured) - this allows a (simplistic) recovery
mechanism if autoconf fails, and makes it simpler to enable/disable
autoconf at will, while keeping the raid working.
While here, add sh quoting where it is needed, and remove it from
where it is pointless.
unless changed by something - and has been since NetBSD 3) don't blindly
simply change it to a PATH that doesn't have /rescue in it at all.
This doesn't solve the "/rescue/tar execs /usr/bin/gzip" problem completely,
as if PATH is in the environment when /rescue/sh is started, that one will
override the shell's built in PATH, but this is better than nothing.
allow conditionally disabling the building of certain user space
programs in the 'base' set.
There is not enough consensus that this is the right way and a few
people had strong objections, see source-changes-d@.
strictly-aligned versions of memcmp(3), bcopy(3), memcpy(3), and
memmove(3).
This is used for 403 by ld.so.conf with machdep.no_unaligned variable.
With this library, unaligned memory accesses are significantly reduced
for 403 (from several hundreds to few tens per sec under heavy load);
only ld.elf_so (typically few times per fork) and statically-linked
binaries do such access.
It works --- except for:
- mvsata(4) problems (already reported repeatedly)
- NFS root with mvgbe(4) is weird; the system eventually locks up
Yes, we need to fix them...
Now that we have WSDISPLAYIO_LISTFONTS we want users to be able to use it.
NB: older kernels didn't check that WSDISPLAYIO_LDFONT was performed
on wsfont(4) device opened for writing and relied on its restrictive
root-only permissions to restrict who can load fonts.
created if it actualy did create keys (one should thing that a
function called sshd_keygen() only is called to create keys, but
the "precmd" magic makes it run every time sshd is started or stopped).
Patch from Tom Lane, with modifications suggested by kre and a minor
additional cosemtic change.
radeon has different case but same name firmware files. the lower case
ones are already installed into /libdata/firmware, and to avoid having
to provide some special method to build on systems with case-preserving
file systems (such as macOS), we install the lower case ones in /usr.
this means that anyone that requires the lower case files must either
have /usr as part of the / file system, or manually keep them updated.
last part of PR#54976, though i doubt we'll try to pull up these.
this is enabled on i386, amd64 and arm64.
first character in /etc/gpio.conf and have the rest evaluated in a
shell. It is useful to be able to do actions after setting up gpio
pins or attaching gpioiic(4).
These tests run two threads for five seconds each to try to trigger
races in the event of broken memory barriers. They run only on
machines with at least two CPUs; on uniprocessor systems there's no
point -- the membars can correctly just be (instruction barrier)
no-ops.
that "continue" is a command as intended, and not an invalid last arg to
the '[' command (the last arg is required to be ']').
Sometime the proverbial someone should go through this and remove all the
obsolete test -o and -a operators, and probably do something with test's
usage of ! as well. Not today, or not by me anyway.
in the kernel sets. Having the .gdb kernels in the EXTRA_KERNELS does not
work, since we only walk through the standard kernels in the Makefile. Also
doing DEBUG=-g in config twice does not hurt.
as the name implies, includes a netbsd.gdb inside each kernel set:
$ tar -tzvf kern-GENERIC.tgz
-rwxr-xr-x 0 root wheel 29398264 Dec 19 12:50 ./netbsd
-rwxr-xr-x 0 root wheel 208125880 Dec 19 12:50 ./netbsd.gdb
Symlinks inferred from linux-firmware/WHENCE and compared to a linux distro's
firmware.
Note: said linux distro appears to have some mistakes compared to the
linux-firmware repo in linking ucode_unload.bin to unload_bl.bin and vice
versa in some places.
I didn't replicate this aspect, and lack the hardware to test it.
Driver module as illustrated here:
https://www.sparkfun.com/products/13911
A SCMD module is a ARM SOC simular to a Arduino in front of a motor
driver chip. The single SCMD module can control two motors and up to
16 additional modules can be chained together using an internal I2C
bus. One can interface with the SCMD using tty uart commands, SPI or
I2C. The driver in this commit adds a kernel driver for the I2C and
SPI interfaces. The command line utility provides a set of
convenience commands that support most of the functions of the SCMD
and is able to use the tty uart mode, SPI user land or the included
kernel driver in a uniform manor.
The use of the SCMD module is mostly for small robots and the like,
but it can control anything that is controllable by voltage.
in /etc/rc.conf.d are loaded.
Usually this does not matter as rcvar and name are set to the same value.
For pf_boot and npf_boot, rcvar is set to pf and npf respectively.
Prior to the change, if:
rc.conf contains nfp=YES
rc.conf.d/npf does not exist
Then:
/etc/rc.d/npf_boot rcvar
outputs:
# npf_boot
$npf=YES
If:
rc.conf contains npf=NO (or is not set)
rc.conf.d/npf contains npf=YES
Then:
/etc/rc.d/npf_boot rcvar
outputs:
# npf_boot
$npf=NO
This means that in the latter case, at boot time the npfctl start command
is never run and the firewall is not operational.
sensor such as:
https://www.adafruit.com/product/2857
This is a higher priced sensor with a lot of features, including the
ability to do sub-second periodic updates. The driver supports
everything about the sensor except for the alert pin.
As well as offering a dynamic amount of iterations and memory usage,
which fits well with NetBSD's goal of running on a diverse range of
hardware devices, Argon2id offers improved resistance to GPU-based
password cracking and side channel attacks.
Introduce a /dev/efi character device that provides a means for accessing
UEFI RT variable services from userland. Compatible with the FreeBSD ioctl
interface for ease of porting their libefivar and associated tools.
The ioctl interface is defined in sys/efiio.h.
To enable support for this on an arch, the kernel needs `pseudo-device efi`
and the MD EFI implementation needs to register its backend by calling
efi_ops_register(). This commit includes an implementation for Arm.
toor is a backup account to be used in case of trouble.
When root's default shell was changed to from /bin/csh to /bin/sh,
toor lost its purpose.
/rescue/sh is an ideal choice here because it's a static binary,
while we've moved to dynamic linking for the rest of the system.
Discussed a few times over the years on tech-userlevel.
a warning to motd pointing at entropy(7) and give instructions how to
re-generate the (weak) keys after fixing up entropy.
Add a "keyregen" command, which forces regeneration of all host keys
to simplify the replacement of weak keys.
This set is only installed on amd64,i386,evbarm.
This set is installed on minimal installs and on install media, in
case someone needs it for basic driver functionality.
Comments:
Switched to a single MK tunable for it - that is probably unneeded.
An upcoming DRM update will include even fatter firmware, and we'd
like to minimize the impact of it.
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1
From their notes:
All new functionality should be explained by the updated manpage.
The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.
getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.
memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.
The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.
Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()
parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.
Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.
The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.
setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.
Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()
We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.
Security related:
The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?
We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(c5eae130d6/usr.sbin/inetd/inetd.c (L1049))
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.
be there (and the latter was removed by accident.)
regen for everyone (also picks up missing tgmath.h for many ports.)
fixes build of pkgsrc/databases/mongodb for me.
This exists for compatibility with a Linux interface which was apparently
deprecated in Linux 2.6. There are various mailing list threads going
back to 2004 where the usefulness of this driver is discussed, but
the conclusion is that scanner software has all moved to using ugen(4)
instead, and enabling this driver will not help you scan things.
This enables the use of modules for a significant build performance gain
when building with clang as host compiler or when using HAVE_LLVM=yes.
Switch libc++ to using the copy from the mono-repo.
hierarchy. This is identical to netbsd-GENERIC, except it has been
dbsym'd so that the kernel symbols are available when running under
Qemu (which loads the kernel directly, but does not load the symbol
table).
in order to make both framebuffer and serial consoles happy.
Also, change TERM from vt220 to vt100 for console and constty
in accordance with other ports.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
The output without the dollar sign is less confusing as it's actual
valid shell syntax:
$ /etc/rc.d/foo rcvar
# food
food=YES
Brought up on tech-userlevel@ by Rocky Hotas with some LGTMs from
other people and no objections.
We still refer to '$food' in warnings/errors though.
The /dev/acpi character device gives an aperture into physical memory
that allows only read access to known ACPI tables: RSDP, XSDT/RSDT, and
the root tables. Adapt acpidump(8) to use this interface by default,
falling back to the old /dev/mem method if it is not available or if
ACPIDUMP_USE_DEVMEM=1 is set in the environment. The user visible benefit
of this change is that "options INSECURE" is no longer required to
dump ACPI tables.
- Use "-6" instead of "--noipv4" as it seems more appropriate based on
the dhcpcd(8) manual page.
- Remove "-f /dev/null" as it seems unnecessary with "-6".
- Remove "--persistent" as it is in the default /etc/dhcpcd.conf,
and this way the user can change it, if they would like to (either
through dhcpcd_flags or by editing /etc/dhcpcd.conf).
The "-b" (or "--background") option is needed to avoid a timeout error
message (and a delay in booting), so it is still left in place.
- Use the "pool" keyword for obtaining servers from ntp.pool.org.
- Add "tos minclock" and "tos maxclock" to limit the number of servers.
- Add "restrict source" to apply appropriate restrictions to servers.
(Specifically "nopeer" cannot be applied to "pool" servers.)
- A single "pool" entry suffices -- using "2.netbsd.pool.ntp.org" so
that we get both IPv4 and IPv6 addresses. (No addresses are returned
for just "netbsd.pool.ntp.org.")
- Add a comment about "tinker panic 0" -- useful for VMs and laptops.
- Add a comment about "discard minimum" -- useful for some SNTP clients.
- Add an explanation for the "limited" restriction keyword.
- Unify whitespace and comment formatting.
jschauma