the implementation stuff in a variable CTFCONVERT_RUN
- introduce an OBJECT_TARGET variable that contains the output object file
- when we need to run ctfconvert, go through an intermediate ${.TARGET}.o
file, instead of writing directly to ${.TARGET} and then overwriting
${.TARGET} with ctfconvert. This avoids build failures after a build
got interrupted (the "partially built from C" scourge).
libraries from other DSO's. For example in /usr/bin/passwd:
ld: krb5_passwd.o: undefined reference to symbol \
'UI_UTIL_read_pw_string@@OPENSSL_1_1_0'
ld: /usr/obj/amd64-x86_64/release/lib/libcrypto.so.14: error adding symbols: \
DSO missing from command line
Define _REENTRANT for MKSANITIZER build. This is needed for at least stdio
code. This caused new build issued with duplicated symbols in few places
and rump kernel code picking different code paths borrowed from libc.
Handle all this in one go.
Add bsd.sanitizer.mk to share common code used by programs and libraries.
Switch from realall to beforeinstall target in .syms files. This is more
reliable in MKSANITIZER.
Add per-program rules to disable ASLR for ASan, TSan and MSan in all
sanitized programs. This flag is not needed for other supported sanitizers.
Without this change, sanitized init(8) dies early on startup.
Approach originally suggested by <joerg>
This adds a more flexible version of SANITIZER_RENAME_SYMBOL.
New symbol allows to specify MKSANITIZER specific renames on per-file and
per-symbol basis.
Add flags that are required to build a program and a dynamically loaded
library.
Propagade LIBCSANITIZERFLAGS to CFLAGS and CXXFLAGS.
LDFLAGS is not changed on purpose, as a libcsanitizer is inside libc
and no external dependencies are needed.
Register NOLIBCSANITIZER, as certain distribution parts will need to be
skipped.
This change:
* Removes "options PERFCTRS", the associated includes, and the associated
ifdefs. In doing so, it removes several XXXSMPs in the MI code, which is
good.
* Removes the PMC code of ARM XSCALE.
* Removes all the pmc.h files. They were all empty, except for ARM XSCALE.
* Reorders the x86 PMC code not to rely on the legacy pmc.h file. The
definitions are put in sysarch.h.
* Removes the kern/sys_pmc.c file, and along with it, the sys_pmc_control
and sys_pmc_get_info syscalls. They are marked as OBSOL in kern,
netbsd32 and rump.
* Removes the pmc_evid_t and pmc_ctr_t types.
* Removes all the associated man pages. The sets are marked as obsolete.
A new keyword SANITIZER_RENAME_SYMBOL. It's a variable that has specified
a list of symbols to be renamed in a processor in order to remove naming
conflicts with public symbols in libc/m/pthread/rt.
This renaming will occur for libraries and programs.
A symbol with a conflicting 'name', will be renamed to '__mksanitizer_name'.
Based on an idea by <christos>
Introduce a new variable SANITIZERFLAGS that contains all the sanitizer
specific flags. These flags are designed to be passed to CFLAGS, CXXFLAGS
and LDFLAGS.
Pass SANITIZERFLAGS in bsd.prog.mk rules to CFLAGS, CXXFLAGS and LDFLAGS.
Pass SANITIZERFLAGS in bsd.lib.mk rules to *_pic.a build flags. The *_pic.a
libraries are designed to construct .so libraries. All .so libraries with
few exceptions are expected to be prebuilt with a sanitizer. Another
purpuse of *_pic.a files can be constructing static PIE programs, however
they are not supported as of now and there is no sanitization of static
programs either.
Once MKSTATICPIE will be supported, it will be initially incompatible with
MKSANITIZER.
This change also makes it easier to build other targets like kernel and
kernel modules without userland sanitizers.
No functional change intended for MKSANITIZER=no users.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
libpthread_dbg(3) is a remnant library from the M:N thread model
(pre-NetBSD-5.0) API to introspect threads within a process and for use
of debuggers.
Currently in the 1:1 model it's not used in GDB neither in LLDB and it's
not either planned to be used. It's current function to read pthread_t
structures is realizable within a regular debugger capable to
instrospect objects within a tracee (GDB, LLDB...).
Remaining users of this API can still use this library from
pkgsrc/devel/libpthread_dbg.
Sponsored by <The NetBSD Foundation>
for obscure corner cases like -pie -fPIE -static (used for
/usr/tests/lib/csu/h_initfini2 if building with MKPIE=yes).
While there also replace -fPIC with -fPIE for the PIE case, even if
it should be mostly equivalent.
This variable separates CTF stuffs from MKDTRACE; we can build DTrace
solely without building and using them. This allows us to use DTrace
even if CTF stuffs have problems (actually they have now).
This variable would be merged into MKDTRACE eventually, once CTF stuffs
work correctly again.