Commit Graph

293 Commits

Author SHA1 Message Date
nia 1569bcc0b3 cgdconfig(8): Add an argon2id password-based key generation method
This provides an extra level of side-channel and cracking resistance
compared to the pre-existing pkcs5_pbkdf2/sha1 method used for
password-based disk encryption.

Several new keygen parameters are supported:

	memory (integer, in kilobytes)
	parallelism (integer, usually the number of CPU cores)
	version (integer, usually 19...)

We do our best to calibrate these automatically when the paramsfile
is initially generated.

lgtm riastradh@
2021-11-22 14:34:35 +00:00
christos e8ee02e023 Use ${MACHINE_MIPS64} 2021-04-25 23:43:20 +00:00
jkoshy 3d43236771 Avoid duplicate directory traversals when building Elftoolchain sources. 2021-04-09 20:49:05 +00:00
jkoshy d2544b1c1b Redo r1.288: traverse the complete imported Elftoolchain tree during a build. 2021-04-08 08:10:30 +00:00
jkoshy ffb100ca4c Attempt to unbreak the build by reverting r1.288. 2021-04-06 21:13:04 +00:00
jkoshy f42f5ef49e Traverse the complete imported Elftoolchain tree during a build. 2021-04-06 20:13:43 +00:00
christos d54a6e0c5d Add blocklist support to libwrap which enables all programs using libwrap
to block access from hosts we deny. (libwrap support from Greg A. Woods)
2021-03-07 15:09:12 +00:00
nia 0a229fd396 lib: Move sqlite, since it depends on libm 2020-10-29 20:11:17 +00:00
jmcneill c9f4e317e7 Add HAVE_NVMM and use it to control the build of NVMM related components.
Defined to "yes" on amd64, "no" everywhere else.
2020-09-26 17:49:49 +00:00
christos 2f0bfbf344 Rename blacklist -> blocklist 2020-06-15 01:57:29 +00:00
christos 56e4243b76 Add libuv 2020-05-24 19:29:19 +00:00
christos c260c42c09 remove smbfs 2020-04-04 17:56:22 +00:00
tnn 15173c72e8 libp2k still needs to be under MKRUMP 2020-03-18 00:37:29 +00:00
christos a3dab7b65f pam and tpm have nothing to do with rump, so limit them to the libraries that
need MKRUMP. (from Tobias Nygren)
2020-03-17 22:20:48 +00:00
christos 66ab3c9c4f move the pam module after the trench where pam is being build 2020-03-03 20:01:01 +00:00
rin 1bdcb77c81 Comment that libpam depends on libssh. 2020-03-03 14:29:57 +00:00
christos e54fad504b Move libpam to the next trench since it depends on ssh 2020-03-03 12:54:51 +00:00
riastradh 422017511d Remove unfinished hack I accidentally committed in 2017.
This caused make to unconditionally take ages running useless
submakes in every subdirectory.  Accidentally committed during the
MKCRYPTO option removal when I was presumably experimenting with
automating library dependency generation in lib.

Should shave a few seconds at least off every build!
2020-03-03 04:20:50 +00:00
christos 06535827bc Add libcbor, libfido2 2020-03-03 00:37:05 +00:00
christos 8282cab4e4 move file/lib after xz 2019-12-18 02:46:21 +00:00
joerg 76c7fc5f6b Update LLVM to 10.0.0git (01f3a59fb3e2542fce74c768718f594d0debd0da) 2019-11-11 22:44:56 +00:00
mrg 1db21b1df3 fix MKCXX=no:
- don't build GDB
- don't build sanitizers
- don't build GCC commands
- fix some set lists
2019-08-23 08:17:26 +00:00
nakayama 063ec26a98 Don't build compat LLVM PIC libraries since it is unused if MKCOMPATX11 == "no". 2019-05-10 09:42:46 +00:00
joerg 0a0d40923d Add MKLLVMRT to build a subset of the LLVM stack for JIT purposes.
Hook up AMDGPU backend for clang.
2019-04-03 15:21:58 +00:00
christos 121f466a26 add libjemalloc for the non-standard jemalloc symbols. 2019-03-12 15:14:02 +00:00
maya 23353681a0 revert previous.
This breaks 64bit builds, it attempts to build a compat library too
and it fails to find headers for it.
2019-03-04 08:22:19 +00:00
maya d47cd4f3e8 Traverse into external/bsd/llvm/lib when building libraries.
This allows things that occur after lib (like do-x11) to depend on llvm
libraries already existing.

We need libexecinfo, so adding llvm after the 2nd library barrier.
2019-03-03 17:55:04 +00:00
mrg 1958a4b9ee move sqlite earlier in its section. my build often sits with only 3
processes active here for quite some time otherwise.
2018-12-24 22:02:32 +00:00
martin 53fe79071f Too much magic involved - revert previous. 2018-11-13 09:24:37 +00:00
martin 9b49821e7c Move conditionals for libnvmm to subdir makefile, requested boy mrg. 2018-11-13 09:00:08 +00:00
martin c0f5d6f2fc Do not build a compat i386 version of libnvmm. 2018-11-12 09:25:42 +00:00
maxv 2760ca24b5 Add libnvmm, NetBSD's new virtualization API. It provides a way for VMM
software to effortlessly create and manage virtual machines via NVMM.

It is mostly complete, only nvmm_assist_mem needs to be filled -- I have
a draft for that, but it needs some more care. This Mem Assist should
not be needed when emulating a system in x2apic mode, so theoretically
the current form of libnvmm is sufficient to emulate a whole class of
systems.

Generally speaking, there are so many modes in x86 that it is difficult
to handle each corner case without introducing a ton of checks that just
slow down the common-case execution. Currently we check a limited number
of things; we may add more checks in the future if they turn out to be
needed, but that's rather low priority.

Libnvmm is compiled and installed only on amd64. A man page (reviewed by
wiz@) is provided.
2018-11-10 09:28:56 +00:00
christos 3271408c58 Add libnv 2018-09-08 14:11:41 +00:00
christos 491e774596 switch to the new bind. 2018-08-12 13:01:55 +00:00
maxv 18f65af8ea Retire libpmc. It uses the legacy PMC interface in the kernel, which has
support for only one ARM CPU. It used to have x86 support, but it was broken
and I removed it. The legacy PMC interface will be removed from the kernel
too. Sent on tech-kern@ yesterday, thorpej was fine.
2018-07-12 06:52:48 +00:00
christos 0fd9ea3645 put back lsan 2018-06-28 10:14:01 +00:00
chs ba2539a980 merge a new version of the CDDL dtrace and ZFS code.
this changes the upstream vendor from OpenSolaris to FreeBSD,
and this version is based on FreeBSD svn r315983.

in addition to the 10 years of improvements from upstream,
this version also has these NetBSD-specific enhancements:
 - dtrace FBT probes can now be placed in kernel modules.
 - ZFS now supports mmap().
2018-05-28 21:04:59 +00:00
sevan 4e0254f1b8 Hello libbozohttpd(3)
Enabling as it is a dependency for bozohttpd(3lua).
2018-05-03 22:27:58 +00:00
christos 7351a5d259 Add the netpgp lua bindings so that the compat build can build them. 2018-05-01 19:50:34 +00:00
christos 0c048d5af5 switch everyone to openssl.old 2018-02-04 03:19:51 +00:00
christos 219944fb44 Add a library for the rump resolver interception code so that it will become
easier to hide resolver internals later.
2017-10-10 19:28:33 +00:00
mrg 2a2c35d74b don't build gmp/mpfr/mpc if we're not building GCC commands (MKGCCCMDS==no.) 2017-08-22 08:21:36 +00:00
riastradh ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
maya bee20f7c3c GC deprecated logic. GCC 4.8 is not in tree any more. 2017-02-22 02:58:31 +00:00
kamil 0892a29a1a libpthread_dbg(3) deletion from the base distribution
libpthread_dbg(3) is a remnant library from the M:N thread model
(pre-NetBSD-5.0) API to introspect threads within a process and for use
of debuggers.

Currently in the 1:1 model it's not used in GDB neither in LLDB and it's
not either planned to be used. It's current function to read pthread_t
structures is realizable within a regular debugger capable to
instrospect objects within a tracee (GDB, LLDB...).

Remaining users of this API can still use this library from
pkgsrc/devel/libpthread_dbg.

Sponsored by <The NetBSD Foundation>
2017-02-08 03:44:40 +00:00
macallan f61977ef47 build libc_fp only on mips64* 2016-10-14 17:29:29 +00:00
macallan 8baff5f4bf build and install libc_fp on mips
use with LD_PRELOAD=/lib/libc_fp.so for FPU use via softfloat
2016-10-11 17:02:28 +00:00
christos c90b9921a5 unbound additions 2016-08-20 11:21:50 +00:00
christos 739a312465 conditionalize 2016-06-05 01:23:58 +00:00
christos 4b11f6f5bb add ubsan 2016-06-05 01:20:58 +00:00