FreeBSD source tree http://cgit.freebsd.org/src/atom?h=main 2024-05-08T16:01:52Z 2024-05-08T16:01:52Z Mark Johnston markj@FreeBSD.org 2024-05-08T16:01:52Z urn:sha1:ffbaa453c1914846ede99d9b8499eb9b52b77e9a - zfs depends on the crypto module, not cryptodev, and most arm64 kernel configs include std.dev, which includes "device crypto" anyway. - This config works around a problem with kldxref lacking cross-target support, but that has since been fixed. - Loading cryptodev creates /dev/crypto, which gives unprivileged users access to the kernel's opencrypto framework. Very few applications need it, so we're needlessly increasing the kernel's surface area. Thus, stop auto-loading cryptodev. Reviewed by: kevans, allanjude, des Differential Revision: https://reviews.freebsd.org/D45127 2023-08-16T17:55:03Z Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03Z urn:sha1:d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 2020-09-17T20:35:45Z Kyle Evans kevans@FreeBSD.org 2020-09-17T20:35:45Z urn:sha1:9ed054096dc24e96ee692a4e52c9ecbfee2723fd As of r365829, any given base distribution set will now include the /etc/ssl symlinks that this rehash would've otherwise installed. This extra step is no longer required. MFC after: 1 week X-MFC-With: r365837 2020-08-25T21:07:27Z Ryan Moeller freqlabs@FreeBSD.org 2020-08-25T21:07:27Z urn:sha1:60403b98b907a7f80016de24e1770e323c3dcdbb zfs.ko now includes the SPL but relies on cryptodev instead. Reported by: D Scott Phillips Sponsored by: iXsystems, Inc. 2020-05-19T15:19:39Z Kyle Evans kevans@FreeBSD.org 2020-05-19T15:19:39Z urn:sha1:1840a4fa017c839d5d2b41442965f193493d0ad4 If certctl is installed on the system we're configuring, do a certctl rehash. Note that certctl may not be present if the world we've installed was built either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't currently see if the host has a certctl as this may be an indication that the system *shouldn't* have certs installed into /etc/ssl. Reviewed by: allanjude, dteske MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D24640 2019-10-02T16:09:28Z Glen Barber gjb@FreeBSD.org 2019-10-02T16:09:28Z urn:sha1:e7a71e6d1b925a755feaf1114523cde1873b2059 is explicitly added. Requested by: rgrimes MFC after: 3 days MFC with: r353004 Sponsored by: Rubicon Communications, LLC (Netgate) 2019-10-02T13:30:17Z Glen Barber gjb@FreeBSD.org 2019-10-02T13:30:17Z urn:sha1:8cdae52ef6d091bee9c9545af671011e5e483fb7 installer when installing the system on a ZFS root filesystem. For arm64, zfs_load="YES" does not add opensolaris.ko as a kld dependency, so add it explicitly to prevent boot-time failures out-of-box. PR: 240478 MFC after: 3 days Sponsored by: Rubicon Communications, LLC (Netgate) 2018-09-20T16:37:50Z Mark Johnston markj@FreeBSD.org 2018-09-20T16:37:50Z urn:sha1:33a5ef35871ac9c19afafc9dfe4cf5901236e618 Submitted by: Jörg Pernfuß <code.jpe@gmail.com> Reviewed by: allanjude, dab, emaste Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D12476 2017-09-11T17:39:21Z Ed Maste emaste@FreeBSD.org 2017-09-11T17:39:21Z urn:sha1:c12530ca4c1b0b7618a3c095129275799ed5eac5 This was originally added as "exit $SUCCESS" but with nothing to set the SUCCESS variable. Thus it became an exit with no argument, which just exits with the status of the preceding command. MFC after: 3 days Sponsored by: The FreeBSD Foundation 2017-07-05T13:37:27Z Bartek Rutkowski robak@FreeBSD.org 2017-07-05T13:37:27Z urn:sha1:82ec242f2e5538faaed8fba1ed74babee8d1aa83 This patch adds new bsdinstall option to hardening section that allows users to change this behaviour to secure one and updates stack guard option so it would set the value of relevant sysctl to 512 (2MB) Submitted by: Bartek Rutkowski Reviewed by: adrian, bapt, emaste Approved by: bapt, emaste MFC after: 1 day Sponsored by: Pixeware LTD Differential Revision: https://reviews.freebsd.org/D9700