| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to the build epoch check, cache a list of source options in the
object tree, and force a clean build if the cached list does not match
the current list, after filtering out options which are known not to
affect the build (e.g. CLEAN, TESTS, WARNS).
This also adds a DEPEND_CLEANUP option (which defaults to yes unless
the CLEAN option is set) which can be used to skip depend-cleanup for
faster incremental builds.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D52011
|
| |
|
|
| |
Fixes: faeaa25f5624
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are many environments that you do not want the paths to be
canonicalized. For example, if I always build a product from a specific
path in a jail that's dependent on the product version, I don't want
that to be sanitized to /usr/src because when I have profiling tools run
against multiple kernels, I can't do A/B testing and results processing
if everything points to /usr/src (sadly, the profiling tools cannot
remap back to the original like gdb can). Since we need both active at
the same time, symbloic link fallbacks don't work.
We do want the rest of the build to be reproducible, however. We'll get
the same binaries if we rebuild later since we always rebuild with the
same path.
Turn them both on for maximum reproduction for environments where that
cannot be guaranteed.
Sponsored by: Netflix
Input from: emaste, ivy
Differential Revision: https://reviews.freebsd.org/D52959
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit 2e47f35be5dc libllvm, libclang and liblldb were converted into
private shared libraries. This allowed clang, lld, lldb, and other llvm
tools to be linked against these shared libraries, which makes them
smaller and avoids duplication.
However, this also comes at the cost of some performance, since the
dynamic libraries are quite large, and contain lots of long symbols
(mangled C++ identifiers).
Add a WITH_LLVM_LINK_STATIC_LIBRARIES build knob that can be used to go
back to the previous behavior: libllvm, libclang and liblldb are built
as internal static libraries, i.e. only available during buildworld, and
fully linked into the various executables such as clang, lld, etc.
PR: 287447
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50956
|
| |
|
|
|
|
|
| |
Copy the text change from the shell makeman to makeman.lua.
Fixes: dd8c666d8b78 ("src.sys.mk: Support src.conf in SRCTOP")
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
Add a description for WITH_IPFILTER_IPFS.
Fixes: 0ff0c19e7f70 ("ipfilter: Disable ipfs(8) by default")
|
| |
|
|
|
|
|
|
| |
This is only used for armv6, which as been removed since FreeBSD 15.
Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow up upstream rename from blacklist to blocklist.
- Old names and rc scripts are still valid, but emitting an ugly warning
- Old firewall rules and anchor names should work, but emitting an ugly
warning
- Old MK_BLACKLIST* knobs are wired to the new ones
Although care has been taken not to break current configurations, this
is a large patch containing mostly duplicated code. If issues arise, it
will be swiftly reverted.
Reviewed by: ivy (pkgbase)
Approved by: emaste (mentor)
MFC after: 2 days
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was previously deprecated and is slated for removal in 15.0.
Users who still need ftpd(8) can install the ftp/freebsd-ftpd port.
Retain the ftp(d) PAM services since other FTP daemons use them.
Update /etc/inetd.conf to point to /usr/local.
Add ftpd to ObsoleteFiles, but do not list configuration files since
users may want to preserve these to use with the freebsd-ftpd port.
There is still some language in the manual referring to ftpd(8)
which is relevant to the port, which has been retained but updated
to reference the port.
MFC after: 3 days
Relnotes: yes
Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D52739
|
| |
|
|
|
|
|
|
|
| |
If SRCCONF is not defined and src.conf exists at the top level of the
source tree, use that instead of /etc/src.conf.
MFC after: 3 days
Reviewed by: kevans, imp
Differential Revision: https://reviews.freebsd.org/D52470
|
| |
|
|
|
|
|
|
| |
This option is turned on by default in -CURRENT but will be turned off
in 15-STABLE; this description will land in the src.conf(5) man page
in that branch.
MFC after: 1 minute
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of
Kerberos and is always built if MK_KERBEROS is enabled. Backport this
behaviour to Heimdal so it works the same way.
While here, change Heimdal's libcom_err and compile_et to be selected by
MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos
and third-party users might need it even if Kerberos support is disabled
in the base system. This means MK_KERBEROS_SUPPORT installs the same
files with both MIT and Heimdal.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51859
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we have the notion of a build epoch, we have sufficient tooling
to handle changes that might need a larger hammer to unbreak the build.
Future changes may extend our cleanup to avoid scenarios like with the
MITKRB5 knob where flipping it will still require a cleanup, but on the
whole most users aren't regularly flipping breaking knobs enough for
this to cause the same level of problems. Those users are advised to do
a CLEAN build when they flip it until we start recording build options
and doing another clean for important knob switches (see D52011).
When knobs of that sort are newly introduced or switch defaults, we can
explicitly record an epoch for them in the interim until
option-switching is detected and handled properly.
This reverts commit 6dab48b9de6c1bff61b0ce78029c1e3cba20895a.
Reviewed by: jrtc27, markj
Differential Revision: https://reviews.freebsd.org/D51923
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After processing all the build options, iterate over the complete list
minus CLEAN, MAN and TESTS, and prepare two variables:
* SRC_OPT_DEFS is a list of -D and -U directives, suitable for passing
to cpp or unifdef, where each option is either defined or undefined
depending on whether it is set or unset. This list also includes
-D__${MACHINE_ARCH}__.
* SRC_OPT_LIST is a list of build options suitable for passing to make
itself (or sticking in /etc/src.conf). This list also includes
TARGET=${MACHINE} and TARGET_ARCH=${MACHINE_ARCH}.
Note that this list is cumulative, so it includes both options defined
in bsd.opts.mk and options defined in src.opts.mk.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51827
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There have been too many issues with non-META_MODE incremental builds
recently, and it is clear that most users, even developers, were not
aware that the default had been switched.
This will be revisited once more work has been done to help prevent
future breakage.
This reverts commit ba373fca78a114768244d6a8c27983da870c1169.
Reviewed by: markj, jhb
Differential Revision: https://reviews.freebsd.org/D51828
|
| |
|
|
| |
Pull Request: https://github.com/freebsd/freebsd-src/pull/1801
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enabling and disabling LLVM assertions changes the ABI. There have
been multiple reports on the freebsd-current@ mailing list of broken
'cc'.
Out of caution, you may wish to do a clean build while crossing this
commit after building the reverted commit if you do not set
LLVM_ASSERTIONS in your src.conf.
Discussed with: kevans, jrtc27
This reverts commit 9b3055d0d4bcbe665d3c622c761adcc7d0a5b1c9.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This noticeably slows down the compiler execution and with the move to
pkgbase is one of the remaining differences that cannot be
administratively controlled; pkg kernels and malloc.conf(5) will allow
quickly testing a snapshot in a configuration closer to stable and
release branches.
dim@ notes that you need to set WITH_LLVM_ASSERTIONS in src.conf(5) if
you want to report an issue with LLVM.
Enabling WITH_LLVM_ASSERTIONS is also a consideration for CI and pkg
builders especially tracking main.
Approved by: dim, kevans
Differential Revision: https://reviews.freebsd.org/D50388
|
| |
|
|
|
| |
Fixes: 8e1e989c77d4 ("Add host.test.mk for DIRDEPS_BUILD")
Sponosred by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
| |
By setting CCACHE_NAME=sccache , sccache can be used as an alternative
for ccache.
Reviewed by: emaste, jhb
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49417
|
| |
|
|
|
|
|
| |
PR: 287502
Reviewed by: kbowling, ziaee
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50834
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first in a series of commits to replace Heimdal with
MIT KRB5. This first commit adds the WITH_MITKRB5/MK_MITKRB5 knob
to src.opts.mk and its corresponding documentation in
tools/build/options. The default is off.
This change of and by itself is of no consequence as MIT KRB5 has
yet to be imported in to HEAD. But it does insulate the build from
inremental change until the last patch is committed when WITH_MITKRB5
will build MIT KRB5 1.21.3 instead of Heimdal.
The affords us the opportunity to review smaller commits.
This is the first of many commits.
Reviewed by: imp, jhb, brooks, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50684
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary benefit of this rewrite is that it parallelizes a number of
the make(1) jobs that it needs to do. It does so with a very naive
forking model that could likely be improved, but is sufficient for our
purposes. This version also doesn't assume that CWD is sane, and
instead operates relative to the directory the script resides in.
Note that this initial version is only intended to match the output of
the legacy script. Some work is planned afterward to refactor the
script out into various components to improve maintainability after we
have switched over to it.
In my horribly performing dev environment, this version runs in 40s
rather than the original ~2 minutes. On a Mt. Snow machine, this
version runs in ~15s rather than the original ~1m40s.
This change does not yet switch the top-level `makeman` target over to
the new version.
Reviewed by: bapt (earlier version), emaste
Differential Revision: https://reviews.freebsd.org/D39084
|
| |
|
|
|
|
|
|
| |
Support for WITH_/WITHOUT_LLVM_TARGET_SPARC was removed in commit
47e9f42ea39b ("Remove sparc64 specific buid-system hacks") so the
descriptions serve no purpose.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
| |
People are turning on the option and then tripping over weird
consequences. See bugs 248338 and 271170 as examples.
Approved by: cy, imp, philip
Differential Revision: https://reviews.freebsd.org/D25902
Co-authored-by: Joseph Mingrone <jrm@FreeBSD.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
llvm-strings may consume a large amount of memory while reading the
input file before producing any output.
ELF Tool Chain's strings is small and lightweight, and we always install
strings regardless of WITH_/WITHOUT_TOOLCHAIN settings (as it is useful
in many contexts). Return to always installing ELF Tool Chain's version
of strings.
This reverts commit 81fa5c4a828bec9f1ead280c59c31bd423e6eeea.
This reverts commit 7ca3db1999cd967f9d6d7b259aa7af54aae14a5f.
PR: 286605
Reported by: olivier
Reviewed by: olivier, brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50084
|
| |
|
|
|
|
| |
Reported by: olivier
Fixes: 81fa5c4a828b ("llvm-strings: Install as strings when WITH_LLVM_BINUTILS=YES")
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
| |
SSP is currently documented in migitations.7.
Fixes: 297bb39b6f0f ("mitigations.7: move SSP documentation from security.7 to here")
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48620
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The WITH_ZEROREGS option for src.conf will zero caller-used register
contents just before returning from a function, ensuring that
temporary values are not leaked beyond the function boundary. This
means that register contents are less likely to be available for side
channel attacks and information exposures.
It reduces all except 1 of the simple "write-what-where" ROP gadgets in
/lib:
grep "Gadget found" /tmp/before_lib* | wc -l
197
grep "Gadget found" /tmp/after_lib* | wc -l
1
grep "Gadget found" /tmp/after_lib*
/tmp/after_libbsdxml.so.4.txt: [+] Gadget found: 0x1b3f1 mov qword ptr [rdi], rcx ; pop rbp ; ret
To reproduce:
for lib in *.so.*; do
echo $lib:
ROPgadget --ropchain --binary /tmp/be_mount.Sx87/lib/$lib | sed -n '/Step 1/,/Step 2/p' >! /tmp/before_$lib.txt
ROPgadget --ropchain --binary $lib | sed -n '/Step 1/,/Step 2/p' >! /tmp/after_$lib.txt
done
Additionally, in some cases this reduces the number of all ROP gadgets
(quick check with /libs only):
libalias.so.7: reduction 10.000%
libavl.so.2: reduction 13.900%
libbsdxml.so.4: reduction 37.500%
libc.so.7: reduction 10.000%
libc++.so.1: reduction 14.800%
libcam.so.7: reduction 50.700%
libcap_netdb.so.1: reduction 5.800%
libcasper.so.1: reduction 14.600%
libcrypto.so.30: reduction 7.500%
libdtrace.so.2: reduction 3.900%
libelf.so.2: reduction 15.800%
libgcc_s.so.1: reduction 32.700%
libibverbs.so.1: reduction 5.300%
libicp.so.3: reduction 2.100%
libipt.so.0: reduction 28.200%
libirdma.so.1: reduction 1.600%
libkiconv.so.4: reduction 0%
libm.so.5: reduction 21.900%
libmd.so.6: reduction 0%
libmd.so.7: reduction 3.100%
libncursesw.so.9: reduction 11.200%
libnvpair.so.2: reduction 40.200%
libpcap.so.8: reduction 11.400%
libpjdlog.so.0: reduction 27.400%
libsbuf.so.6: reduction 2.900%
libspl.so.2: reduction 42.300%
libsys.so.7: reduction 2.700%
libthr.so.3: reduction 21.000%
libuutil.so.2: reduction 13.100%
libz.so.6: reduction 5.600%
libzpool.so.2: reduction 15.100%
In some cases it adds some ROP gadgets despite removing the simple ROP
gadgets:
lib80211.so.1: reduction -32.700%
libbe.so.1: reduction -22.300%
libbegemot.so.4: reduction -20.500%
libcap_dns.so.2: reduction -58.000%
libcap_fileargs.so.1: reduction -28.200%
libcap_grp.so.1: reduction -54.000%
libcap_net.so.1: reduction -28.800%
libcap_pwd.so.1: reduction -38.800%
libcap_sysctl.so.2: reduction -71.100%
libcap_syslog.so.1: reduction -15.000%
libcrypt.so.5: reduction -14.600%
libctf.so.2: reduction -.300%
libcxxrt.so.1: reduction -14.000%
libdevstat.so.7: reduction -1.600%
libedit.so.8: reduction -4.200%
libgeom.so.5: reduction -16.500%
libicp_rescue.so.3: reduction -2.300%
libipsec.so.4: reduction -31.800%
libjail.so.1: reduction -21.700%
libkvm.so.7: reduction -5.300%
libmlx5.so.1: reduction -6.300%
libmt.so.5: reduction -23.000%
libnv.so.1: reduction -.400%
librss.so.1: reduction -3.800%
librt.so.1: reduction -24.000%
libssp.so.0: reduction -21.100%
libstats.so.0: reduction -9.000%
libtinfow.so.9: reduction -3.500%
libtpool.so.2: reduction -36.500%
libufs.so.8: reduction -11.900%
libulog.so.0: reduction -67.400%
libumem.so.2: reduction -2.000%
libutil.so.9: reduction -7.200%
libxo.so.0: reduction -9.000%
libzdb.so.2: reduction -11.700%
libzfs_core.so.2: reduction -17.700%
libzfs.so.4: reduction -.300%
libzfsbootenv.so.1: reduction -26.900%
libzutil.so.2: reduction -5.600%
To reproduce:
for lib in *.so.*; do
echo -n $lib:
before="$(ROPgadget --nosys --nojop --binary /tmp/be_mount.Sx87/lib/$lib | tail -n1 | cut -d : -f 2)"
after="$(ROPgadget --nosys --nojop --binary $lib | tail -n1 | cut -d : -f 2)"
echo " reduction" $(bc -S 3 -e "(1-${after}/${before})*100")%
done >/tmp/reduction.txt
Most of the time the size difference is very small (<1% for >50% of the
files and >10% for only 2 files):
lib80211.so.1: size change .100%
libalias.so.7: size change 0%
libavl.so.2: size change 0%
libbe.so.1: size change .100%
libbegemot.so.4: size change .100%
libbsdxml.so.4: size change 0%
libc.so.7: size change 1.200%
libc++.so.1: size change 1.600%
libcam.so.7: size change 1.900%
libcap_dns.so.2: size change .100%
libcap_fileargs.so.1: size change .100%
libcap_grp.so.1: size change .100%
libcap_net.so.1: size change .100%
libcap_netdb.so.1: size change .100%
libcap_pwd.so.1: size change .100%
libcap_sysctl.so.2: size change .100%
libcap_syslog.so.1: size change .100%
libcasper.so.1: size change 0%
libcrypt.so.5: size change 3.900%
libcrypto.so.30: size change 1.400%
libctf.so.2: size change .100%
libcxxrt.so.1: size change .100%
libdevstat.so.7: size change 15.400% exceptional
libdtrace.so.2: size change .600%
libedit.so.8: size change 1.800%
libelf.so.2: size change .100%
libgcc_s.so.1: size change 3.000%
libgeom.so.5: size change 0%
libibverbs.so.1: size change .100%
libicp_rescue.so.3: size change .100%
libicp.so.3: size change 1.500%
libipsec.so.4: size change .100%
libipt.so.0: size change 3.100%
libirdma.so.1: size change .100%
libjail.so.1: size change .100%
libkiconv.so.4: size change .100%
libkvm.so.7: size change .100%
libm.so.5: size change 1.700%
libmd.so.6: size change 0%
libmd.so.7: size change .100%
libmlx5.so.1: size change 0%
libmt.so.5: size change .100%
libncursesw.so.9: size change 1.900%
libnv.so.1: size change 4.300%
libnvpair.so.2: size change 4.300%
libpcap.so.8: size change 1.200%
libpjdlog.so.0: size change .100%
librss.so.1: size change .200%
librt.so.1: size change .100%
libsbuf.so.6: size change .100%
libspl.so.2: size change 0%
libssp.so.0: size change .100%
libstats.so.0: size change .100%
libsys.so.7: size change .100%
libthr.so.3: size change 2.400%
libtinfow.so.9: size change 1.600%
libtpool.so.2: size change .100%
libufs.so.8: size change .100%
libulog.so.0: size change .100%
libumem.so.2: size change 54.300% exceptional
libutil.so.9: size change .100%
libuutil.so.2: size change .100%
libxo.so.0: size change .100%
libz.so.6: size change .100%
libzdb.so.2: size change .300%
libzfs_core.so.2: size change .100%
libzfs.so.4: size change 2.000%
libzfsbootenv.so.1: size change .100%
libzpool.so.2: size change 1.200%
libzutil.so.2: size change 0%
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 2020, an improved implementation of the bc and dc commands
developed by Gavin D. Howard has been imported into FreeBSD.
It has replaced the OpenBSD-derived versions of these commands
in all currently supported FreeBSD releases.
The OpenBSD versions could still be built using the WITHOUT_GH_BC
option. There have been no reports of problems or unexpected
deviations from the OpenBSD version for some time, therefore
keeping the OpenBSD version is no longer required in FreeBSD.
This commit removes the option to build the OpenBSD version and
corresponding source files from -CURRENT. No MFC is planned, all
currently released FreeBSD versions should retain the build option.
The WITHOUT_GH_BC option is no longer accepted and will cause
make buildworld to fail.
Reviewed by: des, emaste
Approved by: des
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D46876
|
| |
|
|
|
|
|
| |
WITH_LOADER_BIOS_TEXTONLY is now the default so document
WITHOUT_LOADER_BIOS_TEXTONLY.
Fixes: 23dee252daf2 loader: Change this BIOS tradeoff...
|
| |
|
|
|
|
|
| |
MFC after: 3 weeks
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D46799
|
| |
|
|
|
|
|
|
|
|
|
| |
and allow to revert it back to 48 with WITHOUT_JEMALLOC_LG_VADDR_WIDE build
option.
Reviewed by: andrew, emaste
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46686
|
| |
|
|
|
|
|
|
| |
In preparation for supporting 64-bit machines with 32-bit UEFI firmware,
add a build option for compiling the ia32 loader. Currently unused.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The in-tree ZFS test suite is somewhat outdated and I see a number of
failures there. I tend to think that we want to integrate the OpenZFS
test suite somehow, replacing the legacy one, though it's also possible
to run that as a separate test suite.
In any case, if one wants to run the OpenZFS test suite separately, it's
useful to be able to disable installation of the legacy ZFS test suite,
so let's provide a src.conf option to do that.
Reviewed by: asomers
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46476
|
| |
|
|
| |
Sponsored by: AFRL, DARPA
|
| |
|
|
|
| |
Suggested by: jrtc27
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make it possible to disable pxeboot. This loader will fail to build when
it's too large. When /boot/loader needs to be larger like that, this
options will disable a component whose build will fail. It is an explicit
option rather than implicit when things are too large to force the user to
make the explicit tradeoffs rather than wonder why they have a stale pxeboot
or other odd failure mode.
MFC After: 3 days
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D46212
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
/boot/loader is right up aginst the 500k limit we have to make sure
everything works in a wide variety of environments. However, adding
WITH_BEARSSL can push it over the edge since we are so close to the
limit with it enabled. One may also need to increase LOADERSIZE when
enabling it. It's often safe to go much higher, especially when you
don't plan on using pxeldr. Document this trade off here.
MFC After: 3 days
Sponsored by: Netflix
Reviewed by: sjg, markj
Differential Revision: https://reviews.freebsd.org/D46211
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed on the freebsd-arch mailing list[1]. For historical
reasons FreeBSD's buildworld and buildkernel targets started by cleaning
the object tree, for traditional (non-metamode) builds.
Cleaning is not necessary when dependencies are properly tracked, and we
have a somewhat kludgey script[2] to handle some known cases where deps
were mishandled by traditional builds. Be consistent with the vast
majority of open source build systems by default, and do not clean at
the beginning of buildworld or buildkernel.
Users may set WITH_CLEAN in src.conf(5) to restore the previous
behaviour, or run `make cleanworld` and/or `make cleankernel` before
starting a build.
[1] https://lists.freebsd.org/archives/freebsd-arch/2024-July/000727.html
[2] tools/build/depend-cleanup.sh
Reviewed by: jhb, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46172
|
| |
|
|
|
|
|
|
|
| |
Before FreeBSD 15 I plan to switch to LLVM_BINUTILS by default. Add the
src.conf description now, for the benefit of downstream branches and
testing/CI.
PR: 258872 [exp-run]
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the WITH/WITHOUT_BRANCH_PROTECTION build flags. This can be used
to enable the use of pointer authentication (FEAT_PAuth) and branch
target identification (FEAT_BTI) in userspace.
The kernel already handles both of these is userspace, we just need
to enable it.
Leave disabled for a short period for this to settle before enabling.
Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42596
|
| |
|
|
|
|
|
|
|
|
|
| |
Link with --no-undefined-version by default. Will detect and prevent
the accidental removal of symbols from versioned libraries.
(cherry picked from commit 4510f2ca9170927309a423274e03f1eb8e27da27)
This reverts commit b25ceb97eddcd58cfb2b433fe301ab28c678c249.
Reviewed by: arichardson, kib, dim, emaste
Differential Revision: https://reviews.freebsd.org/D44216
|
| |
|
|
|
|
|
|
|
|
| |
In a local tree I accidentally had OPT_INIT_ALL defaulting to zero in
userland and none in kernel. This resulted in the INIT_ALL text
appearing twice in src.conf.5.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45184
|
| |
|
|
|
| |
Reviewed by: des, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1077
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
|
| |
|
|
|
|
|
| |
This is causing failures on gcc13 CI builds so those need to be fixed
or worked around.
This reverts commit 4510f2ca9170927309a423274e03f1eb8e27da27.
|
| |
|
|
|
|
|
|
| |
Link with --no-undefined-version by default. Will detect and prevent
the accidental removal of symbols from versioned libraries.
Reviewed by: arichardson, kib, dim, emaste
Differential Revision: https://reviews.freebsd.org/D44216
|
| |
|
|
|
|
|
|
| |
The drivers and utilities are now built and installed unconditionally.
Reviewed by: imp, emaste
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D44843
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Capsicum is non-optional as of c24c117b9644 ("Remove
WITHOUT_{CAPSICUM,CASPER} options").
`#ifndef WITHOUT_CAPSICUM` is left in the source for the benefit of
downstream consumers, but is never defined in FreeBSD.
Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42077
|
