We need to pass this to cloudware builds, not just VM builds.
MFC after: 4 days
Fixes: 81ca663642ef ("release: Pass PKG_INSTALL_EPOCH to vmimage.subr")
Sponsored by: Amazon
(cherry picked from commit d14036ea424d5aa3eee20cc6f0b5d7117cc3931b)
This value, if not already set, comes from the timestamp of the most
recent git commit (which is now also available in src/release code as
GITEPOCH) or 0 if git is not installed.
This should allow /var/db/pkg/local.sqlite to be reproducible in VM
images which have packages installed (e.g. cloudware).
Reviewed by: emaste, bapt
MFC after: 5 days
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49760
(cherry picked from commit 81ca663642ef1ed5111a88d2e9102f6788fab407)
Starting in 2015 I have published "AMI Builder AMIs" for FreeBSD/EC2:
These boot into a memory disk, extract a "clean" copy of FreeBSD onto
the root disk, mount it at /mnt, and allow the user to SSH in to make
customizations before creating a new AMI from the "running" instance
(in fact, from the FreeBSD installation which is not running but is
mounted on /mnt).
This provides a much cleaner mechanism for building customized FreeBSD
AMIs than the traditional Linux approach of "launch an EC2 instance,
SSH in and configure it, then try to wipe logs and credentials before
creating an AMI"; and it's easier than building a customized AMI ab
initio by modifying the FreeBSD release-building code.
This commit brings that functionality into the FreeBSD src tree and
into the collection of images built by the release engineering team:
The EC2 "BUILDER" flavour AMI is essentially a "SMALL" flavour AMI with
a compressed "BASE" flavour disk image, plus an init script which
juggles disks around (rerooting into a memory disk and extracting the
"BASE" image onto disk).
Polished by: bz, emaste
MFC after: 1 week
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49930
(cherry picked from commit 58426589030308cd632477d328b9536b1634c54d)
To make it possible to use the .SUFFIXES list and suffix-transformation
rules from bsd.lib.mk in other places, move them to a separate file,
bsd.suffixes-extra.mk.
Note that we cannot add the list and rules to bsd.suffixes.mk, since
that file also gets included by sys.mk, which applies to non-source
builds. That would require a whole ports exp-run.
No functional change intended.
Reviewed by: brooks, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D49965
(cherry picked from commit 9c4f1497dae7832e2727682e9161ca9572e56dfe)
This is not harmful when making a static library apparently, but will
result in duplicate symbol errors when making a dynamic library.
MFC after: 3 days
(cherry picked from commit 160a2ba804973e4b258c24247fa7c0cdc230dfb4)
The linuxkpi_gplv2.ko module on older-ish -CURRENT had absolutely no
.text contents, but it was still loaded. Instead of hitting the later
assertion because 0 is not less than 0, we can just skip images like
this as we should not have any samples from them.
Reviewed by: gallatin
(cherry picked from commit 77721403c91d67dbfd5a2c5c667e7f5d87acb3f6)
We use a be_mount.XXXX pattern to mkdtemp(3) when creating these, which
seems reasonably unique enough to just continue using that. Record the
mountpoint of the root dataset and check the dirname of that for the
auto-creation trait. There's no sense in this bubbling up an error to
callers, so we'll just ignore an error for now.
Requested by: manu
(cherry picked from commit d6fbae084a2a0e07805633ca46935963357f1efa)
This effectively reverts
6e824f3713011 ("time: siginfo_recvd needs to be marked volatile")
because it was actually wrong. Switch to C11 signal fence, which
provides a compiler barrier that will do the right thing.
Reported by: kib
Reviewed by: kib (slightly earlier version)
(cherry picked from commit df1b0f580d3dc4dd165d84fbcc14d0eebd8ee2c4)
AF_INET assumes that IPv4 is built into the kernel, but it's completely
valid to build a kernel without it. unix(4) sockets, on the other hand,
are not-optional in the kernel build. Given that interface ioctls can
be invoked on any kind of socket, switch to the safer one to avoid
breaking on IPv6-only kernels.
Reported and tested by: ivy
(cherry picked from commit 0d238bc50d453d7ac29476fa71edd1fc9a5fbbf9)
wchar_t is unsigned on ARM platforms, and signed pretty much everywhere
else. On signed platforms, `nm` ends up with bogus upper bits set if we
did in-fact have a valid CS2 or CS3 (MSB set). Mask just the low byte
to avoid sign bit garbage.
Bare basic test of converting a CS2 widechar in eucCN, which would
previously kick back an EILSEQ.
Reviewed by: bapt, rew
Sponsored by: Klara, Inc.
(cherry picked from commit c4c562eadf3b790fa221e220d6a442f0cb84ca35)
Err on the side of caution and revert to the BSD-style getopt(3)
behavior for argument processing, as it's harder to go back and it's
not clear that this was strictly intentional.
This is the difference between allowing `base64 /COPYRIGHT -w 80` and
forcing `base64 -w 80 /COPYRIGHT`.
Reviewed by: emaste, pstef
(cherry picked from commit d8fd551438706b3766da23e72ef077945ba43cd3)
Pull the open flags out of the loop into a local var. They won't be
changing, so this is marginally more readable.
Adds some extra brackets around the loop in preparation for a future
change that may try to fallback to opening the path as a socket if we
get an EOPNOTSUPP.
No functional change.
Reviewed by: asomers, des, emaste, ngie
(cherry picked from commit 414c2b8d1e5abe7186c1aa4dc3ab28147ce46f47)
The cases are ordered in such a way that we naturally progress through
the functionality, with the earliest failures perhaps shedding light on
any later failures.
sysutils/porch is used for one test if it's available, just to cleanly
check that SIGINT is being ignored properly.
Reviewed by: des, emaste
(cherry picked from commit 85ff0b08ee699ff323404727998993275b4d2e2a)
Move the necessary extra logics (i.e., noise_remote_enable() and
TAILQ_INSERT_TAIL()) from wg_ioctl_set() to wg_peer_alloc(), and thus
make it easier to be called. Actually, the updated version is more
asymmetric to wg_peer_destroy() and thus less likely to be misused.
Meanwhile, rename it to wg_peer_create() to look more consistent with
wg_peer_destroy().
Reviewed by: aly_aaronly.me (diff), markj
Obtained from: DragonflyBSD 902964ab24ba (with some changes)
(cherry picked from commit 7121e9414f294d116caeadd07ebd969136d3a631)
The tranditional build makes multiple passes through the tree.
The DIRDEPS_BUILD visits each directory only once per architecture,
thus makefiles should be able to everything they need in a single pass.
The use of TZS!= when doing make(*install*)
only works if the directory has previously been visited to do zoneinfo
since before the zoneinfo target is run TZS will be empty.
To fix this, have the zoneinfo target capture the list of files to
zoneinfo, and install-zoneinfo use that list.
Rename that target to zonefiles - since that is now what it does.
This is more efficient - we only gather the list of zones when it is
likely to have changed, and allows the makefile to do everything in a
single pass.
Reviewed by: stevek
Differential Revision: https://reviews.freebsd.org/D42624
(cherry picked from commit 0a45a7e99fc3061e91732ad88671721e95082d5e)
In make target rules, one needs to use subshell if there are
change directory commands that should only have an effect on the
other commands in the same line. Otherwise, if make is not running in
compatibility mode (for example, when -j flag is specified), commands
would be executed in a single shell and lines following the "cd" might
not work as expected.
Adjust the target script lines that use "cd" to run in a subshell
by adding appropriate parenthesis.
Reviewed by: sjg
Differential Revision: https://reviews.freebsd.org/D42608
(cherry picked from commit fa08011a521c1f15ca44d6a4f30a318d0a37a3a7)
In general we are working towards making public headers self-contained.
cdefs.h is included for __packed; just assume that types.h includes
cdefs.h as that's a very common assumption.
PR: 285924
Reviewed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49735
(cherry picked from commit 31d3a94bdda4a9ca4c4d7d4e8e8a0ba1b05c7f18)
There is a somewhat strange case where when writing to a POSIX shm
object, the object is not allowed to grow, and the I/O offset+length
overflows. In that case we simply truncate the I/O to the object size.
Later we write-lock the range [offset, objsize). However, we were not
checking whether offset > objsize, in which case we're writing zero
bytes but locking an invalid range.
Modify the range locking in shm_write() to take this possibility into
account. While here, rename a variable to make its purpose a bit more
clear, and add an assertion against negative offsets (which is supposed
to be enforced by the caller of fo_write for I/O to files that aren't
character devices).
Reported by: syzkaller
Reviewed by: kevans, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49673
(cherry picked from commit 82d8c609cfb7c6d8a9da8e30efa54240f293359e)
The check for range overlap did not correctly handle negative offests,
as the addition inoff + len is promoted to an unsigned type.
Reported by: syzkaller
Reviewed by: rmacklem
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49674
(cherry picked from commit 1101d628223d2188c244a4df9b0cb4eaff57e968)
This is more useful and matches the documentation. While here, make it
settable as a tunable and add a sysctl description.
PR: 139425
MFC after: 2 weeks
(cherry picked from commit c5773d366ecc5271b9bd6e5506c00fb3520f19ae)
When WITH_CLANG_BOOTSTRAP and WITHOUT_CLANG are both set, the
cross-tools stage does not build a cross clang binary. This is because
the Makefile in usr.bin/clang checks for WITHOUT_CLANG, and skips
building the binary.
To fix this, ensure that WITH_CLANG is set for the cross-tools phase
whenever WITH_CLANG_BOOTSTRAP is set. While here, skip using the
Makefile in usr.bin/clang, and directly use the Makefile in
usr.bin/clang/clang instead.
PR: 286154
Reported by: avg
Reviewed by: avg, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49886
(cherry picked from commit ea231471d024e93279dc2196d6d5d87e199ad55b)
Until July 2024, dhclient kept track of time as seconds-since-epoch as
a time_t. This was a problem because (a) we wanted sub-second timeouts
and (b) timeouts didn't always do the right thing if the system clock
changed.
Switching to using CLOCK_MONOTONIC and struct timespec fixed those
issues but introduced a new problem: CLOCK_MONOTONIC values were being
intepreted as seconds-since-epoch and written to the dhclient.leases
file, causing confusion with DHCP leases expiring in early 1970.
Attempt to compromise between these by keeping track of both times;
any type within dhclient which is a time_t now refers to seconds past
the epoch, while any struct timespec value is a CLOCK_MONOTONIC time.
PR: 283256
Reviewed by: dch
Fixes: f0a38976b01e ("dhclient: Use clock_gettime() instead of time()")
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49720
(cherry picked from commit 43d19e6a4c42ade0f276ceca18a09e2e3829fce4)
Rewrite the HARDWARE section conforming to mdoc(7) and style.mdoc(7)
providing better rendering and increased clarity in the HW Relnotes.
MFC after: 3 days
Reviewed by: carlavilla, imp, ziaee
Approved by: carlavilla (mentor)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1665
(cherry picked from commit 85a3ec9de84bc7787c11fa25bca54b8bc4d814fa)
Future firmwares will report these types to the driver. These
transceivers work already but are misidentified as a different type.
Sponsored by: Chelsio Communications
(cherry picked from commit c22b297062e1440676973a8aa89cbad1571e22f9)
This is a cosmetic change affecting the "plugged: ..." line in the
output of ifconfig -v. Both the 100G active cables were missing a
closing parenthesis.
Sponsored by: Chelsio Communications
(cherry picked from commit 6460c327f6f3fdf2d1cd4db648baf6cb7d74828e)
The driver uses bus_reset_child on its parent to reset itself but that
performs an FLR whereas the hardware needs a Conventional Reset[1] for
full re-initialization. Add routines that perform conventional hot
reset and use them instead. The available reset mechanisms are:
* PCIe secondary bus reset (default)
* PCIe link bounce
hw.cxgbe.reset_method can be used to override the default. The internal
PL_RST is also available but is for testing only.
[1] 6.6.1 in PCI Express® Base Specification 5.0 version 1.0
Sponsored by: Chelsio Communications
(cherry picked from commit 011e3d0b8b90a4330f14b2cb7da45ed7b805ed10)
Add a new hw_all_ok() routine and use it to avoid hardware access in the
public control interfaces (ifnet ioctls, ifmedia calls, etc.). Continue
to use hw_off_limits() in the private ioctls/sysctls and other debug
code. Retire adapter_stopped() as it's of no use by itself.
This fixes problems where ifnet slow-path operations would enter a
synch_op just before set_adapter_hwstatus(false) and touch the hardware
when it's not safe to do so.
Sponsored by: Chelsio Communications
(cherry picked from commit e19d84979a183deb37ce6d7e385c3ccf02a3c8c7)
It was always set to PCATCH because the driver tested (INTR_OK) instead
of (flags & INTR_OK). Fit a WITNESS_WARN in a single line while here.
Sponsored by: Chelsio Communications
(cherry picked from commit 04bf43505bae1bb20d315a44e977d97aed3e5733)
There is no need to include private PCI headers in the driver.
Sponsored by: Chelsio Communications
(cherry picked from commit 762d32354a18517c28933ddc29f9d3d855e450b1)
An L2 table entry isn't associated with a particular SMT (Source MAC
Table) entry.
Sponsored by: Chelsio Communications
(cherry picked from commit f79fba05a016d53e054d6f587213889c3e31b4db)
The driver does minimal initialization in this mode and suspend/resume
should ignore resources that aren't setup. This is for debug only.
kenv hw.cxgbe.sos="1"
kldload if_cxgbe
devctl suspend t6nex0
devctl resume t6nex0
Sponsored by: Chelsio Communications
(cherry picked from commit f4ab14044c1de35b1aefad5449bddc5a1272f8d9)
Some laptops sold in Brazil have the key "/, ?" in same position
where it should be the right control key.
Reported by: Andrei Drusian <drusian@gmail.com>
Tested by: Andrei Drusian <drusian@gmail.com>
MFC After: 1 week
(cherry picked from commit 9357c694e8dca627c25b15529e8435b2ab3dd48b)
This is one of the most commonly requested configurations I'm asked to
share or put in man(1). Currently I think this is the most appropriate
and cannonical place for it.
MFC after: 3 days
Reviewed by: carlavilla, imp
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D49833
(cherry picked from commit ec95b6a3c77b72aca1823f1b118a7983c130e4df)
This causes make delete-old to delete the manual for mount_fusefs(8) on
(zfs) systems that do not (need) MANCOMPRESS.
MFC after: 3 days
Reviewed by: carlavilla, imp
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D49667
(cherry picked from commit 7d2b5f3d2a5127a584d2af912ea0e9fd00f417f0)
Convert the supported hardware into a descending column list to improve
aesthetic, density, and utility on console and in the hardware release
notes. Move the section into alignment for predictability, and tag spdx.
MFC after: 3 days
Reviewed by: carlavilla, imp, mav
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D49721
(cherry picked from commit d9bdf419b19f658a79a69168ad740cd95cdf3e5f)
Use one line without child macros for document description, for optimal
compatability with manual tooling.
MFC after: 3 days
Reviewed by: carlavilla, imp
Approved by: carlavilla (mentor)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1629
(cherry picked from commit bfe9be2253ef85674b37ae7cf3d2689f96678151)
top was added in 511d9c6565 for FreeBSD 2.2.2.
MFC after: 3 days
Reviewed by: carlavilla, imp, joerg
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D49591
(cherry picked from commit a9f5dcf82941e7e211490432b93bd124e7c0a57d)
Just as for nat anchors we can't print counters for rule anchors. Remove the
incorrect print call.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 0fc3c29fb3dd6ab6436a78c502544ebf2cf63ee2)
When printing a nat anchor we don't have rule information, or rule
counters. Do not attempt to print them. The information is nonsensical
anyway, and this can cause a crash converting the timestamp to a string,
as years in the very distant future use more digits, and we exceed the
30 byte buffer allocated for this.
MFC after: 2 weeks
Sponsored by: Orange Business Services
(cherry picked from commit 168d873ae41fd8bd40555322a79c9f215cb4cb9c)
After the pf_state_insert() call we may not use these pointers again.
Explicitly NULL them to ensure we don't.
Also NULL them out if we free the keys directly.
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49553
(cherry picked from commit 592418343348bcf4355c249f53cff89ed90ea1f5)
pf_state_insert() may free the state keys, it's not safe to access these
pointers after the call.
Introduce osrc/odst (similar to osport/odport) to store the original source and
destination addresses. This allows us to undo NAT transformations without having
to access the state keys.
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49551
(cherry picked from commit bdea9cbcf2decafeb4da5a0280313efccc09e1b3)
If we fail to attach the stack key that means we've already attached the wire
key. That means the state could be found by other cores, and given that we then
free it, be used after free.
Fix this by not releasing the ID hashrow lock and key locks until after we've
removed the inserted key again, ensuring the state cannot be found by other
cores.
Reported by: markj
Submitted by: glebius
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49550
(cherry picked from commit 8efd2acf07bc0e1c3ea1f7390e0f1cfb7cf6f86c)
