Make an editing pass through the 2017Q2 report
This commit is contained in:
parent
bd20b25a49
commit
a13ec77257
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=50860
1 changed files with 148 additions and 154 deletions
|
@ -83,6 +83,12 @@
|
|||
<description>Miscellaneous</description>
|
||||
</category>
|
||||
|
||||
<category>
|
||||
<name>third</name>
|
||||
|
||||
<description>Third-Party Projects</description>
|
||||
</category>
|
||||
|
||||
<project cat='proj'>
|
||||
<title>64-bit Inode Numbers</title>
|
||||
|
||||
|
@ -118,7 +124,7 @@
|
|||
|
||||
<body>
|
||||
<p>The 64-bit inode project was completed and merged into
|
||||
&os; 12 on May 23, 2017. It extends the <tt>ino_t</tt>,
|
||||
&os; 12 on May 23, 2017. It extends the <tt>ino_t</tt>,
|
||||
<tt>dev_t</tt>, and <tt>nlink_t</tt> types to be 64-bit
|
||||
integers. It modifies the <tt>struct dirent</tt> layout to
|
||||
add a <tt>d_off</tt> field, increases the size of
|
||||
|
@ -137,10 +143,10 @@
|
|||
<tt>struct stat</tt> as parameters are broken in backward- and
|
||||
forward-incompatible ways.</p>
|
||||
|
||||
<p>The ABI for <tt>kinfo</tt> sysctl MIBs is changed in a
|
||||
<p>The ABI for <tt>kinfo</tt>-consuming sysctl MIBs is changed in a
|
||||
backward-compatible way, but there is no general mechanism to
|
||||
handle other sysctl MIBS which return structures where the
|
||||
layout has changed. It was considered that the breakage is
|
||||
layout has changed. In our consideration, this breakage is
|
||||
either in management interfaces, where we usually allow ABI
|
||||
slippage, or is not important.</p>
|
||||
|
||||
|
@ -207,8 +213,8 @@
|
|||
subjects: how to create a &os; port (presented by jadawin@),
|
||||
how OVH is using Finite State Machines for managing their
|
||||
storage system, network high-availability with &os;, and a
|
||||
jail tutorial by means of a demonstration running 200 OSFP
|
||||
(using <tt>net/bird</tt>) routers using jail and vnets on a
|
||||
jail tutorial by means of a demonstration running 200 OSPF
|
||||
(using <tt>net/bird</tt>) routers using jails and vnets on a
|
||||
small PC Engines APU2 system with only 4 CPU cores (1Ghz AMD)
|
||||
and 4GB RAM).</p>
|
||||
</body>
|
||||
|
@ -236,7 +242,7 @@
|
|||
<body>
|
||||
<p>FRRouting (FRR), a Quagga fork, is an IP routing protocol
|
||||
suite for Linux and Unix platforms which includes protocol
|
||||
daemons for BGP, IS-IS, OSPF and RIP (LPD and PIM need to be
|
||||
daemons for BGP, IS-IS, OSPF and RIP (LPD and PIM support needs to be
|
||||
fixed on &os;). FRR is a Linux Foundation Collaborative
|
||||
Project with contributors including 6WIND, Architecture
|
||||
Technology Corporation, Big Switch Networks, Cumulus Networks,
|
||||
|
@ -258,6 +264,7 @@
|
|||
</name>
|
||||
<email>dhw@FreeBSD.org</email>
|
||||
</person>
|
||||
|
||||
<person>
|
||||
<name>
|
||||
<given>Larry</given>
|
||||
|
@ -265,6 +272,7 @@
|
|||
</name>
|
||||
<email>ler@FreeBSD.org</email>
|
||||
</person>
|
||||
|
||||
<person>
|
||||
<name>
|
||||
<given>Ryan</given>
|
||||
|
@ -272,6 +280,7 @@
|
|||
</name>
|
||||
<email>zi@FreeBSD.org</email>
|
||||
</person>
|
||||
|
||||
<person>
|
||||
<name>
|
||||
<given>Eygene</given>
|
||||
|
@ -279,6 +288,7 @@
|
|||
</name>
|
||||
<email>rea@FreeBSD.org</email>
|
||||
</person>
|
||||
|
||||
<person>
|
||||
<name>
|
||||
<given>Remko</given>
|
||||
|
@ -286,6 +296,7 @@
|
|||
</name>
|
||||
<email>remko@FreeBSD.org</email>
|
||||
</person>
|
||||
|
||||
<person>
|
||||
<name>
|
||||
<given>Kurt</given>
|
||||
|
@ -300,14 +311,13 @@
|
|||
</links>
|
||||
|
||||
<body>
|
||||
<p> Postmaster handles the mail flow for the &os;
|
||||
project.</p>
|
||||
<p> Postmaster handles the mail flow for the &os; project.</p>
|
||||
|
||||
<p>Clusteradm provides us with four jails: mailman, mailarchive,
|
||||
mx1 and mx2. In addition, there is some part of the setup
|
||||
mx1, and mx2. In addition, there is some part of the setup
|
||||
running on freefall.FreeBSD.org. The system uses
|
||||
<tt>postfix</tt>, <tt>mailman</tt>, <tt>spamassassin</tt> and
|
||||
some other tools from the ports tree to handle the mailflow.
|
||||
<tt>postfix</tt>, <tt>mailman</tt>, <tt>spamassassin</tt>, and
|
||||
some other tools from the ports tree to handle the mail flow.
|
||||
We use a very small, non-public Subversion repository for
|
||||
parts of the configuration.</p>
|
||||
|
||||
|
@ -318,7 +328,8 @@
|
|||
<p>Thanks to Florian for his long service in that role! David
|
||||
Wolfskill is planning to leave the role as soon as the new
|
||||
team members are settled. Vsevolod Stakhov plans to provide
|
||||
us with support to integrate <tt>rspamd</tt> into the setup.</p>
|
||||
us with support to integrate <tt>rspamd</tt> into the setup,
|
||||
as well.</p>
|
||||
|
||||
<p>The workload for the Postmaster Team is not high, but the
|
||||
complexity of the setup has its own demands.</p>
|
||||
|
@ -402,7 +413,7 @@
|
|||
desired functionality.</p>
|
||||
|
||||
<p>LLD is now used as the default system linker for
|
||||
&os;/arm64 and can link a working kernel, modules, and
|
||||
&os;/arm64 and can link a working kernel, kernel modules, and
|
||||
userland for &os;/amd64. LLD can also link a working
|
||||
kernel and modules (but not userland) for &os;/arm and
|
||||
&os;/i386.</p>
|
||||
|
@ -411,7 +422,7 @@
|
|||
as the system linker (either by fixing the port, or
|
||||
configuring the port to be linked by GNU <tt>ld</tt>).</p>
|
||||
|
||||
<p>For &os; 12.0 we expect to use LLD as the system linker for
|
||||
<p>For &os; 12.0 we expect to use LLD as the system linker for
|
||||
the same set of architectures that use Clang by default:
|
||||
32- and 64-bit arm and x86.</p>
|
||||
</body>
|
||||
|
@ -423,7 +434,7 @@
|
|||
command line arguments as for GNU <tt>ld</tt> and
|
||||
<tt>gold</tt>.</task>
|
||||
|
||||
<task>Investigate remaining amd64 and arm64 port
|
||||
<task>Investigate the remaining amd64 and arm64 port
|
||||
build failures.</task>
|
||||
|
||||
<task>Investigate and improve LLD on i386 and arm, before
|
||||
|
@ -451,10 +462,10 @@
|
|||
|
||||
|
||||
<body>
|
||||
<p>The in-tree DTC (Device Tree Compilator) was switched to use the
|
||||
<p>The in-tree DTC (Device Tree Compiler) was switched to use the
|
||||
BSD-licensed version by default. (The previous default DTC is
|
||||
licensed under the GPL.) The current version supports overlays
|
||||
and is able to compile every DTS used by the &os; arm
|
||||
and is able to compile every DTS (Device Tree Source) used by the &os; arm
|
||||
releases. The ports GPL version was updated to the latest
|
||||
release (1.4.4). The in-tree GPL version is still present but
|
||||
the goal is to remove it before &os; 12.0.</p>
|
||||
|
@ -522,7 +533,7 @@
|
|||
bulk build output (the "Ignored ports" portion, in
|
||||
particular) and see quickly what ports are failing to build
|
||||
and why. Previously, finding the exact reason why a build
|
||||
failed needed some research (<tt>portsmon</tt> only models
|
||||
failed needed some research (<tt>portsmon</tt> only analyzes
|
||||
failure messages on amd64). Additionally, it is extremely
|
||||
difficult to work through several hundred logs that simply say
|
||||
"failed to compile", "failed to link", and
|
||||
|
@ -537,7 +548,7 @@
|
|||
output, I have begun reworking some existing
|
||||
<tt>BROKEN</tt>/<tt>NOT_FOR</tt>/<tt>ONLY_FOR</tt> messages so
|
||||
that they will sort more easily. This includes sorting the
|
||||
order of the <tt>ARCH</tt> definitions.</p>
|
||||
order in which architectures appear in the lists.</p>
|
||||
|
||||
<p>Many people have been doing great work on fixing the
|
||||
individual ports. I hope that my work makes their jobs
|
||||
|
@ -571,11 +582,11 @@
|
|||
</links>
|
||||
|
||||
<body>
|
||||
<p>ENA (Elastic Network Adapter) is a 25G SmartNIC developed by
|
||||
<p>The ENA (Elastic Network Adapter) is a 25G SmartNIC developed by
|
||||
Annapurna Labs and is based on a custom ARMv8 chip. This is a
|
||||
high performance networking card available in the AWS offering.
|
||||
high-performance networking card available in the AWS offerings.
|
||||
It introduces enhancements in network utilization scalability
|
||||
on EC2 machines under control of various operating systems, in
|
||||
on EC2 machines under the control of various operating systems, in
|
||||
particular &os;.</p>
|
||||
|
||||
<p>The goal of &os; enablement is to provide top performance and
|
||||
|
@ -587,7 +598,7 @@
|
|||
|
||||
<li>hardware offloads (rx and tx checksum)</li>
|
||||
|
||||
<li>admin queue</li>
|
||||
<li>an admin queue</li>
|
||||
|
||||
<li>asynchronous notifications</li>
|
||||
|
||||
|
@ -611,7 +622,7 @@
|
|||
<sponsor>Annapurna Labs — an Amazon company</sponsor>
|
||||
|
||||
<help>
|
||||
<task>Add RSS configuration from userspace (sysctls).</task>
|
||||
<task>Add RSS configuration from userspace (via sysctls).</task>
|
||||
|
||||
<task>Add support for LLQ mechanisms.</task>
|
||||
</help>
|
||||
|
@ -640,7 +651,7 @@
|
|||
<p>I'm working on a third edition of <i>Absolute &os;</i>. This
|
||||
will be a nearly complete rewrite, thanks to the addition of
|
||||
little details like ZFS, GPT, <tt>dma</tt>, GELI, new boot
|
||||
stuff, disk labeling, <tt>pkg(8)</tt>, <tt>blacklistd</tt>,
|
||||
procedures, disk labeling, <tt>pkg(8)</tt>, <tt>blacklistd</tt>,
|
||||
jails, etc..</p>
|
||||
|
||||
<p>My current (delusional) plan is to have a first draft
|
||||
|
@ -678,7 +689,7 @@
|
|||
"layout" in use specifies how the division occurs, with
|
||||
metadata operations occurring against the main server, and
|
||||
bulk data operations (read/write/setattr/etc.) occurring via
|
||||
a layout-specific scheme between the client and data
|
||||
a layout-specific scheme between the client and the data
|
||||
servers.</p>
|
||||
|
||||
<p>My first attempt at a pNFS server using GlusterFS was a dud.
|
||||
|
@ -686,7 +697,7 @@
|
|||
usable. This attempt that I call "Plan B", only
|
||||
uses &os;, with one &os; server handling the metadata
|
||||
operations and multiple &os; servers configured to serve
|
||||
data and is now ready for third party testing. If testing by
|
||||
data, is now ready for third-party testing. If testing by
|
||||
third parties goes well, I anticipate the code will be
|
||||
merged into &os; head in time for &os; 12. Fairly
|
||||
recent &os; or Linux systems should be usable as pNFS
|
||||
|
@ -701,7 +712,7 @@
|
|||
|
||||
<p>The patched &os; sources may now be accessed for testing
|
||||
via either Subversion or download of a gzipped tarball.
|
||||
They consist of a patched kernel plus nfsd daemon and can be
|
||||
They consist of a patched kernel and <tt>nfsd</tt> and can be
|
||||
used on any &os; 11 or later system.</p>
|
||||
</body>
|
||||
|
||||
|
@ -730,8 +741,8 @@
|
|||
</links>
|
||||
|
||||
<body>
|
||||
<p>&os; supports the Xen hypervisor, with DomU support since
|
||||
&os; 8.0 and Dom0 available since &os; 11.0. The
|
||||
<p>&os; supports the Xen hypervisor, with DomU (guest) support since
|
||||
&os; 8.0 and Dom0 (host) available since &os; 11.0. The
|
||||
&os; Handbook was lacking instructions on how to run a Xen
|
||||
host and VMs. The steps were outlined in the &os; wiki, but
|
||||
needed some extra bits of text from the upstream Xen wiki in
|
||||
|
@ -743,7 +754,7 @@
|
|||
|
||||
<p>Reviewers Nikolai Lifanov, Roger Pau Monné, and Warren Block
|
||||
provided valuable feedback on the initial version in
|
||||
Phabricator. Additional corrections were found by Björn
|
||||
Phabricator. Additional corrections were made by Björn
|
||||
Heidotting while translating the section into German.</p>
|
||||
</body>
|
||||
|
||||
|
@ -816,11 +827,11 @@
|
|||
href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=220290">PR220290</a>)</li>
|
||||
</ul>
|
||||
|
||||
<p>We have created new Subversion tag (<em>4.13</em>) in order
|
||||
to follow the unstable releases (due to changes in <tt>USES=
|
||||
xfce</tt> infrastucture, and not backward compatible new API
|
||||
in <tt>xfconf</tt>). Ports following unstable release
|
||||
are:</p>
|
||||
<p>We have created a new Subversion tag (<em>4.13</em>) in order
|
||||
to follow the unstable releases. The separate tag was
|
||||
necessary in order to support changes in the <tt>USES=xfce</tt>
|
||||
infrastucture, and due to some incompatible changes to the
|
||||
<tt>xfconf</tt> API. Ports following the unstable release are:</p>
|
||||
|
||||
<ul>
|
||||
<li><tt>deskutils/xfce4-tumbler</tt> (0.1.92.1)</li>
|
||||
|
@ -888,11 +899,12 @@
|
|||
merging everything in one big commit, we have been updating
|
||||
the GNOME ports one at a time or in small groups. For
|
||||
example, the GTK+ stack and the Evolution Suite were updated
|
||||
as groups, and all the gnome-games were done in one commit.
|
||||
It might be a bit more work preparing and testing the
|
||||
updates, but on the plus side, it easy to keep track of what
|
||||
is going on, and allows us to pay attention to the details.
|
||||
And it should be easier to commit smaller changes.</p>
|
||||
as groups, and all the <tt>gnome-games</tt> components were
|
||||
done in one commit. It might be a bit more work preparing
|
||||
and testing the updates, but on the plus side, it easy to
|
||||
keep track of what is going on, and allows us to pay
|
||||
attention to the details. It should also make it easier to commit
|
||||
smaller changes.</p>
|
||||
|
||||
<p>This quarter started with the update of GTK+ 3 to 3.22.15,
|
||||
and the underlying libraries to their latest stable
|
||||
|
@ -925,7 +937,7 @@
|
|||
Unfortunately, GDM is blocking the update because of a
|
||||
"handoff" bug to the session after login.</task>
|
||||
|
||||
<task>Fix the control-center printer sub menu. As a
|
||||
<task>Fix the printer submenu in <tt>gnome-control-center</tt>. As a
|
||||
workaround, <tt>system-config-printer</tt> can be used to
|
||||
configure printers.</task>
|
||||
|
||||
|
@ -973,10 +985,10 @@
|
|||
learning and AI. There are official binaries for Linux, Mac,
|
||||
Windows, and Android, but no official support for &os;. For
|
||||
the last several months, I have done some work to make
|
||||
TensorFlow available on &os;. Some notable work:</p>
|
||||
TensorFlow available on &os;. Some notable items include:</p>
|
||||
|
||||
<ul>
|
||||
<li>Patch <tt>bazel</tt> to not depend on <tt>/proc</tt> at
|
||||
<li><tt>bazel</tt> was patched to not depend on <tt>/proc</tt> at
|
||||
build time. <tt>bazel</tt> is a build tool made by Google.
|
||||
It uses <tt>/proc</tt> to get path-to-self when building C++
|
||||
code, but mounting <tt>/proc</tt> is usually not allowed
|
||||
|
@ -1016,7 +1028,7 @@
|
|||
<task>Review, test, comment, and most importantly, commit to the
|
||||
Ports Collection.</task>
|
||||
|
||||
<task>Fix the OpenCL support on &os;.</task>
|
||||
<task>Fix OpenCL (GPU acceleration) support on &os;.</task>
|
||||
|
||||
<task>Port <tt>tensorflow-serving</tt>, which is a flexible,
|
||||
high-performance serving system for machine learning models
|
||||
|
@ -1073,8 +1085,8 @@
|
|||
|
||||
<p>I started looking into Ceph because the HAST solution with
|
||||
CARP and <tt>ggate</tt> did not really do what I was looking
|
||||
for. But I aim to run a Ceph storage cluster of storage nodes
|
||||
that are running ZFS. User stations would be running
|
||||
for. I aim to run a Ceph storage cluster of storage nodes
|
||||
that are running ZFS, with user workstations running
|
||||
<tt>bhyve</tt> on RBD disks that are stored in Ceph.</p>
|
||||
|
||||
<p>Compiling for &os; will now build most of the tools
|
||||
|
@ -1093,9 +1105,9 @@
|
|||
|
||||
<li><tt>rbd-ggate</tt> is available to create a Ceph
|
||||
<tt>rdb</tt> backed device. <tt>rbd-ggate</tt> was
|
||||
submitted by Mykola Golub. That works in a rather simple
|
||||
fashion, once a cluster is functioning, with <tt>rdb
|
||||
import</tt> and <tt>rdb-gate map</tt> creating
|
||||
submitted by Mykola Golub. It works in a rather simple
|
||||
fashion: once a cluster is functioning, <tt>rdb
|
||||
import</tt> and <tt>rdb-gate map</tt> are used to create
|
||||
<tt>ggate</tt>-like devices backed by the Ceph cluster.</li>
|
||||
</ul>
|
||||
|
||||
|
@ -1114,9 +1126,9 @@
|
|||
—only <tt>/bin/bash</tt> is there to stay.</li>
|
||||
</ul>
|
||||
|
||||
<p>Looking forward, the next official release of Ceph is called
|
||||
<p>The next forthcoming official release of Ceph is called
|
||||
Luminous (v12.1.0). As soon as it is available from upstream,
|
||||
a port will be made provided for &os;.</p>
|
||||
a port will be provided for &os;.</p>
|
||||
|
||||
<p>To get things running on a &os; system, run <tt>pkg install
|
||||
net/ceph-devel</tt> or clone <a
|
||||
|
@ -1129,7 +1141,7 @@
|
|||
|
||||
<ul>
|
||||
<li>KRBD — but <tt>rbd-ggate</tt> is usable in its
|
||||
stead</li>
|
||||
stead.</li>
|
||||
|
||||
<li>BlueStore — &os; and Linux have different AIO APIs,
|
||||
and that incompatibility needs to be resolved somehow.
|
||||
|
@ -1145,7 +1157,7 @@
|
|||
<task>Investigate the keystore, which can be embedded in the
|
||||
kernel on Linux and currently prevents building Cephfs and
|
||||
some other parts. The first question is whether it is really
|
||||
required, or only KRBD requires it.</task>
|
||||
required, or if only KRBD requires it.</task>
|
||||
|
||||
<task>Scheduler information is not used at the moment, because the
|
||||
schedulers work rather differently between Linux and &os;.
|
||||
|
@ -1159,7 +1171,7 @@
|
|||
|
||||
<task>Build a test cluster and start running some of the
|
||||
teuthology integration tests on it. Teuthology wants to build
|
||||
its own <tt>libvirt</tt> and that does not quite work with all
|
||||
its own <tt>libvirt</tt>, and that does not quite work with all
|
||||
the packages &os; already has in place. There are many
|
||||
details to work out here.</task>
|
||||
|
||||
|
@ -1169,7 +1181,7 @@
|
|||
</project>
|
||||
|
||||
<project cat="ports">
|
||||
<title>A New USES Macro for Porting Cargo-Based Rust Applications</title>
|
||||
<title>A New <tt>USES</tt> Macro for Porting Cargo-Based Rust Applications</title>
|
||||
|
||||
<contact>
|
||||
<person>
|
||||
|
@ -1242,24 +1254,24 @@
|
|||
</contact>
|
||||
|
||||
<body>
|
||||
<p>Work proceeds to finalize the upstreaming process of support
|
||||
for the Marvell Armada38x platform to &os;-HEAD.</p>
|
||||
<p>Work proceeds to finalize the process of bringing support
|
||||
for the Marvell Armada38x platform into &os;-HEAD.</p>
|
||||
|
||||
<p>The most important bits of the recent effort are:</p>
|
||||
<p>The most important parts of the recent effort are:</p>
|
||||
|
||||
<ul>
|
||||
<li>Add the network driver (NETA)</li>
|
||||
|
||||
<li>Enable coherent <tt>busdma</tt> operation for all ARMv7 SoCs</li>
|
||||
|
||||
<li>Add various low-level optimisations, such as L1 cache
|
||||
<li>Add various low-level optimizations, such as L1 cache
|
||||
prefetch and MBUS quirks</li>
|
||||
|
||||
<li>Enable PL310 L2 cache controller</li>
|
||||
|
||||
<li>Add SDHCI support</li>
|
||||
|
||||
<li>Fixes for the <tt>e6000sw</tt> driver and rework of its
|
||||
<li>Fixes for the <tt>e6000sw</tt> driver and a rework of its
|
||||
PHY handling</li>
|
||||
|
||||
<li>Support multi-port PCIe operation</li>
|
||||
|
@ -1293,7 +1305,7 @@
|
|||
<links>
|
||||
<url href="http://www.sndio.org">Sndio Homepage</url>
|
||||
<url href="https://www.openbsd.org/papers/asiabsdcon2010_sndio.pdf">Sndio Paper</url>
|
||||
<url href="https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf">Comprehensive and biased comparison of OpenBSD and &os; (section 17)</url>
|
||||
<url href="https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf">Comprehensive and Biased Comparison of OpenBSD and &os; (Section 17)</url>
|
||||
</links>
|
||||
|
||||
<body>
|
||||
|
@ -1314,7 +1326,7 @@
|
|||
recording through it. To that end, I submitted several patches
|
||||
to various ports over the course of the last year.</p>
|
||||
|
||||
<p>A short selection of ports that now support <tt>sndio</tt> in
|
||||
<p>Here's a short selection of ports that now support <tt>sndio</tt> in
|
||||
the &os; Ports Collection:</p>
|
||||
|
||||
<ul>
|
||||
|
@ -1354,7 +1366,7 @@
|
|||
the Ports Collection.</task>
|
||||
|
||||
<task>If you maintain or use an audio-related port, consider
|
||||
checking if it includes an <tt>sndio</tt> backend and adding
|
||||
checking whether it includes an <tt>sndio</tt> backend, and adding
|
||||
an <tt>SNDIO</tt> option. Thanks to the OpenBSD developers,
|
||||
several open-source projects already include one, so adding it
|
||||
might be very easy to do.</task>
|
||||
|
@ -1382,12 +1394,12 @@
|
|||
</links>
|
||||
|
||||
<body>
|
||||
<p>The KDE on &os; team focuses on packaging and making sure
|
||||
that the experience of KDE and Qt on &os; is as good as
|
||||
<p>The KDE on &os; team focuses on packaging KDE and Qt, and making sure
|
||||
that their experience on &os; is as good as
|
||||
possible.</p>
|
||||
|
||||
<p>This quarter, in addition to the regular updates to the KDE,
|
||||
Qt and related ports, there have also been some changes behind
|
||||
Qt, and related ports, there have also been some changes behind
|
||||
the scenes: our development repository has moved to GitHub,
|
||||
and &os; is now part of KDE's official continuous integration
|
||||
(CI infrastructure).</p>
|
||||
|
@ -1409,8 +1421,8 @@
|
|||
from KDE's git repositories. There is strong commitment from
|
||||
upstream and the downstream KDE-&os; team to reduce the amount
|
||||
of patching in the KDE ports to as little as possible. The
|
||||
first effects are being felt in expanding unittests to
|
||||
&os;-specific situations, and in extending Qt to handle &os;
|
||||
first effects are being felt in expanding the set of unit tests to
|
||||
include &os;-specific situations, and in extending Qt to handle &os;
|
||||
filesystems better. In addition to the KDE sysadmins, we
|
||||
would also like to extend our thanks to Adriaan de Groot, who
|
||||
is both a KDE committer and part of our KDE on &os; team, for
|
||||
|
@ -1422,7 +1434,7 @@
|
|||
<ul>
|
||||
<li>CMake was updated to 3.8.0 and 3.8.2</li>
|
||||
|
||||
<li>KDE Frameworks were updated to 5.33, 5.34 and 5.35</li>
|
||||
<li>KDE Frameworks was updated to 5.33, 5.34 and 5.35</li>
|
||||
|
||||
<li>The Calligra office suite was updated to 3.0.1, the first
|
||||
release in the ports tree to be based on KDE Frameworks 5,
|
||||
|
@ -1489,10 +1501,10 @@
|
|||
non-standard PHP-configurations or describe your exotic
|
||||
setups! These can be as simple as changed default versions,
|
||||
like LibreSSL instead of OpenSSL or the GCC version used for
|
||||
compiling. I, for example, use always another
|
||||
PostgreSQL-version than default (and always PHP 7.1). Of
|
||||
course, this also covers options set in an non-default way or
|
||||
setups changing variables to allow for multiple PHP
|
||||
compiling. I, for example, always use another
|
||||
PostgreSQL-version than the default (and always PHP 7.1). Of
|
||||
course, this also covers port options set in an non-default way or
|
||||
setups that change variables to allow for multiple PHP
|
||||
installations, etc..</p>
|
||||
|
||||
<p>I plan to test on all supported &os; versions, so you only
|
||||
|
@ -1524,7 +1536,7 @@
|
|||
</contact>
|
||||
|
||||
<links>
|
||||
<url href="https://github.com/NuxiNL/arpc">ARPC: GRPC-Like RPC Library That Wupports File Descriptor Passing</url>
|
||||
<url href="https://github.com/NuxiNL/arpc">ARPC: GRPC-Like RPC Library That Supports File Descriptor Passing</url>
|
||||
<url href="https://github.com/NuxiNL/flower">Flower: A Label-Based Network Backplane</url>
|
||||
</links>
|
||||
|
||||
|
@ -1535,9 +1547,9 @@
|
|||
<tt>connect()</tt> and <tt>sendto()</tt> are disabled. Though
|
||||
we can sometimes work around this by ensuring that the
|
||||
sandboxed process already possesses socket file descriptors on
|
||||
startup, this doesn't allow the destination process to be
|
||||
startup, this does not allow the destination process to be
|
||||
restarted, moved to a different network address, be load
|
||||
balanced, etc.</p>
|
||||
balanced, etc..</p>
|
||||
|
||||
<p>Coming up with a solution for this is quite important for me,
|
||||
as I am currently working on making CloudABI work on top of
|
||||
|
@ -1601,9 +1613,9 @@
|
|||
|
||||
<links>
|
||||
<url href="https://www.FreeBSD.org/ports/">About &os; Ports</url>
|
||||
<url href="https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html">Contributing to ports</url>
|
||||
<url href="https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html">Contributing to Ports</url>
|
||||
<url href="http://portsmon.freebsd.org/index.html">&os; Ports Monitoring</url>
|
||||
<url href="https://www.freebsd.org/portmgr/index.html">Ports Management Team</url>
|
||||
<url href="https://www.freebsd.org/portmgr/index.html">Ports Management Team Website</url>
|
||||
<url href="https://twitter.com/freebsd_portmgr/">&os; portmgr on Twitter (@freebsd_portmgr)</url>
|
||||
<url href="https://www.facebook.com/portmgr">&os; Ports Management Team on Facebook</url>
|
||||
<url href="https://plus.google.com/communities/108335846196454338383">&os; Ports Management Team on Google+</url>
|
||||
|
@ -1611,7 +1623,7 @@
|
|||
|
||||
<body>
|
||||
<p>This quarter, 2017Q2, broke the 30,000 ports landmark for the
|
||||
first time. The PR count is currently just under 2,500 with
|
||||
first time. The PR count is currently just under 2,500, with
|
||||
almost 600 of them unassigned. This quarter saw almost 7,400
|
||||
commits from 171 committers. More PRs got closed this
|
||||
quarter, but also more PRs got sent in, both of which are good
|
||||
|
@ -1637,7 +1649,7 @@
|
|||
binaries using the <tt>cargo</tt> command (also covered
|
||||
separately in this report).</li>
|
||||
|
||||
<li><tt>groff</tt>, to handle the dependency on the
|
||||
<li><tt>groff</tt>, to handle a dependency on the
|
||||
<tt>groff</tt> document formatting system, that has been
|
||||
removed from the base system for &os; 12.</li>
|
||||
|
||||
|
@ -1749,7 +1761,7 @@
|
|||
RAM.</p>
|
||||
|
||||
<p>The default linker on arm64 is now <tt>lld</tt>. This
|
||||
means &os; is able to build itself with just the components
|
||||
means that &os; is able to build itself with just the components
|
||||
in the base system, a big milestone!</p>
|
||||
</body>
|
||||
</project>
|
||||
|
@ -1768,7 +1780,7 @@
|
|||
<url href="https://wiki.FreeBSD.org/Rust">Wiki Portal</url>
|
||||
<url href="https://gist.github.com/dumbbell/b587da50ef014078da9e732a4331ebad">Guide to Bootstrap Rust on &os;</url>
|
||||
<url href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=216143">Bug Report to Track Progress on Bootstrapping</url>
|
||||
<url href="https://internals.rust-lang.org/t/pre-rfc-target-extension-dealing-with-breaking-changes-at-os-level/5289">Upstream Discussion of API/ABI Breaking Changes</url>
|
||||
<url href="https://internals.rust-lang.org/t/pre-rfc-target-extension-dealing-with-breaking-changes-at-os-level/5289">Upstream Discussion of API/ABI-Breaking Changes</url>
|
||||
</links>
|
||||
|
||||
<body>
|
||||
|
@ -1861,7 +1873,7 @@
|
|||
</body>
|
||||
</project>
|
||||
|
||||
<project cat='proj'>
|
||||
<project cat='third'>
|
||||
<title>HardenedBSD</title>
|
||||
|
||||
<contact>
|
||||
|
@ -1883,7 +1895,7 @@
|
|||
</contact>
|
||||
|
||||
<links>
|
||||
<url href="https://hardenedbsd.org/">HardenedBSD</url>
|
||||
<url href="https://hardenedbsd.org/">HardenedBSD Homepage</url>
|
||||
<url href="http://clang.llvm.org/docs/SafeStack.html">SafeStack</url>
|
||||
<url href="http://t3a73imee26zfb3d.onion/">HardenedBSD Tor Hidden Service</url>
|
||||
<url href="https://github.com/HardenedBSD/hardenedBSD/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22">Projects HardenedBSD Would Like Help With</url>
|
||||
|
@ -1891,54 +1903,34 @@
|
|||
|
||||
<body>
|
||||
<p>HardenedBSD is a derivative of &os; that gives special attention to
|
||||
security related enhancements and exploit-mitigation
|
||||
technologies. The project started with Address Space Layout
|
||||
Randomization (ASLR) as an initial focal point and is now
|
||||
implementing further exploit mitigation techniques.</p>
|
||||
security-related enhancements and exploit-mitigation
|
||||
technologies. From an initial focus on Address Space Layout
|
||||
Randomization (ASLR), it has now branched out to explore
|
||||
additional exploit mitigation techniques.</p>
|
||||
|
||||
<p>It has been a long while since HardenedBSD's last appearance
|
||||
in a quarterly status report, with the last status report
|
||||
being from December of 2015. Accordingly, this status report
|
||||
will be a long one!</p>
|
||||
<p>It has been a long while since HardenedBSD's last entry
|
||||
in a quarterly status report, back in 2015Q4. The
|
||||
intervening year saw HardenedBSD gain new developers
|
||||
Bernard Spil and Franco Fichtner, import LibreSSL and
|
||||
OpenNTPd into base as the default crypto library and NTP
|
||||
client, respectively, and introduce the <tt>hbsd-update</tt>
|
||||
binary update mechanism for the base system. The
|
||||
<tt>secadm</tt> application got a rewrite and Trusted Path
|
||||
Execution (TPE). PIE is now enabled for the base system for
|
||||
arm64 and amd64 as well as the bulk of the ports tree, and the
|
||||
ports tree also gained RELRO and BIND_NOW. Integriforce
|
||||
(similar to NetBSD's verified exec, <tt>veriexec</tt>) was
|
||||
introduced for the base system, as well as SafeStack, a
|
||||
technology for protection against stack-based buffer
|
||||
overflows that's developed by the Clang/LLVM community.
|
||||
SafeStack relies and builds on top of Address Space Layout
|
||||
Randomization (ASLR), and is strengthened by the presence of
|
||||
PaX NOEXEC. Certain high-profile ports also have SafeStack
|
||||
enabled.</p>
|
||||
|
||||
<p>HardenedBSD has gained Bernard Spil and Franco Fichtner
|
||||
as developers on the project. Bernard has imported both
|
||||
LibreSSL and OpenNTPd into base. OpenNTPd and LibreSSL have
|
||||
been set as the default <tt>ntp</tt> daemon and crypto library
|
||||
respectively on HardenedBSD 12-CURRENT. Franco has given the
|
||||
ports hardening framework a much-needed refactor.</p>
|
||||
|
||||
<p>We introduced a new secure binary update mechanism for the
|
||||
base system, <tt>hbsd-update</tt>. Our <tt>secadm</tt>
|
||||
application was rewritten to be made more efficient — it
|
||||
now includes a feature called Integriforce, which is similar
|
||||
in scope as NetBSD's verified exec (<tt>veriexec</tt>).
|
||||
Trusted Path Execution (TPE) was also introduced into
|
||||
<tt>secadm</tt>.</p>
|
||||
|
||||
<p>Through extremely generous donations from G2, Inc,
|
||||
HardenedBSD has a dedicated package building server, a
|
||||
dedicated binary update publishing server, and several
|
||||
development and test servers.</p>
|
||||
|
||||
<p>In April of 2016, we introduced full PIE support for the base
|
||||
system on arm64 and amd64. In June of 2016, we started
|
||||
shipping Integriforce rules for the base system in the binary
|
||||
updates distributed via <tt>hbsd-update</tt>. In August of
|
||||
2016, PIE, RELRO, and BIND_NOW were enabled for the entire
|
||||
ports tree, with the exception of a number of ports that have
|
||||
one or more of those features explicitly disabled.</p>
|
||||
|
||||
<p>In November of 2016, we introduced SafeStack into the base
|
||||
system. SafeStack is an exploit mitigation technique that
|
||||
helps protect against stack-based buffer overflows. It is
|
||||
developed by the Clang/LLVM community and is included, but not
|
||||
used, in &os;. In order to be effective, SafeStack relies and
|
||||
builds on top of Address Space Layout Randomization (ASLR).
|
||||
Additionally, SafeStack is made stronger with HardenedBSD's
|
||||
port of PaX NOEXEC. SafeStack is also enabled by default for
|
||||
a number of high-profile ports in HardenedBSD's ports
|
||||
tree.</p>
|
||||
<p>Extremely generous hardware donations from G2, Inc. have
|
||||
provided for dedicated package building and binary update
|
||||
servers, as well as development and test servers.</p>
|
||||
|
||||
<p>In March of 2017, we added Control Flow Integrity (CFI) to
|
||||
the base system. CFI is an exploit mitigation technique that
|
||||
|
@ -1957,7 +1949,7 @@
|
|||
all DSOs in a process. Currently only the former is
|
||||
implemented, but we are working hard to enable cross-DSO CFI.
|
||||
As is the case for SafeStack, cross-DSO CFI requires both ASLR
|
||||
and PaX NOEXEC in order to be effective. If the attacker
|
||||
and PaX NOEXEC in order to be effective. If an attacker
|
||||
knows the memory layout of an application, the attacker might
|
||||
be able to craft a data-only attack, modifying the CFI control
|
||||
data.</p>
|
||||
|
@ -1991,7 +1983,7 @@
|
|||
|
||||
<task>Integrate Cross-DSO CFI.</task>
|
||||
|
||||
<task>Documentation via the HardenedBSD Handbook.</task>
|
||||
<task>Add documentation to the HardenedBSD Handbook.</task>
|
||||
|
||||
<task>Start porting grsecurity's RBAC.</task>
|
||||
</help>
|
||||
|
@ -2020,7 +2012,8 @@
|
|||
|
||||
<links>
|
||||
<url href="https://gcc.gnu.org">GCC Homepage</url>
|
||||
<url href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=219275">Issue Tracking the Update to GCC 6</url>
|
||||
<url
|
||||
href="https://bugs.FreeBSD.org/bugzilla/show_bug.cgi?id=219275">Issue Tracker Entry for the Update to GCC 6</url>
|
||||
<url href="https://gcc.gnu.org/gcc-5/changes.html">GCC 5 Changelog</url>
|
||||
<url href="https://gcc.gnu.org/gcc-5/porting_to.html">GCC 5 Porting Issues</url>
|
||||
</links>
|
||||
|
@ -2028,12 +2021,13 @@
|
|||
<body>
|
||||
<p>The default version of GCC in the Ports Collection (the one
|
||||
requested by <tt>USE_GCC=yes</tt> and various
|
||||
<tt>USES=compiler</tt> invocations) has been updated from from
|
||||
<tt>USES=compiler</tt> invocations) has been updated from
|
||||
GCC 4.9.4 to GCC 5.4.</p>
|
||||
|
||||
<p>This new major version brings many new capabilities and
|
||||
improvements, as well as some changes that may require
|
||||
adjustments, including many new compiler warnings, significant
|
||||
adjustments. The latter category includes many new compiler
|
||||
warnings, significant
|
||||
improvements to inter-procedural optimizations, and link-time
|
||||
optimization.</p>
|
||||
|
||||
|
@ -2052,9 +2046,9 @@
|
|||
binaries.</p>
|
||||
|
||||
<p>This is the end of a long journey establishing this infrastructure,
|
||||
which is now similar that of the python ports, for example.
|
||||
Having the new infrastructure makes upgrading the default as
|
||||
well as locally adjusting the default version a lot
|
||||
which is now similar that used by the python ports, for example.
|
||||
Having the new infrastructure makes upgrading the default, as
|
||||
well as locally adjusting the default version, a lot
|
||||
easier.</p>
|
||||
|
||||
<p><tt>gcc8-devel</tt> has been added, and armv6hf support removed,
|
||||
|
@ -2153,12 +2147,12 @@
|
|||
not to me. In fairness, the removal of version strings from the
|
||||
FDP Primer alone is a small change in a tiny corner of the
|
||||
project. Looking at it another way, it might be that some
|
||||
things that seem to be necessary are more about comfort in
|
||||
things that seem to be necessary are more about the comfort of
|
||||
familiarity than actual utility.</p>
|
||||
|
||||
<p>At present, this is strictly a change to the documentation
|
||||
build toolchain and a single documentation book. However, there
|
||||
do not appear to be any reasons it could not be extended to the
|
||||
do not appear to be any reason why it could not be extended to the
|
||||
rest of the documents. It might even serve as tiny test of
|
||||
whether the expansion of <tt>$FreeBSD$</tt> tags
|
||||
is needed throughout the rest of the &os; tree.</p>
|
||||
|
@ -2212,7 +2206,7 @@
|
|||
|
||||
<p>Q2 Development Projects Summary</p>
|
||||
|
||||
<p>The hard work continues into the 2nd quarter on 2017.
|
||||
<p>Our hard work continues into the 2nd quarter on 2017.
|
||||
Please take a look at the highlights from our more recent
|
||||
Development Projects summaries.</p>
|
||||
|
||||
|
@ -2252,7 +2246,7 @@
|
|||
|
||||
<p>The proposal submission deadline was July 14, 2017, but as
|
||||
mentioned above, people are welcome to submit proposals at
|
||||
anytime.</p>
|
||||
any time.</p>
|
||||
|
||||
<p>Although proposals may address any &os; subsystem or
|
||||
infrastructure, we are particularly interested in receiving
|
||||
|
@ -2260,22 +2254,22 @@
|
|||
|
||||
<ul>
|
||||
<li>Improvements to the security of &os; itself, or of
|
||||
applications running on &os;.</li>
|
||||
applications running on &os;</li>
|
||||
|
||||
<li>New test cases, improved test infrastructure, and
|
||||
quality assurance.</li>
|
||||
quality assurance</li>
|
||||
|
||||
<li>Improved software development tools.</li>
|
||||
|
||||
<li>Projects to improve community collaboration and
|
||||
communication.</li>
|
||||
communication</li>
|
||||
|
||||
<li>Improving the &os; "out of the box" experience
|
||||
for new users on various hardware platforms.</li>
|
||||
for new users on various hardware platforms</li>
|
||||
|
||||
<li>Establishing &os; as a leader in advancing projects of
|
||||
shared interest (such as ZFS, LLVM, or
|
||||
<tt>libarchive</tt>).</li>
|
||||
<tt>libarchive</tt>)</li>
|
||||
</ul>
|
||||
|
||||
<p>More details can be found at <a
|
||||
|
@ -2287,7 +2281,7 @@
|
|||
<p>Please do not hesitate to contact
|
||||
proposals@FreeBSDfoundation.org with any questions.</p>
|
||||
|
||||
<p>Announcing New Partnership Program (contributed by Deb
|
||||
<p>Announcing the New Partnership Program (contributed by Deb
|
||||
Goodkin)</p>
|
||||
|
||||
<p>I'm excited to announce our new FreeBSD Foundation
|
||||
|
@ -2324,8 +2318,8 @@
|
|||
providing &os; education and training, and recruiting more
|
||||
contributors to the Project. We can only provide the above
|
||||
support with your donations, and we need your help to
|
||||
connect us with your companies. Please consider sharing our
|
||||
new Partnership Program with your organization and helping
|
||||
connect us with your companies. Please consider alerting
|
||||
your organization to our new Partnership Program and helping
|
||||
to connect us with the appropriate contacts at your
|
||||
company.</p>
|
||||
|
||||
|
@ -2447,7 +2441,7 @@
|
|||
assistance with travel expenses for attending conferences
|
||||
related to &os; development and advocacy. Please note: the
|
||||
travel grant policy has been recently updated. Please
|
||||
carefully review before submitting your application.</p>
|
||||
carefully review it before submitting your application.</p>
|
||||
|
||||
<p>More information about travel grants is available at: <a
|
||||
href="https://www.FreeBSDfoundation.org/what-we-do/grants/travel-grants/">https://www.FreeBSDfoundation.org/what-we-do/grants/travel-grants/</a>.</p>
|
||||
|
@ -2529,7 +2523,7 @@
|
|||
with the Project, if not become more deeply involved.</p>
|
||||
|
||||
<p>The naming for the new group of non-committer Project members
|
||||
took a few tries to get right: having tried, and rejected
|
||||
took a few tries to get right: having tried, and rejected,
|
||||
"Contributor" and then "Associate", Core
|
||||
took the view that since what they were offerring was formal
|
||||
Project Membership, then that was the right thing to call it.
|
||||
|
@ -2610,7 +2604,7 @@
|
|||
<li>Jordan Hubbard</li>
|
||||
</ul>
|
||||
|
||||
<p>It is always unsettling when one of the Project's founder
|
||||
<p>It is always unsettling when one of the Project's founding
|
||||
members decides to move on, but Jordan's interests have
|
||||
migrated away from &os; related projects and he has decided to
|
||||
hang up his bit once and for all.</p>
|
||||
|
|
Loading…
Reference in a new issue