svn commit: r367999 - head/share/mk
Author: sjg Date: Tue Nov 24 21:45:38 2020 New Revision: 367999 URL: https://svnweb.freebsd.org/changeset/base/367999 Log: Update dirdeps.mk et al to latest Move some local tweaks to local.*.mk Reviewed by: bdrewery MFC after:1 week Differential Revision: https://reviews.freebsd.org/D27300 Modified: head/share/mk/bsd.init.mk head/share/mk/dirdeps-options.mk head/share/mk/dirdeps-targets.mk head/share/mk/dirdeps.mk head/share/mk/gendirdeps.mk head/share/mk/local.autodep.mk head/share/mk/local.dirdeps.mk head/share/mk/local.gendirdeps.mk head/share/mk/local.meta.sys.mk head/share/mk/meta.autodep.mk head/share/mk/meta.stage.mk head/share/mk/meta.subdir.mk head/share/mk/meta.sys.mk head/share/mk/meta2deps.py head/share/mk/meta2deps.sh Modified: head/share/mk/bsd.init.mk == --- head/share/mk/bsd.init.mk Tue Nov 24 21:28:44 2020(r367998) +++ head/share/mk/bsd.init.mk Tue Nov 24 21:45:38 2020(r367999) @@ -55,9 +55,13 @@ $xGRP= ${_gid} # - make install is used without other targets. This is to avoid breaking # things like 'make all install' or 'make foo install'. # - non-build targets are called -.if ${MK_DIRDEPS_BUILD} == "yes" && ${.MAKE.LEVEL:U1} == 0 && \ -${BUILD_AT_LEVEL0:Uyes:tl} == "no" && !make(clean*) && !make(*clean) +.if ${MK_DIRDEPS_BUILD} == "yes" && ${.MAKE.LEVEL} == 0 +# targets that are ok at level 0 +DIRDEPS_BUILD_LEVEL0_TARGETS += clean* destroy* +M_ListToSkip?= O:u:S,^,N,:ts: +.if ${.TARGETS:Uall:${DIRDEPS_BUILD_LEVEL0_TARGETS:${M_ListToSkip}}} != "" _SKIP_BUILD= not building at level 0 +.endif .elif !empty(.MAKEFLAGS:M-V${_V_DO_BUILD}) || \ ${.TARGETS:M*install*} == ${.TARGETS} || \ ${.TARGETS:Mclean*} == ${.TARGETS} || \ Modified: head/share/mk/dirdeps-options.mk == --- head/share/mk/dirdeps-options.mkTue Nov 24 21:28:44 2020 (r367998) +++ head/share/mk/dirdeps-options.mkTue Nov 24 21:45:38 2020 (r367999) @@ -1,7 +1,7 @@ # $FreeBSD$ -# $Id: dirdeps-options.mk,v 1.9 2018/09/20 00:07:19 sjg Exp $ +# $Id: dirdeps-options.mk,v 1.17 2020/08/07 01:57:38 sjg Exp $ # -# @(#) Copyright (c) 2018, Simon J. Gerraty +# @(#) Copyright (c) 2018-2020, Simon J. Gerraty # # This file is provided in the hope that it will # be of use. There is absolutely NO WARRANTY. @@ -38,6 +38,11 @@ # to whatever applies for that dir, or it can rely on globals # set in local.dirdeps-options.mk # Either way, we will .undef DIRDEPS.* when done. +# +# In some cases the value of MK_FOO might depend on TARGET_SPEC +# so we qualify MK_FOO with .${TARGET_SPEC} and each component +# TARGET_SPEC_VAR (in reverse order) before using MK_FOO. +# # This should have been set by Makefile.depend.options # before including us @@ -48,21 +53,43 @@ DIRDEPS_OPTIONS ?= .if ${.MAKE.LEVEL} == 0 # :U below avoids potential errors when we := -.for o in ${DIRDEPS_OPTIONS:tu} -DIRDEPS += ${DIRDEPS.$o.${MK_$o:U}:U} +# some options can depend on TARGET_SPEC! +DIRDEPS_OPTIONS_QUALIFIER_LIST ?= \ + ${DEP_TARGET_SPEC:U${TARGET_SPEC}} \ + ${TARGET_SPEC_VARSr:U${TARGET_SPEC_VARS}:@v@${DEP_$v:U${$v}}@} +# note that we need to include $o in the variable _o$o +# to ensure correct evaluation. +.for o in ${DIRDEPS_OPTIONS} +.undef _o$o _v$o +.for x in ${DIRDEPS_OPTIONS_QUALIFIER_LIST} +.if defined(MK_$o.$x) +_o$o ?= MK_$o.$x +_v$o ?= ${MK_$o.$x} +.endif .endfor +_v$o ?= ${MK_$o} +.if ${_debug_reldir:U0} +.info ${DEP_RELDIR:U${RELDIR}}.${DEP_TARGET_SPEC:U${TARGET_SPEC}}: o=$o ${_o$o:UMK_$o}=${_v$o:U} DIRDEPS += ${DIRDEPS.$o.${_v$o:U}:U} +.endif +DIRDEPS += ${DIRDEPS.$o.${_v$o:U}:U} +.endfor DIRDEPS := ${DIRDEPS:O:u} +.if ${_debug_reldir:U0} +.info ${DEP_RELDIR:U${RELDIR}}: DIRDEPS=${DIRDEPS} +.endif # avoid cross contamination -.for o in ${DIRDEPS_OPTIONS:tu} +.for o in ${DIRDEPS_OPTIONS} .undef DIRDEPS.$o.yes .undef DIRDEPS.$o.no +.undef _o$o +.undef _v$o .endfor .else # whether options are enabled or not, # we want to filter out the relevant DIRDEPS.* # we should only be included by meta.autodep.mk # if dependencies are to be updated -.for o in ${DIRDEPS_OPTIONS:tu} +.for o in ${DIRDEPS_OPTIONS} .for d in ${DIRDEPS.$o.yes} ${DIRDEPS.$o.no} .if exists(${SRCTOP}/$d) GENDIRDEPS_FILTER += N$d* Modified: head/share/mk/dirdeps-targets.mk == --- head/share/mk/dirdeps-targets.mkTue Nov 24 21:28:44 2020 (r367998) +++ head/share/mk/dirdeps-targets.mkTue Nov 24 21:45:38 2020 (r367999) @@ -1,16 +1,16 @@ # $FreeBSD$ # RCSid: -# $Id: dirdeps-targets.mk,v 1.9 2019/10/06 20:07:50 sjg Exp $ +# $Id: dirdeps-targets.mk,v 1.22 2020/08/15 18:00:11 sjg Ex
svn commit: r367863 - in head: contrib/bmake contrib/bmake/filemon contrib/bmake/missing contrib/bmake/mk contrib/bmake/unit-tests usr.bin/bmake usr.bin/bmake/unit-tests
/contrib/bmake/unit-tests/directive-warning.exp head/contrib/bmake/unit-tests/directive-warning.mk head/contrib/bmake/unit-tests/directive.exp head/contrib/bmake/unit-tests/directive.mk head/contrib/bmake/unit-tests/dollar.exp head/contrib/bmake/unit-tests/dollar.mk head/contrib/bmake/unit-tests/envfirst.mk head/contrib/bmake/unit-tests/error.exp head/contrib/bmake/unit-tests/error.mk head/contrib/bmake/unit-tests/escape.mk head/contrib/bmake/unit-tests/forloop.exp head/contrib/bmake/unit-tests/forloop.mk head/contrib/bmake/unit-tests/forsubst.mk head/contrib/bmake/unit-tests/include-sub.mk head/contrib/bmake/unit-tests/moderrs.mk head/contrib/bmake/unit-tests/modmisc.mk head/contrib/bmake/unit-tests/modts.mk head/contrib/bmake/unit-tests/modword.mk head/contrib/bmake/unit-tests/opt-chdir.exp head/contrib/bmake/unit-tests/opt-chdir.mk head/contrib/bmake/unit-tests/opt-debug-jobs.exp head/contrib/bmake/unit-tests/opt-debug-jobs.mk head/contrib/bmake/unit-tests/opt-ignore.mk head/contrib/bmake/unit-tests/opt-keep-going.mk head/contrib/bmake/unit-tests/opt-no-action.mk head/contrib/bmake/unit-tests/opt-query.mk head/contrib/bmake/unit-tests/opt-touch.exp head/contrib/bmake/unit-tests/opt-touch.mk head/contrib/bmake/unit-tests/opt-var-expanded.mk head/contrib/bmake/unit-tests/opt-var-literal.mk head/contrib/bmake/unit-tests/opt-warnings-as-errors.exp head/contrib/bmake/unit-tests/opt-warnings-as-errors.mk head/contrib/bmake/unit-tests/opt.exp head/contrib/bmake/unit-tests/opt.mk head/contrib/bmake/unit-tests/order.mk head/contrib/bmake/unit-tests/recursive.exp head/contrib/bmake/unit-tests/recursive.mk head/contrib/bmake/unit-tests/sh-leading-at.exp head/contrib/bmake/unit-tests/sh-leading-at.mk head/contrib/bmake/unit-tests/sh-leading-hyphen.mk head/contrib/bmake/unit-tests/sh-leading-plus.mk head/contrib/bmake/unit-tests/sh-meta-chars.mk head/contrib/bmake/unit-tests/use-inference.mk head/contrib/bmake/unit-tests/var-class-local.exp head/contrib/bmake/unit-tests/var-class-local.mk head/contrib/bmake/unit-tests/var-op-assign.exp head/contrib/bmake/unit-tests/var-op-assign.mk head/contrib/bmake/unit-tests/var-op-expand.exp head/contrib/bmake/unit-tests/var-op-expand.mk head/contrib/bmake/unit-tests/var-op-shell.exp head/contrib/bmake/unit-tests/var-op-shell.mk head/contrib/bmake/unit-tests/var-op-sunsh.mk head/contrib/bmake/unit-tests/vardebug.exp head/contrib/bmake/unit-tests/varmisc.mk head/contrib/bmake/unit-tests/varmod-defined.exp head/contrib/bmake/unit-tests/varmod-defined.mk head/contrib/bmake/unit-tests/varmod-exclam-shell.mk head/contrib/bmake/unit-tests/varmod-ifelse.exp head/contrib/bmake/unit-tests/varmod-ifelse.mk head/contrib/bmake/unit-tests/varmod-loop.exp head/contrib/bmake/unit-tests/varmod-loop.mk head/contrib/bmake/unit-tests/varmod-match.mk head/contrib/bmake/unit-tests/varmod-order-shuffle.mk head/contrib/bmake/unit-tests/varmod-shell.exp head/contrib/bmake/unit-tests/varmod-shell.mk head/contrib/bmake/unit-tests/varmod-subst.exp head/contrib/bmake/unit-tests/varmod-subst.mk head/contrib/bmake/unit-tests/varmod-to-abs.exp head/contrib/bmake/unit-tests/varmod-to-abs.mk head/contrib/bmake/unit-tests/varmod-to-lower.mk head/contrib/bmake/unit-tests/varmod-to-separator.mk head/contrib/bmake/unit-tests/varmod-undefined.mk head/contrib/bmake/unit-tests/varmod.exp head/contrib/bmake/unit-tests/varmod.mk head/contrib/bmake/unit-tests/varname-dot-shell.exp head/contrib/bmake/unit-tests/varname-empty.exp head/contrib/bmake/unit-tests/varname-makefile.exp head/contrib/bmake/unit-tests/varname-makefile.mk head/contrib/bmake/unit-tests/varname-vpath.exp head/contrib/bmake/unit-tests/varname-vpath.mk head/contrib/bmake/unit-tests/varname.exp head/contrib/bmake/unit-tests/varname.mk head/contrib/bmake/unit-tests/varparse-undef-partial.mk head/contrib/bmake/util.c head/contrib/bmake/var.c head/usr.bin/bmake/Makefile head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/config.h head/usr.bin/bmake/unit-tests/Makefile Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogFri Nov 20 05:46:27 2020 (r367862) +++ head/contrib/bmake/ChangeLogFri Nov 20 06:02:31 2020 (r367863) @@ -1,3 +1,78 @@ +2020-11-17 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20201117 + Merge with NetBSD make, pick up + o fix some unit-tests when dash is .SHELL + o rename Targ_NewGN to GNode_New + o make some GNode functions const + o main.c: call Targ_Init before Var_Init + cleanup PrintOnError, getTmpdir and ParseBoolean + o var.c: fix error message of failed :!cmd! modifier + +2020-11-14 Simon J Gerraty + + * VERSION
svn commit: r367465 - in head: contrib/bmake contrib/bmake/filemon contrib/bmake/mk contrib/bmake/unit-tests usr.bin/bmake usr.bin/bmake/unit-tests
/varparse-dynamic.mk head/contrib/bmake/unit-tests/varshell.exp head/contrib/bmake/unit-tests/varshell.mk head/contrib/bmake/util.c head/contrib/bmake/var.c head/usr.bin/bmake/Makefile head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/config.h head/usr.bin/bmake/unit-tests/Makefile Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogSat Nov 7 21:17:49 2020 (r367464) +++ head/contrib/bmake/ChangeLogSat Nov 7 21:46:27 2020 (r367465) @@ -1,3 +1,267 @@ +2020-11-01 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20201101 + Merge with NetBSD make, pick up + o negate NoExecute to GNode_ShouldExecute + o job.c: rename JobMatchShell to FindShellByName + extract EscapeShellDblQuot from JobPrintCommand + extract ParseRunOptions from JobPrintCommand + o var.c: extract ApplyModifiersIndirect from ApplyModifiers + treat malformed :range, :ts and :[...] as errors + add tests for the variable modifiers :[words] and :range + +2020-10-31 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20201031 + Merge with NetBSD make, pick up + o format #include directives consistently + o do not look up local variables like .TARGET anywhere else + o main.c: Main_SetObjdir is first called for curdir which may be + readonly + reduce the scope where recursive expressions are detected + remove redundant :tl from getBoolean + clean up mkTempFile + o meta.c: simplify memory allocation in meta_create and meta_oodate + o parse.c: extract loadedfile_mmap from loadfile + o trace.c: document possible undefined behavior with .CURDIR + o var.c: make parsing of the :gmtime and :localtime modifiers stricter + rename ismeta to is_shell_metachar + remove debug logging for the :Q variable modifier + rename VarIsDynamic to VarnameIsDynamic + use consistent parameter order in varname parsing functions + extract ParseVarnameLong from Var_Parse + extract ParseVarnameShort from Var_Parse + fix type of ParseModifierPart parameter delim + extract IsEscapedModifierPart from ParseModifierPart + clean up ModifyWords + add test for combining the :@ and :? variable modifiers + +2020-10-30 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20201030 + Merge with NetBSD make, pick up + o change char * to void * in Var_Value + o make iterating over HashTable simpler + o rename VAR_CMD to VAR_CMDLINE + o cond.c: clean up is_separator + fix parse error in string literal in conditional + o main.c: do not use objdir that is not writable + in lint mode, exit with error status on errors + o parse.c: clean up StrContainsWord + fix out-of-bounds pointer in ParseTrackInput + o var.c: rename Str_SYSVMatch and its parameters + remove unsatisfiable conditions in Var_Set_with_flags + document where the variable name is expanded + fix documentation for VARP_SUB_ONE + rename VAR_EXPORTED_YES to VAR_EXPORTED_SOME + document VAR_READONLY + prevent appending to read-only variables + extract MayExport from Var_Export1 + remove redundant evaluations in VarFind + replace VarFindFlags with a simple Boolean + rename FIND_CMD to FIND_CMDLINE, to match VAR_CMDLINE + +2020-10-28 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20201028 + Merge with NetBSD make, pick up + o rename defIncPath to defSysIncPath + o initialize all CmdOpts fields + o lst.c: inline Vector_Get + o main.c: refactor main extract + InitMaxJobs,InitObjdir,InitVarMake,InitRandom, + ReadMakefiles,CleanUp,InitVpath,ReadBuiltinRules, + InitDefIncPath,CmdOpts_Init,UnlimitFiles + o parse.c: merge curFile into includes + rename predecessor to order_pred + sort ParseSpecial alphabetically + remove unused, undocumented .NOEXPORT + rename ParseSpecial enum values consistently + rename some fields of struct IFile + +2020-10-26 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20201026 + Merge with NetBSD make, pick up + o group the command line options and arguments into a struct + o rename GNode.cmgn to youngestChild + o rename hash functions to identify the type name + o negate OP_NOP and rename it to GNode_IsTarget + o add GNode_Path to access the path of a GNode + o remove macros MIN and MAX + o remove unused Lst_Find and Lst_FindFrom + o arch.c: and make Arch_FindLib simpler + clean up code layout + make Arch_ParseArchive simpler + o cond.c: inline CondFindStrMatch into FuncMake + o dir.c: replace Dir_CopyDir
svn commit: r365366 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake usr.bin/bmake/unit-tests
Author: sjg Date: Sat Sep 5 19:29:42 2020 New Revision: 365366 URL: https://svnweb.freebsd.org/changeset/base/365366 Log: Update to bmake-20200902 Lots of code refactoring, simplification and cleanup. Lots of new unit-tests providing much higher code coverage. All courtesy of rillig at netbsd. Other significant changes: o new read-only variable .SHELL which provides the path of the shell used to run scripts (as defined by the .SHELL target). o variable parsing detects more errors. o new debug option -dl: LINT mode, does the equivalent of := for all variable assignments so that file and line number are reported for variable parse errors. Added: head/contrib/bmake/enum.c - copied unchanged from r365363, vendor/NetBSD/bmake/dist/enum.c head/contrib/bmake/enum.h - copied unchanged from r365363, vendor/NetBSD/bmake/dist/enum.h head/contrib/bmake/lst.c - copied unchanged from r365363, vendor/NetBSD/bmake/dist/lst.c head/contrib/bmake/mk/dirdeps-cache-update.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/mk/dirdeps-cache-update.mk head/contrib/bmake/unit-tests/archive-suffix.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/archive-suffix.exp head/contrib/bmake/unit-tests/archive-suffix.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/archive-suffix.mk head/contrib/bmake/unit-tests/archive.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/archive.exp head/contrib/bmake/unit-tests/archive.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/archive.mk head/contrib/bmake/unit-tests/cmd-interrupt.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cmd-interrupt.exp head/contrib/bmake/unit-tests/cmd-interrupt.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cmd-interrupt.mk head/contrib/bmake/unit-tests/cmdline.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cmdline.exp head/contrib/bmake/unit-tests/cmdline.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cmdline.mk head/contrib/bmake/unit-tests/cond-cmp-numeric-eq.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-eq.exp head/contrib/bmake/unit-tests/cond-cmp-numeric-eq.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-eq.mk head/contrib/bmake/unit-tests/cond-cmp-numeric-ge.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-ge.exp head/contrib/bmake/unit-tests/cond-cmp-numeric-ge.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-ge.mk head/contrib/bmake/unit-tests/cond-cmp-numeric-gt.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-gt.exp head/contrib/bmake/unit-tests/cond-cmp-numeric-gt.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-gt.mk head/contrib/bmake/unit-tests/cond-cmp-numeric-le.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-le.exp head/contrib/bmake/unit-tests/cond-cmp-numeric-le.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-le.mk head/contrib/bmake/unit-tests/cond-cmp-numeric-lt.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-lt.exp head/contrib/bmake/unit-tests/cond-cmp-numeric-lt.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-lt.mk head/contrib/bmake/unit-tests/cond-cmp-numeric-ne.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-ne.exp head/contrib/bmake/unit-tests/cond-cmp-numeric-ne.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric-ne.mk head/contrib/bmake/unit-tests/cond-cmp-numeric.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric.exp head/contrib/bmake/unit-tests/cond-cmp-numeric.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-numeric.mk head/contrib/bmake/unit-tests/cond-cmp-string.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-string.exp head/contrib/bmake/unit-tests/cond-cmp-string.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-cmp-string.mk head/contrib/bmake/unit-tests/cond-func-commands.exp - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-func-commands.exp head/contrib/bmake/unit-tests/cond-func-commands.mk - copied unchanged from r365363, vendor/NetBSD/bmake/dist/unit-tests/cond-func-commands.mk
svn commit: r364965 - in head/stand: common libsa
Author: sjg Date: Sat Aug 29 21:05:43 2020 New Revision: 364965 URL: https://svnweb.freebsd.org/changeset/base/364965 Log: zalloc_malloc:Free hexdump preceeding buffer when we detect overflow Move hexdump from stand/common/misc.c to stand/libsa/hexdump.c (svn cp) Disable use of pager - causes linking issue for boot1 can be re-enabled by defining HEXDUMP_PAGER. Reviewed by: stevek, imp MFC after:1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D26235 Added: head/stand/libsa/hexdump.c (contents, props changed) - copied, changed from r364346, head/stand/common/misc.c Modified: head/stand/common/bootstrap.h head/stand/common/misc.c head/stand/libsa/Makefile head/stand/libsa/pkgfs.c head/stand/libsa/stand.h head/stand/libsa/zalloc_malloc.c Modified: head/stand/common/bootstrap.h == --- head/stand/common/bootstrap.h Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/common/bootstrap.h Sat Aug 29 21:05:43 2020 (r364965) @@ -68,7 +68,6 @@ int getrootmount(char *rootdev); /* misc.c */ char *unargv(int argc, char *argv[]); -void hexdump(caddr_t region, size_t len); size_t strlenout(vm_offset_t str); char *strdupout(vm_offset_t str); void kern_bzero(vm_offset_t dest, size_t len); Modified: head/stand/common/misc.c == --- head/stand/common/misc.cSat Aug 29 19:26:31 2020(r364964) +++ head/stand/common/misc.cSat Aug 29 21:05:43 2020(r364965) @@ -169,46 +169,6 @@ alloc_pread(readin_handle_t fd, off_t off, size_t len) return (buf); } -/* - * Display a region in traditional hexdump format. - */ -void -hexdump(caddr_t region, size_t len) -{ -caddr_tline; -intx, c; -char lbuf[80]; -#define emit(fmt, args...) {sprintf(lbuf, fmt , ## args); pager_output(lbuf);} - -pager_open(); -for (line = region; line < (region + len); line += 16) { - emit("%08lx ", (long) line); - - for (x = 0; x < 16; x++) { - if ((line + x) < (region + len)) { - emit("%02x ", *(uint8_t *)(line + x)); - } else { - emit("-- "); - } - if (x == 7) - emit(" "); - } - emit(" |"); - for (x = 0; x < 16; x++) { - if ((line + x) < (region + len)) { - c = *(uint8_t *)(line + x); - if ((c < ' ') || (c > '~')) /* !isprint(c) */ - c = '.'; - emit("%c", c); - } else { - emit(" "); - } - } - emit("|\n"); -} -pager_close(); -} - void dev_cleanup(void) { Modified: head/stand/libsa/Makefile == --- head/stand/libsa/Makefile Sat Aug 29 19:26:31 2020(r364964) +++ head/stand/libsa/Makefile Sat Aug 29 21:05:43 2020(r364965) @@ -13,8 +13,9 @@ LIBSA_CPUARCH?=${MACHINE_CPUARCH} LIB?= sa # standalone components and stuff we have modified locally -SRCS+= gzguts.h zutil.h __main.c abort.c assert.c bcd.c environment.c getopt.c gets.c \ - globals.c pager.c panic.c printf.c strdup.c strerror.c \ +SRCS+= gzguts.h zutil.h __main.c abort.c assert.c bcd.c environment.c \ + getopt.c gets.c globals.c \ + hexdump.c pager.c panic.c printf.c strdup.c strerror.c \ random.c sbrk.c twiddle.c zalloc.c zalloc_malloc.c # private (pruned) versions of libc string functions Copied and modified: head/stand/libsa/hexdump.c (from r364346, head/stand/common/misc.c) == --- head/stand/common/misc.cTue Aug 18 14:17:14 2020(r364346, copy source) +++ head/stand/libsa/hexdump.c Sat Aug 29 21:05:43 2020(r364965) @@ -29,147 +29,8 @@ __FBSDID("$FreeBSD$"); #include #include -#include /* - * Concatenate the (argc) elements of (argv) into a single string, and return - * a copy of same. - */ -char * -unargv(int argc, char *argv[]) -{ -size_t hlong; -inti; -char *cp; - -for (i = 0, hlong = 0; i < argc; i++) - hlong += strlen(argv[i]) + 2; - -if(hlong == 0) - return(NULL); - -cp = malloc(hlong); -cp[0] = 0; -for (i = 0; i < argc; i++) { - strcat(cp, argv[i]); - if (i < (argc - 1)) - strcat(cp, " "); -} - -return(cp); -} - -/* - * Get the length of a string in kernel space - */ -size_t -strlenout(vm_offset_t src) -{ -char c; -size_t len; - -for (len = 0; ; len++) { - archsw.arch_copyout(src++, , 1); - if (c == 0) - break; -} -return(len); -} - -/* - * Make a duplicate copy of a string in kernel space -
svn commit: r364443 - head/lib/libsecureboot
Author: sjg Date: Fri Aug 21 00:27:06 2020 New Revision: 364443 URL: https://svnweb.freebsd.org/changeset/base/364443 Log: veloader: insist on verifying .4th .lua etc When files are read from .rc or .4th, verify_file is asked to guess the severity (VE_TRY,VE_WANT,VE_MUST) Reviewed by: stevek MFC after:1 week Sponsored by: Juniper Networks Modified: head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cFri Aug 21 00:03:24 2020 (r364442) +++ head/lib/libsecureboot/verify_file.cFri Aug 21 00:27:06 2020 (r364443) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2017-2018, Juniper Networks, Inc. + * Copyright (c) 2017-2020, Juniper Networks, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -255,6 +255,10 @@ severity_guess(const char *filename) strcmp(cp, ".cookie") == 0 || strcmp(cp, ".hints") == 0) return (VE_TRY); + if (strcmp(cp, ".4th") == 0 || + strcmp(cp, ".lua") == 0 || + strcmp(cp, ".rc") == 0) + return (VE_MUST); } return (VE_WANT); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r363351 - in head: lib/libbearssl lib/libc lib/libsecureboot libexec/dma/dmagent libexec/rc/rc.d sbin/veriexec stand/efi/loader stand/i386/loader
Author: sjg Date: Sun Jul 19 23:56:19 2020 New Revision: 363351 URL: https://svnweb.freebsd.org/changeset/base/363351 Log: Revert that! Modified: head/lib/libbearssl/Makefile.depend head/lib/libc/Makefile head/lib/libsecureboot/local.trust.mk head/libexec/dma/dmagent/Makefile.depend head/libexec/rc/rc.d/tmp head/sbin/veriexec/Makefile.depend head/stand/efi/loader/Makefile head/stand/i386/loader/Makefile Modified: head/lib/libbearssl/Makefile.depend == --- head/lib/libbearssl/Makefile.depend Sun Jul 19 23:54:00 2020 (r363350) +++ head/lib/libbearssl/Makefile.depend Sun Jul 19 23:56:19 2020 (r363351) @@ -2,6 +2,7 @@ # Autogenerated - do NOT edit! DIRDEPS = \ + gnu/lib/csu \ include \ include/xlocale \ lib/${CSU_DIR} \ Modified: head/lib/libc/Makefile == --- head/lib/libc/Makefile Sun Jul 19 23:54:00 2020(r363350) +++ head/lib/libc/Makefile Sun Jul 19 23:56:19 2020(r363351) @@ -186,7 +186,7 @@ SUBDIR.${MK_TESTS}+= tests .if (${LIBC_ARCH} == amd64 || ${LIBC_ARCH} == i386) && \ ${.TARGETS:Mall} == all && \ defined(LINKER_FEATURES) && ${LINKER_FEATURES:Mifunc} == "" -#.error ${LIBC_ARCH} libc requires linker ifunc support +.error ${LIBC_ARCH} libc requires linker ifunc support .endif .if !defined(_SKIP_BUILD) Modified: head/lib/libsecureboot/local.trust.mk == --- head/lib/libsecureboot/local.trust.mk Sun Jul 19 23:54:00 2020 (r363350) +++ head/lib/libsecureboot/local.trust.mk Sun Jul 19 23:56:19 2020 (r363351) @@ -8,9 +8,6 @@ # force these for Junos #MANIFEST_SKIP_ALWAYS= boot -MANIFEST_SKIP= boot -XCFLAGS.veopen+= -DMANIFEST_SKIP_MAYBE=\"${MANIFEST_SKIP}\" - VE_HASH_LIST= \ SHA1 \ SHA256 \ @@ -40,7 +37,6 @@ VE_SIGNATURE_EXT_LIST+= \ VE_SIGNATURE_LIST+= OPENPGP VE_SIGNATURE_EXT_LIST+= asc -PYTHON ?= /usr/local/bin/python SIGNER ?= ${SB_TOOLS_PATH:U/volume/buildtools/bin}/sign.py .if exists(${SIGNER}) @@ -103,7 +99,7 @@ ta.h: vc_rsa.pem .endif # we take the mtime of this as our baseline time -BUILD_UTC_FILE= ecerts.pem +#BUILD_UTC_FILE= ecerts.pem #VE_DEBUG_LEVEL=3 #VE_VERBOSE_DEFAULT=1 Modified: head/libexec/dma/dmagent/Makefile.depend == --- head/libexec/dma/dmagent/Makefile.dependSun Jul 19 23:54:00 2020 (r363350) +++ head/libexec/dma/dmagent/Makefile.dependSun Jul 19 23:56:19 2020 (r363351) @@ -2,6 +2,7 @@ # Autogenerated - do NOT edit! DIRDEPS = \ + gnu/lib/csu \ include \ include/arpa \ include/xlocale \ @@ -10,6 +11,7 @@ DIRDEPS = \ lib/libcompiler_rt \ secure/lib/libcrypto \ secure/lib/libssl \ + usr.bin/yacc.host \ .include Modified: head/libexec/rc/rc.d/tmp == --- head/libexec/rc/rc.d/tmpSun Jul 19 23:54:00 2020(r363350) +++ head/libexec/rc/rc.d/tmpSun Jul 19 23:56:19 2020(r363351) @@ -41,9 +41,6 @@ load_rc_config $name mount_tmpmfs() { if ! /bin/df /tmp | grep -q "^/dev/md[0-9].* /tmp"; then - if test -w /tmp/. && checkyesno tmpmfs_clear_mnt; then - (cd /tmp/. && rm -rf .* *) - fi mount_md ${tmpsize} /tmp "${tmpmfs_flags}" chmod 01777 /tmp fi Modified: head/sbin/veriexec/Makefile.depend == --- head/sbin/veriexec/Makefile.depend Sun Jul 19 23:54:00 2020 (r363350) +++ head/sbin/veriexec/Makefile.depend Sun Jul 19 23:56:19 2020 (r363351) @@ -2,6 +2,7 @@ # Autogenerated - do NOT edit! DIRDEPS = \ + gnu/lib/csu \ include \ include/xlocale \ lib/${CSU_DIR} \ @@ -10,7 +11,6 @@ DIRDEPS = \ lib/libcompiler_rt \ lib/libsecureboot \ lib/libveriexec \ - usr.bin/yacc.host \ .include Modified: head/stand/efi/loader/Makefile == --- head/stand/efi/loader/Makefile Sun Jul 19 23:54:00 2020 (r363350) +++ head/stand/efi/loader/Makefile Sun Jul 19 23:56:19 2020 (r363351) @@ -102,8 +102,3 @@ DPADD= ${LDR_INTERP} ${LIBEFI} ${LIBFDT} ${LIBEFI_FDT LDADD= ${LDR_INTERP} ${LIBEFI} ${LIBFDT} ${LIBEFI_FDT} ${LIBSA} .include - -PATH_BOOTABLE_TOKEN=/boot/boot.4th -CFLAGS+= ${XCFLAGS.${.TARGET:T:R}:U} -XCFLAGS.main+= -DPATH_BOOTABLE_TOKEN=\"${PATH_BOOTABLE_TOKEN}\" - Modified: head/stand/i386/loader/Makefile
svn commit: r363350 - in head: lib/libbearssl lib/libc lib/libsecureboot libexec/dma/dmagent libexec/rc/rc.d sbin/veriexec stand/efi/loader stand/i386/loader usr.bin/bmake/unit-tests
Author: sjg Date: Sun Jul 19 23:54:00 2020 New Revision: 363350 URL: https://svnweb.freebsd.org/changeset/base/363350 Log: Oops missed Makefile.config Added: head/usr.bin/bmake/unit-tests/Makefile.config (contents, props changed) Modified: head/lib/libbearssl/Makefile.depend head/lib/libc/Makefile head/lib/libsecureboot/local.trust.mk head/libexec/dma/dmagent/Makefile.depend head/libexec/rc/rc.d/tmp head/sbin/veriexec/Makefile.depend head/stand/efi/loader/Makefile head/stand/i386/loader/Makefile Modified: head/lib/libbearssl/Makefile.depend == --- head/lib/libbearssl/Makefile.depend Sun Jul 19 23:45:49 2020 (r363349) +++ head/lib/libbearssl/Makefile.depend Sun Jul 19 23:54:00 2020 (r363350) @@ -2,7 +2,6 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - gnu/lib/csu \ include \ include/xlocale \ lib/${CSU_DIR} \ Modified: head/lib/libc/Makefile == --- head/lib/libc/Makefile Sun Jul 19 23:45:49 2020(r363349) +++ head/lib/libc/Makefile Sun Jul 19 23:54:00 2020(r363350) @@ -186,7 +186,7 @@ SUBDIR.${MK_TESTS}+= tests .if (${LIBC_ARCH} == amd64 || ${LIBC_ARCH} == i386) && \ ${.TARGETS:Mall} == all && \ defined(LINKER_FEATURES) && ${LINKER_FEATURES:Mifunc} == "" -.error ${LIBC_ARCH} libc requires linker ifunc support +#.error ${LIBC_ARCH} libc requires linker ifunc support .endif .if !defined(_SKIP_BUILD) Modified: head/lib/libsecureboot/local.trust.mk == --- head/lib/libsecureboot/local.trust.mk Sun Jul 19 23:45:49 2020 (r363349) +++ head/lib/libsecureboot/local.trust.mk Sun Jul 19 23:54:00 2020 (r363350) @@ -8,6 +8,9 @@ # force these for Junos #MANIFEST_SKIP_ALWAYS= boot +MANIFEST_SKIP= boot +XCFLAGS.veopen+= -DMANIFEST_SKIP_MAYBE=\"${MANIFEST_SKIP}\" + VE_HASH_LIST= \ SHA1 \ SHA256 \ @@ -37,6 +40,7 @@ VE_SIGNATURE_EXT_LIST+= \ VE_SIGNATURE_LIST+= OPENPGP VE_SIGNATURE_EXT_LIST+= asc +PYTHON ?= /usr/local/bin/python SIGNER ?= ${SB_TOOLS_PATH:U/volume/buildtools/bin}/sign.py .if exists(${SIGNER}) @@ -99,7 +103,7 @@ ta.h: vc_rsa.pem .endif # we take the mtime of this as our baseline time -#BUILD_UTC_FILE= ecerts.pem +BUILD_UTC_FILE= ecerts.pem #VE_DEBUG_LEVEL=3 #VE_VERBOSE_DEFAULT=1 Modified: head/libexec/dma/dmagent/Makefile.depend == --- head/libexec/dma/dmagent/Makefile.dependSun Jul 19 23:45:49 2020 (r363349) +++ head/libexec/dma/dmagent/Makefile.dependSun Jul 19 23:54:00 2020 (r363350) @@ -2,7 +2,6 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - gnu/lib/csu \ include \ include/arpa \ include/xlocale \ @@ -11,7 +10,6 @@ DIRDEPS = \ lib/libcompiler_rt \ secure/lib/libcrypto \ secure/lib/libssl \ - usr.bin/yacc.host \ .include Modified: head/libexec/rc/rc.d/tmp == --- head/libexec/rc/rc.d/tmpSun Jul 19 23:45:49 2020(r363349) +++ head/libexec/rc/rc.d/tmpSun Jul 19 23:54:00 2020(r363350) @@ -41,6 +41,9 @@ load_rc_config $name mount_tmpmfs() { if ! /bin/df /tmp | grep -q "^/dev/md[0-9].* /tmp"; then + if test -w /tmp/. && checkyesno tmpmfs_clear_mnt; then + (cd /tmp/. && rm -rf .* *) + fi mount_md ${tmpsize} /tmp "${tmpmfs_flags}" chmod 01777 /tmp fi Modified: head/sbin/veriexec/Makefile.depend == --- head/sbin/veriexec/Makefile.depend Sun Jul 19 23:45:49 2020 (r363349) +++ head/sbin/veriexec/Makefile.depend Sun Jul 19 23:54:00 2020 (r363350) @@ -2,7 +2,6 @@ # Autogenerated - do NOT edit! DIRDEPS = \ - gnu/lib/csu \ include \ include/xlocale \ lib/${CSU_DIR} \ @@ -11,6 +10,7 @@ DIRDEPS = \ lib/libcompiler_rt \ lib/libsecureboot \ lib/libveriexec \ + usr.bin/yacc.host \ .include Modified: head/stand/efi/loader/Makefile == --- head/stand/efi/loader/Makefile Sun Jul 19 23:45:49 2020 (r363349) +++ head/stand/efi/loader/Makefile Sun Jul 19 23:54:00 2020 (r363350) @@ -102,3 +102,8 @@ DPADD= ${LDR_INTERP} ${LIBEFI} ${LIBFDT} ${LIBEFI_FDT LDADD= ${LDR_INTERP} ${LIBEFI} ${LIBFDT} ${LIBEFI_FDT} ${LIBSA} .include + +PATH_BOOTABLE_TOKEN=/boot/boot.4th +CFLAGS+= ${XCFLAGS.${.TARGET:T:R}:U} +XCFLAGS.main+= -DPATH_BOOTABLE_TOKEN=\"${PATH_BOOTABLE_TOKEN}\" + Modified:
svn commit: r363117 - in head: contrib/bmake contrib/bmake/filemon contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake usr.bin/bmake/unit-tests
Author: sjg Date: Sun Jul 12 01:11:48 2020 New Revision: 363117 URL: https://svnweb.freebsd.org/changeset/base/363117 Log: Update to bmake-20200710 Key changes include reduced noise at end of failed build log and avoid evaluation of unnecessary terms in conditionals. In META MODE; a target flagged .META is out-of-date if meta file is missing MFC after: 1 week Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/FILES head/contrib/bmake/VERSION head/contrib/bmake/arch.c head/contrib/bmake/buf.c head/contrib/bmake/compat.c head/contrib/bmake/cond.c head/contrib/bmake/configure head/contrib/bmake/configure.in head/contrib/bmake/dir.c head/contrib/bmake/filemon/filemon_dev.c head/contrib/bmake/for.c head/contrib/bmake/hash.c head/contrib/bmake/hash.h head/contrib/bmake/job.c head/contrib/bmake/job.h head/contrib/bmake/lst.lib/lstAppend.c head/contrib/bmake/lst.lib/lstAtEnd.c head/contrib/bmake/lst.lib/lstAtFront.c head/contrib/bmake/lst.lib/lstClose.c head/contrib/bmake/lst.lib/lstConcat.c head/contrib/bmake/lst.lib/lstDatum.c head/contrib/bmake/lst.lib/lstDeQueue.c head/contrib/bmake/lst.lib/lstDupl.c head/contrib/bmake/lst.lib/lstEnQueue.c head/contrib/bmake/lst.lib/lstFind.c head/contrib/bmake/lst.lib/lstFindFrom.c head/contrib/bmake/lst.lib/lstFirst.c head/contrib/bmake/lst.lib/lstForEach.c head/contrib/bmake/lst.lib/lstForEachFrom.c head/contrib/bmake/lst.lib/lstInit.c head/contrib/bmake/lst.lib/lstInsert.c head/contrib/bmake/lst.lib/lstIsAtEnd.c head/contrib/bmake/lst.lib/lstIsEmpty.c head/contrib/bmake/lst.lib/lstLast.c head/contrib/bmake/lst.lib/lstNext.c head/contrib/bmake/lst.lib/lstOpen.c head/contrib/bmake/lst.lib/lstPrev.c head/contrib/bmake/lst.lib/lstRemove.c head/contrib/bmake/lst.lib/lstReplace.c head/contrib/bmake/lst.lib/lstSucc.c head/contrib/bmake/main.c head/contrib/bmake/make.c head/contrib/bmake/make.h head/contrib/bmake/make_malloc.c head/contrib/bmake/meta.c head/contrib/bmake/meta.h head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/FILES head/contrib/bmake/mk/dirdeps.mk head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/host-target.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/mkopt.sh head/contrib/bmake/mk/sys/AIX.mk head/contrib/bmake/mk/sys/Darwin.mk head/contrib/bmake/mk/sys/Generic.mk head/contrib/bmake/mk/sys/HP-UX.mk head/contrib/bmake/mk/sys/IRIX.mk head/contrib/bmake/mk/sys/Linux.mk head/contrib/bmake/mk/sys/NetBSD.mk head/contrib/bmake/mk/sys/OSF1.mk head/contrib/bmake/mk/sys/OpenBSD.mk head/contrib/bmake/mk/sys/SunOS.mk head/contrib/bmake/mk/sys/UnixWare.mk head/contrib/bmake/nonints.h head/contrib/bmake/parse.c head/contrib/bmake/str.c head/contrib/bmake/suff.c head/contrib/bmake/targ.c head/contrib/bmake/trace.c head/contrib/bmake/unit-tests/Makefile head/contrib/bmake/unit-tests/cond-short.exp head/contrib/bmake/unit-tests/cond-short.mk head/contrib/bmake/unit-tests/modmatch.mk head/contrib/bmake/unit-tests/modmisc.exp head/contrib/bmake/unit-tests/modmisc.mk head/contrib/bmake/unit-tests/modorder.exp head/contrib/bmake/unit-tests/modorder.mk head/contrib/bmake/unit-tests/sysv.exp head/contrib/bmake/unit-tests/sysv.mk head/contrib/bmake/unit-tests/varmisc.exp head/contrib/bmake/unit-tests/varmisc.mk head/contrib/bmake/util.c head/contrib/bmake/var.c head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/config.h head/usr.bin/bmake/unit-tests/Makefile Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogSat Jul 11 22:45:36 2020 (r363116) +++ head/contrib/bmake/ChangeLogSun Jul 12 01:11:48 2020 (r363117) @@ -1,3 +1,98 @@ +2020-07-10 Simon J Gerraty + + * configure.in: use AC_INCLUDES_DEFAULT rather than AC_HEADER_STDC + + * VERSION (_MAKE_VERSION): 20200710 + Merge with NetBSD make, pick up + o filemon/filemon_dev.c: use O_CLOEXEC rather than extra syscall + o meta.c: target flagged .META is out-of-date if meta file missing + +2020-07-09 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200709 + Merge with NetBSD make, pick up + o cond.c: fix for compare_expression when doEval=0 + o unit-tests/Makefile: rework + o filemon/filemon_dev.c: ensure filemon fd is closed on exec. + +2020-07-04 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200704 + Merge with NetBSD make, pick up + (most of this by rillig@) + o lots of style and white-space cleanup + o lots more unit tests for variable modifiers + o simplified description of some functions + o str.c: refactor Str_Match + o var.c: debugging output for :@ + constify VarModify parameter
Re: svn commit: r363031 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake (make now broken)
Mark Millard wrote: > > though the one in ports is real issue: > > > > $ make config > > make: "/usr/ports/Mk/bsd.port.mk" line 2096: warning: String comparison > > operator should be either == or != > > make: "/usr/ports/Mk/bsd.port.mk" line 2096: Malformed conditional > > (defined(MAKE_JOBS_NUMBER_LIMIT) && ( ${MAKE_JOBS_NUMBER_LIMIT} < > > ${_MAKE_JOBS_NUMBER} )) The above should be equivalent to V42 = 42 .if defined(V69) && ( ${V69} < ${V42} ) .endif which in a unit-test works just fine. Same goes for the warnings in bsd.compiler.mk ;-( ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r363031 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake
Cy Schubert wrote: > [External Email. Be cautious of content] > > > In message <45359.1594266...@kaos.jnpr.net>, "Simon J. Gerraty" writes: > > Cy Schubert wrote: > > > This broke ports. > > > > I've reverted the change. > > > > Let me know if you still see issue. > > As I said in my email, all I did was revert cond.c, and that fixed it. You > don't need to revert the whole patch. Just revert cond.c and let NetBSD > know. Ah I missed that bit - rats. I think I've a fix for cond.c, but unfortunately I'm so far unable to construct a unit-test that triggers the problem. Even with bsd.compiler.mk I was unable to get it to fail in debugger, so added an abort and looked at the core file. The problem is in something like: .if 1 || ${something-complicated} > 0 the ${something-complicated} isn't resolved because we do not need to evaluate anything after '1', but the comparator check is still applied. Fix should be simple, but in unit-tests the above does not trigger the problem ;-) ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r363031 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake (make now broken)
Mark Millard wrote: > [External Email. Be cautious of content] > > > This seems to have broken doing buildworld buildkernel and > other things using make: Ouch sorry I saw this at one point but couldn't reproduce while trying to work out what it was complaining about. The line numbers did/do not appear correct. Will revert if I cannot work it out. > > make[2]: "/usr/src/share/mk/bsd.compiler.mk" line 197: warning: String > comparison operator should be either == or != > make[2]: "/usr/src/share/mk/bsd.compiler.mk" line 197: warning: String > comparison operator should be either == or != > . . . > make[3]: "/usr/src/share/mk/bsd.sys.mk" line 100: warning: String comparison > operator should be either == or != > . . . > make[3]: "/usr/src/share/mk/bsd.sys.mk" line 81: warning: String comparison > operator should be either == or != > . . . > > Using -d c shows the likes of: > > . . . > lhs = "clang", rhs = "clang", op = == > lhs = "${${:UCOMPILER_TYPE}__${${:U${_empty_var_}}_cc_hash}}", rhs = "gcc", > op = == > make[2]: "/usr/src/share/mk/bsd.compiler.mk" line 197: warning: String > comparison operator should be either == or != > lhs = "clang", rhs = "clang", op = == > lhs = "LD", rhs = "LD", op = == > . . . > left = 6.00, right = 2.00, op = <= > left = 6.00, right = 1.00, op = <= > lhs = "${${:UCOMPILER_TYPE}__${${:U${_empty_var_}}_cc_hash}}", rhs = "clang", > op = == > make[3]: "/usr/src/share/mk/bsd.sys.mk" line 100: warning: String comparison > operator should be either == or != > lhs = "${${:UCOMPILER_TYPE}__${${:U${_empty_var_}}_cc_hash}}", rhs = "gcc", > op = == > lhs = "clang", rhs = "gcc", op = == > . . . > left = 0.00, right = 6.00, op = <= > left = 0.00, right = 3.00, op = <= > lhs = "clang", rhs = "gcc", op = == > make[3]: "/usr/src/share/mk/bsd.sys.mk" line 81: warning: String comparison > operator should be either == or != > lhs = "clang", rhs = "clang", op = == > left = 11.00, right = 7.00, op = >= > lhs = "amd64", rhs = "arm", op = == > > (Now I just need to figure out how to get back to a working context.) > > === > Mark Millard > marklmi at yahoo.com > ( dsl-only.net went > away in early 2018-Mar) ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r363031 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake
Cy Schubert wrote: > This broke ports. I've reverted the change. Let me know if you still see issue. > > cwsys# make checksum > make: "/usr/ports/Mk/Uses/python.mk" line 367: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/Uses/python.mk" line 367: Malformed conditional > (!defined(_PYTHON_VERSION) && !(!empty(_PYTHON_VERSION_MINIMUM) && ( > ${__VER} < ${_PYTHON_VERSION_MINIMUM})) && !(!empty(_PYTHON_VERSION_MAXIMUM > ) && ( ${__VER} > ${_PYTHON_VERSION_MAXIMUM}))) > make: "/usr/ports/Mk/Uses/python.mk" line 367: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/Uses/python.mk" line 367: Malformed conditional > (!defined(_PYTHON_VERSION) && !(!empty(_PYTHON_VERSION_MINIMUM) && ( > ${__VER} < ${_PYTHON_VERSION_MINIMUM})) && !(!empty(_PYTHON_VERSION_MAXIMUM > ) && ( ${__VER} > ${_PYTHON_VERSION_MAXIMUM}))) > make: "/usr/ports/Mk/Uses/python.mk" line 367: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/Uses/python.mk" line 367: Malformed conditional > (!defined(_PYTHON_VERSION) && !(!empty(_PYTHON_VERSION_MINIMUM) && ( > ${__VER} < ${_PYTHON_VERSION_MINIMUM})) && !(!empty(_PYTHON_VERSION_MAXIMUM > ) && ( ${__VER} > ${_PYTHON_VERSION_MAXIMUM}))) > make: "/usr/ports/Mk/Uses/python.mk" line 367: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/Uses/python.mk" line 367: Malformed conditional > (!defined(_PYTHON_VERSION) && !(!empty(_PYTHON_VERSION_MINIMUM) && ( > ${__VER} < ${_PYTHON_VERSION_MINIMUM})) && !(!empty(_PYTHON_VERSION_MAXIMUM > ) && ( ${__VER} > ${_PYTHON_VERSION_MAXIMUM}))) > make: "/usr/ports/Mk/Uses/python.mk" line 367: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/Uses/python.mk" line 367: Malformed conditional > (!defined(_PYTHON_VERSION) && !(!empty(_PYTHON_VERSION_MINIMUM) && ( > ${__VER} < ${_PYTHON_VERSION_MINIMUM})) && !(!empty(_PYTHON_VERSION_MAXIMUM > ) && ( ${__VER} > ${_PYTHON_VERSION_MAXIMUM}))) > make: "/usr/ports/Mk/Uses/python.mk" line 367: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/Uses/python.mk" line 367: Malformed conditional > (!defined(_PYTHON_VERSION) && !(!empty(_PYTHON_VERSION_MINIMUM) && ( > ${__VER} < ${_PYTHON_VERSION_MINIMUM})) && !(!empty(_PYTHON_VERSION_MAXIMUM > ) && ( ${__VER} > ${_PYTHON_VERSION_MAXIMUM}))) > make: "/usr/ports/Mk/bsd.port.mk" line 2096: warning: String comparison > operator should be either == or != > make: "/usr/ports/Mk/bsd.port.mk" line 2096: Malformed conditional > (defined(MAKE_JOBS_NUMBER_LIMIT) && ( ${MAKE_JOBS_NUMBER_LIMIT} < > ${_MAKE_JOBS_NUMBER} )) > make: Fatal errors encountered -- cannot continue > make: stopped in /usr/ports/www/firefox > cwsys# > > The same errors occur during buildworld. > > Simply reverting just contrib/bmake/cond.c resolves this issue. The cause of > this issue is NetBSD cond.c r1.76, therefore it is safe to revert just the > one file without reverting the complete upgrade. > > https://urldefense.com/v3/__http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/make/cond.c?rev=1.76=text*x-cvsweb-markup_with_tag=MAIN__;Lw!!NEt6yMaO-gk!VltPNuPO6XKkx3hxHjCA98ZeFCqyVtHYuLQi8D1AE6HcNIFdwIRm80hIxRvmDA$ > > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: > https://urldefense.com/v3/__https://FreeBSD.org__;!!NEt6yMaO-gk!VltPNuPO6XKkx3hxHjCA98ZeFCqyVtHYuLQi8D1AE6HcNIFdwIRm80gLfK9-dg$ > NTP: Web: > https://urldefense.com/v3/__https://nwtime.org__;!!NEt6yMaO-gk!VltPNuPO6XKkx3hxHjCA98ZeFCqyVtHYuLQi8D1AE6HcNIFdwIRm80gVslaffA$ > > The need of the many outweighs the greed of the few. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r363035 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake
Author: sjg Date: Thu Jul 9 03:46:07 2020 New Revision: 363035 URL: https://svnweb.freebsd.org/changeset/base/363035 Log: Revert r363031 Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/FILES head/contrib/bmake/LICENSE head/contrib/bmake/VERSION head/contrib/bmake/arch.c head/contrib/bmake/buf.c head/contrib/bmake/compat.c head/contrib/bmake/cond.c head/contrib/bmake/dir.c head/contrib/bmake/for.c head/contrib/bmake/hash.c head/contrib/bmake/hash.h head/contrib/bmake/job.c head/contrib/bmake/job.h head/contrib/bmake/lst.lib/lstAppend.c head/contrib/bmake/lst.lib/lstAtEnd.c head/contrib/bmake/lst.lib/lstAtFront.c head/contrib/bmake/lst.lib/lstClose.c head/contrib/bmake/lst.lib/lstConcat.c head/contrib/bmake/lst.lib/lstDatum.c head/contrib/bmake/lst.lib/lstDeQueue.c head/contrib/bmake/lst.lib/lstDupl.c head/contrib/bmake/lst.lib/lstEnQueue.c head/contrib/bmake/lst.lib/lstFind.c head/contrib/bmake/lst.lib/lstFindFrom.c head/contrib/bmake/lst.lib/lstFirst.c head/contrib/bmake/lst.lib/lstForEach.c head/contrib/bmake/lst.lib/lstForEachFrom.c head/contrib/bmake/lst.lib/lstInit.c head/contrib/bmake/lst.lib/lstInsert.c head/contrib/bmake/lst.lib/lstIsAtEnd.c head/contrib/bmake/lst.lib/lstIsEmpty.c head/contrib/bmake/lst.lib/lstLast.c head/contrib/bmake/lst.lib/lstNext.c head/contrib/bmake/lst.lib/lstOpen.c head/contrib/bmake/lst.lib/lstPrev.c head/contrib/bmake/lst.lib/lstRemove.c head/contrib/bmake/lst.lib/lstReplace.c head/contrib/bmake/lst.lib/lstSucc.c head/contrib/bmake/main.c head/contrib/bmake/make.c head/contrib/bmake/make.h head/contrib/bmake/make_malloc.c head/contrib/bmake/meta.c head/contrib/bmake/meta.h head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/FILES head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/mkopt.sh head/contrib/bmake/mk/sys/AIX.mk head/contrib/bmake/mk/sys/Darwin.mk head/contrib/bmake/mk/sys/Generic.mk head/contrib/bmake/mk/sys/HP-UX.mk head/contrib/bmake/mk/sys/IRIX.mk head/contrib/bmake/mk/sys/Linux.mk head/contrib/bmake/mk/sys/NetBSD.mk head/contrib/bmake/mk/sys/OSF1.mk head/contrib/bmake/mk/sys/OpenBSD.mk head/contrib/bmake/mk/sys/SunOS.mk head/contrib/bmake/mk/sys/UnixWare.mk head/contrib/bmake/nonints.h head/contrib/bmake/parse.c head/contrib/bmake/str.c head/contrib/bmake/suff.c head/contrib/bmake/targ.c head/contrib/bmake/trace.c head/contrib/bmake/unit-tests/Makefile head/contrib/bmake/unit-tests/cond-short.exp head/contrib/bmake/unit-tests/cond-short.mk head/contrib/bmake/unit-tests/modmatch.mk head/contrib/bmake/unit-tests/modmisc.exp head/contrib/bmake/unit-tests/modmisc.mk head/contrib/bmake/unit-tests/modorder.exp head/contrib/bmake/unit-tests/modorder.mk head/contrib/bmake/unit-tests/sysv.exp head/contrib/bmake/unit-tests/sysv.mk head/contrib/bmake/unit-tests/varmisc.exp head/contrib/bmake/unit-tests/varmisc.mk head/contrib/bmake/util.c head/contrib/bmake/var.c head/usr.bin/bmake/Makefile.config Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogThu Jul 9 02:52:39 2020 (r363034) +++ head/contrib/bmake/ChangeLogThu Jul 9 03:46:07 2020 (r363035) @@ -1,81 +1,3 @@ -2020-07-04 Simon J Gerraty - - * VERSION (_MAKE_VERSION): 20200704 - Merge with NetBSD make, pick up - (most of this by rillig@) - o lots of style and white-space cleanup - o lots more unit tests for variable modifiers - o simplified description of some functions - o str.c: refactor Str_Match - o var.c: debugging output for :@ - constify VarModify parameter - fix :hash modifier on 16-bit platforms - remove unnecessary forward declarations - refactor ApplyModifier_SysV to have less indentation - simplify code for :E and :R - clean up code for :H and :T - refactor ApplyModifiers - - * var.c: we need stdint.h on some platforms to get uint32_t - * unit-test/Makefile: we need to supress the specific error - for RE substitution error in modmisc, since it varies accross - different OS. - -2020-07-02 Simon J Gerraty - - * VERSION (_MAKE_VERSION): 20200702 - Merge with NetBSD make, pick up - o var.c: more improvements to avoiding unnecessary evaluation - use enums for flags - o remove flags arg to Var_Set which outside of var.c is always 0 - -2020-07-01 Simon J Gerraty - - * VERSION (_MAKE_VERSION): 20200701 - Merge with NetBSD make, pick up - o var.c: with change to cond.c; ensure that nested variables - within a variable name are expanded. - o unit-tests/varmisc.mk: test for nested varname - -2020-06-29 Simon J Gerraty - - * VERSION (_MAKE_VERSION): 20200629
svn commit: r363031 - in head: contrib/bmake contrib/bmake/lst.lib contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake
Author: sjg Date: Wed Jul 8 21:20:12 2020 New Revision: 363031 URL: https://svnweb.freebsd.org/changeset/base/363031 Log: Update to bmake-20200704 Key changes include reduced noise at end of failed build log and avoid evaluation of unnecessary terms in conditionals. MFC after:1 week Added: head/contrib/bmake/LICENSE - copied unchanged from r363019, vendor/NetBSD/bmake/dist/LICENSE head/contrib/bmake/unit-tests/cond-short.exp - copied unchanged from r363019, vendor/NetBSD/bmake/dist/unit-tests/cond-short.exp head/contrib/bmake/unit-tests/cond-short.mk - copied unchanged from r363019, vendor/NetBSD/bmake/dist/unit-tests/cond-short.mk Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/FILES head/contrib/bmake/VERSION head/contrib/bmake/arch.c head/contrib/bmake/buf.c head/contrib/bmake/compat.c head/contrib/bmake/cond.c head/contrib/bmake/dir.c head/contrib/bmake/for.c head/contrib/bmake/hash.c head/contrib/bmake/hash.h head/contrib/bmake/job.c head/contrib/bmake/job.h head/contrib/bmake/lst.lib/lstAppend.c head/contrib/bmake/lst.lib/lstAtEnd.c head/contrib/bmake/lst.lib/lstAtFront.c head/contrib/bmake/lst.lib/lstClose.c head/contrib/bmake/lst.lib/lstConcat.c head/contrib/bmake/lst.lib/lstDatum.c head/contrib/bmake/lst.lib/lstDeQueue.c head/contrib/bmake/lst.lib/lstDupl.c head/contrib/bmake/lst.lib/lstEnQueue.c head/contrib/bmake/lst.lib/lstFind.c head/contrib/bmake/lst.lib/lstFindFrom.c head/contrib/bmake/lst.lib/lstFirst.c head/contrib/bmake/lst.lib/lstForEach.c head/contrib/bmake/lst.lib/lstForEachFrom.c head/contrib/bmake/lst.lib/lstInit.c head/contrib/bmake/lst.lib/lstInsert.c head/contrib/bmake/lst.lib/lstIsAtEnd.c head/contrib/bmake/lst.lib/lstIsEmpty.c head/contrib/bmake/lst.lib/lstLast.c head/contrib/bmake/lst.lib/lstNext.c head/contrib/bmake/lst.lib/lstOpen.c head/contrib/bmake/lst.lib/lstPrev.c head/contrib/bmake/lst.lib/lstRemove.c head/contrib/bmake/lst.lib/lstReplace.c head/contrib/bmake/lst.lib/lstSucc.c head/contrib/bmake/main.c head/contrib/bmake/make.c head/contrib/bmake/make.h head/contrib/bmake/make_malloc.c head/contrib/bmake/meta.c head/contrib/bmake/meta.h head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/FILES head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/mkopt.sh head/contrib/bmake/mk/sys/AIX.mk head/contrib/bmake/mk/sys/Darwin.mk head/contrib/bmake/mk/sys/Generic.mk head/contrib/bmake/mk/sys/HP-UX.mk head/contrib/bmake/mk/sys/IRIX.mk head/contrib/bmake/mk/sys/Linux.mk head/contrib/bmake/mk/sys/NetBSD.mk head/contrib/bmake/mk/sys/OSF1.mk head/contrib/bmake/mk/sys/OpenBSD.mk head/contrib/bmake/mk/sys/SunOS.mk head/contrib/bmake/mk/sys/UnixWare.mk head/contrib/bmake/nonints.h head/contrib/bmake/parse.c head/contrib/bmake/str.c head/contrib/bmake/suff.c head/contrib/bmake/targ.c head/contrib/bmake/trace.c head/contrib/bmake/unit-tests/Makefile head/contrib/bmake/unit-tests/modmatch.mk head/contrib/bmake/unit-tests/modmisc.exp head/contrib/bmake/unit-tests/modmisc.mk head/contrib/bmake/unit-tests/modorder.exp head/contrib/bmake/unit-tests/modorder.mk head/contrib/bmake/unit-tests/sysv.exp head/contrib/bmake/unit-tests/sysv.mk head/contrib/bmake/unit-tests/varmisc.exp head/contrib/bmake/unit-tests/varmisc.mk head/contrib/bmake/util.c head/contrib/bmake/var.c head/usr.bin/bmake/Makefile.config Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogWed Jul 8 20:26:19 2020 (r363030) +++ head/contrib/bmake/ChangeLogWed Jul 8 21:20:12 2020 (r363031) @@ -1,3 +1,81 @@ +2020-07-04 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200704 + Merge with NetBSD make, pick up + (most of this by rillig@) + o lots of style and white-space cleanup + o lots more unit tests for variable modifiers + o simplified description of some functions + o str.c: refactor Str_Match + o var.c: debugging output for :@ + constify VarModify parameter + fix :hash modifier on 16-bit platforms + remove unnecessary forward declarations + refactor ApplyModifier_SysV to have less indentation + simplify code for :E and :R + clean up code for :H and :T + refactor ApplyModifiers + + * var.c: we need stdint.h on some platforms to get uint32_t + * unit-test/Makefile: we need to supress the specific error + for RE substitution error in modmisc, since it varies accross + different OS. + +2020-07-02 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200702 + Merge with NetBSD make, pick up + o var.c: more improvements to avoiding unnecessary
svn commit: r362231 - head/sys/kern
Author: sjg Date: Tue Jun 16 17:02:56 2020 New Revision: 362231 URL: https://svnweb.freebsd.org/changeset/base/362231 Log: Make KENV_MVALLEN tunable When doing secure boot, loader wants to export loader.ve.hashed the value of which typically exceeds KENV_MVALLEN. Replace use of KENV_MVALLEN with tunable kenv_mvallen. Add getenv_string_buffer() for the case where a stack buffer cannot be created and use uma_zone_t kenv_zone for suitably sized buffers. Reviewed by: stevek, kevans Obtained from:Abhishek Kulkarni MFC after:1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org//D25259 Modified: head/sys/kern/kern_environment.c Modified: head/sys/kern/kern_environment.c == --- head/sys/kern/kern_environment.cTue Jun 16 16:48:52 2020 (r362230) +++ head/sys/kern/kern_environment.cTue Jun 16 17:02:56 2020 (r362231) @@ -63,6 +63,9 @@ static MALLOC_DEFINE(M_KENV, "kenv", "kernel environme #define KENV_SIZE 512 /* Maximum number of environment strings */ +static uma_zone_t kenv_zone; +static int kenv_mvallen = KENV_MVALLEN; + /* pointer to the config-generated static environment */ char *kern_envp; @@ -85,6 +88,8 @@ bool dynamic_kenv; #define KENV_CHECK if (!dynamic_kenv) \ panic("%s: called before SI_SUB_KMEM", __func__) +static char*getenv_string_buffer(const char *); + int sys_kenv(td, uap) struct thread *td; @@ -110,9 +115,9 @@ sys_kenv(td, uap) #endif done = needed = 0; buflen = uap->len; - if (buflen > KENV_SIZE * (KENV_MNAMELEN + KENV_MVALLEN + 2)) + if (buflen > KENV_SIZE * (KENV_MNAMELEN + kenv_mvallen + 2)) buflen = KENV_SIZE * (KENV_MNAMELEN + - KENV_MVALLEN + 2); + kenv_mvallen + 2); if (uap->len > 0 && uap->value != NULL) buffer = malloc(buflen, M_TEMP, M_WAITOK|M_ZERO); mtx_lock(_lock); @@ -185,8 +190,8 @@ sys_kenv(td, uap) error = EINVAL; goto done; } - if (len > KENV_MVALLEN + 1) - len = KENV_MVALLEN + 1; + if (len > kenv_mvallen + 1) + len = kenv_mvallen + 1; value = malloc(len, M_TEMP, M_WAITOK); error = copyinstr(uap->value, value, len, NULL); if (error) { @@ -327,7 +332,7 @@ init_dynamic_kenv_from(char *init_env, int *curpos) for (cp = init_env; cp != NULL; cp = cpnext) { cpnext = kernenv_next(cp); len = strlen(cp) + 1; - if (len > KENV_MNAMELEN + 1 + KENV_MVALLEN + 1) { + if (len > KENV_MNAMELEN + 1 + kenv_mvallen + 1) { printf( "WARNING: too long kenv string, ignoring %s\n", cp); @@ -375,7 +380,14 @@ static void init_dynamic_kenv(void *data __unused) { int dynamic_envpos; + int size; + TUNABLE_INT_FETCH("kenv_mvallen", _mvallen); + size = KENV_MNAMELEN + 1 + kenv_mvallen + 1; + + kenv_zone = uma_zcreate("kenv", size, NULL, NULL, NULL, NULL, + UMA_ALIGN_PTR, 0); + kenvp = malloc((KENV_SIZE + 1) * sizeof(char *), M_KENV, M_WAITOK | M_ZERO); @@ -395,7 +407,7 @@ freeenv(char *env) if (dynamic_kenv && env != NULL) { explicit_bzero(env, strlen(env)); - free(env, M_KENV); + uma_zfree(kenv_zone, env); } } @@ -470,14 +482,11 @@ _getenv_static(const char *name) char * kern_getenv(const char *name) { - char buf[KENV_MNAMELEN + 1 + KENV_MVALLEN + 1]; char *ret; if (dynamic_kenv) { - if (getenv_string(name, buf, sizeof(buf))) { - ret = strdup(buf, M_KENV); - } else { - ret = NULL; + ret = getenv_string_buffer(name); + if (ret == NULL) { WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "getenv"); } @@ -548,7 +557,7 @@ kern_setenv(const char *name, const char *value) if (namelen > KENV_MNAMELEN + 1) return (-1); vallen = strlen(value) + 1; - if (vallen > KENV_MVALLEN + 1) + if (vallen > kenv_mvallen + 1) return (-1); buf = malloc(namelen + vallen, M_KENV, M_WAITOK); sprintf(buf, "%s=%s", name, value); @@ -607,6 +616,33 @@ kern_unsetenv(const char *name) } /* + * Return a buffer containing the string value from an environment variable + */ +static char *
svn commit: r362127 - head/lib/libsecureboot
Author: sjg Date: Fri Jun 12 21:55:30 2020 New Revision: 362127 URL: https://svnweb.freebsd.org/changeset/base/362127 Log: verify_pcr_export: bump kenv_mvallen if needed The loader.ve.hashed list can easily exceed KENV_MVALLEN. If so, bump kenv_mvallen to a multiple of KENV_MVALLEN to accommodate the value. Reviewed by: stevek MFC after:1 week Modified: head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cFri Jun 12 21:53:08 2020 (r362126) +++ head/lib/libsecureboot/verify_file.cFri Jun 12 21:55:30 2020 (r362127) @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include "libsecureboot.h" #include @@ -532,6 +533,19 @@ verify_pcr_export(void) DEBUG_PRINTF(1, ("%s: setenv(loader.ve.hashed, %s\n", __func__, hinfo)); + if ((hlen = strlen(hinfo)) > KENV_MVALLEN) { + /* +* bump kenv_mvallen +* roundup to multiple of KENV_MVALLEN +*/ + char mvallen[16]; + + hlen += KENV_MVALLEN - + (hlen % KENV_MVALLEN); + if (snprintf(mvallen, sizeof(mvallen), + "%d", (int) hlen) < sizeof(mvallen)) + setenv("kenv_mvallen", mvallen, 1); + } free(hinfo); } } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362125 - head/sys/security/mac_veriexec
Author: sjg Date: Fri Jun 12 21:51:20 2020 New Revision: 362125 URL: https://svnweb.freebsd.org/changeset/base/362125 Log: mac_veriexec_fingerprint_check_vnode: v_writecount > 0 means active writers v_writecount can actually be < 0 for text, so check for v_writecount > 0 Reviewed by: stevek MFC after:1 week Modified: head/sys/security/mac_veriexec/veriexec_fingerprint.c Modified: head/sys/security/mac_veriexec/veriexec_fingerprint.c == --- head/sys/security/mac_veriexec/veriexec_fingerprint.c Fri Jun 12 21:48:46 2020(r362124) +++ head/sys/security/mac_veriexec/veriexec_fingerprint.c Fri Jun 12 21:51:20 2020(r362125) @@ -215,7 +215,7 @@ mac_veriexec_fingerprint_check_vnode(struct vnode *vp, int error; /* reject fingerprint if writers are active */ - if (vp->v_writecount) + if (vp->v_writecount > 0) return (ETXTBSY); if ((vp->v_mount->mnt_flag & MNT_VERIFIED) != 0) { ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r362124 - head/stand/common
Author: sjg Date: Fri Jun 12 21:48:46 2020 New Revision: 362124 URL: https://svnweb.freebsd.org/changeset/base/362124 Log: Minor cleanup of initialized variables Sort the list and cleanup trailing white-space Reviewed by: stevek MFC after:1 week Modified: head/stand/common/install.c Modified: head/stand/common/install.c == --- head/stand/common/install.c Fri Jun 12 21:33:02 2020(r362123) +++ head/stand/common/install.c Fri Jun 12 21:48:46 2020(r362124) @@ -207,15 +207,15 @@ install(char *pkgname) if (*s == '\0') goto invalid_url; - proto = NULL; devname = NULL; devnamelen = 0; - + proto = NULL; + local = 0; + if (i == 4 && !strncasecmp(pkgname, "tftp", i)) { devname = "net0"; devnamelen = 4; proto = _fsops; - local = 0; } else if (i == 4 && !strncasecmp(pkgname, "file", i)) { currdev = getenv("currdev"); local = 1; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361986 - in head: contrib/bmake contrib/bmake/mk usr.bin/bmake
Author: sjg Date: Tue Jun 9 20:52:35 2020 New Revision: 361986 URL: https://svnweb.freebsd.org/changeset/base/361986 Log: Merge bmake-20200606 Relevant items from ChangeLog: o dir.c: cached_stats - don't confuse stat and lstat results. o var.c: add :Or for reverse sort. Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/Makefile head/contrib/bmake/VERSION head/contrib/bmake/bmake.1 head/contrib/bmake/bmake.cat1 head/contrib/bmake/configure head/contrib/bmake/configure.in head/contrib/bmake/dir.c head/contrib/bmake/dirname.c head/contrib/bmake/make.1 head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/dirdeps-targets.mk head/contrib/bmake/mk/init.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/meta2deps.py head/contrib/bmake/var.c head/usr.bin/bmake/Makefile head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/config.h Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogTue Jun 9 20:27:35 2020 (r361985) +++ head/contrib/bmake/ChangeLogTue Jun 9 20:52:35 2020 (r361986) @@ -1,3 +1,25 @@ +2020-06-06 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200606 + Merge with NetBSD make, pick up + o make.1: cleanup + + * Makefile: fix depends for main.o which broke MAKE_VERSION + +2020-06-05 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200605 + Merge with NetBSD make, pick up + o dir.c: cached_stats - don't confuse stat and lstat results. + o var.c: add :Or for reverse sort. + +2020-05-24 Simon J Gerraty + + * configure.in: add AC_PROG_CC_C99 for mipspro compiler + also if --with-filemon= specifies path to filemon.h + set use_filemon=dev + * dirname.c: remove include of namespace.h + 2020-05-17 Simon J Gerraty * VERSION (_MAKE_VERSION): 20200517 Modified: head/contrib/bmake/Makefile == --- head/contrib/bmake/Makefile Tue Jun 9 20:27:35 2020(r361985) +++ head/contrib/bmake/Makefile Tue Jun 9 20:52:35 2020(r361986) @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.104 2020/02/06 01:33:54 sjg Exp $ +# $Id: Makefile,v 1.107 2020/06/07 21:18:46 sjg Exp $ PROG= bmake @@ -82,7 +82,7 @@ COPTS.main.c+= "-DMAKE_VERSION=\"${_MAKE_VERSION}\"" # should be set by now USE_FILEMON ?= no .if ${USE_FILEMON:tl} != "no" -.PATH: ${.CURDIR}/filemon +.PATH: ${srcdir}/filemon SRCS+= filemon_${USE_FILEMON}.c COPTS.meta.c+= -DUSE_FILEMON -DUSE_FILEMON_${USE_FILEMON:tu} COPTS.job.c+= ${COPTS.meta.c} @@ -158,7 +158,7 @@ MAN1= ${MAN} .if (${PROG} != "make") CLEANFILES+= my.history .if make(${MAN}) || !exists(${srcdir}/${MAN}) -my.history: ${MAKEFILE} +my.history: @(echo ".Nm"; \ echo "is derived from NetBSD"; \ echo ".Xr make 1 ."; \ @@ -207,7 +207,7 @@ ${OBJS}: config.h # start-delete2 for bsd.after-import.mk # make sure that MAKE_VERSION gets updated. -main.o: ${SRCS} ${.CURDIR}/VERSION +main.o: ${srcdir}/VERSION .if ${MK_AUTOCONF_MK} == "yes" CONFIGURE_DEPS += ${.CURDIR}/VERSION Modified: head/contrib/bmake/VERSION == --- head/contrib/bmake/VERSION Tue Jun 9 20:27:35 2020(r361985) +++ head/contrib/bmake/VERSION Tue Jun 9 20:52:35 2020(r361986) @@ -1,2 +1,2 @@ # keep this compatible with sh and make -_MAKE_VERSION=20200517 +_MAKE_VERSION=20200606 Modified: head/contrib/bmake/bmake.1 == --- head/contrib/bmake/bmake.1 Tue Jun 9 20:27:35 2020(r361985) +++ head/contrib/bmake/bmake.1 Tue Jun 9 20:52:35 2020(r361986) @@ -1,4 +1,4 @@ -.\"$NetBSD: make.1,v 1.273 2018/05/27 01:14:51 christos Exp $ +.\"$NetBSD: make.1,v 1.282 2020/06/06 20:28:42 wiz Exp $ .\" .\" Copyright (c) 1990, 1993 .\"The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\"from: @(#)make.18.4 (Berkeley) 3/19/94 .\" -.Dd May 26, 2018 +.Dd June 5, 2020 .Dt BMAKE 1 .Os .Sh NAME @@ -272,7 +272,7 @@ that do not depend on the target whose creation caused .It Fl m Ar directory Specify a directory in which to search for sys.mk and makefiles included via the -.Ao Ar file Ac Ns -style +.Li \&< Ns Ar file Ns Li \&> Ns -style include statement. The .Fl m @@ -280,7 +280,7 @@ option can be used multiple times to form a search pat This path will override the default system include path: /usr/share/mk. Furthermore the system include path will be appended to the search path used f
svn commit: r361933 - head/stand/common
Author: sjg Date: Mon Jun 8 18:13:38 2020 New Revision: 361933 URL: https://svnweb.freebsd.org/changeset/base/361933 Log: loader: install allow for more complete device spec in url Rework to simplify and impose sane url syntax. That is we allow for file://[devname[:fstype]]/package Reviewed by: stevek MFC after:1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org//D25134 Modified: head/stand/common/install.c Modified: head/stand/common/install.c == --- head/stand/common/install.c Mon Jun 8 17:57:21 2020(r361932) +++ head/stand/common/install.c Mon Jun 8 18:13:38 2020(r361933) @@ -184,7 +184,8 @@ cleanup(void) /* * usage: install URL - * where: URL = (tftp|file)://[host]/ + * where: URL = tftp://[host]/ + * or file://[devname[:fstype]]/ */ static int install(char *pkgname) @@ -192,8 +193,9 @@ install(char *pkgname) static char buf[256]; struct fs_ops *proto; struct preloaded_file *fp; - char *s, *currdev; - const char *devname; + char *e, *s, *currdev; + char *devname; + size_t devnamelen; int error, fd, i, local; s = strstr(pkgname, "://"); @@ -201,34 +203,74 @@ install(char *pkgname) goto invalid_url; i = s - pkgname; + s += 3; + if (*s == '\0') + goto invalid_url; + + proto = NULL; + devname = NULL; + devnamelen = 0; + if (i == 4 && !strncasecmp(pkgname, "tftp", i)) { devname = "net0"; + devnamelen = 4; proto = _fsops; local = 0; } else if (i == 4 && !strncasecmp(pkgname, "file", i)) { currdev = getenv("currdev"); - if (currdev != NULL && strcmp(currdev, "pxe0:") == 0) { - devname = "pxe0"; - proto = NULL; + local = 1; + + if (*s == '/') {/* file:/// */ + if (devname == NULL) + devname = currdev; + if (devname == NULL) + devname = "disk1"; + } else {/* file://devname[:fstype]/ */ + devname = s; + e = strchr(devname, '/'); + if (!e) + goto invalid_url; + devnamelen = e - devname; + s = e; /* consume devname */ + } + if ((e = strchr(devname, ':')) != NULL) { + /* could be :fstype */ + devnamelen = e - devname; + switch (e[1]) { + case '\0': /* just currdev */ + break; + case 'd': + proto = _fsops; + break; #ifdef HOSTPROG - } else if (currdev != NULL && strcmp(currdev, "host0:") == 0) { - extern struct fs_ops host_fsops; + case 'h': + { + extern struct fs_ops host_fsops; - devname = "host0"; - proto = _fsops; + proto = _fsops; + } + break; #endif - } else { - devname = "disk1"; + case 'u': + proto = _fsops; + break; + } + } + if (proto == NULL && strncmp(devname, "disk", 4) == 0) { proto = _fsops; } - local = 1; - } else - goto invalid_url; + } - s += 3; - if (*s == '\0') + if (devname == NULL) goto invalid_url; + if (devnamelen == 0) { + /* default is currdev which ends with ':' */ + devnamelen = strlen(devname); + if (devname[devnamelen - 1] == ':') + devnamelen--; + } + if (*s != '/' ) { if (local) goto invalid_url; @@ -252,11 +294,12 @@ install(char *pkgname) } else pkgname = s; - if (strlen(devname) + strlen(pkgname) + 2 > sizeof(buf)) { + i = snprintf(buf, sizeof(buf), "%.*s:%s", + (int) devnamelen, devname, pkgname); + if (i >= (int) sizeof(buf)) { command_errmsg = "package name too long"; return (CMD_ERROR); } - sprintf(buf, "%s:%s", devname, pkgname); setenv("install_package", buf, 1); error =
svn commit: r361710 - head/stand/uboot/lib
Author: sjg Date: Mon Jun 1 23:44:03 2020 New Revision: 361710 URL: https://svnweb.freebsd.org/changeset/base/361710 Log: stand/uboot: fix setting of gateip.s_addr Missplaced paren. Reviewed by: imp MFC after:1 week Modified: head/stand/uboot/lib/net.c Modified: head/stand/uboot/lib/net.c == --- head/stand/uboot/lib/net.c Mon Jun 1 23:26:37 2020(r361709) +++ head/stand/uboot/lib/net.c Mon Jun 1 23:44:03 2020(r361710) @@ -187,7 +187,7 @@ get_env_net_params() rootip.s_addr = 0; return; } - if ((gateip.s_addr = inet_addr(envstr) == INADDR_NONE)) { + if ((gateip.s_addr = inet_addr(envstr)) == INADDR_NONE) { printf("Could not parse gatewayip '%s'\n", envstr); rootip.s_addr = 0; return; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r361307 - in head: contrib/bmake contrib/bmake/filemon contrib/bmake/mk contrib/bmake/mk/sys contrib/bmake/unit-tests usr.bin/bmake
/contrib/bmake/mk/meta.stage.mk head/contrib/bmake/mk/meta.sys.mk head/contrib/bmake/mk/meta2deps.py head/contrib/bmake/mk/options.mk head/contrib/bmake/mk/sys.mk head/contrib/bmake/mk/sys.vars.mk head/contrib/bmake/mk/sys/AIX.mk head/contrib/bmake/mk/sys/Darwin.mk head/contrib/bmake/mk/sys/Generic.mk head/contrib/bmake/mk/sys/HP-UX.mk head/contrib/bmake/mk/sys/IRIX.mk head/contrib/bmake/mk/sys/Linux.mk head/contrib/bmake/mk/sys/NetBSD.mk head/contrib/bmake/mk/sys/OSF1.mk head/contrib/bmake/mk/sys/OpenBSD.mk head/contrib/bmake/mk/sys/SunOS.mk head/contrib/bmake/mk/sys/UnixWare.mk head/contrib/bmake/mk/whats.mk head/contrib/bmake/nonints.h head/contrib/bmake/parse.c head/contrib/bmake/str.c head/contrib/bmake/unit-tests/escape.mk head/contrib/bmake/unit-tests/forloop.exp head/contrib/bmake/unit-tests/forloop.mk head/contrib/bmake/unit-tests/modorder.mk head/contrib/bmake/unit-tests/sysv.exp head/contrib/bmake/unit-tests/sysv.mk head/contrib/bmake/util.c head/contrib/bmake/var.c head/usr.bin/bmake/Makefile head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/Makefile.depend head/usr.bin/bmake/config.h Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogWed May 20 22:25:41 2020 (r361306) +++ head/contrib/bmake/ChangeLogWed May 20 22:25:46 2020 (r361307) @@ -1,3 +1,138 @@ +2020-05-17 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200517 + Merge with NetBSD make, pick up + o modified dollar tests to avoid shell dependencies + o new tests for .INCLUDEFROM + +2020-05-16 Simon J Gerraty + + * unit-tests/dollar.mk: tweak '1 dollar literal' test + to not depend so much on shell behavior + +2020-05-10 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200510 + Merge with NetBSD make, pick up + o unit test for dollar handling + +2020-05-06 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200506 + Merge with NetBSD make, pick up + o str.c: empty string does not match % pattern + plus unit-test changes + +2020-05-04 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200504 + May the 4th be with you + Merge with NetBSD make, pick up + o var.c: import handling of old sysV style modifier using '%' + o str.c: refactor brk_string + o unit-tests: add test case for lazy conditions + +2020-04-18 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200418 + + * configure.in: use_makefile=no for cygwin et al. + case insensitive filesystems just don't work if both + makefile and Makefile exist. + NOTE: bmake does not support cygwin and likely never will, + but if brave souls want to try it - help them out. + +2020-04-02 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200402 + Merge with NetBSD make, pick up + o meta.c: meta_oodate, CHECK_VALID_META is too aggressive for CMD + a blank command is perfectly valid. + +2020-03-30 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200330 + Merge with NetBSD make, pick up + o make.h: extern debug_file + +2020-03-18 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200318 + Merge with NetBSD make, pick up + o meta.c: meta_oodate, check for corrupted meta file + earlier and more often. + +2020-02-20 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200220 + +2020-02-19 Simon J Gerraty + + * boot-strap: unset MAKEFLAGS + +2020-02-12 Simon J Gerraty + + * VERSION (_MAKE_VERSION): 20200212 + * meta.c: meta_compat_parent check for USE_FILEMON + patch from Soeren Tempel + +2020-02-05 Simon J Gerraty + + * VERSION: 20200205 + Merge with NetBSD make, pick up + o meta.c: fix compat mode, need to call meta_job_output() + o job.c: extra fds for meta mode not needed if using filemon_dev + +2020-01-22 Simon J Gerraty + + * VERSION: 20200122 + Merge with NetBSD make, pick up + o meta.c: avoid passing NULL to filemon_*() when meta_needed() + returns FALSE. + +2020-01-21 Simon J Gerraty + + * VERSION: 20200121 + Merge with NetBSD make, pick up + o filemon/filemon_{dev,ktrace}.c: allow selection of + filemon implementation. filemon_dev.c uses the kernel module + while filemon_ktrace.c leverages the fktrace api available in + NetBSD. filemon_ktrace.c can hopefully form the basis for + adding support for other tracing mechanisms such as strace on + Linux. + o meta.c: when target is out-of-date per normal make rules + record value of .OODATE in meta file. + +2019-09-26 Simon J Gerraty + + * VERSION: 20190926 + Merge with NetBSD make
svn commit: r360059 - head/sys/sys
Author: sjg Date: Sat Apr 18 01:22:41 2020 New Revision: 360059 URL: https://svnweb.freebsd.org/changeset/base/360059 Log: Define enum for so_qstate outside of struct. LLVM-9.0 clang++ throws an error for enum defined within an anonymous struct. Reviewed by: jtl, rpokala MFC after:1 week Differential Revision: https://reviews.freebsd.org//D24477 Modified: head/sys/sys/socketvar.h Modified: head/sys/sys/socketvar.h == --- head/sys/sys/socketvar.hSat Apr 18 01:16:30 2020(r360058) +++ head/sys/sys/socketvar.hSat Apr 18 01:22:41 2020(r360059) @@ -67,6 +67,12 @@ typedef void so_dtor_t(struct socket *); struct socket; +enum socket_qstate { + SQ_NONE = 0, + SQ_INCOMP = 0x0800, /* on sol_incomp */ + SQ_COMP = 0x1000, /* on sol_comp */ +}; + /*- * Locking key to struct socket: * (a) constant after allocation, no locking required. @@ -122,12 +128,7 @@ struct socket { /* (e) Our place on accept queue. */ TAILQ_ENTRY(socket) so_list; struct socket *so_listen; /* (b) */ - enum { - SQ_NONE = 0, - SQ_INCOMP = 0x0800, /* on sol_incomp */ - SQ_COMP = 0x1000, /* on sol_comp */ - } so_qstate; /* (b) */ - + enum socket_qstate so_qstate; /* (b) */ /* (b) cached MAC label for peer */ struct label *so_peerlabel; u_long so_oobmark; /* chars to oob mark */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r359705 - head/share/mk
Kyle Evans wrote: > universe13a% make -C stand -V .OBJDIR > /scratch/tmp/kevans/obj/home/kevans/head/amd64.amd64/stand > > But in a buildenv: > universe13a% make TARGET_ARCH=armv7 buildenv > Entering world for armv7:arm > For ZSH you must run: export CPUTYPE= > universe13a% make -C stand -V .OBJDIR > [Creating objdir /scratch/tmp/kevans/obj/home/kevans/head/stand...] > /scratch/tmp/kevans/obj/home/kevans/head/stand What do you get for: env | grep MAKE > Using buildenv with BUILDENV_SHELL="make -C stand -V .OBDJIR" > *doesn't* reproduce it (objdir has arm.armv7 in it again). > > I tried with both zsh (and export CPUTYPE=) and /bin/sh, but it seems > to reproduce both ways. > > Thanks, > > Kyle Evans ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r359700 - in head: lib/libsecureboot stand/libsa
Author: sjg Date: Tue Apr 7 16:56:34 2020 New Revision: 359700 URL: https://svnweb.freebsd.org/changeset/base/359700 Log: Improve interaction of vectx and tftp On slow platforms, it helps to spread the hashing load over time so that tftp does not timeout. Also, some .4th files are too big to fit in cache of pkgfs, so increase cache size and ensure fully populated. Reviewed by: stevek MFC after:1 week Differential Revision: https://reviews.freebsd.org/D24287 Modified: head/lib/libsecureboot/vectx.c head/stand/libsa/pkgfs.c head/stand/libsa/tftp.c Modified: head/lib/libsecureboot/vectx.c == --- head/lib/libsecureboot/vectx.c Tue Apr 7 16:52:45 2020 (r359699) +++ head/lib/libsecureboot/vectx.c Tue Apr 7 16:56:34 2020 (r359700) @@ -211,6 +211,7 @@ ssize_t vectx_read(struct vectx *ctx, void *buf, size_t nbytes) { unsigned char *bp = buf; + int d; int n; int delta; int x; @@ -221,23 +222,30 @@ vectx_read(struct vectx *ctx, void *buf, size_t nbytes off = 0; do { - n = read(ctx->vec_fd, [off], nbytes - off); - if (n < 0) + /* +* Do this in reasonable chunks so +* we don't timeout if doing tftp +*/ + x = nbytes - off; + x = MIN(PAGE_SIZE, x); + d = n = read(ctx->vec_fd, [off], x); + if (n < 0) { return (n); - if (n > 0) { + } + if (d > 0) { /* we may have seeked backwards! */ delta = ctx->vec_hashed - ctx->vec_off; if (delta > 0) { - x = MIN(delta, n); + x = MIN(delta, d); off += x; - n -= x; + d -= x; ctx->vec_off += x; } - if (n > 0) { - ctx->vec_md->update(>vec_ctx.vtable, [off], n); - off += n; - ctx->vec_off += n; - ctx->vec_hashed += n; + if (d > 0) { + ctx->vec_md->update(>vec_ctx.vtable, [off], d); + off += d; + ctx->vec_off += d; + ctx->vec_hashed += d; } } } while (n > 0 && off < nbytes); Modified: head/stand/libsa/pkgfs.c == --- head/stand/libsa/pkgfs.cTue Apr 7 16:52:45 2020(r359699) +++ head/stand/libsa/pkgfs.cTue Apr 7 16:56:34 2020(r359700) @@ -60,7 +60,7 @@ struct fs_ops pkgfs_fsops = { }; #define PKG_BUFSIZE512 -#definePKG_MAXCACHESZ 16384 +#definePKG_MAXCACHESZ (16384 * 3) #definePKG_FILEEXT ".tgz" @@ -132,6 +132,7 @@ struct package static struct package *package = NULL; static int new_package(int, struct package **); +static int cache_data(struct tarfile *tf, int); void pkgfs_cleanup(void) @@ -282,6 +283,9 @@ pkg_read(struct open_file *f, void *buf, size_t size, return (EBADF); } + if (tf->tf_cachesz == 0) + cache_data(tf, 1); + fp = tf->tf_fp; p = buf; sz = 0; @@ -311,16 +315,6 @@ pkg_read(struct open_file *f, void *buf, size_t size, fp += sz; p += sz; size -= sz; - - if (tf->tf_cachesz != 0) - continue; - - tf->tf_cachesz = (sz <= PKG_MAXCACHESZ) ? sz : PKG_MAXCACHESZ; - tf->tf_cache = malloc(tf->tf_cachesz); - if (tf->tf_cache != NULL) - memcpy(tf->tf_cache, buf, tf->tf_cachesz); - else - tf->tf_cachesz = 0; } tf->tf_fp = fp; @@ -484,8 +478,20 @@ get_zipped(struct package *pkg, void *buf, size_t bufs return (0); } +/** + * @brief + * cache data of a tarfile + * + * @param[in] tf + * tarfile pointer + * + * @param[in] force + * If file size > PKG_MAXCACHESZ, cache that much + * + * @return 0, -1 (errno set to error value) + */ static int -cache_data(struct tarfile *tf) +cache_data(struct tarfile *tf, int force) { struct package *pkg; size_t sz; @@ -503,21 +509,28 @@ cache_data(struct tarfile *tf) return (-1); } + if (tf->tf_cachesz > 0) { + DBG(("%s: data already cached\n", __func__)); + errno = EINVAL; + return (-1); + } + if (tf->tf_ofs !=
svn commit: r359502 - in head: lib/libveriexec share/mk
Author: sjg Date: Wed Apr 1 05:45:12 2020 New Revision: 359502 URL: https://svnweb.freebsd.org/changeset/base/359502 Log: Do not claim libbearssl et al are INTERNALLIB If INTERNALLIB is defined we need PIE and bsd.incs.mk is not included. PR: 245189 Reviewed by: emaste MFC after:1 week Differential Revision: https://reviews.freebsd.org//D24233 Modified: head/lib/libveriexec/Makefile head/share/mk/src.libnames.mk Modified: head/lib/libveriexec/Makefile == --- head/lib/libveriexec/Makefile Wed Apr 1 04:51:39 2020 (r359501) +++ head/lib/libveriexec/Makefile Wed Apr 1 05:45:12 2020 (r359502) @@ -1,6 +1,6 @@ # $FreeBSD$ -.include +.include LIB= veriexec MAN= veriexec.3 Modified: head/share/mk/src.libnames.mk == --- head/share/mk/src.libnames.mk Wed Apr 1 04:51:39 2020 (r359501) +++ head/share/mk/src.libnames.mk Wed Apr 1 05:45:12 2020 (r359502) @@ -222,18 +222,18 @@ _LIBRARIES+= \ .endif .if ${MK_BEARSSL} == "yes" -_INTERNALLIBS+= \ +_LIBRARIES+= \ bearssl \ secureboot \ -LIBBEARSSL?= ${LIBBEARSSLDIR}/libbearssl${PIE_SUFFIX}.a -LIBSECUREBOOT?=${LIBSECUREBOOTDIR}/libsecureboot${PIE_SUFFIX}.a +LIBBEARSSL?= ${LIBBEARSSLDIR}/libbearssl.a +LIBSECUREBOOT?=${LIBSECUREBOOTDIR}/libsecureboot.a .endif .if ${MK_VERIEXEC} == "yes" -_INTERNALLIBS+= veriexec +_LIBRARIES+= veriexec -LIBVERIEXEC?= ${LIBVERIEXECDIR}/libveriexec${PIE_SUFFIX}.a +LIBVERIEXEC?= ${LIBVERIEXECDIR}/libveriexec.a .endif # Each library's LIBADD needs to be duplicated here for static linkage of ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r359488 - head/share/mk
Author: sjg Date: Tue Mar 31 15:59:29 2020 New Revision: 359488 URL: https://svnweb.freebsd.org/changeset/base/359488 Log: Include ${.CURDIR}/local.init.mk if it exists This is handy for making local hacks to an app (eg to build it as tool for non-BSD host) without making a mess of the code base. Reviewed by: bdrewery MFC after:1 week Differential Revision: https://reviews.freebsd.org//D24101 Modified: head/share/mk/local.init.mk Modified: head/share/mk/local.init.mk == --- head/share/mk/local.init.mk Tue Mar 31 15:54:54 2020(r359487) +++ head/share/mk/local.init.mk Tue Mar 31 15:59:29 2020(r359488) @@ -1,5 +1,8 @@ # $FreeBSD$ +.if !target(__${_this}__) +__${_this}__: + .if ${.MAKE.MODE:Mmeta*} != "" .if !empty(SUBDIR) && !defined(LIB) && !defined(PROG) && ${.MAKE.MAKEFILES:M*bsd.prog.mk} == "" .if ${.MAKE.MODE:Mleaf*} != "" @@ -33,3 +36,5 @@ CFLAGS+= ${HOST_CFLAGS} .endif .-include "src.init.mk" +.-include "${.CURDIR}/local.init.mk" +.endif ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r359307 - in head: lib/libsecureboot lib/libsecureboot/h stand/common stand/libsa stand/userboot stand/userboot/test stand/userboot/userboot usr.sbin/bhyveload
Author: sjg Date: Wed Mar 25 19:12:19 2020 New Revision: 359307 URL: https://svnweb.freebsd.org/changeset/base/359307 Log: Fix pkgfs stat so it satisfies libsecureboot We need a valid st_dev, st_ino and st_mtime to correctly track which files have been verified and to update our notion of time. ve_utc_set(): ignore utc if it would jump our current time by more than VE_UTC_MAX_JUMP (20 years). Allow testing of install command via userboot. Need to fix its stat implementation too. bhyveload also needs stat fixed - due to change to userboot.h Call ve_error_get() from vectx_close() when hash is wrong. Track the names of files we have hashed into pcr For the purposes of measured boot, it is important to be able to reproduce the hash reflected in loader.ve.pcr so loader.ve.hashed provides a list of names in the order they were added. Reviewed by: imp MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org//D24027 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/vectx.c head/lib/libsecureboot/veopen.c head/lib/libsecureboot/vepcr.c head/lib/libsecureboot/verify_file.c head/lib/libsecureboot/vets.c head/stand/common/install.c head/stand/libsa/pkgfs.c head/stand/userboot/test/test.c head/stand/userboot/userboot.h head/stand/userboot/userboot/conf.c head/stand/userboot/userboot/host.c head/usr.sbin/bhyveload/bhyveload.c Modified: head/lib/libsecureboot/h/libsecureboot.h == --- head/lib/libsecureboot/h/libsecureboot.hWed Mar 25 18:20:37 2020 (r359306) +++ head/lib/libsecureboot/h/libsecureboot.hWed Mar 25 19:12:19 2020 (r359307) @@ -78,10 +78,11 @@ unsigned char *verify_sig(const char *, int); unsigned char *verify_asc(const char *, int); /* OpenPGP */ void ve_pcr_init(void); -void ve_pcr_update(unsigned char *, size_t); +void ve_pcr_update(const char *, unsigned char *, size_t); ssize_t ve_pcr_get(unsigned char *, size_t); int ve_pcr_updating_get(void); void ve_pcr_updating_set(int); +char * ve_pcr_hashed_get(int); /* flags for verify_{asc,sig,signed} */ #define VEF_VERBOSE1 Modified: head/lib/libsecureboot/vectx.c == --- head/lib/libsecureboot/vectx.c Wed Mar 25 18:20:37 2020 (r359306) +++ head/lib/libsecureboot/vectx.c Wed Mar 25 19:12:19 2020 (r359307) @@ -104,8 +104,8 @@ vectx_open(int fd, const char *path, off_t off, struct rc = verify_prep(fd, path, off, stp, __func__); DEBUG_PRINTF(2, - ("vectx_open: caller=%s,name='%s',prep_rc=%d\n", - caller,path, rc)); + ("vectx_open: caller=%s,fd=%d,name='%s',prep_rc=%d\n", + caller, fd, path, rc)); switch (rc) { case VE_FINGERPRINT_NONE: @@ -316,6 +316,9 @@ vectx_lseek(struct vectx *ctx, off_t off, int whence) * We have finished reading file, compare the hash with what * we wanted. * + * Be sure to call this before closing the file, since we may + * need to seek to the end to ensure hashing is complete. + * * @param[in] pctx * pointer to ctx * @@ -337,20 +340,25 @@ vectx_close(struct vectx *ctx, int severity, const cha */ ve_pcr_updating_set((severity == VE_MUST)); #endif + /* make sure we have hashed it all */ + vectx_lseek(ctx, 0, SEEK_END); rc = ve_check_hash(>vec_ctx, ctx->vec_md, ctx->vec_path, ctx->vec_want, ctx->vec_hashsz); } DEBUG_PRINTF(2, ("vectx_close: caller=%s,name='%s',rc=%d,severity=%d\n", caller,ctx->vec_path, rc, severity)); - if (severity > VE_WANT || rc == VE_FINGERPRINT_WRONG) - printf("%serified %s\n", (rc <= 0) ? "Unv" : "V", - ctx->vec_path); + if (rc == VE_FINGERPRINT_WRONG) { + printf("Unverified: %s\n", ve_error_get()); #if !defined(UNIT_TEST) && !defined(DEBUG_VECTX) - /* we are generally called with VE_MUST */ - if (severity > VE_WANT && rc == VE_FINGERPRINT_WRONG) - panic("cannot continue"); + /* we are generally called with VE_MUST */ + if (severity > VE_WANT) + panic("cannot continue"); #endif + } else if (severity > VE_WANT) { + printf("%serified %s\n", (rc <= 0) ? "Unv" : "V", + ctx->vec_path); + } free(ctx); return ((rc < 0) ? rc : 0); } Modified: head/lib/libsecureboot/veopen.c == --- head/lib/libsecureboot/veopen.c Wed Mar 25 18:20:37 2020 (r359306) +++ head/lib/libsecureboot/veopen.c Wed Mar 25 19:12:19 2020
Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
O. Hartmann wrote: > > To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org" > [... deleted ...] > > > buildworld seems to be broken on this commit: Ah! I did a buildworld, but build the 4th version of loader. Sorry, will fix. > > [...] > --- all_subdir_stand --- > --- lstd.o --- > /usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function call, > expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) { > ~~~ ^ > /usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' declared > here int verify_file(int, const char *, off_t, int, const char *); > ^ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r358813 - in head/stand: ficl i386/loader
Author: sjg Date: Mon Mar 9 16:02:54 2020 New Revision: 358813 URL: https://svnweb.freebsd.org/changeset/base/358813 Log: veloader use vectx API for kernel and modules The vectx API, computes the hash for verifying a file as it is read. This avoids the overhead of reading files twice - once to verify, then again to load. For doing an install via loader, avoiding the need to rewind large files is critical. This API is only used for modules, kernel and mdimage as these are the biggest files read by the loader. The reduction in boot time depends on how expensive the I/O is on any given platform. On a fast VM we see 6% improvement. For install via loader the first file to be verified is likely to be the kernel, so some of the prep work (finding manifest etc) done by verify_file() needs to be factored so it can be reused for vectx_open(). For missing or unrecognized fingerprint entries, we fail in vectx_open() unless verifying is disabled. Otherwise fingerprint check happens in vectx_close() and since this API is only used for files which must be verified (VE_MUST) we panic if we get an incorrect hash. Reviewed by: imp,tsoome MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org//D23827 Modified: head/stand/ficl/fileaccess.c head/stand/i386/loader/chain.c Modified: head/stand/ficl/fileaccess.c == --- head/stand/ficl/fileaccess.cMon Mar 9 15:55:13 2020 (r358812) +++ head/stand/ficl/fileaccess.cMon Mar 9 16:02:54 2020 (r358813) @@ -69,7 +69,7 @@ static void ficlFopen(FICL_VM *pVM, char *writeMode) / else #ifdef LOADER_VERIEXEC if (*mode == 'r' && - verify_file(fileno(f), filename, 0, VE_GUESS) < 0) { + verify_file(fileno(f), filename, 0, VE_GUESS, __func__) < 0) { fclose(f); stackPushPtr(pVM->pStack, NULL); } else Modified: head/stand/i386/loader/chain.c == --- head/stand/i386/loader/chain.c Mon Mar 9 15:55:13 2020 (r358812) +++ head/stand/i386/loader/chain.c Mon Mar 9 16:02:54 2020 (r358813) @@ -95,7 +95,7 @@ command_chain(int argc, char *argv[]) } #else #ifdef LOADER_VERIEXEC - if (verify_file(fd, argv[1], 0, VE_MUST) < 0) { + if (verify_file(fd, argv[1], 0, VE_MUST, __func__) < 0) { sprintf(command_errbuf, "can't verify: %s", argv[1]); close(fd); return (CMD_ERROR); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r358811 - head/stand/liblua
Author: sjg Date: Mon Mar 9 15:48:53 2020 New Revision: 358811 URL: https://svnweb.freebsd.org/changeset/base/358811 Log: veloader use vectx API for kernel and modules The vectx API, computes the hash for verifying a file as it is read. This avoids the overhead of reading files twice - once to verify, then again to load. For doing an install via loader, avoiding the need to rewind large files is critical. This API is only used for modules, kernel and mdimage as these are the biggest files read by the loader. The reduction in boot time depends on how expensive the I/O is on any given platform. On a fast VM we see 6% improvement. For install via loader the first file to be verified is likely to be the kernel, so some of the prep work (finding manifest etc) done by verify_file() needs to be factored so it can be reused for vectx_open(). For missing or unrecognized fingerprint entries, we fail in vectx_open() unless verifying is disabled. Otherwise fingerprint check happens in vectx_close() and since this API is only used for files which must be verified (VE_MUST) we panic if we get an incorrect hash. Reviewed by: imp,tsoome MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org//D23827 Modified: head/stand/liblua/lstd.c Modified: head/stand/liblua/lstd.c == --- head/stand/liblua/lstd.cMon Mar 9 15:28:52 2020(r358810) +++ head/stand/liblua/lstd.cMon Mar 9 15:48:53 2020(r358811) @@ -83,7 +83,7 @@ fopen(const char *filename, const char *mode) #ifdef LOADER_VERIEXEC /* only regular files and only reading makes sense */ if (S_ISREG(st.st_mode) && !(m & O_WRONLY)) { - if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + if (verify_file(fd, filename, 0, VE_GUESS, __func__) < 0) { free(f); close(fd); return (NULL); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
Sorry, this header was in the diff I checked just before commit, but somehow it got left behind. Should be fixed now. r358767 Ed Maste wrote: > On Sun, 8 Mar 2020 at 13:42, Simon J. Gerraty wrote: > > > > Author: sjg > > Date: Sun Mar 8 17:42:42 2020 > > New Revision: 358744 > > URL: > > https://urldefense.com/v3/__https://svnweb.freebsd.org/changeset/base/358744__;!!NEt6yMaO-gk!UN1BS-3MIiR9SzEXAP4CaXw9L8Y3jVsZwKB6fbjrjIiZGgrRXFp5uE0oPx-XgA$ > > > > > > Log: > > veloader use vectx API for kernel and modules > > CI reports the build is now broken: > 18:12:46 --- geliboot.o --- > 18:12:46 In file included from /usr/src/stand/libsa/geli/geliboot.c:33: > 18:12:46 In file included from > /usr/src/stand/libsa/geli/geliboot_internal.h:43: > 18:12:46 /usr/src/stand/common/bootstrap.h:36:10: fatal error: > 'readin.h' file not found > 18:12:46 #include "readin.h" > 18:12:46 ^~ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r358767 - head/stand/common
Author: sjg Date: Sun Mar 8 18:48:01 2020 New Revision: 358767 URL: https://svnweb.freebsd.org/changeset/base/358767 Log: veloader use vectx API for kernel and modules The vectx API, computes the hash for verifying a file as it is read. This avoids the overhead of reading files twice - once to verify, then again to load. For doing an install via loader, avoiding the need to rewind large files is critical. This API is only used for modules, kernel and mdimage as these are the biggest files read by the loader. The reduction in boot time depends on how expensive the I/O is on any given platform. On a fast VM we see 6% improvement. For install via loader the first file to be verified is likely to be the kernel, so some of the prep work (finding manifest etc) done by verify_file() needs to be factored so it can be reused for vectx_open(). For missing or unrecognized fingerprint entries, we fail in vectx_open() unless verifying is disabled. Otherwise fingerprint check happens in vectx_close() and since this API is only used for files which must be verified (VE_MUST) we panic if we get an incorrect hash. Reviewed by: imp,tsoome MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org//D23827 Added: head/stand/common/readin.h (contents, props changed) Added: head/stand/common/readin.h == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/stand/common/readin.h Sun Mar 8 18:48:01 2020(r358767) @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2020, Juniper Networks, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $FreeBSD$ + */ +#ifndef _READIN_H_ +#define_READIN_H_ + +#ifdef LOADER_VERIEXEC +#include +#endif +#ifdef LOADER_VERIEXEC_VECTX +typedef struct vectx * readin_handle_t; +#define VECTX_READ vectx_read +#define VECTX_LSEEK vectx_lseek +#else +typedef int readin_handle_t; +#define VECTX_READ read +#define VECTX_LSEEK lseek +#endif + +#endif /* !_READIN_H_ */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 st...
Author: sjg Date: Sun Mar 8 17:42:42 2020 New Revision: 358744 URL: https://svnweb.freebsd.org/changeset/base/358744 Log: veloader use vectx API for kernel and modules The vectx API, computes the hash for verifying a file as it is read. This avoids the overhead of reading files twice - once to verify, then again to load. For doing an install via loader, avoiding the need to rewind large files is critical. This API is only used for modules, kernel and mdimage as these are the biggest files read by the loader. The reduction in boot time depends on how expensive the I/O is on any given platform. On a fast VM we see 6% improvement. For install via loader the first file to be verified is likely to be the kernel, so some of the prep work (finding manifest etc) done by verify_file() needs to be factored so it can be reused for vectx_open(). For missing or unrecognized fingerprint entries, we fail in vectx_open() unless verifying is disabled. Otherwise fingerprint check happens in vectx_close() and since this API is only used for files which must be verified (VE_MUST) we panic if we get an incorrect hash. Reviewed by: imp,tsoome MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org//D23827 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/h/verify_file.h head/lib/libsecureboot/tests/tvo.c head/lib/libsecureboot/vectx.c head/lib/libsecureboot/verify_file.c head/share/mk/src.opts.mk head/stand/common/bootstrap.h head/stand/common/interp_forth.c head/stand/common/interp_simple.c head/stand/common/load_elf.c head/stand/common/load_elf_obj.c head/stand/common/misc.c head/stand/common/module.c head/stand/efi/loader/arch/i386/i386_copy.c head/stand/efi/loader/copy.c head/stand/efi/loader/loader_efi.h head/stand/efi/loader/main.c head/stand/ficl/loader.c head/stand/i386/libi386/i386_copy.c head/stand/i386/libi386/libi386.h head/stand/i386/loader/chain.c head/stand/libofw/libofw.h head/stand/libofw/ofw_copy.c head/stand/loader.mk head/stand/mips/beri/loader/arch.c head/stand/powerpc/kboot/main.c head/stand/uboot/lib/copy.c head/stand/uboot/lib/libuboot.h head/stand/userboot/userboot/copy.c head/stand/userboot/userboot/libuserboot.h Modified: head/lib/libsecureboot/h/libsecureboot.h == --- head/lib/libsecureboot/h/libsecureboot.hSun Mar 8 16:55:34 2020 (r358743) +++ head/lib/libsecureboot/h/libsecureboot.hSun Mar 8 17:42:42 2020 (r358744) @@ -69,12 +69,6 @@ void fingerprint_info_add(const char *, const char *, int ve_check_hash(br_hash_compat_context *, const br_hash_class *, const char *, const char *, size_t); -struct vectx; -struct vectx* vectx_open(int, const char *, off_t, struct stat *, int *); -ssize_t vectx_read(struct vectx *, void *, size_t); -off_t vectx_lseek(struct vectx *, off_t, int); -int vectx_close(struct vectx *); - char * hexdigest(char *, size_t, unsigned char *, size_t); int verify_fd(int, const char *, off_t, struct stat *); int verify_open(const char *, int); Modified: head/lib/libsecureboot/h/verify_file.h == --- head/lib/libsecureboot/h/verify_file.h Sun Mar 8 16:55:34 2020 (r358743) +++ head/lib/libsecureboot/h/verify_file.h Sun Mar 8 17:42:42 2020 (r358744) @@ -39,13 +39,21 @@ struct stat; -voidve_debug_set(int); -int ve_status_get(int); -voidve_efi_init(void); -int load_manifest(const char *, const char *, const char *, struct stat *); -int pass_manifest(const char *, const char *); -int pass_manifest_export_envs(void); -int verify_file(int, const char *, off_t, int); -voidverify_pcr_export(void); +intverify_prep(int, const char *, off_t, struct stat *, const char *); +void ve_debug_set(int); +char *ve_error_get(void); +void ve_efi_init(void); +intve_status_get(int); +intload_manifest(const char *, const char *, const char *, struct stat *); +intpass_manifest(const char *, const char *); +intpass_manifest_export_envs(void); +intverify_file(int, const char *, off_t, int, const char *); +void verify_pcr_export(void); + +struct vectx; +struct vectx* vectx_open(int, const char *, off_t, struct stat *, int *, const char *); +ssize_tvectx_read(struct vectx *, void *, size_t); +off_t vectx_lseek(struct vectx *, off_t, int); +intvectx_close(struct vectx *, int, const char *); #endif /* _VERIFY_FILE_H_ */ Modified: head/lib/libsecureboot/tests/tvo.c == --- head/lib/libsecureboot/tests/tvo.c Sun Mar 8 16:55:34 2020 (r358743) +++ head/lib/libsecureboot/tests/tvo.c Sun Mar 8 17:42:42 2020 (r358744) @@
svn commit: r355962 - head/lib/libsecureboot
Author: sjg Date: Fri Dec 20 21:56:28 2019 New Revision: 355962 URL: https://svnweb.freebsd.org/changeset/base/355962 Log: Avoid unused vars when VE_ECDSA_HASH_AGAIN undefined Reviewed by: emaste MFC after:1 week Modified: head/lib/libsecureboot/vets.c Modified: head/lib/libsecureboot/vets.c == --- head/lib/libsecureboot/vets.c Fri Dec 20 21:55:13 2019 (r355961) +++ head/lib/libsecureboot/vets.c Fri Dec 20 21:56:28 2019 (r355962) @@ -642,9 +642,10 @@ hexdigest(char *buf, size_t bufsz, unsigned char *foo, static unsigned char * verify_ec(br_x509_pkey *pk, const char *file, const char *sigfile) { - char hexbuf[br_sha512_SIZE * 2 + 2]; +#ifdef VE_ECDSA_HASH_AGAIN + char *hex, hexbuf[br_sha512_SIZE * 2 + 2]; +#endif unsigned char rhbuf[br_sha512_SIZE]; - char *hex; br_sha256_context ctx; unsigned char *fcp, *scp; size_t flen, slen, plen; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r355904 - in head: lib/libmagic lib/libpmc share/mk
Author: sjg Date: Thu Dec 19 02:40:04 2019 New Revision: 355904 URL: https://svnweb.freebsd.org/changeset/base/355904 Log: Tweaks for DIRDEPS_BUILD libmagic only depend on mkmagic if not DIRDEPS_BUILD libpmc fix -I for libpmcstat local.dirdeps.mk be even more careful about adding gnu/lib/csu to DIRDEPS Reviewed by: bdrewery Differential Revision:https://reviews.freebsd.org/D22872 Modified: head/lib/libmagic/Makefile head/lib/libpmc/Makefile head/share/mk/local.dirdeps.mk Modified: head/lib/libmagic/Makefile == --- head/lib/libmagic/Makefile Thu Dec 19 02:32:37 2019(r355903) +++ head/lib/libmagic/Makefile Thu Dec 19 02:40:04 2019(r355904) @@ -37,7 +37,7 @@ MAGFILES= ${CONTRDIR}/magic/Header \ magic: ${MAGFILES} cat ${.ALLSRC:O} > ${.TARGET} -magic.mgc: mkmagic magic +magic.mgc: magic ${BTOOLSPATH:U.}/mkmagic magic .if ${MACHINE} == "host" || ${MK_DIRDEPS_BUILD} == "no" @@ -51,6 +51,8 @@ mkmagic: apprentice.c cdf_time.c encoding.c funcs.c ma .endif .if ${MK_DIRDEPS_BUILD} == "yes" BTOOLSPATH= ${HOST_OBJTOP}/${RELDIR} +.else +magic.mgc: mkmagic .endif FILEVER!= awk '$$1 == "\#define" && $$2 == "VERSION" { print $$3; exit }' \ Modified: head/lib/libpmc/Makefile == --- head/lib/libpmc/MakefileThu Dec 19 02:32:37 2019(r355903) +++ head/lib/libpmc/MakefileThu Dec 19 02:40:04 2019(r355904) @@ -20,7 +20,7 @@ EVENT_ARCH="powerpc" .if ${MK_DIRDEPS_BUILD} == "yes" # avoid circular dependency -CFLAGS+= -I${RELDIR:H}/libpmcstat +CFLAGS+= -I${SRCTOP}/${RELDIR:H}/libpmcstat GENDIRDEPS_FILTER+= N${RELDIR:H}/libpmcstat JEVENTS?= ${HOST_OBJTOP}/${RELDIR}/pmu-events/jevents .else Modified: head/share/mk/local.dirdeps.mk == --- head/share/mk/local.dirdeps.mk Thu Dec 19 02:32:37 2019 (r355903) +++ head/share/mk/local.dirdeps.mk Thu Dec 19 02:40:04 2019 (r355904) @@ -222,7 +222,7 @@ DIRDEPS += targets/pseudo/stage .endif # this one is too pervasive -.if ${MK_BSD_CRTBEGIN} == "no" && ${DEP_RELDIR} != "gnu/lib/csu" +.if ${MK_BSD_CRTBEGIN} == "no" && ${DEP_RELDIR:N.:Ngnu/lib/csu:Ninclude*:Ntargets/*} != "" DIRDEPS+= gnu/lib/csu .endif ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r355618 - in head: lib/libbsnmp/libbsnmp lib/libgcc_eh lib/libmagic lib/libpmc share/mk targets
Author: sjg Date: Wed Dec 11 17:38:15 2019 New Revision: 355618 URL: https://svnweb.freebsd.org/changeset/base/355618 Log: Update dirdeps.mk and gendirdeps.mk The env space consumed by exporting all libc's .meta files left little room for command line, so unexport when done. Update dirdeps.mk to latest and add dirdeps-targets.mk to simplify/update targets/Makefile Makefile changes to go with Makefile.depend changes in D22494 Reviewed by: bdrewery MFC after:1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22495 Added: head/share/mk/dirdeps-targets.mk (contents, props changed) head/share/mk/local.dirdeps-options.mk (contents, props changed) Modified: head/lib/libbsnmp/libbsnmp/Makefile head/lib/libgcc_eh/Makefile head/lib/libmagic/Makefile head/lib/libpmc/Makefile head/share/mk/dirdeps.mk head/share/mk/gendirdeps.mk head/share/mk/local.dirdeps.mk head/share/mk/local.gendirdeps.mk head/share/mk/local.meta.sys.mk head/share/mk/meta.sys.mk head/targets/Makefile head/targets/Makefile.inc Modified: head/lib/libbsnmp/libbsnmp/Makefile == --- head/lib/libbsnmp/libbsnmp/Makefile Wed Dec 11 17:37:53 2019 (r355617) +++ head/lib/libbsnmp/libbsnmp/Makefile Wed Dec 11 17:38:15 2019 (r355618) @@ -24,12 +24,17 @@ SRCS+= snmptc.h INCS= asn1.h snmp.h snmpagent.h snmpclient.h MAN= asn1.3 bsnmpagent.3 bsnmpclient.3 bsnmplib.3 +.if ${MK_DIRDEPS_BUILD} == "yes" +GENSNMPTREE?= ${HOST_OBJTOP}/usr.sbin/bsnmpd/gensnmptree/gensnmptree +.endif +GENSNMPTREE?= gensnmptree + snmptc.h : tc.def (\ echo "/* autogenerated from tc.def */";\ echo "#ifndef snmptc_h_1529923773";\ echo "#define snmptc_h_1529923773";\ - gensnmptree -E -f <${.ALLSRC};\ + ${GENSNMPTREE} -E -f <${.ALLSRC};\ echo "#endif" ; \ ) >${.TARGET} Modified: head/lib/libgcc_eh/Makefile == --- head/lib/libgcc_eh/Makefile Wed Dec 11 17:37:53 2019(r355617) +++ head/lib/libgcc_eh/Makefile Wed Dec 11 17:38:15 2019(r355618) @@ -10,4 +10,10 @@ WARNS?= 2 .include "Makefile.inc" +.if ${.MAKE.LEVEL} > 0 +# avoid circular dependencies +GENDIRDEPS_FILTER+= Nlib/msun +CFLAGS+= -I${SRCTOP}/lib/msun/src +.endif + .include Modified: head/lib/libmagic/Makefile == --- head/lib/libmagic/Makefile Wed Dec 11 17:37:53 2019(r355617) +++ head/lib/libmagic/Makefile Wed Dec 11 17:38:15 2019(r355618) @@ -40,12 +40,18 @@ magic: ${MAGFILES} magic.mgc: mkmagic magic ${BTOOLSPATH:U.}/mkmagic magic +.if ${MACHINE} == "host" || ${MK_DIRDEPS_BUILD} == "no" CLEANFILES+= mkmagic DEPENDOBJS+= mkmagic build-tools: mkmagic mkmagic: apprentice.c cdf_time.c encoding.c funcs.c magic.c print.c ${INCS} ${BUILD_TOOLS_META} ${CC:N${CCACHE_BIN}} ${CFLAGS} -DCOMPILE_ONLY ${LDFLAGS} -o ${.TARGET} \ ${.ALLSRC:N*.h:O:u} ${LDADD} + +.endif +.if ${MK_DIRDEPS_BUILD} == "yes" +BTOOLSPATH= ${HOST_OBJTOP}/${RELDIR} +.endif FILEVER!= awk '$$1 == "\#define" && $$2 == "VERSION" { print $$3; exit }' \ ${.CURDIR}/config.h Modified: head/lib/libpmc/Makefile == --- head/lib/libpmc/MakefileWed Dec 11 17:37:53 2019(r355617) +++ head/lib/libpmc/MakefileWed Dec 11 17:38:15 2019(r355618) @@ -17,11 +17,19 @@ EVENT_ARCH="x86" EVENT_ARCH="powerpc" .endif +.if ${MK_DIRDEPS_BUILD} == "yes" +# avoid circular dependency +CFLAGS+= -I${RELDIR:H}/libpmcstat +GENDIRDEPS_FILTER+= N${RELDIR:H}/libpmcstat +JEVENTS?= ${HOST_OBJTOP}/${RELDIR}/pmu-events/jevents +.else JEVENTS= ${BTOOLSPATH:U.}/pmu-events/jevents + # This file is built in a subdirectory so never try to rebuild it here. ${JEVENTS}: .PHONY .if make(*clean*) SUBDIR+= pmu-events +.endif .endif libpmc_events.c: ${JEVENTS} Added: head/share/mk/dirdeps-targets.mk == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/mk/dirdeps-targets.mkWed Dec 11 17:38:15 2019 (r355618) @@ -0,0 +1,134 @@ +# $FreeBSD$ +# RCSid: +# $Id: dirdeps-targets.mk,v 1.9 2019/10/06 20:07:50 sjg Exp $ +# +# @(#) Copyright (c) 2019 Simon J. Gerraty +# +# This file is provided in the hope that it will +# be of use. There is absolutely NO WARRANTY. +# Permission to copy, redistribute or otherwise +# use this file is hereby granted provided that +#
svn commit: r355617 - in head: bin/ls cddl/lib/libavl cddl/lib/libctf cddl/lib/libnvpair cddl/lib/libumem cddl/lib/libuutil cddl/lib/libzfs cddl/lib/libzfs_core gnu/lib/libdialog gnu/lib/libgomp gn...
Author: sjg Date: Wed Dec 11 17:37:53 2019 New Revision: 355617 URL: https://svnweb.freebsd.org/changeset/base/355617 Log: Update Makefile.depend files Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after:1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Added: head/lib/libbe/Makefile.depend (contents, props changed) head/lib/libcasper/services/cap_fileargs/Makefile.depend (contents, props changed) head/lib/libcasper/services/cap_syslog/Makefile.depend (contents, props changed) head/lib/libedit/Makefile.depend (contents, props changed) head/lib/libedit/readline/Makefile.depend (contents, props changed) head/lib/libmagic/Makefile.depend.inc (contents, props changed) head/lib/libomp/Makefile.depend (contents, props changed) head/lib/libopencsd/Makefile.depend (contents, props changed) head/lib/libsecureboot/Makefile.depend.amd64 (contents, props changed) head/lib/libveriexec/Makefile.depend (contents, props changed) head/lib/ofed/complib/Makefile.depend (contents, props changed) head/lib/ofed/include/Makefile.depend (contents, props changed) head/lib/ofed/libcxgb4/Makefile.depend (contents, props changed) head/lib/ofed/libibcm/Makefile.depend (contents, props changed) head/lib/ofed/libibmad/Makefile.depend (contents, props changed) head/lib/ofed/libibnetdisc/Makefile.depend (contents, props changed) head/lib/ofed/libibverbs/Makefile.depend (contents, props changed) head/lib/ofed/libmlx4/Makefile.depend (contents, props changed) head/lib/ofed/libmlx5/Makefile.depend (contents, props changed) head/lib/ofed/libopensm/Makefile.depend (contents, props changed) head/lib/ofed/librdmacm/Makefile.depend (contents, props changed) head/lib/ofed/libvendor/Makefile.depend (contents, props changed) head/sbin/bectl/Makefile.depend (contents, props changed) head/sbin/devmatch/Makefile.depend (contents, props changed) head/sbin/geom/Makefile.depend (contents, props changed) head/stand/i386/loader_4th/Makefile.depend (contents, props changed) Modified: head/bin/ls/Makefile.depend head/cddl/lib/libavl/Makefile.depend head/cddl/lib/libctf/Makefile.depend head/cddl/lib/libnvpair/Makefile.depend head/cddl/lib/libumem/Makefile.depend head/cddl/lib/libuutil/Makefile.depend head/cddl/lib/libzfs/Makefile.depend head/cddl/lib/libzfs_core/Makefile.depend head/gnu/lib/libdialog/Makefile.depend head/gnu/lib/libgomp/Makefile.depend head/gnu/lib/libregex/Makefile.depend head/gnu/lib/libssp/Makefile.depend head/gnu/lib/libstdc++/Makefile.depend head/gnu/lib/libsupc++/Makefile.depend head/kerberos5/lib/libasn1/Makefile.depend head/kerberos5/lib/libgssapi_krb5/Makefile.depend head/kerberos5/lib/libhdb/Makefile.depend head/kerberos5/lib/libheimbase/Makefile.depend head/kerberos5/lib/libheimipcc/Makefile.depend head/kerberos5/lib/libheimntlm/Makefile.depend head/kerberos5/lib/libhx509/Makefile.depend head/kerberos5/lib/libkadm5clnt/Makefile.depend head/kerberos5/lib/libkafs5/Makefile.depend head/kerberos5/lib/libkdc/Makefile.depend head/kerberos5/lib/libkrb5/Makefile.depend head/kerberos5/lib/libroken/Makefile.depend head/kerberos5/lib/libwind/Makefile.depend head/lib/atf/libatf-c/Makefile.depend head/lib/lib80211/Makefile.depend head/lib/libalias/libalias/Makefile.depend head/lib/libarchive/Makefile.depend head/lib/libbegemot/Makefile.depend head/lib/libblacklist/Makefile.depend head/lib/libblocksruntime/Makefile.depend head/lib/libbluetooth/Makefile.depend head/lib/libbsdstat/Makefile.depend head/lib/libbsm/Makefile.depend head/lib/libbsnmp/libbsnmp/Makefile.depend head/lib/libbz2/Makefile.depend head/lib/libc++/Makefile.depend head/lib/libc/Makefile.depend head/lib/libc/tests/tls_dso/Makefile.depend head/lib/libcalendar/Makefile.depend head/lib/libcam/Makefile.depend head/lib/libcasper/libcasper/Makefile.depend head/lib/libcasper/services/cap_dns/Makefile.depend head/lib/libcasper/services/cap_grp/Makefile.depend head/lib/libcasper/services/cap_pwd/Makefile.depend head/lib/libcasper/services/cap_sysctl/Makefile.depend head/lib/libcom_err/Makefile.depend head/lib/libcrypt/Makefile.depend head/lib/libcuse/Makefile.depend head/lib/libcxxrt/Makefile.depend head/lib/libdevctl/Makefile.depend head/lib/libdevdctl/Makefile.depend head/lib/libdevinfo/Makefile.depend head/lib/libdevstat/Makefile.depend head/lib/libdpv/Makefile.depend head/lib/libdwarf/Makefile.depend head/lib/libefivar/Makefile.depend head/lib/libelf/Makefile.depend head/lib/libevent/Makefile.depend head/lib/libexecinfo/Makefile.depend head/lib/libexpat/Makefile.depend head/lib/libfetch/Makefile.depend head/lib/libfigpar/Makefile.depend head/lib/libgcc_s/Makefile.depend
svn commit: r355616 - in head: bin/ls lib/libarchive lib/libbsnmp/libbsnmp lib/libc lib/libfetch lib/libpam/modules/pam_unix lib/libpcap lib/libproc lib/libradius libexec/fingerd libexec/ftpd libex...
Author: sjg Date: Wed Dec 11 17:37:37 2019 New Revision: 355616 URL: https://svnweb.freebsd.org/changeset/base/355616 Log: Add Makefile.depend.options Leaf directories that have dependencies impacted by options need a Makefile.depend.options file to avoid churn in Makefile.depend DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc can be set in local.dirdeps-options.mk which can add to those set in Makefile.depend.options See share/mk/dirdeps-options.mk Reviewed by: bdrewery MFC after:1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22469 Added: head/bin/ls/Makefile.depend.options (contents, props changed) head/lib/libarchive/Makefile.depend.options (contents, props changed) head/lib/libbsnmp/libbsnmp/Makefile.depend.options (contents, props changed) head/lib/libc/Makefile.depend.options (contents, props changed) head/lib/libfetch/Makefile.depend.options (contents, props changed) head/lib/libpam/modules/pam_unix/Makefile.depend.options (contents, props changed) head/lib/libpcap/Makefile.depend.options (contents, props changed) head/lib/libproc/Makefile.depend.options (contents, props changed) head/lib/libradius/Makefile.depend.options (contents, props changed) head/libexec/fingerd/Makefile.depend.options (contents, props changed) head/libexec/ftpd/Makefile.depend.options (contents, props changed) head/libexec/telnetd/Makefile.depend.options (contents, props changed) head/libexec/tftpd/Makefile.depend.options (contents, props changed) head/sbin/dhclient/Makefile.depend.options (contents, props changed) head/sbin/dumpon/Makefile.depend.options (contents, props changed) head/sbin/ifconfig/Makefile.depend.options (contents, props changed) head/sbin/ping/Makefile.depend.options (contents, props changed) head/sbin/ping6/Makefile.depend.options (contents, props changed) head/sbin/rtsol/Makefile.depend.options (contents, props changed) head/sbin/savecore/Makefile.depend.options (contents, props changed) head/secure/usr.bin/ssh/Makefile.depend.options (contents, props changed) head/secure/usr.sbin/sshd/Makefile.depend.options (contents, props changed) head/usr.bin/brandelf/Makefile.depend.options (contents, props changed) head/usr.bin/chkey/Makefile.depend.options (contents, props changed) head/usr.bin/chpass/Makefile.depend.options (contents, props changed) head/usr.bin/factor/Makefile.depend.options (contents, props changed) head/usr.bin/grep/Makefile.depend.options (contents, props changed) head/usr.bin/gzip/Makefile.depend.options (contents, props changed) head/usr.bin/head/Makefile.depend.options (contents, props changed) head/usr.bin/kdump/Makefile.depend.options (contents, props changed) head/usr.bin/login/Makefile.depend.options (contents, props changed) head/usr.bin/netstat/Makefile.depend.options (contents, props changed) head/usr.bin/nm/Makefile.depend.options (contents, props changed) head/usr.bin/readelf/Makefile.depend.options (contents, props changed) head/usr.bin/size/Makefile.depend.options (contents, props changed) head/usr.bin/sort/Makefile.depend.options (contents, props changed) head/usr.bin/strings/Makefile.depend.options (contents, props changed) head/usr.bin/su/Makefile.depend.options (contents, props changed) head/usr.bin/tail/Makefile.depend.options (contents, props changed) head/usr.bin/telnet/Makefile.depend.options (contents, props changed) head/usr.bin/wc/Makefile.depend.options (contents, props changed) head/usr.sbin/amd/amd/Makefile.depend.options (contents, props changed) head/usr.sbin/bhyve/Makefile.depend.options (contents, props changed) head/usr.sbin/bsnmpd/bsnmpd/Makefile.depend.options (contents, props changed) head/usr.sbin/fstyp/Makefile.depend.options (contents, props changed) head/usr.sbin/gssd/Makefile.depend.options (contents, props changed) head/usr.sbin/inetd/Makefile.depend.options (contents, props changed) head/usr.sbin/ngctl/Makefile.depend.options (contents, props changed) head/usr.sbin/ntp/ntp-keygen/Makefile.depend.options (contents, props changed) head/usr.sbin/ntp/ntpd/Makefile.depend.options (contents, props changed) head/usr.sbin/ntp/ntpdate/Makefile.depend.options (contents, props changed) head/usr.sbin/ntp/ntpdc/Makefile.depend.options (contents, props changed) head/usr.sbin/ntp/ntpq/Makefile.depend.options (contents, props changed) head/usr.sbin/ntp/sntp/Makefile.depend.options (contents, props changed) head/usr.sbin/rpcbind/Makefile.depend.options (contents, props changed) head/usr.sbin/rtsold/Makefile.depend.options (contents, props changed) head/usr.sbin/sendmail/Makefile.depend.options (contents, props changed) head/usr.sbin/tcpdump/tcpdump/Makefile.depend.options (contents, props changed)
svn commit: r354138 - in head: . tools/build
Author: sjg Date: Mon Oct 28 20:45:29 2019 New Revision: 354138 URL: https://svnweb.freebsd.org/changeset/base/354138 Log: Building head on stable/11 requires libzstd Add lib/libzstd to _elftoolchain_libs tools/build/Makefile needs to create the install dir for libzstd Since this would make the line too long, rework to use a list in one per line format (easier to add in future) and dispense with the .for loop Reviewed by: emaste bapt Differential Revision:https://reviews.freebsd.org/D220134 Modified: head/Makefile.inc1 head/tools/build/Makefile Modified: head/Makefile.inc1 == --- head/Makefile.inc1 Mon Oct 28 19:00:27 2019(r354137) +++ head/Makefile.inc1 Mon Oct 28 20:45:29 2019(r354138) @@ -1697,7 +1697,7 @@ buildkernel: .MAKE .PHONY @echo "--" @echo ">>> Kernel build for ${_kernel} completed on `LC_ALL=C date`" @echo "--" - + .endfor @seconds=$$(($$(date '+%s') - ${_BUILDKERNEL_START})); \ echo -n ">>> Kernel(s) ${BUILDKERNELS} built in $$seconds seconds, "; \ @@ -2159,7 +2159,7 @@ _bootstrap_tools_links+=m4 lex # r339083 libelf: correct mips64el test to use ELF header # r348347 Add missing powerpc64 relocation support to libdwarf .if ${BOOTSTRAPPING} < 1300030 -_elftoolchain_libs= lib/libelf lib/libdwarf +_elftoolchain_libs= lib/libelf lib/libdwarf lib/libzstd ${_bt}-lib/libelf: ${_bt_m4_depend} ${_bt}-lib/libdwarf: ${_bt_m4_depend} .endif @@ -2360,7 +2360,6 @@ ${_bt}-link-${_tool}: .PHONY .MAKE fi ${_bt}-links: ${_bt}-link-${_tool} .endfor - bootstrap-tools: ${_bt}-links .PHONY Modified: head/tools/build/Makefile == --- head/tools/build/Makefile Mon Oct 28 19:00:27 2019(r354137) +++ head/tools/build/Makefile Mon Oct 28 20:45:29 2019(r354138) @@ -120,10 +120,17 @@ host-symlinks: # Create all the directories that are needed during the legacy, bootstrap-tools # and cross-tools stages. We do this here using mkdir since mtree may not exist # yet (this happens if we are crossbuilding from Linux/Mac). +INSTALLDIR_LIST= \ + bin \ + lib/casper \ + lib/geom \ + usr/include/casper \ + usr/include/private/zstd \ + usr/lib \ + installdirs: -.for _dir in bin usr/lib usr/include usr/include/casper lib/geom lib/casper - mkdir -p "${DESTDIR}/${_dir}" -.endfor + mkdir -p ${INSTALLDIR_LIST:S,^,${DESTDIR}/,} + # Link usr/bin, sbin, and usr/sbin to bin so that it doesn't matter whether a # bootstrap tool was added to WORLTMP with a symlink or by building it in the # bootstrap-tools phase. We could also overrride BINDIR when building bootstrap ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r354055 - head/stand/efi/loader
Author: sjg Date: Thu Oct 24 22:26:06 2019 New Revision: 354055 URL: https://svnweb.freebsd.org/changeset/base/354055 Log: Guard reference to x86_hypervisor Obviously we only want x86_hypervisor on x86 Guard reference to x86_hypervisor Obviously we only want x86_hypervisor on x86 Modified: head/stand/efi/loader/main.c Modified: head/stand/efi/loader/main.c == --- head/stand/efi/loader/main.cThu Oct 24 22:23:53 2019 (r354054) +++ head/stand/efi/loader/main.cThu Oct 24 22:26:06 2019 (r354055) @@ -863,7 +863,9 @@ main(int argc, CHAR16 *argv[]) archsw.arch_getdev = efi_getdev; archsw.arch_copyin = efi_copyin; archsw.arch_copyout = efi_copyout; +#ifdef __amd64__ archsw.arch_hypervisor = x86_hypervisor; +#endif archsw.arch_readin = efi_readin; archsw.arch_zfs_probe = efi_zfs_probe; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r354043 - in head/stand: . ficl ficl/amd64 ficl/i386 ficl/x86 i386/loader libsa libsa/x86
Author: sjg Date: Thu Oct 24 20:02:48 2019 New Revision: 354043 URL: https://svnweb.freebsd.org/changeset/base/354043 Log: Add support for hypervisor check on x86 Add ficl words for isvirtualized and move ficl inb and outb words to ficl/x86/sysdep.c so can be shared by i386 and amd64 Reviewed by: imp bdrewery MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org/D22069 Added: head/stand/ficl/x86/ head/stand/ficl/x86/sysdep.c (contents, props changed) head/stand/libsa/x86/ head/stand/libsa/x86/hypervisor.c (contents, props changed) Modified: head/stand/defs.mk head/stand/ficl/amd64/sysdep.c head/stand/ficl/i386/sysdep.c head/stand/ficl/loader.c head/stand/i386/loader/main.c head/stand/libsa/Makefile head/stand/libsa/stand.h Modified: head/stand/defs.mk == --- head/stand/defs.mk Thu Oct 24 20:00:37 2019(r354042) +++ head/stand/defs.mk Thu Oct 24 20:02:48 2019(r354043) @@ -189,14 +189,15 @@ teken_state.h: ${SYSDIR}/teken/sequences ${SYSDIR}/teken/sequences > teken_state.h .if !defined(NO_OBJ) -_ILINKS=machine +_ILINKS=include/machine .if ${MACHINE} != ${MACHINE_CPUARCH} && ${MACHINE} != "arm64" -_ILINKS+=${MACHINE_CPUARCH} +_ILINKS+=include/${MACHINE_CPUARCH} .endif .if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64" -_ILINKS+=x86 +_ILINKS+=include/x86 .endif -CLEANFILES+=${_ILINKS} +CFLAGS+= -Iinclude +CLEANDIRS+= include beforedepend: ${_ILINKS} beforebuild: ${_ILINKS} @@ -211,8 +212,8 @@ ${OBJS}: ${_link} .NOPATH: ${_ILINKS} -${_ILINKS}: - @case ${.TARGET} in \ +${_ILINKS}: .NOMETA + @case ${.TARGET:T} in \ machine) \ if [ ${DO32:U0} -eq 0 ]; then \ path=${SYSDIR}/${MACHINE}/include ; \ @@ -222,8 +223,11 @@ ${_ILINKS}: *) \ path=${SYSDIR}/${.TARGET:T}/include ;; \ esac ; \ + case ${.TARGET} in \ + */*) mkdir -p ${.TARGET:H};; \ + esac ; \ path=`(cd $$path && /bin/pwd)` ; \ - ${ECHO} ${.TARGET:T} "->" $$path ; \ - ln -fhs $$path ${.TARGET:T} + ${ECHO} ${.TARGET} "->" $$path ; \ + ln -fhs $$path ${.TARGET} .endif # !NO_OBJ .endif # __BOOT_DEFS_MK__ Modified: head/stand/ficl/amd64/sysdep.c == --- head/stand/ficl/amd64/sysdep.c Thu Oct 24 20:00:37 2019 (r354042) +++ head/stand/ficl/amd64/sysdep.c Thu Oct 24 20:02:48 2019 (r354043) @@ -17,6 +17,8 @@ #endif #include "ficl.h" +#include "../x86/sysdep.c" + /* *** FreeBSD P O R T B E G I N S H E R E Michael Smith */ Modified: head/stand/ficl/i386/sysdep.c == --- head/stand/ficl/i386/sysdep.c Thu Oct 24 20:00:37 2019 (r354042) +++ head/stand/ficl/i386/sysdep.c Thu Oct 24 20:02:48 2019 (r354043) @@ -14,12 +14,11 @@ #include #else #include -#ifdef __i386__ -#include #endif -#endif #include "ficl.h" +#include "../x86/sysdep.c" + /* *** FreeBSD P O R T B E G I N S H E R E Michael Smith */ @@ -80,53 +79,6 @@ void ficlFree (void *p) free(p); } -#ifndef TESTMAIN -/* - * outb ( port# c -- ) - * Store a byte to I/O port number port# - */ -void -ficlOutb(FICL_VM *pVM) -{ - u_char c; - uint32_t port; - - port=stackPopUNS(pVM->pStack); - c=(u_char)stackPopINT(pVM->pStack); - outb(port,c); -} - -/* - * inb ( port# -- c ) - * Fetch a byte from I/O port number port# - */ -void -ficlInb(FICL_VM *pVM) -{ - u_char c; - uint32_t port; - - port=stackPopUNS(pVM->pStack); - c=inb(port); - stackPushINT(pVM->pStack,c); -} - -/* - * Glue function to add the appropriate forth words to access x86 special cpu - * functionality. - */ -static void ficlCompileCpufunc(FICL_SYSTEM *pSys) -{ -FICL_DICT *dp = pSys->dp; -assert (dp); - -dictAppendWord(dp, "outb", ficlOutb, FW_DEFAULT); -dictAppendWord(dp, "inb", ficlInb,FW_DEFAULT); -} - -FICL_COMPILE_SET(ficlCompileCpufunc); - -#endif /* ** Stub function for dictionary access control - does nothing Modified: head/stand/ficl/loader.c == --- head/stand/ficl/loader.cThu Oct 24 20:00:37 2019(r354042) +++ head/stand/ficl/loader.cThu Oct 24 20:02:48 2019(r354043) @@ -287,6 +287,32 @@ ficlFindfile(FICL_VM *pVM) return; } +#ifndef TESTMAIN + +/* isvirtualized? - Return whether the loader runs under a + * hypervisor. + * + * isvirtualized? ( -- flag ) + */ +static void +ficlIsvirtualizedQ(FICL_VM *pVM) +{ +
svn commit: r354039 - head/stand/efi/loader
Author: sjg Date: Thu Oct 24 19:52:41 2019 New Revision: 354039 URL: https://svnweb.freebsd.org/changeset/base/354039 Log: Allow loader.efi to identify non-standard boot setup PATH_BOOTABLE_TOKEN can be set to a non-standard path that identifies a device as bootable. Reviewed by: kevans, bcran Differential Revision: https://reviews.freebsd.org/D22062 Modified: head/stand/efi/loader/main.c Modified: head/stand/efi/loader/main.c == --- head/stand/efi/loader/main.cThu Oct 24 19:50:18 2019 (r354038) +++ head/stand/efi/loader/main.cThu Oct 24 19:52:41 2019 (r354039) @@ -863,6 +863,7 @@ main(int argc, CHAR16 *argv[]) archsw.arch_getdev = efi_getdev; archsw.arch_copyin = efi_copyin; archsw.arch_copyout = efi_copyout; + archsw.arch_hypervisor = x86_hypervisor; archsw.arch_readin = efi_readin; archsw.arch_zfs_probe = efi_zfs_probe; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r354038 - head/lib/libsecureboot
Author: sjg Date: Thu Oct 24 19:50:18 2019 New Revision: 354038 URL: https://svnweb.freebsd.org/changeset/base/354038 Log: Initialize verbosity and debug level from env For EFI at least, we can seed the environment with VE_VERBOSE etc. Reviewed by: stevek imp Sponsored by: Juniper Networks MFC after:1 week Differential Revision: https://reviews.freebsd.org/D22135 Modified: head/lib/libsecureboot/verify_file.c head/lib/libsecureboot/vets.c Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cThu Oct 24 19:47:32 2019 (r354037) +++ head/lib/libsecureboot/verify_file.cThu Oct 24 19:50:18 2019 (r354038) @@ -292,6 +292,28 @@ verify_tweak(int fd, off_t off, struct stat *stp, } } +#ifndef VE_DEBUG_LEVEL +# define VE_DEBUG_LEVEL 0 +#endif + +static int +getenv_int(const char *var, int def) +{ + const char *cp; + char *ep; + long val; + + val = def; + cp = getenv(var); + if (cp && *cp) { + val = strtol(cp, , 0); + if ((ep && *ep) || val != (int)val) { + val = def; + } + } + return (int)val; +} + /** * @brief verify an open file * @@ -331,9 +353,8 @@ verify_file(int fd, const char *filename, off_t off, i if (verifying < 0) { verifying = ve_trust_init(); -#ifdef VE_DEBUG_LEVEL - ve_debug_set(VE_DEBUG_LEVEL); -#endif + verbose = getenv_int("VE_VERBOSE", VE_VERBOSE_DEFAULT); + ve_debug_set(getenv_int("VE_DEBUG_LEVEL", VE_DEBUG_LEVEL)); /* initialize ve_status with default result */ rc = verifying ? VE_NOT_CHECKED : VE_NOT_VERIFYING; ve_status_set(0, rc); Modified: head/lib/libsecureboot/vets.c == --- head/lib/libsecureboot/vets.c Thu Oct 24 19:47:32 2019 (r354037) +++ head/lib/libsecureboot/vets.c Thu Oct 24 19:50:18 2019 (r354038) @@ -240,7 +240,7 @@ ve_forbidden_digest_add(hash_data *digest, size_t num) static size_t ve_anchors_add(br_x509_certificate *xcs, size_t num, anchor_list *anchors, -char *anchors_name) +const char *anchors_name) { br_x509_trust_anchor ta; size_t u; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r353697 - head/stand/efi/loader
Author: sjg Date: Thu Oct 17 20:40:06 2019 New Revision: 353697 URL: https://svnweb.freebsd.org/changeset/base/353697 Log: Allow loader.efi to identify non-standard boot setup PATH_BOOTABLE_TOKEN can be set to a non-standard path that identifies a device as bootable. Reviewed by: kevans, bcran Differential Revision: https://reviews.freebsd.org/D22062 Modified: head/stand/efi/loader/main.c Modified: head/stand/efi/loader/main.c == --- head/stand/efi/loader/main.cThu Oct 17 20:25:15 2019 (r353696) +++ head/stand/efi/loader/main.cThu Oct 17 20:40:06 2019 (r353697) @@ -239,6 +239,9 @@ sanity_check_currdev(void) struct stat st; return (stat(PATH_DEFAULTS_LOADER_CONF, ) == 0 || +#ifdef PATH_BOOTABLE_TOKEN + stat(PATH_BOOTABLE_TOKEN, ) == 0 || /* non-standard layout */ +#endif stat(PATH_KERNEL, ) == 0); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r352942 - head/share/mk
Author: sjg Date: Tue Oct 1 20:32:03 2019 New Revision: 352942 URL: https://svnweb.freebsd.org/changeset/base/352942 Log: Need to use ${${_${group}DIR_${file}}} for STAGE_DIR STAGE_DIR.${${_${group}DIR_${file}}:C,[/*],_,g} was getting ${STAGE_OBJTOP}BINDIR rather than ${STAGE_OBJTOP}${BINDIR} when FILESDIR=BINDIR Reviewed by: stevek MFC after:1 week Differential Revision:https://reviews.freebsd.org/D21858 Modified: head/share/mk/bsd.files.mk Modified: head/share/mk/bsd.files.mk == --- head/share/mk/bsd.files.mk Tue Oct 1 20:22:54 2019(r352941) +++ head/share/mk/bsd.files.mk Tue Oct 1 20:32:03 2019(r352942) @@ -109,7 +109,7 @@ STAGE_AS_${file}= ${${group}NAME_${file}} # we need to expand ${group}DIR_${file} and replace # all '/' and '*' with '_' to make a safe target name. STAGE_AS_SETS+=${${_${group}DIR_${file}}:C,[/*],_,g} -STAGE_DIR.${${_${group}DIR_${file}}:C,[/*],_,g}= ${STAGE_OBJTOP}${${group}DIR_${file}} +STAGE_DIR.${${_${group}DIR_${file}}:C,[/*],_,g}= ${STAGE_OBJTOP}${${_${group}DIR_${file}}} stage_as.${${_${group}DIR_${file}}:C,[/*],_,g}: ${file} installfiles-${group}: _${group}INS1_${file} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r352370 - head/share/mk
Author: sjg Date: Mon Sep 16 00:32:23 2019 New Revision: 352370 URL: https://svnweb.freebsd.org/changeset/base/352370 Log: Document logic for __DEFAULT_DEPENDENT_OPTIONS Reviewed by: stevek Differential Revision:https://reviews.freebsd.org/D21640 Modified: head/share/mk/bsd.mkopt.mk Modified: head/share/mk/bsd.mkopt.mk == --- head/share/mk/bsd.mkopt.mk Sun Sep 15 23:56:39 2019(r352369) +++ head/share/mk/bsd.mkopt.mk Mon Sep 16 00:32:23 2019(r352370) @@ -11,12 +11,16 @@ # For each option FOO in __DEFAULT_NO_OPTIONS, MK_FOO is set to "no", # unless WITH_FOO is defined, in which case it is set to "yes". # +# For each entry FOO/BAR in __DEFAULT_DEPENDENT_OPTIONS, +# MK_FOO is set to "no" if WITHOUT_FOO is defined, +# "yes" if WITH_FOO is defined, otherwise the value of MK_BAR. +# # If both WITH_FOO and WITHOUT_FOO are defined, WITHOUT_FOO wins and # MK_FOO is set to "no" regardless of which list it was in. # -# Both __DEFAULT_YES_OPTIONS and __DEFAULT_NO_OPTIONS are undef'd -# after all this processing, allowing this file to be included -# multiple times with different lists. +# All of __DEFAULT_YES_OPTIONS, __DEFAULT_NO_OPTIONS and +# __DEFAULT_DEPENDENT_OPTIONS are undef'd after all this processing, +# allowing this file to be included multiple times with different lists. # # Other parts of the build system will set BROKEN_OPTIONS to a list # of options that are broken on this platform. This will not be unset ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r351954 - head/share/mk
Author: sjg Date: Fri Sep 6 19:05:01 2019 New Revision: 351954 URL: https://svnweb.freebsd.org/changeset/base/351954 Log: Use file destdir for stage_as sets We cannot use file (without :T) to name targets but we can use the destination directory (with / replaced by _) This has the benefit of minimizing the targets created. Reviewed by: bdrewery MFC after:1 week Differential Revision:https://reviews.freebsd.org//D21283 Modified: head/share/mk/bsd.files.mk Modified: head/share/mk/bsd.files.mk == --- head/share/mk/bsd.files.mk Fri Sep 6 18:51:41 2019(r351953) +++ head/share/mk/bsd.files.mk Fri Sep 6 19:05:01 2019(r351954) @@ -101,11 +101,16 @@ ${group}NAME_${file}?=${${group}NAME} .else ${group}NAME_${file}?= ${file:T} .endif # defined(${group}NAME) -STAGE_AS_SETS+=${file} STAGE_AS_${file}= ${${group}NAME_${file}} -# XXX {group}OWN,GRP,MODE -STAGE_DIR.${file}= ${STAGE_OBJTOP}${${_${group}DIR_${file}}} -stage_as.${file}: ${file} +# we cannot use file safely as a set name +# since we cannot? apply :T +# but we can use the ${group}DIR_${file} +# as a set - meta.stage.mk will :O:u for us +# we need to expand ${group}DIR_${file} and replace +# all '/' and '*' with '_' to make a safe target name. +STAGE_AS_SETS+=${${_${group}DIR_${file}}:C,[/*],_,g} +STAGE_DIR.${${_${group}DIR_${file}}:C,[/*],_,g}= ${STAGE_OBJTOP}${${group}DIR_${file}} +stage_as.${${_${group}DIR_${file}}:C,[/*],_,g}: ${file} installfiles-${group}: _${group}INS1_${file} _${group}INS1_${file}: installdirs-${_${group}DIR_${file}} _${group}INS_${file} @@ -122,12 +127,16 @@ realinstall: installfiles .ORDER: beforeinstall installfiles .if ${MK_STAGING} != "no" +.if ${FILESGROUPS:@g@${$g}@} != "" .if !empty(STAGE_SETS) buildfiles: stage_files STAGE_TARGETS+= stage_files +stage_files: .if !empty(STAGE_AS_SETS) buildfiles: stage_as STAGE_TARGETS+= stage_as +stage_as: +.endif .endif .endif .endif ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r346604 - in head/lib/libsecureboot: . h
Author: sjg Date: Tue Apr 23 20:25:25 2019 New Revision: 346604 URL: https://svnweb.freebsd.org/changeset/base/346604 Log: Allow no_hash to appear in manifest. sbin/veriexec will ignore entries that have no hash anyway, but loader needs to be explicitly told that such files are ok to ignore (not verify). We will report as Unverified depending on verbose level, but with no reason - because we are not rejecting the file. Reviewed by: imp, mindal_semihalf Sponsored by: Juniper Networks MFC After: 1 week Differential Revision: https://reviews.freebsd.org//D20018 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/vectx.c head/lib/libsecureboot/veopen.c head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/h/libsecureboot.h == --- head/lib/libsecureboot/h/libsecureboot.hTue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/h/libsecureboot.hTue Apr 23 20:25:25 2019 (r346604) @@ -86,6 +86,7 @@ ssize_t ve_pcr_get(unsigned char *, size_t); #define VEF_VERBOSE1 #define VE_FINGERPRINT_OK 1 +#define VE_FINGERPRINT_IGNORE 2 /* errors from verify_fd */ #define VE_FINGERPRINT_NONE-2 #define VE_FINGERPRINT_WRONG -3 Modified: head/lib/libsecureboot/vectx.c == --- head/lib/libsecureboot/vectx.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/vectx.c Tue Apr 23 20:25:25 2019 (r346604) @@ -120,7 +120,10 @@ vectx_open(int fd, const char *path, off_t off, struct ctx->vec_status = VE_FINGERPRINT_NONE; ve_error_set("%s: no entry", path); } else { - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + ctx->vec_status = VE_FINGERPRINT_IGNORE; + hashsz = 0; + } else if (strncmp(cp, "sha256=", 7) == 0) { ctx->vec_md = _sha256_vtable; hashsz = br_sha256_SIZE; cp += 7; @@ -150,11 +153,13 @@ vectx_open(int fd, const char *path, off_t off, struct *error = ctx->vec_status; ctx->vec_hashsz = hashsz; ctx->vec_want = cp; - ctx->vec_md->init(>vec_ctx.vtable); + if (hashsz > 0) { + ctx->vec_md->init(>vec_ctx.vtable); - if (hashsz > 0 && off > 0) { - lseek(fd, 0, SEEK_SET); - vectx_lseek(ctx, off, SEEK_SET); + if (off > 0) { + lseek(fd, 0, SEEK_SET); + vectx_lseek(ctx, off, SEEK_SET); + } } return (ctx); Modified: head/lib/libsecureboot/veopen.c == --- head/lib/libsecureboot/veopen.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/veopen.c Tue Apr 23 20:25:25 2019 (r346604) @@ -345,7 +345,9 @@ verify_fingerprint(int fd, const char *path, const cha size_t hlen; int n; - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + return (VE_FINGERPRINT_IGNORE); + } else if (strncmp(cp, "sha256=", 7) == 0) { md = _sha256_vtable; hlen = br_sha256_SIZE; cp += 7; @@ -423,6 +425,7 @@ verify_fd(int fd, const char *path, off_t off, struct rc = verify_fingerprint(fd, path, cp, off); switch (rc) { case VE_FINGERPRINT_OK: + case VE_FINGERPRINT_IGNORE: case VE_FINGERPRINT_UNKNOWN: return (rc); default: Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cTue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/verify_file.cTue Apr 23 20:25:25 2019 (r346604) @@ -343,10 +343,14 @@ verify_file(int fd, const char *filename, off_t off, i if ((rc = verify_fd(fd, filename, off, )) >= 0) { if (verbose || severity > VE_WANT) { #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 - printf("Verified %s %llu,%llu\n", filename, + printf("%serified %s %llu,%llu\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", + filename, (long long)st.st_dev, (long long)st.st_ino); #else - printf("Verified %s\n", filename); + printf("%serified %s\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", +
svn commit: r346070 - head/lib/libsecureboot
Author: sjg Date: Tue Apr 9 22:20:11 2019 New Revision: 346070 URL: https://svnweb.freebsd.org/changeset/base/346070 Log: Always report file with incorrect hash. Modified: head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cTue Apr 9 22:15:39 2019 (r346069) +++ head/lib/libsecureboot/verify_file.cTue Apr 9 22:20:11 2019 (r346070) @@ -366,7 +366,7 @@ verify_file(int fd, const char *filename, off_t off, i return (rc); } - if (severity || verbose) + if (severity || verbose || rc == VE_FINGERPRINT_WRONG) printf("Unverified: %s\n", ve_error_get()); if (rc == VE_FINGERPRINT_UNKNOWN && severity < VE_MUST) rc = VE_UNVERIFIED_OK; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r351067 - head/share/mk
Author: sjg Date: Thu Aug 15 06:00:55 2019 New Revision: 351067 URL: https://svnweb.freebsd.org/changeset/base/351067 Log: Revert prior change till installworld sorted Modified: head/share/mk/bsd.files.mk Modified: head/share/mk/bsd.files.mk == --- head/share/mk/bsd.files.mk Thu Aug 15 04:47:42 2019(r351066) +++ head/share/mk/bsd.files.mk Thu Aug 15 06:00:55 2019(r351067) @@ -101,11 +101,11 @@ STAGE_AS_SETS+= ${file} STAGE_AS_${file}= ${${group}NAME_${file}} # XXX {group}OWN,GRP,MODE STAGE_DIR.${file}= ${STAGE_OBJTOP}${${_${group}DIR_${file}}} -stage_as.${file:T}: ${file} +stage_as.${file}: ${file} installfiles-${group}: _${group}INS1_${file} -_${group}INS1_${file:T}: installdirs-${_${group}DIR_${file}} _${group}INS_${file} -_${group}INS_${file:T}: ${file} +_${group}INS1_${file}: installdirs-${_${group}DIR_${file}} _${group}INS_${file} +_${group}INS_${file}: ${file} ${INSTALL} ${${group}TAG_ARGS} -o ${${group}OWN_${file}} \ -g ${${group}GRP_${file}} -m ${${group}MODE_${file}} \ ${.ALLSRC} ${${group}PREFIX_${file}}/${${group}NAME_${file}} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r351055 - head/share/mk
O. Hartmann wrote: > This commit seems to break "make installworld" by this error during install: Sorry, I'll revert if I cannot quickly spot the issue > > [...] > ===> share/doc (install) > ===> share/doc/IPv6 (install) > installing DIRS FILESDIR > install -d -m 0755 -o root -g wheel /usr/share/doc/IPv6 > install -o root -g wheel -m 444 /usr/src/share/doc/IPv6/IMPLEMENTATION > /usr/share/doc/IPv6/IMPLEMENTATION ===> share/doc/legal (install) > ===> share/doc/legal/intel_ipw (install) > make[7]: don't know how to make > _FILESINS1_/usr/src/sys/contrib/dev/ipw/LICENSE. Stop > > make[7]: stopped in /usr/src/share/doc/legal/intel_ipw > *** Error code 2 ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r351055 - head/share/mk
Author: sjg Date: Wed Aug 14 22:33:46 2019 New Revision: 351055 URL: https://svnweb.freebsd.org/changeset/base/351055 Log: bsd.files.mk: fix targets to avoid directories Reintroduce :T when file is used as part of a target name. Reviewed by: stevek Modified: head/share/mk/bsd.files.mk Modified: head/share/mk/bsd.files.mk == --- head/share/mk/bsd.files.mk Wed Aug 14 22:13:11 2019(r351054) +++ head/share/mk/bsd.files.mk Wed Aug 14 22:33:46 2019(r351055) @@ -101,11 +101,11 @@ STAGE_AS_SETS+= ${file} STAGE_AS_${file}= ${${group}NAME_${file}} # XXX {group}OWN,GRP,MODE STAGE_DIR.${file}= ${STAGE_OBJTOP}${${_${group}DIR_${file}}} -stage_as.${file}: ${file} +stage_as.${file:T}: ${file} installfiles-${group}: _${group}INS1_${file} -_${group}INS1_${file}: installdirs-${_${group}DIR_${file}} _${group}INS_${file} -_${group}INS_${file}: ${file} +_${group}INS1_${file:T}: installdirs-${_${group}DIR_${file}} _${group}INS_${file} +_${group}INS_${file:T}: ${file} ${INSTALL} ${${group}TAG_ARGS} -o ${${group}OWN_${file}} \ -g ${${group}GRP_${file}} -m ${${group}MODE_${file}} \ ${.ALLSRC} ${${group}PREFIX_${file}}/${${group}NAME_${file}} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350099 - head/stand/common
Author: sjg Date: Wed Jul 17 23:33:14 2019 New Revision: 350099 URL: https://svnweb.freebsd.org/changeset/base/350099 Log: loader: ignore some variable settings if input unverified libsecureboot can tell us if the most recent file opened was verfied or not. If it's state is VE_UNVERIFIED_OK, skip if variable matches one of the restricted prefixes. Reviewed by: stevek MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org//D20909 Modified: head/stand/common/commands.c Modified: head/stand/common/commands.c == --- head/stand/common/commands.cWed Jul 17 23:09:40 2019 (r350098) +++ head/stand/common/commands.cWed Jul 17 23:33:14 2019 (r350099) @@ -304,6 +304,36 @@ command_set(int argc, char *argv[]) command_errmsg = "wrong number of arguments"; return (CMD_ERROR); } else { +#ifdef LOADER_VERIEXEC + /* +* Impose restrictions if input is not verified +*/ + const char *restricted[] = { + "boot", + "init", + "loader.ve.", + "rootfs", + "secur", + "vfs.", + NULL, + }; + const char **cp; + int ves; + + ves = ve_status_get(-1); + if (ves == VE_UNVERIFIED_OK) { +#ifdef LOADER_VERIEXEC_TESTING + printf("Checking: %s\n", argv[1]); +#endif + for (cp = restricted; *cp; cp++) { + if (strncmp(argv[1], *cp, strlen(*cp)) == 0) { + printf("Ignoring restricted variable: %s\n", + argv[1]); + return (CMD_OK); + } + } + } +#endif if ((err = putenv(argv[1])) != 0) { command_errmsg = strerror(err); return (CMD_ERROR); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r349924 - in head/lib/libsecureboot: . openpgp
Author: sjg Date: Thu Jul 11 22:06:59 2019 New Revision: 349924 URL: https://svnweb.freebsd.org/changeset/base/349924 Log: libsecureboot: avoid recusion in ve_trust_init set our guard value immediately. also replace call to ve_trust_init in opgp_sig.c:initialize with call to openpgp_trust_init. Reported by: min...@semihalf.com Reviewed by: jhibbits obrien MFC after:1 week Modified: head/lib/libsecureboot/openpgp/opgp_sig.c head/lib/libsecureboot/vets.c Modified: head/lib/libsecureboot/openpgp/opgp_sig.c == --- head/lib/libsecureboot/openpgp/opgp_sig.c Thu Jul 11 20:52:39 2019 (r349923) +++ head/lib/libsecureboot/openpgp/opgp_sig.c Thu Jul 11 22:06:59 2019 (r349924) @@ -67,9 +67,7 @@ __FBSDID("$FreeBSD$"); void initialize (void) { -#ifdef _STANDALONE -ve_trust_init(); -#endif + openpgp_trust_init(); } #else Modified: head/lib/libsecureboot/vets.c == --- head/lib/libsecureboot/vets.c Thu Jul 11 20:52:39 2019 (r349923) +++ head/lib/libsecureboot/vets.c Thu Jul 11 22:06:59 2019 (r349924) @@ -345,7 +345,7 @@ ve_trust_init(void) if (once >= 0) return (once); - + once = 0; /* to be sure */ ve_utc_set(time(NULL)); #ifdef BUILD_UTC ve_utc_set(BUILD_UTC); /* just in case */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r349446 - in head/lib/libsecureboot: . h openpgp
Author: sjg Date: Wed Jun 26 23:33:32 2019 New Revision: 349446 URL: https://svnweb.freebsd.org/changeset/base/349446 Log: libsecureboot: allow OpenPGP support to be dormant Since we can now add OpenPGP trust anchors at runtime, ensure the latent support is available. Ensure we do not add duplicate keys to trust store. Also allow reporting names of trust anchors added/revoked We only do this for loader and only after initializing trust store. Thus only changes to initial trust store will be logged. Reviewed by: stevek MFC after:1 week Differential Revision:https://reviews.freebsd.org/D20700 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/libsecureboot-priv.h head/lib/libsecureboot/local.trust.mk head/lib/libsecureboot/openpgp/opgp_key.c head/lib/libsecureboot/readfile.c head/lib/libsecureboot/verify_file.c head/lib/libsecureboot/vets.c Modified: head/lib/libsecureboot/h/libsecureboot.h == --- head/lib/libsecureboot/h/libsecureboot.hWed Jun 26 23:10:20 2019 (r349445) +++ head/lib/libsecureboot/h/libsecureboot.hWed Jun 26 23:33:32 2019 (r349446) @@ -42,6 +42,7 @@ #include +unsigned char * read_fd(int, size_t); #ifndef NEED_BRSSL_H unsigned char * read_file(const char *, size_t *); #endif @@ -51,8 +52,12 @@ extern int DebugVe; #define DEBUG_PRINTF(n, x) if (DebugVe >= n) printf x int ve_trust_init(void); +size_t ve_trust_anchors_add_buf(unsigned char *, size_t); +size_t ve_trust_anchors_revoke(unsigned char *, size_t); int ve_trust_add(const char *); void ve_debug_set(int); +void ve_anchor_verbose_set(int); +int ve_anchor_verbose_get(void); void ve_utc_set(time_t utc); char *ve_error_get(void); int ve_error_set(const char *, ...) __printflike(1,2); Modified: head/lib/libsecureboot/libsecureboot-priv.h == --- head/lib/libsecureboot/libsecureboot-priv.h Wed Jun 26 23:10:20 2019 (r349445) +++ head/lib/libsecureboot/libsecureboot-priv.h Wed Jun 26 23:33:32 2019 (r349446) @@ -56,6 +56,8 @@ int is_verified(struct stat *stp); void add_verify_status(struct stat *stp, int status); int openpgp_trust_init(void); +int openpgp_trust_add_buf(unsigned char *, size_t); +int openpgp_trust_revoke(const char *); int openpgp_self_tests(void); int efi_secure_boot_enabled(void); Modified: head/lib/libsecureboot/local.trust.mk == --- head/lib/libsecureboot/local.trust.mk Wed Jun 26 23:10:20 2019 (r349445) +++ head/lib/libsecureboot/local.trust.mk Wed Jun 26 23:33:32 2019 (r349446) @@ -33,6 +33,10 @@ VE_SIGNATURE_EXT_LIST+= \ sig .endif +# add OpenPGP support - possibly dormant +VE_SIGNATURE_LIST+= OPENPGP +VE_SIGNATURE_EXT_LIST+= asc + SIGNER ?= ${SB_TOOLS_PATH:U/volume/buildtools/bin}/sign.py .if exists(${SIGNER}) @@ -42,7 +46,12 @@ SIGN_ECDSA= ${PYTHON} ${SIGNER} -u ${SIGN_HOST}:${ECDS RSA2_PORT:= ${163%y:L:gmtime} SIGN_RSA2= ${PYTHON} ${SIGNER} -u ${SIGN_HOST}:${RSA2_PORT} -h sha256 +# deal with quirk of our .esig format +XCFLAGS.vets+= -DVE_ECDSA_HASH_AGAIN + .if !empty(OPENPGP_SIGN_URL) +XCFLAGS.opgp_key+= -DHAVE_TA_ASC_H + VE_SIGNATURE_LIST+= OPENPGP VE_SIGNATURE_EXT_LIST+= asc Modified: head/lib/libsecureboot/openpgp/opgp_key.c == --- head/lib/libsecureboot/openpgp/opgp_key.c Wed Jun 26 23:10:20 2019 (r349445) +++ head/lib/libsecureboot/openpgp/opgp_key.c Wed Jun 26 23:33:32 2019 (r349446) @@ -209,13 +209,54 @@ openpgp_trust_add(OpenPGP_key *key) LIST_INIT(_list); } - if (key) { - DEBUG_PRINTF(2, ("openpgp_trust_add(%s)\n", key->id)); + if (key && openpgp_trust_get(key->id) == NULL) { + if (ve_anchor_verbose_get()) + printf("openpgp_trust_add(%s)\n", key->id); LIST_INSERT_HEAD(_list, key, entries); } } /** + * @brief add trust anchor from buf + */ +int +openpgp_trust_add_buf(unsigned char *buf, size_t nbytes) +{ + OpenPGP_key *key; + + if ((key = load_key_buf(buf, nbytes))) { + openpgp_trust_add(key); + } + return (key != NULL); +} + + +/** + * @brief if keyID is in our list clobber it + * + * @return true if keyID removed + */ +int +openpgp_trust_revoke(const char *keyID) +{ + OpenPGP_key *key, *tkey; + + openpgp_trust_add(NULL);/* initialize if needed */ + + LIST_FOREACH(key, _list, entries) { + if (strcmp(key->id, keyID) == 0) { + tkey = key; + LIST_REMOVE(tkey, entries); + printf("openpgp_trust_revoke(%s)\n",
svn commit: r348249 - in head/stand: . ficl libsa
Author: sjg Date: Fri May 24 19:43:38 2019 New Revision: 348249 URL: https://svnweb.freebsd.org/changeset/base/348249 Log: ficl pfopen: verify file If the file is verified - do not allow write otherwise do not allow read. Add O_ACCMODE to stand.h Reviewed by: stevek, mindal_semihalf.com MFC after:3 days Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org/D20387 Modified: head/stand/ficl.mk head/stand/ficl/loader.c head/stand/libsa/stand.h Modified: head/stand/ficl.mk == --- head/stand/ficl.mk Fri May 24 18:41:31 2019(r348248) +++ head/stand/ficl.mk Fri May 24 19:43:38 2019(r348249) @@ -16,3 +16,7 @@ CFLAGS+= -fPIC CFLAGS+= -I${FICLSRC} -I${FICLSRC}/${FICL_CPUARCH} -I${LDRSRC} CFLAGS+= -DBF_DICTSIZE=15000 + +.if ${MK_LOADER_VERIEXEC} != "no" +CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h +.endif Modified: head/stand/ficl/loader.c == --- head/stand/ficl/loader.cFri May 24 18:41:31 2019(r348248) +++ head/stand/ficl/loader.cFri May 24 19:43:38 2019(r348249) @@ -502,6 +502,23 @@ static void pfopen(FICL_VM *pVM) /* open the file */ fd = open(name, mode); +#ifdef LOADER_VERIEXEC +if (fd >= 0) { + if (verify_file(fd, name, 0, VE_GUESS) < 0) { + /* not verified writing ok but reading is not */ + if ((mode & O_ACCMODE) != O_WRONLY) { + close(fd); + fd = -1; + } + } else { + /* verified reading ok but writing is not */ + if ((mode & O_ACCMODE) != O_RDONLY) { + close(fd); + fd = -1; + } + } +} +#endif free(name); stackPushINT(pVM->pStack, fd); return; Modified: head/stand/libsa/stand.h == --- head/stand/libsa/stand.hFri May 24 18:41:31 2019(r348248) +++ head/stand/libsa/stand.hFri May 24 19:43:38 2019(r348249) @@ -286,6 +286,7 @@ extern int open(const char *, int); #defineO_RDONLY0x0 #define O_WRONLY 0x1 #define O_RDWR 0x2 +#define O_ACCMODE 0x3 /* NOT IMPLEMENTED */ #defineO_CREAT 0x0200 /* create if nonexistent */ #defineO_TRUNC 0x0400 /* truncate to zero length */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r347980 - head/lib/libsecureboot/openpgp
Rodney W. Grimes wrote: > > Sorry,should I wait until after freeze? > > This is all optional stuff anyway, so no great harm either way. > > No, please do merge this at 3 days, it is just that the > normal minimum bake time in ^head is 3 days, freeze or not. Ah, got it. Thanks --sjg ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r347980 - head/lib/libsecureboot/openpgp
Rodney W. Grimes wrote: > > Log: > > load_key_buf do not free data from dearmor > > > > The data returned by dearmor is referenced by the key > > leave it alone! > > > > Reviewed by: stevek > > MFC after:2 days > > This is an exception below the standard minimal limit during > a code freeze, is there some reason for it? The next build > should not be started before 3 days. Sorry,should I wait until after freeze? This is all optional stuff anyway, so no great harm either way. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r347981 - in head/lib/libsecureboot: . h tests
Author: sjg Date: Sun May 19 20:28:49 2019 New Revision: 347981 URL: https://svnweb.freebsd.org/changeset/base/347981 Log: libsecureboot: allow control of when pseudo pcr is updated During boot we only want to measure things which *must* be verified - this should provide more deterministic ordering. Reviewed by: stevek MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org/D20297 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/tests/tvo.c head/lib/libsecureboot/vepcr.c head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/h/libsecureboot.h == --- head/lib/libsecureboot/h/libsecureboot.hSun May 19 20:24:17 2019 (r347980) +++ head/lib/libsecureboot/h/libsecureboot.hSun May 19 20:28:49 2019 (r347981) @@ -81,6 +81,8 @@ unsigned char *verify_asc(const char *, int); /* OpenP void ve_pcr_init(void); void ve_pcr_update(unsigned char *, size_t); ssize_t ve_pcr_get(unsigned char *, size_t); +int ve_pcr_updating_get(void); +void ve_pcr_updating_set(int); /* flags for verify_{asc,sig,signed} */ #define VEF_VERBOSE1 Modified: head/lib/libsecureboot/tests/tvo.c == --- head/lib/libsecureboot/tests/tvo.c Sun May 19 20:24:17 2019 (r347980) +++ head/lib/libsecureboot/tests/tvo.c Sun May 19 20:28:49 2019 (r347981) @@ -74,6 +74,9 @@ main(int argc, char *argv[]) } } +#ifdef VE_PCR_SUPPORT + ve_pcr_updating_set(1); +#endif ve_self_tests(); for ( ; optind < argc; optind++) { @@ -176,6 +179,10 @@ main(int argc, char *argv[]) } } } +#ifdef VE_PCR_SUPPORT + verify_pcr_export(); + printf("pcr=%s\n", getenv("loader.ve.pcr")); +#endif return (0); } Modified: head/lib/libsecureboot/vepcr.c == --- head/lib/libsecureboot/vepcr.c Sun May 19 20:24:17 2019 (r347980) +++ head/lib/libsecureboot/vepcr.c Sun May 19 20:28:49 2019 (r347981) @@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$"); static const br_hash_class *pcr_md = NULL; static br_hash_compat_context pcr_ctx; static size_t pcr_hlen = 0; +static int pcr_updating; /** * @brief initialize pcr context @@ -53,18 +54,37 @@ static size_t pcr_hlen = 0; void ve_pcr_init(void) { + pcr_updating = 0; pcr_hlen = br_sha256_SIZE; pcr_md = _sha256_vtable; pcr_md->init(_ctx.vtable); } /** + * @brief get pcr_updating state + */ +int +ve_pcr_updating_get(void) +{ + return (pcr_updating); +} + +/** + * @brief set pcr_updating state + */ +void +ve_pcr_updating_set(int updating) +{ + pcr_updating = updating; +} + +/** * @brief update pcr context */ void ve_pcr_update(unsigned char *data, size_t dlen) { - if (pcr_md) + if (pcr_updating != 0 && pcr_md != NULL) pcr_md->update(_ctx.vtable, data, dlen); } Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cSun May 19 20:24:17 2019 (r347980) +++ head/lib/libsecureboot/verify_file.cSun May 19 20:28:49 2019 (r347981) @@ -340,6 +340,14 @@ verify_file(int fd, const char *filename, off_t off, i if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) { if (severity <= VE_GUESS) severity = severity_guess(filename); +#ifdef VE_PCR_SUPPORT + /* +* Only update pcr with things that must verify +* these tend to be processed in a more deterministic +* order, which makes our pseudo pcr more useful. +*/ + ve_pcr_updating_set((severity == VE_MUST)); +#endif if ((rc = verify_fd(fd, filename, off, )) >= 0) { if (verbose || severity > VE_WANT) { #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r347980 - head/lib/libsecureboot/openpgp
Author: sjg Date: Sun May 19 20:24:17 2019 New Revision: 347980 URL: https://svnweb.freebsd.org/changeset/base/347980 Log: load_key_buf do not free data from dearmor The data returned by dearmor is referenced by the key leave it alone! Reviewed by: stevek MFC after:2 days Modified: head/lib/libsecureboot/openpgp/opgp_key.c head/lib/libsecureboot/openpgp/opgp_sig.c Modified: head/lib/libsecureboot/openpgp/opgp_key.c == --- head/lib/libsecureboot/openpgp/opgp_key.c Sun May 19 20:13:55 2019 (r347979) +++ head/lib/libsecureboot/openpgp/opgp_key.c Sun May 19 20:24:17 2019 (r347980) @@ -168,6 +168,7 @@ load_key_buf(unsigned char *buf, size_t nbytes) initialize(); if (!(buf[0] & OPENPGP_TAG_ISTAG)) { + /* Note: we do *not* free data */ data = dearmor((char *)buf, nbytes, ); ptr = data; } else @@ -190,7 +191,6 @@ load_key_buf(unsigned char *buf, size_t nbytes) } } } - free(data); return (key); } @@ -209,8 +209,10 @@ openpgp_trust_add(OpenPGP_key *key) LIST_INIT(_list); } - if (key) + if (key) { + DEBUG_PRINTF(2, ("openpgp_trust_add(%s)\n", key->id)); LIST_INSERT_HEAD(_list, key, entries); + } } /** @@ -296,6 +298,7 @@ load_key_id(const char *keyID) if (!key) key = load_trusted_key_id(keyID); #endif + DEBUG_PRINTF(2, ("load_key_id(%s): %s\n", keyID, key ? "found" : "nope")); return (key); } Modified: head/lib/libsecureboot/openpgp/opgp_sig.c == --- head/lib/libsecureboot/openpgp/opgp_sig.c Sun May 19 20:13:55 2019 (r347979) +++ head/lib/libsecureboot/openpgp/opgp_sig.c Sun May 19 20:24:17 2019 (r347980) @@ -318,6 +318,7 @@ openpgp_verify(const char *filename, sdata = ddata = dearmor((char *)sdata, sbytes, ); ptr = sdata; rc = decode_packet(2, , sbytes, (decoder_t)decode_sig, sig); + DEBUG_PRINTF(2, ("rc=%d keyID=%s\n", rc, sig->key_id ? sig->key_id : "?")); if (rc == 0 && sig->key_id) { key = load_key_id(sig->key_id); if (!key) { ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r347408 - in head/lib/libsecureboot: . openpgp tests
Author: sjg Date: Thu May 9 22:25:12 2019 New Revision: 347408 URL: https://svnweb.freebsd.org/changeset/base/347408 Log: libsecureboot: make it easier to customize trust anchors Avoid making hash self-tests depend on X.509 certs. Include OpenPGP keys in trust store count. Reviewed by: stevek MFC after:1 week Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org/D20208 Modified: head/lib/libsecureboot/Makefile.inc head/lib/libsecureboot/libsecureboot-priv.h head/lib/libsecureboot/local.trust.mk head/lib/libsecureboot/openpgp/Makefile.inc head/lib/libsecureboot/openpgp/opgp_key.c head/lib/libsecureboot/tests/Makefile head/lib/libsecureboot/vets.c Modified: head/lib/libsecureboot/Makefile.inc == --- head/lib/libsecureboot/Makefile.inc Thu May 9 21:00:15 2019 (r347407) +++ head/lib/libsecureboot/Makefile.inc Thu May 9 22:25:12 2019 (r347408) @@ -98,10 +98,20 @@ CFLAGS+= ${VE_HASH_LIST:@H@-DVE_$H_SUPPORT@} \ .if ${VE_SELF_TESTS} != "no" # The input used for hash KATs +# we use a string by default so it is independent of any other test +VE_HASH_KAT_STRLEN?= strlen +.if ${VE_HASH_KAT_STRLEN} == "strlen" +VE_HASH_KAT_STR?= self-tests-are-good +VE_HASH_KAT_STR_INPUT= echo -n +XCFLAGS.vets+= -DVE_HASH_KAT_STR=\"${VE_HASH_KAT_STR}\" +.else VE_HASH_KAT_STR?= vc_PEM - +VE_HASH_KAT_STR_INPUT= cat +VE_HASH_KAT_STRLEN= sizeof XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} .endif +XCFLAGS.vets+= -DVE_HASH_KAT_STRLEN=${VE_HASH_KAT_STRLEN} +.endif # this should be updated occassionally this is 2019-01-01Z SOURCE_DATE_EPOCH?= 1546329600 @@ -121,17 +131,20 @@ BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L: # If we are doing self-tests, we define another arrary vc_PEM # containing certificates that we can verify for each trust anchor. # This is typically a subordinate CA cert. -# Finally we generate a hash of vc_PEM using each supported hash method +# Finally we generate a hash of VE_HASH_KAT_STR +# using each supported hash method # to use as a Known Answer Test (needed for FIPS 140-2) # +TA_PEM_LIST ?= ${.ALLSRC:N*crl*:Mt*.pem} +VC_PEM_LIST ?= ${.ALLSRC:N*crl*:Mv*.pem} vets.o vets.po vets.pico: ta.h -ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} +ta.h: @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ - cat ${.ALLSRC:N*crl*:Mt*.pem} /dev/null | \ + cat ${TA_PEM_LIST:O:u} /dev/null | \ file2c -sx 'static const char ta_PEM[] = {' '};'; \ - echo "${.newline}${VE_HASH_LIST:@H@static char vh_$H[] = \"`cat ${.ALLSRC:N*crl*:Mv*.pem} | ${$H:U${H:tl}}`\";${.newline}@}"; ) > ${.TARGET} + echo "${.newline}${VE_HASH_LIST:O:u:@H@static char vh_$H[] = \"`${VE_HASH_KAT_STR_INPUT} ${VE_HASH_KAT_STR} | ${$H:U${H:tl}}`\";${.newline}@}"; ) > ${.TARGET} .if ${VE_SELF_TESTS} != "no" - ( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ + ( cat ${VC_PEM_LIST:O:u} /dev/null | \ file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} .endif echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} @@ -141,7 +154,7 @@ vesigned.o vesigned.po vesigned.pico: vse.h vse.h: @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ echo "static const char *signature_exts[] = {"; \ - echo '${VE_SIGNATURE_EXT_LIST:@e@"$e",${.newline}@}'; \ + echo '${VE_SIGNATURE_EXT_LIST:O:u:@e@"$e",${.newline}@}'; \ echo 'NULL };' ) > ${.TARGET} Modified: head/lib/libsecureboot/libsecureboot-priv.h == --- head/lib/libsecureboot/libsecureboot-priv.h Thu May 9 21:00:15 2019 (r347407) +++ head/lib/libsecureboot/libsecureboot-priv.h Thu May 9 22:25:12 2019 (r347408) @@ -55,6 +55,7 @@ int verify_rsa_digest(br_rsa_public_key *pkey, int is_verified(struct stat *stp); void add_verify_status(struct stat *stp, int status); +int openpgp_trust_init(void); int openpgp_self_tests(void); int efi_secure_boot_enabled(void); Modified: head/lib/libsecureboot/local.trust.mk == --- head/lib/libsecureboot/local.trust.mk Thu May 9 21:00:15 2019 (r347407) +++ head/lib/libsecureboot/local.trust.mk Thu May 9 22:25:12 2019 (r347408) @@ -51,7 +51,7 @@ SIGN_OPENPGP= ${PYTHON} ${SIGNER:H}/openpgp-sign.py -a ta_openpgp.asc: ${SIGN_OPENPGP} -C ${.TARGET} -ta.h: ta_openpgp.asc +ta_asc.h: ta_openpgp.asc .if ${VE_SELF_TESTS} != "no" # for self test @@ -59,7 +59,7 @@ vc_openpgp.asc: ta_openpgp.asc ${SIGN_OPENPGP} ${.ALLSRC:M*.asc} mv ta_openpgp.asc.asc ${.TARGET} -ta.h: vc_openpgp.asc +ta_asc.h: vc_openpgp.asc .endif .endif @@ -72,17 +72,20 @@ ecerts.pem: .if ${VE_SIGNATURE_LIST:tu:MECDSA} != "" # the last cert in
svn commit: r346604 - in head/lib/libsecureboot: . h
Author: sjg Date: Tue Apr 23 20:25:25 2019 New Revision: 346604 URL: https://svnweb.freebsd.org/changeset/base/346604 Log: Allow no_hash to appear in manifest. sbin/veriexec will ignore entries that have no hash anyway, but loader needs to be explicitly told that such files are ok to ignore (not verify). We will report as Unverified depending on verbose level, but with no reason - because we are not rejecting the file. Reviewed by: imp, mindal_semihalf Sponsored by: Juniper Networks MFC After: 1 week Differential Revision: https://reviews.freebsd.org//D20018 Modified: head/lib/libsecureboot/h/libsecureboot.h head/lib/libsecureboot/vectx.c head/lib/libsecureboot/veopen.c head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/h/libsecureboot.h == --- head/lib/libsecureboot/h/libsecureboot.hTue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/h/libsecureboot.hTue Apr 23 20:25:25 2019 (r346604) @@ -86,6 +86,7 @@ ssize_t ve_pcr_get(unsigned char *, size_t); #define VEF_VERBOSE1 #define VE_FINGERPRINT_OK 1 +#define VE_FINGERPRINT_IGNORE 2 /* errors from verify_fd */ #define VE_FINGERPRINT_NONE-2 #define VE_FINGERPRINT_WRONG -3 Modified: head/lib/libsecureboot/vectx.c == --- head/lib/libsecureboot/vectx.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/vectx.c Tue Apr 23 20:25:25 2019 (r346604) @@ -120,7 +120,10 @@ vectx_open(int fd, const char *path, off_t off, struct ctx->vec_status = VE_FINGERPRINT_NONE; ve_error_set("%s: no entry", path); } else { - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + ctx->vec_status = VE_FINGERPRINT_IGNORE; + hashsz = 0; + } else if (strncmp(cp, "sha256=", 7) == 0) { ctx->vec_md = _sha256_vtable; hashsz = br_sha256_SIZE; cp += 7; @@ -150,11 +153,13 @@ vectx_open(int fd, const char *path, off_t off, struct *error = ctx->vec_status; ctx->vec_hashsz = hashsz; ctx->vec_want = cp; - ctx->vec_md->init(>vec_ctx.vtable); + if (hashsz > 0) { + ctx->vec_md->init(>vec_ctx.vtable); - if (hashsz > 0 && off > 0) { - lseek(fd, 0, SEEK_SET); - vectx_lseek(ctx, off, SEEK_SET); + if (off > 0) { + lseek(fd, 0, SEEK_SET); + vectx_lseek(ctx, off, SEEK_SET); + } } return (ctx); Modified: head/lib/libsecureboot/veopen.c == --- head/lib/libsecureboot/veopen.c Tue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/veopen.c Tue Apr 23 20:25:25 2019 (r346604) @@ -345,7 +345,9 @@ verify_fingerprint(int fd, const char *path, const cha size_t hlen; int n; - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + return (VE_FINGERPRINT_IGNORE); + } else if (strncmp(cp, "sha256=", 7) == 0) { md = _sha256_vtable; hlen = br_sha256_SIZE; cp += 7; @@ -423,6 +425,7 @@ verify_fd(int fd, const char *path, off_t off, struct rc = verify_fingerprint(fd, path, cp, off); switch (rc) { case VE_FINGERPRINT_OK: + case VE_FINGERPRINT_IGNORE: case VE_FINGERPRINT_UNKNOWN: return (rc); default: Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cTue Apr 23 18:10:46 2019 (r346603) +++ head/lib/libsecureboot/verify_file.cTue Apr 23 20:25:25 2019 (r346604) @@ -343,10 +343,14 @@ verify_file(int fd, const char *filename, off_t off, i if ((rc = verify_fd(fd, filename, off, )) >= 0) { if (verbose || severity > VE_WANT) { #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 - printf("Verified %s %llu,%llu\n", filename, + printf("%serified %s %llu,%llu\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", + filename, (long long)st.st_dev, (long long)st.st_ino); #else - printf("Verified %s\n", filename); + printf("%serified %s\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", +
svn commit: r346070 - head/lib/libsecureboot
Author: sjg Date: Tue Apr 9 22:20:11 2019 New Revision: 346070 URL: https://svnweb.freebsd.org/changeset/base/346070 Log: Always report file with incorrect hash. Modified: head/lib/libsecureboot/verify_file.c Modified: head/lib/libsecureboot/verify_file.c == --- head/lib/libsecureboot/verify_file.cTue Apr 9 22:15:39 2019 (r346069) +++ head/lib/libsecureboot/verify_file.cTue Apr 9 22:20:11 2019 (r346070) @@ -366,7 +366,7 @@ verify_file(int fd, const char *filename, off_t off, i return (rc); } - if (severity || verbose) + if (severity || verbose || rc == VE_FINGERPRINT_WRONG) printf("Unverified: %s\n", ve_error_get()); if (rc == VE_FINGERPRINT_UNKNOWN && severity < VE_MUST) rc = VE_UNVERIFIED_OK; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r345024 - in head/sys: cddl/contrib/opensolaris/uts/common/fs/zfs fs/nandfs fs/nfsclient kern ufs/ufs
Author: sjg Date: Mon Mar 11 20:40:56 2019 New Revision: 345024 URL: https://svnweb.freebsd.org/changeset/base/345024 Log: Add _PC_ACL_* to vop_stdpathconf This avoid EINVAL from tmpfs etc. Reviewed by: kib Differential Revision:https://reviews.freebsd.org/D19512 Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c head/sys/fs/nandfs/nandfs_vnops.c head/sys/fs/nfsclient/nfs_clvnops.c head/sys/kern/vfs_default.c head/sys/ufs/ufs/ufs_vnops.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c == --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.cMon Mar 11 19:50:44 2019(r345023) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.cMon Mar 11 20:40:56 2019(r345024) @@ -755,10 +755,6 @@ zfsctl_common_pathconf(ap) *ap->a_retval = (int)SPA_MINBLOCKSIZE; return (0); - case _PC_ACL_EXTENDED: - *ap->a_retval = 0; - return (0); - case _PC_ACL_NFS4: *ap->a_retval = 1; return (0); Modified: head/sys/fs/nandfs/nandfs_vnops.c == --- head/sys/fs/nandfs/nandfs_vnops.c Mon Mar 11 19:50:44 2019 (r345023) +++ head/sys/fs/nandfs/nandfs_vnops.c Mon Mar 11 20:40:56 2019 (r345024) @@ -2258,9 +2258,6 @@ nandfs_pathconf(struct vop_pathconf_args *ap) case _PC_NO_TRUNC: *ap->a_retval = 1; break; - case _PC_ACL_EXTENDED: - *ap->a_retval = 0; - break; case _PC_ALLOC_SIZE_MIN: *ap->a_retval = ap->a_vp->v_mount->mnt_stat.f_bsize; break; Modified: head/sys/fs/nfsclient/nfs_clvnops.c == --- head/sys/fs/nfsclient/nfs_clvnops.c Mon Mar 11 19:50:44 2019 (r345023) +++ head/sys/fs/nfsclient/nfs_clvnops.c Mon Mar 11 20:40:56 2019 (r345024) @@ -3511,9 +3511,6 @@ nfs_pathconf(struct vop_pathconf_args *ap) case _PC_NO_TRUNC: *ap->a_retval = pc.pc_notrunc; break; - case _PC_ACL_EXTENDED: - *ap->a_retval = 0; - break; case _PC_ACL_NFS4: if (NFS_ISV4(vp) && nfsrv_useacl != 0 && attrflag != 0 && NFSISSET_ATTRBIT(_suppattr, NFSATTRBIT_ACL)) @@ -3526,9 +3523,6 @@ nfs_pathconf(struct vop_pathconf_args *ap) *ap->a_retval = ACL_MAX_ENTRIES; else *ap->a_retval = 3; - break; - case _PC_MAC_PRESENT: - *ap->a_retval = 0; break; case _PC_PRIO_IO: *ap->a_retval = 0; Modified: head/sys/kern/vfs_default.c == --- head/sys/kern/vfs_default.c Mon Mar 11 19:50:44 2019(r345023) +++ head/sys/kern/vfs_default.c Mon Mar 11 20:40:56 2019(r345024) @@ -482,6 +482,13 @@ vop_stdpathconf(ap) case _PC_PATH_MAX: *ap->a_retval = PATH_MAX; return (0); + case _PC_ACL_EXTENDED: + case _PC_ACL_NFS4: + case _PC_CAP_PRESENT: + case _PC_INF_PRESENT: + case _PC_MAC_PRESENT: + *ap->a_retval = 0; + return (0); default: return (EINVAL); } Modified: head/sys/ufs/ufs/ufs_vnops.c == --- head/sys/ufs/ufs/ufs_vnops.cMon Mar 11 19:50:44 2019 (r345023) +++ head/sys/ufs/ufs/ufs_vnops.cMon Mar 11 20:40:56 2019 (r345024) @@ -2421,28 +2421,20 @@ ufs_pathconf(ap) case _PC_NO_TRUNC: *ap->a_retval = 1; break; - case _PC_ACL_EXTENDED: #ifdef UFS_ACL + case _PC_ACL_EXTENDED: if (ap->a_vp->v_mount->mnt_flag & MNT_ACLS) *ap->a_retval = 1; else *ap->a_retval = 0; -#else - *ap->a_retval = 0; -#endif break; - case _PC_ACL_NFS4: -#ifdef UFS_ACL if (ap->a_vp->v_mount->mnt_flag & MNT_NFS4ACLS) *ap->a_retval = 1; else *ap->a_retval = 0; -#else - *ap->a_retval = 0; -#endif break; - +#endif case _PC_ACL_PATH_MAX: #ifdef UFS_ACL if (ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) @@ -2453,16 +2445,14 @@ ufs_pathconf(ap) *ap->a_retval = 3; #endif break; - case _PC_MAC_PRESENT: #ifdef
svn commit: r344784 - in head/lib/libsecureboot: . tests
Author: sjg Date: Mon Mar 4 22:04:21 2019 New Revision: 344784 URL: https://svnweb.freebsd.org/changeset/base/344784 Log: Allow for reproducible build Use SOURCE_DATE_EPOCH for BUILD_UTC if MK_REPRODUCIBLE_BUILD is yes. Default SOURCE_DATE_EPOCH to 2019-01-01 Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision:https://reviews.freebsd.org/D19464 Modified: head/lib/libsecureboot/Makefile.inc head/lib/libsecureboot/tests/Makefile Modified: head/lib/libsecureboot/Makefile.inc == --- head/lib/libsecureboot/Makefile.inc Mon Mar 4 22:03:09 2019 (r344783) +++ head/lib/libsecureboot/Makefile.inc Mon Mar 4 22:04:21 2019 (r344784) @@ -92,6 +92,19 @@ VE_HASH_KAT_STR?= vc_PEM XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} .endif +# this should be updated occassionally this is 2019-01-01Z +SOURCE_DATE_EPOCH?= 1546329600 +.if ${MK_REPRODUCIBLE_BUILD} == "yes" +BUILD_UTC?= ${SOURCE_DATE_EPOCH} +.endif +# BUILD_UTC provides a basis for the loader's notion of time +# By default we use the mtime of BUILD_UTC_FILE +.if empty(BUILD_UTC_FILE) +BUILD_UTC_FILE:= ${.PARSEDIR:tA}/${.PARSEFILE} +.endif +# you can of course set BUILD_UTC to any value you like +BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh} + # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM. # # If we are doing self-tests, we define another arrary vc_PEM @@ -110,9 +123,7 @@ ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} ( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} .endif -.if !empty(BUILD_UTC_FILE) - echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} -.endif + echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} # This header records our preference for signature extensions. vesigned.o vesigned.po vesigned.pico: vse.h Modified: head/lib/libsecureboot/tests/Makefile == --- head/lib/libsecureboot/tests/Makefile Mon Mar 4 22:03:09 2019 (r344783) +++ head/lib/libsecureboot/tests/Makefile Mon Mar 4 22:04:21 2019 (r344784) @@ -1,5 +1,7 @@ # $FreeBSD$ +.include + PROG= tvo SRCS+= tvo.c ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r344780 - head/stand/common
Author: sjg Date: Mon Mar 4 19:50:59 2019 New Revision: 344780 URL: https://svnweb.freebsd.org/changeset/base/344780 Log: Add -d flag to load command When doing load -t manifest -d increments debug level Reviewed by: stevek Modified: head/stand/common/module.c Modified: head/stand/common/module.c == --- head/stand/common/module.c Mon Mar 4 19:39:59 2019(r344779) +++ head/stand/common/module.c Mon Mar 4 19:50:59 2019(r344780) @@ -106,9 +106,9 @@ command_load(int argc, char *argv[]) char *typestr; char *prefix; char *skip; -intdofile, dokld, ch, error; +intdflag, dofile, dokld, ch, error; -dokld = dofile = 0; +dflag = dokld = dofile = 0; optind = 1; optreset = 1; typestr = NULL; @@ -117,8 +117,11 @@ command_load(int argc, char *argv[]) return (CMD_CRIT); } prefix = skip = NULL; -while ((ch = getopt(argc, argv, "kp:s:t:")) != -1) { +while ((ch = getopt(argc, argv, "dkp:s:t:")) != -1) { switch(ch) { + case 'd': + dflag++; + break; case 'k': dokld = 1; break; @@ -152,6 +155,8 @@ command_load(int argc, char *argv[]) #ifdef LOADER_VERIEXEC if (strncmp(typestr, "manifest", 8) == 0) { + if (dflag > 0) + ve_debug_set(dflag); return (load_manifest(argv[1], prefix, skip, NULL)); } #endif ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r344567 - in head: etc/mtree include sbin sbin/veriexec
Rodney W. Grimes wrote: > > Differential Revision:D16575 > > Just a small nit, for future reference, from the template: Oops, noted thanks. This is all disabled by default, but I did a buildworld with it all enabled just prior so hopefully will not impact anyone negatively and will help those that have been playing with it. Thanks again --sjg ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r344568 - in head/stand: . common ficl ficl32 i386/loader liblua libsa libsa32
Author: sjg Date: Tue Feb 26 06:22:10 2019 New Revision: 344568 URL: https://svnweb.freebsd.org/changeset/base/344568 Log: Enable veriexec for loader This relies on libbearssl and libsecureboot to verify files read by loader in a maner equivalent to how mac_veriexec Note: disabled by default. Use is initially expected to be by embeded vendors Reviewed by: emaste, imp Sponsored by: Juniper Networks Differential Revision:D16336 Modified: head/stand/common/boot.c head/stand/common/bootstrap.h head/stand/common/interp_forth.c head/stand/common/interp_simple.c head/stand/common/load_elf.c head/stand/common/load_elf_obj.c head/stand/common/module.c head/stand/ficl/Makefile.depend head/stand/ficl/ficl.h head/stand/ficl/fileaccess.c head/stand/ficl32/Makefile.depend head/stand/i386/loader/Makefile.depend head/stand/liblua/Makefile head/stand/liblua/lstd.c head/stand/libsa/Makefile head/stand/libsa/Makefile.depend head/stand/libsa32/Makefile.depend head/stand/loader.mk Modified: head/stand/common/boot.c == --- head/stand/common/boot.cTue Feb 26 06:17:23 2019(r344567) +++ head/stand/common/boot.cTue Feb 26 06:22:10 2019(r344568) @@ -106,6 +106,10 @@ command_boot(int argc, char *argv[]) if (archsw.arch_autoload() != 0) return(CMD_ERROR); +#ifdef LOADER_VERIEXEC + verify_pcr_export();/* for measured boot */ +#endif + /* Call the exec handler from the loader matching the kernel */ file_formats[fp->f_loader]->l_exec(fp); return(CMD_ERROR); Modified: head/stand/common/bootstrap.h == --- head/stand/common/bootstrap.h Tue Feb 26 06:17:23 2019 (r344567) +++ head/stand/common/bootstrap.h Tue Feb 26 06:22:10 2019 (r344568) @@ -330,6 +330,9 @@ struct arch_switch /* Probe ZFS pool(s), if needed. */ void (*arch_zfs_probe)(void); +/* Return the hypervisor name/type or NULL if not virtualized. */ +const char *(*arch_hypervisor)(void); + /* For kexec-type loaders, get ksegment structure */ void (*arch_kexec_kseg_get)(int *nseg, void **kseg); }; @@ -344,6 +347,10 @@ time_t time(time_t *tloc); #ifndef CTASSERT #defineCTASSERT(x) _Static_assert(x, "compile-time assertion failed") +#endif + +#ifdef LOADER_VERIEXEC +#include #endif #endif /* !_BOOTSTRAP_H_ */ Modified: head/stand/common/interp_forth.c == --- head/stand/common/interp_forth.cTue Feb 26 06:17:23 2019 (r344567) +++ head/stand/common/interp_forth.cTue Feb 26 06:22:10 2019 (r344568) @@ -379,6 +379,13 @@ interp_include(const char *filename) return(CMD_ERROR); } +#ifdef LOADER_VERIEXEC + if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + close(fd); + sprintf(command_errbuf,"can't verify '%s'", filename); + return(CMD_ERROR); + } +#endif /* * Read the script into memory. */ Modified: head/stand/common/interp_simple.c == --- head/stand/common/interp_simple.c Tue Feb 26 06:17:23 2019 (r344567) +++ head/stand/common/interp_simple.c Tue Feb 26 06:22:10 2019 (r344568) @@ -96,6 +96,14 @@ interp_include(const char *filename) return(CMD_ERROR); } +#ifdef LOADER_VERIEXEC + if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + close(fd); + sprintf(command_errbuf,"can't verify '%s'", filename); + return(CMD_ERROR); + } +#endif + /* * Read the script into memory. */ Modified: head/stand/common/load_elf.c == --- head/stand/common/load_elf.cTue Feb 26 06:17:23 2019 (r344567) +++ head/stand/common/load_elf.cTue Feb 26 06:22:10 2019 (r344568) @@ -245,6 +245,12 @@ __elfN(load_elf_header)(char *filename, elf_file_t ef) goto error; } +#ifdef LOADER_VERIEXEC + if (verify_file(ef->fd, filename, bytes_read, VE_MUST) < 0) { + err = EAUTH; + goto error; + } +#endif return (0); error: Modified: head/stand/common/load_elf_obj.c == --- head/stand/common/load_elf_obj.cTue Feb 26 06:17:23 2019 (r344567) +++ head/stand/common/load_elf_obj.cTue Feb 26 06:22:10 2019 (r344568) @@ -129,6 +129,13 @@ __elfN(obj_loadfile)(char *filename, uint64_t dest, goto oerr; } +#ifdef LOADER_VERIEXEC + if
svn commit: r344567 - in head: etc/mtree include sbin sbin/veriexec
Author: sjg Date: Tue Feb 26 06:17:23 2019 New Revision: 344567 URL: https://svnweb.freebsd.org/changeset/base/344567 Log: Add verifying manifest loader for mac_veriexec This tool will verify a signed manifest and load contents into mac_veriexec for storage Sponsored by: Juniper Networks Differential Revision:D16575 Added: head/sbin/veriexec/ head/sbin/veriexec/Makefile (contents, props changed) head/sbin/veriexec/Makefile.depend (contents, props changed) head/sbin/veriexec/manifest_lexer.l (contents, props changed) head/sbin/veriexec/manifest_parser.y (contents, props changed) head/sbin/veriexec/veriexec.8 (contents, props changed) head/sbin/veriexec/veriexec.c (contents, props changed) head/sbin/veriexec/veriexec.h (contents, props changed) Modified: head/etc/mtree/BSD.include.dist head/include/Makefile head/sbin/Makefile Modified: head/etc/mtree/BSD.include.dist == --- head/etc/mtree/BSD.include.dist Tue Feb 26 06:11:01 2019 (r344566) +++ head/etc/mtree/BSD.include.dist Tue Feb 26 06:17:23 2019 (r344567) @@ -160,6 +160,8 @@ .. usb .. +veriexec +.. vkbd .. wi @@ -353,6 +355,8 @@ mac_mls .. mac_partition +.. +mac_veriexec .. .. ssp Modified: head/include/Makefile == --- head/include/Makefile Tue Feb 26 06:11:01 2019(r344566) +++ head/include/Makefile Tue Feb 26 06:17:23 2019(r344567) @@ -47,7 +47,7 @@ LSUBDIRS= cam/ata cam/mmc cam/nvme cam/scsi \ dev/hwpmc dev/hyperv \ dev/ic dev/iicbus dev/io dev/mfi dev/mmc dev/nvme \ dev/ofw dev/pbio dev/pci ${_dev_powermac_nvram} dev/ppbus dev/smbus \ - dev/speaker dev/tcp_log dev/vkbd dev/wi \ + dev/speaker dev/tcp_log dev/veriexec dev/vkbd dev/wi \ fs/devfs fs/fdescfs fs/msdosfs fs/nandfs fs/nfs fs/nullfs \ fs/procfs fs/smbfs fs/udf fs/unionfs \ geom/cache geom/concat geom/eli geom/gate geom/journal geom/label \ @@ -60,6 +60,7 @@ LSUBDIRS= cam/ata cam/mmc cam/nvme cam/scsi \ security/audit \ security/mac_biba security/mac_bsdextended security/mac_lomac \ security/mac_mls security/mac_partition \ + security/mac_veriexec \ sys/disk \ ufs/ffs ufs/ufs @@ -157,7 +158,7 @@ copies: .PHONY .META done; \ fi .endfor -.for i in ${LDIRS} ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci} ${LSUBSUBDIRS} +.for i in ${LDIRS} ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci:Ndev/veriexec} ${LSUBSUBDIRS} cd ${SRCTOP}/sys; \ ${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 $i/*.h \ ${SDESTDIR}${INCLUDEDIR}/$i @@ -196,6 +197,9 @@ copies: .PHONY .META cd ${SRCTOP}/sys/dev/pci; \ ${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 pcireg.h \ ${SDESTDIR}${INCLUDEDIR}/dev/pci + cd ${SRCTOP}/sys/dev/veriexec; \ + ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 veriexec_ioctl.h \ + ${SDESTDIR}${INCLUDEDIR}/dev/veriexec cd ${SRCTOP}/sys/fs/cd9660/; \ ${INSTALL} -C ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 *.h \ ${SDESTDIR}${INCLUDEDIR}/isofs/cd9660 @@ -264,7 +268,7 @@ symlinks: .PHONY .META ${INSTALL_SYMLINK} ${TAG_ARGS} ../../../sys/$i/$$h ${SDESTDIR}${INCLUDEDIR}/$i; \ done .endfor -.for i in ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci} +.for i in ${LSUBDIRS:Ndev/agp:Ndev/acpica:Ndev/bktr:Ndev/evdev:Ndev/hyperv:Ndev/nand:Ndev/pci:Ndev/veriexec} cd ${SRCTOP}/sys/$i; \ for h in *.h; do \ ${INSTALL_SYMLINK} ${TAG_ARGS} ../../../../sys/$i/$$h ${SDESTDIR}${INCLUDEDIR}/$i; \ @@ -311,6 +315,11 @@ symlinks: .PHONY .META for h in pcireg.h; do \ ${INSTALL_SYMLINK} ${TAG_ARGS} ../../../../sys/dev/pci/$$h \ ${SDESTDIR}${INCLUDEDIR}/dev/pci; \ + done + cd ${SRCTOP}/sys/dev/veriexec; \ + for h in veriexec_ioctl.h; do \ + ln -fs ../../../../sys/dev/veriexec/$$h \ + ${SDESTDIR}${INCLUDEDIR}/dev/veriexec; \ done .for i in ${LSUBSUBDIRS} cd ${SRCTOP}/sys/$i; \ Modified: head/sbin/Makefile == --- head/sbin/Makefile Tue Feb 26 06:11:01 2019(r344566) +++ head/sbin/Makefile Tue Feb 26 06:17:23 2019(r344567) @@ -87,6 +87,7 @@ SUBDIR.${MK_PF}+= pfctl SUBDIR.${MK_PF}+= pflogd SUBDIR.${MK_QUOTAS}+= quotacheck SUBDIR.${MK_ROUTED}+= routed +SUBDIR.${MK_VERIEXEC}+=
svn commit: r344566 - in head: lib share/mk tools/build/options
Author: sjg Date: Tue Feb 26 06:11:01 2019 New Revision: 344566 URL: https://svnweb.freebsd.org/changeset/base/344566 Log: Enable build of libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision:D16337 Added: head/tools/build/options/WITH_BEARSSL (contents, props changed) head/tools/build/options/WITH_LOADER_VERIEXEC (contents, props changed) head/tools/build/options/WITH_VERIEXEC (contents, props changed) Modified: head/lib/Makefile head/share/mk/src.libnames.mk head/share/mk/src.opts.mk Modified: head/lib/Makefile == --- head/lib/Makefile Tue Feb 26 06:09:10 2019(r344565) +++ head/lib/Makefile Tue Feb 26 06:11:01 2019(r344566) @@ -133,6 +133,7 @@ SUBDIR_DEPEND_libpcap= ofed # NB: keep these sorted by MK_* knobs SUBDIR.${MK_ATM}+= libngatm +SUBDIR.${MK_BEARSSL}+= libbearssl libsecureboot SUBDIR.${MK_BLACKLIST}+=libblacklist SUBDIR.${MK_BLUETOOTH}+=libbluetooth libsdp SUBDIR.${MK_BSNMP}+= libbsnmp @@ -204,6 +205,7 @@ SUBDIR.${MK_TESTS}+=tests SUBDIR.${MK_UNBOUND}+= libunbound SUBDIR.${MK_USB}+= libusbhid libusb SUBDIR.${MK_OFED}+=ofed +SUBDIR.${MK_VERIEXEC}+=libveriexec SUBDIR.${MK_ZFS}+= libbe .if !make(install) Modified: head/share/mk/src.libnames.mk == --- head/share/mk/src.libnames.mk Tue Feb 26 06:09:10 2019 (r344565) +++ head/share/mk/src.libnames.mk Tue Feb 26 06:11:01 2019 (r344566) @@ -210,6 +210,21 @@ _LIBRARIES+= \ osmvendor .endif +.if ${MK_BEARSSL} == "yes" +_INTERNALLIBS+= \ + bearssl \ + secureboot \ + +LIBBEARSSL?= ${LIBBEARSSLDIR}/libbearssl${PIE_SUFFIX}.a +LIBSECUREBOOT?=${LIBSECUREBOOTDIR}/libsecureboot${PIE_SUFFIX}.a +.endif + +.if ${MK_VERIEXEC} == "yes" +_INTERNALLIBS+= veriexec + +LIBVERIEXEC?= ${LIBVERIEXECDIR}/libveriexec${PIE_SUFFIX}.a +.endif + # Each library's LIBADD needs to be duplicated here for static linkage of # 2nd+ order consumers. Auto-generating this would be better. _DP_80211= sbuf bsdxml Modified: head/share/mk/src.opts.mk == --- head/share/mk/src.opts.mk Tue Feb 26 06:09:10 2019(r344565) +++ head/share/mk/src.opts.mk Tue Feb 26 06:11:01 2019(r344566) @@ -194,6 +194,7 @@ __DEFAULT_YES_OPTIONS = \ ZONEINFO __DEFAULT_NO_OPTIONS = \ +BEARSSL \ BSD_GREP \ CLANG_EXTRAS \ DTRACE_TESTS \ @@ -219,6 +220,8 @@ __DEFAULT_NO_OPTIONS = \ __DEFAULT_DEPENDENT_OPTIONS= \ CLANG_FULL/CLANG \ LLVM_TARGET_ALL/CLANG \ + LOADER_VERIEXEC/BEARSSL \ + VERIEXEC/BEARSSL \ # MK_*_SUPPORT options which default to "yes" unless their corresponding # MK_* variable is set to "no". Added: head/tools/build/options/WITH_BEARSSL == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_BEARSSL Tue Feb 26 06:11:01 2019 (r344566) @@ -0,0 +1,11 @@ +.\" $FreeBSD$ +Build the BearSSL library. +.Pp +BearSSL is a tiny SSL library suitable for embedded environments. +For details see +.Lk http://www.BearSSL.org/ +.Pp +This library is currently only used to perform +signature verification and related operations +for Verified Exec and +.Xr loader 8 . Added: head/tools/build/options/WITH_LOADER_VERIEXEC == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_LOADER_VERIEXEC Tue Feb 26 06:11:01 2019(r344566) @@ -0,0 +1,7 @@ +.\" $FreeBSD$ +Enable building +.Xr loader 8 +with support for verifcation similar to Verified Exec. +.Pp +It depends on +.Va WITH_BEARSSL Added: head/tools/build/options/WITH_VERIEXEC == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_VERIEXEC Tue Feb 26 06:11:01 2019 (r344566) @@ -0,0 +1,9 @@ +.\" $FreeBSD$ +Enable building +.Xr veriexec 8 +which loads the contents of verified manifests into the kernel +for use by +.Xr mac_veriexec 4 +.Pp +It depends on +.Va WITH_BEARSSL ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r344565 - in head/lib/libsecureboot: . h openpgp tests
Author: sjg Date: Tue Feb 26 06:09:10 2019 New Revision: 344565 URL: https://svnweb.freebsd.org/changeset/base/344565 Log: Add libsecureboot Used by loader and veriexec Depends on libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision:D16335 Added: head/lib/libsecureboot/ head/lib/libsecureboot/Makefile (contents, props changed) head/lib/libsecureboot/Makefile.depend (contents, props changed) head/lib/libsecureboot/Makefile.depend.host (contents, props changed) head/lib/libsecureboot/Makefile.inc (contents, props changed) head/lib/libsecureboot/Makefile.libsa.inc (contents, props changed) head/lib/libsecureboot/README.rst (contents, props changed) head/lib/libsecureboot/brf.c (contents, props changed) head/lib/libsecureboot/h/ head/lib/libsecureboot/h/libsecureboot.h (contents, props changed) head/lib/libsecureboot/h/verify_file.h (contents, props changed) head/lib/libsecureboot/libsecureboot-priv.h (contents, props changed) head/lib/libsecureboot/local.trust.mk (contents, props changed) head/lib/libsecureboot/openpgp/ head/lib/libsecureboot/openpgp/Makefile.inc (contents, props changed) head/lib/libsecureboot/openpgp/dearmor.c (contents, props changed) head/lib/libsecureboot/openpgp/decode.c (contents, props changed) head/lib/libsecureboot/openpgp/decode.h (contents, props changed) head/lib/libsecureboot/openpgp/opgp_key.c (contents, props changed) head/lib/libsecureboot/openpgp/opgp_sig.c (contents, props changed) head/lib/libsecureboot/openpgp/packet.h (contents, props changed) head/lib/libsecureboot/readfile.c (contents, props changed) head/lib/libsecureboot/tests/ head/lib/libsecureboot/tests/Makefile (contents, props changed) head/lib/libsecureboot/tests/Makefile.depend.host (contents, props changed) head/lib/libsecureboot/tests/tvo.c (contents, props changed) head/lib/libsecureboot/vectx.c (contents, props changed) head/lib/libsecureboot/veopen.c (contents, props changed) head/lib/libsecureboot/vepcr.c (contents, props changed) head/lib/libsecureboot/verify_file.c (contents, props changed) head/lib/libsecureboot/vesigned.c (contents, props changed) head/lib/libsecureboot/veta.c (contents, props changed) head/lib/libsecureboot/vets.c (contents, props changed) Added: head/lib/libsecureboot/Makefile == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libsecureboot/Makefile Tue Feb 26 06:09:10 2019 (r344565) @@ -0,0 +1,11 @@ +# $FreeBSD$ + +.include + +LIB= secureboot + +.include "Makefile.inc" + +INCS= h/libsecureboot.h + +.include Added: head/lib/libsecureboot/Makefile.depend == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libsecureboot/Makefile.depend Tue Feb 26 06:09:10 2019 (r344565) @@ -0,0 +1,17 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + include \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + + +.include + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif Added: head/lib/libsecureboot/Makefile.depend.host == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libsecureboot/Makefile.depend.host Tue Feb 26 06:09:10 2019 (r344565) @@ -0,0 +1,12 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + lib/libstand \ + + +.include + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif Added: head/lib/libsecureboot/Makefile.inc == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libsecureboot/Makefile.inc Tue Feb 26 06:09:10 2019 (r344565) @@ -0,0 +1,133 @@ +# $FreeBSD$ + +.if empty(BEARSSL) +.include "../libbearssl/Makefile.inc" +.endif + +.if !target(_${__this}_) +_${__this}_: + +libsecureboot_src:= ${.PARSEDIR} + +CFLAGS+= -I${libsecureboot_src}/h + +.PATH: ${.PARSEDIR} + +SRCS+= \ + readfile.c \ + brf.c \ + vesigned.c \ + vets.c + +.if ${.CURDIR:M*libsecureboot*} != "" +SRCS+= veta.c +.endif + +CFLAGS+= ${XCFLAGS.${.TARGET:T:R}:U} + +# we use a couple of files from ${BEARSSL}/tools +BRSSL_CFLAGS+= -I${BEARSSL}/tools +BRSSL_SRCS+= \ + ${BEARSSL}/tools/xmem.c \ + ${BEARSSL}/tools/vector.c + +# we do not need/want nested objdirs +OBJS_SRCS_FILTER = T R + +SRCS+= ${BRSSL_SRCS} + + +# extract the last cert from a chain (should be rootCA) +_LAST_PEM_USE: .USE + sed "1,`grep -n .-END
svn commit: r344564 - in head: contrib/bearssl contrib/bearssl/tools lib/libbearssl
Author: sjg Date: Tue Feb 26 05:59:22 2019 New Revision: 344564 URL: https://svnweb.freebsd.org/changeset/base/344564 Log: Add libbearssl Disabled by default, used by loader and sbin/veriexec Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16334 Added: head/contrib/bearssl/ - copied from r343285, vendor/bearssl/dist/ head/lib/libbearssl/ head/lib/libbearssl/Makefile (contents, props changed) head/lib/libbearssl/Makefile.depend (contents, props changed) head/lib/libbearssl/Makefile.inc (contents, props changed) head/lib/libbearssl/Makefile.libsa.inc (contents, props changed) Modified: head/contrib/bearssl/tools/brssl.h head/contrib/bearssl/tools/xmem.c Modified: head/contrib/bearssl/tools/brssl.h == --- vendor/bearssl/dist/tools/brssl.h Mon Jan 21 20:58:33 2019 (r343285) +++ head/contrib/bearssl/tools/brssl.h Tue Feb 26 05:59:22 2019 (r344564) @@ -25,10 +25,15 @@ #ifndef BRSSL_H__ #define BRSSL_H__ +#ifndef _STANDALONE #include #include #include #include + +#elif !defined(STAND_H) +#include +#endif #include "bearssl.h" Modified: head/contrib/bearssl/tools/xmem.c == --- vendor/bearssl/dist/tools/xmem.cMon Jan 21 20:58:33 2019 (r343285) +++ head/contrib/bearssl/tools/xmem.c Tue Feb 26 05:59:22 2019 (r344564) @@ -35,9 +35,13 @@ xmalloc(size_t len) } buf = malloc(len); if (buf == NULL) { +#ifndef _STANDALONE fprintf(stderr, "ERROR: could not allocate %lu byte(s)\n", (unsigned long)len); exit(EXIT_FAILURE); +#else +; +#endif } return buf; } @@ -90,9 +94,13 @@ xpkeydup(const br_x509_pkey *pk) pk2->key.ec.qlen = pk->key.ec.qlen; break; default: +#ifndef _STANDALONE fprintf(stderr, "Unknown public key type: %u\n", (unsigned)pk->key_type); exit(EXIT_FAILURE); +#else +; +#endif } return pk2; } @@ -111,9 +119,13 @@ xfreepkey(br_x509_pkey *pk) xfree(pk->key.ec.q); break; default: +#ifndef _STANDALONE fprintf(stderr, "Unknown public key type: %u\n", (unsigned)pk->key_type); exit(EXIT_FAILURE); +#else +; +#endif } xfree(pk); } Added: head/lib/libbearssl/Makefile == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lib/libbearssl/MakefileTue Feb 26 05:59:22 2019 (r344564) @@ -0,0 +1,277 @@ +# $FreeBSD$ + +# This is a reach over build of BearSSL (www.BearSSL.org) + +.include + +LIB= bearssl + +# pick up SRCS used by libsa +.include "Makefile.libsa.inc" + +SRCS+= \ + codec/dec16be.c \ + codec/dec16le.c \ + codec/dec32le.c \ + codec/dec64le.c \ + codec/enc16be.c \ + codec/enc16le.c \ + codec/enc32le.c \ + codec/enc64le.c \ + codec/pemenc.c \ + ec/ec_all_m15.c \ + ec/ec_c25519_i15.c \ + ec/ec_c25519_i31.c \ + ec/ec_c25519_m15.c \ + ec/ec_curve25519.c \ + ec/ec_keygen.c \ + ec/ec_p256_m15.c \ + ec/ec_prime_i15.c \ + ec/ecdsa_default_sign_asn1.c \ + ec/ecdsa_default_sign_raw.c \ + ec/ecdsa_default_vrfy_raw.c \ + ec/ecdsa_i15_bits.c \ + ec/ecdsa_i15_sign_asn1.c \ + ec/ecdsa_i15_sign_raw.c \ + ec/ecdsa_i15_vrfy_asn1.c \ + ec/ecdsa_i15_vrfy_raw.c \ + ec/ecdsa_i31_sign_asn1.c \ + ec/ecdsa_i31_sign_raw.c \ + ec/ecdsa_rta.c \ + hash/dig_oid.c \ + hash/dig_size.c \ + hash/ghash_ctmul.c \ + hash/ghash_ctmul32.c \ + hash/ghash_ctmul64.c \ + hash/ghash_pwr8.c \ + hash/md5.c \ + hash/md5sha1.c \ + + +# this one does not compile for amd64 +# we do not need it +# hash/ghash_pclmul.c \ + +SRCS+= \ + int/i15_add.c \ + int/i15_bitlen.c \ + int/i15_decmod.c \ + int/i15_decode.c \ + int/i15_decred.c \ + int/i15_encode.c \ + int/i15_fmont.c \ + int/i15_iszero.c \ + int/i15_moddiv.c \ + int/i15_modpow.c \ + int/i15_modpow2.c \ + int/i15_montmul.c \ + int/i15_mulacc.c \ + int/i15_muladd.c \ + int/i15_ninv15.c \ + int/i15_reduce.c \ + int/i15_rshift.c \ + int/i15_sub.c \ + int/i15_tmont.c \ + int/i31_decred.c \ + int/i31_mulacc.c \ + int/i31_reduce.c \ + int/i32_add.c \ + int/i32_bitlen.c \ + int/i32_decmod.c \ + int/i32_decode.c \ + int/i32_decred.c \ +
svn commit: r343067 - head/share/mk
Author: sjg Date: Tue Jan 15 23:37:49 2019 New Revision: 343067 URL: https://svnweb.freebsd.org/changeset/base/343067 Log: Fix STAGE_DIR.* to handle indirect *DIR variables. bsd.{files,conf}.mk recently changed to allow *DIR to name a variable rather than a path. STAGE_DIR.* need to adapt. Reviewed by: bdrewery Differential Revision:D18847 Modified: head/share/mk/bsd.confs.mk head/share/mk/bsd.files.mk Modified: head/share/mk/bsd.confs.mk == --- head/share/mk/bsd.confs.mk Tue Jan 15 23:35:53 2019(r343066) +++ head/share/mk/bsd.confs.mk Tue Jan 15 23:37:49 2019(r343067) @@ -40,7 +40,6 @@ ${group}GRP?= ${SHAREGRP} ${group}MODE?= ${CONFMODE} ${group}DIR?= ${CONFDIR} STAGE_SETS+= ${group:C,[/*],_,g} -STAGE_DIR.${group:C,[/*],_,g}= ${STAGE_OBJTOP}${${group}DIR} . if defined(NO_ROOT) .if !defined(${group}TAGS) || ! ${${group}TAGS:Mpackage=*} @@ -65,6 +64,7 @@ DIRS+=${group}DIR _${group}DIR= ${group}DIR . endif +STAGE_DIR.${group:C,[/*],_,g}= ${STAGE_OBJTOP}${${_${group}DIR}} . for cnf in ${${group}} ${group}OWN_${cnf}?= ${${group}OWN} @@ -119,7 +119,7 @@ INSTALL_COPY= -C STAGE_AS_SETS+= ${cnf:T} STAGE_AS_${cnf:T}= ${${group}NAME_${cnf:T}} # XXX {group}OWN,GRP,MODE -STAGE_DIR.${cnf:T}= ${STAGE_OBJTOP}${${group}DIR_${cnf:T}} +STAGE_DIR.${cnf:T}= ${STAGE_OBJTOP}${${_${group}DIR_${cnf}}} stage_as.${cnf:T}: ${cnf} realinstallconfig: installdirs-${_${group}DIR_${cnf}} _${group}INS_${cnf:T} Modified: head/share/mk/bsd.files.mk == --- head/share/mk/bsd.files.mk Tue Jan 15 23:35:53 2019(r343066) +++ head/share/mk/bsd.files.mk Tue Jan 15 23:37:49 2019(r343067) @@ -37,7 +37,6 @@ ${group}GRP= ${SHAREGRP} ${group}MODE?= ${SHAREMODE} ${group}DIR?= BINDIR STAGE_SETS+= ${group:C,[/*],_,g} -STAGE_DIR.${group:C,[/*],_,g}= ${STAGE_OBJTOP}${${group}DIR} .if defined(NO_ROOT) .if !defined(${group}TAGS) || ! ${${group}TAGS:Mpackage=*} @@ -57,6 +56,7 @@ DIRS+=${group}DIR _${group}DIR= ${group}DIR .endif +STAGE_DIR.${group:C,[/*],_,g}= ${STAGE_OBJTOP}${${_${group}DIR}} .for file in ${${group}} ${group}OWN_${file}?= ${${group}OWN} @@ -100,7 +100,7 @@ ${group}NAME_${file}?= ${file:T} STAGE_AS_SETS+=${file} STAGE_AS_${file}= ${${group}NAME_${file}} # XXX {group}OWN,GRP,MODE -STAGE_DIR.${file}= ${STAGE_OBJTOP}${${group}DIR_${file}} +STAGE_DIR.${file}= ${STAGE_OBJTOP}${${_${group}DIR_${file}}} stage_as.${file}: ${file} installfiles-${group}: _${group}INS1_${file} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r343066 - head/share/mk
Author: sjg Date: Tue Jan 15 23:35:53 2019 New Revision: 343066 URL: https://svnweb.freebsd.org/changeset/base/343066 Log: Use .undef per variable Attempting to expand a variable to a list of vars to .undef does not actually work. Reviewed by: bdrewery Differential Revision:D17251 Modified: head/share/mk/dirdeps-options.mk Modified: head/share/mk/dirdeps-options.mk == --- head/share/mk/dirdeps-options.mkTue Jan 15 22:31:54 2019 (r343065) +++ head/share/mk/dirdeps-options.mkTue Jan 15 23:35:53 2019 (r343066) @@ -1,5 +1,5 @@ # $FreeBSD$ -# $Id: dirdeps-options.mk,v 1.8 2018/05/29 22:31:21 sjg Exp $ +# $Id: dirdeps-options.mk,v 1.9 2018/09/20 00:07:19 sjg Exp $ # # @(#) Copyright (c) 2018, Simon J. Gerraty # @@ -54,7 +54,8 @@ DIRDEPS += ${DIRDEPS.$o.${MK_$o:U}:U} DIRDEPS := ${DIRDEPS:O:u} # avoid cross contamination .for o in ${DIRDEPS_OPTIONS:tu} -.undef DIRDEPS.$o.yes DIRDEPS.$o.no +.undef DIRDEPS.$o.yes +.undef DIRDEPS.$o.no .endfor .else # whether options are enabled or not, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r342376 - in head: contrib/bmake contrib/bmake/mk contrib/bmake/unit-tests usr.bin/bmake
Author: sjg Date: Sun Dec 23 01:05:52 2018 New Revision: 342376 URL: https://svnweb.freebsd.org/changeset/base/342376 Log: Merge bmake-20181221 Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/VERSION head/contrib/bmake/dirname.c head/contrib/bmake/mk/mk-files.txt head/contrib/bmake/parse.c head/contrib/bmake/unit-tests/varquote.mk head/contrib/bmake/var.c head/usr.bin/bmake/Makefile.config Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogSat Dec 22 22:59:11 2018 (r342375) +++ head/contrib/bmake/ChangeLogSun Dec 23 01:05:52 2018 (r342376) @@ -1,3 +1,26 @@ +2018-12-21 Simon J Gerraty + + * VERSION: 20181221 + Merge with NetBSD make, pick up + o parse.c: ParseVErrorInternal use .PARSEDIR + and apply if relative, and then use .PARSEFILE + for consistent result. + +2018-12-20 Simon J Gerraty + + * VERSION: 20181220 + Merge with NetBSD make, pick up + o parse.c: ParseVErrorInternal use .CURDIR if .PARSEDIR + is relative + o var.c: avoid SEGFAULT in .unexport-env + when MAKELEVEL is not set + +2018-12-16 Simon J Gerraty + + * VERSION: 20181216 + Merge with NetBSD make, pick up + o fix for unit-tests/varquote.mk on Debian + 2018-09-21 Simon J. Gerraty * VERSION: 20180919 Modified: head/contrib/bmake/VERSION == --- head/contrib/bmake/VERSION Sat Dec 22 22:59:11 2018(r342375) +++ head/contrib/bmake/VERSION Sun Dec 23 01:05:52 2018(r342376) @@ -1,2 +1,2 @@ # keep this compatible with sh and make -_MAKE_VERSION=20180919 +_MAKE_VERSION=20181221 Modified: head/contrib/bmake/dirname.c == --- head/contrib/bmake/dirname.cSat Dec 22 22:59:11 2018 (r342375) +++ head/contrib/bmake/dirname.cSun Dec 23 01:05:52 2018 (r342376) @@ -1,4 +1,4 @@ -/* $NetBSD: dirname.c,v 1.13 2014/07/16 10:52:26 christos Exp $*/ +/* $NetBSD: dirname.c,v 1.14 2018/09/27 00:45:34 kre Exp $ */ /*- * Copyright (c) 1997, 2002 The NetBSD Foundation, Inc. @@ -35,6 +35,11 @@ #ifndef HAVE_DIRNAME #include +#if defined(LIBC_SCCS) && !defined(lint) +__RCSID("$NetBSD: dirname.c,v 1.14 2018/09/27 00:45:34 kre Exp $"); +#endif /* !LIBC_SCCS && !lint */ + +#include "namespace.h" #include #ifdef HAVE_LIBGEN_H #include @@ -92,7 +97,8 @@ xdirname_r(const char *path, char *buf, size_t buflen) out: if (buf != NULL && buflen != 0) { buflen = MIN(len, buflen - 1); - memcpy(buf, path, buflen); + if (buf != path) + memcpy(buf, path, buflen); buf[buflen] = '\0'; } return len; Modified: head/contrib/bmake/mk/mk-files.txt == --- head/contrib/bmake/mk/mk-files.txt Sat Dec 22 22:59:11 2018 (r342375) +++ head/contrib/bmake/mk/mk-files.txt Sun Dec 23 01:05:52 2018 (r342376) @@ -25,7 +25,8 @@ of mk-files (mk.tar.gz_). NetBSD provided much of the Since then I've added a lot of features to NetBSD's make and hence to bmake which is kept closely in sync. The mk-files however have -diverged quite a bit, though ideas are still picked up from NetBSD. +diverged quite a bit, though ideas are still picked up from NetBSD +and FreeBSD. Basics -- @@ -399,6 +400,20 @@ to avoid possible conflicts during parallel builds. This precludes the use of suffix rules to drive ``make depend``, so dep.mk_ handles that if specifically requested. +options.mk +-- + +Inspired by FreeBSD's ``bsd.own.mk`` more flexible. +FreeBSD now have similar functionality in ``bsd.mkopt.mk``. + +It allows users to express their intent with respect to options +``MK_*`` by setting ``WITH_*`` or ``WITHOUT_*``. + +Note: ``WITHOUT_*`` wins if both are set, and makefiles can set +``NO_*`` to say they cannot handle that option, or even ``MK_*`` if +they really need to. + + own.mk -- @@ -407,6 +422,13 @@ Normally included by ``init.mk`` (included by ``lib.mk It includes ``${MAKECONF}`` if it is defined and exists. +ldorder.mk +-- + +Leverages ``bmake`` to compute optimal link order for libraries. +This works nicely and makes refactoring a breeze - so long as you +have not (or few) cicular dependencies between libraries. + man.mk -- @@ -477,5 +499,5 @@ where you unpacked the tar file, you can:: .. _mk.tar.gz: http://www.crufty.net/ftp/pub/sjg/mk.tar.gz :Author: s...@crufty.net -:Revision: $Id: mk-files.txt,v 1.16 2014/09/05 04:41:16 sjg Exp $ +:R
Re: svn commit: r341803 - head/libexec/rc
Just caught the tail of this thread so sorry for chiming in from the peanut gallery... blah | while read x; do ...; done behaves very differently to the for loop variant in that the body of the loop runs in a sub-shell and thus cannot affect the outer scope. In many cases that's exactly what you want. Sometimes though, it isn't. Conrad Meyer wrote: > On Tue, Dec 11, 2018 at 2:42 PM Devin Teske wrote: > > In that case, would it be appropriate to say that: > > > > blah | while read x; do ...; done > > > > Is always more efficiently written as: > > > > IFS=$'\n' > > for x in $( blah ); do ...; done > > I don't know. The suggestion came from jilles@, who is much more > familiar with sh(1) than I am. > > My understanding is that it's important that 'set -o noglob' is set, > or else 'blah' lines that include globs may be evaluated against the > filesystem. There is also a caveat if 'blah' is the 'set' command, or > similar, in that IFS' own value itself will be split across multiple > for loop iteration 'x' values ("IFS='", "'"). > > I would hesitate to say "always" given my limited understanding of the > shell, but it might be true. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r341652 - in head: contrib/bmake contrib/bmake/mk contrib/bmake/unit-tests usr.bin/bmake usr.bin/bmake/unit-tests
Author: sjg Date: Thu Dec 6 20:56:19 2018 New Revision: 341652 URL: https://svnweb.freebsd.org/changeset/base/341652 Log: Update bmake to version 20180919 Cleanup of stats cache and new :q modifier. Added: head/contrib/bmake/unit-tests/varquote.exp - copied unchanged from r341610, vendor/NetBSD/bmake/dist/unit-tests/varquote.exp head/contrib/bmake/unit-tests/varquote.mk - copied unchanged from r341610, vendor/NetBSD/bmake/dist/unit-tests/varquote.mk Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/FILES head/contrib/bmake/Makefile.config.in head/contrib/bmake/VERSION head/contrib/bmake/bmake.1 head/contrib/bmake/dir.c head/contrib/bmake/make.1 head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/dirdeps-options.mk head/contrib/bmake/mk/dirdeps.mk head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/meta.autodep.mk head/contrib/bmake/mk/meta.stage.mk head/contrib/bmake/unit-tests/Makefile.in head/contrib/bmake/var.c head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/unit-tests/Makefile Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogThu Dec 6 20:28:09 2018 (r341651) +++ head/contrib/bmake/ChangeLogThu Dec 6 20:56:19 2018 (r341652) @@ -1,3 +1,14 @@ +2018-09-21 Simon J. Gerraty + + * VERSION: 20180919 + Merge with NetBSD make, pick up + o var.c: add :q + o dir.c: cleanup caching of stats + +2018-09-21 Simon J Gerraty + + * Makefile.config.in: use += where it makes sense. + 2018-05-12 Simon J. Gerraty * VERSION: 20180512 Modified: head/contrib/bmake/FILES == --- head/contrib/bmake/FILESThu Dec 6 20:28:09 2018(r341651) +++ head/contrib/bmake/FILESThu Dec 6 20:56:19 2018(r341652) @@ -163,6 +163,8 @@ unit-tests/varcmd.exp unit-tests/varcmd.mk unit-tests/varmisc.exp unit-tests/varmisc.mk +unit-tests/varquote.exp +unit-tests/varquote.mk unit-tests/varshell.exp unit-tests/varshell.mk util.c Modified: head/contrib/bmake/Makefile.config.in == --- head/contrib/bmake/Makefile.config.in Thu Dec 6 20:28:09 2018 (r341651) +++ head/contrib/bmake/Makefile.config.in Thu Dec 6 20:56:19 2018 (r341652) @@ -1,6 +1,6 @@ # things set by configure -_MAKE_VERSION=@_MAKE_VERSION@ +_MAKE_VERSION?=@_MAKE_VERSION@ prefix?= @prefix@ srcdir= @srcdir@ @@ -11,9 +11,9 @@ DEFAULT_SYS_PATH?= @default_sys_path@ CPPFLAGS+= @CPPFLAGS@ CFLAGS+= ${CPPFLAGS} @DEFS@ -LDFLAGS= @LDFLAGS@ -LIBOBJS= @LIBOBJS@ -LDADD= @LIBS@ +LDFLAGS+= @LDFLAGS@ +LIBOBJS+= @LIBOBJS@ +LDADD+= @LIBS@ USE_META= @use_meta@ FILEMON_H?= @filemon_h@ BMAKE_PATH_MAX?= @bmake_path_max@ Modified: head/contrib/bmake/VERSION == --- head/contrib/bmake/VERSION Thu Dec 6 20:28:09 2018(r341651) +++ head/contrib/bmake/VERSION Thu Dec 6 20:56:19 2018(r341652) @@ -1,2 +1,2 @@ # keep this compatible with sh and make -_MAKE_VERSION=20180512 +_MAKE_VERSION=20180919 Modified: head/contrib/bmake/bmake.1 == --- head/contrib/bmake/bmake.1 Thu Dec 6 20:28:09 2018(r341651) +++ head/contrib/bmake/bmake.1 Thu Dec 6 20:56:19 2018(r341652) @@ -1,4 +1,4 @@ -.\"$NetBSD: make.1,v 1.272 2018/04/02 04:26:17 dholland Exp $ +.\"$NetBSD: make.1,v 1.273 2018/05/27 01:14:51 christos Exp $ .\" .\" Copyright (c) 1990, 1993 .\"The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\"from: @(#)make.18.4 (Berkeley) 3/19/94 .\" -.Dd June 22, 2017 +.Dd May 26, 2018 .Dt BMAKE 1 .Os .Sh NAME @@ -1227,8 +1227,15 @@ due uno quattro tre .Ed .It Cm \&:Q Quotes every shell meta-character in the variable, so that it can be passed +safely to the shell. +.It Cm \&:q +Quotes every shell meta-character in the variable, and also doubles +.Sq $ +characters so that it can be passed safely through recursive invocations of .Nm . +This is equivalent to: +.Sq \&:S/\e\&$/&&/g:Q . .It Cm \&:R Replaces each word in the variable with everything but its suffix. .It Cm \&:range[=count] Modified: head/contrib/bmake/dir.c == --- head/contrib/bmake/dir.cThu Dec 6 20:28:09 2018(r341651) +++ head/contrib/bmake/dir.cThu Dec 6 20:56:19 2018(r341652) @@ -1,4 +1,4 @@ -/* $NetBSD: dir.c,v 1.71 2017/04/16 21:14:47 riastradh E
svn commit: r337186 - head/share/mk
Author: sjg Date: Thu Aug 2 21:33:45 2018 New Revision: 337186 URL: https://svnweb.freebsd.org/changeset/base/337186 Log: Update dirdeps.mk et al to latest dirdeps.mk and meta.autodep.mk will now look for Makefile.depend.options to handle optional dependencies, the work is all done by dirdeps-options.mk Also update to latest meta.stage.mk and gendirdeps.mk Reviewed by: bdrewery Differential Revision:https://reviews.freebsd.org/D15701 Added: head/share/mk/dirdeps-options.mk (contents, props changed) Modified: head/share/mk/Makefile head/share/mk/bsd.files.mk head/share/mk/bsd.sys.mk head/share/mk/dirdeps.mk head/share/mk/gendirdeps.mk head/share/mk/local.autodep.mk head/share/mk/local.dirdeps.mk head/share/mk/local.gendirdeps.mk head/share/mk/local.meta.sys.mk head/share/mk/meta.autodep.mk head/share/mk/meta.stage.mk head/share/mk/meta.sys.mk head/share/mk/meta2deps.py Modified: head/share/mk/Makefile == --- head/share/mk/Makefile Thu Aug 2 21:25:32 2018(r337185) +++ head/share/mk/Makefile Thu Aug 2 21:33:45 2018(r337186) @@ -57,6 +57,7 @@ FILES=\ bsd.sys.mk \ bsd.test.mk \ dirdeps.mk \ + dirdeps-options.mk \ gendirdeps.mk \ install-new.mk \ meta.autodep.mk \ Modified: head/share/mk/bsd.files.mk == --- head/share/mk/bsd.files.mk Thu Aug 2 21:25:32 2018(r337185) +++ head/share/mk/bsd.files.mk Thu Aug 2 21:33:45 2018(r337186) @@ -120,8 +120,10 @@ realinstall: installfiles .if ${MK_STAGING} != "no" .if !empty(STAGE_SETS) buildfiles: stage_files +STAGE_TARGETS+= stage_files .if !empty(STAGE_AS_SETS) buildfiles: stage_as +STAGE_TARGETS+= stage_as .endif .endif .endif Modified: head/share/mk/bsd.sys.mk == --- head/share/mk/bsd.sys.mkThu Aug 2 21:25:32 2018(r337185) +++ head/share/mk/bsd.sys.mkThu Aug 2 21:33:45 2018(r337186) @@ -340,7 +340,7 @@ STAGE_TARGETS+= $t STAGE_TARGETS+= stage_as .endif -.if !empty(_LIBS) || (${MK_STAGING_PROG} != "no" && !defined(INTERNALPROG)) +.if !empty(STAGE_TARGETS) || (${MK_STAGING_PROG} != "no" && !defined(INTERNALPROG)) .if !empty(LINKS) STAGE_TARGETS+= stage_links Added: head/share/mk/dirdeps-options.mk == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/mk/dirdeps-options.mkThu Aug 2 21:33:45 2018 (r337186) @@ -0,0 +1,73 @@ +# $FreeBSD$ +# $Id: dirdeps-options.mk,v 1.8 2018/05/29 22:31:21 sjg Exp $ +# +# @(#) Copyright (c) 2018, Simon J. Gerraty +# +# This file is provided in the hope that it will +# be of use. There is absolutely NO WARRANTY. +# Permission to copy, redistribute or otherwise +# use this file is hereby granted provided that +# the above copyright notice and this notice are +# left intact. +# +# Please send copies of changes and bug-fixes to: +# s...@crufty.net +# + +## +# +# This makefile is used to deal with optional DIRDEPS. +# +# It is to be included by Makefile.depend.options in a +# directory which has DIRDEPS affected by optional features. +# Makefile.depend.options should set DIRDEPS_OPTIONS and +# may also set specific DIRDEPS.* for those options. +# +# If a Makefile.depend.options file exists, it will be included by +# dirdeps.mk and meta.autodep.mk +# +# We include local.dirdeps-options.mk which may also define DIRDEPS.* +# for options. +# +# Thus a directory, that is affected by an option FOO would have +# a Makefile.depend.options that sets +# DIRDEPS_OPTIONS= FOO +# It can also set either/both of +# DIRDEPS.FOO.yes +# DIRDEPS.FOO.no +# to whatever applies for that dir, or it can rely on globals +# set in local.dirdeps-options.mk +# Either way, we will .undef DIRDEPS.* when done. + +# This should have been set by Makefile.depend.options +# before including us +DIRDEPS_OPTIONS ?= + +# pickup any DIRDEPS.* we need +.-include + +.if ${.MAKE.LEVEL} == 0 +# :U below avoids potential errors when we := +.for o in ${DIRDEPS_OPTIONS:tu} +DIRDEPS += ${DIRDEPS.$o.${MK_$o:U}:U} +.endfor +DIRDEPS := ${DIRDEPS:O:u} +# avoid cross contamination +.for o in ${DIRDEPS_OPTIONS:tu} +.undef DIRDEPS.$o.yes DIRDEPS.$o.no +.endfor +.else +# whether options are enabled or not, +# we want to filter out the relevant DIRDEPS.* +# we should only be included by meta.autodep.mk +# if dependencies are to be updated +.for o in ${DIRDEPS_OPTIONS:tu} +.for d in ${DIRDEPS.$o.yes} ${DIRDEPS.$o.no} +.if exists(${SRCTOP}/$d) +GENDIRDEPS_FILTER += N$d* +.elif exists(${SRCTOP}/${d:R}) +GENDIRDEPS_FILTER += N${d:R}* +.endif +.en
Re: svn commit: r335402 - head/sbin/veriexecctl
Warner Losh wrote: > > Officially this code is on the 12.0 target path, it needs > > to be in the tree sooner where many eyes can work on it. > > > > I concur here. Let's give it until 12 to get sorted. If it's mostly sorted > by then, we're good. > If not we can have the discussion then. > There's also some manifest signing stuff in the works that was recently > approved to go in. Simon was talking about that. Maybe that will help fill > the gaps? I think so. The work I've done for loader supports both X.509 and OpenPGP based signatures, I need to tweak the library a bit so it is useful for userland app too. FWIW I'd meant to suggest to steve not to commit the veriexecctl tool which I think we all agree is useless as is (never used by us). I believe he'll back that bit out when he can get access to his keys - he's travelling this week. Thanks --sjg ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r335402 - head/sbin/veriexecctl
Conrad Meyer wrote: > The signing of manifests does not exist in the patch series committed. Nor will it, the singing of manifests is a build thing. But as I mentioned earlier I think the loader verification code can be leveraged for a verifying userland veriexec tool similar to that in Junos. > (If NetBSD does something broken, that is not an excuse to copy it.) How about we backout the veriexecctl tool - which is the only bit your comments apply to - and which we do not use. All the signing etc discussion is orthogonal to the kernel part. > > A veriexec loader that leverages signed manifests requires some signing > > infra. That's a big topic all by itself. > > It *may* require that. However, even without that, admins could > reasonably manage their own PKI in some fashion, independent of There still needs to be a tool that they can use. The work I've done on the loader should make this simple since it provides for OpenPGP signatures as well as X.509 based certs. > FreeBSD's infra. But it requires the support code to verify > signatures, as in the "verify" part of veriexec, which is wholly > absent. Yes. As above, reverting the veriexecctl tool would be fine, I'll commit a proper verifying tool along with the loader bits. I have to do some tweaking of one of my libs first. > Again — this is a discussion for arch or phabricator, with the series > reverted first. For code that's off by default why is reverting a requirement? > many other glaring performance problems. If you care about MAC > performance in a secure algorithm in 2018, perhaps look at any of > these great options: > > * SHA-3 (Keccak) > * Blake2-b > * Poly1305-{AES,Salsa,ChaCha} The framework allows folk to add any hashes they like. For us, anything which is not NIST approved is of little interest. Obviously many people have the luxury of not haveing to bow to NIST, so again the framework provides. > FreeBSD has had this code for 0 years. It's a novel feature here. > There is no reason to introduce SHA-1 in novel security features in > 2018. As mentioned earlier (in this thread? hard to say), no reason it needs to be enabled by default. FreeBSD.org if they are going to sign the packages they ship, need to make a decision about the hashes they want to support. > And no, upstreaming the signature verification code is completely > orthogonal to implementing signing infrastructure. Not really since one dictates the other. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r335402 - head/sbin/veriexecctl
Xin LI wrote: > I do agree with others that SHA-1 support should not be included It can certainly be disabled by default. > (unless I have missed something, but I think firmware integrity check > counts as a "Digital signature" verification, according to SP 800-131A A "Digital signature" verification is an accepted form of firmware integrity check, but a simple hash (inlcuding SHA-1) is also acceptible. We of course perform both - and the Digital signature does *not* use SHA-1, it has been deprecated for that purpose for some years now. > "9 Hash algorithms", SHA-1 verification should only be used for legacy > usage, which does not apply on FreeBSD because this is new feature). I've managed to get out of having to memorize all those SP's, so will check with one of the pour souls who still does - as to whether we are claiming "legacy" status... > But even that, given the code only impacts systems that have it > explicitly compiled in, it's reasonable to give the committer more > time to make further improvements rather than reverting it as a whole > as this would give the code more exposure. Indeed - thanks --sjg ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r335402 - head/sbin/veriexecctl
Cy Schubert wrote: > > The signing of manifests is external. The veriexecctl tool is I assume > > a straight copy of what's in NetBSD (I've not looked at it in at least a > > decade). > > If this is correct, should it not be imported into the vendor branches > first? > > What are the criteria to import through the vendor branches v.s. direct > import into HEAD? Do I fail to understand a missing piece of > information or is there an inconsistency? AFAIK the key is whether there is an upstream project that will be tracked, which is not the case here. The ctl tool is the only bit that bears any relationship to the NetBSD code - because we never used it. Once I commit the loader stuff, we can replace the above with something more useful - can leverage the same library to verify manifest signatures. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r335402 - head/sbin/veriexecctl
Benjamin Kaduk wrote: > With all due respect, NIST is hardly the sole authority on this topic. True, unless of course you sell to US govt. > With my IETF Security Area Director hat on, any greenfield proposal coming > in > to the IESG that included sha1 support would get extremely strong pushback, > and I don't expect that "reducing boot time" would be seen as sufficiently > compelling. Well that's unfortunate, because reality (and sales teams) can be a pain. The number of customers who would trade boot time for improved security is depressingly small. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r335402 - head/sbin/veriexecctl
Simon J. Gerraty wrote: > > - Maybe sign the source-of-trust file > > We do. As noted above, we cannot upstream that until FreeBSD has > suitable signing infra. It occurred to me, that since I'll be upstreaming a library that uses BearSSL to do the necessary manifest verification for the loader, the same could be leveraged for the veriexec loader. That may impact where the two libs should go - will discuss with imp. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r335402 - head/sbin/veriexecctl
Conrad Meyer wrote: > First and foremost: nothing is actually signed, anywhere. The The signing of manifests is external. The veriexecctl tool is I assume a straight copy of what's in NetBSD (I've not looked at it in at least a decade). A veriexec loader that leverages signed manifests requires some signing infra. That's a big topic all by itself. As I mentioned in my talk at BSDCan, the signing server we use is open source and handles pretty much anything OpenSSL can, as well as OpenPGP (and others). I also made a point of suggesting that the packages for base system include signed manifests. Tweaking the veriexec loader to only process manifests after verification is not hard - one of the first things I did when pulling veriexec into Junos almost 15 years ago. > As a corollary to the above, the name "signature file" is used > repeatedly in the code, which is misleading. The file contains hashes > (digests), not signatures (MACs). The file itself is unsigned. > Nothing about this has signatures. NetBSD refers to the hashes as fingerprints - AFAIK that terminology is retained. If the term signature is used to refer to anything other than the signed manifests that should be fixed. > There's absolutely no reason to use sha1 or ripemd in new designs. > These should be removed. Sorry I disagree - not with ripem (we never supported that or any of the non-NIST approved hashes), but sha1 is still approved by NIST for firmware integrity checks - which is what this is, and sha1 is cheaper than sha256. As I mentioned in my talk we've included support for sha256 for 10+ years, but do not plan to drop sha1 until NIST deprecate it for that purpose since boot time is a very sensitive subject for us. > The patchset is littered with style issues. One fairly obvious issue > is mixed indentation styles — some files vary between space and tab > indentation from line to line. You can probably blame me for some of that. I only recently found a style9.el that does a half decent job of formatting per style(9). > Please revert this patchset. It's not ready. > > Some suggestions for a second attempt: > > - Maybe use HMACs instead of raw hashes Why? > - Maybe sign the source-of-trust file We do. As noted above, we cannot upstream that until FreeBSD has suitable signing infra. > - Fix the style issues > - Fix the compiler warnings at 6 ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r334868 - head/stand/libsa
Author: sjg Date: Sat Jun 9 02:41:51 2018 New Revision: 334868 URL: https://svnweb.freebsd.org/changeset/base/334868 Log: Add st_mtime, st_ino and st_dev for ufs_stat Differential Revision:D15064 Modified: head/stand/libsa/ufs.c Modified: head/stand/libsa/ufs.c == --- head/stand/libsa/ufs.c Sat Jun 9 02:25:18 2018(r334867) +++ head/stand/libsa/ufs.c Sat Jun 9 02:41:51 2018(r334868) @@ -124,6 +124,7 @@ struct file { ufs2_daddr_tf_buf_blkno;/* block number of data block */ char*f_buf; /* buffer for data block */ size_t f_buf_size; /* size of data block */ + int f_inumber; /* inumber */ }; #define DIP(fp, field) \ ((fp)->f_fs->fs_magic == FS_UFS1_MAGIC ? \ @@ -190,6 +191,7 @@ read_inode(inumber, f) fp->f_buf_blkno = -1; } fp->f_seekp = 0; + fp->f_inumber = inumber; out: free(buf); return (rc); @@ -836,6 +838,20 @@ ufs_stat(f, sb) sb->st_uid = DIP(fp, di_uid); sb->st_gid = DIP(fp, di_gid); sb->st_size = DIP(fp, di_size); + sb->st_mtime = DIP(fp, di_mtime); + /* +* The items below are ufs specific! +* Other fs types will need their own solution +* if these fields are needed. +*/ + sb->st_ino = fp->f_inumber; + /* +* We need something to differentiate devs. +* fs_id is unique but 64bit, we xor the two +* halves to squeeze it into 32bits. +*/ + sb->st_dev = (dev_t)(fp->f_fs->fs_id[0] ^ fp->f_fs->fs_id[1]); + return (0); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r333820 - in head: contrib/bmake contrib/bmake/mk usr.bin/bmake
Author: sjg Date: Sat May 19 00:26:00 2018 New Revision: 333820 URL: https://svnweb.freebsd.org/changeset/base/333820 Log: Merge bmake-20180512 Skip polling job token pipe, better handle sysV style includes with variables. Added: head/contrib/bmake/mk/dirdeps-options.mk - copied unchanged from r333814, vendor/NetBSD/bmake/dist/mk/dirdeps-options.mk Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/VERSION head/contrib/bmake/bmake.1 head/contrib/bmake/job.c head/contrib/bmake/make.1 head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/FILES head/contrib/bmake/mk/cython.mk head/contrib/bmake/mk/dirdeps.mk head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/ldorder.mk head/contrib/bmake/mk/meta.autodep.mk head/contrib/bmake/mk/own.mk head/contrib/bmake/parse.c head/usr.bin/bmake/Makefile.config Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogSat May 19 00:04:01 2018 (r333819) +++ head/contrib/bmake/ChangeLogSat May 19 00:26:00 2018 (r333820) @@ -1,3 +1,16 @@ +2018-05-12 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20180512 + Merge with NetBSD make, pick up + o job.c: skip polling job token pipe + +2018-04-05 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20180405 + Merge with NetBSD make, pick up + o parse.c: be more cautious about detecting depenency line + rather than sysV style include. + 2018-02-22 Simon J. Gerraty <s...@bad.crufty.net> * VERSION: 20180222 Modified: head/contrib/bmake/VERSION == --- head/contrib/bmake/VERSION Sat May 19 00:04:01 2018(r333819) +++ head/contrib/bmake/VERSION Sat May 19 00:26:00 2018(r333820) @@ -1,2 +1,2 @@ # keep this compatible with sh and make -_MAKE_VERSION=20180222 +_MAKE_VERSION=20180512 Modified: head/contrib/bmake/bmake.1 == --- head/contrib/bmake/bmake.1 Sat May 19 00:04:01 2018(r333819) +++ head/contrib/bmake/bmake.1 Sat May 19 00:26:00 2018(r333820) @@ -1,4 +1,4 @@ -.\"$NetBSD: make.1,v 1.271 2017/07/03 21:34:20 wiz Exp $ +.\"$NetBSD: make.1,v 1.272 2018/04/02 04:26:17 dholland Exp $ .\" .\" Copyright (c) 1990, 1993 .\"The Regents of the University of California. All rights reserved. @@ -1865,7 +1865,8 @@ expression is applied. Similarly, if the form is .Ql Ic .ifmake or -.Ql Ic .ifnmake , the +.Ql Ic .ifnmake , +the .Dq make expression is applied. .Pp Modified: head/contrib/bmake/job.c == --- head/contrib/bmake/job.cSat May 19 00:04:01 2018(r333819) +++ head/contrib/bmake/job.cSat May 19 00:26:00 2018(r333820) @@ -1,4 +1,4 @@ -/* $NetBSD: job.c,v 1.192 2018/02/08 09:05:21 dholland Exp $ */ +/* $NetBSD: job.c,v 1.195 2018/05/13 22:13:28 sjg Exp $*/ /* * Copyright (c) 1988, 1989, 1990 The Regents of the University of California. @@ -70,14 +70,14 @@ */ #ifndef MAKE_NATIVE -static char rcsid[] = "$NetBSD: job.c,v 1.192 2018/02/08 09:05:21 dholland Exp $"; +static char rcsid[] = "$NetBSD: job.c,v 1.195 2018/05/13 22:13:28 sjg Exp $"; #else #include #ifndef lint #if 0 static char sccsid[] = "@(#)job.c 8.2 (Berkeley) 3/19/94"; #else -__RCSID("$NetBSD: job.c,v 1.192 2018/02/08 09:05:21 dholland Exp $"); +__RCSID("$NetBSD: job.c,v 1.195 2018/05/13 22:13:28 sjg Exp $"); #endif #endif /* not lint */ #endif @@ -2998,7 +2998,6 @@ Job_TokenWithdraw(void) } if (DEBUG(JOB)) fprintf(debug_file, "(%d) blocked for token\n", getpid()); - wantToken = 1; return FALSE; } Modified: head/contrib/bmake/make.1 == --- head/contrib/bmake/make.1 Sat May 19 00:04:01 2018(r333819) +++ head/contrib/bmake/make.1 Sat May 19 00:26:00 2018(r333820) @@ -1,4 +1,4 @@ -.\"$NetBSD: make.1,v 1.271 2017/07/03 21:34:20 wiz Exp $ +.\"$NetBSD: make.1,v 1.272 2018/04/02 04:26:17 dholland Exp $ .\" .\" Copyright (c) 1990, 1993 .\"The Regents of the University of California. All rights reserved. @@ -1876,7 +1876,8 @@ expression is applied. Similarly, if the form is .Ql Ic .ifmake or -.Ql Ic .ifnmake , the +.Ql Ic .ifnmake , +the .Dq make expression is applied. .Pp Modified: head/contrib/bmake/mk/ChangeLog == --- head
svn commit: r330260 - in head: contrib/bmake contrib/bmake/mk contrib/bmake/unit-tests usr.bin/bmake
Author: sjg Date: Fri Mar 2 01:53:50 2018 New Revision: 330260 URL: https://svnweb.freebsd.org/changeset/base/330260 Log: Update to bmake-20180 Fixes segfault in Var_Set if val is NULL Don't treat .info as warning with -W Added: head/contrib/bmake/mk/ldorder.mk - copied unchanged from r330259, vendor/NetBSD/bmake/dist/mk/ldorder.mk Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/Makefile.config.in head/contrib/bmake/VERSION head/contrib/bmake/aclocal.m4 head/contrib/bmake/bmake.cat1 head/contrib/bmake/configure head/contrib/bmake/configure.in head/contrib/bmake/job.c head/contrib/bmake/make.h head/contrib/bmake/meta.c head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/FILES head/contrib/bmake/mk/auto.obj.mk head/contrib/bmake/mk/dpadd.mk head/contrib/bmake/mk/final.mk head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/lib.mk head/contrib/bmake/mk/own.mk head/contrib/bmake/mk/prog.mk head/contrib/bmake/mk/sys.mk head/contrib/bmake/mk/sys.vars.mk head/contrib/bmake/os.sh head/contrib/bmake/parse.c head/contrib/bmake/stresep.c head/contrib/bmake/unit-tests/varcmd.exp head/contrib/bmake/unit-tests/varcmd.mk head/contrib/bmake/var.c head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/Makefile.inc head/usr.bin/bmake/config.h Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogThu Mar 1 23:46:02 2018 (r330259) +++ head/contrib/bmake/ChangeLogFri Mar 2 01:53:50 2018 (r330260) @@ -1,3 +1,44 @@ +2018-02-22 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20180222 + Merge with NetBSD make, pick up + o parse.c: avoid calling sysconf for every call to loadfile + +2018-02-18 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20180218 + Merge with NetBSD make, pick up + o var.c: Var_Set handle NULL value anytime. + +2018-02-12 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20180212 + Merge with NetBSD make, pick up + o parse.c: do not treat .info as warning with -W + +2017-12-07 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20171207 + Merge with NetBSD make, pick up + o var.c: Var_Append use Var_Set if var not previously set + so that VAR_CMD is handled correctly. + Add a suitable unit-test. + +2017-11-26 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION (_MAKE_VERSION): 20171126 + + * aclocal.m4: use AC_LINK_IFELSE for AC_C___ATTRIBUTE__ + since AC_TRY_COMPILE puts input inside main() + which upsets modern compilers. + +2017-11-18 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20171118 + Merge with NetBSD make, pick up + o var.c: do not append to variable set on command line + add unit-test to catch this. + 2017-10-28 Simon J. Gerraty <s...@bad.crufty.net> * VERSION: 20171028 Modified: head/contrib/bmake/Makefile.config.in == --- head/contrib/bmake/Makefile.config.in Thu Mar 1 23:46:02 2018 (r330259) +++ head/contrib/bmake/Makefile.config.in Fri Mar 2 01:53:50 2018 (r330260) @@ -15,7 +15,7 @@ LDFLAGS= @LDFLAGS@ LIBOBJS= @LIBOBJS@ LDADD= @LIBS@ USE_META= @use_meta@ -FILEMON_H= @filemon_h@ +FILEMON_H?= @filemon_h@ BMAKE_PATH_MAX?= @bmake_path_max@ # used if MAXPATHLEN not defined CPPFLAGS+= -DBMAKE_PATH_MAX=${BMAKE_PATH_MAX} Modified: head/contrib/bmake/VERSION == --- head/contrib/bmake/VERSION Thu Mar 1 23:46:02 2018(r330259) +++ head/contrib/bmake/VERSION Fri Mar 2 01:53:50 2018(r330260) @@ -1,2 +1,2 @@ # keep this compatible with sh and make -_MAKE_VERSION=20171028 +_MAKE_VERSION=20180222 Modified: head/contrib/bmake/aclocal.m4 == --- head/contrib/bmake/aclocal.m4 Thu Mar 1 23:46:02 2018 (r330259) +++ head/contrib/bmake/aclocal.m4 Fri Mar 2 01:53:50 2018 (r330260) @@ -1,5 +1,5 @@ dnl RCSid: -dnl$Id: aclocal.m4,v 1.5 2003/03/06 21:21:30 sjg Exp $ +dnl$Id: aclocal.m4,v 1.6 2017/11/26 22:39:20 sjg Exp $ dnl dnl @@ -55,16 +55,21 @@ dnl AC_DEFUN(AC_C___ATTRIBUTE__, [ AC_MSG_CHECKING(for __attribute__) AC_CACHE_VAL(ac_cv___attribute__, [ -AC_TRY_COMPILE([ +AC_LINK_IFELSE([ #include -], -[ + static void foo(void) __attribute__ ((noreturn)); static void foo(void) { exit(1); +} + +int +main(int argc, char **argv) +{ + foo(); } ], ac_cv___attribute__=yes
Re: svn commit: r325404 - head/share/mk
Bryan Drewerywrote: > I only find RELDIR useful in the non-kernel builds, so I don't really > care to extend it here. Yes I said as much in the other thread. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r325404 - head/share/mk
Bryan Drewerywrote: > > ${.OBJDIR} == /${RELDIR})) make[6]: Fatal errors encountered -- cannot > > continue make[6]: > > stopped > > in > > /usr/obj/usr/src/amd64.amd64/sys/THOR/usr/ports/emulators/virtualbox-ose-kmod/work/VirtualBox-5.2.0/out/freebsd.amd64/release/bin/src/vboxdrv > > *** Error code 1 > > Weird, can you try this please? http://dpaste.com/3HR1EQH.txt > That will work, but you could remove the check for SRCTOP since it isn't used in the conditional. FWIW this is happening because make is being run from within OBJTOP during kernel module build, and thus the logic in src.sys.env.mk isn't defining RELDIR. If OBJTOP were defined (it is in my case) the following which is similar to what we have in our internal trees would fix it. In the FreeBSD tree though OBJTOP may not defined until some time later. And if you want to .export it you need to use .export-env and play games to get it into a form that will work as TARGET_SPEC_VARS change values. Index: share/mk/src.sys.env.mk === --- share/mk/src.sys.env.mk (revision 325436) +++ share/mk/src.sys.env.mk (working copy) @@ -10,6 +10,8 @@ RELTOP= . .elif ${.CURDIR:M${SRCTOP}/*} RELDIR:= ${.CURDIR:S,${SRCTOP}/,,} +.elif ${.CURDIR:M${OBJTOP}/*} +RELDIR:= ${.CURDIR:S,${OBJTOP}/,,} .endif RELTOP?= ${RELDIR:C,[^/]+,..,g} RELOBJTOP?=${RELTOP} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r325404 - head/share/mk
Author: sjg Date: Sat Nov 4 21:02:26 2017 New Revision: 325404 URL: https://svnweb.freebsd.org/changeset/base/325404 Log: Ensure .OBJDIR has known value If for any reason we cannot set .OBJDIR==_objdir as desired use .CURDIR so that at least the classic .if ${.OBJDIR} != ${.CURDIR} works and dangerous misstakes can be avoided. Reviewed by: bdrewery Modified: head/share/mk/auto.obj.mk Modified: head/share/mk/auto.obj.mk == --- head/share/mk/auto.obj.mk Sat Nov 4 16:23:34 2017(r325403) +++ head/share/mk/auto.obj.mk Sat Nov 4 21:02:26 2017(r325404) @@ -61,11 +61,17 @@ __objdir_made != echo ${__objdir}/; umask ${OBJDIR_UMA .endif # This causes make to use the specified directory as .OBJDIR .OBJDIR: ${__objdir} -.if ${.OBJDIR:tA} != ${__objdir:tA} && ${__objdir_made:Uno:M${__objdir}/*} != "" +.if ${.OBJDIR:tA} != ${__objdir:tA} +# we did not get what we want - do we care? +.if ${__objdir_made:Uno:M${__objdir}/*} != "" # watch out for __objdir being relative path .if !(${__objdir:M/*} == "" && ${.OBJDIR:tA} == ${${.CURDIR}/${__objdir}:L:tA}) .error could not use ${__objdir}: .OBJDIR=${.OBJDIR} .endif +.endif +# apparently we can live with it +# make sure we know what we have +.OBJDIR: ${.CURDIR} .endif .endif .endif ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r325340 - in head: contrib/bmake contrib/bmake/mk contrib/bmake/unit-tests usr.bin/bmake
Author: sjg Date: Thu Nov 2 20:08:00 2017 New Revision: 325340 URL: https://svnweb.freebsd.org/changeset/base/325340 Log: Update to bmake-20171028 Ignore empty MAKEOBJDIR[PREFIX] Reported by: bdrewery Added: head/contrib/bmake/VERSION - copied unchanged from r325339, vendor/NetBSD/bmake/dist/VERSION Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/FILES head/contrib/bmake/Makefile head/contrib/bmake/Makefile.config.in head/contrib/bmake/bsd.after-import.mk head/contrib/bmake/configure head/contrib/bmake/configure.in head/contrib/bmake/machine.sh head/contrib/bmake/main.c head/contrib/bmake/make-bootstrap.sh.in head/contrib/bmake/meta.c head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/autoconf.mk head/contrib/bmake/mk/dirdeps.mk head/contrib/bmake/mk/dpadd.mk head/contrib/bmake/mk/gendirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/meta.autodep.mk head/contrib/bmake/mk/meta.stage.mk head/contrib/bmake/mk/sys.clean-env.mk head/contrib/bmake/mk/whats.mk head/contrib/bmake/os.sh head/contrib/bmake/unit-tests/dotwait.exp head/contrib/bmake/unit-tests/dotwait.mk head/usr.bin/bmake/Makefile head/usr.bin/bmake/Makefile.config head/usr.bin/bmake/config.h Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogThu Nov 2 19:53:51 2017 (r325339) +++ head/contrib/bmake/ChangeLogThu Nov 2 20:08:00 2017 (r325340) @@ -1,3 +1,36 @@ +2017-10-28 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20171028 + Merge with NetBSD make, pick up + o main.c: ignore empty MAKEOBJDIR + + * Makefile.config.in: + make @prefix@ @machine*@ and @default_sys_path@ defaults. + +2017-10-05 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION: 20171005 + + * unit-tests/dotwait.mk: redirect stderr through pipe for more + consistent result on some platforms. + +2017-08-13 Simon J. Gerraty <s...@bad.crufty.net> + + * machine.sh: entry for AIX + +2017-08-12 Simon J. Gerraty <s...@bad.crufty.net> + + * VERSION (_MAKE_VERSION): Move the setting of _MAKE_VERSION + to a file that can be included by configure as well as make. + This allows configure to set set _MAKE_VERSION in make-bootstrap.sh + +2017-08-10 Simon J. Gerraty <s...@bad.crufty.net> + + * Makefile (_MAKE_VERSION): 20170810 + Merge with NetBSD make, pick up + o meta.c: if target is in subdir we only need subdir name in + meta_name. + 2017-07-20 Simon J. Gerraty <s...@bad.crufty.net> * Makefile (_MAKE_VERSION): 20170720 Modified: head/contrib/bmake/FILES == --- head/contrib/bmake/FILESThu Nov 2 19:53:51 2017(r325339) +++ head/contrib/bmake/FILESThu Nov 2 20:08:00 2017(r325340) @@ -5,6 +5,7 @@ Makefile.config.in PSD.doc/Makefile PSD.doc/tutorial.ms README +VERSION aclocal.m4 arch.c bmake.1 Modified: head/contrib/bmake/Makefile == --- head/contrib/bmake/Makefile Thu Nov 2 19:53:51 2017(r325339) +++ head/contrib/bmake/Makefile Thu Nov 2 20:08:00 2017(r325340) @@ -1,8 +1,5 @@ -# $Id: Makefile,v 1.95 2017/07/20 19:36:13 sjg Exp $ +# $Id: Makefile,v 1.99 2017/08/13 20:12:53 sjg Exp $ -# Base version on src date -_MAKE_VERSION= 20170720 - PROG= bmake SRCS= \ @@ -58,6 +55,8 @@ SRCS+= \ lstReplace.c \ lstSucc.c +.-include "VERSION" + # this file gets generated by configure .-include "Makefile.config" @@ -192,11 +191,13 @@ MANDIR= ${MANDIR.bmake:U${SHAREDIR}/man} ${OBJS}: config.h .endif +# start-delete2 for bsd.after-import.mk + # make sure that MAKE_VERSION gets updated. -main.o: ${SRCS} ${MAKEFILE} +main.o: ${SRCS} ${.CURDIR}/VERSION -# start-delete2 for bsd.after-import.mk .if ${MK_AUTOCONF_MK} == "yes" +CONFIGURE_DEPS += ${.CURDIR}/VERSION .include .endif SHARE_MK?=${SHAREDIR}/mk Modified: head/contrib/bmake/Makefile.config.in == --- head/contrib/bmake/Makefile.config.in Thu Nov 2 19:53:51 2017 (r325339) +++ head/contrib/bmake/Makefile.config.in Thu Nov 2 20:08:00 2017 (r325340) @@ -1,11 +1,13 @@ # things set by configure -prefix= @prefix@ +_MAKE_VERSION=@_MAKE_VERSION@ + +prefix?= @prefix@ srcdir= @srcdir@ CC?= @CC@ -MACHINE= @machine@ -MACHINE_ARCH= @machine_arch@ -DEFAULT_SYS_PATH= @default_sys_path@ +MACHINE?= @machine@ +MACHINE_ARCH?= @machine_arch@ +DEFAULT_SYS_PATH?= @default_sys_path@ CPPFLAGS+= @CPPFLAGS@ CFLAGS+= ${CPPFLAG
svn commit: r323637 - head/share/mk
Author: sjg Date: Sat Sep 16 05:42:27 2017 New Revision: 323637 URL: https://svnweb.freebsd.org/changeset/base/323637 Log: Use OBJS_SRCS_FILTER to control setting OBJS from SRCS Some makefiles do reachover builds. In some cases it is convenient to list subdirs of the distribution in SRCS. It is not very convenient, or always even desirable to have corresponding subdirs in .OBJDIR, so OBJS_SRCS_FILTER allows the makefile to choose. The default value 'R' matches existing practice. But a makefile can set OBJS_SRCS_FILTER= T (the R gets added by bsd.init.mk) to avoid the need for subdirs in .OBJDIR Differential Revision:https://reviews.freebsd.org/D12218 Reviewed by: bdrewery Modified: head/share/mk/bsd.dep.mk head/share/mk/bsd.init.mk head/share/mk/bsd.lib.mk head/share/mk/bsd.prog.mk Modified: head/share/mk/bsd.dep.mk == --- head/share/mk/bsd.dep.mkSat Sep 16 03:54:20 2017(r323636) +++ head/share/mk/bsd.dep.mkSat Sep 16 05:42:27 2017(r323637) @@ -101,7 +101,7 @@ _SKIP_DEPEND= 1 CLEANFILES?= .for _S in ${SRCS:N*.[dhly]} -OBJS_DEPEND_GUESS.${_S:R}.o+= ${_S} +OBJS_DEPEND_GUESS.${_S:${OBJS_SRCS_FILTER:ts:}}.o+=${_S} .endfor # Lexical analyzers @@ -180,7 +180,7 @@ DEPEND_MP?= -MP DEPEND_FILTER= C,/,_,g DEPENDSRCS=${SRCS:M*.[cSC]} ${SRCS:M*.cxx} ${SRCS:M*.cpp} ${SRCS:M*.cc} .if !empty(DEPENDSRCS) -DEPENDOBJS+= ${DEPENDSRCS:R:S,$,.o,} +DEPENDOBJS+= ${DEPENDSRCS:${OBJS_SRCS_FILTER:ts:}:S,$,.o,} .endif DEPENDFILES_OBJS= ${DEPENDOBJS:O:u:${DEPEND_FILTER}:C/^/${DEPENDFILE}./} .if defined(_SKIP_DEPEND) Modified: head/share/mk/bsd.init.mk == --- head/share/mk/bsd.init.mk Sat Sep 16 03:54:20 2017(r323636) +++ head/share/mk/bsd.init.mk Sat Sep 16 05:42:27 2017(r323637) @@ -16,6 +16,10 @@ : .include .MAIN: all +# This is used in bsd.{dep,lib,prog}.mk as ${OBJS_SRCS_FILTER:ts:} +# Some makefiles may want T as well to avoid nested objdirs. +OBJS_SRCS_FILTER+= R + # Handle INSTALL_AS_USER here to maximize the chance that # it has final authority over fooOWN and fooGRP. .if ${MK_INSTALL_AS_USER} != "no" Modified: head/share/mk/bsd.lib.mk == --- head/share/mk/bsd.lib.mkSat Sep 16 03:54:20 2017(r323636) +++ head/share/mk/bsd.lib.mkSat Sep 16 05:42:27 2017(r323637) @@ -168,7 +168,7 @@ LDFLAGS+= -Wl,--version-script=${VERSION_MAP} .endif .if defined(LIB) && !empty(LIB) || defined(SHLIB_NAME) -OBJS+= ${SRCS:N*.h:R:S/$/.o/} +OBJS+= ${SRCS:N*.h:${OBJS_SRCS_FILTER:ts:}:S/$/.o/} CLEANFILES+= ${OBJS} ${STATICOBJS} .endif @@ -437,13 +437,13 @@ lint: ${SRCS:M*.c} .if defined(LIB) && !empty(LIB) OBJS_DEPEND_GUESS+= ${SRCS:M*.h} .for _S in ${SRCS:N*.[hly]} -OBJS_DEPEND_GUESS.${_S:R}.po+= ${_S} +OBJS_DEPEND_GUESS.${_S:${OBJS_SRCS_FILTER:ts:}}.po+= ${_S} .endfor .endif .if defined(SHLIB_NAME) || \ defined(INSTALL_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) .for _S in ${SRCS:N*.[hly]} -OBJS_DEPEND_GUESS.${_S:R}.pico+= ${_S} +OBJS_DEPEND_GUESS.${_S:${OBJS_SRCS_FILTER:ts:}}.pico+= ${_S} .endfor .endif Modified: head/share/mk/bsd.prog.mk == --- head/share/mk/bsd.prog.mk Sat Sep 16 03:54:20 2017(r323636) +++ head/share/mk/bsd.prog.mk Sat Sep 16 05:42:27 2017(r323637) @@ -85,7 +85,7 @@ PROGNAME?=${PROG} .if defined(SRCS) -OBJS+= ${SRCS:N*.h:R:S/$/.o/g} +OBJS+= ${SRCS:N*.h:${OBJS_SRCS_FILTER:ts:}:S/$/.o/g} .if target(beforelinking) beforelinking: ${OBJS} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r321410 - in head: contrib/bmake usr.bin/bmake
Author: sjg Date: Mon Jul 24 04:38:05 2017 New Revision: 321410 URL: https://svnweb.freebsd.org/changeset/base/321410 Log: Import bmake-20170720 Includes fix for compat handling of interrupts. Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/Makefile head/contrib/bmake/compat.c head/contrib/bmake/job.c head/contrib/bmake/make.h head/contrib/bmake/nonints.h head/usr.bin/bmake/Makefile head/usr.bin/bmake/Makefile.inc Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogMon Jul 24 04:00:43 2017 (r321409) +++ head/contrib/bmake/ChangeLogMon Jul 24 04:38:05 2017 (r321410) @@ -1,3 +1,10 @@ +2017-07-20 Simon J. Gerraty <s...@bad.crufty.net> + + * Makefile (_MAKE_VERSION): 20170720 + Merge with NetBSD make, pick up + o compat.c: pass SIGINT etc onto child and wait for it to exit + before we self-terminate. + 2017-07-11 Simon J. Gerraty <s...@bad.crufty.net> * Makefile (_MAKE_VERSION): 20170711 Modified: head/contrib/bmake/Makefile == --- head/contrib/bmake/Makefile Mon Jul 24 04:00:43 2017(r321409) +++ head/contrib/bmake/Makefile Mon Jul 24 04:38:05 2017(r321410) @@ -1,7 +1,7 @@ -# $Id: Makefile,v 1.94 2017/07/15 18:22:14 sjg Exp $ +# $Id: Makefile,v 1.95 2017/07/20 19:36:13 sjg Exp $ # Base version on src date -_MAKE_VERSION= 20170711 +_MAKE_VERSION= 20170720 PROG= bmake Modified: head/contrib/bmake/compat.c == --- head/contrib/bmake/compat.c Mon Jul 24 04:00:43 2017(r321409) +++ head/contrib/bmake/compat.c Mon Jul 24 04:38:05 2017(r321410) @@ -1,4 +1,4 @@ -/* $NetBSD: compat.c,v 1.106 2016/08/26 23:28:39 dholland Exp $*/ +/* $NetBSD: compat.c,v 1.107 2017/07/20 19:29:54 sjg Exp $ */ /* * Copyright (c) 1988, 1989, 1990 The Regents of the University of California. @@ -70,14 +70,14 @@ */ #ifndef MAKE_NATIVE -static char rcsid[] = "$NetBSD: compat.c,v 1.106 2016/08/26 23:28:39 dholland Exp $"; +static char rcsid[] = "$NetBSD: compat.c,v 1.107 2017/07/20 19:29:54 sjg Exp $"; #else #include #ifndef lint #if 0 static char sccsid[] = "@(#)compat.c 8.2 (Berkeley) 3/19/94"; #else -__RCSID("$NetBSD: compat.c,v 1.106 2016/08/26 23:28:39 dholland Exp $"); +__RCSID("$NetBSD: compat.c,v 1.107 2017/07/20 19:29:54 sjg Exp $"); #endif #endif /* not lint */ #endif @@ -118,6 +118,8 @@ __RCSID("$NetBSD: compat.c,v 1.106 2016/08/26 23:28:39 static GNode *curTarg = NULL; static GNode *ENDNode; static void CompatInterrupt(int); +static pid_t compatChild; +static int compatSigno; /* * CompatDeleteTarget -- delete a failed, interrupted, or otherwise @@ -176,8 +178,17 @@ CompatInterrupt(int signo) } if (signo == SIGQUIT) _exit(signo); -bmake_signal(signo, SIG_DFL); -kill(myPid, signo); +/* + * If there is a child running, pass the signal on + * we will exist after it has exited. + */ +compatSigno = signo; +if (compatChild > 0) { + KILLPG(compatChild, signo); +} else { + bmake_signal(signo, SIG_DFL); + kill(myPid, signo); +} } /*- @@ -370,7 +381,7 @@ again: /* * Fork and execute the single command. If the fork fails, we abort. */ -cpid = vFork(); +compatChild = cpid = vFork(); if (cpid < 0) { Fatal("Could not fork"); } @@ -483,7 +494,12 @@ again: } } free(cmdStart); - +compatChild = 0; +if (compatSigno) { + bmake_signal(compatSigno, SIG_DFL); + kill(myPid, compatSigno); +} + return (status); } Modified: head/contrib/bmake/job.c == --- head/contrib/bmake/job.cMon Jul 24 04:00:43 2017(r321409) +++ head/contrib/bmake/job.cMon Jul 24 04:38:05 2017(r321410) @@ -1,4 +1,4 @@ -/* $NetBSD: job.c,v 1.190 2017/04/16 21:23:43 riastradh Exp $ */ +/* $NetBSD: job.c,v 1.191 2017/07/20 19:29:54 sjg Exp $*/ /* * Copyright (c) 1988, 1989, 1990 The Regents of the University of California. @@ -70,14 +70,14 @@ */ #ifndef MAKE_NATIVE -static char rcsid[] = "$NetBSD: job.c,v 1.190 2017/04/16 21:23:43 riastradh Exp $"; +static char rcsid[] = "$NetBSD: job.c,v 1.191 2017/07/20 19:29:54 sjg Exp $"; #else #include #ifndef lint #if 0 static char sccsid[] = "@(#)job.c 8.2 (Berkeley) 3/19/94"; #else -__RCSID("$NetBSD: job.c,v 1.190 2017/04/16 21:23:43 riastradh Exp $"); +__RCSID("$NetBSD: job.c,v 1.191
svn commit: r321036 - in head: contrib/bmake contrib/bmake/mk usr.bin/bmake
Author: sjg Date: Sat Jul 15 21:19:27 2017 New Revision: 321036 URL: https://svnweb.freebsd.org/changeset/base/321036 Log: Import bmake-20170711 Modified: head/contrib/bmake/ChangeLog head/contrib/bmake/Makefile head/contrib/bmake/bmake.1 head/contrib/bmake/bmake.cat1 head/contrib/bmake/buf.h head/contrib/bmake/dir.h head/contrib/bmake/hash.h head/contrib/bmake/main.c head/contrib/bmake/make.1 head/contrib/bmake/meta.c head/contrib/bmake/mk/ChangeLog head/contrib/bmake/mk/dirdeps.mk head/contrib/bmake/mk/install-mk head/contrib/bmake/mk/lib.mk head/contrib/bmake/mk/meta.stage.mk head/contrib/bmake/mk/meta.sys.mk head/contrib/bmake/mk/meta2deps.py head/contrib/bmake/mk/own.mk head/contrib/bmake/sprite.h head/usr.bin/bmake/Makefile Directory Properties: head/contrib/bmake/ (props changed) Modified: head/contrib/bmake/ChangeLog == --- head/contrib/bmake/ChangeLogSat Jul 15 20:53:08 2017 (r321035) +++ head/contrib/bmake/ChangeLogSat Jul 15 21:19:27 2017 (r321036) @@ -1,3 +1,16 @@ +2017-07-11 Simon J. Gerraty <s...@bad.crufty.net> + + * Makefile (_MAKE_VERSION): 20170711 + forgot to update after merge on 20170708 ;-) + o main.c: refactor to reduce size of main function. + add -v option to always fully expand values. + o meta.c: ensure command output in meta file has ending newline + even when filemon not being used. + When matching ${.MAKE.META.IGNORE_PATTERNS} do not use + pathname via ':L' since any ':' in pathname breaks that. + Instead set a '${.p.}' to pathname in the target context and + use that. + 2017-05-10 Simon J. Gerraty <s...@bad.crufty.net> * Makefile (_MAKE_VERSION): 20170510 Modified: head/contrib/bmake/Makefile == --- head/contrib/bmake/Makefile Sat Jul 15 20:53:08 2017(r321035) +++ head/contrib/bmake/Makefile Sat Jul 15 21:19:27 2017(r321036) @@ -1,7 +1,7 @@ -# $Id: Makefile,v 1.92 2017/05/10 22:29:04 sjg Exp $ +# $Id: Makefile,v 1.94 2017/07/15 18:22:14 sjg Exp $ # Base version on src date -_MAKE_VERSION= 20170510 +_MAKE_VERSION= 20170711 PROG= bmake Modified: head/contrib/bmake/bmake.1 == --- head/contrib/bmake/bmake.1 Sat Jul 15 20:53:08 2017(r321035) +++ head/contrib/bmake/bmake.1 Sat Jul 15 21:19:27 2017(r321036) @@ -1,4 +1,4 @@ -.\"$NetBSD: make.1,v 1.266 2017/02/01 18:39:27 sjg Exp $ +.\"$NetBSD: make.1,v 1.271 2017/07/03 21:34:20 wiz Exp $ .\" .\" Copyright (c) 1990, 1993 .\"The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\"from: @(#)make.18.4 (Berkeley) 3/19/94 .\" -.Dd February 1, 2017 +.Dd June 22, 2017 .Dt BMAKE 1 .Os .Sh NAME @@ -48,6 +48,7 @@ .Op Fl m Ar directory .Op Fl T Ar file .Op Fl V Ar variable +.Op Fl v Ar variable .Op Ar variable=value .Op Ar target ... .Sh DESCRIPTION @@ -206,7 +207,9 @@ Print debugging information about target list maintena .It Ar V Force the .Fl V -option to print raw values of variables. +option to print raw values of variables, overriding the default behavior +set via +.Va .MAKE.EXPAND_VARIABLES . .It Ar v Print debugging information about variable assignment. .It Ar x @@ -334,20 +337,39 @@ for each job started and completed. Rather than re-building a target as specified in the makefile, create it or update its modification time to make it appear up-to-date. .It Fl V Ar variable -Print -.Nm Ns 's -idea of the value of -.Ar variable , -in the global context. +Print the value of +.Ar variable . Do not build any targets. Multiple instances of this option may be specified; the variables will be printed one per line, with a blank line for each null or undefined variable. +The value printed is extracted from the global context after all +makefiles have been read. +By default, the raw variable contents (which may +include additional unexpanded variable references) are shown. If .Ar variable contains a .Ql \&$ -then the value will be expanded before printing. +then the value will be recursively expanded to its complete resultant +text before printing. +The expanded value will also be printed if +.Va .MAKE.EXPAND_VARIABLES +is set to true and +the +.Fl dV +option has not been used to override it. +Note that loop-local and target-local variables, as well as values +taken temporarily by global variables during makefile processing, are +not accessible via this option. +The +.Fl dv +debug mode can be used to see these at the cost of generating +substantial extraneous output. +.It Fl v Ar variable +Like +.Fl V +but the variable is always expanded to
Re: svn commit: r319694 - in head: contrib/libxo contrib/libxo/doc contrib/libxo/encoder/cbor contrib/libxo/encoder/test contrib/libxo/libxo contrib/libxo/tests/core contrib/libxo/tests/core/saved con
Cy Schubertwrote: > This commit breaks at the below: Can you pls confirm which compiler hit the error below? It has been suggested that this might only have bitten gcc... which would explain why Phil didn't hit it. > > ===> lib/libxo (all) > /home/cy/current/contrib/libxo/libxo/libxo.c:242:17: error: redefinition of > type > def 'xo_color_t' is a C11 feature [-Werror,-Wtypedef-redefinition] > typedef uint8_t xo_color_t; > ^ > /home/cy/current/contrib/libxo/libxo/libxo.c:206:17: note: previous > definition i > s here > typedef uint8_t xo_color_t; > ^ > 1 error generated. > --- libxo.o --- > *** [libxo.o] Error code 1 ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r319295 - head/usr.bin/mkimg/tests
Ngie Cooper (yaneurabeya)wrote: > > These should not be stored uuencoded. It serves no purpose other > > than bloating the repo and causing spammy commit mails like this one > > where we got a huge tail of garbage output. The tests appear to contain generated filesystem images. eg. img-1x1-512-mbr.vmdk.gz.uu Is storing img-1x1-512-mbr.vmdk.gz any more palatable? One option would be to store a sha256 hash of the result. If the image generated by the test hashes to the correct value - you pass. Of course if the test fails, you are completely in the dark as to how/why. With the current arrangment, marcel at least has something he can examine to see where the output generation went wrong. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r318313 - head/libexec/rtld-elf
Konstantin Belousovwrote: > > Consider a downstream vendor who has support for signed binary > > executions. If rtld allows a backdoor around exec(2) to run an unsigned > > binary, that could be a problem for them. It is on them to add support > > to exec(2) to validate the special case of execing rtld with an > > argument, or to just disable the feature in rtld from this commit. > > Note the undocumented O_VERIFY flag in open(2) from the patch. > This is very vendor-ish addition to request veriexec (?). Yep, we make rtld use O_VERIFY so that it will not load/link anything which is unsigned. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"