diff --git a/website/content/en/status/report-2023-04-2023-06/batman.adoc b/website/content/en/status/report-2023-04-2023-06/batman.adoc index 2f7117b52c..7f6c0d2a8c 100644 --- a/website/content/en/status/report-2023-04-2023-06/batman.adoc +++ b/website/content/en/status/report-2023-04-2023-06/batman.adoc @@ -1,21 +1,21 @@ === BATMAN support in the FreeBSD kernel Links: + link:https://wiki.freebsd.org/SummerOfCode2023Projects/CallingTheBatmanFreeNetworksOnFreeBSD[Wiki page] URL: link:https://wiki.freebsd.org/SummerOfCode2023Projects/CallingTheBatmanFreeNetworksOnFreeBSD[] + link:https://github.com/obiwac/freebsd-gsoc/pull/1[Source code (Pull Request)] URL: https://github.com/obiwac/freebsd-gsoc/pull/1[] Contact: Aymeric Wibo BATMAN (Better Approach to Mobile Ad-hoc Networking), as developed and used by the Freifunk project, is a routing protocol for (primarily wireless) multi-hop ad-hoc networks. Freifunk is a German initiative to build an open Wi-Fi network at city-scale, based on the principles of net-neutrality. BATMAN's motive is to be a completely decentralized protocol; no one node in the network knows or has to care about the topology of the whole network. Support for this protocol is provided by the batman-adv kernel module on Linux, and this project aims to bring that to FreeBSD. -This includes the kernel module itself, but also userland networking libraries and tools necessary to create BATMAN networks. +This includes the kernel module itself, but also userland networking libraries and tools necessary to create BATMAN networks. -Currently, creating interfaces and interacting with them works (with both Linux and FreeBSD userspaces), and packet transmission (kind of) works, although it's incomplete as of yet. +Currently, creating interfaces and interacting with them works (with both Linux and FreeBSD userspaces), and packet transmission (kind of) works, although it is incomplete as of yet. Support for batadv interfaces has been added to man:ifconfig[8] too. Mentor: {mmokhi-name} Sponsor: The Google Summer of Code '23 program diff --git a/website/content/en/status/report-2023-04-2023-06/capsicum-ktracing.adoc b/website/content/en/status/report-2023-04-2023-06/capsicum-ktracing.adoc index 463852075d..05e7bc6825 100644 --- a/website/content/en/status/report-2023-04-2023-06/capsicum-ktracing.adoc +++ b/website/content/en/status/report-2023-04-2023-06/capsicum-ktracing.adoc @@ -1,230 +1,230 @@ === Security Sandboxing Using man:ktrace[1] Links: + link:https://github.com/jakesfreeland/freebsd-src/tree/ff/ktrace[ktrace branch] URL: link:https://github.com/jakesfreeland/freebsd-src/tree/ff/ktrace[] + Contact: Jake Freeland ==== Capsicumization With man:ktrace[1] This report introduces an extension to man:ktrace[1] that logs capability violations for programs that have not been Capsicumized. The first logical step in Capsicumization is determining where your program is raising capability violations. You could approach this issue by looking through the source and removing Capsicum-incompatible code, but this can be tedious and requires the developer to be familiar with everything that is not allowed in capability mode. An alternative to finding violations manually is to use man:ktrace[1]. The man:ktrace[1] utility logs kernel activity for a specified process. Capsicum violations occur inside of the kernel, so man:ktrace[1] can record and return extra information about your program's violations with the `-t p` option. Programs traditionally need to be put into capability mode before they will report violations. When a restricted system call is entered, it will fail and return with `ECAPMODE: Not permitted in capability mode`. If the developer is doing error checking, then it is likely that their program will terminate with that error. This behavior made violation tracing inconvenient because man:ktrace[1] would only report the first capability violation, and then the program would terminate. Luckily, a new extension to man:ktrace[1] can record violations when a program is **NOT** in capability mode. This means that any developer can run capability violation tracing on their program with no modification to see where it is raising violations. Since the program is never actually put into capability mode, it will still acquire resources and execute normally. ==== Violation Tracing Examples The `cap_violate` program, shown below, attempts to raise every type of violation that man:ktrace[1] can capture: [source, shell] ---- # ktrace -t p ./cap_violate # kdump 1603 ktrace CAP system call not allowed: execve 1603 foo CAP system call not allowed: open 1603 foo CAP system call not allowed: open 1603 foo CAP system call not allowed: open 1603 foo CAP system call not allowed: open 1603 foo CAP system call not allowed: readlink 1603 foo CAP system call not allowed: open 1603 foo CAP cpuset_setaffinity: restricted cpuset operation 1603 foo CAP openat: restricted VFS lookup: AT_FDCWD 1603 foo CAP openat: restricted VFS lookup: / 1603 foo CAP system call not allowed: bind 1603 foo CAP sendto: restricted address lookup: struct sockaddr { AF_INET, 0.0.0.0:5000 } 1603 foo CAP socket: protocol not allowed: IPPROTO_ICMP 1603 foo CAP kill: signal delivery not allowed: SIGCONT 1603 foo CAP system call not allowed: chdir 1603 foo CAP system call not allowed: fcntl, cmd: F_KINFO 1603 foo CAP operation requires CAP_WRITE, descriptor holds CAP_READ 1603 foo CAP attempt to increase capabilities from CAP_READ to CAP_READ,CAP_WRITE ---- The first 7 `system call not allowed` entries did not explicitly originate from the `cap_violate` program code. Instead, they were raised by FreeBSD's C runtime libraries. This becomes apparent when you trace namei translations alongside capability violations using the `-t np` option: [source, shell] ---- # ktrace -t np ./cap_violate # kdump 1632 ktrace CAP system call not allowed: execve 1632 ktrace NAMI "./cap_violate" 1632 ktrace NAMI "/libexec/ld-elf.so.1" 1632 foo CAP system call not allowed: open 1632 foo NAMI "/etc/libmap.conf" 1632 foo CAP system call not allowed: open 1632 foo NAMI "/usr/local/etc/libmap.d" 1632 foo CAP system call not allowed: open 1632 foo NAMI "/var/run/ld-elf.so.hints" 1632 foo CAP system call not allowed: open 1632 foo NAMI "/lib/libc.so.7" 1632 foo CAP system call not allowed: readlink 1632 foo NAMI "/etc/malloc.conf" 1632 foo CAP system call not allowed: open 1632 foo NAMI "/dev/pvclock" 1632 foo CAP cpuset_setaffinity: restricted cpuset operation 1632 foo NAMI "ktrace.out" 1632 foo CAP openat: restricted VFS lookup: AT_FDCWD 1632 foo NAMI "/" 1632 foo CAP openat: restricted VFS lookup: / 1632 foo CAP system call not allowed: bind 1632 foo CAP sendto: restricted address lookup: struct sockaddr { AF_INET, 0.0.0.0:5000 } 1632 foo CAP socket: protocol not allowed: IPPROTO_ICMP 1632 foo CAP kill: signal delivery not allowed: SIGCONT 1632 foo CAP system call not allowed: chdir 1632 foo NAMI "." 1632 foo CAP system call not allowed: fcntl, cmd: F_KINFO 1632 foo CAP operation requires CAP_WRITE, descriptor holds CAP_READ 1632 foo CAP attempt to increase capabilities from CAP_READ to CAP_READ,CAP_WRITE ---- -In practice, capability mode is always entered following the initialization of the C runtime libraries, so a program would never trigger those those first 7 violations. +In practice, capability mode is always entered following the initialization of the C runtime libraries, so a program would never trigger those first 7 violations. We are only seeing them because man:ktrace[1] starts recording violations before the program starts. This demonstration makes it clear that violation tracing is not always perfect. It is a helpful guide for detecting restricted system calls, but may not always parody your program's actual behavior in capability mode. In capability mode, violations are equivalent to errors; they are an indication to stop execution. Violation tracing is ignoring this suggestion and continuing execution anyway, so invalid violations may be reported. The next example traces violations from the man:unzip[1] utility (pre-Capsicumization): [source, shell] ---- # ktrace -t np unzip foo.zip Archive: foo.zip creating: bar/ extracting: bar/bar.txt creating: baz/ extracting: baz/baz.txt # kdump 1926 ktrace CAP system call not allowed: execve 1926 ktrace NAMI "/usr/bin/unzip" 1926 ktrace NAMI "/libexec/ld-elf.so.1" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/etc/libmap.conf" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/usr/local/etc/libmap.d" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/var/run/ld-elf.so.hints" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libarchive.so.7" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/usr/lib/libarchive.so.7" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libc.so.7" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libz.so.6" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libbz2.so.4" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/usr/lib/libbz2.so.4" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/liblzma.so.5" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/usr/lib/liblzma.so.5" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libbsdxml.so.4" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libprivatezstd.so.5" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/usr/lib/libprivatezstd.so.5" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libcrypto.so.111" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libmd.so.6" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libthr.so.3" 1926 unzip CAP system call not allowed: readlink 1926 unzip NAMI "/etc/malloc.conf" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/dev/pvclock" 1926 unzip NAMI "foo.zip" 1926 unzip CAP openat: restricted VFS lookup: AT_FDCWD 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/etc/localtime" 1926 unzip NAMI "bar" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip CAP system call not allowed: mkdir 1926 unzip NAMI "bar" 1926 unzip NAMI "bar" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "bar/bar.txt" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "bar/bar.txt" 1926 unzip CAP openat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "baz" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip CAP system call not allowed: mkdir 1926 unzip NAMI "baz" 1926 unzip NAMI "baz" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "baz/baz.txt" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "baz/baz.txt" 1926 unzip CAP openat: restricted VFS lookup: AT_FDCWD ---- The violation tracing output for man:unzip[1] is more akin to what a developer would see when tracing their own program for the first time. Most programs link against libraries. In this case, man:unzip[1] is linking against man:libarchive[3], which is reflected here: [source, shell] ---- 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/lib/libarchive.so.7" 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/usr/lib/libarchive.so.7" ---- The violations for man:unzip[1] can be found below the C runtime violations: [source, shell] ---- 1926 unzip NAMI "foo.zip" 1926 unzip CAP openat: restricted VFS lookup: AT_FDCWD 1926 unzip CAP system call not allowed: open 1926 unzip NAMI "/etc/localtime" 1926 unzip NAMI "bar" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip CAP system call not allowed: mkdir 1926 unzip NAMI "bar" 1926 unzip NAMI "bar" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "bar/bar.txt" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "bar/bar.txt" 1926 unzip CAP openat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "baz" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip CAP system call not allowed: mkdir 1926 unzip NAMI "baz" 1926 unzip NAMI "baz" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "baz/baz.txt" 1926 unzip CAP fstatat: restricted VFS lookup: AT_FDCWD 1926 unzip NAMI "baz/baz.txt" 1926 unzip CAP openat: restricted VFS lookup: AT_FDCWD ---- In this instance, man:unzip[1] is recreating the file structure contained in the zip archive. Violations are being raised because the `AT_FDCWD` value cannot be used in capability mode. The bulk of these violations can be fixed by opening `AT_FDCWD` (the current directory) before entering capability mode and passing that descriptor into man:openat[2], man:fstatat[2], and man:mkdirat[2] as a relative reference. Violation tracing may not automatically Capsicumize programs, but it is another tool in the developer's toolbox. It only takes a few seconds to run a program under man:ktrace[1] and the result is almost always a decent starting point for sandboxing your program using Capsicum. Sponsor: FreeBSD Foundation diff --git a/website/content/en/status/report-2023-04-2023-06/ci.adoc b/website/content/en/status/report-2023-04-2023-06/ci.adoc index 47ea39a489..1bec18c9bc 100644 --- a/website/content/en/status/report-2023-04-2023-06/ci.adoc +++ b/website/content/en/status/report-2023-04-2023-06/ci.adoc @@ -1,51 +1,51 @@ === Continuous Integration Links: + link:https://ci.FreeBSD.org[FreeBSD Jenkins Instance] URL: link:https://ci.FreeBSD.org[] + link:https://artifact.ci.FreeBSD.org[FreeBSD CI artifact archive] URL: link:https://artifact.ci.FreeBSD.org[] + link:https://wiki.FreeBSD.org/Jenkins[FreeBSD Jenkins wiki] URL: link:https://wiki.FreeBSD.org/Jenkins[] + link:https://wiki.FreeBSD.org/HostedCI[Hosted CI wiki] URL: link:https://wiki.FreeBSD.org/HostedCI[] + link:https://wiki.FreeBSD.org/3rdPartySoftwareCI[3rd Party Software CI] URL: link:https://wiki.FreeBSD.org/3rdPartySoftwareCI[] + link:https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=__open__&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals[Tickets related to freebsd-testing@] URL: link:https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=__open__&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals[] + link:https://github.com/freebsd/freebsd-ci[FreeBSD CI Repository] URL: link:https://github.com/freebsd/freebsd-ci[] + link:https://lists.FreeBSD.org/subscription/dev-ci[dev-ci Mailing List] URL: link:https://lists.FreeBSD.org/subscription/dev-ci[] Contact: Jenkins Admin + Contact: Li-Wen Hsu + Contact: link:https://lists.FreeBSD.org/mailman/listinfo/freebsd-testing[freebsd-testing Mailing List] + Contact: IRC #freebsd-ci channel on EFNet In the second quarter of 2023, we worked with the project contributors and developers to address their testing requirements. Concurrently, we collaborated with external projects and companies to enhance their products by testing more on FreeBSD. Important completed tasks: * link:https://ci.FreeBSD.org/job/FreeBSD-stable-13-amd64-gcc12_build/[FreeBSD-stable-13-amd64-gcc12_build] job has been added. * Build environment of main and stable/13 branches has been changed to 13.2-RELEASE, and stable/12 has been changed to 12.4-RELEASE. * *-build jobs using gcc12 are sending failure reports to link:https://lists.FreeBSD.org/subscription/dev-ci[dev-ci Mailing List]. * Present Testing/CI Status Update in link:https://wiki.freebsd.org/DevSummit/202305[BSDCan 2023 Developer Summit] Work in progress tasks: * Designing and implementing pre-commit CI building and testing (to support the link:https://gitlab.com/bsdimp/freebsd-workflow[workflow working group]) * Designing and implementing use of CI cluster to build release artifacts as release engineering does * Simplifying CI/test environment setting up for contributors and developers * Setting up the CI stage environment and putting the experimental jobs on it * Organizing the scripts in freebsd-ci repository to prepare for merging to src repository * Improving the hardware test lab and adding more hardware for testing * Merge link:https://reviews.freebsd.org/D38815[] * Merge link:https://reviews.freebsd.org/D36257[] Open or queued tasks: * Collecting and sorting link:https://hackmd.io/@FreeBSD-CI/freebsd-ci-todo[CI tasks and ideas] * Setting up public network access for the VM guest running tests * Implementing use of bare-metal hardware to run test suites * Adding drm ports building tests against -CURRENT * Planning to run ztest tests * Helping more software get FreeBSD support in its CI pipeline (Wiki pages: link:https://wiki.FreeBSD.org/3rdPartySoftwareCI[3rdPartySoftwareCI], link:https://wiki.FreeBSD.org/HostedCI[HostedCI]) * Working with hosted CI providers to have better FreeBSD support -Please see link:https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=__open__&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals[freebsd-testing@ related tickets] for more WIP information, and don't hesitate to join the effort! +Please see link:https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=__open__&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals[freebsd-testing@ related tickets] for more WIP information, and do not hesitate to join the effort! Sponsor: The FreeBSD Foundation diff --git a/website/content/en/status/report-2023-04-2023-06/cirrus.adoc b/website/content/en/status/report-2023-04-2023-06/cirrus.adoc index 5082e9824f..268bcba264 100644 --- a/website/content/en/status/report-2023-04-2023-06/cirrus.adoc +++ b/website/content/en/status/report-2023-04-2023-06/cirrus.adoc @@ -1,24 +1,24 @@ === Cirrus-CI Links: + link:https://cirrus-ci.com/github/freebsd/[FreeBSD Cirrus-CI Repositories] URL: link:https://cirrus-ci.com/github/freebsd/[] link:https://cirrus-ci.com/github/freebsd/freebsd-src[FreeBSD src CI] URL: link:https://cirrus-ci.com/github/freebsd/freebsd-src[] link:https://cirrus-ci.com/github/freebsd/freebsd-doc[FreeBSD doc CI] URL: link:https://cirrus-ci.com/github/freebsd/freebsd-doc[] Contact: Brooks Davis Contact: Ed Maste Contact: Li-Wen Hsu Cirrus-CI is a hosted continuous integration service that supports open source projects with CI services on Linux, Windows, macOS, and FreeBSD. It complements our own Jenkins CI infrastructure by supporting other use cases, including testing GitHub pull requests and FreeBSD forks. We added Cirrus-CI configuration to the FreeBSD src tree in 2019 and to doc in 2020. A number of additional FreeBSD projects hosted on GitHub (such as drm-kmod, kyua, pkg, and poudriere) also make use of Cirrus-CI. Over the last quarter Cirrus-CI configs received ongoing maintenance updates (moving to the most recent FreeBSD release images). -In the src tree we've added some additional checks. +In the src tree we have added some additional checks. These ensure that generated files are updated when needed (`make sysent` and `make makeman`) and check for missing directories. -We've added jobs that build using the Clang/LLVM 16 toolchain package, mirroring the Clang version now in the base system. +We have added jobs that build using the Clang/LLVM 16 toolchain package, mirroring the Clang version now in the base system. The GCC job is now run on the GitHub mirror by default, for all commits. Sponsor: DARPA Sponsor: The FreeBSD Foundation diff --git a/website/content/en/status/report-2023-04-2023-06/clusteradm.adoc b/website/content/en/status/report-2023-04-2023-06/clusteradm.adoc index 5d54564e32..3843104b3a 100644 --- a/website/content/en/status/report-2023-04-2023-06/clusteradm.adoc +++ b/website/content/en/status/report-2023-04-2023-06/clusteradm.adoc @@ -1,55 +1,55 @@ === Cluster Administration Team Links: + link:https://www.freebsd.org/administration/#t-clusteradm[Cluster Administration Team members] URL: link:https://www.freebsd.org/administration/#t-clusteradm[] Contact: Cluster Administration Team FreeBSD Cluster Administration Team members are responsible for managing the machines the Project relies on to synchronise its distributed work and communications. In this quarter, the team has worked on the following: * Regular support for FreeBSD.org user accounts. * Regular disk and parts support (and replacement) for all physical hosts and mirrors. -* Enable mirroring of www.FreeBSD.org and docs.FreeBSD.org in the FreeBSD project-managed mirrors. +* Enable mirroring of link:https://www.FreeBSD.org[] and link:https://docs.FreeBSD.org[] in the FreeBSD project-managed mirrors. * Cluster refresh, upgrading all hosts and jails to the most recent versions of 14-CURRENT, 13-STABLE, and 12-STABLE. ==== Work in progress * Large-scale network upgrade at our primary site. ** New link:https://www.juniper.net/[Juniper] switches arrived at our primary site to replace the former ones. We thank Juniper for the donation. * Replace old servers in our primary site and a few mirrors. ** Besides the broken CI servers, we have a few old servers with broken disks and faulty PSUs. This task is in conjunction with The FreeBSD Foundation and donors/sponsors. * Install new CI (Continuous Integration) machines repurposed from the package builders. * Review the backup configuration of the services running in the FreeBSD cluster. ==== FreeBSD Official Mirrors Overview Current locations are Australia, Brazil, Germany, Japan (two full mirror sites), Malaysia, South Africa, Taiwan, United Kingdom (full mirror site), United States of America -- California, New Jersey (primary site), and Washington. The hardware and network connection have been generously provided by: * https://www.bytemark.co.uk/[Bytemark Hosting] * Cloud and SDN Laboratory at https://www.bbtower.co.jp/en/corporate/[BroadBand Tower, Inc] * https://www.cs.nycu.edu.tw/[Department of Computer Science, National Yang Ming Chiao Tung University] * https://deploy.equinix.com/[Equinix] * https://internet.asn.au/[Internet Association of Australia] * https://www.isc.org/[Internet Systems Consortium] * https://www.inx.net.za/[INX-ZA] * https://www.kddi-webcommunications.co.jp/english/[KDDI Web Communications Inc] * https://www.mohe.gov.my/en/services/research/myren[Malaysian Research & Education Network] * https://www.metapeer.com/[Metapeer] * https://nic.br/[NIC.br] * https://your.org/[Your.Org] * https://365datacenters.com/[365 Data Centers] The Frankfurt single server mirror is the primary Europe mirror in bandwidth and usage. We are still looking for an additional full mirror site (five servers) in Europe to replace old servers in the United Kingdom full mirror site. We see a good pattern in having single mirrors in Internet Exchange Points worldwide (Australia, Brazil, and South Africa); if you know or work for some of them that could sponsor a single mirror server, please get in touch. United States (West Coast) and Europe (anywhere) are preferable places. See link:https://wiki.freebsd.org/Teams/clusteradm/generic-mirror-layout[generic mirrored layout] for full mirror site specs and link:https://wiki.freebsd.org/Teams/clusteradm/tiny-mirror[tiny-mirror] for a single mirror site. diff --git a/website/content/en/status/report-2023-04-2023-06/gcc.adoc b/website/content/en/status/report-2023-04-2023-06/gcc.adoc index ff97521c15..9c410652c0 100644 --- a/website/content/en/status/report-2023-04-2023-06/gcc.adoc +++ b/website/content/en/status/report-2023-04-2023-06/gcc.adoc @@ -1,48 +1,48 @@ === GCC on FreeBSD Links: + link:https://gcc.gnu.org/[GCC Project] URL: link:https://gcc.gnu.org/[] + link:https://gcc.gnu.org/gcc-10/[GCC 10 release series] URL: link:https://gcc.gnu.org/gcc-10/[] + link:https://gcc.gnu.org/gcc-11/[GCC 11 release series] URL: link:https://gcc.gnu.org/gcc-11/[] + link:https://gcc.gnu.org/gcc-12/[GCC 12 release series] URL: link:https://gcc.gnu.org/gcc-12/[] + link:https://gcc.gnu.org/gcc-13/[GCC 13 release series] URL: link:https://gcc.gnu.org/gcc-13/[] Contact: Lorenzo Salvadore Upstream has released link:https://gcc.gnu.org/gcc-13[GCC 13]. As announced in the past status report, I plan to attempt an update of GCC_DEFAULT right from the first GCC 13 release, thus much of this quarter's work has been in preparation of this. With the release of GCC 13.1 (first GCC 13 release: I remind that GCC counts minor version releases starting from 1), two new ports have been created in the ports tree: * package:lang/gcc13[], tracking GCC 13 releases; * package:lang/gcc14-devel[], tracking snapshots from the new GCC 14 upstream branch. ==== The *-devel ports Support for .init_array and .fini_array has been enabled. FreeBSD supports both since commit gitref:83aa9cc00c2d83d05a0efe7a1496d8aab4a153bb[repository=src]. -The default bootstrap option on i386, amd64, and aarch64 has been reverted from LTO_BOOTSTRAP to STANDARD_BOOTSTRAP: +The default bootstrap option on i386, amd64, and aarch64 has been reverted from LTO_BOOTSTRAP to STANDARD_BOOTSTRAP: - LTO bootstrap produces too many failures on the package builders for those architectures - LTO_BOOTSTRAP remains available for users who want it. Those changes will be forwarded to the production ports. ==== The production ports Upstream has released GCC 13, for which the new port package:lang/gcc13[] has been created. GCC 11 and GCC 12 have been updated upstream and a new release of GCC 10 is planned. All corresponding ports now need to be updated. To ease the work of both ports maintainers and users, I plan to test and update together all the following changes: * updates of package:lang/gcc10[], package:lang/gcc11[], package:lang/gcc12[]; * update of GCC_DEFAULT to 13; * enabling of .init_array and .fini_array on the production ports; * switching back from LTO_BOOTSTRAP to STANDARD_BOOTSTRAP on the production ports. This will provide the following advantages: * more testing with less exp-runs; * fewer builds for ports users. diff --git a/website/content/en/status/report-2023-04-2023-06/lldb-kmod.adoc b/website/content/en/status/report-2023-04-2023-06/lldb-kmod.adoc index c4c20c81b6..56a6cb3e7f 100644 --- a/website/content/en/status/report-2023-04-2023-06/lldb-kmod.adoc +++ b/website/content/en/status/report-2023-04-2023-06/lldb-kmod.adoc @@ -1,20 +1,20 @@ === LLDB Kernel Module Imporvement Links: + link:https://wiki.freebsd.org/SummerOfCode2023Projects/LLDBKernelModuleImprovement[GSoC Wiki Project] URL: link:https://wiki.freebsd.org/SummerOfCode2023Projects/LLDBKernelModuleImprovement[] + link:https://github.com/aokblast/freebsd-src/tree/lldb_dynamicloader_freebsd_kernel[Project Codebase] URL: link:https://github.com/aokblast/freebsd-src/tree/lldb_dynamicloader_freebsd_kernel[] Contact: Sheng-Yi Hong -FreeBSD project uses LLVM as it's toolchain. +FreeBSD project uses LLVM as its toolchain. The LLVM project has bundled with a debugger called LLDB. In LLDB, the userspace debugging facilities has been well implemented. However, in the kernel space, there are still some works have to be done. One of the work is the kernel module debug facility for LLDB - that is, prase the loaded module data provided by the kernel core dump and loading the module objects. The goal is to implement such plugin for LLDB, and this is an ongoing GSoC Project for now. https://github.com/aokblast/freebsd-src/tree/lldb_dynamicloader_freebsd_kernel[Project Codebase] is the whole code of my work. Currently, this is still a work in progress and I am still debugging on it. Sponsor: The Google Summer of Code '23 program diff --git a/website/content/en/status/report-2023-04-2023-06/mfsbsd.adoc b/website/content/en/status/report-2023-04-2023-06/mfsbsd.adoc index ab4c476806..0fbb51bded 100644 --- a/website/content/en/status/report-2023-04-2023-06/mfsbsd.adoc +++ b/website/content/en/status/report-2023-04-2023-06/mfsbsd.adoc @@ -1,29 +1,30 @@ === Integrate mfsBSD into the release building tools Links: + link:https://wiki.freebsd.org/SummerOfCode2023Projects/IntegrateMfsBSDIntoTheReleaseBuildingTools[Wiki Article] URL: link:https://wiki.freebsd.org/SummerOfCode2023Projects/IntegrateMfsBSDIntoTheReleaseBuildingTools[] + link:https://github.com/soobinrho/freebsd-src/tree/integrate-mfsBSD-building[Project repository (integrate-mfsBSD-building branch)] URL: link:https://github.com/soobinrho/freebsd-src/tree/integrate-mfsBSD-building[] Contact: Soobin Rho ==== What is mfsBSD? "mfsBSD is a toolset to create small-sized but full-featured mfsroot based distributions of FreeBSD that store all files in memory (MFS) [Memory File System] and load from hard drive, usb storage device or optical media. It can be used for a variety of purposes, including diskless systems, recovery partitions and remotely overwriting other operating systems." mailto:mm@FreeBSD.org[Martin Matuska] is both the author of the link:https://people.freebsd.org/~mm/mfsbsd/mfsbsd.pdf[mfsBSD white paper] and the maintainer of the link:https://github.com/mmatuska/mfsbsd[mfsBSD repository]. ==== Purpose This project creates an additional target of the weekly snapshots of -current and -stable versions of mfsBSD images in the src/release makefile. -Currently, only the release versions of mfsBSD images are produced, which means they tend to get out of sync with the tools in base. +Currently, only the release versions of mfsBSD images are produced, which means they tend to get out of sync with the tools in base. This project aims to address that problem. ==== Location -This is a GSoC 2023 (Google Summer of Code) project. As such, the official coding period is between May 29, 2023 and August 28, 2023. +This is a GSoC 2023 (Google Summer of Code) project. +As such, the official coding period is between May 29, 2023 and August 28, 2023. As a humble beginner in the open-source community, the author welcomes all comments / suggestions / pull requests in the project repository, which will be the location for all code throughout this period. Mentors: {otis-name} and {jrm-name} Sponsor: The Google Summer of Code '23 program diff --git a/website/content/en/status/report-2023-04-2023-06/pf.adoc b/website/content/en/status/report-2023-04-2023-06/pf.adoc index 97c9ac69c0..58b1168186 100644 --- a/website/content/en/status/report-2023-04-2023-06/pf.adoc +++ b/website/content/en/status/report-2023-04-2023-06/pf.adoc @@ -1,45 +1,45 @@ === Pf Improvements Links: + -link:https://reviews.freebsd.org/D40911[D40911] URL: link:https://reviews.freebsd.org/D40911p[] + -link:https://reviews.freebsd.org/D40861[D40861] URL: link:https://reviews.freebsd.org/D40861p[] + -link:https://reviews.freebsd.org/D40862[D40862] URL: link:https://reviews.freebsd.org/D40862p[] + -link:https://reviews.freebsd.org/D40863[D40863] URL: link:https://reviews.freebsd.org/D40863p[] + -link:https://reviews.freebsd.org/D40864[D40864] URL: link:https://reviews.freebsd.org/D40864p[] + -link:https://reviews.freebsd.org/D40865[D40865] URL: link:https://reviews.freebsd.org/D40865p[] + -link:https://reviews.freebsd.org/D40866[D40866] URL: link:https://reviews.freebsd.org/D40866p[] + -link:https://reviews.freebsd.org/D40867[D40867] URL: link:https://reviews.freebsd.org/D40867p[] + -link:https://reviews.freebsd.org/D40868[D40868] URL: link:https://reviews.freebsd.org/D40868p[] + -link:https://reviews.freebsd.org/D40869[D40869] URL: link:https://reviews.freebsd.org/D40869p[] + -link:https://reviews.freebsd.org/D40870[D40870] URL: link:https://reviews.freebsd.org/D40870p[] +link:https://reviews.freebsd.org/D40911[D40911] URL: link:https://reviews.freebsd.org/D40911[] + +link:https://reviews.freebsd.org/D40861[D40861] URL: link:https://reviews.freebsd.org/D40861[] + +link:https://reviews.freebsd.org/D40862[D40862] URL: link:https://reviews.freebsd.org/D40862[] + +link:https://reviews.freebsd.org/D40863[D40863] URL: link:https://reviews.freebsd.org/D40863[] + +link:https://reviews.freebsd.org/D40864[D40864] URL: link:https://reviews.freebsd.org/D40864[] + +link:https://reviews.freebsd.org/D40865[D40865] URL: link:https://reviews.freebsd.org/D40865[] + +link:https://reviews.freebsd.org/D40866[D40866] URL: link:https://reviews.freebsd.org/D40866[] + +link:https://reviews.freebsd.org/D40867[D40867] URL: link:https://reviews.freebsd.org/D40867[] + +link:https://reviews.freebsd.org/D40868[D40868] URL: link:https://reviews.freebsd.org/D40868[] + +link:https://reviews.freebsd.org/D40869[D40869] URL: link:https://reviews.freebsd.org/D40869[] + +link:https://reviews.freebsd.org/D40870[D40870] URL: link:https://reviews.freebsd.org/D40870[] Contact: Kajetan Staszkiewicz + Contact: Naman Sood + Contact: Kristof Provost man:pf[4] is one of the firewalls included in FreeBSD, and is probably the most popular. pf was created by the OpenBSD project and subsequently ported to FreeBSD. ==== Backport OpenBSD Syntax Kajetan introduced the OpenBSD syntax of "scrub" operations in "match" and "pass" rules. Existing rules remain supported, but now OpenBSD style "scrub" configuration is also supported. ==== pfsync Protocol Versioning The man:pfsync[4] protocol version can now be configured, allowing for protocol changes while still supporting state synchronisation between disparate kernel versions. The primary benefit is to allow protocol changes enabling new functionality. ==== pfsync: Transport over IPv6 pfsync traffic can now be carried over IPv6 as well. Naman finished the work started by Luiz Amaral. ==== SCTP There is work in progres to support SCTP in pf. That support includes filtering on port numbers, state tracking, pfsync failover and returning ABORT chunks for rejected connections. Sponsor: InnoGames GmbH Sponsor: Orange Business Services Sponsor: The FreeBSD Foundation diff --git a/website/content/en/status/report-2023-04-2023-06/pot.adoc b/website/content/en/status/report-2023-04-2023-06/pot.adoc index 0b8f15b609..97966e5c34 100644 --- a/website/content/en/status/report-2023-04-2023-06/pot.adoc +++ b/website/content/en/status/report-2023-04-2023-06/pot.adoc @@ -1,25 +1,25 @@ === Containers and FreeBSD: Pot, Potluck and Potman Links: + link:https://github.com/bsdpot[Pot organization on GitHub] URL: link:https://github.com/bsdpot[] -Contact: Luca Pizzamiglio (Pot) + +Contact: Luca Pizzamiglio (Pot) + Contact: Bretton Vine (Potluck) + -Contact: Michael Gmelin (Potman) +Contact: Michael Gmelin (Potman) Pot is a jail management tool that link:https://www.freebsd.org/news/status/report-2020-01-2020-03/#pot-and-the-nomad-pot-driver[also supports orchestration through Nomad]. During this quarter, link:https://github.com/bsdpot/pot/releases/tag/0.15.5[Pot 0.15.5] was released, containing a number of bugfixes and link:https://github.com/bsdpot/pot/pull/263[features to set attributes (i.e. jail sysctl variables)] from various contributors. It will be available in the 2023Q3 quarterly package set. Potluck aims to be to FreeBSD and Pot what Dockerhub is to Linux and Docker: a repository of Pot flavours and complete container images for usage with Pot and in many cases Nomad. All Potluck containers have been rebuilt as FreeBSD 13.2 based images and are signed with link:https://github.com/bsdpot/pot/pull/242[Pot signify] now. link:https://honeyguide.eu/posts/ansible-pot-foundation/[A Beginner's Guide to Building a Virtual Datacenter on FreeBSD with Ansible, Pot and More] has been written, explaining how a complex environment based on Pot and Potluck can be deployed with Ansible playbooks, including example nodes like MariaDB, Prometheus, Grafana, nginx, OpenLDAP or Traefik and container orchestration managed by Nomad and Consul. -A link:https://github.com/hashicorp/nomad/pull/13343[patch by the pot team] to improve Nomad security, a scheduler and orchestrator which supports Pot through link:https://cgit.freebsd.org/ports/tree/sysutils/nomad[sysutils/nomad-pot-driver], has been accepted upstream and will be part of Nomad 1.6.0. +A link:https://github.com/hashicorp/nomad/pull/13343[patch by the pot team] to improve Nomad security, a scheduler and orchestrator which supports Pot through package:sysutils/nomad-pot-driver[], has been accepted upstream and will be part of Nomad 1.6.0. As always, feedback and patches are welcome. Sponsor: Honeyguide Group