- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
floppy types (in fact, we have only one left!)
Also cleanup some code, using || and && in some places, and
using "export VAR=value" instead of two separate lines.
- use proper make configuration for the build, using
${BINMAKE} as evaluated by ${VERSION}/src/Makefile
- remove -lmytinfo from crunch.conf
- remove support for login_access in tinyware/login
- remove "machine i386" from the kernel config file
It might actually be interesting to extend the script to do
a cross build for !i386 ...
MFC after: 3 days
+ declare some shell variables as 'local'
+ add a missing ';;' in a 'case' statement
+ centralize newfs options
+ properly override GID and UID when installing include files and libraries
+ add a missing '-r' in disklabel commands (maybe not necessary, but it
does not harm and it was used in the RELENG_4 version)
+ no more require 'perl' when installing the secondary loader
+ use '-t rsa1' when invoking ssh-keygen
Following a suggestion by Ruslan, the initial creation of the
includes and libraries (and build tools) is now done by
invoking "make buildworld" (with -DPICOBSD which eventually will
limit the amount of stuff built with a 2-line change in Makefile.inc1).
The correct environment is then used for subsequent builds.
Also remove write_mfs_in_kernel.c in favour of using dd
All the above is conditional on __FreeBSD_version, as the previous
method still worked for versions earlier than 500035, and I am
unsure on how the "new" method works for earlier versions.
Finally, note that the crunch.conf files need some work because
some libraries (e.g. gmd) have gone away from the base installation.
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
+ fix some dialog entries to correctly modify variables instead of working
in a subshell
+ add a logverbose function for debugging purposes
+ force 512/4096 blocks on filesystems
+ use 'auto' for disklabel so it works irrespective of the floppy size.
This is useful for larger images than 1720k
of the default ones (which could be incorrect when doing cross builds).
Also, try to be backward compatible when compiling wmk (the goal being
able to use the most recent "picobsd" script on a wide range of
source trees).
in crunch.conf -- the previous choice, CWD, was too subject to false
matches (this string will be replaced by the absolute pathname
during the build process).
From the user's perspective:
* everything is now built outside the source tree (more precisely,
in `pwd`/builddir-${name}/ ) except for the kernel config file(s)
which still need to be copied into src/sys/i386/conf because of
"config" limitations. I am not sure if there is an easy way
to get away from this without changing "config" or replicating
some part of the source tree.
This is really the only change that most users should worry about,
but it is a good one.
* if you do cross-compiles (using "picobsd --src somedir/src [--init] ... ")
then the libraries and include directories etc. are searched/created
in "somedir/usr" ;
* you can do most things (basically build the kernel and the crunched
binary and the filesystem trees) without root privileges. You need
privileges to use mdconfig/vnconfig to create the actual MFS and
floppy image, unfortunately.
* the -v option now prints some diagnostic but does not stop for
user input at each step. You need to specify -v -v to have the
old behaviour.
Internally, the script has been reshuffled quite a bit to support
the above features. Many shell variables have been renamed or
made local in an effort to avoid undesired side effects. There is
a somewhat better error handling in case something goes wrong.
tree. Unfortunately the latter cannot be completely readonly, because
"config" still depends on the kernel config file being in sys/${ARCH}/conf
(it seems to derive other pathnames from that one).
before parsing the command line.
Move code to build include and libraries in a separate function,
so we can use the verbose flag for that.
Chang ownership of some directories so more of the build process
(namely, builds of include and libs) can be run without root
permission (we still depend on root permission to mount a memory
filesystem).
as well. This works by selecting "md" or "vn" depending on "uname -r"
output, so we can use the same script on -CURRENT and -STABLE.
Also included minor bugfixes and code cleanup.
Testers welcome, as this code has only been tested on -STABLE
(and for this reason I am doing an immediate MFC).
so as to make the "picobsd" script less version-specific.
Improve handling of cross-builds (which requires creation of
includes and libraries for the new source tree).
The "picobsd" script will not probably work on -current because it still
uses 'vn' instead of 'md', but i am commiting it anyways to keep it
in sync with the version in -stable.
better place to handle dependencies.
Make another step at helping cross-compiling: when the user specifies
an alternate source tree, the script takes care of creating include
files and libraries for the new tree.
Furthermore, build and use a version of the "config" program which
matches the new sources.
It takes a long time to create libraries, and it might even not do
the right thing at once, there might be some dependencies that i
have forgotten. At any rate, with this code i have been able to
build a working picobsd image using -CURRENT sources on -STABLE
MFC after: 3 days