| Age | Commit message (Collapse) | Author |
|---|
|
These days, 8.3 filenames are often a problem, filesystems containing
firmware with long names must not truncate them -- it's also a sane default
as portable file system between OSes, anyway.
Altough undocumented in mount_msdos(8), the default for FAT32 already is to
use long filenames: ever since its import from NetBSD in 1998.
Previously, mount_msdos would ignore long filenames and default to short
filenames unless a flag was used or long ones were found on the filesystem
prior to mounting it.
Just always mount with support for long filenames (unless `-s' is used).
As various install media use FAT filesystems, adjust the remaining ones to
also pass explicit mount option reflecting the previous default.
OK deraadt
|
|
amd64, alpha, i386 and macppc strip *all* symbols off the ramdisk bsd.rd
(before compressing it) and thus break config(8)'s modification feature:
$ gzcat bsd.rd > bsd.rd.raw
$ config -e bsd.rd.raw
...
config: failed to get first cfdata
This is different from "boot> boot /bsd.rd -c" which sucessfully drops into
UKC on all platforms regardless of stripping.
Having needed "config -e" this on arm64 made me look into this for all
platforms. Other platforms work because they don't strip these symbols.
Tweak objcopy(1)'s stripping on amd64 and macppc to unbreak permanent
modifications. I have no alpha or i386 to test, so these remain broken.
macppc works without cranking media size.
amd64 was cranked to the smallest possible size.
OK deraadt
|
|
|
|
ok deraadt@
|
|
No functional change.
|
|
Running `make -j4' in /usr/src/distrib/amd64/ramdisk_cd/ et al. executes
make(1) to both build the RAMDISK kernel and build libraries.
Doing so does not propagate the flags specified to the ramdisk_cd
invocation, which in turn means `-j4' for example is ignored and both kernel
and libraries will not be built in parallel.
Pass make(1)'s MFLAGS along to retain relevant flags; make is clever enough
to separate flags, variable assignments and targets from each other and only
pass along things to `MFLAGS' that'd make sense, i.e. `make -C. -j4 foo=bar'
does *not* pass `-C.' to change directories.
(can be easily tested with `make -p ... | grep MFLAGS'.)
This makes hacking on ramdisks/the installer much faster, espescially since
the `bsd' target does `make clean' and therefore builds a new kernel every
time.
OK deraadt
|
|
is required because of TLS servername for contacting ftp.openbsd.org, and
there is no point doing that in resolv.conf.tail because it is no longer used.
ok florian kn
|
|
OK deraadt who also helped making some space.
|
|
|
|
bsd.rd
It passes options to keep rd_root_size and rd_root_image symbols while
stripping. These symbols are the ones used by rdsetroot to insert or
extract disk image into RAMDISK.
ok danj@ deraadt@
|
|
ok deraadt@
|
|
remove this section as part of crunchgen generated commands.
it avoids calling "strip -R .comment" for some but not all architectures.
ok deraadt@ danj@
|
|
the .SUNW_ctf section is added by ctfstrip(1), which is only used for kernels.
ok deraadt@ danj@
|
|
ok deraadt@ danj@
|
|
"strip -R section" command run "strip" (without option) as well.
there is no need to call both.
(binaries checked with sha1)
original diff from danj@
ok deraadt@
|
|
methods support it. if anyone finds a method which does not work, please
speak up.
|
|
|
|
|
|
|
|
|
|
filesystems or ramdisks to use explicit -O 1; installer already does that.
ok sthen@
|
|
but additionally have a bootblock in the first 8K (since UFS does not use that
space). There are some UEFI direct-from-internet bootloaders that require
the name *.img. So this makes things more convenient for those, while keeping
it consistant in all architectures.
ok kettenis beck kn
|
|
Makes room for upcoming FFS2 support for the installer. ok deraadt@
|
|
|
|
|
|
possible, and remove the failed previous attempts at sharing
in ./miniroot and ./ramdisk. maybe now that differences are
eliminated we can start a new sharing effort? i dunno..
|
|
moving progress bar during auto upgrade/install and a clean log
afterwards. ok deraadt@
|
|
chunks in a specified order, using a few variables, performing bsd.rd
to bsd.gz conversion as similar as possible)
|
|
|
|
|
|
|
|
|
|
|
|
Eliminate many more differences. When it makes sense, build bsd.rd
and miniroot/ramdisk.fs and cd.iso in the same directory. More steps
coming after this..
|
|
|
|
|
|
the sme.
|
|
|
|
|
|
|
|
having two mysterious names, let's settle on one.
|
|
architectures, and start removing some crazy junk that has collected
over the years. Being tested on all architectures...
ok various people.
|
|
tightly-built ramdisk kernels, set the option in per-arch Makefile.inc
based upon SMALL_KERNEL
|
|
|
|
|
|
|
|
|
|
ok kevlo@
|
|
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
On function entry the return address is combined with a per-function random
cookie and stored in the stack frame. The integrity of this value is verified
before function return, and if this check fails, the program aborts. In this way
RETGUARD is an improved stack protector, since the cookies are per-function. The
verification routine is constructed such that the binary space immediately
before each ret instruction is padded with int03 instructions, which makes these
return instructions difficult to use in ROP gadgets. In the kernel, this has the
effect of removing approximately 50% of total ROP gadgets, and 15% of unique
ROP gadgets compared to the 6.3 release kernel. Function epilogues are
essentially gadget free, leaving only the polymorphic gadgets that result from
jumping into the instruction stream partway through other instructions. Work to
remove these gadgets will continue through other mechanisms.
Remaining work includes adding this mechanism to assembly routines, which must
be done by hand. Many thanks to all those who helped test and provide feedback,
especially deaadt, tb, espie and naddy.
ok deraadt@
|
|
DESTDIR rather than reaching around in src. ok deraadt
|
