| Age | Commit message (Collapse) | Author |
|---|
|
moved to ELF.
Move the a.out specific defines and macros, but the MID_xxx values, from
<sys/exec.h> to <a.out.h>, and update the few userland binaries which really
need these defines (i.e. boot-related tools for old architectures) to
explicitly include <a.out.h> when needed.
"Fine" deraadt@
|
|
was replaced a while ago.
ok tb
|
|
so use COPTS+=-fno-ret-clean
|
|
requires retpoline. If 0, we should do everything in our power to avoid
pure retpoline (replacing it with a simple thunk where possible), because
by it's nature retpoline converts an indirect-branch into a direct branch
(push to stack & ret), and therefore it is an IBT (endbr64) bypass method.
This sysctl leverages guenther's decision-making logic in the kernel, which
already uses codepatch to fix the kernel retpoline thunk.
In my opinion, the retpoline-using logic really should be flipped; ROP
execution bypassing IBT to re-enter regular control flow is more dangerous
than spectre.
ok kettenis
|
|
This disables the helpers that recognize compressed archives when the
user failed to use the proper flag/command. Those are not terribly
useful on the ramdisks and the fallback behavior is sane.
Went through a make release Just In Case(tm).
Spotted by caspar@, ok millert@ sthen@ caspar@
|
|
distrib/special/Makefile.inc sets MAN= NOMAN=1, thus setting MAN* in
distrib/special/*/Makefile is useless; no manuals in the installer.
disklabel(8) and fdisk(8) remain exceptions with their NOMAN handling
as they embed their manual for use with interactive commands.
OK miod
|
|
replaced by dhcpleased in 2021, no install media ships dhclient anymore.
OK florian
|
|
ksh(1) MAIL, MAILCHECK, MAILPATH mbox handling is useless in the installer.
OK miod deraadt
|
|
RAMDISK* has MFS and TMPFS disabled, so the installer can't use them.
OK deraadt
|
|
|
|
the install media would grow too much, so use the same strategy as we
for stack protector and other things: disable them, just on the install
media
ok kettenis
|
|
except for bootblocks. This way we have built-in leak detecction
always (if enable by malloc flags). See man pages for details.
|
|
ok miod@ millert@
|
|
No need for KSH_VERSION and its PS1 esacape sequences in installer shells.
Save some bits and clean up what(1) output on ramdisk kernels.
OK deraadt
|
|
case install the first level bootstrap at the beginning of the of the wd0a
filesystem, rather than at the beginning of the disk.
Both locations work but the previous behaviour overwriting an existing MBR
is a violation of POLA.
tweaks & ok krw@
|
|
----------------------------
/usr/src/usr.sbin/installboot/Makefile revision 1.25
date: 2022/08/15 17:06:43; author: kn; state: Exp; lines: +5 -1; commitid: 36Ayh2RViNOotnQJ;
Add initial piece for softraid(4) support on arm64
arm64 is the only currently supported OpenBSD platform which both
a) supports booting off root on softraid(4) (kernel and bootloader) and
b) is an EFI platform (as far as installboot(8) is concerned).
Currently, installboot treats softraid root volumes as regular devices,
ignoring ignores chunk devices completely.
Teach installboot the first bits of softraid support for EFI:
installing the single-stage boot loader on chunks rather than the volume.
Copy over sparc64's softraid stage-1 code as-is and make its stage-2 a NOOP:
# ./obj/installboot -v sd4
Using / as root
installing bootstrap on /dev/rsd4c
using first-stage /usr/mdec/BOOTAA64.EFI
sd4: softraid volume with 1 disk(s)
sd0a: installing boot blocks on /dev/rsd0c
copying /usr/mdec/BOOTAA64.EFI to /tmp/installboot.KuBD4zkfpM/efi/boot/bootaa64.efi
writing /tmp/installboot.KuBD4zkfpM/efi/boot/startup.nsh
arm64 miniroot fits and boots with this.
OK stsp
As of now, EFI partitions must still be created manually as installboot's
'-p' does not support softraid at all (next missing piece for root on
softraid on arm64 installations to work out-of-the-box).
----------------------------
Reminded by miod, thanks
|
|
information in /usr/mdec/mbr. Stop telling fdisk(8) that macppc
and loongson HAS_MBR, and don't bother including the file in the
base set.
macppc build/install tests and ok gkoehler@
loongson is gone deraadt@
|
|
OK kettenis@ deraadt@
|
|
The code is common to EFI platforms, not specific to armv7.
Suggested by kettenis@
|
|
them back in special like in the main disklabel Makefile.
OK deraadt@
|
|
remove -DSEEALSO, as suggested by millert
ok millert
|
|
|
|
|
|
|
|
ok deraadt@
|
|
|
|
|
|
|
|
|
|
reduce size. Allows a clang 11 amd64 release to complete without
overflowing the floppy image.
ok kettenis@ deraadt@
|
|
Replace fparseln(3) with getline(3). This removes the only use of
libutil.a(fparseln.o) from the ramdisk.
Replace a complicated fgetln(3) idiom with the much simpler getline(3).
ok jca@
|
|
Add a stub for pthread_mutex_destroy() for installers.
ok tb@
|
|
|
|
|
|
|
|
|
|
special case scripting in install.md.
(macppc still requires manual steps for HFS bootmode)
tested by krw, visa, gkoehler
|
|
Change several instances, most of them to the usual -width Ds.
|
|
okay millert@, tb@
|
|
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
We are juggling too many things at the moment and we can't deal with
the differences in behaviour right now.
|
|
moving progress bar during auto upgrade/install and a clean log
afterwards. ok deraadt@
|
|
have been made to make it behave. Any new misbehaviors can be fixed in tree.
OK florian@ deraadt@ "Have you committed ftp yet?"
|
|
|
|
ok kettenis
|
|
|
|
This implements automatic thread support initialization in libcrypto.
This does not remove any functions from the ABI, but does turn them into
no-ops. Stub implementations of pthread_mutex_(init|lock|unlock) are
provided for ramdisks.
This does not implement the new OpenSSL 1.1 thread API internally,
keeping the original CRYTPO_lock / CRYPTO_add_lock functions for library
locking. For -portable, crypto_lock.c can be reimplemented with
OS-specific primitives as needed.
ok beck@, tb@, looks sane guenther@
|
|
compiler flags. Pass DIST_CFLAGS from the crunchgen-generated .mk
file.
Compile the install media with -fno-unwind-tables to avoid emitting
.eh_frame sections. This saves substantial space on amd64.
with/ok kettenis@
|
