FreeBSD Status Report - Third Quarter 2023

From: Lorenzo Salvadore <salvadore_at_freebsd.org>
Date: Wed, 01 Nov 2023 15:01:05 UTC
FreeBSD Status Report Third Quarter 2023

Here is the third 2023 status report, with 32 entries.

This is the summer quarter and thus it includes many interesting news from
Google Summer of Code. Of course, we also have our usual team reports and many
projects share with us their latest news. Much important work has been done for
the first release of FreeBSD 14.

Have a nice read.

Lorenzo Salvadore, on behalf of the Status Team.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

A rendered version of this report is available here:
https://www.freebsd.org/status/report-2023-07-2023-09/

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Table of Contents

  • FreeBSD Team Reports
      □ FreeBSD Core Team
      □ FreeBSD Foundation
      □ FreeBSD Release Engineering Team
      □ Continuous Integration
      □ Ports Collection
  • Projects
      □ Filling gaps in the FreeBSD desktop experience
      □ LLDB Kernel Module Improvement
  • Userland
      □ OpenSSL 3 in base — Improved
      □ Login Classes Fixes and Improvements
      □ Process Visibility Security Policies
      □ Linux compatibility layer update
  • Kernel
      □ Enabling Snapshots on Filesystems Using Journaled Soft Updates
      □ SquashFS driver for FreeBSD kernel
  • Architectures
      □ NXP DPAA2 support
      □ SIMD enhancements for amd64
      □ Integrate mfsBSD into the Release Building Tools
  • Cloud
      □ OpenStack on FreeBSD
      □ FreeBSD on Microsoft HyperV and Azure
      □ FreeBSD on EC2
  • Documentation
      □ Documentation Engineering Team
      □ FreeBSD Online Editor and Man Page Editor
      □ FreeBSD Expert System
  • Ports
      □ KDE on FreeBSD
      □ Pantheon desktop on FreeBSD
      □ FreeBSD Office Team
      □ Wifibox: Use Linux to Drive your Wireless Card on FreeBSD
      □ GCC on FreeBSD
      □ Valgrind: valgrind-devel updated for FreeBSD 15
      □ GitLab 16.3 Available
      □ PortOptsCLI — Ports Collection Accessibility
  • Third Party Projects
      □ Introducing the BSD Cafe project
      □ Containers and FreeBSD: Pot, Potluck and Potman

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Team Reports

Entries from the various official and semi-official teams, as found in the
Administration Page.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Core Team

Contact: FreeBSD Core Team <core@FreeBSD.org>

The FreeBSD Core Team is the governing body of FreeBSD.

Demise of Hans Petter Selasky

The FreeBSD Core Team would like to thank Hans Petter Selasky for his years of
service. We were saddened by his death and joined the community in mourning.

In Memoriam.

Meetings with The FreeBSD Foundation

The Core Team and The FreeBSD Foundation continue to meet to discuss the next
steps to take for the management, development, and future of FreeBSD. The Core
Team had two meetings with the Board of Directors, and employees of, the
Foundation. They discussed how the Foundation can help the Core Team and the
Project in general.

Portmgr termlimits

The Core Team discussed with the Ports Management Team the introduction of a
time limit in which a developer can belong to the team. The proposal was
approved by the Ports Management Team and will take effect at the beginning of
2024, with regular lurker programs to have a steady stream of new Ports
Management Team members.

Deprecation of 32-bit platforms for FreeBSD 15

Work is underway to mark support for 32-bit platforms as "deprecated" for
FreeBSD 15.

Matrix IM

The testing of the Matrix instance and the Element-web client is still in
progress.

The beta is planned to be released after EuroBSDCon in September.

Improve Commit Bit Expiration Policy

The Core Team will clarify how to update the PGP key once a developer has
become Alumni.

EuroBSDCon

Core Team members met with the FreeBSD Foundation in Coimbra during EuroBSDcon
to discuss the direction of the Project.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Foundation

Links:
FreeBSD Foundation URL: https://freebsdfoundation.org/
Technology Roadmap URL: https://freebsdfoundation.org/blog/technology-roadmap/
Donate URL: https://freebsdfoundation.org/donate/
Foundation Partnership Program URL: https://freebsdfoundation.org/our-donors/
freebsd-foundation-partnership-program/
FreeBSD Journal URL: https://freebsdfoundation.org/journal/
Foundation Events URL: https://freebsdfoundation.org/our-work/events/

Contact: Deb Goodkin <deb@FreeBSDFoundation.org>

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to
supporting and promoting the FreeBSD Project and community worldwide. Donations
from individuals and corporations fund and manage software development
projects, conferences, and developer summits. We also provide travel grants to
FreeBSD contributors, purchase and support hardware to improve and maintain
FreeBSD infrastructure, and provide resources to improve security, quality
assurance, and cluster administration efforts. We publish marketing material to
promote, educate, and advocate for FreeBSD, facilitate collaboration between
commercial vendors and FreeBSD developers, and finally, represent the FreeBSD
Project in executing contracts, license agreements, and other legal
arrangements that require a recognized legal entity.

This quarter we helped FreeBSD celebrate its 30th anniversary! This excitement
has propelled us to accelerate our efforts to move FreeBSD forward in growth
and innovation, which has focused us on identifying key areas we can invest our
resources. At our board meeting in September, we refined our goals to focus on
increasing FreeBSD adoption and visibility, diversifying our funding stream,
and investing in the community health and long-term stability of the Project.
We are in the process of identifying the key audiences and markets to target,
while putting measurable outcomes to these goals.

In this status report, you will read more about our work to help further
FreeBSD’s growth and innovation. We will highlight all the technical work we
are doing to improve FreeBSD, both by our internal staff of software
developers, as well as external project funding efforts. You will read about
our advocacy work to promote FreeBSD to audiences outside of our community.
Finally, you will see the great efforts made to connect with current and
potential commercial users.

Fundraising

We would like to express our sincere gratitude to all those who generously
donated to support our work. In addition to numerous individual contributions,
we are especially grateful for the significant donations from NetApp, Netflix,
and ARM. In Q3 alone, we received $183,842, bringing our total for the year to
$375,000. This year our budget is around $2,230,000, which includes increased
spending toward FreeBSD advocacy and software development. More than half of
our budget is allocated toward work directly related to improving FreeBSD and
keeping it secure. By providing a dedicated individual focused on partnerships,
we can effectively emphasize the significance of investing in our efforts and
underscore the long-term viability of FreeBSD to companies. Your support is
crucial to our mission, and we deeply appreciate your commitment to the FreeBSD
community. Please consider making a donation toward our 2023 fundraising
campaign! https://freebsdfoundation.org/donate/ For our larger commercial
donors, check out our updated FreeBSD Foundation Partnership Program.

Partnerships and Research

For Partnerships and Research this quarter, progress was made in three key
areas:

First, the Enterprise Working Group started to gather steam with growth up to
58 participants and active projects in four work streams. These are cloud
native, Samba, bhyve manageability, and support for AI workloads. There is
interest in several additional areas and I expect that by the end of this year
and Q1 of next year, we will see meaningful feature updates in multiple areas
of focus.

Second, we made good progress working with other open source community members
and organizations, notably the Open Source Initiative, to advance proposals and
technology from the FreeBSD community. Working with the Open Source
Initiative’s Open Policy Alliance, we are submitting a response to the US
government’s request for information on how the US government can support open
source security and sustainability. As part of this, Greg Wallace participated
on a panel organized by the Open Policy Alliance at the recent All Things Open
conference in Raleigh, North Carolina. Greg Wallace has also been tracking how
the US government incorporates CHERI into its policy recommendations for
security by default, such as this recent report from US and global government
security agencies. On Page 28, CHERI is listed right after Rust as a key
'Secure by Design' tactic.

Finally, we continue to strengthen partnerships with a growing number of
companies using FreeBSD. Several conferences aided these relationships,
including EuroBSDCon, Open Source Summit, and All Things Open. We have also
developed a new program to support vendor/cloud users that work with the US
government. The program details will be announced at the FreeBSD Vendor Summit.

Advocacy

Much of our effort is dedicated to the FreeBSD Project advocacy. This may
involve highlighting interesting FreeBSD work, producing literature and video
tutorials, attending events, or giving presentations. The goal of the
literature we produce is to teach people FreeBSD basics and help make their
path to adoption or contribution easier. Other than attending and presenting at
events, we encourage and help community members run their own FreeBSD events,
give presentations, or staff FreeBSD tables.

The FreeBSD Foundation sponsors many conferences, events, and summits around
the globe. These events can be BSD-related, open source, or technology events
geared towards underrepresented groups. We support the FreeBSD-focused events
to help provide a venue for sharing knowledge, working together on projects,
and facilitating collaboration between developers and commercial users. This
all helps provide a healthy ecosystem. We support the non-FreeBSD events to
promote and raise awareness of FreeBSD, to increase the use of FreeBSD in
different applications, and to recruit more contributors to the Project. We
continue to add new events to our yearly roster. This July, we held a workshop
and staffed a table at FOSSY, a new open source conference in Portland, Oregon.
In addition to attending and planning conferences, we are continually working
on new training initiatives and updating our selection of how-to guides to
facilitate getting more folks to try out FreeBSD.

Check out some of our advocacy work:

  • Held a workshop and hosted a table at FOSSY, July 13-16, 2023, in Portland,
    Oregon.

  • Friend-level sponsor of COSCUP, July 27-29, 2023, in New Taipei, Taiwan

  • Presented at the EuroBSDCon FreeBSD Developer Summit, and sponsored and
    staffed a table at EuroBSDCon 2023, September 14-17, 2023 in Coimbra,
    Portugal

  • Attended the Open Source Summit, Europe, September 19-21, Bilbao, Spain

  • Continued planning the November 2023 FreeBSD Vendor Summit, taking place
    November 2-3, 2023, in San Jose, California

  • Continued to administer our Google Summer of Code program

  • Published the July Newsletter

  • Additional Blog Posts

      □ Advocating at Events: May 2023 FreeBSD Dev Summit and BSDCan

      □ Top Ten Reasons to Upgrade to FreeBSD 13.2

      □ July 2023 Software Development Projects Update

      □ FreeBSD for Research: CHERI/Morello

      □ Meet the FreeBSD Google Summer of Code Students

          ☆ Soobin Rho

          ☆ Raghav Sharma

          ☆ Sudhanshu Mohan Kashyap

          ☆ Aymeric Wibo

      □ Meet The Summer 2023 University of Waterloo Co-Op Student: Naman Sood

      □ Meet FreeBSD Foundation 2023 Summer Intern: Jake Freeland

  • FreeBSD in the News

      □ FreeBSD Foundation Joins OSI’s Open Policy Alliance

      □ Hackernoon: 5 Reasons We Use Open Source FreeBSD as Our Enterprise OS

      □ What the Dev Podcast: The Evolution of the FreeBSD Project.

We help educate the world about FreeBSD by publishing the professionally
produced FreeBSD Journal. As we mentioned previously, the FreeBSD Journal is
now a free publication. Find out more and access the latest issues at
https://www.freebsdfoundation.org/journal/.

You can find out more about events we attended and upcoming events at
https://freebsdfoundation.org/our-work/events/.

OS Improvements

During the third quarter of 2023, 282 src, 652 ports, and 24 doc tree commits
identified The FreeBSD Foundation as a sponsor. Some of this
Foundation-sponsored work is described in separate report entries:

  • Enabling Snapshots on Filesystems Using Journaled Soft Updates

  • Login Classes Fixes and Improvements

  • OpenSSL 3 in base — Improved

  • OpenStack on FreeBSD

  • Process Visibility Security Policies

  • SIMD enhancements for amd64.

Members of the Technology Team attended EuroBSDCon 2023 in Coimbra, Portugal.
Li-Wen Hsu gave a tutorial to help newcomers contribute to FreeBSD. Before the
conference, the FreeBSD Developer Summit took place, where the team presented a
short update on their recent work.

Six summer internships or projects wrapped up.

  • Jake Freeland spent the summer working on a a Capsicum project to trace
    violations, adapt various daemons such as syslogd(8), and write
    documentation.

  • Naman Sood worked on various tasks, mostly related to networking.

  • En-Wei Wu completed another wireless internship to improve and extend wtap,
    the net80211(4) Wi-Fi simulator.

  • Yan-Hao Wang worked on a documentation and testing project to, e.g., build
    an online man page editor and add test cases for some userspace tools.

  • Christos Margiolis completed his project to improve the kinst DTrace
    provider by implementing inline function tracing and porting kinst to arm64
    and riscv.

  • In preparation for FreeBSD 14.0, Muhammad Moinur (Moin) Rahman committed
    over 700 fixes or workarounds for ports affected by recent OpenSSL and LLVM
    updates.

For more information about current and past Foundation-contracted work, visit
the Foundation Projects page.

Here is a sampling of other Foundation-sponsored work completed over the
quarter:

  • Improved riscv64 CPU identity and feature detection

  • Rewrote intro(9) man page from scratch

  • Performed code maintenance and fixed bugs in the hwpmc(4) module and the
    pmc(3) library and tools

  • Committed various freebsd-update(8) fixes in preparation for FreeBSD 14.0

  • Committed many (37) updates and fixes to the LinuxKPI, iwlwifi, and
    net802.11 code

  • Updated SSH first to OpenSSH 9.3p2, then 9.4p1

  • Patched ssh-keygen to generate Ed25519 keys when invoked without arguments

  • Added a clean-room implementation of the Linux membarrier(2) system call

  • Increased MAXCPU to 1024 on amd64 and arm64

  • Committed fixes for automatic Zenbleed misbehavior/data leaks prevention on
    affected machines (via chicken bit)

  • Reviewed the use of scheduling priorities throughout the kernel for work in
    progress to harden the rtprio() system call and make it more useful in some
    cases.

Supporting FreeBSD Infrastructure

The Foundation provides hardware and two staff members to help support the
FreeBSD cluster. With your donations, the Foundation, in coordination with the
Cluster Administration Team, purchased five new package builders, three new web
servers, a new firewall/router, two package mirrors, and two new servers for
continuous integration. With the exception of one of the package mirrors, all
the new hardware will be located on the east coast of the USA.

Continuous Integration and Quality Assurance

The Foundation provides a full-time staff member and funds projects to improve
continuous integration, automated testing, and overall quality assurance
efforts for the FreeBSD project. You can read more about CI work in a dedicated
report entry.

Legal/FreeBSD IP

The Foundation owns the FreeBSD trademarks, and it is our responsibility to
protect them. We also provide legal support for the core team to investigate
questions that arise.

Go to https://freebsdfoundation.org to find more about how we support FreeBSD
and how we can help you!

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Release Engineering Team

Links:
FreeBSD 14.0-RELEASE schedule URL: https://www.freebsd.org/releases/14.0R/
schedule/
FreeBSD releases URL: https://download.freebsd.org/releases/ISO-IMAGES/
FreeBSD development snapshots URL: https://download.freebsd.org/snapshots/
ISO-IMAGES/

Contact: FreeBSD Release Engineering Team, <re@FreeBSD.org>

The FreeBSD Release Engineering Team is responsible for setting and publishing
release schedules for official project releases of FreeBSD, announcing code
freezes and maintaining the respective branches, among other things.

During the third quarter of the year, the FreeBSD Release Engineering Team
started work on the upcoming 14.0-RELEASE cycle. As of this writing, BETA3 had
been released, with BETA4 to follow shortly after.

The Release Engineering Team continued providing weekly development snapshot
builds for the main and stable/13 branches.

Sponsor: Tarsnap
Sponsor: https://www.gofundme.com/f/gjbbsd/
Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Continuous Integration

Links:
FreeBSD Jenkins Instance URL: https://ci.FreeBSD.org
FreeBSD CI Tinderbox view URL: https://https://tinderbox.freebsd.org
FreeBSD CI artifact archive URL: https://artifact.ci.FreeBSD.org
Hosted CI wiki URL: https://wiki.FreeBSD.org/HostedCI
3rd Party Software CI URL: https://wiki.FreeBSD.org/3rdPartySoftwareCI
Tickets related to freebsd-testing@ URL: https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=open&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals
FreeBSD CI Repository URL: https://github.com/freebsd/freebsd-ci
dev-ci Mailing List URL: https://lists.FreeBSD.org/subscription/dev-ci

Contact: Jenkins Admin <jenkins-admin@FreeBSD.org>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
Contact: freebsd-testing Mailing List
Contact: IRC #freebsd-ci channel on EFNet

In the third quarter of 2023, we worked with the project contributors and
developers to address their testing requirements. Concurrently, we collaborated
with external projects and companies to enhance their products by testing more
on FreeBSD.

Important completed tasks:

  • Add jobs for stable/14 branch

  • Update the "Tinderbox" view of the CI results, now includes test results
    and the "starting point" of the current failing or unstable series.

  • This is mainly done by the Foundation intern, Yan-Hao Wang. His other
    contributions are in the other entry of this report.

Work in progress tasks:

  • Designing and implementing pre-commit CI building and testing and pull/
    merged-request based system (to support the workflow working group)

  • Proof of concept system is in progress.

  • Designing and implementing use of CI cluster to build release artifacts as
    release engineering does

  • Simplifying CI/test environment setting up for contributors and developers

  • Setting up the CI stage environment and putting the experimental jobs on it

  • Improving the hardware test lab and adding more hardware for testing

  • Merge https://reviews.freebsd.org/D38815

  • Merge https://reviews.freebsd.org/D36257

Open or queued tasks:

  • Collecting and sorting CI tasks and ideas

  • Setting up public network access for the VM guest running tests

  • Implementing use of bare-metal hardware to run test suites

  • Adding drm ports building tests against -CURRENT

  • Planning to run ztest tests

  • Helping more software get FreeBSD support in its CI pipeline (Wiki pages:
    3rdPartySoftwareCI, HostedCI)

  • Working with hosted CI providers to have better FreeBSD support

Please see freebsd-testing@ related tickets for more WIP information, and do
not hesitate to join the effort!

Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Ports Collection

Links:
About FreeBSD Ports URL:https://www.FreeBSD.org/ports/
Contributing to Ports URL: https://docs.freebsd.org/en/articles/contributing/#ports-contributing
FreeBSD Ports Monitoring URL: http://portsmon.freebsd.org/
Ports Management Team URL: https://www.freebsd.org/portmgr/
Ports Tarball URL: http://ftp.freebsd.org/pub/FreeBSD/ports/ports/

Contact: René Ladan <portmgr-secretary@FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr@FreeBSD.org>

The Ports Management Team is responsible for overseeing the overall direction
of the Ports Tree, building packages, and personnel matters. Below is what
happened in the last quarter.

  • According to INDEX, there are currently 34,600 ports in the Ports
    Collection. There are currently 3,000 open ports PRs of which some 730 are
    unassigned. The last quarter saw 11,454 commits by 130 committers on the
    main branch and 828 commits by 37 committers on the 2023Q3 branch. Compared
    to last quarter, this means a slight decrease in the number of unassigned
    PRs, a 10% increase in the number of commits on the main branch but also
    less backports to the quarterly branch. The number of ports also grew a
    bit.

During Q3 we welcomed Joel Bodenmann (jbo@) as a new ports committer, granted a
ports commit bit to mizhka@ who was already a src committer, and took the
commit bits of knu@ and uqs@ in for safe-keeping after a year of inactivity.

Portgmr discussed and worked on the following things during Q3:

  • Some progress has been made on sub-packages and a lightning talk was given
    by pizzamig@ at EuroBSDCon

  • Overhauling some parts of the ports tree (LIB_DEPENDS, PREFIX, MANPREFIX,
    MANPATH)

Support for FreeBSD 13.1 was removed from the ports tree as it reached its
end-of-life on August 1st.

The following happened on the infrastructure side:

  • USES for ebur128 and guile were added

  • Default versions for Mono, Perl, and PostgreSQL were updated to
    respectively 5.20, 5.34, and 15

  • Default versions for ebur128, guile, and pycryptography were added at
    respectively "rust", 2.2, and "rust"

  • Updates to major ports that happened were:

      □ pkg to 1.20.7

      □ chromium to 117.0.5938.132

      □ Firefox to 118.0.1

      □ KDE to 5.27.8

      □ Rust to 1.72.0

      □ Wine to 8.0.2

During the last quarter, pgkmgr@ ran 18 exp-runs to test various ports
upgrades, updates to default versions of ports, and changes to pycryptography.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Projects

Projects that span multiple categories, from the kernel and userspace to the
Ports Collection or external projects.

Filling gaps in the FreeBSD desktop experience

Links:
External media manager URL: https://github.com/outpaddling/qmediamanager
devd-based automounter URL: https://github.com/outpaddling/devd-mount
SUID mount tool URL: https://github.com/outpaddling/npmount
Popup notification for updates URL: https://github.com/outpaddling/
freebsd-update-notify

Contact: Jason Bacon <jwb@FreeBSD.org>

The sysutils/desktop-installer port, available for over a decade now, quickly
configures a bare FreeBSD system with any desktop environment or window
manager. However, the FreeBSD base and ports collection has been missing some
common features that end users expect from a desktop OS.

The desktop-installer battery monitor script has been enhanced to display popup
notifications at various levels of charge/discharge.

deskutils/qmediamanager, in conjunction with sysutils/devd-mount and
sysutils/npmount, mounts inserted media upon notification from devd, and displays a
popup window offering the user options to show filesystem information, open a
file manager, reformat, copy a disk image to the device, or unmount. It
provides a convenient and secure way to work with external media such as USB
sticks.

A fourth new port — deskutils/freebsd-update-notify — displays a popup when new
base updates are available, or when a configurable time limit has elapsed. If
the user chooses to proceed with updates, the entire system is updated
(packages, ports, and base) with auto-update-system(1) (a feature of
sysutils/auto-admin).

These new tools bring the FreeBSD desktop experience a step closer to the
convenience of the most popular desktop operating systems.

The tools are effectively prototypes, stable and reliable, but in need of
review. Feedback from users regarding default behavior and configuration
options will be appreciated.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

LLDB Kernel Module Improvement

Links:
GSoC Wiki Project URL: https://wiki.freebsd.org/SummerOfCode2023Projects/LLDBKernelModuleImprovement
Project Codebase URL: https://github.com/aokblast/freebsd-src/tree/lldb_dynamicloader_freebsd_kernel
LLVM PullRequest URL: https://github.com/llvm/llvm-project/pull/67106

Contact: Sheng-Yi Hong <aokblast@FreeBSD.org>

The LLDB Kernel Module Improvement Project described in the previous quarter
report implements DynamicLoader Plugin for FreeBSD Kernel on LLDB.

All of the work is done — that is, this plugin can correctly load all kernel
modules and their debug files extracted from kernel coredump.

This plugin has been tested on both x86-64 for relocatable type kernel module
and arm64(EC2) for shared library type kernel module. Both of these platforms
show this plugin works well.

Currently, this plugin prepares to be landed to LLVM codebase in LLVM
PullRequest

Sponsor: The Google Summer of Code '23 program

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Userland

Changes affecting the base system and programs in it.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

OpenSSL 3 in base — Improved

Links:
OpenSSL Downloads URL: https://www.openssl.org/source/

Contact: Pierre Pronchery <pierre@freebsdfoundation.org>

This is a follow-up to the previous quarterly report on the integration of
OpenSSL 3 into the base system.

The most obvious updates since the previous report are certainly the 3.0.10 and
then 3.0.11 releases, fixing CVE issues with low to medium severity (
CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-4807).

However these are not the only changes, and this quarter some issues specific
to the integration were fixed, most of which were found while building ports
with OpenSSL 3 in the base system.

Fixes included:

  • Linking the engines and the legacy provider with the libcrypto.so shared
    object, for proper visibility of symbols, and for which a hack was required
    in the build system.

  • Correcting the list of source files for the FIPS provider.

  • Ensuring backward compatibility for the deprecated 0.9.8 API, which was
    notably helpful for the PAM authentication module from security/
    pam_ssh_agent_auth, based on OpenSSH’s ssh-agent(1) authentication
    mechanism.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Login Classes Fixes and Improvements

Links:
Start of the reviews stack URL: https://reviews.freebsd.org/D40339

Contact: Olivier Certner <olce.freebsd.statusreports@certner.fr>

Context

Login classes are a mechanism mainly used to set various process properties and
attributes at login, depending on the user logging in and the login class he is
a member of. A login class typically specifies resource limits, environment
variables and process properties such as scheduling priority and umask. See
login.conf(5) for more information.

Changes

The priority and umask capabilities now accept the inherit special value to
explicitly request property inheritance from the login process. This is useful,
e.g., when temporarily logging in as another user from a process with a
non-default priority to ensure that processes launched by this user still have
the same priority level.

Users can now override the global setting for the priority capability (in /etc/
login.conf) in their local configuration file (~/.login_conf). Note however
that they cannot increase their priority if they are not privileged, and that
using inherit in this context makes no sense, since the global setting is
always applied first.

Fixes:

  • Fix a bug where, when the priority capability specifies a realtime
    priority, the final priority used was off-by-one (and the numerically
    highest priority in the real time class (31) could never be set).

  • Security: Prevent a setuid/setgid process from applying directives from
    some user’s ~/.login_conf (directives there that cannot be applied because
    of a lack of privileges could suddenly become applicable in such a
    process).

We have also updated the relevant manual pages to reflect the new
functionality, and improved the description of the priority and umask
capabilities in login.conf(5).

Status

Some of the patches in the series have been reviewed thanks to Konstantin
Belousov and Warner Losh. Other patches are waiting for reviews (and reviewers,
volunteers welcome!), which are not expected to be labored.

We plan to improve consistency by deprecating the priority reset to 0 when no
value for the capability priority is explicitly specified, which has been the
case for umask for 15+ years.

Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for some reviews)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Process Visibility Security Policies

Links:
Start of the reviews stack URL: https://reviews.freebsd.org/D40626

Contact: Olivier Certner <olce.freebsd.statusreports@certner.fr>

Context

FreeBSD implements three built-in security policies that limit which processes
are visible to particular users, with the goal of preventing information leaks
and unwanted interactions.

The first one can prevent an unprivileged user from seeing or interacting with
processes that do not have the user’s UID as their real UID. It can be
activated by setting the sysctl security.bsd.see_other_uids to 0 (default is
1).

The second one can prevent an unprivileged user from seeing or interacting with
processes whose credentials do not have any group that the user is a member of.
It can be activated by setting the sysctl security.bsd.see_other_gids to 0
(default is 1).

The third one can prevent an unprivileged user’s process from seeing or
interacting with processes that are in a jail that is a strict sub-jail of the
former. The jail subsystem already prevents such a process to see processes in
jails that are not descendant of its own (see jail(8) and in particular the
section "Hierarchical Jails"). One possible use of this policy is, in
conjunction with the first one above, to hide processes in sub-jails that have
the same real UID as some user in an ancestor jail, because users having
identical UIDs in these different jails are logically considered as different
users. It can be activated by setting the sysctl security.bsd.see_jail_proc to
0 (default is 1).

After a review of these policies' code and real world testing, we noticed a
number of problems and limitations which prompted us to work on this topic.

Changes

The policy controlled by the security.bsd.see_jail_proc sysctl has received the
following fixes and improvements:

  • Harden the security.bsd.see_jail_proc policy by preventing unauthorized
    users from attempting to kill, change priority of or debug processes with
    same (real) UID in a sub-jail at random, which, provided the PID of such a
    process is guessed correctly, would succeed even if these processes are not
    visible to them.

  • Make this policy overridable by MAC policies, as are the others.

The policy controlled by security.bsd.see_other_gids was fixed to consider the
real group of a process instead of its effective group when determining whether
the user trying to access the process is a member of one of the process'
groups. The rationale is that some user should continue to see processes it has
launched even when they acquire further privileges by virtue of the setgid bit.
Conversely, they should not see processes launched by a privileged user that
temporarily enters the user’s primary group. This new behavior is consistent
with what security.bsd.see_other_uids has always been doing for user IDs (i.e.,
considering some process' real user ID and not the effective ID).

We have updated manual pages related to these security policies, including
security(7), sysctl(8), and ptrace(2). Several manual pages of internal
functions either implementing or leveraging these policies have also been
revamped.

Status

Thanks to the help of Mitchell Horne, Pau Amma, Benedict Reuschling and Ed
Maste, most of the submitted changes have been reviewed and approved, so they
should reach the tree soon. The patch series starts with review D40626. From
there, click on the "Stack" tab to see the full list of reviews implementing
the changes.

As a later step, we are considering turning the security.bsd.see_jail_proc
policy on by default (i.e., the default value of the sysctl would become 0)
unless there are objections.

Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for most of the reviews)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Linux compatibility layer update

Links:
Linuxulator status Wiki page URL: https://wiki.freebsd.org/Linuxulator
Linux app status Wiki page URL: https://wiki.freebsd.org/LinuxApps

Contact: Dmitry Chagin <dchagin@FreeBSD.org>

The goal of this project is to improve FreeBSD’s ability to execute unmodified
linux(4) binaries.

As of 22dca7acf775, xattr system calls are implemented. That makes it possible
to use Linux rsync.

As of bbe017e0415a, ioprio system calls are implemented. That makes it possible
to debootstrap Ubuntu 23.04.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Kernel

Updates to kernel subsystems/features, driver support, filesystems, and more.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Enabling Snapshots on Filesystems Using Journaled Soft Updates

Contact: Marshall Kirk McKusick <mckusick@FreeBSD.org>

This project has made UFS/FFS filesystem snapshots available when running with
journaled soft updates. The details of this project were described in the 2022
fourth quarter report.

This project had two milestones:

The first milestone of this project was to make it possible to take snapshots
when running with journaled soft updates and to use them for doing background
dumps on a live filesystem. Background dumps are requested by using the -L flag
to dump(8). This milestone was completed in Q4 of 2022 and was made available
in the 13.2 release as described in the 2023 first quarter report.

The second milestone of this project was to do a background check using a
snapshot on a filesystem running with journaled soft updates. This milestone
was completed in the third quarter of 2023 in time to be included as part of
the 14.0 release. It was also made available in the 13.2-STABLE release.

Sponsored by: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SquashFS driver for FreeBSD kernel

Links:
Wiki page URL: https://wiki.freebsd.org/SummerOfCode2023Projects/PortSquashFuseToTheFreeBSDKernel
Source code URL: https://github.com/Mashijams/freebsd-src/tree/gsoc/testing

Contact: Raghav Sharma <raghav@FreeBSD.org>

This quarter we finished SquashFS driver work for the kernel. We now can mount
SquashFS archives on FreeBSD 13.2-RELEASE or greater, and perform all basic
read-only filesystem operations.

Code work includes:

  • Implementing vop_lookup() and vop_readdir() hooks for directory read
    support.

  • Implementing vop_read() and vop_strategy() hooks for files read support.

  • Implementing vop_readlink() hook for symlinks read support.

We also implemented extended attributes interface functions for SquashFS. All
that remains is to implement their kernel interface hooks.

There were a lot of bug fixes as well. One major issue was to find out why we
can not list the first entry of the root directory, it transpires that SquashFS
could have inode_number as zero, which the kernel, for some reason, skips while
listing dirents. For now, we fixed it by passing dummy inode_number, instead of
zero, to dirent.

The code review is currently ongoing with my mentor Chuck Tuffli.

I am happy to say that SquashFS will find its place in upcoming FreeBSD
releases.

Sponsor: The Google Summer of Code 2023 program

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Architectures

Updating platform-specific features and bringing in support for new hardware
platforms.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

NXP DPAA2 support

Links:
DPAA2 in the FreeBSD source tree URL: https://cgit.freebsd.org/src/tree/sys/dev/dpaa2
DPAA2 on Github URL: https://github.com/mcusim/freebsd-src

Contact: Dmitry Salychev <dsl@FreeBSD.org>
Contact: Bjoern A. Zeeb <bz@FreeBSD.org>

What is DPAA2?

DPAA2 is a hardware-level networking architecture found in some NXP SoCs which
contains hardware blocks including Management Complex (MC, a command interface
to manipulate DPAA2 objects), Wire Rate I/O processor (WRIOP, packets
distribution, queuing, drop decisions), Queues and Buffers Manager (QBMan, Rx/
Tx queues control, Rx buffer pools) and others. The Management Complex runs
NXP-supplied firmware which provides DPAA2 objects as an abstraction layer over
those blocks to simplify access to the underlying hardware.

Changes from the previous report

  • Isolation between DPAA2 channels improved.

  • Panic under heavy network load fixed.

  • FDT/ACPI MDIO support.

  • NFS root mount do not hang on netboot over DPAA2 anymore.

  • Drivers started to communicate with MC via their own command portals
    (DPMCP).

  • List of all closed issues.

Work in Progress

Work on dev/sff started to support SFF/SFP modules in order to test DPAA2
drivers on links above 1 Gbit/s.

Plan

  • Heavy network load tests (2.5 Gbit/s, 10 Gbit/s) and bottlenecks
    mitigation.

  • Cached memory-backed software portals.

  • Driver resources de-allocation to unload dpaa2.ko properly.

  • Further parts (DPSW, DCE, etc.) supported by the hardware.

Sponsor: Traverse Technologies (providing Ten64 HW for testing)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SIMD enhancements for amd64

Links:
Project proposal URL: http://fuz.su/~fuz/freebsd/2023-04-05_libc-proposal.txt
simd(7) URL: https://man.freebsd.org/cgi/man.cgi?query=simd&sektion=7&manpath=FreeBSD+15.0-CURRENT

Contact: Robert Clausecker <fuz@FreeBSD.org>

SIMD instruction set extensions such as SSE, AVX, and NEON are ubiquitous on
modern computers and offer performance advantages for many applications. The
goal of this project is to provide SIMD-enhanced versions of common libc
functions (mostly those described in string(3)), speeding up most C programs.

For each function optimised, up to four implementations will be provided:

  • a scalar implementation optimised for amd64, but without any SIMD usage,

  • either a baseline implementation using SSE and SSE2, or an x86-64-v2
    implementation using all SSE extensions up to SSE4.2,

  • an x86-64-v3 implementation using AVX and AVX2, and

  • an x86-64-v4 implementation using AVX-512F/BW/CD/DQ.

Users will be able to select which level of SIMD enhancements to use by setting
the ARCHLEVEL environment variable.

While the current project only concerns amd64, the work may be expanded to
other architectures like arm64 in the future.

During the last few months, significant progress has been made on this project.
SIMD-enhanced versions of bcmp(3), index(3), memchr(3), memcmp(3), stpcpy(3),
strchr(3), strchrnul(3), strcpy(3), strcspn(3), strlen(3), strnlen(3), and
strspn(3) have landed. Functions memcpy(3), memmove(3), strcmp(3),
timingsafe_bcmp(3) (see D41673), and timingsafe_memcmp(3) (see D41696) are work
in progress. Unfortunately, the work has not made the cut for FreeBSD 14.0, but
it is slated to be part of FreeBSD 14.1.

Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Integrate mfsBSD into the Release Building Tools

Links:
Wiki Article URL: https://wiki.freebsd.org/SummerOfCode2023Projects/IntegrateMfsBSDIntoTheReleaseBuildingTools
Code Review on Phabricator URL: https://reviews.freebsd.org/D41705
FreeBSD Foundation Blog Post URL: https://freebsdfoundation.org/blog/meet-the-2023-freebsd-google-summer-of-code-students-soobin-rho/

Contact: Soobin Rho <soobinrho@FreeBSD.org>

What is mfsBSD?

"mfsBSD is a toolset to create small-sized but full-featured mfsroot based
distributions of FreeBSD that store all files in memory (MFS) [Memory File
System] and load from hard drive, USB storage device, or optical medium. It can
be used for a variety of purposes, including diskless systems, recovery
partitions and remotely overwriting other operating systems."

Martin Matuška is the creator of mfsBSD. He is also author of the original
(2009) mfsBSD white paper, from which the excerpt above is taken. Upstream
mfsBSD is maintained in the repository on GitHub.

Purpose of this Project

This project integrates mfsBSD into the FreeBSD release tool set, creating an
additional target of mfsBSD images (.img and .iso files) in /usr/src/release/
Makefile. Prior to integration, mfsBSD only existed outside the FreeBSD release
tool chain, and only -RELEASE versions were produced.

With this project, mfsBSD images will be available at the official FreeBSD
release page. You will also be able to build mfsBSD yourself by invoking cd /
usr/src/release && make release WITH_MFSBSD=1, which will then create 
mfsbsd-se.img and mfsbsd-se.iso at /usr/obj/usr/src/${ARCH}/release/.

Changes from last quarter

The code is ready, and is currently under review. If you would like to get
involved with the review process, please feel free to do so! Here is my
revision.

Sponsor: Google, Inc. (GSoC 2023)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Cloud

Updating cloud-specific features and bringing in support for new cloud
platforms.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

OpenStack on FreeBSD

Links:
OpenStack URL: https://www.openstack.org/
OpenStack on FreeBSD URL: https://github.com/openstack-on-freebsd

Contact: Chih-Hsin Chang <starbops@hey.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

OpenStack, an open-source cloud operating system, has been a valuable resource
for deploying various resource types on cloud platforms. However, the challenge
has been running OpenStack’s control plane on FreeBSD hosts. Our project’s
mission is to enable FreeBSD to function seamlessly as an OpenStack host.

Throughout this quarter, we focused on the last bit of the entire proof of
concept (POC), the VM console integration. The goal is to let users get serial
consoles via the OpenStack client to access the VM instances running on the
FreeBSD-based OpenStack cluster. This is also important because right now we do
not have a port for the managed DHCP service in Neutron. Users need to manually
configure the correct IP addresses for the VM instances to have network
connectivity. However, bhyve(8) does not natively expose serial consoles, so we
need to instead export the nmdm(4) device over the network. This is done by a
custom proxy called socat-manager, and yes, we leverage socat(1) to listen on
specific ports allocated by OpenStack nova-compute to be integrated into their
workflow. With the aid of another critical part, the custom Libvirt hook for
bhyve, we can connect the two endpoints and make the consoles accessible to the
users. During development of the hook script, we found that the hook interface
provided by Libvirt specifically for bhyve was not well implemented.
Fortunately, the Libvirt developer fixed the issue promptly, and we plan to
refine our hook script when the fix is released in the future.

We also addressed the nested bhyve issue (running bhyve VMs on top of Linux
KVM) in our development environment mentioned in the last quarterly report. It
is caused by the APIC emulation of the two VT-x features: VID and PostIntr.

Our host’s CPUs have these two features so we need to disable them at the L1
guest, which acts as a bhyve host, in /boot/loader.conf to make L2 guests not
hanging. It is crucial for us to be able to work on the project in a fully
virtualized environment due to the lack of physical resources. This could be
equally important for people interested in the project, lowering the bar for
them to try out or validate the entire POC on their environment without too
demanding setup requirements.

Looking ahead to Q4, our focus is wrapping up the POC with revised
documentation and porting to FreeBSD 14.0-RELEASE. Dependencies that lack the
corresponding FreeBSD packages will be ported one by one. We also aim to rebase
our work with OpenStack 2023.1 Antelope. We invite those interested to explore
our documentation and contribute to this project’s success.

Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD on Microsoft HyperV and Azure

Links:
Microsoft Azure article on FreeBSD wiki URL: https://wiki.freebsd.org/
MicrosoftAzure
Microsoft HyperV article on FreeBSD wiki URL: https://wiki.freebsd.org/HyperV

Contact: Microsoft FreeBSD Integration Services Team <bsdic@microsoft.com>
Contact: freebsd-cloud Mailing List
Contact: The FreeBSD Azure Release Engineering Team <releng-azure@FreeBSD.org>
Contact: Wei Hu <whu@FreeBSD.org>
Contact: Souradeep Chakrabarti <schakrabarti@microsoft.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

In this quarter, we have worked mainly on ARM64 architecture support and
building and publishing both UFS and ZFS based images to Azure community
gallery. There are some testing images available in the project’s testing
public gallery, named FreeBSDCGTest-d8a43fa5-745a-4910-9f71-0c9da2ac22bf:

  • FreeBSD-CURRENT-testing

  • FreeBSD-CURRENT-gen2-testing

  • FreeBSD-CURRENT-arm64-testing

  • FreeBSD-CURRENT-zfs-testing

  • FreeBSD-CURRENT-zfs-gen1-testing

To use them, when creating a virtual machine:

 1. In Select an Image step, choose Community Images in Other items

 2. Search FreeBSD

We are aiming to provide all those images for 14.0-RELEASE.

Work in progress tasks:

  • Automating the image building and publishing process and merge to src/
    release/.

  • Building and publishing all supported VM images to Azure Marketplace

  • Building and publishing snapshot builds to Azure community gallery

The above tasks are sponsored by The FreeBSD Foundation, with resources
provided by Microsoft.

Wei Hu and Souradeep Chakrabarti have fixed several critical bugs in arm64:

  • https://bugs.freebsd.org/267654

  • https://bugs.freebsd.org/272461

  • https://bugs.freebsd.org/272666

The root cause was identified and fixed in e7a9817b8d32: Hyper-V: vmbus:
implementat bus_get_dma_tag in vmbus

And continue working on improving Microsoft Azure Network Adapter (MANA)
support.

Open tasks:

  • Update FreeBSD related doc at Microsoft Learn

  • Support FreeBSD in Azure Pipelines

  • Update Azure agent port to the latest version

  • Upstream local modifications of Azure agent

Sponsor: Microsoft for people in Microsoft, and for resources for the rest
Sponsor: The FreeBSD Foundation for everything else

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD on EC2

Links:
FreeBSD/EC2 Patreon URL: https://www.patreon.com/cperciva

Contact: Colin Percival <cperciva@FreeBSD.org>

FreeBSD is available on both x86 (Intel and AMD) and ARM64 (Graviton) EC2
instances. Work continues to ensure that upcoming instance types will be
supported.

Weekly FreeBSD snapshots now include experimental ZFS-root AMIs for 14.0 and
15.0. This change will be present in FreeBSD 14.0-RELEASE.

Work is underway to start publishing experimental "cloud-init" AMIs. This is
expected to arrive in time for FreeBSD 14.0-RELEASE.

This work is supported by Colin’s FreeBSD/EC2 Patreon.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Documentation

Noteworthy changes in the documentation tree, manual pages, or new external
books/documents.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Documentation Engineering Team

Link: FreeBSD Documentation Project URL: https://www.freebsd.org/docproj/
Link: FreeBSD Documentation Project Primer for New Contributors URL: https://docs.freebsd.org/en/books/fdp-primer/
Link: Documentation Engineering Team URL: https://www.freebsd.org/administration/#t-doceng

Contact: FreeBSD Doceng Team <doceng@FreeBSD.org>

The doceng@ team is a body to handle some of the meta-project issues associated
with the FreeBSD Documentation Project; for more information, see the FreeBSD
Doceng Team Charter.

During this quarter:

  • The search functionality of the documentation portal was moved from
    DuckDuckGo to our own search engine; for more information, see this commit

  • grahamperrin@'s doc commit bit was taken for safekeeping as per his request

  • pluknet@'s doc commit bit was taken for safekeeping as per his request.

Porter’s Handbook

New USES knobs have been added to the Handbook:

  • USES= ebur128.

  • USES= guile.

FreeBSD Translations on Weblate

Link: Translate FreeBSD on Weblate URL: https://wiki.freebsd.org/Doc/Translation/Weblate
Link: FreeBSD Weblate Instance URL: https://translate-dev.freebsd.org/

Q3 2023 Status

  • 17 team languages

  • 189 registered users

Four new translators joined Weblate:

  • minso in Korean (ko) and French (fr_FR)

  • strgalt-t in German (de_DE)

  • bsdmeg in German (de_DE)

  • mvsf in Portuguese (pt_BR)

Languages

  • Chinese (Simplified) (zh-cn) (progress: 7%)

  • Chinese (Traditional) (zh-tw) (progress: 3%)

  • Dutch (nl) (progress: 1%)

  • French (fr) (progress: 1%)

  • German (de) (progress: 1%)

  • Indonesian (id) (progress: 1%)

  • Italian (it) (progress: 5%)

  • Korean (ko) (progress: 33%)

  • Norwegian (nb-no) (progress: 1%)

  • Persian (fa-ir) (progress: 2%)

  • Polish (progress: 1%)

  • Portuguese (progress: 0%)

  • Portuguese (pt-br) (progress: 22%)

  • Spanish (es) (progress: 35%)

  • Turkish (tr) (progress: 2%)

We want to thank everyone that contributed, translating or reviewing documents.

And please, help promote this effort on your local user group, we always need
more volunteers.

FreeBSD Handbook Working Group

Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>

  • The Network chapter has been rewritten

  • The Jails chapter has been rewritten

  • The next section to work on will be the file systems part: UFS, OpenZFS,
    Other File Systems.

FAQ Working Group

Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>

The idea is to write a new FAQ. Will be released alongside FreeBSD 14.0.

FreeBSD Website Revamp — WebApps Working Group

Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>

Working group in charge of creating the new FreeBSD Documentation Portal and
redesigning the FreeBSD main website and its components. FreeBSD developers can
follow and join the working group on the FreeBSD Slack channel #wg-www21. The
work will be divided into three phases:

 1. Redesign of the Manual Pages on web

    Scripts to generate the HTML pages using mandoc. (Complete, Approved by
    Doceng, Deploy Date Not Decided Yet) Public instance on https://man-dev.FreeBSD.org

 2. Redesign of the FreeBSD main website

    New design, responsive and dark theme. (Almost Complete, Presented at
    EuroBSDCon)

 3. Redesign of the Ports page on web

    Ports scripts to create an applications portal. (Work in progress)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Online Editor and Man Page Editor

Links:
FreeBSD Online Document Editor URL: https://github.com/Wang-Yan-Hao/
FreeBSD-Online-Document-Editor
FreeBSD Online Man Page Editor URL: https://github.com/Wang-Yan-Hao/
man_page_editor

Contact: Yan-Hao Wang <bses30074@gmail.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

Currently, our document translation process involves using Weblate and direct
editing of the doc repository. We acknowledge that this process can be somewhat
cumbersome, so we are striving to offer a more convenient alternative, similar
to what the wiki community does. Introducing the Online Document Editor and Man
Page Editor, a user-friendly, WYSIWYG static site designed for translating
documents and man pages. Our goal is to consolidate all translation functions
within a single platform, making the translation process as straightforward as
possible.

However, we still require assistance with these two projects, as follows:

 1. The Document editor and Man page editor were developed using simple
    JavaScript. We are seeking a web developer to assess the code’s efficiency
    since I (Yan-Hao Wang) am not well-versed in front-end development.

 2. We are also seeking a cybersecurity developer to assist us in identifying
    and addressing security issues within these two projects. This is crucial
    to ensure the secure hosting of these projects and mitigate any potential
    vulnerabilities.

 3. As there is currently no existing JavaScript library to render mandoc, I
    had to create my own. However, there are still some concealed errors during
    the editing process. We are in need of a JavaScript developer to help
    rectify these rendering issues.

Sponsor: FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Expert System

Links:
FreeBSD Expert System URL: https://github.com/Wang-Yan-Hao/
freebsd_expert_system

Contact: Yan-Hao Wang <bses30074@gmail.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

Machine Learning and Deep Learning technologies have become increasingly
prevalent in today’s world, much like the proliferation of ChatGPT. We are
working on developing a ChatGPT plugin that can access the latest FreeBSD data,
transforming ChatGPT into a FreeBSD expert system. We have already scripted
data cleaning and built an embedded model to search for relevant information.

Nevertheless, we require assistance for the following aspect of this project:

  • While I am not an expert in Machine Learning or Deep Learning, we encounter
    numerous challenges in these domains, such as the adequacy of data cleaning
    and uncertainties in the final plugin development process. We would
    appreciate guidance in this regard.

Sponsor: FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Ports

Changes affecting the Ports Collection, whether sweeping changes that touch
most of the tree, or individual ports themselves.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

KDE on FreeBSD

Links:
KDE/FreeBSD initiative URL: https://freebsd.kde.org/
FreeBSD — KDE Community Wiki URL: https://community.kde.org/FreeBSD

Contact: Adriaan de Groot <kde@FreeBSD.org>

The KDE on FreeBSD project packages CMake, Qt, and software from the KDE
Community, for the FreeBSD ports tree. The software includes a full desktop
environment called KDE Plasma (for both X11 and Wayland) and hundreds of
applications that can be used on any FreeBSD machine.

The KDE team (kde@) is part of desktop@ and x11@, building the software stack
to make FreeBSD beautiful and usable as a daily-driver graphical desktop
workstation. The notes below describe mostly ports for KDE, but also include
items that are important for the entire desktop stack.

Infrastructure

Qt5 is now on long-term support and updates only rarely. There was an update to
5.15.10 in this quarter. Qt6 is now updated with the regular upstream releases,
with the 6.5.2 release landing at the end of July and 6.5.3 following later.

CMake saw no updates this quarter, so we are now lagging by at least one minor
release. The changelog for the latest releases does not have much for FreeBSD,
so there is no special reason to upgrade.

sysutils/polkit and sysutils/consolekit2 were both updated, bringing improved
security policy and console handling to the FreeBSD desktop. x11/sddm was
updated to provide a better graphical login manager.

multimedia/pipewire was updated to version 0.3.81. This provides multimedia
support for desktops such as KDE and GNOME.

KDE Stack

KDE Gear releases happen every quarter, KDE Plasma updates once a month, and
KDE Frameworks have a new release every month as well. These (large) updates
land shortly after their upstream release and are not listed separately.

  • KDE Frameworks reached version 5.110. The KDE Frameworks 5 series is
    winding down, although it will be six months or so before it enters
    long-term support upstream.

  • KDE Plasma Desktop was updated to version 5.27.8. Just like frameworks,
    work on KDE Plasma 5 is winding down upstream in favor of KDE Plasma 6.

  • KDE Gear updated to 23.08.1.

Related Ports

The KDE ecosystem includes a wide range of ports — most maintained by kde@, all
building on a shared base of Qt and KDE Frameworks. The kde@ team updates them
all as needed. This quarter, for instance, tcberner@ and arrowd@ updated or
fixed (much more than) this selection of ports:

  • astro/merkaartor

  • devel/massif-visualizer

  • finance/alkimia

  • irc/quassel

  • net-im/kaidan

  • sysutils/bsdisks

  • sysutils/k3b

Thanks to jhale@, devel/qtcreator was updated to 11.0.3, providing another
featureful integrated development environment for creating Qt and KDE
applications.

Deprecations

Web browsers are huge, and have a considerable security surface. The venerable
www/qt5-webkit WebKit port has been slated for removal and consumers have been
moved to WebEngine. The fork of WebKit that we relied on is no longer actively
maintained.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Pantheon desktop on FreeBSD

Links:
elementary OS URL: https://elementary.io/
Development repository URL: https://codeberg.org/olivierd/
freebsd-ports-elementary

Contact: Olivier Duchateau <duchateau.olivier@gmail.com>

The Pantheon desktop environment is designed for elementary OS. It builds on
GNOME technologies (such as Mutter, GTK 3 and 4) and it is written in Vala. The
goal is to have a complete desktop environment for end users.

13.2-RELEASE or higher is required, because several core components depend on
deskutils/xdg-desktop-portal.

The repository contains a file called elementary.mk for the Mk/Uses framework,
official applications, and curated ports which depend on x11-toolkits/granite7.

I have submitted several patches in order to keep these ports up-to-date:

  • deskutils/iconbrowser

  • multimedia/elementary-videos

  • x11-themes/gnome-icons-elementary

  • editors/elementary-code

The bug reports for updating the following ports are still open on bugzilla:

  • x11-toolkits/granite7: Update to 7.3.0

  • deskutils/elementary-calendar: Update to 7.0.0

  • x11/elementary-terminal: Update to 6.1.2

In the same time, I have also worked on updating the GNOME stack (especially
WebKitGTK, libwnck, Mutter, Vala). I noticed several regressions particularly
with x11/plank (it is related to monitoring open applications).

Three new applications have been added to the development repository:

  • deskutils/atlas, a map viewer

  • deskutils/nimbus, a weather applet

  • audio/leopod, podcasts client

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD Office Team

Links:
The FreeBSD Office project URL: https://wiki.freebsd.org/Office
The FreeBSD Office mailing list URL: https://lists.freebsd.org/subscription/freebsd-office

Contact: FreeBSD Office team ML <office@FreeBSD.org>
Contact: Dima Panov <fluffy@FreeBSD.org>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

The FreeBSD Office team works on a number of office-related software suites and
tools such as OpenOffice and LibreOffice.

Work during this quarter was focused on providing the latest stable release of
LibreOffice suite and companion apps to all FreeBSD users.

During the 2023Q3 period we pushed maintenance patches for the LibreOffice port
and brought the latest, 7.6.2, release and all companion libraries such as
MDDS, libIxion and more to the ports tree. All prerelease development of
LibreOffice ports is carried out in the in LibreOffice WIP repo.

Together with LibreOffice, we also updated Boost to the latest, 1.83 release.
Everyone interested in Boost porting can submit patches to the Boost WIP
repository.

We are looking for people to help with the open tasks:

  • The open bugs list contains all filed issues which need some attention

  • Upstream local patches in ports

Patches, comments and objections are always welcome in the mailing list and
Bugzilla.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Wifibox: Use Linux to Drive your Wireless Card on FreeBSD

Links:
Project GitHub Page URL: https://github.com/pgj/freebsd-wifibox
net/wifibox port URL: https://cgit.freebsd.org/ports/tree/net/wifibox

Contact: PÁLI Gábor János <pali.gabor@gmail.com>

Wifibox is an experimental project for exploring the ways of deploying a
virtualized Linux guest to drive wireless networking cards on the FreeBSD host
system. There have been guides to describe how to set this up manually, and
Wifibox aims to implement those ideas as a single easy-to-use software package.

  • It uses bhyve(8) to run the embedded Linux system. This helps to achieve
    low resource footprint. It requires an x64 CPU with I/O MMU (AMD-Vi, Intel
    VT-d), ~150 MB physical memory, and some disk space available for the guest
    virtual disk image, which can be even ~30 MB only in certain cases. It
    works with FreeBSD 12 and later, some cards may require FreeBSD 13 though.

  • The guest is constructed using Alpine Linux, a security-oriented,
    lightweight distribution based on musl libc and BusyBox, with some custom
    extensions and patches imported from Arch Linux most notably. It is shipped
    with a number of diagnostic tools for better management of the hardware in
    use. The recent version features Linux 6.1, but Linux 6.5 is also available
    as an alternative.

  • Configuration files are shared with the host system. The guest uses
    wpa_supplicant(8) or hostapd(8) (depending on the configuration) so it is
    possible to import the host’s wpa_supplicant.conf(5) or hostapd.conf(5)
    file without any changes.

  • When configured, wpa_supplicant(8) and hostapd(8) control sockets could be
    exposed by the guest, which enables use of related utilities directly from
    the host, such as wpa_cli(8) or wpa_gui(8) from the net/wpa_supplicant_gui
    package, or hostapd_cli(8).

  • Everything is shipped in a single package that can be easily installed and
    removed. This comes with an rc(8) system service that automatically
    launches the guest on boot and stops it on shutdown.

  • It can be configured to forward IPv6 traffic, which is currently an
    experimental option but turned on by default.

Wifibox has been mainly tested with Intel chipsets, and it has shown great
performance and stability. Therefore, it might serve as an interim solution
whilst FreeBSD matures its support for these chipsets.

It was confirmed that Wifibox works with Atheros, Realtek, and Mediatek
chipsets too, and feedback is more than welcome about others. Broadcom chips
(that are often found in MacBook Pros) can also work, but there are known
stability issues.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

GCC on FreeBSD

Links:
GCC Project URL: https://gcc.gnu.org/
GCC 10 release series URL: https://gcc.gnu.org/gcc-10/
GCC 11 release series URL: https://gcc.gnu.org/gcc-11/
GCC 12 release series URL: https://gcc.gnu.org/gcc-12/
GCC 13 release series URL: https://gcc.gnu.org/gcc-13/

Contact: Lorenzo Salvadore <salvadore@FreeBSD.org>

The process to update GCC default version to GCC 13 has started with an exp-run
. Thanks to Antoine Brodin who ran the exp-run and to all other developers and
ports maintainers involved.

The same exp-run contains additional patches as anticipated in last quarterly
status report. In particular, it contains patches to update

  • lang/gcc11 to version 11.4.0;

  • lang/gcc12 to version 12.3.0;

  • lang/gcc13 to version 13.2.0.

The reader might remember that I had planned to update GCC default version to
GCC 13 as soon as 13.1.0 was out, but as it can be noted the GCC developers
were faster to release 13.2.0 than I was working on the GCC ports.

Most of the bugs reported in the exp-run are due to the same error: error:
expected identifier before '__is_convertible'. It seems that the issue is an
incompatibility between FreeBSD 12’s libcxx and GCC 13 headers. Please check
the discussion in the exp-run for more information and to provide your
feedback.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Valgrind: valgrind-devel updated for FreeBSD 15

Links:
Valgrind Home Page URL: https://www.valgrind.org/
Valgrind News URL: https://www.valgrind.org/docs/manual/dist.news.html

Contact: Paul Floyd <pjfloyd@wanadoo.fr>

devel/valgrind-devel is in the process of being updated. This contains most of
what will be in the official release of Valgrind 3.22 due out in October.

memcheck has been enhanced with some more checks. It will now report usage of
realloc with a size of zero. Such usage is not portable and is deprecated (C23
will make it Undefined Behaviour). memcheck now validates the values used for
alignment and sized delete for memalign, posix_memalign, aligned_alloc and all
aligned and sized overloads of operator new and operator delete. Reading DWARF
debuginfo is now done in a lazy manner which can improve performance.

As usual there are numerous small bugfixes.

Specific to FreeBSD there is now support for FreeBSD 15. Two extra _umtx_op
operations are now supported, UMTX_OP_GET_MIN_TIMEOUT and
UMTX_OP_SET_MIN_TIMEOUT. There is a fix for the use of sysctl kern proc
pathname with the guest pid or -1, which previously returned the path of the
Valgrind host. The sysctl will now return the path of the guest. Support for
the close_range system call has been added.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

GitLab 16.3 Available

Link:
Gitlab 16.3 New Features URL: https://about.gitlab.com/releases/2023/08/22/gitlab-16-3-released/

Contact: Matthias Fechner <mfechner@FreeBSD.org>

GitLab is a DevOps platform. It brings velocity with confidence, security
without sacrifice, and visibility into DevOps success.

Version 16.3 is now available on FreeBSD: please check the www/gitlab-ce port.
The upgrade is very important as version 16.3 will be required for all further
upgrades. Upgrade to 16.4 is only possible from GitLab 16.3.

Documentation for installation can be found at https://gitlab.fechner.net/
mfechner/Gitlab-docu/-/blob/master/install/16.3-freebsd.md?ref_type=heads.
Documentation for upgrading is available at https://gitlab.fechner.net/mfechner
/Gitlab-docu/-/blob/master/update/16.1-16.3-freebsd.md?ref_type=heads.

I will wait for the upgrade to 16.4 (which will be released around 20.9. or
22.9., not sure) until ports quarterly branch 2023Q4 is created, to avoid
breaking systems that do not use the main branch (latest). GitLab users should
always choose the main branch, as described in the installation manual.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

PortOptsCLI — Ports Collection Accessibility

Link:
Project repository URL: https://gitlab.com/alfix/portoptscli

Contact: Alfonso Sabato Siciliano <asiciliano@FreeBSD.org>
Contact: FreeBSD Accessibility mailing list <freebsd-accessibility@FreeBSD.org>

FreeBSD provides the Ports Collection to give users and administrators a simple
way to install applications. It is possible to configure a port before the
building and installation. The command make config uses ports-mgmt/dialog4ports
and ports-mgmt/portconfig to set up a port interactively via a text user
interface (TUI).

Unfortunately, screen readers perform poorly with a TUI; it is a well-known
accessibility problem. FreeBSD provides tens of thousands of ports; port
configuration is a key feature, but it is inaccessible to users with vision
impairment.

PortOptsCLI (Port Options CLI) is a new utility for setting port options via a
command line interface. Properly, PortOptsCLI provides commands to navigate
configuration dialogues (checklists and/or radio buttons) and set up their
items interactively. It is also suitable for a speech synthesizer; currently it
is tested with accessibility/orca. PortOptsCLI can be installed via the
ports-mgmt/portoptscli port or package.

Tips and new ideas are welcome. If possible, send reports to the FreeBSD
Accessibility mailing list, to share and to track discussions in a public
place.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Third Party Projects

Many projects build upon FreeBSD or incorporate components of FreeBSD into
their project. As these projects may be of interest to the broader FreeBSD
community, we sometimes include brief updates submitted by these projects in
our quarterly report. The FreeBSD project makes no representation as to the
accuracy or veracity of any claims in these submissions.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Introducing the BSD Cafe project

Links:
BSD Cafe project homepage URL: https://wiki.bsd.cafe/
BSD Cafe Mastodon instance URL: https://mastodon.bsd.cafe/

Contact: Stefano Marinelli <stefano@dragas.it>

We are thrilled to unveil the inaugural component of the BSD Cafe project!

Months ago, when I first registered the bsd.cafe domain, I envisioned a themed
bar where friends, acquaintances, and patrons could gather for casual
conversations about *BSD systems, Linux, and open-source technology. Just like
any bar, our discussions can encompass a wide array of topics, all while
maintaining a spirit of mutual respect.

BSD Cafe is poised to become a hub for a variety of tools and services, all
powered by *BSD.

Our initial offering is a brand-new instance of Mastodon (open-source
microblogging software and service), serving as a gateway to the fediverse — a
federation of services, many of which use the ActivityPub decentralised social
networking protocol. Registration is now open. The server operates under
clearly defined guidelines that promote positive conduct and unequivocally
prohibit any form of hate. Inclusiveness, respect, and constructive dialogue
stand as the cornerstones of this instance.

Our primary server is currently hosted in Finland on a small VM, running on
FreeBSD. Services are partitioned into VNET jails, interconnected within a
local area network through a dedicated bridge. Additionally, we implement a VPN
system and have the flexibility to migrate individual jails to more robust
machines.

For multimedia data and cache hosting, we employ a separate physical server
(also FreeBSD-based, within a jail), fronted by Cloudflare. The goal here is to
cache and geodistribute data, effectively reducing network congestion on the
main VPS.

Our reverse proxy (frontend), mail server, media server, and the instance
itself are all accessible via IPv6.

At its inception, this Mastodon instance was devoid of preloaded content. Our
intention is for it to grow organically, based on the interests and followers
of its users. At this stage, we have refrained from preemptive blocks. We
strongly encourage users to promptly report anything that they believe requires
attention.

We invite you to join us at https://mastodon.bsd.cafe/ in order to cultivate a
community that values constructive interactions and embraces inclusiveness — a
secure and serene space meant for all.

Furthermore, we have established a website at https://wiki.bsd.cafe/, which
will provide an overview of our tools, services, rules, uptime, and more.

Recently, a Miniflux installation has been performed, so the BSD Cafe users can
use it as a personal RSS Feed Reader. More information: https://wiki.bsd.cafe/
miniflux-bsd-cafe.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Containers and FreeBSD: Pot, Potluck and Potman

Links:
Pot organization on GitHub URL: https://github.com/bsdpot

Contact: Luca Pizzamiglio (Pot) <pizzamig@FreeBSD.org>
Contact: Bretton Vine (Potluck) <bv@honeyguide.eu>
Contact: Michael Gmelin (Potman) <grembo@FreeBSD.org>

Pot is a jail management tool that also supports orchestration through Nomad.

During this quarter, Pot 0.15.6 was finished, adding custom pf(4) rule
configuration hooks.

Additionally, Nomad Pot Driver 0.9.1 that allows setting Pot attributes in
Nomad job descriptions was released.

Potluck aims to be to FreeBSD and Pot what Dockerhub is to Linux and Docker: a
repository of Pot flavours and complete container images for usage with Pot and
in many cases Nomad.

Quite a few new container images were made available, e.g. a Caddy S3 proxy, a
Mastodon instance, and a Redis container. In total there are now 50 containers
available that can either be downloaded as ready-made images at the Potluck
image registry, if you trust our build process, or that you can build yourself
from the Pot flavour files stored in the Potluck GitHub repository.

The July/August 2023 edition of the FreeBSD Journal contains Luca’s Jail
Orchestration with pot and nomad article, explaining how to use Pot and Potluck
together with Nomad to orchestrate containers on multiple hosts.

Last but not least, a patch (90b1184d93c8) added build cluster support to the
devel/sccache port.

As always, feedback and patches are welcome.

Sponsors: Nikulipe UAB, Honeyguide Group