FreeBSD Quarterly Status Report - Fourth Quarter 2020
Daniel Ebdrup Jensen
debdrup at FreeBSD.org
Sat Jan 16 15:15:45 UTC 2021
FreeBSD Project Quarterly Status Report - Fourth Quarter 2020
Introduction
This report covers FreeBSD related projects for the period
between October and December, and is the fourth of four planned
reports for 2020.
This quarter had quite a lot of work done, including but
certainly not limited to, in areas relating to everything from
multiple architectures such as x86, aarch64, riscv, and ppc64
for both base and ports, over kernel changes such as vectored
aio, routing lookups and multipathing, an alternative random(4)
implementation, zstd integration for kernel dumps, log
compression, zfs and preparations for pkg(8), along with wifi
changes, changes to the toolchain like the new elfctl utility,
and all the way to big changes like the git migration and
moving the documentation from DocBook to Hugo/AsciiDoctor, as
well as many other things too numerous to mention in an
introduction.
This report with 42 entries, which don't hold the answer to
life, the universe and everything, couldn't have happened
without all the people doing the work also writing an entry for
the report, so the quarterly team would like to thank them, as
otherwise, we wouldn't have anything to do.
Please note that the deadline for submissions covering the
period between January and March is March 31st.
We hope you'll enjoy reading as much as we enjoyed compiling
it. Daniel Ebdrup Jensen, on behalf of the quarterly team.
__________________________________________________________
FreeBSD Team Reports
* FreeBSD Foundation
* FreeBSD Release Engineering Team
* Cluster Administration Team
* Continuous Integration
* Ports Collection
* Office Hours
Projects
* GPL in Base
* Git Migration Working Group
* Linux compatibility layer update
* LLDB Debugger Improvements
* Upstreaming NetApp Changes
* NFS over TLS implementation
* OpenBSM Synchronisation
* Tool Chain
Kernel
* ENA FreeBSD Driver Update
* Intel wireless update
* Fenestras X random(4)
* pf performance improvement
* IP Routing lookup improvements
* Scalable routing multipath support
* Thunderbolt3/USB4 stack
* Vectored AIO
* ZSTD Compression in ZFS
Architectures
* arm64 platform updatesq
* FreeBSD/RISC-V Project
Userland Programs
* Dual-stack ping command
Ports
* KDE on FreeBSD
* FreeBSD Office team
* Ports On Non-x86 Architectures
* Python 2.7 removal from Ports
* Xfce on FreeBSD
Documentation
* FreeBSD Translations on Weblate
* DOCNG on FreeBSD
Miscellaneous
* Prometheus NFS Exporter
Third-Party Projects
* FreeBSD Aarch64 under VMWare ESXi-ARM Fling
* Bastille
* CheriBSD
* Embedded Lab Project
* helloSystem
* K8S-bhyve
* Puppet
__________________________________________________________
FreeBSD Team Reports
Entries from the various official and semi-official teams, as
found in the Administration Page.
FreeBSD Foundation
Contact: Deb Goodkin <deb at FreeBSDFoundation.org>
The FreeBSD Foundation is a 501(c)(3) non-profit organization
dedicated to supporting and promoting the FreeBSD Project and
community worldwide. Funding comes from individual and
corporate donations and is used to fund and manage software
development projects, conferences and developer summits, and
provide travel grants to FreeBSD contributors. The Foundation
purchases and supports hardware to improve and maintain FreeBSD
infrastructure and provides resources to improve security,
quality assurance, and release engineering efforts; publishes
marketing material to promote, educate, and advocate for the
FreeBSD Project; facilitates collaboration between commercial
vendors and FreeBSD developers; and finally, represents the
FreeBSD Project in executing contracts, license agreements, and
other legal arrangements that require a recognized legal
entity.
Here are some highlights of what we did to help FreeBSD last
quarter:
COVID-19 Impact to the Foundation
Like most organizations, we transitioned all of our staff to
work from home. We also put a temporary ban on travel for staff
members, which didn't affect our output too much, since most
conferences went virtual. We continued supporting the community
and Project, even though some of our work and responses may
have been delayed because of changes in some of our priorities
and the impact of limited childcare for a few of our staff
members.
Partnerships and Commercial User Support
We help facilitate collaboration between commercial users and
FreeBSD developers. We also meet with companies to discuss
their needs and bring that information back to the Project. Not
surprisingly, the stay at home orders, combined with our
company ban on travel during Q4 made in-person meetings
non-existent. However, the team was able to continue meeting
with our partners and commercial users virtually. These
meetings help us understand some of the applications where
FreeBSD is used.
An event we help plan and organize, that helps with
vendor/developer engagement, is the annual Bay Area Vendor
Summit. We weren't going to let a pandemic stop us from holding
this invaluable yearly event, so we went virtual! From the
feedback we received from the vendor community on how we should
run this, so it would be beneficial for them, we decided to
hold this over 3 half days in November. One unexpected result
was that more commercial users from around the world attended.
Since a Vendor/Developer Summit is typically invitation only,
we opened this up to FreeBSD contributors from around the world
to watch the livestream. Because of the success and excitement
of this event, we are planning to hold another one around June
or July.
Fundraising Efforts
We want to take a moment to say thank you to all the
individuals and corporations that stepped up to help fund our
efforts last year. As of this writing, we raised $1,235,926,
and will have the final tally by mid-January. The companies
that gave generous financial contributions include Arm, NetApp,
Netflix, Juniper Networks, Beckhoff, VMware, Stormshield,
Tarsnap, and Google. We also want to say thank you to the Koum
Family Foundation for awarding us a large grant, and to "the
employees of Ngnix" who also made generous financial
contributions.
We truly appreciate these large contributions, which makes the
most impact on how much we can contribute back to the Project.
However, it's the individual donations that have the most
meaning to us. Those are the folks who are giving because they
trust we will invest their personal donations, whether large or
small, into improving the operating system and Project. As
stewards of your donations, we want to thank you for your trust
in us and your commitment to making FreeBSD the best platform
for products, education, research, computing, and more.
You'll find out how we used your donations for Q4 in our
report, as well as in individual reports throughout this status
report.
Though we know this is a Q4 status report, we are excited about
our plans for 2021, including growing our software development
team! We'll be posting two job descriptions for a Senior
Software Developer and Project Coordinator soon.
Please consider making a donation to help us continue and
increase our support for FreeBSD in 2021:
https://www.FreeBSDfoundation.org/donate/.
We also have the Partnership Program, to provide more benefits
for our larger commercial donors. Find out more information at
https://www.FreeBSDfoundation.org/FreeBSD-foundation-partnership-program/
and share with your companies!
OS Improvements
The Foundation provided many project grants over the last
quarter, and you can read about OpenZFS Zstd support,
Linuxulator application compatibility improvements, LLDB target
support, test lab infrastructure, and WiFi projects in other
entries in this quarterly report.
The Foundation hired six co-op students from the University of
Waterloo during the 2020 fall term, as well as one intern.
Former co-op student Tiger returned, and new students Yang and
Zac joined us for the first time.
Tiger worked on improvements to the code-coverage guided kernel
fuzzing tool Syzkaller, adding new system call definitions so
that Syzkaller can expand the code it tests. A number of
FreeBSD kernel bug fixes have already resulted from this work.
Tiger also contributed a number of improvements to the ELF Tool
Chain set of binary utilities, and worked on tooling to run
tests from other tool suites against ELF Tool Chain.
Zac worked on an improvement to the pkg package management
tool, investigating and upstreaming patches for FreeBSD support
in FreePBX, and investigating compiler support for addressing
the stack clash vulnerability.
Yang investigated and fixed a compilation bug with the kernel's
Skein-1024 assembly implementation (used by ZFS), and then a
number of projects related to Capsicum: applying Capsicum to
sort(1), implementing a Capsicum service to execute utilities,
and finally working with developers of the Game of Trees (got)
version control system to adapt it for Capsicum support.
Our intern Ka Ho focused on improving the desktop experience of
the FreeBSD. He fixed and improved many items of OBS (Open
Broadcaster Software) on FreeBSD, worked on FreeBSD native
audio support on Firefox, adding a facility that user-space
audio programs could make use of to enumerate a list of audio
devices. He also ported the fcitx5 input method framework.
The five Foundation staff members continued contributions in
2020 in both ongoing operational tasks (including the Git
working group and security team) and software development for a
number of projects.
Staff members responded to reported security vulnerabilities
and release errata, prepared patches, and participated in the
security advisory process. We also worked on proactive security
vulnerability mitigations. Syzkaller also provided many reports
of kernel issues that resulted in Foundation-sponsored bug
fixes. We worked on several issues relating to FreeBSD/arm64 to
move it along the path of being a Tier-1 architecture.
We participated in code reviews and supported community members
in integrating changes into FreeBSD, and triaged incoming bug
reports.
We contributed enhancements to many kernel and userland
subsystems, including the x86 pmap layer, ELF run-time linker
and kernel loader, the Capsicum sandboxing framework and Casper
services, the threading library, some RISC-V changes, the build
system, tool chain and freebsd-update, network stack stability
improvements, machine-dependent optimizations, new kernel
interfaces, DTrace bug fixes, documentation improvements, and
others.
### Continuous Integration and Quality Assurance
The Foundation provides a full-time staff member and funds
projects on improving continuous integration, automated
testing, and overall quality assurance efforts for the FreeBSD
Project.
During the fourth quarter of 2020, Foundation staff continued
improving and monitoring the Project's CI infrastructure, and
working with experts to fix the failing builds and the
regressions found by tests. The work was focused on pre-commit
tests and development of the CI staging environment. The other
main working item is working on the VCS migration to change the
src and doc source from Subversion to Git. There are also many
work-in-progress tasks like analysis and improve the tests of
non-x86 platforms.
See the FreeBSD CI section of this report for completed work
items and detailed information.
Supporting FreeBSD Infrastructure
The Foundation provides hardware and support to improve the
FreeBSD infrastructure. Last quarter, we continued supporting
FreeBSD hardware located around the world. We coordinated
efforts between the new NYI Chicago facility and clusteradm to
start working on getting the facility prepared for some of the
new FreeBSD hardware we are planning on purchasing. NYI
generously provides this for free to the Project. We also
worked on connecting with the new owners of the NYI Bridgewater
site, where most of the existing FreeBSD infrastructure is
located.
Some of the purchases we made for the Project last quarter to
support infrastructure includes:
* 5 application servers to run tasks like bugzilla, wiki,
website, cgi, Phabricator, host git, etc.
* 1 server to replace the old pkg server, which will provide
a lot more IOPS to avoid the slowdowns seen during peak
times of the day where the disks simply cannot keep up with
the request volume.
* 1 server for exp-runs and to make them faster.
* 1 server to build packages more frequently.
FreeBSD Advocacy and Education
A large part of our efforts are dedicated to advocating for the
Project. This includes promoting work being done by others with
FreeBSD; producing advocacy literature to teach people about
FreeBSD and help make the path to starting using FreeBSD or
contributing to the Project easier; and attending and getting
other FreeBSD contributors to volunteer to run FreeBSD events,
staff FreeBSD tables, and give FreeBSD presentations.
The FreeBSD Foundation sponsors many conferences, events, and
summits around the globe. These events can be BSD-related, open
source, or technology events geared towards underrepresented
groups. We support the FreeBSD-focused events to help provide a
venue for sharing knowledge, to work together on projects, and
to facilitate collaboration between developers and commercial
users. This all helps provide a healthy ecosystem. We support
the non-FreeBSD events to promote and raise awareness of
FreeBSD, to increase the use of FreeBSD in different
applications, and to recruit more contributors to the Project.
While we were still unable to attend in-person meetings due to
COVID-19, we were able to attend virtual events at new venues
and facilitate the first online FreeBSD Vendor Summit. In
addition to attending and planning virtual events, we are
continually working on new training initiatives and updating
our selection of how-to guides to facilitate getting more folks
to try out FreeBSD.
Check out some of the advocacy and education work we did last
quarter:
* Continued our FreeBSD Fridays series of 101 classes. Topics
included an Introduction to Capsicum, Introduction to
Bhyve, Introduction to DTrace, and more. Videos of the past
sessions can be found here. We'll be back with new sessions
in early 2021.
* Gave a FreeBSD talk at the nerdear.la conference on October
20th.
* Participated in the podcast: What the Dev: A Dive into the
FreeBSD Foundation on its 20th Anniversary
* Promoted the Foundation's 20th Anniversary in the FossBytes
article: 20 Years of The FreeBSD Foundation
* Continued to promote the FreeBSD Office Hours series.
Videos from the one hour sessions can be found on the
Project's YouTube Channel. See the Office Hours section of
this report for more information.
* Added two new How-To Guides: Contributing FreeBSD
Documentation and How to Submit a Bug Report.
* Worked with the organizing committee to host the November
2020 Vendor Summit
* Promoted the use of FreeBSD in regards to CHERI and ARM's
Morello Processor
* Authored a Beginners Guide to FreeBSD for Fosslife.
* Sponsored All Things Open as a Media Sponsor.
* Sponsored OpenZFS Developers Summit at the Bronze level.
* Applied for a virtual stand at FOSDEM 2021.
* Committed to attend the online Apricot 2021.
Keep up to date with our latest work in our newsletters:
https://www.freebsdfoundation.org/news-and-events/newsletter/
Netflix provided an update on how and why they use FreeBSD in
our latest Contributor Case Study.
We help educate the world about FreeBSD by publishing the
professionally produced FreeBSD Journal. As we mentioned
previously, the FreeBSD Journal is now a free publication. Find
out more and access the latest issues at
https://www.FreeBSDfoundation.org/journal/.
You can find out more about events we attended and upcoming
events at https://www.FreeBSDfoundation.org/news-and-events/.
Legal/FreeBSD IP
The Foundation owns the FreeBSD trademarks, and it is our
responsibility to protect them. We also provide legal support
for the core team to investigate questions that arise.
Go to http://www.FreeBSDfoundation.org to find out how we
support FreeBSD and how we can help you!
__________________________________________________________
FreeBSD Release Engineering Team
Links
FreeBSD 12.2-RELEASE schedule
URL: https://www.freebsd.org/releases/12.2R/schedule.html
FreeBSD 13.0-RELEASE schedule
URL: https://www.freebsd.org/releases/13.0R/schedule.html
FreeBSD development snapshots
URL: https://download.freebsd.org/ftp/snapshots/ISO-IMAGES/
Contact: FreeBSD Release Engineering Team <re at FreeBSD.org>
The FreeBSD Release Engineering Team is responsible for setting
and publishing release schedules for official project releases
of FreeBSD, announcing code freezes and maintaining the
respective branches, among other things.
During the fourth quarter of 2020, the Release Engineering Team
completed work on 12.2-RELEASE, the third release from the
stable/12 branch, released on October 27. Thank you to all
involved for the hard work that went into this release.
Additionally throughout the quarter, several development
snapshots builds were released for the head, stable/12, and
stable/11 branches. Development snapshot builds for
13.0-CURRENT have recently been built from the Git tree within
the project, while further snapshot builds for 12.x and 11.x
will continue to be built from Subversion. As we approach the
end of 2020, continued preparations are being put in place for
the upcoming 13.0 release, which will be the first release from
Git.
Much of this work was sponsored by Rubicon Communications, LLC
(netgate.com) and the FreeBSD Foundation.
__________________________________________________________
Cluster Administration Team
Links
Cluster Administration Team members
URL: https://www.freebsd.org/administration.html#t-clusteradm
Contact: Cluster Administration Team <clusteradm at FreeBSD.org>
The FreeBSD Cluster Administration Team consists of the people
responsible for administering the machines that the Project
relies on for its distributed work and communications to be
synchronised. In this quarter, the team has worked on the
following:
* Finished setting up the Malaysia mirror site, generously
hosted by the Malaysian Research & Education Network.
Traffic from Oceania and parts of Asia is now going to this
mirror instead of farther away sites like Japan and
California.
* Upgraded the package building machines to a version of head
from mid-October 2020.
* Upgraded developer machines in the cluster (freefall, ref\*
and universe\*) to a version of head from mid-October 2020.
* Installed eight new x86 servers in our New Jersey site:
five application servers, two package builders and one
mirror server.
+ The new mirror server is in production
(pkg0.nyi.freebsd.org).
+ The two package builders are in production.
+ Two of the application servers have been put into
production as the Git source of truth and the cgit web
frontend, respectively.
* Installed two new aarch64 servers in our New Jersey site.
Both are now building aarch64 packages.
* Fixed package mirror synchronisation for powerpc64
packages.
* Rebuilt the ZFS pool on the UK mirror server
(pkg0.bme.freebsd.org) for better I/O parallelism. This
should improve download performance especially at peak
times.
* Ongoing systems administration work:
+ Accounts management for committers.
+ Backups of critical infrastructure.
+ Keeping up with security updates in 3rd party
software.
Work in progress:
* Hardware refreshing for web services, backup version
control system in NYI
* Upgrading production machines in the FreeBSD cluster to
12.2
+ Most machines have been upgraded as of mid-December
2020
+ Remaining machines will be decommissioned / repurposed
after services migrate to newer hardware
* Supporting Git migration and infrastructure setup
* powerpc pkgbuilder/ref/universal machines
* Preparations for a new mirror site in Australia, to be
hosted by IX Australia.
* Setup Brazil (BRA) mirror.
* Review the service jails and service administrators
operation.
* Searching for more providers that can fit the requirements
for a generic mirrored layout or a tiny mirror.
__________________________________________________________
Continuous Integration
Links
FreeBSD Jenkins Instance
URL: https://ci.FreeBSD.org
FreeBSD Hardware Testing Lab
URL: https://ci.FreeBSD.org/hwlab
FreeBSD CI artifact archive
URL: https://artifact.ci.FreeBSD.org
FreeBSD CI weekly report
URL: https://hackmd.io/@FreeBSD-CI
FreeBSD Jenkins wiki
URL: https://wiki.freebsd.org/Jenkins
Hosted CI wiki
URL: https://wiki.freebsd.org/HostedCI
3rd Party Software CI
URL: https://wiki.freebsd.org/3rdPartySoftwareCI
Tickets related to freebsd-testing@
URL: https://preview.tinyurl.com/y9maauwg
FreeBSD CI Repository
URL: https://github.com/freebsd/freebsd-ci
Contact: Jenkins Admin <jenkins-admin at FreeBSD.org>
Contact: Li-Wen Hsu <lwhsu at FreeBSD.org>
Contact: freebsd-testing Mailing List
Contact: IRC #freebsd-ci channel on EFNet
The FreeBSD CI team maintains the continuous integration system
of the FreeBSD project. The CI system firstly checks the
committed changes can be successfully built, then performs
various tests and analysis over the newly built results. The
artifacts from those builds are archived in the artifact server
for further testing and debugging needs. The CI team members
examine the failing builds and unstable tests and work with the
experts in that area to fix the code or adjust test
infrastructure. The details of these efforts are available in
the weekly CI reports.
During the fourth quarter of 2020, we continued working with
the contributors and developers in the project to fulfil their
testing needs and also keep collaborating with external
projects and companies to improve their products and FreeBSD.
Important changes:
* doc jobs were changed to use git to follow VCS migration:
+ https://ci.freebsd.org/job/FreeBSD-doc-main/
+ https://ci.freebsd.org/job/FreeBSD-doc-main-igor/
Thanks Brandon Bergren (bdragon@)
* head and stable/12 build environment have been upgraded to
12.2-RELEASE
New jobs added:
* LINT kernel of head on riscv64
Work in progress:
* Follow VCS migration, change src jobs to use Git - PRs are
available Thanks Brandon Bergren (bdragon@)
* Collecting and sorting CI tasks and ideas here
* Testing and merging pull requests in the the FreeBSD-ci
repo
* Designing and implementing pre-commit CI building and
testing
* Reducing the procedures of CI/test environment setting up
for contributors and developers
* Setting up the CI stage environment and putting the
experimental jobs on it
* Setting up public network access for the VM guest running
tests
* Implementing automatic tests on bare metal hardware
* Adding drm ports building tests against -CURRENT
* Planning to run ztest and network stack tests
* Adding more external toolchain related jobs
* Improving the hardware lab to be more mature and adding
more hardware
* Helping more software get FreeBSD support in their CI
pipeline Wiki pages: 3rdPartySoftwareCI, HostedCI
* Working with hosted CI providers to have better FreeBSD
support
* The build and test results will be sent to the dev-ci
mailing list soon. Feedback and help with analysis is very
appreciated!
Please see freebsd-testing@ related tickets for more WIP
information, and don't hesitate to join the effort!
Sponsor: The FreeBSD Foundation
__________________________________________________________
Ports Collection
Links
About FreeBSD Ports
URL: https://www.FreeBSD.org/ports/
Contributing to Ports
URL: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/ports-contributing.html
FreeBSD Ports Monitoring
URL: http://portsmon.freebsd.org/index.html
Ports Management Team
URL: https://www.freebsd.org/portmgr/index.html
Ports Tarball
URL: http://ftp.freebsd.org/pub/FreeBSD/ports/ports/
Contact: René Ladan <portmgr-secretary at FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr at FreeBSD.org>
The Ports Management Team is responsible for overseeing the
overall direction of the Ports Tree, building packages, and
personnel matters. Below is what happened in the last quarter.
For the last quarter the dashboard looks like:
* 41500 ports (including flavors)
* 2516 open PRs of which 625 are unassigned
* 8715 commits to the HEAD branch by 164 committers
* 420 commits to the 2020Q4 branch by 59 committers
Compared to the third quarter, the PR statistics mostly stayed
the same. There
were slightly fewer commits by the same number of people. The
number of ports again grew steadily, this time by almost 4
percent.
During the last quarter, we welcomed Juray Lutter (otis@) as a
new ports committer and said goodbye to cpm, jadawin, knu,
araujo, mmokhi and scottl.
Traditionally merges to the quarterly ports branches, which are
more conservative versions of the HEAD tree, required approval
of either the Ports Security Team (ports-secteam@) or portgmr at .
There were already a number of blanket approvals for tested
commits, ranging from fixing typing mistakes to upgrading web
browsers to their latest version. As of last December, all
ports committers are free to merge on their own, lessening the
burden on ports-secteam at .
Patent limitations have been disconnected from the license
framework, given that patents are a complex topic with
implications varying from one jurisdiction to another.
The last quarter saw a number of updates to default versions of
ports:
* librsvg2: "rust" on supported platforms, "legacy" otherwise
* Mono: 5.10
* FPC switched to 3.2.0
* GCC switched to 10 for powerpc64le
* Lazarus switched to 2.0.10
* Ruby switched to 2.7.X
* Samba switched to 4.12
During the last quarter, a new virtual category was added:
"education" for ports
that for instance help the user to learn about a certain topic
or help facilitating examinations.
The @shell and @sample keywords have been rewritten in Lua
which makes root-dir compliant (see pkg -r) and ensures they
are Capsicum-sandboxed.
The last quarter also saw updates to several user-facing ports:
* Firefox 84.0.1
* Firefox-esr 78.6.0
* Chromium 87.0.4280.88
* Ruby 2.7.2
* Qt5 5.15.2
* XFce 4.16
As always, antoine@ was busy running exp-runs, 37 this quarter,
testing:
* various ports upgrades
* changing sys/cdefs.h in base
* adding "set pipefail" to most framework scripts to catch
errors earlier
* changing the default locale to C.UTF-8 in base
* using bsdgrep as /usr/bin/grep
__________________________________________________________
Office Hours
Contact: Allan Jude <allanjude at freebsd.org>
Contact: Ed Maste <emaste at freebsd.org>
During the final quarter of 2020 three office hours sessions
were held.
The first was hosted by the core team in a time slot conducive
to Asia and Australia, covering topics including the transition
to git, recruiting for project teams, and core's todo list.
The second was hosted by the git transition team, and answered
attendee questions about the transition to git and how it would
impact the project's workflows.
The third session was hosted by bhyve maintainers Peter Grehan
and John Baldwin to present recent development efforts and
answer questions about bhyve.
The project is looking for volunteers to host future office
hours sessions, as well as taking topic suggestions. We also
hope to improve the system to allow people to submit questions
ahead of time, so that we can take maximum advantage of subject
matter experts when we have them for these calls.
You can find the schedule for future office hours, and videos
of past office hours on the FreeBSD Wiki
Sponsor: ScaleEngine Inc.
__________________________________________________________
Projects
Projects that span multiple categories, from the kernel and
userspace to the Ports Collection or external projects.
GPL in Base
Links
GPL Software in the Base System
URL: https://wiki.freebsd.org/GPLinBase
Contact: Ed Maste <emaste at FreeBSD.org>
Contact: Kyle Evans <kevans at FreeBSD.org>
Contact: Baptiste Daroussin <bapt at FreeBSD.org>
A long-standing goal of the FreeBSD project is for the base
system to migrate to modern, copyfree or more permissively
licensed components. In this quarter, the following components
have been successfully removed or replaced:
* gdb (removed in favor of lldb in base or devel/gdb in
ports)
* gnugrep (replaced with bsdgrep)
* libgnuregex (removed)
The following component(s) have yet to be claimed. Some
replacement prospects
may be listed on the above-linked wiki page. Interested parties
are welcome to evaluate the options to restart the discussion:
* dialog
* gcov (kernel)
The following component(s) have a principal investigator to
coordinate work.
Note that partial completion likely means that a component is
partially compatible, but could use evaluation and patches to
bring parity with the component that it is replacing.
* diff3 (Contact bapt@ if interested)
__________________________________________________________
Git Migration Working Group
Links
src (base system) git repo
URL: https://cgit.FreeBSD.org/src
doc git repo
URL: https://cgit.FreeBSD.org/doc
Beta ports git repo
URL: https://cgit-dev.FreeBSD.org/ports
Warner's git documentation repo
URL: https://github.com/bsdimp/freebsd-git-docs
FreeBSD-git mailing list
URL: https://lists.freebsd.org/mailman/listinfo/freebsd-git
Git conversion tooling repo
URL: https://github.com/freebsd/git_conv
Game of Trees
URL: http://gameoftrees.org/
gitup
URL: https://github.com/johnmehr/gitup
Contact: Li-Wen Hsu <lwhsu at FreeBSD.org>
Contact: Warner Losh <imp at FreeBSD.org>
Contact: Ed Maste <emaste at FreeBSD.org>
Contact: Ulrich Spörlein <uqs at FreeBSD.org>
The Git working group largely completed the migration of the
doc and src (base system) trees from Subversion to Git in
December 2020. We are currently working on some minor
outstanding issues and preparing for the ports tree migration.
We set up new hosts to serve as the Git repositories and
mirrors, and developed commit hooks for restrictions on commits
to various branches, generation of commit mail, and similar
needs.
The doc tree migration occurred on December 8th and 9th. After
the conversion some minor changes to the documentation build
infrastructure were necessary.
The src tree migration occurred between December 20th and 23rd
for the main branch; some additional tasks occurred over the
next week or so. These included enabling the stable branches,
vendor (contrib) code updates, and the git->svn gateway. We are
translating stable branch commits to Subversion for the
stable/11 and stable/12 branches and associated release
branches. This allows FreeBSD users who follow stable branches
or releases to continue using existing processes and tooling.
An experimental Git conversion of the ports tree is available
at the link above. There are some unique challenges in the
ports tree (that do not impact the doc or src repos in the same
way), so additional work is ongoing. The window for migrating
the ports tree is immediately prior to a quarterly branch, so
we anticipate a migration at the end of March 2021. Over the
next few months testing of the experimental ports repo is very
welcome.
Process documentation for developer and user interaction with
FreeBSD's repositories is currently available in Warner's
GitHub repository at the link above. It will be moved to the
FreeBSD developer's handbook and/or other suitable locations
following the documentation project's asciidoc conversion.
The working group is experimenting with two
permissively-licensed tools that are compatible with Git
servers or repositories. Game of Trees is a version control
system that is compatible with Git repositories. It is being
developed by Stefan Sperling along with some OpenBSD developers
and other contributions.
John Mehr's gitup is a minimal, dependency-free program that
clones and synchronizes a local tree with a remote repository.
It is intended for use cases that would otherwise be served by
tools like portsnap.
Sponsor: The FreeBSD Foundation (in part)
__________________________________________________________
Linux compatibility layer update
Contact: Edward Tomasz Napierala <trasz at FreeBSD.org>
Linuxulator improvements have been ongoing for the last two
years, with support from the FreeBSD foundation over a few
distinct project grants as well as contributions from the
community. The goal of this project is to improve FreeBSD's
ability to execute unmodified Linux binaries. Current status is
being tracked at Linux app status Wiki page. The work has now
shifted from command-line apps to desktop applications.
There wasn't much Foundation-sponsored work done during this
quarter, apart from extending fuse(4) to make it possible to
run Linux FUSE servers, which is one of the things required to
run AppImages. The Foundation-sponsored effort will continue
into the first quarter of 2021 in order to make sure the
13.0-RELEASE ships with Linuxulator in a good shape.
There was a very significant contribution from Conrad Meyer in
the form of SO_PASSCRED setsockopt(2) support, PR_SETDUMPABLE
and PR_GETDUMPABLE prctl(2) flags, and also CLONE_FS and
CLONE_FILES handling. This, along with some more cleanups and
improvements, leads to working Linux Chromium; it has been
tested with Netflix and Spotify clients. It still requires
three flags (--no-sandbox --no-zygote --in-process-gpu) to be
passed on the command line to work around missing
functionality, though. Also, the name_to_handle_at(2) and
open_by_handle_at(2) syscalls are now supported. There are also
much better debug messages for unrecognized socket options.
Sponsor: The FreeBSD Foundation
__________________________________________________________
LLDB Debugger Improvements
Links
Moritz Systems Project Description
URL: https://www.moritz.systems/blog/lldb-debugger-improvements-for-freebsd/
FreeBSD Foundation Blog
URL: https://freebsdfoundation.org/blog/guest-blog-foundation-sponsors-freebsd-lldb-improvements/
Git Repository
URL: https://github.com/moritz-systems/llvm-project
Contact: Kamil Rytarowski <kamil at moritz.systems>
Contact: Michal/ Górny <mgorny at moritz.systems>
The LLDB project builds on libraries provided by LLVM and Clang
to provide a great modern debugger. It uses the Clang ASTs and
the expression parser, LLVM JIT, LLVM disassembler, etc so that
it provides an experience that "just works". It is also blazing
fast and more permissively licensed than GDB, the GNU Debugger.
LLDB is the default debugger in Xcode on macOS and supports
debugging C, Objective-C, and C++ on the desktop and iOS
devices and the simulator.
FreeBSD includes LLDB in the base system. At present, it has
some limitations in comparison with the GNU GDB debugger, and
does not yet provide a complete replacement. It used to rely on
an obsolete plugin model in LLDB that was a growing technical
debt. This project aimed to bring LLDB closer to a fully
featured replacement for GDB, and therefore for FreeBSD to
feature a modern debugger for software developers.
The legacy monolithic target support executed the application
being debugged in the same process space as the debugger. The
modern LLDB plugin approach, used on other supported targets,
executes the target process under a separate lldb-server
process. This improves reliability and simplifies the process /
thread model in LLDB itself. In addition, remote and local
debugging is now performed using the same approach.
After the migration to the new process model on 32 and 64-bit
x86 CPUs, the project focused on reviewing the results of
LLDB's test suite and fixing tests as time permits.
During the Moritz Systems work, the FreeBSD Project gained
numerous important improvements: in the kernel, userland base
libraries (the dynamic loader) and the LLVM toolchain FreeBSD
support.
The introduced changes are expected to be shipped with LLDB
12.0, and where applicable in FreeBSD 13.0.
The overall experience of FreeBSD/LLDB developers and advanced
users on this rock solid Operating System reached the state
known from other environments. Furthermore, the FreeBSD-focused
work also resulted in generic improvements, enhancing the LLDB
support for Linux and NetBSD.
Sponsor: The FreeBSD Foundation
__________________________________________________________
Upstreaming NetApp Changes
Links
Klara Inc.
URL: https://klarasystems.com/freebsd-development/
Contact: Alexander Sideropoulos
<Alexander.Sideropoulos at netapp.com>
Contact: Allan Jude <allan at klarasystems.com>
NetApp has started an effort to upstream bug fixes and other
improvements from the ONTAP code line into FreeBSD. These
changes benefit the FreeBSD community by providing many fixes
that NetApp has made over the past few years, while allowing
NetApp to reduce the number of customizations needed when
bringing in the latest FreeBSD changes back into the ONTAP
tree.
NetApp has partnered with Klara to facilitate this project, to
help identify interesting and useful changes to send upstream,
to rework and generalize those changes as required to make them
suitable for upstreaming, and to shepherd them through the
FreeBSD code review process.
During the fourth quarter, Klara has made 40 upstream fixes in
the FreeBSD kernel in various subsystems including geom, dev,
amd64, net, kern, netinet, and several other areas of the tree
on behalf of NetApp.
NetApp intends to continue to sponsor this effort throughout
2021.
Sponsor: NetApp
__________________________________________________________
NFS over TLS implementation
Contact: Rick Macklem <rmacklem at freebsd.org>
In an effort to improve NFS security, an Internet Draft titled
"Towards Remote Procedure Call Encryption By Default" specifies
use of TLS 1.3 to encrypt all data traffic on a Sun RPC
connection used for NFS.
Although NFS has been able to use sec=krb5p to encrypt data on
the wire, this requires a Kerberos environment and, as such,
has not been widely adopted. It also required that
encryption/decryption be done in software, since only the RPC
message NFS arguments are encrypted. Since Kernel TLS is
capable of using hardware assist to improve performance and
does not require Kerberos, NFS over TLS may be more widely
adopted, once implementations are available.
The coding for this project has now been completed. All
required changes to the NFS and kernel RPC code have been
committed to the head/current kernel and will be in FreeBSD13.
The daemons can now be built from a port that depends upon the
security/openssl-devel port of Openssl3 that includes patches
for support of ktls. The port for the daemons is called
sysutils/nfs-over-tls and should be committed to the ports
framework soon. In the meantime, the port can easily be
fetched, as described in
https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt.
To support clients such as laptops, the daemons that perform
the TLS handshake may optionally handle client X.509
certificates from a site local CA. There are now exports(5)
options to require client(s) to provide a valid X.509
certificate. The case where a "user" name is stored in the
certificate and is used to map all RPC credentials to that user
is probably in violation of the Internet Draft. This is only
enabled when the "-u" command line option is provided to
rpc.tlsservd(8).
The code is now available for testing. See:
https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt
Setting up system(s) for testing still requires building a
custom kernel with "options KERN_TLS" from recent
head/FreeBSD13 sources plus installing the port for the
daemons, as explained by the above document.
The main limitation in the current implementation is that it
uses TLS1.2 and not TLS1.3, as required by the Internet Draft.
This should change once the KERN_TLS rx patch includes TLS1.3
support.
Third party testing would be appreciated.
__________________________________________________________
OpenBSM Synchronisation
Links
TrustedBSD / OpenBSM
URL: http://www.trustedbsd.org/openbsm.html
OpenBSM Github Sources
URL: https://github.com/openbsm/openbsm
Synchronisation with macOS Catalina
URL: https://github.com/openbsm/openbsm/commit/54a0c07cf8bac71554130e8f6760ca68e5f36c7f
Apple OpenSource
URL: https://opensource.apple.com
Contact: Gordon Bergling <gbe at FreeBSD.org>
OpenBSM is a crucial part of FreeBSD, which provides auditing
features for the operating system. OpenBSM is incorporated into
FreeBSD and macOS. Both Apple and FreeBSD have currently made
changes to the OpenBSM framework, which weren't upstreamed.
This small project aims to consolidate these changes and
upstream them to the OpenBSM github repository, so that both
development efforts can be merged to FreeBSD later on. The
tricky part of this project is the manual comparison, since
Apple doesn't provide any changelogs.
I am currently working on on the macOS Catalina sources and
hopefully Apple will release the sources of macOS Big Sur in
time for FreeBSD 13.
__________________________________________________________
Tool Chain
Links
ELF Tool Chain homepage
URL: https://sourceforge.net/p/elftoolchain
Contact: Dimitry Andric <dim at FreeBSD.org>
Contact: Ed Maste <emaste at FreeBSD.org>
In October Clang/LLVM was updated to 11.0.0, followed by a
number of bug fixes from upstream, including improvements for a
number of Tier-2 architectures. We also enabled the
-fstack-clash-protection flag to enable compiler mitigation for
the "stack clash" vulnerability and are coordinating with
upstream.
Upstream LLDB support for FreeBSD improved substantially over
the last quarter, as detailed elsewhere in this report. These
improvements will make it into the FreeBSD base system early in
2021 when LLVM is next updated to 12.0. As also mentioned
elsewhere, we removed the obsolete copy of GDB 6.1.1.
The ELF Tool Chain received a number of bug fixes, as well as
support for readelf -z (handling compressed ELF debug sections)
and an improvement to addr2line to report based on labels when
other debug information is not available. We are working to
upstream these changes to the ELF Tool Chain project.
There are a number of open issues and opportunities for
improvements in various ELF Tool Chain components.
Contributions in these areas are very welcome,
Sponsor: The FreeBSD Foundation (in part)
__________________________________________________________
Kernel
Updates to kernel subsystems/features, driver support,
filesystems, and more.
ENA FreeBSD Driver Update
Links
ENA README
URL: https://github.com/amzn/amzn-drivers/blob/master/kernel/fbsd/ena/README
Contact: Michal Krawczyk <mk at semihalf.com>
Contact: Artur Rojek <ar at semihalf.com>
Contact: Marcin Wojtas <mw at semihalf.com>
ENA (Elastic Network Adapter) is the smart NIC available in the
virtualized environment of Amazon Web Services (AWS). The ENA
driver supports multiple transmit and receive queues and can
handle up to 100 Gb/s of network traffic, depending on the
instance type on which it is used.
Completed since the last update:
* MFC of the ENA v2.3.0 driver to the FreeBSD 11-STABLE
branch
* MFC of the ENA v2.3.0 driver to the upcoming FreeBSD
12-STABLE branch
* Add feature that allows reading extra ENI (Elastic Network
Interface) metrics about exceeding BW/pps limits
* Add SPDX license tag to the ENA driver files
* Add Rx offsets (hardware feature) support for the ENA
driver
* Fix completion descriptors alignment for the ENA device -
on some of the platforms ENA needs alignment to 4k
Work in progress:
* Introduce full kernel RSS API support.
* Allow reconfiguration of the RSS indirection table and hash
key
* Prototype the driver port to the iflib framework
Sponsor: Amazon.com Inc
__________________________________________________________
Intel wireless update
Links
The freebsd-wireless mailing list
URL: https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
Contact: Bjoern A. Zeeb <bz at FreeBSD.org>
The Intel Wireless driver update project aims to bring support
for newer chipsets and also get station side to 11ac in a first
step.
During the last months connection code between net80211 and the
Linux driver KPI was implemented and scanning is working.
Currently the focus is on sending and driving one state machine
from the other and syncing state between net80211 and the Linux
compat code.
In addition the driver and firmware was updated from upstream
sources to include support for the AX210 hardware generation,
which was already tested to attach.
The hope is that by the time the status report gets published
authentication and association are working and basic data
packet passing will work soon.
Sponsor: The FreeBSD Foundation
__________________________________________________________
Fenestras X random(4)
Links
SVN revision 1/3
URL: https://svnweb.freebsd.org/base?view=revision&revision=366620
SVN revision 2/3
URL: https://svnweb.freebsd.org/base?view=revision&revision=366621
SVN revision 3/3
URL: https://svnweb.freebsd.org/base?view=revision&revision=366622
FX Design (PDF)
URL: https://aka.ms/win10rng
Fortuna Design
URL: https://www.schneier.com/academic/fortuna/
Contact: Conrad Meyer <cem at FreeBSD.org>
Contact: FreeBSD CSPRNG group <csprng at FreeBSD.org>
Since FreeBSD 11, the default random(4) implementation is based
on the Fortuna (2003) design by Ferguson and Schneier. At a
high level, Fortuna accumulates entropy into a series of pools,
and reseeds a single generator from some of these pools
according to some criteria.
In 2019, Ferguson (at Microsoft) published a whitepaper on the
design of the Windows 10 system random number generator.
Fenestras X is a random(4) implementation based on the
published Windows 10 design.
The Fenestras X / Windows 10 design is similar to Fortuna, so
it is probably most interesting to describe their differences:
* Fenestras X has per-CPU generators seeded from a root
generator. Fortuna only has the root generator. This change
eliminates lock contention between random(4) readers
running on multiple cores.
* Generators in Fenestras X form a tree from the root RNG.
When read, generators efficiently check if their parent
generator has been seeded with newer entropy. If so, child
generators reseed themselves before serving the read
operation. This is integrated with arc4random(9), as well
as userspace arc4random(3).
* Fenestras X generators are buffered. Requests smaller than
some arbitrary threshold (currently 128 bytes) are served
from the buffer. Bytes read from the buffer are securely
erased when they are consumed. The buffer is refreshed if
the request consumes more bytes than were available in the
buffer. This amortizes the cost of rekeying and generating
output from a cryptographic CTR-mode cipher, which is
especially slow with AES.
There are other important differences, and readers interested
in system CSPRNGs
should read Ferguson's whitepaper. It is short and accessible.
For more information on the FreeBSD implementation, please see
the SVN commit messages -- especially r366620.
The Fenestras X implementation is available in CURRENT, but
disabled by default. (The default remains Fortuna.) At this
time, you must set the RANDOM_FENESTRASX option in your custom
kernel configuration and rebuild your kernel to use the new
design. There are no known bugs or weaknesses relative to the
Fortuna implementation.
Future work and call to action:
* Additional design review, implementation review, and
testing is welcome.
* Additional entropy sources: we could use implementations of
some of the sources described in the whitepaper, in both
Fortuna and Fenestras X. In particular, we're missing a
jitter entropy source.
__________________________________________________________
pf performance improvement
Links
First commit
URL: https://cgit.freebsd.org/src/commit/?id=1c00efe98ed7d103b9684ff692ffd5e3b64d0237
D27707
URL: https://reviews.freebsd.org/D27707
D27756
URL: https://reviews.freebsd.org/D27756
D27757
URL: https://reviews.freebsd.org/D27757
D27758
URL: https://reviews.freebsd.org/D27758
D27759
URL: https://reviews.freebsd.org/D27759
D27760
URL: https://reviews.freebsd.org/D27760
D27761
URL: https://reviews.freebsd.org/D27761
D27762
URL: https://reviews.freebsd.org/D27762
D27763
URL: https://reviews.freebsd.org/D27763
D27764
URL: https://reviews.freebsd.org/D27764
Contact: Kristof Provost <kp at freebsd.org>
The performance of pf was not as good as it could be. Some
investigation with the invaluable hwpmc tooling eventually
pointed to very poor cache behaviour. The
longest_lat_cache.miss event was very informative.
This turned out to be due to pf doing packet and byte counting
in states, rules and interfaces.
The pf code took the very straightforward approach of having a
simple uint64_t variable and incrementing it for every packet.
The downside of this is that when multiple cores do it
simultaneously the CPU ends up having to write this to memory
very often, slowing packet processing down greatly. Happily the
counter(9) framework is designed for this exact situation.
One additional complication is that pf uses the same structure
definitions for its internal data as it uses for configuration
from user space. To avoid breaking user space these data
structures have been decoupled. That is, where pf_rule used to
be used both to set rules via the ioctl() interface and to
evaluate rules while processing packets we now only use pf_rule
for configuration. The new pf_krule structure is used when
evaluating packets. This allows us to change the pf_krule
structure, to change uint64_t to counter_u64_t, without
affecting user space.
Olivier Cochard-Labbé tested the full set of changes, and found
(depending on hardware) substantial improvements in throughput:
Sponsor: Orange Business Services
__________________________________________________________
IP Routing lookup improvements
Links
Add modular routing lookup framework.
URL: https://reviews.freebsd.org/D27401
Contact: Alexander Chernikov <melifaro at FreeBSD.org>
This work adds a fib lookup framework, allowing to attach
custom IP lookup algorithms to any routing table on the fly. It
allows to use more performant and efficient lookup algorithms,
dynamically selected based on the number of routes in the
routing table. Finally, it provides an implementation of
modified DIR-24-8 for IPv4/IPv6, speeding IP lookups for the
large-fib use case.
This work is a part of a larger effort to modernise the routing
subsystem.
Background
FreeBSD runs diverse workloads on both low-end and high-end
devices, resulting in different networking/memory requirements
for each case. Small boxes with a couple of routes are
different from routers with full-view. IPv4 lookups are
different from IPv6 ones. Conditions can change dynamically:
one may easily reconfigure a system to receive full view
instead of a default route.
Currently, FreeBSD uses radix (compressed binary tree) to
perform all unicast route manipulations, including routing
lookups. Radix implementation requires storing key length in
each item, allowing to use sockaddrs, transparently supporting
virtually any address family. This flexibility comes at a cost:
radix is relatively slow, cache-unfriendly and adds locking to
the hot path. Finally, radix is closely coupled to the rest of
the system, making it hard to switch to something else.
Implementation overview
Overview
Modular fib IP lookup framework has been designed to address
flexibility and performance requirements.
It keeps system radix as the "control plane" source of truth,
simplifying actual algorithms implementation. It allows dynamic
load new algorithms as the kernel modules and abstracts most
OS-specific details, reducing algorithm "glue" code. It
automatically adapts to the current system state by picking the
best matching algorithm for the routing table on-the-fly.
The following algorithms are provided by default.
IPv4:
* bsearch4 (lockless binary search in a specially-crafted IP
array), tailored for small-fib (less than 16 routes)
* radix4_lockless (lockless immutable radix, re-created on
every routing table change), tailored for small-fib (less
than 1000 routes)
* radix4 (base system radix backend)
* dpdk_lpm4 (DPDK DIR24-8-based lookups), lockless
datastructure optimised for large-fib ( D27412 )
IPv6:
* radix6_lockless: lockless immutable radix, re-created on
every routing table change, tailored for small-fib (less
than 1000 routes)
* radix6: wrapper around existing system radix
* dpdk_lpm6: DPDK DIR24-8-based lookups, lockless
datastructure optimised for large-fib ( D27412 )
Performance changes
Micro benchmarks (i7-7660U, single-core lookups, 2048
destinations, benchmark code in D27604).
IPv4:
* 8 routes: radix4: ~20mpps, radix4_lockless: ~25mpps,
bsearch4: ~69mpps, dpdk_lpm4: ~67 mpps
* 700k routes: radix4_lockless: 3.3mpps, dpdk_lpm4: 46mpps
IPv6:
* 8 routes: radix6_lockless: ~20mpps, dpdk_lpm6: ~70mpps
* 100k routes: radix6_lockless: ~14mpps, dpdk_lpm6: ~57mpps
Forwarding performance:
* +10-15% IPv4: small-fib, bsearch4
* +25% IPv4: full-view, dpdk_lpm4
* +20% IPv6: full-view, dpdk_lpm6
Status
* Modular longest-prefix-match lookup algorithms (D27401) [
DONE ]
+ Design control plane framework for attaching
algorithms [ DONE ]
+ Port DPDK IPv6 lockless lookup algorithm ( D27412) [
DONE ]
+ Port DPDK IPv4 lockless lookup algorithm ( D27412) [
DONE ]
__________________________________________________________
Scalable routing multipath support
Links
Implementation of scalable multipath
URL: https://reviews.freebsd.org/D24141#change-ZOjdMqgDgUr7
Introduce scalable route multipath
URL: https://reviews.freebsd.org/D26449
Contact: Alexander Chernikov <melifaro at FreeBSD.org>
This work targets implementing scalable routing multipath
support and enabling it by default. It closes the long-standing
feature gap with other modern networking OSes.
This work is a part of on-going efforts to modernize the
routing subsystem.
Background
Initial FreeBSD multipath implementation, RADIX_MPATH, was
added back in 2008. It was based on the radix changes and
represented multipath routes as a linked-list of chained paths.
It was not fully finished and tested, resulting in many crash
reports.
Implementation overview
Multipath-related change changes are based on the introduction
of the concept of next hops. Nexthops are separate data
structures, containing the necessary information to perform
packet forwarding. They are shared among the routes, providing
more pre-computed cache-efficient data while requiring less
memory. Interested readers can find a more detailed description
in D24141. They can find another overview in Nexthop objects
talk describing Linux kernel implementation.
Multipath implementation extends the nexthop concept further by
introducing nexthop groups. Nexthop group is simply an array of
nexthops, compiled according to each nexthop relative weight.
Each route has a pointer to either nexthops or a nexthop group,
decoupling lookup algorithm from the routing stack internals.
Both nexthops and nexthop groups are immutable and use
epoch(9)-backed reclamation.
Status
* Nexthop objects (D24232) [ DONE ]
+ Introduction of nexthop objects [ DONE ]
+ Conversion of old KPI users to the new one [ DONE ]
o Conversion of route caching to nexthop caching [
DONE ]
+ Conversion of struct rtentry field access to nhop
field access [ DONE ]
+ Eliminating old lookup KPI and hiding struct rtentry [
DONE ]
* Multipath routing (D26449) [ DONE ]
+ Switch control plane customers to use (rtentry,
nexthop) pairs instead of rtentry to allow multipath
changes happen transparently [ DONE ]
+ Introduce nexthop group objects [ DONE ]
+ Add multipath support for the rib (routing information
base) manipulation functions [ DONE ]
+ Add flowid generation for outbound traffic to enable
load balancing [ DONE ]
* Routing daemon support
+ Add net/bird support for multipath routing [ NOT
STARTED ]
+ Add explicit nexthop/nexthop groups control via rtsock
[ IN PROGRESS ]
+ Work with FRR developers to add nexthop-based route
control [ NOT STARTED ]
__________________________________________________________
Thunderbolt3/USB4 stack
Contact: Scott Long <scottl at freebsd.org>
This project implements a driver stack for Thunderbolt3 and
USB4. These technologies differ radically from USB3 and prior,
and require completely new drivers for the host interface
adapter and topology as well as configuration management
layers. At their most fundamental level, a TBT3/USB4 topology
appears as PCI bridges and buses, and attached devices appear
as either PCI devices, USB3 devices, or DisplayPort devices.
Early TBT3 controllers don't even appear in the system topology
unless a TBT3 device is plugged in. These early TBT3 systems
also implement a security policy meant to protect against
unauthorised or malicious devices, though that scheme has been
proven to not be effective and has been removed from later TBT3
and USB4 implementations. Besides security control, the
TBT3/USB4 stack controls power management and topology hotplug.
The FreeBSD driver currently supports Alpine Ridge and Ice Lake
TBT3 controllers, and can perform basic security validation and
topology awareness. USB4 support as well as full connection
manager and power management support is still being worked on.
The current driver will be committed to FreeBSD in early
January 2021.
Though this work is not sponsored, it has been done with the
encouragement and support of the FreeBSD Foundation and
Netgate.
__________________________________________________________
Vectored AIO
Contact: Alan Somers <asomers at FreeBSD.org>
POSIX AIO is a facility for asynchronous I/O to files and
devices. FreeBSD's implementation is efficient, especially when
writing to disk files. But a long-standing defect in the
standard API is a lack of vectored functions. That is, there is
no asynchronous equivalent of pwritev(2) and preadv(2). A
common workaround is to use lio_listio(2) instead. However,
that has several drawbacks. It's more effort for the
programmer, it might return early with only a subset of the
operations completed, it requires more total syscalls, and
there is no guarantee that the operations will complete
in-order.
This quarter I added two new syscalls: aio_writev(2) and
aio_readv(2). They work just like their non-vectored
counterparts, but they take an array of iovec elements, just
like pwritev and preadv. You can't use them in combination with
lio_listio, but that could be added in the future.
__________________________________________________________
ZSTD Compression in ZFS
Contact: Allan Jude <allanjude at freebsd.org>
Zstandard (ZSTD) is a modern high-performance compression
algorithm designed to provide the compression ratios of gzip
while offering much better performance. ZSTD has been adopted
in FreeBSD for a number of other uses, including compressing
kernel crash dumps, as a replacement for gzip or bzip for
compressing log files, and for future versions of pkg(8).
This effort to complete the integration of ZSTD into ZFS is
funded by the FreeBSD Foundation.
During the four quarter the final tasks in the project to
integrate ZSTD into OpenZFS were completed.
Completed milestones in this project:
* Integrated ZSTD in the FreeBSD boot loader (Warner Losh
imp at freebsd.org)
* Added a section to the FreeBSD Handbook ZFS chapter
explaining ZSTD
* Wrote a FreeBSD Journal Article explaining considerations
when selecting a suitable compression level
* Monitored for bug reports after the changes were integrated
into -CURRENT
With all of these changes in place, it is now possible to boot
from pools
compressed with zstd or zstd-fast. For comparison, a standard
installation of FreeBSD 13 (without debug symbols) uncompressed
is 1175 MB, and when compressed with LZ4, is only 570 MB
(2.15x) but when compressed with ZSTD's default level of 3 is
only 417 MB (3.00x), and with the maximum level, 19, only 374
MB (3.36x).
Sponsor: The FreeBSD Foundation
__________________________________________________________
Architectures
Updating platform-specific features and bringing in support for
new hardware platforms.
arm64 platform updatesq
Contact: Mitchell Horne <mhorne at FreeBSD.org>
In the interest of seeing the arm64 architecture promoted to
Tier-1 status, an effort was undertaken to test building and
serving of release and patch-level updates via
freebsd-update(1). The conclusion of this investigation is that
the process works with very few changes required; a small tweak
is needed for the update build scripts, and a minor bugfix in
the bsdiff(1) utility was committed. The hope is that the
project can begin providing security updates for the platform
with the release of FreeBSD 13.0, removing the requirement that
users compile these updates from source.
Added this quarter was arm64 support for the new ossl(4) crypto
driver. This driver provides acceleration of SHA-1 and SHA-2
cryptographic operations by leveraging OpenSSL's assembly
routines. These routines will detect and use optimized
instructions, as supported by the CPU. This support benefits
userland applications via the cryptodev(4) device, and
in-kernel consumers of the crypto(9) interface, such as the
IPSec Authentication Header protocol and kernel TLS.
Finally, work was done to add the necessary machine-dependent
bits for the kernel's gdb(4) interface. This enables remote
debugging of the kernel with gdb(1) over a serial line.
Sponsor: The FreeBSD Foundation
__________________________________________________________
FreeBSD/RISC-V Project
Links
Wiki
URL: https://wiki.freebsd.org/riscv
Contact: Mitchell Horne <mhorne at FreeBSD.org>
Contact: freebsd-riscv Mailing List
Contact: IRC #freebsd-riscv on freenode
The FreeBSD/RISC-V project is providing support for running
FreeBSD on the RISC-V Instruction Set Architecture.
This quarter saw a number of improvements and bugfixes from
committers and contributors alike. A few small items from this
quarter:
* Added riscv64 LINT kernel config plus CI job
(FreeBSD-head-riscv64-LINT)
* Switched emulators/riscv-isa-sim to official upstream and
updated to 2020-11-02 snapshot
* Created sysutils/u-boot-sifive-fu540, a u-boot port for the
HiFive Unleashed
* Improved SBI extension support
Further progress was made this quarter in building ports for
RISC-V. Build and
runtime issues with large dependencies devel/python-setuptools
and devel/glib20 were fixed, enabling several thousand skipped
ports. There is some in-progress work to address failures in
other significant ports, such as devel/nspr and
databases/sqlite3. By addressing some of these small-effort
issues, some 15000+ ports can now be built for the platform
with qemu-user-static.
Finally, December saw the arrival of the first riscv64 weekly
development snapshots. This includes the usual memstick
installer, a virtual machine image, and a generic SD card
image. There are still some minor tweaks to be made, but this
marks a significant step forward for the platform, and lowers
the barrier of entry for running a FreeBSD/RISC-V system. This
also means that FreeBSD 13 will likely be the first
downloadable release for the architecture. For those interested
in trying out the VM image for themselves, see the Quick Start
instructions on the wiki.
__________________________________________________________
Userland Programs
Changes affecting the base system and programs in it.
Dual-stack ping command
Contact: Alan Somers <asomers at FreeBSD.org>
The venerable ping command has until now only supported IPv4. A
separate utility, ping6, was originally written by WIDE as a
research tool to develop IPv6. As a research tool, it didn't
need IPv4 support, but since then, it's been put to practical
use by countless developers and sysadmins everywhere.
The ping/ping6 split has been a perennial complaint. It's
annoying that two separate commands are needed, even though
they do almost exactly the same thing. This quarter, I merged
Ján Sucan's GSoC work, which merged the two commands. Now ping
can handle either protocol, based on the -4 and -6 switches, or
based on the format of the target. A ping6 hard link is
provided for backwards compatibility.
Sponsor: Google Summer of Code
__________________________________________________________
Ports
Changes affecting the Ports Collection, whether sweeping
changes that touch most of the tree, or individual ports
themselves.
KDE on FreeBSD
Links
KDE FreeBSD
URL: https://freebsd.kde.org/
KDE Community FreeBSD
URL: https://community.kde.org/FreeBSD
Contact: Adriaan de Groot <kde at FreeBSD.org>
The KDE on FreeBSD project aims to package all of the software
produced by the KDE Community for the FreeBSD ports tree. The
software includes a full desktop environment called KDE Plasma,
graphics applications, instant-messengers, a video-editing
suite, as well as a tea timer and hundreds of other
applications that can be used on any FreeBSD machine.
The KDE team (kde@) is part of desktop@ and x11@ as well,
building the software stack to make FreeBSD beautiful and
usable as a daily-driver graphics-based desktop machine.
This quarter the kde@ team:
* Landed the October, November and December updates to KDE
Applications and to KDE Plasma
* Landed all of the bi-weekly KDE Frameworks releases
* Updated Qt to 5.12.2, including Qt5 WebEngine
* Followed up with two cmake patch releases
* Followed up one ninja patch release
There was lots of infrastructural work and individual
application
updates and a new Matrix client from the KDE community as well,
which we typically fail to administer and write about so this
report is fairly short with mostly big-ticket items. We had
fun, we chased the things that are most useful to us, and got
through the year. Here's to next year with actually seeing
FreeBSD people again.
I (adridg@) would like to especially thank Kai Knoblich (kai@)
for chasing WebEngine: that's a huge and painful codebase to
deal with, and here we are, all up-to-date.
__________________________________________________________
FreeBSD Office team
Links
The FreeBSD Office project
URL: https://wiki.freebsd.org/Office
Contact: FreeBSD Office team ML <office at FreeBSD.org>
Contact: Dima Panov <fluffy at FreeBSD.org>
Contact: Li-Wen Hsu <lwhsu at FreeBSD.org>
The FreeBSD Office team works on a number of office-related
software suites and tools such as OpenOffice and LibreOffice.
Work during this quarter focused on providing the latest stable
release of LibreOffice suite and companion apps to all FreeBSD
users.
Latest and quarterly ports branches got a series of updates of
the LibreOffice suite from 7.0.1 thru 7.0.4 releases,
compilation patches for all Tier 1 architectures, and updates
of all companion libraries. Some of our local and critical to
build patches were sent to and accepted by upstream.
Meanwhile, our WIP repository was moved to new home under
official github.org/freebsd resources.
The WIP repository also has a major update with development
versions of the LibreOffice suite, version 7.1.0.0.beta1 for
now. Release will be planned in March, 2021.
We are looking for people to help the project. All unstable
work with LibreOffice snapshots is staged in our WIP
repository.
The open bugs list contains all filed issues which need some
attention. Patches, comments and objections are always welcome
in the mailing list and bugzilla.
__________________________________________________________
Ports On Non-x86 Architectures
Contact: Mark Linimon <linimon at FreeBSD.org>
It has been some time since the last report on the status of
FreeBSD ports on non-x86 architectures.
Traditionally, we have referred to these as "tier-2
architectures". However, aarch64 and powerpc64 have aspirations
for tier-1. Also, although riscv64 is currently tier-3, it has
aspirations for tier-2.
* The big news is that, thanks to the FreeBSD Foundation (and
the assistance of Philip Paeps), FreeBSD now has two new
aarch64 boxes, which have replaced the previous,
badly-aging, alternatives. For the first time since August,
we once again have up-to-date aarch64 packages.
* Thanks to the above, and the work of Emmanuel Vadot and
others, some bitrot in aarch64 ports has been reversed.
* Piotr Kubaj (pkubaj@) continues QA on powerpc64
(big-endian) ports. Almost everything that is buildable now
does so. The Linux ports and some of the graphics drivers
are excluded. Otherwise, powerpc64 is up to parity with
amd64.
* Piotr has also begun the task of bringing powerpc64le
(little-endian) up to parity with powerpc64. Although
several of the powerpc64 src committers (and your author)
have a fondness for big-endian, the fact is that our most
feasible path to getting graphics capability anywhere near
parity with x86 is via the little-endian choice.
* Mark Linimon (linimon@) has begun his own test-builds of
ports on riscv64 just to ascertain overall buildability.
Surprisingly, many ports do indeed build. Thanks to
contributions from several people already working on
riscv64, including John Baldwin (jhb@) with an LLVM fix, we
are now able to build around 20,000 packages. NB: these
packages are unofficial and not guaranteed.
* The work of Kyle Evans (kevans@) on chasing bitrot in qemu
has been key to work on both aarch64 and riscv64. All users
are encouraged to update to the latest version.
* Unfortunately mips/mips64 are badly in need of work. The
fact that devel/libffi does not build on mips64 blocks
nearly half the ports tree.
Tasklist:
* We need users of riscv64 to actually test the packages that
have been built (so far, they have only been tested for
buildability). Contact linimon@ if you are interested.
* If anyone is still using mips/mips64 for other than the
most trivial tasks, we would welcome patches.
__________________________________________________________
Python 2.7 removal from Ports
Links
About FreeBSD Ports
URL: https://www.FreeBSD.org/ports/
Ports Management Team
URL: https://www.freebsd.org/portmgr/index.html
[meta] Ports broken by Python 2.7 End-of-Life and removal
URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249337
Contact: René Ladan <portmgr-secretary at FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr at FreeBSD.org>
As of January 2020, Python 2.7 reached its end-of-life after
several years of extensions. Portmgr subsequently started the
project of phasing Python 2.7 out of the Ports Tree by tagging
lang/python27 for expiration on 2020-12-31. Last year, some 740
ports were removed from the Ports Tree as they were
incompatible with Python 3, mostly because these ports were
either unmaintained or abandoned upstream.
During this process, there were several instances of an
upstream still being active but where the upstream have not had
the resources yet to upgrade their software to Python 3. A
noticeable example of this is www/chromium and derived
software, such as devel/electron7 and www/qt5-webengine.
Portmgr is currently looking into ideas on how to minimize the
impact of Python 2.7 on the Ports Tree while keeping Chromium
and KDE 5 functional. As various software packages on the
FreeBSD cluster itself also use Python 2.7, portmgr started
coordinating with affected parties on upgrade plans. Currently
there are 40 ports left that directly depend on Python 2.7 to
build or run, and an unknown number of indirect ports. All
those ports should eventually be upgraded to Python 3 or be
removed too, ideally some time this year.
Portmgr is currently cleaning up (unused) Python 2.7 code from
ports which do not need Python 2.7. New ports should not be
using Python 2.7 anymore, i.e. they should not have USES=python
but instead something like USES=python:3.6+.
So while this all looks rather invasive, it is not feasible to
keep Python 2.7 around for much longer. Over time security
vulnerabilities might show up which will likely no longer be
fixed, because the Python Software Foundation no longer
supports Python 2.7. Other problems are that the software gets
outdated over time and thereby loses its usefulness as part of
a development kit.
Help needed:
* Coordinate with postmaster on isolating or migrating away
from mail/mailman
* Coordinate with clusteradm (?) for upgrading svnweb and our
wiki
__________________________________________________________
Xfce on FreeBSD
Links
Xfce 4.16 Upstream Release Announcement
URL: https://xfce.org/about/news/?post=1608595200
Xfce meta-port on FreshPorts
URL: https://www.freshports.org/x11-wm/xfce4
Contact: Xfce team <xfce at FreeBSD.org>
Contact: Guido Falsi <madpilot at FreeBSD.org>
The FreeBSD Xfce team (xfce@) work to ensure the Xfce desktop
environment is maintained and fully functional on FreeBSD.
This quarter the Xfce team are pleased to welcome Xfce 4.16 to
the FreeBSD ports tree!
Some of the highlights of this Xfce 4.16 release:
* The panel now supports dark mode (enabled by default) and
an animated autohide transition
* A new panel plugin dubbed "statustray" which combines both
StatusNotifier and legacy Systray items
* Fractional scaling support was added to the display dialog
(helpful on HiDPI displays)
* A new tab in the "About Xfce" dialog shows basic system
information like CPU or GPU type
* The settings manager has improved search and filter
capabilities
* All settings dialogs now use window decorations drawn by
Gtk (client side decorations)
* The "Mime Settings" and "Preferred Applications" dialogs
were merged into the "Default Applications" dialog
* The Thunar file manager now supports pause for copy/move
operations, and queued file transfer
* Generating thumbnails for .epub (e-book format) was added
to tumbler
* A new default wallpaper and icon theme
* The application finder now allows for sorting applications
by "frecency" - a combination of frequency and recency
* Dropped GTK2 support from all components and plugins
For further details, refer to the Xfce 4.16 upstream release
announcement.
Due to GTK2 and libxfce4gui support being removed, some panel
plugins and libraries will be removed since they no longer work
with Xfce 4.16:
* deskutils/orage
* deskutils/xfce4-volumed
* print/xfce4-print
* science/xfce4-equake-plugin
* x11/xfce4-embed-plugin
* x11/xfce4-quicklauncher-plugin
* x11/xfce4-wmdock-plugin
* x11-toolkits/libxfce4gui
WARNING: Unfortunately this update can reveal a bug in pkg
which can
cause files from the libexo package to be absent after upgrade.
To avoid the issue, upgrade the libexo package by itself before
the rest of the packages, as described in UPDATING entry
20210102.
Thanks also to riggs@, Olivier Duchateau
duchateau.olivier at gmail.com, woodsb02@, Sergey Dyatko
sergey.dyatko at gmail.com, and ehaupt@ for their help and
contributions.
__________________________________________________________
Documentation
Noteworthy changes in the documentation tree, in manpages, or
in external books/documents.
FreeBSD Translations on Weblate
Links
Translate FreeBSD on Weblate wiki
URL: https://wiki.freebsd.org/DocTranslationOnWeblate
FreeBSD Weblate Instance
URL: https://translate-dev.freebsd.org/
Contact: Danilo G. Baio <dbaio at FreeBSD.org>
Contact: Edson Brandi <ebrandi at FreeBSD.org>
In search of new contributors an article was published in the
September/October 2020 issue of the FreeBSD Journal about How
to Become a FreeBSD Translator.
During the whole year we received new contributors to the
effort; numbers are still growing and we are receiving
translations almost daily on our Weblate platform.
Q4 2020 Status
* 11 languages (1 new language)
* 116 registered users (69 new users since 2020q1)
Languages
* Chinese (Simplified) (zh_CN)
* Chinese (Traditional) (zh_TW)
* Dutch (nl_NL) - Added
* French (fr_FR)
* German (de_DE)
* Italian (it_IT)
* Norwegian (nb_NO)
* Persian (fa_IR)
* Portuguese (pt_BR)
* Spanish (es_ES)
* Turkish (tr-TR)
We want to thank everyone that contributed, translating or
reviewing documents.
And please, help promote this effort on your local user group,
we always need more volunteers.
__________________________________________________________
DOCNG on FreeBSD
Links
DOCNG Website Repo
URL: https://gitlab.com/carlavilla/freebsd-hugo-website
DOCNG Documentation Repo
URL: https://gitlab.com/carlavilla/freebsd-hugo-documentation
DOCNG Share Repo
URL: https://gitlab.com/carlavilla/freebsd-hugo-data
Contact: Sergio Carlavilla <carlavilla at FreeBSD.org>
The Doc New Generation project is finished. The switch-over
date will be Saturday, January 23rd.
The objective of using Hugo and AsciiDoctor is to reduce the
learning curve and let people to start quickly contributing to
our documentation system. Other benefits of using Hugo is that
we can use other technologies aside from AsciiDoctor, like
MarkDown, RST, Pandoc, etc.
You can find a work in progress on updating the FreeBSD
Documentation Project Primer to Hugo/AsciiDoctor.
__________________________________________________________
Miscellaneous
Objects that defy categorization.
Prometheus NFS Exporter
Links
Contact: Alan Somers <asomers at FreeBSD.org>
FreeBSD's nfsstat(8) utility provides a wealth of statistics,
but I wanted to monitor them with Prometheus. Screen-scraping
the --libxo output would've been possible, but some of the
stats are preprocessed in a way that interferes with my
Prometheus processing. So I wrote a separate utility that
publishes the raw stats provided by the kernel. Along the way I
found and fixed a few bugs in nfsstat, too. If anybody is
interested, I can add a port for it.
Sponsor: Axcient
__________________________________________________________
Third-Party Projects
Many projects build upon FreeBSD or incorporate components of
FreeBSD into their project. As these projects may be of
interest to the broader FreeBSD community, we sometimes include
brief updates submitted by these projects in our quarterly
report. The FreeBSD project makes no representation as to the
accuracy or veracity of any claims in these submissions.
FreeBSD Aarch64 under VMWare ESXi-ARM Fling
Links
ESXi-ARM Fling
URL: https://flings.vmware.com/esxi-arm-edition
FreeBSD Under VMWare ESXi-ARM Fling
URL: https://vincerants.com/freebsd-under-vmware-esxi-on-arm-fling/
FreeBSD on ESXi-ARM Fling: Fixing Virtual Hardware
URL: https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/open-vm-tools
for FreeBSD VMWare ESXi-ARM Fling
URL: https://vincerants.com/open-vm-tools-on-freebsd-under-vmware-esxi-arm-fling/
Contact: Vincent Milum Jr <freebsd at darkain.com>
VMWare is a company that produces a commercial hypervisor known
as vSphere ESXi for AMD64 and i386. In early October, they
released a tech demo hypervisor for ARM Aarch64 which runs on
ARM ServerReady hardware as well as single board computers such
as the Raspberry Pi 4b (4GB and 8GB models). This new
hypervisor is known as VMWare ESXi-ARM Fling.
Since the release of ESXi-ARM Fling, work has been done on both
the hypervisor as well as FreeBSD, to make the two more
compatible with one another. Even though the work was initially
done to make these two work better together, the work overall
has been more general purpose for FreeBSD in support of both
bare-metal Aarch64 installations as well as running FreeBSD
under other hypervisors such as QEMU.
An example of others building off of this work is Twitter user
astr0baby getting FreeBSD working under QEMU on a new Apple M1
system.
When ESXi-ARM Fling first released, to get FreeBSD to work
under it, the process required taking the Aarch64 premade VMDK
file, uploading it to the hypervisor storage, and then running
a series of CLI commands to convert the disk image to a
supported file format. The initial work done was to get the
FreeBSD Aarch64 ISO bootable and with the required drivers to
complete the install process. With this, users can do fresh
installs of FreeBSD Aarch64 using the same methods they would
use for AMD64 or i386 under ESXi.
The CD-ROM driver's inclusion into FreeBSD 12 barely missed the
cut-off date for 12.2-RELEASE. However, the very first
12.2-STABLE build published for Aarch64 includes the CD-ROM
driver. FreeBSD 13-CURRENT also includes this driver. Due to
this, only 12-STABLE and 13-CURRENT support fresh CD ISO
installations.
The next step was getting the major pieces of virtual hardware
working. This included adding more USB controllers, the vmxnet
virtual network card, and pvscsi para-virtual SCSI drivers
added to Aarch64 GENERIC.
There is a known bug in ESXi-ARM Fling's virtual UEFI that
prevents booting from pvscsi, so for the time being the boot
device must be on a virtual disk attached to the SATA
controller inside the VM.
ESXi-ARM Fling uses a new virtual SVGA device which currently
does not have working drivers on any platform, as the
specifications are not finalized yet. Due to this, only
efi-fb/scfb is available for console and Xorg for the time
being.
The VMCI driver is currently not compiling at all. This driver
has sections of x86 assembly code that will need to be
converted over to ARM. This would be a great area for anyone to
look into that is experienced with converting assembly
language!
At ESXi-ARM Fling launch, there was a hypervisor bug preventing
more than 1 vCPU from working inside FreeBSD. This has since
been fixed, allowing up to 8 vCPUs. Going beyond this requires
a a patch to FreeBSD, which was authored by VMWare developer
Cypou.
Things that are currently fixed/working:
* Booting from CD ISO image
* Virtual USB 2.0 controller
* Virtual USB 3.1 controller
* Virtual USB Keyboard
* Virtual USB Mouse
* vmxnet3 Virtual Network Card
* pvscsi Para-Virtual SCSI Storage Controller
* open-vm-tools Guest Virtual Machine Tools
* Xorg Enhanced Mouse Driver (untested)
* Multi-Core CPU (up to 8 vCPUs inside guest)
Things that are still broken:
* Booting from pvscsi
* Xorg SVGA Driver
* vmci Virtual Machine Communication Interface
* Multi-Core CPU (more than 8 vCPUs)
With all of this done, it has made working on the Aarch64 ports
collection easier by having a high quality virtualization
environment for development and testing. This environment has
already been used to update the ZeroTier port and Facebook's
RocksDB used in the MariaDB port.
FreeBSD now has a Discord chat! Discussion about FreeBSD on
Aarch64 in general takes place in our #embedded channel.
Despite the name, we discuss all levels of ARM development,
from large servers, to virtualized environments, all the way
down to single board computers.
__________________________________________________________
Bastille
Links
Bastille GitHub
URL: https://github.com/bastillebsd/bastille
Bastille Templates
URL: https://gitlab.com/bastillebsd-templates
Bastille Website
URL: https://bastillebsd.org
Contact: Christer Edwards <christer.edwards at gmail.com>
Bastille is an open-source system for automating deployment and
management of containerised applications on FreeBSD.
Bastille Templates automate container setup allowing you to
easily reproduce containers as needed.
Bastille is available in ports as sysutils/bastille.
Q4 2020 Status
In Q4 2020 Bastille merged some exciting new features. Changes
include:
* full adoption of the previously experimental Bastillefile
format
* new config sub-command
* default templates included and applied by default
* support for -CURRENT jails on -CURRENT hosts
* support for 32bit containers on 64bit hosts
* support in templates for dynamic arguments & defining
variables
* over two dozen bug fixes and general improvements
More details about Bastille Releases.
upstream was updated to 0.8.202010101 (latest). ports
(sysutils/bastille) was updated to 0.7.20200414.
__________________________________________________________
CheriBSD
Links
Contact: Alex Richardson <arichardson at FreeBSD.org>
Contact: Andrew Turner <andrew at FreeBSD.org>
Contact: Brooks Davis <brooks at FreeBSD.org>
Contact: Edward Tomasz Napierala <trasz at FreeBSD.org>
Contact: George Neville-Neil <gnn at FreeBSD.org>
Contact: Jessica Clarke <jrtc27 at FreeBSD.org>
Contact: John Baldwin <jhb at FreeBSD.org>
Contact: Robert Watson <rwatson at FreeBSD.org>
Contact: Ruslan Bukin <br at FreeBSD.org>
CheriBSD extends FreeBSD to implement memory protection and
software compartmentalization features supported by the CHERI
instruction-set extensions. There are three architectural
implementations of the CHERI protection model: CHERI-MIPS,
CHERI-RISC-V, and Arm's forthcoming experimental Morello
processor (due late 2021). CheriBSD is a research operating
system with a stable baseline implementation into which various
new research features have been, or are currently being,
merged:
* Arm Morello - In October, we released a developer preview
of CheriBSD ported to Arm's Morello architecture. This
release supports a dynamically linked runtime and is
generally functional. It was cut from a development branch
and work is in progress to merge the contents of this
branch with the CheriBSD main line. We anticipate producing
a new release from this branch in early 2021.
* Kernel spatial memory safety (pure-capability kernel) - The
current CheriBSD kernel is a hybrid C program where only
pointers to userspace are CHERI capabilities. This ensures
that the kernel follows the intent of the application
runtime and cannot be used to defeat bounds on application
pointers. We have developed and will soon merge a
pure-capability kernel where all pointers in the kernel are
appropriately bounded capabilities. This vastly reduces the
opportunity for buffer overflows. This spatial memory
safety lays the groundwork for future work such as device
driver compartmentalization and kernel temporal safety.
* Userspace heap temporal memory safety (Cornucopia) - CHERI
capabilities provide the necessary features to enable
robust and efficient revocation of freed pointers. With
Cornucopia we have implemented a light-weight revocation
framework providing protection from use-after-reallocation
bugs with an average cost below 2%. We aim to bring these
overheads down further over the next year and merge this
functionality into the mainline CheriBSD.
* Syncing with upstream FreeBSD - We spent considerable time
this quarter catching up with FreeBSD-CURRENT. As of the
beginning of December, we had caught up. Merges are
currently paused while we work to land Morello and
pure-capability kernel changes. In the interim, we have
performed a test merge between our tree based on the legacy
export of the FreeBSD tree to git and the new FreeBSD git
repository. The process went smoothly and is expected to
have few impacts.
* We have been working on updating the arm64 bhyve from
Politehnica University of Bucharest to have it committed to
FreeBSD. We have been upstreaming initial changes to help
support this.
__________________________________________________________
Embedded Lab Project
Links
FreeBSD Embedded Lab Design
URL: https://www.funkthat.com/gitea/jmg/fbsdembdev
Lab API code
URL: https://www.funkthat.com/gitea/jmg/bitelab
Contact: John-Mark Gurney <jmg at FreeBSD.org>
The Embedded Lab Project's goal is to make SBCs and other
devices more accessible to developers. Despite SBCs often being
inexpensive, it is not inexpensive to maintain them, in terms
of the cost of time to keep them up to date, infrastructure to
support them, etc.
The goal of this project is to support and enhance the existing
CI work but also make it easier for developers to test their
code and changes on one, or many different boards.
Once the work is [mostly] complete, I will host a lab that will
be freely available to everyone who has a FreeBSD.org account.
Information about this will be sent once it is closer to
launch.
The core part of the architecture is each time a board is
reserved via the API, a new jail is created which contains the
serial console tty, an interface for internet access, and an
interface that is connected to the board's ethernet port
(assuming it has one). This allows a clean system for each run,
and allows complete control over the network interfaces to
support netbooting and other development. The jail will have a
basic set of FreeBSD packages installed that matches the board.
Part of the API will also allow power cycling the board to aid
in debugging. This part is relatively extensible, so adding
additional modules to provide additional support should not be
difficult.
The API includes support for running interactive commands in
the jail. This will make it easy to script control of the
environment, such as directly running an expect script against
the serial console, or even just running a script in the jail.
The work is progressing well, and currently a single board, a
Pine64 A64-LTS, is integrated and working. Board reserves and
releases are working, along with the ability to run commands in
the jail via the API. Power control is functional, and is
currently using a PoE smart switch to control power.
Work has stalled on being able to use the SDWire with an
environment due to power issues. USB is not made for power
isolation, which is causing issues w/ power control. The
existing board, the A64-lTS, is using a USB serial console
adapter that is opto-isolated, ensuring that there is no
problems w/ power control. But there I have not found a
solution for high speed USB. I believe that cutting the VBUS
(power) line of a USB cable would allow fine grain power
control, but tests have not been conducted yet.
Sponsor: The FreeBSD Foundation FreshPorts FreshPorts blog
Dan Langille dan at langille.org
FreshPorts, and its sister site, FreshSource, have reported
upon FreeBSD commits for 20 years. They cover all commits, not
just ports.
FreshPorts tracks the commits and extracts data from the port
Makefiles to create a database of information useful to both
port developers and port users.
For example, https://www.freshports.org/security/acme.sh/ shows
the history of this port, back to its creation in May 2017.
git
The work to become git-ready is mostly complete. Both src and
doc commits are flowing into devgit.freshports.org. Some work
is required on various issues, but nothing that stops the flow
of commits into the database.
Help wanted
Amazon have donated enough to try FreshPorts on AWS. I need
help with the following:
* getting IPv6 working
* working with RDS
If you can help with this, please contact me. Thank you.
Thank you
__________________________________________________________
helloSystem
Links
Documentation
URL: https://hellosystem.github.io/docs/
Contact: Simon Peter <probono at puredarwin.org>
Contact: #helloSystem on irc.freenode.net, mirrored to
#helloSystem:matrix.org on Matrix
helloSystem is FreeBSD preconfigured as a desktop operating
system with a focus on simplicity, elegance, and usability. Its
design follows the "Less, but better" philosophy. It is
intended as a system for "mere mortals", welcoming to switchers
from a world in which a global menu bar exists, the Command key
is used rather than Control, and applications are contained in
.app bundles.
helloSystem grew out of frustration with usability shortcomings
of existing open source desktop environments. FreeBSD was
chosen as the base because it offers one consistent base system
rather than a fragmented landscape of distributions lacking a
common platform.
helloSystem aims at providing a "it just works" out-of-the-box
user experience in which a non-technical user can just use the
system without ever opening the terminal, without having to
configure anything, and without ever seeing white text on a
black background scroll by during system boot. Technologies
embraced include DNS-SD/Zeroconf (also known as Bonjour), IPP
Everywhere (also known as AirPrint), eSCL (also known as
AirScan), etc.
Prerelease installable Live ISO images are available.
Help is needed in a number of areas, especially:
* FreeBSD/kernel: allowing to put the system into a read-only
disk image with a writable overlay, e.g., using unionfs
* Qt, Python: writing various easy-to use frontends for
FreeBSD/OpenZFS functionality, e.g., Disk Utility.app
* Testing and bugfixing
__________________________________________________________
K8S-bhyve
Links
K8S-bhyve
URL: https://k8s-bhyve.convectix.com
K8S-bhyve
URL: https://github.com/k8s-bhyve
Kubernetes
URL: https://kubernetes.io/
Contact: Kirill Ponomarev <krion at FreeBSD.org>
Contact: Oleg Ginzburg <olevole at olevole.ru>
K8S-bhyve is opensource project concentrating primarily on
deploying and use of kubernetes on FreeBSD/bhyve in a more
agile and more comfortable manner. We are going to provide
distributed multi-DC environment or just stand-alone clusters
with native PV/PVC support.
For 2020Q4 we made and published a k8s-bhyve image which you
might install with ISO/memstick, as well as with bsdinstall.
__________________________________________________________
Puppet
Links
Puppet
URL: https://puppet.com/docs/puppet/latest/puppet_index.html
Puppet's FreeBSD slack channel
URL: https://puppetcommunity.slack.com/messages/C6CK0UGB1/
Bolt
URL: https://puppet.com/docs/bolt/latest/bolt.html
Choria
URL: https://choria.io/
Contact: Puppet Team <puppet at FreeBSD.org>
Since our last status report a few months ago, the FreeBSD
ports tree has seen the addition of the Choria
(sysutils/choria) orchestration tool, and the Puppet Platform 7
with the Puppet Agent (sysutils/puppet7), Puppet Server
(sysutils/puppetserver7) and PuppetDB (databases/puppetdb7).
Older versions of Puppet (5 and 6) are still in the ports tree,
allowing a smooth transition, but please note that Puppet 5
will reach EOL soon, and as it is not compatible with the
recent ecosystem provided by FreeBSD (i.e. it is not compatible
with the latest version of Ruby and depends on old FreeBSD
primitives not available anymore), it is recommended to update
at least to Puppet 6 as soon as possible.
Ports depending on Puppet (e.g. sysutils/rubygem-bolt) have
been updated to add options allowing to choose which version of
Puppet to depend on. For now, the default is Puppet 6, but we
plan to switch the default to Puppet 7 in a few weeks, probably
when Puppet 5 will have reached EOL.
__________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20210116/b4f3fe0a/attachment.sig>
More information about the freebsd-stable
mailing list