pkgsrc-2016Q1 - the Fiftieth pkgsrc Release

A perspective, looking back 19 years over pkgsrc, to celebrate the 50th quarterly pkgsrc release.[Read More] [0 comments]

 

talks about blacklistd

Watch a video by Christos Zoulas (with good audio!) talking about blacklistd
blacklistd by Christos Zoulas [1 comment]

 

Happy 23rd Birthday, src!

And so it began...

revision 1.1
date: 1993-03-21 10:45:37 +0100; author: cgd; state: Exp;
branches: 1.1.1;

Initial revision

and we continue this legacy.

[1 comment]

 

In Memoriam: Ian Murdock, Founder of Debian

NetBSD would like to express our condolences on the passing of Ian Murdock.

He was one of the pillars of open-source software development and distribution, contributing much to the community as a whole. As is the nature of open-source software, ideas and processes are shared, intertwined, and constantly evolving as they are passed back and forth between projects.

We respect, and are grateful for what Ian did during his career.

Regards,
The NetBSD Foundation and developers
[1 comment]

 

First reproducible builds conference in Athens

Last week I met with about 40 other developers from various projects (mostly Debian, but also Arch Linux, FreeBSD, Guix, Homebrew, MacPorts, Tor and some others) in Athens for a three day conference about reproducible builds, i.e. the task of getting the same binaries from the same source on a particular platform.

The advantages are better verifyability that the source code matches the binaries, thus addressing one of the many steps one has to check before trusting the software one runs.

We discussed various topics during the conference in small groups:

• technical aspects (how to achieve this, how to cooperate over distributions, ...)
• social aspects (how to argue for it with programmers, managers, lay people) financial aspects (how to get funding for such work)
• lots of other stuff :)

For NetBSD, there are two parts:

Making the base system reproducible: a big part of the work for this has already been done, but there a number of open issues, visible e.g. in Debian's regularly scheduled test builds, up to the fact that this is not the default yet.

Making pkgsrc reproducible: This will be a huge task, since pkgsrc targets so many and diverse platforms. On the other hand, we have a very good framework below that that should help.

For giggles, I've compared the binary packages for png built on 7.99.22 and 7.99.23 (in my chrooted pbulk only though) and found that most differences were indeed only timestamps. So there's probably a lot of low-hanging fruit in this area as well.

If you want to help, here are some ideas:

• fix the MKREPRO bugs (like PRs 48355, 48637, 48638, 50119, 50120, 50122)
• check https://reproducible.debian.net/netbsd/netbsd.html for more issues, or do your own tests
• discuss turning on MKREPRO by default
• starting working on reproducibility in pkgsrc:
  • remove gzip time stamps from binary packages
  • use a fixed time stamp for files inside binary packages (perhaps depending on newest file in sources, or latest change in pkgsrc files for the pkg)
  • identify more of the issues, like how to get symbols ordered reproducible in binaries (look at shells/bash)

Thanks to the NetBSD developers who already worked on this before, and to TNF for funding the travel and the Linux Foundation for funding the accomodation for my participation in the conference, and Holger Levsen for inviting me. [0 comments]

 

End of life for NetBSD 5.x on November 9

In keeping with NetBSD's policy of supporting only the current (7.x) and next most recent (6.x) release majors, the release of NetBSD 7.0 marks the end of life for the 5.x branches. As in the past, a month of overlapping support is being provided in order to ease the migration to newer releases.

On November 9, the following branches will no longer be maintained:

• netbsd-5-2
• netbsd-5-1
• netbsd-5

Furthermore:

• There will be no more pullups to the branches (even for security issues)
• There will be no security advisories made for any of the 5.x releases
• The existing 5.x releases on ftp.NetBSD.org will be moved into /pub/NetBSD-archive/

We hope 7.0 serves you well!

[0 comments]

 

Announcing NetBSD 7.0

The NetBSD Project is pleased to announce NetBSD 7.0, the fifteenth major release of the NetBSD operating system.

This release brings stability improvements, hundreds of bug fixes, and many new features. Some highlights of the NetBSD 7.0 release are:

• DRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices.
• Multiprocessor ARM support.
• Support for many new ARM boards:
  • Raspberry Pi 2
  • ODROID-C1
  • BeagleBoard, BeagleBone, BeagleBone Black
  • MiraBox
  • Allwinner A20, A31: Cubieboard2, Cubietruck, Banana Pi, etc.
  • Freescale i.MX50, i.MX51: Kobo Touch, Netwalker
  • Xilinx Zynq: Parallella, ZedBoard
• Major NPF improvements:
  • BPF with just-in-time (JIT) compilation by default.
  • Support for dynamic rules.
  • Support for static (stateless) NAT.
  • Support for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296.
  • Support for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups).
• Multiprocessor support in the USB subsystem.
• blacklistd(8), a new daemon that integrates with packet filters to dynamically protect other network daemons such as ssh, named, and ftpd from network break-in attempts.
• Numerous improvements in the handling of disk wedges (see dkctl(8) for information about wedges).
• GPT support in sysinst via the extended partitioning menu.
• Lua kernel scripting.
• epoc32, a new port which supports Psion EPOC PDAs.
• GCC 4.8.4, which brings support for C++11.
• Optional fully BSD-licensed C/C++ runtime env: compiler_rt, libc++, libcxxrt.

For a more complete list of changes in NetBSD 7.0, see the release notes.

Complete source and binaries for NetBSD 7.0 are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at http://www.NetBSD.org/mirrors/.

If NetBSD makes your life better, please consider making a donation to The NetBSD Foundation in order to support the continued development of this fine operating system. As a non-profit organization with no commercial backing, The NetBSD Foundation depends on donations from its users. Your donation helps us fund large development projects, cover operating expenses, and keep the servers alive. For information about donating, visit http://www.NetBSD.org/donations/

[10 comments]

 

64-bit ARM boards received from Rikomagic

Rikomagic was kind enough to provide engineering samples of their RKM MK68 systems and documentation to a few NetBSD developers to assist in improving the aarch64 port.

[Read More] [0 comments]

 

pkgsrc-wip migrating to NetBSD.org, git

If everything goes as planned, the pkgsrc-wip CVS repository will be converted to git and hosted on NetBSD.org by end of September.

In July we cleaned up the repository so it can be converted easily; since then we've been working on the infrastructure and details of the conversion. The main tasks are now finished. We have set up a server for it which hosts a preliminary git conversion (on wip.pkgsrc.org) of the CVS repository, created a mailing list for the commit messages, pkgsrc-wip-changes, and prepared a list of authors for the conversion.

We've also provided a conversion of pkgsrc-wip based on data from July so that it can be tested on (nearly) live data. If you are interested in beta-testing the setup, send a suggestion for a username and an SSH public key to me. Details on how to test are on the NetBSD wiki but will probably change some more over time.

We still need help for the conversion: if you are or were a wip contributor, please let me know by September 15 what name and email to use for the conversion from CVS to git. This conversion will not be done again, so after that date, the commit data will be final. [0 comments]

 

NetBSD 7.0_RC3

On behalf of the NetBSD release engineering team, it is my distinct pleasure to announce that the third release candidate of NetBSD 7.0 is now available for download. As the old Schoolhouse Rock song tells us, three is a magic number. We're hoping that RC3 will be the magic/last release candidate of 7.0.

Some of the changes since 7.0_RC2 are:

• Add a resize_root boot operation (disabled by default). If resize_root=YES in rc.conf then the system attempts to resize the root file system to fill its partition prior to mounting read-write.
• Enable SMP on Raspberry Pi 2.
• evbarm: Rename beagleboard.img to armv7.img. The new image includes the same kernels as beagleboard.img plus support for Raspberry Pi 2, ODROID-C1, Cubieboard2, Cubietruck, Hummingbird A31, and Banana Pi.
• evbarm: For armv7.img and rpi.img, enable support for auto-growing the SD card root filesystem.
• Various DRMKMS stability improvements.
• Avoid kernel panic on starting X on Intel 855GM machines. PR kern/49875.
• Fix an uninitalized lock panic when trying to start a Xen kernel with LOCKDEBUG and more than one vcpu.
• Fix an issue where x86 microcode updates could fail if memory was not 16 byte aligned.
• Fix an IPFilter panic.
• macppc: Fix ofwboot failure on PowerPC 603 machines.
• OpenSSH: Apply fix for CVE-2015-5600.
• Fix an issue where fsck_ffs didn't properly handle replaying a WAPBL journal on disks with non-DEV_BSIZE sectors.
• Fix error in the setlist scripts that resulted in /bin/[ being missing from the base set. PR bin/50109.
• Make libperfuse handle resource limits properly.
• Make uplcom(4) suspend/resume.
• Fix case where coretemp(4) didn't attach on some newer CPUs.
• Avoid hanging on some machines after attaching ehci(4).
• Fix crash on oboe(4) attach. PR port-i386/50076.
• mountd(8): Write the correct pid is written to pidfile. PR bin/50125.
• patch(1): Guard against malicious filenames and substitution commands.
• patch(1): Drop SCCS support.
• ypserv(8): When transferring a secure map to a slave server, don't lose the secure flag. PR bin/50057.
• resize_ffs(8):
• Make get_dev_size work on regular files too.
• Add -c to check to see if grow/shrink is required.
• Divide by DEV_BSIZE when returning size of file.
• Handle case in grow() where last cylinder group is too small for ufs2.
• Add a -p flag, which displays a progress bar.
• disklabel(8): Fix a bug that resulted in sun2 liveimages being non-bootable.
• Update libXi to 1.7.4.
• Update BIND to 9.10.2-P3.

The full list of changes can be found near the bottom of http://ftp.NetBSD.org/pub/NetBSD/NetBSD-7.0_RC3/CHANGES-7.0

Binaries of NetBSD 7.0_RC3 are available for download at:

http://ftp.NetBSD.org/pub/NetBSD/NetBSD-7.0_RC3/

Those who prefer to build from source can either use the netbsd-7-0-RC3 tag or follow the netbsd-7 branch.

As always, please let us know how 7.0_RC3 works for you! Any feedback, whether good or bad, is welcome. Problems should be reported through the usual channels (submit a PR or write to the appropriate list). More general feedback is welcome at releng@NetBSD.org.

[9 comments]

 

NetBSD 7.0_RC2

On behalf of the NetBSD project, it is my pleasure to announce the second release candidate of NetBSD 7.0.

Some of the changes since 7.0_RC1 are:

• OpenSSL updated to 1.0.1p
• BIND updated to 9.10.2-P2
• IPSEC support is now included by default in Xen kernels
• Fix several security issues in calendar(1)
• installboot(8) now supports wedge names
• Fix a quota panic when using WAPBL (PR 49948)
• Fix a memory leak in the drm2 code
• Avoid an X crash on i915 DRMKMS
• Add a postinstall(8) check to ensure that /etc/man.conf reflects the modern mandoc world (PR 50020)
• Add a postinstall(8) check to ensure that /etc/fonts/fonts.conf is up to date
• tset(1): Fix handling of the erase character
• gdb(1): Fix attaching to a running process again after previously detaching
• NPF: handle unregistered interfaces correctly
• npfctl(8): Fix a NULL dereference
• zgrep(1): suppress the prefixing of filename on output when only one file is specified, to match grep(1)'s output
• Fix lrint(x) and llrint(x) when x is larger than 2**51 (PR 49690)
• Bump MAXTSIZ and MAXDSIZ on amiga, fixing gcc 4.8 execution
• Fix MKCTF=yes on drm2 kernels
• Make clock_t unsigned int everywhere, so it's the same on LP64 and IPL32 architectures
• arm: if halt is requested and there is no console, keep looping instead of rebooting
• sparc64: Fix booting of kernels with more than 4 MB combined .data and .bss segments
• powerpc: Fix occasional FPU register corruption (PR 50037)
• m68k: Fix atomic_cas_{8,16} and __sync_bool_compare_and_swap_{1,2,4} (PR 49995)

The full list of changes can be found near the bottom of http://ftp.NetBSD.org/pub/NetBSD/NetBSD-7.0_RC2/CHANGES-7.0

Binaries of NetBSD 7.0_RC2 are available for download at:

http://ftp.NetBSD.org/pub/NetBSD/NetBSD-7.0_RC2/

Those who prefer to build from source can either use the netbsd-7-0-RC2 tag or follow the netbsd-7 branch.

As always, please let us know how 7.0_RC2 works for you! Any feedback, whether good or bad, is welcome. Problems should be reported through the usual channels (submit a PR or write to the appropriate list). More general feedback is welcome at releng@NetBSD.org.

[1 comment]

 

NetBSD on the NVIDIA Jetson TK1

NetBSD is now running on the NVIDIA Jetson TK1 development kit. The NVIDIA Jetson TK1 is a quad-core ARMv7 development board that features an NVIDIA Tegra K1 (32-bit) SoC (quad-core Cortex-A15 @ 2.3GHz), 2GB RAM, gigabit ethernet, SATA, HDMI, mini-PCIE, and more.

[Read More] [0 comments]