NetBSD 10.0 BETA available
After nearly 3 whole years of development (work started on NetBSD 10 in late 2019), BETA snapshots have finally been published for interested users to test. More changes will be backported from the development branch over the next few months before we tag a final release, so the BETA images will keep getting updated.
[Read More] [7 comments]
Wayland on NetBSD - trials and tribulations
After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet!
[Read More] [6 comments]
VAX port needs help
Looking for volunteers to help VAX gcc, now collecting bounties...
[Read More] [5 comments]
Towards backtracing through signal trampolines and fresh libc++
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support, porting to i386.
During the last month, I've finally managed to create proper reproducers (and tests) for the remaining concurrent signal delivery problems. I have started working on backtracing through signal trampolines, and prepared a libc++ update.
[Read More] [0 comments]
LLDB: watchpoints, XSTATE in ptrace() and core dumps
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support and lately extending NetBSD's ptrace interface to cover more register types and fix compat32 issues. You can read more about that in my May 2019 report.
In June, I have finally finished the remaining ptrace()
work
for xstate and got it merged both on NetBSD and LLDB end (meaning it's
going to make it into NetBSD 9). I have also worked on debug register
support in LLDB, effectively fixing watchpoint support. Once again
I had to fight some upstream regressions.
Adapting TriforceAFL for NetBSD, Part 1
Prepared by Akul Pillai as part of GSoC 2019.
The first coding period of The Google Summer of Code has come to an end. It has been a great experience so far and I got the opportunity to learn a lot of new stuff. This is a report on the work I have during this coding period.
[Read More] [5 comments]
Using acme.sh for Let's Encrypt certificates on pkgsrc.org servers
Peter Wemm's writeup about using acme.sh for FreeBSD.org served as inspiration, but I chose to do a few things different:
- using DNS alias mode with sub-domains dedicated to ACME verification
- delegating the sub-domains to the servers where the certificate will be needed
- using bind on the servers where the certificate will be needed (where it was running as resolver already anyway)
- using dns_nsupdate (i.e. dynamic DNS) to add the challenge to the ACME subzone.
options { .... allow-update { localhost; }; .... }; zone "acme-www.pkgsrc.org" { type master; file "acme/acme-www.pkgsrc.org"; update-policy { grant acme-ddns name _acme-challenge.acme-www.pkgsrc.org. TXT; }; };And last but not least, deployment of certificates via make, i.e. completely independent of acme.sh.
Due to all of the above, acme.sh does not need to tentacle about in the filesystem and can run as a plain user in a chroot. It's not a tiny chroot, though (20M), since acme.sh needs a bunch of common shell tools:
- awk basename cat chmod cp curl cut date egrep/grep head mkdir mktemp mv nsupdate od openssl printf readlink rm sed sh sleep stat tail touch tr uname, and their shared libs, /libexec/ld.elf_so and /usr/libexec/ld.elf_so;
- under the chroot /etc a resolv.conf, the CA cert for Let's Encrypt (mozilla-rootcert-60.pem) and to make openssl complain less an empty openssl.cnf
- and in the chroot /dev: null, random and urandom.
I call both the acme.sh --cron job and the certificate deployment make from daily.local, which adds the output to the daily mail and makes it easy to keep an eye on things. [0 comments]
Finishing leftover tasks from Google Summer of Code
Over the past month, I was coordinating and coding the remaining post-GSoC tasks. This mostly covers work around honggfuzz and sanitizers.[Read More] [0 comments]
NetBSD on Allwinner SoCs Update
Since the last update, we've made a number of improvements to the NetBSD Allwinner port. The SUNXI kernel has grown support for 8 new SoCs, and we added many new device drivers to the source repository.
[Read More] [2 comments]
Porting NetBSD to Allwinner H3 SoCs
A new SUNXI evbarm kernel has appeared recently in NetBSD -current with support for boards based on the Allwinner H3 system on a chip (SoC). The H3 SoC is a quad-core Cortex-A7 SoC designed primarily for set-top boxes, but has managed to find its way into many single-board computers (SBC). This is one of the first evbarm ports built from the ground up with device tree support, which helps us to use a single kernel config to support many different boards.
[Read More] [15 comments]
LLDB: Sanitizing the debugger's runtime
This month I started to work on correcting of the ptrace(2) layer, as test suites used to trigger failures on the kernel side. This finally ended up sanitizing the LLDB runtime as well, addressing LLDB and NetBSD userland bugs.[Read More] [1 comment]
NetBSD 7.1_RC2 available
NetBSD 7.1_RC2 is now available, bringing numerous security fixes.[Read More] [1 comment]