FreeBSD Status Report Third Quarter 2023
Here is the third 2023 status report, with 32 entries.
This is the summer quarter and thus it includes many interesting news from Google Summer of Code. Of course, we also have our usual team reports and many projects share with us their latest news. Much important work has been done for the first release of FreeBSD 14.
Have a nice read.
Lorenzo Salvadore, on behalf of the Status Team.
FreeBSD Team Reports
Entries from the various official and semi-official teams, as found in the Administration Page.
FreeBSD Core Team
Contact: FreeBSD Core Team <core@FreeBSD.org>
The FreeBSD Core Team is the governing body of FreeBSD.
Demise of Hans Petter Selasky
The FreeBSD Core Team would like to thank Hans Petter Selasky for his years of service. We were saddened by his death and joined the community in mourning.
Meetings with The FreeBSD Foundation
The Core Team and The FreeBSD Foundation continue to meet to discuss the next steps to take for the management, development, and future of FreeBSD. The Core Team had two meetings with the Board of Directors, and employees of, the Foundation. They discussed how the Foundation can help the Core Team and the Project in general.
Portmgr termlimits
The Core Team discussed with the Ports Management Team the introduction of a time limit in which a developer can belong to the team. The proposal was approved by the Ports Management Team and will take effect at the beginning of 2024, with regular lurker programs to have a steady stream of new Ports Management Team members.
Deprecation of 32-bit platforms for FreeBSD 15
Work is underway to mark support for 32-bit platforms as "deprecated" for FreeBSD 15.
Matrix IM
The testing of the Matrix instance and the Element-web client is still in progress.
The beta is planned to be released after EuroBSDCon in September.
Improve Commit Bit Expiration Policy
The Core Team will clarify how to update the PGP key once a developer has become Alumni.
EuroBSDCon
Core Team members met with the FreeBSD Foundation in Coimbra during EuroBSDcon to discuss the direction of the Project.
FreeBSD Foundation
Links:
FreeBSD Foundation
URL: https://freebsdfoundation.org/
Technology
Roadmap URL: https://freebsdfoundation.org/blog/technology-roadmap/
Donate URL:
https://freebsdfoundation.org/donate/
Foundation Partnership Program URL: https://freebsdfoundation.org/our-donors/freebsd-foundation-partnership-program/
FreeBSD
Journal URL: https://freebsdfoundation.org/journal/
Foundation
Events URL: https://freebsdfoundation.org/our-work/events/
Contact: Deb Goodkin <deb@FreeBSDFoundation.org>
The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting and promoting the FreeBSD Project and community worldwide. Donations from individuals and corporations fund and manage software development projects, conferences, and developer summits. We also provide travel grants to FreeBSD contributors, purchase and support hardware to improve and maintain FreeBSD infrastructure, and provide resources to improve security, quality assurance, and cluster administration efforts. We publish marketing material to promote, educate, and advocate for FreeBSD, facilitate collaboration between commercial vendors and FreeBSD developers, and finally, represent the FreeBSD Project in executing contracts, license agreements, and other legal arrangements that require a recognized legal entity.
This quarter we helped FreeBSD celebrate its 30th anniversary! This excitement has propelled us to accelerate our efforts to move FreeBSD forward in growth and innovation, which has focused us on identifying key areas we can invest our resources. At our board meeting in September, we refined our goals to focus on increasing FreeBSD adoption and visibility, diversifying our funding stream, and investing in the community health and long-term stability of the Project. We are in the process of identifying the key audiences and markets to target, while putting measurable outcomes to these goals.
In this status report, you will read more about our work to help further FreeBSD’s growth and innovation. We will highlight all the technical work we are doing to improve FreeBSD, both by our internal staff of software developers, as well as external project funding efforts. You will read about our advocacy work to promote FreeBSD to audiences outside of our community. Finally, you will see the great efforts made to connect with current and potential commercial users.
Fundraising
We would like to express our sincere gratitude to all those who generously donated to support our work. In addition to numerous individual contributions, we are especially grateful for the significant donations from NetApp, Netflix, and ARM. In Q3 alone, we received $183,842, bringing our total for the year to $375,000. This year our budget is around $2,230,000, which includes increased spending toward FreeBSD advocacy and software development. More than half of our budget is allocated toward work directly related to improving FreeBSD and keeping it secure. By providing a dedicated individual focused on partnerships, we can effectively emphasize the significance of investing in our efforts and underscore the long-term viability of FreeBSD to companies. Your support is crucial to our mission, and we deeply appreciate your commitment to the FreeBSD community. Please consider making a donation toward our 2023 fundraising campaign! https://freebsdfoundation.org/donate/ For our larger commercial donors, check out our updated FreeBSD Foundation Partnership Program.
Partnerships and Research
For Partnerships and Research this quarter, progress was made in three key areas:
First, the Enterprise Working Group started to gather steam with growth up to 58 participants and active projects in four work streams. These are cloud native, Samba, bhyve manageability, and support for AI workloads. There is interest in several additional areas and I expect that by the end of this year and Q1 of next year, we will see meaningful feature updates in multiple areas of focus.
Second, we made good progress working with other open source community members and organizations, notably the Open Source Initiative, to advance proposals and technology from the FreeBSD community. Working with the Open Source Initiative’s Open Policy Alliance, we are submitting a response to the US government’s request for information on how the US government can support open source security and sustainability. As part of this, Greg Wallace participated on a panel organized by the Open Policy Alliance at the recent All Things Open conference in Raleigh, North Carolina. Greg Wallace has also been tracking how the US government incorporates CHERI into its policy recommendations for security by default, such as this recent report from US and global government security agencies. On Page 28, CHERI is listed right after Rust as a key 'Secure by Design' tactic.
Finally, we continue to strengthen partnerships with a growing number of companies using FreeBSD. Several conferences aided these relationships, including EuroBSDCon, Open Source Summit, and All Things Open. We have also developed a new program to support vendor/cloud users that work with the US government. The program details will be announced at the FreeBSD Vendor Summit.
Advocacy
Much of our effort is dedicated to the FreeBSD Project advocacy. This may involve highlighting interesting FreeBSD work, producing literature and video tutorials, attending events, or giving presentations. The goal of the literature we produce is to teach people FreeBSD basics and help make their path to adoption or contribution easier. Other than attending and presenting at events, we encourage and help community members run their own FreeBSD events, give presentations, or staff FreeBSD tables.
The FreeBSD Foundation sponsors many conferences, events, and summits around the globe. These events can be BSD-related, open source, or technology events geared towards underrepresented groups. We support the FreeBSD-focused events to help provide a venue for sharing knowledge, working together on projects, and facilitating collaboration between developers and commercial users. This all helps provide a healthy ecosystem. We support the non-FreeBSD events to promote and raise awareness of FreeBSD, to increase the use of FreeBSD in different applications, and to recruit more contributors to the Project. We continue to add new events to our yearly roster. This July, we held a workshop and staffed a table at FOSSY, a new open source conference in Portland, Oregon. In addition to attending and planning conferences, we are continually working on new training initiatives and updating our selection of how-to guides to facilitate getting more folks to try out FreeBSD.
Check out some of our advocacy work:
-
Held a workshop and hosted a table at FOSSY, July 13-16, 2023, in Portland, Oregon.
-
Friend-level sponsor of COSCUP, July 27-29, 2023, in New Taipei, Taiwan
-
Presented at the EuroBSDCon FreeBSD Developer Summit, and sponsored and staffed a table at EuroBSDCon 2023, September 14-17, 2023 in Coimbra, Portugal
-
Attended the Open Source Summit, Europe, September 19-21, Bilbao, Spain
-
Continued planning the November 2023 FreeBSD Vendor Summit, taking place November 2-3, 2023, in San Jose, California
-
Continued to administer our Google Summer of Code program
-
Published the July Newsletter
-
Additional Blog Posts
-
Advocating at Events: May 2023 FreeBSD Dev Summit and BSDCan
-
Meet the FreeBSD Google Summer of Code Students
-
Meet The Summer 2023 University of Waterloo Co-Op Student: Naman Sood
-
-
FreeBSD in the News
We help educate the world about FreeBSD by publishing the professionally produced FreeBSD Journal. As we mentioned previously, the FreeBSD Journal is now a free publication. Find out more and access the latest issues at https://www.freebsdfoundation.org/journal/.
You can find out more about events we attended and upcoming events at https://freebsdfoundation.org/our-work/events/.
OS Improvements
During the third quarter of 2023, 282 src, 652 ports, and 24 doc tree commits identified The FreeBSD Foundation as a sponsor. Some of this Foundation-sponsored work is described in separate report entries:
Members of the Technology Team attended EuroBSDCon 2023 in Coimbra, Portugal. Li-Wen Hsu gave a tutorial to help newcomers contribute to FreeBSD. Before the conference, the FreeBSD Developer Summit took place, where the team presented a short update on their recent work.
Six summer internships or projects wrapped up.
-
Jake Freeland spent the summer working on a a Capsicum project to trace violations, adapt various daemons such as syslogd(8), and write documentation.
-
Naman Sood worked on various tasks, mostly related to networking.
-
En-Wei Wu completed another wireless internship to improve and extend wtap, the net80211(4) Wi-Fi simulator.
-
Yan-Hao Wang worked on a documentation and testing project to, e.g., build an online man page editor and add test cases for some userspace tools.
-
Christos Margiolis completed his project to improve the kinst DTrace provider by implementing inline function tracing and porting kinst to arm64 and riscv.
-
In preparation for FreeBSD 14.0, Muhammad Moinur (Moin) Rahman committed over 700 fixes or workarounds for ports affected by recent OpenSSL and LLVM updates.
For more information about current and past Foundation-contracted work, visit the Foundation Projects page.
Here is a sampling of other Foundation-sponsored work completed over the quarter:
-
Improved riscv64 CPU identity and feature detection
-
Rewrote intro(9) man page from scratch
-
Performed code maintenance and fixed bugs in the hwpmc(4) module and the pmc(3) library and tools
-
Committed various freebsd-update(8) fixes in preparation for FreeBSD 14.0
-
Committed many (37) updates and fixes to the LinuxKPI, iwlwifi, and net802.11 code
-
Updated SSH first to OpenSSH 9.3p2, then 9.4p1
-
Patched ssh-keygen to generate Ed25519 keys when invoked without arguments
-
Added a clean-room implementation of the Linux membarrier(2) system call
-
Increased MAXCPU to 1024 on amd64 and arm64
-
Committed fixes for automatic Zenbleed misbehavior/data leaks prevention on affected machines (via chicken bit)
-
Reviewed the use of scheduling priorities throughout the kernel for work in progress to harden the rtprio() system call and make it more useful in some cases.
Supporting FreeBSD Infrastructure
The Foundation provides hardware and two staff members to help support the FreeBSD cluster. With your donations, the Foundation, in coordination with the Cluster Administration Team, purchased five new package builders, three new web servers, a new firewall/router, two package mirrors, and two new servers for continuous integration. With the exception of one of the package mirrors, all the new hardware will be located on the east coast of the USA.
Continuous Integration and Quality Assurance
The Foundation provides a full-time staff member and funds projects to improve continuous integration, automated testing, and overall quality assurance efforts for the FreeBSD project. You can read more about CI work in a dedicated report entry.
Legal/FreeBSD IP
The Foundation owns the FreeBSD trademarks, and it is our responsibility to protect them. We also provide legal support for the core team to investigate questions that arise.
Go to https://freebsdfoundation.org to find more about how we support FreeBSD and how we can help you!
FreeBSD Release Engineering Team
Links:
FreeBSD
14.0-RELEASE schedule URL: https://www.freebsd.org/releases/14.0R/schedule/
FreeBSD
releases URL: https://download.freebsd.org/releases/ISO-IMAGES/
FreeBSD
development snapshots URL: https://download.freebsd.org/snapshots/ISO-IMAGES/
Contact: FreeBSD Release Engineering Team, <re@FreeBSD.org>
The FreeBSD Release Engineering Team is responsible for setting and publishing release schedules for official project releases of FreeBSD, announcing code freezes and maintaining the respective branches, among other things.
During the third quarter of the year, the FreeBSD Release Engineering Team started work on the upcoming 14.0-RELEASE cycle. As of this writing, BETA3 had been released, with BETA4 to follow shortly after.
The Release Engineering Team continued providing weekly development snapshot builds for the main and stable/13 branches.
Sponsor: Tarsnap
Sponsor: https://www.gofundme.com/f/gjbbsd/
Sponsor: The FreeBSD Foundation
Continuous Integration
Links:
FreeBSD Jenkins Instance URL:
https://ci.FreeBSD.org
FreeBSD CI Tinderbox
view URL: https://https://tinderbox.freebsd.org
FreeBSD CI artifact
archive URL: https://artifact.ci.FreeBSD.org
Hosted CI wiki URL:
https://wiki.FreeBSD.org/HostedCI
3rd Party
Software CI URL: https://wiki.FreeBSD.org/3rdPartySoftwareCI
Tickets related to freebsd-testing@ URL: https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=open&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals
FreeBSD CI
Repository URL: https://github.com/freebsd/freebsd-ci
dev-ci
Mailing List URL: https://lists.FreeBSD.org/subscription/dev-ci
Contact: Jenkins Admin <jenkins-admin@FreeBSD.org>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
Contact: freebsd-testing
Mailing List
Contact: IRC #freebsd-ci channel on EFNet
In the third quarter of 2023, we worked with the project contributors and developers to address their testing requirements. Concurrently, we collaborated with external projects and companies to enhance their products by testing more on FreeBSD.
Important completed tasks:
-
Add jobs for stable/14 branch
-
Update the "Tinderbox" view of the CI results, now includes test results and the "starting point" of the current failing or unstable series.
-
This is mainly done by the Foundation intern, Yan-Hao Wang. His other contributions are in the other entry of this report.
Work in progress tasks:
-
Designing and implementing pre-commit CI building and testing and pull/merged-request based system (to support the workflow working group)
-
Proof of concept system is in progress.
-
Designing and implementing use of CI cluster to build release artifacts as release engineering does
-
Simplifying CI/test environment setting up for contributors and developers
-
Setting up the CI stage environment and putting the experimental jobs on it
-
Improving the hardware test lab and adding more hardware for testing
Open or queued tasks:
-
Collecting and sorting CI tasks and ideas
-
Setting up public network access for the VM guest running tests
-
Implementing use of bare-metal hardware to run test suites
-
Adding drm ports building tests against -CURRENT
-
Planning to run ztest tests
-
Helping more software get FreeBSD support in its CI pipeline (Wiki pages: 3rdPartySoftwareCI, HostedCI)
-
Working with hosted CI providers to have better FreeBSD support
Please see freebsd-testing@ related tickets for more WIP information, and do not hesitate to join the effort!
Sponsor: The FreeBSD Foundation
Ports Collection
Links:
About FreeBSD Ports
URL:https://www.FreeBSD.org/ports/
Contributing to Ports URL: https://docs.freebsd.org/en/articles/contributing/#ports-contributing
FreeBSD Ports Monitoring
URL: http://portsmon.freebsd.org/
Ports Management
Team URL: https://www.freebsd.org/portmgr/
Ports
Tarball URL: http://ftp.freebsd.org/pub/FreeBSD/ports/ports/
Contact: René Ladan <portmgr-secretary@FreeBSD.org>
Contact: FreeBSD Ports Management Team <portmgr@FreeBSD.org>
The Ports Management Team is responsible for overseeing the overall direction of the Ports Tree, building packages, and personnel matters. Below is what happened in the last quarter.
-
According to INDEX, there are currently 34,600 ports in the Ports Collection. There are currently 3,000 open ports PRs of which some 730 are unassigned. The last quarter saw 11,454 commits by 130 committers on the main branch and 828 commits by 37 committers on the 2023Q3 branch. Compared to last quarter, this means a slight decrease in the number of unassigned PRs, a 10% increase in the number of commits on the main branch but also less backports to the quarterly branch. The number of ports also grew a bit.
During Q3 we welcomed Joel Bodenmann (jbo@) as a new ports committer, granted a ports commit bit to mizhka@ who was already a src committer, and took the commit bits of knu@ and uqs@ in for safe-keeping after a year of inactivity.
Portgmr discussed and worked on the following things during Q3:
-
Some progress has been made on sub-packages and a lightning talk was given by pizzamig@ at EuroBSDCon
-
Overhauling some parts of the ports tree (LIB_DEPENDS, PREFIX, MANPREFIX, MANPATH)
Support for FreeBSD 13.1 was removed from the ports tree as it reached its end-of-life on August 1st.
The following happened on the infrastructure side:
-
USES for ebur128 and guile were added
-
Default versions for Mono, Perl, and PostgreSQL were updated to respectively 5.20, 5.34, and 15
-
Default versions for ebur128, guile, and pycryptography were added at respectively "rust", 2.2, and "rust"
-
Updates to major ports that happened were:
-
pkg to 1.20.7
-
chromium to 117.0.5938.132
-
Firefox to 118.0.1
-
KDE to 5.27.8
-
Rust to 1.72.0
-
Wine to 8.0.2
-
During the last quarter, pgkmgr@ ran 18 exp-runs to test various ports upgrades, updates to default versions of ports, and changes to pycryptography.
Projects
Projects that span multiple categories, from the kernel and userspace to the Ports Collection or external projects.
Filling gaps in the FreeBSD desktop experience
Links:
External
media manager URL: https://github.com/outpaddling/qmediamanager
devd-based
automounter URL: https://github.com/outpaddling/devd-mount
SUID mount
tool URL: https://github.com/outpaddling/npmount
Popup
notification for updates URL: https://github.com/outpaddling/freebsd-update-notify
Contact: Jason Bacon <jwb@FreeBSD.org>
The sysutils/desktop-installer port, available for over a decade now, quickly configures a bare FreeBSD system with any desktop environment or window manager. However, the FreeBSD base and ports collection has been missing some common features that end users expect from a desktop OS.
The desktop-installer battery monitor script has been enhanced to display popup notifications at various levels of charge/discharge.
deskutils/qmediamanager, in conjunction with sysutils/devd-mount and sysutils/npmount, mounts inserted media upon notification from devd, and displays a popup window offering the user options to show filesystem information, open a file manager, reformat, copy a disk image to the device, or unmount. It provides a convenient and secure way to work with external media such as USB sticks.
A fourth new port — deskutils/freebsd-update-notify — displays a popup when new base updates are available, or when a configurable time limit has elapsed. If the user chooses to proceed with updates, the entire system is updated (packages, ports, and base) with auto-update-system(1) (a feature of sysutils/auto-admin).
These new tools bring the FreeBSD desktop experience a step closer to the convenience of the most popular desktop operating systems.
The tools are effectively prototypes, stable and reliable, but in need of review. Feedback from users regarding default behavior and configuration options will be appreciated.
LLDB Kernel Module Improvement
Links:
GSoC Wiki Project URL: https://wiki.freebsd.org/SummerOfCode2023Projects/LLDBKernelModuleImprovement
Project Codebase URL: https://github.com/aokblast/freebsd-src/tree/lldb_dynamicloader_freebsd_kernel
LLVM
PullRequest URL: https://github.com/llvm/llvm-project/pull/67106
Contact: Sheng-Yi Hong <aokblast@FreeBSD.org>
The LLDB Kernel Module Improvement Project described in the previous quarter report implements DynamicLoader Plugin for FreeBSD Kernel on LLDB.
All of the work is done — that is, this plugin can correctly load all kernel modules and their debug files extracted from kernel coredump.
This plugin has been tested on both x86-64 for relocatable type kernel module and arm64(EC2) for shared library type kernel module. Both of these platforms show this plugin works well.
Currently, this plugin prepares to be landed to LLVM codebase in LLVM PullRequest
Sponsor: The Google Summer of Code '23 program
Userland
Changes affecting the base system and programs in it.
OpenSSL 3 in base — Improved
Links:
OpenSSL Downloads
URL: https://www.openssl.org/source/
Contact: Pierre Pronchery <pierre@freebsdfoundation.org>
This is a follow-up to the previous quarterly report on the integration of OpenSSL 3 into the base system.
The most obvious updates since the previous report are certainly the 3.0.10 and then 3.0.11 releases, fixing CVE issues with low to medium severity (CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-4807).
However these are not the only changes, and this quarter some issues specific to the integration were fixed, most of which were found while building ports with OpenSSL 3 in the base system.
Fixes included:
-
Linking the engines and the legacy provider with the libcrypto.so shared object, for proper visibility of symbols, and for which a hack was required in the build system.
-
Correcting the list of source files for the FIPS provider.
-
Ensuring backward compatibility for the deprecated 0.9.8 API, which was notably helpful for the PAM authentication module from security/pam_ssh_agent_auth, based on OpenSSH’s ssh-agent(1) authentication mechanism.
Login Classes Fixes and Improvements
Contact: Olivier Certner <olce.freebsd.statusreports@certner.fr>
Context
Login classes are a mechanism mainly used to set various process properties and attributes at login, depending on the user logging in and the login class he is a member of. A login class typically specifies resource limits, environment variables and process properties such as scheduling priority and umask. See login.conf(5) for more information.
Changes
The priority
and umask
capabilities
now accept the inherit
special value to explicitly
request property inheritance from the login process. This is
useful, e.g., when temporarily logging in as another user from a
process with a non-default priority to ensure that processes
launched by this user still have the same priority level.
Users can now override the global setting for the
priority
capability (in /etc/login.conf) in their local configuration
file (~/.login_conf). Note however
that they cannot increase their priority if they are not
privileged, and that using inherit
in this context
makes no sense, since the global setting is always applied
first.
Fixes:
-
Fix a bug where, when the
priority
capability specifies a realtime priority, the final priority used was off-by-one (and the numerically highest priority in the real time class (31) could never be set). -
Security: Prevent a setuid/setgid process from applying directives from some user’s ~/.login_conf (directives there that cannot be applied because of a lack of privileges could suddenly become applicable in such a process).
We have also updated the relevant manual pages to reflect the
new functionality, and improved the description of the
priority
and umask
capabilities in
login.conf(5).
Status
Some of the patches in the series have been reviewed thanks to Konstantin Belousov and Warner Losh. Other patches are waiting for reviews (and reviewers, volunteers welcome!), which are not expected to be labored.
We plan to improve consistency by deprecating the priority reset
to 0 when no value for the capability priority
is
explicitly specified, which has been the case for
umask
for 15+ years.
Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for some reviews)
Kernel
Updates to kernel subsystems/features, driver support, filesystems, and more.
Enabling Snapshots on Filesystems Using Journaled Soft Updates
Contact: Marshall Kirk McKusick <mckusick@FreeBSD.org>
This project has made UFS/FFS filesystem snapshots available when running with journaled soft updates. The details of this project were described in the 2022 fourth quarter report.
This project had two milestones:
The first milestone of this project was to make it possible to take snapshots when running with journaled soft updates and to use them for doing background dumps on a live filesystem. Background dumps are requested by using the -L flag to dump(8). This milestone was completed in Q4 of 2022 and was made available in the 13.2 release as described in the 2023 first quarter report.
The second milestone of this project was to do a background check using a snapshot on a filesystem running with journaled soft updates. This milestone was completed in the third quarter of 2023 in time to be included as part of the 14.0 release. It was also made available in the 13.2-STABLE release.
Sponsored by: The FreeBSD Foundation
SquashFS driver for FreeBSD kernel
Links:
Wiki page URL: https://wiki.freebsd.org/SummerOfCode2023Projects/PortSquashFuseToTheFreeBSDKernel
Source
code URL: https://github.com/Mashijams/freebsd-src/tree/gsoc/testing
Contact: Raghav Sharma <raghav@FreeBSD.org>
This quarter we finished SquashFS driver work for the kernel. We now can mount SquashFS archives on FreeBSD 13.2-RELEASE or greater, and perform all basic read-only filesystem operations.
Code work includes:
-
Implementing vop_lookup() and vop_readdir() hooks for directory read support.
-
Implementing vop_read() and vop_strategy() hooks for files read support.
-
Implementing vop_readlink() hook for symlinks read support.
We also implemented extended attributes interface functions for SquashFS. All that remains is to implement their kernel interface hooks.
There were a lot of bug fixes as well. One major issue was to
find out why we can not list the first entry of the root directory,
it transpires that SquashFS could have inode_number
as
zero, which the kernel, for some reason, skips while listing
dirents. For now, we fixed it by passing dummy
inode_number
, instead of zero, to dirent.
The code review is currently ongoing with my mentor Chuck Tuffli.
I am happy to say that SquashFS will find its place in upcoming FreeBSD releases.
Sponsor: The Google Summer of Code 2023 program
Process Visibility Security Policies
Contact: Olivier Certner <olce.freebsd.statusreports@certner.fr>
Context
FreeBSD implements three built-in security policies that limit which processes are visible to particular users, with the goal of preventing information leaks and unwanted interactions.
The first one can prevent an unprivileged user from seeing or
interacting with processes that do not have the user’s UID as their
real UID. It can be activated by setting the sysctl
security.bsd.see_other_uids
to 0 (default is 1).
The second one can prevent an unprivileged user from seeing or
interacting with processes whose credentials do not have any group
that the user is a member of. It can be activated by setting the
sysctl security.bsd.see_other_gids
to 0 (default is
1).
The third one can prevent an unprivileged user’s process from
seeing or interacting with processes that are in a jail that is a
strict sub-jail of the former. The jail subsystem already prevents
such a process to see processes in jails that are not descendant of
its own (see
jail(8) and in particular the section "Hierarchical Jails").
One possible use of this policy is, in conjunction with the first
one above, to hide processes in sub-jails that have the same real
UID as some user in an ancestor jail, because users having
identical UIDs in these different jails are logically considered as
different users. It can be activated by setting the sysctl
security.bsd.see_jail_proc
to 0 (default is 1).
After a review of these policies' code and real world testing, we noticed a number of problems and limitations which prompted us to work on this topic.
Changes
The policy controlled by the
security.bsd.see_jail_proc
sysctl has received the
following fixes and improvements:
-
Harden the
security.bsd.see_jail_proc
policy by preventing unauthorized users from attempting to kill, change priority of or debug processes with same (real) UID in a sub-jail at random, which, provided the PID of such a process is guessed correctly, would succeed even if these processes are not visible to them. -
Make this policy overridable by MAC policies, as are the others.
The policy controlled by
security.bsd.see_other_gids
was fixed to consider the
real group of a process instead of its effective group when
determining whether the user trying to access the process is a
member of one of the process' groups. The rationale is that some
user should continue to see processes it has launched even when
they acquire further privileges by virtue of the setgid bit.
Conversely, they should not see processes launched by a privileged
user that temporarily enters the user’s primary group. This new
behavior is consistent with what
security.bsd.see_other_uids
has always been doing for
user IDs (i.e., considering some process' real user ID and not the
effective ID).
We have updated manual pages related to these security policies, including security(7), sysctl(8), and ptrace(2). Several manual pages of internal functions either implementing or leveraging these policies have also been revamped.
Status
Thanks to the help of Mitchell Horne, Pau Amma, Benedict Reuschling and Ed Maste, most of the submitted changes have been reviewed and approved, so they should reach the tree soon. The patch series starts with review D40626. From there, click on the "Stack" tab to see the full list of reviews implementing the changes.
As a later step, we are considering turning the
security.bsd.see_jail_proc
policy on by default (i.e.,
the default value of the sysctl would become 0) unless there are
objections.
Sponsor: Kumacom SAS (for development work)
Sponsor: The FreeBSD Foundation (for most of the reviews)
Linux compatibility layer update
Links:
Linuxulator status
Wiki page URL: https://wiki.freebsd.org/Linuxulator
Linux app status Wiki
page URL: https://wiki.freebsd.org/LinuxApps
Contact: Dmitry Chagin <dchagin@FreeBSD.org>
The goal of this project is to improve FreeBSD’s ability to execute unmodified linux(4) binaries.
As of 22dca7acf775, xattr system calls are implemented. That makes it possible to use Linux rsync.
As of bbe017e0415a, ioprio system calls are implemented. That makes it possible to debootstrap Ubuntu 23.04.
Architectures
Updating platform-specific features and bringing in support for new hardware platforms.
NXP DPAA2 support
Links:
DPAA2 in
the FreeBSD source tree URL: https://cgit.freebsd.org/src/tree/sys/dev/dpaa2
DPAA2 on Github
URL: https://github.com/mcusim/freebsd-src
Contact: Dmitry Salychev <dsl@FreeBSD.org>
Contact: Bjoern A. Zeeb <bz@FreeBSD.org>
What is DPAA2?
DPAA2 is a hardware-level networking architecture found in some NXP SoCs which contains hardware blocks including Management Complex (MC, a command interface to manipulate DPAA2 objects), Wire Rate I/O processor (WRIOP, packets distribution, queuing, drop decisions), Queues and Buffers Manager (QBMan, Rx/Tx queues control, Rx buffer pools) and others. The Management Complex runs NXP-supplied firmware which provides DPAA2 objects as an abstraction layer over those blocks to simplify access to the underlying hardware.
Changes from the previous report
-
Isolation between DPAA2 channels improved.
-
Panic under heavy network load fixed.
-
FDT/ACPI MDIO support.
-
NFS root mount do not hang on netboot over DPAA2 anymore.
-
Drivers started to communicate with MC via their own command portals (DPMCP).
Work in Progress
Work on dev/sff started to support SFF/SFP modules in order to test DPAA2 drivers on links above 1 Gbit/s.
Plan
-
Heavy network load tests (2.5 Gbit/s, 10 Gbit/s) and bottlenecks mitigation.
-
Cached memory-backed software portals.
-
Driver resources de-allocation to unload dpaa2.ko properly.
-
Further parts (DPSW, DCE, etc.) supported by the hardware.
Sponsor: Traverse Technologies (providing Ten64 HW for testing)
SIMD enhancements for amd64
Links:
Project
proposal URL: http://fuz.su/~fuz/freebsd/2023-04-05_libc-proposal.txt
simd(7) URL: https://man.freebsd.org/cgi/man.cgi?query=simd&sektion=7&manpath=FreeBSD+15.0-CURRENT
Contact: Robert Clausecker <fuz@FreeBSD.org>
SIMD instruction set extensions such as SSE, AVX, and NEON are ubiquitous on modern computers and offer performance advantages for many applications. The goal of this project is to provide SIMD-enhanced versions of common libc functions (mostly those described in string(3)), speeding up most C programs.
For each function optimised, up to four implementations will be provided:
-
a scalar implementation optimised for amd64, but without any SIMD usage,
-
either a baseline implementation using SSE and SSE2, or an x86-64-v2 implementation using all SSE extensions up to SSE4.2,
-
an x86-64-v3 implementation using AVX and AVX2, and
-
an x86-64-v4 implementation using AVX-512F/BW/CD/DQ.
Users will be able to select which level of SIMD enhancements to
use by setting the ARCHLEVEL
environment variable.
While the current project only concerns amd64, the work may be expanded to other architectures like arm64 in the future.
During the last few months, significant progress has been made on this project. SIMD-enhanced versions of bcmp(3), index(3), memchr(3), memcmp(3), stpcpy(3), strchr(3), strchrnul(3), strcpy(3), strcspn(3), strlen(3), strnlen(3), and strspn(3) have landed. Functions memcpy(3), memmove(3), strcmp(3), timingsafe_bcmp(3) (see D41673), and timingsafe_memcmp(3) (see D41696) are work in progress. Unfortunately, the work has not made the cut for FreeBSD 14.0, but it is slated to be part of FreeBSD 14.1.
Sponsor: The FreeBSD Foundation
Integrate mfsBSD into the Release Building Tools
Links:
Wiki Article URL: https://wiki.freebsd.org/SummerOfCode2023Projects/IntegrateMfsBSDIntoTheReleaseBuildingTools
Code Review on
Phabricator URL: https://reviews.freebsd.org/D41705
FreeBSD Foundation Blog Post URL: https://freebsdfoundation.org/blog/meet-the-2023-freebsd-google-summer-of-code-students-soobin-rho/
Contact: Soobin Rho <soobinrho@FreeBSD.org>
What is mfsBSD?
"mfsBSD is a toolset to create small-sized but full-featured mfsroot based distributions of FreeBSD that store all files in memory (MFS) [Memory File System] and load from hard drive, USB storage device, or optical medium. It can be used for a variety of purposes, including diskless systems, recovery partitions and remotely overwriting other operating systems."
Martin Matuška is the creator of mfsBSD. He is also author of the original (2009) mfsBSD white paper, from which the excerpt above is taken. Upstream mfsBSD is maintained in the repository on GitHub.
Purpose of this Project
This project integrates mfsBSD into the FreeBSD release tool set, creating an additional target of mfsBSD images (.img and .iso files) in /usr/src/release/Makefile. Prior to integration, mfsBSD only existed outside the FreeBSD release tool chain, and only -RELEASE versions were produced.
With this project, mfsBSD images will be available at the
official FreeBSD release page. You will also be able to build
mfsBSD yourself by invoking cd /usr/src/release && make
release WITH_MFSBSD=1
, which will then create mfsbsd-se.img and mfsbsd-se.iso at /usr/obj/usr/src/${ARCH}/release/.
Changes from last quarter
The code is ready, and is currently under review. If you would like to get involved with the review process, please feel free to do so! Here is my revision.
Sponsor: Google, Inc. (GSoC 2023)
Cloud
Updating cloud-specific features and bringing in support for new cloud platforms.
OpenStack on FreeBSD
Links:
OpenStack URL: https://www.openstack.org/
OpenStack on
FreeBSD URL: https://github.com/openstack-on-freebsd
Contact: Chih-Hsin Chang <starbops@hey.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
OpenStack, an open-source cloud operating system, has been a valuable resource for deploying various resource types on cloud platforms. However, the challenge has been running OpenStack’s control plane on FreeBSD hosts. Our project’s mission is to enable FreeBSD to function seamlessly as an OpenStack host.
Throughout this quarter, we focused on the last bit of the
entire proof of concept (POC), the VM console integration. The goal
is to let users get serial consoles via the OpenStack client to
access the VM instances running on the FreeBSD-based OpenStack
cluster. This is also important because right now we do not have a
port for the managed DHCP service in Neutron. Users need to
manually configure the correct IP addresses for the VM instances to
have network connectivity. However,
bhyve(8) does not natively expose serial consoles, so we need
to instead export the
nmdm(4) device over the network. This is done by a custom proxy
called
socat-manager
, and yes, we leverage
socat(1) to listen on specific ports allocated by OpenStack
nova-compute
to be integrated into their workflow.
With the aid of another critical part, the
custom Libvirt hook for bhyve, we can connect the two endpoints
and make the consoles accessible to the users. During development
of the hook script, we found that the hook interface provided by
Libvirt specifically for bhyve was not well
implemented. Fortunately, the Libvirt developer
fixed the issue promptly, and we plan to refine our hook script
when the fix is released in the future.
We also addressed the nested bhyve issue (running bhyve VMs on
top of Linux KVM) in our development environment mentioned in
the last quarterly report. It is caused by the APIC emulation
of the two VT-x features: VID
and
PostIntr
.
Our host’s CPUs have these two features so we need to disable them at the L1 guest, which acts as a bhyve host, in /boot/loader.conf to make L2 guests not hanging. It is crucial for us to be able to work on the project in a fully virtualized environment due to the lack of physical resources. This could be equally important for people interested in the project, lowering the bar for them to try out or validate the entire POC on their environment without too demanding setup requirements.
Looking ahead to Q4, our focus is wrapping up the POC with revised documentation and porting to FreeBSD 14.0-RELEASE. Dependencies that lack the corresponding FreeBSD packages will be ported one by one. We also aim to rebase our work with OpenStack 2023.1 Antelope. We invite those interested to explore our documentation and contribute to this project’s success.
Sponsor: The FreeBSD Foundation
FreeBSD on Microsoft HyperV and Azure
Links:
Microsoft Azure
article on FreeBSD wiki URL: https://wiki.freebsd.org/MicrosoftAzure
Microsoft HyperV article
on FreeBSD wiki URL: https://wiki.freebsd.org/HyperV
Contact: Microsoft FreeBSD Integration Services Team
<bsdic@microsoft.com>
Contact: freebsd-cloud
Mailing List
Contact: The FreeBSD Azure Release Engineering Team <releng-azure@FreeBSD.org>
Contact: Wei Hu <whu@FreeBSD.org>
Contact: Souradeep Chakrabarti <schakrabarti@microsoft.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
In this quarter, we have worked mainly on ARM64 architecture
support and building and publishing both UFS and ZFS based images
to
Azure community gallery. There are some testing images
available in the project’s testing public gallery, named
FreeBSDCGTest-d8a43fa5-745a-4910-9f71-0c9da2ac22bf
:
-
FreeBSD-CURRENT-testing
-
FreeBSD-CURRENT-gen2-testing
-
FreeBSD-CURRENT-arm64-testing
-
FreeBSD-CURRENT-zfs-testing
-
FreeBSD-CURRENT-zfs-gen1-testing
To use them, when creating a virtual machine:
-
In
Select an Image
step, chooseCommunity Images
inOther items
-
Search
FreeBSD
We are aiming to provide all those images for 14.0-RELEASE.
Work in progress tasks:
-
Automating the image building and publishing process and merge to src/release/.
-
Building and publishing all supported VM images to Azure Marketplace
-
Building and publishing snapshot builds to Azure community gallery
The above tasks are sponsored by The FreeBSD Foundation, with resources provided by Microsoft.
Wei Hu and Souradeep Chakrabarti have fixed several critical bugs in arm64:
The root cause was identified and fixed in e7a9817b8d32: Hyper-V: vmbus: implementat bus_get_dma_tag in vmbus
And continue working on improving Microsoft Azure Network Adapter (MANA) support.
Open tasks:
-
Update FreeBSD related doc at Microsoft Learn
-
Support FreeBSD in Azure Pipelines
-
Update Azure agent port to the latest version
-
Upstream local modifications of Azure agent
Sponsor: Microsoft for people in Microsoft, and for resources
for the rest
Sponsor: The FreeBSD Foundation for everything else
FreeBSD on EC2
Links:
FreeBSD/EC2 Patreon
URL: https://www.patreon.com/cperciva
Contact: Colin Percival <cperciva@FreeBSD.org>
FreeBSD is available on both x86 (Intel and AMD) and ARM64 (Graviton) EC2 instances. Work continues to ensure that upcoming instance types will be supported.
Weekly FreeBSD snapshots now include experimental ZFS-root AMIs for 14.0 and 15.0. This change will be present in FreeBSD 14.0-RELEASE.
Work is underway to start publishing experimental "cloud-init" AMIs. This is expected to arrive in time for FreeBSD 14.0-RELEASE.
This work is supported by Colin’s FreeBSD/EC2 Patreon.
Documentation
Noteworthy changes in the documentation tree, manual pages, or new external books/documents.
Documentation Engineering Team
Link: FreeBSD
Documentation Project URL: https://www.freebsd.org/docproj/
Link: FreeBSD
Documentation Project Primer for New Contributors URL: https://docs.freebsd.org/en/books/fdp-primer/
Link: Documentation
Engineering Team URL: https://www.freebsd.org/administration/#t-doceng
Contact: FreeBSD Doceng Team <doceng@FreeBSD.org>
The doceng@ team is a body to handle some of the meta-project issues associated with the FreeBSD Documentation Project; for more information, see the FreeBSD Doceng Team Charter.
During this quarter:
-
The search functionality of the documentation portal was moved from DuckDuckGo to our own search engine; for more information, see this commit
-
grahamperrin@'s doc commit bit was taken for safekeeping as per his request
-
pluknet@'s doc commit bit was taken for safekeeping as per his request.
FreeBSD Translations on Weblate
Link: Translate
FreeBSD on Weblate URL: https://wiki.freebsd.org/Doc/Translation/Weblate
Link: FreeBSD Weblate
Instance URL: https://translate-dev.freebsd.org/
Q3 2023 Status
-
17 team languages
-
189 registered users
Four new translators joined Weblate:
-
minso in Korean (ko) and French (fr_FR)
-
strgalt-t in German (de_DE)
-
bsdmeg in German (de_DE)
-
mvsf in Portuguese (pt_BR)
Languages
-
Chinese (Simplified) (zh-cn) (progress: 7%)
-
Chinese (Traditional) (zh-tw) (progress: 3%)
-
Dutch (nl) (progress: 1%)
-
French (fr) (progress: 1%)
-
German (de) (progress: 1%)
-
Indonesian (id) (progress: 1%)
-
Italian (it) (progress: 5%)
-
Korean (ko) (progress: 33%)
-
Norwegian (nb-no) (progress: 1%)
-
Persian (fa-ir) (progress: 2%)
-
Polish (progress: 1%)
-
Portuguese (progress: 0%)
-
Portuguese (pt-br) (progress: 22%)
-
Spanish (es) (progress: 35%)
-
Turkish (tr) (progress: 2%)
We want to thank everyone that contributed, translating or reviewing documents.
And please, help promote this effort on your local user group, we always need more volunteers.
FreeBSD Handbook Working Group
Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>
-
The next section to work on will be the file systems part: UFS, OpenZFS, Other File Systems.
FAQ Working Group
Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>
The idea is to write a new FAQ. Will be released alongside FreeBSD 14.0.
FreeBSD Website Revamp — WebApps Working Group
Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>
Working group in charge of creating the new FreeBSD Documentation Portal and redesigning the FreeBSD main website and its components. FreeBSD developers can follow and join the working group on the FreeBSD Slack channel #wg-www21. The work will be divided into three phases:
-
Redesign of the Manual Pages on web
Scripts to generate the HTML pages using mandoc. (Complete, Approved by Doceng, Deploy Date Not Decided Yet) Public instance on https://man-dev.FreeBSD.org
-
Redesign of the FreeBSD main website
New design, responsive and dark theme. (Almost Complete, Presented at EuroBSDCon)
-
Redesign of the Ports page on web
Ports scripts to create an applications portal. (Work in progress)
FreeBSD Online Editor and Man Page Editor
Links:
FreeBSD
Online Document Editor URL: https://github.com/Wang-Yan-Hao/FreeBSD-Online-Document-Editor
FreeBSD
Online Man Page Editor URL: https://github.com/Wang-Yan-Hao/man_page_editor
Contact: Yan-Hao Wang <bses30074@gmail.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
Currently, our document translation process involves using Weblate and direct editing of the doc repository. We acknowledge that this process can be somewhat cumbersome, so we are striving to offer a more convenient alternative, similar to what the wiki community does. Introducing the Online Document Editor and Man Page Editor, a user-friendly, WYSIWYG static site designed for translating documents and man pages. Our goal is to consolidate all translation functions within a single platform, making the translation process as straightforward as possible.
However, we still require assistance with these two projects, as follows:
-
The Document editor and Man page editor were developed using simple JavaScript. We are seeking a web developer to assess the code’s efficiency since I (Yan-Hao Wang) am not well-versed in front-end development.
-
We are also seeking a cybersecurity developer to assist us in identifying and addressing security issues within these two projects. This is crucial to ensure the secure hosting of these projects and mitigate any potential vulnerabilities.
-
As there is currently no existing JavaScript library to render mandoc, I had to create my own. However, there are still some concealed errors during the editing process. We are in need of a JavaScript developer to help rectify these rendering issues.
Sponsor: FreeBSD Foundation
FreeBSD Expert System
Contact: Yan-Hao Wang <bses30074@gmail.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
Machine Learning and Deep Learning technologies have become increasingly prevalent in today’s world, much like the proliferation of ChatGPT. We are working on developing a ChatGPT plugin that can access the latest FreeBSD data, transforming ChatGPT into a FreeBSD expert system. We have already scripted data cleaning and built an embedded model to search for relevant information.
Nevertheless, we require assistance for the following aspect of this project:
-
While I am not an expert in Machine Learning or Deep Learning, we encounter numerous challenges in these domains, such as the adequacy of data cleaning and uncertainties in the final plugin development process. We would appreciate guidance in this regard.
Sponsor: FreeBSD Foundation
Ports
Changes affecting the Ports Collection, whether sweeping changes that touch most of the tree, or individual ports themselves.
KDE on FreeBSD
Links:
KDE/FreeBSD initiative URL:
https://freebsd.kde.org/
FreeBSD — KDE Community
Wiki URL: https://community.kde.org/FreeBSD
Contact: Adriaan de Groot <kde@FreeBSD.org>
The KDE on FreeBSD project packages CMake, Qt, and software from the KDE Community, for the FreeBSD ports tree. The software includes a full desktop environment called KDE Plasma (for both X11 and Wayland) and hundreds of applications that can be used on any FreeBSD machine.
The KDE team (kde@) is part of desktop@ and x11@, building the software stack to make FreeBSD beautiful and usable as a daily-driver graphical desktop workstation. The notes below describe mostly ports for KDE, but also include items that are important for the entire desktop stack.
Infrastructure
Qt5 is now on long-term support and updates only rarely. There was an update to 5.15.10 in this quarter. Qt6 is now updated with the regular upstream releases, with the 6.5.2 release landing at the end of July and 6.5.3 following later.
CMake saw no updates this quarter, so we are now lagging by at least one minor release. The changelog for the latest releases does not have much for FreeBSD, so there is no special reason to upgrade.
sysutils/polkit and sysutils/consolekit2 were both updated, bringing improved security policy and console handling to the FreeBSD desktop. x11/sddm was updated to provide a better graphical login manager.
multimedia/pipewire was updated to version 0.3.81. This provides multimedia support for desktops such as KDE and GNOME.
KDE Stack
KDE Gear releases happen every quarter, KDE Plasma updates once a month, and KDE Frameworks have a new release every month as well. These (large) updates land shortly after their upstream release and are not listed separately.
-
KDE Frameworks reached version 5.110. The KDE Frameworks 5 series is winding down, although it will be six months or so before it enters long-term support upstream.
-
KDE Plasma Desktop was updated to version 5.27.8. Just like frameworks, work on KDE Plasma 5 is winding down upstream in favor of KDE Plasma 6.
-
KDE Gear updated to 23.08.1.
Related Ports
The KDE ecosystem includes a wide range of ports — most maintained by kde@, all building on a shared base of Qt and KDE Frameworks. The kde@ team updates them all as needed. This quarter, for instance, tcberner@ and arrowd@ updated or fixed (much more than) this selection of ports:
Thanks to jhale@, devel/qtcreator was updated to 11.0.3, providing another featureful integrated development environment for creating Qt and KDE applications.
Deprecations
Web browsers are huge, and have a considerable security surface. The venerable www/qt5-webkit WebKit port has been slated for removal and consumers have been moved to WebEngine. The fork of WebKit that we relied on is no longer actively maintained.
Pantheon desktop on FreeBSD
Links:
elementary OS URL: https://elementary.io/
Development
repository URL: https://codeberg.org/olivierd/freebsd-ports-elementary
Contact: Olivier Duchateau <duchateau.olivier@gmail.com>
The Pantheon desktop environment is designed for elementary OS. It builds on GNOME technologies (such as Mutter, GTK 3 and 4) and it is written in Vala. The goal is to have a complete desktop environment for end users.
13.2-RELEASE or higher is required, because several core components depend on deskutils/xdg-desktop-portal.
The repository contains a file called elementary.mk for the Mk/Uses framework, official applications, and curated ports which depend on x11-toolkits/granite7.
I have submitted several patches in order to keep these ports up-to-date:
The bug reports for updating the following ports are still open on bugzilla:
-
x11-toolkits/granite7: Update to 7.3.0
-
deskutils/elementary-calendar: Update to 7.0.0
-
x11/elementary-terminal: Update to 6.1.2
In the same time, I have also worked on updating the GNOME stack (especially WebKitGTK, libwnck, Mutter, Vala). I noticed several regressions particularly with x11/plank (it is related to monitoring open applications).
Three new applications have been added to the development repository:
-
deskutils/atlas, a map viewer
-
deskutils/nimbus, a weather applet
-
audio/leopod, podcasts client
FreeBSD Office Team
Links:
The FreeBSD Office
project URL: https://wiki.freebsd.org/Office
The
FreeBSD Office mailing list URL: https://lists.freebsd.org/subscription/freebsd-office
Contact: FreeBSD Office team ML <office@FreeBSD.org>
Contact: Dima Panov <fluffy@FreeBSD.org>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
The FreeBSD Office team works on a number of office-related software suites and tools such as OpenOffice and LibreOffice.
Work during this quarter was focused on providing the latest stable release of LibreOffice suite and companion apps to all FreeBSD users.
During the 2023Q3 period we pushed maintenance patches for the LibreOffice port and brought the latest, 7.6.2, release and all companion libraries such as MDDS, libIxion and more to the ports tree. All prerelease development of LibreOffice ports is carried out in the in LibreOffice WIP repo.
Together with LibreOffice, we also updated Boost to the latest, 1.83 release. Everyone interested in Boost porting can submit patches to the Boost WIP repository.
We are looking for people to help with the open tasks:
-
The open bugs list contains all filed issues which need some attention
-
Upstream local patches in ports
Patches, comments and objections are always welcome in the mailing list and Bugzilla.
Wifibox: Use Linux to Drive your Wireless Card on FreeBSD
Links:
Project GitHub
Page URL: https://github.com/pgj/freebsd-wifibox
net/wifibox
port URL: https://cgit.freebsd.org/ports/tree/net/wifibox
Contact: PÁLI Gábor János <pali.gabor@gmail.com>
Wifibox is an experimental project for exploring the ways of deploying a virtualized Linux guest to drive wireless networking cards on the FreeBSD host system. There have been guides to describe how to set this up manually, and Wifibox aims to implement those ideas as a single easy-to-use software package.
-
It uses bhyve(8) to run the embedded Linux system. This helps to achieve low resource footprint. It requires an x64 CPU with I/O MMU (AMD-Vi, Intel VT-d), ~150 MB physical memory, and some disk space available for the guest virtual disk image, which can be even ~30 MB only in certain cases. It works with FreeBSD 12 and later, some cards may require FreeBSD 13 though.
-
The guest is constructed using Alpine Linux, a security-oriented, lightweight distribution based on musl libc and BusyBox, with some custom extensions and patches imported from Arch Linux most notably. It is shipped with a number of diagnostic tools for better management of the hardware in use. The recent version features Linux 6.1, but Linux 6.5 is also available as an alternative.
-
Configuration files are shared with the host system. The guest uses wpa_supplicant(8) or hostapd(8) (depending on the configuration) so it is possible to import the host’s wpa_supplicant.conf(5) or hostapd.conf(5) file without any changes.
-
When configured, wpa_supplicant(8) and hostapd(8) control sockets could be exposed by the guest, which enables use of related utilities directly from the host, such as wpa_cli(8) or wpa_gui(8) from the net/wpa_supplicant_gui package, or hostapd_cli(8).
-
Everything is shipped in a single package that can be easily installed and removed. This comes with an rc(8) system service that automatically launches the guest on boot and stops it on shutdown.
-
It can be configured to forward IPv6 traffic, which is currently an experimental option but turned on by default.
Wifibox has been mainly tested with Intel chipsets, and it has shown great performance and stability. Therefore, it might serve as an interim solution whilst FreeBSD matures its support for these chipsets.
It was confirmed that Wifibox works with Atheros, Realtek, and Mediatek chipsets too, and feedback is more than welcome about others. Broadcom chips (that are often found in MacBook Pros) can also work, but there are known stability issues.
GCC on FreeBSD
Links:
GCC Project URL: https://gcc.gnu.org/
GCC 10 release series
URL: https://gcc.gnu.org/gcc-10/
GCC 11 release series
URL: https://gcc.gnu.org/gcc-11/
GCC 12 release series
URL: https://gcc.gnu.org/gcc-12/
GCC 13 release series
URL: https://gcc.gnu.org/gcc-13/
Contact: Lorenzo Salvadore <salvadore@FreeBSD.org>
The process to update GCC default version to GCC 13 has started with an exp-run. Thanks to Antoine Brodin who ran the exp-run and to all other developers and ports maintainers involved.
The same exp-run contains additional patches as anticipated in last quarterly status report. In particular, it contains patches to update
-
lang/gcc11 to version 11.4.0;
-
lang/gcc12 to version 12.3.0;
-
lang/gcc13 to version 13.2.0.
The reader might remember that I had planned to update GCC default version to GCC 13 as soon as 13.1.0 was out, but as it can be noted the GCC developers were faster to release 13.2.0 than I was working on the GCC ports.
Most of the bugs reported in the exp-run are due to the same
error: error: expected identifier before
'__is_convertible'
. It seems that the issue is an
incompatibility between FreeBSD 12’s libcxx and GCC 13 headers.
Please check the discussion
in the exp-run for more information and to provide your
feedback.
Valgrind: valgrind-devel updated for FreeBSD 15
Links:
Valgrind Home Page URL:
https://www.valgrind.org/
Valgrind
News URL: https://www.valgrind.org/docs/manual/dist.news.html
Contact: Paul Floyd <pjfloyd@wanadoo.fr>
devel/valgrind-devel is in the process of being updated. This contains most of what will be in the official release of Valgrind 3.22 due out in October.
memcheck
has been enhanced with some more checks.
It will now report usage of realloc
with a size of
zero. Such usage is not portable and is deprecated (C23 will make
it Undefined Behaviour). memcheck
now validates the
values used for alignment and sized delete for
memalign
, posix_memalign
,
aligned_alloc
and all aligned and sized overloads of
operator new
and operator delete
. Reading
DWARF
debuginfo is now done in a lazy manner which can
improve performance.
As usual there are numerous small bugfixes.
Specific to FreeBSD there is now support for FreeBSD 15. Two
extra _umtx_op
operations are now supported,
UMTX_OP_GET_MIN_TIMEOUT
and
UMTX_OP_SET_MIN_TIMEOUT
. There is a fix for the use of
sysctl kern proc pathname with the guest pid or -1, which
previously returned the path of the Valgrind host. The sysctl will
now return the path of the guest. Support for the
close_range
system call has been added.
GitLab 16.3 Available
Link:
Gitlab 16.3 New Features URL: https://about.gitlab.com/releases/2023/08/22/gitlab-16-3-released/
Contact: Matthias Fechner <mfechner@FreeBSD.org>
GitLab is a DevOps platform. It brings velocity with confidence, security without sacrifice, and visibility into DevOps success.
Version 16.3 is now available on FreeBSD: please check the www/gitlab-ce port. The upgrade is very important as version 16.3 will be required for all further upgrades. Upgrade to 16.4 is only possible from GitLab 16.3.
Documentation for installation can be found at https://gitlab.fechner.net/mfechner/Gitlab-docu/-/blob/master/install/16.3-freebsd.md?ref_type=heads. Documentation for upgrading is available at https://gitlab.fechner.net/mfechner/Gitlab-docu/-/blob/master/update/16.1-16.3-freebsd.md?ref_type=heads.
I will wait for the upgrade to 16.4 (which will be released around 20.9. or 22.9., not sure) until ports quarterly branch 2023Q4 is created, to avoid breaking systems that do not use the main branch (latest). GitLab users should always choose the main branch, as described in the installation manual.
PortOptsCLI — Ports Collection Accessibility
Contact: Alfonso Sabato Siciliano <asiciliano@FreeBSD.org>
Contact: FreeBSD Accessibility mailing list <freebsd-accessibility@FreeBSD.org>
FreeBSD provides the Ports Collection to give users and
administrators a simple way to install applications. It is possible
to configure a port before the building and installation. The
command make config
uses ports-mgmt/dialog4ports
and ports-mgmt/portconfig
to set up a port interactively via a text user interface (TUI).
Unfortunately, screen readers perform poorly with a TUI; it is a well-known accessibility problem. FreeBSD provides tens of thousands of ports; port configuration is a key feature, but it is inaccessible to users with vision impairment.
PortOptsCLI (Port Options CLI) is a new utility for setting port options via a command line interface. Properly, PortOptsCLI provides commands to navigate configuration dialogues (checklists and/or radio buttons) and set up their items interactively. It is also suitable for a speech synthesizer; currently it is tested with accessibility/orca. PortOptsCLI can be installed via the ports-mgmt/portoptscli port or package.
Tips and new ideas are welcome. If possible, send reports to the FreeBSD Accessibility mailing list, to share and to track discussions in a public place.
Third Party Projects
Many projects build upon FreeBSD or incorporate components of FreeBSD into their project. As these projects may be of interest to the broader FreeBSD community, we sometimes include brief updates submitted by these projects in our quarterly report. The FreeBSD project makes no representation as to the accuracy or veracity of any claims in these submissions.
Introducing the BSD Cafe project
Links:
BSD Cafe project homepage URL:
https://wiki.bsd.cafe/
BSD Cafe Mastodon instance
URL: https://mastodon.bsd.cafe/
Contact: Stefano Marinelli <stefano@dragas.it>
We are thrilled to unveil the inaugural component of the BSD Cafe project!
Months ago, when I first registered the bsd.cafe domain, I envisioned a themed bar where friends, acquaintances, and patrons could gather for casual conversations about *BSD systems, Linux, and open-source technology. Just like any bar, our discussions can encompass a wide array of topics, all while maintaining a spirit of mutual respect.
BSD Cafe is poised to become a hub for a variety of tools and services, all powered by *BSD.
Our initial offering is a brand-new instance of Mastodon (open-source microblogging software and service), serving as a gateway to the fediverse — a federation of services, many of which use the ActivityPub decentralised social networking protocol. Registration is now open. The server operates under clearly defined guidelines that promote positive conduct and unequivocally prohibit any form of hate. Inclusiveness, respect, and constructive dialogue stand as the cornerstones of this instance.
Our primary server is currently hosted in Finland on a small VM, running on FreeBSD. Services are partitioned into VNET jails, interconnected within a local area network through a dedicated bridge. Additionally, we implement a VPN system and have the flexibility to migrate individual jails to more robust machines.
For multimedia data and cache hosting, we employ a separate physical server (also FreeBSD-based, within a jail), fronted by Cloudflare. The goal here is to cache and geodistribute data, effectively reducing network congestion on the main VPS.
Our reverse proxy (frontend), mail server, media server, and the instance itself are all accessible via IPv6.
At its inception, this Mastodon instance was devoid of preloaded content. Our intention is for it to grow organically, based on the interests and followers of its users. At this stage, we have refrained from preemptive blocks. We strongly encourage users to promptly report anything that they believe requires attention.
We invite you to join us at https://mastodon.bsd.cafe/ in order to cultivate a community that values constructive interactions and embraces inclusiveness — a secure and serene space meant for all.
Furthermore, we have established a website at https://wiki.bsd.cafe/, which will provide an overview of our tools, services, rules, uptime, and more.
Recently, a Miniflux installation has been performed, so the BSD Cafe users can use it as a personal RSS Feed Reader. More information: https://wiki.bsd.cafe/miniflux-bsd-cafe.
Containers and FreeBSD: Pot, Potluck and Potman
Links:
Pot organization on GitHub
URL: https://github.com/bsdpot
Contact: Luca Pizzamiglio (Pot) <pizzamig@FreeBSD.org>
Contact: Bretton Vine (Potluck) <bv@honeyguide.eu>
Contact: Michael Gmelin (Potman) <grembo@FreeBSD.org>
Pot is a jail management tool that also supports orchestration through Nomad.
During this quarter, Pot 0.15.6 was finished, adding custom pf(4) rule configuration hooks.
Additionally, Nomad Pot Driver 0.9.1 that allows setting Pot attributes in Nomad job descriptions was released.
Potluck aims to be to FreeBSD and Pot what Dockerhub is to Linux and Docker: a repository of Pot flavours and complete container images for usage with Pot and in many cases Nomad.
Quite a few new container images were made available, e.g. a Caddy S3 proxy, a Mastodon instance, and a Redis container. In total there are now 50 containers available that can either be downloaded as ready-made images at the Potluck image registry, if you trust our build process, or that you can build yourself from the Pot flavour files stored in the Potluck GitHub repository.
The July/August 2023 edition of the FreeBSD Journal contains Luca’s Jail Orchestration with pot and nomad article, explaining how to use Pot and Potluck together with Nomad to orchestrate containers on multiple hosts.
Last but not least, a patch (90b1184d93c8) added build cluster support to the devel/sccache port.
As always, feedback and patches are welcome.
Sponsors: Nikulipe UAB, Honeyguide Group
Last modified on: November 7, 2023 by Lorenzo Salvadore