YemaharaBSD Progress Report yeQ2019 XNUMX

rakabudiswa Chirevo pamusoro pekuvandudzwa kweiyo FreeBSD chirongwa kubva munaChikunguru kusvika Gunyana 2019. Pakati pekuchinja kwatinogona kuona:

• General uye systemic nyaya
  • Chikwata cheCore chakawanzo bvumidza mukana wekubatanidza kodhi muhurongwa iyo inogoverwa pasi perezinesi reBSD nechibvumirano chekuwedzera patent (BSD+Patent), asi danho rekubatanidza chikamu chega chega muhurongwa pasi peiyi rezinesi rinofanira kubvumidzwa zvakasiyana;
  • Musangano wekutanga weboka rinoshanda rakagadzirwa kuti riite kutama kwemasikisi macode kubva kune centralized source control system Kuchinja kune iyo decentralized system Git yakaitika. Hurukuro pamusoro pekugona kutama ichiri kuenderera mberi uye sarudzo pazvinhu zvakawanda hazvisati zvagadzirwa (semuenzaniso, zvekuita necontrib/, kana zvichidikanwa kudzorera hashes mune yazvino git repository uye nzira yekuitisa kuyedza anoita);
  • Kubva kuNetBSD ported KCSAN (Kernel Concurrency Sanitizer) toolkit, iyo inokutendera kuti uone mamiriro emujaho pakati petambo dzekernel dzinomhanya pamaCPU akasiyana;
  • Basa riri kuenderera mberi rekushandisa Clang's built-in assembler (IAS) pachinzvimbo cheGNU binutils assembler;
  • Iyo Linux nharaunda emulation infrastructure (Linuxulator) inogadziriswa kuti ishande pane iyo ARM64 architecture. Yaita iyo "renameat2" system call. Iyo strace utility yakagadziridzwa kuti iongorore matambudziko muLinux executables inomhanya muLinuxulator. Dambudziko rekuputsika kana uchibatanidza mafaera anogona kuitiswa neglibc nyowani rakagadziriswa. Ports ane Linux zvikamu zveLinuxulator zvakagadziridzwa kuCentOS 7.7;
  • Sechikamu chechirongwa cheGoogle Zhizha reCode, vadzidzi vakapedza mapurojekiti matanhatu zvakabudirira: kuitwa kwechinhu chakabatana (IPv4/IPv6) ping utility chakagadzirwa, maturusi ekuyedza firewall uye kuona zvikanganiso mukernel (Kernel sanitizer) akagadzirwa, iyo mac_ipacl. module yakatsanangurwa, kodhi yakanyorerwa virtual memory compression uye basa rakaitwa kuparadzanisa nzira yekuvaka port kubva pakuiswa kwenzvimbo;
  • Iyo purojekiti yekuongorora kupusa kweiyo FreeBSD kernel uchishandisa sisitimu inoenderera mberi nekukura syzkaller. Munguva yekubika, zvikanganiso zvinopfuura gumi zvakaonekwa uye zvakabviswa uchishandisa syzkaller. Kumhanyisa syzkaller mumashini chaiwo akavakirwa pabhyve, sevha yakatsaurwa inotsaurirwa, uye kushandisa
    syzbot yakamisa kuyedzwa kweakasiyana FreeBSD masisitimu muGoogle masikirwo. Kuronga kuendeswa kweruzivo nezvese tsaona kune backtrace.io sevhisi kurerutsa mapoka avo uye kuongorora;

  • Basa riri kuenderera mberi rekugadzirisa iyo zlib kuita padanho re kernel.
    Kodhi ine chekuita nekudzvanyirira yakatamiswa kubva kuzlib 1.0.4, yakaburitswa makore anopfuura makumi maviri apfuura, kune yazvino zlib 20 codebase. Kuti ubatanidze kupinda kuzlib, mabasa compress, compress1.2.11 uye uncompress akawedzerwa kune kernel. Iyo kodhi inovimbisa kushanda kwePPP protocol kubva kune netgraph subsystem yakaendeswa kuti ishandise iyo system yezlib, pachinzvimbo cheyayo edition yeraibhurari ino. Iyo kern_ctf.c, opencryptodeflate, geom_uzip, subr_compressor, subsystems zvakare yakaendeswa kune itsva zlib.
    if_mxge, bxe yakagadziridzwa uye ng_deflate;

  • Iyo itsva kernel interface iri kugadzirwa sysclininfo, iyo inokutendera kuti uwane zvinhu mu sysctl parameter dhatabhesi, yakagadziriswa muchimiro cheMIB (Management Information Base), uye kuendesa ruzivo nezvezvinhu kunzvimbo yemushandisi.
• Chengetedzo
  • Kernel module yakagadzirwa mac_ipacl, zvichibva paTrustedBSD MAC Framework uye kushandisa nzira yekudzora yekuwana yetiweki stack marongero enzvimbo dzejeri. Semuenzaniso, uchishandisa mac_ipacl, a host system administrator anogona kudzivirira mudzi mushandisi munzvimbo yejeri kubva pakuchinja kana kuseta IP kero kana subnet marongero emamwe network network. Proposed mandatory access control system Kunoitawo seta rondedzero yeIP kero uye subnets inotenderwa Jeri, inorambidza kuisirwa mamwe maIPs uye subnets muJeri, kana kuganhura kushandura maparamita chete kune mamwe network network;
  • Intel yakapa software stack port kupurojekiti TPM 2.0 (Trusted Platform Module) kuti iwirirane neyakachengeteka komputa chip, iyo inowanzo shandiswa kune yakasimbiswa kurodha ye firmware uye OS bootloader. Izvo zvikamu zve stack zvinounzwa muchimiro chezviteshi chengetedzo/tpm2-tss, chengetedzo/tpm2-zvishandiso uye chengetedzo/tpm2-abrmd. Iyo tpm2-tss chiteshi inosanganisira maraibhurari ekushandisa iyo TPM2 API, tpm2-zvishandiso inopa mitsara yemirairo yekushandisa kuita TPM mashandiro, uye tpm2-abrmd ine yekumashure maitirwo ekuita kweTPM Access Broker uye Resource Manager zvikamu zvinowanda zvikumbiro kubva kune vakasiyana vashandisi veTPM. kumudziyo mumwe chete . Kuwedzera kune yakasimbiswa booting paFreeBSD, TPM inogona kushandiswa kusimudzira chengetedzo yeStrongswan IPsec, SSH uye TLS nekuita cryptographic mashandiro pane imwe chip;
  • Iyo kernel yeamd64 architecture inochinjirwa kubhoti uchishandisa iyo W^ X (nyora XOR execute) nzira yekudzivirira, zvinoreva kuti mapeji ekurangarira haagone kuwanikwa panguva imwe chete yekunyora nekuita (iyo kernel ikozvino inogona kutakurwa uchishandisa executable memory mapeji ekunyora. zvinorambidzwa). Iyo itsva kernel kuchengetedza nzira inosanganisirwa mubazi reHEAD uye ichaverengerwa muFreeBSD 13.0 uye 12.2 kuburitswa;
  • Ye mmap uye mprotect system mafoni itwa macro PROT_MAX(), iyo inokutendera kuti uone seti yezvirambidzo zvekupinda mamureza anotenderwa kune dzimwe shanduko (PROT_READ, PROT_WRITE, PROT_EXEC). Uchishandisa PROT_MAX (), mugadziri anogona kurambidza kuendeswa kwenzvimbo yendangariro kuchikamu chinoitwa kana kukumbira ndangariro isingatenderi kuurayiwa, asi inogona kushandurwa gare gare kuti iite. Semuenzaniso, dunhu rekurangarira rinogona kuvhurika kuti rinyore chete kwenguva yesimba rekubatanidza kana JIT kodhi chizvarwa, asi kana kunyora kwapera, kunorambidzwa kuverenga nekuita chete, uye mune ramangwana, kana ikakanganisika, anorwisa. haizokwanisi kugonesa kunyora kweiyo memory block. Pamusoro pePROT_MAX(), sysctl vm.imply_prot_max inoshandiswawo, iyo kana yaitwa, inosarudza seti yemireza inoshanda zvichibva pamatanho ekutanga ekufona kummap;
  • Kuwedzera dziviriro kubva mukushandiswa kwekusagadzikana, mukuwedzera kune kero nzvimbo randomisation tekinoroji (ASLR), magadzirirwo ezvimiro zveanongedzo anogadzirisa ekutanga stack furemu uye zvimiro zvakaiswa pachituru chine ruzivo nezve nharaunda, chirongwa chekumisikidza paramita uye data. yemifananidzo inogoneka muELF fomati inokurudzirwa;
  • Basa rakaitwa kuti ribvise iyo isina kuchengetedzeka inowana basa kubva ku libc (kutanga kubva kuC11 chiyero, basa iri rakabviswa kubva pane yakatarwa) uye kugadzirisa madoko achiri kushandisa basa iri. Shanduko yakarongwa kupihwa muFreeBSD 13.0;
  • Chirongwa chekuyedza chakatangwa kugadzira maturusi ekuronga nharaunda dzejeri zvichienderana nehurongwa poto yekugadzira uye kutumira kunze mifananidzo, inoshandiswa yakafanana neDocker, uye mutyairi nomad, iyo inopa interface yekutangisa zvine simba maapplication munzvimbo yejeri. Iyo yakatsanangurwa modhi inotibvumira kuparadzanisa maitiro ekugadzira nharaunda dzejeri uye nekuisa zvikumbiro mazviri. Chimwe chezvinangwa zvepurojekiti ndechekupa nzira yekushandisa majeri semidziyo yeDocker-style;
• Kuchengetedza uye mafaira maitiro
  • Kubva kuNetBSD kuenda kune "makefs" utility kusuduruka FAT faira system rutsigiro (msdosfs). Shanduko dzakagadzirirwa dzinokutendera kuti ugadzire mifananidzo yeFS neFAT usingashandisi md mutyairi uye pasina midzi masimba;
  • Kugadziriswazve kweFUSE (File system muUSerspace) subsystem driver kwapera, zvichibvumira kusikwa kwemafaira ekushandisa munzvimbo yemushandisi. Mutyairi akatanga kutumirwa aive netsikidzi dzakawanda uye akavakirwa paFUSE 7.8, yakaburitswa makore gumi nerimwe apfuura. Sechikamu chepurojekiti yekuvandudza mutyairi, tsigiro yeFUSE 11 protocol yaitwa, kodhi yekutarisa kodzero dzekuwana padivi rekernel ("-o default_permissions") yawedzerwa, mafoni kuVOP_MKNOD, VOP_BMAP uye VOP_ADVLOCK awedzerwa, iyo kugona kukanganisa mashandiro eFUSE kwakapihwa, rutsigiro rwepombi dzisina kudomwa uye unix sockets dzawedzerwa mumafusefs, zvave kugona kushandisa kqueue ye/dev/fuse, zvaikwanisika kugadzirisa mount paramita kuburikidza ne "mount -u", yakawedzera rutsigiro. yekutumira mafusef kunze kwenyika kuburikidza neNFS, yakashandiswa RLIMIT_FSIZE accounting, yakawedzera FOPEN_KEEP_CACHE uye FUSE_ASYNC_READ mireza, yakagadzirisa mashandiro akakosha uye yakavandudza caching sangano. Mutyairi mutsva anosanganisirwa mumusoro uye akagadzikana/7.23 matavi (akabatanidzwa muFreeBSD 12);
  • Kuitwa kweNFSv4.2 (RFC-7862) yeFreeBSD kwava kuda kupera. Chainyanya kutariswa panguva yekubika yaive pakuyedza. Miedzo yakapedzwa kuti ione kuenderana nekushandiswa kweLinux, asi kuyedzwa kweseva yepNFS neNFSv4.2 kuchiri kuenderera. Kazhinji, iyo kodhi yakatoonekwa seyakagadzirira kubatanidzwa muFreeBSD musoro/azvino mapazi. Iyo itsva vhezheni yeNFS inowedzera tsigiro ye posix_fadvise, posix_fallocate mabasa, SEEKHOLE/SEEKDATA modes mulseek, kushanda kwekukopa kwenzvimbo kwezvikamu zvefaira pane sevha (pasina kuendesa kune mutengi);
• Hardware rutsigiro
  • Chirongwa chakatangwa kuvandudza mashandiro eFreeBSD pamalaptops. Mudziyo wekutanga kuongororwa kutsigirwa kwehardware muFreeBSD yaive chizvarwa chechinomwe Lenovo X1 Carbon laptop;
  • CheriBSD, forogo yeFreeBSD yekutsvagisa processor architecture CHERI (Kugona Hardware Enhanced RISC Mirayiridzo), yakagadziridzwa kutsigira iri kuuya ARM Morello processor, iyo inotsigira iyo CHERI memory yekuwana yekudzora system yakavakirwa paCapsicum dhizaini yekuchengetedza modhi. Morello chip vari kuronga kuburitswa muna 2021. Vagadziri veCheriBSD vanoenderera mberi nekutarisa kuvandudzwa kweCHERI referensi prototype yakavakirwa paMIPS yekuvaka;
  • Yakawedzera rutsigiro rweRockChip RK3399 machipisi anoshandiswa muRockPro64 uye NanoPC-T4 mabhodhi. Kuvandudzika kwakakosha kwaiva kutsigirwa kweMMC uye kugadzirwa kwemutyairi mutsva weMMC controller inoshandiswa pabhodhi;
  • Basa rinoenderera mberi nekushandisa rutsigiro rweARM64 SoC Broadcom BCM5871X ine ARMv8 Cortex-A57 processors, ine chinangwa chekushandiswa mumarouter, magedhi uye network kuchengetedza. Munguva yekubika
    iProc PCIe rutsigiro rwakawedzerwa uye kugona kushandisa hardware cryptographic mashandiro kumhanyisa IPsec kwawedzerwa.
    Kubatanidzwa kwekodhi mubazi reHEAD inotarisirwa muchikamu chechina;

  • Pakave nekufambira mberi kwakakosha mukuvandudza kweFreeBSD chiteshi cheiyo powerpc64 papuratifomu. Tarisiro iri pakupa kuita kwemhando yepamusoro pamasisitimu ane IBM POWER8 uye POWER9 processors, asi sarudzo inotsigira mashandiro pane ekare Apple Power Macs, x500 uye Amiga A1222. Powerpc */12 bazi rinoramba richiendesa negcc 4.2.1, uye powerpc */13 bazi richatamirwa kullvm90 munguva pfupi. Kunze kwe33306 zviteshi, 30514 zvakaunganidzwa zvinobudirira;
  • FreeBSD porting inoenderera mberi ye64-bit SoC NXP LS1046A yakavakirwa paARMv8 Cortex-A72 processor ine yakasanganiswa network packet processing acceleration engine, 10 Gb Ethernet, PCIe 3.0, SATA 3.0 uye USB 3.0. Munguva yekubika, rutsigiro rwe USB 3.0, SD/MMC, I2C, DPAA uye GPIO network interface yakaitwa. Pane zvirongwa zvekutsigira QSPI uye nekugadzirisa mashandiro eiyo network interface. Kupedzwa kwebasa uye kubatanidzwa mubazi reHEAD kunotarisirwa muchikamu chechina che4;
  • Mutyairi weena akagadziridzwa kuti atsigire chizvarwa chechipiri cheENAv2 (Elastic Network Adapter) network adapters inoshandiswa muElastic Compute Cloud (EC2) zvivakwa kuronga kutaurirana pakati peEC2 node nekumhanya kunosvika 25 Gb/s. NETMAP tsigiro yakawedzerwa uye yakaedzwa kune ena mutyairi, uye ndangariro dhizaini yakagadziridzwa kuti igonese LLQ modhi muAmazon EC2 A1 nharaunda;
• Zvishandiso uye port system
  • Yakagadziridzwa graphics stack zvikamu uye xorg zvine hukama ports. Zvidhori zvinoshandisa USE_XORG uye XORG_CAT zvakaendeswa kuUSES framework pane kufonera bsd.xorg.mk kuburikidza nebsd.port.mk. Zviteshi zvakadaro zvino zvinosanganisira "USES=xorg" mureza mumafafile avo. Basa reXORG_CAT rakapatsanurwa kubva ku bsd.xorg.mk uye rava kugoneswa ne "USES=xorg-cat" mureza. Akawedzera maturusi ekugadzira zvakananga xorg ports kubva kune git repository
    freedesktop.org, iyo, semuenzaniso, inobvumidza iwe kugadzira zviteshi zvezvisati zvaburitswa shanduro. Mune ramangwana, isu tinoronga kugadzirira maturusi ekushandisa meson musangano system pachinzvimbo che autotools kuvaka xorg ports.

    Basa rakaitwa kuchenesa maxorg madoko akasungirirwa kune izvo zvisisatsigirwe, semuenzaniso, chiteshi chex11/libXp chabviswa, uye x11/Xxf86misc, x11-fonts/libXfontcache uye magirafu/libGLw zviteshi zvakabviswa. ;

  • Basa rakaitwa kuvandudza rutsigiro rweJava 11 uye kuburitswa kutsva muFreeBSD, pamwe nekuendesa dzimwe shanduko kubazi reJava 8. Mushure mekutsigirwa kwezvinhu zvitsva zvakadaro zveJava 11 seJava Flight Recorder, HotSpot Serviceability Agent, HotSpot Debugger yakaitwa. yeFreeBSD, DTrace, Javac Server, Java Sound uye SCTP, basa rakachinjika kuti rive nechokwadi chekuti bvunzo dzese dzekuenderana dzakapfuura. Huwandu hwekukundikana kana uchipfuura bvunzo hwakaderedzwa kubva pa50 kusvika ku2;
  • Iyo KDE Plasma desktop, KDE Frameworks, KDE Applications uye Qt inochengetedzwa kusvika parizvino uye yakagadziridzwa kune ichangoburwa kuburitswa;
  • Ports ine Xfce desktop yakagadziridzwa kuburitsa 4.14;
  • The FreeBSD ports tree yakapfuura 38000 ports, nhamba yePRs isina kuvharwa inopfuura zvishoma 2000, iyo 400 PRs haisati yagadziriswa. Munguva yekuzivisa, 7340 shanduko dzakaitwa kubva ku169 vanogadzira. Vatori vechikamu vaviri vatsva (Santhosh Raju naDmitri Goutnik) vakagamuchira kodzero dzekuita. Kuburitswa kutsva kwepkg 1.12 package maneja kwakaburitswa, nerutsigiro rwekuputira mumuti wechiteshi uye kuchenesa bsd.sites.mk. Pakati peakakosha vhezheni inogadziridza mumachiteshi ndeiyi: Lazarus 2.0.4, LLVM 9.0, Perl5.30, PostgreSQL 11, Ruby 2.6, Firefox 69.0.1, Firefox-esr 68.1.0, Chromium 76.0;
  • Kuvandudzwa kweprojekiti kunoenderera mberi ClonOS, kusimukira kugovera kwakasarudzika kwekuendesa virtual server infrastructure. Panyaya yemabasa ainogadzirisa, ClonOS yakafanana nehurongwa hwakadai seProxmox, Triton (Joyent), OpenStack, OpenNebula neAmazon AWS, mutsauko mukuru kubva pakushandiswa kweFreeBSD uye kugona kubata, kuendesa uye kubata FreeBSD Jail midziyo uye. chaiwo nharaunda yakavakirwa paBhyve uye Xen hypervisors. Shanduko dzichangoburwa dzinosanganisira rutsigiro
    cloud-init yeLinux/BSD VM uye cloudbase-init yeWindows VM, kutanga shanduko yekushandisa mifananidzo yemuno, uchishandisa Jenkins CI yekuyedza kuvaka uye itsva pkg repository yekuisa.
    ClonOS kubva pamapakeji.

Source: opennet.ru