HardenedBSD/UPDATING
Alexander V. Chernikov 603eaf792b Renove faith(4) and faithd(8) from base. It looks like industry
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.

No objections from:	net@
2014-11-09 21:33:01 +00:00

1027 lines
42 KiB
Plaintext

Updating Information for FreeBSD current users.
This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
See end of file for further details. For commonly done items, please see the
COMMON ITEMS: section later in the file. These instructions assume that you
basically know what you are doing. If not, then please consult the FreeBSD
handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
the tip of head, and then rebuild without this option. The bootstrap process from
older version of current across the gcc/clang cutover is a bit fragile.
NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
FreeBSD 11.x has many debugging features turned on, in both the kernel
and userland. These features attempt to detect incorrect use of
system primitives, and encourage loud failure through extra sanity
checking and fail stop semantics. They also substantially impact
system performance. If you want to do performance measurement,
benchmarking, and optimization, you'll want to turn them off. This
includes various WITNESS- related kernel options, INVARIANTS, malloc
debugging flags in userland, and various verbose features in the
kernel. Many developers choose to disable these features on build
machines to maximize performance. (To completely disable malloc
debugging, define MALLOC_PRODUCTION in /etc/make.conf, or to merely
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20141109:
faith(4) and faithd(8) has been removed from base system. It
has been obsolete for a very long time.
20141104:
vt(4), the new console driver, is enabled by default. It brings
support for Unicode and double-width characters, as well as
support for UEFI and integration with the KMS kernel video
drivers.
You may need to update your console settings in /etc/rc.conf,
most probably the keymap. During boot, /etc/rc.d/syscons will
indicate what you need to do.
vt(4) still has issues and lacks some features compared to
syscons(4). See the wiki for up-to-date information:
https://wiki.freebsd.org/Newcons
If you want to keep using syscons(4), you can do so by adding
the following line to /boot/loader.conf:
kern.vty=sc
20141102:
pjdfstest has been integrated into kyua as an opt-in test suite.
Please see share/doc/pjdfstest/README for a more details on how to
execute it.
20141009:
gperf has been removed from the base system for architectures
that use clang. Ports that require gperf will obtain it from the
devel/gperf port.
20140923:
pjdfstest has been moved from tools/regression/pjdfstest to
contrib/pjdfstest .
20140922:
At svn r271982, The default linux compat kernel ABI has been adjusted
to 2.6.18 in support of the linux-c6 compat ports infrastructure
update. If you wish to continue using the linux-f10 compat ports,
add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
encouraged to update their linux-compat packages to linux-c6 during
their next update cycle.
20140729:
The ofwfb driver, used to provide a graphics console on PowerPC when
using vt(4), no longer allows mmap() of all of physical memory. This
will prevent Xorg on PowerPC with some ATI graphics cards from
initializing properly unless x11-servers/xorg-server is updated to
1.12.4_8 or newer.
20140723:
The xdev targets have been converted to using TARGET and
TARGET_ARCH instead of XDEV and XDEV_ARCH.
20140719:
The default unbound configuration has been modified to address
issues with reverse lookups on networks that use private
address ranges. If you use the local_unbound service, run
"service local_unbound setup" as root to regenerate your
configuration, then "service local_unbound reload" to load the
new configuration.
20140709:
The GNU texinfo and GNU info pages are not built and installed
anymore, WITH_INFO knob has been added to allow to built and install
them again.
20140708:
The GNU readline library is now an INTERNALLIB - that is, it is
statically linked into consumers (GDB and variants) in the base
system, and the shared library is no longer installed. The
devel/readline port is available for third party software that
requires readline.
20140702:
The Itanium architecture (ia64) has been removed from the list of
known architectures. This is the first step in the removal of the
architecture.
20140701:
Commit r268115 has added NFSv4.1 server support, merged from
projects/nfsv4.1-server. Since this includes changes to the
internal interfaces between the NFS related modules, a full
build of the kernel and modules will be necessary.
__FreeBSD_version has been bumped.
20140629:
The WITHOUT_VT_SUPPORT kernel config knob has been renamed
WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
which differs from the behaviour controlled by this knob.)
20140619:
Maximal length of the serial number in CTL was increased from 16 to
64 chars, that breaks ABI. All CTL-related tools, such as ctladm
and ctld, need to be rebuilt to work with a new kernel.
20140606:
The libatf-c and libatf-c++ major versions were downgraded to 0 and
1 respectively to match the upstream numbers. They were out of
sync because, when they were originally added to FreeBSD, the
upstream versions were not respected. These libraries are private
and not yet built by default, so renumbering them should be a
non-issue. However, unclean source trees will yield broken test
programs once the operator executes "make delete-old-libs" after a
"make installworld".
Additionally, the atf-sh binary was made private by moving it into
/usr/libexec/. Already-built shell test programs will keep the
path to the old binary so they will break after "make delete-old"
is run.
If you are using WITH_TESTS=yes (not the default), wipe the object
tree and rebuild from scratch to prevent spurious test failures.
This is only needed once: the misnumbered libraries and misplaced
binaries have been added to OptionalObsoleteFiles.inc so they will
be removed during a clean upgrade.
20140512:
Clang and llvm have been upgraded to 3.4.1 release.
20140508:
We bogusly installed src.opts.mk in /usr/share/mk. This file should
be removed to avoid issues in the future (and has been added to
ObsoleteFiles.inc).
20140505:
/etc/src.conf now affects only builds of the FreeBSD src tree. In the
past, it affected all builds that used the bsd.*.mk files. The old
behavior was a bug, but people may have relied upon it. To get this
behavior back, you can .include /etc/src.conf from /etc/make.conf
(which is still global and isn't changed). This also changes the
behavior of incremental builds inside the tree of individual
directories. Set MAKESYSPATH to ".../share/mk" to do that.
Although this has survived make universe and some upgrade scenarios,
other upgrade scenarios may have broken. At least one form of
temporary breakage was fixed with MAKESYSPATH settings for buildworld
as well... In cases where MAKESYSPATH isn't working with this
setting, you'll need to set it to the full path to your tree.
One side effect of all this cleaning up is that bsd.compiler.mk
is no longer implicitly included by bsd.own.mk. If you wish to
use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
as well.
20140430:
The lindev device has been removed since /dev/full has been made a
standard device. __FreeBSD_version has been bumped.
20140418:
The YES_HESIOD knob has been removed. It has been obsolete for
a decade. Please move to using WITH_HESIOD instead or your builds
will silently lack HESIOD.
20140405:
The uart(4) driver has been changed with respect to its handling
of the low-level console. Previously the uart(4) driver prevented
any process from changing the baudrate or the CLOCAL and HUPCL
control flags. By removing the restrictions, operators can make
changes to the serial console port without having to reboot.
However, when getty(8) is started on the serial device that is
associated with the low-level console, a misconfigured terminal
line in /etc/ttys will now have a real impact.
Before upgrading the kernel, make sure that /etc/ttys has the
serial console device configured as 3wire without baudrate to
preserve the previous behaviour. E.g:
ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
20140306:
Support for libwrap (TCP wrappers) in rpcbind was disabled by default
to improve performance. To re-enable it, if needed, run rpcbind
with command line option -W.
20140226:
Switched back to the GPL dtc compiler due to updates in the upstream
dts files not being supported by the BSDL dtc compiler. You will need
to rebuild your kernel toolchain to pick up the new compiler. Core dumps
may result while building dtb files during a kernel build if you fail
to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
20140216:
Clang and llvm have been upgraded to 3.4 release.
20140216:
The nve(4) driver has been removed. Please use the nfe(4) driver
for NVIDIA nForce MCP Ethernet adapters instead.
20140212:
An ABI incompatibility crept into the libc++ 3.4 import in r261283.
This could cause certain C++ applications using shared libraries built
against the previous version of libc++ to crash. The incompatibility
has now been fixed, but any C++ applications or shared libraries built
between r261283 and r261801 should be recompiled.
20140204:
OpenSSH will now ignore errors caused by kernel lacking of Capsicum
capability mode support. Please note that enabling the feature in
kernel is still highly recommended.
20140131:
OpenSSH is now built with sandbox support, and will use sandbox as
the default privilege separation method. This requires Capsicum
capability mode support in kernel.
20140128:
The libelf and libdwarf libraries have been updated to newer
versions from upstream. Shared library version numbers for
these two libraries were bumped. Any ports or binaries
requiring these two libraries should be recompiled.
__FreeBSD_version is bumped to 1100006.
20140110:
If a Makefile in a tests/ directory was auto-generating a Kyuafile
instead of providing an explicit one, this would prevent such
Makefile from providing its own Kyuafile in the future during
NO_CLEAN builds. This has been fixed in the Makefiles but manual
intervention is needed to clean an objdir if you use NO_CLEAN:
# find /usr/obj -name Kyuafile | xargs rm -f
20131213:
The behavior of gss_pseudo_random() for the krb5 mechanism
has changed, for applications requesting a longer random string
than produced by the underlying enctype's pseudo-random() function.
In particular, the random string produced from a session key of
enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
be different at the 17th octet and later, after this change.
The counter used in the PRF+ construction is now encoded as a
big-endian integer in accordance with RFC 4402.
__FreeBSD_version is bumped to 1100004.
20131108:
The WITHOUT_ATF build knob has been removed and its functionality
has been subsumed into the more generic WITHOUT_TESTS. If you were
using the former to disable the build of the ATF libraries, you
should change your settings to use the latter.
20131025:
The default version of mtree is nmtree which is obtained from
NetBSD. The output is generally the same, but may vary
slightly. If you found you need identical output adding
"-F freebsd9" to the command line should do the trick. For the
time being, the old mtree is available as fmtree.
20131014:
libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
1.1.4_8 and verify bsdyml not linked in, before running "make
delete-old-libs":
# make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
or
# pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
20131010:
The rc.d/jail script has been updated to support jail(8)
configuration file. The "jail_<jname>_*" rc.conf(5) variables
for per-jail configuration are automatically converted to
/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
This is transparently backward compatible. See below about some
incompatibilities and rc.conf(5) manual page for more details.
These variables are now deprecated in favor of jail(8) configuration
file. One can use "rc.d/jail config <jname>" command to generate
a jail(8) configuration file in /var/run/jail.<jname>.conf without
running the jail(8) utility. The default pathname of the
configuration file is /etc/jail.conf and can be specified by
using $jail_conf or $jail_<jname>_conf variables.
Please note that jail_devfs_ruleset accepts an integer at
this moment. Please consider to rewrite the ruleset name
with an integer.
20130930:
BIND has been removed from the base system. If all you need
is a local resolver, simply enable and start the local_unbound
service instead. Otherwise, several versions of BIND are
available in the ports tree. The dns/bind99 port is one example.
With this change, nslookup(1) and dig(1) are no longer in the base
system. Users should instead use host(1) and drill(1) which are
in the base system. Alternatively, nslookup and dig can
be obtained by installing the dns/bind-tools port.
20130916:
With the addition of unbound(8), a new unbound user is now
required during installworld. "mergemaster -p" can be used to
add the user prior to installworld, as documented in the handbook.
20130911:
OpenSSH is now built with DNSSEC support, and will by default
silently trust signed SSHFP records. This can be controlled with
the VerifyHostKeyDNS client configuration setting. DNSSEC support
can be disabled entirely with the WITHOUT_LDNS option in src.conf.
20130906:
The GNU Compiler Collection and C++ standard library (libstdc++)
are no longer built by default on platforms where clang is the system
compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
options in src.conf.
20130905:
The PROCDESC kernel option is now part of the GENERIC kernel
configuration and is required for the rwhod(8) to work.
If you are using custom kernel configuration, you should include
'options PROCDESC'.
20130905:
The API and ABI related to the Capsicum framework was modified
in backward incompatible way. The userland libraries and programs
have to be recompiled to work with the new kernel. This includes the
following libraries and programs, but the whole buildworld is
advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
kdump, procstat, rwho, rwhod, uniq.
20130903:
AES-NI intrinsic support has been added to gcc. The AES-NI module
has been updated to use this support. A new gcc is required to build
the aesni module on both i386 and amd64.
20130821:
The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
Thus "device padlock_rng" and "device rdrand_rng" should be
used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
20130813:
WITH_ICONV has been split into two feature sets. WITH_ICONV now
enables just the iconv* functionality and is now on by default.
WITH_LIBICONV_COMPAT enables the libiconv api and link time
compatability. Set WITHOUT_ICONV to build the old way.
If you have been using WITH_ICONV before, you will very likely
need to turn on WITH_LIBICONV_COMPAT.
20130806:
INVARIANTS option now enables DEBUG for code with OpenSolaris and
Illumos origin, including ZFS. If you have INVARIANTS in your
kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
explicitly.
DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
locks if WITNESS option was set. Because that generated a lot of
witness(9) reports and all of them were believed to be false
positives, this is no longer done. New option OPENSOLARIS_WITNESS
can be used to achieve the previous behavior.
20130806:
Timer values in IPv6 data structures now use time_uptime instead
of time_second. Although this is not a user-visible functional
change, userland utilities which directly use them---ndp(8),
rtadvd(8), and rtsold(8) in the base system---need to be updated
to r253970 or later.
20130802:
find -delete can now delete the pathnames given as arguments,
instead of only files found below them or if the pathname did
not contain any slashes. Formerly, the following error message
would result:
find: -delete: <path>: relative path potentially not safe
Deleting the pathnames given as arguments can be prevented
without error messages using -mindepth 1 or by changing
directory and passing "." as argument to find. This works in the
old as well as the new version of find.
20130726:
Behavior of devfs rules path matching has been changed.
Pattern is now always matched against fully qualified devfs
path and slash characters must be explicitly matched by
slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
subdirectories must be reviewed.
20130716:
The default ARM ABI has changed to the ARM EABI. The old ABI is
incompatible with the ARM EABI and all programs and modules will
need to be rebuilt to work with a new kernel.
To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
NOTE: Support for the old ABI will be removed in the future and
users are advised to upgrade.
20130709:
pkg_install has been disconnected from the build if you really need it
you should add WITH_PKGTOOLS in your src.conf(5).
20130709:
Most of network statistics structures were changed to be able
keep 64-bits counters. Thus all tools, that work with networking
statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
20130629:
Fix targets that run multiple make's to use && rather than ;
so that subsequent steps depend on success of previous.
NOTE: if building 'universe' with -j* on stable/8 or stable/9
it would be better to start the build using bmake, to avoid
overloading the machine.
20130618:
Fix a bug that allowed a tracing process (e.g. gdb) to write
to a memory-mapped file in the traced process's address space
even if neither the traced process nor the tracing process had
write access to that file.
20130615:
CVS has been removed from the base system. An exact copy
of the code is available from the devel/cvs port.
20130613:
Some people report the following error after the switch to bmake:
make: illegal option -- J
usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
...
*** [buildworld] Error code 2
this likely due to an old instance of make in
${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
which src/Makefile will use that blindly, if it exists, so if
you see the above error:
rm -rf `make -V MAKEPATH`
should resolve it.
20130516:
Use bmake by default.
Whereas before one could choose to build with bmake via
-DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
make. The goal is to remove these knobs for 10-RELEASE.
It is worth noting that bmake (like gmake) treats the command
line as the unit of failure, rather than statements within the
command line. Thus '(cd some/where && dosomething)' is safer
than 'cd some/where; dosomething'. The '()' allows consistent
behavior in parallel build.
20130429:
Fix a bug that allows NFS clients to issue READDIR on files.
20130426:
The WITHOUT_IDEA option has been removed because
the IDEA patent expired.
20130426:
The sysctl which controls TRIM support under ZFS has been renamed
from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
enabled by default.
20130425:
The mergemaster command now uses the default MAKEOBJDIRPREFIX
rather than creating it's own in the temporary directory in
order allow access to bootstrapped versions of tools such as
install and mtree. When upgrading from version of FreeBSD where
the install command does not support -l, you will need to
install a new mergemaster command if mergemaster -p is required.
This can be accomplished with the command (cd src/usr.sbin/mergemaster
&& make install).
20130404:
Legacy ATA stack, disabled and replaced by new CAM-based one since
FreeBSD 9.0, completely removed from the sources. Kernel modules
atadisk and atapi*, user-level tools atacontrol and burncd are
removed. Kernel option `options ATA_CAM` is now permanently enabled
and removed.
20130319:
SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
and socketpair(2). Software, in particular Kerberos, may
automatically detect and use these during building. The resulting
binaries will not work on older kernels.
20130308:
CTL_DISABLE has also been added to the sparc64 GENERIC (for further
information, see the respective 20130304 entry).
20130304:
Recent commits to callout(9) changed the size of struct callout,
so the KBI is probably heavily disturbed. Also, some functions
in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
by macros. Every kernel module using it won't load, so rebuild
is requested.
The ctl device has been re-enabled in GENERIC for i386 and amd64,
but does not initialize by default (because of the new CTL_DISABLE
option) to save memory. To re-enable it, remove the CTL_DISABLE
option from the kernel config file or set kern.cam.ctl.disable=0
in /boot/loader.conf.
20130301:
The ctl device has been disabled in GENERIC for i386 and amd64.
This was done due to the extra memory being allocated at system
initialisation time by the ctl driver which was only used if
a CAM target device was created. This makes a FreeBSD system
unusable on 128MB or less of RAM.
20130208:
A new compression method (lz4) has been merged to -HEAD. Please
refer to zpool-features(7) for more information.
Please refer to the "ZFS notes" section of this file for information
on upgrading boot ZFS pools.
20130129:
A BSD-licensed patch(1) variant has been added and is installed
as bsdpatch, being the GNU version the default patch.
To inverse the logic and use the BSD-licensed one as default,
while having the GNU version installed as gnupatch, rebuild
and install world with the WITH_BSD_PATCH knob set.
20130121:
Due to the use of the new -l option to install(1) during build
and install, you must take care not to directly set the INSTALL
make variable in your /etc/make.conf, /etc/src.conf, or on the
command line. If you wish to use the -C flag for all installs
you may be able to add INSTALL+=-C to /etc/make.conf or
/etc/src.conf.
20130118:
The install(1) option -M has changed meaning and now takes an
argument that is a file or path to append logs to. In the
unlikely event that -M was the last option on the command line
and the command line contained at least two files and a target
directory the first file will have logs appended to it. The -M
option served little practical purpose in the last decade so its
use is expected to be extremely rare.
20121223:
After switching to Clang as the default compiler some users of ZFS
on i386 systems started to experience stack overflow kernel panics.
Please consider using 'options KSTACK_PAGES=4' in such configurations.
20121222:
GEOM_LABEL now mangles label names read from file system metadata.
Mangling affect labels containing spaces, non-printable characters,
'%' or '"'. Device names in /etc/fstab and other places may need to
be updated.
20121217:
By default, only the 10 most recent kernel dumps will be saved. To
restore the previous behaviour (no limit on the number of kernel dumps
stored in the dump directory) add the following line to /etc/rc.conf:
savecore_flags=""
20121201:
With the addition of auditdistd(8), a new auditdistd user is now
required during installworld. "mergemaster -p" can be used to
add the user prior to installworld, as documented in the handbook.
20121117:
The sin6_scope_id member variable in struct sockaddr_in6 is now
filled by the kernel before passing the structure to the userland via
sysctl or routing socket. This means the KAME-specific embedded scope
id in sin6_addr.s6_addr[2] is always cleared in userland application.
This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
__FreeBSD_version is bumped to 1000025.
20121105:
On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
This means that the world and kernel will be compiled with clang
and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
and /usr/bin/cpp. To disable this behavior and revert to building
with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
of current may need to bootstrap WITHOUT_CLANG first if the clang
build fails (its compatibility window doesn't extend to the 9 stable
branch point).
20121102:
The IPFIREWALL_FORWARD kernel option has been removed. Its
functionality now turned on by default.
20121023:
The ZERO_COPY_SOCKET kernel option has been removed and
split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
NB: SOCKET_SEND_COW uses the VM page based copy-on-write
mechanism which is not safe and may result in kernel crashes.
NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
driver supports disposeable external page sized mbuf storage.
Proper replacements for both zero-copy mechanisms are under
consideration and will eventually lead to complete removal
of the two kernel options.
20121023:
The IPv4 network stack has been converted to network byte
order. The following modules need to be recompiled together
with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
pf(4), ipfw(4), ng_ipfw(4), stf(4).
20121022:
Support for non-MPSAFE filesystems was removed from VFS. The
VFS_VERSION was bumped, all filesystem modules shall be
recompiled.
20121018:
All the non-MPSAFE filesystems have been disconnected from
the build. The full list includes: codafs, hpfs, ntfs, nwfs,
portalfs, smbfs, xfs.
20121016:
The interface cloning API and ABI has changed. The following
modules need to be recompiled together with kernel:
ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
20121015:
The sdhci driver was split in two parts: sdhci (generic SD Host
Controller logic) and sdhci_pci (actual hardware driver).
No kernel config modifications are required, but if you
load sdhc as a module you must switch to sdhci_pci instead.
20121014:
Import the FUSE kernel and userland support into base system.
20121013:
The GNU sort(1) program has been removed since the BSD-licensed
sort(1) has been the default for quite some time and no serious
problems have been reported. The corresponding WITH_GNU_SORT
knob has also gone.
20121006:
The pfil(9) API/ABI for AF_INET family has been changed. Packet
filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
with new kernel.
20121001:
The net80211(4) ABI has been changed to allow for improved driver
PS-POLL and power-save support. All wireless drivers need to be
recompiled to work with the new kernel.
20120913:
The random(4) support for the VIA hardware random number
generator (`PADLOCK') is no longer enabled unconditionally.
Add the padlock_rng device in the custom kernel config if
needed. The GENERIC kernels on i386 and amd64 do include the
device, so the change only affects the custom kernel
configurations.
20120908:
The pf(4) packet filter ABI has been changed. pfctl(8) and
snmp_pf module need to be recompiled to work with new kernel.
20120828:
A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
to -HEAD. Pools that have empty_bpobj in active state can not be
imported read-write with ZFS implementations that do not support
this feature. For more information read the zpool-features(5)
manual page.
20120727:
The sparc64 ZFS loader has been changed to no longer try to auto-
detect ZFS providers based on diskN aliases but now requires these
to be explicitly listed in the OFW boot-device environment variable.
20120712:
The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
20120712:
The following sysctls and tunables have been renamed for consistency
with other variables:
kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
20120628:
The sort utility has been replaced with BSD sort. For now, GNU sort
is also available as "gnusort" or the default can be set back to
GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
installed as "bsdsort".
20120611:
A new version of ZFS (pool version 5000) has been merged to -HEAD.
Starting with this version the old system of ZFS pool versioning
is superseded by "feature flags". This concept enables forward
compatibility against certain future changes in functionality of ZFS
pools. The first read-only compatible "feature flag" for ZFS pools
is named "com.delphix:async_destroy". For more information
read the new zpool-features(5) manual page.
Please refer to the "ZFS notes" section of this file for information
on upgrading boot ZFS pools.
20120417:
The malloc(3) implementation embedded in libc now uses sources imported
as contrib/jemalloc. The most disruptive API change is to
/etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
delete it prior to installworld, and optionally re-create it using the
new format after rebooting. See malloc.conf(5) for details
(specifically the TUNING section and the "opt.*" entries in the MALLCTL
NAMESPACE section).
20120328:
Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
now spelled mips. This is to aid compatibility with third-party
software that expects this naming scheme in uname(3). Little-endian
settings are unchanged. If you are updating a big-endian mips64 machine
from before this change, you may need to set MACHINE_ARCH=mips64 in
your environment before the new build system will recognize your machine.
20120306:
Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
platforms.
20120229:
Now unix domain sockets behave "as expected" on nullfs(5). Previously
nullfs(5) did not pass through all behaviours to the underlying layer,
as a result if we bound to a socket on the lower layer we could connect
only to the lower path; if we bound to the upper layer we could connect
only to the upper path. The new behavior is one can connect to both the
lower and the upper paths regardless what layer path one binds to.
20120211:
The getifaddrs upgrade path broken with 20111215 has been restored.
If you have upgraded in between 20111215 and 20120209 you need to
recompile libc again with your kernel. You still need to recompile
world to be able to configure CARP but this restriction already
comes from 20111215.
20120114:
The set_rcvar() function has been removed from /etc/rc.subr. All
base and ports rc.d scripts have been updated, so if you have a
port installed with a script in /usr/local/etc/rc.d you can either
hand-edit the rcvar= line, or reinstall the port.
An easy way to handle the mass-update of /etc/rc.d:
rm /etc/rc.d/* && mergemaster -i
20120109:
panic(9) now stops other CPUs in the SMP systems, disables interrupts
on the current CPU and prevents other threads from running.
This behavior can be reverted using the kern.stop_scheduler_on_panic
tunable/sysctl.
The new behavior can be incompatible with kern.sync_on_panic.
20111215:
The carp(4) facility has been changed significantly. Configuration
of the CARP protocol via ifconfig(8) has changed, as well as format
of CARP events submitted to devd(8) has changed. See manual pages
for more information. The arpbalance feature of carp(4) is currently
not supported anymore.
Size of struct in_aliasreq, struct in6_aliasreq has changed. User
utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
need to be recompiled.
20111122:
The acpi_wmi(4) status device /dev/wmistat has been renamed to
/dev/wmistat0.
20111108:
The option VFS_ALLOW_NONMPSAFE option has been added in order to
explicitely support non-MPSAFE filesystems.
It is on by default for all supported platform at this present
time.
20111101:
The broken amd(4) driver has been replaced with esp(4) in the amd64,
i386 and pc98 GENERIC kernel configuration files.
20110930:
sysinstall has been removed
20110923:
The stable/9 branch created in subversion. This corresponds to the
RELENG_9 branch in CVS.
COMMON ITEMS:
General Notes
-------------
Avoid using make -j when upgrading. While generally safe, there are
sometimes problems using -j to upgrade. If your upgrade fails with
-j, please try again without -j. From time to time in the past there
have been problems using -j with buildworld and/or installworld. This
is especially true when upgrading between "distant" versions (eg one
that cross a major release boundary or several minor releases, or when
several months have passed on the -current branch).
Sometimes, obscure build problems are the result of environment
poisoning. This can happen because the make utility reads its
environment when searching for values for global variables. To run
your build attempts in an "environmental clean room", prefix all make
commands with 'env -i '. See the env(1) manual page for more details.
When upgrading from one major version to another it is generally best
to upgrade to the latest code in the currently installed branch first,
then do an upgrade to the new branch. This is the best-tested upgrade
path, and has the highest probability of being successful. Please try
this approach before reporting problems with a major version upgrade.
When upgrading a live system, having a root shell around before
installing anything can help undo problems. Not having a root shell
around can lead to problems if pam has changed too much from your
starting point to allow continued authentication after the upgrade.
ZFS notes
---------
When upgrading the boot ZFS pool to a new version, always follow
these two steps:
1.) recompile and reinstall the ZFS boot loader and boot block
(this is part of "make buildworld" and "make installworld")
2.) update the ZFS boot block on your boot drive
The following example updates the ZFS boot block on the first
partition (freebsd-boot) of a GPT partitioned drive ada0:
"gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
Non-boot pools do not need these updates.
To build a kernel
-----------------
If you are updating from a prior version of FreeBSD (even one just
a few days old), you should follow this procedure. It is the most
failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
make kernel-toolchain
make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
To test a kernel once
---------------------
If you just want to boot a kernel once (because you are not sure
if it works, or if you want to boot a known bad kernel to provide
debugging information) run
make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
nextboot -k testkernel
To just build a kernel when you know that it won't mess you up
--------------------------------------------------------------
This assumes you are already running a CURRENT system. Replace
${arch} with the architecture of your machine (e.g. "i386",
"arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
cd src/sys/${arch}/conf
config KERNEL_NAME_HERE
cd ../compile/KERNEL_NAME_HERE
make depend
make
make install
If this fails, go to the "To build a kernel" section.
To rebuild everything and install it on the current system.
-----------------------------------------------------------
# Note: sometimes if you are running current you gotta do more than
# is listed here if you are upgrading from a really old current.
<make sure you have good level 0 dumps>
make buildworld
make kernel KERNCONF=YOUR_KERNEL_HERE
[1]
<reboot in single user> [3]
mergemaster -Fp [5]
make installworld
mergemaster -Fi [4]
make delete-old [6]
<reboot>
To cross-install current onto a separate partition
--------------------------------------------------
# In this approach we use a separate partition to hold
# current's root, 'usr', and 'var' directories. A partition
# holding "/", "/usr" and "/var" should be about 2GB in
# size.
<make sure you have good level 0 dumps>
<boot into -stable>
make buildworld
make buildkernel KERNCONF=YOUR_KERNEL_HERE
<maybe newfs current's root partition>
<mount current's root partition on directory ${CURRENT_ROOT}>
make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
<reboot into current>
<do a "native" rebuild/install as described in the previous section>
<maybe install compatibility libraries from ports/misc/compat*>
<reboot>
To upgrade in-place from stable to current
----------------------------------------------
<make sure you have good level 0 dumps>
make buildworld [9]
make kernel KERNCONF=YOUR_KERNEL_HERE [8]
[1]
<reboot in single user> [3]
mergemaster -Fp [5]
make installworld
mergemaster -Fi [4]
make delete-old [6]
<reboot>
Make sure that you've read the UPDATING file to understand the
tweaks to various things you need. At this point in the life
cycle of current, things change often and you are on your own
to cope. The defaults can also change, so please read ALL of
the UPDATING entries.
Also, if you are tracking -current, you must be subscribed to
freebsd-current@freebsd.org. Make sure that before you update
your sources that you have read and understood all the recent
messages there. If in doubt, please track -stable which has
much fewer pitfalls.
[1] If you have third party modules, such as vmware, you
should disable them at this point so they don't crash your
system on reboot.
[3] From the bootblocks, boot -s, and then do
fsck -p
mount -u /
mount -a
cd src
adjkerntz -i # if CMOS is wall time
Also, when doing a major release upgrade, it is required that
you boot into single user mode to do the installworld.
[4] Note: This step is non-optional. Failure to do this step
can result in a significant reduction in the functionality of the
system. Attempting to do it by hand is not recommended and those
that pursue this avenue should read this file carefully, as well
as the archives of freebsd-current and freebsd-hackers mailing lists
for potential gotchas. The -U option is also useful to consider.
See mergemaster(8) for more information.
[5] Usually this step is a noop. However, from time to time
you may need to do this if you get unknown user in the following
step. It never hurts to do it all the time. You may need to
install a new mergemaster (cd src/usr.sbin/mergemaster && make
install) after the buildworld before this step if you last updated
from current before 20130425 or from -stable before 20130430.
[6] This only deletes old files and directories. Old libraries
can be deleted by "make delete-old-libs", but you have to make
sure that no program is using those libraries anymore.
[8] In order to have a kernel that can run the 4.x binaries needed to
do an installworld, you must include the COMPAT_FREEBSD4 option in
your kernel. Failure to do so may leave you with a system that is
hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
required to run the 5.x binaries on more recent kernels. And so on
for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
Make sure that you merge any new devices from GENERIC since the
last time you updated your kernel config file.
[9] When checking out sources, you must include the -P flag to have
cvs prune empty directories.
If CPUTYPE is defined in your /etc/make.conf, make sure to use the
"?=" instead of the "=" assignment operator, so that buildworld can
override the CPUTYPE if it needs to.
MAKEOBJDIRPREFIX must be defined in an environment variable, and
not on the command line, or in /etc/make.conf. buildworld will
warn if it is improperly defined.
FORMAT:
This file contains a list, in reverse chronological order, of major
breakages in tracking -current. It is not guaranteed to be a complete
list of such breakages, and only contains entries since October 10, 2007.
If you need to see UPDATING entries from before that date, you will need
to fetch an UPDATING file from an older FreeBSD release.
Copyright information:
Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
Redistribution, publication, translation and use, with or without
modification, in full or in part, in any form or format of this
document are permitted without further permission from the author.
THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Contact Warner Losh if you have any questions about your use of
this document.
$FreeBSD$