mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-26 21:13:11 +01:00
603eaf792b
have chosen different (and more traditional) stateless/statuful NAT64 as translation mechanism. Last non-trivial commits to both faith(4) and faithd(8) happened more than 12 years ago, so I assume it is time to drop RFC3142 in FreeBSD. No objections from: net@
1027 lines
42 KiB
Plaintext
1027 lines
42 KiB
Plaintext
Updating Information for FreeBSD current users.
|
|
|
|
This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
|
|
See end of file for further details. For commonly done items, please see the
|
|
COMMON ITEMS: section later in the file. These instructions assume that you
|
|
basically know what you are doing. If not, then please consult the FreeBSD
|
|
handbook:
|
|
|
|
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
|
|
|
|
Items affecting the ports and packages system can be found in
|
|
/usr/ports/UPDATING. Please read that file before running portupgrade.
|
|
|
|
NOTE: FreeBSD has switched from gcc to clang. If you have trouble bootstrapping
|
|
from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
|
|
the tip of head, and then rebuild without this option. The bootstrap process from
|
|
older version of current across the gcc/clang cutover is a bit fragile.
|
|
|
|
NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
|
|
FreeBSD 11.x has many debugging features turned on, in both the kernel
|
|
and userland. These features attempt to detect incorrect use of
|
|
system primitives, and encourage loud failure through extra sanity
|
|
checking and fail stop semantics. They also substantially impact
|
|
system performance. If you want to do performance measurement,
|
|
benchmarking, and optimization, you'll want to turn them off. This
|
|
includes various WITNESS- related kernel options, INVARIANTS, malloc
|
|
debugging flags in userland, and various verbose features in the
|
|
kernel. Many developers choose to disable these features on build
|
|
machines to maximize performance. (To completely disable malloc
|
|
debugging, define MALLOC_PRODUCTION in /etc/make.conf, or to merely
|
|
disable the most expensive debugging functionality run
|
|
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
|
|
|
20141109:
|
|
faith(4) and faithd(8) has been removed from base system. It
|
|
has been obsolete for a very long time.
|
|
|
|
20141104:
|
|
vt(4), the new console driver, is enabled by default. It brings
|
|
support for Unicode and double-width characters, as well as
|
|
support for UEFI and integration with the KMS kernel video
|
|
drivers.
|
|
|
|
You may need to update your console settings in /etc/rc.conf,
|
|
most probably the keymap. During boot, /etc/rc.d/syscons will
|
|
indicate what you need to do.
|
|
|
|
vt(4) still has issues and lacks some features compared to
|
|
syscons(4). See the wiki for up-to-date information:
|
|
https://wiki.freebsd.org/Newcons
|
|
|
|
If you want to keep using syscons(4), you can do so by adding
|
|
the following line to /boot/loader.conf:
|
|
kern.vty=sc
|
|
|
|
20141102:
|
|
pjdfstest has been integrated into kyua as an opt-in test suite.
|
|
Please see share/doc/pjdfstest/README for a more details on how to
|
|
execute it.
|
|
|
|
20141009:
|
|
gperf has been removed from the base system for architectures
|
|
that use clang. Ports that require gperf will obtain it from the
|
|
devel/gperf port.
|
|
|
|
20140923:
|
|
pjdfstest has been moved from tools/regression/pjdfstest to
|
|
contrib/pjdfstest .
|
|
|
|
20140922:
|
|
At svn r271982, The default linux compat kernel ABI has been adjusted
|
|
to 2.6.18 in support of the linux-c6 compat ports infrastructure
|
|
update. If you wish to continue using the linux-f10 compat ports,
|
|
add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are
|
|
encouraged to update their linux-compat packages to linux-c6 during
|
|
their next update cycle.
|
|
|
|
20140729:
|
|
The ofwfb driver, used to provide a graphics console on PowerPC when
|
|
using vt(4), no longer allows mmap() of all of physical memory. This
|
|
will prevent Xorg on PowerPC with some ATI graphics cards from
|
|
initializing properly unless x11-servers/xorg-server is updated to
|
|
1.12.4_8 or newer.
|
|
|
|
20140723:
|
|
The xdev targets have been converted to using TARGET and
|
|
TARGET_ARCH instead of XDEV and XDEV_ARCH.
|
|
|
|
20140719:
|
|
The default unbound configuration has been modified to address
|
|
issues with reverse lookups on networks that use private
|
|
address ranges. If you use the local_unbound service, run
|
|
"service local_unbound setup" as root to regenerate your
|
|
configuration, then "service local_unbound reload" to load the
|
|
new configuration.
|
|
|
|
20140709:
|
|
The GNU texinfo and GNU info pages are not built and installed
|
|
anymore, WITH_INFO knob has been added to allow to built and install
|
|
them again.
|
|
|
|
20140708:
|
|
The GNU readline library is now an INTERNALLIB - that is, it is
|
|
statically linked into consumers (GDB and variants) in the base
|
|
system, and the shared library is no longer installed. The
|
|
devel/readline port is available for third party software that
|
|
requires readline.
|
|
|
|
20140702:
|
|
The Itanium architecture (ia64) has been removed from the list of
|
|
known architectures. This is the first step in the removal of the
|
|
architecture.
|
|
|
|
20140701:
|
|
Commit r268115 has added NFSv4.1 server support, merged from
|
|
projects/nfsv4.1-server. Since this includes changes to the
|
|
internal interfaces between the NFS related modules, a full
|
|
build of the kernel and modules will be necessary.
|
|
__FreeBSD_version has been bumped.
|
|
|
|
20140629:
|
|
The WITHOUT_VT_SUPPORT kernel config knob has been renamed
|
|
WITHOUT_VT. (The other _SUPPORT knobs have a consistent meaning
|
|
which differs from the behaviour controlled by this knob.)
|
|
|
|
20140619:
|
|
Maximal length of the serial number in CTL was increased from 16 to
|
|
64 chars, that breaks ABI. All CTL-related tools, such as ctladm
|
|
and ctld, need to be rebuilt to work with a new kernel.
|
|
|
|
20140606:
|
|
The libatf-c and libatf-c++ major versions were downgraded to 0 and
|
|
1 respectively to match the upstream numbers. They were out of
|
|
sync because, when they were originally added to FreeBSD, the
|
|
upstream versions were not respected. These libraries are private
|
|
and not yet built by default, so renumbering them should be a
|
|
non-issue. However, unclean source trees will yield broken test
|
|
programs once the operator executes "make delete-old-libs" after a
|
|
"make installworld".
|
|
|
|
Additionally, the atf-sh binary was made private by moving it into
|
|
/usr/libexec/. Already-built shell test programs will keep the
|
|
path to the old binary so they will break after "make delete-old"
|
|
is run.
|
|
|
|
If you are using WITH_TESTS=yes (not the default), wipe the object
|
|
tree and rebuild from scratch to prevent spurious test failures.
|
|
This is only needed once: the misnumbered libraries and misplaced
|
|
binaries have been added to OptionalObsoleteFiles.inc so they will
|
|
be removed during a clean upgrade.
|
|
|
|
20140512:
|
|
Clang and llvm have been upgraded to 3.4.1 release.
|
|
|
|
20140508:
|
|
We bogusly installed src.opts.mk in /usr/share/mk. This file should
|
|
be removed to avoid issues in the future (and has been added to
|
|
ObsoleteFiles.inc).
|
|
|
|
20140505:
|
|
/etc/src.conf now affects only builds of the FreeBSD src tree. In the
|
|
past, it affected all builds that used the bsd.*.mk files. The old
|
|
behavior was a bug, but people may have relied upon it. To get this
|
|
behavior back, you can .include /etc/src.conf from /etc/make.conf
|
|
(which is still global and isn't changed). This also changes the
|
|
behavior of incremental builds inside the tree of individual
|
|
directories. Set MAKESYSPATH to ".../share/mk" to do that.
|
|
Although this has survived make universe and some upgrade scenarios,
|
|
other upgrade scenarios may have broken. At least one form of
|
|
temporary breakage was fixed with MAKESYSPATH settings for buildworld
|
|
as well... In cases where MAKESYSPATH isn't working with this
|
|
setting, you'll need to set it to the full path to your tree.
|
|
|
|
One side effect of all this cleaning up is that bsd.compiler.mk
|
|
is no longer implicitly included by bsd.own.mk. If you wish to
|
|
use COMPILER_TYPE, you must now explicitly include bsd.compiler.mk
|
|
as well.
|
|
|
|
20140430:
|
|
The lindev device has been removed since /dev/full has been made a
|
|
standard device. __FreeBSD_version has been bumped.
|
|
|
|
20140418:
|
|
The YES_HESIOD knob has been removed. It has been obsolete for
|
|
a decade. Please move to using WITH_HESIOD instead or your builds
|
|
will silently lack HESIOD.
|
|
|
|
20140405:
|
|
The uart(4) driver has been changed with respect to its handling
|
|
of the low-level console. Previously the uart(4) driver prevented
|
|
any process from changing the baudrate or the CLOCAL and HUPCL
|
|
control flags. By removing the restrictions, operators can make
|
|
changes to the serial console port without having to reboot.
|
|
However, when getty(8) is started on the serial device that is
|
|
associated with the low-level console, a misconfigured terminal
|
|
line in /etc/ttys will now have a real impact.
|
|
Before upgrading the kernel, make sure that /etc/ttys has the
|
|
serial console device configured as 3wire without baudrate to
|
|
preserve the previous behaviour. E.g:
|
|
ttyu0 "/usr/libexec/getty 3wire" vt100 on secure
|
|
|
|
20140306:
|
|
Support for libwrap (TCP wrappers) in rpcbind was disabled by default
|
|
to improve performance. To re-enable it, if needed, run rpcbind
|
|
with command line option -W.
|
|
|
|
20140226:
|
|
Switched back to the GPL dtc compiler due to updates in the upstream
|
|
dts files not being supported by the BSDL dtc compiler. You will need
|
|
to rebuild your kernel toolchain to pick up the new compiler. Core dumps
|
|
may result while building dtb files during a kernel build if you fail
|
|
to do so. Set WITHOUT_GPL_DTC if you require the BSDL compiler.
|
|
|
|
20140216:
|
|
Clang and llvm have been upgraded to 3.4 release.
|
|
|
|
20140216:
|
|
The nve(4) driver has been removed. Please use the nfe(4) driver
|
|
for NVIDIA nForce MCP Ethernet adapters instead.
|
|
|
|
20140212:
|
|
An ABI incompatibility crept into the libc++ 3.4 import in r261283.
|
|
This could cause certain C++ applications using shared libraries built
|
|
against the previous version of libc++ to crash. The incompatibility
|
|
has now been fixed, but any C++ applications or shared libraries built
|
|
between r261283 and r261801 should be recompiled.
|
|
|
|
20140204:
|
|
OpenSSH will now ignore errors caused by kernel lacking of Capsicum
|
|
capability mode support. Please note that enabling the feature in
|
|
kernel is still highly recommended.
|
|
|
|
20140131:
|
|
OpenSSH is now built with sandbox support, and will use sandbox as
|
|
the default privilege separation method. This requires Capsicum
|
|
capability mode support in kernel.
|
|
|
|
20140128:
|
|
The libelf and libdwarf libraries have been updated to newer
|
|
versions from upstream. Shared library version numbers for
|
|
these two libraries were bumped. Any ports or binaries
|
|
requiring these two libraries should be recompiled.
|
|
__FreeBSD_version is bumped to 1100006.
|
|
|
|
20140110:
|
|
If a Makefile in a tests/ directory was auto-generating a Kyuafile
|
|
instead of providing an explicit one, this would prevent such
|
|
Makefile from providing its own Kyuafile in the future during
|
|
NO_CLEAN builds. This has been fixed in the Makefiles but manual
|
|
intervention is needed to clean an objdir if you use NO_CLEAN:
|
|
# find /usr/obj -name Kyuafile | xargs rm -f
|
|
|
|
20131213:
|
|
The behavior of gss_pseudo_random() for the krb5 mechanism
|
|
has changed, for applications requesting a longer random string
|
|
than produced by the underlying enctype's pseudo-random() function.
|
|
In particular, the random string produced from a session key of
|
|
enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
|
|
be different at the 17th octet and later, after this change.
|
|
The counter used in the PRF+ construction is now encoded as a
|
|
big-endian integer in accordance with RFC 4402.
|
|
__FreeBSD_version is bumped to 1100004.
|
|
|
|
20131108:
|
|
The WITHOUT_ATF build knob has been removed and its functionality
|
|
has been subsumed into the more generic WITHOUT_TESTS. If you were
|
|
using the former to disable the build of the ATF libraries, you
|
|
should change your settings to use the latter.
|
|
|
|
20131025:
|
|
The default version of mtree is nmtree which is obtained from
|
|
NetBSD. The output is generally the same, but may vary
|
|
slightly. If you found you need identical output adding
|
|
"-F freebsd9" to the command line should do the trick. For the
|
|
time being, the old mtree is available as fmtree.
|
|
|
|
20131014:
|
|
libbsdyml has been renamed to libyaml and moved to /usr/lib/private.
|
|
This will break ports-mgmt/pkg. Rebuild the port, or upgrade to pkg
|
|
1.1.4_8 and verify bsdyml not linked in, before running "make
|
|
delete-old-libs":
|
|
# make -C /usr/ports/ports-mgmt/pkg build deinstall install clean
|
|
or
|
|
# pkg install pkg; ldd /usr/local/sbin/pkg | grep bsdyml
|
|
|
|
20131010:
|
|
The rc.d/jail script has been updated to support jail(8)
|
|
configuration file. The "jail_<jname>_*" rc.conf(5) variables
|
|
for per-jail configuration are automatically converted to
|
|
/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
|
|
This is transparently backward compatible. See below about some
|
|
incompatibilities and rc.conf(5) manual page for more details.
|
|
|
|
These variables are now deprecated in favor of jail(8) configuration
|
|
file. One can use "rc.d/jail config <jname>" command to generate
|
|
a jail(8) configuration file in /var/run/jail.<jname>.conf without
|
|
running the jail(8) utility. The default pathname of the
|
|
configuration file is /etc/jail.conf and can be specified by
|
|
using $jail_conf or $jail_<jname>_conf variables.
|
|
|
|
Please note that jail_devfs_ruleset accepts an integer at
|
|
this moment. Please consider to rewrite the ruleset name
|
|
with an integer.
|
|
|
|
20130930:
|
|
BIND has been removed from the base system. If all you need
|
|
is a local resolver, simply enable and start the local_unbound
|
|
service instead. Otherwise, several versions of BIND are
|
|
available in the ports tree. The dns/bind99 port is one example.
|
|
|
|
With this change, nslookup(1) and dig(1) are no longer in the base
|
|
system. Users should instead use host(1) and drill(1) which are
|
|
in the base system. Alternatively, nslookup and dig can
|
|
be obtained by installing the dns/bind-tools port.
|
|
|
|
20130916:
|
|
With the addition of unbound(8), a new unbound user is now
|
|
required during installworld. "mergemaster -p" can be used to
|
|
add the user prior to installworld, as documented in the handbook.
|
|
|
|
20130911:
|
|
OpenSSH is now built with DNSSEC support, and will by default
|
|
silently trust signed SSHFP records. This can be controlled with
|
|
the VerifyHostKeyDNS client configuration setting. DNSSEC support
|
|
can be disabled entirely with the WITHOUT_LDNS option in src.conf.
|
|
|
|
20130906:
|
|
The GNU Compiler Collection and C++ standard library (libstdc++)
|
|
are no longer built by default on platforms where clang is the system
|
|
compiler. You can enable them with the WITH_GCC and WITH_GNUCXX
|
|
options in src.conf.
|
|
|
|
20130905:
|
|
The PROCDESC kernel option is now part of the GENERIC kernel
|
|
configuration and is required for the rwhod(8) to work.
|
|
If you are using custom kernel configuration, you should include
|
|
'options PROCDESC'.
|
|
|
|
20130905:
|
|
The API and ABI related to the Capsicum framework was modified
|
|
in backward incompatible way. The userland libraries and programs
|
|
have to be recompiled to work with the new kernel. This includes the
|
|
following libraries and programs, but the whole buildworld is
|
|
advised: libc, libprocstat, dhclient, tcpdump, hastd, hastctl,
|
|
kdump, procstat, rwho, rwhod, uniq.
|
|
|
|
20130903:
|
|
AES-NI intrinsic support has been added to gcc. The AES-NI module
|
|
has been updated to use this support. A new gcc is required to build
|
|
the aesni module on both i386 and amd64.
|
|
|
|
20130821:
|
|
The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
|
|
Thus "device padlock_rng" and "device rdrand_rng" should be
|
|
used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
|
|
|
|
20130813:
|
|
WITH_ICONV has been split into two feature sets. WITH_ICONV now
|
|
enables just the iconv* functionality and is now on by default.
|
|
WITH_LIBICONV_COMPAT enables the libiconv api and link time
|
|
compatability. Set WITHOUT_ICONV to build the old way.
|
|
If you have been using WITH_ICONV before, you will very likely
|
|
need to turn on WITH_LIBICONV_COMPAT.
|
|
|
|
20130806:
|
|
INVARIANTS option now enables DEBUG for code with OpenSolaris and
|
|
Illumos origin, including ZFS. If you have INVARIANTS in your
|
|
kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
|
|
explicitly.
|
|
DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
|
|
locks if WITNESS option was set. Because that generated a lot of
|
|
witness(9) reports and all of them were believed to be false
|
|
positives, this is no longer done. New option OPENSOLARIS_WITNESS
|
|
can be used to achieve the previous behavior.
|
|
|
|
20130806:
|
|
Timer values in IPv6 data structures now use time_uptime instead
|
|
of time_second. Although this is not a user-visible functional
|
|
change, userland utilities which directly use them---ndp(8),
|
|
rtadvd(8), and rtsold(8) in the base system---need to be updated
|
|
to r253970 or later.
|
|
|
|
20130802:
|
|
find -delete can now delete the pathnames given as arguments,
|
|
instead of only files found below them or if the pathname did
|
|
not contain any slashes. Formerly, the following error message
|
|
would result:
|
|
|
|
find: -delete: <path>: relative path potentially not safe
|
|
|
|
Deleting the pathnames given as arguments can be prevented
|
|
without error messages using -mindepth 1 or by changing
|
|
directory and passing "." as argument to find. This works in the
|
|
old as well as the new version of find.
|
|
|
|
20130726:
|
|
Behavior of devfs rules path matching has been changed.
|
|
Pattern is now always matched against fully qualified devfs
|
|
path and slash characters must be explicitly matched by
|
|
slashes in pattern (FNM_PATHNAME). Rulesets involving devfs
|
|
subdirectories must be reviewed.
|
|
|
|
20130716:
|
|
The default ARM ABI has changed to the ARM EABI. The old ABI is
|
|
incompatible with the ARM EABI and all programs and modules will
|
|
need to be rebuilt to work with a new kernel.
|
|
|
|
To keep using the old ABI ensure the WITHOUT_ARM_EABI knob is set.
|
|
|
|
NOTE: Support for the old ABI will be removed in the future and
|
|
users are advised to upgrade.
|
|
|
|
20130709:
|
|
pkg_install has been disconnected from the build if you really need it
|
|
you should add WITH_PKGTOOLS in your src.conf(5).
|
|
|
|
20130709:
|
|
Most of network statistics structures were changed to be able
|
|
keep 64-bits counters. Thus all tools, that work with networking
|
|
statistics, must be rebuilt (netstat(1), bsnmpd(1), etc.)
|
|
|
|
20130629:
|
|
Fix targets that run multiple make's to use && rather than ;
|
|
so that subsequent steps depend on success of previous.
|
|
|
|
NOTE: if building 'universe' with -j* on stable/8 or stable/9
|
|
it would be better to start the build using bmake, to avoid
|
|
overloading the machine.
|
|
|
|
20130618:
|
|
Fix a bug that allowed a tracing process (e.g. gdb) to write
|
|
to a memory-mapped file in the traced process's address space
|
|
even if neither the traced process nor the tracing process had
|
|
write access to that file.
|
|
|
|
20130615:
|
|
CVS has been removed from the base system. An exact copy
|
|
of the code is available from the devel/cvs port.
|
|
|
|
20130613:
|
|
Some people report the following error after the switch to bmake:
|
|
|
|
make: illegal option -- J
|
|
usage: make [-BPSXeiknpqrstv] [-C directory] [-D variable]
|
|
...
|
|
*** [buildworld] Error code 2
|
|
|
|
this likely due to an old instance of make in
|
|
${MAKEPATH} (${MAKEOBJDIRPREFIX}${.CURDIR}/make.${MACHINE})
|
|
which src/Makefile will use that blindly, if it exists, so if
|
|
you see the above error:
|
|
|
|
rm -rf `make -V MAKEPATH`
|
|
|
|
should resolve it.
|
|
|
|
20130516:
|
|
Use bmake by default.
|
|
Whereas before one could choose to build with bmake via
|
|
-DWITH_BMAKE one must now use -DWITHOUT_BMAKE to use the old
|
|
make. The goal is to remove these knobs for 10-RELEASE.
|
|
|
|
It is worth noting that bmake (like gmake) treats the command
|
|
line as the unit of failure, rather than statements within the
|
|
command line. Thus '(cd some/where && dosomething)' is safer
|
|
than 'cd some/where; dosomething'. The '()' allows consistent
|
|
behavior in parallel build.
|
|
|
|
20130429:
|
|
Fix a bug that allows NFS clients to issue READDIR on files.
|
|
|
|
20130426:
|
|
The WITHOUT_IDEA option has been removed because
|
|
the IDEA patent expired.
|
|
|
|
20130426:
|
|
The sysctl which controls TRIM support under ZFS has been renamed
|
|
from vfs.zfs.trim_disable -> vfs.zfs.trim.enabled and has been
|
|
enabled by default.
|
|
|
|
20130425:
|
|
The mergemaster command now uses the default MAKEOBJDIRPREFIX
|
|
rather than creating it's own in the temporary directory in
|
|
order allow access to bootstrapped versions of tools such as
|
|
install and mtree. When upgrading from version of FreeBSD where
|
|
the install command does not support -l, you will need to
|
|
install a new mergemaster command if mergemaster -p is required.
|
|
This can be accomplished with the command (cd src/usr.sbin/mergemaster
|
|
&& make install).
|
|
|
|
20130404:
|
|
Legacy ATA stack, disabled and replaced by new CAM-based one since
|
|
FreeBSD 9.0, completely removed from the sources. Kernel modules
|
|
atadisk and atapi*, user-level tools atacontrol and burncd are
|
|
removed. Kernel option `options ATA_CAM` is now permanently enabled
|
|
and removed.
|
|
|
|
20130319:
|
|
SOCK_CLOEXEC and SOCK_NONBLOCK flags have been added to socket(2)
|
|
and socketpair(2). Software, in particular Kerberos, may
|
|
automatically detect and use these during building. The resulting
|
|
binaries will not work on older kernels.
|
|
|
|
20130308:
|
|
CTL_DISABLE has also been added to the sparc64 GENERIC (for further
|
|
information, see the respective 20130304 entry).
|
|
|
|
20130304:
|
|
Recent commits to callout(9) changed the size of struct callout,
|
|
so the KBI is probably heavily disturbed. Also, some functions
|
|
in callout(9)/sleep(9)/sleepqueue(9)/condvar(9) KPIs were replaced
|
|
by macros. Every kernel module using it won't load, so rebuild
|
|
is requested.
|
|
|
|
The ctl device has been re-enabled in GENERIC for i386 and amd64,
|
|
but does not initialize by default (because of the new CTL_DISABLE
|
|
option) to save memory. To re-enable it, remove the CTL_DISABLE
|
|
option from the kernel config file or set kern.cam.ctl.disable=0
|
|
in /boot/loader.conf.
|
|
|
|
20130301:
|
|
The ctl device has been disabled in GENERIC for i386 and amd64.
|
|
This was done due to the extra memory being allocated at system
|
|
initialisation time by the ctl driver which was only used if
|
|
a CAM target device was created. This makes a FreeBSD system
|
|
unusable on 128MB or less of RAM.
|
|
|
|
20130208:
|
|
A new compression method (lz4) has been merged to -HEAD. Please
|
|
refer to zpool-features(7) for more information.
|
|
|
|
Please refer to the "ZFS notes" section of this file for information
|
|
on upgrading boot ZFS pools.
|
|
|
|
20130129:
|
|
A BSD-licensed patch(1) variant has been added and is installed
|
|
as bsdpatch, being the GNU version the default patch.
|
|
To inverse the logic and use the BSD-licensed one as default,
|
|
while having the GNU version installed as gnupatch, rebuild
|
|
and install world with the WITH_BSD_PATCH knob set.
|
|
|
|
20130121:
|
|
Due to the use of the new -l option to install(1) during build
|
|
and install, you must take care not to directly set the INSTALL
|
|
make variable in your /etc/make.conf, /etc/src.conf, or on the
|
|
command line. If you wish to use the -C flag for all installs
|
|
you may be able to add INSTALL+=-C to /etc/make.conf or
|
|
/etc/src.conf.
|
|
|
|
20130118:
|
|
The install(1) option -M has changed meaning and now takes an
|
|
argument that is a file or path to append logs to. In the
|
|
unlikely event that -M was the last option on the command line
|
|
and the command line contained at least two files and a target
|
|
directory the first file will have logs appended to it. The -M
|
|
option served little practical purpose in the last decade so its
|
|
use is expected to be extremely rare.
|
|
|
|
20121223:
|
|
After switching to Clang as the default compiler some users of ZFS
|
|
on i386 systems started to experience stack overflow kernel panics.
|
|
Please consider using 'options KSTACK_PAGES=4' in such configurations.
|
|
|
|
20121222:
|
|
GEOM_LABEL now mangles label names read from file system metadata.
|
|
Mangling affect labels containing spaces, non-printable characters,
|
|
'%' or '"'. Device names in /etc/fstab and other places may need to
|
|
be updated.
|
|
|
|
20121217:
|
|
By default, only the 10 most recent kernel dumps will be saved. To
|
|
restore the previous behaviour (no limit on the number of kernel dumps
|
|
stored in the dump directory) add the following line to /etc/rc.conf:
|
|
|
|
savecore_flags=""
|
|
|
|
20121201:
|
|
With the addition of auditdistd(8), a new auditdistd user is now
|
|
required during installworld. "mergemaster -p" can be used to
|
|
add the user prior to installworld, as documented in the handbook.
|
|
|
|
20121117:
|
|
The sin6_scope_id member variable in struct sockaddr_in6 is now
|
|
filled by the kernel before passing the structure to the userland via
|
|
sysctl or routing socket. This means the KAME-specific embedded scope
|
|
id in sin6_addr.s6_addr[2] is always cleared in userland application.
|
|
This behavior can be controlled by net.inet6.ip6.deembed_scopeid.
|
|
__FreeBSD_version is bumped to 1000025.
|
|
|
|
20121105:
|
|
On i386 and amd64 systems WITH_CLANG_IS_CC is now the default.
|
|
This means that the world and kernel will be compiled with clang
|
|
and that clang will be installed as /usr/bin/cc, /usr/bin/c++,
|
|
and /usr/bin/cpp. To disable this behavior and revert to building
|
|
with gcc, compile with WITHOUT_CLANG_IS_CC. Really old versions
|
|
of current may need to bootstrap WITHOUT_CLANG first if the clang
|
|
build fails (its compatibility window doesn't extend to the 9 stable
|
|
branch point).
|
|
|
|
20121102:
|
|
The IPFIREWALL_FORWARD kernel option has been removed. Its
|
|
functionality now turned on by default.
|
|
|
|
20121023:
|
|
The ZERO_COPY_SOCKET kernel option has been removed and
|
|
split into SOCKET_SEND_COW and SOCKET_RECV_PFLIP.
|
|
NB: SOCKET_SEND_COW uses the VM page based copy-on-write
|
|
mechanism which is not safe and may result in kernel crashes.
|
|
NB: The SOCKET_RECV_PFLIP mechanism is useless as no current
|
|
driver supports disposeable external page sized mbuf storage.
|
|
Proper replacements for both zero-copy mechanisms are under
|
|
consideration and will eventually lead to complete removal
|
|
of the two kernel options.
|
|
|
|
20121023:
|
|
The IPv4 network stack has been converted to network byte
|
|
order. The following modules need to be recompiled together
|
|
with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4),
|
|
pf(4), ipfw(4), ng_ipfw(4), stf(4).
|
|
|
|
20121022:
|
|
Support for non-MPSAFE filesystems was removed from VFS. The
|
|
VFS_VERSION was bumped, all filesystem modules shall be
|
|
recompiled.
|
|
|
|
20121018:
|
|
All the non-MPSAFE filesystems have been disconnected from
|
|
the build. The full list includes: codafs, hpfs, ntfs, nwfs,
|
|
portalfs, smbfs, xfs.
|
|
|
|
20121016:
|
|
The interface cloning API and ABI has changed. The following
|
|
modules need to be recompiled together with kernel:
|
|
ipfw(4), pfsync(4), pflog(4), usb(4), wlan(4), stf(4),
|
|
vlan(4), disc(4), edsc(4), if_bridge(4), gif(4), tap(4),
|
|
faith(4), epair(4), enc(4), tun(4), if_lagg(4), gre(4).
|
|
|
|
20121015:
|
|
The sdhci driver was split in two parts: sdhci (generic SD Host
|
|
Controller logic) and sdhci_pci (actual hardware driver).
|
|
No kernel config modifications are required, but if you
|
|
load sdhc as a module you must switch to sdhci_pci instead.
|
|
|
|
20121014:
|
|
Import the FUSE kernel and userland support into base system.
|
|
|
|
20121013:
|
|
The GNU sort(1) program has been removed since the BSD-licensed
|
|
sort(1) has been the default for quite some time and no serious
|
|
problems have been reported. The corresponding WITH_GNU_SORT
|
|
knob has also gone.
|
|
|
|
20121006:
|
|
The pfil(9) API/ABI for AF_INET family has been changed. Packet
|
|
filtering modules: pf(4), ipfw(4), ipfilter(4) need to be recompiled
|
|
with new kernel.
|
|
|
|
20121001:
|
|
The net80211(4) ABI has been changed to allow for improved driver
|
|
PS-POLL and power-save support. All wireless drivers need to be
|
|
recompiled to work with the new kernel.
|
|
|
|
20120913:
|
|
The random(4) support for the VIA hardware random number
|
|
generator (`PADLOCK') is no longer enabled unconditionally.
|
|
Add the padlock_rng device in the custom kernel config if
|
|
needed. The GENERIC kernels on i386 and amd64 do include the
|
|
device, so the change only affects the custom kernel
|
|
configurations.
|
|
|
|
20120908:
|
|
The pf(4) packet filter ABI has been changed. pfctl(8) and
|
|
snmp_pf module need to be recompiled to work with new kernel.
|
|
|
|
20120828:
|
|
A new ZFS feature flag "com.delphix:empty_bpobj" has been merged
|
|
to -HEAD. Pools that have empty_bpobj in active state can not be
|
|
imported read-write with ZFS implementations that do not support
|
|
this feature. For more information read the zpool-features(5)
|
|
manual page.
|
|
|
|
20120727:
|
|
The sparc64 ZFS loader has been changed to no longer try to auto-
|
|
detect ZFS providers based on diskN aliases but now requires these
|
|
to be explicitly listed in the OFW boot-device environment variable.
|
|
|
|
20120712:
|
|
The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
|
|
libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
|
|
configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
|
|
|
|
20120712:
|
|
The following sysctls and tunables have been renamed for consistency
|
|
with other variables:
|
|
kern.cam.da.da_send_ordered -> kern.cam.da.send_ordered
|
|
kern.cam.ada.ada_send_ordered -> kern.cam.ada.send_ordered
|
|
|
|
20120628:
|
|
The sort utility has been replaced with BSD sort. For now, GNU sort
|
|
is also available as "gnusort" or the default can be set back to
|
|
GNU sort by setting WITH_GNU_SORT. In this case, BSD sort will be
|
|
installed as "bsdsort".
|
|
|
|
20120611:
|
|
A new version of ZFS (pool version 5000) has been merged to -HEAD.
|
|
Starting with this version the old system of ZFS pool versioning
|
|
is superseded by "feature flags". This concept enables forward
|
|
compatibility against certain future changes in functionality of ZFS
|
|
pools. The first read-only compatible "feature flag" for ZFS pools
|
|
is named "com.delphix:async_destroy". For more information
|
|
read the new zpool-features(5) manual page.
|
|
Please refer to the "ZFS notes" section of this file for information
|
|
on upgrading boot ZFS pools.
|
|
|
|
20120417:
|
|
The malloc(3) implementation embedded in libc now uses sources imported
|
|
as contrib/jemalloc. The most disruptive API change is to
|
|
/etc/malloc.conf. If your system has an old-style /etc/malloc.conf,
|
|
delete it prior to installworld, and optionally re-create it using the
|
|
new format after rebooting. See malloc.conf(5) for details
|
|
(specifically the TUNING section and the "opt.*" entries in the MALLCTL
|
|
NAMESPACE section).
|
|
|
|
20120328:
|
|
Big-endian MIPS TARGET_ARCH values no longer end in "eb". mips64eb
|
|
is now spelled mips64. mipsn32eb is now spelled mipsn32. mipseb is
|
|
now spelled mips. This is to aid compatibility with third-party
|
|
software that expects this naming scheme in uname(3). Little-endian
|
|
settings are unchanged. If you are updating a big-endian mips64 machine
|
|
from before this change, you may need to set MACHINE_ARCH=mips64 in
|
|
your environment before the new build system will recognize your machine.
|
|
|
|
20120306:
|
|
Disable by default the option VFS_ALLOW_NONMPSAFE for all supported
|
|
platforms.
|
|
|
|
20120229:
|
|
Now unix domain sockets behave "as expected" on nullfs(5). Previously
|
|
nullfs(5) did not pass through all behaviours to the underlying layer,
|
|
as a result if we bound to a socket on the lower layer we could connect
|
|
only to the lower path; if we bound to the upper layer we could connect
|
|
only to the upper path. The new behavior is one can connect to both the
|
|
lower and the upper paths regardless what layer path one binds to.
|
|
|
|
20120211:
|
|
The getifaddrs upgrade path broken with 20111215 has been restored.
|
|
If you have upgraded in between 20111215 and 20120209 you need to
|
|
recompile libc again with your kernel. You still need to recompile
|
|
world to be able to configure CARP but this restriction already
|
|
comes from 20111215.
|
|
|
|
20120114:
|
|
The set_rcvar() function has been removed from /etc/rc.subr. All
|
|
base and ports rc.d scripts have been updated, so if you have a
|
|
port installed with a script in /usr/local/etc/rc.d you can either
|
|
hand-edit the rcvar= line, or reinstall the port.
|
|
|
|
An easy way to handle the mass-update of /etc/rc.d:
|
|
rm /etc/rc.d/* && mergemaster -i
|
|
|
|
20120109:
|
|
panic(9) now stops other CPUs in the SMP systems, disables interrupts
|
|
on the current CPU and prevents other threads from running.
|
|
This behavior can be reverted using the kern.stop_scheduler_on_panic
|
|
tunable/sysctl.
|
|
The new behavior can be incompatible with kern.sync_on_panic.
|
|
|
|
20111215:
|
|
The carp(4) facility has been changed significantly. Configuration
|
|
of the CARP protocol via ifconfig(8) has changed, as well as format
|
|
of CARP events submitted to devd(8) has changed. See manual pages
|
|
for more information. The arpbalance feature of carp(4) is currently
|
|
not supported anymore.
|
|
|
|
Size of struct in_aliasreq, struct in6_aliasreq has changed. User
|
|
utilities using SIOCAIFADDR, SIOCAIFADDR_IN6, e.g. ifconfig(8),
|
|
need to be recompiled.
|
|
|
|
20111122:
|
|
The acpi_wmi(4) status device /dev/wmistat has been renamed to
|
|
/dev/wmistat0.
|
|
|
|
20111108:
|
|
The option VFS_ALLOW_NONMPSAFE option has been added in order to
|
|
explicitely support non-MPSAFE filesystems.
|
|
It is on by default for all supported platform at this present
|
|
time.
|
|
|
|
20111101:
|
|
The broken amd(4) driver has been replaced with esp(4) in the amd64,
|
|
i386 and pc98 GENERIC kernel configuration files.
|
|
|
|
20110930:
|
|
sysinstall has been removed
|
|
|
|
20110923:
|
|
The stable/9 branch created in subversion. This corresponds to the
|
|
RELENG_9 branch in CVS.
|
|
|
|
COMMON ITEMS:
|
|
|
|
General Notes
|
|
-------------
|
|
Avoid using make -j when upgrading. While generally safe, there are
|
|
sometimes problems using -j to upgrade. If your upgrade fails with
|
|
-j, please try again without -j. From time to time in the past there
|
|
have been problems using -j with buildworld and/or installworld. This
|
|
is especially true when upgrading between "distant" versions (eg one
|
|
that cross a major release boundary or several minor releases, or when
|
|
several months have passed on the -current branch).
|
|
|
|
Sometimes, obscure build problems are the result of environment
|
|
poisoning. This can happen because the make utility reads its
|
|
environment when searching for values for global variables. To run
|
|
your build attempts in an "environmental clean room", prefix all make
|
|
commands with 'env -i '. See the env(1) manual page for more details.
|
|
|
|
When upgrading from one major version to another it is generally best
|
|
to upgrade to the latest code in the currently installed branch first,
|
|
then do an upgrade to the new branch. This is the best-tested upgrade
|
|
path, and has the highest probability of being successful. Please try
|
|
this approach before reporting problems with a major version upgrade.
|
|
|
|
When upgrading a live system, having a root shell around before
|
|
installing anything can help undo problems. Not having a root shell
|
|
around can lead to problems if pam has changed too much from your
|
|
starting point to allow continued authentication after the upgrade.
|
|
|
|
ZFS notes
|
|
---------
|
|
When upgrading the boot ZFS pool to a new version, always follow
|
|
these two steps:
|
|
|
|
1.) recompile and reinstall the ZFS boot loader and boot block
|
|
(this is part of "make buildworld" and "make installworld")
|
|
|
|
2.) update the ZFS boot block on your boot drive
|
|
|
|
The following example updates the ZFS boot block on the first
|
|
partition (freebsd-boot) of a GPT partitioned drive ada0:
|
|
"gpart bootcode -p /boot/gptzfsboot -i 1 ada0"
|
|
|
|
Non-boot pools do not need these updates.
|
|
|
|
To build a kernel
|
|
-----------------
|
|
If you are updating from a prior version of FreeBSD (even one just
|
|
a few days old), you should follow this procedure. It is the most
|
|
failsafe as it uses a /usr/obj tree with a fresh mini-buildworld,
|
|
|
|
make kernel-toolchain
|
|
make -DALWAYS_CHECK_MAKE buildkernel KERNCONF=YOUR_KERNEL_HERE
|
|
make -DALWAYS_CHECK_MAKE installkernel KERNCONF=YOUR_KERNEL_HERE
|
|
|
|
To test a kernel once
|
|
---------------------
|
|
If you just want to boot a kernel once (because you are not sure
|
|
if it works, or if you want to boot a known bad kernel to provide
|
|
debugging information) run
|
|
make installkernel KERNCONF=YOUR_KERNEL_HERE KODIR=/boot/testkernel
|
|
nextboot -k testkernel
|
|
|
|
To just build a kernel when you know that it won't mess you up
|
|
--------------------------------------------------------------
|
|
This assumes you are already running a CURRENT system. Replace
|
|
${arch} with the architecture of your machine (e.g. "i386",
|
|
"arm", "amd64", "ia64", "pc98", "sparc64", "powerpc", "mips", etc).
|
|
|
|
cd src/sys/${arch}/conf
|
|
config KERNEL_NAME_HERE
|
|
cd ../compile/KERNEL_NAME_HERE
|
|
make depend
|
|
make
|
|
make install
|
|
|
|
If this fails, go to the "To build a kernel" section.
|
|
|
|
To rebuild everything and install it on the current system.
|
|
-----------------------------------------------------------
|
|
# Note: sometimes if you are running current you gotta do more than
|
|
# is listed here if you are upgrading from a really old current.
|
|
|
|
<make sure you have good level 0 dumps>
|
|
make buildworld
|
|
make kernel KERNCONF=YOUR_KERNEL_HERE
|
|
[1]
|
|
<reboot in single user> [3]
|
|
mergemaster -Fp [5]
|
|
make installworld
|
|
mergemaster -Fi [4]
|
|
make delete-old [6]
|
|
<reboot>
|
|
|
|
To cross-install current onto a separate partition
|
|
--------------------------------------------------
|
|
# In this approach we use a separate partition to hold
|
|
# current's root, 'usr', and 'var' directories. A partition
|
|
# holding "/", "/usr" and "/var" should be about 2GB in
|
|
# size.
|
|
|
|
<make sure you have good level 0 dumps>
|
|
<boot into -stable>
|
|
make buildworld
|
|
make buildkernel KERNCONF=YOUR_KERNEL_HERE
|
|
<maybe newfs current's root partition>
|
|
<mount current's root partition on directory ${CURRENT_ROOT}>
|
|
make installworld DESTDIR=${CURRENT_ROOT} -DDB_FROM_SRC
|
|
make distribution DESTDIR=${CURRENT_ROOT} # if newfs'd
|
|
make installkernel KERNCONF=YOUR_KERNEL_HERE DESTDIR=${CURRENT_ROOT}
|
|
cp /etc/fstab ${CURRENT_ROOT}/etc/fstab # if newfs'd
|
|
<edit ${CURRENT_ROOT}/etc/fstab to mount "/" from the correct partition>
|
|
<reboot into current>
|
|
<do a "native" rebuild/install as described in the previous section>
|
|
<maybe install compatibility libraries from ports/misc/compat*>
|
|
<reboot>
|
|
|
|
|
|
To upgrade in-place from stable to current
|
|
----------------------------------------------
|
|
<make sure you have good level 0 dumps>
|
|
make buildworld [9]
|
|
make kernel KERNCONF=YOUR_KERNEL_HERE [8]
|
|
[1]
|
|
<reboot in single user> [3]
|
|
mergemaster -Fp [5]
|
|
make installworld
|
|
mergemaster -Fi [4]
|
|
make delete-old [6]
|
|
<reboot>
|
|
|
|
Make sure that you've read the UPDATING file to understand the
|
|
tweaks to various things you need. At this point in the life
|
|
cycle of current, things change often and you are on your own
|
|
to cope. The defaults can also change, so please read ALL of
|
|
the UPDATING entries.
|
|
|
|
Also, if you are tracking -current, you must be subscribed to
|
|
freebsd-current@freebsd.org. Make sure that before you update
|
|
your sources that you have read and understood all the recent
|
|
messages there. If in doubt, please track -stable which has
|
|
much fewer pitfalls.
|
|
|
|
[1] If you have third party modules, such as vmware, you
|
|
should disable them at this point so they don't crash your
|
|
system on reboot.
|
|
|
|
[3] From the bootblocks, boot -s, and then do
|
|
fsck -p
|
|
mount -u /
|
|
mount -a
|
|
cd src
|
|
adjkerntz -i # if CMOS is wall time
|
|
Also, when doing a major release upgrade, it is required that
|
|
you boot into single user mode to do the installworld.
|
|
|
|
[4] Note: This step is non-optional. Failure to do this step
|
|
can result in a significant reduction in the functionality of the
|
|
system. Attempting to do it by hand is not recommended and those
|
|
that pursue this avenue should read this file carefully, as well
|
|
as the archives of freebsd-current and freebsd-hackers mailing lists
|
|
for potential gotchas. The -U option is also useful to consider.
|
|
See mergemaster(8) for more information.
|
|
|
|
[5] Usually this step is a noop. However, from time to time
|
|
you may need to do this if you get unknown user in the following
|
|
step. It never hurts to do it all the time. You may need to
|
|
install a new mergemaster (cd src/usr.sbin/mergemaster && make
|
|
install) after the buildworld before this step if you last updated
|
|
from current before 20130425 or from -stable before 20130430.
|
|
|
|
[6] This only deletes old files and directories. Old libraries
|
|
can be deleted by "make delete-old-libs", but you have to make
|
|
sure that no program is using those libraries anymore.
|
|
|
|
[8] In order to have a kernel that can run the 4.x binaries needed to
|
|
do an installworld, you must include the COMPAT_FREEBSD4 option in
|
|
your kernel. Failure to do so may leave you with a system that is
|
|
hard to boot to recover. A similar kernel option COMPAT_FREEBSD5 is
|
|
required to run the 5.x binaries on more recent kernels. And so on
|
|
for COMPAT_FREEBSD6 and COMPAT_FREEBSD7.
|
|
|
|
Make sure that you merge any new devices from GENERIC since the
|
|
last time you updated your kernel config file.
|
|
|
|
[9] When checking out sources, you must include the -P flag to have
|
|
cvs prune empty directories.
|
|
|
|
If CPUTYPE is defined in your /etc/make.conf, make sure to use the
|
|
"?=" instead of the "=" assignment operator, so that buildworld can
|
|
override the CPUTYPE if it needs to.
|
|
|
|
MAKEOBJDIRPREFIX must be defined in an environment variable, and
|
|
not on the command line, or in /etc/make.conf. buildworld will
|
|
warn if it is improperly defined.
|
|
FORMAT:
|
|
|
|
This file contains a list, in reverse chronological order, of major
|
|
breakages in tracking -current. It is not guaranteed to be a complete
|
|
list of such breakages, and only contains entries since October 10, 2007.
|
|
If you need to see UPDATING entries from before that date, you will need
|
|
to fetch an UPDATING file from an older FreeBSD release.
|
|
|
|
Copyright information:
|
|
|
|
Copyright 1998-2009 M. Warner Losh. All Rights Reserved.
|
|
|
|
Redistribution, publication, translation and use, with or without
|
|
modification, in full or in part, in any form or format of this
|
|
document are permitted without further permission from the author.
|
|
|
|
THIS DOCUMENT IS PROVIDED BY WARNER LOSH ``AS IS'' AND ANY EXPRESS OR
|
|
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
DISCLAIMED. IN NO EVENT SHALL WARNER LOSH BE LIABLE FOR ANY DIRECT,
|
|
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
Contact Warner Losh if you have any questions about your use of
|
|
this document.
|
|
|
|
$FreeBSD$
|