arm64: add a GPIO driver for Apple Silicon
This is a ported version of OpenBSD's work, modulo interrupt
functionality. We won't need GPIO interrupts until we start to get
closer to audio support, and the existing version is sufficient for,
e.g., pcie.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D49630
arm64: add a driver for the uart found on Apple Silicon machines
This is a revival of the old exynos4210 driver, with some additional
bits to configure the apple "s5l" uart (which is actually slightly
different to operate).
This hasn't been tested on anything that would hit the non-s5l path, so
banish it off to the apple/ domain until someone cares to confirm that
none of the other hardware is broken -- it may be that nobody does, but
the complexity isn't too bad: mostly the driver1 construct added to the
uart_bas that we use to avoid having a whole bunch of shims for uart
driver methods and hardcoded references to the cfg structs.
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D48120
libc: tests: fix the gethostname() and getdomainname() tests
Instead of relying on any particular domainname and hostname to succeed,
spin up a jail before we execute the test with them set to some known,
fixed values. This allows them to be meaningfully tested -- previously,
they were skipped much more often than not.
Reported by: jlduran
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49237
libc: tests: allow fortified test cases to require root
An upcoming test will require root to create a jail with its own
domainname/hostname to avoid external requirements on the test runner
as we want to fetch them with valid and plausible sizes.
Generate test headers for all cases to reduce churn in future diffs as
metadata is added to individual tests, or in case other test options
are added to correspond to different metadata to set.
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49236
libc: tests: fix luacheck warnings in the fortification test generator
All of these are simple shadowing that don't need to happen; we're
passing the shadowed value through in every case anyways, just use it
in the closure in a more lua-natural fashion.
While we're here, lint the generator every time we generate tests to
ensure that we don't regress without having to remember to manually
run luacheck.
Reported by: jlduran
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49235
grep: avoid duplicated lines when we're coloring output
For the default uncolored output, we'll just output a line once and then
move on. For colored output, we'll output multiple matches per
line with context from the line interspersed and may end up writing out
some match context multiple times as we don't persist which part of the
lines have already been printed.
Fix it by tracking the length of line printed thus far in printline()
and retaining it across successive calls to printline() in the same
line. printline() should indicate whether it terminated the line or not
to avoid tracking the logic for that in multiple places: -o lines are
always terminated, so it's generally only some --color contexts where we
wouldn't have terminated.
Add a test to make sure that we're only printing one line going forward.
Reported and tested by: Jamie Landeg-Jones <jamie catflap org>
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D49324
kern: wg: remove overly-restrictive address family check
IPv4 packets can be routed via an IPv6 nexthop, so the handling of the
parsed address family is more strict than it needs to be. If we have a
valid header that matches a known peer, then we have no reason to
decline the packet.
Convert it to an assertion that it matches the destination as viewed by
the stack below it, instead. `dst` may be the gateway instead of the
destination in the case of a nexthop, so the `af` assignment must be
switched to use the destination in all cases.
Add a test case that approximates a setup like in the PR and
demonstrates the issue.
PR: 284857
Reviewed by: markj (earlier version), zlei
(cherry picked from commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad)
kern: wg: remove overly-restrictive address family check
IPv4 packets can be routed via an IPv6 nexthop, so the handling of the
parsed address family is more strict than it needs to be. If we have a
valid header that matches a known peer, then we have no reason to
decline the packet.
Convert it to an assertion that it matches the destination as viewed by
the stack below it, instead. `dst` may be the gateway instead of the
destination in the case of a nexthop, so the `af` assignment must be
switched to use the destination in all cases.
Add a test case that approximates a setup like in the PR and
demonstrates the issue.
PR: 284857
Reviewed by: markj (earlier version), zlei
Differential Revision: https://reviews.freebsd.org/D49172
libc: fix _FORTIFY_SOURCE build on aarch64
As with their amd64 counterparts, we need to undef these string funcs
that _FORTIFY_SOURCE will have defined macros for to avoid breaking the
build.
Fixes: bea89d038ac ("lib/libc/aarch64/string: add strlcat SIMD [...]")
Fixes: 3dc5429158c ("lib/libc/aarch64/string: add strncat SIMD [...]")
libbe: avoid copying encryption-related props
libzfs insists that these be cloned from the origin, so avoid making a
deep copy of them ourselves to unbreak creating a new BE from a BE with
encrypted components -- in today's environment, without a loader that
does encryption, this means a deep BE setup where something underneath
the BE (e.g., home directories) are encrypted.
Reported and tested by: arrowd
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D48464
nvmf: fix build with __assert_unreachable() addition to userland
<assert.h> now has a usable definition, so we don't need to shim it out
in the nvmf header anymore.
Reviewed by: emaste, jhb
Differential Revision: https://reviews.freebsd.org/D48078
include: add a userland version of __assert_unreachable
The kernel has had a version of this since
c79cee71363d ("kernel: provide panicky version of __unreachable"), and
userland can benefit from the same. __unreachable is largely
inadequate because it's *not* an assertion of any sort, so we're not
really alerted to a problem that we could've anticipated.
Reviewed by: emaste, imp, jhb, olce
Differential Revision: https://reviews.freebsd.org/D48077
pkg: include missing <string.h>
My local environment seems to be seeing some pollution; we need
<string.h> for strlen.
PR: 284021
Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]")
(cherry picked from commit b8770ce1dfed52fcb7249cdf3cf4d4d16357b9fd)
pkg: include missing <string.h>
My local environment seems to be seeing some pollution; we need
<string.h> for strlen.
PR: 284021
Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]")
(cherry picked from commit b8770ce1dfed52fcb7249cdf3cf4d4d16357b9fd)
pkg: include missing <string.h>
My local environment seems to be seeing some pollution; we need
<string.h> for strlen.
PR: 284021
Fixes: 2e065d74a5b0e ("pkg: add a pkgsign_verify_data [...]")
MFC after: immediately (trivial build fix)
pkg: finish adding the ECC signer and signature type bits
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
(cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e)
shar: add a deprecation notice
The shar(1) program is simple, but the fundamental idea of a sh archive
is risky at best and one that we probably shouldn't be promoting as
prominently as a program in $PATH and a manpage. Let's deprecate and
remove it, since the same functionality can easily be found in
tar(1) instead.
Reviewed by: emaste, philip
Reviewed by: allanjude, brooks, delphij, des, imp, rpokala (previous)
(cherry picked from commit f68ee0e7a1e8732f725cad4ac708ec49093782d4)
(cherry picked from commit 2832af7b4ea256b18ef4dbf2ff97a50765f0609a)
pkg: add a pkgsign_verify_data callback
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
(cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e)
pkg: refactor out a pkg_read_fd()
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
(cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7)
pkg: pull rsa bits out of pkg.c
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
(cherry picked from commit 2629e90dd05fb69d767525f960101d7d055ffae0)
pkg: abstract rsa out behind a pkgsign API
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
(cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead)
secure: hook up libecc as libpkgecc
libecc is not intended to be general use, other applications should
really be using openssl. pkg(7) uses libecc to align with the pkg(8)
project and its goals. This will be used in the upcoming support for
ECC in pkg(7).
Reviewed by: emaste
(cherry picked from commit 05427f4639bcf2703329a9be9d25ec09bb782742)
lib: hook libder up to the build
libder will be used in upcoming ECC support in the pkg(7) bootstrap to
read DER-encoded keys and signatures.
(cherry picked from commit f59bb61e1eb4d1e4fc3c60cc14779d0668267cb2)
shar: add a deprecation notice
The shar(1) program is simple, but the fundamental idea of a sh archive
is risky at best and one that we probably shouldn't be promoting as
prominently as a program in $PATH and a manpage. Let's deprecate and
remove it, since the same functionality can easily be found in
tar(1) instead.
Reviewed by: emaste, philip
Reviewed by: allanjude, brooks, delphij, des, imp, rpokala (previous)
(cherry picked from commit f68ee0e7a1e8732f725cad4ac708ec49093782d4)
(cherry picked from commit 2832af7b4ea256b18ef4dbf2ff97a50765f0609a)
pkg: finish adding the ECC signer and signature type bits
Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
(cherry picked from commit 3d0a0dda3a7d57bbd4eaf65ba8da0f2a36089c0e)
pkg: add a pkgsign_verify_data callback
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
(cherry picked from commit 2e065d74a5b0ea32db7d4f6e3f78eaa17ee7685e)
pkg: abstract rsa out behind a pkgsign API
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
(cherry picked from commit 5862580ded35e23581291a2e1052f04428369ead)
pkg: refactor out a pkg_read_fd()
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
(cherry picked from commit 2ecfc040a09f8c42f67bbfdcc4bd02ef84dac8b7)
