These would be ‘In Other BSD’ links, but this isn’t Other BSD – It’s DragonFly:
- Towards a HAMMER1 master/slave encrypted setup with LUKS.
- Intro, Installation, and Fun with Hammer2.
Mixed in with the other documentation on the DragonFly website is a “how to build a release” explanation. I use it every time there’s a new DragonFly version. If you were wanting to build a DragonFly ISO/IMG with changes or different preinstalled dports, I’ve added some notes about what’s relevant for non-release building.
We used to have “GUI” releases of DragonFly which were based on the nrelease process installing pkgsrc packages and adding some configuration files. It doesn’t happen now mostly because nobody has had the time to reconfigure for dports; if you were looking for a project this weekend, may I suggest…?
I’m pulling a quote off of IRC to show some of the testing on HAMMER2, specifically as the background for this commit:
14:22 <@dillon_> ^^^ hammer2 bug, could reproduce it around once a day doing a continuous rm -rf on hardlinked snapshots. reproduced about once every 500 million directory entries or so
I am somewhat tickled by the notion that you might have a problem after deleting half a billion directory entries.
I’ve tagged and built DragonFly 5.2.2. This is mostly so that our current release image includes the fixes for the LazyFP bug, CVE-2018-3665. My email to users@ has upgrade details.
DragonFly has had NX (Non-eXecutable) support for some time. It’s now on by default for read operations in DragonFly master – not the current release. You can step it up to level 2, for write operations, with a loader tunable, but it may cause issues with dports.
Matthew Dillon’s added some patches to DragonFly related to securing floating point state, following similar work in OpenBSD. There isn’t a reported catchy-name issue to match it, like Spectre/Meltdown – yet.
(If anyone has a good link to the similar OpenBSD commits, please share; I did not find them on a cursory search.)
Update: the fix is now in 5.2 and an update is recommended.
There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.
Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations. See the commit message for more detail. It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it. (See updated MOTD for details)
If you have a serial card add-in, DragonFly can now output the console to it – a way to run completely headless. It’s not quite like a normal on-motherboard serial port boot, so look at the commit notes for implementation details.
Bug reports are usually unexciting, but it’s always fun to see someone working through a new idea, especially when it’s something enabled by doing it on DragonFly.
Rimvydas Jasinskas has added a few options to the buildworld process in DragonFly. These options let you skip rebuilding the compiler and binutils rebuilds, for a significant speedup: buildworld times cut in half.
See his excellent commit message for all the numbers. Note that this is for development work, so it’s not advisable for regular upgrades.
New DragonFly installs are chmod 700 for /root, not 755, from this recent change. Change your existing installation if desired.
If you’ve ever wondered what packages are needed to build a DragonFly release: here they are in one dports metapackage.
I’ve tagged a x.x.1 release – DragonFly 5.2.1, available now. It includes the recently-mentioned fix for CVE-2018-8897 and some other minor updates. See my email to users@ for the details.
Sascha Wildner has brought in the last 9 months of ACPICA updates to DragonFly. This may mean better power or motherboard support for your hardware in DragonFly. I always have a hard time pointing directly to ACPICA updates and how they benefit, but looking at the changelog update may help.
This commit from Bill Yuan says “highspeed lockless in-kernel NAT”, and lists a huge number of changes for ipfw3. How much of a change is it? I don’t know; there isn’t a matching documentation update and I don’t have a way to test.
I like pointing out how political world events push their way into computer updates.
Thanks to Rimvydas Jasinskas, GCC 8.0 has been imported into DragonFly. It’s not built by default, so you’ll need to set WORLD_ALTCOMPILER to get it. Rimvydas mentions this is part of a 3-year upgrade cycle.
Note that he went the extra mile and made sure dports could handle it too.
A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly. THis applies to both Intel and AMD processors. I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.
Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state. The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.
Update: update.
You can now use Wake On LAN functionality with igb(4) cards in DragonFly.
(I like acronymic titles a little too much, I know.)