*might* be worth a comment to the effect of in the non-DIRDEPS_BUILD HOST_CC is just CC

FWIW we have sym and abi checkers in junos build, they are each in a separate makefile included by bsd.lib.mk if the appropriate knob is enabled
The sym checker does BSS and TLS symbol checks, not directly useful here, but just a thought

In D43810#1000521, @kevans wrote:

No comment on the veriexec bits (they seem generally sane, but that's your area of course :-)), but the motivation described here:

When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.

and the relevant hunk of the diff look OK to me.

clean up local.trust.mk more

Use $() rather than backticks, and only look once.

In D43826#999880, @jlduran_gmail.com wrote:

This looks good. It makes an extra effort to find sed.
I just wonder if it is possible to define SED=${SED:-$(Exists -x /usr/bin/sed /rescue/sed)} only once in rc.subr, maybe at the beginning?

Update version.veriexec for SMBIOS 3 support

Put _TA_*_USE after _SIGN_*_USE

Use version.veriexec when LOADER_VERIEXEC is enabled

Add SPDX BSD-2-Clause to safe_eval.sh

Use local.rc.subr rather than rc.subr.local

Validate load_rc_config_reader

Implement some feedback

Update doc in debug.sh

rc.subr add comment explaining the no-op Debug{On,Off} and safe_dot
at the end - in case the real ones could not be found.

Tweak debug.sh.8, use .Fn when refering to functions called.

Man page tweaks

Add man page for debug.sh

Further man page tweaks

Make a start on man pages

Fix some style issues in rc.subr

Will have a go at the style issues.

Check for -f as well as -s

This is overcome by D43671

Note: If the format of rc_log is deemed undesirable we could move it (and rc_trace) to rc.subr.local and just put a place holder in rc.subr

I know a few folk are interested in using mac_veriexec, but we could push the guts of vdot etc into rc.subr.local (I've moved it to the end of the file) and just put a place holder here like vdot() { dot "$@"; }. It is the callouts in run_rc_* etc which are most important.

In D42947#979246, @jrtc27 wrote:

One nit, and I assume you've verified that opt_osname.h does now have the right contents?

missed SUBDIR_DEPEND_

Rename osname to include

Thanks!

Put install-zoneinfo: zonefiles dependency within check for DIRDEPS_BUILD

Rename zoneinfo target to zonefiles.

Thanks