- User Since
- May 11 2014, 1:02 PM (218 w, 2 d)
Mon, Jul 16
Ooops, sorry about that, I guess I never re-tested WITHOUT_LOADER_GELI after making various changes after the first rev.
Add requested logging when moving/changing files and dirs.
Sun, Jul 15
Fix a typo (s/driftopt-/driftopt=/) that made it through my initial testing.
While testing and redeveloping the previous version of the rc.d/ntpd changes, I came to the conclusion that automatically setting up a chroot in an rc.d script is complicated and fraught with potential peril. When I got the point of having a embedded awk program that parsed the ntp.conf file so I could figure out whether we needed to mount a devfs inside the chroot for PPS device access, I realized I was way down a too-complicated path.
Sat, Jul 14
This does indeed fix the problem with building 12 on a 10-stable system, can we please get it committed asap?
Fri, Jul 13
UEFI testing completed; this code now passes all the tests generated by tools/boot/rootgen.sh, and has also been tested on armv7 systems with ubldr. I think it is ready to commit.
Thu, Jul 12
Does this mean that cubox-humingboard images will no longer be available for download?
Wed, Jul 11
Tue, Jul 10
Mon, Jul 9
By popular demand (on irc), support a special MAN_ARCH value of "all" to install all available arches. Also, update the wording of the make.conf entry to use MACHINE and MACHINE_ARCH, to match the terms used in man(1).
Sun, Jul 8
Sat, Jul 7
Fri, Jul 6
Thu, Jul 5
Wed, Jul 4
Tue, Jul 3
Update the diff to fix a couple bugs.
Mon, Jul 2
Fri, Jun 29
I am abandoning this change in favor of D16050 which is a more complete solution.
Thu, Jun 28
BTW, here's some information that took a while to figure out, so I want to capture it for future reference, somewhere other than a .txt file I'm sure to lose over time.
Tue, Jun 26
Okay, after some experimenting, here's what I've learned today...
I think it's all moot, and we simply don't support dropping priveleges and running in a chroot at all. Part of the reason for that is that ntpd itself inappropriately binds those two concepts together. It will not chroot unless it can also drop root privs afterwards, and it will not drop root privs without linux, solaris, or netbsd-clockctl mechanisms to set the time. IMO, that's bogus, I think ntpd could chroot to limit its access to the filesystem without dropping root privs, but that's not how it's coded now.
Well, it turns out the clockctl driver isn't an elegant solution whereby ntpd uses ioctl() calls to manipulate the clock based on filesytem permissions. Instead it's closer to a horrible hack where the clock setting functions in netbsd's libc react to EPERM errors by opening the clockctl device and doing it that way. I want no part of that. There are even netbsd email threads about how fragile the scheme is because of O_CLOEXEC and the order ntpd does things. And what it enables is basically a semi-solution, because once the daemon drops privs it's unable to bind to priveleged sockets, so if an interface goes down/up or you switch to a different wifi network or something, ntpd stops working until you manually restart it.
Mon, Jun 25
The symlinks the script wants to set up link the inside-chroot files to the corresponding outside-chroot locations. I guess so you can do "vi /etc/ntp.conf" and be editing the real inside-chroot config file. It looks like the code we've got now is a straight import from netbsd in 2001 and untouched since then. Their code has been revised since then to do more setup of the chroot.
Wow, that named-state stuff was even easier than I thought, and it makes a much cleaner solution than the various hacks we considered.
Reworked to only try to make symlinks if there isn't already a file/dir/link at the target location.