devfs:
- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed
cryptsetup:
- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page
theres a bootstrap problem:
when /bin/init is run, it processes /lib/namespace where we might want to
mount or bind resources to /n or /mnt. but mntgen was run later in
cpurc/termrc so these mounts would be ignored.
we already have mntgen in bootfs, so we can provide these mountpoints early.
i keep the termrc/cpurc mntgens where they are, but ignore the error
prints. this way old kernels will continue to work.
to solve the usb device enumeration race on boot, usbd creates /env/usbbusy
on startup and once all devices have been enumerated and readers have consumed
all the events, we remove the file so nusbrc/bootrc can continue. this makes
sure all the usb devices that where plugged in on boot are made available.
bootmkfile will now looks for the following proto files in order
and pick the first one it finds to build the bootfs.paq file:
1) $CONF.boofs.proto (config specific)
2) bootfs.proto (kernel specific)
3) $BOOTDIR/bootfs.proto (default generic)
when building bootfs in d770 mode directory, the other permissions
in bootfs paq are masked off which results in boot to fail. theres
no point in checking group/other permissions on boot, so just disable
permissin checking in paqfs with the -a flag.
there is no use for "bootdisk" variable parametrization
of /boot/boot and no point for the boot section with its
boot methods in the kernel configuration anymore. so
mkboot and boot$CONF.out are gone.
move the rules for bootfs.paq creation in 9/boot/bootmkfile.
location of bootfs.proto is now in 9/boot/bootfs.proto.
our /boot/boot target is now just "boot".
factotum is started in bootrc before the network is setup
(as we need it to negotiate wpa key for wifi). once, the network
is setup, the bootstrap authservers are passed in /net/ndb,
which factotum reads when doing bootstrap authdial. it does
this only when no authserver was specified earlier! but we
want net.rc to select the proper bootstrap authserver...
the $secstore variable takes precedence over $auth. as
there is no connection server yet, we have to select the set
of servers here and pass them to secstore with -s flag.
note that this will work if multiple addresses where
specified.
instead of naming devices by ther dynamically assigned device address,
we hash device uniqueue fields from the device descriptor and produce
a 5 digit hex string that will identify the device across machines.
when there is a collision (less than 1% chance with 100 devices),
usbd will append the device address to the name to make it uniqueue
for this machine.
the hname is passed to drivers in the devid argument, which now has
the form addr:hname, where the colon and hname can be omited (for backwards
compatibility).
when the new behaviour isnt desired, nousbhname= environment variable
can be defined giving the old behaviour.
to run aux/wpa at boot, we need factotum to be running. tho
factotum was started only after the network was configured.
what we do now is start factotum early, not fetching keys
from secstore. once network is available and the auth server
is known, we fetch keys from secstore using auth/secstore in
bootrc.
to pass the authserver for p9 authentication to factotum, we
write it in /net/ndb and the special _authdial() in factotum
will picks it up.
as we are using auth/secstore binary in any case, we remove
the duplicated secstore code from factotum and make it just
exec auth/secstore to fetch the keys on startup (unless -n
or -S is specified).
this change is in preparation for amd64. the systab calling
convention was also changed to return uintptr (as segattach
returns a pointer) and the arguments are now passed as
va_list which handles amd64 arguments properly (all arguments
are passed in 64bit quantities on the stack, tho the upper
part will not be initialized when the element is smaller
than 8 bytes).
this is partial. xalloc needs to be converted in the future.
assuming that this check tried to prevent the hostowner
from killing init, it is silly because init would just
handle the note.
with kbdfs, we actually want to send interrupt note to
the initial process group so instead of working arround
this with rfork(RFNOTEG|RFNAMEG), we remove the check.
these changes make the interrupt key available in the
console (before rio is started).
kbdfs: will now send a "interrupt" note to its invoking
process group in cooked mode.
bootrc: is now prepared to handle interrupts, mainly to
not accidently spawn a new bootargs prompt.
init: forwards the interrupt to the cpurc/termrc pgrp.
vncs: shields itself from kbdfs notegroup so interrrupt
wont kill the whole vnc session.
