DragonFly’s root account defaults to tcsh, and that now defaults to autorehash being set on. Useful to remember if you reflexively type ‘rehash’ like I do, and also useful if you come from a shell where ‘rehash’ isn’t needed.
DragonFly’s default compiler is now gcc-8. This will help with some amount of dports builds.
tuning(7) had some updates from Matthew Dillon. It’s minor, as he says, but it’s such a useful man page I want to make sure people are reading it.
Matthew Dillon (re?)added a sysctl: vfs.hammer2.cluster_write. It defaults to off, since HAMMER2 already writes a large buffer size and this should, in theory, not be needed. It may improve performance in some situations where there’s a lot of file creation and deletion, but that’s my theoretical guess rather than anything I’ve bennchmarked.
If you haven’t done it before, you can use ‘make rescue’ to build a tiny base system on DragonFly, for use when /usr goes missing, for when your disk is encrypted, and other rather catastrophic problems. It should be in sync with the rest of the system, which is why ‘make rescue’ can be part of a buildworld process. I’m mentioning this because currently, ‘make upgrade’ should be done first.
Intel’s ACPICA 20180810 is now in DragonFly, thanks to Sascha Wildner. Nothing really user-affecting, but it does fix some memory leaks. You can tell it’s very new just by the version number.
If you have a mangled HAMMER2 disk, and you have inodes that are clearly mangled (the built-in CRCs don’t match), you can now remove them manually. This seems like Hole Hawg territory…
Francois Tigeot has been quietly updating DRM support in DragonFly, matching Linux kernel 4.7.10. I don’t think there’s any user-visible changes at this point, but I wanted to draw attention to the work.
As part of a recent update to OpenPAM, you can now use ed25519 in pam_ssh. My perception is that ed25519 is one of the better options to pick.
Sascha Wildner has brought in the NetBSD version of mtree(8), as groundwork for some other changes. There’s little user effect at this point, but it’s worth being familiar with mtree as a tool. Take a look at the man page, especially the section on trojan horse detection under EXAMPLES.
I’m a bit late on this, but: OpenPAM in DragonFly got an update to the “Resedacea” version. That most recent version lists only bugfixes, though I don’t know the age of the version we’re coming from and whether there were some intermediate upgrades in there.
Aaron LI continues to add to initrd(7): it now has scp, grep, diff, telnet, and 70 (!) more tools, bringing the total to over 200. That’s a lot for a “minimal” rescue image.
Aaron Li has been committing a good amount of work on initrd. There’s many small commits to link to, recently, but there is now also an initrd man page to remind people of when you need it. (hint: encrypted drives, or when everything else is broken.)
I’ve tagged and built DragonFly 5.2.2. This is mostly so that our current release image includes the fixes for the LazyFP bug, CVE-2018-3665. My email to users@ has upgrade details.
DragonFly has had NX (Non-eXecutable) support for some time. It’s now on by default for read operations in DragonFly master – not the current release. You can step it up to level 2, for write operations, with a loader tunable, but it may cause issues with dports.
Matthew Dillon’s added some patches to DragonFly related to securing floating point state, following similar work in OpenBSD. There isn’t a reported catchy-name issue to match it, like Spectre/Meltdown – yet.
(If anyone has a good link to the similar OpenBSD commits, please share; I did not find them on a cursory search.)
Update: the fix is now in 5.2 and an update is recommended.
There was an optional ‘make initrd’ step in the DragonFly build process, where you can create a small binary to use for mounting encrypted root drives.
Aaron LI has removed mkinitrd in favor of ‘make initrd’, which builds a separate binary to use in exactly those situations. See the commit message for more detail. It incidentally creates a ‘/rescue’ directory and works as a rescue ramdisk, similar to other BSDs, if you should ever need it. (See updated MOTD for details)
They aren’t huge, but eventually it adds up: Rimvydas Jasinskas has been working on GCC 8 integration in DragonFly, and there’s been small buildworld time savings as a side effect.
Rimvydas Jasinskas has added a few options to the buildworld process in DragonFly. These options let you skip rebuilding the compiler and binutils rebuilds, for a significant speedup: buildworld times cut in half.
See his excellent commit message for all the numbers. Note that this is for development work, so it’s not advisable for regular upgrades.
New DragonFly installs are chmod 700 for /root, not 755, from this recent change. Change your existing installation if desired.