Here’s something I haven’t see before: at the time of me typing this, there are commits in DragonFly, FreeBSD, and I assume NetBSD (haven’t found the commit), but the 2019-5612 CVE entry is still shown as reserved and not public. This may change by the time you read this article, of course.
Matthew Dillon posted an extensive writeup about the hardware changes for dragonflybsd.org; price to performance ratio has been improving so much for multiprocessor machines that we can jump forward both for hosting hardware and for a testbed.
He also mentions his immediate thoughts on what to tackle next, since SMP has been so relentless improved in DragonFly. It resulted in a very long conversational chain as people weighed in with opinions, so I’ve held off posting it until the conversation finished. (I chimed in too.)
DragonFly’s tap(4)/tun(4) devices have been historically precreated – tap0, tap1, tap2, tap3. They are now auto-cloned, which might surprise any software counting on the prior behavior. I don’t know of any specific packages that are affected by this, though. DragonFly version 5.6 is unaffected by this; it’s in -current only.
If you upgrade DragonFly and one of the shared libraries used by pkg gets updated, you can’t run pkg until you get files, but pkg is the program you use to bring in new files. This chicken-and-egg problem is solved with pkg-static, a version of pkg built without shared libraries.
You may have noticed some format flip-flopping between pkg and pkg-static if you had to run it after the most recent DragonFly upgrade; that is fixed. There’s a larger issue of certificate installation identified there; I don’t know a solution to it, but I do want to mention this for next time pkg breaks for someone – pkg-static will work as backup, including to bring in a new version of pkg.
When you encrypt your DragonFly boot drive, initrd(7) is run to get your system online and able to accept a password to decrypt the drive. So far, so good. The initrd program is a minimal userland designed to be small, and it generally works. However, it assumes a QWERTY keyboard. If you’re Pierre-Alain TORET and normally use an AZERTY (in this case French) keyboard, that makes it difficult to type the decryption phrase.
It’s possible to patch a different keyboard layout into initrd, and he has documented just how to do that.
Remember my post about a new upgrade script? tse, the author, has happily added in a bunch of suggestions. I’m intermittently traveling and can’t do anything to test it for days yet – but I’d love to see others try it out.
The bugs issue tracking versions is here: #3197. Can you, dear reader, try it out? Do an in-place upgrade on your version, or even a test install with a VM? I want to see what happens in the wild.
This slipped in just before the 5.6 release, and I thought I had already noted it: DragonFly now defaults to HAMMER2 for disks during install, instead of HAMMER1.
There’s now a read-only sysctl ‘jail.jailed’ that can be checked to see if the current environment is running within a jail; useful for scripts that should not run in that environment, etc. I link to it mostly because it’s an odd sort of meta-signifier of reality, like being awake or in a waking dream, and that entertains me.