# DragonFly Release 2.8 ## 27 October 2010 (2.8.1a) The DragonFly 2.8 release is here! ## Big-ticket items **Crypto support** - dm-crypt was ported to DragonFly. This means that it is now possible to encrypt DragonFly partitions (e.g., HAMMER and UFS). While it is possible to only encrypt certain partition like `/home/`, it is also possible to encrypt the whole root file system. The latter is especially useful for mobile devices. Further, some parts of the code are SMP aware, so expect a speedup if using multi-core machines. **Packet Filter (pf)** - Pf was updated to a version based upon OpenBSD 4.2. The previous version of pf in DragonFly was based on OpenBSD 3.5. This, in addition to laying the ground for further following OpenBSD's implementation, introduced several performance gains: Information like route-to, altq, tags, etc are now stored in the `mbuf` header directly. This was partially already the case up to DragonFly 2.6, but now the implementation corresponds to OpenBSD's. Furthermore an often unnecessary checksumming was removed, which gains another 10% performance. Also state tables and interface bound states were reimplemented and the pf_test_*() functions where fold into pf_test_rule() to make things clearer. DragonFly-specific additions, support for fairq packet queueing and pickups, have remained intact. **WiFi Stack Update** - FreeBSD's WiFi (802.11) network stack has been ported. While not all WiFi drivers have been ported the ability to port drivers from FreeBSD much more easily will allow us to ultimately add support for more and newer WiFi devices in the near future. **MP Performance** - The multiprocessor work that has been ongoing in DragonFly is beginning to bear fruit. The MPLOCK (The primary lock, that when held ensures only a single cpu is operating within the kernel) has been pushed back significantly with this release. Another major effort has involved replacing the MPLOCK with LWKT soft tokens in most of the major subsystems throughout the kernel. These tokens still acquire the MPLOCK, but feature a sysctl to disconnect the token from the MPLOCK for testing, increasing safety for future development. The system is nearly stable with 'lwkt.vm_mpsafe' set, for example, which removes the MPLOCK from the entire VM subsystem. The result of this continuing work is improved performance for many workloads. ## Availability Three release options are now available for 32-bit as well as for 64-bit. * An ISO, to be burned to a physical cd or used as an image to install a virtual machine. * A bootable USB disk-key image (minimum 1G USB stick needed) * A GUI bootable USB disk-key image with a full X environment. The release ISO images should be available on most of the [[mirrors|mirrors]]. If the ISO is not available on a certain mirror, please try another one or download it from the DragonFly FTP server. Each image is in the "Live CD" format, meaning that it boots into a running and fully functional DragonFly system, which can be used for testing or system recovery tasks as well as installation ## Errata A minor bug related to CD9660/RockRidge directory entries resulted in the last-minute build of an "A" revision of the 2.8.1-RELEASE images. This issue caused the ISO images to always boot an SMP kernel. If you have somehow ended up with an original 2.8.1 image, note that while we recommend retrieving 2.8.1A and verifying its contents with the MD5 sum given on this page, the image you already have is functionally equivalent if your system is capable of booting an SMP kernel. ### MD5 sums * MD5 (dfly-i386-2.8.1A_REL.img.bz2) = 01d149f774a38bbed769e9248d7495d4 * MD5 (dfly-i386-2.8.1A_REL.iso.bz2) = 145cdcbc46baf04ec3330925a76af900 * MD5 (dfly-i386-gui-2.8.1_REL.img.bz2) = c6ac3387490cf5dbeba80cdbf3841ee2 * MD5 (dfly-x86_64-2.8.1A_REL.img.bz2) = 4b7112a56fe6ddfc23b6d373766a1ce6 * MD5 (dfly-x86_64-2.8.1A_REL.iso.bz2) = a6bb3121795893f658ede78144134176 * MD5 (dfly-x86_64-gui-2.8.1_REL.img.bz2) = 0e2093f44c481a2780346897c63d056f ### pkgsrc packages We offer thousands of pre-built [pkgsrc](http://www.pkgsrc.org) packages for this release. The [pkg_radd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_radd§ion=ANY) utility may be used to download pre-built binary packages. The path can be overridden by setting BINPKG_BASE in `/etc/settings.conf`. To get a list of all packages, let [pkg_search(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_search§ion=ANY) download the summary file for that release: # pkg_search -d We supply a Makefile in `/usr` to track the pkgsrc tree and we supply a Git mirror of the NetBSD pkgsrc CVS repo at `git://git.dragonflybsd.org/pkgsrcv2.git`. We recommend that users use it, instead of pulling from NetBSD with CVS. Our Git mirror is updated several times a day. ## DragonFly 2.8.x Special Installation and Upgrade Notes **New Loader** - The forth loader is no longer in the system. The new loader, 'dloader', has to be installed before an 'installkernel'. If you are updating from an older system such as DragonFly 2.6 it is recommended to run an installworld before the installkernel to update the loader. Otherwise you can simply do the following before the 'installkernel'. > # cd /usr/src/sys/boot > # make all install **BIND removal** - BIND is no longer in the base system. If you are using BIND or any of the associated utilities (host, nslookup, etc.), this method will allow you to transition to the version in pkgsrc: > # cd /usr/pksrc/net/bind96 > # bmake all install clean or > # pkg_radd bind96 > # cp /usr/pkg/share/examples/rc.d/named9 /etc/rc.d/ > # /etc/rc.d/named stop edit /etc/rc.conf, and remove > named_enable="YES" then add > named9_enable="YES" > named_chrootdir="/etc/namedb" > named_flags="-c named.conf" > named_program="/usr/pkg/sbin/named" > > # chown -R named /etc/namedb > # /etc/rc.d/named9 start Test your setup with `host`, `dig` and so on. Check for a running `named` process with ps. Error messages should go to `/var/log/messages`. **OpenSSL upgrade** - OpenSSL has been upgraded, and SHLIB_MAJOR was bumped for `libssh` and `libcrypto`. This shouldn't break any 3rd-party software, but you'll need to recompile your 3rd-party software if you want it to link against the new version of OpenSSL. **libevent removal** - Any previously installed applications depending on the `libevent` library in base will require recompilation, as this library is no longer supplied as standard. **VirtualBox, Virtual PC, and VMWare users** - Unless your virtual hard disk is 50G or larger, we recommend doing a UFS install and not the default HAMMER install. We also recommend installing from the CD ISO and not the DVD ISO. **Virtual PC users** - Virtual PC does not supply serial numbers for the virtual disks. The system may need to be manually directed in the boot loader if the disk identifier changes. (Hit ? in the boot loader for a list of available volumes.) ## DragonFly 2.8 Release Notes ### Release Improvements > ### Kernel changes * dsched, an IO Scheduler framework and dsched_fq, a Fair Queuing I/O scheduler policy. * Device Mapper imported from NetBSD. * stripe and crypt targets for the Device Mapper. * select(2), poll(2) and kqueue/kevent(2) implementations were unified on top of the existing kqueue implementation. * Device polling API's and selrecord/selwakeup were dropped, in favor of kqueue's knote API, simplifying device implementation. * LWKT tokens reworked to improve efficiency, especially in recursive scenarios. * Direct acquisition of MPLOCK removed from VM and pmaps, now under a global VM token. * VM: Idle time page zeroing. * Major update of pf from OpenBSD 3.5 to 4.2, keeping DragonFly specific additions (support for pickups and fairq). * Network socket flags were made atomic. * Additional portions of the network stack were removed from under the MPLOCK. * Major performance improvements to softcrypto on SMP systems. * kern_udev - A framework to associate optional information with device nodes. * initrd (initial ramdisk/malloc disk) support. * Removal of shared spinlocks and renaming of the spinlock API. * Added support for AES-XTS and AES-CTR to the opencrypto framework. * proplib imported from NetBSD. * Removal of the forth loader in favor of a C-only loader, 'dloader'. * Fixing of {MADV,MAP}_NOSYNC, resulting in a great performance improvement for vkernels. * TCP-MD5 (RFC 2385) was ported from FreeBSD. * LWKT scheduler's priority mechanism was rewritten * Linux Emulation mostly MPSAFE. * Added renameat syscall * kfree() IPIs dramatically reduced. * Add support for cdevs as virtual disks for vkernels. * nullfs gained support for the noexec flag. * It is now possible to dump to dm disks. * Sync amdpm(4) with FreeBSD (and bring in amdsmb(4)). * Sync alpm(4) with FreeBSD. > ### Hardware changes (non-networking) * Driver for Areca RAID controllers (arcmsr). * aesni crypto driver. * AHCI support for recent AMD SATA chipsets. * VIA Padlock support fixed. * The uguru(4) driver for ABIT temperature, voltage and fan sensors was ported from OpenBSD. * twa(4) was synced with FreeBSD version 3.80.06.003. * New swapoff utility to turn off swap space. > ### Hardware changes (networking) * New wireless network card framework has been ported from FreeBSD. * Wireless cards utilizing the following drivers are supported in this release: ath, iwi, iwn, ral, wi, wpi. * The following drivers have not been ported and will not yet work: acx, an, bwi, ndis, rtw, rum, ural. > ### Multiprocessor Safe Work * Major MPSAFE Infrastructure was done. * The following parts (referencing source files) of the kernel are now MPSAFE: * imgact_resident * kern_mpipe * kern_plimit * kern_prot * kern_sensors * kern_sig * kern_slaballoc * kern_uuid * kern_umtx * syscons * sys_pipe * sys_process * uipc_mbuf * vfs_sync * vm_zeroidle * vnode_pager * Additional subsystems that are now MPSAFE: protocol drain routines, pf packet filter, kevent. The ahci and sili drivers and tty's have also received MPSAFE treatment. > ### Userland changes * A catastrophic recovery command was added to the hammer(8) utility, allowing data to be potentially recovered from physically damaged media. * Power/CPU frequency management daemon named powerd(8). * libdevattr - A library giving access to additional information about kernel device nodes with an API that is mostly compatible with Linux' libudev. * udevd - A support daemon for libdevattr. * Kernel programming guide (section 9 man pages) updated and extended. * mkinitrd - A tool to generate an initrd image to be able to boot from crypto, lvm and other devices. * crashinfo, a tool to automatically extract some useful information from kernel dumps in a text format. * proplib imported from NetBSD. * Added sha512 support to libmd. * ftp-proxy and bthcid were ported from libevent to kqueue(2)/kevent(2) and libevent was removed from the base system. * FreeBSD's stress2 stress testing suite was imported. * ioprio, a utility to change the I/O priority of a process doing I/O on a disk with the dsched_fq policy. * lt, a 'tree'-like utility. * Ported savecore(1) from FreeBSD used to gather info from crash dumps. * Installer now uses tmpfs instead of mfs. * Several fixes for the DragonFly Mail Agent (dma). * top(1) prints now Proportional RSS (PRES) instead of RSS. * pf(4) OS fingerprints for all DragonFly versions. * OpenSSL can now load engines at run-time. * Various vkernel updates including support for diskless operation. * nmalloc (libc malloc) gained a per-thread magazine layer for improved scalability. > ### amd64-specific changes * A number of rare race conditions was fixed. This improves overall stability. * It is now possible to use powernow(4). * It is now possible to boot an SMP kernel without having to enable `APIC_IO`. > ### Removals * BIND is no longer in the base system. See Special Upgrade notes above for a migration path. * libevent. > ### Contributed Software * Imported drill and libldns as a resolving utility in base as BIND has gone. * Imported lvm (Logical Volume Manager). * Imported cryptsetup for use with the new device mapper crypto target, dm_target_crypt. * Updated awk to 20100523. * Updated bzip2 to 1.0.6 which fixes CVE-2010-0405. * Updated OpenSSH to 5.6p1 (with HPN patch). * Updated OpenSSL to 1.0.0a. * Updated tzdata to 2010n. >### Security related * Improved stability of tmpfs so that a user can't panic the system due to malloc zone exhaustion. * A security issue in libopie was fixed. * A security issue in the libc globbing code was fixed.