# DragonFly Release 3.0 ## 22 February 2012 The DragonFly 3.0 release is here! This release was delayed from our regular schedule for tracking down [what appears to be a AMD CPU bug](http://gitweb.dragonflybsd.org/dragonfly.git/commit/8e32ecc0a77082f1e232a3e6d12e2f163f9667a4). As a pleasant side effect, the giant kernel lock has been removed from much of the system and this release performs significantly better on multi-core systems than previous DragonFly versions. ## Big-ticket items ### Major VM SMP work Previously the majority of the VM was under a single token, the vm_token; now vm_objects (mappable entities) are each under a private token, concurrent page faults in the same object can proceed, and VM SMP scalability overall is improved. Results for Postgres and MySQL, among others, are excellent. Francois Tigeot [worked on benchmarks](http://leaf.dragonflybsd.org/mailarchive/kernel/2011-11/msg00004.html) comparing DragonFly 2.10 and DragonFly 2.13, among other operating systems. The resulting graphs show how well DragonFly responds to multiple CPUs on a 24-threads Xeon system. (2.13 is the development version of DragonFly that became 3.0.) [[!img pgbench-dfly-210-213.png alt="Graph of Pgbench improvement between DragonFly releases"]] ### HAMMER performance greatly increased A new [time domain multiplexing method](http://leaf.dragonflybsd.org/mailarchive/commits/2011-07/msg00086.html) has been added to balance storage operation types over long time periods. HAMMER fairness and throughput under heavy storage loads has significantly improved. HAMMER's behavior in very low memory configurations has also improved; it will no longer readily starve a system of kernel allocation space. HAMMER should work on systems with as little as 256MB of RAM. ### SMP kernel installed by default ACPI + interrupt routing have been upgraded. A SMP kernel will work on all machines and is installed by default. ### Disk Encryption DragonFly now has [tcplay(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=tcplay§ion=8), a tool for creating and managing encrypted disk volumes. It is 100% [TrueCrypt](http://www.truecrypt.org/) compatible and BSD licensed. ## Availability Four release options are now available for 32-bit as well as for 64-bit. 64-bit installations are recommended if you do not need the linux emulation layer. * An ISO, to be burned to a physical CD or used as an image to install a virtual machine. * A bootable USB disk-key image. (minimum 2G USB stick needed) * A GUI bootable ISO image with a full X environment. DVD disc required. * A GUI bootable USB disk-key image with a full X environment. (minimum 4G USB stick needed) The release ISO images should be available on most of the [[mirrors|mirrors]]. If the ISO is not available on a certain mirror, please try another one or download it from the DragonFly master site. Each image is in the "Live CD" format, meaning that it boots into a running and fully functional DragonFly system, which can be used for testing or system recovery tasks as well as installation. Check the [hardware page](http://www.dragonflybsd.org/docs/supportedhardware/) or boot a Live CD to check for compatibility. The GUI bootable USB image also contains the DragonFly git repo in /usr/src and the pkgsrc git repo in /usr/pkgsrc. The code can be trivially checked out using these repos and can be incrementally updated from master sites, post-install. ### MD5 sums MD5 sums for the compressed images: * MD5 (dfly-i386-3.0.1_REL.img.bz2) = 8f812dbcb9c0ca28a61f5a0ae1e35a9e * MD5 (dfly-i386-3.0.1_REL.iso.bz2) = 0c602e122c4f8c7b31e1578fb7c975e4 * MD5 (dfly-i386-gui-3.0.1_REL.img.bz2) = f113ecb9839b4b1edcd0d33376d32362 * MD5 (dfly-i386-gui-3.0.1_REL.iso.bz2) = 3d8fcc33fbf2169868a33b8928c53d53 * MD5 (dfly-x86_64-3.0.1_REL.img.bz2) = d9d7880ad328c5ccf9e46b1c9de36fff * MD5 (dfly-x86_64-3.0.1_REL.iso.bz2) = dcc2b27a9ef938470433465342655a90 * MD5 (dfly-x86_64-gui-3.0.1_REL.img.bz2) = 6ede68b56b329ab079e9fd22af343160 * MD5 (dfly-x86_64-gui-3.0.1_REL.iso.bz2) = 76632bc7d6f84a142f091ea2bce610c9 MD5 sums for the uncompressed images: * MD5 (dfly-i386-3.0.1_REL.img) = a7cc87b26c04a179476f9c3f20f8ce9d * MD5 (dfly-i386-3.0.1_REL.iso) = dcabe48f2c5b427a1afbe5c44d9b2f04 * MD5 (dfly-i386-gui-3.0.1_REL.img) = f4e098334058e692f257545f7f7e0cda * MD5 (dfly-i386-gui-3.0.1_REL.iso) = 64a1a228da4ee1ec37942f092094bdcf * MD5 (dfly-x86_64-3.0.1_REL.img) = 9c235b5e8d8a59b0c53db3523647f9fc * MD5 (dfly-x86_64-3.0.1_REL.iso) = 8bd79fb3174184f8ddf1e6ebceb028eb * MD5 (dfly-x86_64-gui-3.0.1_REL.img) = 25bf66c189809910d855419551e5cd26 * MD5 (dfly-x86_64-gui-3.0.1_REL.iso) = 1383ed5c7adf4ac16ef887cf2296c85a ### pkgsrc packages We offer roughly 10,000 pre-built [pkgsrc](http://www.pkgsrc.org) packages for this release. The [pkg_radd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_radd§ion=ANY) utility may be used to download pre-built binary packages. The path can be overridden by setting BINPKG_BASE in `/etc/pkg_radd.conf`. To get a list of all packages, let [pkg_search(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_search§ion=ANY) download the summary file for that release: # pkg_search -d We supply a Makefile in `/usr` to track the pkgsrc tree and we supply a Git mirror of the NetBSD pkgsrc CVS repo at `git://git.dragonflybsd.org/pkgsrcv2.git`. We recommend that users use it, instead of pulling from NetBSD with CVS. Our Git mirror is updated several times a day. Type 'make' in /usr to see the available commands for performing these actions. ## DragonFly 3.0 Special Installation and Upgrade Notes **Disk size warning** - Unless your hard disk is 50G or larger, we recommend doing a UFS install and not the default HAMMER install. We also recommend installing from the CD ISO, not the GUI .img, for smaller drives. A more serious installation should use HAMMER with at least 50G of disk space and can install from the GUI .img. HAMMER on smaller disk drives is possible but requires careful pruning to keep from filling the disk with file history. **Virtual PC users** - Virtual PC does not supply serial numbers for the virtual disks. The system may need to be manually directed in the boot loader if the disk identifier changes. (Hit ? in the boot loader for a list of available volumes.) **Installer Crypt Options** - The installer can encrypt the root volume and the swap volume. It will not work properly for other volumes despite any additional check-boxes you might see. Installer and boot-time support works but is still a bit rough around the edges. Performance will be relatively high on multi-core machines. **ISA driver removal** - A number of ISA hardware drivers have been removed. One of these drivers, ie(4), was in our GENERIC config. Another driver, aha(4), was in both our GENERIC and our X86_64_GENERIC kernel configuration files. If you are using a kernel config based on a previous release's GENERIC config file, you may need to remove these drivers in order to successfully compile the kernel. **PAM Changes** - The pam_krb5 and pam_ksu modules have been removed as part of a PAM update. If you were using these modules, the security/pam-krb5 package in pkgsrc is a suitable replacement. **Remaining issues** - The DragonFly bug tracker mentions some issues still known but not fully diagnosed at time of release. Specifically, building world with more than 4 processes (-j 5) may cause issues on i386, and some users have seen issues with NFS. Check the [3.0 release ticket](http://bugs.dragonflybsd.org/issues/2286) for details. ## DragonFly 3.0 Release Notes ### Release Improvements > ### Kernel changes * crypto(4) now supports the AES-GCM, Twofish, Serpent, Twofish-XTS and Serpent-XTS ciphers. * Fixed dm(4)'s remove_all so that it works correctly when the volumes are interdependent. * Improved dm(4) performance by reducing serialization in the I/O path. * dm_target_crypt now supports plain64 IV generator. * dm_target_crypt now supports Serpent and Twofish XTS modes. * dm_target_crypt now uses per-volume mpipes. This fixes a major issue with stacked volumes. * devfs(4) has been changed to track related devices explicitly by cdev pointer instead of by (sub)name. The devfs subname* API has been completely replaced by the related* API. * Fixed some potential deadlocks in dsched(4) and dsched_fq. * bfq(4), an experimental, work-in-progress budget fair queuing dsched(4) policy has been added. * mps(4) driver has been updated and now supports RAID. * pf(4) has been converted to use kmalloc instead of zalloc. * Substantial update to the kernel's ELF handling. * The refcount API has been overhauled. * A netgraph MP race has been fixed. * A bug in the kernel smb code relating to directory scanning has been fixed. * NFS server updates were pulled in from FreeBSD; read and write clustering behavior is improved. * MSI (Managed System Interrupt) and MSI-X support has been greatly expanded. * Soft tokens can now be taken in shared mode in addition to the classical exclusive mode. * Virtual file system accounting support has been added and will serve as a basis for future file-system independent quota work. * Appletalk support removed. * tmpfs filesystems can now be exported via NFS. * libm has been updated with multiple math functions brought in from NetBSD/FreeBSD. * Position-Independent Executables (PIE) support added. * TRIM support added. * PCI MMC/SD drivers are included in the GENERIC kernel. > ### Hardware changes (non-networking) * padlock(4) now supports the built-in random number generator and feeds entropy into the kernel's entropy pool. * ubsec(4) has now been fixed to be compatible with the new crypto(4) framework. * mfi(4) updated to LSI's version 3.981. * hptiop(4) updated. * safe(4) added. * mps(4) driver updated * ecc(4) now supports more hardware. * coretemp(4) updated. > ### Hardware changes (networking) * bge(4) now supports the 5761, 5784, and 57780 chipsets. * ndis(4) updated. * msk(4) updated. * re(4) updated. * lgue(4) added. * bce(4) updated. * em(4)/emx(4) updated. > ### New Multiprocessor-safe Work * VM: vm_objects now use per-object tokens and a hold/release based-lock protocol, rather than the global VM token. * VM: VM page queues locking is now fine-grained * VM: x86-64 PMAP has been rewritten to synchronise at the page/object level rather than using the vm_token. * kqueue: kqueue uses per-kq and per-list token rather than a global page queue token * signals: Move some signal processing unto LWP rather than process tokens > ### Userland changes * The C library slab allocator (nmalloc) has been replaced with a considerably more scalable, faster design on x86-64 (dmalloc). * proplib(3) has been updated * libdm, a simple BSD-licensed device mapper library that is API-compatible with libdevicemapper has been added. * tcplay(8), a simple BSD-licensed tool that allows creation, managing and mapping of TrueCrypt volumes has been added. It is fully integrated with initrd and cryptdisks and 100% compatible with TrueCrypt. * tcplay(3), a library based on tcplay(8) that allows access to TrueCrypt volumes, has been added. * POSIX 2008 fmemopen(3) and open_memstream(3) routines have been added to libc * Bug in socket timeouts has been fixed, allowing Varnish to run w/ default configuration. * The jail rc.d script can now automatically mount a devfs inside the jails. * Minor fix in hammer(8) for snapshot count in the info directive. * Major update to rtld-elf. * Major update and bugfixes to sh(1). * 'hammer dedup' can run in fixed memory by running multiple passes. * buildworld can now be run in parallel for faster results. * dfregress, a regression testing framework, added. * Support for exception handling on statically-linked binaries. * libhammer, a library for HAMMER functions, has been added. * tuxload, a tool for stressing the VM system's free memory, has been added. * Patches for use with Coccinelle and DragonFly are now included. > ### x86_64-specific changes * A bug in the initial stack pointer alignment has been fixed. * File-descriptor passing via sendmsg has been fixed on x86_64 * MTRR support added to x86_64 kernel * dmalloc added (see Userland Changes) > ### Removals * The following ISA only drivers have been removed along with a couple of associated userland tools: aha(4), asc(4), sasc(1), ctx, dgb(4), el(4), gpib, gsc(4), sgsc(1), ie(4), labpc(4), le(4), mse(4), rc(4), rdp(4), spigot, tw(4) & xten(1) & xtend(8), wl(4), wlconfig(8), wt(4). > ### Contributed Software * Shipping with pkgsrc-2011Q4 built packages. * binutils 2.20 removed * libgnuregex removed * BSD gprof replaced with GNU gprof * GNU sort replaced by NetBSD sort * xchat removed from GUI build * awk updated to 20110810 * binutils updated to 2.22 (2.21 is the default) * dma updated to 0.7 * diffutils updated to 3.2 * file updated to 5.10 * ftp updated to match NetBSD's tnftp as of 2012/01/08 * gcc44 updated to 4.4.7 * gdb (and kdgb) updated to 7.3 * gdtoa 20110321 added * grep updated to 2.9 * ldns/drill updated to 1.6.11 * less updated to 444 * libarchive updated to 3.0.3 * libgmp updated to 5.0.2 * libmpfr updated to 3.1 * libpcap updated to 1.2.1 * mdocml updated to 1.11.3 * OpenPAM updated to 'Lycopsida' * OpenSSH updated to 5.9p1 * OpenSSL updated to 1.0.0g * sendmail updated to v8.14.15 * tcpdump updated to 4.2.1 * texinfo updated to 4.13 * xz updated to 5.0.3 * zoneinfo database updated to tzdata2011n >### Security related * CVE-2011-4862, telnetd, fixed. * CVE-2011-3581, CVE-2011-3207, CVE-2011-3210, CVE-2010-3864 CVE-2010-2939 fixed through contrib software updates. * crypt(3) changed to use the Linux implementation of SHA256/512. SHA512 is the new default.