[continued from previous message]

Links:
D40911 URL: https://reviews.freebsd.org/D40911
D40861 URL: https://reviews.freebsd.org/D40861
D40862 URL: https://reviews.freebsd.org/D40862
D40863 URL: https://reviews.freebsd.org/D40863
D40864 URL: https://reviews.freebsd.org/D40864
D40865 URL: https://reviews.freebsd.org/D40865
D40866 URL: https://reviews.freebsd.org/D40866
D40867 URL: https://reviews.freebsd.org/D40867
D40868 URL: https://reviews.freebsd.org/D40868
D40869 URL: https://reviews.freebsd.org/D40869
D40870 URL: https://reviews.freebsd.org/D40870

Contact: Kajetan Staszkiewicz <vegeta@tuxpowered.net>
Contact: Naman Sood <naman@freebsdfoundation.org>
Contact: Kristof Provost <kp@FreeBSD.org>

pf(4) is one of the firewalls included in FreeBSD, and is probably the most popular. pf was created by the OpenBSD project and subsequently ported to FreeBSD.

Backport OpenBSD Syntax

Kajetan introduced the OpenBSD syntax of "scrub" operations in "match" and "pass" rules. Existing rules remain supported, but now OpenBSD style "scrub" configuration is also supported.

pfsync Protocol Versioning

The pfsync(4) protocol version can now be configured, allowing for protocol changes while still supporting state synchronisation between disparate kernel versions. The primary benefit is to allow protocol changes enabling new functionality.

pfsync: Transport over IPv6

pfsync traffic can now be carried over IPv6 as well. Naman finished the work started by Luiz Amaral.

SCTP

There is work in progress to support SCTP in pf. That support includes filtering on port numbers, state tracking, pfsync failover and returning ABORT chunks for rejected connections.

Sponsor: InnoGames GmbH Sponsor: Orange Business Services Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Network Interface API (IfAPI)

Links:
Original project page URL: link:https://wiki.freebsd.org/projects/ifnet

Contact: Justin Hibbits <jhibbits@FreeBSD.org>

Started back in 2014, the IfAPI (formerly DrvAPI) goal is to hide the ifnet(9) structure from network drivers. Instead, all accesses to members will go through accessor functions. This allows the network stack to be changed without recompiling drivers, as well as potentially allowing a single driver to support multiple versions of FreeBSD.

As of now this goal has been achieved in the base system, but several ports need to be updated to use the IfAPI. There is a tool to automate most of the conversion, in tools/ifnet/convert_ifapi.sh. Documentation is also forthcoming, but could use help on that. ifnet(9) needs a lot of cleanup, as even some information in it currently is out of date.

Sponsor: Juniper Networks, Inc.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Making Netgraph Lock-Free

Links:
Wiki Page URL: https://wiki.freebsd.org/SummerOfCode2023Projects/ LocklessSynchronizationBetweenNodesInNetgraph
Repo URL: https://github.com/zinh88/epoch-netgraph

Contact: Zain Khan <zain@FreeBSD.org>

Netgraph helps us implement custom or complex networking functions by letting us arrange kernel objects called nodes in a graph connected using hooks. Nodes may perform a well-defined set of actions on incoming packets, and may send the output to another connected node. To 'send' a packet to a neighbour can also be seen as calling a function on that neighbouring node.

Now in a pre-SMP world, a thread (or the thread) would always see nodes as idle (not busy), so that their functions can immediately be called. Concurrency introduced the possibility of a busy node. Moreover, a journey of a packet also needs to take heed of changes in the structure of the graph, for example: the addressed node’s path may not remain intact due to no-longer-existing hooks or
nodes in between, which may lead to cases such as referring to an object that has been freed. To counter such disasters, the existing source code uses a topology read-write mutex which protects data flow from restructuring events (and restructuring events from other restructuring events).

We want to regain the same smooth flow for data which existed when concurrent cpus were not a thing. That is, data should simply never wait every time there is a restructuring event. At the same time we also obviously do not want to give the kernel reasons to panic.

FreeBSD has its own set of concurrency-safe data structures and mechanisms. One of these mechanisms is Epoch. Epoch-based reclamation involves waiting for existing read-side critical sections to finish before the data structures need to be modified or reclaimed.

Because the base system is being modified, this is also going to affect the design choices made before, such as queuing on messages, reference counting.

This project involves a lot of testing. For now, some topology protection locks have been removed, and only simple graphs have been tested (with FreeBSD running on a VM). The real tests should be run on hardware with at least 4 CPU cores, I will do that when I get my hands on one.

Sponsor: The Google Summer of Code '23 program

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Architectures

Updating platform-specific features and bringing in support for new hardware platforms.

SIMD enhancements for amd64

Links:
SIMD dispatch framework draft URL: https://reviews.freebsd.org/D40693
Project proposal URL: link:http://fuz.su/~fuz/freebsd/ 2023-04-05_libc-proposal.txt

Contact: Robert Clausecker <clausecker@FreeBSD.org>

SIMD instruction set extensions such as SSE, AVX, and NEON are ubiquitous on modern computers and offer performance advantages for many applications. The goal of this project is to provide SIMD-enhanced versions of common libc functions (mostly those described in string(3)), speeding up most C programs.

For each function optimised, up to four implementations will be provided:

• a scalar implementation optimised for amd64, but without any SIMD usage,

• a baseline implementation using SSE and SSE2 or alternatively an x86-64-v2
implementation using all SSE extensions up to SSE4.2,

• an x86-64-v3 implementation using AVX and AVX2, and

• an x86-64-v4 implementation using AVX-512F/BW/CD/DQ.

Users will be able to select which level of SIMD enhancements to use by setting the AMD64_ARCHLEVEL environment variable.

While the current project only concerns amd64, the work may be expanded to other architectures like arm64 in the future.

Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Integrate mfsBSD into the release building tools

Links:
Wiki Article URL: https://wiki.freebsd.org/SummerOfCode2023Projects/ IntegrateMfsBSDIntoTheReleaseBuildingTools
Project repository (integrate-mfsBSD-building branch) URL: https://github.com/ soobinrho/freebsd-src/tree/integrate-mfsBSD-building

Contact: Soobin Rho <soobinrho@FreeBSD.org>

What is mfsBSD?

"mfsBSD is a toolset to create small-sized but full-featured mfsroot based distributions of FreeBSD that store all files in memory (MFS) [Memory File System] and load from hard drive, usb storage device or optical media. It can be used for a variety of purposes, including diskless systems, recovery partitions and remotely overwriting other operating systems."

Martin Matuska is both the author of the mfsBSD white paper and the maintainer of the mfsBSD repository.

Purpose

This project creates an additional target of the weekly snapshots of -current and -stable versions of mfsBSD images in the src/release makefile. Currently, only the release versions of mfsBSD images are produced, which means they tend to get out of sync with the tools in base. This project aims to address that problem.

Location

This is a GSoC 2023 (Google Summer of Code) project. As such, the official coding period is between May 29, 2023 and August 28, 2023. As a humble beginner in the open-source community, the author welcomes all comments / suggestions / pull requests in the project repository, which will be the location for all code throughout this period.

Mentors: Juraj Lutter and Joseph Mingone

Sponsor: The Google Summer of Code '23 program

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Cloud

Updating cloud-specific features and bringing in support for new cloud platforms.

FreeBSD as a Tier 1 cloud-init Platform

Links:
cloud-init Website URL: https://cloud-init.io/
cloud-init Documentation URL: https://cloudinit.readthedocs.io/en/latest/ cloud-init ongoing refactorization URL: https://github.com/canonical/cloud-init /blob/main/WIP-ONGOING-REFACTORIZATION.rst

Contact: Mina Galić <freebsd@igalic.co>

cloud-init is the standard way of provisioning servers in the cloud. Unfortunately, cloud-init support for operating systems other than Linux has been rather poor, and the lack of cloud-init support on FreeBSD is a hindrance to cloud providers who want to offer FreeBSD as a Tier 1 platform. To remedy the situation, this project aims to bring FreeBSD cloud-init support on par with Linux support. The broader plan is to lift support across all BSDs.

This quarter has been going quite slowly, but I have managed to deliver a new milestone:

• Ephemeral Networking classes have been rewritten and made platform
independent. These are used by several cloud providers to initialize a
temporary network before retrieving the actual configuration.

• cloud-init has been successfully tested on Vultr. I hope that with the next
release I can convince Vultr to switch their FreeBSD images to cloud-init.

In addition to that, I have expanded rsyslog support for BSD. I’ve also added an rc script for cloud-init’s ds-identify, which should make zero-configuration
setups orders of magnitude faster: ds-identify runs first and very quickly guesses the cloud provider the machine is running on. cloud-init then uses only that guess, instead of iterating and failing through a full list of all possible cloud providers. People building custom images can easily disable this (by removing /usr/local/etc/rc.d/dsidentify), and providing a specific listing themselves, shave off a few more milliseconds from their boot.

The next steps will be to keep hacking away at the network refactoring tasks, and to add LXD support for FreeBSD, so it can be included in CI tests. The latter will include work on LXD, as well as work on the FreeBSD virtio subsystem.

As always, I highly welcome early testers to checkout net/cloud-init-devel, and report bugs. Since the last report, cloud-init’s bug tracker has moved from Launchpad to GitHub, so this might reduce some friction.

Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

OpenStack on FreeBSD

Links:
OpenStack URL: https://www.openstack.org/
OpenStack on FreeBSD URL: https://github.com/openstack-on-freebsd

Contact: Chih-Hsin Chang <starbops@hey.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

This project aims to port key OpenStack components such as keystone, nova, and neutron, so that FreeBSD can function as an OpenStack host.

We started porting nova-novncproxy and nova-serialproxy to increase the ways to access the instance console. To lower the threshold for people who want to give it a try on the project, we also migrated our development environment from a physical machine to a virtual one. There is still a problem running bhyve VMs on top of Linux KVM. A detailed writeup for the issue can be found here. Other achievements include:

• Sorting out network connectivity issues inside the instances

• Able to spawn multiple instances

• Porting from Python 3.8 to 3.9.

In the next quarter, we will continue working on the console proxy services to make the overall workflow more fluent.

The step-by-step documents for constructing a POC site can also be found in the docs repository. The patched version of each OpenStack component is under the same GitHub organization.

People interested in helping with the project can first help check the documentation by following the installation guide. Feedback and help are always welcome.

Sponsor: The FreeBSD Foundation

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD on Microsoft HyperV and Azure

Links:
Microsoft Azure article on FreeBSD wiki URL: https://wiki.freebsd.org/ MicrosoftAzure
Microsoft HyperV article on FreeBSD wiki URL: https://wiki.freebsd.org/HyperV

Contact: Microsoft FreeBSD Integration Services Team <bsdic@microsoft.com> Contact: freebsd-cloud Mailing List
Contact: The FreeBSD Azure Release Engineering Team <releng-azure@FreeBSD.org> Contact: Wei Hu <whu@FreeBSD.org>
Contact: Souradeep Chakrabarti <schakrabarti@microsoft.com>
Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>

In this quarter, we have worked mainly on ARM64 architecture support and building and publishing images to Azure community gallery. There are some testing images available in the project’s testing public gallery, named FreeBSDCGTest-d8a43fa5-745a-4910-9f71-0c9da2ac22bf: * FreeBSD-CURRENT-testing * FreeBSD-CURRENT-gen2-testing * FreeBSD-CURRENT-arm64-testing

To use them, when creating a virtual machine: . In Select an Image step, choose Community Images (PREVIEW) in Other items . Search FreeBSD

Work in progress tasks:

• Automating the image building and publishing process and merge to src/
release/.

• Building and publishing ZFS-based images to Azure Marketplace

□ All the required codes are merged to main branch, and can create
ZFS-based images by specifying VMFS=zfs.

□ Need to make the build process more automatic and collaborating with
release engineering to start generating snapshots.

• Building and publishing Hyper-V gen2 VM images to Azure Marketplace

• Building and publishing snapshot builds to Azure community gallery

The above tasks are sponsored by The FreeBSD Foundation, with resources provided by Microsoft.

Wei Hu and Souradeep Chakrabarti in Microsoft are working on several tasks sponsored by Microsoft:

• Porting Hyper-V guest support to aarch64

□ https://bugs.freebsd.org/267654

□ https://bugs.freebsd.org/272461

Open tasks:

• Update FreeBSD related doc at Microsoft Learn

• Support FreeBSD in Azure Pipelines

• Update Azure agent port to the latest version

• Upstream local modifications of Azure agent

Sponsor: Microsoft for people in Microsoft, and for resources for the rest Sponsor: The FreeBSD Foundation for everything else

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

FreeBSD on EC2

Links:
FreeBSD/EC2 Patreon URL: https://www.patreon.com/cperciva

Contact: Colin Percival <cperciva@FreeBSD.org>

FreeBSD is available on both x86 (Intel and AMD) and ARM64 (Graviton) EC2 instances. Work continues to ensure that upcoming instance types will be supported, including the recently announced M7a "EPYC" instances, which should be supported in FreeBSD 14.0-RELEASE.

Weekly FreeBSD snapshots were recently changed from "UEFI" boot mode to "UEFI Preferred" boot mode, allowing them to gain the boot performance improvement offered by UEFI while still supporting "bare metal" and "previous generation" instance types which are not compatible with UEFI. This change will be present in FreeBSD 14.0-RELEASE.

The EC2 boot scripts were recently updated to support IMDSv2. This change will be present in FreeBSD 14.0-RELEASE.

If users of FreeBSD 13.2 require any of these updates, the author can provide FreeBSD "13.2-RELEASE plus updates" AMIs.

This work is supported by Colin’s FreeBSD/EC2 Patreon.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Documentation

Noteworthy changes in the documentation tree, manual pages, or new external books/documents.

Documentation Engineering Team

Link: FreeBSD Documentation Project URL: https://www.freebsd.org/docproj
Link: FreeBSD Documentation Project Primer for New Contributors URL: https:// docs.freebsd.org/en/books/fdp-primer/
Link: Documentation Engineering Team URL: https://www.freebsd.org/ administration/#t-doceng

Contact: FreeBSD Doceng Team <doceng@FreeBSD.org>

The doceng@ team is a body to handle some of the meta-project issues associated with the FreeBSD Documentation Project; for more information, see the FreeBSD Doceng Team Charter.

During this quarter:

• fernape@ has been appointed as a new Doceng team member.

• The www/gohugo port maintainership has been transferred to doceng@ since it
is a critical part of our documentation infrastructure. This was agreed
with the former maintainer.

• Improvements to the translation workflow (described in the following
sections).

Porter’s Handbook

USES=nextcloud has been documented.

FDP Primer

A new chapter focusing on Weblate has been added to the FreeBSD Documentation Project Primer for New Contributors. This comprehensive chapter provides step-by-step guidance on joining the FreeBSD translators team, both for translating online on Weblate and offline. It offers valuable insights and practical suggestions for efficient translation, proofreading, and testing processes. Furthermore, this chapter equips contributors with the necessary knowledge to formally submit their translations to the documentation repository, ensuring a seamless integration of their work.

FreeBSD Translations on Weblate

Link: Translate FreeBSD on Weblate URL: https://wiki.freebsd.org/Doc/ Translation/Weblate
Link: FreeBSD Weblate Instance URL: https://translate-dev.freebsd.org/

Q2 2023 Status

• 15 languages

• 183 registered users

• New Weblate server

The FreeBSD Weblate instance now operates on a dedicated server, significantly improving its speed and enhancing the efficiency of translation work. Our heartfelt appreciation goes to ebrandi@ for providing this hardware upgrade.

Languages

• Chinese (Simplified) (zh-cn) (progress: 7%)

• Chinese (Traditional) (zh-tw) (progress: 3%)

• Dutch (nl) (progress: 1%)

• French (fr) (progress: 1%)

• German (de) (progress: 1%)

• Indonesian (id) (progress: 1%)

• Italian (it) (progress: 5%)

• Korean (ko) (progress: 32%)

• Norwegian (nb-no) (progress: 1%)

• Persian (fa-ir) (progress: 3%)

• Polish (progress: 1%)

• Portuguese (pt-br) (progress: 22%)

• Sinhala (si) (progress: 1%)

• Spanish (es) (progress: 33%)

• Turkish (tr) (progress: 2%)

We want to thank everyone that contributed, translating or reviewing documents.

And please, help promote this effort on your local user group, we always need more volunteers.

FreeBSD Handbook working group

Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>

The Network chapter is being reworked.

FreeBSD Website Revamp - WebApps working group

Contact: Sergio Carlavilla <carlavilla@FreeBSD.org>

Working group in charge of creating the new FreeBSD Documentation Portal and redesigning the FreeBSD main website and its components. FreeBSD developers can follow and join the working group on the FreeBSD Slack channel #wg-www21. The work is divided into four phases:

1. Redesign of the Documentation Portal

Create a new design, responsive and with global search. (Complete)

2. Redesign of the Manual Pages on web

Scripts to generate the HTML pages using mandoc. (Complete) Public instance
on https://man-dev.FreeBSD.org

3. Redesign of the Ports page on web

Ports scripts to create an applications portal. (Work in progress)

4. Redesign of the FreeBSD main website

New design, responsive and dark theme. (Work in progress)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Ports

Changes affecting the Ports Collection, whether sweeping changes that touch most of the tree, or individual ports themselves.

KDE on FreeBSD

Links:
KDE/FreeBSD initiative URL: https://freebsd.kde.org/
FreeBSD — KDE Community Wiki URL: https://community.kde.org/FreeBSD

Contact: Adriaan de Groot <kde@FreeBSD.org>

The KDE on FreeBSD project packages CMake, Qt, and software from the KDE Community, for the FreeBSD ports tree. The software includes a full desktop environment called KDE Plasma (for both X11 and Wayland) and hundreds of applications that can be used on any FreeBSD machine.

The KDE team (kde@) is part of desktop@ and x11@, building the software stack to make FreeBSD beautiful and usable as a daily-driver graphical desktop workstation. The notes below describe mostly ports for KDE, but also include items that are important for the entire desktop stack.

Infrastructure

Qt5 ports had various updates:

• devel/qt5-webengine was repaired when building with Clang 16. This is in
preparation for the upcoming release of FreeBSD 14.

• devel/qt5-qmake was repaired to deal with an edge case where installing
qmake on an otherwise Qt-less system would cause weird errors.

Qt6 ports had various updates:

• devel/qt6-tools was repaired when building with Clang 16. This is
preparation for the upcoming release of FreeBSD 14.

The accessibility/at-spi2-core port — essential for accessible technologies on
the desktop — was updated to release 2.48.0.

The accessibility/at-spi2-core port now has better support for non-X11 desktops. This is an improvement for Wayland-based systems. Thanks to Jan Beich for landing that.

The graphics/poppler port — a base for many PDF viewers — was updated to 23.05.

The ports-mgmt/packagekit-qt port is a new addition to the tree to pave the way for graphical package managers on FreeBSD.

KDE Stack

KDE Gear releases happen every quarter, KDE Plasma updates once a month, and KDE Frameworks have a new release every month as well. These (large) updates land shortly after their upstream release and are not listed separately.

• KDE Frameworks updated to 5.105, .106 and .107.

• KDE Gear updated to 23.04.0, then .1 and .2 with bugfixes.

• KDE Plasma Desktop was updated to version 5.27.4, then .5 and .6 with
bugfixes.

Related Ports

Deprecations:

• graphics/ikona, an icon-viewer written in Rust with Qt bindings, has been
abandoned upstream.

• polish/kadu, a chat application once popular in Poland, is deprecated and
upstream has disappeared.

• sysutils/plasma5-ksysguard, a system monitoring application, is deprecated
upstream and will no longer update.

Updates:

• astro/kstars, an interactive planetarium, was updated to release 3.6.4.

• devel/qcoro, a C++ coroutines implementation, was updated to 0.9.0.

• devel/qtcreator, an integrated development environment for Qt, C++, and
more, was updated to release 10.0.2.

• games/gcompris-qt, an education suite for children aged 3-12, was updated
to release 3.2.

• graphics/kphotoalbum, a photo album and display utility, was updated to
release 5.10.0.

• net-im/tokodon, a Mastodon social network client, joins KDE Gear.

• textproc/kdiff3, a text-differencing utility, was updated to release
1.10.1.

New Software:

• devel/kommit, a Git client, was added. It is a rename of previous package
gitklient.

• multimedia/kasts is a new podcast-listening and enjoyment application from
the KDE community.

• textproc/arianna is a mobile-oriented e-book reader from the KDE community
that makes reading FreeBSD documentation a joy.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

GCC on FreeBSD

Links:
GCC Project URL: https://gcc.gnu.org/
GCC 10 release series URL: https://gcc.gnu.org/gcc-10/
GCC 11 release series URL: https://gcc.gnu.org/gcc-11/
GCC 12 release series URL: https://gcc.gnu.org/gcc-12/
GCC 13 release series URL: https://gcc.gnu.org/gcc-13/

Contact: Lorenzo Salvadore <salvadore@FreeBSD.org>

Upstream has released GCC 13. As announced in the past status report, I plan to attempt an update of GCC_DEFAULT right from the first GCC 13 release, thus much of this quarter’s work has been in preparation of this.

With the release of GCC 13.1 (first GCC 13 release: I remind that GCC counts minor version releases starting from 1), two new ports have been created in the ports tree:

• lang/gcc13, tracking GCC 13 releases;

• lang/gcc14-devel, tracking snapshots from the new GCC 14 upstream branch.

The *-devel ports

Support for .init_array and .fini_array has been enabled. FreeBSD supports both since commit 83aa9cc00c2d.

The default bootstrap option on i386, amd64, and aarch64 has been reverted from LTO_BOOTSTRAP to STANDARD_BOOTSTRAP:

• LTO bootstrap produces too many failures on the package builders for those
architectures

• LTO_BOOTSTRAP remains available for users who want it.

Those changes will be forwarded to the production ports.

The production ports

Upstream has released GCC 13, for which the new port lang/gcc13 has been created. GCC 11 and GCC 12 have been updated upstream and a new release of GCC 10 is planned. All corresponding ports now need to be updated.

To ease the work of both ports maintainers and users, I plan to test and update together all the following changes:

• updates of lang/gcc10, lang/gcc11, lang/gcc12;

• update of GCC_DEFAULT to 13;

• enabling of .init_array and .fini_array on the production ports;

• switching back from LTO_BOOTSTRAP to STANDARD_BOOTSTRAP on the production
ports.

This will provide the following advantages:

• more testing with less exp-runs;

• fewer builds for ports users.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Puppet

Links:
Puppet URL: https://puppet.com/docs/puppet/latest/puppet_index.html

Contact: Puppet Team <puppet@FreeBSD.org>

Puppet is a Free Software configuration management tool, composed of a source of trust (Puppet Server) that describes the expected configuration of machines with a domain-specific language, and an agent (Puppet Agent) on each node which enforces that the actual configuration matches the expected one. An optional database (PuppetDB) can be setup for reporting and describing advanced schemas where the configuration of a machine depends on the configuration of another one.

The Puppet team is maintaining ports for Puppet and related tools.

Puppet 8 has been recently released and has been added to the ports tree.

Puppet 6 has reached End of Life and has been deprecated. It is now expired. Users of Puppet 6 are therefore advised to update to Puppet 7 or Puppet 8.

For now, Puppet 7 remains the default Puppet version for ports depending on Puppet. The Puppet Community is hard at work making sure the various Puppet modules work with the latest code and at the time of writing this report, updating to Puppet 8 may be challenging. The situation is getting better every day, and we expect to switch to Puppet 8 as the default version of Puppet in a few months, when the wave of module updates is finished.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

MITRE Caldera on FreeBSD

Links:
MITRE Caldera URL: https://caldera.mitre.org/
Red Canary URL: https://www.redcanary.com/

Contact: José Alonso Cárdenas Márquez <acm@FreeBSD.org>

MITRE Caldera is a cybersecurity platform designed to easily automate adversary emulation, assist manual red teams, and automate incident response.

It is built on the MITRE ATT&CK® framework and is an active research project at
MITRE.

MITRE Caldera (security/caldera) was added to the ports tree in April 2023. This port includes support for the Atomic Red Team Project used by the MITRE Caldera atomic plugin.

The main goal of this work is enhancing visibility of FreeBSD as a useful platform for information security or cybersecurity.

Additionally, you can test a MITRE Caldera infrastructure easily using https:// github.com/alonsobsd/caldera-makejail or https://github.com/AppJail-makejails/ caldera from AppJail. AppJail is a good tool for managing jail containers from the command line.

People interested in helping with the project are welcome.

Current version: 4.2.0

To Do

• Add Caldera testing infrastructure makejail.

• Add FreeBSD to platforms officially supported by MITRE Caldera, see https:/
/github.com/mitre/caldera/pull/2752.

• Add FreeBSD to platforms officially supported by Red Canary, see https://
github.com/redcanaryco/atomic-red-team/pull/2450.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Wazuh on FreeBSD

Links:
Wazuh URL: https://www.wazuh.com/

Contact: José Alonso Cárdenas Márquez <acm@FreeBSD.org>

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.

The Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Wazuh features include full integration with Elastic Stack and OpenSearch, providing a search engine and data visualization tool through which users can navigate security alerts.

Wazuh porting to FreeBSD was started by Michael Muenz. His first Wazuh addition to the ports tree was security/wazuh-agent in September 2021. In July 2022, I took maintainership of this port and started porting other Wazuh components.

Currently, all Wazuh components are ported or adapted: security/wazuh-manager, security/wazuh-agent, security/wazuh-server, security/wazuh-indexer, and security/wazuh-dashboard.


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)