NetBSD 8.0 available, FreeBSD on Scaleway’s ARM64 VPS, encrypted backups with OpenBSD, Dragonfly server storage upgrade, zpool checkpoints, g2k18 hackathon reports, and more.

##Headlines
NetBSD v8.0 Released

The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system.


This release brings stability improvements, hundreds of bug fixes, and many new features.



Some highlights of the NetBSD 8.0 release are:


USB stack rework, USB3 support added.


In-kernel audio mixer (audio_system(9)).


Reproducible builds (MKREPRO, see mk.conf(5)).


Full userland debug information (MKDEBUG, see mk.conf(5)) available. While most install media do not come with them (for size reasons), the debug and xdebug sets can be downloaded and extracted as needed later. They provide full symbol information for all base system and X binaries and libraries and allow better error reporting and (userland) crash analysis.


PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.


PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.


Position independent executables by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64.


A new socket layer can(4) has been added for communication of devices on a CAN bus.


A special pseudo interface ipsecif(4) for route-based VPNs has been added.


Parts of the network stack have been made MP-safe. The kernel option NET_MPSAFE is required to enable this.


Hardening of the network stack in general.


Various WAPBL (the NetBSD file system “log” option) stability and performance improvements.


Specific to i386 and amd64 CPUs:


Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.


SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.


SpectreV4 mitigations available for Intel and AMD.


PopSS workaround: user access to debug registers is turned off by default.


Lazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).


SMAP support.


Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.


(U)EFI bootloader.


Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the number of boards has vastly increased.


Lots of updates to 3rd party software included:


GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer


GDB 7.12


GNU binutils 2.27


Clang/LLVM 3.8.1


OpenSSH 7.6


OpenSSL 1.0.2k


mdocml 1.14.1


acpica 20170303


ntp 4.2.8p11-o


dhcpcd 7.0.6


Lua 5.3.4



###Running FreeBSD on the ARM64 VPS from Scaleway

I’ve been thinking about this 6 since 2017, but only yesterday signed up for an account and played around with the ARM64 offering.
Turns out it’s pretty great! KVM boots into UEFI, there’s a local VirtIO disk attached, no NBD junk required. So we can definitely run FreeBSD.
I managed to “depenguinate” a running instance, the notes are below. Would be great if Scaleway offered an official image instead :wink:
For some reason, unlike on x86 4, mounting additional volumes is not allowed 4 on ARM64 instances. So we’ll have to move the running Linux to a ramdisk using pivotroot and then we can do whatever to our one and only disk.
Spin up an instance with Ubuntu Zesty and ssh in.


Prepare the system and change the root to a tmpfs:

apt install gdisk
mount -t tmpfs tmpfs /tmp
cp -r /bin /sbin /etc /dev /root /home /lib /run /usr /var /tmp
mkdir /tmp/proc /tmp/sys /tmp/oldroot
mount /dev/vda /tmp/oldroot
mount --make-rprivate /
pivotroot /tmp /tmp/oldroot
for i in dev proc sys run; do mount --move /oldroot/$i /$i; done
systemctl daemon-reload
systemctl restart sshd


Now reconnec