From nobody Tue Aug 6 04:41:19 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WdLHR2TYfz5SfSK for ; Tue, 06 Aug 2024 04:41:39 +0000 (UTC) (envelope-from david@crossfamilyweb.com) Received: from mail.dcrosstech.com (syn-024-097-005-251.biz.spectrum.com [24.97.5.251]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.dcrosstech.com", Issuer "DCrossTech.com LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WdLHQ3tSrz4pvv for ; Tue, 6 Aug 2024 04:41:38 +0000 (UTC) (envelope-from david@crossfamilyweb.com) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of david@crossfamilyweb.com designates 24.97.5.251 as permitted sender) smtp.mailfrom=david@crossfamilyweb.com X-Virus-Scanned: amavisd-new at dcrosstech.com Received: from [10.1.7.155] (d155.p9.wifi.dcrosstech.com [10.1.7.155]) (authenticated bits=0) by mail.dcrosstech.com (8.15.2/8.15.2) with ESMTPSA id 4764fJeR080850 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Tue, 6 Aug 2024 04:41:19 GMT (envelope-from david@crossfamilyweb.com) X-Authentication-Warning: mail.priv.dcrosstech.com: Host d155.p9.wifi.dcrosstech.com [10.1.7.155] claimed to be [10.1.7.155] Message-ID: <8b139b6d-b2ce-76fc-c948-6dd535b19701@crossfamilyweb.com> Date: Tue, 6 Aug 2024 00:41:19 -0400 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US To: freebsd-hackers@freebsd.org From: "David E. Cross" Subject: Multiple Phabricator Reviews open for months/years Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.19 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.986]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:11351, ipnet:24.97.0.0/16, country:US]; RCVD_COUNT_ONE(0.00)[1]; FREEFALL_USER(0.00)[david]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; HAS_XAW(0.00)[]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[crossfamilyweb.com]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4WdLHQ3tSrz4pvv Periodic nudge to move the following along: (3 of them).  All 3 of them have been through at least one round of PR, some multiple.. and then they have just sat. https://reviews.freebsd.org/D38047 (opened Jan 2023) What is it?  It is a fix to nscd to handle getgroupmembership() via nscd;  This is more than an optimization, it fixes (at least) two bugs. (it is also a fantastic optimization).  The problem is that if a nsswitch provider DOES provide an implementation of 'getgroupmembership()' (for example nss_ldap, because there is no cache implementation of this it will completely and forever bypass the nscd implementation.  Specifically in the case of NSS_LDAP (and perhaps others), you can give extra permissions to the nscd process (via a kerberos keytab as an example) to do lookups without user keys.  In the case of nss_ldap, if forced to run as the user, and the user doesn't have network credentials, the requests all fail. The second bug is that the symbol check in the code that nscd uses to signal libc to NOT use caching doesn't work.  The symbol is not correctly exported. https://reviews.freebsd.org/D41509 (Opened August 2023) This adds encrypted passwords to lua loader for the boot loader so plaintext passwords aren't sitting on the filesystem in loader.conf (which is default world readable).  It uses mostly the same crypt syntax as passwd(5).  The big differences are that it doesn't support ALL of the the password hash types in libcrypt(3); because that is a lot of work for me, and it uses a slightly different prefix mechanism to signal to the password check routines that it is crypted/salted/hashed. Finally: https://reviews.freebsd.org/D45056 (opened May 2024) This adds O_DIRECT support to ggatel/ggatec/ggated so that exported files and devices may be optionally shared with the O_DIRECT flag.  This primary usecase of this is not wanting your buffer cache destroyed on sharing out image files to other machines on your network. I have been using (and continue to use) all of these in my production environments; I'd really like to get them merged, they should all be generally useful to everyone. Be great to get these into 15.0, and then MFCed for 14.2 and heck .even 13!