NetBSD 10.0 operating system officially launched

A year and a half after the formation of the last update published operating system release NetBSD 10. For loading prepared 630 MB installation images available in builds for 57 system architectures and 16 different CPU families. The new branch includes a number of significant improvements, such as support for access control lists in the FFS file system, significant performance optimizations, disk encryption using the Adiantum algorithm, and implementation of the WireGuard VPN driver in the kernel.

The project supports 8 primary ports that form the core of NetBSD's development strategy: amd64, i386, evbarm, evbmips, evbppc, hpcarm, sparc64 and xen, as well as 49 secondary ports associated with CPUs such as alpha, hppa, m68010, m68k, sh3, sparc and vax. Secondary ports are still supported, but have lost their relevance or do not have a sufficient number of developers interested in their development. One port (acorn26) is included in the third category, which contains inoperative ports that are eligible for removal if there are no enthusiasts interested in their development.

Basic improvements in NetBSD 10:

  • The FFS file system has added support for access control lists (POSIX.1e ACLs), implemented using extended file attributes and ported from FreeBSD. To use ACL, a new file system type FFSv2ea has been proposed (not used by default), to which existing file systems can be converted using the fsck_ffs utility.
  • Added wg network interface with VPN implementation compatible with WireGuard.
  • Performance optimization has been carried out. The efficiency of the file path cache in the kernel has been improved. The performance of the task scheduler has been increased, which is adapted to work on big.LITTLE Arm systems that combine fast and slow CPU cores. Improved performance of select and poll system calls. The performance of the tmpfs file system has been improved. The loading process has been accelerated. Added optimizations specific to x86 and AArch64 architectures. Improved I/O and network throughput on AArch64 systems.
  • Optimizations have been made to the virtual memory system: a faster radix tree algorithm is used to find memory pages, the speed of tracking clean and dirty memory pages has been increased, fsync has been significantly accelerated for large files, work with locks has been improved, and the efficiency of parallel execution of operations has been increased.
  • Added support for disk encryption using the Adiantum algorithm, which allows achieving high efficiency on systems without hardware acceleration of AES encryption. The cgdconfig utility has added support for shared keys, which can be used to encrypt multiple drives. The default password hashing algorithm has been changed to Argon2id. Automatic encryption of swap partitions is enabled (vm.swap_encrypt=1). Added support for hardware encryption acceleration mechanisms provided by x86 and Arm processors, such as AES and ChaCha acceleration instructions. The kernel-provided software implementation of AES provides consistent execution times across all architectures.
  • Added support for security-related extensions provided in Armv8-A processors: PAN (Privileged Access Never), PA (Pointer Authentication), BTI (Branch Target Identification).
  • To identify security problems in the kernel, the Kernel Concurrency Sanitizer and Kernel Memory Sanitizer mechanisms are used.
  • The network stack supports RFC 7048which improves the operation of the IPv6 Neighbor Discovery mechanism and makes it independent of addresses.
  • Added a new network interface lagg for aggregating network links and ensuring fault tolerance (lagg replaced the agr interface).
  • Added the vether driver with the implementation of virtual Ethernet interfaces, which can be used in network bridges and instead of tap interfaces.
  • Added sysctl net.key.allow_different_idtype to the ipsec implementation to improve compatibility with other VPNs.
  • Improved format support UDF (Universal Disk Format, FS for optical disks), which is now compatible at the error level with the implementation from Windows 10. The newfs_udf utility now has the ability to generate in UDF 2.50 format with a separate section for metadata. Added fsck_udf utility for checking and restoring faulty FS in UDF format.
  • ZFS support has been added to the fstat utility.
  • Support for the FUSE (Filesystem in Userspace) mechanism has been expanded; the refuse driver provides full support for the FUSE API options used in FUSE versions from 1.1 to 3.10.
  • Support for swapped-endian configurations has been added to software RAID implementations. The “-t” option has been added to the raidctl utility to check the correctness of configuration files.
  • Added a new utility, blkdiscard, to manually perform TRIM operations on disks to report unused blocks.
  • The ability to display current statistics when a SIGINFO signal is received (Ctrl+T) has been added to the scan_ffs utility.
  • New programs included:
    • aiomixer – sound mixer
    • realpath – Outputs the absolute path of a file based on a relative path.
    • tradcpp is a K&R C style macro processor.
    • ioctlprint – display ioctl values.
    • testpat – displays a test pattern for assessing screen color rendering.
    • warp is a classic BSD game.
  • Included and used in ctwm are Spleen bitmap fonts, supplied under a BSD license and available for both low-resolution and high-pixel-density screens. Also included are Terminus console fonts.
  • Support for eventfd, timerfd, POSIX timers, preadv and pwritev mechanisms has been added to the Linux compatibility layer (compat_linux).
  • Improved virtualization support. Added support for Xen PVH, provided the ability to use Xen PV drivers in HVM-based guest systems, improved implementation of paravirtualized network interfaces. The host kernels (Dom0) for Xen include support for multiprocessor systems. Xen kernels provide the ability to use modules that are common to the regular kernel. Network (xennet) and block (xbd) devices are adapted for multiprocessor systems (received MPSAFE status). Support for the HyperV hypervisor has been significantly improved and the capabilities of the nvmm hypervisor (NetBSD Virtual Machine Monitor) have been expanded. Added the ability to enter sleep mode when running virtual machines in nvmm.
  • VirtIO drivers have been improved to support the VirtIO 1.0 specification. Added vio9p driver for mounting in VirtIO 9P FS guest systems exported by the host environment. Added viocon driver for virtual serial port.
  • Implemented eventfd and timerfd system calls, compatible with Linux and used in compat_linux. Added fexecve system call to execute a file on a file descriptor.
  • Obsolete components have been removed, for example, support for HIPPI, FDDI and TokenRing technologies has been discontinued, the nsmb and mount_smbfs drivers for SMBFS have been removed from the kernel (they do not support new versions of the SMB protocol), support for IPv6 Router Advertising has been moved into user space from the kernel, the libraries libXTrap, libXevie and libglut, drivers for many legacy devices have been removed.
  • Hardware support has been significantly expanded. Provides support for new Intel and AMD processors. Added support for new ARM boards (Raspberry Pi 4, Orange Pi 5, Lichee Pi Zero, ODROID-N2+, M1 Mac Mini, HummingBoard Pulse, UDOO Neo Full, PINE64 Quartz64, Asus Tinker, etc.). Expanded support for MIPS architecture.
  • Added 17 new device drivers, for example, drivers for Wacom tablets, Realtek 8125 2.5 Gigabit Ethernet, Motorcomm YT8511C / YT8511H Gigabit Ethernet, Intel Ethernet 700, Broadcom GENETv5 Ethernet, Intel QuickAssist crypto accelerators and Intel XMM7360 LTE modems.
  • Updated graphics drivers for Intel, NVIDIA and AMD GPUs for x86 systems. The DRM/KMS subsystem is synchronized with the Linux 5.6 kernel.
  • Updated versions of third-party components, including window manager ctwm 4.0.3, gcc 10.5, lua 5.4.6, OpenSSL 3.0.12, postfix 3.8.4, tmux 3.2a, OpenSSH 9.6, X.org Server 21.1.7, BIND 9.18.24 , Heimdal kerberos 7.8.0, unbound 1.19.1, wpa_supplican 2.9, OpenLDAP 2.5.6, binutils 2.34, libfido2 1.13.0, pam-u2f 1.2.0, zlib 1.2.13.

Thanks for reading: