Contributed by pitrh on from the cache the pledges dept.
Unusually I had basically nothing to do with organizing this year, I let krw@ do all the dirty work, which was good since life has been a bit crazy over the last couple months with things keeping me from openbsd.
I did a few things in toronto.. A little but of buffer cache tweaking and optimization. but most of the first half I spent sitting with jsing@, bcook@ and doug@ finishing up something that Joel started in Edmonton a couple months ago - rewriting all our TLS extension handling in libressl. I foolishly chose to tackle the OCSP extension which in some respects is a bit stranger than the others but I managed to get that done while reviewing bunches of other diffs for rewrites of other extensions. This is one of the important things for us to clean up to be able to handle future TLS versions cleanly.
The latter half of the hackathon I spent writing something for pledge after some design chats with deraadt@ - Basically the past few hackathons I have taken a stab at helping deraadt@ make pledge paths usable - and while past efforts have been successful (in that they work) they haven't been in that the path checking costs are borne by other processes from the one that was using pledge paths. We're trying another approach now, to separate out the pledge path as a distinct system call and effectively "front load" the path costs, keeping vnode references around for the check in pledged proceses.. I'm starting to test that on the airplane but that will be a bit more before it's anything like working.
A good time and many fruitful discussions were had.
Thanks very much to the University of Toronto for hosting and krw@ for organizing!
Thanks for the report and the work, Bob!
We will no doubt be seeing more reports from this apparently quite productive hackathon over the next few days. Stay tuned!
(Comments are closed)