alanc @ sun.com

X Changes in Solaris 10

So now that Solaris 10 is out, I went back over the list of the changes we put in the X Window System components. If I got the grep options right, there were 689 entries in our equivalent of a ChangeLog. Of course, these range from a 2 minute man page typo fix to things like "merge STSF development tree into S10 branch" which represent multiple engineering years of work and of course the integration of the Xorg server for Solaris x86, which while it distills down to a single change log entry, represents centuries of time devoted by the hundreds of people who have contributed to the MIT X Consortium, XFree86 Project, and X.Org Foundation. I've blogged about a number of changes already, and have a few more that I'll cover soon, but I figured for now, I'd just hit the highlights of what we've done over the last three years to the X software in Solaris, though you've seen some of this already appear in the Solaris 9 update releases after being tested for a while in the Solaris 10 development branch.

The big one is of course the integration of the Xorg 6.8.0 server for Solaris x86. Solaris versions before now shipped with the Xsun server (and long long ago, with Xnews, a hybrid X11/NeWS server). Xsun and Xorg both sprung from the same base code from the X Consortium long ago, but evolved in different ways. We had been working on porting new extensions and x86 device drivers from XFree86 to Xsun for several years, but it was becoming increasingly difficult to do so. With the formation of the X.Org Foundation and revitalization of the main stream of X development, along with the rebirth of Solaris on x86 platforms and Sun's AMD64 workstations, we decided it was better to move to just shipping the Xorg release directly and porting the most useful features from Xsun to Xorg. The transition process will take a while, but Solaris 10 starts us down the road - Xorg is provided for Solaris on x86 in 32-bit, we're looking to provide SPARC & AMD64 64-bit versions in the future, though I can't promise just when yet. When you install Solaris 10 on x86, it will ask you which X server you want to run, Xorg or Xsun. You can read more about Xorg on Solaris in my previous blog entries on the subject from Sept. 17 and Sept. 24.

Xsun wasn't ignored though, and got a fair amount of enhancements as well. For instance, even farther back in my previous blog entries, you can find this series of posts on wheel mouse support in Xsun. This was actually part of a set of input device enhancements which also included raising the maximum number of mouse buttons supported from the previous limit of 3, and honoring the setttings of Num Lock and Caps Lock at server startup instead of always clearing them. We also added the -defdepth and -defclass flags to Xsun to make it easier to control the default depth and visual class, and used these flags to make the 24-bit become the default color depth for Xsun, which may just be the Solaris 10 Xsun change that resulted in the most people e-mailing us to thank us for.

Accessibility was a big focus for our group in Solaris 10, working closely with Sun's Accessibility Program and GNOME teams. We developed the X Event Interception Extension (XEvIE) which was then contributed to X.Org and included in the Xorg 6.8.0 release. We also brought in the Damage and XFixes extensions needed for this work, as well as making improvements to the X Keyboard (XKB) support in Xsun. The GNOME screen magnifier was designed to use two screens for full screen magnification, so we converted the Xvfb virtual frame buffer into a loadable module for Xsun so you can have physical and virtual screens in the same X server. (Xorg's "dummy" driver already fills this need for it.)

The IPv6 work begun in Solaris 9 continued, updating to from the drafts we had proposed to the standards version adopted by X.Org for X11R6.7. Fortunately, we didn't have to change anything we'd already done, just add to it extensions such as the ServerInterpreted access control methods, and the IPv6 support in the XDMCP protocol for remote session setup.

Security improvements were another area of attention, though mostly in smaller ways. For instance, the combination of Solaris 10's new getpeerucred() call and the ServerInterpreted authentication mechanism we added to X11R6.7 allowed creating a simple new authentication type for local connections. You can allow a local user access to a X display based on their user or group ids using the xhost command, for instance "xhost +si:localuser:alanc." This was donated back to X.Org and included in the 6.8.0 release for other platforms with similar support. You can find more details in the Xsecurity(5) man page.

Other security-related changes included updates to the Solaris xdm & xlock programs to use Pluggable Authentication Modules (PAM), a system Sun developed years ago and other OS'es have adopted to allow easier customization of user authentication, from basic passwords to interacting with special devices like smartcards. When creating X authentication keys, xdm and mkcookie now use the kernel random devices to make it harder to predict the key values. While we'd like to think all this and our prior work makes X in Solaris pretty secure, we know we're not perfect, so for a little added protection in case someone finds something we've missed, you may see that 'elfdump -p' on the X binaries reports a few less sections of the program address space are executable than in previous releases, on both SPARC, where this protection has been present for a while, and on x86, where's it new in Solaris 10 due to the newly supported NX feature of AMD64 CPU's.

Of course, since Solaris 10 added support for 64-bit mode on the AMD64 cpu's, we added 64-bit x86 (or I should say "x64" now) versions of the main X libraries used by client applications. Some of the libraries for extensions being phased out or not widely used did not get ported, but there's enough there for the vast majority of X applications to be built in 64-bit mode.

We also made moves to support the new Solaris 10 Service Management Facility (SMF) and Role-Based Access Control (RBAC). I've explained the Desktop Configuration Rights Profile for RBAC already, and will write someday soon about the SMF configuration of the X server. The X Font Server (xfs) and STSF Font Server loader (stfsloader) inetd services were also both converted to SMF, as was the FontConfig cache builder (fc-cache) startup script.

We integrated a whole pile of open source software, most in support of GNOME and the Java Desktop System. This included FreeType 2.1.9, FontConfig 2.2.3, Xft2, the Bitstream Vera Fonts, the X Render Extension, and the X-Resource Extension. The versions of xclock, xdm, and xman in Solaris were updated to the latest versions from X.Org or XFree86 (depending on when we did the updates) as well. Working with the x86 driver team, who integrated the drivers from the XFree86 porting kit for Xsun, we included changes they wrote that allow Xsun to probe the hardware on x86 to detect which of those drivers to use automatically, much as XFree86 and Xorg do.

Not all the Solaris 10 changes were additions though - we did remove some things whose time had passed. The frame buffer modules for the sun4m and older machines, including bw2, cg3 and cg8 were laid to rest when sun4m support was removed from Solaris after more than a decade of valiant service. The static versions of the X libraries also passed beyond the veil as Solaris moved to only providing shared libraries with the operating system.

All in all, a lot of work (and I didn't even cover hundreds of the less interesting changes) that I'm proud to be a member of the team of engineers responsible for.

(Whew, only took 10 days to find enough spare moments to type that all in - now to go start packing for my trip to the X.Org developer's meeting in Boston to start talking about what we'll be working on next with the open source community.)

[Technorati Tag: Solaris] [Technorati Tag: Xorg]

Posted at 07:59PM Feb 09, 2005 by Alan Coopersmith in Solaris  |  Comments[4]