> On 1 Jan 2021, at 20:29, Colin Percival <[email protected]> wrote: > > On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: >> >>>> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so >>>> freebsd-update >>>> doesn't work and packages aren't always as up-to-date as on x86. But I >>>> think >>>> those are being worked on... >> >> Colin, would I be able to build an updated RELEASE in the AMI maker before I >> call mkami? In the days of 11.1 I had to recompile the kernel to use your >> patch (many thanks!) and so I did something like this: >> >> $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co >> https://svn.freebsd.org/base/releng/11.1/ /usr/src/ >> $ make DESTDIR=/mnt kernel -j16 >> >> I am not sure what magic is being done by the AMI maker itself to /mnt. I >> wonder if I could use this approach to build the kernel using the latest >> patched release of ARM, at least until it moves to Tier 1. Would I need to >> build the userland, too? Or are the security patches installed by >> freebsd-update only affecting the kernel? > > You can make any changes you like. Once you've SSHed into the AMI Builder, > you're running FreeBSD, you have FreeBSD installed onto the disk, and the > disk is mounted at /mnt, but those are all independent issues. > > If you wanted you could launch the AMI Builder, unmount /mnt, and then write > a Linux disk image onto the disk. (I can't imagine why you would want to, > of course. But you're really not limited in what you can do.)
Thanks. I suppose I should have asked a different question, sorry for not being clearer. What is the best way, in your opinion, to create a security-patched ARM AMI? Would this approach do it? I have never tried patching FreeBSD from source since I have always relied on freebsd-update, but since that is not an option on arm64 (yet) I would be grateful for your pointers. Thank you again, very much. Rafal -- Rafal Lukawiecki Data Scientist Project Botticelli Ltd _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-cloud To unsubscribe, send any mail to "[email protected]"
