Date: Sat, 1 Feb 2020 23:34:20 +0000 From: Nathan Dorfman <ndorf@rtfm.net> To: Glen Barber <gjb@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic signatures of installer sets Message-ID: <20200201233420.GA18@rtfm.net> In-Reply-To: <20200130132239.GG9584@FreeBSD.org> References: <20200125200007.GA11@rtfm.net> <20200127164201.GB9584@FreeBSD.org> <20200130005006.GA13@e398a4ce8009> <20200130132239.GG9584@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 30, 2020 at 01:22:39PM +0000, Glen Barber wrote: > I honestly wasn't aware there was a jail subcommand to bsdinstall. > I think, rather than creating /usr/freebsd-dist on the host system, we > should instead check if the misc/freebsd-release-manifests package is > installed and bail if it does not. This package contains the MANIFEST > files from past releases (and in-progress releases, including BETA and > RC builds). > > Does that seem like a reasonable solution? Well, that only works for actual releases. The one from the installation medium would work in all cases, such as if one installs a snapshot, or a custom build. It would have to be kept up to date by freebsd-update, though. Also, you would need to add logic to select the correct manifest from the ones in the package, whereas one from the initial install (and freebsd-update) would be the only one. That could be as simple as stripping the -p123 suffixes from `uname -r`, but why? FWIW, the /usr/freebsd-dist location can be overridden by setting $BSDINSTALL_DISTDIR, but the checksum script[1] will expect to find the manifest and sets in the same directory regardless. Perhaps this default could be changed to something under /usr/share? -nd. [1] https://svnweb.freebsd.org/base/release/12.1.0/usr.sbin/bsdinstall/scripts/checksum?view=markup#l29
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200201233420.GA18>