From owner-freebsd-cloud@freebsd.org Thu Dec 31 18:13:49 2020 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F1484CA2BE for ; Thu, 31 Dec 2020 18:13:49 +0000 (UTC) (envelope-from raf+GD=75a6e95e@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [198.205.123.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6GW04v8Tz3NPN for ; Thu, 31 Dec 2020 18:13:48 +0000 (UTC) (envelope-from raf+GD=75a6e95e@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 14A1D7598A for ; Thu, 31 Dec 2020 13:13:44 -0500 (EST) From: Rafal Lukawiecki Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: 12.2 AMI Maker Issue Message-Id: Date: Thu, 31 Dec 2020 18:13:43 +0000 To: freebsd-cloud@freebsd.org X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Sent-To: X-Rspamd-Queue-Id: 4D6GW04v8Tz3NPN X-Spamd-Bar: - X-Spamd-Result: default: False [-1.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:198.205.123.0/25]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_LOW(-0.10)[198.205.123.69:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[198.205.123.69:from]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[GD=75a6e95e]; ASN(0.00)[asn:19844, ipnet:198.205.122.0/23, country:US]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-cloud@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[198.205.123.69:from:127.0.2.255]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-cloud] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 18:13:49 -0000 Colin, I have given the new ARM 12.2 AMI maker a spin, and I can see an issue = with insufficient storage space on /mnt to do even a basic pkg install = run: pkg: Not enough space in /mnt/var/cache/pkg, needed 313 MiB available 90 = MiB and: root@freebsd:/home/ec2-user # df -h Filesystem Size Used Avail Capacity Mounted on /dev/md0 42M 36M 2.8M 93% / devfs 1.0K 1.0K 0B 100% /dev /dev/md1 9.7G 3.6G 5.3G 41% /bits /dev/nvd0p3 3.8G 3.4G 90M 97% /mnt devfs 1.0K 1.0K 0B 100% /mnt/dev devfs 1.0K 1.0K 0B 100% /mnt/dev devfs 1.0K 1.0K 0B 100% /mnt/dev It looks like /mnt is now on /dev/nvd0p3 and seems limited to just over = 3G. I then created a new memory disk md2 and mounted it in place of = cache/pkg just to get past this issue, but I soon run out of space again = while doing pkg install into /mnt. Is there a way to allocate a larger amount of space to /mnt so that I = can install everything? Is it parametrisable, or do you need to do that = when you are preparing the AMI maker? Many thanks for your help, Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd From owner-freebsd-cloud@freebsd.org Thu Dec 31 18:36:26 2020 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 264E54CB0AE for ; Thu, 31 Dec 2020 18:36:26 +0000 (UTC) (envelope-from raf+GD=75a6e95e@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [IPv6:2605:d100:2f:10::315]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6H150lqSz3QJR for ; Thu, 31 Dec 2020 18:36:24 +0000 (UTC) (envelope-from raf+GD=75a6e95e@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 57BE9759C4 for ; Thu, 31 Dec 2020 13:36:17 -0500 (EST) From: Rafal Lukawiecki Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: 12.2 AMI Maker Issue Date: Thu, 31 Dec 2020 18:36:15 +0000 References: To: freebsd-cloud@freebsd.org In-Reply-To: Message-Id: <014150CF-F5C6-4AC6-B6EB-84592F483B41@rafal.net> X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Sent-To: X-Rspamd-Queue-Id: 4D6H150lqSz3QJR X-Spamd-Bar: - X-Spamd-Result: default: False [-1.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2605:d100:2f:10::/112]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2605:d100:2f:10::315:from]; ASN(0.00)[asn:19844, ipnet:2605:d100::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[GD=75a6e95e]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-cloud@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2605:d100:2f:10::315:from:127.0.2.255]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-cloud] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 18:36:26 -0000 > Colin, >=20 > I have given the new ARM 12.2 AMI maker a spin, and I can see an issue = with insufficient storage space on /mnt to do even a basic pkg install = run: >=20 > pkg: Not enough space in /mnt/var/cache/pkg, needed 313 MiB available = 90 MiB >=20 > and: >=20 > root@freebsd:/home/ec2-user # df -h > Filesystem Size Used Avail Capacity Mounted on > /dev/md0 42M 36M 2.8M 93% / > devfs 1.0K 1.0K 0B 100% /dev > /dev/md1 9.7G 3.6G 5.3G 41% /bits > /dev/nvd0p3 3.8G 3.4G 90M 97% /mnt > devfs 1.0K 1.0K 0B 100% /mnt/dev > devfs 1.0K 1.0K 0B 100% /mnt/dev > devfs 1.0K 1.0K 0B 100% /mnt/dev >=20 > It looks like /mnt is now on /dev/nvd0p3 and seems limited to just = over 3G. I then created a new memory disk md2 and mounted it in place of = cache/pkg just to get past this issue, but I soon run out of space again = while doing pkg install into /mnt. >=20 > Is there a way to allocate a larger amount of space to /mnt so that I = can install everything? Is it parametrisable, or do you need to do that = when you are preparing the AMI maker? >=20 > Many thanks for your help, > Rafal > -- > Rafal Lukawiecki > Data Scientist=20 > Project Botticelli Ltd For what it is worth, I just resized the nvd0p3 using: gpart resize -i 3 -s 7G nvd0 growfs -y /dev/nvd0p3 =E2=80=A6and that allowed me to proceed with pkg installs and = freebsd-update. If this is not the way to do it, let me know. In the = meantime, I will continue testing. Many thanks. Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd= From owner-freebsd-cloud@freebsd.org Thu Dec 31 19:43:55 2020 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1E0DE4CD30D for ; Thu, 31 Dec 2020 19:43:55 +0000 (UTC) (envelope-from raf+GD=75a6e95e@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [IPv6:2605:d100:2f:10::315]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6JVy12MLz3l6c for ; Thu, 31 Dec 2020 19:43:53 +0000 (UTC) (envelope-from raf+GD=75a6e95e@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id D215775981 for ; Thu, 31 Dec 2020 14:43:51 -0500 (EST) From: Rafal Lukawiecki Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: No EC2 screenshot for 12.2 ARM AMI Maker Message-Id: <1E902B6C-436B-43F8-900D-86547BA48DD1@rafal.net> Date: Thu, 31 Dec 2020 19:43:50 +0000 To: freebsd-cloud@freebsd.org X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Sent-To: X-Rspamd-Queue-Id: 4D6JVy12MLz3l6c X-Spamd-Bar: - X-Spamd-Result: default: False [-1.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2605:d100:2f:10::/112]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2605:d100:2f:10::315:from]; ASN(0.00)[asn:19844, ipnet:2605:d100::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[GD=75a6e95e]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-cloud@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2605:d100:2f:10::315:from:127.0.2.255]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-cloud] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 19:43:55 -0000 Colin, I have realised that I have only tested the 12.2 x64 AMI maker on c5 and = not the ARM one=E2=80=A6facepalm=E2=80=A6 Just tried again with ami-03ff07383e4897dd4 on c6gd and a t4g. There is = no instance screenshot available. The log fills, and eventually I can = connect to the machines=E2=80=94much sooner than on the AMD ones. = Perhaps I am connecting too early? I have no easy way to figure out if = the install has finished, as I have normally used the screenshot. Is there a way to check if the install of FreeBSD to /mnt has been = completed? The welcome message seems to suggest it is so, but perhaps = that is hardcoded. Or would I be unable to ssh until the process has = completed? Many thanks for your pointers. Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd From owner-freebsd-cloud@freebsd.org Fri Jan 1 00:20:16 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8EAED4D6AB6 for ; Fri, 1 Jan 2021 00:20:16 +0000 (UTC) (envelope-from 01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@amazonses.com) Received: from a8-26.smtp-out.amazonses.com (a8-26.smtp-out.amazonses.com [54.240.8.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6Qdq4kHqz4dGs for ; Fri, 1 Jan 2021 00:20:15 +0000 (UTC) (envelope-from 01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1609460414; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=IydQSASJeuXnU8Q0PGUZKQt9ifzdVXDeSJeA+bK3huA=; b=HCXzRwUcZ0PAGHmorkGd29O0s525YHBAGDe3FHxEvZ52IgMND0FMbM0Xts57QfJl zajHma4ueUWq4gPbabOx/VDyYloBarFUcFsi5x639R9Am5DiSqVfC0mp22nv5rEj5RE eQrWgB2mzswHtvZs53rycR/kzY6kE3EuumdJ0NL0= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1609460414; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=IydQSASJeuXnU8Q0PGUZKQt9ifzdVXDeSJeA+bK3huA=; b=CTHXouPcIWNQ2Dc/CQPd1S3zCqnoaF9v4FA4wkaHV91CWnNZdXTAPwZSt8siMTBC ahAd6CwANOQ9XNMkOHCTHM6vAGT1eBuzABG8gBZlo2hXNXShhP+6+Sezvs4A8/brLpk q5e3ec8DbEOToTwJpGWgz2zdje5O6FK3s1pyRbsQ= Subject: Re: 12.2 AMI Maker Issue To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: <014150CF-F5C6-4AC6-B6EB-84592F483B41@rafal.net> From: Colin Percival Message-ID: <01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 00:20:14 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <014150CF-F5C6-4AC6-B6EB-84592F483B41@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2021.01.01-54.240.8.26 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4D6Qdq4kHqz4dGs X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=HCXzRwUc; dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=CTHXouPc; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@amazonses.com designates 54.240.8.26 as permitted sender) smtp.mailfrom=01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@amazonses.com X-Spamd-Result: default: False [2.80 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; NEURAL_SPAM_SHORT(1.00)[1.000]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[54.240.8.26:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.26:from]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; RWL_MAILSPIKE_POSSIBLE(0.00)[54.240.8.26:from]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.26:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000176bb50f67d-e491586b-5fb8-40cd-8085-0059fbac2102-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 00:20:16 -0000 On 12/31/20 10:36 AM, Rafal Lukawiecki via freebsd-cloud wrote: >> pkg: Not enough space in /mnt/var/cache/pkg, needed 313 MiB available 90 MiB > > For what it is worth, I just resized the nvd0p3 using: > > gpart resize -i 3 -s 7G nvd0 > growfs -y /dev/nvd0p3 > > …and that allowed me to proceed with pkg installs and freebsd-update. If this is not the way to do it, let me know. In the meantime, I will continue testing. Many thanks. Yes, that's the right solution. The disk image installed on nvd0 is *exactly* the same as the release image -- it's less than 10 GB in case someone wants to launch onto a disk of less than 10 GB. If you're adding more packages to it, wanting to expand the filesystem is not at all surprising. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Fri Jan 1 00:21:21 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 11D664D6ADA for ; Fri, 1 Jan 2021 00:21:21 +0000 (UTC) (envelope-from 01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@amazonses.com) Received: from a8-13.smtp-out.amazonses.com (a8-13.smtp-out.amazonses.com [54.240.8.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6Qg41T59z4dZX for ; Fri, 1 Jan 2021 00:21:20 +0000 (UTC) (envelope-from 01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1609460477; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=BibJgd/l/Ujy7087MHE3j+nD6AxWXie+QcV5HoeZ3Jk=; b=LhVALgSlGtcsitJNjwEFIJz3LqiRlvOKyAMicS755yWvLcc1HxHqHeWdDfxWIGbQ KX/rUGQXMt/l7yS4ynGH8Jojc3tMFXDb+wwdOvVbKkRlWNsTdomWDRaq1u6uYmerZUR M4CUQ046kRLsdd9EYDGe8lA7vFZZeYDmz/iDiljA= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1609460477; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=BibJgd/l/Ujy7087MHE3j+nD6AxWXie+QcV5HoeZ3Jk=; b=a2bbt6YYzM1gPyxSVWe0VhylzBP0zhvLL5HGcyCtZ679Qt2HSzCu4cEcKJVawLPB LzR6tihyoHwgV3qCekumobtel7RkYhRm9cvj6uDwkvEIzdcROcMDYT/s6tybLFPbk0k sZe4A6Fj+F1PDqGtSxQonkumqtOI4Q5aZbtKIWbg= Subject: Re: No EC2 screenshot for 12.2 ARM AMI Maker To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: <1E902B6C-436B-43F8-900D-86547BA48DD1@rafal.net> From: Colin Percival Message-ID: <01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 00:21:17 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <1E902B6C-436B-43F8-900D-86547BA48DD1@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2021.01.01-54.240.8.13 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4D6Qg41T59z4dZX X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=LhVALgSl; dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=a2bbt6YY; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@amazonses.com designates 54.240.8.13 as permitted sender) smtp.mailfrom=01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@amazonses.com X-Spamd-Result: default: False [2.80 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18:c]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; NEURAL_SPAM_SHORT(1.00)[1.000]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[54.240.8.13:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.13:from]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; RWL_MAILSPIKE_POSSIBLE(0.00)[54.240.8.13:from]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.13:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000176bb51eec4-725050f9-e963-47a7-bffa-65e7adcca0a3-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 00:21:21 -0000 On 12/31/20 11:43 AM, Rafal Lukawiecki via freebsd-cloud wrote: > I have realised that I have only tested the 12.2 x64 AMI maker on c5 and not the ARM one…facepalm… > > Just tried again with ami-03ff07383e4897dd4 on c6gd and a t4g. There is no instance screenshot available. The log fills, and eventually I can connect to the machines—much sooner than on the AMD ones. Perhaps I am connecting too early? I have no easy way to figure out if the install has finished, as I have normally used the screenshot. > > Is there a way to check if the install of FreeBSD to /mnt has been completed? The welcome message seems to suggest it is so, but perhaps that is hardcoded. Or would I be unable to ssh until the process has completed? You won't be able to SSH in until the disk image has been extracted. I think the ARM instances are faster (in part because the disk image is smaller). -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Fri Jan 1 01:59:53 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 026004BA0A2 for ; Fri, 1 Jan 2021 01:59:53 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [198.205.123.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6Srl6RKvz4l0N for ; Fri, 1 Jan 2021 01:59:51 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id A6E207598A; Thu, 31 Dec 2020 20:59:48 -0500 (EST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable From: Rafal Lukawiecki Mime-Version: 1.0 (1.0) Subject: Re: No EC2 screenshot for 12.2 ARM AMI Maker Date: Fri, 1 Jan 2021 01:59:46 +0000 Message-Id: <7F692AEB-E6FC-44E6-BA3E-0518C0063BBF@rafal.net> References: <01000176bb51eed6-ef8b811b-4a96-43d1-972b-ba39f521e9ab-000000@email.amazonses.com> Cc: freebsd-cloud@freebsd.org In-Reply-To: <01000176bb51eed6-ef8b811b-4a96-43d1-972b-ba39f521e9ab-000000@email.amazonses.com> To: Colin Percival X-Mailer: iPad Mail (18C66) X-Sent-To: X-Rspamd-Queue-Id: 4D6Srl6RKvz4l0N X-Spamd-Bar: - X-Spamd-Result: default: False [-1.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:198.205.123.0/25]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_LOW(-0.10)[198.205.123.69:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:19844, ipnet:198.205.122.0/23, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[198.205.123.69:from]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; TAGGED_FROM(0.00)[GE=5aa47aac]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[198.205.123.69:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 01:59:53 -0000 > On 1 Jan 2021, at 00:21, Colin Percival wrote: >=20 > You won't be able to SSH in until the disk image has been extracted. I th= ink > the ARM instances are faster (in part because the disk image is smaller). Thanks! Any reason there are no screenshots available? Rafal= From owner-freebsd-cloud@freebsd.org Fri Jan 1 12:33:59 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 818344C7921 for ; Fri, 1 Jan 2021 12:33:59 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [IPv6:2605:d100:2f:10::315]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6kwQ0ySRz4n2k for ; Fri, 1 Jan 2021 12:33:57 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id A040D7597A; Fri, 1 Jan 2021 07:33:55 -0500 (EST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable From: Rafal Lukawiecki Mime-Version: 1.0 (1.0) Date: Fri, 1 Jan 2021 12:33:53 +0000 Message-Id: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> References: In-Reply-To: Subject: Re: FreeBSD on AWS Graviton (t4g) To: Colin Percival , freebsd-cloud@freebsd.org X-Mailer: iPad Mail (18C66) X-Sent-To: X-Rspamd-Queue-Id: 4D6kwQ0ySRz4n2k X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.50 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2605:d100:2f:10::/112]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; SPAMHAUS_ZRD(0.00)[2605:d100:2f:10::315:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2605:d100:2f:10::315:from]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:19844, ipnet:2605:d100::/32, country:US]; TAGGED_FROM(0.00)[GE=5aa47aac]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 12:33:59 -0000 >> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so freebsd-u= pdate >> doesn't work and packages aren't always as up-to-date as on x86. But I t= hink >> those are being worked on... Colin, would I be able to build an updated RELEASE in the AMI maker before I= call mkami? In the days of 11.1 I had to recompile the kernel to use your p= atch (many thanks!) and so I did something like this: $ svnlite --non-interactive --trust-server-cert-failures=3Dunknown-ca co htt= ps://svn.freebsd.org/base/releng/11.1/ /usr/src/ $ make DESTDIR=3D/mnt kernel -j16 I am not sure what magic is being done by the AMI maker itself to /mnt. I wo= nder if I could use this approach to build the kernel using the latest patch= ed release of ARM, at least until it moves to Tier 1. Would I need to build t= he userland, too? Or are the security patches installed by freebsd-update on= ly affecting the kernel? Thanks for your help, as always. Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd= From owner-freebsd-cloud@freebsd.org Fri Jan 1 12:36:18 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2EAF94C77C7 for ; Fri, 1 Jan 2021 12:36:18 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [198.205.123.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6kz50Jybz4n31 for ; Fri, 1 Jan 2021 12:36:16 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id D5D89759C8; Fri, 1 Jan 2021 07:36:14 -0500 (EST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: Re: 12.2 AMI Maker Issue From: Rafal Lukawiecki In-Reply-To: <01000176bb50f67f-1b089a24-4dcc-4100-8992-d3dad12bd478-000000@email.amazonses.com> Cc: freebsd-cloud@freebsd.org Date: Fri, 1 Jan 2021 12:36:13 +0000 Message-Id: <74098FC7-FEF4-4940-A405-76231A7686AF@rafal.net> References: <01000176bb50f67f-1b089a24-4dcc-4100-8992-d3dad12bd478-000000@email.amazonses.com> To: Colin Percival X-Mailer: iPad Mail (18C66) X-Sent-To: X-Rspamd-Queue-Id: 4D6kz50Jybz4n31 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:198.205.123.0/25:c]; MV_CASE(0.50)[]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_LOW(-0.10)[198.205.123.69:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[198.205.123.69:from]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[GE=5aa47aac]; ASN(0.00)[asn:19844, ipnet:198.205.122.0/23, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SPAMHAUS_ZRD(0.00)[198.205.123.69:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 12:36:18 -0000 > On 1 Jan 2021, at 00:20, Colin Percival wrote: >=20 > Yes, that's the right solution. The disk image installed on nvd0 is *exac= tly* > the same as the release image -- it's less than 10 GB in case someone want= s to > launch onto a disk of less than 10 GB. If you're adding more packages to i= t, > wanting to expand the filesystem is not at all surprising. Thank you. Interestingly, the fs on the ARM AMI maker nvme is expanded to th= e full 10GB and do did not need the expansion. The small, ~4GB one happens t= o come only with the AMD AMI maker. -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd= From owner-freebsd-cloud@freebsd.org Fri Jan 1 20:26:23 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 619A24D2EB5 for ; Fri, 1 Jan 2021 20:26:23 +0000 (UTC) (envelope-from 01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@amazonses.com) Received: from a8-13.smtp-out.amazonses.com (a8-13.smtp-out.amazonses.com [54.240.8.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6xPT5ZHQz3nX3 for ; Fri, 1 Jan 2021 20:26:21 +0000 (UTC) (envelope-from 01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1609532780; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=7qlQHi2oPS8u7cFoT+eRz7V/yEWJyD4o+XZqyJPE7GQ=; b=cQjNAQrqckYEX82kvq1U3F5InOZIALvgSHtbHUzWz0lCczui4FHYPfZJD1gCpp4O 1qJsWvpa3vYldiHpbDnJTw/hMypMKIjizlXa2/KuDlVRMdZ9640O8RfYiqIydNNoxPA KvyDeTzkX+qRKomF3iAte7gdnvkcGQeDmSgH0QtQ= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1609532780; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=7qlQHi2oPS8u7cFoT+eRz7V/yEWJyD4o+XZqyJPE7GQ=; b=lDH0zmZqrG82Kvr5Qy5J+8PgOstWzBrzGpa95TqLixPVkKSZRJ1Tfdb23rxJqNZf nmon+5y81QEDJ4AZ28PfV9h24Sw7tmFD/EmqZSzBixD+thAZglgQJ8vD6jEnj5CNg77 qIcb+XezM6S/7/yxGXR1hzX7R3E5WO10T947RnhA= Subject: Re: No EC2 screenshot for 12.2 ARM AMI Maker To: Rafal Lukawiecki Cc: freebsd-cloud@freebsd.org References: <01000176bb51eed6-ef8b811b-4a96-43d1-972b-ba39f521e9ab-000000@email.amazonses.com> <7F692AEB-E6FC-44E6-BA3E-0518C0063BBF@rafal.net> From: Colin Percival Message-ID: <01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 20:26:20 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <7F692AEB-E6FC-44E6-BA3E-0518C0063BBF@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2021.01.01-54.240.8.13 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4D6xPT5ZHQz3nX3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=cQjNAQrq; dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=lDH0zmZq; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@amazonses.com designates 54.240.8.13 as permitted sender) smtp.mailfrom=01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@amazonses.com X-Spamd-Result: default: False [-1.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; RWL_MAILSPIKE_NEUTRAL(0.00)[54.240.8.13:from]; SPAMHAUS_ZRD(0.00)[54.240.8.13:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.13:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.13:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000176bfa130a1-7924653d-3320-4f26-bd81-5c1d1d7bc279-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 20:26:23 -0000 On 12/31/20 5:59 PM, Rafal Lukawiecki wrote: > >> On 1 Jan 2021, at 00:21, Colin Percival wrote: >> >> You won't be able to SSH in until the disk image has been extracted. I think >> the ARM instances are faster (in part because the disk image is smaller). > > Thanks! Any reason there are no screenshots available? The obvious answer is "because we're not sending any video output". Offhand I don't know if the VMs in question don't have video hardware, or if they have hardware but we don't have a driver for it. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Fri Jan 1 20:29:36 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 591424D2EC2 for ; Fri, 1 Jan 2021 20:29:36 +0000 (UTC) (envelope-from 01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com) Received: from a8-176.smtp-out.amazonses.com (a8-176.smtp-out.amazonses.com [54.240.8.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6xTC3rycz3nkb for ; Fri, 1 Jan 2021 20:29:35 +0000 (UTC) (envelope-from 01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1609532974; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=iUC2rvJjtYS5FRgA4HPVc7zsQTjvEIYXqtfFWgPCaC8=; b=M/4TgAVSc4fsApW+1O+vw0cvcWbughul8bdshaqgEi/Xka6iIoJbdv+SQr/ntvAp 6lZwKT+DWjlYRJqjnpVFIA7/NwYUCcXcgPhq4TM3GJJyRqoX+32gPD39hC09MSCQo5Q pNpjaLZspZFIKvEjZh/poyqjlJyeWBcHik/AGKL8= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1609532974; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=iUC2rvJjtYS5FRgA4HPVc7zsQTjvEIYXqtfFWgPCaC8=; b=UWF8dpUz7K+cAppEb5WisFbYLbXAMwk8YHS/KvjQT7BHlg7v7QJ7pfTErAsdgeW0 DiCSyKqwvPl/Lhjl6JxsvJKPwwRDcDqOiiEONkyezHP7tCDgfs1h7/ynVUZIPrTjztl PT7KISK4Ah5TpRT70jbMhQZBgkIatTvrTYQqOWI8= Subject: Re: FreeBSD on AWS Graviton (t4g) To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> From: Colin Percival Message-ID: <01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 20:29:33 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2021.01.01-54.240.8.176 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4D6xTC3rycz3nkb X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=M/4TgAVS; dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=UWF8dpUz; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com designates 54.240.8.176 as permitted sender) smtp.mailfrom=01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com X-Spamd-Result: default: False [-1.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18:c]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SPAMHAUS_ZRD(0.00)[54.240.8.176:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.176:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.176:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 20:29:36 -0000 On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: > >>> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so freebsd-update >>> doesn't work and packages aren't always as up-to-date as on x86. But I think >>> those are being worked on... > > Colin, would I be able to build an updated RELEASE in the AMI maker before I call mkami? In the days of 11.1 I had to recompile the kernel to use your patch (many thanks!) and so I did something like this: > > $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co https://svn.freebsd.org/base/releng/11.1/ /usr/src/ > $ make DESTDIR=/mnt kernel -j16 > > I am not sure what magic is being done by the AMI maker itself to /mnt. I wonder if I could use this approach to build the kernel using the latest patched release of ARM, at least until it moves to Tier 1. Would I need to build the userland, too? Or are the security patches installed by freebsd-update only affecting the kernel? You can make any changes you like. Once you've SSHed into the AMI Builder, you're running FreeBSD, you have FreeBSD installed onto the disk, and the disk is mounted at /mnt, but those are all independent issues. If you wanted you could launch the AMI Builder, unmount /mnt, and then write a Linux disk image onto the disk. (I can't imagine why you would want to, of course. But you're really not limited in what you can do.) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Fri Jan 1 20:47:17 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFF5E4D37EC for ; Fri, 1 Jan 2021 20:47:17 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [IPv6:2605:d100:2f:10::315]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6xsc4dnnz3pn0 for ; Fri, 1 Jan 2021 20:47:16 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 5CF5A75996; Fri, 1 Jan 2021 15:47:08 -0500 (EST) From: Rafal Lukawiecki Message-Id: <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net> Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: FreeBSD on AWS Graviton (t4g) Date: Fri, 1 Jan 2021 20:47:06 +0000 In-Reply-To: <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com> Cc: freebsd-cloud@freebsd.org To: Colin Percival References: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Sent-To: X-Rspamd-Queue-Id: 4D6xsc4dnnz3pn0 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.50 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2605:d100:2f:10::/112]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; ARC_NA(0.00)[]; SPAMHAUS_ZRD(0.00)[2605:d100:2f:10::315:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2605:d100:2f:10::315:from]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:19844, ipnet:2605:d100::/32, country:US]; TAGGED_FROM(0.00)[GE=5aa47aac]; MAILMAN_DEST(0.00)[freebsd-cloud] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 20:47:17 -0000 > On 1 Jan 2021, at 20:29, Colin Percival wrote: >=20 > On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: >>=20 >>>> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so = freebsd-update >>>> doesn't work and packages aren't always as up-to-date as on x86. = But I think >>>> those are being worked on... >>=20 >> Colin, would I be able to build an updated RELEASE in the AMI maker = before I call mkami? In the days of 11.1 I had to recompile the kernel = to use your patch (many thanks!) and so I did something like this: >>=20 >> $ svnlite --non-interactive --trust-server-cert-failures=3Dunknown-ca = co https://svn.freebsd.org/base/releng/11.1/ /usr/src/ >> $ make DESTDIR=3D/mnt kernel -j16 >>=20 >> I am not sure what magic is being done by the AMI maker itself to = /mnt. I wonder if I could use this approach to build the kernel using = the latest patched release of ARM, at least until it moves to Tier 1. = Would I need to build the userland, too? Or are the security patches = installed by freebsd-update only affecting the kernel? >=20 > You can make any changes you like. Once you've SSHed into the AMI = Builder, > you're running FreeBSD, you have FreeBSD installed onto the disk, and = the > disk is mounted at /mnt, but those are all independent issues. >=20 > If you wanted you could launch the AMI Builder, unmount /mnt, and then = write > a Linux disk image onto the disk. (I can't imagine why you would want = to, > of course. But you're really not limited in what you can do.) Thanks. I suppose I should have asked a different question, sorry for = not being clearer. What is the best way, in your opinion, to create a = security-patched ARM AMI? Would this approach do it? I have never tried = patching FreeBSD from source since I have always relied on = freebsd-update, but since that is not an option on arm64 (yet) I would = be grateful for your pointers. Thank you again, very much. Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd= From owner-freebsd-cloud@freebsd.org Fri Jan 1 21:01:16 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 293F04D41BC for ; Fri, 1 Jan 2021 21:01:16 +0000 (UTC) (envelope-from 01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@amazonses.com) Received: from a8-60.smtp-out.amazonses.com (a8-60.smtp-out.amazonses.com [54.240.8.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6y9k65KXz3r5j for ; Fri, 1 Jan 2021 21:01:14 +0000 (UTC) (envelope-from 01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1609534873; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=3ylDKVNtlMybZoDXXE1fOTOituChryFi9/xj+e8pFaA=; b=J1ezqXtPOXS5stcK6XHiJ6Bt7L7IchF/Wg1Z2iVf8AXTiJCh5fM1E7ismkjPDa18 s2Pq9T2FS6HN5rRP/bg+2RXUt2XPzLDqc/LesE26EkuQnArRjv7EjOo8ccj+XilkYFB H6BsXQcHXfUM2ha/HByodOtWwdQZk47/sWahlM04= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1609534873; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=3ylDKVNtlMybZoDXXE1fOTOituChryFi9/xj+e8pFaA=; b=gZmEA+N09wi3nVL2NFlSQPok2uqYFT/zz1i1mGFrVKUVl9Fsp1rbqiQWH83wHxiK dZEHl5qRwUDG0Au98AgDIo/qqdUKGypEdJhuFwI/A6z2s5bnrATUqTqA0k9hxLPQ3Vd OrHWuzQ94iZ50YV8N39gfDhg8afnUI8haoP2bWSY= Subject: Re: FreeBSD on AWS Graviton (t4g) To: Rafal Lukawiecki Cc: freebsd-cloud@freebsd.org References: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com> <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net> From: Colin Percival Message-ID: <01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 21:01:13 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2021.01.01-54.240.8.60 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4D6y9k65KXz3r5j X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=J1ezqXtP; dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=gZmEA+N0; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@amazonses.com designates 54.240.8.60 as permitted sender) smtp.mailfrom=01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@amazonses.com X-Spamd-Result: default: False [-1.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SPAMHAUS_ZRD(0.00)[54.240.8.60:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.60:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; RWL_MAILSPIKE_POSSIBLE(0.00)[54.240.8.60:from]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.60:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 21:01:16 -0000 On 1/1/21 12:47 PM, Rafal Lukawiecki wrote: >> On 1 Jan 2021, at 20:29, Colin Percival > > wrote: >> On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: >>> Colin, would I be able to build an updated RELEASE in the AMI maker before >>> I call mkami? In the days of 11.1 I had to recompile the kernel to use your >>> patch (many thanks!) and so I did something like this: >>> >>> $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co >>> https://svn.freebsd.org/base/releng/11.1/ >>> /usr/src/ >>> $ make DESTDIR=/mnt kernel -j16 > > Thanks. I suppose I should have asked a different question, sorry for not > being clearer. What is the best way, in your opinion, to create a > security-patched ARM AMI? Would this approach do it? I have never tried > patching FreeBSD from source since I have always relied on freebsd-update, but > since that is not an option on arm64 (yet) I would be grateful for your pointers. Yes, if you want to build an AMI which is FreeBSD 12.2-RELEASE + security / errata patches, you can launch the AMI Builder, then # svnlite co https://svn.freebsd.org/base/releng/12.2/ /usr/src/ # make -C /usr/src DESTDIR=/mnt \ buildworld buildkernel installkernel installworld It's just possible that the memory disk won't have enough space, in which case you would need to attach another EBS volume and mount it on /usr/obj, but if you've updated FreeBSD systems before you're familiar with such issues... -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-cloud@freebsd.org Fri Jan 1 21:03:44 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B9FA4D44AA for ; Fri, 1 Jan 2021 21:03:44 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from smtp-out-4.mxes.net (smtp-out-4.mxes.net [198.205.123.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6yDb2FpRz3rfw for ; Fri, 1 Jan 2021 21:03:42 +0000 (UTC) (envelope-from raf+GE=5aa47aac@rafal.net) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 3904A75981; Fri, 1 Jan 2021 16:03:39 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: FreeBSD on AWS Graviton (t4g) From: Rafal Lukawiecki In-Reply-To: <01000176bfc11df8-fbb42271-1837-409b-9ce5-13577e938d1c-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 21:03:37 +0000 Cc: freebsd-cloud@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <21F56FA2-8DBA-4D6F-B08F-848F56233B45@rafal.net> References: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com> <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net> <01000176bfc11df8-fbb42271-1837-409b-9ce5-13577e938d1c-000000@email.amazonses.com> To: Colin Percival X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Sent-To: X-Rspamd-Queue-Id: 4D6yDb2FpRz3rfw X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:198.205.123.0/25]; DKIM_TRACE(0.00)[mxes.net:+,rafal.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[rafal.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_LOW(-0.10)[198.205.123.69:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[198.205.123.69:from]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[GE=5aa47aac]; ASN(0.00)[asn:19844, ipnet:198.205.122.0/23, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[mxes.net:s=mta,rafal.net:s=tm]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SPAMHAUS_ZRD(0.00)[198.205.123.69:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 21:03:44 -0000 > On 1 Jan 2021, at 21:01, Colin Percival wrote: >=20 > Yes, if you want to build an AMI which is FreeBSD 12.2-RELEASE + = security / > errata patches, you can launch the AMI Builder, then >=20 > # svnlite co https://svn.freebsd.org/base/releng/12.2/ /usr/src/ > # make -C /usr/src DESTDIR=3D/mnt \ > buildworld buildkernel installkernel installworld >=20 > It's just possible that the memory disk won't have enough space, in = which > case you would need to attach another EBS volume and mount it on = /usr/obj, > but if you've updated FreeBSD systems before you're familiar with such > issues=E2=80=A6 Thank you, Colin, for the full make statement, very helpful! I will try = that. Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd