From nobody Thu Aug 7 16:31:05 2025 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4byXj53sgnz64Syk for ; Thu, 07 Aug 2025 16:31:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4byXj52PXZz3Vgg; Thu, 07 Aug 2025 16:31:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754584265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1/t9naIbvV2Rgq4iOxUe3tutm/W7Dc+AAxltniynqEM=; b=it/+ujViitObA7/AOSnFCROPBpzfzxE4V56gYWL1hruLMy2ey/2vf1oxh9bO1pWnDpQN50 VMFtrRC1pANjyPbP7s8m1fsKHLmO1RmYvqFMpvrt7pYCQ1ILCpGmH+PmcJiBWEc/DrEBHH hU/qRoFsuBWtaRzOrSXBz4liGv6YAaB/q1mt/rI2sTqvCaGwIpImGiGrTUdkRFHUJLOj7+ Jg8v4UA8kCZP4et7OfWOfP7wphCCLxGfipw2e3r7ffrkv7AhXYV8W6FZcN1lxpAKYzDaA2 Y78hOr9pKZJssyOHnmB4VfQl7RRzx4e2IcNROKRBvW/d0oG6NedTuJWVvxtHRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754584265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1/t9naIbvV2Rgq4iOxUe3tutm/W7Dc+AAxltniynqEM=; b=F8NiewXzfWerFwIyfxuA/GY4xmEKz7IoZzQ+Elc5dxa6YFbcHiUfd5t5raYk7HVipwntUr u4yaEcVzqlMc8Nyu731H5MijZ7oYVviDECGkh+124+G2G4R9NpXwzND0LhWKgrNlCUmx2t n8ufnPufgsYFhvqJYHAvp+ahE+L4OYX8Gcr2PLmzsJv4tAGNC02gsxSInOI3fN4YnHZ3a2 xBmTRXRLuv9aIiTsL5KqhTfnwDVF4brchPuSSj82vjQU7wqTc3dQ+LWi9DZWLWjs+7cDxM kFXZR/vNcuyS4FauMCNl0qsOBKh6chY9QusgVAl/2J0g0DGdEla435UKhJDQkQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754584265; a=rsa-sha256; cv=none; b=xHkEejDsvaxAPZT6UMPhRf/oeL8A0Ok9jLRI0KwdbFmIUy7qPa4fyOvsuxODDQ2IuL98fV QFLdeUBEAy5hqS0PgHvSIYFdKdhcpQEvUSCWKWjfZT3vj8sci9R7RqPCDUJ67HtF0h9+Cz G1b1aG8PT+pnPZ6vajeWvdI3Ue1q4dDcOlYMVBLWuSpfbN5dLeDiV1v2VYmABvLVGyw5F8 LJ9Ax/JvuShtYQT7I8Kf13s6sKPFFB2MMfVYBFicTOVpo/TAWY/vlvkzh0kBkpl2af2qRf KIK/SuLpPYgrp/ZAYKHc2RXGf6qhv00bLsVSXLy2IqivE5Pl9AoMqF8iL+8SGg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4byXj50fWRz1Cyg; Thu, 07 Aug 2025 16:31:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 577GV5jk067829; Thu, 7 Aug 2025 16:31:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 577GV5X6067823; Thu, 7 Aug 2025 16:31:05 GMT (envelope-from git) Date: Thu, 7 Aug 2025 16:31:05 GMT Message-Id: <202508071631.577GV5X6067823@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Joseph Mingrone Subject: git: 8b6b6a22a4 - main - status: Add 2025q2 Foundation Infrastructure entry List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-doc-all@freebsd.org Sender: owner-dev-commits-doc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jrm X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8b6b6a22a415855c22b6f4ef8893e1d9ebef1b8b Auto-Submitted: auto-generated The branch main has been updated by jrm: URL: https://cgit.FreeBSD.org/doc/commit/?id=8b6b6a22a415855c22b6f4ef8893e1d9ebef1b8b commit 8b6b6a22a415855c22b6f4ef8893e1d9ebef1b8b Author: Joseph Mingrone AuthorDate: 2025-07-18 17:52:17 +0000 Commit: Joseph Mingrone CommitDate: 2025-08-07 16:30:04 +0000 status: Add 2025q2 Foundation Infrastructure entry Author: Alice Sowerby Reviewed by: status (lsalvadore, Pau Amma ) Pull Request: https://github.com/freebsd/freebsd-doc/pull/531 Sponsored by: The FreeBSD Foundation --- .../report-2025-04-2025-06/foundation-sta.adoc | 108 +++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/website/content/en/status/report-2025-04-2025-06/foundation-sta.adoc b/website/content/en/status/report-2025-04-2025-06/foundation-sta.adoc new file mode 100644 index 0000000000..f031280704 --- /dev/null +++ b/website/content/en/status/report-2025-04-2025-06/foundation-sta.adoc @@ -0,0 +1,108 @@ +=== Infrastructure Modernization + +Contact: Ed Maste + +Contact: Alice Sowerby + +The project started in Q3 of 2024 and was commissioned by the Sovereign Tech Agency with a budget of $745,000, to be spent over about one year. +The main goals are to improve security tools for the base system, ports, and packages, update the project's infrastructure to speed up development, enhance build security, and make it easier for new developers to get started. + +==== Q2 update + +All five work packages are now in progress and will run until the end of December 2025, at which time the project will close. + +==== Work Package A: Technical Debt reduction + +The majority of the work in this work package is complete, with a small number of hours allocated each month to help support FreeBSD Project's Source Management team to embed their new processes to make bug management easier and more sustainable. +The bug backlog dashboard link:https://grimoire.freebsd.org[] remains available to help make the backlog easier to understand. + +We have also been upgrading Bugzilla by applying patches from 2023 onward and improving the upgrade process to ensure smoother future updates. + +A panel discussion at link:https://events.linuxfoundation.org/open-source-summit-europe/[Open Source Summit Europe] in August will share this work with a wider audience. +Two members of the Foundation project staff will be present, along with two representatives from Bitergia who delivered the GrimoireLab implementation for this project. +(Members of the FreeBSD Project Source Management team were not available to attend.) + +Progress is being made to reduce technical debt by creating an link:https://github.com/linimon/patchQA[automated method] for evaluating patches (code improvements) attached to existing pull requests for source and ports trees to see whether they are still relevant, and applying them if they are. +This tool is in beta. + +==== Work Package B: Zero Trust Builds + +This work package intends to improve tooling and processes to support Zero Trust Builds of FreeBSD by extending the current components to enable the project to build release artifacts (package sets, ISO images, etc.) without requiring any special privilege. + +The detailed scope was co-created with core@, srcmgr@, secteam@. Work items are as follows: + +* Must +** No-root for all source release build cases/artifacts (in progress) +** Src artifacts to build reproducibly (in progress) +** Formalize and document make world and release.sh (in progress) +* Should +** Remove privilege from orchestration tooling (not started) +** Move build scripts into the public repository (not started) +* Could +** Environment Standardization (not started) +** Use enclaves, hardware-enforced secure containers (not started) +** Ports to build reproducibly (not started) +** CI to verify reproducibility (in progress) +** Documentation to allow 3rd parties to confirm reproducibility (not started) + +===== Work Package C: CI/CD Automation + +This work package intends to improve CI/CD automation to streamline software delivery and operations for new and existing software by modernizing and securitizing the existing CI/CD system and extending it to cover the third party packages in the FreeBSD Ports Collection. + +The detailed scope was co-created with core@, srcmgr@, portmgr@, doceng@. + +* Must +** Improve quality of incoming commits (completed) +** Pre-merge CI (completed) +** Environment Metadata (not started) +** Extend CI to the Ports tree (in progress) +** CI Threat Model (not started) +** CI Management Process (in progress) +** Documentation (not started) +* Should +** 3rd-party Interoperability (in progress) +** Automated analysis in tests (in progress) +** Test Case Management (not started) +* Could +** Granular Debugging (not started) + +===== Work Package D: Ports and Packages security improvements + +This work package intends to modernize and extend security controls in the FreeBSD Ports and Package Collection by: + +* migrating from our VuXML Vulnerability Database to OSV or similar contemporary format +* developing a package audit backend and server to reliably fetch vulnerability data from global agency databases in any format (JSON - NIST) and produce insight +* improving CI tooling for FreeBSD Ports. + +The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@. + +* Must +** New Database Format (in progress) +** Set up 2+ Database Instances (not started) +** Migrate Data from old to new database (in progress) +** Add support for new format in man:pkg[8] (in progress) +** Upstream engagement (not started) +** SBOM on demand (not started) +** Document how to set up build and test targets (not started) +** Integrate 3rd party test targets (not started) +** Continuous Testing (not started) +* Could +** Make CI artifacts available (not started) + +===== Work Package E: SBOM improvements + +This work package intends to improve existing, and implement new, tooling and processes for FreeBSD Software Bill of Materials (SBOM) by implementing: tooling to roll up the individual provenance data/markers from across the tree into a higher-level view; developing tooling to parse/review/inspect the FreeBSD source tree and produce a comprehensive/holistic report to act as a SBOM for the full software stack and; extending pkg to enable this capability for software installed from ports/packages. + +The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@, releng@ + +* Must +** Evaluate projects/solutions available in the wider ecosystem (in progress) +** Propose the target solution for SBOM (not started) +** Produce an SBOM in CI (e.g. weekly builds) (in progress) +** Produce an SBOM as an artifact as part of the release process (in progress) +** SBOM artifact on demand (in progress) +** Roll up existing data (not started) +** Record and explain decisions made (not started) +* Could +** Engage with other similar projects (not started) + +Commissioning body: Sovereign Tech Agency