From owner-freebsd-cloud@freebsd.org Fri Jan 1 20:29:36 2021 Return-Path: Delivered-To: freebsd-cloud@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 591424D2EC2 for ; Fri, 1 Jan 2021 20:29:36 +0000 (UTC) (envelope-from 01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com) Received: from a8-176.smtp-out.amazonses.com (a8-176.smtp-out.amazonses.com [54.240.8.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6xTC3rycz3nkb for ; Fri, 1 Jan 2021 20:29:35 +0000 (UTC) (envelope-from 01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn; d=tarsnap.com; t=1609532974; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=iUC2rvJjtYS5FRgA4HPVc7zsQTjvEIYXqtfFWgPCaC8=; b=M/4TgAVSc4fsApW+1O+vw0cvcWbughul8bdshaqgEi/Xka6iIoJbdv+SQr/ntvAp 6lZwKT+DWjlYRJqjnpVFIA7/NwYUCcXcgPhq4TM3GJJyRqoX+32gPD39hC09MSCQo5Q pNpjaLZspZFIKvEjZh/poyqjlJyeWBcHik/AGKL8= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1609532974; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=iUC2rvJjtYS5FRgA4HPVc7zsQTjvEIYXqtfFWgPCaC8=; b=UWF8dpUz7K+cAppEb5WisFbYLbXAMwk8YHS/KvjQT7BHlg7v7QJ7pfTErAsdgeW0 DiCSyKqwvPl/Lhjl6JxsvJKPwwRDcDqOiiEONkyezHP7tCDgfs1h7/ynVUZIPrTjztl PT7KISK4Ah5TpRT70jbMhQZBgkIatTvrTYQqOWI8= Subject: Re: FreeBSD on AWS Graviton (t4g) To: Rafal Lukawiecki , freebsd-cloud@freebsd.org References: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> From: Colin Percival Message-ID: <01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@email.amazonses.com> Date: Fri, 1 Jan 2021 20:29:33 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2021.01.01-54.240.8.176 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 4D6xTC3rycz3nkb X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn header.b=M/4TgAVS; dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=UWF8dpUz; dmarc=pass (policy=none) header.from=tarsnap.com; spf=pass (mx1.freebsd.org: domain of 01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com designates 54.240.8.176 as permitted sender) smtp.mailfrom=01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com X-Spamd-Result: default: False [-1.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=ae7m2yrxjw65l2cqdpjxuucyrvy564tn,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18:c]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; SPAMHAUS_ZRD(0.00)[54.240.8.176:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[tarsnap.com,none]; RCVD_IN_DNSWL_NONE(0.00)[54.240.8.176:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.8.176:from]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,01000176bfa4233e-1bc2f94c-e48f-4a23-bd58-885d3daa1fc7-000000@amazonses.com]; MAILMAN_DEST(0.00)[freebsd-cloud] X-BeenThere: freebsd-cloud@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "FreeBSD on cloud platforms \(EC2, GCE, Azure, etc.\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2021 20:29:36 -0000 On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: > >>> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so freebsd-update >>> doesn't work and packages aren't always as up-to-date as on x86. But I think >>> those are being worked on... > > Colin, would I be able to build an updated RELEASE in the AMI maker before I call mkami? In the days of 11.1 I had to recompile the kernel to use your patch (many thanks!) and so I did something like this: > > $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co https://svn.freebsd.org/base/releng/11.1/ /usr/src/ > $ make DESTDIR=/mnt kernel -j16 > > I am not sure what magic is being done by the AMI maker itself to /mnt. I wonder if I could use this approach to build the kernel using the latest patched release of ARM, at least until it moves to Tier 1. Would I need to build the userland, too? Or are the security patches installed by freebsd-update only affecting the kernel? You can make any changes you like. Once you've SSHed into the AMI Builder, you're running FreeBSD, you have FreeBSD installed onto the disk, and the disk is mounted at /mnt, but those are all independent issues. If you wanted you could launch the AMI Builder, unmount /mnt, and then write a Linux disk image onto the disk. (I can't imagine why you would want to, of course. But you're really not limited in what you can do.) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid