Date: Fri, 1 Jan 2021 20:47:06 +0000 From: Rafal Lukawiecki <raf@rafal.net> To: Colin Percival <cperciva@tarsnap.com> Cc: freebsd-cloud@freebsd.org Subject: Re: FreeBSD on AWS Graviton (t4g) Message-ID: <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net> In-Reply-To: <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com> References: <C4D2ACA9-BFFE-49C1-B8AA-72E32C9DB6C9@rafal.net> <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 1 Jan 2021, at 20:29, Colin Percival <cperciva@tarsnap.com> wrote: >=20 > On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: >>=20 >>>> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so = freebsd-update >>>> doesn't work and packages aren't always as up-to-date as on x86. = But I think >>>> those are being worked on... >>=20 >> Colin, would I be able to build an updated RELEASE in the AMI maker = before I call mkami? In the days of 11.1 I had to recompile the kernel = to use your patch (many thanks!) and so I did something like this: >>=20 >> $ svnlite --non-interactive --trust-server-cert-failures=3Dunknown-ca = co https://svn.freebsd.org/base/releng/11.1/ /usr/src/ >> $ make DESTDIR=3D/mnt kernel -j16 >>=20 >> I am not sure what magic is being done by the AMI maker itself to = /mnt. I wonder if I could use this approach to build the kernel using = the latest patched release of ARM, at least until it moves to Tier 1. = Would I need to build the userland, too? Or are the security patches = installed by freebsd-update only affecting the kernel? >=20 > You can make any changes you like. Once you've SSHed into the AMI = Builder, > you're running FreeBSD, you have FreeBSD installed onto the disk, and = the > disk is mounted at /mnt, but those are all independent issues. >=20 > If you wanted you could launch the AMI Builder, unmount /mnt, and then = write > a Linux disk image onto the disk. (I can't imagine why you would want = to, > of course. But you're really not limited in what you can do.) Thanks. I suppose I should have asked a different question, sorry for = not being clearer. What is the best way, in your opinion, to create a = security-patched ARM AMI? Would this approach do it? I have never tried = patching FreeBSD from source since I have always relied on = freebsd-update, but since that is not an option on arm64 (yet) I would = be grateful for your pointers. Thank you again, very much. Rafal -- Rafal Lukawiecki Data Scientist=20 Project Botticelli Ltd=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E347E37-113D-4AFC-BD7E-AC83FF27C2E0>