From owner-freebsd-security@FreeBSD.ORG Wed Aug 22 11:40:45 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4753B106564A for ; Wed, 22 Aug 2012 11:40:45 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by mx1.freebsd.org (Postfix) with SMTP id A8AE08FC15 for ; Wed, 22 Aug 2012 11:40:44 +0000 (UTC) Received: (qmail invoked by alias); 22 Aug 2012 11:40:37 -0000 Received: from hu5.abaxx.de (EHLO [10.6.25.100]) [213.61.170.110] by mail.gmx.net (mp029) with SMTP; 22 Aug 2012 13:40:37 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX18HsMZoWIIH6CoOvqkBASyRx8E5oL0FfwWUttiORB 7LMqF2/EJ+iADB Message-ID: <5034C535.5060603@gmx.de> Date: Wed, 22 Aug 2012 13:40:37 +0200 From: olli hauer User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <20120821120031.9B0771065674@hub.freebsd.org> <20120821155622.A9FB5106566C@hub.freebsd.org> In-Reply-To: X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: Adrian Penisoara , Roger Marquis Subject: Re: getting the running patch level X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 11:40:45 -0000 On 2012-08-22 12:44, Adrian Penisoara wrote: > Hello, > > On Tue, Aug 21, 2012 at 6:49 PM, Roger Marquis wrote: >> Jilles Tjoelker wrote: > [...] >> >> WRT writing a new file, something like /etc/bsd-release would be a good >> choice following the principle of least surprise. Mergemaster can and >> should ignore it (and motd, issue, ...). >> > > I support the idea of using an /etc/*-release file to tag (and this > makes me think about /var/db/freebsd-update/tag) the current release > version details of the system (not only the kernel, but the whole > installed system). This seems to be a popular choice among Linux > distributions and thus ISV's should feel comfortable with the > approach. > > Mergemaster and/or other updating mechanisms should update the file > to reflect the reality after upgrades/updates. > > Now the format of the file would be also debatable: other vendors > releasing derivative works from the main FreeBSD source tree (like > FreeNAS, PC-BSD, etc.) will want to leave some marks as well. Should > we retain only the vendor's release tag or should we have a multiple > entries (for the original FreeBSD version and the vendor) ? Should we > even think about multiple ${vendor}-release files or just bsd-release > ? In case a new file will be used, I suggest using the cpe framework, see http://cpe.mitre.org/specification/ Using a standard framework makes it easier to write platform independent tools for example in visualization environments. sample /etc/system-release-cpe entry cpe:/o:freebsd:8.3:ga:x64 ... -- Regards, olli