Date: Fri, 1 Jan 2021 21:01:13 +0000 From: Colin Percival <cperciva@tarsnap.com> To: Rafal Lukawiecki <raf@rafal.net> Cc: freebsd-cloud@freebsd.org Subject: Re: FreeBSD on AWS Graviton (t4g) Message-ID: <01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000@email.amazonses.com> In-Reply-To: <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net> References: <C4D2ACA9-BFFE-49C1-B8AA-72E32C9DB6C9@rafal.net> <7AA5AFAB-E42A-4A59-BCA5-9B15BD58B81B@rafal.net> <01000176bfa4236e-f12b57d0-7000-4a31-acb2-5660d60eb714-000000@email.amazonses.com> <4E347E37-113D-4AFC-BD7E-AC83FF27C2E0@rafal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/1/21 12:47 PM, Rafal Lukawiecki wrote: >> On 1 Jan 2021, at 20:29, Colin Percival <cperciva@tarsnap.com >> <mailto:cperciva@tarsnap.com>> wrote: >> On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: >>> Colin, would I be able to build an updated RELEASE in the AMI maker before >>> I call mkami? In the days of 11.1 I had to recompile the kernel to use your >>> patch (many thanks!) and so I did something like this: >>> >>> $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co >>> https://svn.freebsd.org/base/releng/11.1/ >>> <https://svn.freebsd.org/base/releng/11.1/>; /usr/src/ >>> $ make DESTDIR=/mnt kernel -j16 > > Thanks. I suppose I should have asked a different question, sorry for not > being clearer. What is the best way, in your opinion, to create a > security-patched ARM AMI? Would this approach do it? I have never tried > patching FreeBSD from source since I have always relied on freebsd-update, but > since that is not an option on arm64 (yet) I would be grateful for your pointers. Yes, if you want to build an AMI which is FreeBSD 12.2-RELEASE + security / errata patches, you can launch the AMI Builder, then # svnlite co https://svn.freebsd.org/base/releng/12.2/ /usr/src/ # make -C /usr/src DESTDIR=/mnt \ buildworld buildkernel installkernel installworld It's just possible that the memory disk won't have enough space, in which case you would need to attach another EBS volume and mount it on /usr/obj, but if you've updated FreeBSD systems before you're familiar with such issues... -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01000176bfc11e27-d9bc8837-8493-4d00-a641-40779143ca0d-000000>