git: 10c4498f93d2 - releng/15.1 - Cloud releases: Switch to firstboot_pkg_upgrade

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Colin Percival <cperciva_at_FreeBSD.org>
Date: Fri, 15 May 2026 00:04:04 UTC
The branch releng/15.1 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=10c4498f93d29b1f2b672299c5bf8c0ee6ee3774

commit 10c4498f93d29b1f2b672299c5bf8c0ee6ee3774
Author:     Alexander Ziaee <ziaee@FreeBSD.org>
AuthorDate: 2026-05-14 21:05:07 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2026-05-15 00:03:35 +0000

    Cloud releases: Switch to firstboot_pkg_upgrade
    
    Cloud images are deployed with base system packages. Introduce a
    firstboot package auto updater to patch the base system on first boot.
    
    Approved by:    re (cperciva)
    MFC after:              1 hour
    MFC to:                 stable/15
    Reviewed by:            cperciva
    Sponsored by:           Google Cloud
    Differential Revision:  https://reviews.freebsd.org/D56890
    
    (cherry picked from commit 464a351267dc0d1843b919dd72ad1c70c24815ce)
    (cherry picked from commit 0bb2b2a45f3c0c147d7c55e010be45e55af8df87)
---
 release/tools/azure.conf    | 5 +++--
 release/tools/ec2-base.conf | 9 ++++++---
 release/tools/gce.conf      | 5 +++--
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/release/tools/azure.conf b/release/tools/azure.conf
index 7a4f0b5027cf..9a5c12424bd3 100644
--- a/release/tools/azure.conf
+++ b/release/tools/azure.conf
@@ -6,10 +6,10 @@
 export VMSIZE=30g
 
 # Set to a list of packages to install.
-export VM_EXTRA_PACKAGES="azure-agent python python3 firstboot-freebsd-update firstboot-pkgs"
+export VM_EXTRA_PACKAGES="azure-agent python python3 firstboot-pkg-upgrade firstboot-pkgs"
 
 # Set to a list of third-party software to enable in rc.conf(5).
-export VM_RC_LIST="ntpd sshd waagent firstboot_freebsd_update firstboot_pkgs"
+export VM_RC_LIST="ntpd sshd waagent firstboot_pkg_upgrade firstboot_pkgs"
 
 # No swap space; waagent will allocate swap space on the resource disk.
 # See ResourceDisk.EnableSwap and ResourceDisk.SwapSizeMB in waagent.conf
@@ -43,6 +43,7 @@ vm_extra_pre_umount() {
 	cat << EOF >> ${DESTDIR}/etc/rc.conf
 ifconfig_hn0="SYNCDHCP"
 ntpd_sync_on_start="YES"
+firstboot_pkg_upgrade_repos="FreeBSD-base"
 EOF
 
 	cat << EOF >> ${DESTDIR}/boot/loader.conf
diff --git a/release/tools/ec2-base.conf b/release/tools/ec2-base.conf
index ffe2646240a5..24b2feb5f0d7 100644
--- a/release/tools/ec2-base.conf
+++ b/release/tools/ec2-base.conf
@@ -7,15 +7,15 @@
 # * amazon-ssm-agent (not enabled by default, but some users need to use
 # it on systems not connected to the internet),
 # * ec2-scripts, which provides a range of EC2ification startup scripts,
-# * firstboot-freebsd-update, to install security updates at first boot,
+# * firstboot-pkg-upgrade, to install security updates at first boot,
 # * firstboot-pkgs, to install packages at first boot, and
 # * isc-dhcp44-client, used for IPv6 network setup.
 export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent ec2-scripts \
-    firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client"
+    firstboot-pkg-upgrade firstboot-pkgs isc-dhcp44-client"
 
 # Services to enable in rc.conf(5).
 export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
-    ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs \
+    ec2_fetchkey ec2_loghostkey firstboot_pkg_upgrade firstboot_pkgs \
     growfs sshd"
 
 vm_extra_pre_umount() {
@@ -24,6 +24,9 @@ vm_extra_pre_umount() {
 	# via EC2 user-data.
 	echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf
 
+	# Limit firstboot_pkg_upgrade to the base system.
+	echo 'firstboot_pkg_upgrade_repos="FreeBSD-base"' >> ${DESTDIR}/etc/rc.conf
+
 	# Any EC2 ephemeral disks seen when the system first boots will
 	# be "new" disks; there is no "previous boot" when they might have
 	# been seen and used already.
diff --git a/release/tools/gce.conf b/release/tools/gce.conf
index 7298aabf3956..938672ac92e0 100644
--- a/release/tools/gce.conf
+++ b/release/tools/gce.conf
@@ -6,14 +6,14 @@
 export VMSIZE=20g
 
 # Set to a list of packages to install.
-export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \
+export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-pkg-upgrade \
 	firstboot-pkgs google-cloud-sdk panicmail sudo \
 	sysutils/py-google-compute-engine lang/python \
 	lang/python3"
 
 # Set to a list of third-party software to enable in rc.conf(5).
 export VM_RC_LIST="ntpd sshd growfs \
-	firstboot_pkgs firstboot_freebsd_update google_startup \
+	firstboot_pkgs firstboot_pkg_upgrade google_startup \
 	google_accounts_daemon google_clock_skew_daemon \
 	google_instance_setup google_network_daemon"
 
@@ -47,6 +47,7 @@ ifconfig_DEFAULT="SYNCDHCP mtu 1460"
 ntpd_sync_on_start="YES"
 # need to fill in something here
 #firstboot_pkgs_list=""
+firstboot_pkg_upgrade_repos="FreeBSD-base"
 panicmail_autosubmit="YES"
 EOF