Re: Plan for "distribution set" deprecation

Reply: Lexi Winter : "Re: Plan for "distribution set" deprecation"
In reply to: Lexi Winter : "Re: Plan for "distribution set" deprecation"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Mon, 22 Sep 2025 22:16:41 UTC

On Mon, Sep 22, 2025 at 10:47:09PM +0100, Lexi Winter wrote:
> Shawn Webb wrote in <xtkzcgocu5uwhqqghp27k4wjqu3cl24y4n4jcwms43bj6udm5e@wmnwfbucjpod>:
> > Thank you for your (and others!) work on this. I'm hoping that this
> > bug can be resolved before PKGBASE is enabled by default for release
> > generation: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287877
> 
> can you please show the full process you're using to build the release
> image, including any make(1) settings (KERNCONF, etc.)?

$ sudo make real-release WITH_DVD=1 NODOC=1 NOSRC=1 NOPORTS=1 NODOCS=1 PKGBASE=1

Default KERNCONF on HardenedBSD is HARDENEDBSD. This build keeps that
default.

> 
> i am also curious if the patch at https://reviews.freebsd.org/D52638
> makes any difference.

I've ran out of time for the day, but will give this a shot tomorrow
or later in the week. I'll report back.

> 
> > I have confirmed that the pkgbase repo that gets built does indeed
> > include the right kernel package. Hence why I'm puzzled why that lua
> > assertion is being tripped.
> 
> please also show the (names of) the kernel packages you have in your
> release repository, i.e. the one in <objdir>/release/pkgbase-repo
> which is generated during the release build.

==== BEGIN OUTPUT ====
$ pkg repos
LocalBase: { 
    url             : "file:///usr/obj/usr/src/amd64.amd64/release/pkgbase-repo/FreeBSD:16:amd64/latest",
    enabled         : yes,
    priority        : 0
  }
$ pkg rquery -U -r LocalBase '%n' | grep HardenedBSD-kernel-hardenedbsd
HardenedBSD-kernel-hardenedbsd
HardenedBSD-kernel-hardenedbsd-dbg
==== END OUTPUT ====

That `pkg rquery` command is effectively the same as what that lua
script is executing, which is why I'm extra confused.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc