FreeBSD on AWS Graviton (t4g)
Rafal Lukawiecki
raf at rafal.net
Fri Jan 1 20:47:17 UTC 2021
> On 1 Jan 2021, at 20:29, Colin Percival <cperciva at tarsnap.com> wrote:
>
> On 1/1/21 4:33 AM, Rafal Lukawiecki wrote:
>>
>>>> Oh, and a generic ARM issue: It's not a Tier 1 platform yet, so freebsd-update
>>>> doesn't work and packages aren't always as up-to-date as on x86. But I think
>>>> those are being worked on...
>>
>> Colin, would I be able to build an updated RELEASE in the AMI maker before I call mkami? In the days of 11.1 I had to recompile the kernel to use your patch (many thanks!) and so I did something like this:
>>
>> $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co https://svn.freebsd.org/base/releng/11.1/ /usr/src/
>> $ make DESTDIR=/mnt kernel -j16
>>
>> I am not sure what magic is being done by the AMI maker itself to /mnt. I wonder if I could use this approach to build the kernel using the latest patched release of ARM, at least until it moves to Tier 1. Would I need to build the userland, too? Or are the security patches installed by freebsd-update only affecting the kernel?
>
> You can make any changes you like. Once you've SSHed into the AMI Builder,
> you're running FreeBSD, you have FreeBSD installed onto the disk, and the
> disk is mounted at /mnt, but those are all independent issues.
>
> If you wanted you could launch the AMI Builder, unmount /mnt, and then write
> a Linux disk image onto the disk. (I can't imagine why you would want to,
> of course. But you're really not limited in what you can do.)
Thanks. I suppose I should have asked a different question, sorry for not being clearer. What is the best way, in your opinion, to create a security-patched ARM AMI? Would this approach do it? I have never tried patching FreeBSD from source since I have always relied on freebsd-update, but since that is not an option on arm64 (yet) I would be grateful for your pointers.
Thank you again, very much.
Rafal
--
Rafal Lukawiecki
Data Scientist
Project Botticelli Ltd
More information about the freebsd-cloud
mailing list