HardenedBSD Status Report

We at HardenedBSD have a lot of news to share. On 05 Nov 2019, Oliver Pinter resigned amicably from the project. All of us at HardenedBSD owe Oliver our gratitude and appreciation. This humble project, named by Oliver, was born out of his thesis work and the collaboration with Shawn Webb. Oliver created the HardenedBSD repo on GitHub in April 2013. The HardenedBSD Foundation was formed five years later to carry on this great work.

As I rebuild the HardenedBSD build infrastructure, I will be performing the following user-facing changes:

1. The hardenedBSD-STABLE.git repo will be archived off. HardenedBSD will still utilize the hardenedBSD-Playground.git repo for collaboration with third parties and extremely experimental code.
2. We are slowly transitioning to being fully self-hosted. It is my goal to complete the transition on or before 31 Dec 2019. This means we will stop using GitHub altogether.
3. Downgrading 11-STABLE to community support. Given all that's on my plate, I can only maintain 13-CURRENT and 12-STABLE right now. Therefore, if the community wants 11-STABLE support, the community will need to provide it.
4. git commits performed by our infrastructure will be signed by our dev key. Think: our auto-sync scripts that run every six hours.

Now for random bits of other news:

I am currently working on getting the sync scripts running on the new infrastructure. I'm not too far off, but it will likely take around another week to re-enable the auto-sync.

Our amd64 package builder is experiencing stability issues. Due to some upstream network changes, some packages are failing to sync. Our package repos for 13-CURRENT and 12-STABLE are woefully out-of-date. I'm actively working on this as time permits. I have no ETA for updated repos.

Ben La Monica from The HardenedBSD Foundation is looking into LDAP/Kerberos integration for our infrastructure. We're looking to unify everything in order to enable finer-grained control of our infrastructure along with easier centralized management.

The new build scripts are coming along very nicely. One last change I need to make is to skip the build if no commit happened between the last build and the freshly started one. With commit https://github.com/HardenedBSD/build/commit/7aa3f2f3617db85727ac679ddc62..., the build scripts now track the revision of the source tree. This can be used to check whether there have been any updates since the last successful build.

By the end of November, I hope to turn the build scripts into a port/package. It is my goal to be able to `pkg install` our entire infrastructure.

Given the complete rebuild of our infrastructure, we will no longer use the domain installer.hardenedbsd.org. Our primary mirror is now ci-01.nyi.hardenedbsd.org. I will update our website to reflect the changes.

To our mirror operators: due to the complete rebuild of our infrastructure, I have not yet re-enabled rsync on our primary mirror. I will be taking a different approach to authentication than before. I will provide example steps to convert your existing configuration to the new one.

I'm excruciatingly behind with the administrative side of HardenedBSD. If you have donated and I have not reached out to you, please forgive my tardiness. Know that you're not forgotten and I will get to you soon. HardenedBSD, and especially me, appreciate every contribution, no matter the form it comes in (code, money, advocacy, etc.)

Lastly, I'd like to thank everyone for their patience. I know this downtime has been extensive. I'm grateful to have the opportunity to serve the community in my spare time. Thank you for providing me the opportunity to serve you.