# hbsd-update.conf # Configuration settings for hbsd-update. # This file is read in through a /bin/sh shell and uses that syntax. # dnsrec: # DNS TXT record to use when looking up the version info for the # latest update. # # This record name seems redundant, but it provides the following # information: # 1) architecture # 2) branch (hardened/current/sensitive) in reverse form # 3) repo (hardenedbsd) dnsrec="$(uname -m).sensitive.current.hardened.hardenedbsd.updates.hardenedbsd.org" # kernel: # Which kernel to install. # By default, this is intelligently detected by parsing `uname -v` # output. #kernel="HARDENEDBSD" # capath: # Location of the trusted root certificate store. capath="/usr/share/keys/hbsd-update/trusted" # branch: # Which branch/tag we are pointing to. This option is only used in # this file for the baseurl option below. branch="hardened/current/sensitive" # baseurl: # Where to get the update from. baseurl="https://updates.hardenedbsd.org/pub/HardenedBSD/updates/${branch}/$(uname -m)" # dnssec: # Use DNSSEC for validating the DNS TXT record. Default: yes #dnssec="yes" # force_ipv4: # Force hbsd-update to only use IPv4. #force_ipv4="no" # force_ipv6: # Force hbsd-update to only use IPv6. #force_ipv6="no"