diff --git a/release/Makefile b/release/Makefile
index 08409c77744a..55333dfc9610 100644
--- a/release/Makefile
+++ b/release/Makefile
@@ -211,7 +211,6 @@ disc1: ${PKGBASE_REPO}
 	    MK_TOOLCHAIN=no \
 	    MK_RESCUE=no MK_DICT=no \
 	    MK_KERNEL_SYMBOLS=no MK_TESTS=no MK_DEBUG_FILES=no)
-.if !defined(NOPKGBASE) || empty(NOPKGBASE)
 # Create offline pkgbase repo on release media
 	mkdir -p ${.TARGET}/usr/freebsd-packages/repos/
 	${.CURDIR}/scripts/pkgbase-stage.lua disc \
@@ -223,8 +222,6 @@ disc1: ${PKGBASE_REPO}
 	mtree -c -p ${.TARGET}/usr/freebsd-packages | \
 	    mtree -C -k type,mode,link,size | \
 	    sed 's|^\.|./usr/freebsd-packages|g' >> ${.TARGET}/METALOG
-.endif
-.if !defined(NODISTSETS)
 	# Copy MANIFEST to provide legacy dist checksums in both modes
 	mkdir -p ${.TARGET}/usr/freebsd-dist
 	echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG
@@ -237,7 +234,6 @@ disc1: ${PKGBASE_REPO}
 	    echo "./usr/freebsd-dist/$${dist} type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG; \
 	done
 .endif
-.endif
 .if ${.MAKE.OS} == "FreeBSD" && (!defined(NOPKG) || empty(NOPKG))
 # Install packages onto release media.
 	${PKG_INSTALL} pkg || true
@@ -258,13 +254,11 @@ disc1: ${PKGBASE_REPO}
 	dd if=/dev/random of=${.TARGET}/boot/entropy bs=4k count=1
 	chown 0:0 ${.TARGET}/boot/entropy
 	chmod 0600 ${.TARGET}/boot/entropy
-.if defined(NO_ROOT)
 	echo "./etc/resolv.conf type=link uname=root gname=wheel mode=0644 link=/tmp/bsdinstall_etc/resolv.conf" >> ${.TARGET}/METALOG
 	echo "./etc/rc.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG
 	echo "./etc/sysctl.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG
 	echo "./boot/loader.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG
 	echo "./etc/rc.local type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG
-.endif
 	touch ${.TARGET}
 
 bootonly:
@@ -324,7 +318,7 @@ dvd: ${PKGBASE_REPO}
 	    ${.OBJDIR}/pkgbase-repo/${PKG_ABI}/latest \
 	    ${.TARGET}/usr/freebsd-packages/offline \
 	    "${_ALL_libcompats}" ${PKG_ABI}
-	cp ${.CURDIR}/scripts/FreeBSD-base-offline.conf \
+	cp ${.CURDIR}/scripts/HardenedBSD-base-offline.conf \
 		${.TARGET}/usr/freebsd-packages/repos/
 	mtree -c -p ${.TARGET}/usr/freebsd-packages | \
 	    mtree -C -k type,mode,link,size | \
diff --git a/release/pkg_repos/release-dvd.conf b/release/pkg_repos/release-dvd.conf
index 2fb05dc3a501..a24304905dd1 100644
--- a/release/pkg_repos/release-dvd.conf
+++ b/release/pkg_repos/release-dvd.conf
@@ -1,6 +1,15 @@
-release: {
-  url: "pkg+http://pkgs.HardenedBSD.org/HardenedBSD/pkg/${ABI}",
-  mirror_type: "srv",
+# $FreeBSD$
+#
+# To disable this repository, instead of modifying or removing this file,
+# create a /usr/local/etc/pkg/repos/HardenedBSD.conf file:
+#
+#   mkdir -p /usr/local/etc/pkg/repos
+#   echo "HardenedBSD: { enabled: no }" > /usr/local/etc/pkg/repos/HardenedBSD.conf
+#
+
+HardenedBSD: {
+  url: "https://pkg.hardenedbsd.org/HardenedBSD/pkg/${ABI}",
+  mirror_type: "none",
   signature_type: "fingerprints",
   fingerprints: "/usr/share/keys/pkg",
   enabled: yes
diff --git a/release/scripts/HardenedBSD-base-offline.conf b/release/scripts/HardenedBSD-base-offline.conf
new file mode 100644
index 000000000000..5e2e6e327a80
--- /dev/null
+++ b/release/scripts/HardenedBSD-base-offline.conf
@@ -0,0 +1,4 @@
+HardenedBSD-base: {
+  url: "file:///usr/freebsd-packages/offline",
+  enabled: yes
+}
diff --git a/release/scripts/pkgbase-stage.lua b/release/scripts/pkgbase-stage.lua
index 9e968fd150f8..67b72ee3a1e1 100755
--- a/release/scripts/pkgbase-stage.lua
+++ b/release/scripts/pkgbase-stage.lua
@@ -21,17 +21,17 @@ end
 -- Returns a list of packages to be included in the given media
 local function select_packages(pkg, media, all_libcompats)
 	local components = {}
-	local rquery = capture(pkg .. "rquery -U -r FreeBSD-base %n")
+	local rquery = capture(pkg .. "rquery -U -r HardenedBSD-base %n")
 	for package in rquery:gmatch("[^\n]+") do
-		local set = package:match("^FreeBSD%-set%-(.*)$")
+		local set = package:match("^HardenedBSD%-set%-(.*)$")
 		if set then
 			components[set] = package
 		-- Kernels other than FreeBSD-kernel-generic are ignored
 		-- Note that on powerpc64 and powerpc64le the names are
 		-- slightly different.
-		elseif package:match("^FreeBSD%-kernel%-generic.*-dbg") then
+		elseif package:match("^HardenedBSD%-kernel%-hardenedbsd.*-dbg") then
 			components["kernel-dbg"] = package
-		elseif package:match("^FreeBSD%-kernel%-generic.*") then
+		elseif package:match("^HardenedBSD-kernel%-hardened.*") then
 			components["kernel"] = package
 		end
 	end
@@ -79,9 +79,9 @@ local function main()
 	local ABI = assert(arg[5])
 
 	assert(os.execute("mkdir -p pkgbase-repo-conf"))
-	local f <close> = assert(io.open("pkgbase-repo-conf/FreeBSD-base.conf", "w"))
+	local f <close> = assert(io.open("pkgbase-repo-conf/HardenedBSD-base.conf", "w"))
 	assert(f:write(string.format([[
-	FreeBSD-base: {
+	HardenedBSD-base: {
 	  url: "file://%s",
 	  enabled: yes
 	}
diff --git a/share/mk/bsd.compat.pre.mk b/share/mk/bsd.compat.pre.mk
index 92ff6013c040..b6f00a99d7ac 100644
--- a/share/mk/bsd.compat.pre.mk
+++ b/share/mk/bsd.compat.pre.mk
@@ -1,7 +1,7 @@
 .if !targets(__<${_this:T}>__)
 __<${_this:T}>__:	.NOTMAIN
 
-_ALL_LIBCOMPATS:=	32
+_ALL_LIBCOMPATS:=
 
 _ALL_libcompats:=	${_ALL_LIBCOMPATS:tl}
 
diff --git a/usr.sbin/bsdinstall/HardenedBSD-base.conf.in b/usr.sbin/bsdinstall/HardenedBSD-base.conf.in
new file mode 100644
index 000000000000..ad6a8ef9500e
--- /dev/null
+++ b/usr.sbin/bsdinstall/HardenedBSD-base.conf.in
@@ -0,0 +1,6 @@
+HardenedBSD-base: {
+  url: "https://pkgbase.hardenedbsd.org/pkgbase/HardenedBSD/${ABI}/%%SUBURL%%",
+  signature_type: "fingerprints",
+  fingerprints: "/usr/share/keys/pkg",
+  enabled: yes
+}
diff --git a/usr.sbin/bsdinstall/Makefile b/usr.sbin/bsdinstall/Makefile
index baa93279cca3..0d0c6a222d0f 100644
--- a/usr.sbin/bsdinstall/Makefile
+++ b/usr.sbin/bsdinstall/Makefile
@@ -15,7 +15,7 @@ SCRIPTSDIR_startbsdinstall=	${LIBEXECDIR}/bsdinstall
 UPDATE_DEPENDFILE= no
 
 FILESDIR=	${SHAREDIR}/bsdinstall
-FILES=		FreeBSD-base.conf
+FILES=		HardenedBSD-base.conf
 
 _BRANCH!=	${MAKE} -C ${SRCTOP}/release -V BRANCH
 BRANCH?=	${_BRANCH}
@@ -23,15 +23,10 @@ _REVISION!=	${MAKE} -C ${SRCTOP}/release -V REVISION
 REVISION?=	${_REVISION}
 
 .if ${BRANCH} == CURRENT || ${BRANCH} == STABLE
-SUBURL=		base_latest
-.elif ${BRANCH} == RELEASE
-SUBURL=		base_release_${REVISION:C/[0-9]+\.//}
-.else
-.warning Invalid branch "${BRANCH}"
-SUBURL=		base_latest
+SUBURL=		latest
 .endif
 
-FreeBSD-base.conf: FreeBSD-base.conf.in
+HardenedBSD-base.conf: HardenedBSD-base.conf.in
 	sed "s|%%SUBURL%%|${SUBURL}|" < ${.ALLSRC} > ${.TARGET}
 
 .include <bsd.prog.mk>
diff --git a/usr.sbin/bsdinstall/scripts/pkgbase.in b/usr.sbin/bsdinstall/scripts/pkgbase.in
index c06a3f789791..6e5e02e2f589 100755
--- a/usr.sbin/bsdinstall/scripts/pkgbase.in
+++ b/usr.sbin/bsdinstall/scripts/pkgbase.in
@@ -135,7 +135,7 @@ local function select_components(components, options)
 	end
 
 	local bsddialog_args = {
-		"--backtitle", "FreeBSD Installer",
+		"--backtitle", "HardenedBSD Installer",
 		"--title", "Select System Components",
 		"--nocancel",
 		"--disable-esc",
@@ -182,20 +182,20 @@ local function select_packages(pkg, options)
 		["debug"] = {},
 	}
 
-	local rquery = capture(pkg .. "rquery -U -r FreeBSD-base %n")
+	local rquery = capture(pkg .. "rquery -U -r HardenedBSD-base %n")
 	for package in rquery:gmatch("[^\n]+") do
-		local setname = package:match("^FreeBSD%-set%-(.+)$")
+		local setname = package:match("^HardenedBSD%-set%-(.+)$")
 
 		if setname then
 			components[setname] = components[setname] or {}
 			table.insert(components[setname], package)
-		elseif package:match("^FreeBSD%-kernel%-.*") and
-			package ~= "FreeBSD-kernel-man"
+		elseif package:match("^HardenedBSD%-kernel%-.*") and
+			package ~= "HardenedSD-kernel-man"
 		then
-			-- Kernels other than FreeBSD-kernel-generic are ignored
-			if package == "FreeBSD-kernel-generic" then
+			-- Kernels other than HardenedBSD-kernel-generic are ignored
+			if package == "HardenedBSD-kernel-hardenedbsd" then
 				table.insert(components["kernel"], package)
-			elseif package == "FreeBSD-kernel-generic-dbg" then
+			elseif package == "HardenedBSD-kernel-hardenedbsd-dbg" then
 				table.insert(components["kernel-dbg"], package)
 			end
 		end
@@ -230,7 +230,7 @@ local function select_packages(pkg, options)
 		-- actually exists, because some sets (src, tests) don't
 		-- have a -dbg subpackage.
 		for _, c in ipairs(pkglist) do
-			local setname = c:match("^FreeBSD%-set%-(.*)$")
+			local setname = c:match("^HardenedBSD%-set%-(.*)$")
 			if debug and setname then
 				local dbgset = setname.."-dbg"
 				if components[dbgset] then
@@ -276,12 +276,12 @@ local function pkgbase()
 	-- there (e.g. because we are performing an offline installation).
 	local chroot_repos_dir = chroot .. "/usr/local/etc/pkg/repos/"
 	assert(os.execute("mkdir -p " .. chroot_repos_dir))
-	assert(os.execute("cp /usr/share/bsdinstall/FreeBSD-base.conf " ..
-		chroot_repos_dir))
 
 	local repos_dir = os.getenv("BSDINSTALL_PKG_REPOS_DIR")
 	if not repos_dir then
 		repos_dir = chroot_repos_dir
+		assert(os.execute("mkdir -p " .. repos_dir))
+
 		-- Since pkg always interprets fingerprints paths as relative to
 		-- the --rootdir we must copy the key from the host.
 		assert(os.execute("mkdir -p " .. chroot .. "/usr/share/keys"))
@@ -302,13 +302,13 @@ local function pkgbase()
 
 	local packages = table.concat(select_packages(pkg, options), " ")
 
-	while not os.execute(pkg .. "install -U -F -y -r FreeBSD-base " .. packages) do
+	while not os.execute(pkg .. "install -U -F -y -r HardenedBSD-base " .. packages) do
 		if not prompt_yn("Fetching packages failed, try again?") then
 			os.exit(1)
 		end
 	end
 
-	if not os.execute(pkg .. "install -U -y -r FreeBSD-base " .. packages) then
+	if not os.execute(pkg .. "install -U -y -r HardenedBSD-base " .. packages) then
 		os.exit(1)
 	end
 end