diff --git a/release/Makefile b/release/Makefile index 95c153b06fbf..a424103b4956 100644 --- a/release/Makefile +++ b/release/Makefile @@ -207,7 +207,7 @@ disc1: packagesystem ${PKGBASE_REPO} ${.OBJDIR}/pkgbase-repo/${PKG_ABI}/latest \ ${.TARGET}/usr/freebsd-packages/offline \ "${_ALL_libcompats}" - cp ${.CURDIR}/scripts/FreeBSD-base-offline.conf \ + cp ${.CURDIR}/scripts/HardenedBSD-base-offline.conf \ ${.TARGET}/usr/freebsd-packages/repos/ mtree -c -p ${.TARGET}/usr/freebsd-packages | \ mtree -C -k type,mode,link,size | \ @@ -217,7 +217,7 @@ disc1: packagesystem ${PKGBASE_REPO} cp MANIFEST ${.TARGET}/usr/freebsd-dist echo "./usr/freebsd-dist type=dir uname=root gname=wheel mode=0755" >> ${.TARGET}/METALOG echo "./usr/freebsd-dist/MANIFEST type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG -.else +.endif # Copy distfiles mkdir -p ${.TARGET}/usr/freebsd-dist for dist in MANIFEST $$(ls *.txz | grep -v container | grep -vE -- '(${base ${_ALL_libcompats}:L:ts|})-dbg'); \ @@ -227,7 +227,6 @@ disc1: packagesystem ${PKGBASE_REPO} for dist in MANIFEST $$(ls *.txz | grep -v container | grep -vE -- '(${base ${_ALL_libcompats}:L:ts|})-dbg'); \ do echo "./usr/freebsd-dist/$${dist} type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG; \ done -.endif .if ${.MAKE.OS} == "FreeBSD" && (!defined(NOPKG) || empty(NOPKG)) # Install packages onto release media. ${PKG_INSTALL} pkg || true @@ -247,13 +246,11 @@ disc1: packagesystem ${PKGBASE_REPO} dd if=/dev/random of=${.TARGET}/boot/entropy bs=4k count=1 chown 0:0 ${.TARGET}/boot/entropy chmod 0600 ${.TARGET}/boot/entropy -.if defined(NO_ROOT) echo "./etc/resolv.conf type=link uname=root gname=wheel mode=0644 link=/tmp/bsdinstall_etc/resolv.conf" >> ${.TARGET}/METALOG echo "./etc/rc.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG echo "./etc/sysctl.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG echo "./boot/loader.conf type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG echo "./etc/rc.local type=file uname=root gname=wheel mode=0644" >> ${.TARGET}/METALOG -.endif touch ${.TARGET} bootonly: packagesystem diff --git a/release/pkg_repos/release-dvd.conf b/release/pkg_repos/release-dvd.conf index 2fb05dc3a501..a24304905dd1 100644 --- a/release/pkg_repos/release-dvd.conf +++ b/release/pkg_repos/release-dvd.conf @@ -1,6 +1,15 @@ -release: { - url: "pkg+http://pkgs.HardenedBSD.org/HardenedBSD/pkg/${ABI}", - mirror_type: "srv", +# $FreeBSD$ +# +# To disable this repository, instead of modifying or removing this file, +# create a /usr/local/etc/pkg/repos/HardenedBSD.conf file: +# +# mkdir -p /usr/local/etc/pkg/repos +# echo "HardenedBSD: { enabled: no }" > /usr/local/etc/pkg/repos/HardenedBSD.conf +# + +HardenedBSD: { + url: "https://pkg.hardenedbsd.org/HardenedBSD/pkg/${ABI}", + mirror_type: "none", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", enabled: yes diff --git a/release/scripts/pkgbase-stage.lua b/release/scripts/pkgbase-stage.lua index 01eec8c44e49..c7667ad0b9fa 100755 --- a/release/scripts/pkgbase-stage.lua +++ b/release/scripts/pkgbase-stage.lua @@ -40,17 +40,17 @@ local function select_packages(pkg, media, all_libcompats) components["lib" .. compat .. "_dbg"] = {} end - local rquery = capture(pkg .. "rquery -U -r FreeBSD-base %n") + local rquery = capture(pkg .. "rquery -U -r HardenedBSD-base %n") for package in rquery:gmatch("[^\n]+") do - if package == "FreeBSD-src" or package:match("^FreeBSD%-src%-.*") then + if package == "HardenedBSD-src" or package:match("^HardenedBSD-src%-.*") then table.insert(components["src"], package) - elseif package == "FreeBSD-tests" or package:match("^FreeBSD%-tests%-.*") then + elseif package == "HardenedBSD-tests" or package:match("^HardenedBSD-tests%-.*") then table.insert(components["tests"], package) - elseif package:match("^FreeBSD%-kernel%-.*") then - -- Kernels other than FreeBSD-kernel-generic are ignored - if package == "FreeBSD-kernel-generic" then + elseif package:match("^HardenedBSD-kernel%-.*") then + -- Kernels other than HardenedBSD-kernel-hardenedbsd are ignored + if package == "HardenedBSD-kernel-hardenedbsd" then table.insert(components["kernel"], package) - elseif package == "FreeBSD-kernel-generic-dbg" then + elseif package == "HardenedBSD-kernel-hardenedbsd-dbg" then table.insert(components["kernel_dbg"], package) end elseif package:match(".*%-dbg$") then @@ -73,7 +73,7 @@ local function select_packages(pkg, media, all_libcompats) end end end - assert(#components["kernel"] == 1) + assert(#components["kernel"] > 0) assert(#components["base"] > 0) local selected = {} @@ -115,9 +115,9 @@ local function main() local all_libcompats = assert(arg[4]) assert(os.execute("mkdir -p pkgbase-repo-conf")) - local f = assert(io.open("pkgbase-repo-conf/FreeBSD-base.conf", "w")) + local f = assert(io.open("pkgbase-repo-conf/HardenedBSD-base.conf", "w")) assert(f:write(string.format([[ - FreeBSD-base: { + HardenedBSD-base: { url: "file://%s", enabled: yes } diff --git a/share/mk/bsd.compat.pre.mk b/share/mk/bsd.compat.pre.mk index 92ff6013c040..b6f00a99d7ac 100644 --- a/share/mk/bsd.compat.pre.mk +++ b/share/mk/bsd.compat.pre.mk @@ -1,7 +1,7 @@ .if !targets(__<${_this:T}>__) __<${_this:T}>__: .NOTMAIN -_ALL_LIBCOMPATS:= 32 +_ALL_LIBCOMPATS:= _ALL_libcompats:= ${_ALL_LIBCOMPATS:tl} diff --git a/usr.sbin/bsdinstall/Makefile b/usr.sbin/bsdinstall/Makefile index fe97cef2e2d3..0d0c6a222d0f 100644 --- a/usr.sbin/bsdinstall/Makefile +++ b/usr.sbin/bsdinstall/Makefile @@ -15,7 +15,7 @@ SCRIPTSDIR_startbsdinstall= ${LIBEXECDIR}/bsdinstall UPDATE_DEPENDFILE= no FILESDIR= ${SHAREDIR}/bsdinstall -FILES= FreeBSD-base.conf +FILES= HardenedBSD-base.conf _BRANCH!= ${MAKE} -C ${SRCTOP}/release -V BRANCH BRANCH?= ${_BRANCH} @@ -23,12 +23,10 @@ _REVISION!= ${MAKE} -C ${SRCTOP}/release -V REVISION REVISION?= ${_REVISION} .if ${BRANCH} == CURRENT || ${BRANCH} == STABLE -SUBURL= base_latest -.else -SUBURL= base_release_${REVISION:C/[0-9]+\.//} +SUBURL= latest .endif -FreeBSD-base.conf: FreeBSD-base.conf.in +HardenedBSD-base.conf: HardenedBSD-base.conf.in sed "s|%%SUBURL%%|${SUBURL}|" < ${.ALLSRC} > ${.TARGET} .include diff --git a/usr.sbin/bsdinstall/scripts/pkgbase.in b/usr.sbin/bsdinstall/scripts/pkgbase.in index 1ff93afe817b..eb8cd3c578cc 100755 --- a/usr.sbin/bsdinstall/scripts/pkgbase.in +++ b/usr.sbin/bsdinstall/scripts/pkgbase.in @@ -115,7 +115,7 @@ local function select_components(components, options) end local bsddialog_args = { - "--backtitle", "FreeBSD Installer", + "--backtitle", "HardenedBSD Installer", "--title", "Select System Components", "--nocancel", "--disable-esc", @@ -159,17 +159,17 @@ local function select_packages(pkg, options) components["lib" .. compat .. "_dbg"] = {} end - local rquery = capture(pkg .. "rquery -U -r FreeBSD-base %n") + local rquery = capture(pkg .. "rquery -U -r HardenedBSD-base %n") for package in rquery:gmatch("[^\n]+") do - if package == "FreeBSD-src" or package:match("^FreeBSD%-src%-.*") then + if package == "HardenedBSD-src" or package:match("^HardenedBSD%-src%-.*") then table.insert(components["src"], package) - elseif package == "FreeBSD-tests" or package:match("^FreeBSD%-tests%-.*") then + elseif package == "HardenedBSD-tests" or package:match("^HardenedBSD%-tests%-.*") then table.insert(components["tests"], package) - elseif package:match("^FreeBSD%-kernel%-.*") then - -- Kernels other than FreeBSD-kernel-generic are ignored - if package == "FreeBSD-kernel-generic" then + elseif package:match("^HardenedBSD%-kernel%-.*") then + -- Kernels other than HardenedBSD-kernel-generic are ignored + if package == "HardenedBSD-kernel-generic" then table.insert(components["kernel"], package) - elseif package == "FreeBSD-kernel-generic-dbg" then + elseif package == "HardenedBSD-kernel-generic-dbg" then table.insert(components["kernel_dbg"], package) end elseif package:match(".*%-dbg$") then @@ -238,7 +238,7 @@ local function pkgbase() if not repos_dir then repos_dir = chroot .. "/usr/local/etc/pkg/repos/" assert(os.execute("mkdir -p " .. repos_dir)) - assert(os.execute("cp /usr/share/bsdinstall/FreeBSD-base.conf " .. repos_dir)) + assert(os.execute("cp /usr/share/bsdinstall/HardenedBSD-base.conf " .. repos_dir)) -- Since pkg always interprets fingerprints paths as relative to -- the --rootdir we must copy the key from the host. @@ -260,13 +260,13 @@ local function pkgbase() local packages = table.concat(select_packages(pkg, options), " ") - while not os.execute(pkg .. "install -U -F -y -r FreeBSD-base " .. packages) do + while not os.execute(pkg .. "install -U -F -y -r HardenedBSD-base " .. packages) do if not prompt_yn("Fetching packages failed, try again?") then os.exit(1) end end - if not os.execute(pkg .. "install -U -y -r FreeBSD-base " .. packages) then + if not os.execute(pkg .. "install -U -y -r HardenedBSD-base " .. packages) then os.exit(1) end end