On 1/1/21 12:47 PM, Rafal Lukawiecki wrote: >> On 1 Jan 2021, at 20:29, Colin Percival <[email protected] >> <mailto:[email protected]>> wrote: >> On 1/1/21 4:33 AM, Rafal Lukawiecki wrote: >>> Colin, would I be able to build an updated RELEASE in the AMI maker before >>> I call mkami? In the days of 11.1 I had to recompile the kernel to use your >>> patch (many thanks!) and so I did something like this: >>> >>> $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co >>> https://svn.freebsd.org/base/releng/11.1/ >>> <https://svn.freebsd.org/base/releng/11.1/> /usr/src/ >>> $ make DESTDIR=/mnt kernel -j16 > > Thanks. I suppose I should have asked a different question, sorry for not > being clearer. What is the best way, in your opinion, to create a > security-patched ARM AMI? Would this approach do it? I have never tried > patching FreeBSD from source since I have always relied on freebsd-update, but > since that is not an option on arm64 (yet) I would be grateful for your > pointers.
Yes, if you want to build an AMI which is FreeBSD 12.2-RELEASE + security / errata patches, you can launch the AMI Builder, then # svnlite co https://svn.freebsd.org/base/releng/12.2/ /usr/src/ # make -C /usr/src DESTDIR=/mnt \ buildworld buildkernel installkernel installworld It's just possible that the memory disk won't have enough space, in which case you would need to attach another EBS volume and mount it on /usr/obj, but if you've updated FreeBSD systems before you're familiar with such issues... -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-cloud To unsubscribe, send any mail to "[email protected]"
