From nobody Tue Jan 21 22:11:02 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yd1d04y9Gz5lg1Y for ; Tue, 21 Jan 2025 22:11:16 +0000 (UTC) (envelope-from allbery.b@gmail.com) Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yd1d01ZQmz45hf for ; Tue, 21 Jan 2025 22:11:16 +0000 (UTC) (envelope-from allbery.b@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-aaf3c3c104fso1197368966b.1 for ; Tue, 21 Jan 2025 14:11:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737497474; x=1738102274; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=u9bEKL4x0vlHa5nQ13Vobbf+qiFyp8F/c0bp70YIrPk=; b=ILtdTn5qcg/E/DshnUv23yGq9nvnXbDQ3ERBMmKp0xbOvmQtk9MhNd3MTZlkveAod5 /ygmA6qV99fh19Y8yoxSHsmnl84tfWALxWcHojQLV0jrYT+hOVCVguJoV7cDAiuE/25H OtwfHCK631tkSs7NccOnczjbw6hQj61cZ9EwzwrMOGa/8uhIiuu0q7lCPMcU3nj+ONRk KB050t3+18y96pPMPSS9QG/gdj9ZmKBAf47GByI2dlwfSKmCeronhL0+ndN0TAV5Qvyk TeB41Y86wXUUR2IX+3qAIcDBPcLO5d6jdEmwI6oysSTpFtqKwHXhI86sVAf2qnl9SBDK ofDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737497474; x=1738102274; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u9bEKL4x0vlHa5nQ13Vobbf+qiFyp8F/c0bp70YIrPk=; b=fOOlAGVkdg8FF365c6jG0LNMNsnTWMZm3fzNXBCI04hjHVZnC5/G6isUqBLxO2BUCw cL973M3+Cj4zv/pwMCmhUUxSz4DQiXwnrQi/fxraRyPYNlxZL/VE+dynqDqpaONwzNuh VYAiuO5IbRhezkZ4aliTTDMHMeSKDiR1qfKFPZPhPdKABN8ozGkOE9CDht+b9TEoTkw0 t8OF06eZHOeMBDr8i/9FonXFax/fllOtglcR3TtEgZUSkuXziCq0pJ7qnzkSw04XmGlk uk0+3gys6VCR/KRv2wrxtYzXd65/dqGnZD43qmmY3SSHwVB4DOo0B6kCb0n3PTaQ1hR9 Pjtw== X-Forwarded-Encrypted: i=1; AJvYcCVjNq4SVUSDN/phc6gnP0cPcFbzX0uIc2dXJSzgXFA2jDrvF7W9+BbGz7ZF04oIZnHpz7lP1ynA6cKvzr0kVjk=@freebsd.org X-Gm-Message-State: AOJu0Yy90OryFp0YxVelASYY08Yecufo9jIEiqSaOmUBx+zoJy1wpeLj M05O03Eo/p16I4ixSXDtPFRaGyw+wbVTO/dyPEhcrjhnGDAUEcMCZ/kO9on6DuEus7zjX5zX5y1 XSTduL4rZqdhpwOgPmIxZA1NgFM8icg== X-Gm-Gg: ASbGncspNPz/BTv/7ggb65v3RM9o+mIOFHNlA24l5o2kScjmthL/Y5vsQ7WZj5d4TNZ xUp64uw/gK3UAXmKutaPhjMHxJUph+y8rDhJWCE4xA4Ho4ZN9xlQ= X-Google-Smtp-Source: AGHT+IGf/lu2A6oMdEkak+KaT3DXFwCQ1mIW2UlmX7zQN7/1lGEEfIdsI85PA6V7mfUPKKk/hMXFl8+k8txEVKMKXkU= X-Received: by 2002:a17:907:7f9f:b0:aab:d8de:217e with SMTP id a640c23a62f3a-ab38b163550mr1786518166b.26.1737497473848; Tue, 21 Jan 2025 14:11:13 -0800 (PST) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Brandon Allbery Date: Tue, 21 Jan 2025 17:11:02 -0500 X-Gm-Features: AbW1kvZkx7JFbh3PDBmLtYXYu3j-pYa0DvPdYDBjLp1AvuBUyokKZGcaC6gbAFU Message-ID: Subject: Re: /usr/src and /usr/ports not git directories ? To: Tomek CEDRO Cc: Warner Losh , bob prohaska , Sulev-Madis Silber , freebsd-current@freebsd.org Content-Type: multipart/alternative; boundary="000000000000ba1d07062c3ea714" X-Rspamd-Queue-Id: 4Yd1d01ZQmz45hf X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] --000000000000ba1d07062c3ea714 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I would offer a data point: the first thing I did was install sudo from a package. The second thing I did was replace it with a build from the ports package installed with 14.2-RELEASE=E2=80=A6 which _downgraded_ it. This se= ems bad for any security-impacting port. On Tue, Jan 21, 2025 at 4:37=E2=80=AFPM Tomek CEDRO wrot= e: > On Tue, Jan 21, 2025 at 10:29=E2=80=AFPM Warner Losh wrote: > > (..) > > I think we should replace the populate /usr/src from a tarball with.... > populate it > > with a tarball that represents a 1-deep checkout tree at the rev we > built the release > > from. This lets users have the source, has minimal overhead and also > lets users update > > or turn the shallow checkout into a deep one, etc. A shallow checkout i= s > quite a bit > > less than a full tree, though still more than just the raw files. I've > not done poking to > > see size comparisons. > > Still having tarball of src and ports snapshots in the full release > images is important to have, users could select which one they want to > use, that seems best solution :-) > > -- > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info > > --=20 brandon s allbery kf8nh allbery.b@gmail.com --000000000000ba1d07062c3ea714 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I would offer a data point: the first thing I did was inst= all sudo from a package. The second thing I did was replace it with a build= from the ports package installed with 14.2-RELEASE=E2=80=A6 which _downgra= ded_ it. This seems bad for any security-impacting port.

On Tue, Jan 21, 2025 at 4:37=E2=80=AFPM Tomek CEDRO <tomek@cedro.info> wrote:
On Tue, Jan 21, 2025 at 10:29=E2=80=AFP= M Warner Losh wrote:
> (..)
> I think we should replace the populate /usr/src from a tarball with...= . populate it
> with a tarball that represents a 1-deep checkout tree at the rev we bu= ilt the release
> from. This lets users have the source, has minimal overhead and also l= ets users update
> or turn the shallow checkout into a deep one, etc. A shallow checkout = is quite a bit
> less than a full tree, though still more than just the raw files. I= 9;ve not done poking to
> see size comparisons.

Still having tarball of src and ports snapshots in the full release
images is important to have, users could select which one they want to
use, that seems best solution :-)

--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info



--
brandon s allbery kf8= nh
--000000000000ba1d07062c3ea714--