FreeBSD on AWS Graviton (t4g)
Colin Percival
cperciva at tarsnap.com
Fri Jan 1 21:01:16 UTC 2021
On 1/1/21 12:47 PM, Rafal Lukawiecki wrote:
>> On 1 Jan 2021, at 20:29, Colin Percival <cperciva at tarsnap.com
>> <mailto:cperciva at tarsnap.com>> wrote:
>> On 1/1/21 4:33 AM, Rafal Lukawiecki wrote:
>>> Colin, would I be able to build an updated RELEASE in the AMI maker before
>>> I call mkami? In the days of 11.1 I had to recompile the kernel to use your
>>> patch (many thanks!) and so I did something like this:
>>>
>>> $ svnlite --non-interactive --trust-server-cert-failures=unknown-ca co
>>> https://svn.freebsd.org/base/releng/11.1/
>>> <https://svn.freebsd.org/base/releng/11.1/> /usr/src/
>>> $ make DESTDIR=/mnt kernel -j16
>
> Thanks. I suppose I should have asked a different question, sorry for not
> being clearer. What is the best way, in your opinion, to create a
> security-patched ARM AMI? Would this approach do it? I have never tried
> patching FreeBSD from source since I have always relied on freebsd-update, but
> since that is not an option on arm64 (yet) I would be grateful for your pointers.
Yes, if you want to build an AMI which is FreeBSD 12.2-RELEASE + security /
errata patches, you can launch the AMI Builder, then
# svnlite co https://svn.freebsd.org/base/releng/12.2/ /usr/src/
# make -C /usr/src DESTDIR=/mnt \
buildworld buildkernel installkernel installworld
It's just possible that the memory disk won't have enough space, in which
case you would need to attach another EBS volume and mount it on /usr/obj,
but if you've updated FreeBSD systems before you're familiar with such
issues...
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
More information about the freebsd-cloud
mailing list