On Thu, Jan 30, 2020 at 01:22:39PM +0000, Glen Barber wrote: > I honestly wasn't aware there was a jail subcommand to bsdinstall. > I think, rather than creating /usr/freebsd-dist on the host system, we > should instead check if the misc/freebsd-release-manifests package is > installed and bail if it does not. This package contains the MANIFEST > files from past releases (and in-progress releases, including BETA and > RC builds). > > Does that seem like a reasonable solution?
Well, that only works for actual releases. The one from the installation medium would work in all cases, such as if one installs a snapshot, or a custom build. It would have to be kept up to date by freebsd-update, though. Also, you would need to add logic to select the correct manifest from the ones in the package, whereas one from the initial install (and freebsd-update) would be the only one. That could be as simple as stripping the -p123 suffixes from `uname -r`, but why? FWIW, the /usr/freebsd-dist location can be overridden by setting $BSDINSTALL_DISTDIR, but the checksum script[1] will expect to find the manifest and sets in the same directory regardless. Perhaps this default could be changed to something under /usr/share? -nd. [1] https://svnweb.freebsd.org/base/release/12.1.0/usr.sbin/bsdinstall/scripts/checksum?view=markup#l29 _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
