[continued from previous message]
more sustainable. The bug backlog dashboard https://grimoire.freebsd.org
remains available to help make the backlog easier to understand.
We have also been upgrading Bugzilla by applying patches from 2023 onward and
improving the upgrade process to ensure smoother future updates.
A panel discussion at Open Source Summit Europe in August will share this work
with a wider audience. Two members of the Foundation project staff will be
present, along with two representatives from Bitergia who delivered the
GrimoireLab implementation for this project. (Members of the FreeBSD Project
Source Management team were not available to attend.)
Progress is being made to reduce technical debt by creating an automated method
for evaluating patches (code improvements) attached to existing pull requests
for source and ports trees to see whether they are still relevant, and applying
them if they are. This tool is in beta.
Work Package B: Zero Trust Builds
This work package intends to improve tooling and processes to support Zero
Trust Builds of FreeBSD by extending the current components to enable the
project to build release artifacts (package sets, ISO images, etc.) without
requiring any special privilege.
The detailed scope was co-created with core@, srcmgr@, secteam@. Work items are
as follows:
• Must
□ No-root for all source release build cases/artifacts (in progress)
□ Src artifacts to build reproducibly (in progress)
□ Formalize and document make world and release.sh (in progress)
• Should
□ Remove privilege from orchestration tooling (not started)
□ Move build scripts into the public repository (not started)
• Could
□ Environment Standardization (not started)
□ Ports to build reproducibly (not started)
□ CI to verify reproducibility (in progress)
□ Documentation to allow 3rd parties to confirm reproducibility (not
started)
Work Package C: CI/CD Automation
This work package intends to improve CI/CD automation to streamline software
delivery and operations for new and existing software by modernizing and
securitizing the existing CI/CD system and extending it to cover the third
party packages in the FreeBSD Ports Collection.
The detailed scope was co-created with core@, srcmgr@, portmgr@, doceng@.
• Must
□ Improve quality of incoming commits (completed)
□ Pre-merge CI (completed)
□ Environment Metadata (not started)
□ Extend CI to the Ports tree (in progress)
□ CI Threat Model (not started)
□ CI Management Process (in progress)
□ Documentation (not started)
• Should
□ 3rd-party Interoperability (in progress)
□ Automated analysis in tests (in progress)
□ Test Case Management (not started)
• Could
□ Granular Debugging (not started)
Work Package D: Ports and Packages security improvements
This work package intends to modernize and extend security controls in the
FreeBSD Ports and Package Collection by:
• migrating from our VuXML Vulnerability Database to OSV or similar
contemporary format
• developing a package audit backend and server to reliably fetch
vulnerability data from global agency databases in any format (JSON - NIST)
and produce insight
• improving CI tooling for FreeBSD Ports.
The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@.
• Must
□ New Database Format (in progress)
□ Set up 2+ Database Instances (not started)
□ Migrate Data from old to new database (in progress)
□ Add support for new format in pkg(8) (in progress)
□ Upstream engagement (not started)
□ SBOM on demand (not started)
□ Document how to set up build and test targets (not started)
□ Integrate 3rd party test targets (not started)
□ Continuous Testing (not started)
• Could
□ Make CI artifacts available (not started)
Work Package E: SBOM improvements
This work package intends to improve existing, and implement new, tooling and
processes for FreeBSD Software Bill of Materials (SBOM) by implementing:
tooling to roll up the individual provenance data/markers from across the tree
into a higher-level view; developing tooling to parse/review/inspect the
FreeBSD source tree and produce a comprehensive/holistic report to act as a
SBOM for the full software stack and; extending pkg to enable this capability
for software installed from ports/packages.
The detailed scope was co-created with core@, portmgr@, pkgmgr@, secteam@,
releng@
• Must
□ Evaluate projects/solutions available in the wider ecosystem (in
progress)
□ Propose the target solution for SBOM (not started)
□ Produce an SBOM in CI (e.g. weekly builds) (in progress)
□ Produce an SBOM as an artifact as part of the release process (in
progress)
□ SBOM artifact on demand (in progress)
□ Roll up existing data (not started)
□ Record and explain decisions made (not started)
• Could
□ Engage with other similar projects (not started)
Commissioning body: Sovereign Tech Agency
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
Support for pkgbase in the FreeBSD installer
Contact: Isaac Freund
The FreeBSD installer now supports installing a pkgbase system.
Recent FreeBSD 15.0 snapshots have a new dialog in the installer that allows
the user to fetch and install packages from pkg.freebsd.org instead of using
the legacy distribution sets.
There is also support in the build system to build FreeBSD installation media
with offline pkgbase packages included, enabling fully offline installation of
a pkgbase system. These offline pkgbase packages are not yet included in 15.0
snapshot release installation however, as including both the offline legacy
distribution sets and pkgbase packages would significantly increase the size of
the installation media. There is however a -DPKGBASE build-time switch ready to
be flipped by the FreeBSD Release Engineering team, hopefully in the near
future.
Sponsor: The FreeBSD Foundation
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━
BSD-USER 4 LINUX
Contact: Maksym Sobolyev
Links: Project Page URL: https://github.com/sobomax/qemu-bsd-user-l4b
Tooling URL: https://github.com/sobomax/qemu_l4b
The bsd-user-4-linux project ports BSD user-mode emulation for QEMU to Linux.
The primary goal is to enable unmodified FreeBSD binaries to run on modern
Linux systems. Additionally, the project aims to provide multi-platform
container images with a functional FreeBSD environment and ready-to-use GitHub
Actions templates.
News:
• Two new pull requests have been received since the initial project
announcement:
□ Diagnostic output cleanup;
□ kqueue() support using libkqueue library on Linux.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
