Date: Sun, 06 Oct 2013 13:18:54 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Peter Wemm <peter@wemm.org> Cc: freebsd-arch@freebsd.org Subject: Re: Userland patch level Message-ID: <86hacuprz5.fsf@nine.des.no> In-Reply-To: <52507F4A.1050707@wemm.org> (Peter Wemm's message of "Sat, 05 Oct 2013 14:06:18 -0700") References: <8661tbsi40.fsf@nine.des.no> <52507F4A.1050707@wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Wemm <peter@wemm.org> writes: > IMHO, promoting the parsing strings like this is fraught with danger. The > canonical one-true-version is __FreeBSD_version, I'd much rather encourage > people to refer to that, and it is available in newvers.sh in the same way > that you're building it now. The kernel and userland versions do not necessarily match, even in supported configurations. newvers.sh is not necessarily available at run time. > freebsd-version.sh.in seems fragile as presented. It's missing > loader.conf.local parsing, hardcodes the assumption that you use /boot > (vs /efi), etc. I wasn't aware of loader.conf.local. I'll add support for it. I don't know anything about efi. As for hardcoding assumptions: like the man page says, this is a *best effort* which is intended to work in the common case, i.e. either "make buildworld buildkernel installworld installkernel" from a clean, consistent tree or "freebsd-update fetch install". > The usage string has a -i option that doesn't seem to exist. Thanks, I'll fix that. > Secteam does bump the osreldate for patch releases, right? We bump newvers.sh. > Woudn't that be sufficient for userland audit tools to reliably > identify vulnerable userlands? No. I don't particularly enjoy answering the same questions over and over again. If you have any more questions, please read one of the previous threads on this subject and / or the minutes from the security session at the Malta summit. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86hacuprz5.fsf>