Page MenuHomeFreeBSD
Differential D53976

releases/15.0R/relnotes: document how to fetch new signing keys for BETA/RC users
ClosedPublic
Actions

Authored by dch on Fri, Nov 28, 3:02 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 18, 1:20 PM
Unknown Object (File)
Tue, Dec 16, 7:52 PM
Unknown Object (File)
Tue, Dec 16, 7:24 PM
Unknown Object (File)
Sat, Dec 13, 9:26 PM
Unknown Object (File)
Thu, Dec 11, 5:38 PM
Unknown Object (File)
Thu, Dec 11, 3:20 PM
Unknown Object (File)
Thu, Dec 11, 7:30 AM
Unknown Object (File)
Tue, Dec 9, 2:35 AM
View All 14 Files
Subscribers
cperciva
lwhsu
ziaee

Details

Reviewers
ziaee
Group Reviewers
releng
doceng
secteam
clusteradm
Test Plan

{F138067300}

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 68978
Build 65861: arc lint + arc unit

Event Timeline

dch requested review of this revision.Fri, Nov 28, 3:02 PM
dch created this revision.
Harbormaster completed remote builds in B68920: Diff 167242.Fri, Nov 28, 3:02 PM
dch added reviewers: releng, doceng, secteam, clusteradm.EditedFri, Nov 28, 3:04 PM
  • the actual URL for fetching via pkg add -f .. needs to be validated prior to release
dch edited the test plan for this revision. (Show Details)Fri, Nov 28, 3:14 PM
lwhsu added a subscriber: lwhsu.Fri, Nov 28, 4:25 PM

This is great. I am wondering if we need to mention some instructions for verify the pkg before pkg add? Or it's already done in that pkg add command?
I know that some (most?) people will skip that step, but we'd still better to consider this.

cperciva added a subscriber: cperciva.Fri, Nov 28, 5:02 PM
cperciva added inline comments.
website/content/en/releases/15.0R/relnotes.adoc
69

People with 15.0-RC* are fine assuming clusteradm doesn't remove the DNS entry for pkgbase.freebsd.org prematurely.

The problem is people running -PRERELEASE, -ALPHA*, and -BETA*, whose systems expect packages signed with the pkg (not pkgbase) keys.

73

s/FreeBSD's/FreeBSD.org/

79

I don't think we want to recommend this since there's no way for them to verify this package -- they don't have the public key fingerprint.

82

Perhaps worth adding "after 2025-11-27 22:00 UTC".

dch updated this revision to Diff 167374.Mon, Dec 1, 5:19 PM
dch marked 3 inline comments as done.

address all but pkg add -f ... feedback

Harbormaster completed remote builds in B68964: Diff 167374.Mon, Dec 1, 5:19 PM
dch added a comment.Mon, Dec 1, 5:21 PM

Updated all but the`pkg add -f ..` bit. I hear what you're saying @cperciva but I have already encountered test users who are not comfortable with git, and I would like to give them a simple alternative with mostly familiar tools.

Alternatively I could expand it out, make an explicit sha256 -c , and provide the actual file hashes in the document?

cperciva added a comment.Mon, Dec 1, 7:17 PM
In D53976#1234085, @dch wrote:

Updated all but the`pkg add -f ..` bit. I hear what you're saying @cperciva but I have already encountered test users who are not comfortable with git, and I would like to give them a simple alternative with mostly familiar tools.

Alternatively I could expand it out, make an explicit sha256 -c , and provide the actual file hashes in the document?

Fair enough. If people are affected by this they're probably smart enough to decide if they want to trust a package without verifying the signature.

Speaking of people affected by this, the heading should probably be "Upgrading from pkgbase installs of PRERELEASE, ALPHA, and BETA builds of FreeBSD 15.0"?

dch marked an inline comment as done.Mon, Dec 1, 9:50 PM
dch added inline comments.
website/content/en/releases/15.0R/relnotes.adoc
79

Updated all but the`pkg add -f ..` bit. I hear what you're saying @cperciva but I have already encountered test users who are not comfortable with git, and I would like to give them a simple alternative with mostly familiar tools.

Alternatively I could expand it out, make an explicit sha256 -c , and provide the actual file hashes in the document?

dch updated this revision to Diff 167391.Mon, Dec 1, 10:04 PM
dch marked an inline comment as done.

clarify preferred option, vs convenient option

Harbormaster completed remote builds in B68975: Diff 167391.Mon, Dec 1, 10:04 PM
ziaee added a subscriber: ziaee.Mon, Dec 1, 10:08 PM
ziaee added inline comments.
website/content/en/releases/15.0R/relnotes.adoc
76

This will link it.

ziaee accepted this revision.Mon, Dec 1, 10:10 PM
This revision is now accepted and ready to land.Mon, Dec 1, 10:10 PM
dch updated this revision to Diff 167392.Mon, Dec 1, 10:11 PM
dch marked an inline comment as done.

add ziaee feedback

This revision now requires review to proceed.Mon, Dec 1, 10:11 PM
Harbormaster completed remote builds in B68976: Diff 167392.Mon, Dec 1, 10:11 PM
dch added a comment.Mon, Dec 1, 10:11 PM

update package per ziaae

dch updated this revision to Diff 167393.Mon, Dec 1, 10:14 PM

package macro is for ports only sadly

Harbormaster completed remote builds in B68977: Diff 167393.Mon, Dec 1, 10:14 PM
dch updated this revision to Diff 167394.Mon, Dec 1, 10:15 PM

better title

Harbormaster completed remote builds in B68978: Diff 167394.Mon, Dec 1, 10:15 PM
ziaee accepted this revision.Mon, Dec 1, 10:20 PM
This revision is now accepted and ready to land.Mon, Dec 1, 10:20 PM
dch closed this revision.Mon, Dec 1, 10:45 PM

Revision Contents
Changeset List

PathSize
website/
content/
en/
releases/
15.0R/
34 lines

Diff 167394

View Options

website/content/en/releases/15.0R/relnotes.adoc

Loading...