Hey all,
I'd like to say thank you to the community for standing by with
patience as we perform emergency maintenance on our infrastructure.
I'd like to take just a brief moment to tell everyone where we are,
how we got here, and where we're going.
An attempted upgrade failed of our nightly build server, a server
which provides a pristine copy of build artifacts from
jenkins.hardenedbsd.org and
installer.hardenedbsd.org. It is the
source-of-truth location for nightly builds and supported releases
alike. Attempting to reboot into the last known-working ZFS Boot
Environment (BE) failed due to a regression FreeBSD introduced into
the bootloader from 11-STABLE to 12-STABLE: the bootloader in
12-STABLE does not support booting from root ZFS pools that utilize
partionless schemes (ie, /dev/ada0 rather than /dev/ada0p1).
Given the delicate nature of bootloaders, a decision was reached that
we should rebuild the server by performing a reinstallation of
12-STABLE with an entirely new ZFS pool, one that used partioned
disks. This decision necesitates the backup of existing data. Since
we've never performed an initial backup before, we needed now to
perform the initial backup.
We had to back up 1.52TB of data from a datacenter in New York City,
New York, USA to a datacenter in Maryland, USA. The Maryland
datacenter has limited bandwidth. As of Monday, 26 Aug 2019, the
backup completed.
That brings us to today. Today, I purchased hard drives of sufficient
capacity that would allow us to both reproduce the issue and test
restoration procedures. I plan to start this work on Saturday, 31 Aug
2019.
Once testing and refining the restoration procedures results in
success, we will perform the same restoration procedures on the
nightly build server. This means restoring that entire 1.52TB over the
limited pipe again. Downloading took multiple days. It's a safe bet
uploading will as well.
So, if all goes well, we're looking at another 1.5 weeks of downtime.
I have published a build of the last 12-STABLE/amd64 release for
general consumption:
https://hardenedbsd.org/~shawn/2019-08-24_12-stable_amd64/
The build artifacts are signed with the same signature referenced in
my email signature below.
I will be kicking off a new package build for 12-STABLE/amd64 soon.
I'm paying attention to some tmpfs work being done in upstream
FreeBSD, the source of the package build kernel panics mentioned
previously.
Please pay attention to this thread. I'll use this thread to keep
everyone updated.
Thank you, everyone, for your patience and understanding.
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal:
+1 443-546-8752
Tor+XMPP+OTR:
lat...@is.a.hacker.sx
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2