Is it possible to extract a HBSD patchset for FBSD releng?

[Dewayne Geraghty]

Unfortunately I'm unable to move to HBSD 15 so am stuck on the 14 series
for the foreseeable future. Generally, prior to HardenedBSD, we relied
upon the FreeBSD releng sequences as it provides substantial stability
(#1). Is there any mechanism where I can take the changes that are
applied to the FreeBSD suite for HBSD genesis/updates. My intent is to
take the HBSD 14.3Stable and apply the patch set(?) to FreeBSD releng/14
for the near term?

My hope is that there is a HBSD branch which is merged to the FreeBSD
kit, that is available but I don't know where/how?

During COVID I updated FBSD and HBSD to the same revision and performed
a diff between them. I was surprised by the large number of
enhancements that were applied to FBSD, and grateful for the
improvements; and that the work is non-trivial.

My knowledge of git is limited to: branch, switch, pull, diff. (having
gone from cvs, svn); and no knowledge of github processes.

#1 not quite so much stability as a trigger in time, so we can focus on
testing as there are often a few changes that occur at once, per
https://cgit.freebsd.org/src/log/?h=releng%2F14.3. :)

Regards, Dewayne

[Shawn Webb]

Hey Dewayne,

It's mostly a matter of resource allocation rather than one of a
technical manner. There's only one person performing all the release
engineering and build process work for HardenedBSD (me).
Unfortunately, I do not have the time to track FreeBSD's releng
branches.

We do have a notion of a quarterly branch for the src repo. Creating
that new quarterly branch across three supported branches
(hardened/current/master, hardened/current/cross-dso-cfi,
hardened/15-stable/main) involves a lot of behind-the-scenes work
starting 72 hours prior to the start of the new quarter.

If the HardenedBSD project had more regular contributors, we might be
able to increase our level of support for various scenarios (like
tracking FreeBSD's releng branches.) So my response should also be
taken as a call for code/patch contributions. Usually after being
submitted enough good-quality patches, contributors will have an
invitation to officially join the project (like 0x1eef recently).

If I was in your shoes, since upgrading to 15-STABLE isn't a
possibility at the moment, I would maintain my own fork downstream
from HardenedBSD. You could maintain the hardened/14-stable/master
branch (and even submit merge requests upstream to HardenedBSD.) From
a project standpoint, the hardened/14-stable/master branch is
considered as "community support," which means that I ask the
community to support that branch if they need it.

I disabled the auto-sync configuration for hardened/14-stable/master.
You'd likely want to merge the stable/14 branch from FreeBSD upstream.
There likely will be merge conflicts when merging FreeBSD's stable/14
into hardened/14-stable/master.

Thanks,

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc