HardenedBSD June 2024 Status Report
17 views
Skip to first unread message
Shawn Webb
Jun 30, 2024, 8:46:14 PMJun 30
to HardenedBSD Users, HardenedBSD Foundation Board
Hey all,
This status report covers the last few days of May along with June. At the tail
end of May, I spoke at BSDCan[1] about HardenedBSD. The video[2] recording has
been posted. Note that some of the audio recording equipment experienced some
issues during the presentation, so there's a few missing minutes at around the
17:05 mark. I'm grateful for the opportunity to speak and for everyone who
worked behind-the-scenes to make that a possibility. The presentation slides
can be found at [3].
While the source tree was relatively quiet this month, the ports tree saw a lot
of work:
1. New ports for the Radicle[4] project. The ports use the codename of the
core Radicle repo known as heartwood:
* net-p2p/heartwood-cli
* net-p2p/heartwood-httpd
* net-p2p/heartwood-node
* net-p2p/heartwood-remote-helper
* net-p2p/heartwood-tools
* net-p2p/heartwood (metaport that installs all the above).
2. First-time patch submitter Fabien Amelinck of the VultureOS project fixed the
build of the hardenedbsd/secadm port
3. Fabien Amelinck fixed an ignore condition in the kmod framework (kmod.mk)
4. Fabien Amelinck fixed the build of the OpenJDK-related ports
5. A new port was introduced: sysutils/vm-bhyve-hbsd. This is a soft fork of the
vm-bhyve project. The aim is to import a few pull requests/patches from the
community, starting with p9fs support.
6. The security/keepassxc port was taught the concept of flavors, with the lite
flavor disabling certain features: AUTOTYPE, BROWSER, FDOSECRETS, KEESHARE,
NETWORKING, and SSHAGENT. Of course, the default flavor keeps the default
options enabld.
7. 0x1eef added a new port: hardenedbsd/sourcezp, which can help manage a local
copy of the HardenedBSD source tree.
The HardenedBSD Foundation has the following update:
The HardenedBSD Foundation is now available as a listed charity at Fidelity
Charitable[5].
A new PO Box was established in Colorado. This is our new shipping/mailing
address:
The HardenedBSD Foundation
PO Box 31063
Colorado Springs, CO 80931
If you decide to send anything to our PO Box, please let us know beforehand so
we know to expect a delivery.
[1]: https://indico.bsdcan.org/event/1/contributions/9/
[2]: YouTube link here
[3]:
https://git.hardenedbsd.org/shawn.webb/presentations/-/blob/ba7ba6ef6b942c23886faa95f12552000c9e6fe8/bsdcan/2024/HBSD-SOTU.pdf
[4]: https://radicle.xyz/
[5]: https://www.fidelitycharitable.org/
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
This status report covers the last few days of May along with June. At the tail
end of May, I spoke at BSDCan[1] about HardenedBSD. The video[2] recording has
been posted. Note that some of the audio recording equipment experienced some
issues during the presentation, so there's a few missing minutes at around the
17:05 mark. I'm grateful for the opportunity to speak and for everyone who
worked behind-the-scenes to make that a possibility. The presentation slides
can be found at [3].
While the source tree was relatively quiet this month, the ports tree saw a lot
of work:
1. New ports for the Radicle[4] project. The ports use the codename of the
core Radicle repo known as heartwood:
* net-p2p/heartwood-cli
* net-p2p/heartwood-httpd
* net-p2p/heartwood-node
* net-p2p/heartwood-remote-helper
* net-p2p/heartwood-tools
* net-p2p/heartwood (metaport that installs all the above).
2. First-time patch submitter Fabien Amelinck of the VultureOS project fixed the
build of the hardenedbsd/secadm port
3. Fabien Amelinck fixed an ignore condition in the kmod framework (kmod.mk)
4. Fabien Amelinck fixed the build of the OpenJDK-related ports
5. A new port was introduced: sysutils/vm-bhyve-hbsd. This is a soft fork of the
vm-bhyve project. The aim is to import a few pull requests/patches from the
community, starting with p9fs support.
6. The security/keepassxc port was taught the concept of flavors, with the lite
flavor disabling certain features: AUTOTYPE, BROWSER, FDOSECRETS, KEESHARE,
NETWORKING, and SSHAGENT. Of course, the default flavor keeps the default
options enabld.
7. 0x1eef added a new port: hardenedbsd/sourcezp, which can help manage a local
copy of the HardenedBSD source tree.
The HardenedBSD Foundation has the following update:
The HardenedBSD Foundation is now available as a listed charity at Fidelity
Charitable[5].
A new PO Box was established in Colorado. This is our new shipping/mailing
address:
The HardenedBSD Foundation
PO Box 31063
Colorado Springs, CO 80931
If you decide to send anything to our PO Box, please let us know beforehand so
we know to expect a delivery.
[1]: https://indico.bsdcan.org/event/1/contributions/9/
[2]: YouTube link here
[3]:
https://git.hardenedbsd.org/shawn.webb/presentations/-/blob/ba7ba6ef6b942c23886faa95f12552000c9e6fe8/bsdcan/2024/HBSD-SOTU.pdf
[4]: https://radicle.xyz/
[5]: https://www.fidelitycharitable.org/
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Shawn Webb
Jun 30, 2024, 10:53:35 PMJun 30
to HardenedBSD Users, HardenedBSD Foundation Board
Reply all
Reply to author
Forward
0 new messages