HardendedBSD Issue 32 - hbsd-update rewrite BEADM
3 views
Skip to first unread message
Ron Georgia
Feb 16, 2026, 9:58:07 PM (6 days ago) Feb 16
to HardenedBSD Users, netv...@gmail.com
All,
Under the check_sanity function the following is present
# FreeBSD / HardenedBSD 12 introduced bectl in base. bectl
# provides a beadm-compatible utility for managing ZFS Boot
# Environments (BEs). Since the majority of HardenedBSD users
# are on 11-STABLE, prefer beadm over bectl. Hopefully, bectl
# will one day exist on 11-STABLE.
#
# -b BEname Install updates to ZFS Boot Environment <BEname>
# Default: BEADM="/usr/local/sbin/beadm"
if [ ! -z "${zfsbe}" ] && [ ! -x ${BEADM} ]; then
if [ -x /sbin/bectl ]; then
BEADM=/sbin/bectl
else
debug_print "[-] Please install sysutils/beadm"
exit 1
fi
fi
BEADM defaults to /usr/local/sbin/beadm, if that's not present and -b
flag is present check for /sbin/bectl. If that exists assign /sbin/bectl
to BEADM. Should I keep this "as is" for backward compat or reverse the
logic, making /sbin/bectl the default with a check for
/usr/local/sbin/beadm if /sbin/bectl is missing? Right now the flua code
looks like this:
function system_vars.system_cmd()
if config.file_exists("/usr/local/sbin/beadm") then
beadm_path = "/usr/local/sbin/beadm"
else
beadm_path = "/sbin/bectl"
end
local sys_cmd = {
["AWK"] = "/usr/bin/awk",
["BEADM"] = beadm_path
<snip>,
}
return sys_cmd
end
--
”There is a scratch in the prism of my understanding.”
Under the check_sanity function the following is present
# FreeBSD / HardenedBSD 12 introduced bectl in base. bectl
# provides a beadm-compatible utility for managing ZFS Boot
# Environments (BEs). Since the majority of HardenedBSD users
# are on 11-STABLE, prefer beadm over bectl. Hopefully, bectl
# will one day exist on 11-STABLE.
#
# -b BEname Install updates to ZFS Boot Environment <BEname>
# Default: BEADM="/usr/local/sbin/beadm"
if [ ! -z "${zfsbe}" ] && [ ! -x ${BEADM} ]; then
if [ -x /sbin/bectl ]; then
BEADM=/sbin/bectl
else
debug_print "[-] Please install sysutils/beadm"
exit 1
fi
fi
BEADM defaults to /usr/local/sbin/beadm, if that's not present and -b
flag is present check for /sbin/bectl. If that exists assign /sbin/bectl
to BEADM. Should I keep this "as is" for backward compat or reverse the
logic, making /sbin/bectl the default with a check for
/usr/local/sbin/beadm if /sbin/bectl is missing? Right now the flua code
looks like this:
function system_vars.system_cmd()
if config.file_exists("/usr/local/sbin/beadm") then
beadm_path = "/usr/local/sbin/beadm"
else
beadm_path = "/sbin/bectl"
end
local sys_cmd = {
["AWK"] = "/usr/bin/awk",
["BEADM"] = beadm_path
<snip>,
}
return sys_cmd
end
--
”There is a scratch in the prism of my understanding.”
Shawn Webb
Feb 17, 2026, 11:20:45 AM (5 days ago) Feb 17
to Ron Georgia, HardenedBSD Users
beadm was integrated into hbsd-udpate), we can probably remove support
for beadm, relying only on bectl. (If anyone uses beadm instead of
bectl, please do speak up.)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages