New HardenedBSD 15-STABLE Build

[Shawn Webb]

Hey all,

Yesterday (27 Jan 2026), FreeBSD and OpenSSL announced vulnerability
fixes. I brought the fixes into the quarterly branches and have
started new builds.

The 15-STABLE build completed overnight and the 16-CURRENT build
needed to be restarted this morning.

I tried updating the HardenedBSD storage server to the new 15-STABLE
build and it entered a boot loop. Booting the installer in bhyve seems
to work fine (when bhyve graphics mode is NOT enabled.)

Please test this latest build/update. Please let me know if you
experience issues (or even if you don't--success stories are just as
helpful as bug reports.)

There is a chance I might yank this build if enough people report
issues, so communication is key here.

Thanks,

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

[Ulaş SAYGIN]

i tried 28 jan 2026 build now, and it does not work on vmware as guest os.

it boots hbsd and i login with root username without password and i execute bsdinstall and after keymap selection screen , it restarts.

i tested with u.s.a keyboard and turkish and default. and i also select testing default keymap.but after that it restarts without any error.

why this is happening?

28 Ocak 2026 Çarşamba tarihinde saat 19:42:04 UTC+3 itibarıyla Shawn Webb şunları yazdı:

[Shawn Webb]

The keymap issue is known. Help in resolving the issue would be
greatly appreciated. Otherwise, it'll likely have to wait a while
until I complete the other higher priority items on my plate.

Thanks,

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

> > Tor-ified Signal: +1 303-901-1600 <(303)%20901-1600> / shawn_webb_opsec.50
> >
> > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
> >

[Dewayne Geraghty]

I searched for quarterly on https://www.hardenedbsd.org/ and https://www.hardenedbsd.org/search/node/quarterly.  The installers at https://installers.hardenedbsd.org/pub/15-stable/amd64/amd64/installer/LATEST/ are dated 28-Jan.  Is there a url for the quarterly?

[Ulaş SAYGIN]

Dear Shawn,

i just want to inform you about new release of installer has same issue. because lastly i tested 02 jan 2026 release of installer.

now i tested bootonly.iso of 28 jan 2026. it boots installer but when select any option install shell or live system. it waits and reboots the vm.

in this case i dont know how to catch logs? because when reboots occured , i think all logs are gone. 

if you tell me what to or how to do o catch logs so i may help it. i do not know what is in your plate, i just wanted to inform to provide information about latest situation if it helps.

i am here if you can give instructions to see logs or any help about it. if you can have time for me.

have a nice sunday.

8 Şubat 2026 Pazar tarihinde saat 04:12:46 UTC+3 itibarıyla Dewayne Geraghty şunları yazdı:

[Ulaş SAYGIN]

i think problem is Read-only file system, because even bsdconfig not working and reboots.

i tried to skip keymap and it asks hostname and after setting hostname again it reboots without error.
is there any command can i set config files to move writeable file system because i also created filesystem with bsdinstall for harddrive, i can mount it under /tmp folder.
hardenedbsd network configuration does not seem working, i cant ping anywhere, when i look it does not get ip adress, , set ipv4 with ifconfig but nameservers can not be updated because of read only file system.

8 Şubat 2026 Pazar tarihinde saat 15:01:58 UTC+3 itibarıyla Ulaş SAYGIN şunları yazdı:

[Ulaş SAYGIN]

i created mfbsd for v15 on hbsd 14.3 and now i am waiting base pkgs downloading from hbsd servers to setup with bsdinstall on vmware virtual disk.
207 pkgs is huge! do not we have opportinuty to compress these :) 

8 Şubat 2026 Pazar tarihinde saat 16:44:37 UTC+3 itibarıyla Ulaş SAYGIN şunları yazdı:

[Ulaş SAYGIN]

i installed v15 using base and kernel files with command prompt and on vm v15 is working.
i tried bsdinstall but if i dont give some values like this:

export BSDINSTALL_DISTSITE='https://installers.hardenedbsd.org/pub/15-stable/amd64/amd64/installer/LATEST/'
export DISTRIBUTIONS='kernel.txz base.txz'
export BSDINSTALL_DISTDIR='/usr/freebsd-dist'

bsdinstall somehow installs freebsd 15 not hardenedbsd 15.

when i set these values, everything goes well. no reboots no error.

after installation, i tried hbsd-update for both setups vm1 with command prompt ufs, vm2 bsdinstall from v15.

vm2 updated without problem. but vm1 can not be able to update system. somehow ufs file system caused problem.

 hbsd-update -V -b `date "+%Y%m%d%H%M%S"` command gave error for both vms

i use -d parametere to update and only vm2 seems updated but i am not sure. because of " libbe_init("") failed." error

vm2 update has this messages:

root@hardenedbsd152:~ # hbsd-update -V -b `date "+%Y%m%d%H%M%S"`
[*] Looking up version info with DNSSEC enabled.
[-] Could not get DNS record.
    [-] Bailing.
[*] Could not get the version number
[*] Raw DNS result:
Host amd64.main.15-stable.hardened.hardenedbsd.updates.hardenedbsd.org not found: 2(SERVFAIL). (error)
root@hardenedbsd152:~ # hbsd-update -d -V -b `date "+%Y%m%d%H%M%S"`
hbsd-v1500001-1153b031d88fe215bb635326b0ef4580d3351e4a
[*] Latest build: hbsd-v1500001-1153b031d88fe215bb635326b0ef4580d3351e4a
[*] Latest build: hbsd-v1500001-1153b031d88fe215bb635326b0ef4580d3351e4a
/tmp/tmp.xNzZ3cUhGC/update.tar                         413 MB 1290 kBps 05m28s
[*] Verified hash: 5e8988c7b3f2c7addc0af0b6b65ab913ab5bc9209a7d0efdf614ff39f852b125
  [+] Remote hash: 5e8988c7b3f2c7addc0af0b6b65ab913ab5bc9209a7d0efdf614ff39f852b125
[*] Checking validity of the public key
[*] Checking the validity of base.txz
[*] Checking the validity of etcupdate.tbz
[*] Checking the validity of skip.txt
[*] Checking the validity of mtree.tar
[*] Checking the validity of kernel-HARDENEDBSD.txz
[*] Checking the validity of ObsoleteFiles.txt
[*] Checking the validity of ObsoleteDirs.txt
[*] Checking the validity of script.sh
libbe_init("") failed.
libbe_init("") failed.
libbe_init("") failed.

vm1 update has this messages:

root@hardenedbsd15:~ # hbsd-update -V -b `date "+%Y%m%d%H%M%S"`
[*] Looking up version info with DNSSEC enabled.
[-] Could not get DNS record.
    [-] Bailing.
[*] Could not get the version number
[*] Raw DNS result:
Host amd64.main.15-stable.hardened.hardenedbsd.updates.hardenedbsd.org not found: 2(SERVFAIL). (error)



root@hardenedbsd15:~ #  hbsd-update -d -V -b `date "+%Y%m%d%H%M%S"`
hbsd-v1500001-1153b031d88fe215bb635326b0ef4580d3351e4a
[*] Latest build: hbsd-v1500001-1153b031d88fe215bb635326b0ef4580d3351e4a
[*] Latest build: hbsd-v1500001-1153b031d88fe215bb635326b0ef4580d3351e4a
/tmp/tmp.yJVHnrC7Ua/update.tar                         413 MB 1086 kBps 06m30s
[*] Verified hash: 5e8988c7b3f2c7addc0af0b6b65ab913ab5bc9209a7d0efdf614ff39f852b125
  [+] Remote hash: 5e8988c7b3f2c7addc0af0b6b65ab913ab5bc9209a7d0efdf614ff39f852b125
[*] Checking validity of the public key
[*] Checking the validity of base.txz
[*] Checking the validity of etcupdate.tbz
[*] Checking the validity of skip.txt
[*] Checking the validity of mtree.tar
[*] Checking the validity of kernel-HARDENEDBSD.txz
[*] Checking the validity of ObsoleteFiles.txt
[*] Checking the validity of ObsoleteDirs.txt
[*] Checking the validity of script.sh
ERROR: This system does not boot from ZFS pool
ERROR: This system does not boot from ZFS pool
ERROR: This system does not boot from ZFS pool

8 Şubat 2026 Pazar tarihinde saat 18:23:47 UTC+3 itibarıyla Ulaş SAYGIN şunları yazdı:

[Ulaş SAYGIN]

thank you for email,  Dewayne Geraghty.

I would like to know, what did you do when you are installing v15?
it will help also other people if you find any solution. maybe you can share.

have nice day everyone and good new week.

9 Şubat 2026 Pazartesi tarihinde saat 01:48:38 UTC+3 itibarıyla Ulaş SAYGIN şunları yazdı:

[Ulaş SAYGIN]

i think freebsd 15 package base will be big problem for hardenedbsd because there are a lot of things to modify.

please dont misunderstand me, i didnt want to make feel sad or stressed and i appriciate your work shawn.

9 Şubat 2026 Pazartesi tarihinde saat 02:04:23 UTC+3 itibarıyla Ulaş SAYGIN şunları yazdı:

[Robert Gleeson]

I ran into the same issue.  

I was able to avoid the crash by switching to the HARDENEDBSD-NODEBUG kernel, 
rebuilding memstick.img and rebooting into the installer. Everything worked fine 
after that. I can share my copy of memstick.img if that helps. 

You can also build memstick.img yourself:

export KERNCONF=HARDENEDBSD-NODEBUG

cd /usr/src

make -j $(sysctl -n hw.cpu) buildworld buildkernel

cd release

NOPKGBASE=yes NODISTSETS=yes make memstick 

Then burn to USB stick as usual:
dd if=/usr/obj/usr/src/amd64.amd64/release/memstick.img of=/dev/da0 bs=1m conv=sync

Hope it helps.