Cloud releases: Switch to firstboot_pkg_upgrade

Cloud images are deployed with base system packages. Introduce a
firstboot package auto updater to patch the base system on first boot.

MFC after:		1 hour
MFC to:			stable/15
Reviewed by:		cperciva
Sponsored by:		Google Cloud
Differential Revision:	https://reviews.freebsd.org/D56890
This commit is contained in:
Alexander Ziaee
2026-05-14 17:05:07 -04:00
parent 2574974648
commit 464a351267
3 changed files with 12 additions and 7 deletions
+3 -2
View File
@@ -6,10 +6,10 @@
export VMSIZE=30g export VMSIZE=30g
# Set to a list of packages to install. # Set to a list of packages to install.
export VM_EXTRA_PACKAGES="azure-agent python python3 firstboot-freebsd-update firstboot-pkgs" export VM_EXTRA_PACKAGES="azure-agent python python3 firstboot-pkg-upgrade firstboot-pkgs"
# Set to a list of third-party software to enable in rc.conf(5). # Set to a list of third-party software to enable in rc.conf(5).
export VM_RC_LIST="ntpd sshd waagent firstboot_freebsd_update firstboot_pkgs" export VM_RC_LIST="ntpd sshd waagent firstboot_pkg_upgrade firstboot_pkgs"
# No swap space; waagent will allocate swap space on the resource disk. # No swap space; waagent will allocate swap space on the resource disk.
# See ResourceDisk.EnableSwap and ResourceDisk.SwapSizeMB in waagent.conf # See ResourceDisk.EnableSwap and ResourceDisk.SwapSizeMB in waagent.conf
@@ -43,6 +43,7 @@ vm_extra_pre_umount() {
cat << EOF >> ${DESTDIR}/etc/rc.conf cat << EOF >> ${DESTDIR}/etc/rc.conf
ifconfig_hn0="SYNCDHCP" ifconfig_hn0="SYNCDHCP"
ntpd_sync_on_start="YES" ntpd_sync_on_start="YES"
firstboot_pkg_upgrade_repos="FreeBSD-base"
EOF EOF
cat << EOF >> ${DESTDIR}/boot/loader.conf cat << EOF >> ${DESTDIR}/boot/loader.conf
+6 -3
View File
@@ -7,15 +7,15 @@
# * amazon-ssm-agent (not enabled by default, but some users need to use # * amazon-ssm-agent (not enabled by default, but some users need to use
# it on systems not connected to the internet), # it on systems not connected to the internet),
# * ec2-scripts, which provides a range of EC2ification startup scripts, # * ec2-scripts, which provides a range of EC2ification startup scripts,
# * firstboot-freebsd-update, to install security updates at first boot, # * firstboot-pkg-upgrade, to install security updates at first boot,
# * firstboot-pkgs, to install packages at first boot, and # * firstboot-pkgs, to install packages at first boot, and
# * isc-dhcp44-client, used for IPv6 network setup. # * isc-dhcp44-client, used for IPv6 network setup.
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent ec2-scripts \ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent ec2-scripts \
firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client" firstboot-pkg-upgrade firstboot-pkgs isc-dhcp44-client"
# Services to enable in rc.conf(5). # Services to enable in rc.conf(5).
export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \ export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs \ ec2_fetchkey ec2_loghostkey firstboot_pkg_upgrade firstboot_pkgs \
growfs sshd" growfs sshd"
vm_extra_pre_umount() { vm_extra_pre_umount() {
@@ -24,6 +24,9 @@ vm_extra_pre_umount() {
# via EC2 user-data. # via EC2 user-data.
echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf
# Limit firstboot_pkg_upgrade to the base system.
echo 'firstboot_pkg_upgrade_repos="FreeBSD-base"' >> ${DESTDIR}/etc/rc.conf
# Any EC2 ephemeral disks seen when the system first boots will # Any EC2 ephemeral disks seen when the system first boots will
# be "new" disks; there is no "previous boot" when they might have # be "new" disks; there is no "previous boot" when they might have
# been seen and used already. # been seen and used already.
+3 -2
View File
@@ -6,14 +6,14 @@
export VMSIZE=20g export VMSIZE=20g
# Set to a list of packages to install. # Set to a list of packages to install.
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \ export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-pkg-upgrade \
firstboot-pkgs google-cloud-sdk panicmail sudo \ firstboot-pkgs google-cloud-sdk panicmail sudo \
sysutils/py-google-compute-engine lang/python \ sysutils/py-google-compute-engine lang/python \
lang/python3" lang/python3"
# Set to a list of third-party software to enable in rc.conf(5). # Set to a list of third-party software to enable in rc.conf(5).
export VM_RC_LIST="ntpd sshd growfs \ export VM_RC_LIST="ntpd sshd growfs \
firstboot_pkgs firstboot_freebsd_update google_startup \ firstboot_pkgs firstboot_pkg_upgrade google_startup \
google_accounts_daemon google_clock_skew_daemon \ google_accounts_daemon google_clock_skew_daemon \
google_instance_setup google_network_daemon" google_instance_setup google_network_daemon"
@@ -47,6 +47,7 @@ ifconfig_DEFAULT="SYNCDHCP mtu 1460"
ntpd_sync_on_start="YES" ntpd_sync_on_start="YES"
# need to fill in something here # need to fill in something here
#firstboot_pkgs_list="" #firstboot_pkgs_list=""
firstboot_pkg_upgrade_repos="FreeBSD-base"
panicmail_autosubmit="YES" panicmail_autosubmit="YES"
EOF EOF