# does ARM receive security updates in source code form?



## Swapjim (Nov 29, 2016)

I know that the ARM port is Tier 2 and this means that there are no official releases or binary packages.

However, when Tier 1 platforms receive a security update, does ARM receive it too, in source code form? Can I simply recompile and have the patched version?


----------



## Phishfry (Nov 29, 2016)

I think that release patches are simply that. Patches to source of a release. So yes you can patch ARM.
The patches are released by the security team. FreeBSD 11 is at p3 currently.
I don't think freebsd-update works on ARM so you might have to manually apply the patches and recompile.
This can be time consuming and requires a 16GB microSD.

You could use a crochet build box on patched source to build patched images for deployment.
This would require a strategy for locally saved data on device.


----------



## Phishfry (Nov 29, 2016)

Another thread with a similar question.
https://forums.freebsd.org/threads/57911/


----------



## kpa (Nov 29, 2016)

Yes, the security patches are applied on all platforms where they matter including ARM. You don't want to use the patches from the security advisories manually because they are already included in the corresponding releng branch, for example if you want to update your ARM system running 11.0-RELEASE with the latest security patches you should fetch the sources from https://svn.freebsd.org/base/releng/11.0 and use them to compile a new version of the OS and install it.


----------



## Phishfry (Nov 29, 2016)

I see so the /base/release folder is the frozen release and /base/releng/ is the patched release .


----------



## kpa (Nov 29, 2016)

Phishfry said:


> I see so the /base/release folder is the frozen release and /base/releng/ is the patched release .



The release paths are what are called "tags" in revision control lingo:

https://en.wikipedia.org/wiki/Revision_tag

SVN doesn't however implement tags at all, instead what you have to do is make a new branch with `svn copy` and freeze it by agreeing that the new branch gets no updates.

Normally by convention SVN repositories have a /tags directory for storing those tagged versions but in FreeBSD's case the base system repository uses a different convention by using the release/* directories.


----------



## Swapjim (Nov 30, 2016)

For now, this sounds more than what I'd like to invest in time and effort. Maybe I'll reconsider but I read that the next version will bring ARM64 in Tier 1, so we're very close to that!

Thanks guys!


----------

