FreeBSD The Power to Serve

Infrastructure Modernization

Contact: Ed Maste <emaste@FreeBSD.org>
Contact: Alice Sowerby <alice@freebsdfoundation.org>

The project started in Q3 of 2024 and was commissioned by the Sovereign Tech Agency with a budget of $745,000, to be spent over about one year. The main goals are to improve security tools for the base system, ports, and packages, update the project’s infrastructure to speed up development, enhance build security, and make it easier for new developers to get started.

Q1 update

Three of the five work packages are now in progress, with the remaining two to start in April. The overall schedule has been re-planned to run through to December 2025, allowing for a more sustainable pace of work.

Work Package A: Technical Debt reduction

The Foundation and the FreeBSD Project’s Source Management team is working together to make bug management easier and more sustainable. There is now a bug backlog dashboard, which helps make the backlog easier to understand during "bug busting" sessions, and is already showing that more bugs are being closed than being opened. This is hosted on FreeBSD and documentation has been submitted upstream to the GrimoireLab project so others can do the same.

One way to learn more about the project is to listen to the CHAOSScast episode where we talked about this work package.

We have also been upgrading Bugzilla by applying patches from 2023 onward and improving the upgrade process to ensure smoother future updates.

Work Package B: Zero Trust Builds

Much of the foundational work has been completed to standardize all source release build cases using no-root for creation of release artifacts. We are formalizing and documenting make world and release.sh to provide joined-up documentation for users. In order to get src to build reproducibly we are creating CI tests and are working with Reproducible-Builds.org to restore the FreeBSD reproducible CI. Read their February report.

Work Package C: CI/CD Automation

The high-level goal is to improve CI/CD automation to streamline software delivery and operations for new and existing software. Work so far is focusing on:

  • Improving the quality of incoming commits by providing system-agnostic tooling and documentation so that maintainers and developers can run CI without requiring a 3rd-party service (https://reviews.freebsd.org/D48015).

  • Making it possible to run pre-merge CI on proposed submissions (e.g. Pull Requests) (https://reviews.freebsd.org/D36257).

  • Documenting the CI management process to make it easier to keep tooling up to date and patched.

  • Updating the Source and Ports tests to include standard linters and other relevant automated analysis tools.

Work Package D: Security Controls in Ports and Packages and Work Package E: Improve Software Bill of Materials (SBOM)

These work packages are scheduled to start in April. The Foundation has been collaborating with FreeBSD Project teams to scope the projects appropriately.

Commissioning body: Sovereign Tech Agency

Last modified on: May 23, 2025 by Lorenzo Salvadore