About

This post documents how to build a hardenedBSD virtual machine image that can be used with popular virtual machine software. So far I have only tested with virt-manager but a working VM image should theoretically set you up to deploy on a VPS as well.

Background

Overview

The hardenedBSD project does not currently provide official VM images but it is possible to build them yourself from the source tree. We're going to focus on the 16-CURRENT branch since the 15-STABLE branch lacks a commit we need (at least at the time of writing).

Beyond that there is known bug on the 15-STABLE branch that prevents hardenedBSD from booting on Microsoft's Hyper-V hypervisor. This might be a dealbreaker in certain environments (eg GitHub actions), and the 16-CURRENT branch is not known to have this bug.

Phase #1

Overview

Before we start the process of producing virtual machine images we have to buildworld, and buildkernel. We're interested in the artifacts that are produced, so there's no need to run installworld or installkernel here:

git clone https://git.hardenedbsd.org/hardenedbsd/hardenedbsd
mdo -u root mv hardenedbsd /usr/src
cd /usr/src
mdo -u root make -j $(sysctl -n hw.ncpu) buildworld
mdo -u root make -j $(sysctl -n hw.ncpu) buildkernel

Explanation

• git clone https://git.hardenedbsd.org/hardenedbsd/hardenedbsd
  Downloads the hardenedBSD source tree.
• mdo -u root mv hardenedbsd /usr/src
  Moves the source tree into place
• cd /usr/src
  Changes the current working directory
• mdo -u root make -j $(sysctl -n hw.ncpu) buildworld
  Builds userland and produces artifacts
• mdo -u root make -j $(sysctl -n hw.ncpu) buildkernel
  Builds kernel and produces artifacts

Phase #2

Overview

This is the interesting part where we build virtual machine images. We're going to choose the 'raw' image format, and we're going to choose the ufs filesystem, alongside some other options that I will explain one by one:

cd release/
export VMSIZE=80g
export VMFORMATS=raw
export VMFSLIST=ufs
export TARGET_ARCH=amd64
export NOPKGBASE=YES
export WITH_VMIMAGES=YES
export NO_ROOT=YES
export WITHOUT_QEMU=YES
make vm-image

Explanation

• cd release/
  Enter /usr/src/release/
• export VMSIZE=80g
  Allocate 80GB of (sparse) disk space. Adjust as needed.
• export VMFORMATS=raw
  Selects the 'raw' format (other options: qcow2). Adjust as needed.
• export VMFSLIST=ufs
  Selects the 'ufs' filesystem (other options: zfs). Adjust as needed.
• export TARGET_ARCH=amd64
  Selects the amd64 architecture.
• export NOPKGBASE=YES
  Skips pkgbase.
• export WITH_VMIMAGES=YES
  Required to build vm images.
• export NO_ROOT=YES
  Required or build errors out.
• export WITHOUT_QEMU=YES
  Required or build errors out.
• make vm-image
  Builds the virtual machine image.

Conclusion

As long as the last step was successful, an image should be available at /usr/obj/usr/src/amd64.amd64/release/vm.ufs.raw or a similar path. The image will provide a stock installation of hardenedBSD. The image can be modified with the help of tools like mdconfig(8) and mount(8) but that's out of scope for this post. See hardenedbsd-builder for an example of a project that modifies an image in that way.