Obtaining EOL by script

The information is cached in /var/db/freebsd-update/tag:​
Bash: 
date -r $(cut -d'|' -f6 /var/db/freebsd-update/tag)
If the cache is old/nonexistent, have a look at the fetch_* functions in /usr/sbin/freebsd-update (or just trigger invocation of freebsd-update(8)).​
 
Code: 
curl -s 'https://www.freebsd.org/security/#how' |xmllint --html --xpath '//tr/td/p/text()' - 2>/dev/null |rs -e 0 4
you need to have libxml2 installed (provides xmllint)
 
Kai Burghardt said:
The information is cached in /var/db/freebsd-update/tag:​
Bash: 
date -r $(cut -d'|' -f6 /var/db/freebsd-update/tag)
If the cache is old/nonexistent, have a look at the fetch_* functions in /usr/sbin/freebsd-update (or just trigger invocation of freebsd-update(8)).​
Click to expand...
Just tried...

date -r $(cut -d'|' -f6 /var/db/freebsd-update/tag):-

Wed May 1 01:00:00 BST 2024
uname -a :-

FreeBSD X1 13.2-RELEASE-p2 FreeBSD 13.2-RELEASE-p2 GENERIC amd64

Not sure how this squares with

www.freebsd.org

FreeBSD Security Information

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.
www.freebsd.org www.freebsd.org

since I don't know what 13.3-RELEASE + 3 months means.
 
balanga said:
I tried the given solution and retrieved latest.ssl

http://update.freebsd.org/14.0-RELEASE/amd64/latest.ssl but don't know how to parse this file.
Click to expand...

The solution in the thread I linked is a little terse, but it basically says:

1. Fetch the latest.ssl for the release you're interested in.
2. Pipe that file to openssl, where, using the same TLS public key used by pkg to verify the authenticity of updates, it decrypts the file.
3. When you do that, you get a string like this:

freebsd-update|amd64|14.0-RELEASE|4|7b43ca1d58ceb54effeeefe60206f78cc7b56fbe2877e5b7fba6873eeab81abb|1738281600

4. According to the poster, that sixth field represents the expected EOL date as of the time you downloaded the latest.ssl, in Unix epoch time.
5. The script then does a less-than comparison against your current local time in UTC (the -lt $(TZ=UTC date +%s) part. If the EOL time in the file is less than the current time, print EXPIRED to the screen.
 
There are three dates at play.

  1. The date in the latest.ssl file is an estimated EoL date for 14.0-RELEASE. It's subject to change.
  2. The chart you found shows that the "stable/14" branch has an Expected EoL date of November 30, 2028. This means that the project expects to support the FreeBSD 14 major release until that date, which is precisely five years from the release of its first branch (14.0).
  3. Second in that chart is that the Expected EoL date for 14.0-RELEASE: "14.1-RELEASE + 3 months". This is shorthand for "14.0-RELEASE is EoL three months after the release of 14.1-RELEASE."
 
samjenk said:
There are three dates at play.

  1. The date in the latest.ssl file is an estimated EoL date for 14.0-RELEASE. It's subject to change.
  2. The chart you found shows that the "stable/14" branch has an Expected EoL date of November 30, 2028. This means that the project expects to support the FreeBSD 14 major release until that date, which is precisely five years from the release of its first branch (14.0).
  3. Second in that chart is that the Expected EoL date for 14.0-RELEASE: "14.1-RELEASE + 3 months". This is shorthand for "14.0-RELEASE is EoL three months after the release of 14.1-RELEASE."
Click to expand...
samjenk, many thanks for the explanation. My question remains... which EoL date should be used when following the guide in

docs.freebsd.org

Build Your Own FreeBSD Update Server

Building your own freebsd-update server allows a system administrator to perform fast updates for a number of machines from a local mirror
docs.freebsd.org docs.freebsd.org

ie:-

# EOL date
export EOL=1275289200
The sha256(1) hash key for the desired release, is published within the respective release announcement.
To generate the "End of Life" number for build.conf, refer to the "Estimated EOL" posted on the FreeBSD Security Website. The value of EOL can be derived from the date listed on the web site, using the date(1) utility, for example:
% date -j -f '%Y%m%d-%H%M%S' '20090401-000000' '+%s'

and can I use latest.ssl to establish this date?
 
balanga said:
samjenk, many thanks for the explanation. My question remains... which EoL date should be used when following the guide in

docs.freebsd.org

Build Your Own FreeBSD Update Server

Building your own freebsd-update server allows a system administrator to perform fast updates for a number of machines from a local mirror
docs.freebsd.org docs.freebsd.org

ie:-

# EOL date
export EOL=1275289200
The sha256(1) hash key for the desired release, is published within the respective release announcement.
To generate the "End of Life" number for build.conf, refer to the "Estimated EOL" posted on the FreeBSD Security Website. The value of EOL can be derived from the date listed on the web site, using the date(1) utility, for example:
% date -j -f '%Y%m%d-%H%M%S' '20090401-000000' '+%s'

and can I use latest.ssl to establish this date?
Click to expand...
If I were setting up a server with that procedure, I'd use the EoL date from latest.ssl. You can fetch it programmatically, and it appears to be the project's best estimate for the precise date.
 
You must log in or register to reply here.
Back
Top