From 008fdfaa8e6b1237c19b4d133b708b001ca6b666 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Tue, 23 Jun 2026 14:17:58 +0000 Subject: [PATCH] chg: test all FreeBSD upstream supported versions Also drop the HardenedBSD text, as we didn't test it recently: users can still try to use the software on FreeBSD forks, as long as they're compatible with upstream FreeBSD --- .github/workflows/freebsd.yml | 7 +++++-- README.md | 6 +++--- doc/sphinx/installation/basic.rst | 3 +-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/freebsd.yml b/.github/workflows/freebsd.yml index 86cc26b..f915366 100644 --- a/.github/workflows/freebsd.yml +++ b/.github/workflows/freebsd.yml @@ -8,8 +8,11 @@ on: jobs: freebsd: runs-on: ubuntu-latest - name: FreeBSD + name: FreeBSD ${{ matrix.version }} if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }} + strategy: + matrix: + version: ['14.4', '15.0', '15.1'] timeout-minutes: 45 steps: - uses: actions/checkout@v6 @@ -19,7 +22,7 @@ jobs: uses: cross-platform-actions/action@master with: operating_system: freebsd - version: '14.3' + version: ${{ matrix.version }} shell: bash sync_files: runner-to-vm run: | diff --git a/README.md b/README.md index 634b27c..2bf9123 100644 --- a/README.md +++ b/README.md @@ -120,16 +120,16 @@ Linux distros below are tested with each release, but as this is a security prod - Debian 13 (Trixie), 12 (Bookworm), 11 (Bullseye) - RockyLinux 9.x, 8.x - Ubuntu LTS 24.04, 22.04, 20.04 -- OpenSUSE Leap 15.5\* +- OpenSUSE Leap 15.6\* \*: Note that these versions have no out-of-the-box MFA support, as they lack packaged versions of `pamtester`, `pam-google-authenticator`, or both. Of course, you may compile those yourself. Any other so-called "modern" Linux version are not tested with each release, but should work with no or minor adjustments. The following OS are also tested with each release: -- FreeBSD/HardenedBSD 14.3\*\* +- FreeBSD 14.4, 15.0, 15.1\*\* -\*\*: Note that these have partial MFA support, due to their reduced set of available `pam` plugins. Support for either an additional password or TOTP factor can be configured, but not both at the same time. The code is actually known to work on FreeBSD/HardenedBSD 10+, but it's only regularly tested under 14.3. +\*\*: Note that these have partial MFA support, due to their reduced set of available `pam` plugins. Support for either an additional password or TOTP factor can be configured, but not both at the same time. Other BSD variants, such as OpenBSD and NetBSD, are unsupported as they have a severe limitation over the maximum number of supplementary groups, causing problems for group membership and restricted commands checks, as well as no filesystem-level ACL support and missing PAM support (hence no MFA). diff --git a/doc/sphinx/installation/basic.rst b/doc/sphinx/installation/basic.rst index 194a35a..a2bb38d 100644 --- a/doc/sphinx/installation/basic.rst +++ b/doc/sphinx/installation/basic.rst @@ -44,11 +44,10 @@ but should work with no or minor adjustments. The following OS are also tested with each release: -- FreeBSD/HardenedBSD 14.3\*\* +- FreeBSD 14.4, 15.0, 15.1\*\* \*\*: Note that these have partial MFA support, due to their reduced set of available ``pam`` plugins. Support for either an additional password or TOTP factor can be configured, but not both at the same time. -The code is actually known to work on FreeBSD/HardenedBSD 10+, but it's only regularly tested under 14.3. Other BSD variants, such as OpenBSD and NetBSD, are unsupported as they have a severe limitation over the maximum number of supplementary groups, causing problems for group membership and restricted commands checks,