As a real-world benchmark I rebuilt the FreeBSD OS after the most recent published vulnerabilities.
When building FreeBSD, I tend to disable stuff that I don’t need. This reduces the build time and also is good for security; features that aren’t there cannot be part of a possible attack surface.
Generally, I have the following features disabled;
acct, amd, atm, autofs, bhyve, blacklist, bluetooth, bootparamd, bootpd, bsnmp, ccd, cddl, ctm, ctf, cxgbetool, debug_files, finger, floppy, freebsd_update, ftp, gcov, gdb, googletest, hast, hyperv, inetd, ipfilter, iscsi, kernel_symbols, legacy_console, lib32, lpr, mlx5tool, module_drm, module_drm2, ndis, netgraph, nls, ntp, openssh, pf, portsnap, profile, quotas, rbootd, sendmail, syscons, talk, telnet, tests, tftp, timed, zoneinfo
That is e.g.
acct being disabled means that
WITHOUT_ACCT=true is in
src.conf(5) for the details.
The build procedure that I used is as follows.
# cd /usr/src/ # make -j4 buildworld buildkernel # make installkernel # mergemaster -p # make -j4 installworld # mergemaster -i -F -U # make delete-old -DBATCH_DELETE_OLD_FILES # make delete-old-libs -DBATCH_DELETE_OLD_FILES
Note that I also rebuild and reinstall the
misc/zoneinfo ports. This is not part of the measured time, however.
Results and discussion
From the build log:
>>> World build started on Thu Aug 6 13:36:31 CEST 2020 >>> World build completed on Thu Aug 6 14:38:56 CEST 2020
So re-building the world took about an hour and three minutes.
>>> Kernel build for GENERIC started on Thu Aug 6 14:38:56 CEST 2020 >>> Kernel build for GENERIC completed on Thu Aug 6 14:43:59 CEST 2020
The kernel build took about five minutes.
These short build times are mainly down to three factors. Estimated from most to least important:
- Using an (NVME) SSD.
- Relatively fast i7-7700 CPU (even though hyperthreading is disabled).
- A significant amount of disabled features.