The per-jail 'pkg info -e FreeBSD-runtime' detection is reliable for thick jails
(independent base) but may be empty or error on thin jails — a thin jail has no
independent pkg-managed base; its method follows the release template it was
bootstrapped from, and it's upgraded at the template level, not per-jail.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A host base upgrade leaves jails on the old release — they carry their own
userland. Add a Jails section + runbook step: upgrade jails after the host
reaches the new kernel; thick = independent base each, thin = clone of a
bootstrapped release template; detect pkgbase vs freebsd-update per jail; Bastille
bootstrap/upgrade flow; same-major ABI means no in-jail package rebuild; verify
each jail with bastille cmd <jail> freebsd-version. Validation slot now also
captures per-jail evidence.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A pkgbase host already has a FreeBSD-base repo; appending a second block creates
a duplicate repo name (undefined, last-wins). Inspect and EDIT the existing entry
in place (base_release_0 -> base_release_N/base_latest to cross a point release),
then pkg update + pkg upgrade -n (dry run to confirm 15.1 is offered) before the
real pkg upgrade. Also align the pre-status capture with the reference
(freebsd-version -k/-u + uname -r, not -kru).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
OSA manages its base via pkgbase (FreeBSD-kernel-generic 15.0p10), not
freebsd-update — the two are mutually exclusive. Add a detection step
(pkg info -e FreeBSD-runtime) and branch the upgrade procedure:
- pkgbase: confirm the base repo targets the new series (a pinned base_release_0
only delivers patch levels; base_release_<N>/base_latest crosses a point
release), then pkg update && pkg upgrade (base + ports together).
- freebsd-update: freebsd-update -r <target> upgrade/install + pkg for ports.
Reboot detection, verification, and the clawdie-iso side are identical for both.
Fold in OSA partial evidence: pre-status clean (k/u/uname all matched).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Ports the verified freebsd-update-reboot.md (reboot-needed detection, pre/post
status capture, package/service notes, vuln-audit wording) from clawdie-ai into
a layered-soul skill, alongside the existing freebsd-* operational skills.
SKILL.md wraps it as the same-major upgrade procedure (15.0 -> 15.1): ABI
FreeBSD:15:amd64 unchanged so no package rebuild / no PG dump-restore; reboot
only on operator go-ahead; build-host-first sequence; and the clawdie-iso side
(bump/override FREEBSD_VERSION, version-agnostic docs). Escalation is
host-agnostic (mdo on the operator image, sudo/doas elsewhere).
Validation-evidence slot left for the real OSA 15.0->15.1 run to fold in.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
