Hi, What is the most automated way to keep the FreeBSD base up-to-date? I know that the binary upgrade option in sysinstall can be used to upgrade the base to the latest release... but does this take into account new Security Advisories? Any pointers to appropriate documentation would be helpful as well. Thanks, Omar
On Wednesday 12 May 2004 17:35, Omar M. Nafees wrote:> What is the most automated way to keep the FreeBSD base up-to-date? I know > that the binary upgrade option in sysinstall can be used to upgrade the > base to the latest release... but does this take into account new Security > Advisories?I think what you're looking for is security/freebsd-update.> Any pointers to appropriate documentation would be helpful as well.See http://www.daemonology.net/freebsd-update/ -- ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: signature Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040512/45b3decd/attachment.bin
At 16:35 12/05/2004, Omar M. Nafees wrote:>What is the most automated way to keep the FreeBSD base up-to-date? I know >that the binary upgrade option in sysinstall can be used to upgrade the base >to the latest release... but does this take into account new Security >Advisories?No. To upgrade your -RELEASE to include security fixes, you have to update your source tree (either via cvsup or by manually downloading and applying patches) and rebuild (either world or kernel, as applicable). Instructions are included in every security advisory. Or, of course, you could use the not-officially-supported-but-used-by- over-4000-people-anyway binary update option known as FreeBSD Update. You'll find it in the ports tree as security/freebsd-update. :-) Colin Percival
> What is the most automated way to keep the FreeBSD base up-to-date? I know > that the binary upgrade option in sysinstall can be used to upgrade the base > to the latest release... but does this take into account new Security > Advisories?Synchronizing your sources with cvsup, and then recompiling the whole system is IMHO the easiest method to keep up to date: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html Many people run a cron job to track RELENG_4 or just the security branch.> Any pointers to appropriate documentation would be helpful as well. > > Thanks, > OmarCheers, -cpghost. -- Cordula's Web. http://www.cordula.ws/
Omar,> What is the most automated way to keep the FreeBSD base up-to-date?Like many FreeBSD users, I've scripted the standard update process (cvsup, make buildworld, buildkernel, installkernel, installworld). I periodically run update_fbsd[1] to make a freshly updated build ready to install, then when I want to install I run install_fbsd, mergemaster and reboot. Note that I don't strictly follow the proper procedure of installing and booting a new kernel before installing a new world. The manual part - shutdown now; install_fbsd; mergemaster; reboot - takes a few minutes on my creaky old PC[3], which is not bad for an OS installation. Updated ports (which update_fbsd does too) are usually all handled by a simple "portupgrade --all". [1] http://halplant.com:88/software/FreeBSD/scripts/update_fbsd [2] http://halplant.com:88/software/FreeBSD/scripts/install_fbsd [3] http://halplant.com:88/systems.html -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |