On Sat, Jul 12, 2008 at 02:37:21PM -0700, Doug Hardie
wrote:> I installed 7.0 release when it first came out. However, because of the
> TCP problems with users on cable modems I had to switch to Stable to get
> the fix. I haven't updated the source since then and now there are
some
> updates on the verge of being released that need to be included.
> However, I can't tell if the fixes for the networking issue have been
> included in the security releases or not. Since these are production
> servers I don't want to just grab some random version of stable unless
> thats the only way to get all the required fixes. How do I find out
> which version I should upgrade to? If I can go back to a security
> release I suspect I will need to delete all of /usr/src, /usr/obj, and
> then reinstall the original source from the 7.0 release cd and then
> upgrade vi csup.
You're covering a multitude of topics in the above. It's hard to make
out exactly what it is you're trying to say.
First off, I'd like more information on this "TCP problems with users
on
cable modems" issue. I believe you may be referring to TCP extensions,
a.k.a. RFC1323 extensions, but I'm not sure. If so, you can disable
that feature in real-time via a sysctl. Can you shed some light on what
the issue you're referring to is?
Secondly, 7.0-RELEASE is simply named that way to announce "this OS is
now out and available". Think of it as "FreeBSD 7.0 released to the
world for the first time". Most of the 7.0 changes that are made
*after* 7.0-RELEASE are committed to a CVS branch called RELENG_7.
Shortly after (usually a few days) 7.0-RELEASE is made available to the
public, the suffix changes from RELEASE to STABLE. There is no real
"difference" between the two, other than STABLE being an even more
up-to-date version of RELEASE, and is regularly updated/maintained.
Thirdly, I don't know what you mean by "security releases", and
what
security issue you're referring to. Any time there is a security hole,
mail is sent to a couple FreeBSD lists, articulating what the hole is,
and what CVS branches the fix has been committed to. In the case of
7.0, it's going to be committed to RELENG_7, and possibly to RELENG_7_0
and other branches. The "main branch" people focus on is RELENG_7,
aside from CURRENT which is called HEAD (or "." in cvs/supfiles).
Fourthly, what is not made very clear to FreeBSD users is that if they
install src and ports off the CD, that they are missing necessary files
in /var/db/sup (or /usr/sup if they choose to use cvsup (not needed
since csup exists in the base system)). To create the proper
information so the version information matches, you have to do what's
called ""adopting"" your existing src-all and ports-all
tree:
http://www.cvsup.org/faq.html#adopt
This is one reason why I do not advocate installing src and ports off
the installation media. Instead, I just leave src and ports unchecked
and install everything else as normal -- then once the OS is installed,
use csup to populate /usr/src and /usr/ports, which will also populate
/var/db/sup. I've never had any versioning mismatches or "wild
stuff"
happen since doing that.
In your case, the simple solution is (assuming you use csup):
rm -fr /usr/src /usr/ports /var/db/sup
csup -h <cvsup_server> -L2 /usr/share/examples/cvsup/stable-supfile
csup -h <cvsup_server> -L2 /usr/share/examples/cvsup/ports-supfile
/usr/share/examples/cvsup/stable-supfile uses the CVS tag RELENG_7,
and ports-supfile uses the CVS tag . (which means HEAD); there is no
RELENG_xxx for ports.
And do not forget to rm -fr /usr/obj before doing a buildworld and
buildkernel, too.
Fifthly, and possibly the ultimate question: what CVS branch are
you following in your supfiles? Are you following RELENG_7,
RELENG_7_0, or what? Yes, it matters. IMHO, you should really
be following RELENG_7.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |