Colin Percival's *freebsd-update* utility has a number of options/flags
that I can't figure out from
man *freebsd-update* or
man *freebsd-update*.conf or

*freebsd-update* [-b basedir] [--branch branchname] [-k *KEY*] command [URL]

-b basedir "Act on a FreeBSD world based at ... basedir" What does this mean? If omitted, what is the default?

--branch branchname  Possibilities are nocrypto, crypto, ... .
The example in Bejtlich's paper <>
doesn't use --branch, and yet he implies the default is crypto and that
most installations need crypto.  Is the default crypto?  How would I
know what I need?

-k *KEY*  "A public *key* with a *given* MD5 hash"
URL     "The URL from which updates are fetched"

The above two can also be specified in *freebsd-update*.conf and the
sample file has URL pointing to (Colin's web
server). Bejtlich states that the *KEY* and the URL in the .conf file are
cooked to get updates from Colin's site, and to use the sample file "if
you trust [Colin] to securely build binary updates for you to blindly
install ..."  Aside from Bejtlich's obvious tongue-in-cheek negativity
(they are both security guys after all, and Colin is the FreeBSD
security officer), are there other possible sites for updates?  How do I
figure out a correct value for *KEY* if I know the URL? Incidentally, the
*KEY* and the URL are required, since they either need to be specified on
the command line as in the above syntax or *via* the configuration file.

Finally, *freebsd-update **must* operate on a GENERIC kernel, but does this
mean I can still use device.hints?

Any help would be greatly appreciated.


Bristol Systems Inc.
714/532-6776 <>
If freebsd-update installs new kernel modules, will the system have to be re-booted? If the system does need to be re-booted, will freebsd-update do it? If I have to manually reboot, when do I know a particular update calls for re-booting?

Sorry for the 20 questions.

Chris Maness
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to