If freebsd-update installs new kernel modules, will the system have to
be re-booted? If the system does need to be re-booted, will
freebsd-update do it? If I have to manually reboot, when do I know a
particular update calls for re-booting?
Colin Percival's *freebsd-update* utility has a number of options/flags
that I can't figure out from
man *freebsd-update* or
man *freebsd-update*.conf or
*freebsd-update* [-b basedir] [--branch branchname] [-k *KEY*] command
-b basedir "Act on a FreeBSD world based at ... basedir"
What does this mean? If omitted, what is the default?
--branch branchname Possibilities are nocrypto, crypto, ... .
The example in Bejtlich's paper
doesn't use --branch, and yet he implies the default is crypto and that
most installations need crypto. Is the default crypto? How would I
know what I need?
-k *KEY* "A public *key* with a *given* MD5 hash"
URL "The URL from which updates are fetched"
The above two can also be specified in *freebsd-update*.conf and the
sample file has URL pointing to update.daemonology.net (Colin's web
server). Bejtlich states that the *KEY* and the URL in the .conf file
cooked to get updates from Colin's site, and to use the sample file "if
you trust [Colin] to securely build binary updates for you to blindly
install ..." Aside from Bejtlich's obvious tongue-in-cheek negativity
(they are both security guys after all, and Colin is the FreeBSD
security officer), are there other possible sites for updates? How do I
figure out a correct value for *KEY* if I know the URL? Incidentally,
*KEY* and the URL are required, since they either need to be specified on
the command line as in the above syntax or *via* the configuration file.
Finally, *freebsd-update **must* operate on a GENERIC kernel, but does
mean I can still use device.hints?
Any help would be greatly appreciated.
Bristol Systems Inc.
Sorry for the 20 questions.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"