Keeping installed packages up to date
Hello, I am a relatively new BSD user, making the move from various Linux distros such as Debian GNU Linux. I have been running Linux servers for quite some time in a production environment, but based on recent events in the Linux world, have made the decision to move to FreeBSD. I have made the move to FreeBSD due to its maturity, stability and performance, not to mention that extended releases are supported for two years from their release, which is attractive in a mission-critical environment. I am trying to determine the best method of keeping my installed packages up-to-date. My current environment does not permit me to use CVSUP for synching my ports tree (due to firewall constraints) so I have been simply downloading the ports.tar.gz file from ftp.freebsd.org. I have followed the steps outlined in Richard Bejtlich's document Keeping FreeBSD Applications Up-To-Date (http://www.taosecurity.com/keeping_freebsd_applications_up-to-date.html) but I run into an issue where a number of installed packages are either skipped or fail during portupgrade. My update process is as follows: -Download port.tar.gz from ftp.freebsd.org -Extract to /usr -cd /usr/ports -make fetchindex -portsdb -u -portversion -v -l -Check /usr/ports/UPDATING for information relating to my applications -portupgrade -varR or portupgrade -varRPP My question is: is there an easier way of updating my installed packages? The process described above is incredibly time-consuming. I would like to know if there is a less time consuming method, since I have managers foaming at the mouth for my servers to be up and online with the latest updates, as soon as possible. Please advise. Thank you for your assistance. KB __ Post your free ad now! http://personals.yahoo.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Core System Update
Thank you very much for your assistance. It is much appreciated. Thanks again. Haulmark, Chris [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Monday, September 20, 2004 1:31 PM To: Kenneth A. Bond Cc: [EMAIL PROTECTED] Subject: Re: Core System Update Kenneth A. Bond wrote: Hello, I am trying to determine how often to update my systems. Currently I am using anoncvs in order to synch my source. From there I run the typical # make buildworld # make buildkernel # make installkernel # # mergemaster -p# make installworld# mergemaster# reboot Should I only perform this when a security vulnerability is found? I am trying to achieve maximum uptime for these systems and want to confirm how often I should perform a core system update. Please wrap you lines aroun 72 chars. See http://www.lemis.com/questions.html If you're shooting for max uptime and the most stable system, you can follow the procedure I follow for most of my clients: 1) Install the latests 4.x-RELEASE 2) cvsup to RELENG_4_x (currently RELENG_4_10) 3) rebuild/reinstall the core system. 4) When 4.11 comes out, schedule a weekend and cvsup the system to RELENG_4_11, rebuild/reinstall. Pay special attention to /usr/src/UPDATING, repeat for 4.12, etc 5) Subscribe to FreeBSD-security. When a vuln is announced, recvsup to the RELENG_4_x and rebuild/reinstall Or simply follow the alert's patch instructions if it is unrelated to a kernel fix. A service or two would require to be restarted after being patched. 6) Step 5 can occasionally be skipped. For example, there were many sites that I had using FreeBSD that I didn't have to update when bind problems were fixed, because they weren't running DNS servers. If you're not sure, you're safer updating than not. For instance, today, a CVS server had a security alert sent out, which is not important to those of us who do not use CVS server. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Chris Haulmark System Admin. Freelancer In market for IT corrections for a salary. Computers are like Air Conditioners: They stop working properly if you open Windows. - Post your free ad now! Yahoo! Canada Personals ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Core System Update
Hello, I am trying to determine how often to update my systems. Currently I am using anoncvs in order to synch my source. From there I run the typical # make buildworld # make buildkernel # make installkernel # # mergemaster -p# make installworld# mergemaster# reboot Should I only perform this when a security vulnerability is found? I am trying to achieve maximum uptime for these systems and want to confirm how often I should perform a core system update. Please advise. Thank you in advance for your assistance. Computers are like Air Conditioners: They stop working properly if you open Windows. - Post your free ad now! Yahoo! Canada Personals ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CVS CO Error
Hello, This was in fact a server issue, which seemed specific to the US anoncvs server. I ran the same commands, however, I used the German anoncvs server, as seen below: setenv CVSROOT [EMAIL PROTECTED]:/home/ncvs I was able to successfully synchronize my source with no errors. Thank you very much for your help. Much appreciated!! KB Phil Schulz [EMAIL PROTECTED] wrote: Kevin D. Kinsey, DaleCo, S.P. wrote: Kenneth A. Bond wrote: Hello, I am trying to update my source using CVS, as CVSup is not an option in my current environment. I am running FreeBSD 4.10. Below are the commands that I am entering in order to perform the update, but for some reason, I am getting the following error when attempting to update my source: lx1005# pwd /usr/src lx1005# setenv CVSROOT [EMAIL PROTECTED]:/home/ncvs lx1005# cvs co -rRELENG_4_10 src cvs [checkout aborted]: cannot write /home/ncvs/CVSROOT/val-tags: Permission denied lx1005# whoami root [...] I'm thinking it must be something in your configuration, as I can't replicate the problem here. I can, but only if I include the -rRELENG_4_10 part. (using csh) # setenv CVSROOT [EMAIL PROTECTED]:/home/ncvs # cvs co -rRELENG_4_10 src/COPYRIGHT cvs [checkout aborted]: cannot write /home/ncvs/CVSROOT/val-tags: Permission denied # cvs co src/COPYRIGHT U src/COPYRIGHT If there were a file in the way, you'd see something like # rm -rf src/ # mkdir src # touch src/COPYRIGHT # cvs co src/COPYRIGHT cvs checkout: cannot open CVS/Entries for reading: No such file or directory cvs [checkout aborted]: no repository The reason why I think this is a server issue is that there is no reference to /home/ncvs on my system besides the CVSROOT variable. Of course, I might be doing something wrong, but I'm completely lost on what it could be. Do you have CVS_RSH=ssh in your environment? From man cvs: CVS_RSH cvs uses the contents of this variable to determine the name of the remote shell command to use when starting a cvs server. If this variable is not set then `ssh' is used. I take is that it doesn't matter if you've got it set or not, as long as you want to use ssh. -- Did you know... If you play a Windows 2000 CD backwards, you hear satanic messages, but what's worse is when you play it forward ...it installs Windows 2000 -- Alfred Perlstein on [EMAIL PROTECTED] Computers are like Air Conditioners: They stop working properly if you open Windows. - Post your free ad now! Yahoo! Canada Personals ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CVS CO Error
Hello, I am trying to update my source using CVS, as CVSup is not an option in my current environment. I am running FreeBSD 4.10. Below are the commands that I am entering in order to perform the update, but for some reason, I am getting the following error when attempting to update my source: lx1005# pwd /usr/src lx1005# setenv CVSROOT [EMAIL PROTECTED]:/home/ncvs lx1005# cvs co -rRELENG_4_10 src cvs [checkout aborted]: cannot write /home/ncvs/CVSROOT/val-tags: Permission denied lx1005# whoami root These commands show that I am in the /usr/src directory (which is where I should be), and that I am the root user. I was informed by another user that this was a server error, but I can't seem to get around it no matter which anoncvs server I use. Please advise. Thanks Computers are like Air Conditioners: They stop working properly if you open Windows. - Post your free ad now! Yahoo! Canada Personals ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Alternatives to CVSUP for Security Updates and Errata
Hello. I am a systems adminstrator for large multi-national firm, consisting of approximately 90,000 employees. I currently manage several FreeBSD 4.9 and 4.10 servers that serve as high volume web servers to several of our employees worldwide. As you can imagine, in firm the size of ours, various teams are reponsible for various aspects of our technology infrastructure. With that said, I have requested to have our security team create a policy that will allow traffic to and from my servers via port 5999 for CVSup, so that I could synch my source. My request has been flatly refused, due to the fact that FreeBSD is not a firm-standard operating system. The security team will not open up the firewalls for this purpose. CVSup is not an option. My question is what would be the best possible method of keeping up-to-date with security patches and errata? I have tried Colin Percival's FreeBSD-Update in the past, but I'm not sure that this is the best method, since I am using some SMP custom kernels. I've also heard that CTM is a very error-plagued and archaic method. Please advise. Thank you. - Post your free ad now! Yahoo! Canada Personals ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]