Re: Confused about keeping system up to date
On Tue, Oct 5, 2010 at 9:32 PM, Ed Flecko edfle...@gmail.com wrote: Thanks Patrick! :-) 1.) How do you know if a patch applies just to the kernel? For example, I'm looking at the security advisory 2010-09-20 FreeBSD-SA-10:08.bzip2 ( http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ), but it isn't clear to me if it applies to just the kernel or...??? If you need to recompile the kernel, the security advisory will tell you to. And it dont in that particular advisory. -- chs, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Confused about keeping system up to date
Hi folks, I'm running Production Release 8.1 on a production server. For a variety of reasons, I've decided to keep my system up to date via building it from source code. 1.) I want to follow the 8.1 errata branch, which (after rebuilding) pretty much just applies any released patches, right? 2.) I want the entry in my supfile to read: tag=RELENG_8_1_0 - or tag=RELENG_8.1_0 ? 3.) As a general rule, the only time you really NEED to update, rebuild your system, etc., is after there's been a security patch release, right? 4.) Is RELENG_8_1 the same thing as 8.1-RELEASE ??? 5.) If I'm just trying to keep my system up to date as far as applying security patches, should I just follow the directions in the security patch notes to apply it, or should I update via cvsup (or csup, etc.) and rebuild the system? I guess what I'm asking is: when, if ever (?) should you just apply patches or should you always update, rebuild, etc.??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Confused about keeping system up to date
Le Tue, 5 Oct 2010 11:55:50 -0700, Ed Flecko edfle...@gmail.com a écrit : Hello, 1.) I want to follow the 8.1 errata branch, which (after rebuilding) pretty much just applies any released patches, right? Yes 2.) I want the entry in my supfile to read: tag=RELENG_8_1_0 - or tag=RELENG_8.1_0 ? You must use RELENG_8_1 see http://www.freebsd.org/releng/ RELENG_8_1 is the errata branch for FreeBSD 8.1 RELENG_8_1_0 is the tag for the released FreeBSD 8.1, so without any patch applied since the release. 5.) If I'm just trying to keep my system up to date as far as applying security patches, should I just follow the directions in the security patch notes to apply it, or should I update via cvsup (or csup, etc.) and rebuild the system? I guess what I'm asking is: when, if ever (?) should you just apply patches or should you always update, rebuild, etc.??? You can follow the directions, csup + rebuild + and reinstall all the system (or just the kernel if the problem is a kernel one), or use freebsd-update(8) for binary update. Regards. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Confused about keeping system up to date
Thanks Patrick! :-) 1.) How do you know if a patch applies just to the kernel? For example, I'm looking at the security advisory 2010-09-20 FreeBSD-SA-10:08.bzip2 ( http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ), but it isn't clear to me if it applies to just the kernel or...??? 2.) If the problem IS just related to the kernel, I just do: csup + make buildkernel + make installkernel, right? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Confused about keeping system up to date
Ed Flecko wrote: Hi folks, I'm running Production Release 8.1 on a production server. For a variety of reasons, I've decided to keep my system up to date via building it from source code. 1.) I want to follow the 8.1 errata branch, which (after rebuilding) pretty much just applies any released patches, right? 2.) I want the entry in my supfile to read: tag=RELENG_8_1_0 - or tag=RELENG_8.1_0 ? tag=RELENG_8_1 is known as the 'security branch' of 8.1-RELEASE. It is RELEASE plus security patches. RELEASE itself will never change. 3.) As a general rule, the only time you really NEED to update, rebuild your system, etc., is after there's been a security patch release, right? True for RELEASE, not true for tracking -STABLE or -CURRENT as they are shifting targets. On production servers I only use RELEASE and only update for security updates. IMHO the only reason for considering a move from RELEASE to STABLE is if there is a specific fix for a very specific issue which had been fixed in - CURRENT and MFC'd back to STABLE. Don't have the exact issue in the bug report - stick with RELEASE. 4.) Is RELENG_8_1 the same thing as 8.1-RELEASE ??? RELEASE itself is static. RELENG_8_1 is RELEASE plus security patches. 5.) If I'm just trying to keep my system up to date as far as applying security patches, should I just follow the directions in the security patch notes to apply it, or should I update via cvsup (or csup, etc.) and rebuild the system? I guess what I'm asking is: when, if ever (?) should you just apply patches or should you always update, rebuild, etc.??? I read and follow the instructions in the announcement. If the issue is located in a userland utility, e.g. non-kernel related, you can apply the patch, rebuild/reinstall just that piece of code, and not reboot the system. A production system can remain in production. The thing that will be lacking is uname will not show the update status such as: 8.1-RELEASE-p1 - the p(x) number will not increment. This number will increment when doing a make buildworld. buildkernel, installkernel, and installworld rebuild by csup of source. This approach is necessitated when the issue is in the kernel code. The instructions in the announcement will tell you this so you can choose. But anytime the rebuild from source of kernel code is required so is a reboot. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
