Re: too late to change to security branch?
Bill Stwalley wrote: On 9/30/07, Rakhesh Sasidharan [EMAIL PROTECTED] wrote: Hi Bill! I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. The ports system doesn't have any branches. The same tree is used between all the different FreeBSD branches so you can't just track security updates only. You track it using portupgrade/ cvsup. The base system has many branches. In your case, you seem to be following the security branches for 6.1 and 6.2 using freebsd-update. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. Maybe you can provide more info on what's breaking? I use FreeBSD for a couple of headless machines. No X and other stuff, but I haven't had any breakages so far. *touchwood* Do go though the UPDATING file to check out any gotchas before updating. HTH, - Rakhesh http://rakhesh.net/ I'm grateful to all your clarifications, as I feel this operation system is really supported with care. Our uw-imap was broken recently for a few days as people could not login, so I had to switch to dovecot. Nothing was mentioned in the UPDATING file, although there was indeed a big update of uw-imap. I only got relieved after finding http://lists.freebsd.org/pipermail/freebsd-ports/2007-October/044051.htmlposted a couple days later. Things similar to this, although to less extent, did happen once a couple months, sometimes the postfix and other startup scripts in /usr/local/etc/rc.d/ will be renamed to postfix.sh or vice verser by port upgrade, that broke my other scripts. As everyone appears to suggest against updating ports in cron job and suggest reading UPDATING instead and then updating by hand, I'm really curious: Is it practical to do that when you manage a dozen servers? I imagine doing that alone would be a substantial job. However crontab updated ports do take down services from time to time. Best, Bill In the Handbook, Chapter 23.5, is one plan: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html HTH, Kevin Kinsey -- APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: too late to change to security branch?
On 9/30/07, Rakhesh Sasidharan [EMAIL PROTECTED] wrote: Hi Bill! I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. The ports system doesn't have any branches. The same tree is used between all the different FreeBSD branches so you can't just track security updates only. You track it using portupgrade/ cvsup. The base system has many branches. In your case, you seem to be following the security branches for 6.1 and 6.2 using freebsd-update. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. Maybe you can provide more info on what's breaking? I use FreeBSD for a couple of headless machines. No X and other stuff, but I haven't had any breakages so far. *touchwood* Do go though the UPDATING file to check out any gotchas before updating. HTH, - Rakhesh http://rakhesh.net/ I'm grateful to all your clarifications, as I feel this operation system is really supported with care. Our uw-imap was broken recently for a few days as people could not login, so I had to switch to dovecot. Nothing was mentioned in the UPDATING file, although there was indeed a big update of uw-imap. I only got relieved after finding http://lists.freebsd.org/pipermail/freebsd-ports/2007-October/044051.htmlposted a couple days later. Things similar to this, although to less extent, did happen once a couple months, sometimes the postfix and other startup scripts in /usr/local/etc/rc.d/ will be renamed to postfix.sh or vice verser by port upgrade, that broke my other scripts. As everyone appears to suggest against updating ports in cron job and suggest reading UPDATING instead and then updating by hand, I'm really curious: Is it practical to do that when you manage a dozen servers? I imagine doing that alone would be a substantial job. However crontab updated ports do take down services from time to time. Best, Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: too late to change to security branch?
Hi Bill! I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. The ports system doesn't have any branches. The same tree is used between all the different FreeBSD branches so you can't just track security updates only. You track it using portupgrade/ cvsup. The base system has many branches. In your case, you seem to be following the security branches for 6.1 and 6.2 using freebsd-update. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. Maybe you can provide more info on what's breaking? I use FreeBSD for a couple of headless machines. No X and other stuff, but I haven't had any breakages so far. *touchwood* Do go though the UPDATING file to check out any gotchas before updating. HTH, - Rakhesh http://rakhesh.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: too late to change to security branch?
I run freebsd-update and my cvsup configuration uses *default release=cvs tag=.. I am actually following security branch, since I do not recompile the kernel, right? This cvs tag only matters if I compile the kernel, right? If you are using freebsd-update then you are following the security branch. Even if you were using cvs and had to recompile the kernel (coz of some patch there) you would still be following the security branch (**if** you are tracking the security branch, that is). In FreeBSD, the base system and the 3rd party apps are separate. The base system has the concept of branches. The 3rd party apps (ports) are shared amongst all, there's no concept of branches. So you can't just follow security updates for the 3rd party apps. HTH, - Rakhesh http://rakhesh.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
too late to change to security branch?
I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. If that's impossible, can I wait until the release of 6.3, upgrading to it, and then switch to SECURITY branch in cvsup? If those are entirely impossible, can I switch to STABLE branch? I'm confused by this system, please let me know if anything I do doesn't make sense. Best, Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: too late to change to security branch?
On Wednesday 26 September 2007, Bill Stwalley said: I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. If that's impossible, can I wait until the release of 6.3, upgrading to it, and then switch to SECURITY branch in cvsup? If those are entirely impossible, can I switch to STABLE branch? I'm confused by this system, please let me know if anything I do doesn't make sense. Best, Bill There are no other branches of ports except current. The release, security, stable and current branches only apply to the system itself. The exception being the ports that come with a release are just a snapshot of the ports tree at the time the release was rolled. While we try our best to avoid breakage, it sometimes happens. My suggestion is that if you plan on upgrading something mission critical, you might want to try the upgrade on another similar box first and test. As for compiling with options not already available in the port itself, you are basically on your own. If there is a particular option that comes with the sources, but is not a port option contact the maintainer of that port. As for doing port updates with a cron script it's not recommended. You should always read UPDATING before installing anything. Believe me it will save you foot shooting. Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: too late to change to security branch?
On 9/27/07, Beech Rintoul [EMAIL PROTECTED] wrote: On Wednesday 26 September 2007, Bill Stwalley said: I have servers running 6.1 and 6.2. I use freebsd-update in cron jobs to install binary security update to the base system, and use cvsup/portupgrade in cron jobs to install port updates. By default, cvsup uses CURRENT branch. I am tired of some updates breaking something unnecessarily, and am thinking of changing to SECURITY branch in cvsup. Is that possible? Some of my ports are already locally compiled with customized options. If that's impossible, can I wait until the release of 6.3, upgrading to it, and then switch to SECURITY branch in cvsup? If those are entirely impossible, can I switch to STABLE branch? I'm confused by this system, please let me know if anything I do doesn't make sense. Best, Bill There are no other branches of ports except current. The release, security, stable and current branches only apply to the system itself. The exception being the ports that come with a release are just a snapshot of the ports tree at the time the release was rolled. While we try our best to avoid breakage, it sometimes happens. My suggestion is that if you plan on upgrading something mission critical, you might want to try the upgrade on another similar box first and test. As for compiling with options not already available in the port itself, you are basically on your own. If there is a particular option that comes with the sources, but is not a port option contact the maintainer of that port. As for doing port updates with a cron script it's not recommended. You should always read UPDATING before installing anything. Believe me it will save you foot shooting. Beech -- I run freebsd-update and my cvsup configuration uses *default release=cvs tag=.. I am actually following security branch, since I do not recompile the kernel, right? This cvs tag only matters if I compile the kernel, right? Thanks, Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]