Akenner wrote:
Hello all,
I've been using this list to my advantage for a while to learn things
I can't seem to grasp, and I've gotten great amounts of help.
I have a question in regards to the process of patching / Updating /
Upgrading I'd like a hand with. I have two machines running FreeBSD
7.1-RELEASE and I'd like to make sure I've got security fixes on my
test machine. I'm saying test amchine because the box I'm typing this
from is an active needed desktop system I'm using for a lot of things
right now, and I figured my best bet would be to set up another
machine with a similar installation set so I could test out new ideas
on that instead of risking breaking something on this one.
Definitely a good idea, if you have machines to spare.
Anyway, I've been reading up on the CVS idea and asking things about
freebsd-update, and I guess my question is more along these lines:
If I wanted to just make sure I've got bug fixes and security patches,
would CVS or FreeBSD-Update be best for this? Or are they both good
for this? I know in the Unix world there are generally a lot of things
that do one thing very well but can generally do other things too.
For getting just the security fixes for your -RELEASE version,
freebsd-update is by far the easiest way to go. Only thing you need to
do is run:
# freebsd-update fetch
# freebsd-update install
These can even be combined into one:
# freebsd-update fetch install
Depending on whether a new kernel was installed, you may or may not have
to reboot. (it is easy to see on the messages whether a new
/boot/kernel/kernel file was installed). If you are using a custom
kernel, the process is slightly more involved: Every time the updates
touch the kernel, you will have to rebuild your custom kernel. If you
know nothing on custom kernels (yet) you are running GENERIC and you
just need the above procedure.
For details, please refer to:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading-freebsdupdate.html
(esp. sect 24.2.2)
I'm reading on CVS right now and it seems I could use this to keep the
machine updated, but I'm having some issues understanding the idea of
how it works. Basically, if I'm running 7.1-RELEASE, isn't that
already the updated version? Or, have I maybe misunderstood something,
and the tree RELEASE for 7.1 has bug fixes and security patches added
to it, and I could CVSup to the newest release of 7.1 ?
7.1 is the latest RELEASE. Although new feature will not be added into
it, you could use csup/cvsup to get the security fixes. These would be
the same as the ones you can get (without recompiling anything) with
freebsd-update as described above. If you really wish to track a
development version of FreeBSD, you can use CVSup to get 7-STABLE (this
is the continuing development branch, based on the work of 7.1. In the
future, developments from this branch will get us to 7.2-RELEASE). Or,
if you are really adventurous, you could try running -CURRENT (which
will in time become FreeBSD 8.0-RELEASE). More info is here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html
If you just need the security updates for 7.1-RELEASE, freebsd-update is
really the painless way to go. But CVSup can also do it, and it will be
a nice exercise ;)
Also, FreeBSD-update came across my reading, and it seems to be
similar to swaret in the Slackware world. I know it isn't the same
thing as BSD seems much more source based than other OSs, but I would
like to get at least one of the ways to keep updated picked out, and
started using on the test machine to make sure I fully understand it
before using it to update my main box.
Go ahead and use it on your main system. Freebsd-update is safe (you
can even rollback the updates if need be). As I said, unless you are
running a custom kernel (and you are not probably), this is just two
commands. And there no other settings needed beforehand.
One of the things I did was make two copies of the example CVS
standard supfile; one I made in that directory as standard.bak and
then I copied a copy of it to the /root directory to look at and maybe
edit as well, but as I said, I could use a hand in deciding which
option is going to work best.
If you decide to go the CVSup way for the security fixes, you would need
to make sure you have this line:
*default release=cvs tag=RELENG_7_1
(This is already in the standard supfile normally)
To move to 7-STABLE, you would need to change it to:
*default release=cvs tag=RELENG_7
(You will find this in the sample stable-supfile)
Then, follow the instructions in chapter 24. If you are getting confused
with the many different possible tags, this will probably make them clear:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
So if anyone could lend a little but in typing out what they use for
updates and how they go about it, I'd appreciate it. I've already
gotten a full CVSup file