clarification of cvsup process.
I have a FreeBSD 6.0 server that I manage that is used as a DNS / mail server. In the wake of the recent sendmail security announcement, I'd like to make sure I'm keeping the thing up to date. I tried to run the patch as listed in the announcement, but the patch just seemed to hang, so I killed the process and decided to go the cvsup route. now I understand the whole cvsup process, as well as updating ports, but the whole release tag thing still has me confused. If possible could someone tell me if I'm doing this right or not, or have someone tell me what I'm doing wrong. I'm only interested in updating the system when a security need arises, and have no desire to live on the cutting edge. I handle the ports through portaudit/portsnap/portmanager, and am looking to only update the case system with cvsup. Here is the list of commands I run to update the system. # cvsup /usr/local/greg/cvsupfile Contents of cvsupfile: *default host=cvsup6.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. # cd /usr/src # make buildworld # make buildkernel # make installkernel # reboot After rebooting into single user mode: # fsck -p # mount -u / # mount -a -t ufs # swapon -a # adjkerntz -i # mergemaster -p # make installworld # mergemaster # reboot After rebooting: # cd /etc/mail # make all # make install # make restart And that's it. I do the stuff in /etc/mail since I'm not sure running make buildworld will update the cf files. The last patch that came out, I did the same thing I outlined above, but I did not notice a change in the version number of Sendmail when telnetting to it. I did a search through the security notice, and took a look at all of the source files on my machine that were updated. Although I could not find a version number anywhere, I noticed that the timestamp for all of the affected files had changed to the date listed in the announcement. I'm not sure if Sendmail reports it's version from something hardcoded in the binary, or if it comes from the cf file. So does this look right? Or am I missing something obviously stupid? Is my cvsupfile correct for what I want it to do? TIA Greg Groth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
In response to Greg Groth [EMAIL PROTECTED]: I have a FreeBSD 6.0 server that I manage that is used as a DNS / mail server. In the wake of the recent sendmail security announcement, I'd like to make sure I'm keeping the thing up to date. I tried to run the patch as listed in the announcement, but the patch just seemed to hang, so I killed the process and decided to go the cvsup route. now I understand the whole cvsup process, as well as updating ports, but the whole release tag thing still has me confused. If possible could someone tell me if I'm doing this right or not, or have someone tell me what I'm doing wrong. I'm only interested in updating the system when a security need arises, and have no desire to live on the cutting edge. I handle the ports through portaudit/portsnap/portmanager, and am looking to only update the case system with cvsup. Here is the list of commands I run to update the system. # cvsup /usr/local/greg/cvsupfile Contents of cvsupfile: *default host=cvsup6.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. Note that you set the tag=RELENG_6_0 ... which is what you want, then you reset it tag=. -- which will give you 6-STABLE -- not what you want. Remove the *default tag=. line. # cd /usr/src # make buildworld # make buildkernel # make installkernel # reboot After rebooting into single user mode: # fsck -p # mount -u / # mount -a -t ufs # swapon -a # adjkerntz -i # mergemaster -p # make installworld # mergemaster # reboot After rebooting: # cd /etc/mail # make all # make install # make restart And that's it. I do the stuff in /etc/mail since I'm not sure running make buildworld will update the cf files. The last patch that came out, I did the same thing I outlined above, but I did not notice a change in the version number of Sendmail when telnetting to it. I don't know if the patch updates sendmail's internal version or not. What does uname -a tell you after the upgrade? -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
On 6/15/2006 2:42 PM, Bill Moran wrote: In response to Greg Groth [EMAIL PROTECTED]: I have a FreeBSD 6.0 server that I manage that is used as a DNS / mail server. In the wake of the recent sendmail security announcement, I'd like to make sure I'm keeping the thing up to date. I tried to run the patch as listed in the announcement, but the patch just seemed to hang, so I killed the process and decided to go the cvsup route. now I understand the whole cvsup process, as well as updating ports, but the whole release tag thing still has me confused. If possible could someone tell me if I'm doing this right or not, or have someone tell me what I'm doing wrong. I'm only interested in updating the system when a security need arises, and have no desire to live on the cutting edge. I handle the ports through portaudit/portsnap/portmanager, and am looking to only update the case system with cvsup. Here is the list of commands I run to update the system. # cvsup /usr/local/greg/cvsupfile Contents of cvsupfile: *default host=cvsup6.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. Note that you set the tag=RELENG_6_0 ... which is what you want, then you reset it tag=. -- which will give you 6-STABLE -- not what you want. Remove the *default tag=. line. Out of curiosity, can you revert back to RELENG_6_0 from 6_STABLE? Obviously I already ran this process... # cd /usr/src # make buildworld # make buildkernel # make installkernel # reboot After rebooting into single user mode: # fsck -p # mount -u / # mount -a -t ufs # swapon -a # adjkerntz -i # mergemaster -p # make installworld # mergemaster # reboot After rebooting: # cd /etc/mail # make all # make install # make restart And that's it. I do the stuff in /etc/mail since I'm not sure running make buildworld will update the cf files. The last patch that came out, I did the same thing I outlined above, but I did not notice a change in the version number of Sendmail when telnetting to it. I don't know if the patch updates sendmail's internal version or not. What does uname -a tell you after the upgrade? mail# uname -a FreeBSD mail.domain.com 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Tue Mar 28 13:46:24 CST 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 (the real domain has been obfuscated) Thanks for the reply. Greg Groth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
In response to Greg Groth [EMAIL PROTECTED]: On 6/15/2006 2:42 PM, Bill Moran wrote: In response to Greg Groth [EMAIL PROTECTED]: [snip] Contents of cvsupfile: *default host=cvsup6.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. Note that you set the tag=RELENG_6_0 ... which is what you want, then you reset it tag=. -- which will give you 6-STABLE -- not what you want. Remove the *default tag=. line. Out of curiosity, can you revert back to RELENG_6_0 from 6_STABLE? Obviously I already ran this process... I have successfully done this with other versions of FreeBSD, whether or not it works is dependent on exactly what version you're trying to back out of, and I can't say for sure about 6-STABLE to 6.0. What does uname -a tell you after the upgrade? mail# uname -a FreeBSD mail.domain.com 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Tue Mar 28 13:46:24 CST 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Are you sure you completed the process successfully? If you'd had tag=., this would reports something like 6-STABLE. If you'd had 6_0_RELENG, it would report 6.0-RELEASE-p9. It looks as if the make install* steps weren't completed. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
On 6/15/2006 3:02 PM, Bill Moran wrote: In response to Greg Groth [EMAIL PROTECTED]: On 6/15/2006 2:42 PM, Bill Moran wrote: In response to Greg Groth [EMAIL PROTECTED]: [snip] Contents of cvsupfile: *default host=cvsup6.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_6_0 *default delete use-rel-suffix src-all *default tag=. Note that you set the tag=RELENG_6_0 ... which is what you want, then you reset it tag=. -- which will give you 6-STABLE -- not what you want. Remove the *default tag=. line. Out of curiosity, can you revert back to RELENG_6_0 from 6_STABLE? Obviously I already ran this process... I have successfully done this with other versions of FreeBSD, whether or not it works is dependent on exactly what version you're trying to back out of, and I can't say for sure about 6-STABLE to 6.0. What does uname -a tell you after the upgrade? mail# uname -a FreeBSD mail.domain.com 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Tue Mar 28 13:46:24 CST 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Are you sure you completed the process successfully? If you'd had tag=., this would reports something like 6-STABLE. If you'd had 6_0_RELENG, it would report 6.0-RELEASE-p9. It looks as if the make install* steps weren't completed. (reiterating my original email for clarification) # cd /usr/src # make buildworld # make buildkernel # make installkernel # reboot After rebooting into single user mode: # fsck -p # mount -u / # mount -a -t ufs # swapon -a # adjkerntz -i # cd /usr/src (I forgot to list this last time around) # mergemaster -p # make installworld # mergemaster # reboot No errors reported during any of these steps, and each step appears to complete like it's doing exactly what it's supposed to. Can you see any steps I missed or overlooked? Any advice on how to determine where something might have gone wrong? All of a sudden I'm having this feeling that something might be broken somewhere... Many thanks, Greg Groth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
In response to Greg Groth [EMAIL PROTECTED]: On 6/15/2006 3:02 PM, Bill Moran wrote: In response to Greg Groth [EMAIL PROTECTED]: On 6/15/2006 2:42 PM, Bill Moran wrote: In response to Greg Groth [EMAIL PROTECTED]: [snip] mail# uname -a FreeBSD mail.domain.com 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Tue Mar 28 13:46:24 CST 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Are you sure you completed the process successfully? If you'd had tag=., this would reports something like 6-STABLE. If you'd had 6_0_RELENG, it would report 6.0-RELEASE-p9. It looks as if the make install* steps weren't completed. (reiterating my original email for clarification) # cd /usr/src # make buildworld # make buildkernel # make installkernel # reboot After rebooting into single user mode: # fsck -p # mount -u / # mount -a -t ufs # swapon -a # adjkerntz -i # cd /usr/src (I forgot to list this last time around) # mergemaster -p # make installworld # mergemaster # reboot No errors reported during any of these steps, and each step appears to complete like it's doing exactly what it's supposed to. Can you see any steps I missed or overlooked? Any advice on how to determine where something might have gone wrong? All of a sudden I'm having this feeling that something might be broken somewhere... I don't see any missed or incorrect steps here. Check the files listed in the advisory to see if the versions you have in /usr/src match those for 6.0-RELEASE-p9. It's possible that the cvsup server you used didn't have all the updates yet. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
On Thursday 15 June 2006 21:02, Bill Moran wrote: Are you sure you completed the process successfully? If you'd had tag=., this would reports something like 6-STABLE. If you'd had 6_0_RELENG, it would report 6.0-RELEASE-p9. Surely tag=. is 7-CURRENT, not 6-STABLE. Or am I missing something? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
RW writes: Are you sure you completed the process successfully? If you'd had tag=., this would reports something like 6-STABLE. If you'd had 6_0_RELENG, it would report 6.0-RELEASE-p9. Surely tag=. is 7-CURRENT, not 6-STABLE. Or am I missing something? That was my reaction. If so, I would be very wary of going backwards across major versions. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clarification of cvsup process.
In response to RW [EMAIL PROTECTED]: On Thursday 15 June 2006 21:02, Bill Moran wrote: Are you sure you completed the process successfully? If you'd had tag=., this would reports something like 6-STABLE. If you'd had 6_0_RELENG, it would report 6.0-RELEASE-p9. Surely tag=. is 7-CURRENT, not 6-STABLE. Or am I missing something? My mistake. My point doesn't change. Based on his supfile, he should have 7 or 6-p9, but not the version he reported. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]