*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We just set up a new FreeBSD 4.6 server and I was wondering the process for keeping it up to date in two different scenarios - I guess I'm looking at it from the openbsd standpoint that goes both ways:
1.) patch the specific binaries/etc that you want to update by downloading the diffs from the errata page
- or -
2.) take the time to rebuild the system fully with a new kernel and new userland and binaries from a cvs download.
Is there a similar distinction in FreeBSD? For instance, right now I'd like to rebuild OpenSSH to 3.4 and Apache to 2.x latest-stable.
At a later date when we can down the server, I'd like to do a full system rebuild and update from fresh cvs.
I recommend reading the documentation on cvsup and installing cvsupit. cvsupit can be found in the ports at:
/usr/ports/net/cvsupit
If you run cvsup periodically, your download times will remain relatively short. Then you can recompile the kernel or base operating system whenever it is convenient for you.
When you recompile the operating system, don't forget to run mergemaster. mergemaster helps you install new configuration files without losing changes that you've made to the original files.
On my 900MHz AMD Thunderbird with 1.5GB RAM (it's a database server), recompiling the kernel and base operating system takes less than 2 hours.
Thanks for the tip. Would you recommend cron'ing the cvsup process? I've ran cvsup and synced my src tree, but I wonder if that can be used to update the ports tree periodically as well?
Also, am I to understand that cvsup docs will explain what commands to use to compile and install new kernel and userland? Including make world, etc? I've got the OpenBSD update process down, but having a hard time pinning the Free- way.
Darn it, I accidentally hit the submit button! Here we go again:
Yes, you can execute cvsup from cron. I don't simply because I don't leave my server on all the time.
Here are quick instructions for recompiling the kernel and system:
Recompiling the kernel:
1. If your computer is networked, to into single-user mode.
2. cd /usr/src/sys/i386/conf/
3. If you want to make changes to the kernel configuration,
copy GENERIC to a new configuration file:
cp GENERIC MYKERNEL (use all caps)
4. Edit MYKERNEL to meet your needs.
5. cp /usr/src
6. make buildkernel KERNCONF=MYKERNEL
7. make installkernel KERNCONF=MYKERNEL
8. shutdown -r now
Recompiling the base operating system:
1. If your computer is networked, to into single-user mode.
2. man mergemaster (you'll want to use this)
3. cd /usr/src
4. make world
5. mergemaster (I use 'mergemaster -i')
6. shutdown -r now
Awesome. This should get me moving. The docs are always a little easier to swallow when I see ahead of time where they're going.
Is this the process that should be followed every time a new errata update comes out? For instance with the recent Apache chunked encoding exploit, would you cvsup and then rebuild userland fully to fix apache, or is there a simpler process for updating just the one part of your tree?
And the question remains, is the ports tree periodically updated and if so, how does one update thier ports tree?
Whether you apply a patch or recompile the system is up to you. The decision may be determined by whether you can afford the downtime. You can apply individual patches; but I've never done it, so I have no advice for you. Basically, I cvsup on a fairly regular basis; but I only recompile when issues occur that affect how I use of the server.
Install cvsup by installing cvsupit from the ports. The configuration process will ask you which sources you want to update and whether you want to update the ports system and/or documentation. I selected everything.
Please note that applications that have been installed via ports are not updated when cvsup updates the ports system or when you recompile the base system. You have to update these applications separately.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
