patching a production system

Chaos Golubitsky walrus+freebsd at glassonion.org
Sun Apr 20 08:16:11 PDT 2003 

Hi all,

This is an advice question, so i hope this list is the right place
to ask: i am tasked with maintaining a FreeBSD box which is a server
for a very small company.  (I am a sysadmin, but this is my first
real experience with FreeBSD.)  I want to be able to keep the box
reasonably current on security patches to the os, so it seems to
me that i should be tracking freebsd-RELEASE.

My question is in two parts:

(a) (I think the answer is no, but would love to hear otherwise):
    Do i have an alternative to maintaining a source tree on this
    machine?  The release engineering notes:
    http://www.freebsd.org/doc/en_US.ISO8859-1/articles/releng/article.html
    mention binary patchkits for the release branch, but i don't
    think these actually exist.  Does anyone know?  Conversely, how
    easy is it to do updates using /stand/sysinstall without changing
    my system configuration more than needed?  The buildworld ->
    installworld -> mergemaster routine seems convenient and stable,
    but i don't like doing source compiles on a production machine,
    and we don't have budget for a spare with similar architecture.

(b) Specifically, the machine is currently running 4.6-RELEASE, and
    i thought i would upgrade it to 4.8-RELEASE and track that,
    since FreeBSD will test its security patches for longer (right?),
    so i won't have to upgrade again for awhile.  The machine was
    originally installed using /stand/sysinstall, and not by me.
    I have tested out the sysinstall -> cvs upgrade -> build ->
    install process on a spare machine of my own, and haven't run
    into any difficult problems.

    Can i expect this upgrade to go smoothly?  The machine is running
    a lot of third-party software, which i am not going to touch.
    Are there any particular red flags i should look for in terms
    of either (1) going from a sysinstall install to a source
    install, or (2) going from 4.6-RELEASE to 4.8-RELEASE?  Basically,
    i'm looking for things i can do to make it more likely that the
    install will just work (tm).

Sorry this question is so long --- i've read the manuals i could
find, and there's no substitute for advice from people with experience
with the os.  If there are any other references which specifically
talk about this kind of thing, please point me to those, though.

Thanks very much in advance!

-Chaos

More information about the freebsd-questions mailing list