Questions about updating...

Wed Dec 3 15:58:04 PST 2003

rotten rottie wrote:

> I am a linux user that wants to switch to freebsd... I am a bit confused
>
> about applying updates etc..
>
> I installed a box for trial it was 5.1, I wanted to see if I could use
> ports to update openssh for a test examp. After the port installed I 
> noticed
> that another version of openssh was installed on the system. I talked 
> with a
> friend and he said that it was part of usr/src and I could update it by
> compiling the usr.bin version.. which was fine and worked. Here are my
> questions:
>
> 1) if there are two trees(lack of better words) why would ssh exist in
> both the system tree and the ports tree ? Wouldnt it be better to have 
> it in
> the ports tree ?
>
1st question ... I dunno, but somebody will likely tell you why
soon enough; it seems that I recall that there is an answer, at least...
2nd question ... if it were only in the ports tree, that would
likely violate the POLA ... if you set up a server, don't you *expect*
to have ssh available?

> 2) I have used gentoo in the past and am curious if there is something
> simular to emerge -up world/system -- I would like to cvs the ports/sys
> and then be able to see if anything need upgrading .. is this possible ?
>
I'm not familiar with gentoo, but AFAIK it's much like FBSD.

Updating the system is basically
$make buildworld
$make buildkernel
$make installkernel
(reboot)
$make installworld
$mergemaster

(Now, there are few options I left out, but you get the idea...)

For ports, I'd use portupgrade (which is in ports).  I wish
I'd known about it when I started with FBSD ... handles
most everything automagically.  Dru Lavigne's got an
excellent article at OnLamp.com ....

http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html

> 3) Say there was a update to openssh .. which would be the proper way to
> update .. sync the sys tree and then just update ssh .. or sync the tree
> and recompile the system ? or remove the sys version and install the port
> version and update the port ?
>
> I am very happy with freebsd .. Im still in the exploring stage .. The
> reasons for my questions is that I am a little weary of using freebsd in
> production if I dont easily know when updates are avail, having to
> recompile the system everytime I need a patch for a service.
>
> Thanks for helping me convert,
> rottie
>

Well, IIRC, when the OpenSSH advisory came out, there
were guys using all of those options...

Take a look at the security advisories on the site.  Almost always
there's a patch available for "production" machines.  If you're
tracking -STABLE like I do (even on prod. boxen) then buildworld
is easy enough for me....

HTH, Welcome to FBSD!

Kevin Kinsey
DaleCo, S.P.