Help understanding basic FreeBSD concepts (ports, updates, jails)

Manolis Kiagias sonicy at otenet.gr
Fri Nov 6 18:12:40 UTC 2009 

Roger wrote:
> Hello all,
>
> I'm coming from Linux and I would appreciate it if I could get some
> help understanding some basic FreeBSD concepts.
> Here is the output of 'uname -r' is "7.2-RELEASE-p4".
>
> My first concerned is how do I keep FreeBSD up to date.
> According to the FreeBSD site, the lastest production release is 7.2.
> Is this the version that is recommended to have in a production
> server?
>   

Yes.

> According to what I have read from the Handbook and searches in
> google, the way to stay up to date
> binary wise is to use "freebsd-update", is this correct?
>   

Yes, and...

> I believe freebsd-update will update the base system but not the
> ports. Please correct me if I'm wrong.
>
>   

you are right!

> My second concerned is the ports. In the file "ports-supfile" there is
> one option, "*default release=cvs tag=.".
> I believe this specifies which cvs tag to use when pulling files from
> the ports. At one point I had "*default release=cvs
> tag=RELEASE_7_2_0".
> When I pulled the ports using the "RELEASE_7_2_0" tag and tried to
> build "portsupgrade" the installation failed because the ruby version
> that was going to be installed I believe had a security problem. (I
> love the fact that I was stopped from installing software that is
> KNOWN to be vulnerable).
> I figured that maybe I needed to get the latest version. So I went
> ahead and changed the cvs tag to "." (which I believe means the head
> version).
>   

This is correct. For a ports supfile you would want to always get the
latest ports version, so tag=. will do it.
> I updated the ports and then tried the installation again, this time
> the installation went further but failed again due to the fact that
> my libtool (I can't remember the exact name) was older than what the
> installation required. So that threw me off.
>   

You have installed some ports from the DVD or compiled them using the
default (non-updated) ports tree. Your libtool (a port) is out of date
and you need to upgrade it. Use ports-mgmt/portupgrade to perform port
upgrades and read /usr/ports/UPDATING for special notes regarding
specific ports. You will find a note on libtool in there too.

> I believe that libtool is part of the base system and not the ports, correct?
>   

No, this is a port. If it were a base system component it would already
be up to date as you are running -p4

>  So that made me think that maybe because of using the latest version
> of the ports I can build certain ports if my base is not
> concurrent (in terms of what the ports requires and what my system
> offers) with the port system.
> So my question is this, if my FreeBSD release is 7.2-RELEASE-p4 which
> tag should I set for the ports system?
>   

Always use tag=. for the ports supfile. Your problem comes from the fact
you have already installed some older programs.

> Should I put the tag "RELEASE_7_2_0" and then wait for a security fix
> of the particular port (ruby) and then proceed to install?
> What is the recommended approach if your aim is to have your system up
> to date and stable?
>   

No. What I would recommend is to install a base system from CD, do not
install any packages from it (except maybe linux_base, the linux
emulation) and then after installation, proceed to update your ports
tree and install everything else from ports.
The packages in the official media get outdated very fast, and if you
are installing packages from a several months old release chances are
some of them will have to be upgraded before you can install other
packages from the updated ports tree. Spare yourself the time and
install everything from your updated ports tree.

> Another question that I have about the port system is, if LibX has a
> security update (or simply a bug fix) and programs from the ports
> programA, programB and programC depend on that library what is the
> recommended way to perform the upgrade that will also handle upgrading
> those programs?
>
>   
Yes, portupgrade (and other programs in the ports-mgmt/* category) can
handle this type of problem. Specific instructions for upgrading in this
case are listed in /usr/ports/UPDATING. These are usually something like
portupgrade -Rf pkg-x-y-z

> My third item is jails. I currently have only one external IP. I would
> like to setup two jails, one for apache and the other for postfix.
> Would that require more external IPs? If I wanted to have ssh access
> to the host and the jails that would definitely will require 3
> external IPs right?
>
>   
Not much experience with jails here, someone else will hopefully answer
this for you!

More information about the freebsd-questions mailing list