Updating the system and ports

Tue Mar 9 17:44:17 UTC 2010

* Chuck Swiger (cswiger at mac.com) wrote:
> If you track RELENG_8, you get -STABLE system from a build cycle.  If you
> track RELENG_8_0, you are tracking the security branch and get your own
> "official" -RELEASE system from the build cycle.
>
> http://www.freebsd.org/security/ says:
> 
> "Supported FreeBSD Releases
> 
> The FreeBSD Security Officer provides security advisories for several
> branches of FreeBSD development. These are the -STABLE Branches and the
> Security Branches. (Advisories are not issued for the -CURRENT Branch.)
> 
> 	? The -STABLE branch tags have names like RELENG_7. The corresponding
> builds have names like FreeBSD 7.0-STABLE.
> 
> 	? Each FreeBSD Release has an associated Security Branch. The Security
> Branch tags have names like RELENG_7_0. The corresponding builds have names
> like FreeBSD 7.0-RELEASE-p1."
You explained very clear, much appreciated.

> However, one does not normally swap back and forth between building from
> source and doing binary upgrades, although it's certainly fine if you
> wanted to get freebsd-upgrade working and use it from here on out.
I only wanted to try again because the previous tries failed.
I actually was not expecting any update to be occured.
From now on I should adhere with binary update, very fast.
It also synchronizes source tree with binary.

But I'm still question that how can we keep long uptime, if we always boot.
Some boxes have been serving for many years without shutdown.

> > 3. freebsd-update did not request for mergemaster(8). [edit]
> > How can we ensure that things in /etc go well?
> 
> Read /usr/src/UPDATING for notes about important changes.
Very technical, few people can understand. It's good anyway. :-)

> Run mergemaster -iU, although you don't need to bother unless you're moving
> to at least a .x upgrade or there was a specific mention in the security
> advisory otherwise.
Okay.

> I update most systems at least as often as FreeBSD security advisories are posted;
Where or which mailing lists?
Is there any ``push model'' like Windows Update?
It will prompt right after boot finish, when new patches exist.

> and ports whenever portaudit warns of an issue.  If a new version of
> something which is a primary function of some box is updated, I might update
> more frequently for such a specific reason.
I have just know that ports-mgmt/portaudit can also report the availability of
new ports. I thought that it only issues warnings when security
vulnerabilities occurs.

> I have test machines that get updated about weekly.  I have firewall boxes with multiyear uptimes where I've only updated OpenSSH+OpenSSL when needed, since port 22 for management is all they do.
So you didn't update the system to keep long uptime.

> I'm going to conclude from this question that you aren't running production systems.  :-)
Yes I'm a novice (hobbyist). :-)

> You only need to rebuild all ports when you are updating the system for a major release, like from 7.x to 8.x.  Otherwise, portmaster, portupgrade, etc will determine which ports have changes and only rebuild those ones.
I shall use portmaster whenever I update *major* or *minor* release.
But excluding patches.

Thanks,
Pongthep