freebsd-update use in jails - doesn't know what to update from

Tim Hogard thogard at
Sun Mar 20 08:42:42 UTC 2016

I tried to update a jail with:

freebsd-update -r 10.2.RELEASE -b /jail/ --debug update
The base system was running 10.2-RELEASE-p14 but the jail was running
some mix of 9.3, 8.4 4.10, 4.9., 4.4 etc.

The update would add a few files and not a full update which didn't
work so I looked into why.  It appears that the script is using
"uname -r" which only reflects the host and not the jail so it
doesn't collect the proper set of files.  It appears this hackery
fixed my issue:

--- /usr/sbin/freebsd-update    2016-03-19 10:59:51.768771000 +0000
+++ /tmp/freebsd-update 2016-03-20 01:05:38.207896000 +0000
@@ -641,7 +641,7 @@
        # to provide an upgrade path for FreeBSD Update 1.x users, since
        # the kernels provided by FreeBSD Update 1.x are always labelled
        # as X.Y-SECURITY.
-       RELNUM=`uname -r |
+       RELNUM=`echo 9.3-RELEASE |
            sed -E 's,-p[0-9]+,,' |
            sed -E 's,-SECURITY,-RELEASE,'`
        ARCH=`uname -m`

Would it make sense to add a -p (for prior version?)
freebsd-update -r 10.2.RELEASE -p 9.3-RELEASE -b /jail/ --debug update

The rest of this is about stuff I found while uncovering the bug above... it
may be a bit ranty since I've had to edit several thousand files without any

Other issues I've found in the script are the use of merge(1) seems
suboptimal with most changes being simple RCS signatures.  The samef()
function doesn't work with some files.  I'm thinking diff and patch might
be a better way to do the 3 way diffs.

Copying files out of /etc/ into old/ doesn't preserve datestamps which
would be helpful.

An answer of "no" to any question forces the process terminate
with no way to back up.

Since I ran this process on a handful of jails and edited 300+ files
per jail and then had to press "y" for each of them.  

I'm thinking that a check in the script for failed.merges>10 might have
a "You need to update `wd -l $failed.merges` files"  (y/n/shell)`
and the shell should say:
Fresh install files are in /var/db/freebsd-update/merge/10.2/
Your system files are in /var/db/freebsd-update/merge/old
and the files to be installed are in /var/db/freebsd-update/merge/new

I also wonder about the logic of not putting things like passwd, rc.local
groups and other files that must have had changes someplace like:
That would allow a bulk copy of /var/db/freebsd-update/merge/$NEW_VER
to /var/db/freebsd-update/merge/old with very little or no adjustments.

The jails uname -a doesn't reflect the build.  There should be a
file with just "10.2-RELEASE-p0" somewhere in /etc or /boot maybe
an option for either uname or freebsd-update could be used to hunt
down that info.  Uname under posix should query the OS for its
version (and patch level) but it has grown to reflect more of a
system version for the last few decades in most OSs.  At last it
isn't as useless as the "11.3" thatSolaris returns now.

If someone wants to step through the mess...
Tim's dodgy use of freebsd-update in jails (9.3-> 10.2 version)

cp /usr/sbin/freebsd-update /tmp/freebsd-update 
apply patch above or replace RELNUM=... in about line 641 with:
 RELNUM=`echo 9.3-RELEASE |

/tmp/freebsd-update -r 10.2-RELEASE  -b /jail/ update
when it asks about merging and using vi, press ctrl-Z
cd /var/db/freebsd-update/merge
cp -pr RELEASE-10.2/* new/
cp old/etc/*passwd* new/etc/
cp old/etc/*group* new/etc/
fg (resume if your shell doesn't like fg)
(hit enter and an editor will show up, search for ==== to make sure there
aren't any)
use ZZ to exit vi
put ZZ^m in the past buffer and press it hundreds of times
It will start to ask "does this look right (y/n)"
put y^My^My^M in the past buffer and press it hundreds of times
More will be listing files to change (you can press q to quit this 3 times).

/tmp/freebsd-update -r 10.2-RELEASE  -b /jail/ install
it will ask about a reboot after installing kernel
/tmp/freebsd-update -r 10.2-RELEASE  -b /jail/ install
it will ask about a reboot after installing userspace
/tmp/freebsd-update -r 10.2-RELEASE  -b /jail/ install
for a final delete

stop the jail and restart it. If things don't restart 
1) grep for <<<<<, ===== or >>>>> in /etc/*
2) if the jail starts and programs don't jexec /bin/sh and run pkg-static install -f pkg
and reinstall package.  i.e. "pkg install apache22" will reinstall apache because of
core system being upgraded even if its the same.  That will bring in libraries that
might be missing.




More information about the freebsd-bugs mailing list