How can I apply security patches to an offline freebsd machine?

Chris H bsd-lists at bsdforge.com
Fri Sep 29 17:33:40 UTC 2017 

I'm not sure how much you might consider "too much", nor do I
really have any idea what's at your disposal. But I would like
to suggest a couple of things that may better help you cater
to your situation:
subscribe to the FreeBSD security mailing list(s):

o FreeBSD-security-notifications at FreeBSD.org
o FreeBSD-security at FreeBSD.org
o FreeBSD-announce at FreeBSD.org

These are for [the] BASE [system]. Ports are an entirely
different matter. It might be easiest to simply "clone" the
system that your "supporting". You could simply dump(8) that
system to a Flash DISK, or other easily removable media, and
then restore(8) it to a disk on a local system. In fact it
could be a removable disk. That you can simply plug-in, and
then boot to. The point being; that you could then update
[at least] the ports tree, and make packages [ pkg(8) ]
that you can easily install to your "supported" box, at your
convenience.

HTH

--Chris


On Fri, 29 Sep 2017 16:04:16 +0200 Ali Reza Fahimi <ar.fahimi at gmail.com> wrote

> *Synopsis*:
> 
> We would like to use FreeBSD (version 11.0) on one of our products. Once
> the product leaves the company, it will be disconnected from the Internet
> for good. However, as part of our support policy, we are bound to provide
> regular patches including security patches for the OS and the installed
> software to the customers.
> 
> *Question*:
> 
> Is there a way to apply security patches to FreeBSD in an offline machine?
> 
> *What I have done so far*
> 
> After googling for days, below is the summary of what people suggest to do:
> 
>    1. On an online machine exactly similar to the real machine a.k.a the
>    offline machine, fetch the security patches:
> 
> freebsd-update fetch
> 
> 
>    1.
> 
>    Transfer the contents of the /var/db/freebsd-update directory from the
>    online machine to the offline machine.
>    2.
> 
>    Apply the patches on the offline machine:
> 
> freebsd-update install
> 
> Provided the OS on the two machines are identical, this is expected to
> work. But my attempts so far have all been in vain. An error is displayed
> each time asking me to do the fetching step first by running:
> 
> freebsd-update fetch
> 
> 
> I would be grateful if anyone could help me.
> 
> *Regards*
> 
> Please consider the environment before printing.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"

More information about the freebsd-hackers mailing list