How can I apply security patches to an offline freebsd machine?

Chris H bsd-lists at bsdforge.com
Fri Sep 29 17:40:15 UTC 2017 

On Fri, 29 Sep 2017 10:37:26 -0700 "Chris H" <bsd-lists at bsdforge.com> wrote

> I'm not sure how much you might consider "too much", nor do I
> really have any idea what's at your disposal. But I would like
> to suggest a couple of things that may better help you cater
> to your situation:
> subscribe to the FreeBSD security mailing list(s):
> 
> o FreeBSD-security-notifications at FreeBSD.org
> o FreeBSD-security at FreeBSD.org
> o FreeBSD-announce at FreeBSD.org

Sorry. I forgot to also mention...
Please read the following FreeBSD security page:
https://www.freebsd.org/security/
for more [FreeBSD] security related resources, and information.

> 
> These are for [the] BASE [system]. Ports are an entirely
> different matter. It might be easiest to simply "clone" the
> system that your "supporting". You could simply dump(8) that
> system to a Flash DISK, or other easily removable media, and
> then restore(8) it to a disk on a local system. In fact it
> could be a removable disk. That you can simply plug-in, and
> then boot to. The point being; that you could then update
> [at least] the ports tree, and make packages [ pkg(8) ]
> that you can easily install to your "supported" box, at your
> convenience.
> 
> HTH
> 
> --Chris
> 
> 
> On Fri, 29 Sep 2017 16:04:16 +0200 Ali Reza Fahimi <ar.fahimi at gmail.com>
> wrote 
>
> > *Synopsis*:
> > 
> > We would like to use FreeBSD (version 11.0) on one of our products. Once
> > the product leaves the company, it will be disconnected from the Internet
> > for good. However, as part of our support policy, we are bound to provide
> > regular patches including security patches for the OS and the installed
> > software to the customers.
> > 
> > *Question*:
> > 
> > Is there a way to apply security patches to FreeBSD in an offline machine?
> > 
> > *What I have done so far*
> > 
> > After googling for days, below is the summary of what people suggest to do:
> > 
> >    1. On an online machine exactly similar to the real machine a.k.a the
> >    offline machine, fetch the security patches:
> > 
> > freebsd-update fetch
> > 
> > 
> >    1.
> > 
> >    Transfer the contents of the /var/db/freebsd-update directory from the
> >    online machine to the offline machine.
> >    2.
> > 
> >    Apply the patches on the offline machine:
> > 
> > freebsd-update install
> > 
> > Provided the OS on the two machines are identical, this is expected to
> > work. But my attempts so far have all been in vain. An error is displayed
> > each time asking me to do the fetching step first by running:
> > 
> > freebsd-update fetch
> > 
> > 
> > I would be grateful if anyone could help me.
> > 
> > *Regards*
> > 
> > Please consider the environment before printing.
> > _______________________________________________
> > freebsd-hackers at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
> 
> 
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"

More information about the freebsd-hackers mailing list