Keeping 5.4 RELEASE up to date
Nikolas Britton
nikolas.britton at gmail.com
Thu Jun 30 07:23:57 GMT 2005
On 6/30/05, Nekdo Nekje <umeglic at gmail.com> wrote:
> Hello, list...
>
> I sort of have this question about FreeBSD... I'm a newbie so please
> bear with me.. ;)
>
> I'm building a firewall on 5.4 release. I have a clean install and I
> would like some way so I can update the system. For what I understand,
> one can download patches and apply them manually. What I'm looking for
> is a way so I can automatically update all the necessary files,
> preferably the binary way.
>
> I searched the Internet and found a way to do it in a document, bu it
> was written for 5.2 release and I was wondering if it's okay to use it
> on 5.4?
>
> http://www.taosecurity.com/keeping_freebsd_up-to-date.html
>
> Any thoughts on this??
>
Most everything in that article should still apply.
In my opinion it's a bit too optimistic to expect the update process
to be %100 automated.
Off the top of my head I'd setup a cron job that run's every few
days... something such as this:
date > /root/build_date && nice +20 cvsup -g -L 0 /root/release-sup &&
cd /usr/src && nice +20 make buildworld && nice +20 make buildkernel
&& nice +20 make installkernel && date >> /root/build_date
This way all you will have to do is run make installworld and
mergemaster when a security alert is issued. make sure your cvsup
release tag is set to a release/security branch like RELENG_5_4 and
not set to -STABLE i.e. RELENG_5.
I'm positive there are better ways then the one I showed you. I'm sure
the guys here can help you out some more.
More information about the freebsd-questions
mailing list