clarification of cvsup process.

Greg Groth ggroth at
Thu Jun 15 19:31:02 UTC 2006

I have a FreeBSD 6.0 server that I manage that is used as a DNS / mail 
server.  In the wake of the recent sendmail security announcement, I'd 
like to make sure I'm keeping the thing up to date.  I tried to run the 
patch as listed in the announcement, but the patch just seemed to hang, 
so I killed the process and decided to go the cvsup route.  now I 
understand the whole cvsup process, as well as updating ports, but the 
whole release tag thing still has me confused.  If possible could 
someone tell me if I'm doing this right or not, or have someone tell me 
what I'm doing wrong.

I'm only interested in updating the system when a security need arises, 
and have no desire to live on the "cutting edge".  I handle the ports 
through portaudit/portsnap/portmanager, and am looking to only update 
the case system with cvsup.

Here is the list of commands I run to update the system.

# cvsup /usr/local/greg/cvsupfile

Contents of cvsupfile:

*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_6_0
*default delete use-rel-suffix

*default tag=.

# cd /usr/src
# make buildworld
# make buildkernel
# make installkernel
# reboot

After rebooting into single user mode:

# fsck -p
# mount -u /
# mount -a -t ufs
# swapon -a
# adjkerntz -i
# mergemaster -p
# make installworld
# mergemaster
# reboot

After rebooting:

# cd /etc/mail
# make all
# make install
# make restart

And that's it.  I do the stuff in /etc/mail since I'm not sure running 
make buildworld will update the cf files.  The last patch that came out, 
I did the same thing I outlined above, but I did not notice a change in 
the version number of Sendmail when telnetting to it.  I did a search 
through the security notice, and took a look at all of the source files 
on my machine that were updated.  Although I could not find a version 
number anywhere, I noticed that the timestamp for all of the affected 
files had changed to the date listed in the announcement.  I'm not sure 
if Sendmail reports it's version from something hardcoded in the binary, 
or if it comes from the cf file.

So does this look right?  Or am I missing something obviously stupid? 
Is my cvsupfile correct for what I want it to do?


Greg Groth

More information about the freebsd-questions mailing list