Tracking Security in Ports and Base System

chris at chrismaness.com chris at chrismaness.com
Wed Mar 1 10:09:52 PST 2006 

> On Wed, 8 Feb 2006, Chris Maness wrote:
>
>> How should I set up cvsup to just track security updates for ports. And
would the best thing to do after I synced CVS, do portupgrade -a so
that everything selected gets rebuilt.
>
> I'm not sure there is a way to do this for ports, other than manually
checking what's been changed and whether you consider that to be a
security upgrade, then upgrading each applicable port by hand. As far as
I understand, there is only one tag for ports ("tag=."), which gets you
the "current" ports tree. I *can* guarantee that others know more about
this than I do.
>
>> What is the equivalent for the base system?
>
> Much simpler: just track RELENG_your_release to get security updates and
bug fixes and nothing else. For example, mine is RELENG_5_4 and
> therefore tracks 5.4-RELEASE.
>
> HTH.
>
> --
> Chris Hill               chris at monochrome.org
> **                     [ Busy Expunging <|> ]
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>


Is my supfile correct to track security for freebsd-6.0?


# $FreeBSD: src/share/examples/cvsup/stable-supfile,v 1.29.2.1 2005/09/28
14:00:13
kensmith Exp $
#
# This file contains all of the "CVSup collections" that make up the
# FreeBSD-stable source tree.
#
# CVSup (CVS Update Protocol) allows you to download the latest CVS
# tree (or any branch of development therefrom) to your system easily
# and efficiently (far more so than with sup, which CVSup is aimed
# at replacing).  If you're running CVSup interactively, and are
# currently using an X display server, you should run CVSup as follows
# to keep your CVS tree up-to-date:
#
#        cvsup stable-supfile
#
# If not running X, or invoking cvsup from a non-interactive script, then
# run it as follows:
#
#        cvsup -g -L 2 stable-supfile
#
# You may wish to change some of the settings in this file to better
# suit your system:
#
# host=CHANGE_THIS.FreeBSD.org
#                This specifies the server host which will supply the
#                file updates.  You must change it to one of the CVSup
#                mirror sites listed in the FreeBSD Handbook at
#                http://www.freebsd.org/doc/handbook/mirrors.html.
#                You can        override this setting on the command line
#                with cvsup's "-h host" option.
#
# base=/var/db
#                This specifies the root where CVSup will store information
#                about the collections you have transferred to your system.
#                A setting of "/var/db" will generate this information in
#                /var/db/sup.  Even if you are CVSupping a large number of
#                collections, you will be hard pressed to generate more than
#                ~1MB of data in this directory.  You can override the
#                "base" setting on the command line with cvsup's "-b base"
#                option.  This directory must exist in order to run CVSup.
#
# prefix=/usr
#                This specifies where to place the requested files.  A
#                setting of "/usr" will place all of the files requested
#                in "/usr/src" (e.g., "/usr/src/bin", "/usr/src/lib").
#                The prefix directory must exist in order to run CVSup.
#
###############################################################################
#
# DANGER!  WARNING!  LOOK OUT!  VORSICHT!
#
# If you add any of the ports or doc collections to this file, be sure to
# specify them with a "tag" value set to ".", like this:
#
#   ports-all tag=.
#   doc-all tag=.
#
# If you leave out the "tag=." portion, CVSup will delete all of
# the files in your ports or doc tree.  That is because the ports and doc
# collections do not use the same tags as the main part of the FreeBSD
# source tree.
#
###############################################################################

# Defaults that apply to all the collections
#
# IMPORTANT: Change the next line to use one of the CVSup mirror sites
# listed at http://www.freebsd.org/doc/handbook/mirrors.html.
*default host=cvsup7.FreeBSD.org
*default base=/var/db
*default prefix=/usr
# The following line is for 6-stable.  If you want 5-stable, 4-stable,
# 3-stable, or 2.2-stable, change to "RELENG_5", "RELENG_4", "RELENG_3",
# or "RELENG_2_2" respectively.
*default release=cvs tag=RELENG_6
*default delete use-rel-suffix

# If you seem to be limited by CPU rather than network or disk bandwidth, try
# commenting out the following line.  (Normally, today's CPUs are fast enough
# that you want to run compression.)
*default compress

## Main Source Tree.
#
# The easiest way to get the main source tree is to use the "src-all"
# mega-collection.  It includes all of the individual "src-*" collections.
# Please note:  If you want to track -STABLE, leave this uncommented.
src-all

# These are the individual collections that make up "src-all".  If you
# use these, be sure to comment out "src-all" above.
#src-base
#src-bin
#src-contrib
#src-etc
#src-games
#src-gnu
#src-include
#src-kerberos5
#src-kerberosIV
#src-lib
#src-libexec
#src-release
#src-sbin
#src-share
#src-sys
#src-tools
#src-usrbin
#src-usrsbin
# These are the individual collections that make up FreeBSD's crypto
# collection. They are no longer export-restricted and are a part of
# src-all
#src-crypto
#src-eBones
#src-secure
#src-sys-crypto

More information about the freebsd-questions mailing list