Updating the system and ports

Chuck Swiger cswiger at mac.com
Tue Mar 9 16:47:53 UTC 2010


On Mar 9, 2010, at 8:07 AM, Pongthep Kulkrisada wrote:
> Further to previous suggestion in this mailing list,
> I have just updated from FreeBSD 8.0-STABLE to the latest patch.

This is good.

> I firstly use freebsd-update but it failed ...
[ ...Colin Percival is the owner of this, so I won't try to speak to it... ]

> So I switch to update from source.
> REL_ENG_8_0 is specified in stable-supfile. After csup and buildworld/kernel.
> Now I am running 8.0-RELEASE-p2.
> But I am expecting 8.0-STABLE-p2. I don't understand.

If you track RELENG_8, you get -STABLE system from a build cycle.  If you track RELENG_8_0, you are tracking the security branch and get your own "official" -RELEASE system from the build cycle.

> The handbook did not say anything about the capitalized RELEASE.
> At least I did not find it.
> I only notice that I always get RELEASE when freshly install from CDs.
> But when build from sources sometimes I get RELEASE.
> And sometimes I get STABLE.
> 1. What is the difference between RELEASE and STABLE?

http://www.freebsd.org/security/ says:

"Supported FreeBSD Releases

The FreeBSD Security Officer provides security advisories for several branches of FreeBSD development. These are the -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch.)

	• The -STABLE branch tags have names like RELENG_7. The corresponding builds have names like FreeBSD 7.0-STABLE.

	• Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like RELENG_7_0. The corresponding builds have names like FreeBSD 7.0-RELEASE-p1."

> 2. After buildworld/kernel finished, I tried freebsd-upgrade again.
> Now it works. There are still 20 files to fetch and install.
> Only 8 hours between csup all sources and freebsd-upgrade.
> Is it normal to have such 20 outstanding files during short period?

It's not unusual for a even single change (like pulling in a security fix or whatever to OpenSSL, sendmail, etc) to touch that many files.  However, one does not normally swap back and forth between building from source and doing binary upgrades, although it's certainly fine if you wanted to get freebsd-upgrade working and use it from here on out.

> 3. freebsd-update did not request for mergemaster(8). [edit]
> How can we ensure that things in /etc go well?

Read /usr/src/UPGRADING for notes about important changes.  Run mergemaster -iU, although you don't need to bother unless you're moving to at least a .x upgrade or there was a specific mention in the security advisory otherwise.

> 4. After this step, I would probably run portmaster. sleepy now :-(
> I want to know how often you normally update the ``system'' and ``ports''?

I update most systems at least as often as FreeBSD security advisories are posted; and ports whenever portaudit warns of an issue.  If a new version of something which is a primary function of some box is updated, I might update more frequently for such a specific reason.

I have test machines that get updated about weekly.  I have firewall boxes with multiyear uptimes where I've only updated OpenSSH+OpenSSL when needed, since port 22 for management is all they do.

> If both are normally done EVERYDAY, freebsd-update is relatively fast.

I'm going to conclude from this question that you aren't running production systems.  :-)

> But portmaster is somewhat slow to build all ports from sources.
> One may have hundreds ports, if not thousands.
> Please give me some hints, what are you normally do?

You only need to rebuild all ports when you are updating the system for a major release, like from 7.x to 8.x.  Otherwise, portmaster, portupgrade, etc will determine which ports have changes and only rebuild those ones.


More information about the freebsd-questions mailing list