What's the latest release from freebsd-update?

Dan Langille dan at langille.org
Fri Feb 27 22:19:16 UTC 2015 

On Feb 24, 2015, at 11:56 AM, Brian W. <brian at brianwhalen.net> wrote:

>> On Fri, Feb 20, 2015 at 3:28 AM, Johan Hendriks <joh.hendriks at gmail.com>
>> wrote:
>> 
>>> 
>>> Op 20-02-15 om 05:31 schreef William A. Mahaffey III:
>>> 
>>> On 02/19/15 08:34, Dan Langille wrote:
>>>> 
>>>>> I want to write a check to let us know if a given server is on the
>>>>> latest
>>>>> version.
>>>>> 
>>>>> For example, how can I determine that FreeBSD 9.3-RELEASE-p5 is the
>>>>> latest
>>>>> and greatest?
>>>>> 
>>>>> I could run freebsd-update and see what comes back, but that's not
>> ideal
>>>>> for a Nagios check.
>>>>> 
>>>>> This output seems promising:
>>>>> 
>>>>> $ sysctl kern.version
>>>>> kern.version: FreeBSD 9.3-RELEASE-p5 #0: Mon Nov  3 22:38:58 UTC 2014
>>>>> root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
>>>>> 
>>>>> Let's assume we use that as the check for the host.
>>>>> 
>>>>> What do we compare it to?  Where can I find out that 9.3-RELEASE-p6 is
>>>>> available?
>>>>> 
>>>> 
>>>> 
>>>> I'm running 9.3 (FreeBSD 9.3-RELEASE-p5) as well, & I have noticed
>>>> posts going by onlist referencing 9.3-RELEASE-p9 (I think, might have
>>>> been 8), although that is little help to you. You & I are several
>>>> months back from today, probably safe to assume something newer is
>>>> available. The bottom of
>>>> https://www.freebsd.org/doc/handbook/updating-upgrading-
>>>> freebsdupdate.html
>>>> talks about comparing system versions.  If you do a 'freebsd-update
>>>> fetch' followed by a 'freebsd-update install' you will be updated to
>>>> the latest & greatest patch level, but I'm not sure there is a way of
>>>> checking that level apriori .... $0.02, no more, no less ....
>>>> 
>>>> 
>>> Go to the website www.freebsd.org, on the right site there is a colum
>>> security advisories
>>> 
>>> click on the latest, and it will show you the latest patch level of all
>>> versions. Like the example below,  the advisory for sctp.
>>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>> 
>>> ============================================================
>>> =================
>>> FreeBSD-SA-15:03.sctp                                       Security
>>> Advisory
>>>                                                          The FreeBSD
>>> Project
>>> 
>>> Topic:          SCTP stream reset vulnerability
>>> 
>>> Category:       core
>>> Module:         sctp
>>> Announced:      2015-01-27
>>> Credits:        Gerasimos Dimitriadis
>>> Affects:        All supported versions of FreeBSD.
>>> Corrected:      2015-01-27 19:36:08 UTC (stable/10, 10.1-STABLE)
>>>                2015-01-27 19:37:02 UTC (releng/10.1, 10.1-RELEASE-p5)
>>>                2015-01-27 19:37:02 UTC (releng/10.0, 10.0-RELEASE-p17)
>>>                2015-01-27 19:36:08 UTC (stable/9, 9.3-STABLE)
>>>                2015-01-27 19:37:02 UTC (releng/9.3, 9.3-RELEASE-p9)
>>>                2015-01-27 19:36:08 UTC (stable/8, 8.4-STABLE)
>>>                2015-01-27 19:37:02 UTC (releng/8.4, 8.4-RELEASE-p23)
>>> CVE Name:       CVE-2014-8613
>>> 
>>> 
> On Feb 24, 2015 8:42 AM, "Dan Langille" <dlangille at sourcefire.com> wrote:
>> I think that none of these suggestions, while useful, are easily programmed
>> into a Nagios check (for example).

> I haven't used Nagios much but can't a freebsd-update fetch be run and then
> the contents of /var/db/freebsd-update/ examined? If updates are ready to
> be installed there will be stuff there.

Good suggestion. I thought about this a bit.

For example, this is a personal server of mine:

 $ sudo ls -tl /var/db/freebsd-update | less
total 24305
-rw-r--r--  1 root  wheel    225 Feb 27 11:14 tINDEX.present
-rw-r--r--  1 root  wheel    112 Feb 27 11:14 tag
-rw-r--r--  1 root  wheel      0 Feb 27 11:14 serverlist_full
-rw-r--r--  1 root  wheel      0 Feb 27 11:14 serverlist_tried
drwx------  2 root  wheel      6 Feb 25 21:54 install.VYWhPb
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback -> install.VYWhPb
drwx------  2 root  wheel      6 Feb 25 21:54 install.wyPL3Y
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback -> install.wyPL3Y
drwxr-xr-x  2 root  wheel  26268 Feb 25 21:54 files
drwx------  2 root  wheel      6 Feb 25 21:52 install.MlNZrV
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:52 f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback -> install.MlNZrV

$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... none found.
Fetching metadata signature for 9.3-RELEASE from update.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 9.3-RELEASE-p10.


$ sudo ls -tl /var/db/freebsd-update | less


-rw-r--r--  1 root  wheel    225 Feb 27 22:16 tINDEX.present
-rw-r--r--  1 root  wheel    112 Feb 27 22:16 tag
-rw-r--r--  1 root  wheel      0 Feb 27 22:16 serverlist_full
-rw-r--r--  1 root  wheel      0 Feb 27 22:16 serverlist_tried
drwx------  2 root  wheel      6 Feb 25 21:54 install.VYWhPb
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback -> install.VYWhPb
drwx------  2 root  wheel      6 Feb 25 21:54 install.wyPL3Y
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback -> install.wyPL3Y
drwxr-xr-x  2 root  wheel  26268 Feb 25 21:54 files
drwx------  2 root  wheel      6 Feb 25 21:52 install.MlNZrV
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:52 f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback -> install.MlNZrV

It seems to require both non-root access and detailed knowledge of what is found in that directory.

I'm hoping for something simple and easily obtained.

Thank you

— 
Dan Langille
http://langille.org/

More information about the freebsd-questions mailing list