FreeBSD Security Advisory FreeBSD-SA-14:31.ntp
Dag-Erling Smørgrav
des at des.no
Tue Jan 6 22:08:12 UTC 2015
"Roger Marquis" <marquis at roble.com> writes:
> "Dag-Erling Smørgrav" <des at des.no> writes:
> > I do it all the time:
> > $ sudo env UNAME_r=X.Y-RELEASE freebsd-update fetch install
> Not sure if using a jail to test is relevant but this never updates (my)
> binaries to the specified RELEASE/RELENG, only to the current kernel's patch
> level.
No, it updates everything. Like I said, I do this all the time,
including with jails that run a different release than the host system.
> Then there's the issue of specifying -RELEASE to mean -RELENG.
There is no such thing as -RELENG. See sys/conf/newvers.sh.
> > Actually, you want to do this from *outside* the jail, partly out of
> > healthy paranoia and partly so freebsd-update will re-use previously
> > downloaded indexes and patches
> Updates to non-jailed environments are the preferred method to be sure but
> patching and testing base updates in a jail can be more convenient.
You missed my point. You can run freebsd-update outside the jail to
update the contents of the jail. See the attached shell script.
DES
--
Dag-Erling Smørgrav - des at des.no
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: jail-upgrade.sh
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150106/a23ce6bb/attachment.ksh>
More information about the freebsd-security
mailing list