FreeBSD_9.0_Port_Upgrade - Exclude Ports

Prabhpal S. Mavi prabhpal at digital-infotech.net
Tue Apr 24 10:54:20 UTC 2012 


> * Prabhpal S. Mavi wrote:
>>  Dear FreeBSD Friends,
>>
>>  i have FreeBSD 9.0 Stable Running the following roles for past four
>>  months. Everything is functioning smooth alright. I read that system
>>  should be upgraded frequently. i am afraid that if i upgrade something
>> can
>>  break.
>>
>>  i am planing to run it like that until FreeBSD 9.2 is out, perhaps two
>>  years before upgrade. i am not sure if this is a good idea. i seek your
>>  advice about the upgrade.
>>
>>  ROLE:   Postfix Mail Server With Virtual Users Support Using MySQL
>> Database,
>>  Apache Web Server, Certificate Authority (CA). Squirrelmail, Postfix
>>  Admin, Maia MailGuard Postfix-Admin, SPF, Postgray Filter,
>> spamassassin,
>>  Clamav.
>>  [...]
>
> First you have to be aware that the stable tree in FBSD means something
> completly different than a release in Red Hat/CentOS land.
>
> Here stable is the stable branch which gets updates, bugfixes and new
> features. From this branch the next release is created.
>
> These updates and new features might not be as disruptive as
> in the development branch but still things change.
> So you might consider using a release branch instead, which only gets
> security and critical bugfixes.
>
> Critical really means critical here and not every bugfix around.
> In this regard a release branch is very stable :)
>
> So with stable you are really tracking a rolling release more like
> Debian testing or say a rolling release repository like the fasttrack
> repo in CentOS/Scientific Linux.
>
> While the release branch is more like staying on the same minor release
> in Red Hat. But the minor release in Red Hat gets far more updates even
> for not so serious bugs and sometimes even driver updates.
>
> The last part is AFAIU the reason that many people recomend the stable
> branch in FBSD, b/c you get bugfixes and some driver updates faster or
> even at all.
>
> If you would be on the release branch you would either have to switch
> to stable or wait for the next release branch to get these updates and
> fixes.
>
> As you are on stable i would suggest a test machine with the same
> setup, or at least a virtual machine with the same setup. Maybe a jail
> will do for you, else you could use something like virtualbox.
>
> Backups, always have backups and do some backups before doing something.
> Under Linux there is a nifty tool called etckeeper, it basically hooks
> into the package manager and tracks changes to /etc via version control.
> No idea if something like this is available under FBSD but you could
> roll your own ...
>
> If you use ZFS snapshots are easy and cheap, also there is basic Live
> Upgrade/Boot Environment support.
>
>    http://anonsvn.h3q.com/projects/freebsd-patches/wiki/manageBE
>
> If you use ZFS, i really suggest you look into this one, b/c it allows
> you to switch your complete system around at will. Also, the updates
> can be tested on an exact production copy without affecting the running
> system.
>
> On the security side i would suggest some form of host basesd intrusion
> detection and some common sense hardening.
>
> Generally monitoring (alarming+capacity/trending) for a live service is
> a good idea, too.
>
> Accompanied by following the security advisories and using portaudit
> should
> be enough, i guess ...
>
> hth
>    --lars
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>

Dear All,

First, thank you very much for your valuable advice time and efforts you
did put to write the response. how can i exclude some ports from being
update when using port manager utility? i mean which switch can i use or
edit the file for exclude.


Thanks / Regards



Thanks / Regards
Prabhpal

More information about the freebsd-stable mailing list