svn commit: r44772 - head/en_US.ISO8859-1/books/handbook/cutting-edge
Dru Lavigne
dru at FreeBSD.org
Tue May 6 15:23:20 UTC 2014
Author: dru
Date: Tue May 6 15:23:19 2014
New Revision: 44772
URL: http://svnweb.freebsd.org/changeset/doc/44772
Log:
Editorial review of Applying Security Patches and Major/Minor Version sections.
Clarify the portmaster switch used to disable config screens, in prep for
closing PR147946.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Tue May 6 14:34:23 2014 (r44771)
+++ head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Tue May 6 15:23:19 2014 (r44772)
@@ -275,47 +275,58 @@ MergeChanges /etc/ /var/named/etc/ /boot
</sect2>
<sect2 xml:id="freebsdupdate-security-patches">
- <title>Security Patches</title>
+ <title>Applying Security Patches</title>
+
+ <para>The process of applying &os; security patches has been
+ simplified, allowing an administrator to keep a system fully
+ patched using <command>freebsd-update</command>. More
+ information about &os; security advisories can be found in
+ <xref linkend="security-advisories"/>.</para>
<para>&os; security patches may be downloaded and installed
- using the following command:</para>
+ using the following commands. The first command will
+ determine if any outstanding patches are available, and if so,
+ will list the files that will be modifed if the patches are
+ applied. The second command will apply the patches.</para>
<screen>&prompt.root; <userinput>freebsd-update fetch</userinput>
&prompt.root; <userinput>freebsd-update install</userinput></screen>
- <para>If the update applied any kernel patches, the system will
+ <para>If the update applies any kernel patches, the system will
need a reboot in order to boot into the patched kernel.
- Otherwise, the system should be patched and
- <command>freebsd-update</command> may be run as a nightly
- &man.cron.8; job by adding this entry to
+ If the patch was applied to any running binaries, the affected
+ applications should be restarted so that the patched version
+ of the binary is used.</para>
+
+ <para>The system can be configured to automatically check for
+ updates once every day by adding this entry to
<filename>/etc/crontab</filename>:</para>
<programlisting>@daily root freebsd-update cron</programlisting>
- <para>This entry states that <command>freebsd-update</command>
- will run once every day. When run with <option>cron</option>,
- <command>freebsd-update</command> will only check if updates
- exist. If patches exist, they will automatically be
- downloaded to the local disk but will not be applied. The
+ <para>If patches exist, they will automatically be
+ downloaded but will not be applied. The
<systemitem class="username">root</systemitem> user will be
- sent an email so that they may be reviewed and manually
- installed.</para>
+ sent an email so that the patches may be reviewed and manually
+ installed with
+ <command>freebsd-update install</command>.</para>
<para>If anything goes wrong, <command>freebsd-update</command>
has the ability to roll back the last set of changes with
the following command:</para>
- <screen>&prompt.root; <userinput>freebsd-update rollback</userinput></screen>
+ <screen>&prompt.root; <userinput>freebsd-update rollback</userinput>
+Uninstalling updates... done.</screen>
- <para>Once complete, the system should be restarted if the
- kernel or any kernel modules were modified. This will allow
- &os; to load the new binaries into memory.</para>
+ <para>Again, the system should be restarted if the
+ kernel or any kernel modules were modified and any affected
+ binaries should be restarted.</para>
<para>Only the <filename>GENERIC</filename> kernel can be
automatically updated by <command>freebsd-update</command>.
If a custom kernel is installed, it will have to be rebuilt
and reinstalled after <command>freebsd-update</command>
- finishes installing the rest of the updates. However,
+ finishes installing the updates. However,
<command>freebsd-update</command> will detect and update the
<filename>GENERIC</filename> kernel if
<filename>/boot/GENERIC</filename> exists,
@@ -326,7 +337,7 @@ MergeChanges /etc/ /var/named/etc/ /boot
<para>It is a good idea to always keep a copy of the
<filename>GENERIC</filename> kernel in
<filename>/boot/GENERIC</filename>. It
- will be helpful in diagnosing a variety of problems, and in
+ will be helpful in diagnosing a variety of problems and in
performing version upgrades using
<command>freebsd-update</command> as described in
<xref linkend="freebsdupdate-upgrade"/>.</para>
@@ -339,23 +350,21 @@ MergeChanges /etc/ /var/named/etc/ /boot
Rebuilding and reinstalling a new custom kernel can then be
performed in the usual way.</para>
- <note>
<para>The updates distributed by
<command>freebsd-update</command> do not always involve the
kernel. It is not necessary to rebuild a custom kernel if
- the kernel sources have not been modified by the execution
- of <command>freebsd-update install</command>.
+ the kernel sources have not been modified by
+ <command>freebsd-update install</command>.
However, <command>freebsd-update</command> will always
update <filename>/usr/src/sys/conf/newvers.sh</filename>.
The current patch level, as indicated by the
<literal>-p</literal> number reported by
<command>uname -r</command>, is obtained from this file.
Rebuilding a custom kernel, even if nothing else changed,
- allows &man.uname.1; to accurately report the current
+ allows <command>uname</command> to accurately report the current
patch level of the system. This is particularly helpful
when maintaining multiple systems, as it allows for a quick
assessment of the updates installed in each one.</para>
- </note>
</sect2>
<sect2 xml:id="freebsdupdate-upgrade">
@@ -369,23 +378,22 @@ MergeChanges /etc/ /var/named/etc/ /boot
<para><emphasis>Major version</emphasis> upgrades occur when
&os; is upgraded from one major version to another, like from
- &os; 8.X to &os; 9.X. Major version upgrades remove
- old object files and libraries which will break most third
- party applications. It is recommended that all installed
- ports either be removed and re-installed or upgraded after a
- major version upgrade using a utility such as
+ &os; 9.X to &os; 10.X. Major versions use different
+ Application Binary Interfaces (<acronym>ABI</acronym>s), which
+ which will break most third-party
+ applications. After a
+ major version upgrade, all installed packages and
+ ports need to be upgraded using a utility such as
<package>ports-mgmt/portmaster</package>. A
- brute-force rebuild of all installed applications can be
+ rebuild of all installed applications can be
accomplished with this command:</para>
<screen>&prompt.root; <userinput>portmaster -af</userinput></screen>
- <para>This will ensure everything will be re-installed
- correctly. Note that setting the
- <varname>BATCH</varname> environment variable to
- <literal>yes</literal> will answer <literal>yes</literal> to
- any prompts during this process, removing the need for
- manual intervention during the build process.</para>
+ <para>This command will display the configuration screens for
+ each application that has configurable options and wait for the user to interact with those
+ screens. To prevent this behavior, and use only the default
+ options, include <option>-G</option> in the above command.</para>
<sect3 xml:id="freebsd-update-custom-kernel">
<title>Dealing with Custom Kernels</title>
More information about the svn-doc-all
mailing list