From owner-freebsd-stable Sat May 27 23: 2: 8 2000 Delivered-To: freebsd-stable@freebsd.org Received: from sol.cc.u-szeged.hu (sol.cc.u-szeged.hu [160.114.8.24]) by hub.freebsd.org (Postfix) with ESMTP id A78F637B86A for ; Sat, 27 May 2000 23:01:59 -0700 (PDT) (envelope-from sziszi@petra.hos.u-szeged.hu) Received: from petra.hos.u-szeged.hu by sol.cc.u-szeged.hu (8.9.3+Sun/SMI-SVR4) id IAA13881; Sun, 28 May 2000 08:02:25 +0200 (MET DST) Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian)) id 12vw97-0003VE-00 for ; Sun, 28 May 2000 08:01:57 +0200 Date: Sun, 28 May 2000 08:01:57 +0200 From: Szilveszter Adam To: freebsd-stable@freebsd.org Subject: Re: 4.0-RELEASE to 4.0-STABLE upgrade Message-ID: <20000528080156.B12786@petra.hos.u-szeged.hu> Mail-Followup-To: freebsd-stable@freebsd.org References: <20000528035005.32721.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0.1i In-Reply-To: <20000528035005.32721.qmail@hotmail.com>; from jmd526@hotmail.com on Sat, May 27, 2000 at 11:50:05PM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello! On Sat, May 27, 2000 at 11:50:05PM -0400, John Daniels wrote: > Hi: > > I just did an upgrade to STABLE. I just wanted to check what I did was OK. > > First, the handbook says to do the following order: > 1. backup > 2. CVsup > 3. check /etc/make.conf and /etc/group > 4. drop to single-user mode > 5. remove /usr/obj > 6. make world (or make buildworld and make installworld) > 7. update /etc, /dev, (and optionally /stand) > 8. compile and install a new kernel > 9. reboot (with fastboot) Have you also upgraded the Handbook?:-) It is now possible by going to an ftp mirror site and cd-ing to /pub/FreeBSD/doc// and downloading the docs in the wanted format. I only ask this because the new docs should have pointers to mergemaster... > ****** WHAT I DID DIFFERENTLY ******** > 1. I used mergemaster for updating /etc. See above. This is no problem, the util has been put into the base system for exactly this purpose:-) > 2. www.freebsddiary.com has description of going from 4.0-RELEASE to STABLE > and provides a script for doing so. The description and script shows that > compiling and installing a new kernel (#8 above) comes *AFTER* make world > (#6 above) - and *BEFORE* updating /etc. Thus, according to them, #8 comes > before #7 in the above list. Normally there is nothing special involved in doing an upgrade from -RELEASE to -STABLE it works without any heavy magic... Now, to your question. IMHO it doesn't matter if you upgrade /etc before or after the new kernel build. It is not a good idea to forget it though... that's why I do it before building the new kernel because after doing 'make install' I just tend to reboot without much ado:-) and by then the upgrade process has to be finished. Your preference:-) > 3. Oops! I removed /usr/obj *AFTER* the make world, not before. I tried to > redo make world but after a few messages (which seemed unimportant) it told > me that the proc tables were full. I then compiled and installed a new > kernel without any noticeable problems. See, if you remove it after the 'make world' then there will be nothing to remove the next time before:-) I tend to do this too because I do not need the obj files for anything and it uses quite a lot of disk space. So you can certainly remove /usr/obj after the installworld. (but do not do this between build and install, like I did it once while not paying attention. It can be detrimental to your health because your chances for suffering a stroke right after noticing this are quite high:-)))) > 4. NOTE: For me, /etc/make.conf has only one line: "USA_RESIDENT=YES". > Apparantly /etc/defaults/make.conf is what needs to be edited (after being > copied to /etc.) Since I had not figured this out beforehand, I was unable > to uncomment out CFLAGS and NOPROFILE as instructed in the Handbook. Please, do not copy files from /etc/defaults to /etc for heaven's sake. They are meant to contain the defaults and the knobs you can touch, but the actual changes go into the file in /etc. You can copy-n-paste though:-) Some of these files contain sections which try to source other files to gather in all the overrides you defined and will end up sourcing themselves infinitely, thus causing the "proc table full" errors and non-bootable systems for many. Please, do not be lazy... > FOLLOWUP: > Now that I have gone through the process of upgrading, I am looking into > security. What is the easiest, most obvious (as in "duh!, why didn't you > ...") steps to take to guard security. My setup is very simple: my home PC > connected to a router with DSL service. I am the only user. See the Handbook (after upgrading it like described above.) and also http://www.freebsd.org/security Generally it is a good idea to disable the services you are not going to use. If you are not going to use any of its services, you can even disbale inetd itself. (SSH is not affected by this as installed on FreeBSD by default.) To do this, modify /etc/rc.conf (*do not copy over /etc/defaults/rc.conf, no just change that one "YES" to "NO" in the appropriate line*) For IPfilter howtos, well you can always check the man page, and there are certainly others, maybe freebsddiary.org has one? (I do not know.) Hope this helps somewhat... -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message