Date: Sun, 23 Aug 2009 20:11:52 -0700 From: Jose Amengual <jose.amengual@gmail.com> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-jail@freebsd.org Subject: Re: Best practice to update jails Message-ID: <DF439C89-7A6B-49E8-AD3D-EADE414AA1C8@gmail.com> In-Reply-To: <20090822184001.00006882@unknown> References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> <20090822184001.00006882@unknown>
next in thread | previous in thread | raw e-mail | index | archive | help
I was thinking in maintaining the same branch 7.x, I know that a mayor upgrade could brake to many things, so I will use another procedure for that. But looks like it will be better to update using cvsup like I allways did. Thanks. On 22-Aug-09, at 9:40 AM, Alexander Leidinger wrote: > On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual > <jose.amengual@gmail.com> wrote: > >> The server is now 7.0 and was wondering what is the best practice to >> maintain security patches and kernel updates and I came out with the >> following idea : >> >> 1.- freebsd-update fetch install ( host system) >> 2.- rebuild kernel ( I have a custom kernel ) >> 3.- ezjail-update -b ( update basejail for all jails ) >> 4.- run in cron portaudit on the jails for thirty party security >> updates 5.- run portupgrade in case of a security update or for apps >> upgrade on the jails. >> >> I red in some forums that if you run freebsd-update you will need to >> do a portuprade -fa to reinstall all the thirty party apps because >> freebsd-update could upgrade or remove some libraries linked to >> that programs, is this true ?, will be better to run a cvsup and >> instead ? > > Not if you stay with the same major version of FreeBSD. If you update > from 7 to 8, this may be possible (I don't know, I don't use > freebsd-update, as I either run patched systems, or at least compile > my own kernels), but if you update from 7.x to 7.y, then this would be > an ABI change, which is very very very very much a no no in a > stable-branch (only an important security fix would be allowed to do > something like this, and only if nobody finds another way to do such > a fix without changing the ABI). > > So if you stay on the same major version you can use your procedure, > but read the release notes before, such a big impact change is > announced on a stable branch. It may be the case that we had something > like this once, but I do not remember which major version was > affected. > > Bye, > Alexander. > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DF439C89-7A6B-49E8-AD3D-EADE414AA1C8>