From owner-freebsd-jail@FreeBSD.ORG Mon Aug 24 03:11:55 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D629A106564A for ; Mon, 24 Aug 2009 03:11:55 +0000 (UTC) (envelope-from jose.amengual@gmail.com) Received: from mail-px0-f198.google.com (mail-px0-f198.google.com [209.85.216.198]) by mx1.freebsd.org (Postfix) with ESMTP id A4F198FC08 for ; Mon, 24 Aug 2009 03:11:55 +0000 (UTC) Received: by pxi36 with SMTP id 36so4765789pxi.7 for ; Sun, 23 Aug 2009 20:11:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=l+XiAwwxf2RAVnq5DpDP6gjIYG4I3GTODoMRj+YDKPc=; b=yCb5Epcm39OsGxPXSGRJq+r3fnFad5SzbUWDdIU4mbST2g/ZoQOdvs5F8pC2wPs/yC DWaf/lbMSJZQ60Lo39W5KcfhSYjED2pYpHoaqOt6ObdV+PLC7lQ7xkiWzHK5p4gTzzZd x29p/TKsa74E95PrroMt2hTBWYaCNQzuWDn14= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=pSuWM+EBPxK2n3ShJUrjfbZNU+IA+Ry8mVYT3pvLKGk66h6EXpbMC8l8H4XqymqwKI NFnCKKub+NRHYKUYmjCI1CMvfhXQwtsHN8euJNpFqJgGTGpHhMrx6RcNjapyzoh2cg/6 T5DFiTc6xDc+s1eR/g6VWEv3eOPy0veIkugb8= Received: by 10.114.163.26 with SMTP id l26mr6272777wae.173.1251083514965; Sun, 23 Aug 2009 20:11:54 -0700 (PDT) Received: from ?192.168.18.103? (S0106001310f0bb09.vc.shawcable.net [24.84.201.161]) by mx.google.com with ESMTPS id m31sm8192874wag.60.2009.08.23.20.11.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 23 Aug 2009 20:11:53 -0700 (PDT) Message-Id: From: Jose Amengual To: Alexander Leidinger In-Reply-To: <20090822184001.00006882@unknown> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Date: Sun, 23 Aug 2009 20:11:52 -0700 References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> <20090822184001.00006882@unknown> X-Mailer: Apple Mail (2.936) Cc: freebsd-jail@freebsd.org Subject: Re: Best practice to update jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 03:11:55 -0000 I was thinking in maintaining the same branch 7.x, I know that a mayor upgrade could brake to many things, so I will use another procedure for that. But looks like it will be better to update using cvsup like I allways did. Thanks. On 22-Aug-09, at 9:40 AM, Alexander Leidinger wrote: > On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual > wrote: > >> The server is now 7.0 and was wondering what is the best practice to >> maintain security patches and kernel updates and I came out with the >> following idea : >> >> 1.- freebsd-update fetch install ( host system) >> 2.- rebuild kernel ( I have a custom kernel ) >> 3.- ezjail-update -b ( update basejail for all jails ) >> 4.- run in cron portaudit on the jails for thirty party security >> updates 5.- run portupgrade in case of a security update or for apps >> upgrade on the jails. >> >> I red in some forums that if you run freebsd-update you will need to >> do a portuprade -fa to reinstall all the thirty party apps because >> freebsd-update could upgrade or remove some libraries linked to >> that programs, is this true ?, will be better to run a cvsup and >> instead ? > > Not if you stay with the same major version of FreeBSD. If you update > from 7 to 8, this may be possible (I don't know, I don't use > freebsd-update, as I either run patched systems, or at least compile > my own kernels), but if you update from 7.x to 7.y, then this would be > an ABI change, which is very very very very much a no no in a > stable-branch (only an important security fix would be allowed to do > something like this, and only if nobody finds another way to do such > a fix without changing the ABI). > > So if you stay on the same major version you can use your procedure, > but read the release notes before, such a big impact change is > announced on a stable branch. It may be the case that we had something > like this once, but I do not remember which major version was > affected. > > Bye, > Alexander. > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org"