From owner-freebsd-questions@FreeBSD.ORG  Thu Jun 14 10:12:24 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 20AC71065678
	for <freebsd-questions@FreeBSD.org>;
	Thu, 14 Jun 2012 10:12:24 +0000 (UTC)
	(envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk
	(lucid-nonsense.infracaninophile.co.uk [81.187.76.162])
	by mx1.freebsd.org (Postfix) with ESMTP id 908EE8FC0A
	for <freebsd-questions@FreeBSD.org>;
	Thu, 14 Jun 2012 10:12:23 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	q5EACDLH073291
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Thu, 14 Jun 2012 11:12:13 +0100 (BST)
	(envelope-from matthew@FreeBSD.org)
X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q5EACDLH073291
Authentication-Results: smtp.infracaninophile.co.uk/q5EACDLH073291;
	dkim=none (no signature); dkim-adsp=none
Message-ID: <4FD9B8F5.5060909@FreeBSD.org>
Date: Thu, 14 Jun 2012 11:12:05 +0100
From: Matthew Seaman <matthew@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:13.0) Gecko/20120601 Thunderbird/13.0
MIME-Version: 1.0
To: Leslie Jensen <leslie@eskk.nu>
References: <4FD9B1C4.6010403@eskk.nu>
In-Reply-To: <4FD9B1C4.6010403@eskk.nu>
X-Enigmail-Version: 1.4.2
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig7FE9FD37767AC1777BA83433"
X-Virus-Scanned: clamav-milter 0.97.4 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Cc: freebsd-questions@FreeBSD.org
Subject: Re: freebsd-update procedure, question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2012 10:12:24 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7FE9FD37767AC1777BA83433
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 14/06/2012 10:41, Leslie Jensen wrote:
> When one recives the
>=20
> FreeBSD Errata Notice or
>=20
> FreeBSD Security Advisory
>=20
> The instruction is to do:
>=20
>=20
> # freebsd-update fetch
>=20
> # freebsd-update install
>=20
>=20
>=20
> From earlier discussions on this list about the -px number not changing=
,
> I usually rebuild and install the kernel.
>=20
> My question is:
>=20
> Do I need to reboot after # freebsd-update install or can I rebuild and=

> install the kernel before the reboot?

freebsd-update will fetch any updates to /usr/src, so any time after
you've done 'freebsd-update install' you can build and install a new
kernel with all the security patches applied.

Given that you are only applying security updates within one release
branch and you are using a kernel configuration that has been well
tested, you should be fine to just install the new kernel before
rebooting at the end of your update procedure.

However, if you're going to be doing anything more ambitious (switching
RELEASE version, modifying the kernel config non-trivially), then you
should adopt a more cautious approach.  You need to make sure you've got
a world+kernel combination that still works after freebsd-update has
applied all its changes to the system before you try booting to your
customised kernel.  In the case of major version upgrades, use the
default kernels that freebsd-update supplies during the actual upgrade
so you can be assured that you have a working combination (working in
the sense that you can log in and build/install a new kernel; if you
need a custom kernel to support some odd bits of hardware then those
temporarily won't work).  Once you've got the system up and running
after updating, then go ahead and build and install your new kernel.
Should it fail to boot properly, you will be able to back-out to the
previous known-working kernel.

	Cheers,

	Matthew


--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




--------------enig7FE9FD37767AC1777BA83433
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/ZuPwACgkQ8Mjk52CukIzH/QCfbz516SA7FvnyNdbFg4jyrpp9
7ScAnih2jMTk3QIUpXmaCjXvPRTQx0HG
=krpW
-----END PGP SIGNATURE-----

--------------enig7FE9FD37767AC1777BA83433--