From owner-freebsd-hackers@freebsd.org Fri Sep 29 14:04:18 2017 Return-Path: <owner-freebsd-hackers@freebsd.org> Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36A35E2DA58 for <freebsd-hackers@mailman.ysv.freebsd.org>; Fri, 29 Sep 2017 14:04:18 +0000 (UTC) (envelope-from ar.fahimi@gmail.com) Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F40FD672B5 for <freebsd-hackers@freebsd.org>; Fri, 29 Sep 2017 14:04:17 +0000 (UTC) (envelope-from ar.fahimi@gmail.com) Received: by mail-it0-x22a.google.com with SMTP id v62so215800itd.0 for <freebsd-hackers@freebsd.org>; Fri, 29 Sep 2017 07:04:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=eT1iyCq0Bm46SKFylqt9vxEsoE2p3TrJ5OGodzB3XXU=; b=eU1asjSMzT+xIBbY7XStzW1jx4p+cy45nb96AJzbMLRfWVS0DFRAK3+oHM2c4PbwIM XpW8LtMcp6C4//5W5ae8sCXNLZg943Jj+4NVylk2YWTLQszz+heuuk/DKmabcgg8nuOC UirGCLIpI7EjHE7zFO+YzGjmaZYWYE2qumO9ITDS5Vp2QwILSSbUL0eC1YJHQb/Mywjy 5QfhazrdPpLSB1kF3WwuNyYAdOTn1KMsgL/sQTKfNEIWGnwbaqbKn38oupLbBymj8Xaa 0ay7TL2GZGFy03Sr6hTo/hNawOJsO08tUWREJ64ZdU7kFwhPftmnWhfZlBQH9+zCwuYR K4QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=eT1iyCq0Bm46SKFylqt9vxEsoE2p3TrJ5OGodzB3XXU=; b=X9NdWogQc+28s7PBMR3hUiH1G2WYiCODwC6ndAHlQYivVTLs6pKmNEN/CqKOH8Xiss gLkbyimcsd4d972Q9H80V1Oae0fI7+Az8Q1vgLzCnGHzq73CEjY/qhS1AeYXB4RgD/2v 2BKLyIVQ70vjmiM+qHu+xr4ZcqZooVoFjjerw0EP6RakQLeempIgIp1wQ8nI9v0lI2NL LISfdde3lzOoiwn9/P9hloyZ/yjHjXLBh6Ov5oGyCta2q/Cor/t/pVZl7j4sCsdOVKOs xrPTV00FVthLJ9MzzoQZYh6lqXbnp5AHmmNvKWR9QNo92QRI8gOGsTXdchbElp63mTcO 1nwQ== X-Gm-Message-State: AHPjjUhwFP/WbIQEJ15/TlHShwt4HUgLGbYPnkV6/g88Sth9br4dgRmO vbHocK5miEdV74/wPP/7NBtfDfgF8e4DrzhjVmLAyg== X-Google-Smtp-Source: AOwi7QBNS6Oz9+NOFvScJBWnzh/OzFd2a/CRCDjD8BwF0exqkdtFf5xyD+HPoxaAQcqHh+4Zvo2aAuedymH7SKw3S/Q= X-Received: by 10.36.83.20 with SMTP id n20mr7593297itb.120.1506693857029; Fri, 29 Sep 2017 07:04:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.169.72 with HTTP; Fri, 29 Sep 2017 07:04:16 -0700 (PDT) From: Ali Reza Fahimi <ar.fahimi@gmail.com> Date: Fri, 29 Sep 2017 16:04:16 +0200 Message-ID: <CAKJx5=SkD3MBRHMa-0D=8ucK412m80M1PFfnb0KkNYcLALuEtA@mail.gmail.com> Subject: How can I apply security patches to an offline freebsd machine? To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD <freebsd-hackers.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/> List-Post: <mailto:freebsd-hackers@freebsd.org> List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 29 Sep 2017 14:04:18 -0000 *Synopsis*: We would like to use FreeBSD (version 11.0) on one of our products. Once the product leaves the company, it will be disconnected from the Internet for good. However, as part of our support policy, we are bound to provide regular patches including security patches for the OS and the installed software to the customers. *Question*: Is there a way to apply security patches to FreeBSD in an offline machine? *What I have done so far* After googling for days, below is the summary of what people suggest to do: 1. On an online machine exactly similar to the real machine a.k.a the offline machine, fetch the security patches: freebsd-update fetch 1. Transfer the contents of the /var/db/freebsd-update directory from the online machine to the offline machine. 2. Apply the patches on the offline machine: freebsd-update install Provided the OS on the two machines are identical, this is expected to work. But my attempts so far have all been in vain. An error is displayed each time asking me to do the fetching step first by running: freebsd-update fetch I would be grateful if anyone could help me. *Regards* Please consider the environment before printing.