From owner-freebsd-hackers@freebsd.org Fri Sep 29 17:33:40 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9847CE3165C for ; Fri, 29 Sep 2017 17:33:40 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 471DE6EFEC for ; Fri, 29 Sep 2017 17:33:39 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id v8THbKeB098174 for ; Fri, 29 Sep 2017 10:37:26 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) To: In-Reply-To: References: From: "Chris H" Subject: Re: How can I apply security patches to an offline freebsd machine? Date: Fri, 29 Sep 2017 10:37:26 -0700 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 17:33:40 -0000 I'm not sure how much you might consider "too much", nor do I really have any idea what's at your disposal. But I would like to suggest a couple of things that may better help you cater to your situation: subscribe to the FreeBSD security mailing list(s): o FreeBSD-security-notifications@FreeBSD.org o FreeBSD-security@FreeBSD.org o FreeBSD-announce@FreeBSD.org These are for [the] BASE [system]. Ports are an entirely different matter. It might be easiest to simply "clone" the system that your "supporting". You could simply dump(8) that system to a Flash DISK, or other easily removable media, and then restore(8) it to a disk on a local system. In fact it could be a removable disk. That you can simply plug-in, and then boot to. The point being; that you could then update [at least] the ports tree, and make packages [ pkg(8) ] that you can easily install to your "supported" box, at your convenience. HTH --Chris On Fri, 29 Sep 2017 16:04:16 +0200 Ali Reza Fahimi wrote > *Synopsis*: > > We would like to use FreeBSD (version 11.0) on one of our products. Once > the product leaves the company, it will be disconnected from the Internet > for good. However, as part of our support policy, we are bound to provide > regular patches including security patches for the OS and the installed > software to the customers. > > *Question*: > > Is there a way to apply security patches to FreeBSD in an offline machine? > > *What I have done so far* > > After googling for days, below is the summary of what people suggest to do: > > 1. On an online machine exactly similar to the real machine a.k.a the > offline machine, fetch the security patches: > > freebsd-update fetch > > > 1. > > Transfer the contents of the /var/db/freebsd-update directory from the > online machine to the offline machine. > 2. > > Apply the patches on the offline machine: > > freebsd-update install > > Provided the OS on the two machines are identical, this is expected to > work. But my attempts so far have all been in vain. An error is displayed > each time asking me to do the fetching step first by running: > > freebsd-update fetch > > > I would be grateful if anyone could help me. > > *Regards* > > Please consider the environment before printing. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"