Date: Fri, 29 Sep 2017 10:37:26 -0700 From: "Chris H" <bsd-lists@bsdforge.com> To: <freebsd-hackers@freebsd.org> Subject: Re: How can I apply security patches to an offline freebsd machine? Message-ID: <bc10c0714044252c5cb0c5a33a2b552e@ultimatedns.net> In-Reply-To: <CAKJx5=SkD3MBRHMa-0D=8ucK412m80M1PFfnb0KkNYcLALuEtA@mail.gmail.com> References: <CAKJx5=SkD3MBRHMa-0D=8ucK412m80M1PFfnb0KkNYcLALuEtA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not sure how much you might consider "too much", nor do I really have any idea what's at your disposal. But I would like to suggest a couple of things that may better help you cater to your situation: subscribe to the FreeBSD security mailing list(s): o FreeBSD-security-notifications@FreeBSD.org o FreeBSD-security@FreeBSD.org o FreeBSD-announce@FreeBSD.org These are for [the] BASE [system]. Ports are an entirely different matter. It might be easiest to simply "clone" the system that your "supporting". You could simply dump(8) that system to a Flash DISK, or other easily removable media, and then restore(8) it to a disk on a local system. In fact it could be a removable disk. That you can simply plug-in, and then boot to. The point being; that you could then update [at least] the ports tree, and make packages [ pkg(8) ] that you can easily install to your "supported" box, at your convenience. HTH --Chris On Fri, 29 Sep 2017 16:04:16 +0200 Ali Reza Fahimi <ar.fahimi@gmail.com> wrote > *Synopsis*: > > We would like to use FreeBSD (version 11.0) on one of our products. Once > the product leaves the company, it will be disconnected from the Internet > for good. However, as part of our support policy, we are bound to provide > regular patches including security patches for the OS and the installed > software to the customers. > > *Question*: > > Is there a way to apply security patches to FreeBSD in an offline machine? > > *What I have done so far* > > After googling for days, below is the summary of what people suggest to do: > > 1. On an online machine exactly similar to the real machine a.k.a the > offline machine, fetch the security patches: > > freebsd-update fetch > > > 1. > > Transfer the contents of the /var/db/freebsd-update directory from the > online machine to the offline machine. > 2. > > Apply the patches on the offline machine: > > freebsd-update install > > Provided the OS on the two machines are identical, this is expected to > work. But my attempts so far have all been in vain. An error is displayed > each time asking me to do the fetching step first by running: > > freebsd-update fetch > > > I would be grateful if anyone could help me. > > *Regards* > > Please consider the environment before printing. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bc10c0714044252c5cb0c5a33a2b552e>