From owner-freebsd-hackers@freebsd.org Fri Sep 29 17:40:15 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80468E31886 for ; Fri, 29 Sep 2017 17:40:15 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49D1C6F2A7 for ; Fri, 29 Sep 2017 17:40:14 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id v8THi1H5098849 for ; Fri, 29 Sep 2017 10:44:07 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) To: In-Reply-To: References: , From: "Chris H" Subject: Re: How can I apply security patches to an offline freebsd machine? Date: Fri, 29 Sep 2017 10:44:07 -0700 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 17:40:15 -0000 On Fri, 29 Sep 2017 10:37:26 -0700 "Chris H" wrote > I'm not sure how much you might consider "too much", nor do I > really have any idea what's at your disposal. But I would like > to suggest a couple of things that may better help you cater > to your situation: > subscribe to the FreeBSD security mailing list(s): > > o FreeBSD-security-notifications@FreeBSD.org > o FreeBSD-security@FreeBSD.org > o FreeBSD-announce@FreeBSD.org Sorry. I forgot to also mention... Please read the following FreeBSD security page: https://www.freebsd.org/security/ for more [FreeBSD] security related resources, and information. > > These are for [the] BASE [system]. Ports are an entirely > different matter. It might be easiest to simply "clone" the > system that your "supporting". You could simply dump(8) that > system to a Flash DISK, or other easily removable media, and > then restore(8) it to a disk on a local system. In fact it > could be a removable disk. That you can simply plug-in, and > then boot to. The point being; that you could then update > [at least] the ports tree, and make packages [ pkg(8) ] > that you can easily install to your "supported" box, at your > convenience. > > HTH > > --Chris > > > On Fri, 29 Sep 2017 16:04:16 +0200 Ali Reza Fahimi > wrote > > > *Synopsis*: > > > > We would like to use FreeBSD (version 11.0) on one of our products. Once > > the product leaves the company, it will be disconnected from the Internet > > for good. However, as part of our support policy, we are bound to provide > > regular patches including security patches for the OS and the installed > > software to the customers. > > > > *Question*: > > > > Is there a way to apply security patches to FreeBSD in an offline machine? > > > > *What I have done so far* > > > > After googling for days, below is the summary of what people suggest to do: > > > > 1. On an online machine exactly similar to the real machine a.k.a the > > offline machine, fetch the security patches: > > > > freebsd-update fetch > > > > > > 1. > > > > Transfer the contents of the /var/db/freebsd-update directory from the > > online machine to the offline machine. > > 2. > > > > Apply the patches on the offline machine: > > > > freebsd-update install > > > > Provided the OS on the two machines are identical, this is expected to > > work. But my attempts so far have all been in vain. An error is displayed > > each time asking me to do the fetching step first by running: > > > > freebsd-update fetch > > > > > > I would be grateful if anyone could help me. > > > > *Regards* > > > > Please consider the environment before printing. > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"