Date: Fri, 29 Sep 2017 10:44:07 -0700 From: "Chris H" <bsd-lists@bsdforge.com> To: <freebsd-hackers@freebsd.org> Subject: Re: How can I apply security patches to an offline freebsd machine? Message-ID: <f92c6c5d526ad2058456b58dff0b4eaf@ultimatedns.net> In-Reply-To: <bc10c0714044252c5cb0c5a33a2b552e@ultimatedns.net> References: <CAKJx5=SkD3MBRHMa-0D=8ucK412m80M1PFfnb0KkNYcLALuEtA@mail.gmail.com>, <bc10c0714044252c5cb0c5a33a2b552e@ultimatedns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 29 Sep 2017 10:37:26 -0700 "Chris H" <bsd-lists@bsdforge.com> wrote > I'm not sure how much you might consider "too much", nor do I > really have any idea what's at your disposal. But I would like > to suggest a couple of things that may better help you cater > to your situation: > subscribe to the FreeBSD security mailing list(s): > > o FreeBSD-security-notifications@FreeBSD.org > o FreeBSD-security@FreeBSD.org > o FreeBSD-announce@FreeBSD.org Sorry. I forgot to also mention... Please read the following FreeBSD security page: https://www.freebsd.org/security/ for more [FreeBSD] security related resources, and information. > > These are for [the] BASE [system]. Ports are an entirely > different matter. It might be easiest to simply "clone" the > system that your "supporting". You could simply dump(8) that > system to a Flash DISK, or other easily removable media, and > then restore(8) it to a disk on a local system. In fact it > could be a removable disk. That you can simply plug-in, and > then boot to. The point being; that you could then update > [at least] the ports tree, and make packages [ pkg(8) ] > that you can easily install to your "supported" box, at your > convenience. > > HTH > > --Chris > > > On Fri, 29 Sep 2017 16:04:16 +0200 Ali Reza Fahimi <ar.fahimi@gmail.com> > wrote > > > *Synopsis*: > > > > We would like to use FreeBSD (version 11.0) on one of our products. Once > > the product leaves the company, it will be disconnected from the Internet > > for good. However, as part of our support policy, we are bound to provide > > regular patches including security patches for the OS and the installed > > software to the customers. > > > > *Question*: > > > > Is there a way to apply security patches to FreeBSD in an offline machine? > > > > *What I have done so far* > > > > After googling for days, below is the summary of what people suggest to do: > > > > 1. On an online machine exactly similar to the real machine a.k.a the > > offline machine, fetch the security patches: > > > > freebsd-update fetch > > > > > > 1. > > > > Transfer the contents of the /var/db/freebsd-update directory from the > > online machine to the offline machine. > > 2. > > > > Apply the patches on the offline machine: > > > > freebsd-update install > > > > Provided the OS on the two machines are identical, this is expected to > > work. But my attempts so far have all been in vain. An error is displayed > > each time asking me to do the fetching step first by running: > > > > freebsd-update fetch > > > > > > I would be grateful if anyone could help me. > > > > *Regards* > > > > Please consider the environment before printing. > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f92c6c5d526ad2058456b58dff0b4eaf>