From owner-freebsd-questions@freebsd.org Mon Jul 13 20:45:28 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3FD699CB70 for ; Mon, 13 Jul 2015 20:45:28 +0000 (UTC) (envelope-from brandon.wandersee@gmail.com) Received: from mail-ie0-f177.google.com (mail-ie0-f177.google.com [209.85.223.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 96D741568 for ; Mon, 13 Jul 2015 20:45:28 +0000 (UTC) (envelope-from brandon.wandersee@gmail.com) Received: by iecuq6 with SMTP id uq6so243658747iec.2 for ; Mon, 13 Jul 2015 13:45:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=references:from:to:cc:subject:in-reply-to:date:message-id :mime-version:content-type; bh=eUrQyxytfX3wwp/YHCsJ1AZZqvmBABp3Wa+YldX0aVo=; b=bHMVkHcOWB6F/TLSP8Rmww84a8vgcrOHDwT5gjvHZ9pl0P7thHDOFcAzM4WaJtIAPi rFefeHzpZ4RHTvsb8H0KEc/VEgHSpVpuH6n1T9MkfxZG8Oq5QsWeCEkmTQ1SrJcHrNIX hyvEjGuNf5eyH26mGQtMFwvEvmtkLzWf/+UyuXejJnxvm9gJ6BjOv0tRrV5WG4qQQbT8 EPBOFdOlDAFcclTlAq9sDIy2g8hti8p/Z21kw4fBVRu+A3Xj6M+bMOEVUJWMewxfDdm9 yquwBYdK8TFmmJiCaNq3Gl8kiAofxbDKsqTBigbtJkIeU82UiFsAg4E6hVPkMcf6aTdb rcNQ== X-Received: by 10.107.153.5 with SMTP id b5mr18902274ioe.143.1436820322611; Mon, 13 Jul 2015 13:45:22 -0700 (PDT) Received: from WorkBox.Home.gmail.com (75-168-176-141.mpls.qwest.net. [75.168.176.141]) by smtp.gmail.com with ESMTPSA id m1sm6423201igv.8.2015.07.13.13.45.20 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jul 2015 13:45:21 -0700 (PDT) References: <559C6B73.8050509@sneakertech.com> <559EA8B8.8080701@sneakertech.com> <559ED47E.8050905@hiwaay.net> <559F25F8.1030508@sneakertech.com> <559F2853.5000103@sneakertech.com> <55A12660.9090304@gmx.de> <55A20318.8010506@sneakertech.com> From: Brandon J. Wandersee To: Quartz Cc: FreeBSD questions Subject: Re: Questions about freebsd-update In-reply-to: <55A20318.8010506@sneakertech.com> Date: Mon, 13 Jul 2015 15:45:19 -0500 Message-ID: <86pp3v7pnk.fsf@WorkBox.Home> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2015 20:45:28 -0000 Quartz writes: >>When you install Windows and a service pack, you can't stop in >> the half of the service pack installation. >> >> freebsd-update make the same thing like windows update, it will install >> security updates. > > Well, sorta. With Windows or OSX or whatever you can get a list of all > the updates it wants to install and you can check/uncheck them > individually, and you can download a lot of the major > updates/KBs/service packs separately and install them offline if you > need to. I was hoping there was something similar for FreeBSD. The analogy remains apt. When you update a Windows system, you do indeed have the option to select which updates are installed and which are withheld, but each of those updates is a single package comprising multiple files. The same holds for freebsd-update: when you use it, you get an update containing multiple files that have been modified with the latest changes. The difference is that you don't get to install updates 1-3, 5, 7, and 10-13. You have to install all of them. This may be less slightly less versatile than the Windows and OS X cases, but that's irrelevant, because the design and development model of FreeBSD is fundamentally different. It seems to me that there are two roadblocks to understanding, here: first, the behavior you describe--having multiple updates installed with freebsd-update, without any choice in which ones get installed--will only occur provided you do not update your system every time a FreeBSD Security Advisory or Errata Notice is sent out. In such a case, when you finally get around to updating the system, yes, every previous update will be installed along with the latest one. The reasoning behind this is, quite simply, that the only reason a x.x-RELEASE version of FreeBSD gets updated is for major security and bug fixes, and since freebsd-update is just a convenient way of getting security and bug fixes on x.x-RELEASE versions, there's no reason to apply some updates but not others. To put this another way: the updates you get with freebsd-update are inherently conservative, and don't introduce any new, untested features. *Only updates considered vital to a stable, secure system are included.* All of the testing and experimentation takes place in the -STALBE and -CURRENT branches, which cannot be updated via freebsd-update anyway. The only way to avoid a bulk update is to track the releng/* or stable/* branch of your version of FreeBSD (such as releng/10), manually update your local source repository to whichever commit you wish to test, and rebuild world. This brings up the second possible barrier to understanding: even supposing you updated your system by rebuilding world from source one commit at a time, you still wouldn't have absolute control over everything that got updated, because a single commit to the FreeBSD source tree could contain changes to multiple, unrelated facets of the system. So even a single commit could still function much the same way a freebsd-update distribution would: multiple files from multiple facets of the system being updated simultaneously. There's simply no way to get control over every single aspect of the system short of manually patching every single file. Again, though, in the case of releng/* branches, the updates are inherently conservative: only those things immediately necessary to maintaining or enhancing security and stability are changed. So not only is there no greatly compelling reason to apply individual updates via freebsd-update, but the only compelling reason to build from source is to control the components installed with the base system via src.conf(5). In either case, the only updates to the base system you'll receive are those you really shouldn't be passing up anyway, and which shouldn't have any profound effect on how third-party applications function on the system. -- ================================================================= :: Brandon Wandersee :: :: brandon.wandersee@gmail.com :: ================================================================== 'A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.' - Douglas Adams ==================================================================