From owner-freebsd-questions@FreeBSD.ORG Wed Mar 1 18:09:52 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA9B716A420 for ; Wed, 1 Mar 2006 18:09:52 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from ns1.internetinsite.com (ns1.internetinsite.com [208.179.97.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7138943D49 for ; Wed, 1 Mar 2006 18:09:52 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from squirrel.kq6up.org (localhost.internetinsite.com [IPv6:::1]) by ns1.internetinsite.com (8.13.4/8.13.4) with ESMTP id k21I9pZP087918; Wed, 1 Mar 2006 10:09:51 -0800 (PST) (envelope-from chris@chrismaness.com) Received: from 67.126.165.122 (proxying for 192.168.254.31, 127.0.0.1) (SquirrelMail authenticated user chris) by squirrel.kq6up.org with HTTP; Wed, 1 Mar 2006 10:09:51 -0800 (PST) Message-ID: <50124.67.126.165.122.1141236591.squirrel@squirrel.kq6up.org> Date: Wed, 1 Mar 2006 10:09:51 -0800 (PST) From: chris@chrismaness.com To: "Chris Hill" User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal References: <43EA9782.7060708@chrismaness.com> <20060208203027.H73762@tripel.monochrome.org> In-Reply-To: <20060208203027.H73762@tripel.monochrome.org> Cc: Chris Maness , freebsd-questions@freebsd.org Subject: Re: Tracking Security in Ports and Base System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2006 18:09:52 -0000 > On Wed, 8 Feb 2006, Chris Maness wrote: > >> How should I set up cvsup to just track security updates for ports. And would the best thing to do after I synced CVS, do portupgrade -a so that everything selected gets rebuilt. > > I'm not sure there is a way to do this for ports, other than manually checking what's been changed and whether you consider that to be a security upgrade, then upgrading each applicable port by hand. As far as I understand, there is only one tag for ports ("tag=."), which gets you the "current" ports tree. I *can* guarantee that others know more about this than I do. > >> What is the equivalent for the base system? > > Much simpler: just track RELENG_your_release to get security updates and bug fixes and nothing else. For example, mine is RELENG_5_4 and > therefore tracks 5.4-RELEASE. > > HTH. > > -- > Chris Hill chris@monochrome.org > ** [ Busy Expunging <|> ] > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Is my supfile correct to track security for freebsd-6.0? # $FreeBSD: src/share/examples/cvsup/stable-supfile,v 1.29.2.1 2005/09/28 14:00:13 kensmith Exp $ # # This file contains all of the "CVSup collections" that make up the # FreeBSD-stable source tree. # # CVSup (CVS Update Protocol) allows you to download the latest CVS # tree (or any branch of development therefrom) to your system easily # and efficiently (far more so than with sup, which CVSup is aimed # at replacing). If you're running CVSup interactively, and are # currently using an X display server, you should run CVSup as follows # to keep your CVS tree up-to-date: # # cvsup stable-supfile # # If not running X, or invoking cvsup from a non-interactive script, then # run it as follows: # # cvsup -g -L 2 stable-supfile # # You may wish to change some of the settings in this file to better # suit your system: # # host=CHANGE_THIS.FreeBSD.org # This specifies the server host which will supply the # file updates. You must change it to one of the CVSup # mirror sites listed in the FreeBSD Handbook at # http://www.freebsd.org/doc/handbook/mirrors.html. # You can override this setting on the command line # with cvsup's "-h host" option. # # base=/var/db # This specifies the root where CVSup will store information # about the collections you have transferred to your system. # A setting of "/var/db" will generate this information in # /var/db/sup. Even if you are CVSupping a large number of # collections, you will be hard pressed to generate more than # ~1MB of data in this directory. You can override the # "base" setting on the command line with cvsup's "-b base" # option. This directory must exist in order to run CVSup. # # prefix=/usr # This specifies where to place the requested files. A # setting of "/usr" will place all of the files requested # in "/usr/src" (e.g., "/usr/src/bin", "/usr/src/lib"). # The prefix directory must exist in order to run CVSup. # ############################################################################### # # DANGER! WARNING! LOOK OUT! VORSICHT! # # If you add any of the ports or doc collections to this file, be sure to # specify them with a "tag" value set to ".", like this: # # ports-all tag=. # doc-all tag=. # # If you leave out the "tag=." portion, CVSup will delete all of # the files in your ports or doc tree. That is because the ports and doc # collections do not use the same tags as the main part of the FreeBSD # source tree. # ############################################################################### # Defaults that apply to all the collections # # IMPORTANT: Change the next line to use one of the CVSup mirror sites # listed at http://www.freebsd.org/doc/handbook/mirrors.html. *default host=cvsup7.FreeBSD.org *default base=/var/db *default prefix=/usr # The following line is for 6-stable. If you want 5-stable, 4-stable, # 3-stable, or 2.2-stable, change to "RELENG_5", "RELENG_4", "RELENG_3", # or "RELENG_2_2" respectively. *default release=cvs tag=RELENG_6 *default delete use-rel-suffix # If you seem to be limited by CPU rather than network or disk bandwidth, try # commenting out the following line. (Normally, today's CPUs are fast enough # that you want to run compression.) *default compress ## Main Source Tree. # # The easiest way to get the main source tree is to use the "src-all" # mega-collection. It includes all of the individual "src-*" collections. # Please note: If you want to track -STABLE, leave this uncommented. src-all # These are the individual collections that make up "src-all". If you # use these, be sure to comment out "src-all" above. #src-base #src-bin #src-contrib #src-etc #src-games #src-gnu #src-include #src-kerberos5 #src-kerberosIV #src-lib #src-libexec #src-release #src-sbin #src-share #src-sys #src-tools #src-usrbin #src-usrsbin # These are the individual collections that make up FreeBSD's crypto # collection. They are no longer export-restricted and are a part of # src-all #src-crypto #src-eBones #src-secure #src-sys-crypto