Date: Thu, 20 Dec 2007 16:46:56 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: freebsd-jail@freebsd.org, "Andrew Hotlab" <andrew.hotlab@hotmail.com> Subject: Re: How to better update a jail host system Message-ID: <20071220164656.1acd2b45@deskjail> In-Reply-To: <BAY138-DS1F782EFBC33924A07CFB6F65D0@phx.gbl> References: <BAY102-W41E0DDC536BD8491761400F65C0@phx.gbl> <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> <BAY138-DS1F782EFBC33924A07CFB6F65D0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting "Andrew Hotlab" <andrew.hotlab@hotmail.com> (Thu, 20 Dec 2007 14:34:35 +0100): > > > All that is working fine now, but I wonder if I could speed up the > > > whole process, by switching to the binary update method. By using > > > the freebsd-update(8) utility on the host I think to maintain the > > > system cleaner (this utility only updates the installed > > > distributions) and to reduce the administrative effort (no > > > mergemaster(8) required, I'm right?). > > > > I don't know how freebsd-update handles the changes in /etc, but it > > can not do magic (for the update you have to update the basejail, and > > as such freebsd-update doesn't know about the etc directory of each > > jail), so something like mergemaster has to be done. I also don't know > > how it handles old (removed) files, maybe is doesn't touch them, to be > > on the safe side. > > That's another aspect I wasn't thinking of. How important might be to > update files in the /etc directory in the jails, when tracking the > security branch? There may be no change in /etc, except when there's a security patch needed there, and then you most likely want this change. > > Regarding the distributions which you haven't installed: you can > > exclude parts from building/installation. If you have a 7.x system, > > you can do "man src.conf" for all the options > > (http://www.freebsd.org/cgi/man.cgi?query=src.conf&apropos=0&sektion=0&; > > manpath=FreeBSD+7.0-RELEASE&format=html). 6.x has similar options, but > > IIRC you have to specify them in > > make.conf. > > I definitely think I'll do that from now on, and I'll likely continue > upgrading the host by building it from sources: I'll have to maintain > the sources anyway, because of the ezjail update procedure, and there > will be some kernel modifications that I'll need in the future to > improve performance on the host system (for example, do you think it > would be a nice idea to build nullfs support into the kernel?). It doesn't matter if nullfs is loaded as a module or if it is compiled into the kernel. On my systems I use a small kernel (everything which can not be loaded as a module and doesn't change the behavior depending on kernel options) and load what I need as a module. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071220164656.1acd2b45>