From owner-freebsd-questions@FreeBSD.ORG Thu Jun 30 07:23:57 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58B9B16A41C for ; Thu, 30 Jun 2005 07:23:57 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1630443D49 for ; Thu, 30 Jun 2005 07:23:56 +0000 (GMT) (envelope-from nikolas.britton@gmail.com) Received: by wproxy.gmail.com with SMTP id i4so50977wra for ; Thu, 30 Jun 2005 00:23:56 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hr1gHOYWHTNuHb1/BrqnoJEOQJUqyTgc9y+VtE2nzIENT4Kr3WK1SY4szFvHllhpSIP4++0P+2vWO8+6o1UFLk5cIpHwyKvV+L1XMkq4/HBuj/2DGVt+va3AttRi1ycavV06aAQyLgSmb8/Sf+HcLb+boqEUZlofWus57oJCiNw= Received: by 10.54.47.17 with SMTP id u17mr246657wru; Thu, 30 Jun 2005 00:23:56 -0700 (PDT) Received: by 10.54.124.2 with HTTP; Thu, 30 Jun 2005 00:23:56 -0700 (PDT) Message-ID: Date: Thu, 30 Jun 2005 02:23:56 -0500 From: Nikolas Britton To: Nekdo Nekje In-Reply-To: <515659fd05062923352f6f36d0@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <515659fd05062923352f6f36d0@mail.gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Keeping 5.4 RELEASE up to date X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Nikolas Britton List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 07:23:57 -0000 On 6/30/05, Nekdo Nekje wrote: > Hello, list... >=20 > I sort of have this question about FreeBSD... I'm a newbie so please > bear with me.. ;) >=20 > I'm building a firewall on 5.4 release. I have a clean install and I > would like some way so I can update the system. For what I understand, > one can download patches and apply them manually. What I'm looking for > is a way so I can automatically update all the necessary files, > preferably the binary way. >=20 > I searched the Internet and found a way to do it in a document, bu it > was written for 5.2 release and I was wondering if it's okay to use it > on 5.4? >=20 > http://www.taosecurity.com/keeping_freebsd_up-to-date.html >=20 > Any thoughts on this?? >=20 Most everything in that article should still apply. In my opinion it's a bit too optimistic to expect the update process to be %100 automated. Off the top of my head I'd setup a cron job that run's every few days... something such as this: date > /root/build_date && nice +20 cvsup -g -L 0 /root/release-sup && cd /usr/src && nice +20 make buildworld && nice +20 make buildkernel && nice +20 make installkernel && date >> /root/build_date This way all you will have to do is run make installworld and mergemaster when a security alert is issued. make sure your cvsup release tag is set to a release/security branch like RELENG_5_4 and not set to -STABLE i.e. RELENG_5. I'm positive there are better ways then the one I showed you. I'm sure the guys here can help you out some more.