Date: Tue, 06 Jan 2015 23:07:58 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Roger Marquis" <marquis@roble.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp Message-ID: <86pparef5t.fsf@nine.des.no> In-Reply-To: <20150106200824.C03045ED5@smtp.des.no> (Roger Marquis's message of "Tue, 6 Jan 2015 11:59:32 -0800") References: <20141223233310.098C54BB6@nine.des.no> <86h9wln9nw.fsf@nine.des.no> <549A5492.6000503@grosbein.net> <868uhx43i5.fsf@nine.des.no> <20141226200838.DE83DACE@hub.freebsd.org> <8661cy9jim.fsf@nine.des.no> <20141231195427.AECE022B@hub.freebsd.org> <86y4plgjnm.fsf@nine.des.no> <20150106200824.C03045ED5@smtp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
"Roger Marquis" <marquis@roble.com> writes:
> "Dag-Erling Sm=C3=B8rgrav" <des@des.no> writes:
> > I do it all the time:
> > $ sudo env UNAME_r=3DX.Y-RELEASE freebsd-update fetch install
> Not sure if using a jail to test is relevant but this never updates (my)
> binaries to the specified RELEASE/RELENG, only to the current kernel's pa=
tch
> level.
No, it updates everything. Like I said, I do this all the time,
including with jails that run a different release than the host system.
> Then there's the issue of specifying -RELEASE to mean -RELENG.
There is no such thing as -RELENG. See sys/conf/newvers.sh.
> > Actually, you want to do this from *outside* the jail, partly out of
> > healthy paranoia and partly so freebsd-update will re-use previously
> > downloaded indexes and patches
> Updates to non-jailed environments are the preferred method to be sure but
> patching and testing base updates in a jail can be more convenient.
You missed my point. You can run freebsd-update outside the jail to
update the contents of the jail. See the attached shell script.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
--=-=-=
Content-Type: text/plain
Content-Disposition: attachment; filename=jail-upgrade.sh
#!/bin/sh
#
# $Id$
#
progname="$(basename $0)"
#
# Print an informational message.
#
info() {
echo "$@"
}
#
# Print an error message to stderr and exit.
#
error() {
echo "$progname: $@" >&2
exit 1
}
#
# Ask a question and wait for an answer. Keep asking until the user
# answers yes or no.
#
# Usage example:
#
# if yesno foo ; then echo yes ; else echo no ; fi
#
yesno() {
while :; do
echo -n "$@ (yes/no) "
read answer
case $answer in
[Yy]|[Yy][Ee][Ss])
return 0
;;
[Nn]|[Nn][Oo])
return 1
;;
esac
done
}
#
# Print a usage string and exit.
#
usage() {
echo "usage: $progname jailname [[from-release] to-release]" >&2
exit 1
}
main() {
case $# in
1)
jailname="$1"
;;
2)
jailname="$1"
fromrel="$(uname -r)"
torel="$2"
;;
3)
jailname="$1"
fromrel="$2"
torel="$3"
;;
*)
usage
;;
esac
jailroot="/jail/$jailname"
basehash="$(echo $jailroot | sha256 -q)"
statedir="/var/db/freebsd-update/"
install_link="$statedir/$basehash-install"
conffile="$jailroot/etc/freebsd-update.conf"
if [ -n "$torel" ] ; then
fetch="upgrade"
relarg="-r $torel"
pre_uname="UNAME_r=$fromrel"
post_uname="UNAME_r=$torel"
else
fetch="fetch"
fi
if [ -n "$torel" ] ; then
if [ -n "${QUICK_UPGRADE+yes}" ] ; then
echo "Upgrading $jailroot from $fromrel to $torel"
else
yesno "Upgrade $jailroot from $fromrel to $torel?"
fi
else
if [ -n "${QUICK_UPGRADE+yes}" ] ; then
echo "Upgrading $jailroot"
else
yesno "Update $jailroot?"
fi
fi || exit 0
if [ -n "${QUICK_UPGRADE+yes}" ] ; then
export PAGER=cat
fi
set -e
env $pre_uname freebsd-update -b "$jailroot" -d "$statedir" -f "$conffile" $relarg $fetch
[ -d "$install_link" ] || exit 1
env $pre_uname freebsd-update -b "$jailroot" -d "$statedir" -f "$conffile" $relarg install
if [ -n "${QUICK_UPGRADE+yes}" ] ; then
echo "Quick upgrade, not restarting $jailname"
elif yesno "Restart $jailname before proceeding?" ; then
/etc/rc.d/jail restart $jailname
fi
[ -d "$install_link" ] || exit 0
env $post_uname freebsd-update -b "$jailroot" -d "$statedir" -f "$conffile" $relarg install
[ -d "$install_link" ] || exit 0
env $post_uname freebsd-update -b "$jailroot" -d "$statedir" -f "$conffile" $relarg install
}
main "$@"
--=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86pparef5t.fsf>