Date: Mon, 2 Apr 2001 16:25:02 +1000 From: jesse reynolds <jesse@va.com.au> To: Alex Charalabidis <alex@wnm.net> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: can FreeBSD apply security updates without making world? Message-ID: <a05010425b6edcb048553@[10.0.1.52]> In-Reply-To: <Pine.BSF.4.32.0104020059490.53369-100000@earth.wnm.net> References: <Pine.BSF.4.32.0104020059490.53369-100000@earth.wnm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 1:21 -0500 2/4/2001, Alex Charalabidis wrote:
>On Mon, 2 Apr 2001, jesse reynolds wrote:
>
>> At 23:47 -0500 1/4/2001, Alex Charalabidis wrote:
>> >On Mon, 2 Apr 2001, jesse reynolds wrote:
>> >
>> > > However the problem with ports is that you virtually have to upgrade
>> >> your OS to the very latest version in order for the latest port to
>> >> actually build. (not always the case, but mostly).
>> >>
>> >Rarely the case, actually, though you might need an update package for the
>> >ports collection itself.
>>
>> Sadly it's been mostly the case for me. I'll try an update package
>> for ports, again, but last time I tried thereafter every port I tried
>> to run said "sorry, your version of freebsd is not new enough, please
>> install the latest freebsd" - or something to that effect.
>>
>You're making life difficult for yourself by keeping 3.3 instead of
>upgrading to at least 3.5-STABLE (which includes BIND 8.2.3 in the base
>system). Did you update the ports collection itself after installing the
>update package? Ports support for 3.x has been officially discontinued but
>I've had no problem building ports on 3.x yet, nothing's changed enough to
>make them break. Changing to 3.5-STABLE addresses a host of other issues
>too, just read the advisories.
I'm too scared to upgrade the OS on a production server. Do you think
I shouldn't be? ... can I do it by remote? :-)
> > > > what about packages, is the way to go to download a package for the
>> >> OS version you're running (eg FreeBSD 3.3-RELEASE or 4.1-RELEASE) and
>> >> install it over the top of what you've got?
>> >>
>> >For packages, you ought to remove the old package before installing the
>> >new one; for ports, after a successful 'make,' pkg_delete or 'make
>> >deinstall' the old version before your 'make install.'
>>
>> okay, does package deletion remove config files as well?
>>
>No, for the very good reason that you may have spent hours fine-tuning
>your config files, which may well work perfectly with the new version
>you're installing, and don't want them blown away with the next upgrade.
Great.
> > So, case in point, i want to upgrade to the latest BIND, I currently
>> have FreeBSD 3.3-RELEASE on this box, and I believe I installed the
>> BIND from the ports collection of that release, it's version 8.1.2.
>> However there is no pkg_info for bind on this box... how easy will it
>> be to upgrade it do you think?
>>
>Here's what I did on some machines specifically for the BIND issue, though
>it's strictly a no-no if you go by the book and I did it with somewhat
>more recent kernels: I cvsup'ed the latest RELENG_3 source and rebuilt
>libisc, libbind and then named itself from the new sources. You shouldn't
>be doing it but it might work. If you choose to do so, back up those
>components before trying it. This is the best I, or anyone else, can do
>for a man who refuses to upgrade. It's really bad advice but yours if
>you want it. :)
Cool. Well i'd like to upgrade, but would need to migrate all the web
applications off this server (and the DNS) before upgrading the OS,
as I'm scared about killing the server.
Maybe there are better stragegies for upgrading OS's on remote
production servers?
cheers
jesse
--
Jesse Reynolds - Virtual Artists Pty Ltd - http://www.va.com.au
Email: jesse (at) va.com.au > Web Hosting
Phone: +61 8 8223 2288 > Streaming Media Hosting
?: http://jesse.va.com.au > Telehousing / Colocation
> Internet Application Design
"This is the time, and this is the record of the time. "
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a05010425b6edcb048553>