Date: Thu, 26 Jul 2001 12:22:25 -0500 From: Scott Johnson <sjohn@airlinksys.com> To: freebsd-security@FreeBSD.ORG Subject: Re: [Q] distribution of patched binaries for security fixes. Message-ID: <20010726122225.A59848@sjohn.airlinksys.com> In-Reply-To: <OF4DA81783.35F31A25-ON48256A95.003A491A@allsolutions.com.au>; from David_May@allsolutions.com.au on Thu, Jul 26, 2001 at 06:47:21PM %2B0800 References: <OF4DA81783.35F31A25-ON48256A95.003A491A@allsolutions.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth David_May@allsolutions.com.au on Thu, Jul 26, 2001 at 06:47:21PM +0800: > > > Hello, I am setting up a FreeBSD machine to track the STABLE branch > and to rebuild the system from time-to-time. The main reason being to > keep track of security related fixes and enhancents.The documentation > covers that quite well. > > But I was wondering what is a good procedure to distribute updated > binaries to other machines. I several have production machines that I > would like to keep up-to-date but do not want to compile source on > every machine. > > Being able to create something like a Windows NT service pack > would be nice :) I just mount /usr/src and /usr/obj read-only from the build machine, and install. For kernels, I mount /usr/src only, and build on the target. If you follow RELENG_4_3 (4.3-RELEASE + security fixes) your life gets much easier -- no more building world. Just cvsup, build the affected systems (follow the steps in the security notification), and install on every machine build_machine# cvsup -g -L 2 supfile build_machine# rm -rf /usr/obj/usr/ build_machine# cd /usr/src/affected_component build_machine# make depend && make all install target_machine# mount -t nfs build_machine:/usr/src /usr/src target_machine# mount -t nfs build_machine:/usr/obj /usr/obj target_machine# cd /usr/src/affected_component target_machine# make install If you have a lot of machines to update, rdist + ssh may simplify things further, transferring binaries and killing and restarting daemons, etc. These are production machines, right? Why do you want to track -STABLE, building and installing world all the time? If it ain't broke, don't fix it! -- Scott Johnson System/Network Administrator Airlink Systems To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010726122225.A59848>