From owner-freebsd-questions@FreeBSD.ORG Tue Oct 5 20:40:08 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 19413106566C for ; Tue, 5 Oct 2010 20:40:08 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id C16868FC1C for ; Tue, 5 Oct 2010 20:40:05 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1P3EIr-0005vc-Rz for freebsd-questions@freebsd.org; Tue, 05 Oct 2010 22:40:01 +0200 Received: from pool-173-79-85-36.washdc.fios.verizon.net ([173.79.85.36]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 05 Oct 2010 22:40:01 +0200 Received: from nightrecon by pool-173-79-85-36.washdc.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 05 Oct 2010 22:40:01 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Followup-To: gmane.os.freebsd.questions Date: Tue, 05 Oct 2010 16:44:23 -0400 Lines: 58 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: pool-173-79-85-36.washdc.fios.verizon.net Subject: Re: Confused about keeping system up to date X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Oct 2010 20:40:08 -0000 Ed Flecko wrote: > Hi folks, > I'm running Production Release 8.1 on a production server. > > For a variety of reasons, I've decided to keep my system up to date > via building it from source code. > > 1.) I want to follow the 8.1 errata branch, which (after rebuilding) > pretty much just applies any released patches, right? > > 2.) I want the entry in my supfile to read: tag=RELENG_8_1_0 - or > tag=RELENG_8.1_0 ? tag=RELENG_8_1 is known as the 'security branch' of 8.1-RELEASE. It is RELEASE plus security patches. RELEASE itself will never change. > 3.) As a general rule, the only time you really NEED to update, > rebuild your system, etc., is after there's been a security patch > release, right? True for RELEASE, not true for tracking -STABLE or -CURRENT as they are shifting targets. On production servers I only use RELEASE and only update for security updates. IMHO the only reason for considering a move from RELEASE to STABLE is if there is a specific fix for a very specific issue which had been fixed in - CURRENT and MFC'd back to STABLE. Don't have the exact issue in the bug report - stick with RELEASE. > 4.) Is RELENG_8_1 the same thing as 8.1-RELEASE ??? RELEASE itself is static. RELENG_8_1 is RELEASE plus security patches. > 5.) If I'm just trying to keep my system up to date as far as applying > security patches, should I just follow the directions in the security > patch notes to apply it, or should I update via cvsup (or csup, etc.) > and rebuild the system? I guess what I'm asking is: when, if ever (?) > should you just apply patches or should you always update, rebuild, > etc.??? > I read and follow the instructions in the announcement. If the issue is located in a userland utility, e.g. non-kernel related, you can apply the patch, rebuild/reinstall just that piece of code, and not reboot the system. A production system can remain in production. The thing that will be lacking is uname will not show the update status such as: 8.1-RELEASE-p1 <- the p(x) number will not increment. This number will increment when doing a make buildworld. buildkernel, installkernel, and installworld rebuild by csup of source. This approach is necessitated when the issue is in the kernel code. The instructions in the announcement will tell you this so you can choose. But anytime the rebuild from source of kernel code is required so is a reboot. -Mike