From owner-freebsd-stable Thu Mar 14 3:47:45 2002 Delivered-To: freebsd-stable@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id 753C837B416 for ; Thu, 14 Mar 2002 03:47:39 -0800 (PST) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Thu, 14 Mar 2002 11:47:28 +0000 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 16lTfU-0006DT-00; Thu, 14 Mar 2002 11:45:12 +0000 Date: Thu, 14 Mar 2002 11:45:11 +0000 (GMT) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: Erik Trulsson Cc: MikeM , freebsd-stable Subject: Re: Remote upgrading (was: /etc/make.conf question) In-Reply-To: <20020312171954.GB10440@student.uu.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 12 Mar 2002, Erik Trulsson wrote: > There are two reasons for booting into single-user. One is to make sure > that the machine is "quiet" since any programs running might get > confused as the system is changed underneath them. > The other is to allow you to check that the newly-built kernel is > working properly before you install all the user-land programs. > It is easy to go back to using an older kernel but reversing an > installworld is not so easy. > > Now, if you can ensure that the machine is "quiet" in some other way, > for example by not running any applications yourself and making sure > nobody else is logged in, and are confident that the new kernel will > work then there is no reason you can't do a remote upgrade. > > I have done remote upgrades on my computer several times without any > major problems but YMMV. There also seems to be a bit of a push to get /usr (and /) read-only. If you can manage that, then an alternative (fast) upgrade mechanism looks like this: - mirror (copy) / and /usr to spare partition - mount copy of / and /usr somewhere out of the way - run the upgrade on the off-line copy - reboot into the mirrored system - if that worked ok, switch your notion of "live" and "copy". It'd be really nice if the bootloader could fall back to the known good state, should the reboot fail. Otherwise, you're stuck with a serial console to try to figure things out. Sun have something like this for Solaris; it's a neat trick. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk "Impact of vulnerability: Run code of an attacker's choice Maximum Severity Rating: Moderate" -- M$ security bulletin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message