Date: Tue, 6 May 2014 15:23:20 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44772 - head/en_US.ISO8859-1/books/handbook/cutting-edge Message-ID: <201405061523.s46FNKns071595@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Tue May 6 15:23:19 2014 New Revision: 44772 URL: http://svnweb.freebsd.org/changeset/doc/44772 Log: Editorial review of Applying Security Patches and Major/Minor Version sections. Clarify the portmaster switch used to disable config screens, in prep for closing PR147946. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Tue May 6 14:34:23 2014 (r44771) +++ head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Tue May 6 15:23:19 2014 (r44772) @@ -275,47 +275,58 @@ MergeChanges /etc/ /var/named/etc/ /boot </sect2> <sect2 xml:id="freebsdupdate-security-patches"> - <title>Security Patches</title> + <title>Applying Security Patches</title> + + <para>The process of applying &os; security patches has been + simplified, allowing an administrator to keep a system fully + patched using <command>freebsd-update</command>. More + information about &os; security advisories can be found in + <xref linkend="security-advisories"/>.</para> <para>&os; security patches may be downloaded and installed - using the following command:</para> + using the following commands. The first command will + determine if any outstanding patches are available, and if so, + will list the files that will be modifed if the patches are + applied. The second command will apply the patches.</para> <screen>&prompt.root; <userinput>freebsd-update fetch</userinput> &prompt.root; <userinput>freebsd-update install</userinput></screen> - <para>If the update applied any kernel patches, the system will + <para>If the update applies any kernel patches, the system will need a reboot in order to boot into the patched kernel. - Otherwise, the system should be patched and - <command>freebsd-update</command> may be run as a nightly - &man.cron.8; job by adding this entry to + If the patch was applied to any running binaries, the affected + applications should be restarted so that the patched version + of the binary is used.</para> + + <para>The system can be configured to automatically check for + updates once every day by adding this entry to <filename>/etc/crontab</filename>:</para> <programlisting>@daily root freebsd-update cron</programlisting> - <para>This entry states that <command>freebsd-update</command> - will run once every day. When run with <option>cron</option>, - <command>freebsd-update</command> will only check if updates - exist. If patches exist, they will automatically be - downloaded to the local disk but will not be applied. The + <para>If patches exist, they will automatically be + downloaded but will not be applied. The <systemitem class="username">root</systemitem> user will be - sent an email so that they may be reviewed and manually - installed.</para> + sent an email so that the patches may be reviewed and manually + installed with + <command>freebsd-update install</command>.</para> <para>If anything goes wrong, <command>freebsd-update</command> has the ability to roll back the last set of changes with the following command:</para> - <screen>&prompt.root; <userinput>freebsd-update rollback</userinput></screen> + <screen>&prompt.root; <userinput>freebsd-update rollback</userinput> +Uninstalling updates... done.</screen> - <para>Once complete, the system should be restarted if the - kernel or any kernel modules were modified. This will allow - &os; to load the new binaries into memory.</para> + <para>Again, the system should be restarted if the + kernel or any kernel modules were modified and any affected + binaries should be restarted.</para> <para>Only the <filename>GENERIC</filename> kernel can be automatically updated by <command>freebsd-update</command>. If a custom kernel is installed, it will have to be rebuilt and reinstalled after <command>freebsd-update</command> - finishes installing the rest of the updates. However, + finishes installing the updates. However, <command>freebsd-update</command> will detect and update the <filename>GENERIC</filename> kernel if <filename>/boot/GENERIC</filename> exists, @@ -326,7 +337,7 @@ MergeChanges /etc/ /var/named/etc/ /boot <para>It is a good idea to always keep a copy of the <filename>GENERIC</filename> kernel in <filename>/boot/GENERIC</filename>. It - will be helpful in diagnosing a variety of problems, and in + will be helpful in diagnosing a variety of problems and in performing version upgrades using <command>freebsd-update</command> as described in <xref linkend="freebsdupdate-upgrade"/>.</para> @@ -339,23 +350,21 @@ MergeChanges /etc/ /var/named/etc/ /boot Rebuilding and reinstalling a new custom kernel can then be performed in the usual way.</para> - <note> <para>The updates distributed by <command>freebsd-update</command> do not always involve the kernel. It is not necessary to rebuild a custom kernel if - the kernel sources have not been modified by the execution - of <command>freebsd-update install</command>. + the kernel sources have not been modified by + <command>freebsd-update install</command>. However, <command>freebsd-update</command> will always update <filename>/usr/src/sys/conf/newvers.sh</filename>. The current patch level, as indicated by the <literal>-p</literal> number reported by <command>uname -r</command>, is obtained from this file. Rebuilding a custom kernel, even if nothing else changed, - allows &man.uname.1; to accurately report the current + allows <command>uname</command> to accurately report the current patch level of the system. This is particularly helpful when maintaining multiple systems, as it allows for a quick assessment of the updates installed in each one.</para> - </note> </sect2> <sect2 xml:id="freebsdupdate-upgrade"> @@ -369,23 +378,22 @@ MergeChanges /etc/ /var/named/etc/ /boot <para><emphasis>Major version</emphasis> upgrades occur when &os; is upgraded from one major version to another, like from - &os; 8.X to &os; 9.X. Major version upgrades remove - old object files and libraries which will break most third - party applications. It is recommended that all installed - ports either be removed and re-installed or upgraded after a - major version upgrade using a utility such as + &os; 9.X to &os; 10.X. Major versions use different + Application Binary Interfaces (<acronym>ABI</acronym>s), which + which will break most third-party + applications. After a + major version upgrade, all installed packages and + ports need to be upgraded using a utility such as <package>ports-mgmt/portmaster</package>. A - brute-force rebuild of all installed applications can be + rebuild of all installed applications can be accomplished with this command:</para> <screen>&prompt.root; <userinput>portmaster -af</userinput></screen> - <para>This will ensure everything will be re-installed - correctly. Note that setting the - <varname>BATCH</varname> environment variable to - <literal>yes</literal> will answer <literal>yes</literal> to - any prompts during this process, removing the need for - manual intervention during the build process.</para> + <para>This command will display the configuration screens for + each application that has configurable options and wait for the user to interact with those + screens. To prevent this behavior, and use only the default + options, include <option>-G</option> in the above command.</para> <sect3 xml:id="freebsd-update-custom-kernel"> <title>Dealing with Custom Kernels</title>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405061523.s46FNKns071595>