From owner-svn-doc-head@FreeBSD.ORG Tue May 6 15:23:20 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6BE30FFC; Tue, 6 May 2014 15:23:20 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C86CE2D; Tue, 6 May 2014 15:23:20 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s46FNKmN071596; Tue, 6 May 2014 15:23:20 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s46FNKns071595; Tue, 6 May 2014 15:23:20 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201405061523.s46FNKns071595@svn.freebsd.org> From: Dru Lavigne Date: Tue, 6 May 2014 15:23:20 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44772 - head/en_US.ISO8859-1/books/handbook/cutting-edge X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2014 15:23:20 -0000 Author: dru Date: Tue May 6 15:23:19 2014 New Revision: 44772 URL: http://svnweb.freebsd.org/changeset/doc/44772 Log: Editorial review of Applying Security Patches and Major/Minor Version sections. Clarify the portmaster switch used to disable config screens, in prep for closing PR147946. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Tue May 6 14:34:23 2014 (r44771) +++ head/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml Tue May 6 15:23:19 2014 (r44772) @@ -275,47 +275,58 @@ MergeChanges /etc/ /var/named/etc/ /boot - Security Patches + Applying Security Patches + + The process of applying &os; security patches has been + simplified, allowing an administrator to keep a system fully + patched using freebsd-update. More + information about &os; security advisories can be found in + . &os; security patches may be downloaded and installed - using the following command: + using the following commands. The first command will + determine if any outstanding patches are available, and if so, + will list the files that will be modifed if the patches are + applied. The second command will apply the patches. &prompt.root; freebsd-update fetch &prompt.root; freebsd-update install - If the update applied any kernel patches, the system will + If the update applies any kernel patches, the system will need a reboot in order to boot into the patched kernel. - Otherwise, the system should be patched and - freebsd-update may be run as a nightly - &man.cron.8; job by adding this entry to + If the patch was applied to any running binaries, the affected + applications should be restarted so that the patched version + of the binary is used. + + The system can be configured to automatically check for + updates once every day by adding this entry to /etc/crontab: @daily root freebsd-update cron - This entry states that freebsd-update - will run once every day. When run with , - freebsd-update will only check if updates - exist. If patches exist, they will automatically be - downloaded to the local disk but will not be applied. The + If patches exist, they will automatically be + downloaded but will not be applied. The root user will be - sent an email so that they may be reviewed and manually - installed. + sent an email so that the patches may be reviewed and manually + installed with + freebsd-update install. If anything goes wrong, freebsd-update has the ability to roll back the last set of changes with the following command: - &prompt.root; freebsd-update rollback + &prompt.root; freebsd-update rollback +Uninstalling updates... done. - Once complete, the system should be restarted if the - kernel or any kernel modules were modified. This will allow - &os; to load the new binaries into memory. + Again, the system should be restarted if the + kernel or any kernel modules were modified and any affected + binaries should be restarted. Only the GENERIC kernel can be automatically updated by freebsd-update. If a custom kernel is installed, it will have to be rebuilt and reinstalled after freebsd-update - finishes installing the rest of the updates. However, + finishes installing the updates. However, freebsd-update will detect and update the GENERIC kernel if /boot/GENERIC exists, @@ -326,7 +337,7 @@ MergeChanges /etc/ /var/named/etc/ /boot It is a good idea to always keep a copy of the GENERIC kernel in /boot/GENERIC. It - will be helpful in diagnosing a variety of problems, and in + will be helpful in diagnosing a variety of problems and in performing version upgrades using freebsd-update as described in . @@ -339,23 +350,21 @@ MergeChanges /etc/ /var/named/etc/ /boot Rebuilding and reinstalling a new custom kernel can then be performed in the usual way. - The updates distributed by freebsd-update do not always involve the kernel. It is not necessary to rebuild a custom kernel if - the kernel sources have not been modified by the execution - of freebsd-update install. + the kernel sources have not been modified by + freebsd-update install. However, freebsd-update will always update /usr/src/sys/conf/newvers.sh. The current patch level, as indicated by the -p number reported by uname -r, is obtained from this file. Rebuilding a custom kernel, even if nothing else changed, - allows &man.uname.1; to accurately report the current + allows uname to accurately report the current patch level of the system. This is particularly helpful when maintaining multiple systems, as it allows for a quick assessment of the updates installed in each one. - @@ -369,23 +378,22 @@ MergeChanges /etc/ /var/named/etc/ /boot Major version upgrades occur when &os; is upgraded from one major version to another, like from - &os; 8.X to &os; 9.X. Major version upgrades remove - old object files and libraries which will break most third - party applications. It is recommended that all installed - ports either be removed and re-installed or upgraded after a - major version upgrade using a utility such as + &os; 9.X to &os; 10.X. Major versions use different + Application Binary Interfaces (ABIs), which + which will break most third-party + applications. After a + major version upgrade, all installed packages and + ports need to be upgraded using a utility such as ports-mgmt/portmaster. A - brute-force rebuild of all installed applications can be + rebuild of all installed applications can be accomplished with this command: &prompt.root; portmaster -af - This will ensure everything will be re-installed - correctly. Note that setting the - BATCH environment variable to - yes will answer yes to - any prompts during this process, removing the need for - manual intervention during the build process. + This command will display the configuration screens for + each application that has configurable options and wait for the user to interact with those + screens. To prevent this behavior, and use only the default + options, include in the above command. Dealing with Custom Kernels