From owner-freebsd-jail@FreeBSD.ORG Thu Dec 20 07:51:31 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 741AE16A420 for ; Thu, 20 Dec 2007 07:51:31 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 0E05313C45D for ; Thu, 20 Dec 2007 07:51:30 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A57E8C.dip.t-dialin.net [84.165.126.140]) by redbull.bpaserver.net (Postfix) with ESMTP id E08642E116; Thu, 20 Dec 2007 08:34:44 +0100 (CET) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id DEA5D7C092; Thu, 20 Dec 2007 08:34:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1198136082; bh=cVi58KkQ0z/lFozBuFTbB9gdl+7wATs7y fBS9xWACg4=; h=Message-ID:X-Priority:Date:From:To:Cc:Subject: References:In-Reply-To:MIME-Version:Content-Type: Content-Disposition:Content-Transfer-Encoding:User-Agent; b=tbGhPv SZRWBV3Trh/qv0OkOIWE4BIvH0GXgd0qCJ9vVIKd0PO/QYBteTt12WZT0nANFub83UM zVwtbhjgjABIzVmsAv3YZ6xhxt1M7wiIr0R3NUCaZVAP9S3RE5W7krYCut3dVFBeSy1 fnU8DZxQtILKTaoEUKEfKT1DRNlI6QN5RzE/4Ft7Y7hdVnukM0rUcS/RMY8sA7OUloC mK8vdnSBk/aAdIrpQd92hUSbbT4xo7hczRMDklQt6lrPaXB5V3UKXN8CbKR2MGtqt7F /Gdk/Vf22VQJc+7zXpAqyGoGttjnpAsc53bUlQE2hYcx4yE6PxoPbu75N9BMTUPP5oi g== Received: (from www@localhost) by webmail.leidinger.net (8.14.1/8.13.8/Submit) id lBK7Yfkx080236; Thu, 20 Dec 2007 08:34:41 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Thu, 20 Dec 2007 08:34:41 +0100 Message-ID: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Thu, 20 Dec 2007 08:34:41 +0100 From: Alexander Leidinger To: Andrew Hotlab References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) / FreeBSD-7.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-13.427, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, MIME_QP_LONG_LINE 1.40, RDNS_DYNAMIC 0.10, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: FreeBSD-Jail Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2007 07:51:31 -0000 Quoting Andrew Hotlab (from Wed, 19 Dec =20 2007 14:42:31 +0000): > Coming from a MSFT professional experience, I've been particularly =20 > impressed by the FreeBSD jail system, and I'm using the ezjail =20 > framework to manage some jails on a FreeBSD 6.2-RELEASE host in a =20 > pre-production environment. > To track the security branch both on the host and the jails I'm =20 > using the "update from source" method: I synchronize the source tree =20 > with csup(1), build and install the kernel, build and install the =20 > userland for the host first and then for the jails (using the =20 > ezjail-admin(1) "update -i" switch). You should maybe use "make delete-old DESTDIR=3D/path/to/basejail" (and =20 delete-old-libs after making sure all ports which depend upon the old =20 files (check-old-files lists the old files) are rebuild with the new =20 ones) in the src directory. On a -stable branch there should be not =20 much removed, but if you keep the system over several releases, it's =20 handy. > All that is working fine now, but I wonder if I could speed up the =20 > whole process, by switching to the binary update method. By using =20 > the freebsd-update(8) utility on the host I think to maintain the =20 > system cleaner (this utility only updates the installed =20 > distributions) and to reduce the administrative effort (no =20 > mergemaster(8) required, I'm right?). I don't know how freebsd-update handles the changes in /etc, but it =20 can not do magic (for the update you have to update the basejail, and =20 as such freebsd-update doesn't know about the etc directory of each =20 jail), so something like mergemaster has to be done. I also don't know =20 how it handles old (removed) files, maybe is doesn't touch them, to be =20 on the safe side. Regarding the distributions which you haven't installed: you can =20 exclude parts from building/installation. If you have a 7.x system, =20 you can do "man src.conf" for all the options =20 (http://www.freebsd.org/cgi/man.cgi?query=3Dsrc.conf&apropos=3D0&sektion=3D0= &manpath=3DFreeBSD+7.0-RELEASE&format=3Dhtml). 6.x has similar options, but = IIRC you have to specify them in =20 make.conf. Bye, Alexander. --=20 The egg cream is psychologically the opposite of circumcision -- it *pleasurably* reaffirms your Jewishness. =09=09-- Mel Brooks http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137