Ofline
42751 days on xHamster
94897M profile views
74378K subscribers
20707 comments left

Bsd updating all ports

This, I realize, is a fairly excessive un-BSD way to do things. Do you run a portaudit/portversion -- check output then update (make deinstall ...etc) after careful consideration? I see myself cvsupping the ports tree, running the "out of date" script, then just upgrading critical ports --- but leaving the kernel/binaries alone and just upgrading every six months.Do you patch/recompile/rebuild kernel, binaries --- why?Obviously build and test your install procedure on separate hardware (or VM) before doing it on your production machines.Fortunately for us, we have redundant hosts for many things and can therefore roll out with minimal downtime of services.You can track changes from the cvs logs and check if you've gotten specific updates in (and these days there's less of a reason to) you'll just need to find some other way to track what updates you want. Build STABLE releases from the above When security updates are published, we evaluate the actual security issue with the profile of machines with that version of the OS/vulnerability.You could mail a list of changes that freebsd-update wants to make to yourself and keep an eye on the security errata page. Follow the relevant mailing lists - I watch the daily digests, as well as the general direction shown on the Tech and Misc mailing lists. Follow Unix related security announcement websites/mailing lists. If the vulnerability is relevant that we go through the "same version upgrade procedure." It's more difficult to keep track of security updates for ports/packages, but if it's critical enough to be on our infrastructure then it's important enough to keep track off in a similar manner to BASE.Open BSD ~ Will follow the mailing list and use the package tools ( pkg_info and pkg_add -u ) where deemed critical.

Recommend a book if you know of one that covers it! Bubnoff Conclusions ~ Thanks to everyone who took the time to answer this post.What's a conservative approach for critical services ( reasonably critical -- this ain't no bank or hospital ) on BSD boxes?Are you using a similar approach on your Linux boxes?This is for use by automated scripts and orchestration tools.Please do not run freebsd-update fetch from crontab or similar using this flag, see: freebsd-update cron way to do this is to use a configuration management tool like Puppet or radmind to deploy your changes.

For our firewalls, all the data is in the configuration and log files.

Please or register to post comments
If spammers comment on your content, only you can see and manage such comments Delete all
Dec 4, 2010. Make sure you check your installed ports for vulnerable packages every so often portaudit -Fda. 
22-Dec-2018 06:46
Reply
Jul 31, 2017. How-to guide to upgrade to FreeBSD 11.1 from previous releases. Most FreeBSD installs with a stable release e.g. not a beta or snapshot can be upgraded directly. Before you upgrade, be sure to check the. If you haven't installed any software from the ports collection, you're all done! If you need to. 
22-Dec-2018 06:51
Reply
Feb 26, 2014. Live demo in BSD Now Episode 026 Originally written by TJ for Last updated 2014/03/02. NOTE the author/maintainer of. The ports collection provides a way to customize every package you install, from the CFLAGS to the options you want enabled or disabled. Let's get started by getting a. 
22-Dec-2018 06:57
Reply
Aug 8, 2014. A short guide on how to keep your FreeBSD and its jails up-to-date. If you don't do it already, you should definitely run all / critical server operations in screen or preferrably tmux. This way you can. I use portmaster to update the ports. and I keep a tmux pane with /usr/ports/UPDATING open all the time. 
22-Dec-2018 07:02
Reply
By default, packages are downloaded from the main FreeBSD Package Repository pkg.freebsd.org. FreeBSD maintains a build farm called the pointyhat cluster in which all packages for all supported architectures and major releases are built. The build logs and known errors for all ports built into packages through the. 
22-Dec-2018 07:06
Reply
Portsnap is a system for securely downloading and updating a compressed snapshot of the FreeBSD ports tree, and using this compressed snapshot to extract. and is very efficient for updating a tree which has been significantly changed eg, by a month or more of commits, it transmits a list of all the files in the tree, which. 
22-Dec-2018 07:09
Reply
Dec 11, 2001. There are many articles on ports in this Diary. Only a few deal specifically with upgrading your ports. This article beats them all! Imagine, if you will, a command which allows you to upgrade all of your ports. Stop thinking about make install distclean. No, I mean one command to upgrade each and every port. 
22-Dec-2018 07:13
Reply

Bsd updating all ports introduction

Bsd updating all ports