Re: Best practice to update jails

Sun, 23 Aug 2009 20:17:46 -0700

I was thinking in maintaining the same branch 7.x, I know that a mayor upgrade could brake to many things, so I will use another procedure for that.
But looks like it will be better to update using cvsup like I allways did. 

Thanks.

On 22-Aug-09, at 9:40 AM, Alexander Leidinger wrote:


On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual
<jose.ameng...@gmail.com> wrote:


The server is now 7.0 and was wondering what is the best practice to
maintain security patches and kernel updates and I came out with the
following idea :

1.- freebsd-update fetch install ( host system)
2.- rebuild kernel ( I have a custom kernel )
3.- ezjail-update -b ( update basejail for all jails )
4.- run in cron portaudit on the jails for thirty party security
updates 5.- run portupgrade in case of a security update or for apps
upgrade on the jails.

I red in some forums that if you run freebsd-update you will need to
do a portuprade -fa to reinstall all the thirty party apps because
freebsd-update could upgrade or remove  some libraries linked to
that programs, is this true ?, will be better to run a cvsup and
instead ?


Not if you stay with the same major version of FreeBSD. If you update
from 7 to 8, this may be possible (I don't know, I don't use
freebsd-update, as I either run patched systems, or at least compile
my own kernels), but if you update from 7.x to 7.y, then this would be
an ABI change, which is very very very very much a no no in a
stable-branch (only an important security fix would be allowed to do
something like this, and only if nobody finds another way to do such
a fix without changing the ABI).

So if you stay on the same major version you can use your procedure,
but read the release notes before, such a big impact change is
announced on a stable branch. It may be the case that we had something

like this once, but I do not remember which major version was  
affected.


Bye,
Alexander.


_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail

To unsubscribe, send any mail to "freebsd-jail- 
unsubscr...@freebsd.org"


_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"






















					Reply via email to