From owner-freebsd-questions@FreeBSD.ORG Sun Apr 20 08:16:10 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D052237B401 for ; Sun, 20 Apr 2003 08:16:10 -0700 (PDT) Received: from elhaz.pair.com (elhaz.pair.com [209.68.1.176]) by mx1.FreeBSD.org (Postfix) with SMTP id 4775643FDD for ; Sun, 20 Apr 2003 08:16:10 -0700 (PDT) (envelope-from chaos@elhaz.pair.com) Received: (qmail 34395 invoked by uid 3285); 20 Apr 2003 15:16:09 -0000 Date: Sun, 20 Apr 2003 11:16:09 -0400 From: Chaos Golubitsky To: freebsd-questions@freebsd.org Message-ID: <20030420151609.GB25272@glassonion.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: patching a production system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2003 15:16:11 -0000 Hi all, This is an advice question, so i hope this list is the right place to ask: i am tasked with maintaining a FreeBSD box which is a server for a very small company. (I am a sysadmin, but this is my first real experience with FreeBSD.) I want to be able to keep the box reasonably current on security patches to the os, so it seems to me that i should be tracking freebsd-RELEASE. My question is in two parts: (a) (I think the answer is no, but would love to hear otherwise): Do i have an alternative to maintaining a source tree on this machine? The release engineering notes: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/releng/article.html mention binary patchkits for the release branch, but i don't think these actually exist. Does anyone know? Conversely, how easy is it to do updates using /stand/sysinstall without changing my system configuration more than needed? The buildworld -> installworld -> mergemaster routine seems convenient and stable, but i don't like doing source compiles on a production machine, and we don't have budget for a spare with similar architecture. (b) Specifically, the machine is currently running 4.6-RELEASE, and i thought i would upgrade it to 4.8-RELEASE and track that, since FreeBSD will test its security patches for longer (right?), so i won't have to upgrade again for awhile. The machine was originally installed using /stand/sysinstall, and not by me. I have tested out the sysinstall -> cvs upgrade -> build -> install process on a spare machine of my own, and haven't run into any difficult problems. Can i expect this upgrade to go smoothly? The machine is running a lot of third-party software, which i am not going to touch. Are there any particular red flags i should look for in terms of either (1) going from a sysinstall install to a source install, or (2) going from 4.6-RELEASE to 4.8-RELEASE? Basically, i'm looking for things i can do to make it more likely that the install will just work (tm). Sorry this question is so long --- i've read the manuals i could find, and there's no substitute for advice from people with experience with the os. If there are any other references which specifically talk about this kind of thing, please point me to those, though. Thanks very much in advance! -Chaos