Date: Thu, 20 Dec 2007 08:34:41 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Andrew Hotlab <andrew.hotlab@hotmail.com> Cc: FreeBSD-Jail <freebsd-jail@freebsd.org> Subject: Re: How to better update a jail host system Message-ID: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> In-Reply-To: <BAY102-W41E0DDC536BD8491761400F65C0@phx.gbl> References: <BAY102-W41E0DDC536BD8491761400F65C0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Andrew Hotlab <andrew.hotlab@hotmail.com> (from Wed, 19 Dec =20 2007 14:42:31 +0000): > Coming from a MSFT professional experience, I've been particularly =20 > impressed by the FreeBSD jail system, and I'm using the ezjail =20 > framework to manage some jails on a FreeBSD 6.2-RELEASE host in a =20 > pre-production environment. > To track the security branch both on the host and the jails I'm =20 > using the "update from source" method: I synchronize the source tree =20 > with csup(1), build and install the kernel, build and install the =20 > userland for the host first and then for the jails (using the =20 > ezjail-admin(1) "update -i" switch). You should maybe use "make delete-old DESTDIR=3D/path/to/basejail" (and =20 delete-old-libs after making sure all ports which depend upon the old =20 files (check-old-files lists the old files) are rebuild with the new =20 ones) in the src directory. On a -stable branch there should be not =20 much removed, but if you keep the system over several releases, it's =20 handy. > All that is working fine now, but I wonder if I could speed up the =20 > whole process, by switching to the binary update method. By using =20 > the freebsd-update(8) utility on the host I think to maintain the =20 > system cleaner (this utility only updates the installed =20 > distributions) and to reduce the administrative effort (no =20 > mergemaster(8) required, I'm right?). I don't know how freebsd-update handles the changes in /etc, but it =20 can not do magic (for the update you have to update the basejail, and =20 as such freebsd-update doesn't know about the etc directory of each =20 jail), so something like mergemaster has to be done. I also don't know =20 how it handles old (removed) files, maybe is doesn't touch them, to be =20 on the safe side. Regarding the distributions which you haven't installed: you can =20 exclude parts from building/installation. If you have a 7.x system, =20 you can do "man src.conf" for all the options =20 (http://www.freebsd.org/cgi/man.cgi?query=3Dsrc.conf&apropos=3D0&sektion=3D0= &manpath=3DFreeBSD+7.0-RELEASE&format=3Dhtml). 6.x has similar options, but = IIRC you have to specify them in =20 make.conf. Bye, Alexander. --=20 The egg cream is psychologically the opposite of circumcision -- it *pleasurably* reaffirms your Jewishness. =09=09-- Mel Brooks http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071220083441.uo6hmypq84ssoowc>