Date: Sat, 12 Jul 2008 20:38:54 -0700 From: Doug Hardie <bc979@lafn.org> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: freebsd-stable <freebsd-stable@FreeBSD.org> Subject: Re: System update Message-ID: <EA4C6F10-8B65-4B73-AA1B-DCC9F0368E6E@lafn.org> In-Reply-To: <20080712223355.GA43857@eos.sc1.parodius.com> References: <61CB96EF-CBEC-4F91-9566-EC90E0A33A17@lafn.org> <20080712223355.GA43857@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 12, 2008, at 15:33, Jeremy Chadwick wrote: > On Sat, Jul 12, 2008 at 02:37:21PM -0700, Doug Hardie wrote: >> I installed 7.0 release when it first came out. However, because >> of the >> TCP problems with users on cable modems I had to switch to Stable >> to get >> the fix. I haven't updated the source since then and now there are >> some >> updates on the verge of being released that need to be included. >> However, I can't tell if the fixes for the networking issue have been >> included in the security releases or not. Since these are production >> servers I don't want to just grab some random version of stable >> unless >> thats the only way to get all the required fixes. How do I find out >> which version I should upgrade to? If I can go back to a security >> release I suspect I will need to delete all of /usr/src, /usr/obj, >> and >> then reinstall the original source from the 7.0 release cd and then >> upgrade vi csup. > > You're covering a multitude of topics in the above. It's hard to make > out exactly what it is you're trying to say. > > First off, I'd like more information on this "TCP problems with > users on > cable modems" issue. I believe you may be referring to TCP > extensions, > a.k.a. RFC1323 extensions, but I'm not sure. If so, you can disable > that feature in real-time via a sysctl. Can you shed some light on > what > the issue you're referring to is? From Bjoern A. Zeeb: You want to update to 7-STABLE which has the TCP fixes or you want to apply the following changes: 1.141.2.4 +10 -2 src/sys/netinet/tcp_output.c 1.157.2.2 +5 -2 src/sys/netinet/tcp_var.h In case you are not using MD5 that should be enough. Else see freebsd-net from the last 3 days for another patch. There is no sysctl for that. As I recall it had to do with the order that options appeared in a IP SYN packet. There was a bunch of discussion on that in this forum around 3 Apr. > > > Secondly, 7.0-RELEASE is simply named that way to announce "this OS is > now out and available". Think of it as "FreeBSD 7.0 released to the > world for the first time". Most of the 7.0 changes that are made > *after* 7.0-RELEASE are committed to a CVS branch called RELENG_7. > Shortly after (usually a few days) 7.0-RELEASE is made available to > the > public, the suffix changes from RELEASE to STABLE. There is no real > "difference" between the two, other than STABLE being an even more > up-to-date version of RELEASE, and is regularly updated/maintained. Unfortunately Stable is not always "stable". It is to some extent still being tested. There used to be a tag to which security and stability patches were applied but no major system changes. My recollection is it was RELENG_7.0 but I am not sure about that anymore. > > > Thirdly, I don't know what you mean by "security releases", and what > security issue you're referring to. Any time there is a security > hole, > mail is sent to a couple FreeBSD lists, articulating what the hole is, > and what CVS branches the fix has been committed to. In the case of > 7.0, it's going to be committed to RELENG_7, and possibly to > RELENG_7_0 > and other branches. The "main branch" people focus on is RELENG_7, > aside from CURRENT which is called HEAD (or "." in cvs/supfiles). Well, there are the security patches for bind 9 that come immediately to mind. I seem to recall reading about others but didn't really keep track of them. > > > Fourthly, what is not made very clear to FreeBSD users is that if they > install src and ports off the CD, that they are missing necessary > files > in /var/db/sup (or /usr/sup if they choose to use cvsup (not needed > since csup exists in the base system)). To create the proper > information so the version information matches, you have to do what's > called ""adopting"" your existing src-all and ports-all tree: > > http://www.cvsup.org/faq.html#adopt > > This is one reason why I do not advocate installing src and ports off > the installation media. Instead, I just leave src and ports unchecked > and install everything else as normal -- then once the OS is > installed, > use csup to populate /usr/src and /usr/ports, which will also populate > /var/db/sup. I've never had any versioning mismatches or "wild stuff" > happen since doing that. Thats really neat if you have bandwidth to spare. These are heavily used production systems and we don't obtain any extra bandwidth to just sit around idle. Downloading all the source would be a killer for our users. Updates are bad enough. > > > In your case, the simple solution is (assuming you use csup): > > rm -fr /usr/src /usr/ports /var/db/sup > csup -h <cvsup_server> -L2 /usr/share/examples/cvsup/stable-supfile > csup -h <cvsup_server> -L2 /usr/share/examples/cvsup/ports-supfile > > /usr/share/examples/cvsup/stable-supfile uses the CVS tag RELENG_7, > and ports-supfile uses the CVS tag . (which means HEAD); there is no > RELENG_xxx for ports. > > And do not forget to rm -fr /usr/obj before doing a buildworld and > buildkernel, too. > > Fifthly, and possibly the ultimate question: what CVS branch are > you following in your supfiles? Are you following RELENG_7, > RELENG_7_0, or what? Yes, it matters. IMHO, you should really > be following RELENG_7. I am not updating because I cannot afford to lose users who are on cable. I have stable as of the date of the message above (around 3 Apr). > > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EA4C6F10-8B65-4B73-AA1B-DCC9F0368E6E>