Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Feb 2009 00:41:27 +0200
From:      Manolis Kiagias <>
To:        Akenner <>
Subject:   Re: Patching / Updating / Upgrading
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Akenner wrote:
> Hello all,
> I've been using this list to my advantage for a while to learn things
> I can't seem to grasp, and I've gotten great amounts of help.
> I have a question in regards to the process of patching / Updating /
> Upgrading I'd like a hand with. I have two machines running FreeBSD
> 7.1-RELEASE and I'd like to make sure I've got security fixes on my
> test machine. I'm saying test amchine because the box I'm typing this
> from is an active needed desktop system I'm using for a lot of things
> right now, and I figured my best bet would be to set up another
> machine with a similar installation set so I could test out new ideas
> on that instead of risking breaking something on this one.

Definitely a good idea, if you have machines to spare.

> Anyway, I've been reading up on the CVS idea and asking things about
> freebsd-update, and I guess my question is more along these lines:
> If I wanted to just make sure I've got bug fixes and security patches,
> would CVS or FreeBSD-Update be best for this? Or are they both good
> for this? I know in the Unix world there are generally a lot of things
> that do one thing very well but can generally do other things too.

For getting just the security fixes for your -RELEASE version,
freebsd-update is by far the easiest way to go. Only thing you need to
do is run:

# freebsd-update fetch
# freebsd-update install

These can even be combined into one:

# freebsd-update fetch install

Depending on whether a new kernel was installed, you may or may not have
to reboot.  (it is easy to see on the messages whether a new
/boot/kernel/kernel file was installed). If you are using a custom
kernel, the process is slightly more involved: Every time the updates
touch the kernel, you will have to rebuild your custom kernel. If you
know nothing on custom kernels (yet) you are running GENERIC and you
just need the above procedure.

For details, please refer to:

(esp. sect 24.2.2)

> I'm reading on CVS right now and it seems I could use this to keep the
> machine updated, but I'm having some issues understanding the idea of
> how it works. Basically, if I'm running 7.1-RELEASE, isn't that
> already the updated version? Or, have I maybe misunderstood something,
> and the tree RELEASE for 7.1 has bug fixes and security patches added
> to it, and I could CVSup to the newest release of 7.1 ?

7.1 is the latest RELEASE. Although new feature will not be added into
it, you could use csup/cvsup to get the security fixes. These would be
the same as the ones you can get (without recompiling anything) with
freebsd-update as described above. If you really wish to track a
development version of FreeBSD, you can use CVSup to get 7-STABLE (this
is the continuing development branch, based on the work of 7.1. In the
future, developments from this branch will get us to 7.2-RELEASE). Or,
if you are really adventurous, you could try running -CURRENT  (which
will in time become FreeBSD 8.0-RELEASE). More info is here:

If you just need the security updates for 7.1-RELEASE, freebsd-update is
really the painless way to go. But CVSup can also do it, and it will be
a nice exercise ;)

> Also, FreeBSD-update came across my reading, and it seems to be
> similar to swaret in the Slackware world. I know it isn't the same
> thing as BSD seems much more source based than other OSs, but I would
> like to get at least one of the ways to keep updated picked out, and
> started using on the test machine to make sure I fully understand it
> before using it to update my main box.

Go ahead and  use it on your main system. Freebsd-update is safe (you
can even rollback the updates if need be). As I said, unless you are
running a custom kernel (and you are not probably), this is just two
commands. And there no other settings needed beforehand.

> One of the things I did was make two copies of the example CVS
> standard supfile; one I made in that directory as standard.bak and
> then I copied a copy of it to the /root directory to look at and maybe
> edit as well, but as I said, I could use a hand in deciding which
> option is going to work best.

If you decide to go the CVSup way for the security fixes, you would need
to make sure you have this line:

*default release=cvs tag=RELENG_7_1

(This is already in the standard supfile normally)

To move to 7-STABLE, you would need to change it to:

*default release=cvs tag=RELENG_7

(You will find this in the sample stable-supfile)

Then, follow the instructions in chapter 24. If you are getting confused
with the many different possible tags, this will probably make them clear:

> So if anyone could lend a little but in typing out what they use for
> updates and how they go about it, I'd appreciate it. I've already
> gotten a full CVSup file sent to me by a member on here which was a
> great help in deciding how to set up the file. I'm more or less
> wondering with CVSup if I keep using RELEASE or do I use Stable.

If you are just beginning with FreeBSD, I suggest you run RELEASE for a
while, at least for your main system. But since you got a test machine
go ahead and try everything :)
The experience will be useful when the time comes to apply it to your
main system.

> And of course if anyone uses freebsd-update if they have suggestions
> I'd love to hear those as well :)

Well, I'd say use it for the security updates. Read the Handbook section
to see its other uses, but if you are staying with release,
freebsd-update is a quick and safe way to update.

Want to link to this message? Use this URL: <>