From owner-freebsd-questions@FreeBSD.ORG Wed May 22 20:23:40 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 9B0FF6DC for ; Wed, 22 May 2013 20:23:40 +0000 (UTC) (envelope-from edflecko@gmail.com) Received: from mail-qc0-x22a.google.com (mail-qc0-x22a.google.com [IPv6:2607:f8b0:400d:c01::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 6179FC1A for ; Wed, 22 May 2013 20:23:40 +0000 (UTC) Received: by mail-qc0-f170.google.com with SMTP id s11so1346937qcw.15 for ; Wed, 22 May 2013 13:23:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=I5D+Z/dLV6UL2NbkgibcT/iLbU5FwbS09JDt8eST+Ko=; b=VGqnEeA+BACSVuXhqDyXOQZoJ/ZqSahRmg4AEpDdOGaygO61bVSi6c2yVbH8LcKuNB SdpIELZQeALg6PnbkQ3Ei89gxQmGqgdVtK8TTXdki+GzxY0xeZ4qGmfMQmo7YYp3yzDL x1SPZpSx3YhL3bkMgqNqIqKgsE5EFOdU1skvMCBVQzuBrHwhq5focOVggMw7obEQeJJs 8NGMBuDpBtuReQH93uITLPjJ4oaG4W8lnTDmIpmfFa9P2t2fD+JB+wrDx9rfuy1lYuGM moiWBEYLU3yxhIFxt3Nj0gANe/zIgc8PYsmjHTMqyklpFnG+PYc9nAaJ+In+nVUsp+cU QZCg== MIME-Version: 1.0 X-Received: by 10.49.116.206 with SMTP id jy14mr9717480qeb.32.1369254219911; Wed, 22 May 2013 13:23:39 -0700 (PDT) Received: by 10.49.35.139 with HTTP; Wed, 22 May 2013 13:23:39 -0700 (PDT) In-Reply-To: References: Date: Wed, 22 May 2013 13:23:39 -0700 Message-ID: Subject: Re: Keeping my system up to date with CTM or subversion? From: Ed Flecko To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 May 2013 20:23:40 -0000 Alexandre, Yes, that helps - thank you. So once you have a system up and running, how do you monitor if and when you need to upgrade your ports tree? By the way, your ports tree is different than installed software packages, right? In other words, the only reason people even bother to upgrade their ports tree is so that IF you install a package from source - the source is current? Is that correct? When security vulnerabilities are discovered and patches released by FBSD, the patch will tell you what steps you need to take to apply the patch and stay up to date, won't it? Ed On Wed, May 22, 2013 at 1:00 PM, Alexandre wrote: > On Wed, May 22, 2013 at 8:26 PM, Ed Flecko wrote: > >> I'm confused about an effective way to keep my system patched and >> up-to-date, and I'm hoping someone can clarify what seems like a lot of >> options. >> >> I'll be running a production server (so security and stability are most >> important) with a custom kernel and I want it to have all of the latest >> security patches applied. I'll install from DVD and I'll chose the optio= n >> to install both the ports and the source. >> >> After this, it sure seems like the best way, in terms of speed to downlo= ad >> any updated files, is to use CTM as a cron job, but I think the FBSD >> handbook recommends subversion? Also, I think I read that CTM won't upda= te >> documentation? Is that right? >> >> I also see some people say they use portsnap, portaudit and portupgrade. >> For example, I came across this command: >> >> portsnap fetch && /usr/sbin/portsnap update && /usr/local/sbin/portaudit >> -F >> && /usr/local/sbin/portupgrade =96aR >> >> however these utilities are used more for keeping your ports collection >> up-to-date (if you install software from ports), and not so much for >> keeping your system patched from a security perspective - isn't that >> right? >> >> Hopefully, someone can clarify my confusion. >> >> Thank you! >> >> Ed >> > > Hi Ed, > > To update my ports tree, I use "portsnap" tool. To install ports (or > upgrade them) I use "portmaster". More information here: > http://www.freebsd.org/doc/en/books/handbook/ports-using.html > To update my sources tree, I use "subversion" tool. Then I rebuild world. > More information here: > http://www.freebsd.org/doc/en/books/handbook/svn.html & > http://www.freebsd.org/doc/en/books/handbook/makeworld.html > I use subversion to update my sources tree because I am running 9-STABLE. > If you are running 9.x-RELEASE (or 8.x-RELEASE) you can use > "freebsd-update" to sync sources and install binary patchs. As you are > using custom kernel, you will have to recompile it. More information here= : > http://www.freebsd.org/doc/en/books/handbook/updating-upgrading-freebsdup= date.html > > I hope this help you. > > Kind regards, > Alexandre > > >