Re: Updating disconnected systems

From: Edward Sanford Sutton, III <mirror176_at_hotmail.com>
Date: Fri, 27 Sep 2024 20:40:13 UTC
On 9/27/24 12:18, Pat wrote:
> Hello,
> 
> A few years back I set up an offline certificate authority for our organization's email and VPN client connectivity. That box is currently running Devuan Daedalus, but I am growing tired of all of the microsoft creep into Linux. On top of grub, network manager, windowsd, and other junk, it seems all of the distributions are now requiring one to adhere to someone's idea of mount points (AKA usrmerge) so I am not looking forward to the next version requirement with even less freedom of choice.
> 
> I run several FreeBSD servers with no issue (and a huge thank you to all of the wonderful volunteers that make FreeBSD such a joy to work with!). I would like to migrate the CA box to FreeBSD, however the CA is fully isolated. I am not as well versed in FreeBSD updates as I am with APT, and am looking for information on how to keep a completely offline FreeBSD box up to date.

   For newer research which I presume will be the future way things 
migrate to you want to look into pkgbase but I don't know what growing 
pains still exist before its considered ready/easy for production use. 
Source builds also work and I presume will continue to work in their 
current state unless it someday migrates to the install step 
registering/removing pkgbase-type entries for the system like how 
installing from the ports tree registers the installation as a pkg.

   As for some options:
   Installing fresh - could use boot environments to extract a new 
installer's data to another partition/dataset and migrate configurations 
to work with that new data. Could also just extract and use in place but 
likely want to perform a step to boot separate and move or delete the 
old stuff properly.
   freebsd-update data could be brought in by means other than the 
internet. It normally uses the internet to download but that is not a 
requirement. Configuration modifications are compared for migration from 
the old to the new version.
   pkgbase is the upcoming way of maintaining the base system. My 
understanding is its goal will be to work as a replacement for the two 
above and updates are done similar to using `pkg upgrade`. I don't have 
experience with it yet to know how configurations are migrated in. My 
understanding is differences get saved into separate files for 
review/migration later by the user.
   Upgrading from source normally is a bigger build process to go 
through; this is my main experience personally. Instead of bringing the 
source into the machine and building it there, the build results could 
be brought in to use its final steps to install the new, remove the old 
programs/headers, and later remove old libraries once nothing else still 
needs those libraries (in case of delayed transition time while programs 
are rebuilt against the newer libraries). Configurations are migrated 
with etcupdate which does a 3 way merge comparing the old install, user 
changes to it, and the new install; this allows automatically migrating 
things the user has not altered and reapplying the user's changes to the 
newer configuration but user intervention is sometimes needed to decide 
what is used when there are conflicts between user edits vs upgrade edits.
   You can also use the source built output to create your own install 
media. I haven't looked into how much is different in doing that or 
making pkgbase packages but would be surprised if it was not 
straightforward.

> I figure can use Poudriere for packages, but that doesn't work for the core system as far as I can tell?

   I could be mistaken but I thought poudriere can be used both for 
pkgbase (the new system I have very little knowledge about) and for 
source builds in its own clean environment. Once something is built, in 
poudriere or not, that work's output could be used outside poudriere.

> Appreciate any pointers or documentation that can get me going.

   For reference, vermaden has an article talking of building a custom 
maintained pkgbase repo (after failing to build a custom freebsd-update 
repo): 
https://vermaden.wordpress.com/2023/12/09/personal-freebsd-pkgbase-update-server/ 
. This should help give an idea of different steps + options you could 
change to what workflow you have.
   For pkgbase, https://wiki.freebsd.org/PkgBase is the main document I 
run into and seems a bit dated. You can find user posts/discussions on 
the forum and on reddit. I'm not sure about other official sources of 
information as I haven't seen it in the handbook or manpages yet. I 
mainly use and look around FreeBSD 14 stable at the moment.
   I haven't looked into how much other sources for forks are relevant 
but https://trueos.github.io/pkgbase-docs/ and some GhostBSD content 
seems to bring it up if I recall.

> Regards,
> Pat