Re: Updating disconnected systems
- Reply: Pat : "Re: Updating disconnected systems"
- In reply to: Pat : "Updating disconnected systems"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 27 Sep 2024 20:40:13 UTC
On 9/27/24 12:18, Pat wrote: > Hello, > > A few years back I set up an offline certificate authority for our organization's email and VPN client connectivity. That box is currently running Devuan Daedalus, but I am growing tired of all of the microsoft creep into Linux. On top of grub, network manager, windowsd, and other junk, it seems all of the distributions are now requiring one to adhere to someone's idea of mount points (AKA usrmerge) so I am not looking forward to the next version requirement with even less freedom of choice. > > I run several FreeBSD servers with no issue (and a huge thank you to all of the wonderful volunteers that make FreeBSD such a joy to work with!). I would like to migrate the CA box to FreeBSD, however the CA is fully isolated. I am not as well versed in FreeBSD updates as I am with APT, and am looking for information on how to keep a completely offline FreeBSD box up to date. For newer research which I presume will be the future way things migrate to you want to look into pkgbase but I don't know what growing pains still exist before its considered ready/easy for production use. Source builds also work and I presume will continue to work in their current state unless it someday migrates to the install step registering/removing pkgbase-type entries for the system like how installing from the ports tree registers the installation as a pkg. As for some options: Installing fresh - could use boot environments to extract a new installer's data to another partition/dataset and migrate configurations to work with that new data. Could also just extract and use in place but likely want to perform a step to boot separate and move or delete the old stuff properly. freebsd-update data could be brought in by means other than the internet. It normally uses the internet to download but that is not a requirement. Configuration modifications are compared for migration from the old to the new version. pkgbase is the upcoming way of maintaining the base system. My understanding is its goal will be to work as a replacement for the two above and updates are done similar to using `pkg upgrade`. I don't have experience with it yet to know how configurations are migrated in. My understanding is differences get saved into separate files for review/migration later by the user. Upgrading from source normally is a bigger build process to go through; this is my main experience personally. Instead of bringing the source into the machine and building it there, the build results could be brought in to use its final steps to install the new, remove the old programs/headers, and later remove old libraries once nothing else still needs those libraries (in case of delayed transition time while programs are rebuilt against the newer libraries). Configurations are migrated with etcupdate which does a 3 way merge comparing the old install, user changes to it, and the new install; this allows automatically migrating things the user has not altered and reapplying the user's changes to the newer configuration but user intervention is sometimes needed to decide what is used when there are conflicts between user edits vs upgrade edits. You can also use the source built output to create your own install media. I haven't looked into how much is different in doing that or making pkgbase packages but would be surprised if it was not straightforward. > I figure can use Poudriere for packages, but that doesn't work for the core system as far as I can tell? I could be mistaken but I thought poudriere can be used both for pkgbase (the new system I have very little knowledge about) and for source builds in its own clean environment. Once something is built, in poudriere or not, that work's output could be used outside poudriere. > Appreciate any pointers or documentation that can get me going. For reference, vermaden has an article talking of building a custom maintained pkgbase repo (after failing to build a custom freebsd-update repo): https://vermaden.wordpress.com/2023/12/09/personal-freebsd-pkgbase-update-server/ . This should help give an idea of different steps + options you could change to what workflow you have. For pkgbase, https://wiki.freebsd.org/PkgBase is the main document I run into and seems a bit dated. You can find user posts/discussions on the forum and on reddit. I'm not sure about other official sources of information as I haven't seen it in the handbook or manpages yet. I mainly use and look around FreeBSD 14 stable at the moment. I haven't looked into how much other sources for forks are relevant but https://trueos.github.io/pkgbase-docs/ and some GhostBSD content seems to bring it up if I recall. > Regards, > Pat