Re: Updating disconnected systems

On Friday, September 27th, 2024 at 15:40, Edward Sanford Sutton, III <mirror176@hotmail.com> wrote:

> 
> 
> On 9/27/24 12:18, Pat wrote:
> 
> > Hello,
> > 
> > A few years back I set up an offline certificate authority for our organization's email and VPN client connectivity. That box is currently running Devuan Daedalus, but I am growing tired of all of the microsoft creep into Linux. On top of grub, network manager, windowsd, and other junk, it seems all of the distributions are now requiring one to adhere to someone's idea of mount points (AKA usrmerge) so I am not looking forward to the next version requirement with even less freedom of choice.
> > 
> > I run several FreeBSD servers with no issue (and a huge thank you to all of the wonderful volunteers that make FreeBSD such a joy to work with!). I would like to migrate the CA box to FreeBSD, however the CA is fully isolated. I am not as well versed in FreeBSD updates as I am with APT, and am looking for information on how to keep a completely offline FreeBSD box up to date.
> 
> 
> For newer research which I presume will be the future way things
> migrate to you want to look into pkgbase but I don't know what growing
> pains still exist before its considered ready/easy for production use.
> Source builds also work and I presume will continue to work in their
> current state unless it someday migrates to the install step
> registering/removing pkgbase-type entries for the system like how
> installing from the ports tree registers the installation as a pkg.
> 
> As for some options:
> Installing fresh - could use boot environments to extract a new
> installer's data to another partition/dataset and migrate configurations
> to work with that new data. Could also just extract and use in place but
> likely want to perform a step to boot separate and move or delete the
> old stuff properly.
> freebsd-update data could be brought in by means other than the
> internet. It normally uses the internet to download but that is not a
> requirement. Configuration modifications are compared for migration from
> the old to the new version.
> pkgbase is the upcoming way of maintaining the base system. My
> understanding is its goal will be to work as a replacement for the two
> above and updates are done similar to using `pkg upgrade`. I don't have
> experience with it yet to know how configurations are migrated in. My
> understanding is differences get saved into separate files for
> review/migration later by the user.
> Upgrading from source normally is a bigger build process to go
> through; this is my main experience personally. Instead of bringing the
> source into the machine and building it there, the build results could
> be brought in to use its final steps to install the new, remove the old
> programs/headers, and later remove old libraries once nothing else still
> needs those libraries (in case of delayed transition time while programs
> are rebuilt against the newer libraries). Configurations are migrated
> with etcupdate which does a 3 way merge comparing the old install, user
> changes to it, and the new install; this allows automatically migrating
> things the user has not altered and reapplying the user's changes to the
> newer configuration but user intervention is sometimes needed to decide
> what is used when there are conflicts between user edits vs upgrade edits.
> You can also use the source built output to create your own install
> media. I haven't looked into how much is different in doing that or
> making pkgbase packages but would be surprised if it was not
> straightforward.
> 
> > I figure can use Poudriere for packages, but that doesn't work for the core system as far as I can tell?
> 
> 
> I could be mistaken but I thought poudriere can be used both for
> pkgbase (the new system I have very little knowledge about) and for
> source builds in its own clean environment. Once something is built, in
> poudriere or not, that work's output could be used outside poudriere.
> 
> > Appreciate any pointers or documentation that can get me going.
> 
> 
> For reference, vermaden has an article talking of building a custom
> maintained pkgbase repo (after failing to build a custom freebsd-update
> repo):
> https://vermaden.wordpress.com/2023/12/09/personal-freebsd-pkgbase-update-server/
> . This should help give an idea of different steps + options you could
> change to what workflow you have.
> For pkgbase, https://wiki.freebsd.org/PkgBase is the main document I
> run into and seems a bit dated. You can find user posts/discussions on
> the forum and on reddit. I'm not sure about other official sources of
> information as I haven't seen it in the handbook or manpages yet. I
> mainly use and look around FreeBSD 14 stable at the moment.
> I haven't looked into how much other sources for forks are relevant
> but https://trueos.github.io/pkgbase-docs/ and some GhostBSD content
> seems to bring it up if I recall.
> 
> > Regards,
> > Pat
> 
Thank you Edward for taking the time to reply. I vaguely remember
reading about pkgbase a while back, but had forgotten all about that.
I think between your response and that of Souji a few moments ago I can
make something work.

Regards,
Pat

And apologies to all, I just realized this Proton Mail interface doesn't
wrap lines like I'm used too, and as seems to be the convention here.