Best practice to update jails

Jose Amengual jose.amengual at gmail.com
Mon Aug 24 03:11:55 UTC 2009 

I was thinking in maintaining the same branch 7.x, I know that a mayor  
upgrade could brake to many things, so I will use another procedure  
for that.

But looks like it will be better to update using cvsup like I allways  
did.

Thanks.

On 22-Aug-09, at 9:40 AM, Alexander Leidinger wrote:

> On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual
> <jose.amengual at gmail.com> wrote:
>
>> The server is now 7.0 and was wondering what is the best practice to
>> maintain security patches and kernel updates and I came out with the
>> following idea :
>>
>> 1.- freebsd-update fetch install ( host system)
>> 2.- rebuild kernel ( I have a custom kernel )
>> 3.- ezjail-update -b ( update basejail for all jails )
>> 4.- run in cron portaudit on the jails for thirty party security
>> updates 5.- run portupgrade in case of a security update or for apps
>> upgrade on the jails.
>>
>> I red in some forums that if you run freebsd-update you will need to
>> do a portuprade -fa to reinstall all the thirty party apps because
>> freebsd-update could upgrade or remove  some libraries linked to
>> that programs, is this true ?, will be better to run a cvsup and
>> instead ?
>
> Not if you stay with the same major version of FreeBSD. If you update
> from 7 to 8, this may be possible (I don't know, I don't use
> freebsd-update, as I either run patched systems, or at least compile
> my own kernels), but if you update from 7.x to 7.y, then this would be
> an ABI change, which is very very very very much a no no in a
> stable-branch (only an important security fix would be allowed to do
> something like this, and only if nobody finds another way to do such
> a fix without changing the ABI).
>
> So if you stay on the same major version you can use your procedure,
> but read the release notes before, such a big impact change is
> announced on a stable branch. It may be the case that we had something
> like this once, but I do not remember which major version was  
> affected.
>
> Bye,
> Alexander.
>
>
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail- 
> unsubscribe at freebsd.org"

More information about the freebsd-jail mailing list