best way to update ports
Mel
fbsd.questions at rachie.is-a-geek.net
Thu Oct 11 02:54:40 PDT 2007
On Thursday 11 October 2007 07:33:43 Bill Stwalley wrote:
> I need your advice on how to update security patches for ports on a dozen
> servers with minimal efforts.
>
> As I gathered, I should run portaudit in cron jobs and then manually update
> the ports with vulnerabilities after reading UPDATING. Is this the best
> way? Is this manual way feasible for managing a dozen servers?
>
> I used to run portupgrade in cron jobs, but that created too much
> nightmare. For example, imap-uw broke for a few days recently.
Use a tinderbox buildbox, specifically read the part on `Customizing the
Environment' and `configuring port OPTIONS' at
http://tinderbox.marcuscom.com/README.html
The only problem left then is that you still need to manually deploy the
binary packages to the servers in case of UPDATING woes. However with a bit
of scripting, you can batch this on a case-by-case base. The good part is
that you have all things on one machine, know when builds are broken before
they get deployed and can test packages to see if they break your
applications in a test environment.
As a side note: portaudit has a periodic script that installs
in /usr/local/etc/periodic/security - you can enable it in /etc/periodic.conf
so it's part of the daily security report (I think it's even on by default).
--
Mel
More information about the freebsd-questions
mailing list