best way to update ports

Mel fbsd.questions at rachie.is-a-geek.net
Thu Oct 11 02:54:40 PDT 2007


On Thursday 11 October 2007 07:33:43 Bill Stwalley wrote:

> I need your advice on how to update security patches for ports on a dozen
> servers with minimal efforts.
>
> As I gathered, I should run portaudit in cron jobs and then manually update
> the ports with vulnerabilities after reading UPDATING.  Is this the best
> way?  Is this manual way feasible for managing a dozen servers?
>
> I used to run portupgrade in cron jobs, but that created too much
> nightmare.  For example, imap-uw broke for a few days recently.

Use a tinderbox buildbox, specifically read the part on `Customizing the 
Environment' and `configuring port OPTIONS' at 
http://tinderbox.marcuscom.com/README.html

The only problem left then is that you still need to manually deploy the 
binary packages to the servers in case of UPDATING woes. However with a bit 
of scripting, you can batch this on a case-by-case base. The good part is 
that you have all things on one machine, know when builds are broken before 
they get deployed and can test packages to see if they break your 
applications in a test environment.

As a side note: portaudit has a periodic script that installs 
in /usr/local/etc/periodic/security - you can enable it in /etc/periodic.conf 
so it's part of the daily security report (I think it's even on by default).
-- 
Mel


More information about the freebsd-questions mailing list