This article presents a multiple ways to keep the FreeBSD operating system up-to-date. It takes a FreeBSD 5.2.1 RELEASE system through a subset of security advisories to explain the different sorts of patches an administrator might apply.
Keeping FreeBSD Up-to-Date: A Security Odyssey
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
What is wrong with CVSup + the world targets?
Well, if make -j4 buildworld takes ~3 hours on a Celereon@450, you’ll learn to appreciate freebsd-update
Just imagine how much buildworld takes on a PII-250. I recall it took about 2 days to build the 5.3_RELEASE. Oh well. But that was with -O2, maybe it increaced the compile time significantly.
The dirty part is portupgrade and how long it takes to make new packages. I wish there was a lazy way for it
http://taosecurity.blogspot.com/2004/11/upgrading-freebsd-packages-…
The lazy way
Actually, building world with -O2 isn’t recommended, and yes, quite a bit slower. There’s a slightly increased risk of the build failing as well (and that’s especially frustrating on a slower computer).
I don’t know whether it was -O2 that was responsible for that, or whether it was the ULE scheduler that I turned on, despite it being marked as ‘broken’, but compared to my ‘normal’ 5.2 system installed from CD, this compiled 5.3 is just lightning fast! And it’s not your usual ‘lightning fast’, it’s actually just CRAZY fast. The boot time has dropped by 20 seconds! The overall speed improvent is about 20%, although I didn’t measure that, just judging by how KDE started to load and work. So it’s worth it. Just for the record, I’ve tried first compiling with -O3, but this has turned -finline-optimizations and this effectively screwed with the build of aic drivers and failed altogether somewhere later on… But -O2 is the highest officially supported optimization level, or so the updating manual for 5.3 says…
On a side note, I wonder if running mergemaster when upgrading from 5.2 to 5.3 is really necessary. It gives me the creeps and consumes so much time, and most of the changes are really obscure to me… I wonder if it would just suffice to add a ‘proxy’ user (because that is needed to make installworld) and be done with it. Has anyone tried it?
The author says “FreeBSD Update might seem too simple for your tastes.” aftering give these instructions…
pkg_add -vr freebsd-update
mkdir -p /usr/local/freebsd-update
cp /usr/local/etc/freebsd-update.conf.sample
/usr/local/etc/freebsd-update.conf
freebsd-update fetch
/usr/local/sbin/freebsd-update install
freebsd-update install
freebsd-update fetch
And that’s for binary updates where you don’t have to spend time compiling packages. I’m sorry but apt-get, yum, and windows update never looked better. I realize there are tradeoffs, benefits, pluses &minuses etc when comparing the various *nixs, but if people are still do that much work to update their system in 2004 something is really wrong. I know its a choice and I’m not saying people shouldn’t use what they like but things like this definitely keep the BSD’s well off most geek’s radar.
Actually, it’s not any more difficult than using windows update or Mac OS X software update:
Installing freebsd-update (you only have to do these steps once):
1. pkg_add -r freebsd-update
2. cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf
Using freebsd-update:
1. freebsd-update fetch
2. freebsd-update install
3. reboot (if the kernel has been updated), or restart updated daemons
4. run freebsd-update fetch again, because like with windows update, some updates can depend on having other updates already installed
There ya go, even a kid can manage that
@M
Well I could always make a little script to do all that automatically once a week, making it easier than Windows :p
Yes, I forgot to mention one thing, just add the line
0 3 * * * root /usr/local/sbin/freebsd-update cron
to /etc/crontab, and the available updates will be automagically downloaded each night, and a mail will be sent to root (or the alias you should have set up in /etc/mail/aliases) when updates are available for installation, so you only have to run freebsd-update install in the morning…
Thanks, that looks nice
I knew about -PP but never had success with it as it was always compiling. This setenv should help
Please tell me how to turn ULE on
I know, I know, it is ‘dangerous’, but it is only for a desktop machine, and I’m willing to take the ‘risk’ (read: won’t go whining if something breaks). ULE worked perfectly on this desktop machine (without PREEMPTION of course), and the speed someone noticed (CRAZY fast – but it wasn’t necessarily the speed, it was the responsivity that was amazing for me, especially on the desktop, even during heavy loads) was under ULE.
On the other hand, lately (I’m tracking STABLE) responsivity during heavy load seems to have became better with SCHED_4BSD as well. Anyway, I want ULE (seamless divx playback and general desktop experience with KDE even during compiling c++ progs) back
))
remove the warning, /usr/src/sys/kern/sched_ule.c: line 60
M wrote:
> The author says “FreeBSD Update might seem too simple for
> your tastes.” aftering give these instructions…
I am the author of this article. You make FreeBSD Update sound complicated. It’s not. Here are three comments:
First, these commands are run once, to install the FreeBSD Update tool.
This installs the package. You can also build the port.
# pkg_add -vr freebsd-update
This creates a directory for the update process. This will be unnecessary soon for packages and is already unnecessary when building from the port.
# mkdir -p /usr/local/freebsd-update
This says to use the default configuration file. This should not be automated since automation would assume you accept the author’s defaults unconditionally.
# cp /usr/local/etc/freebsd-update.conf.sample
/usr/local/etc/freebsd-update.conf
Once those three commands are done, you never have to do them again. FreeBSD Update is installed.
Second, only two commands are needed to update the OS.
This retrieves updates.
# freebsd-update fetch
This installs updates.
# freebsd-update install
That’s pretty simple to me.
Third, you duplicated commands in your post. That makes the process look unnecessarily complicated.
Eugenia, thanks for posting this story.
Sincerely,
Richard Bejtlich
I’ve been a FreeBSD user for several months now, but I have only recently heard about the option of binary upgrades and it sounds exciting! However, the article seems to mention a GENERIC kernel as a requirement for freebsd-update to work correctly, or am I wrong? If I’m not wrong, is there anything I could do to make it still work on a custom machine? I’d hate to keep a GENERIC kernel, my custom one boots so much faster.
After reading the article, I tried it out. What happens is if something has to patch the kernel, then the binaries only work on the GENERIC kernel. If you modified it, then you need to update by source. Anything else seems to work fine. The update process will actually choose only the ones that will work. If you have a modified kernel, it will skip those that patches the kernel and tells you what patches you missed.
@Jon Door
Thanks. Will try it out soon. It is this line, right?:
#error “The SCHED_ULE scheduler is broken. Please use SCHED_4BSD”
that one worked for me. I ran a test build with it removed, unforunately on my dual p3 ULE does display instability, especially when running audio through xmms, crashes after a few minutes.