Re: Is there any way to know if userland is patched?
From: Julian Elischer (julian_at_elischer.org)
Date: Wed, 10 Nov 2004 09:45:00 -0800 To: Xin LI <email@example.com>
Xin LI wrote:
> Dear folks,
> I'm recently investigating large scale deployment and upgrading FreeBSD
> RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch
> is applied, however, it seems that there is less method to determine
> whether the userland is patched, which is somewhat important for large
> site managements.
> So is "uname -sr" the only way to differencate the patchlevel of a security
> branch? I have read Colin's freebsd-update script and to my best of
> knowledge this is the only way (and, on condition that we have re-compiled
> the kernel and installed it, and reboot'ed). Given the nature of a security
> or errata branch, we can expect that no API/ABI changes will occour and it
> should be safe to do make installworld/installkernel in any order, and bumping
> patchlevel does not mean that a reboot must be done.
> Please correct me if I was wrong, thanks.
I upgrade systems by creating packages which contain all upgraded files
I have a set of makefiles etc. checked into my local CVS tree that check out
a freeBSD tree at a given revision and build it (withlocal patches added)
and then extracts out fies according to a list I supply. On completion I check
the list in too, so I can theoretically recreate that patch..
I use the package system to keep track of which packages are loaded onto a
system, and newer upgrade packages always have earlier ones as dependencies..
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"