Using fastest_cvsup and freebsd-update Tools

While reading a OSNews thread on FreeBSD 4.9, I heard of a tool called fastest_cvsup. You use it in conjunction with cvsup on FreeBSD, NetBSD, and OpenBSD to find the "fastest" source distribution site. I use it in a shell script to update one of my boxes like this:


#!/bin/sh
# Ports updater by Richard Bejtlich
# 0925 07 Nov 03
SERVER=`fastest_cvsup -q -c us`

echo "cvsup -g -L 2 -h $SERVER /usr/local/etc/ports-supfile"
cvsup -g -L 2 -h $SERVER /usr/local/etc/ports-supfile

echo "cd /usr/ports; make index"
cd /usr/ports
make index

echo "portsdb -u"
portsdb -u

echo "cd /var/db"
cd /var/db

echo "pkgdb -F"
pkgdb -F

echo "portversion -v"
portversion -v

echo "portupgrade -PrRva"
portupgrade -PrRva

echo "Done updating ports tree at `/bin/date`."
exit


I changed my portsdb instruction after reading this thread. This article and this thread have tips too.

I also gave freebsd-update a try. It's a way to perform binary updates on FreeBSD systems that have not rebuilt the 'world' after installing a fresh RELEASE. I used freebsd-update on a 4.8 RELEASE system using these commands:

pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/freebsd-update-1.4.tgz

cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf

mkdir /usr/local/freebsd-update

rehash

freebsd-update -v fetch

freebsd-update -v install


freebsd-update warned me "Don't forget to rebuild any statically linked ports to use the updated libraries after you install them." Colin gave me some background on this:

"Most applications from the ports tree (and packages) are dynamically linked, but a few aren't.
On my system, the only static binaries I have installed from the ports tree are bash and m3build.
If you have portupgrade installed, the following script will locate any static binaries which might be
out of date and run portupgrade interactively to rebuild them." Note this script should have backslashes
at the end of lines 2-5, but Blogger is removing them:

#!/bin/sh
find /usr/local -type f -perm +111 ! -newer
/usr/lib/`ls -art /usr/lib | tail -1` -print0 |
xargs -0 file | grep "statically linked" | cut -f 1 -d ':' |
xargs pkg_which | grep -v '^\?$' | sort -u |
while read x; do portupgrade -fi $x < /dev/tty; done

Colin continues: "Unfortunately, there isn't any easy way to determine if packages distributed from ftp.freebsd.org have been rebuilt with new libraries; in general, it's better to install the ports tree (and keep it up to date by using cvsup) and build everything locally."

Right now the freebsd-update maintainer, Colin Percival, only has the resources to provide binary updates for FreeBSD 4.7, 4.8, and 4.9. He's accepting donations via PayPal so he can support the 5.x tree. As of this morning he's got pledges and donations of $915, so I sent him $20 to show my support. Please consider matching my donation to get Colin above the $1000 level, where he'll build a new system to provide binary updates for the 5.x tree. Thank you!

This is an amazing tool. It only took minutes rather than the hours it might take to do everything from source. The major drawback is that it only supports the GENERIC kernel. This is fine for a project like the Sguil on FreeBSD appliance for which I wrote the documentation. However, people with multi-processor systems who need to add SMP support by rebuilding their kernel cannot use the current version of freebsd-update. When FreeBSD 5.2 is released, this will not be a problem. Colin told me "FreeBSD 5.2 is going to be an ideal target for FreeBSD Update, in fact, since the 'SMP problem' will be gone -- jhb committed code to -CURRENT a few days ago which eliminates the uniprocessor/multiprocessor distinction for kernels, so having more than one processor will no longer require that the kernel be recompiled."

One more tip: if you want to create a package when installing a port, use 'make package' after 'make'. If you want to create the associated dependencies when creating a package, use 'make package-recursive'.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics