Freebsd - Upgrade Core System
[Foreword]
Any system is inevitable sometimes Security Holes or some Apps Patches, etc. In order to correct these issues, the general method is the new version of the system, or the use of binary upgrade, but these two methods lack flexible, and It is also necessary to wait for the new version of Release, and the way to stay in the rabbit is not as good as you do.
Using FreeBSD Make World, it is to update the system directly update the latest source tree (CVS Tree). This way is very flexible, you can choose to update some of the part you want to update, and don't wait for Release or Stable. The version can only be carried out; the risks brought about by the contrary, once the update fails, the light can cause the system of the original part of the system to be unworthy, and the system is completely 涣. The role of the following files is as safe as possible to boot to reduce the risk of Make World.
[Inland]
Step 1: Install Core Source
When you are determined to upgrade on this unit, please determine if the space's space is sufficient. About 620MB is taken in 4.7-RC (Source: 316MB; Objcet: 303MB). If the / usr's partitions is insufficient, while other partitions are spaced, you can load in other partitions using mount_null. For example: hooks / usr / obj in / home / Ant.
# mount_null / home / Ant / USR / OBJ /
If the system itself does not have Source Tree (preset installed in / usr / src), it is recommended to use the / stand / sysinstall installation first, so that the speed of the CVSUP can be increased.
Step 2: Install CVSUP
In order to update the Source Tree, the way used here is CVS method, so please install CVSUP first.
# CD / USR / PORTS / NET / CVSUP / # Make Install Clean or Install #CD / USR / PORTS / NET / CVSUP-WITHOUT-GUI / # Make Install Clean Of course, Packages can also be installed.
Step 3: Write the appropriate make.conf
The purpose of writing make.conf is set to set the preset behavior of the Make instruction. (Make.conf proposal is stored in / etc directory)
In order to make CVSUP more convenient to use, you can refer to /etc/defaults/make.conf (5.x has been moved to /usr/src/share/examples/etc/make.conf) settings for the set of cvsup update flaggs. . The following is the setting of the author of the author.
# CVSup update flags. Edit SUPFILE settings to reflect whichever distribution # file (s) you use on your site (see / usr / share / examples / cvsup / README for more # information on CVSup and these files). To use, do " Make Update "in /usr/src.#cflags=
2. Setting the CVSUP setting path and the set path of the Supfile and PortSsuPFile, please determine if it is correct.
Step 4: Modify Stable-Suppirl
The content of the Stable-Supfile file describes the related set value of the host update Core Source (portssupfile is the setting value of the Ports Tree, which is not discussed here, because it has exceeded the subject content of this article), so how to modify your needs is Extra important, therefore also become one of the elasticity of the system upgrade.
The following is the author of the author, and will be described:
# Defaults that apply to all the collections * default host = cvsup.tw.freebsd.org. * Default base = / usr / share / examples / cvsup / * default prefix = / usr * default release = cvs tag = RELENG_4 * default delete Use-rel-suffix # if Your network link is a t1 or faster, comment output ## main source tree. ## The Easiest Way to get the main source tree is to use the the "src-all "# mega-collection. it includes all of the individual" src- * "Collectes, # src-all
* Default host = cvsup.tw.freebsd.org.
Set the CVSUP will be connected to where the main unit is connected.
* Default base = / usr / share / example / cvsup /
Set where the CVSUP set value directory is located. Since the setting value has been set before the Make.conf has set it, you can do additional settings. If you have no additional settings before Make.conf, the preset will be set in this directory as a set value.
* Default prefix = / usr
Set where you set CVSUP's CORE SOURE, which will force in the set value of the SRC directory. EX: / usr / src. * Default release = cvs tag = releng_4
Release = cvs
Specifies that the server wants to obtain CVS Host data, please keep this value.
Tag = releng_4
Specifies the latest source tree to capture the FreeBSD 4 version, in terms of now, it will capture the latest version of 4.7-RC. Of course there are other settings. Examples are as follows:
Tag = releng_4_6_0_release is only the source tree that only wants to update to FreeBSD 4.6 Release. Tag = releng_4_6 is the latest source tree that only wants to update to FreeBSD 4.6 Stable.
* DEFAULT Delete Use-Rel-Suffix and * Default Compress
This second line parameter refers to the instructions in CVSUP, which is not understood here.
SRC-ALL
Specify all Core Source capture. Of course, elastic settings can be made. Simple example, as follows:
If you only want to update BIN, Contrib, Crypto, set it as follows (remember to take off SRC-ALL). SRC-Binsrc-Contribsrc-Crypto Other settings can be refer to CVSUP HANDBOOK.
Step 5: Synchronous source tree
The source code tree for setting the value before you start synchronization. Prior to this, it is recommended to back up the system's current kernel setting value.
# CP / USR / SRC / SYS / I386 / CONF / LINT ~ / LINT (for 5.x Before) # CP / USR / SRC / SYS / I386 / CONF / NOTES ~ / Notes (for 5.x) # CP / USR / SRC / SYS / I386 / CONF / Generic ~ / Generic # CP / USR / SRC / UPDADANG ~ / Updating
Then start the synchronization update (if you have a preset source tree directory order, change the following steps yourself).
# cd / usr / src # make Update
Then the program will check and upgrade the upgrade Source.
Step 6: Compile Source Tree
Compiling the source tree is the largest job. Since the large amount of FreeBSD system source code is to be compiled, the time of this step tends to determine the length of time according to the hardware pretext of the host.
Synchronize the time zone before execution.
# ntpdate stdtime.gov.tw
Then read the considerations in the Updating file to see if there is a place with major updates or special attention to it. Please make sure the current directory in the source tree directory order (EX: / USR / SRC).
# more Updatingor # Less Updating
Another convenient way is to view Updating Differences # Diff -Run ~ / Updating / USR / SRC / Updating
After determining the work of Pre-BuildWorld, check the current directory on the source tree directory order (EX: / usr / src) before starting to compile the source codes, and determine if there is permission to write / usr / OBJ and / / USR / SRC, then clear the temporary archive first.
# Make Cleandir Clean
# chflags -r Noschg / usr / src / # chflags -r Noschg / USR / OBJ / # make buildworld
If your system has not been upgraded for a long time, then old Config can't succeed smooth Compiler. If you encounter this situation, the solution can install the latest config. The following # cd / usr / src / usr / sbin / config # make all install clean So re-buildworld can be STEP 7: Compile new core
The core is usually synchronized with different system versions, so when the system is upgraded, the core must be recompiled one and recompile.
Prior to this, you can check the difference between the new core and the old core, see if it supports new features.
# DIFF / USR / SRC / SYS / I386 / CONF / LINT ~ / LINT (for 5.x Before) # DIFF / USR / SRC / SYS / I386 / CONF / NOTES ~ / Notes (for 5.x)
And check whether there is a new suggestion core function.
# DIFF / USR / SRC / SYS / I386 / CONF / Generic ~ / Generic
Then modify the new core settings of the cost machine.
Before you start building a new core, make sure the current directory in the source tree directory order (EX: / usr / src), and there is a right to write new cores.
# chflags noschg /kernel.Generic# chflags noschg / kernel # make kernel kernconf = Custom
The Custom here is the core name that wants to compile, or it can be set to generic.
In addition, the Make Kernel directive can be divided into two instructions: make Buildkernel and make installkernel. Take this as an example:
# Make Buildkernel Kernconf = Custom # Make Installkernel
Make Installkernel will refer to Buildkernel's KernConf installation, so you don't have to set up.
STEP 8: Install a new system
It is determined that the new system has been installed after compiling the source code tree and compiling the new core.
Since the system is a multi-worker environment, it is impossible to determine if there are some services being executed, or some users are implementing the work, so determine before installing the new system. If there is no such situation, you will be able to enter the SINGLE MODE to determine the installation in a clean environment.
Note: Some people like to perform a new system in multiple workers, even if they are sure that no one is online, or there are some services, but it is difficult to read a file, in order to correct the system correctly The installation is successful, and it is recommended to enter the SINGLE MODE to perform the installation.
# fsck -p # mount -u / # mount -a # adjkerntz -i When you install FreeBSD, we know that there are many system settings, such as: Master.Passwd, Group, MakeDev, etc. Some suggested values will change since the system is updated, and sometimes add some settings, which we need to be updated synchronously, otherwise there will be many problems in the system execution process.
Before you first install the latest version of Mergemaster, this program is to help us easily compare new and old differences than these settings.
# cd /usr/src/usr.sbin/mergemaster# make all install
After installing new Mergemaster, please perform the check work of Pre-BuildWorld mode first. This step will check the setting file that may affect the work of BuildWorld and InstallWorld, for example: master.passwd, group, and make.conf.
#MGEMaster -P
During the execution, the original and new setting files will be displayed. You can use "I" - Install the new setting file; "D" - reserves the original setting file; "M" - manual increase setting.
Note: Mergemaster steps, please be careful, such as important files such as master.passwd, group, will cause the system to log in normally.
Let's start installing a new system, make sure the current directory in the source tree directory order (EX: / usr / src).
# make installworld
Step 9: Merge new system setting file
Since some important setting files that may affect the system upgrade have been Merge in the previous step, the setting files of other systems are set.
Start performing an interactive alignment.
#MGEMaster -i
Once compared, you can reboot to test whether the system can be performed normally.
STEP 10: Increase basic system security (selective requirements)
This step can be available, habitats in any state of the system, is the installation flag of some system important files.
# chflags schg /kernel.*# chflags -r schg / usr / src / # chflags -r schg / usr / obj /
If you want to save space, you can usually cut the / usr / obj / directory throughout the system upgrade, or even the / usr / src / directory can also be cut.
Step 11: Reproducing Host Keys (selective requirements)
# ssh-keygen -t RSA1-N '' -f / etc / ssh / ssh_host_key # ssh-keygen -t keta -n '' -f / etc / ssh / ssh_host_rsa_key # ssh-keygen -t dsa -n '" F / etc / ssh / ssh_host_dsa_key [todo]
[Reference article]
FreeBSD Handbook FreeBSD Mailing List Darkkiller BBS-TW Article
[Change-log]
2002/09/24 - Complete the first draft 2002/10/07 - Increase the success rate of the system upgrade, strengthen the basic security of the system and the re-encoding of Host Keys. Modify BUGS by 2002/10/16. Co - renovation content. 2002/12/24 - Connective content. 2003/02/11 - Connective content. Modify BUGS. 2003/05/20 - In the increase of 5.x, there is Notes, and the change observation of Updating. 2003/05/26 - Repair STEP 7's narrative about Notes and LINTs. 2003/11/25 - Co - decreasing STEP 6 content on the first architecture of Config related files.
[Bug-feedback]
S882617@mail.yzu.edu.tw
