NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: patching for 2010-002: I feel like an idiot, but this isn't working

 # cvs update -r netbsd-5-0-1-RELEASE -d -P crypto/dist/openssl/ssl

Dennis answered to use -r 'netbsd-5-0', but another question is: why do
you want to track netbsd-5-0 instead of netbsd-5?  netbsd-5 has more
fixes but my experience has been that it is very stable.

Here's a long answer to a short question...

<begin mild rant, please do not take offense; I am a little
frustrated, but willing to listen to reason>

Holy cow, not to sound like a newbie, but I don't *know*
what I should track!  After my exchange with Andy on this
list, I re-read the advisory and realized that it had *told*
me to "update from the netbsd-5 or netbsd-5-0 branches",
but I had not grokked that those were the "<branch_name>"
values to substitute in the given cvs command, nor would I have
known which one was more appropriate in my case.  The patching
instructions given in the advisories are probably crystal-clear
to someone who understands CVS and the release numbering system,
but to a relative outsider basically just following the recipe,
I humbly submit that they are insufficient.  :-(

After years - wow, soon to be decades - (at work) of cursing
DEC (er, HP) and Sun for their arcane O/S patching methods,
I admit that I've been rather spoiled in the past few years by
the (cue doomsday music!) "RedHat and cousins" simplicity of
O/S patching (up2date or yum).  The NetBSD cvsweb shows ten
branches whose name starts with "netbsd-5", and even ruling
out the ones with "RC" in their names, I have a choice of:


How much research is a simple sysadmin supposed to do to
figure out how to maintain a system?  I installed 5.0.1 so I
(mistakenly, it turns out) assumed that if there were patches,
I should track 5.0.1.

I have only one NetBSD machine nowadays: my home workstation.
I periodically curse at it because I can't see Flash content
in Firefox (I'm working on that now, actually, since it's
embarrassing to have to borrow my SO's Slackware box for
that purpose!), my "all-in-one" printer's scanner function
isn't working, I've had problems in the past keeping my "pkg"
software up to date (I bit the bullet in January and figured
out that for most purposes, "pkg_rolling-replace" is my friend,
and that I can even use it after replacing my pkgsrc tree with
the latest quarterly release), and I dread security updates.
I've been basically upgrading the O/S every two or three years,
which is really not acceptable to me.  The shoemaker herself
is definitely ill-shod!!!

Every few years when I *do* replace the O/S, I wonder if it's
time to throw in the towel and admit that much as I approve
of the philosophy behind how NetBSD is maintained, and much
as I appreciate the security and stability, and much as I
*really* appreciate the helpful and highly clueful nature of
the help I invariably get when I ask for it, maybe it's just
too time-consuming for me to maintain as a one-off.  And each
time I chide myself for sounding like a Windows user instead
of a professional sysadmin, and tell myself that it's just
my own lack of knowledge that's making a simple thing seem
difficult, and I resolve to come up to speed so I can manage
this box with the ease with which my group manages hundreds
of Linux boxes at work.

<end of mild rant>

Anyway, as I said, after an intensive few days of learning
a couple of months ago, and some nifty Perl coding, I am now
managing my "pkg" software in a timely but not time-consuming
manner, and I am pleased.

I need to do something similar for the O/S itself.  I am fairly
conservative with my updates because this is my workstation
and if I screw it up, I am very unhappy indeed, and I don't
necessarily have time at that moment (or possibly for days)
to figure out what I did wrong and how to reverse it.

I swear that back in January I re-read significant sections
of the "NetBSD Guide", but somehow I still don't know how to
keep this workstation up to date in a straightforward way.
Perhaps I managed to miss a crucial chapter, and if so, please
tell me to RTFM.

Andy Ruhl posts that he periodically gets a daily build of
"netbsd-5", makes install media, and does a binary upgrade
of the entire system, which takes him about half an hour.
In practice that's reasonable for just one machine, but to me
the idea of having to sit at the console and take the system
down seems philosophically wrong (as I said, at work we manage
hundreds of machines, so methods have to scale).

Andy writes:

And I maintain the release-5 code through CVS and use my
kernel config file to build a new kernel as per my config at
the same time.

Is there a way to use CVS to track and maintain a very stable
version of the O/S, both sources and binaries?  If so, I'd have
to take "special action" only when I want a new kernel, which
isn't all that often.  I suppose I could even write a cronjob to
"cvs update" and then "make install" overnight every couple of
weeks, if the make isn't too ridiculously time-consuming, but
it would be a lot handier if I could "cvs update" the binaries!

And how would I figure out which branch to track?


Home | Main Index | Thread Index | Old Index