NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: patching for 2010-002: I feel like an idiot, but this isn't working



Andy Ruhl <acruhl%gmail.com@localhost> wrote:
[A proper, but relatively complicated way to stay up to date]

If your demands on security are not all too high (that is, you
trust NetBSD's build cluster not to distribute malicious binaries),
I would recommend against using CVS at all. Just use prebuilt bin-
aries from nyftp.netbsd.org.

First, determine which branch's kernel supports all the hardware
you want it to. The choice is basically netbsd-5-0, netbsd-5, or
HEAD (which is the bleeding edge). Then decide whether you need a
firewall on your workstation, or whether you want to use kernel
modules (up to 6.0, this should not be necessary in many cases;
when using a -current kernel, you could use a MONOLITHIC one).
If neither is the case, install the latest official release version
(5.0.2 at the moment) and put the kernel you chose on top of it.
Else, install the entire system from the your kernel's branch.

Next, subscribe to the security-announce mailing list. Whenever
you receive a security advisory, go to nyftp.netbsd.org and download
either a new kernel, if the advisory concerns the kernel, or the
binary sets (to be found in binary/sets), for the branch you chose
before.

In the kernel case, make sure it works before installing it
permanently.

In the userland case, install the userland by untarring the sets
(leaving out etc.tgz and xetc.tgz, as they would overwrite your
existing configuration) to /. Make sure to preserve file permissions;
with tar, this is done by using the "-p" flag. Finally, update your
configuration to make sure it is compatible with the new userland.
You do this by running etcupdate and postinstall (you need the
etc.tgz and xetc.tgz then). Please refer to the respective man
pages for details (but it is really simple).

That's it.

For pkgsrc, there are a few guides on wiki.netbsd.se, but if
pkg-rolling_replace does a good job for you, that's fine.

HTH,

Dennis den Brok



Home | Main Index | Thread Index | Old Index