My Server runs FreeBSD because it’s what I know best, what I manage the most easiest. It’s stable and running smooth without too much effort on my part for years now. Since I’m running 6.x, binary updating makes it easy for me to track the RELEASE builds and to upgrade in time.
So “freebsd-update” finally closed the gap on FreeBSD, which Microsoft opened with their “Automatic Updates” on Windows systems decades ago, which made it easy for any sysadmin to patch their server(s).
So, let’s run down basic procedures of a binary update using “freebsd-update”:
First of all, if you are unsure or don’t want to follow instructions blindly and verify options and parameters, always use “man” as in “man freebsd-update”, in this case.
Important to note is, that “freebsd-update” really only works if you use FreeBSD RELEASE or RC builds – simply put all such builds, which you can download as CD/DVD ISO – of course you can also compile your box e.g. to the current RELEASE build (if you are currently tracking STABLE or CURRENT) in order to enable binary updates.
Now let’s see how we update our RELEASE build to include latest security fixes…
First of all, verify your build:
# uname -r 7.2-RELEASE
This shows you that you run 7.2-RELEASE without any patches, so that’s an eligible build for binary updates. Of course, also previously included (compiled-in) patches from the RELEASE branch will work for further binary updates.
Now we fetch the latest patches and you will get an output along this:
# freebsd-update fetch Fetching metadata signature for 7.2-RELEASE from update4.FreeBSD.org... done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Inspecting system... done. Preparing to download files... done. Fetching 3 patches.. done. Applying patches... done. Fetching 1 files... done. The following files will be updated as part of updating to 7.2-RELEASE-p7: /boot/kernel/kernel /boot/kernel/kernel.symbols
Many more files will be listed depending on the patch state of your system. You are now ready to verify that all patches are in your interest and you might want to double-check on changes to components, which are critical to your system.
When you are ready to install the patches, we’ll issue
# freebsd-update install Installing updates... done.
The only thing left is now to reboot your box and verify the result:
# uname -r 7.2-RELEASE-p7