with 11.0+, where the debugging symbols use a new naming scheme for release
distribution files.
Errata candidate.
Approved by: cperciva
Differential Revision: https://reviews.freebsd.org/D7170
This option tells freebsd-update to act as if it is running a specific
release instead of querying the kernel. In particular, this can be
useful when upgrading jails.
Requested by: EuroBSDCon devsummit jails session
Tested by: allanjude
MFC after: 1 week
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
Safetly belt can be disabled with the -F flag
Additionally, add the --not-running-from-cron flag they bypasses the TTY requirement, and allows freebsd-update to be invoked by orchestration frameworks, scripts, or otherwise.
PR: 196760
Differential Revision: https://reviews.freebsd.org/D1550
Reviewed by: cperciva, delphij
Approved by: bcr (mentor), rodrigc (src)
MFC after: 1 month
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Add missing references to $BASEDIR, in order to allow correct operation
when updating a system mounted at another location than / (e.g. when
updating an alternate Boot Environment).
Reviewed by: cperciva
MFC after: 1 week
This is required to prevent problems with nss modules that use libthr when
upgrading from releases prior to 10.1.
PR: 197366
Sponsored by: DARPA, AFRL
Differential Revision: D1790
Reviewed by: cperciva
MFC after: 3 days
just "directory" entries.
Prior to this commit, if / was added as part of a security update (how? In
the most recent case, because lib32 was accidentally omitted and was then
re-added, and every installer distribution set gets its own paths) then
the code which was supposed to filter out updates to deleted parts of the
base system (if someone decides to delete / then we shouldn't re-create it
for them) would instead get confused and decided that while / should exist,
// should not exist and needs to be removed.
This fixes the bug which caused freebsd-update to want to delete / (which is
harmless, since `rm /` fails, but scary nonetheless). A workaround is being
applied to the update bits in order to avoid triggering the bug on unpatched
systems.
PR: 196055, 196091, 196147
workdir which would break the upgrade process upon reboot.
Currently we check for tmpfs and mdmfs.
PR: 195006
Differential Revision: https://reviews.freebsd.org/D1163
Approved by: cperciva
and INDEX-NEW and compare them, not generate the same list of directories
from INDEX-OLD twice...
Pointy hats to: cperciva & everybody who didn't proofread EN-13:04 enough
at the end of the upgrade process, after warning users to upgrade any
3rd party software (e.g., from the ports tree) which might link to the
libraries being removed.
Prior to this commit, the line
/usr/lib/libc.so|...|/lib/libc.so.7
matched the regex, which -- upgrading from 9.x to 10.x, where libc.so is
a regular file and thus was not part of a line which matched the regex --
resulted in freebsd-update thinking that /usr/lib/libc.so was a shared
library which was being removed as part of the upgrade. This had some
unfortunate consequences.
This will be part of an upcoming Errata Notice.
directories last.
This is generally handled by the fact that the list of filesystem objects
is sorted, but this sorting is broken by code which moves .so files ahead
(so that they're present before any binaries which use them)... that code
also moved .so files ahead of directories, which is a problem for upgrading
to 10.0 where there's a new directory containing new .so files.
Errata Notice Candidate.
forking lots of processes to run echo|cut. In one test this reduced
the CPU time from 980s to 134s and the wallclock time from 806s to
132s.
Submitted by: Oleg Ginzburg
configuration files.
If the current file differs from the canonical version from the old release
only due to differences in the $FreeBSD$ tag (which can happen if the system
was installed from source code, depending on how the src tree was checked out)
then freebsd-update will treat the file as "unmodified" and silently update
it to the "clean" version in the new release.
If the only change being made to a configuration file is in the $FreeBSD$
tag (e.g., for any configuration files which have been modified locally, now
that we're using SVN and the $FreeBSD$ tag changes when a branch is created),
freebsd-update will no longer print the diff and prompt "Does this look
reasonable (y/n)?".
Nagged by: pgollucci
MFC after: 1 month
from the PR, but the version numbers reflect the newer ones from
http://security.freebsd.org/#sup
PR: docs/145227
Submitted by: Glen Barber (glen dot j dot barber at gmail dot com)
Reviewed by: cperciva
Mentored by: jkois
MFC after: 1 week
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
using freebsd-update. This applies to using freebsd-update in "upgrade
mode" and normal freebsd-update on a security branch.
The backup kernel will be written to /boot/kernel.old, if the directory
does not exist, or the directory was created by freebsd-update in a
previous backup. Otherwise freebsd-update will generate a new directory
name for use by the backup. By default symbol files are not backed up
to save diskspace and avoid filling up the root partition.
This feature is fully configurable in the freebsd-update config file,
but defaults to enabled.
MFC after: 1 week (stable/7)
Reviewed by: cperciva
Approved by: re (kib)
