Previously, I hosed my system through an automatic update. Fortunately though, I was able to recover.
That said, I was perusing:
And, I am following all of the steps except:
It didn't say anything about any options we should use or avoid.
I think I was previously advised I shouldn't take all package updates because there could be random ones that could hose my system and that has happened to me at least once.
So, to make the process a bit more robust, I do:
I am wondering, but perhaps what I should do is once this is done, check if there are other updates available and create a separate BE for that so if the non-vulnerable updates broke the system, I can at least keep the vulnerability fixes. I'm confirming that it is a bit risky to just take all pkg updates regardless.
I would also like to have "the latest and greatest" to the extent that it is stable and reliable.
That said, I was perusing:
And, I am following all of the steps except:
Code:
pkg upgrade
It didn't say anything about any options we should use or avoid.
I think I was previously advised I shouldn't take all package updates because there could be random ones that could hose my system and that has happened to me at least once.
So, to make the process a bit more robust, I do:
Code:
1. check for updates
freebsd-update fetch updatesready
pkg upgrade -n (return code == 2)
pkg audit -F (non-zero return code)
2. if updates are available
a. determine latest patch sequence and increment it
b. create new Boot Environment (including the patch)
3. instruct myself to reboot into the new BE
4. upon reboot (@reboot cron job)
run freebsd-update fetch install
run pkg upgrade -v -y (only install vulnerability fixes)
check for further updates and notify the user
5. use the system as normal, if any problems are detected, revert to previous BE
I am wondering, but perhaps what I should do is once this is done, check if there are other updates available and create a separate BE for that so if the non-vulnerable updates broke the system, I can at least keep the vulnerability fixes. I'm confirming that it is a bit risky to just take all pkg updates regardless.
I would also like to have "the latest and greatest" to the extent that it is stable and reliable.