Upgrade best practices on FreeBSD

larynx

larynx

I'm new to the FreeBSD world (moving from Debian recently), I setup a DigitalOcean VPS running FreeBSD 10.1 and I wanted to ask a question regarding package management.

I run a few websites on the VPS using nginx and mysql, a cronjob runs nightly checking for vulnerabilities in the installed packages by executing pkg audit -F and pkg audit -r. So far I've only been upgrading if any vulnerabilities are found and whenever a FreeBSD core update is released (recently upgrading to 10.1-RELEASE-p8 due to an OpenSSL issue).

I wanted to know if that is the correct way to upgrade a FreeBSD machine or should I upgrade whenever new packages are released even though I don't have any features I require in the new versions.

I searched around and couldn't find a good answer for this.

Thanks
 
Hi,

It looks like you're doing everything right to me. If your installed ports/packages and base system are updated to cover security vulnerabilities, and you're running a supported release, there is little need to update. Keep in mind however it's a good idea when you do choose to update your ports/packages that you install all available updates or you'll get into a situation where application and/or library dependencies can become out of sync and cause problems down the line. If you haven't already please check out the FreeBSD Handbook. It has a wealth of helpful information for new and current users alike.
 
I did an upgrade a little while ago, but after running pkg audit -F it showed multiple vulnerabilities and finished with
Code: 
8 problem(s) in the installed packages found.
So I did another upgrade, rebooted, and ran pkg audit -F again. The result was the same response as before. Is there something else I should do, or is this just how it goes?
 
OJ said:
I did an upgrade a little while ago, but after running pkg audit -F it showed multiple vulnerabilities and finished with
Code: 
8 problem(s) in the installed packages found.
So I did another upgrade, rebooted, and ran pkg audit -F again. The result was the same response as before. Is there something else I should do, or is this just how it goes?
Click to expand...
AFAIK the FreeBSD packages are built and repository only updated once per week. The offending package/s may not have an update/s available yet.
 
protocelt said:
Hi,

It looks like you're doing everything right to me. If your installed ports/packages and base system are updated to cover security vulnerabilities, and you're running a supported release, there is little need to update. Keep in mind however it's a good idea when you do choose to update your ports/packages that you install all available updates or you'll get into a situation where application and/or library dependencies can become out of sync and cause problems down the line. If you haven't already please check out the FreeBSD Handbook. It has a wealth of helpful information for new and current users alike.
Click to expand...

Thanks. I've been reading the handbook since I've started as a lot of search results end up at it :)
 
You must log in or register to reply here.
Back
Top