buildworld and installworld shell script

Hi guys,

I'm trying to patch my FreeBSD 10 system to resolve the openssl heart bleed problem as described at http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc
I looked at the FreeBSD man Rebuilding “world” chapter but I am really not sure about rebuilding everything by hand as my knowledge is not all that great yet.

I was wondering if anyone had a shell script that automate the make buildworld to make installworld that you could share

Thank you in advance
Fred
 
It's what I use on all my FreeBSD-10 machines, with some refinements (like -j8 for buildworld and kernel targets).
 
wblock@ said:
It's what I use on all my FreeBSD-10 machines, with some refinements (like -j8 for buildworld and kernel targets).
So one can use -j4 on buildkernel, too? I thought I remember seeing somewhere the use of -j for kernel builds was not recommended. Same for -DNO_CLEAN?
 
trh411 said:
wblock@ said:
It's what I use on all my FreeBSD-10 machines, with some refinements (like -j8 for buildworld and kernel targets).
So one can use -j4 on buildkernel, too? I thought I remember seeing somewhere the use of -j for kernel builds was not recommended. Same for -DNO_CLEAN?

-j8 has had no problems for me on 9-STABLE and now 10-STABLE for years (I benchmarked various values a couple of years ago, and -j8 was the fastest on both a Core 2 Duo E8400 and i5-2500K processors). I have not been using -DNO_CLEAN for as long, but again, no problems. Well, other than cosmetic: the output of uname(1) does not show the correct version of the kernel unless you delete some files first (as shown by Trond Endrestøl on the mailing lists recently):
rm /usr/obj/usr/src/sys/[i]CUSTOMKERNELNAME[/i]/vers*
 
Hi guys,

I get the following when i ran
Code:
make buildworld -j8
Code:
1 error generated.
*** [bn_lib.So] Error code 1

make[4]: stopped in /usr/src/secure/lib/libcrypto
1 error

make[4]: stopped in /usr/src/secure/lib/libcrypto
A failure has been detected in another branch of the parallel make

make[3]: stopped in /usr/src
*** [libraries] Error code 2

make[2]: stopped in /usr/src
1 error

make[2]: stopped in /usr/src
*** [_libraries] Error code 2

make[1]: stopped in /usr/src
1 error

make[1]: stopped in /usr/src
*** [buildworld] Error code 2

make: stopped in /usr/src
1 error

make: stopped in /usr/src

I have no idea what the error refers to...could anyone assist?

Just before that I did
Code:
# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch
# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc
# cd /usr/src
# patch < /path/to/patch
 
You need to pull in the entire FreeBSD source repository as the first step. Use svnlite co [url=https://svn0.us-east.freebsd.org/base/head]https://svn0.us-east.freebsd.org/base/head[/url] /usr/src. Then you can continue with make -j8 buildworld and the rest of the build process as defined in Rebuilding "world".
 
Oh, and the checkout URL determines which version is checked out. The one shown by @trh411 is for HEAD, or -CURRENT. For 10-STABLE, it's base/stable/10.
 
Last edited by a moderator:
wblock@ said:
Oh, and the checkout URL determines which version is checked out. The one shown by @trh411 is for HEAD, or -CURRENT. For 10-STABLE, it's base/stable/10.
Thanks for this correction. For some reason I had -CURRENT on my mind when I posted. I missed completely that @fred974 was looking at updating to 10-STABLE.
 
Last edited by a moderator:
Ok guys this is what I am about to run:

Code:
1.mv /usr/src /usr/src.old
2.svnlite co https://svn0.eu.freebsd.org/base/stable/10 /usr/src
3.fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch
4.fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc
5.cd /usr/src
6.patch < /path/to/patch

Could you please tell me if I need to do steps 3 to 6? Is the the openssl pach already included in the FreeBSD source repository that I will be downloading?

Fred
 
fred974 said:
Ok guys this is what I am about to run:

Code:
1.mv /usr/src /usr/src.old
2.svnlite co https://svn0.eu.freebsd.org/base/stable/10 /usr/src
3.fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch
4.fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc
5.cd /usr/src
6.patch < /path/to/patch

Could you please tell me if I need to do steps 3 to 6? Is the the openssl pach already included in the FreeBSD source repository that I will be downloading?

Fred

I think you don't need it. You should have already updated system.
 
fred974 said:
I also have 3 jails on my system, will
Code:
make installworld
destroy my jails?
No, it will only update/upgrade the host system, not the jails. You'll have to update/upgrade them separately.
 
@wblock@,
Would you mind sharing what you have in your etc/mergemaster.rc file?
So far I came up with the following:
Code:
# Automatically install files that do not exist
AUTO_INSTALL='yes'
# Automatically upgrade files that have not been edited
AUTO_UPGRADE='yes'
 
Last edited by a moderator:
I run
Code:
mergemaster -Ui
and selected i for the prompt. After restarting the server, I have lost my SSH access.
Originally it was set as public/private keyr. When i type the password it is not recognised..

All the web services are gone too, I assume that they hasn't been started upon reboot

Could anyone help please
 
You probably overwrote /etc/master.passwd and /etc/group without thinking and all your user accounts are now reset to the ones included in a fresh install. The correct action would have been merge (m). There should be backup copies of those files at /var/backup, restore them from there. Next time pay attention what mergemaster(8) is asking you to do, it does offer options to review the changes that are about to be committed.
 
kpa said:
You probably overwrote /etc/master.passwd and /etc/group without thinking and all your user accounts are now reset to the ones included in a fresh install. The correct action would have been merge (m). There should be backup copies of those files at /var/backup, restore them from there. Next time pay attention what mergemaster(8) is asking you to do, it does offer options to review the changes that are about to be committed.

Hi @kpa this is a lesson well learned believe me.
Thank you for the tip. I'll have to check when I have physical access to the box tonight.
Will my root password be the same when I have physical access to the terminal?
 
Last edited by a moderator:
fred974 said:
Originally it was set as public/private keyr. When i type the password it is not recognised..

All the web services are gone too, I assume that they hasn't been started upon reboot

Could anyone help please
There's nothing anyone can do I'm afraid. The only liable option I see is to gain console access so you can figure out exactly what has gone wrong.

As to what has happened here; that heavily depends on your setup. I mean; if those jails provide specific (web)services then I could imagine scenario's where those may fail to boot after upgrading your base OS. Though I'd also like to quickly mention that jails normally shouldn't be too much affected by the host. On one of my servers I'm still using a 9.1 jail on top of a 9.2-RELEASE-P3 host.

My guess is that you used some wrong options with mergemaster. It will also go over files such as /etc/passwd and /etc/group to update the version "tag" (the first line). If you told it to replace those files, and at the end allowed it to run pwd_mkdb then you effectively reset your environment to the default account settings.

Depending on your settings and used options you might be able to recover from this through local backups (check /var/backups) but you may want to keep your regular backups safe as well "just in case".
 
fred974 said:
@wblock@,
Would you mind sharing what you have in your etc/mergemaster.rc file?

It varies a bit by system:
Code:
IGNORE_FILES='/.cshrc /etc/hosts /etc/master.passwd /etc/ntp.conf /etc/printcap /root/.cshrc'
 
Last edited by a moderator:
I restored the group, aliases, master.passwd to /etc but the users are still not recognized..
If I ls /usr/home, I can still see the users home directory.

As for the jails, I have no idea why they won't start, I looked at /var/log but found no logs for ezjail

Has anyone got any suggestion how to solve my problem?
do I need to restore the files from /var/backup to other location than /etc?
 
Back
Top