Keeping the jails up to date

Status
Not open for further replies.

raidflex

Guru
Joined
Mar 14, 2012
Messages
531
What is the reason for wanting 4.3.15 in particular?

If its possible to upgrade to 4.3.15 I would like to for the improvements/fixes, if this requires recompiling the kernel, then no its not worth it to me. With pkg-ng it will pull the latest version, I am not sure if its possible to select an older version.
 
Last edited:

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
It doesn't necessarily require it. The whole thing is that normally when you do a pkg-ng the drivers are installed as part of the package. So they should always match. But because we're in a jail, etc etc etc you have to handle keeping them "in sync" yourself. Code may or may not have changed which may or may not mean that they are compatible. The only true answer, short of checking the code yourself, is to assume that they must match and not do anything that breaks that. ;)
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
cyberjock, thanks to your guide my jails are up to date and everything is running great. How often would you suggest to check for updates for the jails?

BTW, your new avatar pic scares me..... :)
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
I do it every week or two. It really depends on if a package has some nasty CVE that requires attention. pkg auditing can tell you if that is the case.
 

fracai

Guru
Joined
Aug 22, 2012
Messages
1,212
Something else that I find useful is an RSS feed for the UPDATING file. I find it a lot easier to just scan the feed and flag anything that effects me, rather than reading the file whenever I update.

I'm not sure if this is the feed I've been using, but it's the first hit that came up when I searched: http://updating.versia.com/
 

andyclimb

Contributor
Joined
Aug 17, 2012
Messages
101
Great script. Worked like a charm! Was wondering if u could add a wee feature... There is one type of jail you do not want to be updating! That is the vbox jails.... I ran the script and it updated my vbox version only the underlying kernal in FREENAS doesn't then match. The my machine rebooted, then worried. Got it to boot eventually and restored jail from snapshot. All is fine.

I know the easy option is to shut the jail down. But how about including an ignore option for vbox?

Just a thought, but thanks for the work!


Sent from my iPhone using Tapatalk
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
I know the easy option is to shut the jail down. But how about including an ignore option for vbox?
There's no way to positively identify the virtualbox jail. People rename it to all sorts of things. But if you are familiar with pkg-ng you can "lock" the packages so they will be ignored even if an update exists. That's what I do on my jail. ;)
 

andyclimb

Contributor
Joined
Aug 17, 2012
Messages
101
I'm not that familiar with how to lock packages so just reading about it now.

are these the only two packages that need to be locked

virtualbox-ose-4.3.12_1
virtualbox-ose-kmod-4.3.12

That would be much appreciated!

Is there a way of unlocked them / finding the packages that are locked?
 

andyclimb

Contributor
Joined
Aug 17, 2012
Messages
101

raidflex

Guru
Joined
Mar 14, 2012
Messages
531

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
The virtualbox-ose packages are the ones that need to be locked.

You can lock apache, but that's foolhearty. Yes, that means if you do pkg upgrades you won't get the new apache (which means fixing some things that have changed in apache) but it also means you are leaving yourself open to security risks with the old apache version. I do not recommend you lock apache.
 

raidflex

Guru
Joined
Mar 14, 2012
Messages
531
The virtualbox-ose packages are the ones that need to be locked.

You can lock apache, but that's foolhearty. Yes, that means if you do pkg upgrades you won't get the new apache (which means fixing some things that have changed in apache) but it also means you are leaving yourself open to security risks with the old apache version. I do not recommend you lock apache.

It will update to Apache24 which will break Virtualbox.
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
It will update to Apache24 which will break Virtualbox.

And so you go fix it. So which is a better idea? Using an old (and vulnerable) version of Apache or using a new version and fixing the problem? ;)

You are arguing convenience over security, which nobody here should agree that it's a good choice. ;)
 

raidflex

Guru
Joined
Mar 14, 2012
Messages
531
And so you go fix it. So which is a better idea? Using an old (and vulnerable) version of Apache or using a new version and fixing the problem? ;)

You are arguing convenience over security, which nobody here should agree that it's a good choice. ;)

Basically I would probably have to re-do the entire Virtualbox jail in order to get this to work. You even said previously in this thread to wait until 9.3 and just update all packages except Apache and VB. Why would I go through all this trouble to patch one single package on a jail that is not even internet facing and behind a full firewall? In the convenience vs security argument, waiting a couple weeks at the most far out weighs the security risk.
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
Thank you @cyberjock ! i just upgraded my trasmission plugin jail and it worked perfectly with your guide!
Now i have to upgrade my plex port jail (manually created) as suggested here. Let's hope it would work good as well!
 

ovizii

Patron
Joined
Jun 30, 2014
Messages
435
Oh, I just realized I should not update the virtualbox jail? Should I restore it to a snapshot?

Here is where I got stuck, all other updates went through just fine:

Code:
pkg update
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
root@virty:/ # pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (106 candidates): 100%
Processing candidates (106 candidates): 100%
Checking integrity... done (9 conflicting)
pkg: Cannot solve problem using SAT solver:
conflict rule: The following packages conflict with each other: php5-xml-5.4.38(r), php56-xml-5.6.6(r)
conflict rule: The following packages conflict with each other: php5-xml-5.4.38(r), php5-xml-5.4.38(r)
upgrade rule: upgrade local php5-xml-5.4.29 to remote php5-xml-5.4.38
dependency rule: package php5-xml(r) depends on: php5-xml(l)phpvirtualbox(l)
cannot install package php5-xml, remove it from request? [Y/n]:
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
Yeah updating vbox jail breaks it. If you have a snapshot roll it back otherwise a fresh install of the jail is in order.
 

decoy5657

Cadet
Joined
Apr 13, 2015
Messages
9
Does the first post in this thread apply to 9.3? I don't have a pkg.conf; but I do have a pkg.conf.sample
 

raidflex

Guru
Joined
Mar 14, 2012
Messages
531
Updates still work without a problem for me. Always a good idea to take a snapshot before you update though.
 
Status
Not open for further replies.
Top