Re: How is the patchlevel set?
On 06/30/05 15:47, lars wrote: I can't seem to find out how the patchlevel is set. Is it incremented with each SA's patch, kernel or world, or only kernel or only world? Could anyone point me to some documentation by the FreeBSD project? I know this is the stable list, but I don't want to subscribe to one more list just for this question. The patch level is set in src/sys/conf/newvers.sh. I believe this means that it is only updated after rebuilding the kernel (see 'sysctl kern.version'). I have often applied patches from Security Advisories and rebuilt only what was necessary instead of world/kernel. With a userland vulnerability, this is often the most expedient and unintrusive method. However, the new patch level is not set this way so you have to document the update for yourself. On client machines I sometimes do the full world/kernel rebuild and schedule a reboot just to avoid questions about whether the machine is up-to-date. -- Jonathan Noack | [EMAIL PROTECTED] | OpenPGP: 0x991D8195 signature.asc Description: OpenPGP digital signature
Re: How is the patchlevel set?
Thanks guys. It seems src/sys/conf/newvers.sh is only triggered by a recompilation of the kernel, at least the lines i=`${MAKE:-make} -V KERN_IDENT` and char kern_ident[] = ${i}; make me believe that. I also try to cvsup my src and recompile the kernel and world in one go instead of only patching and recompiling the subsystem, since that bumps the patchlevel and keeps all synchronised. That's not possible in all scenarios, of course. Again thanks for the answers, but how did you find that out? Kind regards, lars. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How is the patchlevel set?
On 7/1/2005 11:36 AM, lars wrote: It seems src/sys/conf/newvers.sh is only triggered by a recompilation of the kernel, at least the lines i=`${MAKE:-make} -V KERN_IDENT` and char kern_ident[] = ${i}; make me believe that. I also try to cvsup my src and recompile the kernel and world in one go instead of only patching and recompiling the subsystem, since that bumps the patchlevel and keeps all synchronised. That's not possible in all scenarios, of course. Again thanks for the answers, but how did you find that out? I originally suspected as much based on experience. I got curious and noticed that newvers.sh was one of the files changed with every security update. From there it was code inspection... -- Jonathan Noack | [EMAIL PROTECTED] | OpenPGP: 0x991D8195 signature.asc Description: OpenPGP digital signature