# Quick Question About Base Install



## Fatman (May 8, 2009)

Hi everyone,

I have a question regarding staying current in a production environment. I'm trying to build and keep a webserver uptodate using freebsd 7.2.

Here's the process i've been following:

Subscibe to http://lists.freebsd.org/mailman/listinfo/freebsd-announce

Install using minimum config + add man pages from cd.

Copy standard/ports cvsup files.


```
#cp /usr/share/examples/cvsup/standard-supfile /
#cp /usr/share/examples/cvsup/ports-supfile /
```
Edit the files and to change the CVSUP to an available server.

Csup using each files.

```
#csup -L 2 /standard-supfile
#csup -L 2 /ports-supfile
```

Build world

```
#cd /usr/src
#make buildworld
```

Create custom kernel:

```
#cp /usr/src/sys/i386/conf/Generic /usr/src/sys/i386/conf/www
#ee /usr/src/sys/i386/conf/www
```

Build and install kernel

```
#make buildkernel KERNCONF=www
#make installkernel KERNCONF=www
```

reboot
Boot into single user mode


```
#mergemaster -p
#cd /usr/src/
#make installworld
#mergemaster
#reboot
```

Followed by:


```
#pkgdb -F
#portsdb -Uu
#portaudit -Fda
#portversion -l '<'
```

I then read both /usr/src/UPDATING and /usr/ports/UPDATING

Once I think everything is fine, I run portupgrade -arR and prey a little.  

If it's a production build, I obviously test this on an identical setup prior to executing it on the live unit.

So back to my question, I have just installed a new system using the 7.2-RELEASE-i386-disc1.iso selecting minimum + man.

If i'm not creating a custom kernel, Is it safe to follow this process?


```
#portsnap fetch
#portsnap extract
#portsnap update

#freebsd-update fetch
#freebsd-update install
```

Check for vulnerable ports:

```
#portaudit -Fda
```

Update vulnerable port:

```
portmaster -dB [port path]
```

Check my emails for updates on FreeBSD.

I'm a little scared.... fresh install with 7.2 and running freebsd-update said there is no updates available?

Thanks,

Fatman


----------



## SirDice (May 8, 2009)

Sounds about right. If you use the csup method make sure you track the RELENG_7_2 (for 7.2-RELEASE) so you'll stay on the RELEASE track (with just the security patches). RELENG_7 will change way too much for a production server. It's also customary to use all capitals in the name of the kernel config.

One note, before upgrading any port, read /usr/ports/UPDATING. It may contain notes on possible problems you might run into.


----------



## Fatman (May 8, 2009)

Thanks..

How do I know if I'm tracking the release version with portsnap and freebsd update?


----------



## DutchDaemon (May 8, 2009)

Portsnap (in general: the ports tree) is the same across all FreeBSD versions, so a [cmd=]portsnap fetch[/cmd] will get you the same ports tree anywhere. See portsnap(8), portsnap.conf(5) (can be left alone), and ports(7).

Freebsd-update determines which version of FreeBSD it's running on, and it will update within that version (so, within 7.1, for example), unless you instruct it to do otherwise (like upgrade from 7.1 to 7.2, or from 6.4 to 7.2). See the -r flag in freebsd-update(8). Also see freebsd-update.conf(5) (can be left alone).


----------

