# Recommended way(s) to migrate from -STABLE to -RELEASE-pN?



## jef (Mar 26, 2015)

I've been running -STABLE on a machine with a dozen or so jails, and would like to migrate from build-you-own -STABLE to -RELEASE so that I can use freebsd-update(8) to manage security patches in a simpler and more robust way. The jails are all fully-populated ZFS filesystems. For a variety of reasons I'm not using sysutils/ezjail or the like.

Is there a recommended way to do this?

So far my thinking is that I can't just un-tar the *.txz distributions as it will overwrite the configuration already done on the host, as well as in each of the jails. This leaves me with the not-so-exciting path of:

Build -RELEASE locally
For the host and each jail
`make installworld`

`mergemaster`
`make delete-old`
`make delete-old-libs`

Bring the host and jails back up again
First, will installing -RELEASE that has been locally built allow freebsd-update(8) to be used?

Second, is there an easier approach?

TIA!


----------



## getopt (Mar 27, 2015)

I'd prefer `mergemaster -Ui` 

Isn't that easy enough?


----------



## jef (Mar 28, 2015)

`mergemaster -Ui` certainly can make _one _of those steps a little easier, but it doesn't address the complete overwrite of all OS files every time there is an incremental change to the system. I'd prefer to keep my ZFS snapshots smaller, especially on the machines that are running off 16 GB drives. I'm also not a huge fan of command options that are called out as _This option can be dangerous when there are critical changes in the new versions that affect your running system.
_
In any event, installing self-build -RELEASE will allow the use of freebsd-update(8) to at least patch the system.

This doesn't surprise me greatly as ports/poudriere-devel uses freebsd-update(8) after tricking it to believe that the system in a jail is not what uname(1) would ordinarily report based on the running (host) kernel (see ENVIRONMENT).

Further, as you might also expect, the "IDS" feature is reasonably useless as virtually all the hashes are different between the "official" RELEASE files and those locally compiled.


----------

