Wednesday, November 21, 2007

Updating FreeBSD 7.0-BETA2 to 7.0-BETA3

Recently I posted FreeBSD Binary Upgrade News about developments with Colin Percival's FreeBSD Update tool. Today I performed a remote (via SSH) upgrade from FreeBSD 7.0-BETA2 to FreeBSD 7.0-BETA3 using FreeBSD Update. I document cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process below so you can see how easy it is and for my future reference.

Here is uname output to show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS version prior to upgrading.

# uname -a
FreeBSD myhost.mydomain.com 7.0-BETA2 FreeBSD 7.0-BETA2 #0:
Fri Nov 2 16:47:33 UTC 2007
root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

I wasn't sure if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 version of FreeBSD Update packaged with FreeBSD 7.0-BETA2 would natively support this process, so I gave it a try.

# freebsd-update -r 7.0-BETA3 upgrade
usage: freebsd-update [options] command ... [path]

Options:
-b basedir -- Operate on a system mounted at basedir
(default: /)
-d workdir -- Store working files in workdir
(default: /var/db/freebsd-update/)
-f conffile -- Read configuration options from conffile
(default: /etc/freebsd-update.conf)
-k KEY -- Trust an RSA key with SHA256 hash of KEY
-s server -- Server from which to fetch updates
(default: update.FreeBSD.org)
-t address -- Mail output of cron command, if any, to address
(default: root)
Commands:
fetch -- Fetch updates from server
cron -- Sleep rand(3600) seconds, fetch updates, and send an
email if updates were found
install -- Install downloaded updates
rollback -- Uninstall most recently installed updates

Ok, that didn't work. Time to retrieve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new version from Colin's site.

# fetch http://www.daemonology.net/freebsd-update/freebsd-update-upgrade.tgz
freebsd-update-upgrade.tgz 100% of 21 kB 104 kBps
# fetch http://www.daemonology.net/freebsd-update/freebsd-update-upgrade.tgz.asc
freebsd-update-upgrade.tgz.asc 100% of 187 B 640 kBps

I decided to follow Colin's advice to check cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 signature of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 upgrade file. To do that I needed to install GnuPG.

# pkg_add -r gnupg
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/Latest/gnupg.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/openldap-client-2.3.39.tbz... Done.

************************************************************

The OpenLDAP client package has been successfully installed.

Edit
/usr/local/etc/openldap/ldap.conf
to change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system-wide client defaults.

Try `man ldap.conf' and visit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenLDAP FAQ-O-Matic at
http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.

************************************************************

Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/curl-7.16.3.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/pth-2.0.7.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/libiconv-1.11_1.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/gettext-0.16.1_3.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/libgpg-error-1.5.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/libgcrypt-1.2.4_1.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/libksba-1.0.1_1.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-current/All/dirmngr-0.9.7_2.tbz... Done.

###############################################################################
A T T E N T I O N

In order to use gpg-agent, you need to install a pinentry dialog.

The following ports of pinentry dialogs are available:

security/pinentry-curses (ncurses based dialog)
security/pinentry-gtk (GTK 1.2 based dialog)
security/pinentry-gtk2 (GTK 2.x based dialog)
security/pinentry-qt (QT based dialog)

###############################################################################

Wow, that installed more dependencies than I expected. Here I import cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PGP keys from FreeBSD,org.

# rehash
# fetch http://www.freebsd.org/doc/pgpkeyring.txt
pgpkeyring.txt 100% of 1406 kB 142 kBps 00m00s
# gpg --import pgpkeyring.txt
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key CA6CDFB2: public key "FreeBSD Security Officer " imported
gpg: key FF8AE305: public key "core-secretary@FreeBSD.org" imported
...edited...
gpg: key D069F2A0: duplicated user ID detected - merged
gpg: key D069F2A0: public key "Thomas Abthorpe " imported
gpg: Total number processed: 262
gpg: w/o user IDs: 1
gpg: imported: 261 (RSA: 36)
gpg: no ultimately trusted keys found

With cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 keys imported I verify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file I downloaded.

# gpg --verify freebsd-update-upgrade.tgz.asc freebsd-update-upgrade.tgz
gpg: Signature made Fri Nov 16 09:01:38 2007 EST using DSA key ID CA6CDFB2
gpg: Good signature from "FreeBSD Security Officer "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 signature belongs to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 owner.
Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C DFB2

Note I need to generate my own key and sign cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD Security Officer's key with my generated key if I want to avoid GPG's warnings, i.e.:

gpg --gen-key
gpg --sign-key security-officer@FreeBSD.org

Now I am ready to proceed with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 upgrade.

# tar -xf freebsd-update-upgrade.tgz
# sh freebsd-update.sh -f freebsd-update.conf -r 7.0-BETA3 upgrade
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching public key from update1.FreeBSD.org... done.
Fetching metadata signature for 7.0-BETA2 from update1.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic src/base src/bin src/cddl src/contrib src/crypto src/etc
src/games src/gnu src/include src/krb5 src/lib src/libexec src/release
src/rescue src/sbin src/secure src/share src/sys src/tools src/ubin
src/usbin world/base world/dict world/doc world/games world/info
world/manpages world/proflibs

The following components of FreeBSD do not seem to be installed:
src/compat world/catpages

Does this look reasonable (y/n)? y

Fetching metadata signature for 7.0-BETA3 from update1.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files...
Inspecting system... done.
Preparing to download files... done.
Fetching 1289 patches.....10....20....30....40....50....60....70....80....90....
...edited...
Applying patches... done.
Fetching 329 files... done.

The following files will be removed as part of updating to 7.0-BETA3-p0:
/etc/pf.conf
/usr/share/doc/es_ES.ISO8859-1/books/handbook/LEGALNOTICE.html
/usr/share/doc/fr_FR.ISO8859-1/books/handbook/x20872.html
/usr/share/doc/fr_FR.ISO8859-1/books/handbook/x20918.html
/usr/share/doc/fr_FR.ISO8859-1/books/handbook/x21123.html
/usr/share/examples/etc/pf.conf
/usr/src/etc/pf.conf

The following files will be added as part of updating to 7.0-BETA3-p0:
/boot/kernel/if_zyd.ko
/boot/kernel/if_zyd.ko.symbols
...edited...
/usr/share/examples/pf/pf.conf
/usr/src/share/examples/pf/pf.conf

The following files will be updated as part of updating to 7.0-BETA3-p0:
/bin/ps
/boot/kernel/3dfx.ko
...edited...
/usr/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c
/var/named/etc/namedb/named.root

# sh freebsd-update.sh -f freebsd-update.conf install
Installing updates...
Kernel updates have been installed. Please reboot and run
"freebsd-update.sh install" again to finish installing updates.
# shutdown -r now

After a reboot I run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following.

# sh freebsd-update.sh -f freebsd-update.conf install
Installing updates... done.
# shutdown -r now

After a second reboot cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system is completely upgraded.

$ uname -a
FreeBSD myhost.mydomain.com 7.0-BETA3 FreeBSD 7.0-BETA3 #0:
Fri Nov 16 22:20:33 UTC 2007
root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

That's excellent. The whole process took only a few minutes.

5 comments:

Anonymous said...

Thanks for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 howto.

Anonymous said...

Nice references :-)

Anonymous said...

One problem I see with this process: You're downloading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PGP keys from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD web server, and -- just like with downloading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script from my web server -- what you get might or might not be what's actually on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server.

A far better option, since I see that you have FreeBSD documentation installed on your system, is to import cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PGP keys which are already on your system, stored in
/usr/share/doc/en/books/handbook/pgpkeys.html
since any attacker who could have tampered with that file when you originally installed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system could have trojaned anything on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 box.

Richard Bejtlich said...

Colin,

You are so right. Thanks for pointing that out.

Richard Bejtlich said...

http://www.linuxquestions.org/questions/bsd-17/upgrade-from-6.2-to-6.3-fetching-failed-622277/?s=be998df6d6206ab8e533a9d35cf4a712

mv /usr/libexec/phttpget /usr/libexec/phttpget-original
cat >> /usr/libexec/phttpget
#!/bin/sh

SERVER=$1
shift
for x in "$@"; do
fetch "http://${SERVER}/${x}"
done
^C
chmod 755 /usr/libexec/phttpget