[CDBUG-talk] DISABLE_VULNERABILITIES=yes

Patrick Muldoon doon at inoc.net
Sat Jan 16 11:49:27 EST 2016


Are you rebuilding all of the ports after an upgrade with something like portupgrade or portmaster?  Just updating the ports tree with portsnap just upgrades the files it doesn't rebuild / upgrade the installed ports.  I think what is happening is that you have a port installed that is vulnerble and that is what is causing the Build to fail.  

-----------------
Patrick Muldoon

Typed with my thumbs on a mobile device please excuse any errors. 

> On Jan 16, 2016, at 11:27 AM, freebsd at fongaboo.com wrote:
> 
> 
> Yeah I think my question is as much about jails as it is about ports. Half my problem is just that vulnerabilities are still being detected when trying to build a port within the jail, after I had updated ports on the host.
> 
> From https://www.freebsd.org/doc/handbook/jails-ezjail.html:
> 
>> 14.6.4.2. Updating Ports
>> The ports tree in the basejail is shared by the other jails. Updating that copy of the ports tree gives the other jails the updated version also.
>> The basejail ports tree is updated with portsnap(8):
>> # ezjail-admin update -P
> 
> 
> I haven't tried this quite yet, but am I gathering that this command is my solution? Updating the host's ports isn't enough?
> 
> 
> On Wed, 13 Jan 2016, Patrick Muldoon wrote:
> 
>>> On Jan 13, 2016, at 6:49 AM, Jaime <jaime at snowmoon.com> wrote:
>>> 
>>> Patrick, I get daily emails about the security status of installed ports without those from jobs you mentioned.  I think that it is built into the daily and weekly cronjobs.  Or maybe I configured it with periodic.conf.
>> 
>> Yeah Forgot that vulnerabilities are listed in the security email.  but by default it doesn't show packages that are updated,  so the portsnap fetch / pkg dance will email you daily which of your ports are out of date ...
>> 
>> 
>>> I agree with your assessment, though.  It is probably a port dependency.
>>> 
>>> I also agree with the idea of putting freebsd-update into cron.  Between that step and VM snapshots, I've found FreeBSD to be a dream come true (again) for OS updates.  What I used to do once every 6-18 months out of fear of breaking a critical system has become a monthly task that takes a few minutes to complete. It's great!
>> Yeah it is pretty awesome :)
>> 
>> 
>> 
>> --
>> Patrick Muldoon
>> Network/Software Engineer
>> INOC (http://www.inoc.net)
>> 
>> Hardware: The parts of a computer system that can be kicked.
>> 
>> 



More information about the CDBUG-talk mailing list