Updating a stable NetBSD release
- Tracking -current
- Updating the sources
- Building the tools
- Building a new kernel
- Building a new userland
- Installing the kernel and userland
- Updating only parts of the source tree
- Terse summary of an updating procedure
Tracking -current
See this document for our documentation on how to track NetBSD-current.
Updating the sources
If you are running a stable NetBSD release (such as NetBSD 6.1), in a production environment, you should occasionally update your sources and rebuild the system or the kernel, in order to incorporate any security fixes that have been applied to the branch since its release.
Most of the following steps can be done as ordinary user.
Only the installation of a new kernel and the userland will require
root privileges.
Although /usr is choosen as the working
directory in the following examples, the procedure can also
take place in a user's home directory. Ordinary users have normally not
the permissions to make changes in /usr,
but this can be changed by root.
You can retrieve or update the sources for your release using anoncvs over ssh by specifying the correct branch tag. For example, to checkout the sources for the NetBSD 6.1 release branch, you would use:
$ cd /usr $ export CVS_RSH=ssh $ cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot co -r netbsd-6-1 -P src
Note
Be sure to take care in selecting the correct and desired branch tag so you don't accidently downgrade your source tree.To update an existing source tree, do:
$ cd /usr/src $ export CVS_RSH=ssh $ cvs update -dP
Building the tools
Note
Please always refer tobuild.sh -h and the
files UPDATING and
BUILDING for details - it's worth
it, there are many options that can
be set on the command line or in
/etc/mk.conf.
The next step is to build the toolchain. You need to
create an obj/ and a tools/
directory, followed by a run of build.sh:
$ mkdir /usr/obj /usr/tools $ cd /usr/src $ ./build.sh -O /usr/obj -T /usr/tools -U -u tools
Building a new kernel
Building a new kernel pretty much follows the steps as described in this document.
The steps to build the kernel are:
$ cd /usr/src $ ./build.sh -O ../obj -T ../tools -U kernel=<KERNEL>
Building a new userland
The build the userland, do:
$ ./build.sh -O ../obj -T ../tools -U distribution
Installing the kernel and userland
Installing the new kernel, rebooting (to ensure that the new kernel works) and installing the new userland are the final steps of the updating procedure:
$ cd /usr/src $ su # mv /netbsd /netbsd.old # mv /usr/obj/sys/arch/<ARCH>/compile/<KERNEL>/netbsd / # shutdown -r now ... $ cd /usr/src $ su # ./build.sh -O ../obj -T ../tools -U install=/
If the new kernel netbsd does not boot
successfully, you can fall back on booting the
netbsd.old kernel.
Updating only parts of the source tree
If a security advisory has been issued, and you want to just rebuild the necessary libraries and applications, your best bet is to follow the instructions provided in the advisory. An example is given below:
$ cd src $ export CVS_RSH=ssh cvs update -d -P -r netbsd-6-1 $ cd libexec/httpd $ make USETOOLS=no cleandir dependall $ su # make USETOOLS=no install
Terse summary of an updating procedure
-
Updating the sources:
$ cd /usr/src $ export CVS_RSH=ssh $ cvs update -dP
-
Building the new kernel and userland:
$ cd /usr/src $ ./build.sh -O ../obj -T ../tools tools $ ./build.sh -O ../obj -T ../tools kernel=<KERNEL> $ ./build.sh -O ../obj -T ../tools -U distribution
-
Installing the new kernel and userland:
$ su # mv /netbsd /netbsd.old # mv /usr/obj/sys/arch/<ARCH>/compile/<KERNEL>/netbsd / # shutdown -r now ... $ cd /usr/src $ su # ./build.sh -O ../obj -T ../tools -U install=/