Опубликован: 06.08.2012 | Уровень: специалист | Доступ: платный
Лекция 32:

Updating the system software

< Лекция 31 || Лекция 32: 1234 || Лекция 33 >

Mergemaster, second time around

Before running mergemaster again, you should delete the contents of /var/tmp/temproot. Otherwise you might see something like:

*** The directory specified for the temporary root environment,
    /var/tmp/temproot, exists. This can be a security risk if untrusted
    users have access to the system.

mergemaster does not delete the old directories: you should do so yourself. If this file already exists, mergemaster ignores it and creates a new directory with a name like /var/tmp/temproot.0917.02.18.06. The numbers are a representation of the date and time of creation.

mergemaster doesn't make it easy to remove the /var/tmp/temproot directory. You may see:

# rm -rf /var/tmp/temproot
rm: /var/tmp/temproot/var/empty: Operation not permitted
rm: /var/tmp/temproot/var: Directory not empty
rm: /var/tmp/temproot: Directory not empty

The problem here is that the directory /var/empty has been set immutable. Change that with the chflags command and try again:

# find /var/tmp/temproot|xargs chflags noschg
# rm -rf /var/tmp/temproot

Run mergemaster in the same way as before, saving the output. If you haven't deleted the old /var/tmp/temproot directory, you might see:

mergemaster -ia 2>&1 | tee -a /var/tmp/merge
*** Creating the temporary root environment in /var/tmp/temproot.1102.15.01.14
 *** /var/tmp/temproot.1102.15.01.14 ready for use
 *** Creating and populating directory structure in /var/tmp/temproot.1102.15.01.14

set - `grep "^[a-zA-Z]" /usr/src/etc/locale.deprecated`; while [ $# -gt 0 ] ;
do for dir in /usr/share/locale /usr/share/nls /usr/local/share/nls;
do   test -d /var/tmp/temproot.1102.15.01.14/${dir} && cd /var/tmp/temproot.1102.15.01.14/${dir};
test -L "$2" && rm -rf "$2";
test -L && test -d && mv "$2";
done; shift; shift; done
mtree -deU -f /usr/src/etc/mtree/BSD.root.dist -p /var/tmp/temproot.1102.15.01.14/ 
./bin missing (created)
./boot missing (created)
./boot/defaults missing (created)
./boot/kernel missing (created)
./boot/modules missing (created)
./
...
install -o root -g wheel -m 644 /dev/null /var/tinp/temproot.1102.15.01.14/var/run/utmp
install -o root -g wheel -m 644 /usr/src/etc/minfree /var/tmp/temproot.1102.15.01.14/var/crash
cd /usr/src/etc/..;
install -o root -g wheel -m 444 COPYRIGHT /var/tmp/temproot.110 2.15.01.14/
cd /usr/src/etc/../share/man; make makedb
makewhatis /var/tmp/temproot.1102.15.01.14/usr/share/man
*** Beginning comparison

*** Temp ./etc/defaults/rc.conf and installed have the same CVS Id, deleting
*** Temp ./etc/defaults/pccard.conf and installed have the same CVS Id, deleting
   *** ./etc/defaults/periodic.conf will remain for your consideration 
*** Temp ./etc/gnats/freefall and installed have the same CVS Id, deleting
*** Temp ./etc/isdn/answer and installed have the same CVS Id, deleting
*** Temp ./etc/isdn/isdntel.sh and installed have the same CVS Id, deleting
...

*** Comparison complete

*** Files that remain for you to merge by hand:
/var/tmp/temproot.1102.15.01.14/etc/defaults/periodic.conf
/var/tmp/temproot.1102.15.01.14/etc/mail/freebsd.mc
/var/tmp/temproot.1102.15.01.14/etc/mail/freebsd.cf
/var/tmp/temproot.1102.15.01.14/etc/mail/sendmail.cf
/var/tmp/temproot.1102.15.01.14/etc/mail/freebsd.submit.cf
/var/tmp/temproot.1102.15.01.14/etc/mail/mailer.conf
/var/tmp/temproot.1102.15.01.14/etc/mtree/BSD.include.dist
/var/tmp/temproot.1102.15.01.14/etc/mtree/BSD.local.dist
/var/tmp/temproot.1102.15.01.14/etc/mtree/BSD.usr.dist
/var/tmp/temproot.1102.15.01.14/etc/mtree/BSD.var.dist
/var/tmp/temproot.1102.15.01.14/etc/pam.d/su
/var/tmp/temproot.1102.15.01.14/etc/periodic/security/100.chksetuid
/var/tmp/temproot.1102.15.01.14/etc/periodic/security/200.chkmounts
/var/tmp/temproot.1102.15.01.14/etc/periodic/security/500.ipfwdenied
/var/tmp/temproot.1102.15.01.14/etc/periodic/security/600.ip6fwdenied
/var/tmp/temproot.1102.15.01.14/etc/periodic/security/700.kernelmsg
/var/tmp/temproot.1102.15.01.14/etc/rc.d/local
/var/tmp/temproot.1102.15.01.14/etc/crontab
/var/tmp/temproot.1102.15.01.14/etc/inetd.conf
/var/tmp/temproot.1102.15.01.14/etc/motd
/var/tmp/temproot.1102.15.01.14/etc/syslog.conf

*** You chose the automatic install option for files that did not
    exist on your system. The following were installed for you:
      /etc/periodic/security/510.ipfdenied
      /etc/periodic/security/security.functions
      /etc/mac.conf

You're not done yet: there are 21 files above that need looking at. There's a good chance that you've never heard of some of them, let alone changed them. If you know for a fact that you have never changed them, for example if you have religiously kept track of your changes with RCS, you don't need to bother: mergemaster errs on the side of safety. You may have changed others, though. The most obvious one above is /etc/crontab, which contains system-wide commands to be executed by cron.To compare them, use diff:

$ diff -wu /etc/crontab /var/tmp/temproot.1102.15.01.14/etc/crontab
--- /var/tmp/crontab Sat Nov 2 16:27:02 2002
+++ /var/tmp/temproot.1102.15.01.14/etc/crontab Sat Nov 2 15:01:16 2002
@@ -1,6 +1,6 @@
 # /etc/crontab - root’s crontab for FreeBSD
 #
-# $FreeBSD: src/etc/crontab,v 1.21 1999/12/15 17:58:29 obrien Exp $
+# $FreeBSD: src/etc/crontab,v 1.31 2001/02/19 02:47:41 peter Exp $
 #
 SHELL=/bin/sh
 PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
@@ -10,19 +10,18 @@
 #
 */5   *   *   *   *   root       /usr/libexec/atrun
 #
+# save some entropy so that /dev/random can reseed on boot
+*/11  *   *   *   *   operator   /usr/libexec/save-entropy
+#
 # rotate log files every hour, if necessary
 0     *   *   *   *   root       newsyslog
 #
 # do daily/weekly/monthly maintenance
-59    1   *   *   *   root       periodic daily
-30    3   *   *   6   root       periodic weekly
+1     3   *   *   *   root       periodic daily
+15    4   *   *   6   root       periodic weekly
 30    5   1   *   *   root       periodic monthly
 #
 # time zone change adjustment for wall cmos clock,
-# does nothing if you have UTC cmos clock.
+# does nothing, if you have UTC cmos clock.
 # See adjkerntz(8) for details.
-#1,31 0-5 *   *   *   root       adjkerntz -a
+1,31  0-5 *   *   *   root       adjkerntz -a
-0,30  *   *   *   *   build      /home/build/build_farm/build_test 2>
/home/build/cron.err
-0     21  *   *   *   root       /usr/local/bin/cleanup
-0      7  *   *   *   grog       /home/grog/bin/update-FreeBSD-cvs
-1     *   *   *   *   root       (cd /usr/local/etc/postfix; make) 2
>/dev/null >/dev/null

The lines starting with - show lines only in the old file, which is still in /etc/crontab. The lines starting with + show lines only in the new file, which is in /var/tmp/temp-root.1102.15.01.14/etc/crontab. There are a number of changes here: the CVS ID ($FreeBSD$) has changed from 1.21 to 1.31, and the times of the periodic maintenance have changed. In the meantime, though, you have added other tasks (the bottom four lines), and you have also commented out the periodic invocation of adjkerntz.These are the changes you need to make to the new /etc/crontab before you install it.

There's a simpler possibility here, though: the only real change that would then be left in /etc/crontab is the change in the starting times for the daily and weekly housekeeping. Does that matter? If you want, you don't need to change anything: the old/etc/crontab is fine the way it is.

There's a whole list of files that you're likely to change from the defaults. Here are some more likely candidates:

  • You may find it necessary to change /etc/syslog.conf. If so, you may have to merge by hand, but it shouldn't be too difficult.
  • You will almost certainly change /etc/ftab. About the only reason why you might need to merge changes would be if the file format changes, which it hasn't done for over 20 years.
  • /etc/motd contains the login greeting. There's never a reason to take the new version.
  • /etc/inetd.conf can be a problem: as new services are introduced, it changes. At the same time, you may have added services via ports, or enabled services in the manner we will see on page 448. You definitely need to merge this one yourself.
  • If you're using postfix, don't install the distribution version of /etc/mail/mailer.conf. It will reenable sendmail, which can cause significant problems.
  • If you have changed anything in /etc/sysctl.conf, you'll need to move the changes to the new file.

< Лекция 31 || Лекция 32: 1234 || Лекция 33 >
Анатолий Федоров
Анатолий Федоров
Россия, Москва, Московский государственный университет им. М. В. Ломоносова, 1989