.
i have several questions about updating NetBSD, so i'm writing them one by one.
i'm currently running NetBSD 9.0, the "Formal Release", the "major RELEASE".
what (i think) i want is this: from "Chapter 33. Updating an existing system from sources".
https://www.netbsd.org/docs/guide/en/chap-updating.html
"A common mechanism for upgrading a NetBSD system to a newer version is by rebuilding the system from sources and installing the results."
.
"In particular, if you are running a stable NetBSD release in a production environment, you are encouraged to perform this procedure regularly in order to incorporate any security fixes that have been applied to the branch since its release."
this is what i actually want.
i'm not talking about upgrading across major releases. i'm not talking about upgrading from NetBSD 8.0 to NetBSD 9.0. or: upgrading from NetBSD 9.0 to NetBSD 10.0. No.
--
(MY FIRST QUESTION IS,) what is/are the easiest, most simple list of terminal commands to update the operating system: (quote) "in order to incorporate any security fixes that have been applied". example: for Debian Linux it's: "apt update", "apt upgrade".
So, following the guide: https://www.netbsd.org/docs/guide/en/chap-updating.html
i ran: "sysbuild build".
the process took 6 hours. here's the output:
make release started at: Mon Jul 20 19:44:24 UTC 2020
make release finished at: Tue Jul 21 01:13:52 UTC 2020
===> Successful make release
===> build.sh ended: Tue Jul 21 01:13:52 UTC 2020
===> Summary of results:
build.sh command: ./build.sh -D/root/sysbuild/amd64/destdir -M/root/sysbuild/amd64/obj -N2 -R/root/sysbuild/release -T/root/sysbuild/amd64/tools -U -X/usr/xsrc -j2 -mamd64 -x release
build.sh started: Mon Jul 20 19:44:15 UTC 2020
NetBSD version: 9.0_STABLE
MACHINE: amd64
MACHINE_ARCH: x86_64
Build platform: NetBSD 9.0 amd64
HOST_SH: /bin/sh
No $TOOLDIR/bin/nbmake, needs building.
Bootstrapping nbmake
MAKECONF file: /etc/mk.conf (File not found)
TOOLDIR path: /root/sysbuild/amd64/tools
DESTDIR path: /root/sysbuild/amd64/destdir
RELEASEDIR path: /root/sysbuild/release
Created /root/sysbuild/amd64/tools/bin/nbmake
Updated makewrapper: /root/sysbuild/amd64/tools/bin/nbmake-amd64
Successful make release
build.sh ended: Tue Jul 21 01:13:52 UTC 2020
===> .
sysbuild: I: Command finished successfully
.
then, following the guide, i ran:
sysupgrade auto ~/sysbuild/release/$(uname -m)
sysupgrade auto
both of them failed. output:
.
sysupgrade: I: Starting auto-update with stages: fetch modules kernel sets etcupdate postinstall clean
sysupgrade: I: Linking local /root/sysbuild/release/amd64/binary/sets/base.tgz into /var/cache/sysupgrade
sysupgrade: E: Cannot open /root/sysbuild/release/amd64/binary/sets/base.tgz
--
(MY SECOND QUESTION IS,) what is causing these errors? and is just running "sysbuild build" is enough, and do i not need to run "sysupgrade" (in this case)? but the guide says so!
--
(MY THIRD QUESTION IS,) can someone please explain the difference between "sysbuild" and "sysupgrade" in 1-2 sentence (easy way)?
--
(MY FOURTH QUESTION IS,) is there not any kind of result report sheet, like: "you were running version/build "01" before, and now it has been updated to build/version "02". and these <a>, <b> and <c> security vulnerabilities has been fixed" ?
where do i get something like that?
--
(MY FIFTH QUESTION IS,) in Debian Linux, a simple "apt update", "apt upgrade" took couple of minutes only. is not there any faster method to achieve this in NetBSD? i have to run this 6 hours "sysbuild build" process again and again?
--
(MY SIXTH QUESTION IS,) it is written: (quote) "you are encouraged to perform this procedure regularly". well how much regularly? once in a month? twice in a month?
--
(MY SEVENTH QUESTION IS,) how do i know, by running a simple terminal command, that the NetBSD team has released a security update, and i better update soon? . or do i have to check out the following webpages for this purpose, say once weekly, and will that be enough?
https://mail-index.netbsd.org/security-announce/
https://mail-index.netbsd.org/netbsd-announce/
https://www.netbsd.org/support/security/advisory.html
https://www.netbsd.org/changes/
so just following these links on weekly basis is enough?
what i found out till now is, since the release of NetBSD 9.0, there's been only one single security announcement, titled: "Security Advisory 2020-002: Specific ICMPv6 error message packet can crash the system".
https://mail-index.netbsd.org/security-announce/2020/03/11/msg000139.html
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2020-002.txt.asc
and it is clearly mentioned: "NetBSD 9.0: not affected".
EDIT: UPDATE: also in the "NetBSD 9.0 Security Advisories" page:
https://www.netbsd.org/support/security/patches-9.0.html
"the list of advisories applicable to the NetBSD 9.0 release: None yet."
--
(MY EIGHTH QUESTION IS,) so although it is instructed in the guide: (quote) "you are encouraged to perform this procedure regularly"; but if i'm running NetBSD 9.0 (the "Formal Release") (the "major RELEASE"), and although it's been 6 months since NetBSD 9.0 released, as there's been no vulnerability announcement, so i do not need to perform any sysbuild-sysupgrade, right?
i want to know the easiest, most simple method.
THANK YOU, FOR TAKING THE TIME TO READ THIS LONG QUESTIONNAIRE.