mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-14 22:32:30 +01:00
f28f138905
Updated freebsd-update to allow it to create boot environments using
bectl should the system support it. The bectl utility was updated in
r352211 (490e13c140
) to support a 'check' to determine if the system
supports boot environments. If UFS is used, the bectl check will fail
then no attempt will be made to create the boot environment.
If freebsd-update is run inside a jail, no attempt will be made to
create a boot environment.
The boot environment function will create a new environment using the
format: current FreeBSD kernel version and date/timestamp, example:
12.0-RELEASE-p10_2019-10-03_185233
This functionality can be disabled by setting 'CreateBootEnv' in
freebsd-update.conf to 'no'.
Discussed with: allanjude
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21892
80 lines
2.8 KiB
Plaintext
80 lines
2.8 KiB
Plaintext
# $FreeBSD$
|
|
|
|
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
|
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
|
# change it and explaining why.
|
|
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
|
|
|
|
# Server or server pool from which to fetch updates. You can change
|
|
# this to point at a specific server if you want, but in most cases
|
|
# using a "nearby" server won't provide a measurable improvement in
|
|
# performance.
|
|
ServerName update.FreeBSD.org
|
|
|
|
# Components of the base system which should be kept updated.
|
|
Components src world kernel
|
|
|
|
# Example for updating the userland and the kernel source code only:
|
|
# Components src/base src/sys world
|
|
|
|
# Paths which start with anything matching an entry in an IgnorePaths
|
|
# statement will be ignored.
|
|
IgnorePaths
|
|
|
|
# Paths which start with anything matching an entry in an IDSIgnorePaths
|
|
# statement will be ignored by "freebsd-update IDS".
|
|
IDSIgnorePaths /usr/share/man/cat
|
|
IDSIgnorePaths /usr/share/man/whatis
|
|
IDSIgnorePaths /var/db/locate.database
|
|
IDSIgnorePaths /var/log
|
|
|
|
# Paths which start with anything matching an entry in an UpdateIfUnmodified
|
|
# statement will only be updated if the contents of the file have not been
|
|
# modified by the user (unless changes are merged; see below).
|
|
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
|
|
|
|
# When upgrading to a new FreeBSD release, files which match MergeChanges
|
|
# will have any local changes merged into the version from the new release.
|
|
MergeChanges /etc/ /boot/device.hints
|
|
|
|
### Default configuration options:
|
|
|
|
# Directory in which to store downloaded updates and temporary
|
|
# files used by FreeBSD Update.
|
|
# WorkDir /var/db/freebsd-update
|
|
|
|
# Destination to send output of "freebsd-update cron" if an error
|
|
# occurs or updates have been downloaded.
|
|
# MailTo root
|
|
|
|
# Is FreeBSD Update allowed to create new files?
|
|
# AllowAdd yes
|
|
|
|
# Is FreeBSD Update allowed to delete files?
|
|
# AllowDelete yes
|
|
|
|
# If the user has modified file ownership, permissions, or flags, should
|
|
# FreeBSD Update retain this modified metadata when installing a new version
|
|
# of that file?
|
|
# KeepModifiedMetadata yes
|
|
|
|
# When upgrading between releases, should the list of Components be
|
|
# read strictly (StrictComponents yes) or merely as a list of components
|
|
# which *might* be installed of which FreeBSD Update should figure out
|
|
# which actually are installed and upgrade those (StrictComponents no)?
|
|
# StrictComponents no
|
|
|
|
# When installing a new kernel perform a backup of the old one first
|
|
# so it is possible to boot the old kernel in case of problems.
|
|
# BackupKernel yes
|
|
|
|
# If BackupKernel is enabled, the backup kernel is saved to this
|
|
# directory.
|
|
# BackupKernelDir /boot/kernel.old
|
|
|
|
# When backing up a kernel also back up debug symbol files?
|
|
# BackupKernelSymbolFiles no
|
|
|
|
# Create a new boot environment when installing patches
|
|
# CreateBootEnv yes
|