Bug 137514 - freebsd-update(8) doesn't update the system under some circumstances
Summary: freebsd-update(8) doesn't update the system under some circumstances
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 7.0-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-07 10:40 UTC by vedad
Modified: 2019-03-12 23:00 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description vedad 2009-08-07 10:40:02 UTC
Hello,

freebsd-update is unable to update my system and my jails.

ns1.******.net is my name server jail. It is vulnerable to the bind DOS discovered in july 2009, but freebsd-update doesn't upgrade it:

[root@ns1 /]$ freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 7.0-RELEASE-p12.

WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Fri May  1 02:00:00 CEST 2009
will not have been corrected.


BUT, when cloning the jail, freebsd-update works on the clone:

[root@kenny jails]$ /etc/rc.d/jail stop ns1
[root@kenny jails]$ rsync -a -A -X -x -P ns1/ ns1ghost

I've then duplicated jail's entry in host's /etc/rc.conf, duplicated the fstab file and changed named's listen ip adress, and finally started the clone:

[root@kenny jails]$ /etc/rc.d/jail start ns1ghost
[root@kenny jails]$ jexec 17 /usr/local/bin/bash -l
[root@ns1ghost /]$ freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.0-RELEASE from update5.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 7.0-RELEASE-p12:
/usr/sbin/named
/usr/sbin/named-compilezone

WARNING: FreeBSD 7.0-RELEASE-p7 HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Fri May  1 02:00:00 CEST 2009
will not have been corrected.


I have no idea why this works on the clone and not the original jail.

diff -r shows totally identical systems.

Restarting the original jail doesn't help either.

Therefore I guess it is somehow related to file timestamps.

Thanks,
Best regards

How-To-Repeat: Always reproduceable on my server. ns1 never patches, ns1ghost always patches.
Comment 1 Remko Lodder freebsd_committer 2009-08-07 20:04:04 UTC
State Changed
From-To: open->closed

Probably the jail has no metadata about the upgrade yet and fetches the 
very latest information available. The 7.0 version is no longer 
supported so it's not that weird that no new updates are being pushed.
Comment 2 vedad 2009-08-10 11:20:17 UTC
Hi,

I'm afraid you did not read my report carefully.
When I duplicate the jail (cp or Rsync), it does patch to 7.0-RELEASE-p12.
But the original jail does not, probably due to some file timestamp 
related problem.


Best regards,
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2009-08-10 16:45:39 UTC
State Changed
From-To: closed->open

Apparently this is still a problem.
Comment 4 Remko Lodder freebsd_committer 2009-08-11 07:09:29 UTC
Responsible Changed
From-To: freebsd-bugs->cperciva

Over to the author
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:45:33 UTC
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 6 Colin Percival freebsd_committer 2019-03-12 23:00:00 UTC
Drop freebsd-update PRs which were assigned to me.  I'm not working on this code any more.