> When one recives the
> FreeBSD Errata Notice or
> FreeBSD Security Advisory
> The instruction is to do:
> # freebsd-update fetch
> # freebsd-update install
> From earlier discussions on this list about the -px number not changing,
> I usually rebuild and install the kernel.
> My question is:
> Do I need to reboot after # freebsd-update install or can I rebuild and
> install the kernel before the reboot?
freebsd-update will fetch any updates to /usr/src, so any time after
you've done 'freebsd-update install' you can build and install a new
kernel with all the security patches applied.
Given that you are only applying security updates within one release
branch and you are using a kernel configuration that has been well
tested, you should be fine to just install the new kernel before
rebooting at the end of your update procedure.
However, if you're going to be doing anything more ambitious (switching
RELEASE version, modifying the kernel config non-trivially), then you
should adopt a more cautious approach. You need to make sure you've got
a world+kernel combination that still works after freebsd-update has
applied all its changes to the system before you try booting to your
customised kernel. In the case of major version upgrades, use the
default kernels that freebsd-update supplies during the actual upgrade
so you can be assured that you have a working combination (working in
the sense that you can log in and build/install a new kernel; if you
need a custom kernel to support some odd bits of hardware then those
temporarily won't work). Once you've got the system up and running
after updating, then go ahead and build and install your new kernel.
Should it fail to boot properly, you will be able to back-out to the
previous known-working kernel.