I am looking for something like a pakfire option to force a core level.
For example I am running core 170 and the latest core is 181.
I would like to upgrade the system only to 179 to stay 2 versions behind.
I am asking because I schedule a half year update on some remote sites. This include driving, imaging and updating.
Because I have to manage the remote sites, it may be a desaster if I had to drive back for error fixing.
This is the security reason for my setup to stay some core numbers behind. Because I hope this are well tested versions to guarantee the quality of service in my setup.
I understand your strategy of staying a few core versions behind in your IPFire setup for increased security and stability. However, I’d like to address a critical point regarding updates when multiple versions behind: Pakfire upgrades each version sequentially. This increases the risk of software issues during the process.
For instance, upgrading from core 170 to 181 involves Pakfire sequentially processing each version in between. This procedure is automatic, moving from one version to the next. While you might be aware of this, I’m sharing it for the broader audience who might benefit from this information.
To update to a specific, slightly outdated core version, I think the following console commands could be used:
pakfire update
pakfire status # Outputs a summary about available core upgrades, updates and a required reboot
pakfire install -y core-upgrade-XXX
pakfire status
In this command, XXX should be replaced with the target core version number. The -y option facilitates a non-interactive installation.
exactly, that’s why I always mirror the current disk on a second hard disk before doing the update. It is too painful to fix the firewall if something goes wrong. I prefer to do the extra work and be able to downgrade just swapping the hard disk.
There are too many variables for decide a schedule to deliver updates. Sometimes a gamebreaking vulnerability appears, sometime the bugfix needs… more cooking time to be well done (pun intended).
The only thing I can suggest you is to wait at least two/three weeks before install any update, and to a manual install, not a scheduled one. You can download the file at release, but upload it manually only when you’re “done” about stability safety and issue-free release.