Freebsd – How to tell if a freebsd jail is up to date

Yeah, CD/DVD has all sources of FreeBSD and you don't need to download them all from internet.

Insert FreeBSD CD, run sysinstall go to configure -> Distributions -> check src

Then use instruction from FreeBSD handbook.

PS. for minor upgrades I use this script

#!/bin/sh

# Shell setup
set -x
set -u
set -e

# Variables
KERNCONF=PH34R.9
KERNCONF_STR="KERNCONF=${KERNCONF}"
MAKE_ARGS="-j5"
MAKE_CMD="make"
MAKE="$MAKE_CMD ${MAKE_ARGS}"

# Preparation
rm -rf /usr/obj/usr/src/sys/${KERNCONF}
${MAKE} clean
${MAKE} kernel-toolchain

# Build and Install
${MAKE} buildkernel ${KERNCONF_STR}
${MAKE} buildworld 
rm -f /boot/kernel/*.symbols
${MAKE} installkernel ${KERNCONF_STR}
${MAKE} installworld

# Merge configs
mergemaster -iFU

I have never been fully satisfied with the ports system in a large environment -- It always seems like you need to apply some external management to it in order to make it work well.

My best tips (in order of ascending preference, "worst" solution to "best" solution):

If you're building on each host, don't.
If you must, don't do it over NFS with read-write mounts like you describe: You can usually trust the ports to Do The Right Thing and not stomp on the ports tree if you provide alternate work directories, but it's always better to be safe than sorry: Run a local CVS/csup mirror and csup all your hosts from that box, then build locally as you would if they were individual machines.
Yes, I know this means having more disk space on the hosts and an extra step. It's also almost guaranteed to be problem-free.
Caveat: You probably want to sync the package configuration files (rsync or similar) from a designated "configuration host" to ensure consistency on each machine (you can even rsync the whole ports tree if you want, rather than using csup on each node).

Use a Build Host, create packages, and install those.
A much better solution than building on each individual machine: Use a build host to create packages, and point your tools at those packages.
This means keeping a build host around for every architecture you run (or cross-compiling), but it's ultimately nicer for your target machines (no large compile jobs, a guarantee of consistency)

Use a configuration/system management tool.
This is the solution I wound up with -- I build a standard server image and deploy it around my environment using radmind. You can do similar things with Puppet or Chef. This has all the advantages of using a build host (consistency, less load on the individual servers), and adds the benefit of configuration management.

Caveat: This only works really well if your machines are "identical" -- That is you can install the same set of ports on all of them. It can work if you have varying sets of ports, but that substantially increases the administrative overhead.

Disclaimer: I'm the port maintainer for sysutils/radmind. Yeah, I like it that much that I adopted it.

All of this is based on my experience managing various-sized FreeBSD environments (ranging from 1-2 machines to over 100). Configuration/System Management tools that push and maintain a standardized image are really the best way to handle this in my experience.