Date: 23 Mar 2003 04:02:05 -0000 From: Colin Percival <cperciva@www.idlepower.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/50202: New port: Binary security update tool Message-ID: <20030323040205.30424.qmail@www.idlepower.net>
next in thread | raw e-mail | index | archive | help
>Number: 50202 >Category: ports >Synopsis: New port: Binary security update tool >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Mar 22 20:10:09 PST 2003 >Closed-Date: >Last-Modified: >Originator: Colin Percival >Release: FreeBSD 4.7-RELEASE i386 >Organization: >Environment: >Description: FreeBSD Update is a system for automatically building and applying binary security updates. This port contains the client client portion of the code; ie, everything users need to track release branches without needing the complete source tree or recompiling. A sample configuration file is included which fetches updates built by the author; at present this is only for 4.7-RELEASE, but it will include 4.8-RELEASE after it comes out. >How-To-Repeat: >Fix: --- freebsd-update.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # /usr/local/freebsd-update/client.port/ # /usr/local/freebsd-update/client.port/Makefile # /usr/local/freebsd-update/client.port/distinfo # /usr/local/freebsd-update/client.port/pkg-descr # /usr/local/freebsd-update/client.port/pkg-plist # /usr/local/freebsd-update/client.port/files # /usr/local/freebsd-update/client.port/files/freebsd-update # /usr/local/freebsd-update/client.port/files/patch-aa-rmverify # /usr/local/freebsd-update/client.port/pkg-message # echo c - /usr/local/freebsd-update/client.port/ mkdir -p /usr/local/freebsd-update/client.port/ > /dev/null 2>&1 echo x - /usr/local/freebsd-update/client.port/Makefile sed 's/^X//' >/usr/local/freebsd-update/client.port/Makefile << 'END-of-/usr/local/freebsd-update/client.port/Makefile' X# New ports collection makefile for: FreeBSD Update Client X# Date created: 21 March 2003 X# Whom: cperciva@daemonology.net X# X# $FreeBSD$ X# X XPORTNAME= freebsd-update XPORTVERSION= 1.2 XCATEGORIES= security XMASTER_SITES= http://www.daemonology.net/freebsd-update/ XDISTNAME= freebsd-update-client-1_2 X XMAINTAINER= cperciva@daemonology.net XCOMMENT= Fetches and installs binary updates to FreeBSD. X XNO_WRKSUBDIR= yes XALL_TARGET= verify X Xpost-extract: X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/freebsd-update \ X > ${WRKSRC}/freebsd-update X Xdo-install: X @${MKDIR} ${PREFIX}/freebsd-update X ${INSTALL_SCRIPT} ${WRKSRC}/freebsd-update ${PREFIX}/sbin X ${INSTALL_PROGRAM} ${WRKSRC}/verify ${PREFIX}/freebsd-update X ${INSTALL_DATA} ${WRKSRC}/Makefile ${PREFIX}/freebsd-update X ${INSTALL_DATA} ${WRKSRC}/CHANGELOG ${PREFIX}/freebsd-update X ${INSTALL_DATA} ${WRKSRC}/LICENSE ${PREFIX}/freebsd-update X ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/freebsd-update X ${INSTALL_DATA} ${WRKSRC}/VERSION ${PREFIX}/freebsd-update X ${INSTALL_DATA} ${WRKSRC}/update.conf \ X ${PREFIX}/freebsd-update/update.conf.sample X Xpost-install: X @${CAT} ${PKGDIR}/pkg-message X X.include <bsd.port.mk> END-of-/usr/local/freebsd-update/client.port/Makefile echo x - /usr/local/freebsd-update/client.port/distinfo sed 's/^X//' >/usr/local/freebsd-update/client.port/distinfo << 'END-of-/usr/local/freebsd-update/client.port/distinfo' XMD5 (freebsd-update-client-1_2.tar.gz) = 12f69c9d0a2bf1f5278e49f0a4821aa7 END-of-/usr/local/freebsd-update/client.port/distinfo echo x - /usr/local/freebsd-update/client.port/pkg-descr sed 's/^X//' >/usr/local/freebsd-update/client.port/pkg-descr << 'END-of-/usr/local/freebsd-update/client.port/pkg-descr' XThis is the client half of the FreeBSD Update system; it fetches and Xapplies binary security updates. X XWWW: http://www.daemonology.net/freebsd-update/ X X- Colin Percival Xcperciva@daemonology.net END-of-/usr/local/freebsd-update/client.port/pkg-descr echo x - /usr/local/freebsd-update/client.port/pkg-plist sed 's/^X//' >/usr/local/freebsd-update/client.port/pkg-plist << 'END-of-/usr/local/freebsd-update/client.port/pkg-plist' Xsbin/freebsd-update Xfreebsd-update/Makefile Xfreebsd-update/README Xfreebsd-update/VERSION Xfreebsd-update/CHANGELOG Xfreebsd-update/LICENSE Xfreebsd-update/update.conf.sample Xfreebsd-update/verify X@dirrm freebsd-update END-of-/usr/local/freebsd-update/client.port/pkg-plist echo c - /usr/local/freebsd-update/client.port/files mkdir -p /usr/local/freebsd-update/client.port/files > /dev/null 2>&1 echo x - /usr/local/freebsd-update/client.port/files/freebsd-update sed 's/^X//' >/usr/local/freebsd-update/client.port/files/freebsd-update << 'END-of-/usr/local/freebsd-update/client.port/files/freebsd-update' X#!/bin/sh X Xcase "$1" in Xfetch) X cd %%PREFIX%%/freebsd-update && make fetch-update;; Xinstall) X cd %%PREFIX%%/freebsd-update && make install-update;; Xrollback) X cd %%PREFIX%%/freebsd-update && make rollback-update;; Xcron) X cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES daily;; X*) X echo "Usage: freebsd-update {fetch|install|rollback|cron}" >&2 X echo " freebsd-update fetch: Fetches updates" >&2 X echo " freebsd-update install: Installs fetched updates" >&2 X echo " freebsd-update rollback: Rolls back installed updates" >&2 X echo " freebsd-update cron: Suitable for use in cron(8)," >&2 X echo " fetches updates and sends an" >&2 X echo " email to root if any exist." >&2 X ;; Xesac X Xexit 0 END-of-/usr/local/freebsd-update/client.port/files/freebsd-update echo x - /usr/local/freebsd-update/client.port/files/patch-aa-rmverify sed 's/^X//' >/usr/local/freebsd-update/client.port/files/patch-aa-rmverify << 'END-of-/usr/local/freebsd-update/client.port/files/patch-aa-rmverify' X--- Makefile.orig Sat Mar 8 00:44:19 2003 X+++ Makefile Sat Mar 22 15:44:03 2003 X@@ -40,7 +40,7 @@ X NUM!=( [ -f ${WORKDIR}/num ] && expr `cat ${WORKDIR}/num` + 1 ) || echo 1 X .endif X X-fetch-update: verify X+fetch-update: X @[ ! -z "${FETCHROOT}" ] || ( \ X echo "Base URL not specified in ${CONFFILE}." && \ X false ) END-of-/usr/local/freebsd-update/client.port/files/patch-aa-rmverify echo x - /usr/local/freebsd-update/client.port/pkg-message sed 's/^X//' >/usr/local/freebsd-update/client.port/pkg-message << 'END-of-/usr/local/freebsd-update/client.port/pkg-message' X XBefore you can use this, you will have to create an update configuration Xfile specifying the server to fetch updates from and the trusted public Xkey fingerprint. X XAssuming you haven't changed ${PREFIX}, a sample configuration file is Xinstalled in /usr/local/freebsd-update/update.conf.sample which will Xfetch updates built by the author. If you trust the author to securely Xbuild binary updates for you to blindly install on this machine, copy Xthat file to /usr/local/freebsd-update/update.conf -- otherwise, create X/usr/local/freebsd-update/update.conf as appropriate. X END-of-/usr/local/freebsd-update/client.port/pkg-message exit --- freebsd-update.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030323040205.30424.qmail>