From owner-freebsd-ports-bugs@FreeBSD.ORG Wed May 14 10:30:11 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D709B37B404 for ; Wed, 14 May 2003 10:30:10 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26F5643FAF for ; Wed, 14 May 2003 10:30:09 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4EHU8Up045089 for ; Wed, 14 May 2003 10:30:08 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4EHU8ff045088; Wed, 14 May 2003 10:30:08 -0700 (PDT) Resent-Date: Wed, 14 May 2003 10:30:08 -0700 (PDT) Resent-Message-Id: <200305141730.h4EHU8ff045088@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Colin Percival Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCC0F37B401 for ; Wed, 14 May 2003 10:25:31 -0700 (PDT) Received: from builder.daemonology.net (h24-87-233-42.vc.shawcable.net [24.87.233.42]) by mx1.FreeBSD.org (Postfix) with SMTP id EB04E43F75 for ; Wed, 14 May 2003 10:25:29 -0700 (PDT) (envelope-from cperciva@builder.daemonology.net) Received: (qmail 50809 invoked by uid 1000); 17 Jun 2004 17:24:25 -0000 Received: (for user cperciva) Message-Id: <20040617172425.50807.qmail@builder.daemonology.net> From: Colin Percival To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/52244: [MAINTAINER UPDATE] security/freebsd-update documentation X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Colin Percival List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 14 May 2003 17:30:11 -0000 X-Original-Date: 17 Jun 2004 17:24:25 -0000 X-List-Received-Date: Wed, 14 May 2003 17:30:11 -0000 >Number: 52244 >Category: ports >Synopsis: [MAINTAINER UPDATE] security/freebsd-update documentation >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed May 14 10:30:08 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Colin Percival >Release: FreeBSD 4.7-SECURITY i386 >Organization: >Environment: n/a >Description: The original freebsd-update port contained out of date and confusing documentation. >How-To-Repeat: Look at the original README and become very confused. >Fix: The included patch: 1. Removes the original, out of date, README file, 2. Adds (new, up to date) man pages, and 3. Puts the configuration file in $PREFIX/etc where it belongs. --- freebsd-update.diff begins here --- --- /usr/ports/security/freebsd-update/Makefile Fri Apr 11 21:52:02 2003 +++ /usr/ports/security/freebsd-update/Makefile Wed May 7 22:09:13 2003 @@ -7,6 +7,7 @@ PORTNAME= freebsd-update PORTVERSION= 1.2 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.daemonology.net/freebsd-update/ DISTNAME= freebsd-update-client-1_2 @@ -14,12 +15,21 @@ MAINTAINER= cperciva@daemonology.net COMMENT= Fetches and installs binary updates to FreeBSD +MAN5= freebsd-update.conf.5 +MAN8= freebsd-update.8 + NO_WRKSUBDIR= yes ALL_TARGET= verify +PKGMESSAGE= ${WRKDIR}/pkg-message + post-extract: @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/freebsd-update \ > ${WRKSRC}/freebsd-update + @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/pkg-message \ + > ${PKGMESSAGE} + cp ${FILESDIR}/freebsd-update.8 ${WRKSRC} + cp ${FILESDIR}/freebsd-update.conf.5 ${WRKSRC} do-install: @${MKDIR} ${PREFIX}/freebsd-update @@ -28,12 +38,15 @@ ${INSTALL_DATA} ${WRKSRC}/Makefile ${PREFIX}/freebsd-update ${INSTALL_DATA} ${WRKSRC}/CHANGELOG ${PREFIX}/freebsd-update ${INSTALL_DATA} ${WRKSRC}/LICENSE ${PREFIX}/freebsd-update - ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/freebsd-update - ${INSTALL_DATA} ${WRKSRC}/VERSION ${PREFIX}/freebsd-update ${INSTALL_DATA} ${WRKSRC}/update.conf \ - ${PREFIX}/freebsd-update/update.conf.sample + ${PREFIX}/etc/freebsd-update.conf.sample +.if !defined(WITHOUT_MAN) + ${INSTALL_MAN} ${WRKSRC}/freebsd-update.conf.5 ${PREFIX}/man/man5/ + ${INSTALL_MAN} ${WRKSRC}/freebsd-update.8 ${PREFIX}/man/man8/ +.endif + post-install: - @${CAT} ${PKGDIR}/pkg-message + @${CAT} ${PKGMESSAGE} .include --- /usr/ports/security/freebsd-update/files/freebsd-update Fri Apr 11 21:52:02 2003 +++ /usr/ports/security/freebsd-update/files/freebsd-update Wed May 7 21:44:52 2003 @@ -1,14 +1,23 @@ #!/bin/sh +if [ ! -r %%PREFIX%%/etc/freebsd-update.conf ] ; then + echo "%%PREFIX%%/etc/freebsd-update.conf not found" + exit 1 +fi + case "$1" in fetch) - cd %%PREFIX%%/freebsd-update && make fetch-update;; + cd %%PREFIX%%/freebsd-update && make \ + CONFFILE=%%PREFIX%%/etc/freebsd-update.conf fetch-update;; install) - cd %%PREFIX%%/freebsd-update && make install-update;; + cd %%PREFIX%%/freebsd-update && make \ + CONFFILE=%%PREFIX%%/etc/freebsd-update.conf install-update;; rollback) - cd %%PREFIX%%/freebsd-update && make rollback-update;; + cd %%PREFIX%%/freebsd-update && make \ + CONFFILE=%%PREFIX%%/etc/freebsd-update.conf rollback-update;; cron) - cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES daily;; + cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES \ + CONFFILE=%%PREFIX%%/etc/freebsd-update.conf daily;; *) echo "Usage: freebsd-update {fetch|install|rollback|cron}" >&2 echo " freebsd-update fetch: Fetches updates" >&2 --- /usr/ports/security/freebsd-update/files/freebsd-update.8 Thu Jan 1 01:00:00 1970 +++ /usr/ports/security/freebsd-update/files/freebsd-update.8 Wed May 7 20:39:00 2003 @@ -0,0 +1,66 @@ +.Dd May 7, 2003 +.Dt FREEBSD-UPDATE 8 +.Os FreeBSD +.Sh NAME +.Nm freebsd-update +.Nd fetch and install binary security updates to FreeBSD +.Sh SYNOPSIS +.Nm +.Cm command +.Sh DESCRIPTION +The +.Nm +tool is used to fetch, install, and rollback +binary security updates to the FreeBSD base system. +.Sh OPTIONS +The +.Cm command +can be any one of the following: +.Pp +.Bl -tag -width "rollback" -compact +.It fetch +Based on the currently installed world, fetch all available +binary updates. Any updates previously fetched but not +installed will be fetched again. +.Pp +.It install +Install the most recently fetched updates. +.Pp +.It rollback +Uninstall the most recently installed updates. +.Pp +.It cron +If any binary updates are available, fetch them and +send an email to root; otherwise, exit silently. As +the name suggests, this is intended for usage via +cron(8). +.Pp +.El +.Sh TIPS +.Bl -bullet +.It +If your clock is set to local time, adding the line +.Pp +.Dl 0 3 * * * root /usr/local/sbin/freebsd-update cron +.Pp +to /etc/crontab will check for updates every night. If your +clock is set to UTC, please pick a random time instead of +3AM, or the server hosting the updates will be very unhappy. +.It +.Nm +.Cm cron +waits a random amount of time, up to an hour, before contacting +the server in order to reduce the risk of "flash crowds" resulting +from cron jobs. +.El +.Sh FILES +.Bl -tag -width "$PREFIX/etc/freebsd-update.conf" +.It $PREFIX/freebsd-update/work +Location of downloaded updates and backups of files +which have been updated. +.It $PREFIX/etc/freebsd-update.conf +Location of the freebsd-update configuration file. +.Sh SEE ALSO +.Xr freebsd-update.conf 5 +.Sh AUTHORS +.An Colin Percival Aq cperciva@daemonology.net --- /usr/ports/security/freebsd-update/files/freebsd-update.conf.5 Thu Jan 1 01:00:00 1970 +++ /usr/ports/security/freebsd-update/files/freebsd-update.conf.5 Wed May 7 20:40:15 2003 @@ -0,0 +1,36 @@ +.Dd May 7, 2003 +.Dt FREEBSD-UPDATE.CONF 8 +.Os FreeBSD +.Sh NAME +.Nm freebsd-update.conf +.Nd configuration file for freebsd-update +.Sh DESCRIPTION +The +.Nm +file controls where freebsd-update(8) fetches updates from, and +which RSA key should be trusted to sign the updates. +.Pp +A line of the form +.Dl URL=foobar +specifies the source from which updates should be fetched. This +can be any type of URL suitable for fetch(1) -- in particular, HTTP, +FTP, and local paths are all permitted. +.Pp +A line of the form +.Dl KEYPRINT=0123456789ABCDEF0123456789ABCDEF +specifies the MD5 hash of the 2048 bit modulus belonging to an RSA +keypair which is trusted to sign updates. +.Pp +If more than one line of either of the above forms is included in +.Nm +then only the last one will take effect. Any lines not of the above +forms will be ignored. +.Sh FILES +.Bl -tag -width "$PREFIX/etc/freebsd-update.conf" +.It $PREFIX/etc/freebsd-update.conf +Location of the freebsd-update configuration file. +.Sh SEE ALSO +.Xr fetch 1 +.Xr freebsd-update 8 +.Sh AUTHORS +.An Colin Percival Aq cperciva@daemonology.net --- /usr/ports/security/freebsd-update/files/pkg-message Thu Jan 1 01:00:00 1970 +++ /usr/ports/security/freebsd-update/files/pkg-message Wed May 7 20:59:01 2003 @@ -0,0 +1,16 @@ + +Before you can use this, you will have to create an update configuration +file specifying the server to fetch updates from and the trusted public +key fingerprint. + +A sample configuration file has been installed in + + %%PREFIX%%/etc/freebsd-update.conf.sample + +which will fetch updates built by the author. If you trust the author +to securely build binary updates for you to blindly install on this +machine, copy that file to + + %%PREFIX%%/etc/freebsd-update.conf + +otherwise, create that file as appropriate. --- /usr/ports/security/freebsd-update/pkg-message Fri Apr 11 21:52:02 2003 +++ /usr/ports/security/freebsd-update/pkg-message Thu Jan 1 01:00:00 1970 @@ -1,11 +0,0 @@ - -Before you can use this, you will have to create an update configuration -file specifying the server to fetch updates from and the trusted public -key fingerprint. - -Assuming you haven't changed ${PREFIX}, a sample configuration file is -installed in /usr/local/freebsd-update/update.conf.sample which will -fetch updates built by the author. If you trust the author to securely -build binary updates for you to blindly install on this machine, copy -that file to /usr/local/freebsd-update/update.conf -- otherwise, create -/usr/local/freebsd-update/update.conf as appropriate. --- /usr/ports/security/freebsd-update/pkg-plist Fri Apr 11 21:52:02 2003 +++ /usr/ports/security/freebsd-update/pkg-plist Wed May 7 21:20:19 2003 @@ -1,9 +1,7 @@ sbin/freebsd-update freebsd-update/Makefile -freebsd-update/README -freebsd-update/VERSION freebsd-update/CHANGELOG freebsd-update/LICENSE -freebsd-update/update.conf.sample +etc/freebsd-update.conf.sample freebsd-update/verify @dirrm freebsd-update --- freebsd-update.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: