From owner-freebsd-doc@FreeBSD.ORG Fri Nov 20 18:17:40 2009 Return-Path: Delivered-To: doc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2F891065670; Fri, 20 Nov 2009 18:17:40 +0000 (UTC) (envelope-from jhelfman@e-e.com) Received: from mail.experts-exchange.com (mail.experts-exchange.com [64.156.132.251]) by mx1.freebsd.org (Postfix) with ESMTP id 60E3C8FC1B; Fri, 20 Nov 2009 18:17:39 +0000 (UTC) Received: from eggman.experts-exchange.com (unknown [72.29.180.81]) by mail.experts-exchange.com (Postfix) with ESMTP id B1B0A48BE78E; Fri, 20 Nov 2009 10:17:34 -0800 (PST) Received: by eggman.experts-exchange.com (sSMTP sendmail emulation); Fri, 20 Nov 2009 10:16:34 -0800 Date: Fri, 20 Nov 2009 10:16:33 -0800 From: Jason To: Manolis Kiagias Message-ID: <20091120181631.GF6241@eggman.experts-exchange.com> References: <4B05BA06.3010303@FreeBSD.org> <87ws1luqmx.fsf@kobe.laptop> <4B06C94A.30600@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <4B06C94A.30600@FreeBSD.org> X-Operating-System: FreeBSD 7.2-RELEASE-p4 X-Living-The-Dream: I love the SLO Life! User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Tom Rhodes , "doc@FreeBSD.org" , Gabor PALI , Gabor Kovesdan , Rene Ladan , Giorgos Keramidas Subject: Re: [RFC] Article on freebsd-update-server X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2009 18:17:41 -0000 On Fri, Nov 20, 2009 at 06:52:26PM +0200, Manolis Kiagias thus spake: >Giorgos Keramidas wrote: >> - All changes look fine up to this point >> : >> : - Note down the generated KeyPrint; this value is entered into >> : - /etc/freebsd-update.conf for binary >> : - updates. >> : + Keep a note of the generated key fingerpring. This value is >> : + entered into /etc/freebsd-update.conf for >> : + binary updates. >> : >> >> There are various places that the article refers to "KeyPrint". I think it >> means "key fingerpring", but I am not sure. If that's what the real meaning >> should be, please use "key fingerprint". That is correct. It is a "key fingerprint," in this case, and it becomes the KeyPrint value in /etc/freebsd-update.com >> >> > >Probably, but we need some input from Jason here. I assume you are right. > >> : Mon Aug 24 17:54:07 PDT 2009 Extracting world+src for FreeBSD/amd64 7.2-RELEASE >> : @@ -411,10 +428,7 @@ to sign the release. >> : file named USAGE. Execute >> : scripts/approve.sh, as directed. This will sign >> : the release, and move components into a staging area suitable for >> : - uploading. It is important to make sure that your key is mounted >> : - during this process. A simple df will show if it >> : - is mounted. If not mounted, mount the key with the passphrase supplied >> : - when creating it earlier. >> : + uploading. >> >> I don't know where the key mounting bits come from. It seems to refer to >> those FreeBSD installations where PGP keys are stored in removable media, like >> a USB flash disk. Why do we have to explicitly mention this here? After all, >> we don't describe how gpg-agent(1) works, or how seahorse(1) integrates PGP >> with Gnome, or any other case of the dozens of PGP setups possible... In order to a sign a release, the key generated at the beginning of the process needs to be mounted in order to properly approve the release and update to code so it will work for updates. If the key is not mounted, approving the release won't work, and then updates can't be uploaded. >> >> > >Same here, I am not really sure what the key mounting refers to. > >> : @@ -524,9 +547,11 @@ Wed Aug 26 12:50:07 PDT 2009 Cleaning st >> : >> : When running a patch level build, we are assuming that previous >> : patches are in place. When a patch build is run, it will run all >> : - patches less than or equal to the number specified. Beyond this, >> : - you will have to take appropriate measures to verify authenticity >> : - of the patch. >> : + patches less than or equal to the number specified. >> : + >> : + It is up to the administrator of the freebsd-update >> : + server to take appropriate measures to verify the authenticity of >> : + every patch. >> >> I think we ought to emphasize a bit the part about patch authenticity, but I >> am not sure if I chose the right way to do this. >> >> > >Or maybe use around it? > >> : - Follow the same process as noted before for appoving a build. >> : + Follow the same process as noted before for approving a build: >> >> Typo. >> >> There are more changes, in the attached patch. Most of them are attempts to >> improve the wording of various small parts of the article. Please see the >> attached diff for all of them. >> >> > >The patch has been applied, the new version is available in mercurial >and also uploaded again to freefall. > >> One more important detail. We are still discussing at doceng@ how we can >> bring the final article into CVS. So, please hold from committing this, until >> we have resolved all the remaining details. >> >> > >Yes, I am aware of this. >Jason has thought of something like this (copied from email): > > > Afterword > > This url="http://www.experts-exchange.com/articles/OS/Unix/BSD/FreeBSD/Build-Your-Own-FreeBSD-Update-Server.html">FreeBSD > >Update article was originally published at url="http://www.experts-exchange.com">Experts-Exchange. > > >and I thought we could turn this into something like "Acknowledgements >/ Further Reading" section (will probably need to be expanded a bit). >Does this make any sense? > >> I'm sure that a lot of people will love reading an article that describes in >> detail how to set up a local freebsd-update server. Thanks for all the work >> done so far on what seems to be an excellent article! :-D >> > >And we thank you for the thorough review :) > Thank you and I will take a look at the included file. Jason