Date: Mon, 4 Mar 2013 22:25:30 -0800 From: Jason Helfman <jgh@FreeBSD.org> To: doc@FreeBSD.org Cc: cperciva@FreeBSD.org Subject: [RFC] freebsd-update-server article update Message-ID: <20130305062530.GA76879@hatter>
next in thread | raw e-mail | index | archive | help
--BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Hello All, Attached is a patch that introduces a number of updates to my article on how to create your own FreeBSD Update Server. Part of this update will also allow users to build update servers, as the code for the freebsd-update-server was in the projects repository in CVS that is no-longer available. The changes are as follows: * Add copyright for 2013 * Point users to new source of software. (location name and source have changed). * cvs -> svn * freebsd-update-server -> freebsd-update-build * Add instructions how to get software, as download via tarball is no-longer an option. * Role change for Security Officer * Drop tip for rst packets as this is no longer an issues with all supported versions of FreeBSD. * Drop two tip comments as they have been merged into document. (one previously, and one for this diff) Any comments, suggestions and feedback are welcome. My documentation skills are not the greatest, so pardon any whitespace or placement issues and feel free to slap me with an editorial fish! Thanks! -jgh -- Jason Helfman FreeBSD Committer | http://people.freebsd.org/~jgh | The Power To Serve --BXVAT5kNtrzKuDFl Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="article.diff" Index: article.xml =================================================================== --- article.xml (revision 41094) +++ article.xml (working copy) @@ -22,6 +22,7 @@ <year>2009</year> <year>2010</year> <year>2011</year> + <year>2013</year> <holder role="mailto:jgh@FreeBSD.org">Jason Helfman</holder> </copyright> @@ -40,8 +41,8 @@ <abstract> <para>This article describes building an internal &fbus.ap;. The <ulink - url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink> software - is written by &a.cperciva;, current Security Officer of &os;. + url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>; + software is written by &a.cperciva;, Security Officer Emeritus of &os;. For users that think it is convenient to update their systems against an official update server, building their own &fbus.ap; may help to extend its functionality by supporting manually-tweaked @@ -118,12 +119,12 @@ <title>Configuration: Installation & Setup</title> <para>Download the <ulink - url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink> - software as a <ulink - url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/freebsd-update-server.tar.gz?tarball=1">tar archive</ulink>, - or use &man.csup.1; and the <literal>projects-all</literal> - collection.</para> + url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">; + freebsd-update-server</ulink> software by installing <filename + role="package">devel/subversion </filename>, and execute:</para> + <screen>&prompt.user; <userinput>svn co http://svn.freebsd.org/base/user/cperciva/freebsd-update-build freebsd-update-server</userinput></screen> + <para>Update <filename>scripts/build.conf</filename> appropriately. It is sourced during all build operations.</para> @@ -353,9 +354,9 @@ <warning> <para>During this second build cycle, the network time protocol - daemon, &man.ntpd.8;, is turned off. Per &a.cperciva;, current - Security Officer of &os;, "the <ulink - url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink> + daemon, &man.ntpd.8;, is turned off. Per &a.cperciva;, + Security Officer Emeritus of &os;, "the <ulink + url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>; build code needs to identify timestamps which are stored in files so that they can be ignored when comparing builds to determine which files need to be updated. This timestamp-finding works by doing two @@ -778,7 +779,6 @@ } </screen> </listitem> - <!-- this tip will speed up your build process, however it is not necessary --> <listitem> <para>Adding <option>-j <replaceable>NUMBER</replaceable></option> flags to <maketarget>buildworld</maketarget> and @@ -801,28 +801,12 @@ </listitem> <listitem> -<!-- Parse error. I don't understand what this paragraph suggests or - recommends. Also, why do we need to block RSTs? I don't really - like gratuitous blocking of RST, ICMP or other packets. Our - kernel can rate-limit most of the "strange" packets alredy. --> - -<!-- there is a bug in earlier versions of the software that get the updates, and not blocking them will result in failure to update systems --> - - <para>Create a <ulink - url="&url.books.handbook;/firewalls.html">firewall</ulink> - rule to block outgoing RST packets. Due to a bug noted <ulink - url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink> - on the &a.stable; in April 2009, there may be - time-outs and failures when updating a system.</para> - </listitem> - - <!-- this tip is not necessary, however if you wish to retain mirrors and redundancy, this tip will help you. --> - <listitem> <para>Create an appropriate <ulink url="&url.books.handbook;/network-dns.html">DNS</ulink> SRV record for the update server, and put others behind it with variable weights. Using this facility will provide update - mirrors.</para> + mirrors, however this tip is not necessary unless you wish to + provide a redundant service.</para> <screen> _http._tcp.update.myserver.com. IN SRV 0 2 80 host1.myserver.com. SRV 0 1 80 host2.myserver.com. --BXVAT5kNtrzKuDFl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130305062530.GA76879>