From owner-freebsd-doc@FreeBSD.ORG  Tue Mar  5 06:29:04 2013
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: doc@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 8B8E8253
 for <doc@freebsd.org>; Tue,  5 Mar 2013 06:29:04 +0000 (UTC)
 (envelope-from bsd-src@helfman.org)
Received: from mail-ia0-x22e.google.com (mail-ia0-x22e.google.com
 [IPv6:2607:f8b0:4001:c02::22e])
 by mx1.freebsd.org (Postfix) with ESMTP id 40FED2C6
 for <doc@freebsd.org>; Tue,  5 Mar 2013 06:29:04 +0000 (UTC)
Received: by mail-ia0-f174.google.com with SMTP id u20so5597046iag.5
 for <doc@freebsd.org>; Mon, 04 Mar 2013 22:29:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-received:sender:date:from:to:cc:subject:message-id:mime-version
 :content-type:content-disposition:x-operating-system:organization
 :x-living-the-dream:x-pgp-fingerprint:x-pgp-key:user-agent
 :x-gm-message-state;
 bh=fuply9AW4Nr4jwb0yB1JuLulu5gZs2Llf8yoQ9ZJOAY=;
 b=W/mO6UI/CaXtujA6wrR3YRRSRTcBOSMarcDQr4X6qnk9V4NUfga+iIrDodLdVn1NMi
 gjIwaaahOQL8C1QHXI+x89tWFWHBzEN7sXl0Jmqs2XlDTM7JO0I3Uquy7KU3zb2SgifN
 pqU/1s3reLHm+Lg4JdZJRyoVVmObd4NtAxuV6EOUJ/Cxs8t/JZfIYmYU3TVeRviz3sjC
 NUzHF8h8r2hgK6GnE63Wql02Bb7Mn3kiQinr3VwFtf6uwGqt2h5IzalZAkeldChJFVIC
 74ZTvUL8COQ7/l7YCM+CW1AJhKJxwPIyl61YfIYCrUqs0AKGel28I8pIg01dGAx/dpPS
 eiTw==
X-Received: by 10.50.57.168 with SMTP id j8mr5102552igq.51.1362464943817;
 Mon, 04 Mar 2013 22:29:03 -0800 (PST)
Received: from hatter (adsl-64-161-57-202.dsl.snlo01.pacbell.net.
 [64.161.57.202])
 by mx.google.com with ESMTPS id a3sm15672252igq.5.2013.03.04.22.29.01
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 04 Mar 2013 22:29:02 -0800 (PST)
Sender: Jason Helfman <bsd-src@helfman.org>
Date: Mon, 4 Mar 2013 22:25:30 -0800
From: Jason Helfman <jgh@FreeBSD.org>
To: doc@FreeBSD.org
Subject: [RFC] freebsd-update-server article update
Message-ID: <20130305062530.GA76879@hatter>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="BXVAT5kNtrzKuDFl"
Content-Disposition: inline
X-Operating-System: FreeBSD 9.0-RELEASE-p3 i386
Organization: The FreeBSD Project, http://www.freebsd.org
X-Living-The-Dream: I love the SLO Life!
X-PGP-FingerPrint: 8E0D C457 9A0F C91C 23F3  0454 2059 9A63 4150 D3DC
X-PGP-Key: http://people.freebsd.org/~jgh/jgh.asc
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Gm-Message-State: ALoCoQn8zXh7z9Z9g3Hmk2LnyPSsJjk16X/UYdH4K2ESILmfDQoOh+35EpR2nEpjQtNjqUzwqknq
Cc: cperciva@FreeBSD.org
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-doc>,
 <mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
 <mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2013 06:29:04 -0000


--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline

Hello All,

Attached is a patch that introduces a number of updates to my article on how
to create your own FreeBSD Update Server.

Part of this update will also allow users to build update servers, as the
code for the freebsd-update-server was in the projects repository in CVS
that is no-longer available.

The changes are as follows:

* Add copyright for 2013
* Point users to new source of software. (location name and source have
changed).
   * cvs -> svn
   * freebsd-update-server -> freebsd-update-build
* Add instructions how to get software, as download via tarball is
no-longer an option.
* Role change for Security Officer
* Drop tip for rst packets as this is no longer an issues with all supported
versions of FreeBSD.
* Drop two tip comments as they have been merged into document. (one
previously, and one for this diff)

Any comments, suggestions and feedback are welcome. My documentation skills
are not the greatest, so pardon any whitespace or placement issues and feel
free to slap me with an editorial fish!

Thanks!
-jgh

-- 
Jason Helfman
FreeBSD Committer | http://people.freebsd.org/~jgh | The Power To Serve

--BXVAT5kNtrzKuDFl
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="article.diff"

Index: article.xml
===================================================================
--- article.xml	(revision 41094)
+++ article.xml	(working copy)
@@ -22,6 +22,7 @@
       <year>2009</year>
       <year>2010</year>
       <year>2011</year>
+      <year>2013</year>
       <holder role="mailto:jgh@FreeBSD.org">Jason Helfman</holder>
     </copyright>
 
@@ -40,8 +41,8 @@
   <abstract>
     <para>This article describes building an internal &fbus.ap;.
       The <ulink
-	url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink> software
-      is written by &a.cperciva;, current Security Officer of &os;.
+	url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
+      software is written by &a.cperciva;, Security Officer Emeritus of &os;.
       For users that think it is convenient to update their systems
       against an official update server, building their own &fbus.ap; may
       help to extend its functionality by supporting manually-tweaked
@@ -118,12 +119,12 @@
     <title>Configuration: Installation &amp; Setup</title>
 
     <para>Download the <ulink
-	url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
-      software as a <ulink
-	url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/freebsd-update-server.tar.gz?tarball=1">tar archive</ulink>,
-      or use &man.csup.1; and the <literal>projects-all</literal>
-      collection.</para>
+        url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">
+      freebsd-update-server</ulink> software by installing <filename
+        role="package">devel/subversion </filename>, and execute:</para>
 
+       <screen>&prompt.user; <userinput>svn co http://svn.freebsd.org/base/user/cperciva/freebsd-update-build freebsd-update-server</userinput></screen>
+
     <para>Update <filename>scripts/build.conf</filename> appropriately.
       It is sourced during all build operations.</para>
 
@@ -353,9 +354,9 @@
 
     <warning>
       <para>During this second build cycle, the network time protocol
-	daemon, &man.ntpd.8;, is turned off.  Per &a.cperciva;, current
-	Security Officer of &os;, "the <ulink
-	  url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
+	daemon, &man.ntpd.8;, is turned off.  Per &a.cperciva;,
+	Security Officer Emeritus of &os;, "the <ulink
+	  url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
 	build code needs to identify timestamps which are stored in files so
 	that they can be ignored when comparing builds to determine which
 	files need to be updated.  This timestamp-finding works by doing two
@@ -778,7 +779,6 @@
 	}
 	</screen>
       </listitem>
-	<!-- this tip will speed up your build process, however it is not necessary -->
       <listitem>
 	<para>Adding <option>-j <replaceable>NUMBER</replaceable></option>
 	  flags to <maketarget>buildworld</maketarget> and
@@ -801,28 +801,12 @@
       </listitem>
 
       <listitem>
-<!-- Parse error.  I don't understand what this paragraph suggests or
-     recommends.  Also, why do we need to block RSTs?  I don't really
-     like gratuitous blocking of RST, ICMP or other packets.  Our
-     kernel can rate-limit most of the "strange" packets alredy. -->
-
-<!-- there is a bug in earlier versions of the software that get the updates, and not blocking them will result in failure to update systems -->
-
-	<para>Create a <ulink
-	    url="&url.books.handbook;/firewalls.html">firewall</ulink>
-	  rule to block outgoing RST packets.  Due to a bug noted <ulink
-	    url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink>
-	  on the &a.stable; in April 2009, there may be
-	  time-outs and failures when updating a system.</para>
-      </listitem>
-
-	<!-- this tip is not necessary, however if you wish to retain mirrors and redundancy, this tip will help you. -->
-      <listitem>
 	<para>Create an appropriate <ulink
 	    url="&url.books.handbook;/network-dns.html">DNS</ulink>
 	  SRV record for the update server, and put others behind it with
 	  variable weights.  Using this facility will provide update
-	  mirrors.</para>
+	  mirrors, however this tip is not necessary unless you wish to
+          provide a redundant service.</para>
 
 	<screen> _http._tcp.update.myserver.com.                  IN SRV   0 2 80   host1.myserver.com.
 							     SRV   0 1 80   host2.myserver.com.

--BXVAT5kNtrzKuDFl--