- Add copyright for 2013
- Point users to new source of software. (location name and source have changed). - cvs -> svn - freebsd-update-server -> freebsd-update-build - Add instructions how to get software, as download via tarball is no-longer an option. - Role change for Security Officer - Drop tip for rst packets as this is no longer an issues with all supported versions of FreeBSD. - Drop two tip comments as they have been merged into document. (one previously, and one for this diff) Reviewed by: eadler, cperciva, keramida
This commit is contained in:
Jason Helfman
parent
d7f0aef44c
commit
8a9932bffe
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=41161
1 changed files with 14 additions and 30 deletions
|
|
@ -3,7 +3,7 @@
|
|||
"../../../share/xml/freebsd42.dtd" [
|
||||
<!ENTITY % entities PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Entity Set//EN" "../../share/xml/entities.ent">
|
||||
%entities;
|
||||
<!ENTITY fbus.ap "<application>FreeBSD Update Server</application>">
|
||||
<!ENTITY fbus.ap "<application>FreeBSD Update Server</application>">
|
||||
]>
|
||||
|
||||
<article lang="en">
|
||||
|
|
@ -22,6 +22,7 @@
|
|||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2013</year>
|
||||
<holder role="mailto:jgh@FreeBSD.org">Jason Helfman</holder>
|
||||
</copyright>
|
||||
|
||||
|
|
@ -40,8 +41,8 @@
|
|||
<abstract>
|
||||
<para>This article describes building an internal &fbus.ap;.
|
||||
The <ulink
|
||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink> software
|
||||
is written by &a.cperciva;, current Security Officer of &os;.
|
||||
url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
|
||||
software is written by &a.cperciva;, Security Officer Emeritus of &os;.
|
||||
For users that think it is convenient to update their systems
|
||||
against an official update server, building their own &fbus.ap; may
|
||||
help to extend its functionality by supporting manually-tweaked
|
||||
|
|
@ -118,11 +119,11 @@
|
|||
<title>Configuration: Installation & Setup</title>
|
||||
|
||||
<para>Download the <ulink
|
||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
|
||||
software as a <ulink
|
||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/freebsd-update-server.tar.gz?tarball=1">tar archive</ulink>,
|
||||
or use &man.csup.1; and the <literal>projects-all</literal>
|
||||
collection.</para>
|
||||
url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">
|
||||
freebsd-update-server</ulink> software by installing <filename
|
||||
role="package">devel/subversion </filename>, and execute:</para>
|
||||
|
||||
<screen>&prompt.user; <userinput>svn co http://svn.freebsd.org/base/user/cperciva/freebsd-update-build freebsd-update-server</userinput></screen>
|
||||
|
||||
<para>Update <filename>scripts/build.conf</filename> appropriately.
|
||||
It is sourced during all build operations.</para>
|
||||
|
|
@ -353,9 +354,9 @@ world|base|/usr/lib/libalias_ftp.a
|
|||
|
||||
<warning>
|
||||
<para>During this second build cycle, the network time protocol
|
||||
daemon, &man.ntpd.8;, is turned off. Per &a.cperciva;, current
|
||||
Security Officer of &os;, "the <ulink
|
||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
|
||||
daemon, &man.ntpd.8;, is turned off. Per &a.cperciva;,
|
||||
Security Officer Emeritus of &os;, "the <ulink
|
||||
url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
|
||||
build code needs to identify timestamps which are stored in files so
|
||||
that they can be ignored when comparing builds to determine which
|
||||
files need to be updated. This timestamp-finding works by doing two
|
||||
|
|
@ -778,7 +779,6 @@ the new builds.</screen>
|
|||
}
|
||||
</screen>
|
||||
</listitem>
|
||||
<!-- this tip will speed up your build process, however it is not necessary -->
|
||||
<listitem>
|
||||
<para>Adding <option>-j <replaceable>NUMBER</replaceable></option>
|
||||
flags to <maketarget>buildworld</maketarget> and
|
||||
|
|
@ -801,28 +801,12 @@ the new builds.</screen>
|
|||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<!-- Parse error. I don't understand what this paragraph suggests or
|
||||
recommends. Also, why do we need to block RSTs? I don't really
|
||||
like gratuitous blocking of RST, ICMP or other packets. Our
|
||||
kernel can rate-limit most of the "strange" packets alredy. -->
|
||||
|
||||
<!-- there is a bug in earlier versions of the software that get the updates, and not blocking them will result in failure to update systems -->
|
||||
|
||||
<para>Create a <ulink
|
||||
url="&url.books.handbook;/firewalls.html">firewall</ulink>
|
||||
rule to block outgoing RST packets. Due to a bug noted <ulink
|
||||
url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink>
|
||||
on the &a.stable; in April 2009, there may be
|
||||
time-outs and failures when updating a system.</para>
|
||||
</listitem>
|
||||
|
||||
<!-- this tip is not necessary, however if you wish to retain mirrors and redundancy, this tip will help you. -->
|
||||
<listitem>
|
||||
<para>Create an appropriate <ulink
|
||||
url="&url.books.handbook;/network-dns.html">DNS</ulink>
|
||||
SRV record for the update server, and put others behind it with
|
||||
variable weights. Using this facility will provide update
|
||||
mirrors.</para>
|
||||
mirrors, however this tip is not necessary unless you wish to
|
||||
provide a redundant service.</para>
|
||||
|
||||
<screen> _http._tcp.update.myserver.com. IN SRV 0 2 80 host1.myserver.com.
|
||||
SRV 0 1 80 host2.myserver.com.
|
||||
|
|
|
|||
Loading…
Reference in a new issue