- Add copyright for 2013
- Point users to new source of software. (location name and source have changed). - cvs -> svn - freebsd-update-server -> freebsd-update-build - Add instructions how to get software, as download via tarball is no-longer an option. - Role change for Security Officer - Drop tip for rst packets as this is no longer an issues with all supported versions of FreeBSD. - Drop two tip comments as they have been merged into document. (one previously, and one for this diff) Reviewed by: eadler, cperciva, keramida
This commit is contained in:
Jason Helfman
parent
d7f0aef44c
commit
8a9932bffe
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=41161
1 changed files with 14 additions and 30 deletions
|
|
@ -22,6 +22,7 @@
|
||||||
<year>2009</year>
|
<year>2009</year>
|
||||||
<year>2010</year>
|
<year>2010</year>
|
||||||
<year>2011</year>
|
<year>2011</year>
|
||||||
|
<year>2013</year>
|
||||||
<holder role="mailto:jgh@FreeBSD.org">Jason Helfman</holder>
|
<holder role="mailto:jgh@FreeBSD.org">Jason Helfman</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
|
|
||||||
|
|
@ -40,8 +41,8 @@
|
||||||
<abstract>
|
<abstract>
|
||||||
<para>This article describes building an internal &fbus.ap;.
|
<para>This article describes building an internal &fbus.ap;.
|
||||||
The <ulink
|
The <ulink
|
||||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink> software
|
url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
|
||||||
is written by &a.cperciva;, current Security Officer of &os;.
|
software is written by &a.cperciva;, Security Officer Emeritus of &os;.
|
||||||
For users that think it is convenient to update their systems
|
For users that think it is convenient to update their systems
|
||||||
against an official update server, building their own &fbus.ap; may
|
against an official update server, building their own &fbus.ap; may
|
||||||
help to extend its functionality by supporting manually-tweaked
|
help to extend its functionality by supporting manually-tweaked
|
||||||
|
|
@ -118,11 +119,11 @@
|
||||||
<title>Configuration: Installation & Setup</title>
|
<title>Configuration: Installation & Setup</title>
|
||||||
|
|
||||||
<para>Download the <ulink
|
<para>Download the <ulink
|
||||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
|
url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">
|
||||||
software as a <ulink
|
freebsd-update-server</ulink> software by installing <filename
|
||||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/freebsd-update-server.tar.gz?tarball=1">tar archive</ulink>,
|
role="package">devel/subversion </filename>, and execute:</para>
|
||||||
or use &man.csup.1; and the <literal>projects-all</literal>
|
|
||||||
collection.</para>
|
<screen>&prompt.user; <userinput>svn co http://svn.freebsd.org/base/user/cperciva/freebsd-update-build freebsd-update-server</userinput></screen>
|
||||||
|
|
||||||
<para>Update <filename>scripts/build.conf</filename> appropriately.
|
<para>Update <filename>scripts/build.conf</filename> appropriately.
|
||||||
It is sourced during all build operations.</para>
|
It is sourced during all build operations.</para>
|
||||||
|
|
@ -353,9 +354,9 @@ world|base|/usr/lib/libalias_ftp.a
|
||||||
|
|
||||||
<warning>
|
<warning>
|
||||||
<para>During this second build cycle, the network time protocol
|
<para>During this second build cycle, the network time protocol
|
||||||
daemon, &man.ntpd.8;, is turned off. Per &a.cperciva;, current
|
daemon, &man.ntpd.8;, is turned off. Per &a.cperciva;,
|
||||||
Security Officer of &os;, "the <ulink
|
Security Officer Emeritus of &os;, "the <ulink
|
||||||
url="&url.base;/cgi/cvsweb.cgi/projects/freebsd-update-server/">freebsd-update-server</ulink>
|
url="http://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</ulink>
|
||||||
build code needs to identify timestamps which are stored in files so
|
build code needs to identify timestamps which are stored in files so
|
||||||
that they can be ignored when comparing builds to determine which
|
that they can be ignored when comparing builds to determine which
|
||||||
files need to be updated. This timestamp-finding works by doing two
|
files need to be updated. This timestamp-finding works by doing two
|
||||||
|
|
@ -778,7 +779,6 @@ the new builds.</screen>
|
||||||
}
|
}
|
||||||
</screen>
|
</screen>
|
||||||
</listitem>
|
</listitem>
|
||||||
<!-- this tip will speed up your build process, however it is not necessary -->
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Adding <option>-j <replaceable>NUMBER</replaceable></option>
|
<para>Adding <option>-j <replaceable>NUMBER</replaceable></option>
|
||||||
flags to <maketarget>buildworld</maketarget> and
|
flags to <maketarget>buildworld</maketarget> and
|
||||||
|
|
@ -801,28 +801,12 @@ the new builds.</screen>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<!-- Parse error. I don't understand what this paragraph suggests or
|
|
||||||
recommends. Also, why do we need to block RSTs? I don't really
|
|
||||||
like gratuitous blocking of RST, ICMP or other packets. Our
|
|
||||||
kernel can rate-limit most of the "strange" packets alredy. -->
|
|
||||||
|
|
||||||
<!-- there is a bug in earlier versions of the software that get the updates, and not blocking them will result in failure to update systems -->
|
|
||||||
|
|
||||||
<para>Create a <ulink
|
|
||||||
url="&url.books.handbook;/firewalls.html">firewall</ulink>
|
|
||||||
rule to block outgoing RST packets. Due to a bug noted <ulink
|
|
||||||
url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink>
|
|
||||||
on the &a.stable; in April 2009, there may be
|
|
||||||
time-outs and failures when updating a system.</para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<!-- this tip is not necessary, however if you wish to retain mirrors and redundancy, this tip will help you. -->
|
|
||||||
<listitem>
|
|
||||||
<para>Create an appropriate <ulink
|
<para>Create an appropriate <ulink
|
||||||
url="&url.books.handbook;/network-dns.html">DNS</ulink>
|
url="&url.books.handbook;/network-dns.html">DNS</ulink>
|
||||||
SRV record for the update server, and put others behind it with
|
SRV record for the update server, and put others behind it with
|
||||||
variable weights. Using this facility will provide update
|
variable weights. Using this facility will provide update
|
||||||
mirrors.</para>
|
mirrors, however this tip is not necessary unless you wish to
|
||||||
|
provide a redundant service.</para>
|
||||||
|
|
||||||
<screen> _http._tcp.update.myserver.com. IN SRV 0 2 80 host1.myserver.com.
|
<screen> _http._tcp.update.myserver.com. IN SRV 0 2 80 host1.myserver.com.
|
||||||
SRV 0 1 80 host2.myserver.com.
|
SRV 0 1 80 host2.myserver.com.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue