Attachment #31327 for bug #52244

View | Details | Raw Unified | Return to bug 52244
Collapse All | Expand All

Lines 7-12 Link Here

(-)/usr/ports/security/freebsd-update/Makefile (-4 / +17 lines)
7		7
8	PORTNAME= freebsd-update	8	PORTNAME= freebsd-update
9	PORTVERSION= 1.2	9	PORTVERSION= 1.2
		10	PORTREVISION= 1
10	CATEGORIES= security	11	CATEGORIES= security
11	MASTER_SITES= http://www.daemonology.net/freebsd-update/	12	MASTER_SITES= http://www.daemonology.net/freebsd-update/
12	DISTNAME= freebsd-update-client-1_2	13	DISTNAME= freebsd-update-client-1_2
Lines 14-25 Link Here
14	MAINTAINER= cperciva@daemonology.net	15	MAINTAINER= cperciva@daemonology.net
15	COMMENT= Fetches and installs binary updates to FreeBSD	16	COMMENT= Fetches and installs binary updates to FreeBSD
16		17
		18	MAN5= freebsd-update.conf.5
		19	MAN8= freebsd-update.8
		20
17	NO_WRKSUBDIR= yes	21	NO_WRKSUBDIR= yes
18	ALL_TARGET= verify	22	ALL_TARGET= verify
19		23
		24	PKGMESSAGE= ${WRKDIR}/pkg-message
		25
20	post-extract:	26	post-extract:
21	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/freebsd-update \	27	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/freebsd-update \
22	> ${WRKSRC}/freebsd-update	28	> ${WRKSRC}/freebsd-update
		29	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/pkg-message \
		30	> ${PKGMESSAGE}
		31	cp ${FILESDIR}/freebsd-update.8 ${WRKSRC}
		32	cp ${FILESDIR}/freebsd-update.conf.5 ${WRKSRC}
23		33
24	do-install:	34	do-install:
25	@${MKDIR} ${PREFIX}/freebsd-update	35	@${MKDIR} ${PREFIX}/freebsd-update
Lines 28-39 Link Here
28	${INSTALL_DATA} ${WRKSRC}/Makefile ${PREFIX}/freebsd-update	38	${INSTALL_DATA} ${WRKSRC}/Makefile ${PREFIX}/freebsd-update
29	${INSTALL_DATA} ${WRKSRC}/CHANGELOG ${PREFIX}/freebsd-update	39	${INSTALL_DATA} ${WRKSRC}/CHANGELOG ${PREFIX}/freebsd-update
30	${INSTALL_DATA} ${WRKSRC}/LICENSE ${PREFIX}/freebsd-update	40	${INSTALL_DATA} ${WRKSRC}/LICENSE ${PREFIX}/freebsd-update
31	${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/freebsd-update
32	${INSTALL_DATA} ${WRKSRC}/VERSION ${PREFIX}/freebsd-update
33	${INSTALL_DATA} ${WRKSRC}/update.conf \	41	${INSTALL_DATA} ${WRKSRC}/update.conf \
34	${PREFIX}/freebsd-update/update.conf.sample	42	${PREFIX}/etc/freebsd-update.conf.sample
		43	.if !defined(WITHOUT_MAN)
		44	${INSTALL_MAN} ${WRKSRC}/freebsd-update.conf.5 ${PREFIX}/man/man5/
		45	${INSTALL_MAN} ${WRKSRC}/freebsd-update.8 ${PREFIX}/man/man8/
		46	.endif
		47
35		48
36	post-install:	49	post-install:
37	@${CAT} ${PKGDIR}/pkg-message	50	@${CAT} ${PKGMESSAGE}
38		51
39	.include <bsd.port.mk>	52	.include <bsd.port.mk>




#!/bin/sh

if [ ! -r %%PREFIX%%/etc/freebsd-update.conf ] ; then
	echo "%%PREFIX%%/etc/freebsd-update.conf not found"
	exit 1
fi

case "$1" in
fetch)
	cd %%PREFIX%%/freebsd-update && make 				\
		CONFFILE=%%PREFIX%%/etc/freebsd-update.conf fetch-update;;
install)
	cd %%PREFIX%%/freebsd-update && make 				\
		CONFFILE=%%PREFIX%%/etc/freebsd-update.conf install-update;;
rollback)
	cd %%PREFIX%%/freebsd-update && make 				\
		CONFFILE=%%PREFIX%%/etc/freebsd-update.conf rollback-update;;
cron)
	cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES 	\
		CONFFILE=%%PREFIX%%/etc/freebsd-update.conf daily;;
*)
	echo "Usage: freebsd-update {fetch|install|rollback|cron}" >&2
	echo "  freebsd-update fetch:    Fetches updates" >&2




.Dd May 7, 2003
.Dt FREEBSD-UPDATE 8
.Os FreeBSD
.Sh NAME
.Nm freebsd-update
.Nd fetch and install binary security updates to FreeBSD
.Sh SYNOPSIS
.Nm
.Cm command
.Sh DESCRIPTION
The
.Nm
tool is used to fetch, install, and rollback
binary security updates to the FreeBSD base system.
.Sh OPTIONS
The
.Cm command
can be any one of the following:
.Pp
.Bl -tag -width "rollback" -compact
.It fetch
Based on the currently installed world, fetch all available
binary updates.  Any updates previously fetched but not
installed will be fetched again.
.Pp
.It install
Install the most recently fetched updates.
.Pp
.It rollback
Uninstall the most recently installed updates.
.Pp
.It cron
If any binary updates are available, fetch them and
send an email to root; otherwise, exit silently. As
the name suggests, this is intended for usage via
cron(8).
.Pp
.El
.Sh TIPS
.Bl -bullet
.It
If your clock is set to local time, adding the line
.Pp
.Dl 0 3 * * * root /usr/local/sbin/freebsd-update cron
.Pp
to /etc/crontab will check for updates every night.  If your
clock is set to UTC, please pick a random time instead of
3AM, or the server hosting the updates will be very unhappy.
.It
.Nm
.Cm cron
waits a random amount of time, up to an hour, before contacting
the server in order to reduce the risk of "flash crowds" resulting
from cron jobs.
.El
.Sh FILES
.Bl -tag -width "$PREFIX/etc/freebsd-update.conf"
.It $PREFIX/freebsd-update/work
Location of downloaded updates and backups of files
which have been updated.
.It $PREFIX/etc/freebsd-update.conf
Location of the freebsd-update configuration file.
.Sh SEE ALSO
.Xr freebsd-update.conf 5
.Sh AUTHORS
.An Colin Percival Aq cperciva@daemonology.net




.Dd May 7, 2003
.Dt FREEBSD-UPDATE.CONF 8
.Os FreeBSD
.Sh NAME
.Nm freebsd-update.conf
.Nd configuration file for freebsd-update
.Sh DESCRIPTION
The
.Nm
file controls where freebsd-update(8) fetches updates from, and
which RSA key should be trusted to sign the updates.
.Pp
A line of the form
.Dl URL=foobar
specifies the source from which updates should be fetched.  This
can be any type of URL suitable for fetch(1) -- in particular, HTTP,
FTP, and local paths are all permitted.
.Pp
A line of the form
.Dl KEYPRINT=0123456789ABCDEF0123456789ABCDEF
specifies the MD5 hash of the 2048 bit modulus belonging to an RSA
keypair which is trusted to sign updates.
.Pp
If more than one line of either of the above forms is included in
.Nm
then only the last one will take effect.  Any lines not of the above
forms will be ignored.
.Sh FILES
.Bl -tag -width "$PREFIX/etc/freebsd-update.conf"
.It $PREFIX/etc/freebsd-update.conf
Location of the freebsd-update configuration file.
.Sh SEE ALSO
.Xr fetch 1
.Xr freebsd-update 8
.Sh AUTHORS
.An Colin Percival Aq cperciva@daemonology.net





Before you can use this, you will have to create an update configuration
file specifying the server to fetch updates from and the trusted public
key fingerprint.

A sample configuration file has been installed in

       %%PREFIX%%/etc/freebsd-update.conf.sample

which will fetch updates built by the author.  If you trust the author
to securely build binary updates for you to blindly install on this
machine, copy that file to

       %%PREFIX%%/etc/freebsd-update.conf

otherwise, create that file as appropriate.

Lines 1-11 Link Here

(-)/usr/ports/security/freebsd-update/pkg-message (-11 lines)
1
2	Before you can use this, you will have to create an update configuration
3	file specifying the server to fetch updates from and the trusted public
4	key fingerprint.
5
6	Assuming you haven't changed ${PREFIX}, a sample configuration file is
7	installed in /usr/local/freebsd-update/update.conf.sample which will
8	fetch updates built by the author. If you trust the author to securely
9	build binary updates for you to blindly install on this machine, copy
10	that file to /usr/local/freebsd-update/update.conf -- otherwise, create
11	/usr/local/freebsd-update/update.conf as appropriate.

Lines 1-9 Link Here

(-)/usr/ports/security/freebsd-update/pkg-plist (-3 / +1 lines)
1	sbin/freebsd-update	1	sbin/freebsd-update
2	freebsd-update/Makefile	2	freebsd-update/Makefile
3	freebsd-update/README
4	freebsd-update/VERSION
5	freebsd-update/CHANGELOG	3	freebsd-update/CHANGELOG
6	freebsd-update/LICENSE	4	freebsd-update/LICENSE
7	freebsd-update/update.conf.sample	5	etc/freebsd-update.conf.sample
8	freebsd-update/verify	6	freebsd-update/verify
9	@dirrm freebsd-update	7	@dirrm freebsd-update

Return to bug 52244

Lines 1-14 Link Here

(-)/usr/ports/security/freebsd-update/files/freebsd-update (-4 / +13 lines)
1	#!/bin/sh	1	#!/bin/sh
2		2
		3	if [ ! -r %%PREFIX%%/etc/freebsd-update.conf ] ; then
		4	echo "%%PREFIX%%/etc/freebsd-update.conf not found"
		5	exit 1
		6	fi
		7
3	case "$1" in	8	case "$1" in
4	fetch)	9	fetch)
5	cd %%PREFIX%%/freebsd-update && make fetch-update;;	10	cd %%PREFIX%%/freebsd-update && make \
		11	CONFFILE=%%PREFIX%%/etc/freebsd-update.conf fetch-update;;
6	install)	12	install)
7	cd %%PREFIX%%/freebsd-update && make install-update;;	13	cd %%PREFIX%%/freebsd-update && make \
		14	CONFFILE=%%PREFIX%%/etc/freebsd-update.conf install-update;;
8	rollback)	15	rollback)
9	cd %%PREFIX%%/freebsd-update && make rollback-update;;	16	cd %%PREFIX%%/freebsd-update && make \
		17	CONFFILE=%%PREFIX%%/etc/freebsd-update.conf rollback-update;;
10	cron)	18	cron)
11	cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES daily;;	19	cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES \
		20	CONFFILE=%%PREFIX%%/etc/freebsd-update.conf daily;;
12	*)	21	*)
13	echo "Usage: freebsd-update {fetch\|install\|rollback\|cron}" >&2	22	echo "Usage: freebsd-update {fetch\|install\|rollback\|cron}" >&2
14	echo " freebsd-update fetch: Fetches updates" >&2	23	echo " freebsd-update fetch: Fetches updates" >&2

Line 0 Link Here

(-)/usr/ports/security/freebsd-update/files/freebsd-update.8 (+66 lines)
		1	.Dd May 7, 2003
		2	.Dt FREEBSD-UPDATE 8
		3	.Os FreeBSD
		4	.Sh NAME
		5	.Nm freebsd-update
		6	.Nd fetch and install binary security updates to FreeBSD
		7	.Sh SYNOPSIS
		8	.Nm
		9	.Cm command
		10	.Sh DESCRIPTION
		11	The
		12	.Nm
		13	tool is used to fetch, install, and rollback
		14	binary security updates to the FreeBSD base system.
		15	.Sh OPTIONS
		16	The
		17	.Cm command
		18	can be any one of the following:
		19	.Pp
		20	.Bl -tag -width "rollback" -compact
		21	.It fetch
		22	Based on the currently installed world, fetch all available
		23	binary updates. Any updates previously fetched but not
		24	installed will be fetched again.
		25	.Pp
		26	.It install
		27	Install the most recently fetched updates.
		28	.Pp
		29	.It rollback
		30	Uninstall the most recently installed updates.
		31	.Pp
		32	.It cron
		33	If any binary updates are available, fetch them and
		34	send an email to root; otherwise, exit silently. As
		35	the name suggests, this is intended for usage via
		36	cron(8).
		37	.Pp
		38	.El
		39	.Sh TIPS
		40	.Bl -bullet
		41	.It
		42	If your clock is set to local time, adding the line
		43	.Pp
		44	.Dl 0 3 * * * root /usr/local/sbin/freebsd-update cron
		45	.Pp
		46	to /etc/crontab will check for updates every night. If your
		47	clock is set to UTC, please pick a random time instead of
		48	3AM, or the server hosting the updates will be very unhappy.
		49	.It
		50	.Nm
		51	.Cm cron
		52	waits a random amount of time, up to an hour, before contacting
		53	the server in order to reduce the risk of "flash crowds" resulting
		54	from cron jobs.
		55	.El
		56	.Sh FILES
		57	.Bl -tag -width "$PREFIX/etc/freebsd-update.conf"
		58	.It $PREFIX/freebsd-update/work
		59	Location of downloaded updates and backups of files
		60	which have been updated.
		61	.It $PREFIX/etc/freebsd-update.conf
		62	Location of the freebsd-update configuration file.
		63	.Sh SEE ALSO
		64	.Xr freebsd-update.conf 5
65	.Sh AUTHORS
66	.An Colin Percival Aq cperciva@daemonology.net

Line 0 Link Here

(-)/usr/ports/security/freebsd-update/files/freebsd-update.conf.5 (+36 lines)
	1	.Dd May 7, 2003
	2	.Dt FREEBSD-UPDATE.CONF 8
	3	.Os FreeBSD
	4	.Sh NAME
	5	.Nm freebsd-update.conf
	6	.Nd configuration file for freebsd-update
	7	.Sh DESCRIPTION
	8	The
	9	.Nm
	10	file controls where freebsd-update(8) fetches updates from, and
	11	which RSA key should be trusted to sign the updates.
	12	.Pp
	13	A line of the form
	14	.Dl URL=foobar
	15	specifies the source from which updates should be fetched. This
	16	can be any type of URL suitable for fetch(1) -- in particular, HTTP,
	17	FTP, and local paths are all permitted.
	18	.Pp
	19	A line of the form
	20	.Dl KEYPRINT=0123456789ABCDEF0123456789ABCDEF
	21	specifies the MD5 hash of the 2048 bit modulus belonging to an RSA
	22	keypair which is trusted to sign updates.
	23	.Pp
	24	If more than one line of either of the above forms is included in
	25	.Nm
	26	then only the last one will take effect. Any lines not of the above
	27	forms will be ignored.
	28	.Sh FILES
	29	.Bl -tag -width "$PREFIX/etc/freebsd-update.conf"
	30	.It $PREFIX/etc/freebsd-update.conf
	31	Location of the freebsd-update configuration file.
	32	.Sh SEE ALSO
	33	.Xr fetch 1
	34	.Xr freebsd-update 8
	35	.Sh AUTHORS
	36	.An Colin Percival Aq cperciva@daemonology.net