Attachment #113439 for bug #154986

View | Details | Raw Unified | Return to bug 154986
Collapse All | Expand All

Lines 17-22 Link Here

(-)freebsd-update-server/Makefile (+6 lines)
17	SRCS= article.sgml	17	SRCS= article.sgml
18	SRCS+= ${EXTRAS}	18	SRCS+= ${EXTRAS}
19		19
		20	IMAGES_LIB+= callouts/1.png
		21	IMAGES_LIB+= callouts/2.png
		22	IMAGES_LIB+= callouts/3.png
		23	IMAGES_LIB+= callouts/4.png
		24	IMAGES_LIB+= callouts/5.png
		25
20	afterinstall:	26	afterinstall:
21	.for entry in ${EXTRAS}	27	.for entry in ${EXTRAS}
22	${INSTALL_DOCS} ${.CURDIR}/${entry} ${DESTDIR}	28	${INSTALL_DOCS} ${.CURDIR}/${entry} ${DESTDIR}




      Running a &fbus.ap; makes it easier to deploy security and software
      patches to selected test machines before rolling them out to
      production.  It also means a number of systems can be updated from the
      local network rather than a potentially slower Internet connection.
      This article outlines the steps involved in creating an internal
      &fbus.ap;.</para>
  </sect1>

    <para>Here is the default <filename>build.conf</filename>, which should
      be modified to suit your environment.</para>

    <informalexample> <programlisting>

# Main configuration file for FreeBSD Update builds.  The
# release-specific configuration data is lower down in
# the scripts tree.

# Location from which to fetch releases
export FTP=ftp://ftp2.freebsd.org/pub/FreeBSD/releases<co id="ftp-id">

# Host platform
export HOSTPLATFORM=`uname -m`

# Host name to use inside jails
export BUILDHOSTNAME=${HOSTPLATFORM}-builder.daemonology.net<co id="buildhost-id">

# Location of SSH key
export SSHKEY=/root/.ssh/id_dsa<co id="sshkey-id">

# SSH account into which files are uploaded
MASTERACCT=builder@wadham.daemonology.net<co id="mstacct-id">

# Directory into which files are uploaded
MASTERDIR=update-master.freebsd.org<co id="mstdir-id">
</programlisting>
</informalexample>


    <para>Parameters for consideration would be:</para>

   <calloutlist>
      <callout arearefs="ftp-id">
	<term><literal>FTP</literal></term>

	<listitem>
	  <para>This is the location where ISO images are downloaded from (by
	    the <function>fetchiso()</function> subroutine
	    of <filename>scripts/build.subr</filename>).  The location

	    architecture-specific area
	    at <filename>scripts/RELEASE/ARCHITECTURE/build.subr</filename>
	    and applying local changes.</para>
	</callout>
      </varlistentry>

      <varlistentry>
	<term><literal>BUILDHOSTNAME</literal></term>

	<callout arearefs="buildhost-id">
	  <para>The name of the build host.  This information will be
	    displayed on updated systems when issuing:</para>

	  <screen>&prompt.user; <userinput>uname -v</userinput></screen>
	</callout>
      </varlistentry>

      <varlistentry>
	<term><literal>SSHKEY</literal></term>

	<callout arearefs="sshkey-id">
	  <para>The <application>SSH</application> key for uploading files to
	    the update server.  A key pair can be created by
	    typing <command>ssh-keygen -t dsa</command>.  This parameter is

	  <para>The &man.ssh-keygen.1; manual page has more detailed
	    information about <application>SSH</application> and the
	    appropriate steps for creating and using one.</para>
	</callout>
      </varlistentry>

	<callout arearefs="mstacct-id">
	<term><literal>MASTERACCT</literal></term>

	<listitem>
	  <para>Account for uploading files to the update
	    server.</para>
	</callout>
      </varlistentry>

      <varlistentry>
	<term><literal>MASTERDIR</literal></term>

	<callout arearefs="mstdir-id">
	  <para>Directory on the update server where files are uploaded
	    to.</para>
	</callout>
    </calloutlist>
    </variablelist>

    <para>The default <filename>build.conf</filename> file shipped with
      the <application>freebsd-update-server</application> sources is

	  options for &os; 7.2-RELEASE on &arch.amd64; should be similar
	  to:</para>

	<informalexample>
	<programlisting># SHA256 hash of RELEASE disc1.iso image.
export RELH=1ea1f6f652d7c5f5eab7ef9f8edbed50cb664b08ed761850f95f48e86cc71ef5<co id="sha256-id">

# Components of the world, source, and kernels
	  <para>The &man.sha256.1; hash key for the desired release, is
	    published within the respective <ulink
	      url="&url.base;/releases/">release announcement</ulink>.</para>
	</note>

	<programlisting># Components of the world, source, and kernels
export WORLDPARTS="base catpages dict doc games info manpages proflibs lib32"
export SOURCEPARTS="base bin contrib crypto etc games gnu include krb5  \
                lib libexec release rescue sbin secure share sys tools  \

export KERNELPARTS="generic"

# EOL date
export EOL=1275289200<co id="eol-id"></programlisting></informalexample>

   <calloutlist>
      <callout arearefs="sha256-id">
	  <para>The &man.sha256.1; hash key for the desired release, is
	    published within the respective <ulink
	      url="&url.base;/releases/">release announcement</ulink>.</para>
      </callout>

      <callout arearefs="eol-id">
	  <para>To generate the "End of Life" number for
	    <filename>build.conf</filename>, refer to the "Estimated
	    EOL" posted on the <ulink

	      Security Website</ulink>.  The value
	    of <literal>EOL</literal> can be derived from the date listed on
	    the web site, using the &man.date.1; utility, for example:</para>

	  <screen>&prompt.user; <userinput>date -j -f '%Y%m%d-%H%M%S' '20090401-000000' '+%s'</userinput></screen>
	</callout>
   </calloutlist>
      </step>
    </procedure>
  </sect1>

	    url="&url.books.handbook;/firewalls.html">firewall</ulink>
	  rule to block outgoing RST packets.  Due to a bug noted <ulink
	    url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink>
	  on the &a.stable; in April 2009, there may be
	  time-outs and failures when updating a system.</para>
      </listitem>

Return to bug 154986

Lines 62-68 Link Here

(-)freebsd-update-server/article.sgml (-51 / +37 lines)
62	Running a &fbus.ap; makes it easier to deploy security and software	62	Running a &fbus.ap; makes it easier to deploy security and software
63	patches to selected test machines before rolling them out to	63	patches to selected test machines before rolling them out to
64	production. It also means a number of systems can be updated from the	64	production. It also means a number of systems can be updated from the
65	local network rather than a much slower Internet connection.	65	local network rather than a potentially slower Internet connection.
66	This article outlines the steps involved in creating an internal	66	This article outlines the steps involved in creating an internal
67	&fbus.ap;.</para>	67	&fbus.ap;.</para>
68	</sect1>	68	</sect1>
Lines 127-163 Link Here
127	<para>Here is the default <filename>build.conf</filename>, which should	127	<para>Here is the default <filename>build.conf</filename>, which should
128	be modified to suit your environment.</para>	128	be modified to suit your environment.</para>
129		129
130	<programlisting>	130	<informalexample> <programlisting>
131		131
132	# Main configuration file for FreeBSD Update builds. The	132	# Main configuration file for FreeBSD Update builds. The
133	# release-specific configuration data is lower down in	133	# release-specific configuration data is lower down in
134	# the scripts tree.	134	# the scripts tree.
135		135
136	# Location from which to fetch releases	136	# Location from which to fetch releases
137	export FTP=ftp://ftp2.freebsd.org/pub/FreeBSD/releases	137	export FTP=ftp://ftp2.freebsd.org/pub/FreeBSD/releases<co id="ftp-id">
138		138
139	# Host platform	139	# Host platform
140	export HOSTPLATFORM=`uname -m`	140	export HOSTPLATFORM=`uname -m`
141		141
142	# Host name to use inside jails	142	# Host name to use inside jails
143	export BUILDHOSTNAME=${HOSTPLATFORM}-builder.daemonology.net	143	export BUILDHOSTNAME=${HOSTPLATFORM}-builder.daemonology.net<co id="buildhost-id">
144		144
145	# Location of SSH key	145	# Location of SSH key
146	export SSHKEY=/root/.ssh/id_dsa	146	export SSHKEY=/root/.ssh/id_dsa<co id="sshkey-id">
147		147
148	# SSH account into which files are uploaded	148	# SSH account into which files are uploaded
149	MASTERACCT=builder@wadham.daemonology.net	149	MASTERACCT=builder@wadham.daemonology.net<co id="mstacct-id">
150		150
151	# Directory into which files are uploaded	151	# Directory into which files are uploaded
152	MASTERDIR=update-master.freebsd.org</programlisting>	152	MASTERDIR=update-master.freebsd.org<co id="mstdir-id">
		153	</programlisting>
		154	</informalexample>
		155
153		156
154	<para>Parameters for consideration would be:</para>	157	<para>Parameters for consideration would be:</para>
155		158
156	<variablelist>	159	<calloutlist>
157	<varlistentry>	160	<callout arearefs="ftp-id">
158	<term><literal>FTP</literal></term>
159		161
160	<listitem>
161	<para>This is the location where ISO images are downloaded from (by	162	<para>This is the location where ISO images are downloaded from (by
162	the <function>fetchiso()</function> subroutine	163	the <function>fetchiso()</function> subroutine
163	of <filename>scripts/build.subr</filename>). The location	164	of <filename>scripts/build.subr</filename>). The location
Lines 171-194 Link Here
171	architecture-specific area	172	architecture-specific area
172	at <filename>scripts/RELEASE/ARCHITECTURE/build.subr</filename>	173	at <filename>scripts/RELEASE/ARCHITECTURE/build.subr</filename>
173	and applying local changes.</para>	174	and applying local changes.</para>
174	</listitem>	175	</callout>
175	</varlistentry>
176
177	<varlistentry>
178	<term><literal>BUILDHOSTNAME</literal></term>
179		176
180	<listitem>	177	<callout arearefs="buildhost-id">
181	<para>The name of the build host. This information will be	178	<para>The name of the build host. This information will be
182	displayed on updated systems when issuing:</para>	179	displayed on updated systems when issuing:</para>
183		180
184	<screen>&prompt.user; <userinput>uname -v</userinput></screen>	181	<screen>&prompt.user; <userinput>uname -v</userinput></screen>
185	</listitem>	182	</callout>
186	</varlistentry>
187
188	<varlistentry>
189	<term><literal>SSHKEY</literal></term>
190		183
191	<listitem>	184	<callout arearefs="sshkey-id">
192	<para>The <application>SSH</application> key for uploading files to	185	<para>The <application>SSH</application> key for uploading files to
193	the update server. A key pair can be created by	186	the update server. A key pair can be created by
194	typing <command>ssh-keygen -t dsa</command>. This parameter is	187	typing <command>ssh-keygen -t dsa</command>. This parameter is
Lines 199-225 Link Here
199	<para>The &man.ssh-keygen.1; manual page has more detailed	192	<para>The &man.ssh-keygen.1; manual page has more detailed
200	information about <application>SSH</application> and the	193	information about <application>SSH</application> and the
201	appropriate steps for creating and using one.</para>	194	appropriate steps for creating and using one.</para>
202	</listitem>	195	</callout>
203	</varlistentry>
204		196
205	<varlistentry>	197	<callout arearefs="mstacct-id">
206	<term><literal>MASTERACCT</literal></term>
207
208	<listitem>
209	<para>Account for uploading files to the update	198	<para>Account for uploading files to the update
210	server.</para>	199	server.</para>
211	</listitem>	200	</callout>
212	</varlistentry>
213
214	<varlistentry>
215	<term><literal>MASTERDIR</literal></term>
216		201
217	<listitem>	202	<callout arearefs="mstdir-id">
218	<para>Directory on the update server where files are uploaded	203	<para>Directory on the update server where files are uploaded
219	to.</para>	204	to.</para>
220	</listitem>	205	</callout>
221	</varlistentry>	206	</calloutlist>
222	</variablelist>
223		207
224	<para>The default <filename>build.conf</filename> file shipped with	208	<para>The default <filename>build.conf</filename> file shipped with
225	the <application>freebsd-update-server</application> sources is	209	the <application>freebsd-update-server</application> sources is
Lines 242-257 Link Here
242	options for &os; 7.2-RELEASE on &arch.amd64; should be similar	226	options for &os; 7.2-RELEASE on &arch.amd64; should be similar
243	to:</para>	227	to:</para>
244		228
		229	<informalexample>
245	<programlisting># SHA256 hash of RELEASE disc1.iso image.	230	<programlisting># SHA256 hash of RELEASE disc1.iso image.
246	export RELH=1ea1f6f652d7c5f5eab7ef9f8edbed50cb664b08ed761850f95f48e86cc71ef5</programlisting>	231	export RELH=1ea1f6f652d7c5f5eab7ef9f8edbed50cb664b08ed761850f95f48e86cc71ef5<co id="sha256-id">
247		232
248	<note>	233	# Components of the world, source, and kernels
249	<para>The &man.sha256.1; hash key for the desired release, is
250	published within the respective <ulink
251	url="&url.base;/releases/">release announcement</ulink>.</para>
252	</note>
253
254	<programlisting># Components of the world, source, and kernels
255	export WORLDPARTS="base catpages dict doc games info manpages proflibs lib32"	234	export WORLDPARTS="base catpages dict doc games info manpages proflibs lib32"
256	export SOURCEPARTS="base bin contrib crypto etc games gnu include krb5 \	235	export SOURCEPARTS="base bin contrib crypto etc games gnu include krb5 \
257	lib libexec release rescue sbin secure share sys tools \	236	lib libexec release rescue sbin secure share sys tools \
Lines 259-267 Link Here
259	export KERNELPARTS="generic"	238	export KERNELPARTS="generic"
260		239
261	# EOL date	240	# EOL date
262	export EOL=1275289200</programlisting>	241	export EOL=1275289200<co id="eol-id"></programlisting></informalexample>
263		242
264	<note>	243	<calloutlist>
		244	<callout arearefs="sha256-id">
		245	<para>The &man.sha256.1; hash key for the desired release, is
		246	published within the respective <ulink
		247	url="&url.base;/releases/">release announcement</ulink>.</para>
		248	</callout>
		249
		250	<callout arearefs="eol-id">
265	<para>To generate the "End of Life" number for	251	<para>To generate the "End of Life" number for
266	<filename>build.conf</filename>, refer to the "Estimated	252	<filename>build.conf</filename>, refer to the "Estimated
267	EOL" posted on the <ulink	253	EOL" posted on the <ulink
Lines 269-277 Link Here
269	Security Website</ulink>. The value	255	Security Website</ulink>. The value
270	of <literal>EOL</literal> can be derived from the date listed on	256	of <literal>EOL</literal> can be derived from the date listed on
271	the web site, using the &man.date.1; utility, for example:</para>	257	the web site, using the &man.date.1; utility, for example:</para>
272
273	<screen>&prompt.user; <userinput>date -j -f '%Y%m%d-%H%M%S' '20090401-000000' '+%s'</userinput></screen>	258	<screen>&prompt.user; <userinput>date -j -f '%Y%m%d-%H%M%S' '20090401-000000' '+%s'</userinput></screen>
274	</note>	259	</callout>
		260	</calloutlist>
275	</step>	261	</step>
276	</procedure>	262	</procedure>
277	</sect1>	263	</sect1>
Lines 818-824 Link Here
818	url="&url.books.handbook;/firewalls.html">firewall</ulink>	804	url="&url.books.handbook;/firewalls.html">firewall</ulink>
819	rule to block outgoing RST packets. Due to a bug noted <ulink	805	rule to block outgoing RST packets. Due to a bug noted <ulink
820	url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink>	806	url="http://lists.freebsd.org/pipermail/freebsd-stable/2009-April/049578.html">in a posting</ulink>
821	on the &a.stable; mailing list in April 2009, there may be	807	on the &a.stable; in April 2009, there may be
822	time-outs and failures when updating a system.</para>	808	time-outs and failures when updating a system.</para>
823	</listitem>	809	</listitem>