mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-26 04:54:07 +01:00
Add FreeBSD Update 2.0 client code. The build code is in the projects
repository. Sponsored by: FreeBSD security development fundraiser
This commit is contained in:
parent
43109e5833
commit
48ffe56ac5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=161748
@ -118,6 +118,7 @@ pkg_install krion Pre-commit review or approval from portmgr@ requested.
|
||||
linux emul emulation Please discuss changes here.
|
||||
bs{diff,patch} cperciva Pre-commit review requested.
|
||||
portsnap cperciva Pre-commit review requested.
|
||||
freebsd-update cperciva Pre-commit review requested.
|
||||
sys/netgraph/bluetooth emax Pre-commit review preferred.
|
||||
lib/libbluetooth emax Pre-commit review preferred.
|
||||
lib/libsdp emax Pre-commit review preferred.
|
||||
|
@ -9,7 +9,8 @@ SUBDIR= sendmail
|
||||
|
||||
BIN1= amd.map apmd.conf auth.conf \
|
||||
crontab csh.cshrc csh.login csh.logout devd.conf devfs.conf \
|
||||
dhclient.conf disktab fbtab ftpusers gettytab group \
|
||||
dhclient.conf disktab fbtab freebsd-update.conf \
|
||||
ftpusers gettytab group \
|
||||
hosts hosts.allow hosts.equiv hosts.lpd \
|
||||
inetd.conf login.access login.conf mac.conf motd \
|
||||
netconfig network.subr networks newsyslog.conf nsswitch.conf \
|
||||
|
48
etc/freebsd-update.conf
Normal file
48
etc/freebsd-update.conf
Normal file
@ -0,0 +1,48 @@
|
||||
# $FreeBSD$
|
||||
|
||||
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
||||
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
||||
# change it and explaining why.
|
||||
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
|
||||
|
||||
# Server or server pool from which to fetch updates. You can change
|
||||
# this to point at a specific server if you want, but in most cases
|
||||
# using a "nearby" server won't provide a measurable improvement in
|
||||
# performance.
|
||||
ServerName update.FreeBSD.org
|
||||
|
||||
# Components of the base system which should be kept updated.
|
||||
Components src world kernel
|
||||
|
||||
# Example for updating the userland and the kernel source code only:
|
||||
# Components src/base src/sys world
|
||||
|
||||
# Paths which start with anything matching an entry in an IgnorePaths
|
||||
# statement will be ignored.
|
||||
IgnorePaths
|
||||
|
||||
# Paths which start with anything matching an entry in an UpdateIfUnmodified
|
||||
# statement will only be updated if the contents of the file have not been
|
||||
# modified by the user.
|
||||
UpdateIfUnmodified /etc/ /var/
|
||||
|
||||
### Default configuration options:
|
||||
|
||||
# Directory in which to store downloaded updates and temporary
|
||||
# files used by FreeBSD Update.
|
||||
# WorkDir /var/db/freebsd-update
|
||||
|
||||
# Destination to send output of "freebsd-update cron" if an error
|
||||
# occurs or updates have been downloaded.
|
||||
# MailTo root
|
||||
|
||||
# Is FreeBSD Update allowed to create new files?
|
||||
# AllowAdd yes
|
||||
|
||||
# Is FreeBSD Update allowed to delete files?
|
||||
# AllowDelete yes
|
||||
|
||||
# If the user has modified file ownership, permissions, or flags, should
|
||||
# FreeBSD Update retain this modified metadata when installing a new version
|
||||
# of that file?
|
||||
# KeepModifiedMetadata yes
|
@ -32,6 +32,8 @@
|
||||
db
|
||||
entropy uname=operator gname=operator mode=0700
|
||||
..
|
||||
freebsd-update
|
||||
..
|
||||
ipf mode=0700
|
||||
..
|
||||
pkg
|
||||
|
@ -23,6 +23,7 @@ MAN= acct.5 \
|
||||
fbtab.5 \
|
||||
fdescfs.5 \
|
||||
forward.5 \
|
||||
freebsd-update.conf.5 \
|
||||
fs.5 \
|
||||
fstab.5 \
|
||||
group.5 \
|
||||
|
151
share/man/man5/freebsd-update.conf.5
Normal file
151
share/man/man5/freebsd-update.conf.5
Normal file
@ -0,0 +1,151 @@
|
||||
.\"-
|
||||
.\" Copyright 2006 Colin Percival
|
||||
.\" All rights reserved
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted providing that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd August 30, 2006
|
||||
.Dt FREEBSD-UPDATE.CONF 5
|
||||
.Os FreeBSD
|
||||
.Sh NAME
|
||||
.Nm freebsd-update.conf
|
||||
.Nd configuration file for
|
||||
.Xr freebsd-update 8
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
file controls the behaviour of the
|
||||
.Xr freebsd-update 8
|
||||
utility.
|
||||
The file contains lines consisting of a case-sensitive option name and
|
||||
zero or more parameters.
|
||||
Empty lines and any part of a line following a
|
||||
.Ql #
|
||||
character are ignored.
|
||||
Unless stated otherwise, specifying an option multiple times is an
|
||||
error.
|
||||
.Pp
|
||||
The possible options and their meanings are as follows:
|
||||
.Pp
|
||||
.Bl -tag -width "KeepModifiedMetadata"
|
||||
.It Cm KeyPrint
|
||||
The single parameter following this keyword is the SHA256 hash
|
||||
of the RSA key which will be trusted to sign updates.
|
||||
.It Cm ServerName
|
||||
The single parameter following this keyword is the name of the
|
||||
server or server pool from which updates will be downloaded.
|
||||
.It Cm Components
|
||||
The parameters following this keyword are the components or
|
||||
sub-components of
|
||||
.Fx
|
||||
which will be updated. The components are
|
||||
.Dq src
|
||||
(source code),
|
||||
.Dq world
|
||||
(non-kernel binaries), and
|
||||
.Dq kernel ;
|
||||
the sub-components are the individual distribution sets generated as
|
||||
part of the release process (e.g.,
|
||||
.Dq src/base ,
|
||||
.Dq src/sys ,
|
||||
.Dq world/base ,
|
||||
.Dq world/catpages ,
|
||||
.Dq kernel/smp ) .
|
||||
Note that prior to
|
||||
.Fx 6.1 ,
|
||||
the
|
||||
.Dq kernel
|
||||
component was distributed as part of
|
||||
.Dq world/base .
|
||||
.Pp
|
||||
This option can be specified multiple times, and the parameters
|
||||
accumulate.
|
||||
.It Cm IgnorePaths
|
||||
The parameters following this keyword are regular expressions;
|
||||
updates to paths which start with a string matching one of
|
||||
these regular expressions will be ignored.
|
||||
.Pp
|
||||
This option can be specified multiple times, and the parameters
|
||||
accumulate.
|
||||
.It Cm UpdateIfUnmodified
|
||||
The parameters following this keyword are regular expressions;
|
||||
updates to paths which start with a string matching one of
|
||||
these regular expressions will be ignored if the files have
|
||||
been modified locally.
|
||||
.Pp
|
||||
This option can be specified multiple times, and the parameters
|
||||
accumulate.
|
||||
.It Cm WorkDir
|
||||
The single parameter following this keyword is the directory
|
||||
in which temporary files and downloaded updates will be stored.
|
||||
.It Cm MailTo
|
||||
The single parameter following this keyword is the address
|
||||
to which
|
||||
.Cm cron
|
||||
output will be mailed.
|
||||
.It Cm AllowAdd
|
||||
The single parameter following this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no
|
||||
and specifies whether
|
||||
.Cm freebsd-update
|
||||
is allowed to create new files, directories, and symlinks if
|
||||
these are part of updates downloaded. Note that
|
||||
.Cm freebsd-update
|
||||
will not re-add files which have been deleted from a
|
||||
.Fx
|
||||
installation unless those files were previously added as part
|
||||
of an update.
|
||||
.It Cm AllowDelete
|
||||
The single parameter following this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no
|
||||
and specifies whether
|
||||
.Cm freebsd-update
|
||||
is allowed to delete files, directories, and symlinks as
|
||||
part of updates downloaded.
|
||||
.It Cm KeepModifiedMetadata
|
||||
The single parameter following this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no
|
||||
and specifies whether
|
||||
.Cm freebsd-update
|
||||
should keep existing file ownership, permissions, and flags
|
||||
when installing updates if these have been modified locally.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width "/etc/freebsd-update.conf"
|
||||
.It /etc/freebsd-update.conf
|
||||
Default location of the
|
||||
.Cm freebsd-update
|
||||
configuration file.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr freebsd-update 8
|
||||
.Xr sha256 8
|
||||
.Sh AUTHORS
|
||||
.An Colin Percival Aq cperciva@FreeBSD.org
|
@ -55,6 +55,7 @@ SUBDIR= ac \
|
||||
fdread \
|
||||
fdwrite \
|
||||
flowctl \
|
||||
freebsd-update \
|
||||
fwcontrol \
|
||||
getfmac \
|
||||
getpmac \
|
||||
|
6
usr.sbin/freebsd-update/Makefile
Normal file
6
usr.sbin/freebsd-update/Makefile
Normal file
@ -0,0 +1,6 @@
|
||||
# $FreeBSD$
|
||||
|
||||
SCRIPTS=freebsd-update.sh
|
||||
MAN8= freebsd-update.8
|
||||
|
||||
.include <bsd.prog.mk>
|
137
usr.sbin/freebsd-update/freebsd-update.8
Normal file
137
usr.sbin/freebsd-update/freebsd-update.8
Normal file
@ -0,0 +1,137 @@
|
||||
.\"-
|
||||
.\" Copyright 2006 Colin Percival
|
||||
.\" All rights reserved
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted providing that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
||||
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd August 30, 2006
|
||||
.Dt FREEBSD-UPDATE 8
|
||||
.Os FreeBSD
|
||||
.Sh NAME
|
||||
.Nm freebsd-update
|
||||
.Nd fetch and install binary updates to FreeBSD
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl b Ar basedir
|
||||
.Op Fl d Ar workdir
|
||||
.Op Fl f Ar conffile
|
||||
.Op Fl k Ar KEY
|
||||
.Op Fl s Ar server
|
||||
.Op Fl t Ar address
|
||||
.Cm command ...
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
tool is used to fetch, install, and rollback binary
|
||||
updates to the FreeBSD base system.
|
||||
.Sh OPTIONS
|
||||
The following options are supported
|
||||
.Bl -tag -width "-f conffile"
|
||||
.It Fl b Ar basedir
|
||||
Operate on a system mounted at
|
||||
.Ar basedir .
|
||||
(default:
|
||||
.Pa / ,
|
||||
or as given in the configuration file.)
|
||||
.It Fl d Ar workdir
|
||||
Store working files in
|
||||
.Ar workdir .
|
||||
(default:
|
||||
.Pa /var/db/freebsd-update/ ,
|
||||
or as given in the configuration file.)
|
||||
.It Fl f Ar conffile
|
||||
Read configuration options from
|
||||
.Ar conffile .
|
||||
(default:
|
||||
.Pa /etc/freebsd-update.conf )
|
||||
.It Fl k Ar KEY
|
||||
Trust an RSA key with SHA256 of
|
||||
.Ar KEY .
|
||||
(default: read value from configuration file.)
|
||||
.It Fl s Ar server
|
||||
Fetch files from the specified server or server pool.
|
||||
(default: read value from configuration file.)
|
||||
.It Fl t Ar address
|
||||
Mail output of
|
||||
.Cm cron
|
||||
command, if any, to
|
||||
.Ar address .
|
||||
(default: root, or as given in the configuration file.)
|
||||
.El
|
||||
.Sh COMMANDS
|
||||
The
|
||||
.Cm command
|
||||
can be any one of the following:
|
||||
.Pp
|
||||
.Bl -tag -width "-f conffile"
|
||||
.It Cm fetch
|
||||
Based on the currently installed world and the configuration
|
||||
options set, fetch all available binary updates.
|
||||
.It Cm cron
|
||||
Sleep a random amount of time between 1 and 3600 seconds,
|
||||
then download updates as if the
|
||||
.Cm fetch
|
||||
command was used.
|
||||
If updates are downloaded, an email will be sent
|
||||
(to root or a different address if specified via the
|
||||
.Fl t
|
||||
option or in the configuration file).
|
||||
As the name suggests, this command is designed for running
|
||||
from
|
||||
.Xr cron 8 ;
|
||||
the random delay serves to minimize the probability that
|
||||
a large number of machines will simultaneously attempt to
|
||||
fetch updates.
|
||||
.It Cm install
|
||||
Install the most recently fetched updates.
|
||||
.It Cm rollback
|
||||
Uninstall the most recently installed updates.
|
||||
.El
|
||||
.Sh TIPS
|
||||
.Bl -bullet
|
||||
.It
|
||||
If your clock is set to local time, adding the line
|
||||
.Pp
|
||||
.Dl 0 3 * * * root /usr/sbin/freebsd-update cron
|
||||
.Pp
|
||||
to /etc/crontab will check for updates every night.
|
||||
If your block is set to UTC, please pick a random time
|
||||
other than 3AM, to avoid overly imposing an uneven load
|
||||
on the server(s) hosting the updates.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width "/etc/freebsd-update.conf"
|
||||
.It /etc/freebsd-update.conf
|
||||
Default location of the
|
||||
.Nm
|
||||
configuration file.
|
||||
.It /var/db/freebsd-update/
|
||||
Default location where
|
||||
.Nm
|
||||
stores temporary files and downloaded updates.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr freebsd-update.conf 5
|
||||
.Sh AUTHORS
|
||||
.An Colin Percival Aq cperciva@FreeBSD.org
|
1932
usr.sbin/freebsd-update/freebsd-update.sh
Normal file
1932
usr.sbin/freebsd-update/freebsd-update.sh
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user