Add FreeBSD Update 2.0 client code. The build code is in the projects

repository.

Sponsored by:	FreeBSD security development fundraiser
This commit is contained in:
Colin Percival 2006-08-31 09:51:34 +00:00
parent 43109e5833
commit 48ffe56ac5
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=161748
10 changed files with 2281 additions and 1 deletions

View File

@ -118,6 +118,7 @@ pkg_install krion Pre-commit review or approval from portmgr@ requested.
linux emul emulation Please discuss changes here.
bs{diff,patch} cperciva Pre-commit review requested.
portsnap cperciva Pre-commit review requested.
freebsd-update cperciva Pre-commit review requested.
sys/netgraph/bluetooth emax Pre-commit review preferred.
lib/libbluetooth emax Pre-commit review preferred.
lib/libsdp emax Pre-commit review preferred.

View File

@ -9,7 +9,8 @@ SUBDIR= sendmail
BIN1= amd.map apmd.conf auth.conf \
crontab csh.cshrc csh.login csh.logout devd.conf devfs.conf \
dhclient.conf disktab fbtab ftpusers gettytab group \
dhclient.conf disktab fbtab freebsd-update.conf \
ftpusers gettytab group \
hosts hosts.allow hosts.equiv hosts.lpd \
inetd.conf login.access login.conf mac.conf motd \
netconfig network.subr networks newsyslog.conf nsswitch.conf \

48
etc/freebsd-update.conf Normal file
View File

@ -0,0 +1,48 @@
# $FreeBSD$
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user.
UpdateIfUnmodified /etc/ /var/
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes

View File

@ -32,6 +32,8 @@
db
entropy uname=operator gname=operator mode=0700
..
freebsd-update
..
ipf mode=0700
..
pkg

View File

@ -23,6 +23,7 @@ MAN= acct.5 \
fbtab.5 \
fdescfs.5 \
forward.5 \
freebsd-update.conf.5 \
fs.5 \
fstab.5 \
group.5 \

View File

@ -0,0 +1,151 @@
.\"-
.\" Copyright 2006 Colin Percival
.\" All rights reserved
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted providing that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd August 30, 2006
.Dt FREEBSD-UPDATE.CONF 5
.Os FreeBSD
.Sh NAME
.Nm freebsd-update.conf
.Nd configuration file for
.Xr freebsd-update 8
.Sh DESCRIPTION
The
.Nm
file controls the behaviour of the
.Xr freebsd-update 8
utility.
The file contains lines consisting of a case-sensitive option name and
zero or more parameters.
Empty lines and any part of a line following a
.Ql #
character are ignored.
Unless stated otherwise, specifying an option multiple times is an
error.
.Pp
The possible options and their meanings are as follows:
.Pp
.Bl -tag -width "KeepModifiedMetadata"
.It Cm KeyPrint
The single parameter following this keyword is the SHA256 hash
of the RSA key which will be trusted to sign updates.
.It Cm ServerName
The single parameter following this keyword is the name of the
server or server pool from which updates will be downloaded.
.It Cm Components
The parameters following this keyword are the components or
sub-components of
.Fx
which will be updated. The components are
.Dq src
(source code),
.Dq world
(non-kernel binaries), and
.Dq kernel ;
the sub-components are the individual distribution sets generated as
part of the release process (e.g.,
.Dq src/base ,
.Dq src/sys ,
.Dq world/base ,
.Dq world/catpages ,
.Dq kernel/smp ) .
Note that prior to
.Fx 6.1 ,
the
.Dq kernel
component was distributed as part of
.Dq world/base .
.Pp
This option can be specified multiple times, and the parameters
accumulate.
.It Cm IgnorePaths
The parameters following this keyword are regular expressions;
updates to paths which start with a string matching one of
these regular expressions will be ignored.
.Pp
This option can be specified multiple times, and the parameters
accumulate.
.It Cm UpdateIfUnmodified
The parameters following this keyword are regular expressions;
updates to paths which start with a string matching one of
these regular expressions will be ignored if the files have
been modified locally.
.Pp
This option can be specified multiple times, and the parameters
accumulate.
.It Cm WorkDir
The single parameter following this keyword is the directory
in which temporary files and downloaded updates will be stored.
.It Cm MailTo
The single parameter following this keyword is the address
to which
.Cm cron
output will be mailed.
.It Cm AllowAdd
The single parameter following this keyword must be
.Dq yes
or
.Dq no
and specifies whether
.Cm freebsd-update
is allowed to create new files, directories, and symlinks if
these are part of updates downloaded. Note that
.Cm freebsd-update
will not re-add files which have been deleted from a
.Fx
installation unless those files were previously added as part
of an update.
.It Cm AllowDelete
The single parameter following this keyword must be
.Dq yes
or
.Dq no
and specifies whether
.Cm freebsd-update
is allowed to delete files, directories, and symlinks as
part of updates downloaded.
.It Cm KeepModifiedMetadata
The single parameter following this keyword must be
.Dq yes
or
.Dq no
and specifies whether
.Cm freebsd-update
should keep existing file ownership, permissions, and flags
when installing updates if these have been modified locally.
.El
.Sh FILES
.Bl -tag -width "/etc/freebsd-update.conf"
.It /etc/freebsd-update.conf
Default location of the
.Cm freebsd-update
configuration file.
.El
.Sh SEE ALSO
.Xr freebsd-update 8
.Xr sha256 8
.Sh AUTHORS
.An Colin Percival Aq cperciva@FreeBSD.org

View File

@ -55,6 +55,7 @@ SUBDIR= ac \
fdread \
fdwrite \
flowctl \
freebsd-update \
fwcontrol \
getfmac \
getpmac \

View File

@ -0,0 +1,6 @@
# $FreeBSD$
SCRIPTS=freebsd-update.sh
MAN8= freebsd-update.8
.include <bsd.prog.mk>

View File

@ -0,0 +1,137 @@
.\"-
.\" Copyright 2006 Colin Percival
.\" All rights reserved
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted providing that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd August 30, 2006
.Dt FREEBSD-UPDATE 8
.Os FreeBSD
.Sh NAME
.Nm freebsd-update
.Nd fetch and install binary updates to FreeBSD
.Sh SYNOPSIS
.Nm
.Op Fl b Ar basedir
.Op Fl d Ar workdir
.Op Fl f Ar conffile
.Op Fl k Ar KEY
.Op Fl s Ar server
.Op Fl t Ar address
.Cm command ...
.Sh DESCRIPTION
The
.Nm
tool is used to fetch, install, and rollback binary
updates to the FreeBSD base system.
.Sh OPTIONS
The following options are supported
.Bl -tag -width "-f conffile"
.It Fl b Ar basedir
Operate on a system mounted at
.Ar basedir .
(default:
.Pa / ,
or as given in the configuration file.)
.It Fl d Ar workdir
Store working files in
.Ar workdir .
(default:
.Pa /var/db/freebsd-update/ ,
or as given in the configuration file.)
.It Fl f Ar conffile
Read configuration options from
.Ar conffile .
(default:
.Pa /etc/freebsd-update.conf )
.It Fl k Ar KEY
Trust an RSA key with SHA256 of
.Ar KEY .
(default: read value from configuration file.)
.It Fl s Ar server
Fetch files from the specified server or server pool.
(default: read value from configuration file.)
.It Fl t Ar address
Mail output of
.Cm cron
command, if any, to
.Ar address .
(default: root, or as given in the configuration file.)
.El
.Sh COMMANDS
The
.Cm command
can be any one of the following:
.Pp
.Bl -tag -width "-f conffile"
.It Cm fetch
Based on the currently installed world and the configuration
options set, fetch all available binary updates.
.It Cm cron
Sleep a random amount of time between 1 and 3600 seconds,
then download updates as if the
.Cm fetch
command was used.
If updates are downloaded, an email will be sent
(to root or a different address if specified via the
.Fl t
option or in the configuration file).
As the name suggests, this command is designed for running
from
.Xr cron 8 ;
the random delay serves to minimize the probability that
a large number of machines will simultaneously attempt to
fetch updates.
.It Cm install
Install the most recently fetched updates.
.It Cm rollback
Uninstall the most recently installed updates.
.El
.Sh TIPS
.Bl -bullet
.It
If your clock is set to local time, adding the line
.Pp
.Dl 0 3 * * * root /usr/sbin/freebsd-update cron
.Pp
to /etc/crontab will check for updates every night.
If your block is set to UTC, please pick a random time
other than 3AM, to avoid overly imposing an uneven load
on the server(s) hosting the updates.
.El
.Sh FILES
.Bl -tag -width "/etc/freebsd-update.conf"
.It /etc/freebsd-update.conf
Default location of the
.Nm
configuration file.
.It /var/db/freebsd-update/
Default location where
.Nm
stores temporary files and downloaded updates.
.El
.Sh SEE ALSO
.Xr freebsd-update.conf 5
.Sh AUTHORS
.An Colin Percival Aq cperciva@FreeBSD.org

File diff suppressed because it is too large Load Diff