Some kind of intranet update system for FreeBSD?

Andrew P. infofarmer at
Sun Apr 3 07:15:07 PDT 2005

Fabian Keil wrote:
> "Andrew P." <infofarmer at> wrote:
>>>>I dream about a server running on my main machine,
>>>>which gets queries from intranet freebsd boxes that
>>>>want to be updated. The server negotiates with each
>>>>client and acts as requested:
>>>>	1.1) fetches a binary package, or
>>>>	1.2) fetches a source package, or
>>>>	1.3) finds a binary/source in its cache, and
>>>>	2)   builds a package if needed, and
>>>>	3)   gives binary/source to the client
>>>Its doable, providing both boxes have identical CPU's and
>>>the port build options on both have the same options. If the CPU's
>>>are not identical are you willing to build every thing to the lowest 
>>>common denominator such as CPUTYPE?=i486 ?  If this is the
>>>case then really all you have to do is make sure you have 
>>>a /usr/ports/packages dir on one machine then upgrade portmanager -u.
>>>This will put a package for everything upgraded 
>>>into  /usr/ports/packages/All.  nfs share /usr/ports/packages/All 
>>>directory with the other machine and on that one upgrade with something 
>>>like portupgrade -aP.
>>Thanks, I'll try to do this via ftp. What about the
>>system itself? Is there an easy way to copy all the
>>binaries from one box to another?
> Your building machine can  share /usr/src/ via nfs.
> You can then do a "make buildworld" on the server
> and "make installworld" on every machine.
> If the kernels are the same, you can use the same build
> on every machine as well. As Michael has already mentioned,
> you have to keep /etc/make.conf general.

So basically, to substantially facilitate the update
process all we have to do is to share /usr/src and
/usr/ports folders?

Will it be ok to share them read-only if I do all the
building on the server?

Is it a serious security issue to give recursive
read-access to these folders to maliscious parties?
(I mean besides of letting them know versions of
all your server software).

Andrew P.

P.S. Still, IMHO a nicely-designed port would be
great. I mean we do have portupgrade for crying out
loud. If we have something for a network of freebsd
boxes, we could start talking enterprise-level

P.P.S. What a pity that we don't have tarfs/ftpfs.
Okay, that's just a sidenote.

More information about the freebsd-questions mailing list