periodic script in base system to run csup

Matthew Seaman m.seaman at
Sat Jul 17 08:00:21 UTC 2010

On 17/07/2010 24:04:38, Lowell Gilbert wrote:
> Alex Kozlov <spam at> writes:
>> On Fri, Jul 16, 2010 at 04:27:39PM +0200, Gabor Kovesdan wrote:
>>> Em 2010.07.16. 16:23, Alex Kozlov escreveu:
>>>> On Fri, Jul 16, 2010 at 03:58:33PM +0200, Gabor Kovesdan wrote:
>>>> Thousands pc simultaneously try to access cvsup servers?
>>>> Sound like a ddos to me.
>>> Yes, this was the only concern and that's why I started this discussion.
>> And because its periodic, We can't use portsnap solution (random delay
>> before csup start).
> It's not completely impossible; periodic could spin off a separate shell
> for it, with a random delay.  It's not clear what the best way to deal
> with the output would be, although several approaches present themselves.
> It would be a lot more complicated than Gabor's approach, though.

Simply ensuring the csup periodic job is the last one to run
(/etc/periodic/daily/1000.csup ?) should give you the best of both
worlds.  You can insert a random delay of up to an hour and still deal
with csup as a foreground job.  All of the other periodic jobs will run
as normal (and should help with randomising the time distribution of the
csup runs too) -- you'll just have to wait a bit longer for the nightly
e-mail to be produced.

Even so, I think this is still likely to upset the cvsup servers: a
whole timezone worth of machines hitting a small number of servers
within one or two hours might be doable with portsnap / freebsd-update
but cvsup requires a lot more effort server-side.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID: matthew at               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-current mailing list