ports/52244: [MAINTAINER UPDATE] security/freebsd-update documentation
Colin Percival
cperciva at daemonology.net
Wed May 14 17:30:11 UTC 2003
>Number: 52244
>Category: ports
>Synopsis: [MAINTAINER UPDATE] security/freebsd-update documentation
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed May 14 10:30:08 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Colin Percival
>Release: FreeBSD 4.7-SECURITY i386
>Organization:
>Environment:
n/a
>Description:
The original freebsd-update port contained out of date and confusing
documentation.
>How-To-Repeat:
Look at the original README and become very confused.
>Fix:
The included patch:
1. Removes the original, out of date, README file,
2. Adds (new, up to date) man pages, and
3. Puts the configuration file in $PREFIX/etc where it belongs.
--- freebsd-update.diff begins here ---
--- /usr/ports/security/freebsd-update/Makefile Fri Apr 11 21:52:02 2003
+++ /usr/ports/security/freebsd-update/Makefile Wed May 7 22:09:13 2003
@@ -7,6 +7,7 @@
PORTNAME= freebsd-update
PORTVERSION= 1.2
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://www.daemonology.net/freebsd-update/
DISTNAME= freebsd-update-client-1_2
@@ -14,12 +15,21 @@
MAINTAINER= cperciva at daemonology.net
COMMENT= Fetches and installs binary updates to FreeBSD
+MAN5= freebsd-update.conf.5
+MAN8= freebsd-update.8
+
NO_WRKSUBDIR= yes
ALL_TARGET= verify
+PKGMESSAGE= ${WRKDIR}/pkg-message
+
post-extract:
@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/freebsd-update \
> ${WRKSRC}/freebsd-update
+ @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/pkg-message \
+ > ${PKGMESSAGE}
+ cp ${FILESDIR}/freebsd-update.8 ${WRKSRC}
+ cp ${FILESDIR}/freebsd-update.conf.5 ${WRKSRC}
do-install:
@${MKDIR} ${PREFIX}/freebsd-update
@@ -28,12 +38,15 @@
${INSTALL_DATA} ${WRKSRC}/Makefile ${PREFIX}/freebsd-update
${INSTALL_DATA} ${WRKSRC}/CHANGELOG ${PREFIX}/freebsd-update
${INSTALL_DATA} ${WRKSRC}/LICENSE ${PREFIX}/freebsd-update
- ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/freebsd-update
- ${INSTALL_DATA} ${WRKSRC}/VERSION ${PREFIX}/freebsd-update
${INSTALL_DATA} ${WRKSRC}/update.conf \
- ${PREFIX}/freebsd-update/update.conf.sample
+ ${PREFIX}/etc/freebsd-update.conf.sample
+.if !defined(WITHOUT_MAN)
+ ${INSTALL_MAN} ${WRKSRC}/freebsd-update.conf.5 ${PREFIX}/man/man5/
+ ${INSTALL_MAN} ${WRKSRC}/freebsd-update.8 ${PREFIX}/man/man8/
+.endif
+
post-install:
- @${CAT} ${PKGDIR}/pkg-message
+ @${CAT} ${PKGMESSAGE}
.include <bsd.port.mk>
--- /usr/ports/security/freebsd-update/files/freebsd-update Fri Apr 11 21:52:02 2003
+++ /usr/ports/security/freebsd-update/files/freebsd-update Wed May 7 21:44:52 2003
@@ -1,14 +1,23 @@
#!/bin/sh
+if [ ! -r %%PREFIX%%/etc/freebsd-update.conf ] ; then
+ echo "%%PREFIX%%/etc/freebsd-update.conf not found"
+ exit 1
+fi
+
case "$1" in
fetch)
- cd %%PREFIX%%/freebsd-update && make fetch-update;;
+ cd %%PREFIX%%/freebsd-update && make \
+ CONFFILE=%%PREFIX%%/etc/freebsd-update.conf fetch-update;;
install)
- cd %%PREFIX%%/freebsd-update && make install-update;;
+ cd %%PREFIX%%/freebsd-update && make \
+ CONFFILE=%%PREFIX%%/etc/freebsd-update.conf install-update;;
rollback)
- cd %%PREFIX%%/freebsd-update && make rollback-update;;
+ cd %%PREFIX%%/freebsd-update && make \
+ CONFFILE=%%PREFIX%%/etc/freebsd-update.conf rollback-update;;
cron)
- cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES daily;;
+ cd %%PREFIX%%/freebsd-update && make MAILTO=root QUIET=YES \
+ CONFFILE=%%PREFIX%%/etc/freebsd-update.conf daily;;
*)
echo "Usage: freebsd-update {fetch|install|rollback|cron}" >&2
echo " freebsd-update fetch: Fetches updates" >&2
--- /usr/ports/security/freebsd-update/files/freebsd-update.8 Thu Jan 1 01:00:00 1970
+++ /usr/ports/security/freebsd-update/files/freebsd-update.8 Wed May 7 20:39:00 2003
@@ -0,0 +1,66 @@
+.Dd May 7, 2003
+.Dt FREEBSD-UPDATE 8
+.Os FreeBSD
+.Sh NAME
+.Nm freebsd-update
+.Nd fetch and install binary security updates to FreeBSD
+.Sh SYNOPSIS
+.Nm
+.Cm command
+.Sh DESCRIPTION
+The
+.Nm
+tool is used to fetch, install, and rollback
+binary security updates to the FreeBSD base system.
+.Sh OPTIONS
+The
+.Cm command
+can be any one of the following:
+.Pp
+.Bl -tag -width "rollback" -compact
+.It fetch
+Based on the currently installed world, fetch all available
+binary updates. Any updates previously fetched but not
+installed will be fetched again.
+.Pp
+.It install
+Install the most recently fetched updates.
+.Pp
+.It rollback
+Uninstall the most recently installed updates.
+.Pp
+.It cron
+If any binary updates are available, fetch them and
+send an email to root; otherwise, exit silently. As
+the name suggests, this is intended for usage via
+cron(8).
+.Pp
+.El
+.Sh TIPS
+.Bl -bullet
+.It
+If your clock is set to local time, adding the line
+.Pp
+.Dl 0 3 * * * root /usr/local/sbin/freebsd-update cron
+.Pp
+to /etc/crontab will check for updates every night. If your
+clock is set to UTC, please pick a random time instead of
+3AM, or the server hosting the updates will be very unhappy.
+.It
+.Nm
+.Cm cron
+waits a random amount of time, up to an hour, before contacting
+the server in order to reduce the risk of "flash crowds" resulting
+from cron jobs.
+.El
+.Sh FILES
+.Bl -tag -width "$PREFIX/etc/freebsd-update.conf"
+.It $PREFIX/freebsd-update/work
+Location of downloaded updates and backups of files
+which have been updated.
+.It $PREFIX/etc/freebsd-update.conf
+Location of the freebsd-update configuration file.
+.Sh SEE ALSO
+.Xr freebsd-update.conf 5
+.Sh AUTHORS
+.An Colin Percival Aq cperciva at daemonology.net
--- /usr/ports/security/freebsd-update/files/freebsd-update.conf.5 Thu Jan 1 01:00:00 1970
+++ /usr/ports/security/freebsd-update/files/freebsd-update.conf.5 Wed May 7 20:40:15 2003
@@ -0,0 +1,36 @@
+.Dd May 7, 2003
+.Dt FREEBSD-UPDATE.CONF 8
+.Os FreeBSD
+.Sh NAME
+.Nm freebsd-update.conf
+.Nd configuration file for freebsd-update
+.Sh DESCRIPTION
+The
+.Nm
+file controls where freebsd-update(8) fetches updates from, and
+which RSA key should be trusted to sign the updates.
+.Pp
+A line of the form
+.Dl URL=foobar
+specifies the source from which updates should be fetched. This
+can be any type of URL suitable for fetch(1) -- in particular, HTTP,
+FTP, and local paths are all permitted.
+.Pp
+A line of the form
+.Dl KEYPRINT=0123456789ABCDEF0123456789ABCDEF
+specifies the MD5 hash of the 2048 bit modulus belonging to an RSA
+keypair which is trusted to sign updates.
+.Pp
+If more than one line of either of the above forms is included in
+.Nm
+then only the last one will take effect. Any lines not of the above
+forms will be ignored.
+.Sh FILES
+.Bl -tag -width "$PREFIX/etc/freebsd-update.conf"
+.It $PREFIX/etc/freebsd-update.conf
+Location of the freebsd-update configuration file.
+.Sh SEE ALSO
+.Xr fetch 1
+.Xr freebsd-update 8
+.Sh AUTHORS
+.An Colin Percival Aq cperciva at daemonology.net
--- /usr/ports/security/freebsd-update/files/pkg-message Thu Jan 1 01:00:00 1970
+++ /usr/ports/security/freebsd-update/files/pkg-message Wed May 7 20:59:01 2003
@@ -0,0 +1,16 @@
+
+Before you can use this, you will have to create an update configuration
+file specifying the server to fetch updates from and the trusted public
+key fingerprint.
+
+A sample configuration file has been installed in
+
+ %%PREFIX%%/etc/freebsd-update.conf.sample
+
+which will fetch updates built by the author. If you trust the author
+to securely build binary updates for you to blindly install on this
+machine, copy that file to
+
+ %%PREFIX%%/etc/freebsd-update.conf
+
+otherwise, create that file as appropriate.
--- /usr/ports/security/freebsd-update/pkg-message Fri Apr 11 21:52:02 2003
+++ /usr/ports/security/freebsd-update/pkg-message Thu Jan 1 01:00:00 1970
@@ -1,11 +0,0 @@
-
-Before you can use this, you will have to create an update configuration
-file specifying the server to fetch updates from and the trusted public
-key fingerprint.
-
-Assuming you haven't changed ${PREFIX}, a sample configuration file is
-installed in /usr/local/freebsd-update/update.conf.sample which will
-fetch updates built by the author. If you trust the author to securely
-build binary updates for you to blindly install on this machine, copy
-that file to /usr/local/freebsd-update/update.conf -- otherwise, create
-/usr/local/freebsd-update/update.conf as appropriate.
--- /usr/ports/security/freebsd-update/pkg-plist Fri Apr 11 21:52:02 2003
+++ /usr/ports/security/freebsd-update/pkg-plist Wed May 7 21:20:19 2003
@@ -1,9 +1,7 @@
sbin/freebsd-update
freebsd-update/Makefile
-freebsd-update/README
-freebsd-update/VERSION
freebsd-update/CHANGELOG
freebsd-update/LICENSE
-freebsd-update/update.conf.sample
+etc/freebsd-update.conf.sample
freebsd-update/verify
@dirrm freebsd-update
--- freebsd-update.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list