Source string Read only

(itstool) path: listitem/para
149/1490
Context English State
FreeBSD is a registered trademark of the FreeBSD Foundation.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the <quote>™</quote> or the <quote>®</quote> symbol.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
AMD, AMD Athlon, AMD Opteron, AMD Phenom, AMD Sempron, AMD Turion, Athlon, Élan, Opteron, and PCnet are trademarks of Advanced Micro Devices, Inc.
$FreeBSD: head/en_US.ISO8859-1/articles/freebsd-update-server/article.xml 54301 2020-06-28 07:16:58Z carlavilla $
This article describes building an internal <application>FreeBSD Update Server</application>. The <link xlink:href="https://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/">freebsd-update-server</link> is written by Colin Percival <email>cperciva@FreeBSD.org</email>, Security Officer Emeritus of FreeBSD. For users that think it is convenient to update their systems against an official update server, building their own <application>FreeBSD Update Server</application> may help to extend its functionality by supporting manually-tweaked FreeBSD releases or by providing a local mirror that will allow faster updates for a number of machines.
Acknowledgments
This article was subsequently printed at <link xlink:href="https://people.freebsd.org/~jgh/files/fus/BSD_03_2010_EN.pdf">BSD Magazine</link>.
Introduction
Experienced users or administrators are often responsible for several machines or environments. They understand the difficult demands and challenges of maintaining such an infrastructure. Running a <application>FreeBSD Update Server</application> makes it easier to deploy security and software patches to selected test machines before rolling them out to production. It also means a number of systems can be updated from the local network rather than a potentially slower Internet connection. This article outlines the steps involved in creating an internal <application>FreeBSD Update Server</application>.
Prerequisites
To build an internal <application>FreeBSD Update Server</application> some requirements should be met.
A running FreeBSD system.
At a minimum, updates require building on a FreeBSD release greater than or equal to the target release version for distribution.
A user account with at least 4 GB of available space. This will allow the creation of updates for 7.1 and 7.2, but the exact space requirements may change from version to version.
An <citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry> account on a remote machine to upload distributed updates.
A web server, like <link xlink:href="@@URL_RELPREFIX@@/doc/en_US.ISO8859-1/books/handbook/network-apache.html">Apache</link>, with over half of the space required for the build. For instance, test builds for 7.1 and 7.2 consume a total amount of 4 GB, and the webserver space needed to distribute these updates is 2.6 GB.
Basic knowledge of shell scripting with Bourne shell, <citerefentry><refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
Configuration: Installation &amp; Setup
Download the <link xlink:href="https://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/"> freebsd-update-server</link> software by installing <package>devel/subversion</package> and <package>security/ca_root_nss</package>, and execute:
<prompt>%</prompt> <userinput>svn co https://svn.freebsd.org/base/user/cperciva/freebsd-update-build freebsd-update-server</userinput>
Update <filename>scripts/build.conf</filename> appropriately. It is sourced during all build operations.
Here is the default <filename>build.conf</filename>, which should be modified to suit your environment.
# Main configuration file for FreeBSD Update builds. The
# release-specific configuration data is lower down in
# the scripts tree.

# Location from which to fetch releases
export FTP=ftp://ftp2.freebsd.org/pub/FreeBSD/releases<co xml:id="ftp-id"/>

# Host platform
export HOSTPLATFORM=`uname -m`

# Host name to use inside jails
export BUILDHOSTNAME=${HOSTPLATFORM}-builder.daemonology.net<co xml:id="buildhost-id"/>

# Location of SSH key
export SSHKEY=/root/.ssh/id_dsa<co xml:id="sshkey-id"/>

# SSH account into which files are uploaded
MASTERACCT=builder@wadham.daemonology.net<co xml:id="mstacct-id"/>

# Directory into which files are uploaded
MASTERDIR=update-master.freebsd.org<co xml:id="mstdir-id"/>
Parameters for consideration would be:
This is the location where ISO images are downloaded from (by the <function>fetchiso()</function> subroutine of <filename>scripts/build.subr</filename>). The location configured is not limited to FTP URIs. Any URI scheme supported by standard <citerefentry><refentrytitle>fetch</refentrytitle><manvolnum>1</manvolnum></citerefentry> utility should work fine.
Customizations to the <function>fetchiso()</function> code can be installed by copying the default <filename>build.subr</filename> script to the release and architecture-specific area at <filename>scripts/RELEASE/ARCHITECTURE/build.subr</filename> and applying local changes.
The name of the build host. This information will be displayed on updated systems when issuing:
<prompt>%</prompt> <userinput>uname -v</userinput>
The <application>SSH</application> key for uploading files to the update server. A key pair can be created by typing <command>ssh-keygen -t dsa</command>. This parameter is optional; standard password authentication will be used as a fallback authentication method when <literal>SSHKEY</literal> is not defined.
The <citerefentry><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry> manual page has more detailed information about <application>SSH</application> and the appropriate steps for creating and using one.

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: listitem/para
Flags
read-only
Source string location
article.translate.xml:115
String age
a year ago
Source string age
a year ago
Translation file
articles/freebsd-update-server.pot, string 21