构建您自己的 FreeBSD 更新服务器

版权所有 © 2009-2011, 2013 Jason Helfman
商标

FreeBSD 是 FreeBSD 基金会的注册商标。

AMD、AMD Athlon、AMD Opteron、AMD Phenom、AMD Sempron、AMD Turion、Athlon、Élan、Opteron 和 PCnet 是 Advanced Micro Devices, Inc. 的商标。

Intel、Celeron、Centrino、Core、EtherExpress、i386、i486、Itanium、Pentium 和 Xeon 是 Intel Corporation 或其子公司在美国和其他国家/地区的商标或注册商标。

制造商和销售商用来区分其产品的许多名称都被宣称为商标。在本文档中出现这些名称的地方,并且 FreeBSD 项目知道商标声明,这些名称后面都加上了“™”或“®”符号。

目录

本文中的说明指的是 FreeBSD 的旧版本,可能无法在最新版本的 OS 上正常工作。随着 pkgbase 的可用性,freebsd-update 实用程序计划在未来从 FreeBSD 中删除。发生这种情况时,本文档将更新以反映新的程序或完全删除。

摘要

本文介绍了构建内部 FreeBSD 更新服务器。该 freebsd-update-server 由 FreeBSD 荣誉安全官 Colin Percival <cperciva@FreeBSD.org> 编写。对于认为从官方更新服务器更新系统很方便的用户,构建自己的 FreeBSD 更新服务器可以通过支持手动调整的 FreeBSD 发行版或提供本地镜像来帮助扩展其功能,从而为许多机器提供更快的更新。

1. 致谢

本文随后在 BSD 杂志 上发表。

2. 简介

经验丰富的用户或管理员通常负责多台机器或环境。他们了解维护此类基础设施的严苛要求和挑战。运行 FreeBSD 更新服务器可以更轻松地将安全和软件补丁部署到选定的测试机器,然后再将其推广到生产环境。这也意味着许多系统可以从本地网络而不是潜在速度较慢的互联网连接进行更新。本文概述了创建内部 FreeBSD 更新服务器所涉及的步骤。

3. 先决条件

要构建内部 FreeBSD 更新服务器,需要满足一些要求。

  • 一个正在运行的 FreeBSD 系统。

    至少,更新需要在高于或等于目标发行版版本的 FreeBSD 发行版上构建才能进行分发。

  • 一个至少有 4 GB 可用空间的用户帐户。这将允许创建 7.1 和 7.2 的更新,但确切的空间要求可能会因版本而异。

  • 远程机器上的 ssh(1) 帐户,用于上传分发的更新。

  • 一个 Web 服务器,例如 Apache,其空间超过构建所需空间的一半。例如,7.1 和 7.2 的测试构建总共消耗 4 GB,而分发这些更新所需的 Web 服务器空间为 2.6 GB。

  • 使用 Bourne shell 的 shell 脚本的基本知识,sh(1)

4. 配置:安装和设置

通过安装 devel/gitsecurity/ca_root_nss 下载 freebsd-update-server 软件,并执行

% git clone https://github.com/freebsd/freebsd-update-build.git freebsd-update-server

适当地更新 scripts/build.conf。它在所有构建操作期间都会被引用。

这是默认的 build.conf,应修改为适合您的环境。

# Main configuration file for FreeBSD Update builds.  The
# release-specific configuration data is lower down in
# the scripts tree.

# Location from which to fetch releases
export FTP=ftp://ftp2.freebsd.org/pub/FreeBSD/releases (1)

# Host platform
export HOSTPLATFORM=`uname -m`

# Host name to use inside jails
export BUILDHOSTNAME=${HOSTPLATFORM}-builder.daemonology.net (2)

# Location of SSH key
export SSHKEY=/root/.ssh/id_dsa (3)

# SSH account into which files are uploaded
MASTERACCT=builder@wadham.daemonology.net (4)

# Directory into which files are uploaded
MASTERDIR=update-master.freebsd.org (5)

需要考虑的参数包括

1这是从(通过 scripts/build.subrfetchiso() 子例程)下载 ISO 镜像的位置。配置的位置不限于 FTP URI。标准 fetch(1) 实用程序支持的任何 URI 方案都应该可以正常工作。可以通过将默认的 build.subr 脚本复制到 scripts/RELEASE/ARCHITECTURE/build.subr 中的发行版和特定于体系结构的区域并应用本地更改来安装对 fetchiso() 代码的自定义。
2构建主机名称。在更新系统时发出以下命令时,将显示此信息:
% uname -v
3用于将文件上传到更新服务器的 SSH 密钥。可以通过键入 ssh-keygen -t dsa 创建密钥对。此参数是可选的;未定义 SSHKEY 时,将使用标准密码身份验证作为后备身份验证方法。ssh-keygen(1) 手册页提供了有关 SSH 和创建和使用 SSH 的适当步骤的更详细的信息。
4用于将文件上传到更新服务器的帐户。
5更新服务器上文件上传到的目录。

随 freebsd-update-server 源代码一起提供的默认 build.conf 适用于构建 FreeBSD 的 i386 发行版。作为构建其他体系结构的更新服务器的示例,以下步骤概述了 amd64 所需的配置更改

  1. 为 amd64 创建构建环境

    % mkdir -p /usr/local/freebsd-update-server/scripts/7.2-RELEASE/amd64

  2. 在新创建的构建目录中安装 build.conf。FreeBSD 7.2-RELEASE 在 amd64 上的构建配置选项应类似于

    # SHA256 hash of RELEASE disc1.iso image.
export RELH=1ea1f6f652d7c5f5eab7ef9f8edbed50cb664b08ed761850f95f48e86cc71ef5 (1)
# Components of the world, source, and kernels
export WORLDPARTS="base catpages dict doc games info manpages proflibs lib32"
export SOURCEPARTS="base bin contrib crypto etc games gnu include krb5  \
                lib libexec release rescue sbin secure share sys tools  \
                ubin usbin cddl"
export KERNELPARTS="generic"

# EOL date
export EOL=1275289200 (2)
    1所需发行版的 sha256(1) 哈希密钥发布在各自的 发行版公告 中。
    2要为 build.conf 生成“生命周期结束”编号,请参阅 FreeBSD 安全网站 上发布的“估计 EOL”。可以使用 date(1) 实用程序从网站上列出的日期推导出 EOL 的值,例如
    % date -j -f '%Y%m%d-%H%M%S' '20090401-000000' '+%s'

5. 构建更新代码

第一步是运行 scripts/make.sh。这将构建一些二进制文件、创建目录并生成用于批准构建的 RSA 签名密钥。在此步骤中,将必须为最终创建的签名密钥提供密码。

# sh scripts/make.sh
cc -O2 -fno-strict-aliasing -pipe   findstamps.c  -o findstamps
findstamps.c: In function 'usage':
findstamps.c:45: warning: incompatible implicit declaration of built-in function 'exit'
cc -O2 -fno-strict-aliasing -pipe   unstamp.c  -o unstamp
install findstamps ../bin
install unstamp ../bin
rm -f findstamps unstamp
Generating RSA private key, 4096 bit long modulus
................................................................................++
...................++
e is 65537 (0x10001)

Public key fingerprint:
27ef53e48dc869eea6c3136091cc6ab8589f967559824779e855d58a2294de9e

Encrypting signing key for root
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

记下生成的密钥指纹。此值在 /etc/freebsd-update.conf 中对于二进制更新是必需的。

此时,我们已准备好进行构建。

# cd /usr/local/freebsd-update-server
# sh scripts/init.sh amd64 7.2-RELEASE

以下是初始构建运行的示例。

# sh scripts/init.sh amd64 7.2-RELEASE
Mon Aug 24 16:04:36 PDT 2009 Starting fetch for FreeBSD/amd64 7.2-RELEASE
/usr/local/freebsd-update-server/work/7.2-RELE100 of  588 MB  359 kBps 00m00s
Mon Aug 24 16:32:38 PDT 2009 Verifying disc1 hash for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 16:32:44 PDT 2009 Extracting components for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 16:34:05 PDT 2009 Constructing world+src image for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 16:35:57 PDT 2009 Extracting world+src for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 23:36:24 UTC 2009 Building world for FreeBSD/amd64 7.2-RELEASE
Tue Aug 25 00:31:29 UTC 2009 Distributing world for FreeBSD/amd64 7.2-RELEASE
Tue Aug 25 00:32:36 UTC 2009 Building and distributing kernels for FreeBSD/amd64 7.2-RELEASE
Tue Aug 25 00:44:44 UTC 2009 Constructing world components for FreeBSD/amd64 7.2-RELEASE
Tue Aug 25 00:44:56 UTC 2009 Distributing source for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 17:46:18 PDT 2009 Moving components into staging area for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 17:46:33 PDT 2009 Identifying extra documentation for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 17:47:13 PDT 2009 Extracting extra docs for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 17:47:18 PDT 2009 Indexing release for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 17:50:44 PDT 2009 Indexing world0 for FreeBSD/amd64 7.2-RELEASE

Files built but not released:
Files released but not built:
Files which differ by more than contents:
Files which differ between release and build:
kernel|generic|/GENERIC/hptrr.ko
kernel|generic|/GENERIC/kernel
src|sys|/sys/conf/newvers.sh
world|base|/boot/loader
world|base|/boot/pxeboot
world|base|/etc/mail/freebsd.cf
world|base|/etc/mail/freebsd.submit.cf
world|base|/etc/mail/sendmail.cf
world|base|/etc/mail/submit.cf
world|base|/lib/libcrypto.so.5
world|base|/usr/bin/ntpq
world|base|/usr/lib/libalias.a
world|base|/usr/lib/libalias_cuseeme.a
world|base|/usr/lib/libalias_dummy.a
world|base|/usr/lib/libalias_ftp.a
...

然后再次执行世界构建,并使用世界补丁。可以在 scripts/build.subr 中找到更详细的说明。

在此第二次构建周期中,网络时间协议守护程序 ntpd(8) 已关闭。根据 FreeBSD 荣誉安全官 Colin Percival <cperciva@FreeBSD.org> 的说法,“freebsd-update-server 构建代码需要识别存储在文件中的时间戳,以便在比较构建以确定哪些文件需要更新时可以忽略它们。这种时间戳查找方法是通过在 400 天内进行两次构建并比较结果来实现的。”

Mon Aug 24 17:54:07 PDT 2009 Extracting world+src for FreeBSD/amd64 7.2-RELEASE
Wed Sep 29 00:54:34 UTC 2010 Building world for FreeBSD/amd64 7.2-RELEASE
Wed Sep 29 01:49:42 UTC 2010 Distributing world for FreeBSD/amd64 7.2-RELEASE
Wed Sep 29 01:50:50 UTC 2010 Building and distributing kernels for FreeBSD/amd64 7.2-RELEASE
Wed Sep 29 02:02:56 UTC 2010 Constructing world components for FreeBSD/amd64 7.2-RELEASE
Wed Sep 29 02:03:08 UTC 2010 Distributing source for FreeBSD/amd64 7.2-RELEASE
Tue Sep 28 19:04:31 PDT 2010 Moving components into staging area for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 19:04:46 PDT 2009 Extracting extra docs for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 19:04:51 PDT 2009 Indexing world1 for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 19:08:04 PDT 2009 Locating build stamps for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 19:10:19 PDT 2009 Cleaning staging area for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 19:10:19 PDT 2009 Preparing to copy files into staging area for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 19:10:20 PDT 2009 Copying data files into staging area for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 12:16:57 PDT 2009 Copying metadata files into staging area for FreeBSD/amd64 7.2-RELEASE
Mon Aug 24 12:16:59 PDT 2009 Constructing metadata index and tag for FreeBSD/amd64 7.2-RELEASE

Files found which include build stamps:
kernel|generic|/GENERIC/hptrr.ko
kernel|generic|/GENERIC/kernel
world|base|/boot/loader
world|base|/boot/pxeboot
world|base|/etc/mail/freebsd.cf
world|base|/etc/mail/freebsd.submit.cf
world|base|/etc/mail/sendmail.cf
world|base|/etc/mail/submit.cf
world|base|/lib/libcrypto.so.5
world|base|/usr/bin/ntpq
world|base|/usr/include/osreldate.h
world|base|/usr/lib/libalias.a
world|base|/usr/lib/libalias_cuseeme.a
world|base|/usr/lib/libalias_dummy.a
world|base|/usr/lib/libalias_ftp.a
...

最后,构建完成。

Values of build stamps, excluding library archive headers:
v1.2 (Aug 25 2009 00:40:36)
v1.2 (Aug 25 2009 00:38:22)
@()FreeBSD 7.2-RELEASE 0: Tue Aug 25 00:38:29 UTC 2009
FreeBSD 7.2-RELEASE 0: Tue Aug 25 00:38:29 UTC 2009
    root@server.myhost.com:/usr/obj/usr/src/sys/GENERIC
7.2-RELEASE
Mon Aug 24 23:55:25 UTC 2009
Mon Aug 24 23:55:25 UTC 2009
 built by root@server.myhost.com on Tue Aug 25 00:16:15 UTC 2009
 built by root@server.myhost.com on Tue Aug 25 00:16:15 UTC 2009
 built by root@server.myhost.com on Tue Aug 25 00:16:15 UTC 2009
 built by root@server.myhost.com on Tue Aug 25 00:16:15 UTC 2009
Mon Aug 24 23:46:47 UTC 2009
ntpq 4.2.4p5-a Mon Aug 24 23:55:53 UTC 2009 (1)
 * Copyright (c) 1992-2009 The FreeBSD Project.
Mon Aug 24 23:46:47 UTC 2009
Mon Aug 24 23:55:40 UTC 2009
Aug 25 2009
ntpd 4.2.4p5-a Mon Aug 24 23:55:52 UTC 2009 (1)
ntpdate 4.2.4p5-a Mon Aug 24 23:55:53 UTC 2009 (1)
ntpdc 4.2.4p5-a Mon Aug 24 23:55:53 UTC 2009 (1)
Tue Aug 25 00:21:21 UTC 2009
Tue Aug 25 00:21:21 UTC 2009
Tue Aug 25 00:21:21 UTC 2009
Mon Aug 24 23:46:47 UTC 2009

FreeBSD/amd64 7.2-RELEASE initialization build complete.  Please
review the list of build stamps printed above to confirm that
they look sensible, then run
 sh -e approve.sh amd64 7.2-RELEASE
to sign the release.

如果一切正常,请批准构建。可以在名为 USAGE 的分发源文件中找到有关确定此问题的更多信息。根据指示执行 scripts/approve.sh。这将对发行版进行签名,并将组件移动到适合上传的暂存区。

# cd /usr/local/freebsd-update-server
# sh scripts/mountkey.sh
# sh -e scripts/approve.sh amd64 7.2-RELEASE
Wed Aug 26 12:50:06 PDT 2009 Signing build for FreeBSD/amd64 7.2-RELEASE
Wed Aug 26 12:50:06 PDT 2009 Copying files to patch source directories for FreeBSD/amd64 7.2-RELEASE
Wed Aug 26 12:50:06 PDT 2009 Copying files to upload staging area for FreeBSD/amd64 7.2-RELEASE
Wed Aug 26 12:50:07 PDT 2009 Updating databases for FreeBSD/amd64 7.2-RELEASE
Wed Aug 26 12:50:07 PDT 2009 Cleaning staging area for FreeBSD/amd64 7.2-RELEASE

批准过程完成后,即可开始上传过程。

# cd /usr/local/freebsd-update-server
# sh scripts/upload.sh amd64 7.2-RELEASE

如果需要重新上传更新代码,可以通过更改到目标发行版的公共分发目录并更新上传文件的属性来完成。

# cd /usr/local/freebsd-update-server/pub/7.2-RELEASE/amd64
# touch -t 200801010101.01 uploaded

上传的文件需要位于 Web 服务器的文档根目录中,以便分发更新。确切的配置将根据使用的 Web 服务器而有所不同。对于 Apache Web 服务器,请参阅手册中有关 Apache 服务器配置 的部分。

更新客户端的 /etc/freebsd-update.conf 中的 KeyPrintServerName,并按照手册中 FreeBSD 更新 部分的说明执行更新。

为了使 FreeBSD 更新服务器正常工作,需要构建当前发行版和要升级到的发行版的更新。这对于确定发行版之间文件的差异是必要的。例如,当将 FreeBSD 系统从 7.1-RELEASE 升级到 7.2-RELEASE 时,需要为这两个版本构建更新并上传到您的分发服务器。

作为参考,已附加 init.sh 的整个运行。

6. 构建补丁

每次发布 安全公告安全通知 时,都可以构建补丁更新。

在此示例中,将使用 7.1-RELEASE。

对于不同的发行版构建,做出了以下几个假设

  • 为初始构建设置正确的目录结构。

  • 对 7.1-RELEASE 执行初始构建。

/usr/local/freebsd-update-server/patches/ 下创建相应发行版的补丁目录。

% mkdir -p /usr/local/freebsd-update-server/patches/7.1-RELEASE/
% cd /usr/local/freebsd-update-server/patches/7.1-RELEASE

例如,以 named(8) 的补丁为例。阅读安全公告,并从 FreeBSD 安全公告 获取必要的文件。有关解释安全公告的更多信息,请参阅 FreeBSD 手册

安全简报 中,此公告称为 SA-09:12.bind。下载文件后,需要将文件重命名为适当的补丁级别。建议保持与官方 FreeBSD 补丁级别一致,但其名称可以自由选择。对于此构建,让我们遵循 FreeBSD 目前已建立的做法,将其命名为 p7。重命名文件

% cd /usr/local/freebsd-update-server/patches/7.1-RELEASE/; mv bind.patch 7-SA-09:12.bind

运行补丁级别构建时,假定先前的补丁已就位。运行补丁构建时,它将运行补丁目录中包含的所有补丁。

可以向任何构建添加自定义补丁。使用数字零或任何其他数字。

FreeBSD 更新服务器的管理员有责任采取适当措施来验证每个补丁的真实性。

此时,diff 已准备好构建。软件首先检查在运行 diff 构建之前是否已在相应的版本上运行了 scripts/init.sh

# cd /usr/local/freebsd-update-server
# sh scripts/diff.sh amd64 7.1-RELEASE 7

以下是差分构建运行的示例。

# sh -e scripts/diff.sh amd64 7.1-RELEASE 7
Wed Aug 26 10:09:59 PDT 2009 Extracting world+src for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 17:10:25 UTC 2009 Building world for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 18:05:11 UTC 2009 Distributing world for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 18:06:16 UTC 2009 Building and distributing kernels for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 18:17:50 UTC 2009 Constructing world components for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 18:18:02 UTC 2009 Distributing source for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 11:19:23 PDT 2009 Moving components into staging area for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 11:19:37 PDT 2009 Extracting extra docs for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 11:19:42 PDT 2009 Indexing world0 for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 11:23:02 PDT 2009 Extracting world+src for FreeBSD/amd64 7.1-RELEASE-p7
Thu Sep 30 18:23:29 UTC 2010 Building world for FreeBSD/amd64 7.1-RELEASE-p7
Thu Sep 30 19:18:15 UTC 2010 Distributing world for FreeBSD/amd64 7.1-RELEASE-p7
Thu Sep 30 19:19:18 UTC 2010 Building and distributing kernels for FreeBSD/amd64 7.1-RELEASE-p7
Thu Sep 30 19:30:52 UTC 2010 Constructing world components for FreeBSD/amd64 7.1-RELEASE-p7
Thu Sep 30 19:31:03 UTC 2010 Distributing source for FreeBSD/amd64 7.1-RELEASE-p7
Thu Sep 30 12:32:25 PDT 2010 Moving components into staging area for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:32:39 PDT 2009 Extracting extra docs for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:32:43 PDT 2009 Indexing world1 for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:35:54 PDT 2009 Locating build stamps for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:36:58 PDT 2009 Reverting changes due to build stamps for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:37:14 PDT 2009 Cleaning staging area for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:37:14 PDT 2009 Preparing to copy files into staging area for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:37:15 PDT 2009 Copying data files into staging area for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:43:23 PDT 2009 Copying metadata files into staging area for FreeBSD/amd64 7.1-RELEASE-p7
Wed Aug 26 12:43:25 PDT 2009 Constructing metadata index and tag for FreeBSD/amd64 7.1-RELEASE-p7
...
Files found which include build stamps:
kernel|generic|/GENERIC/hptrr.ko
kernel|generic|/GENERIC/kernel
world|base|/boot/loader
world|base|/boot/pxeboot
world|base|/etc/mail/freebsd.cf
world|base|/etc/mail/freebsd.submit.cf
world|base|/etc/mail/sendmail.cf
world|base|/etc/mail/submit.cf
world|base|/lib/libcrypto.so.5
world|base|/usr/bin/ntpq
world|base|/usr/include/osreldate.h
world|base|/usr/lib/libalias.a
world|base|/usr/lib/libalias_cuseeme.a
world|base|/usr/lib/libalias_dummy.a
world|base|/usr/lib/libalias_ftp.a
...
Values of build stamps, excluding library archive headers:
v1.2 (Aug 26 2009 18:13:46)
v1.2 (Aug 26 2009 18:11:44)
@()FreeBSD 7.1-RELEASE-p7 0: Wed Aug 26 18:11:50 UTC 2009
FreeBSD 7.1-RELEASE-p7 0: Wed Aug 26 18:11:50 UTC 2009
    root@server.myhost.com:/usr/obj/usr/src/sys/GENERIC
7.1-RELEASE-p7
Wed Aug 26 17:29:15 UTC 2009
Wed Aug 26 17:29:15 UTC 2009
 built by root@server.myhost.com on Wed Aug 26 17:49:58 UTC 2009
 built by root@server.myhost.com on Wed Aug 26 17:49:58 UTC 2009
 built by root@server.myhost.com on Wed Aug 26 17:49:58 UTC 2009
 built by root@server.myhost.com on Wed Aug 26 17:49:58 UTC 2009
Wed Aug 26 17:20:39 UTC 2009
ntpq 4.2.4p5-a Wed Aug 26 17:29:42 UTC 2009 (1)
 * Copyright (c) 1992-2009 The FreeBSD Project.
Wed Aug 26 17:20:39 UTC 2009
Wed Aug 26 17:29:30 UTC 2009
Aug 26 2009
ntpd 4.2.4p5-a Wed Aug 26 17:29:41 UTC 2009 (1)
ntpdate 4.2.4p5-a Wed Aug 26 17:29:42 UTC 2009 (1)
ntpdc 4.2.4p5-a Wed Aug 26 17:29:42 UTC 2009 (1)
Wed Aug 26 17:55:02 UTC 2009
Wed Aug 26 17:55:02 UTC 2009
Wed Aug 26 17:55:02 UTC 2009
Wed Aug 26 17:20:39 UTC 2009
...

打印更新,并请求批准。

New updates:
kernel|generic|/GENERIC/kernel.symbols|f|0|0|0555|0|7c8dc176763f96ced0a57fc04e7c1b8d793f27e006dd13e0b499e1474ac47e10|
kernel|generic|/GENERIC/kernel|f|0|0|0555|0|33197e8cf15bbbac263d17f39c153c9d489348c2c534f7ca1120a1183dec67b1|
kernel|generic|/|d|0|0|0755|0||
src|base|/|d|0|0|0755|0||
src|bin|/|d|0|0|0755|0||
src|cddl|/|d|0|0|0755|0||
src|contrib|/contrib/bind9/bin/named/update.c|f|0|10000|0644|0|4d434abf0983df9bc47435670d307fa882ef4b348ed8ca90928d250f42ea0757|
src|contrib|/contrib/bind9/lib/dns/openssldsa_link.c|f|0|10000|0644|0|c6805c39f3da2a06dd3f163f26c314a4692d4cd9a2d929c0acc88d736324f550|
src|contrib|/contrib/bind9/lib/dns/opensslrsa_link.c|f|0|10000|0644|0|fa0f7417ee9da42cc8d0fd96ad24e7a34125e05b5ae075bd6e3238f1c022a712|
...
FreeBSD/amd64 7.1-RELEASE update build complete.  Please review
the list of build stamps printed above and the list of updated
files to confirm that they look sensible, then run
 sh -e approve.sh amd64 7.1-RELEASE
to sign the build.

按照之前批准构建所述的相同流程操作。

# sh -e scripts/approve.sh amd64 7.1-RELEASE
Wed Aug 26 12:50:06 PDT 2009 Signing build for FreeBSD/amd64 7.1-RELEASE
Wed Aug 26 12:50:06 PDT 2009 Copying files to patch source directories for FreeBSD/amd64 7.1-RELEASE
Wed Aug 26 12:50:06 PDT 2009 Copying files to upload staging area for FreeBSD/amd64 7.1-RELEASE
Wed Aug 26 12:50:07 PDT 2009 Updating databases for FreeBSD/amd64 7.1-RELEASE
Wed Aug 26 12:50:07 PDT 2009 Cleaning staging area for FreeBSD/amd64 7.1-RELEASE

The FreeBSD/amd64 7.1-RELEASE update build has been signed and is
ready to be uploaded.  Remember to run
 sh -e umountkey.sh
to unmount the decrypted key once you have finished signing all
the new builds.

批准构建后,上传软件。

# cd /usr/local/freebsd-update-server
# sh scripts/upload.sh amd64 7.1-RELEASE

作为参考,diff.sh 的整个运行已附加。

7. 提示

  • 如果使用原生 make release 过程 构建自定义版本,则 freebsd-update-server 代码将从您的版本工作。例如,可以通过清除与文档子例程 findextradocs ()addextradocs () 相关的功能以及分别在 scripts/build.subr 中更改下载位置 fetchiso () 来构建没有端口或文档的版本。作为最后一步,更改您相应版本和架构下 build.conf 中的 sha256(1) 哈希值,然后您就可以从自定义版本构建了。

    # Compare ${WORKDIR}/release and ${WORKDIR}/$1, identify which parts
# of the world|doc subcomponent are missing from the latter, and
# build a tarball out of them.
findextradocs () {
}
# Add extra docs to ${WORKDIR}/$1
addextradocs () {
}

  • 根据使用的硬件,将 -j NUMBER 标志添加到 scripts/build.subr 脚本中的 buildworldobj 目标可能会加快处理速度,但这不是必需的。不建议在其他目标中使用这些标志,因为这可能会导致构建变得不可靠。

                  # Build the world
		   log "Building world"
		   cd /usr/src &&
		   make -j 2 ${COMPATFLAGS} buildworld 2>&1
		# Distribute the world
		   log "Distributing world"
		   cd /usr/src/release &&
		   make -j 2 obj &&
		   make ${COMPATFLAGS} release.1 release.2 2>&1

  • 为更新服务器创建适当的 DNS SRV 记录,并将其他服务器置于其后并设置不同的权重。使用此功能将提供更新镜像,但是除非您希望提供冗余服务,否则此提示不是必需的。

    _http._tcp.update.myserver.com.		IN SRV   0 2 80   host1.myserver.com.
					IN SRV   0 1 80   host2.myserver.com.
					IN SRV   0 0 80   host3.myserver.com.

最后修改时间:2023 年 11 月 15 日,作者:Benedict Reuschling