Nielsen wrote:> I need a system for distributing binary updates to a collection of > customized FreeBSD machines, jails, and embedded systems. freebsd-update > seems to be what I'm looking for, but I'm wondering if the server side > is a proprietary piece of technology held by someone somewhere, or if it > is in fact open source.The FreeBSD Update build code is... umm... somewhere in between. I think the best way to explain it is to say that I don't care about copyright on the build code, but the code is a stinking pile of hacks upon hacks with multiple known bugs -- so I don't particularly want to expose it to public scrutiny and I doubt that it will be very useful either. Rewriting the build code is approaching the top of my todo list, but isn't there quite yet; in the meantime, if you can send me more details about what you want to do I'll see if I can accommodate you. Colin Percival
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm wondering if/where I can get the server side component for freebsd-update. Presumably such a component would build and sign the binary patches and prepare them to be served via HTTP to the freebsd-update client. I need a system for distributing binary updates to a collection of customized FreeBSD machines, jails, and embedded systems. freebsd-update seems to be what I'm looking for, but I'm wondering if the server side is a proprietary piece of technology held by someone somewhere, or if it is in fact open source. Any pointers on where the project would be hosted if it is open source? The few leads that turned up when searching google ended up being dead ends. Thanks, Nate -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDYSzxe/sRCNknZa8RAvQMAKC0wTFgcHlTc/PnvWLs7BtownvRogCeLvaE 9XCHY09BzYS0Qh7SJmfb7SM=DsO5 -----END PGP SIGNATURE-----
Colin Percival wrote:> The FreeBSD Update build code is... umm... somewhere in between. I think > the best way to explain it is to say that I don't care about copyright on > the build code, but the code is a stinking pile of hacks upon hacks with > multiple known bugs -- so I don't particularly want to expose it to public > scrutiny and I doubt that it will be very useful either. > > Rewriting the build code is approaching the top of my todo list, but isn't > there quite yet; in the meantime, if you can send me more details about what > you want to do I'll see if I can accommodate you.Thanks. Sorry for not getting back to you right away. The guys I'm developing this project for have bought into open source and are hesitant about using technology which isn't totally transparent and open to peer review. But in any case (after discussion), it seems like freebsd-update is in fact the closest thing to what we need. We have a many little embedded boxes in the field, and they need to pull down updates. The updates are obviously non-standard: - Built with NOSHARED=no (all dynamic linking, no static). - Updates of various ports, like isc-dhcpd, quagga, vpn stuff etc. - Updates of our own customized binaries. - Custom kernel. - Greatly reduced fileset. Getting access to the build code would keep us from having to implement our own system (which would probably end up being based on bsdiff/bspatch anyway). Of course this is not a demand, but a request. BTW, thanks for all you do toward security on FreeBSD. Cheers, Nate Nielsen