suporte@wahtec.com.br
2005-Oct-31 08:25 UTC
More on freebsd-update (WAS: Is the server portion of freebsd-update open source?)
> Date: Sat, 29 Oct 2005 07:34:28 -0700 > From: Colin Percival <cperciva@freebsd.org> > Subject: Re: Is the server portion of freebsd-update open source? > To: markzero <mark@darklogik.org> > Cc: freebsd-security@freebsd.org > Message-ID: <43638874.2020004@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > markzero wrote: > > No this isn't insufficient, what is insufficient is that I currently > > can't run a local freebsd-update server. I'm quite limited by bandwidth > > here, you see. What would make more sense in my situation would be to > > have a local mirror of the 'official' freebsd-update server so that > > all of my machines can sync to that rather than all of them downloading > > over the WAN. > > Go ahead. :-):-) > > FreeBSD Update relies entirely upon static files served over HTTP, so if > you point your favourite HTTP mirroring tool at update.daemonology.net > you can create a local mirror. > > Another approach which is likely to be more useful is to set up an HTTP > proxy: Since many files on the FreeBSD Update web server won't be fetched > by most systems (FreeBSD Update attempts to use binary patches, and only > falls back to fetching complete files if the patching fails), using a > caching HTTP proxy will use far less bandwidth than mirroring everything. > > Colin PercivalHi, I have two questions to add to this thread... 1- if and when freebsd-update will be the official freebsd system binary update? Like, when it will be part of freebsd structure, with a dedicated server and stuff? ... It's far better then updating by cvs. 2- for future plans, is there any possibility to customize or add some features to kernels on official freebsd-update server? IPSEC is quite important on security. Since there isn't a LKM to use IPSEC (correct me if I'm wrong), when someone compiles the kernel to add it, he looses the freebsd-update kernel update. Regards, --aristeu PS: is there a way to use IPSEC without compiling the kernel?
Colin Percival
2005-Nov-01 00:55 UTC
More on freebsd-update (WAS: Is the server portion of freebsd-update open source?)
suporte@wahtec.com.br wrote:> 1- if and when freebsd-update will be the official freebsd system binary > update? Like, when it will be part of freebsd structure, with a dedicated > server and stuff? ... It's far better then updating by cvs.FreeBSD Update is now semi-officially supported, in the sense that I make sure that it works but the rest of the security team isn't involved. As I mentioned earlier, I'm planning on rewriting the build code to make it far simpler and more reliable; this will make it possible for someone else to take over if I get hit by a bus, at which point FreeBSD Update will become officially supported. :-)> 2- for future plans, is there any possibility to customize or add some > features to kernels on official freebsd-update server? IPSEC is quite > important on security. Since there isn't a LKM to use IPSEC (correct me if > I'm wrong), when someone compiles the kernel to add it, he looses the > freebsd-update kernel update.Right now I provide prebuilt GENERIC and SMP kernels; I could build some other kernel configurations, but there's obviously a limit to what is practical. After I rewrite the build code I'll have to consult with the release engineering team and the user community about which kernels would be most useful. Colin Percival