[RFC] Article on freebsd-update-server

Manolis Kiagias manolis at FreeBSD.org
Fri Nov 20 16:52:30 UTC 2009 

Giorgos Keramidas wrote:
> <SNIP> - All changes look fine up to this point
> :      <note>
> : -      <para>Note down the generated KeyPrint; this value is entered into
> : -       <filename>/etc/freebsd-update.conf</filename> for binary
> : -       updates.</para>
> : +      <para>Keep a note of the generated key fingerpring.  This value is
> : +       entered into <filename>/etc/freebsd-update.conf</filename> for
> : +       binary updates.</para>
> :      </note>
>
> There are various places that the article refers to  "KeyPrint".  I think it
> means "key fingerpring", but I am not sure.  If that's what the real meaning
> should be, please use "key fingerprint".
>
>   

Probably, but we need some input from Jason here. I assume you are right.

> :      <screen>Mon Aug 24 17:54:07 PDT 2009 Extracting world+src for FreeBSD/amd64 7.2-RELEASE
> : @@ -411,10 +428,7 @@ to sign the release.</screen>
> :        file named <filename>USAGE</filename>.  Execute
> :        <filename>scripts/approve.sh</filename>, as directed.  This will sign
> :        the release, and move components into a staging area suitable for
> : -      uploading.  It is important to make sure that your key is mounted
> : -      during this process.  A simple <command>df</command> will show if it
> : -      is mounted.  If not mounted, mount the key with the passphrase supplied
> : -      when creating it earlier.</para>
> : +      uploading.</para>
>
> I don't know where the key mounting bits come from.  It seems to refer to
> those FreeBSD installations where PGP keys are stored in removable media, like
> a USB flash disk.  Why do we have to explicitly mention this here?  After all,
> we don't describe how gpg-agent(1) works, or how seahorse(1) integrates PGP
> with Gnome, or any other case of the dozens of PGP setups possible...
>
>   

Same here, I am not really sure what the key mounting refers to.

> : @@ -524,9 +547,11 @@ Wed Aug 26 12:50:07 PDT 2009 Cleaning st
> :      <note>
> :        <para>When running a patch level build, we are assuming that previous
> :         patches are in place.  When a patch build is run, it will run all
> : -       patches less than or equal to the number specified.  Beyond this,
> : -       you will have to take appropriate measures to verify authenticity
> : -       of the patch.</para>
> : +       patches less than or equal to the number specified.</para>
> : +
> : +      <para><emphasis>It is up to the administrator of the freebsd-update
> : +         server to take appropriate measures to verify the authenticity of
> : +         every patch.</emphasis></para>
>
> I think we ought to emphasize a bit the part about patch authenticity, but I
> am not sure if I chose the right way to do this.
>
>   

Or maybe use <warning> around it?

> : -    <para>Follow the same process as noted before for appoving a build.</para>
> : +    <para>Follow the same process as noted before for approving a build:</para>
>
> Typo.
>
> There are more changes, in the attached patch.  Most of them are attempts to
> improve the wording of various small parts of the article.  Please see the
> attached diff for all of them.
>
>   

The patch has been applied, the new version is available in mercurial
and also uploaded again to freefall.

> One more important detail.  We are still discussing at doceng@ how we can
> bring the final article into CVS.  So, please hold from committing this, until
> we have resolved all the remaining details.
>
>   

Yes, I am aware of this. 
Jason has thought of something like this (copied from email):

<sect1 id="afterword">
    <title>Afterword</title>

    <para>This <ulink
url="http://www.experts-exchange.com/articles/OS/Unix/BSD/FreeBSD/Build-Your-Own-FreeBSD-Update-Server.html">FreeBSD

Update </ulink> article was originally published at <ulink
url="http://www.experts-exchange.com">Experts-Exchange</ulink>.</para>
</sect1>

and I thought we could turn this into  something like "Acknowledgements
/ Further Reading" section (will probably need to be expanded a bit).
Does this make any sense?

> I'm sure that a lot of people will love reading an article that describes in
> detail how to set up a local freebsd-update server.  Thanks for all the work
> done so far on what seems to be an excellent article! :-D
>   

And we thank you for the thorough review :)

More information about the freebsd-doc mailing list