From owner-cvs-projects@FreeBSD.ORG Tue Sep 1 10:49:17 2009 Return-Path: Delivered-To: cvs-projects@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B335106568D; Tue, 1 Sep 2009 10:49:17 +0000 (UTC) (envelope-from cperciva@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id E43EF8FC1B; Tue, 1 Sep 2009 10:49:16 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n81AnGCo059060; Tue, 1 Sep 2009 10:49:16 GMT (envelope-from cperciva@repoman.freebsd.org) Received: (from cperciva@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n81AnGVF059059; Tue, 1 Sep 2009 10:49:16 GMT (envelope-from cperciva) Message-Id: <200909011049.n81AnGVF059059@repoman.freebsd.org> From: Colin Percival Date: Tue, 1 Sep 2009 10:49:16 +0000 (UTC) To: projects-committers@FreeBSD.org, cvs-projects@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: projects/freebsd-update-server/tools umirror-init.sh umirror-package.sh umirror-release.sh umirror.sh X-BeenThere: cvs-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the projects tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2009 10:49:17 -0000 cperciva 2009-09-01 10:49:16 UTC FreeBSD projects repository Added files: freebsd-update-server/tools umirror-init.sh umirror-package.sh umirror-release.sh umirror.sh Log: Add scripts used for mirroring FreeBSD Update bits. In order to keep the window between SVN commits being done to the src tree and updates being available via FreeBSD Update to a minimum, bits are distributed first as encrypted tarballs and encryption keys are "released" later. The list of tarballs and their hashes is signed with an RSA key. Server-side usage: * Run umirror-init.sh on update-master to generate a key and set up some files. * Make FreeBSD Update buildboxes upload bits into a staging directory (e.g., ~builder/update-master-stage). * Run umirror-package.sh to package up bits from the staging directory and publish an encrypted tarball. * Wait until it's time to release the bits. * Run umirror-release.sh to publish all not-yet-released decryption keys. Mirror-side usage: * Run umirror.sh from a cron job to poll for updates, downloading encrypted tarballs when they become available, and downloading the decryption keys and extracting the bits when possible. I recommend running umirror.sh from a cron job every minute, guarded by a lock file. The FreeBSD Project is using these scripts now, but other users of FreeBSD Update probably do not need them -- the FreeBSD Update build code is designed to upload bits directly to a published directory. These scripts are only made necessary by the dual problems of (a) wanting to get FreeBSD Update bits out to multiple mirrors quickly, and (b) dealing with embargoed updates. Revision Changes Path 1.1 +45 -0 projects/freebsd-update-server/tools/umirror-init.sh (new) 1.1 +62 -0 projects/freebsd-update-server/tools/umirror-package.sh (new) 1.1 +18 -0 projects/freebsd-update-server/tools/umirror-release.sh (new) 1.1 +164 -0 projects/freebsd-update-server/tools/umirror.sh (new)