Date: Mon, 18 Feb 2013 15:29:07 +0000 (UTC) From: Gabor Kovesdan <gabor@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org Subject: svn commit: r41007 - in projects/xml-tools: bn_BD.ISO10646-1/articles/explaining-bsd bn_BD.ISO10646-1/articles/new-users de_DE.ISO8859-1/htdocs de_DE.ISO8859-1/share/xml en_US.ISO8859-1/articles/co... Message-ID: <201302181529.r1IFT7la013541@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gabor Date: Mon Feb 18 15:29:06 2013 New Revision: 41007 URL: http://svnweb.freebsd.org/changeset/doc/41007 Log: - MFH Added: projects/xml-tools/share/pgpkeys/achim.key - copied unchanged from r41006, head/share/pgpkeys/achim.key projects/xml-tools/share/pgpkeys/pclin.key - copied unchanged from r41006, head/share/pgpkeys/pclin.key Deleted: projects/xml-tools/en_US.ISO8859-1/htdocs/FAQ/ Modified: projects/xml-tools/bn_BD.ISO10646-1/articles/explaining-bsd/article.xml projects/xml-tools/bn_BD.ISO10646-1/articles/new-users/article.xml projects/xml-tools/de_DE.ISO8859-1/htdocs/about.xml projects/xml-tools/de_DE.ISO8859-1/share/xml/news.xml projects/xml-tools/de_DE.ISO8859-1/share/xml/press.xml projects/xml-tools/en_US.ISO8859-1/articles/committers-guide/article.xml projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.additional.xml projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.committers.xml projects/xml-tools/en_US.ISO8859-1/articles/portbuild/article.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/book.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/boot/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/driverbasics/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/isa/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/jail/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/kobj/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/mac/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/newbus/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/pccard/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/scsi/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/smp/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/sound/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/usb/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/arch-handbook/vm/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/developers-handbook/testing/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/developers-handbook/tools/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/faq/book.xml projects/xml-tools/en_US.ISO8859-1/books/fdp-primer/book.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/book.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/boot/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/config/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/desktop/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/disks/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/filesystems/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/geom/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/introduction/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/jails/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/kernelconfig/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/l10n/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/linuxemu/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/mac/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/mail/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/mirrors/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/handbook/printing/chapter.xml projects/xml-tools/en_US.ISO8859-1/books/porters-handbook/book.xml (contents, props changed) projects/xml-tools/en_US.ISO8859-1/htdocs/Makefile projects/xml-tools/en_US.ISO8859-1/htdocs/donations/wantlist.xml projects/xml-tools/en_US.ISO8859-1/htdocs/features.xml projects/xml-tools/en_US.ISO8859-1/htdocs/internal/internal.xml projects/xml-tools/en_US.ISO8859-1/htdocs/layout/css/layout.css projects/xml-tools/en_US.ISO8859-1/htdocs/mailto.xml projects/xml-tools/en_US.ISO8859-1/htdocs/projects/newbies.xml projects/xml-tools/en_US.ISO8859-1/htdocs/releng/index.xml projects/xml-tools/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml projects/xml-tools/ja_JP.eucJP/books/handbook/cutting-edge/chapter.xml projects/xml-tools/ja_JP.eucJP/books/handbook/mirrors/chapter.xml projects/xml-tools/ja_JP.eucJP/books/handbook/ports/chapter.xml projects/xml-tools/ja_JP.eucJP/htdocs/internal/internal.xml projects/xml-tools/ja_JP.eucJP/htdocs/mailto.xml projects/xml-tools/ja_JP.eucJP/share/xml/news.xml projects/xml-tools/nl_NL.ISO8859-1/articles/contributing/article.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/audit/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/disks/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/filesystems/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/firewalls/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/jails/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/linuxemu/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/mail/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/multimedia/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/network-servers/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/security/chapter.xml projects/xml-tools/nl_NL.ISO8859-1/books/handbook/virtualization/chapter.xml projects/xml-tools/share/pgpkeys/des.key projects/xml-tools/share/pgpkeys/pgpkeys-developers.xml projects/xml-tools/share/pgpkeys/pgpkeys.ent projects/xml-tools/share/xml/authors.ent projects/xml-tools/share/xml/developers.ent projects/xml-tools/share/xml/mirrors.xml projects/xml-tools/share/xml/news.xml projects/xml-tools/share/xml/press.xml Directory Properties: projects/xml-tools/ (props changed) projects/xml-tools/de_DE.ISO8859-1/ (props changed) projects/xml-tools/en_US.ISO8859-1/ (props changed) projects/xml-tools/ja_JP.eucJP/ (props changed) projects/xml-tools/nl_NL.ISO8859-1/ (props changed) projects/xml-tools/share/ (props changed) Modified: projects/xml-tools/bn_BD.ISO10646-1/articles/explaining-bsd/article.xml ============================================================================== --- projects/xml-tools/bn_BD.ISO10646-1/articles/explaining-bsd/article.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/bn_BD.ISO10646-1/articles/explaining-bsd/article.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -1,3 +1,4 @@ +<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.5-Based Extension//EN" "../../../share/xml/freebsd45.dtd"> <!-- Modified: projects/xml-tools/bn_BD.ISO10646-1/articles/new-users/article.xml ============================================================================== --- projects/xml-tools/bn_BD.ISO10646-1/articles/new-users/article.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/bn_BD.ISO10646-1/articles/new-users/article.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -1,3 +1,4 @@ +<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.5-Based Extension//EN" "../../../share/xml/freebsd45.dtd"> <!-- Modified: projects/xml-tools/de_DE.ISO8859-1/htdocs/about.xml ============================================================================== --- projects/xml-tools/de_DE.ISO8859-1/htdocs/about.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/de_DE.ISO8859-1/htdocs/about.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN" "http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [ -<!ENTITY dedate "$FreeBSDde: de-www/about.xml,v 1.13 2008/03/24 15:33:41 jkois Exp $"> -<!ENTITY reference "basiert auf: 1.13"> +<!ENTITY dedate "$FreeBSDde$"> +<!ENTITY reference "basiert auf: r40760"> <!ENTITY title "Über FreeBSD"> ]> @@ -64,7 +64,7 @@ <h2>Viele Anwendungen</h2> - <p>Mit über 17.000 portierten Bibliotheken und <a + <p>Mit über 24.000 portierten Bibliotheken und <a href="&base;/applications.html">Anwendungen</a> eignet sich FreeBSD hervorragend als Betriebssystem für Desktop- und Serversysteme sowie eingebettete Systeme.</p> Modified: projects/xml-tools/de_DE.ISO8859-1/share/xml/news.xml ============================================================================== --- projects/xml-tools/de_DE.ISO8859-1/share/xml/news.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/de_DE.ISO8859-1/share/xml/news.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -4,7 +4,7 @@ <!-- $FreeBSD$ $FreeBSDde$ - basiert auf: r40659 + basiert auf: r40903 --> <!-- Simple schema for FreeBSD Project news. @@ -42,12 +42,30 @@ <name>1</name> <day> - <name>16</name> + <name>23</name> <event> - <p>Neuer Committer: <a + <p>Neuer Committer: <a + href="mailto:achim@FreeBSD.org">Achim Leubner</a> (src)</p> + </event> + </day> + + <day> + <name>22</name> + + <event> + <p>Neuer Committer: <a + href="mailto:dru@FreeBSD.org">Dru Lavigne</a> (doc)</p> + </event> + </day> + + <day> + <name>16</name> + + <event> + <p>Neuer Committer: <a href="mailto:carl@FreeBSD.org">Carl Delsey</a> (src)</p> - </event> + </event> </day> <day> @@ -127,6 +145,15 @@ href="http://freebsdfoundation.blogspot.com/2013/01/faces-of-freebsd-thomas-abthorpe.html">hier.</a></p>; </event> </day> + + <day> + <name>7</name> + + <event> + <p>Neuer Committer: <a + href="mailto:ian@FreeBSD.org">Ian Lepore</a> (src)</p> + </event> + </day> </month> </year> @@ -160,6 +187,15 @@ </day> <day> + <name>24</name> + + <event> + <p>Neuer Committer: <a + href="mailto:koobs@FreeBSD.org">Kubilay Kocak</a> (ports)</p> + </event> + </day> + + <day> <name>20</name> <event> Modified: projects/xml-tools/de_DE.ISO8859-1/share/xml/press.xml ============================================================================== --- projects/xml-tools/de_DE.ISO8859-1/share/xml/press.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/de_DE.ISO8859-1/share/xml/press.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -7,7 +7,7 @@ "freefall:/c/www/bsddoc/press/". $FreeBSD$ $FreeBSDde$ - basiert auf: r40251 + basiert auf: r40864 --> <press> @@ -16,6 +16,26 @@ </cvs:keyword> <year> + <name>2013</name> + + <month> + <name>1</name> + + <story> + <name>A Decade of OS Access-control Extensibility</name> + <url>https://queue.acm.org/detail.cfm?id=2430732</url>; + <site-name>ACM Queue</site-name> + <site-url>https://queue.acm.org/</site-url>; + <date>18. Januar 2013</date> + <author>Robert N. M. Watson</author> + <p>Wer sich näher mit der Absicherung von Betriebssystemen + beschäftigt, ist erstaunt über die zahlreichen in der + Praxis eingesetzten Modelle zur Zugangskontrolle.</p> + </story> + </month> + </year> + + <year> <name>2012</name> <month> Modified: projects/xml-tools/en_US.ISO8859-1/articles/committers-guide/article.xml ============================================================================== --- projects/xml-tools/en_US.ISO8859-1/articles/committers-guide/article.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/en_US.ISO8859-1/articles/committers-guide/article.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -4156,24 +4156,6 @@ bak/packages packages from last complet there are at least some perks:</para> <variablelist> - - <varlistentry> - <term>Direct access to <hostid>cvsup-master</hostid></term> - - <listitem> - <para>As a committer, you may apply to &a.kuriyama; for direct access - to <hostid role="fqdn">cvsup-master.FreeBSD.org</hostid>, - providing the public key output from <command>cvpasswd - <replaceable>yourusername</replaceable>@FreeBSD.org - freefall.FreeBSD.org</command>. Please note: you must - specify <hostid>freefall.FreeBSD.org</hostid> on the - <command>cvpasswd</command> command line even though the - actual server is <hostid>cvsup-master</hostid>. Access to - <hostid>cvsup-master</hostid> should not be overused as it is - a busy machine.</para> - </listitem> - </varlistentry> - <varlistentry> <term>Free 4-CD and DVD Sets</term> Modified: projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.additional.xml ============================================================================== --- projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.additional.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.additional.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -2603,6 +2603,11 @@ </listitem> <listitem> + <para>Dmitry Kazarov + <email>d.y.kazarov@mail.ru</email></para> + </listitem> + + <listitem> <para>Dmitry Khrustalev <email>dima@xyzzy.machaon.ru</email></para> </listitem> @@ -3366,7 +3371,7 @@ <listitem> <para>Gary Hayers - <email>gary@hayers.net</email></para> + <email>gary@hayers.org</email></para> </listitem> <listitem> @@ -6835,6 +6840,11 @@ </listitem> <listitem> + <para>Michael Sanders + <email>mike@topcat.hypermart.net</email></para> + </listitem> + + <listitem> <para>Michael Sardo <email>jaeger16@yahoo.com</email></para> </listitem> @@ -8380,11 +8390,6 @@ </listitem> <listitem> - <para>Po-Chien Lin - <email>linpc@cs.nctu.edu.tw</email></para> - </listitem> - - <listitem> <para>Pomegranate <email>daver@flag.blackened.net</email></para> </listitem> @@ -8792,6 +8797,11 @@ </listitem> <listitem> + <para>Dr. Rolf Jansen + <email>cyclaero@gmail.com</email></para> + </listitem> + + <listitem> <para>Roman Neuhauser <email>neuhauser@chello.cz</email></para> </listitem> Modified: projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.committers.xml ============================================================================== --- projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/en_US.ISO8859-1/articles/contributors/contrib.committers.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -524,6 +524,10 @@ </listitem> <listitem> + <para>&a.smh;</para> + </listitem> + + <listitem> <para>&a.ehaupt;</para> </listitem> @@ -820,6 +824,10 @@ </listitem> <listitem> + <para>&a.achim;</para> + </listitem> + + <listitem> <para>&a.truckman;</para> </listitem> @@ -840,6 +848,10 @@ </listitem> <listitem> + <para>&a.pclin;</para> + </listitem> + + <listitem> <para>&a.yzlin;</para> </listitem> Modified: projects/xml-tools/en_US.ISO8859-1/articles/portbuild/article.xml ============================================================================== --- projects/xml-tools/en_US.ISO8859-1/articles/portbuild/article.xml Mon Feb 18 13:03:19 2013 (r41006) +++ projects/xml-tools/en_US.ISO8859-1/articles/portbuild/article.xml Mon Feb 18 15:29:06 2013 (r41007) @@ -60,7 +60,7 @@ <title>The codebase</title> <para>Most of the package building magic occurs under the - <filename>/var/portbuild</filename> directory. Unless + <filename>/a/portbuild</filename> directory. Unless otherwise specified, all paths will be relative to this location. <replaceable>${arch}</replaceable> will be used to specify one of the package architectures @@ -74,15 +74,16 @@ </para> <note> - <para>Packages are no longer built for branches 4, 5, or 6, nor + <para>FreeBSD no longer builds packages for branches 4, 5, or 6, nor for the alpha architecture.</para> </note> - <para>The scripts that control all of this live in - <filename role="directory">/var/portbuild/scripts/</filename>. + <para>The scripts that control all of this live in either + <filename role="directory">/a/portbuild/scripts/</filename> or. + <filename role="directory">/a/portbuild/admin/scripts/</filename>. These are the checked-out copies from the Subversion repository at - <ulink url="http://svnweb.freebsd.org/base/projects/portbuild/scripts/">; - <filename role="directory">base/projects/portbuild/scripts/</filename> + <ulink url="http://svnweb.freebsd.org/base/projects/portbuild/">; + <filename role="directory">base/projects/portbuild/</filename> </ulink>.</para> <para>Typically, incremental builds are done that use previous @@ -109,7 +110,7 @@ </sect2> <sect2 id="codebase-notes"> - <title>Notes on the codebase</title> + <title>Historical notes on the codebase</title> <para>Until mid-2010, the scripts were completely specific to <hostid>pointyhat.FreeBSD.org</hostid> as the head (dispatch) node. During @@ -145,18 +146,6 @@ </listitem> </itemizedlist> - <para>This document was originally written before these changes - were made. Where things such as script invocations have changed, - they were denoted as <literal>new codebase:</literal> as opposed - to <literal>old codebase:</literal>.</para> - - <note> - <para>Up until November 2012, <hostid>pointyhat</hostid> had still - been running the old codebase. That installation has now been - permanently offlined. Therefore, all the instructions having - to do with the old codebase have been removed.</para> - </note> - <note> <para>Also during this process, the codebase was migrated to the <ulink url="http://svnweb.freebsd.org/base/projects/portbuild/scripts/">; @@ -166,16 +155,61 @@ found in CVS</ulink>.</para> </note> </sect2> + + <sect2 id="pointyhat-privsep"> + <title>Notes on privilege separation</title> + + <para>As of January 2013, a rewrite is in progress to further separate + privileges. The following concepts are introduced:</para> + + <itemizedlist> + <listitem> + <para>Server-side user <username>portbuild</username> assumes all + responsiblity for operations involving builds and communicating + with the clients. This user no longer has access to + <application>sudo</application>.</para> + </listitem> + + <listitem> + <para>Server-side user <username>srcbuild</username> is created + and given responsiblity for operations involving both VCS + operations and anything involving src builds for the clients. + This user does not have access to + <application>sudo</application>.</para> + </listitem> + + <listitem> + <para>The server-side + <literal>ports-</literal><replaceable>arch</replaceable> + users go away.</para> + </listitem> + + <listitem> + <para>None of the above server-side users have + <application>ssh</application> keys. Individual + <literal>portmgr</literal> will accomplish all those + tasks using <application>ksu</application>. (This is + still work-in-progress.)</para> + </listitem> + + <listitem> + <para>The only client-side user is also named + <username>portbuild</username> and still has access to + <application>sudo</application> for the purpose of managing + jails.</para> + </listitem> + </itemizedlist> + </sect2> </sect1> <sect1 id="management"> <title>Build Client Management</title> - <para>The &i386; clients co-located with <hostid>pointyhat</hostid> - netboot from it (<replaceable>connected</replaceable> nodes); all - other clients (<replaceable>disconnected</replaceable> nodes) - are either self-hosted or netboot from some other - <literal>pxe</literal> host. + <para>You may set up clients to either netboot from the master + (<replaceable>connected</replaceable> nodes) + or have them either self-hosted or netboot from some other + <literal>pxe</literal> host + (<replaceable>disconnected</replaceable> nodes). In all cases they set themselves up at boot-time to prepare to build packages.</para> @@ -200,29 +234,31 @@ <sect1 id="setup"> <title>Jail Build Environment Setup</title> - <para>Package builds are performed in a + <para>Package builds are performed by the clients in a <literal>jail</literal> populated by the <filename>portbuild</filename> script using the <filename><replaceable>${arch}</replaceable>/<replaceable>${branch}</replaceable>/builds/<replaceable>${buildid}</replaceable>/bindist.tar</filename> file.</para> - <para>The <command>makeworld</command> command builds a world from the + <para>On the server, use the + <command>makeworld</command> command to build a world from the <filename><replaceable>${arch}</replaceable>/<replaceable>${branch}</replaceable>/builds/<replaceable>${buildid}</replaceable>/src/</filename> - tree and installs it into + tree and install it into <filename><replaceable>${arch}</replaceable>/<replaceable>${branch}</replaceable>/builds/<replaceable>${buildid}</replaceable>/bindist.tar</filename>. The tree will be updated first unless <literal>-novcs</literal> is - specified. It should be run as <username>root</username>:</para> + specified.</para> - <screen>&prompt.root; <userinput>/var/portbuild/scripts/makeworld <replaceable>${arch}</replaceable> <replaceable>${branch}</replaceable> <replaceable>${buildid}</replaceable> [-novcs]</userinput></screen> + <screen>&prompt.root; <userinput>/a/portbuild/admin/scripts/makeworld <replaceable>${arch}</replaceable> <replaceable>${branch}</replaceable> <replaceable>${buildid}</replaceable> [-novcs]</userinput></screen> - <para>The <filename>bindist.tar</filename> tarball is created from the + <para>Similiarly on the server, the + <filename>bindist.tar</filename> tarball is created from the previously installed world by the <command>mkbindist</command> - script. It should be also be run as <username>root</username>:</para> + script.</para> - <screen>&prompt.root; <userinput>/var/portbuild/scripts/mkbindist <replaceable>${arch}</replaceable> <replaceable>${branch}</replaceable> <replaceable>${buildid}</replaceable></userinput></screen> + <screen>&prompt.root; <userinput>/a/portbuild/admin/scripts/mkbindist <replaceable>${arch}</replaceable> <replaceable>${branch}</replaceable> <replaceable>${buildid}</replaceable></userinput></screen> - <para>The per-machine tarballs are located in + <para>The per-machine tarballs are located on the server in <filename><replaceable>${arch}</replaceable>/clients</filename>.</para> <para>The <filename>bindist.tar</filename> file is extracted @@ -233,6 +269,16 @@ <para>For both commands above, if <replaceable>${buildid}</replaceable> is <literal>latest</literal>, it may be omitted.</para> + + <note> + <para>Currently the above two scripts must be run as + <username>root</username>; otherwise, the install scripts + lack sufficient permissions. This is undesirable for + security reasons. Work is in progress in -HEAD to allow + users to do installations; once that is committed, the + intention is to use that and run these two commands as + <username>srcbuild</username>.</para> + </note> </sect1> <sect1 id="customizing"> @@ -782,7 +828,7 @@ PKG_BIN=/usr/local/sbin/pkg</programlist <para>To free up resources, you will need to clean up client machines by running <command>build cleanup</command> command. For example:</para> - <screen>&prompt.user; <userinput>/var/portbuild/scripts/build cleanup i386 8-exp 20080714120411 -full</userinput></screen> + <screen>&prompt.user; <userinput>/a/portbuild/scripts/build cleanup i386 8-exp 20080714120411 -full</userinput></screen> <para>If you forget to do this, then the old build <literal>jail</literal>s will not be cleaned up for 24 hours, and no @@ -797,6 +843,11 @@ PKG_BIN=/usr/local/sbin/pkg</programlist and it is less than the number of jobs that <literal>loads</literal> thinks are in use, you are in trouble.</para> + <note> + <para>The following notes about mounting only apply to + <literal>connected</literal> nodes.</para> + </note> + <para>You may have problem with the <command>umount</command> commands hanging. If so, you are going to have to use the <command>allgohans</command> script to run an &man.ssh.1; @@ -826,6 +877,11 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <para>You may also see messages about <literal>procfs</literal>.</para> </note> + <note> + <para>The above is the end of the notes that apply only to + <literal>connected</literal> nodes.</para> + </note> + <para>After you have done all the above, remove the <filename><replaceable>${arch}</replaceable>/lock</filename> file before trying to restart the build. If you do not, @@ -872,7 +928,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <userinput>scripts/stats <replaceable>${branch}</replaceable></userinput> command shows the number of packages already built.</para> - <para>Running <userinput>cat /var/portbuild/*/loads/*</userinput> + <para>Running <userinput>cat /a/portbuild/*/loads/*</userinput> shows the client loads and number of concurrent builds in progress. The files that have been recently updated are the clients that are online; the others are the offline clients.</para> @@ -909,7 +965,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 it if not.</para> <para>Keep an eye on &man.df.1; output. If the - <filename>/var/portbuild</filename> file system becomes full + <filename>/a/portbuild</filename> file system becomes full then <trademark>Bad Things</trademark> happen.</para> <para>The status of all current builds is generated periodically @@ -1014,12 +1070,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <screen>&prompt.user; <userinput>cd <replaceable>${arch}</replaceable>/<replaceable>${branch}</replaceable></userinput> &prompt.user; <userinput>find distfiles > distfiles-<replaceable>${release}</replaceable></userinput></screen> - <!-- XXX MCL apparently obsolete --> - <para>This inventory file typically lives in - <filename>i386/<replaceable>${branch}</replaceable></filename> - on the cluster master.</para> - - <para>This is useful to aid in periodically cleaning out + <para>You should use that output to periodically clean out the distfiles from <hostid>ftp-master</hostid>. When space gets tight, distfiles from recent releases can be kept while others can be thrown away.</para> @@ -1043,6 +1094,16 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <sect1 id="uploading"> <title>Uploading Packages</title> + <note> + <para>For FreeBSD.org as of 2013, the instructions + about uploading to <hostid>ftp-master</hostid> are obsolete. + In the future, <hostid>ftp-master</hostid> will pull + from <hostid>pointyhat</hostid>, using a mechanism yet + to be implemented. However, the instructions about + <makevar>RESTRICTED</makevar> and <makevar>NO_CDROM</makevar> + must still be <emphasis>carefully</emphasis> followed.</para> + </note> + <para>Once a build has completed, packages and/or distfiles can be transferred to <hostid>ftp-master</hostid> for propagation to the FTP mirror network. If the build was @@ -1120,7 +1181,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 a new release), copy packages to the staging area on <hostid>ftp-master</hostid> with something like the following:</para> - <screen>&prompt.root; <userinput>cd /var/portbuild/<replaceable>${arch}</replaceable>/<replaceable>${branch}</replaceable></userinput> + <screen>&prompt.root; <userinput>cd /a/portbuild/<replaceable>${arch}</replaceable>/<replaceable>${branch}</replaceable></userinput> &prompt.root; <userinput>tar cfv - packages/ | ssh portmgr@ftp-master tar xfC - w/ports/<replaceable>${arch}</replaceable>/tmp/<replaceable>${subdir}</replaceable></userinput></screen> <para>Then log into <hostid>ftp-master</hostid>, verify that @@ -1148,7 +1209,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <para>Distfiles should be transferred with the <command>cpdistfiles</command> script:</para> - <screen>&prompt.root; <userinput>/var/portbuild/scripts/cpdistfiles <replaceable>${arch}</replaceable> <replaceable>${branch}</replaceable> <replaceable>${buildid}</replaceable> [-yesreally] | tee log2</userinput></screen> + <screen>&prompt.root; <userinput>/a/portbuild/scripts/cpdistfiles <replaceable>${arch}</replaceable> <replaceable>${branch}</replaceable> <replaceable>${buildid}</replaceable> [-yesreally] | tee log2</userinput></screen> <para>Doing it by hand is deprecated.</para> </sect1> @@ -1156,6 +1217,11 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <sect1 id="expbuilds"> <title>Experimental Patches Builds</title> + <note> + <para>Most of the information in this section is obsolete + as of 2013 and needs to be rewritten.</para> + </note> + <para>Experimental patches builds are run from time to time to new features or bugfixes to the ports infrastructure (i.e. <filename>bsd.port.mk</filename>), or to test large sweeping @@ -1206,21 +1272,15 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 build. This will ensure an apples-to-apples comparison later.</para> - <!-- XXX MCL currently there is only one build cluster - <note><para>One build cluster can do the control build while the other - does the experimental patches build. This can be a great - time-saver.</para></note> - --> - <para>Once the build finishes, compare the control build failures to those of the experimental patches build. Use the following commands to facilitate this (this assumes the <literal>8</literal> branch is the control branch, and the <literal>8-exp</literal> branch is the experimental patches branch):</para> - <screen>&prompt.user; <userinput>cd /var/portbuild/i386/8-exp/errors</userinput> + <screen>&prompt.user; <userinput>cd /a/portbuild/i386/8-exp/errors</userinput> &prompt.user; <userinput>find . -name \*.log\* | sort > /tmp/8-exp-errs</userinput> -&prompt.user; <userinput>cd /var/portbuild/i386/8/errors</userinput> +&prompt.user; <userinput>cd /a/portbuild/i386/8/errors</userinput> &prompt.user; <userinput>find . -name \*.log\* | sort > /tmp/8-errs</userinput></screen> <note> @@ -1283,7 +1343,7 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 rebuild of the affected packages under the control branch:</para> - <screen>&prompt.user; <userinput>cd /var/portbuild/i386/8/ports</userinput></screen> + <screen>&prompt.user; <userinput>cd /a/portbuild/i386/8/ports</userinput></screen> <note> <para>The following example is obsolete</para> @@ -1296,9 +1356,9 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <!-- XXX MCL fix --> <para>The following command will set up the control branch for - the partial build (old codebase):</para> + the partial build:</para> - <screen>&prompt.user; <userinput>/var/portbuild/scripts/dopackages.8 -noportsvcs -nobuild -novcs -nofinish</userinput></screen> + <screen>&prompt.user; <userinput>/a/portbuild/scripts/dopackages.wrapper i386 8 -noportsvcs -nobuild -novcs -nofinish</userinput></screen> <!-- XXX MCL obsolete --> <para>The builds must be performed from the @@ -1306,14 +1366,14 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 initially be empty except for the Makefile symlink. If this symlink does not exist, it must be created:</para> - <screen>&prompt.user; <userinput>cd /var/portbuild/i386/8/packages/All</userinput> + <screen>&prompt.user; <userinput>cd /a/portbuild/i386/8/packages/All</userinput> &prompt.user; <userinput>ln -sf ../../Makefile .</userinput> &prompt.user; <userinput>make -k -j<#> <list of packages to build></userinput></screen> <note> <para><#> is the concurrency of the build to attempt. It is usually the sum of the weights listed in - <filename>/var/portbuild/i386/mlist</filename> unless you have a + <filename>/a/portbuild/i386/mlist</filename> unless you have a reason to run a heavier or lighter build.</para> <para>The list of packages to build should be a list of package @@ -1346,17 +1406,15 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <para>Before following these steps, please coordinate with <literal>portmgr</literal>.</para> - <note> - <para>Due to some generous donations, <literal>portmgr</literal> is - no longer looking for the loan of &i386; or <literal>amd64</literal> - systems. However, we are still interested in borrowing tier-2 - systems.</para> - </note> - <sect2 id="node-requirements"> <title>Node requirements</title> - <para><literal>portmgr</literal> is still working on characterizing + <note> + <para>This section is only of interest when considering + tier-2 architectures.</para> + </note> + + <para>Here are the requirement for what a node needs to be generally useful.</para> <itemizedlist> @@ -1436,7 +1494,8 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <filename>/usr2/</filename>.)</para> <note> <para>The filename <filename>chroot</filename> is a - historical remnant.</para> + historical remnant. The <command>chroot</command> + command is no longer used.</para> </note> </step> </procedure> @@ -1477,8 +1536,9 @@ umount: Cleanup of /x/tmp/8-exp/chroot/5 <step> <para>Generate a kernel config file. Include - <filename>GENERIC</filename> (or, if you are using more than - 3.5G on &i386;, <filename>PAE</filename>).</para> + <filename>GENERIC</filename> (or, if on &i386;, and + you are using more than + 3.5G, <filename>PAE</filename>).</para> <para>Required options:</para> @@ -1493,9 +1553,14 @@ options SHMMAXPGS=65536 options SEMMNI=40 options SEMMNS=240 options SEMUME=40 -options SEMMNU=120 +options SEMMNU=120</programlisting> + + <para>If you are interested in debugging general + problems, you may wish to use the following. + However, for unattended operations, it is best + to leave it out:</para> -options ALT_BREAK_TO_DEBUGGER</programlisting> + <programlisting>options ALT_BREAK_TO_DEBUGGER</programlisting> <para>For <filename>PAE</filename>, it is not currently possible to load modules. Therefore, if you are running an architecture @@ -1912,7 +1977,7 @@ portbuild ALL=(ALL) NOPASSWD: ALL</p <step> <para>Create - <filename>/var/portbuild/<replaceable>${arch}</replaceable>/clients/bindist-<replaceable>${hostname}</replaceable>.tar</filename>.</para> + <filename>/a/portbuild/<replaceable>${arch}</replaceable>/clients/bindist-<replaceable>${hostname}</replaceable>.tar</filename>.</para> <itemizedlist> <listitem> @@ -1951,16 +2016,16 @@ MASTER_SITE_OVERRIDE= \ <para>Hint: you will need one of these for each machine; however, if you have multiple machines at one site, you should create a site-specific one (e.g., in - <filename>/var/portbuild/conf/clients/</filename>) + <filename>/a/portbuild/conf/clients/</filename>) and symlink to it.</para> </step> <step> <para>Create -<filename>/var/portbuild/<replaceable>${arch}</replaceable>/portbuild-<replaceable>${hostname}</replaceable></filename> +<filename>/a/portbuild/<replaceable>${arch}</replaceable>/portbuild-<replaceable>${hostname}</replaceable></filename> using one of the existing ones as a guide. This file contains overrides to -<filename>/var/portbuild/<replaceable>${arch}</replaceable>/portbuild.conf</filename>.</para> +<filename>/a/portbuild/<replaceable>${arch}</replaceable>/portbuild.conf</filename>.</para> <para>Suggested values:</para> @@ -2026,7 +2091,7 @@ ssh_cmd="/usr/local/bin/ssh"</programlis <step> <para>Populate the client's copy of <filename>/var/portbuild/scripts/</filename> by something like - <userinput>/var/portbuild/scripts/dosetupnode <replaceable>arch</replaceable> <replaceable>major</replaceable> latest <replaceable>hostname</replaceable></userinput>. + <userinput>/a/portbuild/scripts/dosetupnode <replaceable>arch</replaceable> <replaceable>major</replaceable> latest <replaceable>hostname</replaceable></userinput>. Verify that you now have files in that directory.</para> </step> @@ -2071,7 +2136,7 @@ ssh_cmd="/usr/local/bin/ssh"</programlis <para>Once you are sure that the client is working, tell <application>pollmachine</application> about it by adding it to - <filename>/var/portbuild/<replaceable>${arch}</replaceable>/mlist</filename>.</para> + <filename>/a/portbuild/<replaceable>${arch}</replaceable>/mlist</filename>.</para> </step> </procedure> </sect2> @@ -2087,10 +2152,15 @@ ssh_cmd="/usr/local/bin/ssh"</programlis be done to specify that the previous branch is no longer equivalent to <literal>HEAD</literal>.</para> + <note> + <para>As + <literal>srcbuild</literal>:</para> + </note> + <itemizedlist> <listitem> <para> - Edit <filename>/var/portbuild/conf/server.conf</filename> + Edit <filename>/a/portbuild/conf/admin/admin.conf</filename> with the following changes:</para> <itemizedlist> @@ -2115,7 +2185,7 @@ ssh_cmd="/usr/local/bin/ssh"</programlis </listitem> <listitem> - <para>Run <command>/var/portbuild/updatesnap</command> manually.</para> + <para>Run <command>/a/portbuild/admin/scripts/updatesnap</command> manually.</para> </listitem> </itemizedlist> </sect2> @@ -2123,24 +2193,21 @@ ssh_cmd="/usr/local/bin/ssh"</programlis <sect2 id="new-branch-post-qmanager"> <title>Steps necessary after <application>qmanager</application> is started</title> - <note> - <para>Again, as - <literal>portbuild</literal>:</para> - </note> - <itemizedlist> <listitem> <para>For each branch that will be supported, do the following:</para> <itemizedlist> <listitem> - <para>Kick-start the build for the branch with:</para> + <para>As <literal>portbuild</literal>, + kick-start the build for the branch with:</para> <screen>build create <replaceable>arch</replaceable> <replaceable>branch</replaceable></screen> </listitem> <listitem> - <para><link linkend="setup">Create + <para>As <literal>srcbuild</literal>, + <link linkend="setup">create <filename>bindist.tar</filename></link>.</para> </listitem> </itemizedlist> @@ -2157,7 +2224,7 @@ ssh_cmd="/usr/local/bin/ssh"</programlis <itemizedlist> <listitem> - <para>Edit <filename>/var/portbuild/conf/server.conf</filename> + <para>Edit <filename>/a/portbuild/admin/conf/admin.conf</filename> with the following changes:</para> <itemizedlist> @@ -2184,7 +2251,7 @@ zfs destroy -r a/snap/src-<replaceable>o <itemizedlist> <listitem> <para>You will probably find that the following files and - symlinks in <filename>/var/portbuild/errorlogs/</filename> + symlinks in <filename>/a/portbuild/errorlogs/</filename> can be removed:</para> <itemizedlist> @@ -2229,7 +2296,7 @@ zfs destroy -r a/snap/src-<replaceable>o <itemizedlist> <listitem> - <para>Edit <filename>/var/portbuild/conf/server.conf</filename> + <para>Edit <filename>/a/portbuild/admin/conf/admin.conf</filename> with the following changes:</para> <itemizedlist> @@ -2244,7 +2311,7 @@ zfs destroy -r a/snap/src-<replaceable>o </listitem> <listitem> - <para>Run <command>/var/portbuild/updatesnap</command> manually.</para> + <para>Run <command>/a/portbuild/admin/scripts/updatesnap</command> manually.</para> </listitem> <listitem> @@ -2268,49 +2335,24 @@ zfs destroy -r a/snap/src-<replaceable>o <title>Steps necessary before <application>qmanager</application> is started</title> <note> - <para>The initial steps need to be done as - <literal>root</literal>.</para> + <para>The next steps are most easily done as user + <literal>portbuild</literal>.</para> </note> - <itemizedlist> - <listitem> - <para>If it has not already been done, create the - <literal>portbuild</literal> - user and group.</para> - </listitem> - - <listitem> - <screen>mkdir /var/portbuild/<replaceable>arch</replaceable></screen> - </listitem> - - <listitem> - <para>Create a new <application>zfs</application> filesystem:</para> - - <screen>&prompt.root; zfs create -o mountpoint=/a/portbuild/<replaceable>arch</replaceable> a/portbuild/<replaceable>arch</replaceable></screen> - </listitem> - - <listitem> - <screen>&prompt.root; chown portbuild:portbuild /var/portbuild/<replaceable>arch</replaceable>; -&prompt.root; chmod 775 /var/portbuild/<replaceable>arch</replaceable>; -&prompt.root; cd /var/portbuild/<replaceable>arch</replaceable></screen> - </listitem> - - <listitem> - <para>Create the <filename>.ssh</filename> directory.</para> - </listitem> - </itemizedlist> - <note> - <para>The next steps are most easily done as user - <literal>portbuild</literal>.</para> + <para>The following assumes you have already run + <literal>mkportbuild</literal>.</para> </note> <itemizedlist> <listitem> - <para>Create an archive directory for buildlogs and errorlogs - under <filename>archive/</filename>.</para> + <para>As the <literal>portbuild</literal> user, run</para> + + <screen>&prompt.user; /a/portbuild/admin/tools/addarch <replaceable>arch</replaceable></screen> </listitem> + </itemizedlist> + <itemizedlist> <listitem> <para>For each branch that will be supported, do the following:</para> @@ -2354,8 +2396,10 @@ zfs destroy -r a/snap/src-<replaceable>o </listitem> <listitem> - <para>Create a fresh <filename>portbuild.conf</filename> file - from one of the ones for another architecture.</para> + <para>Edit <filename>portbuild.conf</filename> + from one of the ones for another architecture. + <literal>addarch</literal> will have created a default + one for you.</para> </listitem> <listitem> @@ -2365,23 +2409,13 @@ zfs destroy -r a/snap/src-<replaceable>o </listitem> <listitem> - <screen>&prompt.root; cd .ssh && ssh-keygen</screen> - </listitem> - - <listitem> - <para>If desired, - edit the <filename>.ssh/config</filename> file for - convenience in using <application>ssh</application>.</para> - </listitem> - - <listitem> <para>If you need to create any tunnels:</para> <procedure> <step> <para>Make a private configuration directory:</para> - <screen>&prompt.root; mkdir /var/portbuild/conf/<replaceable>arch</replaceable></screen> + <screen>&prompt.root; mkdir /a/portbuild/conf/<replaceable>arch</replaceable></screen> </step> <step> @@ -2393,26 +2427,26 @@ zfs destroy -r a/snap/src-<replaceable>o </itemizedlist> <note> - <para>Once again as <literal>root</literal>:</para> + <para>As <literal>srcbuild</literal>:</para> </note> <itemizedlist> <listitem> <para>Add <replaceable>arch</replaceable> to <makevar>SUPPORTED_ARCHS</makevar> in - <filename>/var/portbuild/conf/server.conf</filename>.</para> + <filename>/a/portbuild/admin/conf/admin.conf</filename>.</para> </listitem> <listitem> <para>Add the <replaceable>arch</replaceable> directory to - <filename>/var/portbuild/scripts/zbackup</filename> and - <filename>/var/portbuild/scripts/zexpire</filename>.</para> + <filename>/a/portbuild/admin/scripts/zbackup</filename>. + (This is a hack and should go away.)</para> </listitem> </itemizedlist> <itemizedlist> <listitem> - <para>Add an appropriate <replaceable>arch</replaceable> entry for - <filename>/var/portbuild/scripts/dologs</filename> to the portbuild + <para>Enable the appropriate <replaceable>arch</replaceable> entry for + <filename>/a/portbuild/scripts/dologs</filename> to the portbuild <filename>crontab</filename>. (This is a hack and should go away.)</para> </listitem> </itemizedlist> @@ -2422,17 +2456,11 @@ zfs destroy -r a/snap/src-<replaceable>o <title>Steps necessary after <application>qmanager</application> is started</title> <note> - <para>Again as <literal>root</literal>:</para> + <para>Again as <literal>srcbuild</literal>:</para> </note> <itemizedlist> <listitem> - <para>Tell <application>qmanager</application> about the arch:</para> - - <screen>python <replaceable>path</replaceable>/qmanager/qclient add_acl name=ports-<replaceable>arch</replaceable> uidlist=ports-<replaceable>arch</replaceable> gidlist=portbuild sense=1</screen> - </listitem> - - <listitem> <para>For each branch that will be supported, do the following:</para> <itemizedlist> @@ -2452,54 +2480,6 @@ zfs destroy -r a/snap/src-<replaceable>o <para>Please talk to Mark Linimon before making any changes to this section.</para> - <sect2 id="pointyhat-privsep"> - <title>Notes on privilege separation</title> - - <para>As of January 2013, a rewrite is in progress to further separate - privileges. The following concepts are introduced:</para> - - <itemizedlist> - <listitem> - <para>Server-side user <username>portbuild</username> assumes all - responsiblity for operations involving builds and communicating - with the clients. This user no longer has access to - <application>sudo</application>.</para> - </listitem> - *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302181529.r1IFT7la013541>