Add FreeBSD Update 2.0 client code. The build code is in the projects

repository.

Sponsored by:	FreeBSD security development fundraiser

MAINTAINERS

@@ -118,6 +118,7 @@ pkg_install	krion	Pre-commit review or approval from portmgr@ requested.
 linux emul	emulation	Please discuss changes here.
 bs{diff,patch}	cperciva	Pre-commit review requested.
 portsnap	cperciva	Pre-commit review requested.
+freebsd-update	cperciva	Pre-commit review requested.
 sys/netgraph/bluetooth	emax	Pre-commit review preferred.
 lib/libbluetooth	emax	Pre-commit review preferred.
 lib/libsdp		emax	Pre-commit review preferred.

etc/Makefile

@@ -9,7 +9,8 @@ SUBDIR=	sendmail
 
 BIN1=	amd.map apmd.conf auth.conf \
 	crontab csh.cshrc csh.login csh.logout devd.conf devfs.conf \
-	dhclient.conf disktab fbtab ftpusers gettytab group \
+	dhclient.conf disktab fbtab freebsd-update.conf \
+	ftpusers gettytab group \
 	hosts hosts.allow hosts.equiv hosts.lpd \
 	inetd.conf login.access login.conf mac.conf motd \
 	netconfig network.subr networks newsyslog.conf nsswitch.conf \

etc/freebsd-update.conf

@@ -0,0 +1,48 @@
+# $FreeBSD$
+
+# Trusted keyprint.  Changing this is a Bad Idea unless you've received
+# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
+# change it and explaining why.
+KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
+
+# Server or server pool from which to fetch updates.  You can change
+# this to point at a specific server if you want, but in most cases
+# using a "nearby" server won't provide a measurable improvement in
+# performance.
+ServerName update.FreeBSD.org
+
+# Components of the base system which should be kept updated.
+Components src world kernel
+
+# Example for updating the userland and the kernel source code only:
+# Components src/base src/sys world
+
+# Paths which start with anything matching an entry in an IgnorePaths
+# statement will be ignored.
+IgnorePaths
+
+# Paths which start with anything matching an entry in an UpdateIfUnmodified
+# statement will only be updated if the contents of the file have not been
+# modified by the user.
+UpdateIfUnmodified /etc/ /var/
+
+### Default configuration options:
+
+# Directory in which to store downloaded updates and temporary
+# files used by FreeBSD Update.
+# WorkDir /var/db/freebsd-update
+
+# Destination to send output of "freebsd-update cron" if an error
+# occurs or updates have been downloaded.
+# MailTo root
+
+# Is FreeBSD Update allowed to create new files?
+# AllowAdd yes
+
+# Is FreeBSD Update allowed to delete files?
+# AllowDelete yes
+
+# If the user has modified file ownership, permissions, or flags, should
+# FreeBSD Update retain this modified metadata when installing a new version
+# of that file?
+# KeepModifiedMetadata yes

etc/mtree/BSD.var.dist

@@ -32,6 +32,8 @@
     db
         entropy         uname=operator gname=operator mode=0700
         ..
+        freebsd-update
+        ..
         ipf             mode=0700
         ..
         pkg

share/man/man5/Makefile

@@ -23,6 +23,7 @@ MAN=	acct.5 \
 	fbtab.5 \
 	fdescfs.5 \
 	forward.5 \
+	freebsd-update.conf.5 \
 	fs.5 \
 	fstab.5 \
 	group.5 \

share/man/man5/freebsd-update.conf.5

@@ -0,0 +1,151 @@
+.\"-
+.\" Copyright 2006 Colin Percival
+.\" All rights reserved
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted providing that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd August 30, 2006
+.Dt FREEBSD-UPDATE.CONF 5
+.Os FreeBSD
+.Sh NAME
+.Nm freebsd-update.conf
+.Nd configuration file for 
+.Xr freebsd-update 8
+.Sh DESCRIPTION
+The
+.Nm
+file controls the behaviour of the
+.Xr freebsd-update 8
+utility.
+The file contains lines consisting of a case-sensitive option name and 
+zero or more parameters.
+Empty lines and any part of a line following a
+.Ql #
+character are ignored.
+Unless stated otherwise, specifying an option multiple times is an 
+error.
+.Pp
+The possible options and their meanings are as follows:
+.Pp
+.Bl -tag -width "KeepModifiedMetadata"
+.It Cm KeyPrint 
+The single parameter following this keyword is the SHA256 hash
+of the RSA key which will be trusted to sign updates.
+.It Cm ServerName
+The single parameter following this keyword is the name of the
+server or server pool from which updates will be downloaded.
+.It Cm Components
+The parameters following this keyword are the components or
+sub-components of
+.Fx
+which will be updated.  The components are
+.Dq src
+(source code),
+.Dq world
+(non-kernel binaries), and
+.Dq kernel ;
+the sub-components are the individual distribution sets generated as
+part of the release process (e.g.,
+.Dq src/base ,
+.Dq src/sys ,
+.Dq world/base ,
+.Dq world/catpages ,
+.Dq kernel/smp ) .
+Note that prior to
+.Fx 6.1 ,
+the
+.Dq kernel
+component was distributed as part of
+.Dq world/base .
+.Pp
+This option can be specified multiple times, and the parameters
+accumulate.
+.It Cm IgnorePaths
+The parameters following this keyword are regular expressions;
+updates to paths which start with a string matching one of
+these regular expressions will be ignored.
+.Pp
+This option can be specified multiple times, and the parameters
+accumulate.
+.It Cm UpdateIfUnmodified
+The parameters following this keyword are regular expressions;
+updates to paths which start with a string matching one of
+these regular expressions will be ignored if the files have
+been modified locally.
+.Pp
+This option can be specified multiple times, and the parameters
+accumulate.
+.It Cm WorkDir
+The single parameter following this keyword is the directory
+in which temporary files and downloaded updates will be stored.
+.It Cm MailTo
+The single parameter following this keyword is the address
+to which
+.Cm cron
+output will be mailed.
+.It Cm AllowAdd
+The single parameter following this keyword must be
+.Dq yes
+or
+.Dq no
+and specifies whether
+.Cm freebsd-update
+is allowed to create new files, directories, and symlinks if
+these are part of updates downloaded.  Note that
+.Cm freebsd-update
+will not re-add files which have been deleted from a
+.Fx
+installation unless those files were previously added as part
+of an update.
+.It Cm AllowDelete
+The single parameter following this keyword must be
+.Dq yes
+or
+.Dq no
+and specifies whether
+.Cm freebsd-update
+is allowed to delete files, directories, and symlinks as
+part of updates downloaded.
+.It Cm KeepModifiedMetadata
+The single parameter following this keyword must be
+.Dq yes
+or
+.Dq no
+and specifies whether
+.Cm freebsd-update
+should keep existing file ownership, permissions, and flags
+when installing updates if these have been modified locally.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/freebsd-update.conf"
+.It /etc/freebsd-update.conf
+Default location of the
+.Cm freebsd-update
+configuration file.
+.El
+.Sh SEE ALSO
+.Xr freebsd-update 8
+.Xr sha256 8
+.Sh AUTHORS
+.An Colin Percival Aq cperciva@FreeBSD.org

usr.sbin/Makefile

@@ -55,6 +55,7 @@ SUBDIR=	ac \
 	fdread \
 	fdwrite \
 	flowctl \
+	freebsd-update \
 	fwcontrol \
 	getfmac \
 	getpmac \

usr.sbin/freebsd-update/Makefile

@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SCRIPTS=freebsd-update.sh
+MAN8=	freebsd-update.8
+
+.include <bsd.prog.mk>

usr.sbin/freebsd-update/freebsd-update.8

@@ -0,0 +1,137 @@
+.\"-
+.\" Copyright 2006 Colin Percival
+.\" All rights reserved
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted providing that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd August 30, 2006
+.Dt FREEBSD-UPDATE 8
+.Os FreeBSD
+.Sh NAME
+.Nm freebsd-update
+.Nd fetch and install binary updates to FreeBSD
+.Sh SYNOPSIS
+.Nm
+.Op Fl b Ar basedir
+.Op Fl d Ar workdir
+.Op Fl f Ar conffile
+.Op Fl k Ar KEY
+.Op Fl s Ar server
+.Op Fl t Ar address
+.Cm command ...
+.Sh DESCRIPTION
+The
+.Nm
+tool is used to fetch, install, and rollback binary
+updates to the FreeBSD base system.
+.Sh OPTIONS
+The following options are supported
+.Bl -tag -width "-f conffile"
+.It Fl b Ar basedir
+Operate on a system mounted at
+.Ar basedir .
+(default:
+.Pa / ,
+or as given in the configuration file.)
+.It Fl d Ar workdir
+Store working files in
+.Ar workdir .
+(default:
+.Pa /var/db/freebsd-update/ ,
+or as given in the configuration file.)
+.It Fl f Ar conffile
+Read configuration options from
+.Ar conffile .
+(default:
+.Pa /etc/freebsd-update.conf )
+.It Fl k Ar KEY
+Trust an RSA key with SHA256 of
+.Ar KEY .
+(default: read value from configuration file.)
+.It Fl s Ar server
+Fetch files from the specified server or server pool.
+(default: read value from configuration file.)
+.It Fl t Ar address
+Mail output of
+.Cm cron
+command, if any, to
+.Ar address .
+(default: root, or as given in the configuration file.)
+.El
+.Sh COMMANDS
+The
+.Cm command
+can be any one of the following:
+.Pp
+.Bl -tag -width "-f conffile"
+.It Cm fetch
+Based on the currently installed world and the configuration
+options set, fetch all available binary updates.
+.It Cm cron
+Sleep a random amount of time between 1 and 3600 seconds,
+then download updates as if the
+.Cm fetch
+command was used.
+If updates are downloaded, an email will be sent
+(to root or a different address if specified via the
+.Fl t
+option or in the configuration file).
+As the name suggests, this command is designed for running
+from
+.Xr cron 8 ;
+the random delay serves to minimize the probability that
+a large number of machines will simultaneously attempt to
+fetch updates.
+.It Cm install
+Install the most recently fetched updates.
+.It Cm rollback
+Uninstall the most recently installed updates.
+.El
+.Sh TIPS
+.Bl -bullet
+.It
+If your clock is set to local time, adding the line
+.Pp
+.Dl 0 3 * * * root /usr/sbin/freebsd-update cron
+.Pp
+to /etc/crontab will check for updates every night.
+If your block is set to UTC, please pick a random time
+other than 3AM, to avoid overly imposing an uneven load
+on the server(s) hosting the updates.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/freebsd-update.conf"
+.It /etc/freebsd-update.conf
+Default location of the
+.Nm
+configuration file.
+.It /var/db/freebsd-update/
+Default location where
+.Nm
+stores temporary files and downloaded updates.
+.El
+.Sh SEE ALSO
+.Xr freebsd-update.conf 5
+.Sh AUTHORS
+.An Colin Percival Aq cperciva@FreeBSD.org