On 2012-07-12 15:26, Kaya Saman wrote:
On 07/12/2012 07:54 PM, Peter Vereshagin wrote:
Hello.
Why don't you use a portsnap? it's over http...
2012/07/12 19:01:15 +0100 Kaya Saman <kayasa...@gmail.com> => To
Peter Vereshagin :
KS> I will check it out however and see if that method is best,
however
KS> CVSup would be the best way for us and I'm already looking at
this:
KS>
KS>
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
1. cvsup is not about comparison to ftp. cvsup is a way to obtain
fresh port
for the program distribution, ie set of patches, list of package's
files,
sample configuration files for the particular program(s) those are
not the part
of the base system but supplied with taking the OS specs in mind.
ftp is a way to obtain a distfile, ie what the 3rd party software
developer use
to distribute. For FreeBSD ports cvsup and ftp are not competent in
the daiy
use as they have different purposes.
Some 3rd party software is released and published authoritatively on
ftp only.
And that is the only problem possible for you on ftp usage by
freebsd ports.
But I believe there is only a few of them you need if any at all.
I guess you may want to download the initial ports tree tarball, the
ports.tgz,
via the ftp. But it's certainly a) available over there via the http
and b) is
outdated and is needed to be updated via the portsnap and/or cvsup.
2. Use csup from the base system, don't use cvsup from ports if you
use its
protocol. And, portsnap seems to be even more recommended since some
days.
KS> which should be enough to get a demo up and running.
A Demo? Am I invited for the show? ;-)
--
Peter Vereshagin <pe...@vereshagin.org> (http://vereshagin.org) pgp:
A0E26627
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscr...@freebsd.org"
Hi Peter,
portsnap works fine :-)
My issues start coming into play when building the actual port
itself. Ie. fetching the distfile, as you suggested above.
As soon as I start running portmaster -a or a 'make install clean' on
certain ports, the progress just bombs out totally.
It would be really cool if I could find a way to centrally manage all
of this. So perhaps in conjunction with CVSup.....
Something like a Linux repo server if you will - though I mention the
term very loosely.
Regards,
Kaya
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscr...@freebsd.org"
If the volume of machines you have isn't very high I would consider
asking the Director if you could have a machine in the DMZ that would be
able to use FTP, and cvsup to get outbound. Install Squid on that, and
allow Squid to use FTP then allow only SSH from the inside systems to
that machine. From there you can use SSH on the inside systems to
tunnel the cvsup data outbound for source updates, and to tunnel the
Squid connection outbound to be able to use FTP for the port updates via
the SSH tunnel using Squids FTP connect over HTTP.
This method would eliminate the need to setup your own local cvsup
mirror, but does still allow FTP, but it doesn't leave any internal
connections possible except when intended. It doesn't open it up to any
users without SSH access into the DMZ machine so it can be controlled
who has access to it.
As the goto guy at my company for internet security I understand the
need to lock things down and sadly wish my boss would allow me to lock
down ours more than it is, though I don't see blocking outbound FTP as a
requirement (though we only allow passive). Its interesting to see this
from the side of the other guy who's stuff doesn't work due to the
restrictions in place. I deal all the time with employees trying to do
online conferences or file downloads with other companies using obscure
tools that won't work through an HTTP proxy, use some random high port
like 10000 and want me to open up the port through the firewall right
then so they can do the conference or get the file without any time to
make sure the application is actually safe. Of course the main response
to no I can't do that, is why does it work for everyone else on the
conference. Can't seem to make them understand that the other people
might not have to explain to the bank why they weren't following the PCI
(payment card industry) guidelines they signed a document stating we
would adhere to. And its my job on the line and not theirs if my
allowing the port through the firewall for them allows the security
breach.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"