Re: svn checkout head or stable
On Fri, 28 Sep 2012, David Noel wrote: Apologies for the spam and the hastily written closing paragraph. I was hoping to end with a heartwarming anecdote that would leave the reader with no choice but to agree that anonymous ssh+svn access would benefit us all. AnonCVS is still of course an option, but with its eventual retirement the addition of an anonymous svn+ssh account would seem fitting, or at least consistent. http://www.freebsd.org/doc/handbook/mirrors-svn.html shows https mirrors. Check out from the https site instead of svn, and you'll be asked to verify the certificate fingerprint the first time: svn co https://svn0.us-west.freebsd.org/ports/head /usr/ports ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
Ed Flecko schreef: My goal is to simply have a production server that's fully patched, but I will be running custom kernels (which is why I'm not using freebsd-update). I've seen a lot of subversion references to checking out the head branch and the stable branch. I understand the head branch is the most current, so that's the same as the current branch, right? If I understand correctly, most people will not follow the current branch for production servers. My goal is to have all of the files I need to rebuild my kernel and my system after security updates have been released, therefore I should do something like: svn co svn://svn.freebsd.org/base/stable/9 /usr/src svn co svn://svn.freebsd.org/ports/stable/9 /usr/ports svn co svn://svn.freebsd.org/doc/stable/9 /usr/doc This will give me everything I need to recompile and have a fully patched system, right? I do not make changes to the src, ports, or doc directories. From that point forward, as new security patches are released, I can simply: svn up /usr/src svn up /usr/ports svn up /usr/doc and once again rebuild my kernel and system. Does this sound correct? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org It sounds correct but is not :D If you use svn co svn://svn.freebsd.org/base/stable/9 /usr/src then you are tracking stable. Stable is a not a release that receives patches. Stable receives code from head(current) that has been tested in Current(head), but did not get real exposure in the stable branch which is now 9. Stable is the code that is altered between releases. So Stable might contain some bugs from head that are only exposed in the current code base. So if you want a production system which only receive patches you need to track release. svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src To sum it up: (please correct me if i am wrong) So for the latest and greatest use head which is FreeBSD 10 Current svn co svn://svn.freebsd.org/base/head /usr/src If you want the stable branch use svn co svn://svn.freebsd.org/base/stable/9 /usr/src This will give you FreeBSD 9 Stable If you want to track release with patches use svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src This will give you FreeBSD 9.1-px where px is the patch level if any. I hope this clearify things a little bit regards Johan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
[ Trond Endrestøl wrote on Fri 28.Sep'12 at 1:07:57 +0200 ] On Thu, 27 Sep 2012 15:39-0700, Ed Flecko wrote: Cool...thank you Trond. NP. Is that true of the docs branch as well, in other words... svn co svn://svn.freebsd.org/doc/head /usr/doc works just fine? Browsing through http://svnweb.freebsd.org/doc/, indicates http://svnweb.freebsd.org/doc/head/ being the current branch of the documentation, with release branches located at http://svnweb.freebsd.org/doc/release/ and below. E.g. http://svnweb.freebsd.org/doc/release/9.1.0/, or svn://svn.freebsd.org/doc/release/9.1.0, for the upcoming 9.1-RELEASE. I've never CVSup'ed nor done any svn co/up ops on doc/head, but you seem to have got it right. Sorry to jump in on the thread, but I wondered about pulling in the docs using svn. I use svn for base updates and ports, but haven't yet don so the docs. My question is, does it pull in docs for all languages or can I exclude docs in languages that I don't need - I only need en docs. Cheers, Jamie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On Fri, 28 Sep 2012 11:28+0100, Jamie Paul Griffin wrote: My question is, does it pull in docs for all languages or can I exclude docs in languages that I don't need - I only need en docs. Yes, you can check out a subset/subdirectory, e.g.: svn co svn://svn.freebsd.org/doc/head/en_US.ISO8859-1 /path/to/local/working/copy svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /path/to/local/working/copy -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
[ Trond Endrestøl wrote on Fri 28.Sep'12 at 12:44:10 +0200 ] On Fri, 28 Sep 2012 11:28+0100, Jamie Paul Griffin wrote: My question is, does it pull in docs for all languages or can I exclude docs in languages that I don't need - I only need en docs. Yes, you can check out a subset/subdirectory, e.g.: svn co svn://svn.freebsd.org/doc/head/en_US.ISO8859-1 /path/to/local/working/copy svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /path/to/local/working/copy Great, thanks for that Trond. Very helpful. Cheers mate. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
Excellent! Thank you all. :-) So, for ME...does this look right? This will track the latest release that has the patches applied? svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src svn co svn://svn.freebsd.org/ports/releng/9.1 /usr/ports svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc (I too, only need English docs) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On Fri, Sep 28, 2012 at 5:51 PM, Ed Flecko edfle...@gmail.com wrote: Excellent! Thank you all. :-) So, for ME...does this look right? This will track the latest release that has the patches applied? svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src svn co svn://svn.freebsd.org/ports/releng/9.1 /usr/ports svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc (I too, only need English docs) Ed Hi Ed, For ports you are wrong. Use this one : svn co svn://svn.freebsd.org/ports/head /usr/ports You can check here http://svnweb.freebsd.org/ports/ Regards, Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On Fri, 28 Sep 2012, Alexandre wrote: On Fri, Sep 28, 2012 at 5:51 PM, Ed Flecko edfle...@gmail.com wrote: Excellent! Thank you all. :-) So, for ME...does this look right? This will track the latest release that has the patches applied? svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src svn co svn://svn.freebsd.org/ports/releng/9.1 /usr/ports svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc (I too, only need English docs) For ports you are wrong. Use this one : svn co svn://svn.freebsd.org/ports/head /usr/ports You can check here http://svnweb.freebsd.org/ports/ Another way to put this is: ports are not branched. There is no separate ports tree to go with a release, there is just the same one everybody uses. For doc, I'm not sure I'd go with the branched version. Many of our docs apply to multiple releases, so going with the trunk seems better. Might not make a lot of difference, depending. svn co http://svn.freebsd.org/doc/head/en_US.ISO8859-1 /usr/doc/en_US.ISO8859-1 I think that directory will put them in their normal locations. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On 9/28/12, Ed Flecko edfle...@gmail.com wrote: Excellent! Thank you all. :-) So, for ME...does this look right? This will track the latest release that has the patches applied? svn co svn://svn.freebsd.org/base/releng/9.1 /usr/src svn co svn://svn.freebsd.org/ports/releng/9.1 /usr/ports svn co svn://svn.freebsd.org/doc/release/9.1.0/en_US.ISO8859-1 /usr/doc (I too, only need English docs) Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org For something as fundamental as source and ports tree updates I'd suggest taking advantage of the available SSH2-wrapper for subversion and securing your line of communication with the repository: svn co svn+ssh://svn.freebsd.org/base/releng/9.1 /usr/src etc.. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
David - I'd like to, but every time I try that it prompts me for a password...and I don't know what password it wants??? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On 9/28/12, Ed Flecko edfle...@gmail.com wrote: David - I'd like to, but every time I try that it prompts me for a password...and I don't know what password it wants??? Ed Great question. I'm running into the same issue. I guessed around a bit with no luck: svn/anonsvn... Would anyone on the list be able to set up anonymous svn+ssh access for us? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On 28/09/2012 20:41, Ed Flecko wrote: David - I'd like to, but every time I try that it prompts me for a password...and I don't know what password it wants??? That would be the password to a freebsd.org account, which isn't going to work for most people on two counts: * freebsd.org uses SSH keys for authentication, not passwords. * even if you've got a SSH key, not being a FreeBSD committer you probably don't have a freebsd.org account. For anonymous access, you can use http or svn. Given that anonymous access is read-only, there's really not much to be gained from SSH or other means of encrypting the connection, either for you, or for the FreeBSD servers. It's anonymous, so you don't care about authentication. FreeBSD sources are publicly available, so you don't care about anyone eavesdropping on the traffic. About the only thing you're still exposed to is a man-in-the-middle attack, where someone could pose as a FreeBSD server and feed you a trojanned set of sources -- but then, you'ld still be exposed in exactly the same way even using svn+ssh. In practice, attacks of this type are very (pretty much vanishingly) rare. If they do concern you, then use portsnap(8) / freebsd-update(8) which has specific cryptographic protection against such things. The portsnap and freebsd-update build systems also have special access to the master FreeBSD repositories to minimize the chances that they themselves could be fed trojanned sources. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: svn checkout head or stable
On 9/28/12, Matthew Seaman matt...@freebsd.org wrote: On 28/09/2012 20:41, Ed Flecko wrote: David - I'd like to, but every time I try that it prompts me for a password...and I don't know what password it wants??? That would be the password to a freebsd.org account, which isn't going to work for most people on two counts: * freebsd.org uses SSH keys for authentication, not passwords. * even if you've got a SSH key, not being a FreeBSD committer you probably don't have a freebsd.org account. For anonymous access, you can use http or svn. Given that anonymous access is read-only, there's really not much to be gained from SSH or other means of encrypting the connection, either for you, or for the FreeBSD servers. It's anonymous, so you don't care about authentication. FreeBSD sources are publicly available, so you don't care about anyone eavesdropping on the traffic. About the only thing you're still exposed to is a man-in-the-middle attack, where someone could pose as a FreeBSD server and feed you a trojanned set of sources -- but then, you'ld still be exposed in exactly the same way even using svn+ssh. In practice, attacks of this type are very (pretty much vanishingly) rare. If they do concern you, then use portsnap(8) / freebsd-update(8) which has specific cryptographic protection against such things. The portsnap and freebsd-update build systems also have special access to the master FreeBSD repositories to minimize the chances that they themselves could be fed trojanned sources. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey MITM-based attacks--and subsequent corrupted sources--are my concern. It was my understanding that anonymous svn+ssh would prevent this assuming the host key was properly verified against http://www.freebsd.org/internal/ssh-keys.asc. Recently I've installed from an iso and then manually updated with pgp-signed security patches. It would certainly be nice to have some secure source update mechanism though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On 9/28/12, David Noel david.i.n...@gmail.com wrote: On 9/28/12, Matthew Seaman matt...@freebsd.org wrote: On 28/09/2012 20:41, Ed Flecko wrote: David - I'd like to, but every time I try that it prompts me for a password...and I don't know what password it wants??? That would be the password to a freebsd.org account, which isn't going to work for most people on two counts: * freebsd.org uses SSH keys for authentication, not passwords. * even if you've got a SSH key, not being a FreeBSD committer you probably don't have a freebsd.org account. For anonymous access, you can use http or svn. Given that anonymous access is read-only, there's really not much to be gained from SSH or other means of encrypting the connection, either for you, or for the FreeBSD servers. It's anonymous, so you don't care about authentication. FreeBSD sources are publicly available, so you don't care about anyone eavesdropping on the traffic. About the only thing you're still exposed to is a man-in-the-middle attack, where someone could pose as a FreeBSD server and feed you a trojanned set of sources -- but then, you'ld still be exposed in exactly the same way even using svn+ssh. In practice, attacks of this type are very (pretty much vanishingly) rare. If they do concern you, then use portsnap(8) / freebsd-update(8) which has specific cryptographic protection against such things. The portsnap and freebsd-update build systems also have special access to the master FreeBSD repositories to minimize the chances that they themselves could be fed trojanned sources. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey MITM-based attacks--and subsequent corrupted sources--are my concern. It was my understanding that anonymous svn+ssh would prevent this assuming the host key was properly verified against http://www.freebsd.org/internal/ssh-keys.asc. Recently I've installed from an iso and then manually updated with pgp-signed security patches. It would certainly be nice to have some secure source update mechanism though. Apologies for the spam and the hastily written closing paragraph. I was hoping to end with a heartwarming anecdote that would leave the reader with no choice but to agree that anonymous ssh+svn access would benefit us all. AnonCVS is still of course an option, but with its eventual retirement the addition of an anonymous svn+ssh account would seem fitting, or at least consistent. -David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On Thu, 27 Sep 2012 15:03-0700, Ed Flecko wrote: My goal is to simply have a production server that's fully patched, but I will be running custom kernels (which is why I'm not using freebsd-update). I've seen a lot of subversion references to checking out the head branch and the stable branch. I understand the head branch is the most current, so that's the same as the current branch, right? If I understand correctly, most people will not follow the current branch for production servers. My goal is to have all of the files I need to rebuild my kernel and my system after security updates have been released, therefore I should do something like: svn co svn://svn.freebsd.org/base/stable/9 /usr/src svn co svn://svn.freebsd.org/ports/stable/9 /usr/ports The ports tree resides in ports/head no matter what branch from the main source tree you check out, i.e.: svn co svn://svn.freebsd.org/ports/head /usr/ports svn co svn://svn.freebsd.org/doc/stable/9 /usr/doc This will give me everything I need to recompile and have a fully patched system, right? I do not make changes to the src, ports, or doc directories. From that point forward, as new security patches are released, I can simply: svn up /usr/src svn up /usr/ports svn up /usr/doc and once again rebuild my kernel and system. Does this sound correct? Yes. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
Cool...thank you Trond. Is that true of the docs branch as well, in other words... svn co svn://svn.freebsd.org/doc/head /usr/doc works just fine? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: svn checkout head or stable
On Thu, 27 Sep 2012 15:39-0700, Ed Flecko wrote: Cool...thank you Trond. NP. Is that true of the docs branch as well, in other words... svn co svn://svn.freebsd.org/doc/head /usr/doc works just fine? Browsing through http://svnweb.freebsd.org/doc/, indicates http://svnweb.freebsd.org/doc/head/ being the current branch of the documentation, with release branches located at http://svnweb.freebsd.org/doc/release/ and below. E.g. http://svnweb.freebsd.org/doc/release/9.1.0/, or svn://svn.freebsd.org/doc/release/9.1.0, for the upcoming 9.1-RELEASE. I've never CVSup'ed nor done any svn co/up ops on doc/head, but you seem to have got it right. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org