Xigmanas/xigmanas-bastille-extension
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Added freebsd-update support

Browse Source
This commit is contained in:
Jose
2019-11-30 03:03:45 -04:00
parent 2bb5f4385a
commit 7faed8d8f2
11 changed files with 13765 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG
+1
View File
@@ -3,6 +3,7 @@
====================== ======================
Version Description Version Description
1.0.19......Added freebsd-update support.
1.0.18......Added update/upgrade handling improvements. 1.0.18......Added update/upgrade handling improvements.
1.0.17......Display container release version, ability to upgrade/downgrade container base. 1.0.17......Display container release version, ability to upgrade/downgrade container base.
1.0.16......Enable logging on error. 1.0.16......Enable logging on error.
bastille-init
+79 -35
View File
@@ -46,6 +46,7 @@ CWDIR=$(dirname $(realpath $0))
PLATFORM=$(uname -m) PLATFORM=$(uname -m)
PRODUCT=$(uname -i) PRODUCT=$(uname -i)
PRDVERSION=$(uname -r | cut -d '-' -f1 | tr -d '.') PRDVERSION=$(uname -r | cut -d '-' -f1 | tr -d '.')
HOSTVERSION=$(freebsd-version | cut -d '-' -f1)
PRDPLATFORM=$(cat /etc/platform) PRDPLATFORM=$(cat /etc/platform)
PRDPRODUCT=$(cat /etc/prd.name) PRDPRODUCT=$(cat /etc/prd.name)
SCRIPTNAME=$(basename $0) SCRIPTNAME=$(basename $0)
@@ -69,6 +70,7 @@ BASTILLEPATH="${USRLOCAL}/bin"
BASTILLECONF="${USRLOCAL}/etc/${APPNAME}/${APPNAME}.conf" BASTILLECONF="${USRLOCAL}/etc/${APPNAME}/${APPNAME}.conf"
BASTILLECONFLINK="/var/etc/bastille_conf" BASTILLECONFLINK="/var/etc/bastille_conf"
BASTILLECONF_EXT="${CWDIR}/conf/bastille.conf.ext" BASTILLECONF_EXT="${CWDIR}/conf/bastille.conf.ext"
FREEBSD_UPDATE="${CWDIR}/conf/system/freebsd-update/${HOSTVERSION}"
INSTALLPATH="${CWDIR}/${FULLAPPNAME}" INSTALLPATH="${CWDIR}/${FULLAPPNAME}"
BRANCH="master" BRANCH="master"
BATSILLE_URL="https://github.com/BastilleBSD/${APPNAME}/archive/${BRANCH}.zip" # Official Bastille Repository) BATSILLE_URL="https://github.com/BastilleBSD/${APPNAME}/archive/${BRANCH}.zip" # Official Bastille Repository)
@@ -588,12 +590,14 @@ jail_restore()
jail_update() jail_update()
{ {
if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then
echo -e "${COLOR_RED}Not supported on ${PRDPRODUCT} platform.${COLOR_RESET}" if [ ! -d "${FREEBSD_UPDATE}" ]; then
exit 1 echo -e "Not supported on ${PRDPRODUCT} platform."
exit 1
fi
fi fi
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
echo -e "${COLOR_RED}Not supported on HardenedBSD.${COLOR_RESET}" echo -e "Not supported on HardenedBSD."
exit 1 exit 1
fi fi
@@ -603,25 +607,30 @@ jail_update()
if [ $(jls name | grep -w "${TARGET}") ]; then if [ $(jls name | grep -w "${TARGET}") ]; then
# Update a thick container(securelevel/allow.chflags dependent). # Update a thick container(securelevel/allow.chflags dependent).
if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then
echo -e "${COLOR_RED}Container securelevel is greater than zero.${COLOR_RESET}" echo -e "Container securelevel is greater than zero."
disable_freebsd_update
exit 1 exit 1
elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then
echo -e "${COLOR_RED}Container allow.chflags is disabled.${COLOR_RESET}" echo -e "Container allow.chflags is disabled."
disable_freebsd_update
exit 1 exit 1
fi fi
CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version)
jexec -l "${TARGET}" freebsd-update fetch install --currently-running "${CURRENT_VERSION}" jexec -l "${TARGET}" freebsd-update fetch install --currently-running "${CURRENT_VERSION}"
else else
echo -e "${COLOR_RED}Container not running.${COLOR_RESET}" echo -e "Container not running."
echo -e "${COLOR_RED}See 'bastille start ${TARGET}'.${COLOR_RESET}" echo -e "See 'bastille start ${TARGET}'."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${COLOR_RED}${TARGET} state is unknown.${COLOR_RESET}" echo -e "${TARGET} state is unknown."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${COLOR_RED}${TARGET} is not a thick container.${COLOR_RESET}" echo -e "${TARGET} is not a thick container."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
@@ -629,17 +638,19 @@ jail_update()
# Update container base(affects base child containers). # Update container base(affects base child containers).
freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch install --currently-running "${TARGET}" freebsd-update -b "${bastille_releasesdir}/${TARGET}" fetch install --currently-running "${TARGET}"
else else
echo -e "${COLOR_RED}${TARGET} not found. See bootstrap.${COLOR_RESET}" echo -e "${TARGET} not found. See bootstrap."
disable_freebsd_update
exit 1 exit 1
fi fi
fi fi
disable_freebsd_update
exit 0 exit 0
} }
thinjail_upgrade() thinjail_upgrade()
{ {
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
echo -e "${COLOR_RED}Not supported on HardenedBSD.${COLOR_RESET}" echo -e "Not supported on HardenedBSD."
exit 1 exit 1
fi fi
@@ -649,11 +660,11 @@ thinjail_upgrade()
if [ -f "${bastille_releasesdir}/${RELEASE}/COPYRIGHT" ]; then if [ -f "${bastille_releasesdir}/${RELEASE}/COPYRIGHT" ]; then
## check if the container is running ## check if the container is running
if [ $(jls name | grep -w "${TARGET}") ]; then if [ $(jls name | grep -w "${TARGET}") ]; then
echo -e "${COLOR_RED}${TARGET} running.${COLOR_RESET}" echo -e "${TARGET} running."
echo -e "${COLOR_RED}See 'bastille stop ${TARGET}'.${COLOR_RESET}" echo -e "See 'bastille stop ${TARGET}'."
exit 1 exit 1
elif [ "${RELEASE}" = "${NEWRELEASE}" ]; then elif [ "${RELEASE}" = "${NEWRELEASE}" ]; then
echo -e "${COLOR_RED}Specified releases name match.${COLOR_RESET}" echo -e "Specified releases name match."
exit 0 exit 0
fi fi
if [ -d "${bastille_releasesdir}/${NEWRELEASE}" ]; then if [ -d "${bastille_releasesdir}/${NEWRELEASE}" ]; then
@@ -663,38 +674,38 @@ thinjail_upgrade()
if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${RELEASE}" | grep -q ".bastille"; then if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${RELEASE}" | grep -q ".bastille"; then
## if the previous conditions meets, proceed with the container base upgrade ## if the previous conditions meets, proceed with the container base upgrade
sed -i '' "s/${RELEASE}/${NEWRELEASE}/g" ${bastille_jailsdir}/${TARGET}/fstab sed -i '' "s/${RELEASE}/${NEWRELEASE}/g" ${bastille_jailsdir}/${TARGET}/fstab
echo -e "${COLOR_GREEN}${TARGET} release changed to ${NEWRELEASE}.${COLOR_RESET}" echo -e "${TARGET} release changed to ${NEWRELEASE}."
elif cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${NEWRELEASE}" | grep -q ".bastille"; then elif cat "${bastille_jailsdir}/${TARGET}/fstab" | grep "${NEWRELEASE}" | grep -q ".bastille"; then
echo -e "${COLOR_GREEN}${TARGET} already using ${NEWRELEASE}.${COLOR_RESET}" echo -e "${TARGET} already using ${NEWRELEASE}."
exit 0 exit 0
else else
if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep -q ".bastille"; then if cat "${bastille_jailsdir}/${TARGET}/fstab" | grep -q ".bastille"; then
echo -e "${COLOR_RED}${TARGET} container does not use ${RELEASE}.${COLOR_RESET}"; exit 1 echo -e "${TARGET} container does not use ${RELEASE}."; exit 1
else else
echo -e "${COLOR_RED}${TARGET} is not a thin container.${COLOR_RESET}"; exit 1 echo -e "${TARGET} is not a thin container."; exit 1
fi fi
fi fi
else else
echo -e "${COLOR_RED}${TARGET} fstab not found.${COLOR_RESET}"; exit 1 echo -e "${TARGET} fstab not found."; exit 1
fi fi
else else
echo -e "${COLOR_RED}Unknown ${NEWRELEASE}. See bootstrap.${COLOR_RESET}"; exit 1 echo -e "Unknown ${NEWRELEASE}. See bootstrap."; exit 1
fi fi
else else
echo -e "${COLOR_GREEN}${NEWRELEASE} not found, bootstrap starting....${COLOR_RESET}" echo -e "${NEWRELEASE} not found, bootstrap starting...."
bastille bootstrap ${NEWRELEASE} bastille bootstrap ${NEWRELEASE}
if [ ! $? -ne 0 ]; then if [ ! $? -ne 0 ]; then
thinjail_upgrade thinjail_upgrade
fi fi
fi fi
else else
echo -e "${COLOR_RED}Unknown ${RELEASE}. See bootstrap.${COLOR_RESET}"; exit 1 echo -e "Unknown ${RELEASE}. See bootstrap."; exit 1
fi fi
else else
echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}"; exit 1 echo -e "${RELEASE} not found. See bootstrap."; exit 1
fi fi
else else
echo -e "${COLOR_RED}${TARGET} not found. See create.${COLOR_RESET}"; exit 1 echo -e "${TARGET} not found. See create."; exit 1
fi fi
exit 0 exit 0
} }
@@ -702,12 +713,14 @@ thinjail_upgrade()
thickjail_upgrade() thickjail_upgrade()
{ {
if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then if [ "${PRDPRODUCT}" = "XigmaNAS" -o "${PRDPRODUCT}" = "NAS4Free" ]; then
echo -e "${COLOR_RED}Not supported on ${PRDPRODUCT} platform.${COLOR_RESET}" if [ ! -d "${FREEBSD_UPDATE}" ]; then
exit 1 echo -e "Not supported on ${PRDPRODUCT} platform."
exit 1
fi
fi fi
if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
echo -e "${COLOR_RED}Not supported on HardenedBSD.${COLOR_RESET}" echo -e "Not supported on HardenedBSD."
exit 1 exit 1
fi fi
@@ -718,31 +731,60 @@ thickjail_upgrade()
if [ $(jls name | grep -w "${TARGET}") ]; then if [ $(jls name | grep -w "${TARGET}") ]; then
## upgrade a thick container(securelevel/allow.chflags dependent) ## upgrade a thick container(securelevel/allow.chflags dependent)
if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then if ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "securelevel = 0|securelevel = -1"; then
echo -e "${COLOR_RED}Container securelevel is greater than zero.${COLOR_RESET}" echo -e "Container securelevel is greater than zero."
disable_freebsd_update
exit 1 exit 1
elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then elif ! cat "${bastille_jailsdir}/${TARGET}/jail.conf" | grep -qwE "allow.chflags = 1"; then
echo -e "${COLOR_RED}Container allow.chflags is disabled.${COLOR_RESET}" echo -e "Container allow.chflags is disabled."
disable_freebsd_update
exit 1 exit 1
fi fi
echo -e "${COLOR_GREEN}Below command should be run several times when asked to finish installing updates.${COLOR_RESET}" echo -e "Below command should be run several times when asked to finish installing updates."
echo -e "${COLOR_GREEN}bastille cmd ${TARGET} freebsd-update install${COLOR_RESET}" echo -e "bastille cmd ${TARGET} freebsd-update install"
CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version) CURRENT_VERSION=$(jexec -l ${TARGET} freebsd-version)
jexec -l "${TARGET}" freebsd-update --currently-running "${CURRENT_VERSION}" -r ${RELEASE} upgrade jexec -l "${TARGET}" freebsd-update --currently-running "${CURRENT_VERSION}" -r ${RELEASE} upgrade
else else
echo -e "${COLOR_RED}Container not running.${COLOR_RESET}" echo -e "Container not running."
echo -e "${COLOR_RED}See 'bastille start ${TARGET}'.${COLOR_RESET}" echo -e "See 'bastille start ${TARGET}'."
disable_freebsd_update
exit 1 exit 1
fi fi
else else
echo -e "${COLOR_RED}${TARGET} state is unknown.${COLOR_RESET}"; exit 1 echo -e "${TARGET} state is unknown."
disable_freebsd_update
exit 1
fi fi
else else
echo -e "${COLOR_RED}${TARGET} is not a thick container.${COLOR_RESET}"; exit 1 echo -e "${TARGET} is not a thick container."
disable_freebsd_update
exit 1
fi fi
fi fi
disable_freebsd_update
exit 0 exit 0
} }
enable_freebsd_update()
{
if [ -d "${FREEBSD_UPDATE}" ]; then
if [ -f "${FREEBSD_UPDATE}/freebsd-update" ] && [ -f "${FREEBSD_UPDATE}/freebsd-update.conf" ]; then
chmod 555 ${FREEBSD_UPDATE}/freebsd-update
cp ${FREEBSD_UPDATE}/freebsd-update /usr/sbin/freebsd-update
cp ${FREEBSD_UPDATE}/freebsd-update.conf /etc/freebsd-update.conf
fi
fi
}
disable_freebsd_update()
{
if [ -f "/usr/sbin/freebsd-update" ]; then
rm /usr/sbin/freebsd-update
fi
if [ -f "/etc/freebsd-update.conf" ]; then
rm /etc/freebsd-update.conf
fi
}
zfs_activate() zfs_activate()
{ {
# Check if ZFS is already configured. # Check if ZFS is already configured.
@@ -1083,6 +1125,7 @@ upgrade|--upgrade)
echo "Usage: ${SCRIPTNAME} [upgrade|--upgrade] [container] [release]" echo "Usage: ${SCRIPTNAME} [upgrade|--upgrade] [container] [release]"
exit 1 exit 1
fi fi
enable_freebsd_update
thickjail_upgrade thickjail_upgrade
else else
if [ $# -gt 4 ] || [ $# -lt 4 ]; then if [ $# -gt 4 ] || [ $# -lt 4 ]; then
@@ -1098,6 +1141,7 @@ update|--update)
exit 1 exit 1
fi fi
TARGET="${2}" TARGET="${2}"
enable_freebsd_update
jail_update jail_update
;; ;;
esac esac
conf/system/freebsd-update/11.2/freebsd-update
Executable
+3312
View File
File diff suppressed because it is too large Load Diff
conf/system/freebsd-update/11.2/freebsd-update.conf
+76
View File
@@ -0,0 +1,76 @@
# $FreeBSD: releng/11.2/etc/freebsd-update.conf 257694 2013-11-05 09:30:06Z glebius $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
conf/system/freebsd-update/11.3/freebsd-update
Executable
+3361
View File
File diff suppressed because it is too large Load Diff
conf/system/freebsd-update/11.3/freebsd-update.conf
+76
View File
@@ -0,0 +1,76 @@
# $FreeBSD: releng/11.3/etc/freebsd-update.conf 257694 2013-11-05 09:30:06Z glebius $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
conf/system/freebsd-update/12.0/freebsd-update
Executable
+3312
View File
File diff suppressed because it is too large Load Diff
conf/system/freebsd-update/12.0/freebsd-update.conf
+76
View File
@@ -0,0 +1,76 @@
# $FreeBSD: releng/12.0/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
conf/system/freebsd-update/12.1/freebsd-update
Executable
+3395
View File
File diff suppressed because it is too large Load Diff
conf/system/freebsd-update/12.1/freebsd-update.conf
+76
View File
@@ -0,0 +1,76 @@
# $FreeBSD: releng/12.1/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
version
+1 -1
View File
@@ -1 +1 @@
1.0.18 1.0.19