Commit graph

4 commits

Author SHA1 Message Date
John Polstra
6d296c9994 Update the cvsup-mirror port to reflect the fact that crypto isn't
a special case any more.
2000-07-09 17:57:33 +00:00
John Polstra
3176ec22e7 This is a fairly substantial upgrade of the cvsup-mirror port. In
honor of the occasion I have bumped the version number to 1.1.

The port now depends upon the cvsup-bin and cvsupd-bin ports rather
than on the more trouble-prone cvsup port.

The CVSup server is run with "-C 100" (max. 100 clients at a time)
and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access"
file.  This is nice because you can change the limit by editing
the file; you don't have to restart the server.  The cvsupd.access
file also contains a rule to limit each individual host to one
connection at a time.

The CVSup client is now run under its own unprivileged user ID
instead of root.  This is a security enhancement.  It makes it
impossible for a compromised master site to install files into
places outside the mirror area of the filesystem.  The permissions
of various other files such as /usr/local/etc/cvsup have also been
strengthened to enhance security.

Both client and server now cd to /var/tmp to run, so that if they
decide to croak they'll be able to write the core file. :-)

The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start"
and "stop" arguments.

The configure script no longer attempts to tell you the sizes of
the various collections.  That's impossible to maintain.  When I
have time I plan to make a web page where one can obtain that
information from an automatically-updated source.  Then I will
reference the URL in the configure script.

It is possible to upgrade an existing cvsup-mirror-1.0 installation
to this new version, but it is tricky because of the change in
ownership of the mirrored files.  I will post instructions to the
freebsd-hubs mailing list after I make sure I have the procedure
just right.
2000-01-28 06:42:37 +00:00
John Polstra
a7dc76b0aa Install a "refuse" file to protect the mirror's scripts and
configuration files from a malicious or compromised master site.
2000-01-14 04:39:57 +00:00
John Polstra
a2fac24797 The cvsup-mirror port, a kit that makes it easy to set up a FreeBSD
mirror site.
1997-02-02 04:11:35 +00:00