07ac07d35f
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc). - Add NPF support for ftp-proxy(8). - Add rc.d script for NPF. - Convert npfctl(8) to use libnpf(3) and thus make it less depressive. Note: next clean-up step should be a parser, once dholland@ will finish it. - Add more documentation. - Various fixes. |
||
---|---|---|
.. | ||
etc | ||
libexec/tftp-proxy | ||
sbin | ||
share | ||
usr.sbin | ||
pf2netbsd | ||
README.NetBSD |
# # $NetBSD: README.NetBSD,v 1.1 2009/12/02 15:07:09 martti Exp $ # # Author: Martti Kuparinen <martti@NetBSD.org> # # This file contains copy-pastable commands to import a new PF release # into the NetBSD repository. Before importing the code into the official # NetBSD repository, you'll import the code into your own local test # repository, resolve the conflicts and make sure everything works as expected. # # Steps in this document: # 1) Get the PF dist files and a copy of the CVS repository # 2) Create a local test repository for the test imports # 3) Import the new PF release into the test repository # 4) Resolve conflicts and make other adjustments # 5) Save the required modifications # 6) Re-create a local test repository for the final test import # 7) Import the new PF release into the test repository # 8) Apply the fixes # 9) Compile everything and make sure the new version really works # 10) Update your /usr/src (cd /usr/src && cvs update -dPA) # 11) Import the new PF release into the NetBSD repository # 12) Apply the fixes # 13) Update your /usr/src one more time (cd /usr/src && cvs update -dPA) # 14) Compile and install everything # 15) Update src/doc/3RDPARTY and src/doc/CHANGES # 16) Send an announcement to current-users # ############################################################################### ############################################################################### # COMMON SETTINGS FOR EVERYTHING BELOW ############################################################################### ############################################################################### export NETBSDUSERNAME="fixthis" export VERSION="4.6" export VERTAG="`echo ${VERSION} | sed 's+\.+_+g'`" export VEROLD="v4_2" export VERNEW="v4_6" export ORIG="${HOME}/netbsd/orig" export WORK="${HOME}/netbsd/work" export FIXES="${HOME}/netbsd/fixes/${VERSION}" export RSYNC_RSH="ssh -4" export RSYNC="rsync -avzr --delete" ############################################################################### ############################################################################### # Fetch the official PF sources ############################################################################### ############################################################################### mkdir -p ${ORIG}/openbsd-${VERSION} cd ${ORIG}/openbsd-${VERSION} if [ ! -f src.tar.gz ]; then ftp ftp://ftp.df.lth.se/pub/OpenBSD/${VERSION}/src.tar.gz fi if [ ! -f sys.tar.gz ]; then ftp ftp://ftp.df.lth.se/pub/OpenBSD/${VERSION}/sys.tar.gz fi ############################################################################### ############################################################################### # GET COPY OF THE CVS REPOSITORY FOR LOCAL TEST IMPORTS ############################################################################### ############################################################################### RSYNC_RSH="ssh -4" RSYNC="rsync -avzr --delete -e ssh" S="${NETBSDUSERNAME}@cvs.netbsd.org::cvsroot" D="${ORIG}/cvsroot" if [ "${NETBSDUSERNAME}" = "fixthis" ]; then echo "You MUST use your real NetBSD user name..." sleep 86400 fi ${RSYNC} ${S}/src/ ${D}/src ${RSYNC} --exclude 'commitlog*' --exclude 'history*' ${S}/CVSROOT/ ${D}/CVSROOT ############################################################################### ############################################################################### # TEST IMPORT 1 ############################################################################### ############################################################################### # Get a new repository mkdir -p ${WORK} ${RSYNC} ${ORIG}/cvsroot ${WORK} rm -f ${WORK}/cvsroot/CVSROOT/commitinfo* rm -f ${WORK}/cvsroot/CVSROOT/loginfo* touch ${WORK}/cvsroot/CVSROOT/commitinfo touch ${WORK}/cvsroot/CVSROOT/loginfo chmod 644 ${WORK}/cvsroot/CVSROOT/config sed 's+/cvslock+/tmp/cvslock+' < ${WORK}/cvsroot/CVSROOT/config \ > ${WORK}/cvsroot/CVSROOT/config.1 grep -v -e tag= -e AdminGroup= -e AdminOptions= \ < ${WORK}/cvsroot/CVSROOT/config.1 > ${WORK}/cvsroot/CVSROOT/config chmod 444 ${WORK}/cvsroot/CVSROOT/config rm -f ${WORK}/cvsroot/CVSROOT/config.1 mkdir -p /tmp/cvslock export CVSROOT="${WORK}/cvsroot" # Checkout a working copy cd ${WORK} rm -rf src cvs co -P src or cd ${WORK}/src rm -rf dist/pf sys/dist/pf cvs update -dPA or cd ${WORK}/src rm -rf dist/pf sys/dist/pf cvs update -dPA dist/pf sys/dist/pf # cvs tag cd ${WORK}/src cvs tag BEFORE-PF-${VERTAG} dist/pf sys/dist/pf # Prepare the files for import rm -rf /tmp/openbsd-${VERSION} mkdir -p /tmp/openbsd-${VERSION} cd /tmp/openbsd-${VERSION} tar -xzf ${ORIG}/openbsd-${VERSION}/src.tar.gz tar -xzf ${ORIG}/openbsd-${VERSION}/sys.tar.gz rm -rf /tmp/netbsd-${VERSION} ${WORK}/src/dist/pf/pf2netbsd /tmp/openbsd-${VERSION} /tmp/netbsd-${VERSION} cd /tmp/netbsd-${VERSION} # Import the new version cd /tmp/netbsd-${VERSION} cvs import -I ! -I CVS -m "Import PF from OpenBSD ${VERSION}" \ src OPENBSD ${VERNEW} # src/dist/pf cd ${WORK}/src/dist/pf cvs update -kk -j${VEROLD} -j${VERNEW} -d A=`cvs update | grep ^C | awk '{ print $2 }'` cvs update | grep ^C ##vim $A ##for i in $A; do mkdir -p ${FIXES}/1/src/dist/pf/`dirname $i`; done ##for i in $A; do cp $i ${FIXES}/1/src/dist/pf/$i; done cvs diff -u -kk -rOPENBSD $A | less cvs diff -u -kk -rOPENBSD | less cvs update -dPA # src/sys/dist/pf cd ${WORK}/src/sys/dist/pf cvs update -kk -j${VEROLD} -j${VERNEW} -d B=`cvs update | grep ^C | awk '{ print $2 }'` cvs update | grep ^C ##vim $B ##for i in $B; do mkdir -p ${FIXES}/1/src/sys/dist/pf/`dirname $i`; done ##for i in $B; do cp $i ${FIXES}/1/src/sys/dist/pf/$i; done cvs diff -u -kk -rOPENBSD $B | less cvs diff -u -kk -rOPENBSD | less # Commit changes cd ${WORK}/src cvs ci -m "Upgraded PF to ${VERSION}" dist/pf sys/dist/pf # See the changes cd ${WORK}/src cvs diff -u -kk -rOPENBSD dist/pf sys/dist/pf | less ############################################################################### ############################################################################### # TEST IMPORT 2 ############################################################################### ############################################################################### # Get a new repository mkdir -p ${WORK} ${RSYNC} ${ORIG}/cvsroot ${WORK} rm -f ${WORK}/cvsroot/CVSROOT/commitinfo* rm -f ${WORK}/cvsroot/CVSROOT/loginfo* touch ${WORK}/cvsroot/CVSROOT/commitinfo touch ${WORK}/cvsroot/CVSROOT/loginfo chmod 644 ${WORK}/cvsroot/CVSROOT/config sed 's+/cvslock+/tmp/cvslock+' < ${WORK}/cvsroot/CVSROOT/config \ > ${WORK}/cvsroot/CVSROOT/config.1 grep -v -e tag= -e AdminGroup= -e AdminOptions= \ < ${WORK}/cvsroot/CVSROOT/config.1 > ${WORK}/cvsroot/CVSROOT/config chmod 444 ${WORK}/cvsroot/CVSROOT/config rm -f ${WORK}/cvsroot/CVSROOT/config.1 mkdir -p /tmp/cvslock export CVSROOT="${WORK}/cvsroot" # Checkout a working copy cd ${WORK}/src rm -rf dist/pf sys/dist/pf cvs update -dPA dist/pf sys/dist/pf # cvs tag cd ${WORK}/src cvs tag BEFORE-PF-${VERTAG} dist/pf sys/dist/pf # Prepare the files for import rm -rf /tmp/openbsd-${VERSION} mkdir -p /tmp/openbsd-${VERSION} cd /tmp/openbsd-${VERSION} tar -xzf ${ORIG}/openbsd-${VERSION}/src.tar.gz tar -xzf ${ORIG}/openbsd-${VERSION}/sys.tar.gz rm -rf /tmp/netbsd-${VERSION} ${WORK}/src/dist/pf/pf2netbsd /tmp/openbsd-${VERSION} /tmp/netbsd-${VERSION} cd /tmp/netbsd-${VERSION} # Import the new version cd /tmp/netbsd-${VERSION} cvs import -I ! -I CVS -m "Import PF from OpenBSD ${VERSION}" \ src OPENBSD ${VERNEW} # Merge and fix conflicts cd ${WORK}/src/dist/pf cvs update -kk -j${VEROLD} -j${VERNEW} -d cvs update | grep ^C cd ${WORK}/src/sys/dist/pf cvs update -kk -j${VEROLD} -j${VERNEW} -d cvs update | grep ^C cd ${FIXES}/1 && tar cf - * | tar xvf - -C ${WORK} cd ${WORK}/src cvs ci -m "Upgraded PF to ${VERSION}" dist/pf sys/dist/pf cd ${FIXES}/2 && tar cf - * | tar xvf - -C ${WORK} cd ${WORK}/src cvs ci -m "Sync with official PF" dist/pf sys/dist/pf ############################################################################### ############################################################################### # FINAL IMPORT IN TO NETBSD REPOSITORY ############################################################################### ############################################################################### # Settings if [ "${NETBSDUSERNAME}" = "fixthis" ]; then echo "You MUST use your real NetBSD user name..." sleep 86400 fi export WORK="/usr" export CVSROOT="${NETBSDUSERNAME}@cvs.netbsd.org:/cvsroot" # Update the local copy first cd ${WORK}/src cvs update -dPA dist/pf sys/dist/pf # cvs tag cvs tag BEFORE-PF-${VERTAG} dist/pf sys/dist/pf # Prepare the files for import rm -rf /tmp/openbsd-${VERSION} mkdir -p /tmp/openbsd-${VERSION} cd /tmp/openbsd-${VERSION} tar -xzf ${ORIG}/openbsd-${VERSION}/src.tar.gz tar -xzf ${ORIG}/openbsd-${VERSION}/sys.tar.gz rm -rf /tmp/netbsd-${VERSION} ${WORK}/src/dist/pf/pf2netbsd /tmp/openbsd-${VERSION} /tmp/netbsd-${VERSION} cd /tmp/netbsd-${VERSION} # Import the new version cd /tmp/netbsd-${VERSION} cvs import -I ! -I CVS -m "Import PF from OpenBSD ${VERSION}" \ src OPENBSD ${VERNEW} # Merge and fix conflicts cd ${WORK}/src/dist/pf cvs update -kk -j${VEROLD} -j${VERNEW} -d cvs update | grep ^C cd ${WORK}/src/sys/dist/pf cvs update -kk -j${VEROLD} -j${VERNEW} -d cvs update | grep ^C cd ${FIXES}/1 && tar cf - * | tar xvf - -C ${WORK} cd ${WORK}/src cvs ci -m "Upgraded PF to ${VERSION}" dist/pf sys/dist/pf cd ${FIXES}/2 && tar cf - * | tar xvf - -C ${WORK} cd ${WORK}/src cvs ci -m "Sync with official PF" dist/pf sys/dist/pf # fix doc/3RDPARTY and doc/CHANGES # send mail to current-users@ HEADSUP ======= Hi! I have just upgraded PF to the latest version on NetBSD -current. I've tested this by building i386 and amd64 release and installed the sets on my test hosts. If you detect any errors (or have improvements), please send a problem report with the send-pr tool.