Index: head/en_US.ISO8859-1/articles/committers-guide/article.xml
===================================================================
--- head/en_US.ISO8859-1/articles/committers-guide/article.xml (revision 50673)
+++ head/en_US.ISO8859-1/articles/committers-guide/article.xml (revision 50674)
@@ -1,5238 +1,5301 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN"
"http://www.FreeBSD.org/XML/share/xml/freebsd50.dtd" [
<!ENTITY ga "Google Analytics">
]>
<article xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:lang="en">
<info>
<title>Committer's Guide</title>
<author>
<orgname>The &os; Documentation Project</orgname>
</author>
<copyright>
<year>1999</year>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<year>2013</year>
<year>2014</year>
<year>2015</year>
<year>2016</year>
<year>2017</year>
<holder>The &os; Documentation Project</holder>
</copyright>
<legalnotice xml:id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.coverity;
&tm-attrib.ibm;
&tm-attrib.intel;
&tm-attrib.sparc;
&tm-attrib.general;
</legalnotice>
<pubdate>$FreeBSD$</pubdate>
<releaseinfo>$FreeBSD$</releaseinfo>
<abstract>
<para>This document provides information for the &os;
committer community. All new committers should read this
document before they start, and existing committers are
strongly encouraged to review it from time to time.</para>
<para>Almost all &os; developers have commit rights to one or
more repositories. However, a few developers do not, and some
of the information here applies to them as well. (For
instance, some people only have rights to work with the
Problem Report database). Please see
<xref linkend="non-committers"/> for more information.</para>
<para>This document may also be of interest to members of the
&os; community who want to learn more about how the project
works.</para>
</abstract>
</info>
<sect1 xml:id="admin">
<title>Administrative Details</title>
<informaltable frame="none" orient="port" pgwide="1">
<tgroup cols="2">
<colspec colwidth="20*"/>
<colspec colwidth="80*"/>
<tbody>
<row>
<entry><emphasis>Login Methods</emphasis></entry>
<entry>&man.ssh.1;, protocol 2 only</entry>
</row>
<row>
<entry><emphasis>Main Shell Host</emphasis></entry>
<entry><systemitem
class="fqdomainname">freefall.FreeBSD.org</systemitem></entry>
</row>
<row>
<entry><emphasis><literal>src/</literal> Subversion
Root</emphasis></entry>
<entry><literal>svn+ssh://</literal><systemitem
class="fqdomainname">repo.FreeBSD.org</systemitem><filename>/base</filename>
(see also <xref
linkend="svn-getting-started-base-layout"/>).</entry>
</row>
<row>
<entry><emphasis><literal>doc/</literal> Subversion
Root</emphasis></entry>
<entry><literal>svn+ssh://</literal><systemitem
class="fqdomainname">repo.FreeBSD.org</systemitem><filename>/doc</filename>
(see also <xref
linkend="svn-getting-started-doc-layout"/>).</entry>
</row>
<row>
<entry><emphasis><literal>ports/</literal> Subversion
Root</emphasis></entry>
<entry><literal>svn+ssh://</literal><systemitem
class="fqdomainname">repo.FreeBSD.org</systemitem><filename>/ports</filename>
(see also <xref
linkend="svn-getting-started-ports-layout"/>).</entry>
</row>
<row>
<entry><emphasis>Internal Mailing Lists</emphasis></entry>
<entry>developers (technically called all-developers),
doc-developers, doc-committers, ports-developers,
ports-committers, src-developers, src-committers. (Each
project repository has its own -developers and
-committers mailing lists. Archives for these lists can
be found in the files
<filename>/local/mail/<replaceable>repository-name</replaceable>-developers-archive</filename>
and
<filename>/local/mail/<replaceable>repository-name</replaceable>-committers-archive</filename>
on the <systemitem
class="fqdomainname">FreeBSD.org</systemitem>
cluster.)</entry>
</row>
<row>
<entry><emphasis>Core Team monthly
reports</emphasis></entry>
<entry><filename>/home/core/public/monthly-reports</filename>
on the <systemitem
class="fqdomainname">FreeBSD.org</systemitem>
cluster.</entry>
</row>
<row>
<entry><emphasis>Ports Management Team monthly
reports</emphasis></entry>
<entry><filename>/home/portmgr/public/monthly-reports</filename>
on the <systemitem
class="fqdomainname">FreeBSD.org</systemitem>
cluster.</entry>
</row>
<row>
<entry><emphasis>Noteworthy <literal>src/</literal> SVN
Branches</emphasis></entry>
<entry>
<literal>stable/8</literal> (8.X-STABLE),
<literal>stable/9</literal> (9.X-STABLE),
<literal>stable/10</literal> (10.X-STABLE),
<literal>head</literal> (-CURRENT)</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>&man.ssh.1; is required to connect to the project hosts.
For more information, see <xref linkend="ssh.guide"/>.</para>
<para>Useful links:</para>
<itemizedlist>
<listitem>
<para><link xlink:href="&url.base;/internal/">&os;
Project Internal Pages</link></para>
</listitem>
<listitem>
<para><link
xlink:href="&url.base;/internal/machines.html">&os;
Project Hosts</link></para>
</listitem>
<listitem>
<para><link xlink:href="&url.base;/administration.html">&os;
Project Administrative Groups</link></para>
</listitem>
</itemizedlist>
</sect1>
<sect1 xml:id="pgpkeys">
<title>Open<acronym>PGP</acronym> Keys for &os;</title>
<para>Cryptographic keys conforming to the
Open<acronym>PGP</acronym> (<emphasis>Pretty Good
Privacy</emphasis>) standard are used by the &os; project to
authenticate committers. Messages carrying important
information like public <acronym>SSH</acronym> keys can be
signed with the Open<acronym>PGP</acronym> key to prove that
they are really from the committer. See
<link xlink:href="http://www.nostarch.com/pgp_ml.htm">PGP &
GPG: Email for the Practical Paranoid by Michael Lucas</link>
and <link
xlink:href="http://en.wikipedia.org/wiki/Pretty_Good_Privacy"></link>
for more information.</para>
<sect2 xml:id="pgpkeys-creating">
<title>Creating a Key</title>
<para>Existing keys can be used, but should be checked with
<filename>doc/head/share/pgpkeys/checkkey.sh</filename>
first.</para>
<para>For those who do not yet have an
Open<acronym>PGP</acronym> key, or need a new key to meet &os;
security requirements, here we show how to generate
one.</para>
<procedure xml:id="pgpkeys-create-steps">
<step>
<para>Install
<filename role="package">security/gnupg</filename>. Enter
these lines in <filename>~/.gnupg/gpg.conf</filename> to
set minimum acceptable defaults:</para>
<programlisting>fixed-list-mode
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity
sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
cert-digest-algo SHA512</programlisting>
</step>
<step>
<para>Generate a key:</para>
<screen>&prompt.user; <userinput>gpg --full-gen-key</userinput>
gpg (GnuPG) 2.1.8; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Warning: using insecure memory!
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? <userinput>1</userinput>
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) <userinput>2048</userinput> <co xml:id="co-pgp-bits"/>
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) <userinput>3y</userinput> <co xml:id="co-pgp-expire"/>
Key expires at Wed Nov 4 17:20:20 2015 MST
Is this correct? (y/N) <userinput>y</userinput>
GnuPG needs to construct a user ID to identify your key.
Real name: <userinput><replaceable>Chucky Daemon</replaceable></userinput> <co xml:id="co-pgp-realname"/>
Email address: <userinput><replaceable>notreal@example.com</replaceable></userinput>
Comment:
You selected this USER-ID:
"<replaceable>Chucky Daemon <notreal@example.com></replaceable>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? <userinput>o</userinput>
You need a Passphrase to protect your secret key.</screen>
<calloutlist>
<callout arearefs="co-pgp-bits">
<para>2048-bit keys with a three-year expiration provide
adequate protection at present (2013-12). <link
xlink:href="http://danielpocock.com/rsa-key-sizes-2048-or-4096-bits"/>
describes the situation in more detail.</para>
</callout>
<callout arearefs="co-pgp-expire">
<para>A three year key lifespan is short enough to
obsolete keys weakened by advancing computer power,
but long enough to reduce key management
problems.</para>
</callout>
<callout arearefs="co-pgp-realname">
<para>Use your real name here, preferably matching that
shown on government-issued <acronym>ID</acronym> to
make it easier for others to verify your identity.
Text that may help others identify you can be entered
in the <literal>Comment</literal> section.</para>
</callout>
</calloutlist>
<para>After the email address is entered, a passphrase is
requested. Methods of creating a secure passphrase are
contentious. Rather than suggest a single way, here are
some links to sites that describe various methods: <link
xlink:href="http://world.std.com/~reinhold/diceware.html"></link>,
<link
xlink:href="http://www.iusmentis.com/security/passphrasefaq/"></link>,
<link xlink:href="http://xkcd.com/936/"></link>,
<link
xlink:href="http://en.wikipedia.org/wiki/Passphrase"></link>.</para>
</step>
</procedure>
<para>Protect the private key and passphrase. If either the
private key or passphrase may have been compromised or
disclosed, immediately notify
<email>accounts@FreeBSD.org</email> and revoke the key.</para>
<para>Committing the new key is shown in
<xref linkend="commit-steps"/>.</para>
</sect2>
</sect1>
<sect1 xml:id="kerberos-ldap">
<title>Kerberos and LDAP web Password for &os; Cluster</title>
<para>The &os; cluster requires a Kerberos password to access
certain services. The Kerberos password also serves as the
LDAP web password, since LDAP is proxying to Kerberos in the
cluster. Some of the services
which require this include:</para>
<itemizedlist>
<listitem>
<para><link
xlink:href="https://bugs.freebsd.org/bugzilla">Bugzilla</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://jenkins.freebsd.org">Jenkins</link></para>
</listitem>
</itemizedlist>
<para>To create a new Kerberos account in the &os; cluster, or to
reset a Kerberos password for an existing account using a random
password generator:</para>
<screen>&prompt.user; <userinput>ssh kpasswd.freebsd.org</userinput></screen>
<note>
<para>This must be done from a machine outside of the &os;.org
cluster.</para>
</note>
<para>A Kerberos password can also be set manually
by logging into <systemitem
class="fqdomainname">freefall.FreeBSD.org</systemitem> and
running:</para>
<screen>&prompt.user; <userinput>kpasswd</userinput></screen>
<note>
<para>Unless the Kerberos-authenticated services
of the &os;.org cluster have been used previously,
<errorname>Client unknown</errorname> will be shown. This
error means that the
<command>ssh kpasswd.freebsd.org</command> method shown above
must be used first to initialize the Kerberos account.</para>
</note>
</sect1>
<sect1 xml:id="committer.types">
<title>Commit Bit Types</title>
<para>The &os; repository has a number of components which, when
combined, support the basic operating system source,
documentation, third party application ports infrastructure, and
various maintained utilities. When &os; commit bits are
allocated, the areas of the tree where the bit may be used are
specified. Generally, the areas associated with a bit reflect
who authorized the allocation of the commit bit. Additional
areas of authority may be added at a later date: when this
occurs, the committer should follow normal commit bit allocation
procedures for that area of the tree, seeking approval from the
appropriate entity and possibly getting a mentor for that area
for some period of time.</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="3">
<tbody>
<row>
<entry><emphasis>Committer Type</emphasis></entry>
<entry><emphasis>Responsible</emphasis></entry>
<entry><emphasis>Tree Components</emphasis></entry>
</row>
<row>
<entry>src</entry>
<entry>core@</entry>
<entry>src/, doc/ subject to appropriate review</entry>
</row>
<row>
<entry>doc</entry>
<entry>doceng@</entry>
<entry>doc/, ports/, src/ documentation</entry>
</row>
<row>
<entry>ports</entry>
<entry>portmgr@</entry>
<entry>ports/</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>Commit bits allocated prior to the development of the notion
of areas of authority may be appropriate for use in many parts
of the tree. However, common sense dictates that a committer
who has not previously worked in an area of the tree seek review
prior to committing, seek approval from the appropriate
responsible party, and/or work with a mentor. Since the rules
regarding code maintenance differ by area of the tree, this is
as much for the benefit of the committer working in an area of
less familiarity as it is for others working on the tree.</para>
<para>Committers are encouraged to seek review for their work as
part of the normal development process, regardless of the area
of the tree where the work is occurring.</para>
<sect2>
<title>Policy for Committer Activity in Other Trees</title>
<itemizedlist>
<listitem>
<para>All committers may modify
<filename>base/head/share/misc/committers-*.dot</filename>,
<filename>base/head/usr.bin/calendar/calendars/calendar.freebsd</filename>,
and
<filename>ports/head/astro/xearth/files</filename>.</para>
</listitem>
<listitem>
<para>doc committers may commit
documentation changes to <filename>src</filename>
files, such as man pages, READMEs, fortune databases,
calendar files, and comment fixes without approval from a
src committer, subject to the normal care and tending of
commits.</para>
</listitem>
<listitem>
<para>Any committer may make changes to any other tree
with an "Approved by" from a non-mentored committer with
the appropriate bit.</para>
</listitem>
<listitem>
<para>Committers can aquire an additional bit by the usual
process of finding a mentor who will propose them to core,
doceng, or portmgr, as appropriate. When approved, they
will be added to 'access' and the normal mentoring period
will ensue, which will involve a continuing of
<quote>Approved by</quote> for some period.</para>
</listitem>
<listitem>
<para>"Approved by" is only acceptable from non-mentored src
committers -- mentored committers can provide a "Reviewed
by" but not an "Approved by".</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 xml:id="subversion-primer">
<title>Subversion Primer</title>
<para>New committers are assumed to already be familiar with the basic
operation of Subversion. If not, start by reading the
<link xlink:href="http://svnbook.red-bean.com/">Subversion
Book</link>.</para>
<sect2 xml:id="svn-intro">
<title>Introduction</title>
<para>The &os; source repository switched from
<acronym>CVS</acronym> to Subversion on May 31st, 2008. The
first real <acronym>SVN</acronym> commit is
<emphasis>r179447</emphasis>.</para>
<para>The &os; <literal>doc/www</literal> repository switched
from <acronym>CVS</acronym> to Subversion on May 19th, 2012.
The first real <acronym>SVN</acronym> commit is
<emphasis>r38821</emphasis>.</para>
<para>The &os; <literal>ports</literal> repository switched
from <acronym>CVS</acronym> to Subversion on July 14th, 2012.
The first real <acronym>SVN</acronym> commit is
<emphasis>r300894</emphasis>.</para>
<para>Subversion can be installed from the &os; Ports
Collection by issuing these commands:</para>
<screen>&prompt.root; <userinput>pkg install subversion</userinput></screen>
</sect2>
<sect2 xml:id="svn-getting-started">
<title>Getting Started</title>
<para>There are a few ways to obtain a working copy of the tree
from Subversion. This section will explain them.</para>
<sect3 xml:id="svn-getting-started-direct-checkout">
<title>Direct Checkout</title>
<para>The first is to check out directly from the main
repository. For the <literal>src</literal> tree,
use:</para>
<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/base/head /usr/src</userinput></screen>
<para>For the <literal>doc</literal> tree, use:</para>
<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/doc/head /usr/doc</userinput></screen>
<para>For the <literal>ports</literal> tree, use:</para>
<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/ports/head /usr/ports</userinput></screen>
<note>
<para>Though the remaining examples in this document are
written with the workflow of working with the
<literal>src</literal> tree in mind, the underlying
concepts are the same for working with the
<literal>doc</literal> and the <literal>ports</literal>
tree.
Ports related Subversion operations are listed in
<xref linkend="ports"/>.</para>
</note>
<para>The above command will check out a
<literal>CURRENT</literal> source tree as
<filename><replaceable>/usr/src/</replaceable></filename>,
which can be any target directory on the local filesystem.
Omitting the final argument of that command causes the
working copy, in this case, to be named <quote>head</quote>,
but that can be renamed safely.</para>
<para><literal>svn+ssh</literal> means the
<acronym>SVN</acronym> protocol tunnelled over
<acronym>SSH</acronym>. The name of the server is
<literal>repo.freebsd.org</literal>, <literal>base</literal>
is the path to the repository, and <literal>head</literal>
is the subdirectory within the repository.</para>
<para>If your &os; login name is different from the login
name used on the local machine, either include it in
the <acronym>URL</acronym> (for example
<literal>svn+ssh://jarjar@repo.freebsd.org/base/head</literal>),
or add an entry to <filename>~/.ssh/config</filename>
in the form:</para>
<programlisting>Host repo.freebsd.org
User jarjar</programlisting>
<para>This is the simplest method, but it is hard to tell just
yet how much load it will place on the repository.</para>
<note>
<para>The <command>svn diff</command> does not require
access to the server as <acronym>SVN</acronym> stores a
reference copy of every file in the working copy. This,
however, means that Subversion working copies are very
large in size.</para>
</note>
</sect3>
<sect3 xml:id="svn-getting-started-checkout-from-a-mirror">
<title>Checkout from a Mirror</title>
<para>Check out a working copy from a mirror by
substituting the mirror's <acronym>URL</acronym> for
<literal>svn+ssh://repo.freebsd.org/base</literal>. This
can be an official mirror or a mirror maintained by using
<command>svnsync</command>.</para>
<para>There is a serious disadvantage to this method: every
time something is to be committed, a
<command>svn relocate</command> to the master repository has
to be done, remembering to <command>svn relocate</command>
back to the mirror after the commit. Also, since
<command>svn relocate</command> only works between
repositories that have the same UUID, some hacking of the
local repository's UUID has to occur before it is possible
to start using it.</para>
<para>The hassle of a local
<command>svnsync</command> mirror probably is not worth it
unless the network connectivity situation or other factors
demand it. If it is needed, see the end of this chapter for
information on how to set one up.</para>
</sect3>
<sect3 xml:id="svn-getting-started-base-layout">
<title><literal>RELENG_*</literal> Branches and General
Layout</title>
<para>In <literal>svn+ssh://repo.freebsd.org/base</literal>,
<emphasis>base</emphasis> refers to the source tree.
Similarly, <emphasis>ports</emphasis> refers to the ports
tree, and so on. These are separate repositories with their
own change number sequences, access controls and commit
mail.</para>
<para>For the base repository, HEAD refers to the -CURRENT
tree. For example, <filename>head/bin/ls</filename> is what
would go into <filename>/usr/src/bin/ls</filename> in a
release. Some key locations are:</para>
<itemizedlist>
<listitem>
<para><emphasis>/head/</emphasis> which corresponds to
<literal>HEAD</literal>, also known as
<literal>-CURRENT</literal>.</para>
</listitem>
<listitem>
<para><emphasis>/stable/<replaceable>n</replaceable></emphasis>
which corresponds to
<literal>RELENG_<replaceable>n</replaceable></literal>.</para>
</listitem>
<listitem>
<para><emphasis>/releng/<replaceable>n.n</replaceable></emphasis>
which corresponds to
<literal>RELENG_<replaceable>n_n</replaceable></literal>.</para>
</listitem>
<listitem>
<para><emphasis>/release/<replaceable>n.n.n</replaceable></emphasis>
which corresponds to
<literal>RELENG_<replaceable>n_n_n</replaceable>_RELEASE</literal>.</para>
</listitem>
<listitem>
<para><emphasis>/vendor*</emphasis> is the vendor branch
import work area. This directory itself does not
contain branches, however its subdirectories do. This
contrasts with the <emphasis>stable</emphasis>,
<emphasis>releng</emphasis> and
<emphasis>release</emphasis> directories.</para>
</listitem>
<listitem>
<para><emphasis>/projects</emphasis> and
<emphasis>/user</emphasis> feature a branch work area,
like in Perforce. As above, the
<emphasis>/user</emphasis> directory does not contain
branches itself.</para>
</listitem>
</itemizedlist>
</sect3>
<sect3 xml:id="svn-getting-started-doc-layout">
<title>&os; Documentation Project Branches and
Layout</title>
<para>In <literal>svn+ssh://repo.freebsd.org/doc</literal>,
<emphasis>doc</emphasis> refers to the repository root of
the source tree.</para>
<para>In general, most &os; Documentation Project work will be
done within the <filename>head/</filename> branch of the
documentation source tree.</para>
<para>&os; documentation is written and/or translated to
various languages, each in a separate
directory in the <filename>head/</filename>
branch.</para>
<para>Each translation set contains several subdirectories for
the various parts of the &os; Documentation Project. A few
noteworthy directories are:</para>
<itemizedlist>
<listitem>
<para><emphasis>/articles/</emphasis> contains the source
code for articles written by various &os;
contributors.</para>
</listitem>
<listitem>
<para><emphasis>/books/</emphasis> contains the source
code for the different books, such as the
&os; Handbook.</para>
</listitem>
<listitem>
<para><emphasis>/htdocs/</emphasis> contains the source
code for the &os; website.</para>
</listitem>
</itemizedlist>
</sect3>
<sect3 xml:id="svn-getting-started-ports-layout">
<title>&os; Ports Tree Branches and Layout</title>
<para>In <literal>svn+ssh://repo.freebsd.org/ports</literal>,
<emphasis>ports</emphasis> refers to the repository root of
the ports tree.</para>
<para>In general, most &os; port work will be done within the
<filename>head/</filename> branch of the ports tree which is
the actual ports tree used to install software. Some other
key locations are:</para>
<itemizedlist>
<listitem>
<para><emphasis>/branches/RELENG_<replaceable>n_n_n</replaceable></emphasis>
which corresponds to
<literal>RELENG_<replaceable>n_n_n</replaceable></literal>
is used to merge back security updates in preparation
for a release.</para>
</listitem>
<listitem>
<para><emphasis>/tags/RELEASE_<replaceable>n_n_n</replaceable></emphasis>
which corresponds to
<literal>RELEASE_<replaceable>n_n_n</replaceable></literal>
represents a release tag of the ports tree.</para>
</listitem>
<listitem>
<para><emphasis>/tags/RELEASE_<replaceable>n</replaceable>_EOL</emphasis>
represents the end of life tag of a specific &os;
branch.</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
<sect2 xml:id="svn-daily-use">
<title>Daily Use</title>
<para>This section will explain how to perform common day-to-day
operations with Subversion.</para>
<sect3 xml:id="svn-daily-use-help">
<title>Help</title>
<para><acronym>SVN</acronym> has built in help documentation.
It can be accessed by typing:</para>
<screen>&prompt.user; <userinput>svn help</userinput></screen>
<para>Additional information can be found in the
<link xlink:href="http://svnbook.red-bean.com/">Subversion
Book</link>.</para>
</sect3>
<sect3 xml:id="svn-daily-use-checkout">
<title>Checkout</title>
<para>As seen earlier, to check out the &os; head
branch:</para>
<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/base/head /usr/src</userinput></screen>
<para>At some point, more than just <literal>HEAD</literal>
will probably be useful, for instance when merging changes
to stable/7. Therefore, it may be useful to have a partial
checkout of the complete tree (a full checkout would be very
painful).</para>
<para>To do this, first check out the root of the
repository:</para>
<screen>&prompt.user; <userinput>svn checkout --depth=immediates svn+ssh://repo.freebsd.org/base</userinput></screen>
<para>This will give <literal>base</literal> with all the
files it contains (at the time of writing, just
<filename>ROADMAP.txt</filename>) and empty subdirectories
for <literal>head</literal>, <literal>stable</literal>,
<literal>vendor</literal> and so on.</para>
<para>Expanding the working copy is possible. Just change the
depth of the various subdirectories:</para>
<screen>&prompt.user; <userinput>svn up --set-depth=infinity base/head</userinput>
&prompt.user; <userinput>svn up --set-depth=immediates base/release base/releng base/stable</userinput></screen>
<para>The above command will pull down a full copy of
<literal>head</literal>, plus empty copies of every
<literal>release</literal> tag, every
<literal>releng</literal> branch, and every
<literal>stable</literal> branch.</para>
<para>If at a later date merging to
<literal>7-STABLE</literal> is required, expand the working
copy:</para>
<screen>&prompt.user; <userinput>svn up --set-depth=infinity base/stable/7</userinput></screen>
<para>Subtrees do not have to be expanded completely. For
instance, expanding only <literal>stable/7/sys</literal> and
then later expand the rest of
<literal>stable/7</literal>:</para>
<screen>&prompt.user; <userinput>svn up --set-depth=infinity base/stable/7/sys</userinput>
&prompt.user; <userinput>svn up --set-depth=infinity base/stable/7</userinput></screen>
<para>Updating the tree with <command>svn update</command>
will only update what was previously asked for (in this
case, <literal>head</literal> and
<literal>stable/7</literal>; it will not pull down the whole
tree.</para>
<note>
<para>Decreasing the depth of a working copy is not
possible.</para>
</note>
</sect3>
<sect3 xml:id="svn-daily-use-anonymous-checkout">
<title>Anonymous Checkout</title>
<para>It is possible to anonymously check out the &os;
repository with Subversion. This will give access to a
read-only tree that can be updated, but not committed back
to the main repository. To do this, use:</para>
<screen>&prompt.user; <userinput>svn co https://svn.FreeBSD.org/base/head /usr/src</userinput></screen>
<para>More details on using Subversion this way can be found
in <link xlink:href="&url.books.handbook;/svn.html">Using
Subversion</link>.</para>
</sect3>
<sect3 xml:id="svn-daily-use-updating-the-tree">
<title>Updating the Tree</title>
<para>To update a working copy to either the latest revision,
or a specific revision:</para>
<screen>&prompt.user; <userinput>svn update</userinput>
&prompt.user; <userinput>svn update -<replaceable>r12345</replaceable></userinput></screen>
</sect3>
<sect3 xml:id="svn-daily-use-status">
<title>Status</title>
<para>To view the local changes that have been made to the
working copy:</para>
<screen>&prompt.user; <userinput>svn status</userinput></screen>
<para>To show local changes and files that are out-of-date
do:</para>
<screen>&prompt.user; <userinput>svn status --show-updates</userinput></screen>
</sect3>
<sect3 xml:id="svn-daily-use-editing-and-committing">
<title>Editing and Committing</title>
<para>Unlike Perforce, <acronym>SVN</acronym> does not need to
be told in advance about file editing.</para>
<para>To commit all changes in
the current directory and all subdirectories:</para>
<screen>&prompt.user; <userinput>svn commit</userinput></screen>
<para>To commit all changes in, for example,
<filename><replaceable>lib/libfetch/</replaceable></filename>
and
<filename><replaceable>usr/bin/fetch/</replaceable></filename>
in a single operation:</para>
<screen>&prompt.user; <userinput>svn commit <replaceable>lib/libfetch</replaceable> <replaceable>usr/bin/fetch</replaceable></userinput></screen>
<para>There is also a commit wrapper for the ports tree to
handle the properties and sanity checking the
changes:</para>
<screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/psvn commit</userinput></screen>
</sect3>
<sect3 xml:id="svn-daily-use-adding-and-removing">
<title>Adding and Removing Files</title>
<note>
<para>Before adding files, get a copy of <link
xlink:href="http://people.freebsd.org/~peter/auto-props.txt">auto-props.txt</link>
(there is also a <link
xlink:href="http://people.freebsd.org/~beat/cvs2svn/auto-props.txt">
ports tree specific version</link>) and add it to
<filename>~/.subversion/config</filename> according to the
instructions in the file. If you added something before
reading this, use <command>svn rm --keep-local</command>
for just added files, fix your config file and re-add them
again. The initial config file is created when you first
run a svn command, even something as simple as
<command>svn help</command>.</para>
</note>
<para>Files are added to a
<acronym>SVN</acronym> repository with <command>svn
add</command>. To add a file named
<emphasis>foo</emphasis>, edit it, then:</para>
<screen>&prompt.user; <userinput>svn add <replaceable>foo</replaceable></userinput></screen>
<note>
<para>Most new source files should include a
<literal>$&os;$</literal> string near the
start of the file. On commit, <command>svn</command> will
expand the <literal>$&os;$</literal> string,
adding the file path, revision number, date and time of
commit, and the username of the committer. Files which
cannot be modified may be committed without the
<literal>$&os;$</literal> string.</para>
</note>
<para>Files can be removed with <command>svn
remove</command>:</para>
<screen>&prompt.user; <userinput>svn remove <replaceable>foo</replaceable></userinput></screen>
<para>Subversion does not require deleting the file before
using <command>svn rm</command>, and indeed complains if
that happens.</para>
<para>It is possible to add directories with
<command>svn add</command>:</para>
<screen>&prompt.user; <userinput>mkdir <replaceable>bar</replaceable></userinput>
&prompt.user; <userinput>svn add <replaceable>bar</replaceable></userinput></screen>
<para>Although <command>svn mkdir</command> makes this easier
by combining the creation of the directory and the adding of
it:</para>
<screen>&prompt.user; <userinput>svn mkdir <replaceable>bar</replaceable></userinput></screen>
<para>Like files, directories are removed with
<command>svn rm</command>. There is no separate command
specifically for removing directories.</para>
<screen>&prompt.user; <userinput>svn rm <replaceable>bar</replaceable></userinput></screen>
</sect3>
<sect3 xml:id="svn-daily-use-copying-and-moving">
<title>Copying and Moving Files</title>
<para>This command creates a copy of
<filename>foo.c</filename> named <filename>bar.c</filename>,
with the new file also under version control:</para>
<screen>&prompt.user; <userinput>svn copy <replaceable>foo.c</replaceable> <replaceable>bar.c</replaceable></userinput></screen>
<para>The example above is equivalent to:</para>
<screen>&prompt.user; <userinput>cp foo.c bar.c</userinput>
&prompt.user; <userinput>svn add bar.c</userinput></screen>
<para>To move and rename a file:</para>
<screen>&prompt.user; <userinput>svn move <replaceable>foo.c</replaceable> <replaceable>bar.c</replaceable></userinput></screen>
</sect3>
<sect3 xml:id="svn-daily-use-log-and-annotate">
<title>Log and Annotate</title>
<para><command>svn log</command> shows revisions and commit
messages, most recent first, for files or directories. When
used on a directory, all revisions that affected the
directory and files within that directory are shown.</para>
<para><command>svn annotate</command>, or equally <command>svn
praise</command> or <command>svn blame</command>, shows
the most recent revision number and who committed that
revision for each line of a file.</para>
</sect3>
<sect3 xml:id="svn-daily-use-diffs">
<title>Diffs</title>
<para><command>svn diff</command> displays changes to the
working copy. Diffs generated by <acronym>SVN</acronym> are
unified and include new files by default in the diff
output.</para>
<para><command>svn diff</command> can show the changes between
two revisions of the same file:</para>
<screen>&prompt.user; <userinput>svn diff -r179453:179454 ROADMAP.txt</userinput></screen>
<para>It can also show all changes for a specific changeset.
This command shows what changes were made to the
current directory and all subdirectories in changeset
179454:</para>
<screen>&prompt.user; <userinput>svn diff -c179454 .</userinput></screen>
</sect3>
<sect3 xml:id="svn-daily-use-reverting">
<title>Reverting</title>
<para>Local changes (including additions and deletions) can be
reverted using <command>svn revert</command>. It does not
update out-of-date files, but just replaces them with
pristine copies of the original version.</para>
</sect3>
<sect3 xml:id="svn-daily-use-conflicts">
<title>Conflicts</title>
<para>If an <command>svn update</command> resulted in a merge
conflict, Subversion will remember which files have
conflicts and refuse to commit any changes to those files
until explicitly told that the conflicts have been resolved.
The simple, not yet deprecated procedure is:</para>
<screen>&prompt.user; <userinput>svn resolved <replaceable>foo</replaceable></userinput></screen>
<para>However, the preferred procedure is:</para>
<screen>&prompt.user; <userinput>svn resolve --accept=working <replaceable>foo</replaceable></userinput></screen>
<para>The two examples are equivalent. Possible values for
<literal>--accept</literal> are:</para>
<itemizedlist>
<listitem>
<para><literal>working</literal>: use the version in your
working directory (which one presumes has been edited to
resolve the conflicts).</para>
</listitem>
<listitem>
<para><literal>base</literal>: use a pristine copy of the
version you had before <command>svn update</command>,
discarding your own changes, the conflicting changes,
and possibly other intervening changes as well.</para>
</listitem>
<listitem>
<para><literal>mine-full</literal>: use what you had
before <command>svn update</command>, including your own
changes, but discarding the conflicting changes, and
possibly other intervening changes as well.</para>
</listitem>
<listitem>
<para><literal>theirs-full</literal>: use the version that
was retrieved when you did
<command>svn update</command>, discarding your own
changes.</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
<sect2>
<title>Advanced Use</title>
<sect3 xml:id="svn-advanced-use-sparse-checkouts">
<title>Sparse Checkouts</title>
<para><acronym>SVN</acronym> allows
<emphasis>sparse</emphasis>, or partial checkouts of a
directory by adding <option>--depth</option> to a
<command>svn checkout</command>.</para>
<para>Valid arguments to <option>--depth</option>
are:</para>
<itemizedlist>
<listitem>
<para><literal>empty</literal>: the directory itself
without any of its contents.</para>
</listitem>
<listitem>
<para><literal>files</literal>: the directory and any
files it contains.</para>
</listitem>
<listitem>
<para><literal>immediates</literal>: the directory and any
files and directories it contains, but none of the
subdirectories' contents.</para>
</listitem>
<listitem>
<para><literal>infinity</literal>: anything.</para>
</listitem>
</itemizedlist>
<para>The <literal>--depth</literal> option applies to many
other commands, including <command>svn commit</command>,
<command>svn revert</command>, and <command>svn
diff</command>.</para>
<para>Since <literal>--depth</literal> is sticky, there is a
<literal>--set-depth</literal> option for <command>svn
update</command> that will change the selected depth.
Thus, given the working copy produced by the previous
example:</para>
<screen>&prompt.user; <userinput>cd <replaceable>~/freebsd</replaceable></userinput>
&prompt.user; <userinput>svn update --set-depth=immediates .</userinput></screen>
<para>The above command will populate the working copy in
<replaceable>~/freebsd</replaceable> with
<filename>ROADMAP.txt</filename> and empty subdirectories,
and nothing will happen when <command>svn update</command>
is executed on the subdirectories. However, this
command will set the depth for
<replaceable>head</replaceable> (in this case) to infinity,
and fully populate it:</para>
<screen>&prompt.user; <userinput>svn update --set-depth=infinity <replaceable>head</replaceable></userinput></screen>
</sect3>
<sect3 xml:id="svn-advanced-use-direct-operation">
<title>Direct Operation</title>
<para>Certain operations can be performed directly on the
repository without touching the working copy. Specifically,
this applies to any operation that does not require editing
a file, including:</para>
<itemizedlist>
<listitem>
<para><literal>log</literal>,
<literal>diff</literal></para>
</listitem>
<listitem>
<para><literal>mkdir</literal></para>
</listitem>
<listitem>
<para><literal>remove</literal>, <literal>copy</literal>,
<literal>rename</literal></para>
</listitem>
<listitem>
<para><literal>propset</literal>,
<literal>propedit</literal>,
<literal>propdel</literal></para>
</listitem>
<listitem>
<para><literal>merge</literal></para>
</listitem>
</itemizedlist>
<para>Branching is very fast. This command would be
used to branch <literal>RELENG_8</literal>:</para>
<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/head svn+ssh://repo.freebsd.org/base/stable/8</userinput></screen>
<para>This is equivalent to these commands
which take minutes and hours as opposed to seconds,
depending on your network connection:</para>
<screen>&prompt.user; <userinput>svn checkout --depth=immediates svn+ssh://repo.freebsd.org/base</userinput>
&prompt.user; <userinput>cd base</userinput>
&prompt.user; <userinput>svn update --set-depth=infinity head</userinput>
&prompt.user; <userinput>svn copy head stable/8</userinput>
&prompt.user; <userinput>svn commit stable/8</userinput></screen>
</sect3>
<sect3 xml:id="svn-advanced-use-merging">
<title>Merging with <acronym>SVN</acronym></title>
<para>This section deals with merging code from one branch to
another (typically, from head to a stable branch).</para>
<note>
<para>In all examples below, <literal>$FSVN</literal>
refers to the location of the &os; Subversion repository,
<literal>svn+ssh://repo.freebsd.org/base/</literal>.</para>
</note>
<sect4>
<title>About Merge Tracking</title>
<para>From the user's perspective, merge tracking
information (or mergeinfo) is stored in a property called
<literal>svn:mergeinfo</literal>, which is a
comma-separated list of revisions and ranges of revisions
that have been merged. When set on a file, it applies
only to that file. When set on a directory, it applies to
that directory and its descendants (files and directories)
except for those that have their own
<literal>svn:mergeinfo</literal>.</para>
<para>It is <emphasis>not</emphasis> inherited. For
instance, <filename>stable/6/contrib/openpam/</filename>
does not implicitly inherit mergeinfo from
<filename>stable/6/</filename>, or
<filename>stable/6/contrib/</filename>.
Doing so would make partial checkouts very hard to manage.
Instead, mergeinfo is explicitly propagated down the tree.
For merging something into
<filename>branch/foo/bar/</filename>,
these rules apply:</para>
<orderedlist>
<listitem>
<para>If
<filename>branch/foo/bar/</filename>
does not already have a mergeinfo record, but a direct
ancestor (for instance,
<filename>branch/foo/</filename>)
does, then that record will be propagated down to
<filename>branch/foo/bar/</filename>
before information about the current merge is
recorded.</para>
</listitem>
<listitem>
<para>Information about the current merge will
<emphasis>not</emphasis> be propagated back up that
ancestor.</para>
</listitem>
<listitem>
<para>If a direct descendant of
<filename>branch/foo/bar/</filename> (for instance,
<filename>branch/foo/bar/baz/</filename>) already has
a mergeinfo record, information about the current
merge will be propagated down to it.</para>
</listitem>
</orderedlist>
<para>If you consider the case where a revision changes
several separate parts of the tree (for example,
<filename>branch/foo/bar/</filename> and
<filename>branch/foo/quux/</filename>), but you only want
to merge some of it (for example,
<filename>branch/foo/bar/</filename>), you will see that
these rules make sense. If mergeinfo was propagated up,
it would seem like that revision had also been merged to
<filename>branch/foo/quux/</filename>, when in fact it had
not been.</para>
</sect4>
<sect4 xml:id="merge-source">
<title>Selecting the Source and Target Branch
When Merging</title>
<para>Merging to <literal>stable/</literal> branches should
originate from <literal>head/</literal>. For
example:</para>
<screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/head/ stable/<replaceable>11</replaceable>
&prompt.user; svn commit stable/<replaceable>11</replaceable></screen>
<note>
<para>Note the sections below which outline changes to
the target location of the <literal>stable/</literal>
branch starting with
<literal>stable/10</literal>.</para>
</note>
<para>Merges to <literal>releng/</literal> branches should
always originate from the corresponding
<literal>stable/</literal> branch. For example:</para>
<screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/stable/<replaceable>11</replaceable> releng/<replaceable>11.0</replaceable>
&prompt.user; svn commit releng/<replaceable>11.0</replaceable></screen>
<note>
<para>Committers are only permitted to commit to the
<literal>releng/</literal> branches during a release
cycle after receiving approval from the Release
Engineering Team, after which only the Security Officer
may commit to a <literal>releng/</literal> branch for
a Security Advisory or Errata Notice.</para>
</note>
</sect4>
<sect4 xml:id="merge">
<title>Selecting the Source and Target for
<literal>stable/10</literal> and Newer</title>
<para>Starting with the <literal>stable/10</literal>
branch, all merges are
merged to and committed from the root of the
branch. All merges look like:</para>
<screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/head/ <replaceable>checkout</replaceable>
&prompt.user; svn commit <replaceable>checkout</replaceable></screen>
<para>Note that <replaceable>checkout</replaceable>
must be a complete checkout of the branch to which the merge
occurs.</para>
<para>Merges to <literal>releng/</literal> branches must
always originate from the corresponding
<literal>stable/</literal> branch. For example:</para>
<screen>&prompt.user; svn merge -c <replaceable>r123456</replaceable> ^/stable/<replaceable>10</replaceable> releng/<replaceable>10.0</replaceable></screen>
</sect4>
<!-- FIXME: This probably needs to go away -->
<sect4 xml:id="oldmerge">
<title>Selecting the Source and Target for
<literal>stable/9</literal> and Older</title>
<para>For <literal>stable/9</literal> and earlier,
a different strategy was used, distributing mergeinfo
around the tree so that merges could be performed without
a complete checkout. This procedure proved extremely
error-prone, with the convenience of partial checkouts for
merges significantly outweighed by the complexity of
picking mergeinfo targets. The procedure below describes this
now-obsoleted process, which should be used
<emphasis>only for merges prior to
<literal>stable/10</literal></emphasis>.</para>
<para>Because of mergeinfo propagation, it is important to
choose the source and target for the merge carefully to
minimise property changes on unrelated directories.</para>
<para>The rules for selecting the merge target (the
directory where the changes are being merged to) can be
summarized:</para>
<orderedlist>
<listitem>
<para>Never merge directly to a file.</para>
</listitem>
<listitem>
<para>Never, ever merge directly to a file.</para>
</listitem>
<listitem>
<para><emphasis>Never, ever, ever</emphasis> merge
directly to a file.</para>
</listitem>
<listitem>
<para>Changes to kernel code are merged to
<filename>sys/</filename>. For instance, a change to
the &man.ichwd.4; driver is merged to
<filename>sys/</filename>, not
<filename>sys/dev/ichwd/</filename>. Likewise, a
change to the TCP/IP stack is merged to
<filename>sys/</filename>, not
<filename>sys/netinet/</filename>.</para>
</listitem>
<listitem>
<para>Changes to code under <filename>etc/</filename>
is merged at <filename>etc/</filename>, not
below it.</para>
</listitem>
<listitem>
<para>Changes to vendor code (code in
<filename>contrib/</filename>,
<filename>crypto/</filename> and so on) are
merged to the directory where vendor imports happen.
For instance, a change to
<filename>crypto/openssl/util/</filename> is
merged to <filename>crypto/openssl/</filename>. This
is rarely an issue, however, since changes to vendor
code are usually merged wholesale.</para>
</listitem>
<listitem>
<para>Changes to userland programs should as a general
rule be merged to the directory that contains the
Makefile for that program. For instance, a change to
<filename>usr.bin/xlint/arch/i386/</filename>
is merged to
<filename>usr.bin/xlint/</filename>.</para>
</listitem>
<listitem>
<para>Changes to userland libraries should as a general
rule be merged to the directory that contains the
Makefile for that library. For instance, a change to
<filename>lib/libc/gen/</filename> should be merged to
<filename>lib/libc/</filename>.</para>
</listitem>
<listitem>
<para>There may be cases where it makes sense to deviate
from the rules for userland programs and libraries.
For instance, everything under
<filename>lib/libpam/</filename> is merged to
<filename>lib/libpam/</filename>, even though the
library itself and all of the modules each have their
own Makefile.</para>
</listitem>
<listitem>
<para>Changes to manual pages are merged to
<filename>share/man/man<replaceable>N</replaceable>/</filename>,
for the appropriate value of
<literal>N</literal>.</para>
</listitem>
<listitem>
<para>Other changes to <filename>share/</filename>
are merged to the appropriate subdirectory and
not to <filename>share/</filename> directly.</para>
</listitem>
<listitem>
<para>Changes to a top-level file in the source tree
such as <filename>UPDATING</filename> or
<filename>Makefile.inc1</filename> are merged
directly to that file rather than to the root of the
whole tree. Yes, this is an exception to the first
three rules.</para>
</listitem>
<listitem>
<para>When in doubt, ask.</para>
</listitem>
</orderedlist>
<para>If a merge changes several places at once
(for instance, changing a kernel interface and every
userland program that uses it), merge each target
separately, then commit them together. For instance, if
merging a revision that changed a kernel
<acronym>API</acronym> and updated all the userland bits
that used that <acronym>API</acronym>, merge the
kernel change to sys, and the userland bits to the
appropriate userland directories, then commit all of these
in one go.</para>
<para>The source will almost invariably be the same as the
target. For instance, always merge
<filename>stable/7/lib/libc/</filename> from
<filename>head/lib/libc/</filename>. The only exception
would be when merging changes to code that has moved in
the source branch but not in the parent branch. For
instance, a change to &man.pkill.1; would be merged from
<filename>bin/pkill/</filename> in head to
<filename>usr.bin/pkill/</filename> in stable/7.</para>
</sect4>
<sect4>
<title>Preparing the Merge Target</title>
<para>Because of the mergeinfo propagation issues described
earlier, it is very important to never merge changes
into a sparse working copy. Always use a full
checkout of the branch being merged into. For instance,
when merging from HEAD to 7, use a full checkout
of stable/7:</para>
<screen>&prompt.user; <userinput>cd stable/7</userinput>
&prompt.user; <userinput>svn up --set-depth=infinity</userinput></screen>
<para>The target directory must also be up-to-date and must
not contain any uncommitted changes or stray files.</para>
</sect4>
<sect4>
<title>Identifying Revisions</title>
<para>Identifying revisions to be merged is a must. If the
target already has complete mergeinfo, ask
<acronym>SVN</acronym> for a list:</para>
<screen>&prompt.user; <userinput>cd stable/6/contrib/openpam</userinput>
&prompt.user; <userinput>svn mergeinfo --show-revs=eligible $FSVN/head/contrib/openpam</userinput></screen>
<para>If the target does not have complete mergeinfo, check
the log for the merge source.</para>
</sect4>
<sect4>
<title>Merging</title>
<para>Now, let us start merging!</para>
<sect5>
<title>The Principles</title>
<para>For example, To merge:</para>
<itemizedlist>
<listitem>
<para>revision <literal>$R</literal></para>
</listitem>
<listitem>
<para>in directory $target in stable branch
$B</para>
</listitem>
<listitem>
<para>from directory $source in head</para>
</listitem>
<listitem>
<para>$FSVN is
<literal>svn+ssh://repo.freebsd.org/base</literal></para>
</listitem>
</itemizedlist>
<para>Assuming that revisions $P and $Q have
already been merged, and that the current directory is
an up-to-date working copy of stable/$B, the
existing mergeinfo looks like this:</para>
<screen>&prompt.user; <userinput>svn propget svn:mergeinfo -R $target</userinput>
$target - /head/$source:$P,$Q</screen>
<para>Merging is done like so:</para>
<screen>&prompt.user; <userinput>svn merge -c$R $FSVN/head/$source $target</userinput></screen>
<para>Checking the results of this is possible with
<command>svn diff</command>.</para>
<para>The svn:mergeinfo now looks like:</para>
<screen>&prompt.user; <userinput>svn propget svn:mergeinfo -R $target</userinput>
$target - head/$source:$P,$Q,$R</screen>
<para>If the results are not exactly as shown, assistance
may be required before committing as mistakes may have
been made, or there may be something wrong with the
existing mergeinfo, or there may be a bug in
Subversion.</para>
</sect5>
<sect5>
<title>Practical Example</title>
<para>As a practical example, consider this
scenario. The changes to <filename>netmap.4</filename>
in r238987 are to be merged from CURRENT to 9-STABLE.
The file resides in
<filename>head/share/man/man4</filename>. According
to <xref linkend="svn-advanced-use-merging"/>, this is
also where to do the merge. Note that in this example
all paths are relative to the top of the svn repository.
For more information on the directory layout, see <xref
linkend="svn-getting-started-base-layout"/>.</para>
<para>The first step is to inspect the existing
mergeinfo.</para>
<screen>&prompt.user; <userinput>svn propget svn:mergeinfo -R stable/9/share/man/man4</userinput></screen>
<para>Take a quick note of how it looks before moving on
to the next step; doing the actual merge:</para>
<screen>&prompt.user; <userinput>svn merge -c r238987 svn+ssh://repo.freebsd.org/base/head/share/man/man4 stable/9/share/man/man4</userinput>
--- Merging r238987 into 'stable/9/share/man/man4':
U stable/9/share/man/man4/netmap.4
--- Recording mergeinfo for merge of r238987 into
'stable/9/share/man/man4':
U stable/9/share/man/man4</screen>
<para>Check that the revision number of the merged
revision has been added. Once this is verified, the
only thing left is the actual commit.</para>
<screen>&prompt.user; <userinput>svn commit stable/9/share/man/man4</userinput></screen>
</sect5>
<sect5>
<title>Merging into the Kernel
(<filename>sys/</filename>)</title>
<para>As stated above, merging into the kernel is
different from merging in the rest of the tree. In many
ways merging to the kernel is simpler because there is
always the same merge target
(<filename>sys/</filename>).</para>
<para>Once <command>svn merge</command> has been executed,
<command>svn diff</command> has to be run on the
directory to check the changes. This may show some
unrelated property changes, but these can be ignored.
Next, build and test the kernel, and, once the tests are
complete, commit the code as normal, making sure that
the commit message starts with <quote>Merge
<replaceable>r226222</replaceable> from head</quote>,
or similar.</para>
</sect5>
</sect4>
<sect4>
<title>Precautions Before Committing</title>
<para>As always, build world (or appropriate parts of
it).</para>
<para>Check the changes with <command>svn diff</command> and
<command>svn stat</command>. Make sure all the files that
should have been added or deleted were in fact added or
deleted.</para>
<para>Take a closer look at any property change (marked by a
<literal>M</literal> in the second column of <command>svn
stat</command>). Normally, no svn:mergeinfo properties
should be anywhere except the target directory (or
directories).</para>
<para>If something looks fishy, ask for help.</para>
</sect4>
<sect4>
<title>Committing</title>
<para>Make sure to commit a top level directory to have the
mergeinfo included as well. Do not specify individual
files on the command line. For more information about
committing files in general, see the relevant section of
this primer.</para>
</sect4>
</sect3>
<sect3 xml:id="svn-advanced-use-vendor-imports">
<title>Vendor Imports with <acronym>SVN</acronym></title>
<important>
<para>Please read this entire section before starting a
vendor import.</para>
</important>
<note>
<para>Patches to vendor code fall into two
categories:</para>
<itemizedlist>
<listitem>
<para>Vendor patches: these are patches that have been
issued by the vendor, or that have been extracted from
the vendor's version control system, which address
issues which cannot wait until the
next vendor release.</para>
</listitem>
<listitem>
<para>&os; patches: these are patches that modify the
vendor code to address &os;-specific issues.</para>
</listitem>
</itemizedlist>
<para>The nature of a patch dictates where it should be
committed:</para>
<itemizedlist>
<listitem>
<para>Vendor patches must be committed to the vendor
branch, and merged from there to head. If the patch
addresses an issue in a new release that is currently
being imported, it <emphasis>must not</emphasis> be
committed along with the new release: the release must
be imported and tagged first, then the patch can be
applied and committed. There is no need to re-tag the
vendor sources after committing the patch.</para>
</listitem>
<listitem>
<para>&os; patches are committed directly to
head.</para>
</listitem>
</itemizedlist>
</note>
<sect4>
<title>Preparing the Tree</title>
<para>If importing for the first time after the switch to
Subversion, flattening and cleaning up the vendor tree is
necessary, as well as bootstrapping the merge history in
the main tree.</para>
<sect5>
<title>Flattening</title>
<para>During the conversion from <acronym>CVS</acronym> to
Subversion, vendor branches were imported with the same
layout as the main tree. This means that the
<literal>pf</literal> vendor sources ended up in
<filename>vendor/pf/dist/contrib/pf</filename>. The
vendor source is best directly in
<filename>vendor/pf/dist</filename>.</para>
<para>To flatten the <literal>pf</literal> tree:</para>
<screen>&prompt.user; <userinput>cd <replaceable>vendor/pf/dist/contrib/pf</replaceable></userinput>
&prompt.user; <userinput>svn mv $(svn list) ../..</userinput>
&prompt.user; <userinput>cd ../..</userinput>
&prompt.user; <userinput>svn rm contrib</userinput>
&prompt.user; <userinput>svn propdel -R svn:mergeinfo .</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
<para>The <literal>propdel</literal> bit is necessary
because starting with 1.5, Subversion will automatically
add <literal>svn:mergeinfo</literal> to any directory
that is copied or moved. In this case, as nothing is
being merged from the deleted tree, they just get in the
way.</para>
<para>Tags may be flattened as well (3, 4, 3.5 etc.); the
procedure is exactly the same, only changing
<literal>dist</literal> to <literal>3.5</literal> or
similar, and putting the <command>svn commit</command>
off until the end of the process.</para>
</sect5>
<sect5>
<title>Cleaning Up</title>
<para>The <literal>dist</literal> tree can be cleaned up
as necessary. Disabling keyword expansion is
recommended, as it makes no sense on unmodified vendor
code and in some cases it can even be harmful.
<application>OpenSSH</application>, for example,
includes two files that originated with &os; and still
contain the original version tags. To do this:</para>
<screen>&prompt.user; <userinput>svn propdel svn:keywords -R .</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
</sect5>
<sect5>
<title>Bootstrapping Merge History</title>
<para>If importing for the first time after the switch to
Subversion, bootstrap <literal>svn:mergeinfo</literal>
on the target directory in the main tree to the revision
that corresponds to the last related change to the
vendor tree, prior to importing new sources:</para>
<screen>&prompt.user; <userinput>cd <replaceable>head/contrib/pf</replaceable></userinput>
&prompt.user; <userinput>svn merge --record-only svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist@180876</replaceable> .</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
</sect5>
</sect4>
<sect4>
<title>Importing New Sources</title>
<para>With two commits—one for the import itself and
one for the tag—this step can optionally be repeated
for every upstream release between the last import and the
current import.</para>
<sect5>
<title>Preparing the Vendor Sources</title>
<para>Unlike in <acronym>CVS</acronym> where only the
needed parts were imported into the vendor tree to avoid
bloating the main tree, Subversion is able to store a
full distribution in the vendor tree. So, import
everything, but merge only what is required.</para>
<para>A <command>svn add</command> is required to add any
files that were added since the last vendor import, and
<command>svn rm</command> is required to remove any that
were removed since. Preparing sorted lists of the
contents of the vendor tree and of the sources that are
about to be imported is recommended, to facilitate the
process.</para>
<screen>&prompt.user; <userinput>cd <replaceable>vendor/pf/dist</replaceable></userinput>
&prompt.user; <userinput>svn list -R | grep -v '/$' | sort >../old</userinput>
&prompt.user; <userinput>cd <replaceable>../pf-4.3</replaceable></userinput>
&prompt.user; <userinput>find . -type f | cut -c 3- | sort >../new</userinput></screen>
<para>With these two files,
<command>comm -23 ../old ../new</command> will list
removed files (files only in <filename>old</filename>),
while <command>comm -13 ../old ../new</command> will
list added files only in
<filename>new</filename>.</para>
</sect5>
<sect5>
<title>Importing into the Vendor Tree</title>
<para>Now, the sources must be copied into
<filename><replaceable>dist</replaceable></filename> and
the <command>svn add</command> and
<command>svn rm</command> commands are used as
needed:</para>
<screen>&prompt.user; <userinput>cd <replaceable>vendor/pf/pf-4.3</replaceable></userinput>
&prompt.user; <userinput>tar cf - . | tar xf - -C ../dist</userinput>
&prompt.user; <userinput>cd <replaceable>../dist</replaceable></userinput>
&prompt.user; <userinput>comm -23 ../old ../new | xargs svn rm</userinput>
&prompt.user; <userinput>comm -13 ../old ../new | xargs svn --parents add</userinput></screen>
<para>If any directories were removed, they will have to
be <command>svn rm</command>ed manually. Nothing will
break if they are not, but they will remain in the
tree.</para>
<para>Check properties on any new files. All text files
should have <literal>svn:eol-style</literal> set to
<literal>native</literal>. All binary files should have
<literal>svn:mime-type</literal> set to
<literal>application/octet-stream</literal> unless there
is a more appropriate media type. Executable files
should have <literal>svn:executable</literal> set to
<literal>*</literal>. No other properties should exist
on any file in the tree.</para>
<para>Committing is now possible. However, it is good
practice to make sure that everything is okay by using the
<command>svn stat</command> and
<command>svn diff</command> commands.</para>
</sect5>
<sect5>
<title>Tagging</title>
<para>Once committed, vendor releases are tagged for
future reference. The best and quickest way to do this
is directly in the repository:</para>
<screen>&prompt.user; <userinput>svn cp svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist</replaceable> svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/4.3</replaceable></userinput></screen>
<para>Once that is complete, <command>svn up</command> the
working copy of
<filename><replaceable>vendor/pf</replaceable></filename>
to get the new tag, although this is rarely
needed.</para>
<para>If creating the tag in the working copy of the tree,
<command>svn:mergeinfo</command> results must be
removed:</para>
<screen>&prompt.user; <userinput>cd <replaceable>vendor/pf</replaceable></userinput>
&prompt.user; <userinput>svn cp dist 4.3</userinput>
&prompt.user; <userinput>svn propdel svn:mergeinfo -R 4.3</userinput></screen>
</sect5>
</sect4>
<sect4>
<title>Merging to Head</title>
<screen>&prompt.user; <userinput>cd <replaceable>head/contrib/pf</replaceable></userinput>
&prompt.user; <userinput>svn up</userinput>
&prompt.user; <userinput>svn merge --accept=postpone svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist</replaceable> .</userinput></screen>
<para>The <literal>--accept=postpone</literal> tells
Subversion not to complain about merge
conflicts as they will be handled manually.</para>
<tip xml:id="svn-advanced-use-vendor-imports-pre-svn">
<para>The <command>cvs2svn</command> changeover occurred
on June 3, 2008. When performing vendor merges for
packages which were already present and converted by the
<command>cvs2svn</command> process, the command used to
merge
<filename>/vendor/<replaceable>package_name</replaceable>/dist</filename>
to
<filename>/head/<replaceable>package_location</replaceable></filename>
(for example,
<filename>head/contrib/sendmail</filename>) must use
<option>-c <replaceable>REV</replaceable></option> to
indicate the revision to merge from the
<filename>/vendor</filename> tree. For example:</para>
<screen>&prompt.user; <userinput>svn checkout svn+ssh://repo.freebsd.org/base/head/contrib/<replaceable>sendmail</replaceable></userinput>
&prompt.user; <userinput>cd sendmail</userinput>
&prompt.user; <userinput>svn merge -c r<replaceable>261190</replaceable> ^/vendor/<replaceable>sendmail/dist</replaceable> .</userinput></screen>
<para><literal>^</literal> is an alias for the
repository path.</para>
</tip>
<note>
<para>If using the <application>Zsh</application> shell,
the <literal>^</literal> must be escaped with
<literal>\</literal>. This means
<literal>^/head</literal> should be
<literal>\^/head</literal>.</para>
</note>
<para>It is necessary to resolve any merge conflicts.</para>
<para>Make sure that any files that were added or removed in
the vendor tree have been properly added or removed in the
main tree. To check diffs against the vendor
branch:</para>
<screen>&prompt.user; <userinput>svn diff --no-diff-deleted --old=svn+ssh://repo.freebsd.org/base/<replaceable>vendor/pf/dist</replaceable> --new=.</userinput></screen>
<para>The <literal>--no-diff-deleted</literal> tells
Subversion not to complain about files that are in the
vendor tree but not in the main tree. Things that
would have previously been removed before the vendor
import, like the vendor's makefiles
and configure scripts.</para>
<para>Using <acronym>CVS</acronym>, once a file was off the
vendor branch, it was not able to be put back. With
Subversion, there is no concept of on or off the vendor
branch. If a file that previously had local
modifications, to make it not show up in diffs in the
vendor tree, all that has to be done is remove any
left-over cruft like &os; version tags, which is much
easier.</para>
<para>If any changes are required for the world to build
with the new sources, make them now, and keep testing
until everything builds and runs perfectly.</para>
</sect4>
<sect4>
<title>Committing the Vendor Import</title>
<para>Committing is now possible! Everything must be
committed in one go. If done properly, the tree will move
from a consistent state with old code, to a consistent
state with new code.</para>
</sect4>
<sect4>
<title>From Scratch</title>
<sect5>
<title>Importing into the Vendor Tree</title>
<para>This section is an example of importing and tagging
<application>byacc</application> into
<filename>head</filename>.</para>
<para>First, prepare the directory in
<filename>vendor</filename>:</para>
<screen>&prompt.user; <userinput>svn co --depth immediates <replaceable>$FSVN/vendor</replaceable></userinput>
&prompt.user; <userinput>cd <replaceable>vendor</replaceable></userinput>
&prompt.user; <userinput>svn mkdir <replaceable>byacc</replaceable></userinput>
&prompt.user; <userinput>svn mkdir <replaceable>byacc/dist</replaceable></userinput></screen>
<para>Now, import the sources into the
<filename>dist</filename> directory.
Once the files are in place, <command>svn add</command>
the new ones, then <command>svn commit</command> and tag
the imported version. To save time and bandwidth,
direct remote committing and tagging is possible:</para>
<screen>&prompt.user; <userinput>svn cp -m <replaceable>"Tag byacc 20120115"</replaceable> <replaceable>$FSVN/vendor/byacc/dist</replaceable> <replaceable>$FSVN/vendor/byacc/20120115</replaceable></userinput></screen>
</sect5>
<sect5>
<title>Merging to <literal>head</literal></title>
<para>Due to this being a new file, copy it for the
merge:</para>
<screen>&prompt.user; <userinput>svn cp -m <replaceable>"Import byacc to contrib"</replaceable> <replaceable>$FSVN/vendor/byacc/dist</replaceable> <replaceable>$FSVN/head/contrib/byacc</replaceable></userinput></screen>
<para>Working normally on newly imported sources is still
possible.</para>
</sect5>
</sect4>
</sect3>
<sect3 xml:id="svn-advanced-use-reverting-a-commit">
<title>Reverting a Commit</title>
<para>Reverting a commit to a previous version is fairly
easy:</para>
<screen>&prompt.user; <userinput>svn merge -r179454:179453 ROADMAP.txt</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
<para>Change number syntax, with negative meaning a reverse
change, can also be used:</para>
<screen>&prompt.user; <userinput>svn merge -c -179454 ROADMAP.txt</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
<para>This can also be done directly in the repository:</para>
<screen>&prompt.user; <userinput>svn merge -r179454:179453 svn+ssh://repo.freebsd.org/base/ROADMAP.txt</userinput></screen>
<note>
<para>It is important to ensure that the mergeinfo
is correct when reverting a file to permit
<command>svn mergeinfo --eligible</command> to work as
expected.</para>
</note>
<para>Reverting the deletion of a file is slightly different.
Copying the version of the file that predates the deletion
is required. For example, to restore a file that was
deleted in revision N, restore version N-1:</para>
<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/ROADMAP.txt@179454</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
<para>or, equally:</para>
<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/ROADMAP.txt@179454 svn+ssh://repo.freebsd.org/base</userinput></screen>
<para>Do <emphasis>not</emphasis> simply recreate the file
manually and <command>svn add</command> it—this will
cause history to be lost.</para>
</sect3>
<sect3 xml:id="svn-advanced-use-fixing-mistakes">
<title>Fixing Mistakes</title>
<para>While we can do surgery in an emergency, do not plan on
having mistakes fixed behind the scenes. Plan on mistakes
remaining in the logs forever. Be sure to check the output
of <command>svn status</command> and <command>svn
diff</command> before committing.</para>
<para>Mistakes will happen but,
they can generally be fixed without
disruption.</para>
<para>Take a case of adding a file in the wrong location. The
right thing to do is to <command>svn move</command> the file
to the correct location and commit. This causes just a
couple of lines of metadata in the repository journal, and
the logs are all linked up correctly.</para>
<para>The wrong thing to do is to delete the file and then
<command>svn add</command> an independent copy in the
correct location. Instead of a couple of lines of text, the
repository journal grows an entire new copy of the file.
This is a waste.</para>
</sect3>
<sect3 xml:id="svn-advanced-use-setting-up-svnsync">
<title>Setting up a <application>svnsync</application>
Mirror</title>
<para>Avoid setting up a <application>svnsync</application>
mirror unless there is a very good reason for it. Such
reasons might be to support
multiple local read-only client machines, or if the network
bandwidth is limited. Starting a fresh mirror from empty
would take a very long time. Expect a minimum of 10 hours
for high speed connectivity. If international links are
involved, expect this to take four to ten times longer.</para>
<para>A far better option is to grab a seed file. It is large
(~1GB) but will consume less network traffic and take less
time to fetch than a svnsync will. There are several ways
to do this:</para>
<screen>&prompt.user; <userinput>rsync -va --partial --progress freefall:/home/peter/svnmirror-base-r179637.tbz2 .</userinput></screen>
<screen>&prompt.user; <userinput>rsync -va --partial --progress rsync://repoman.freebsd.org:50873/svnseed/svnmirror-base-r215629.tar.xz .</userinput></screen>
<screen>&prompt.user; <userinput>fetch ftp://ftp.freebsd.org/pub/FreeBSD/development/subversion/svnmirror-base-r221445.tar.xz</userinput></screen>
<para>Extract the file to somewhere like
<filename>home/svnmirror/base/</filename>.
Then, update it, so that it fetches changes since the last
revision in the archive:</para>
<screen>&prompt.user; <userinput>svnsync sync file:///home/svnmirror/base</userinput></screen>
<para>Now, set that up to run from &man.cron.8;, do
checkouts locally, set up a svnserve server for local
machines to talk to, etc.</para>
<para>The seed mirror is set to fetch from
<literal>svn://svn.freebsd.org/base</literal>. The
configuration for the mirror is stored in
<literal>revprop 0</literal> on the local mirror. To see
the configuration, try:</para>
<screen>&prompt.user; <userinput>svn proplist -v --revprop -r 0 file:///home/svnmirror/base</userinput></screen>
<para>Use <literal>propset</literal> to change things.</para>
</sect3>
<sect3 xml:id="svn-advanced-use-committing-high-ascii-data">
<title>Committing High-<acronym>ASCII</acronym> Data</title>
<para>Files that have high-<acronym>ASCII</acronym> bits are
considered binary files in <acronym>SVN</acronym>, so the
pre-commit checks fail and indicate that the
<literal>mime-type</literal> property should be set to
<literal>application/octet-stream</literal>. However, the
use of this is discouraged, so please do not set it. The
best way is always avoiding high-<acronym>ASCII</acronym>
data, so that it can be read everywhere with any text editor
but if it is not avoidable, instead of changing the
mime-type, set the <literal>fbsd:notbinary</literal>
property with <literal>propset</literal>:</para>
<screen>&prompt.user; <userinput>svn propset fbsd:notbinary yes foo.data</userinput></screen>
</sect3>
<sect3 xml:id="svn-advanced-use-maintaining-a-project-branch">
<title>Maintaining a Project Branch</title>
<para>A project branch is one that is synced to head (or
another branch) is used to develop a project then commit it
back to head. In <acronym>SVN</acronym>,
<quote>dolphin</quote> branching is used for this. A
<quote>dolphin</quote> branch is one that diverges for a
while and is finally committed back to the original branch.
During development code migration in one direction (from
head to the branch only). No code is committed back to head
until the end. Once the branch is commited back at the end,
it is dead (although a new branch with the same name can be
created after the dead one was deleted).</para>
<para>As per <link
xlink:href="http://people.freebsd.org/~peter/svn_notes.txt">http://people.freebsd.org/~peter/svn_notes.txt</link>,
work that is intended to be merged back into HEAD should be
in <filename>base/projects/</filename>. If the
work is beneficial to the &os; community in some way
but not intended to be merged directly back into HEAD then
the proper location is
<filename>base/user/<replaceable>username</replaceable>/</filename>.
<link
xlink:href="http://svnweb.freebsd.org/base/projects/GUIDELINES.txt">This
page</link> contains further details.</para>
<para>To create a project branch:</para>
<screen>&prompt.user; <userinput>svn copy svn+ssh://repo.freebsd.org/base/head svn+ssh://repo.freebsd.org/base/projects/spif</userinput></screen>
<para>To merge changes from HEAD back into the project
branch:</para>
<screen>&prompt.user; <userinput>cd copy_of_spif</userinput>
&prompt.user; <userinput>svn merge svn+ssh://repo.freebsd.org/base/head</userinput>
&prompt.user; <userinput>svn commit</userinput></screen>
<para>It is important to resolve any merge conflicts before
committing.</para>
<!--
<para>To collapse everything back at the end:</para>
<screen>&prompt.user; <userinput>svn write me</userinput></screen>
-->
</sect3>
</sect2>
<sect2>
<title>Some Tips</title>
<para>In commit logs etc., <quote>rev 179872</quote> is
spelled <quote>r179872</quote> as per convention.</para>
<para>Speeding up svn is possible by adding these entries to
<filename>~/.ssh/config</filename>:</para>
<screen>Host *
ControlPath ~/.ssh/sockets/master-%l-%r@%h:%p
ControlMaster auto
ControlPersist yes</screen>
<para>and then typing</para>
<screen><userinput>mkdir ~/.ssh/sockets</userinput></screen>
<para>Checking out a working copy with a stock Subversion client
without &os;-specific patches
(<varname>OPTIONS_SET=FREEBSD_TEMPLATE</varname>) will mean
that <literal>$FreeBSD$</literal> tags will not
be expanded. Once the correct version has been installed,
trick Subversion into expanding them like so:</para>
<screen>&prompt.user; <userinput>svn propdel -R svn:keywords .</userinput>
&prompt.user; <userinput>svn revert -R .</userinput></screen>
<para>This will wipe out uncommitted patches.</para>
<para>It is possible to automatically fill the "Sponsored by"
and "MFC after" commit log fields by setting
"freebsd-sponsored-by" and "freebsd-mfc-after" fields in the
"[miscellany]" section of the
<filename>~/.subversion/config</filename> configuration file.
For example:</para>
<programlisting>freebsd-sponsored-by = The FreeBSD Foundation
freebsd-mfc-after = 2 weeks</programlisting>
</sect2>
</sect1>
<sect1 xml:id="conventions">
<title>Setup, Conventions, and Traditions</title>
<para>There are a number of things to do as a new developer.
The first set of steps is specific to committers only. These
steps must be done by a mentor for those who are not
committers.</para>
<sect2 xml:id="conventions-committers">
<title>For New Committers</title>
<para>Those who have been given commit rights to the &os;
repositories must follow these steps.</para>
<itemizedlist xml:id="commit-notes">
<listitem>
<para>Get mentor approval before committing each of these
changes!</para>
</listitem>
<listitem>
<para>The <filename>.ent</filename> and
<filename>.xml</filename> files mentioned below exist in
the &os; Documentation Project SVN repository at
<literal>svn+ssh://repo.FreeBSD.org/doc/</literal>.</para>
</listitem>
<listitem>
<para>New files that do not have the
<literal>FreeBSD=%H</literal>
<command>svn:keywords</command> property will be rejected
when attempting to commit them to the repository. Be sure
to read
<xref linkend="svn-daily-use-adding-and-removing"/>
regarding adding and removing files. Verify that
<filename>~/.subversion/config</filename> contains the
necessary <quote>auto-props</quote> entries from
<filename>auto-props.txt</filename> mentioned
there.</para>
</listitem>
<listitem>
<para>All <filename>src</filename> commits go to
&os.current; first before being merged to &os.stable;.
The &os.stable; branch must maintain
<acronym>ABI</acronym> and <acronym>API</acronym>
compatibility with earlier versions of that branch. Do
not merge changes that break this compatibility.</para>
</listitem>
</itemizedlist>
<procedure xml:id="commit-steps">
<title>Steps for New Committers</title>
<step>
<title>Add an Author Entity</title>
<para><filename>doc/head/share/xml/authors.ent</filename>
— Add an author entity. Later steps depend on this
entity, and missing this step will cause the
<filename>doc/</filename> build to fail. This is a
relatively easy task, but remains a good first test of
version control skills.</para>
</step>
<step>
<title>Update the List of Developers and
Contributors</title>
<para><filename>doc/head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml</filename>
—
Add an entry to the <quote>Developers</quote> section
of the <link
xlink:href="&url.articles.contributors;/staff-committers.html">Contributors
List</link>. Entries are sorted by last name.</para>
<para><filename>doc/head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml</filename>
— <emphasis>Remove</emphasis> the entry from the
<quote>Additional Contributors</quote> section. Entries
are sorted by first name.</para>
</step>
<step>
<title>Add a News Item</title>
<para><filename>doc/head/share/xml/news.xml</filename>
— Add an entry. Look for the other entries that
announce new committers and follow the format. Use the
date from the commit bit approval email from
<email>core@FreeBSD.org</email>.</para>
</step>
<step>
<title>Add a <acronym>PGP</acronym> Key</title>
<para><filename>doc/head/share/pgpkeys/pgpkeys.ent</filename>
and
<filename>doc/head/share/pgpkeys/pgpkeys-developers.xml</filename>
- Add your <acronym>PGP</acronym> or
Gnu<acronym>PG</acronym> key. Those who do not yet have a
key should see <xref linkend="pgpkeys-creating"/>.</para>
<para>&a.des.email; has written a shell script
(<filename>doc/head/share/pgpkeys/addkey.sh</filename>) to
make this easier. See the <link
xlink:href="http://svnweb.FreeBSD.org/doc/head/share/pgpkeys/README">README</link>
file for more information.</para>
<para>Use
<filename>doc/head/share/pgpkeys/checkkey.sh</filename> to
verify that keys meet minimal best-practices
standards.</para>
<para>After adding and checking a key, add both updated
files to source control and then commit them. Entries in
this file are sorted by last name.</para>
<note>
<para>It is very important to have a current
<acronym>PGP</acronym>/Gnu<acronym>PG</acronym> key in
the repository. The key may be required for positive
identification of a committer. For example, the
&a.admins; might need it for account recovery. A
complete keyring of <systemitem
class="fqdomainname">FreeBSD.org</systemitem> users is
available for download from <link
xlink:href="&url.base;/doc/pgpkeyring.txt">http://www.FreeBSD.org/doc/pgpkeyring.txt</link>.</para>
</note>
</step>
<step>
<title>Update Mentor and Mentee Information</title>
<para><filename>base/head/share/misc/committers-<replaceable>repository</replaceable>.dot</filename>
— Add an entry to the current committers section,
where <replaceable>repository</replaceable> is
<literal>doc</literal>, <literal>ports</literal>, or
<literal>src</literal>, depending on the commit privileges
granted.</para>
<para>Add an entry for each additional mentor/mentee
relationship in the bottom section.</para>
</step>
<step>
<title>Generate a <application>Kerberos</application>
Password</title>
<para>See <xref linkend="kerberos-ldap"/> to generate or
set a <application>Kerberos</application> for use with
other &os; services like the bug tracking database.</para>
</step>
<step>
<title>Optional: Enable Wiki Account</title>
<para><link xlink:href="http://wiki.freebsd.org">&os;
Wiki</link> Account — A wiki account allows
sharing projects and ideas. Those who do not yet have an
account can contact <email>clusteradm@FreeBSD.org</email>
to obtain one.</para>
</step>
<step>
<title>Optional: Update Wiki Information</title>
<para>Wiki Information - After gaining access to the wiki,
some people add entries to the <link
xlink:href="http://wiki.freebsd.org/HowWeGotHere">How We
Got Here</link>,
<link xlink:href="http://wiki.freebsd.org/IrcNicks">Irc
Nicks</link>, and <link
xlink:href="https://wiki.freebsd.org/DogsOfFreeBSD">Dogs
of FreeBSD</link> pages.</para>
</step>
<step>
<title>Optional: Update Ports with Personal
Information</title>
<para><filename>ports/astro/xearth/files/freebsd.committers.markers</filename>
and
<filename>src/usr.bin/calendar/calendars/calendar.freebsd</filename>
- Some people add entries for themselves to these files to
show where they are located or the date of their
birthday.</para>
</step>
<step>
<title>Optional: Prevent Duplicate Mailings</title>
<para>Subscribers to &a.svn-src-all.name;,
&a.svn-ports-all.name; or &a.svn-doc-all.name; might wish
to unsubscribe to avoid receiving duplicate copies of
commit messages and followups.</para>
</step>
</procedure>
</sect2>
<sect2 xml:id="conventions-everyone">
<title>For Everyone</title>
<procedure xml:id="conventions-everyone-steps">
<step>
<para>Introduce yourself to the other developers, otherwise
no one will have any idea who you are or what you are
working on. The introduction need not be a comprehensive
biography, just write a paragraph or two about who you
are, what you plan to be working on as a developer in
&os;, and who will be your mentor. Email this to the
&a.developers; and you will be on your way!</para>
</step>
<step>
<para>Log into <systemitem>freefall.FreeBSD.org</systemitem>
and create a
<filename>/var/forward/<replaceable>user</replaceable></filename>
(where <replaceable>user</replaceable> is your username)
file containing the e-mail address where you want mail
addressed to
<replaceable>yourusername</replaceable>@FreeBSD.org to be
forwarded. This includes all of the commit messages as
well as any other mail addressed to the &a.committers; and
the &a.developers;. Really large mailboxes which have
taken up permanent residence on
<systemitem>freefall</systemitem> may get truncated
without warning if space needs to be freed, so forward it
or save it elsewhere.</para>
<para>Due to the severe load dealing with SPAM places on the
central mail servers that do the mailing list processing,
the front-end server does do some basic checks and will
drop some messages based on these checks. At the moment
proper DNS information for the connecting host is the only
check in place but that may change. Some people blame
these checks for bouncing valid email. To have these
checks turned off for your email, create a file
named <filename>~/.spam_lover</filename>
on <systemitem
class="fqdomainname">freefall.FreeBSD.org</systemitem>.</para>
</step>
</procedure>
<note>
<para>Those who are developers but not committers will
not be subscribed to the committers or developers mailing
lists. The subscriptions are derived from the access
rights.</para>
</note>
</sect2>
<sect2 xml:id="mentors">
<title>Mentors</title>
<para>All new developers have a mentor assigned to them for
the first few months. A mentor is responsible for teaching
the mentee the rules and conventions of the project and
guiding their first steps in the developer community. The
mentor is also personally responsible for the mentee's actions
during this initial period.</para>
<para>For committers: do not commit anything without first
getting mentor approval. Document that approval with an
<literal>Approved by:</literal> line in the commit
message.</para>
<para>When the mentor decides that a mentee has learned the
ropes and is ready to commit on their own, the mentor
announces it with a commit to
<filename>conf/mentors</filename>. This file is in the
<filename>svnadmin</filename> branch of each
repository:</para>
<informaltable frame="none">
<tgroup cols="2">
<tbody>
<row>
<entry><literal>src</literal></entry>
<entry><filename>base/svnadmin/conf/mentors</filename></entry>
</row>
<row>
<entry><literal>doc</literal></entry>
<entry><filename>doc/svnadmin/conf/mentors</filename></entry>
</row>
<row>
<entry><literal>ports</literal></entry>
<entry><filename>ports/svnadmin/conf/mentors</filename></entry>
</row>
</tbody>
</tgroup>
</informaltable>
</sect2>
</sect1>
<sect1 xml:id="commit-log-message">
<title>Commit Log Messages</title>
<para>This section contains some suggestions and traditions for
how commit logs are formatted.</para>
<para>As well as including an informative message with each
commit, some additional information may be needed.</para>
<para>This information consists of one or more lines
containing the key word or phrase, a colon, tabs for formatting,
and then the additional information.</para>
<para>The key words or phrases are:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<tbody>
<row>
<entry><literal>PR:</literal></entry>
<entry>The problem report (if any) which is affected
(typically, by being closed) by this commit.
Multiple PRs may be specified on one line, separated by
commas or spaces.</entry>
</row>
<row>
<entry><literal>Submitted by:</literal></entry>
<entry>
<para>The name and e-mail address of the person
that submitted the fix; for developers, just the
username on the &os; cluster.</para>
<para>If the submitter is the maintainer of the port
being committed, include "(maintainer)"
after the email address.</para>
<para>Avoid obfuscating the email address of the
submitter as this adds additional work when searching
logs.</para>
</entry>
</row>
<row>
<entry><literal>Reviewed by:</literal></entry>
<entry>The name and e-mail address of the person or
people that reviewed the change; for developers,
just the username on the &os; cluster. If a
patch was submitted to a mailing list for review,
and the review was favorable, then just include
the list name.</entry>
</row>
<row>
<entry><literal>Approved by:</literal></entry>
<entry><para>The name and e-mail address of the person or
people that approved the change; for developers, just
the username on the &os; cluster. It is customary to
get prior approval for a commit if it is to an area of
the tree to which you do not usually commit. In
addition, during the run up to a new release all commits
<emphasis>must</emphasis> be approved by the release
engineering team.</para>
<para>While under mentorship, get mentor approval before
the commit. Enter the mentor's username in this field,
and note that they are a mentor:</para>
<screen>Approved by: <userinput><replaceable>username-of-mentor</replaceable> <literal>(mentor)</literal></userinput></screen>
<para>If a team approved these commits then include the
team name followed by the username of the approver in
parentheses. For example:</para>
<screen>Approved by: <userinput><literal>re</literal> (<replaceable>username</replaceable>)</userinput></screen></entry>
</row>
<row>
<entry><literal>Obtained from:</literal></entry>
<entry>The name of the project (if any) from which
the code was obtained. Do not use this line for the
name of an individual person.</entry>
</row>
<row>
<entry><literal>MFC after:</literal></entry>
<entry>If you wish to receive an e-mail reminder to
<acronym>MFC</acronym> at a later date, specify the
number of days, weeks, or months after which an
<acronym>MFC</acronym> is planned.</entry>
</row>
<row>
<entry><literal>MFC to:</literal></entry>
<entry>If the commit should be merged to a subset of
stable branches, specify the branch names.</entry>
</row>
<row>
<entry><literal>MFC with:</literal></entry>
<entry>If the commit should be merged together with
a previous one in a single
<acronym>MFC</acronym> commit (for example, where
this commit corrects a bug in the previous change),
specify the corresponding revision number.</entry>
</row>
<row>
<entry><literal>Relnotes:</literal></entry>
<entry>If the change is a candidate for inclusion in
the release notes for the next release from the branch,
set to <literal>yes</literal>.</entry>
</row>
<row>
<entry><literal>Security:</literal></entry>
<entry>If the change is related to a security
vulnerability or security exposure, include one or more
references or a description of the issue. If possible,
include a VuXML URL or a CVE ID.</entry>
</row>
<row>
<entry><literal>Differential Revision:</literal></entry>
<entry>The full URL of the Phabricator review. This line
<emphasis>must be the last line</emphasis>. For example:
<literal>https://reviews.freebsd.org/D1708</literal>.</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<example>
<title>Commit Log for a Commit Based on a PR</title>
<para>The commit is based on a patch from a PR submitted by John
Smith. The commit message <quote>PR</quote> and
<quote>Submitted by</quote> fields are filled..</para>
<programlisting>...
PR: 12345
Submitted by: John Smith <John.Smith@example.com></programlisting>
</example>
<example>
<title>Commit Log for a Commit Needing Review</title>
<para>The virtual memory system is being changed. After
posting patches to the appropriate mailing list (in this
case, <literal>freebsd-arch</literal>) and the changes have
been approved.</para>
<programlisting>...
Reviewed by: -arch</programlisting>
</example>
<example>
<title>Commit Log for a Commit Needing Approval</title>
<para>Commit a port, after working with
the listed MAINTAINER, who said to go ahead and
commit.</para>
<programlisting>...
Approved by: <replaceable>abc</replaceable> (maintainer)</programlisting>
<para>Where <replaceable>abc</replaceable> is the account name
of the person who approved.</para>
</example>
<example>
<title>Commit Log for a Commit Bringing in Code from
OpenBSD</title>
<para>Commiting some code based on work done in the
OpenBSD project.</para>
<programlisting>...
Obtained from: OpenBSD</programlisting>
</example>
<example>
<title>Commit Log for a Change to &os.current; with a Planned
Commit to &os.stable; to Follow at a Later Date.</title>
<para>Committing some code which will be merged from
&os.current; into the &os.stable; branch after two
weeks.</para>
<programlisting>...
MFC after: <replaceable>2 weeks</replaceable></programlisting>
<para>Where <replaceable>2</replaceable> is the number of days,
weeks, or months after which an <acronym>MFC</acronym> is
planned. The <replaceable>weeks</replaceable> option may be
<literal>day</literal>, <literal>days</literal>,
<literal>week</literal>, <literal>weeks</literal>,
<literal>month</literal>, <literal>months</literal>.</para>
</example>
<para>It is often necessary to combine these.</para>
<para>Consider the situation where a user has submitted a PR
containing code from the NetBSD project. Looking at the PR, the
developer sees it is not an area of the tree they normally work
in, so they have the change reviewed by the
<literal>arch</literal> mailing list. Since the change is
complex, the developer opts to <acronym>MFC</acronym> after one
month to allow adequate testing.</para>
<para>The extra information to include in the commit would look
something like</para>
<example>
<title>Example Combined Commit Log</title>
<programlisting>PR: 54321
Submitted by: John Smith <John.Smith@example.com>
Reviewed by: -arch
Obtained from: NetBSD
MFC after: 1 month
Relnotes: yes</programlisting>
</example>
</sect1>
<sect1 xml:id="pref-license">
<title>Preferred License for New Files</title>
<para>The &os; Project suggests and uses this
text as the preferred license scheme:</para>
<programlisting>/*-
* Copyright (c) [year] [your name]
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* [id for your version control system, if any]
*/</programlisting>
<para>The &os; project strongly discourages the so-called
"advertising clause" in new code. Due to the large number of
contributors to the &os; project, complying with this clause for
many commercial vendors has become difficult. If you have code
in the tree with the advertising clause, please consider
removing it. In fact, please consider using the above license
for your code.</para>
<para>The &os; project discourages completely new licenses and
variations on the standard licenses. New licenses require the
approval of the &a.core; to reside in the
main repository. The more different licenses that are used in
the tree, the more problems that this causes to those wishing to
utilize this code, typically from unintended consequences from a
poorly worded license.</para>
<para>Project policy dictates that code under some non-BSD
licenses must be placed only in specific sections of the
repository, and in some cases, compilation must be conditional
or even disabled by default. For example, the GENERIC kernel
must be compiled under only licenses identical to or
substantially similar to the BSD license. GPL, APSL, CDDL, etc,
licensed software must not be compiled into GENERIC.</para>
<para>Developers are reminded that in open source, getting "open"
right is just as important as getting "source" right, as
improper handling of intellectual property has serious
consequences. Any questions or concerns should immediately be
brought to the attention of the core team.</para>
</sect1>
<sect1 xml:id="tracking.license.grants">
<title>Keeping Track of Licenses Granted to the &os;
Project</title>
<para>Various software or data exist in the repositories where
the &os; project has been granted a special licence to be able
to use them. A case in point are the Terminus fonts for use
with &man.vt.4;. Here the author Dimitar Zhekov has allowed us
to use the "Terminus BSD Console" font under a 2-clause BSD
license rather than the regular Open Font License he normally
uses.</para>
<para>It is clearly sensible to keep a record of any such
license grants. To that end, the &a.core; has decided to keep
an archive of them. Whenever the &os; project is granted a
special license we require the &a.core; to be notified. Any
developers involved in arranging such a license grant, please
send details to the &a.core; including:</para>
<itemizedlist>
<listitem>
<para>Contact details for people or organizations granting the
special license.</para>
</listitem>
<listitem>
<para>What files, directories etc. in the repositories are
covered by the license grant including the revision numbers
where any specially licensed material was committed.</para>
</listitem>
<listitem>
<para>The date the license comes into effect from. Unless
otherwise agreed, this will be the date the license was
issued by the authors of the software in question.</para>
</listitem>
<listitem>
<para>The license text.</para>
</listitem>
<listitem>
<para>A note of any restrictions, limitations or exceptions
that apply specifically to &os;'s usage of the licensed
material.</para>
</listitem>
<listitem>
<para>Any other relevant information.</para>
</listitem>
</itemizedlist>
<para>Once the &a.core; is satisfied that all the necessary
details have been gathered and are correct, the secretary will
send a PGP-signed acknowledgement of receipt including the
license details. This receipt will be persistently archived and
serve as our permanent record of the license grant.</para>
<para>The license archive should contain only details of license
grants; this is not the place for any discussions around
licensing or other subjects. Access to data within the license
archive will be available on request to the &a.core;.</para>
</sect1>
<sect1 xml:id="developer.relations">
<title>Developer Relations</title>
<para>When working directly on your own code or on code
which is already well established as your responsibility, then
there is probably little need to check with other committers
before jumping in with a commit. Working on a bug in an area of
the system which is clearly orphaned (and there are a few such
areas, to our shame), the same applies. Trying
to modify something which is clearly being actively
maintained by someone else (and it is only by watching the
<literal><replaceable>repository</replaceable>-committers</literal>
mailing list that a developer can really get a feel for just what is and
is not) then consider sending the change to them instead, just
as a developer would have before becoming a committer. For ports,
contact the listed <varname>MAINTAINER</varname> in the
<filename>Makefile</filename>. For other parts of the
repository, if it is not clear who the active maintainer
is, it may help to scan the revision history to see who has
committed changes in the past. An example script that lists
each person who has committed to
a given file along with the number of commits each person has
made can be found at on <systemitem>freefall</systemitem> at
<filename>~eadler/bin/whodid</filename>. If queries go
unanswered or the committer otherwise indicates a lack of
interest in the area affected, go ahead and commit it.</para>
<note>
<para>Avoid sending private emails to maintainers. Other people
might be interested in the conversation, not just the final
output.</para>
</note>
<para>If there is any doubt about a commit for any reason at all, have
it reviewed by <literal>-hackers</literal> before committing.
Better to have it flamed then and there rather than when it is
part of the repository. If a commit does
results in controversy erupting, it may be advisable to
consider backing the change out again until the matter is
settled. Remember, with a version control system we can
always change it back.</para>
<para>Do not impugn the intentions of others.
If they see a different solution to a problem, or even
a different problem, it is probably not because they are stupid, because
they have questionable parentage, or because they are trying to
destroy hard work, personal image, or &os;, but basically
because they have a different outlook on the world. Different
is good.</para>
<para>Disagree honestly. Argue your position from its merits,
be honest about any shortcomings it may have, and be open to
seeing their solution, or even their vision of the problem,
with an open mind.</para>
<para>Accept correction. We are all fallible. When you have made
a mistake, apologize and get on with life. Do not beat up
yourself, and certainly do not beat up others for your mistake.
Do not waste time on embarrassment or recrimination, just fix
the problem and move on.</para>
<para>Ask for help. Seek out (and give) peer reviews. One of
the ways open source software is supposed to excel is in the
number of eyeballs applied to it; this does not apply if nobody
will review code.</para>
</sect1>
<sect1 xml:id="if-in-doubt">
<title>If in Doubt...</title>
<para>When unsure about something, whether it be a
technical issue or a project convention be sure to ask. If you
stay silent you will never make progress.</para>
<para>If it relates to a technical issue ask on the public
mailing lists. Avoid the temptation to email the individual
person that knows the answer. This way everyone will be able to
learn from the question and the answer.</para>
<para>For project specific or administrative questions
ask, in order:</para>
<itemizedlist>
<listitem>
<para>Your mentor or former mentor.</para>
</listitem>
<listitem>
<para>An experienced committer on IRC, email, etc.</para>
</listitem>
<listitem>
<para>Any team with a "hat", as they can give you a
definitive answer.</para>
</listitem>
<listitem>
<para>If still not sure, ask on &a.developers;.</para>
</listitem>
</itemizedlist>
<para>Once your question is answered, if no one pointed you to
documentation that spelled out the answer to your question,
document it, as others will have the same question.</para>
</sect1>
<sect1 xml:id="bugzilla">
<title>Bugzilla</title>
<para>The &os; Project utilizes
<application>Bugzilla</application> for tracking bugs and change
requests. Be sure that if you commit a fix or suggestion found
in the PR database to close it. It is also considered nice if
you take time to close any PRs associated with your commits, if
appropriate.</para>
<para>Committers with
non-<systemitem class="domainname">&os;.org</systemitem>
Bugzilla accounts can have the old account merged with the
<systemitem class="domainname">&os;.org</systemitem> account by
entering a new bug. Choose
<literal>Supporting Services</literal> as the Product, and
<literal>Bug Tracker</literal> as the Component.</para>
<para>You can find out more about
<application>Bugzilla</application> at:</para>
<itemizedlist>
<listitem>
<para><link
xlink:href="&url.articles.pr-guidelines;/index.html">&os;
Problem Report Handling Guidelines</link></para>
</listitem>
<listitem>
<para><link
xlink:href="&url.base;/support.html">http://www.FreeBSD.org/support.html</link></para>
</listitem>
</itemizedlist>
</sect1>
<sect1>
<title>Phabricator</title>
<para>The &os; Project utilizes <link
xlink:href="https://reviews.freebsd.org">Phabricator</link>
for code review requests. See the <link
xlink:href="https://wiki.freebsd.org/CodeReview">CodeReview</link>
wiki page for details.</para>
</sect1>
<sect1 xml:id="people">
<title>Who's Who</title>
<para>Besides the repository meisters, there are other &os;
project members and teams whom you will probably get to know in
your role as a committer. Briefly, and by no means
all-inclusively, these are:</para>
<variablelist>
<varlistentry>
<term>&a.doceng;</term>
<listitem>
<para>doceng is the group responsible for the documentation
build infrastructure, approving new documentation
committers, and ensuring that the &os; website and
documentation on the FTP site is up to date with respect
to the <application>subversion</application> tree. It is
not a conflict resolution body.
The vast majority of documentation related discussion
takes place on the &a.doc;. More details regarding the
doceng team can be found in its <link
xlink:href="http://www.FreeBSD.org/internal/doceng.html">charter</link>.
Committers interested in contributing to the documentation
should familiarize themselves with the <link
xlink:href="&url.books.fdp-primer;/index.html">Documentation
Project Primer</link>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.bde.email;</term>
<listitem>
<para>Bruce is the Style Police-Meister. When you do a
commit that could have been done better, Bruce will be
there to tell you. Be thankful that someone is. Bruce is
also very knowledgeable on the various standards
applicable to &os;.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.re.members.email;</term>
<listitem>
<para>These are the members of the &a.re;. This team is
responsible for setting release deadlines and controlling
the release process. During code freezes, the release
engineers have final authority on all changes to the
system for whichever branch is pending release status. If
there is something you want merged from &os.current; to
&os.stable; (whatever values those may have at any given
time), these are the people to talk to about it.</para>
<para>Hiroki is also the keeper of the release documentation
(<filename>src/release/doc/*</filename>). If you commit a
change that you think is worthy of mention in the release
notes, please make sure he knows about it. Better still,
send him a patch with your suggested commentary.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.so.email;</term>
<listitem>
<para>&a.so; is the
<link xlink:href="&url.base;/security/">&os; Security
Officer</link> and oversees the
&a.security-officer;.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.wollman.email;</term>
<listitem>
<para>If you need advice on obscure network internals or
are not sure of some potential change to the networking
subsystem you have in mind, Garrett is someone to talk
to. Garrett is also very knowledgeable on the various
standards applicable to &os;.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.committers;</term>
<listitem>
<para>&a.svn-src-all.name;, &a.svn-ports-all.name; and
&a.svn-doc-all.name; are the mailing lists that the
version control system uses to send commit messages to.
<emphasis>Never</emphasis> send email directly
to these lists. Only send replies to this list
when they are short and are directly related to a
commit.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.developers;</term>
<listitem>
<para>All committers are subscribed to -developers. This
list was created to be a forum for the committers
<quote>community</quote> issues. Examples are Core
voting, announcements, etc.</para>
<para>The &a.developers; is for the exclusive use of &os;
committers. To develop &os;, committers must
have the ability to openly discuss matters that will be
resolved before they are publicly announced. Frank
discussions of work in progress are not suitable for open
publication and may harm &os;.</para>
<para>All &os; committers are expected not to
not publish or forward messages from the
&a.developers; outside the list membership without
permission of all of the authors. Violators will be
removed from the
&a.developers;, resulting in a suspension of commit
privileges. Repeated or flagrant violations may result in
permanent revocation of commit privileges.</para>
<para>This list is <emphasis>not</emphasis> intended as a
place for code reviews or for any technical discussion.
In fact using it as such hurts the &os; Project as it
gives a sense of a closed list where general decisions
affecting all of the &os; using community are made without
being <quote>open</quote>. Last, but not least
<emphasis>never, never ever, email the &a.developers; and
CC:/BCC: another &os; list</emphasis>. Never, ever email
another &os; email list and CC:/BCC: the &a.developers;.
Doing so can greatly diminish the benefits of this
list.</para>
</listitem>
</varlistentry>
</variablelist>
</sect1>
<sect1 xml:id="ssh.guide">
<title>SSH Quick-Start Guide</title>
<procedure>
<step>
<para>If you do not wish to type your password in every time
you use &man.ssh.1;, and you use keys to
authenticate, &man.ssh-agent.1; is there for your
convenience. If you want to use &man.ssh-agent.1;, make
sure that you run it before running other applications. X
users, for example, usually do this from their
<filename>.xsession</filename> or
<filename>.xinitrc</filename>. See &man.ssh-agent.1; for
details.</para>
</step>
<step>
<para>Generate a key pair using &man.ssh-keygen.1;. The key
pair will wind up in your
<filename>$HOME/.ssh/</filename>
directory.</para>
<important>
<para>Only <acronym>ECDSA</acronym>,
<acronym>Ed25519</acronym> or <acronym>RSA</acronym> keys
are supported.</para>
</important>
</step>
<step>
<para>Send your public key
(<filename>$HOME/.ssh/id_ecdsa.pub</filename>,
<filename>$HOME/.ssh/id_ed25519.pub</filename>, or
<filename>$HOME/.ssh/id_rsa.pub</filename>)
to the person setting you up as a committer so it can be put
into
<filename><replaceable>yourlogin</replaceable></filename>
in
<filename>/etc/ssh-keys/</filename> on
<systemitem>freefall</systemitem>.</para>
</step>
</procedure>
<para>Now &man.ssh-add.1; can be used for
authentication once per session. It prompts for
the private key's pass phrase, and then stores it in the
authentication agent (&man.ssh-agent.1;). Use <command>ssh-add
-d</command> to remove keys stored in the agent.</para>
<para>Test with a simple remote command: <command>ssh
freefall.FreeBSD.org ls /usr</command>.</para>
<para>For more information, see
<package>security/openssh</package>,
&man.ssh.1;, &man.ssh-add.1;, &man.ssh-agent.1;,
&man.ssh-keygen.1;, and &man.scp.1;.</para>
<para>For information on adding, changing, or removing &man.ssh.1;
keys, see <uri
xlink:href="https://wiki.freebsd.org/clusteradm/ssh-keys">this
article</uri>.</para>
</sect1>
<sect1 xml:id="coverity">
<title>&coverity; Availability for &os; Committers</title>
<para>All &os; developers can obtain access to
<application>Coverity</application> analysis results of all &os;
Project software. All who are interested in obtaining access to
the analysis results of the automated
<application>Coverity</application> runs, can sign up at <uri
xlink:href="http://scan.coverity.com/">Coverity
Scan</uri>.</para>
<para>The &os; wiki includes a mini-guide for developers who are
interested in working with the &coverity; analysis reports: <uri
xlink:href="http://wiki.freebsd.org/CoverityPrevent">http://wiki.freebsd.org/CoverityPrevent</uri>.
Please note that this mini-guide is only readable by &os;
developers, so if you cannot access this page, you will have to
ask someone to add you to the appropriate Wiki access
list.</para>
<para>Finally, all &os; developers who are going to use
&coverity; are always encouraged to ask for more details and
usage information, by posting any questions to the mailing list
of the &os; developers.</para>
</sect1>
<sect1 xml:id="rules">
<title>The &os; Committers' Big List of Rules</title>
<para>Everyone involved with the &os; project is expected to
abide by the <emphasis>Code of Conduct</emphasis> available from
<link xlink:href="&url.base;/internal/code-of-conduct.html"
>http://www.FreeBSD.org/internal/code-of-conduct.html</link>.
As committers, you form the public face of the project, and how
you behave has a vital impact on the public perception of it.
This guide expands on the parts of the
<emphasis>Code of Conduct</emphasis> specific to
committers.</para>
<orderedlist>
<listitem>
<para>Respect other committers.</para>
</listitem>
<listitem>
<para>Respect other contributors.</para>
</listitem>
<listitem>
<para>Discuss any significant change
<emphasis>before</emphasis> committing.</para>
</listitem>
<listitem>
<para>Respect existing maintainers (if listed in the
<varname>MAINTAINER</varname> field in
<filename>Makefile</filename> or in
<filename>MAINTAINER</filename> in the top-level
directory).</para>
</listitem>
<listitem>
<para>Any disputed change must be backed out pending
resolution of the dispute if requested by a maintainer.
Security related changes may override a maintainer's wishes
at the Security Officer's discretion.</para>
</listitem>
<listitem>
<para>Changes go to &os.current; before &os.stable; unless
specifically permitted by the release engineer or unless
they are not applicable to &os.current;. Any non-trivial or
non-urgent change which is applicable should also be allowed
to sit in &os.current; for at least 3 days before merging so
that it can be given sufficient testing. The release
engineer has the same authority over the &os.stable; branch
as outlined for the maintainer in rule #5.</para>
</listitem>
<listitem>
<para>Do not fight in public with other committers; it looks
bad.</para>
</listitem>
<listitem>
<para>Respect all code freezes and read the
<literal>committers</literal> and
<literal>developers</literal> mailing lists in a timely
manner so you know when a code freeze is in effect.</para>
</listitem>
<listitem>
<para>When in doubt on any procedure, ask first!</para>
</listitem>
<listitem>
<para>Test your changes before committing them.</para>
</listitem>
<listitem>
<para>Do not commit to anything under the
<filename>src/contrib</filename>,
<filename>src/crypto</filename>, or
<filename>src/sys/contrib</filename> trees without
<emphasis>explicit</emphasis> approval from the respective
maintainers.</para>
</listitem>
</orderedlist>
<para>As noted, breaking some of these rules can be grounds for
suspension or, upon repeated offense, permanent removal of
commit privileges. Individual members of core have the power to
temporarily suspend commit privileges until core as a whole has
the chance to review the issue. In case of an
<quote>emergency</quote> (a committer doing damage to the
repository), a temporary suspension may also be done by the
repository meisters. Only a 2/3 majority of core has the
authority to suspend commit privileges for longer than a week or
to remove them permanently. This rule does not exist to set
core up as a bunch of cruel dictators who can dispose of
committers as casually as empty soda cans, but to give the
project a kind of safety fuse. If someone is out of control, it
is important to be able to deal with this immediately rather
than be paralyzed by debate. In all cases, a committer whose
privileges are suspended or revoked is entitled to a
<quote>hearing</quote> by core, the total duration of the
suspension being determined at that time. A committer whose
privileges are suspended may also request a review of the
decision after 30 days and every 30 days thereafter (unless the
total suspension period is less than 30 days). A committer
whose privileges have been revoked entirely may request a review
after a period of 6 months has elapsed. This review policy is
<emphasis>strictly informal</emphasis> and, in all cases, core
reserves the right to either act on or disregard requests for
review if they feel their original decision to be the right
one.</para>
<para>In all other aspects of project operation, core is a subset
of committers and is bound by the
<emphasis>same rules</emphasis>. Just because someone is in
core this does not mean that they have special dispensation to
step outside any of the lines painted here; core's
<quote>special powers</quote> only kick in when it acts as a
group, not on an individual basis. As individuals, the core
team members are all committers first and core second.</para>
<sect2>
<title>Details</title>
<orderedlist>
<listitem xml:id="respect">
<para>Respect other committers.</para>
<para>This means that you need to treat other committers as
the peer-group developers that they are. Despite our
occasional attempts to prove the contrary, one does not
get to be a committer by being stupid and nothing rankles
more than being treated that way by one of your peers.
Whether we always feel respect for one another or not (and
everyone has off days), we still have to
<emphasis>treat</emphasis> other committers with respect
at all times, on public forums and in private
email.</para>
<para>Being able to work together long term is this
project's greatest asset, one far more important than any
set of changes to the code, and turning arguments about
code into issues that affect our long-term ability to work
harmoniously together is just not worth the trade-off by
any conceivable stretch of the imagination.</para>
<para>To comply with this rule, do not send email when you
are angry or otherwise behave in a manner which is likely
to strike others as needlessly confrontational. First
calm down, then think about how to communicate in the most
effective fashion for convincing the other persons that
your side of the argument is correct, do not just blow off
some steam so you can feel better in the short term at the
cost of a long-term flame war. Not only is this very bad
<quote>energy economics</quote>, but repeated displays of
public aggression which impair our ability to work well
together will be dealt with severely by the project
leadership and may result in suspension or termination of
your commit privileges. The project leadership will take
into account both public and private communications
brought before it. It will not seek the disclosure of
private communications, but it will take it into account
if it is volunteered by the committers involved in the
complaint.</para>
<para>All of this is never an option which the project's
leadership enjoys in the slightest, but unity comes first.
No amount of code or good advice is worth trading that
away.</para>
</listitem>
<listitem>
<para>Respect other contributors.</para>
<para>You were not always a committer. At one time you were
a contributor. Remember that at all times. Remember what
it was like trying to get help and attention. Do not
forget that your work as a contributor was very important
to you. Remember what it was like. Do not discourage,
belittle, or demean contributors. Treat them with
respect. They are our committers in waiting. They are
every bit as important to the project as committers.
Their contributions are as valid and as important as your
own. After all, you made many contributions before you
became a committer. Always remember that.</para>
<para>Consider the points raised under
<xref linkend="respect"/> and apply them also to
contributors.</para>
</listitem>
<listitem>
<para>Discuss any significant change
<emphasis>before</emphasis> committing.</para>
<para>The repository is not where changes are
initially submitted for correctness or argued over, that
happens first in the mailing lists or by use of the
Phabricator service. The commit will only happen once
something resembling consensus has been reached. This
does not mean that permission is required before
correcting every obvious syntax error or manual page
misspelling, just that it is good to develop a feel
for when a proposed change is not quite such a no-brainer
and requires some feedback first. People really do not
mind sweeping changes if the result is something clearly
better than what they had before, they just do not like
being <emphasis>surprised</emphasis> by those changes.
The very best way of making sure that things are on the right
track is to have code reviewed by one or more other
committers.</para>
<para>When in doubt, ask for review!</para>
</listitem>
<listitem>
<para>Respect existing maintainers if listed.</para>
<para>Many parts of &os; are not <quote>owned</quote> in
the sense that any specific individual will jump up and
yell if you commit a change to <quote>their</quote> area,
but it still pays to check first. One convention we use
is to put a maintainer line in the
<filename>Makefile</filename> for any package or subtree
which is being actively maintained by one or more people;
see <link
xlink:href="&url.books.developers-handbook;/policies.html">http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/developers-handbook/policies.html</link>
for documentation on this. Where sections of code have
several maintainers, commits to affected areas by one
maintainer need to be reviewed by at least one other
maintainer. In cases where the
<quote>maintainer-ship</quote> of something is not clear,
look at the repository logs for the files
in question and see if someone has been working recently
or predominantly in that area.</para>
<para>Other areas of &os; fall under the control of someone
who manages an overall category of &os; evolution, such as
internationalization or networking. See <link
xlink:href="&url.base;/administration.html">http://www.FreeBSD.org/administration.html</link>
for more information on this.</para>
</listitem>
<listitem>
<para>Any disputed change must be backed out pending
resolution of the dispute if requested by a maintainer.
Security related changes may override a maintainer's
wishes at the Security Officer's discretion.</para>
<para>This may be hard to swallow in times of conflict (when
each side is convinced that they are in the right, of
course) but a version control system makes it unnecessary
to have an ongoing dispute raging when it is far easier to
simply reverse the disputed change, get everyone calmed
down again and then try to figure out what is the best way
to proceed. If the change turns out to be the best thing
after all, it can be easily brought back. If it turns out
not to be, then the users did not have to live with the
bogus change in the tree while everyone was busily
debating its merits. People <emphasis>very</emphasis>
rarely call for back-outs in the repository since
discussion generally exposes bad or controversial changes
before the commit even happens, but on such rare occasions
the back-out should be done without argument so that we
can get immediately on to the topic of figuring out
whether it was bogus or not.</para>
</listitem>
<listitem>
<para>Changes go to &os.current; before &os.stable; unless
specifically permitted by the release engineer or unless
they are not applicable to &os.current;. Any non-trivial
or non-urgent change which is applicable should also be
allowed to sit in &os.current; for at least 3 days before
merging so that it can be given sufficient testing. The
release engineer has the same authority over the
&os.stable; branch as outlined in rule #5.</para>
<para>This is another <quote>do not argue about it</quote>
issue since it is the release engineer who is ultimately
responsible (and gets beaten up) if a change turns out to
be bad. Please respect this and give the release engineer
your full cooperation when it comes to the &os.stable;
branch. The management of &os.stable; may frequently seem
to be overly conservative to the casual observer, but also
bear in mind the fact that conservatism is supposed to be
the hallmark of &os.stable; and different rules apply
there than in &os.current;. There is also really no point
in having &os.current; be a testing ground if changes are
merged over to &os.stable; immediately. Changes need a
chance to be tested by the &os.current; developers, so
allow some time to elapse before merging unless the
&os.stable; fix is critical, time sensitive or so obvious
as to make further testing unnecessary (spelling fixes to
manual pages, obvious bug/typo fixes, etc.) In other
words, apply common sense.</para>
<para>Changes to the security branches (for example,
<literal>releng/9.3</literal>) must be approved by a
member of the &a.security-officer;, or in some cases, by a
member of the &a.re;.</para>
</listitem>
<listitem>
<para>Do not fight in public with other committers; it looks
bad.</para>
<para>This project has a public image to uphold and that
image is very important to all of us, especially if we are
to continue to attract new members. There will be
occasions when, despite everyone's very best attempts at
self-control, tempers are lost and angry words are
exchanged. The best thing that can be done in such cases
is to minimize the effects of this until everyone has
cooled back down. Do not air
angry words in public and do not forward private
correspondence or other private communications to public
mailing lists, mail aliases, instant messaging channels or
social media sites. What people say one-to-one is often
much less sugar-coated than what they would say in public,
and such communications therefore have no place there -
they only serve to inflame an already bad situation. If
the person sending a flame-o-gram at least had the
grace to send it privately, then have the grace to keep it
private yourself. If you feel you are being unfairly
treated by another developer, and it is causing you
anguish, bring the matter up with core rather than taking
it public. Core will do its best to play peace makers and
get things back to sanity. In cases where the dispute
involves a change to the codebase and the participants do
not appear to be reaching an amicable agreement, core may
appoint a mutually-agreeable third party to resolve the
dispute. All parties involved must then agree to be bound
by the decision reached by this third party.</para>
</listitem>
<listitem>
<para>Respect all code freezes and read the
<literal>committers</literal> and
<literal>developers</literal> mailing list on a timely
basis so you know when a code freeze is in effect.</para>
<para>Committing unapproved changes during a code freeze is
a really big mistake and committers are expected to keep
up-to-date on what is going on before jumping in after a
long absence and committing 10 megabytes worth of
accumulated stuff. People who abuse this on a regular
basis will have their commit privileges suspended until
they get back from the &os; Happy Reeducation Camp we
run in Greenland.</para>
</listitem>
<listitem>
<para>When in doubt on any procedure, ask first!</para>
<para>Many mistakes are made because someone is in a hurry
and just assumes they know the right way of doing
something. If you have not done it before, chances are
good that you do not actually know the way we do things
and really need to ask first or you are going to
completely embarrass yourself in public. There is no
shame in asking
<quote>how in the heck do I do this?</quote> We already
know you are an intelligent person; otherwise, you would
not be a committer.</para>
</listitem>
<listitem>
<para>Test your changes before committing them.</para>
<!-- XXX Needs update re sparc64 + pc98
Also, needs more details on which machines are available for testing
-->
<para>This may sound obvious, but if it really were so
obvious then we probably would not see so many cases of
people clearly not doing this. If your changes are to the
kernel, make sure you can still compile both GENERIC and
LINT. If your changes are anywhere else, make sure you
can still make world. If your changes are to a branch,
make sure your testing occurs with a machine which is
running that code. If you have a change which also may
break another architecture, be sure and test on all
supported architectures. Please refer to the
<link xlink:href="http://www.FreeBSD.org/internal/">&os;
Internal Page</link> for a list of available resources.
As other architectures are added to the &os; supported
platforms list, the appropriate shared testing resources
will be made available.</para>
</listitem>
<listitem>
<para>Do not commit to anything under the
<filename>src/contrib</filename>,
<filename>src/crypto</filename>, and
<filename>src/sys/contrib</filename> trees without
<emphasis>explicit</emphasis> approval from the respective
maintainers.</para>
<para>The trees mentioned above are for contributed software
usually imported onto a vendor branch. Committing
something there, even if it does not take the file off the
vendor branch, may cause unnecessary headaches for those
responsible for maintaining that particular piece of
software. Thus, unless you have
<emphasis>explicit</emphasis> approval from the maintainer
(or you are the maintainer), do <emphasis>not</emphasis>
commit there!</para>
<!-- FIXME: this paragraph should be rewritten -->
<para>Please note that this does not mean you should not try
to improve the software in question; you are still more
than welcome to do so. Ideally, submit your
patches to the vendor. If your changes are
&os;-specific, talk to the maintainer; they may be
willing to apply them locally. But whatever you do, do
<emphasis>not</emphasis> commit there by yourself!</para>
<para>Contact the &a.core; if you wish to take up
maintainership of an unmaintained part of the tree.</para>
</listitem>
</orderedlist>
</sect2>
<sect2>
<title>Policy on Multiple Architectures</title>
<para>&os; has added several new architecture ports during
recent release cycles and is truly no longer an &i386; centric
operating system. In an effort to make it easier to keep
&os; portable across the platforms we support, core has
developed this mandate:</para>
<blockquote>
<para>Our 32-bit reference platform is &arch.i386;, and our
64-bit reference platform is &arch.amd64;. Major design
work (including major API and ABI changes) must prove
itself on at least one 32-bit and at least one 64-bit
platform, preferably the primary reference platforms,
before it may be committed to the source tree.</para>
</blockquote>
<para>The &arch.i386; and &arch.amd64; platforms were chosen
due to being more readily available to developers and as
representatives of more diverse processor and system designs -
big versus little endian, register file versus register stack,
different DMA and cache implementations, hardware page tables
versus software TLB management etc.</para>
<para>We will continue to re-evaluate this policy as cost and
availability of the 64-bit platforms change.</para>
<para>Developers should also be aware of our Tier Policy for
the long term support of hardware architectures. The rules
here are intended to provide guidance during the development
process, and are distinct from the requirements for features
and architectures listed in that section. The Tier rules for
feature support on architectures at release-time are more
strict than the rules for changes during the development
process.</para>
</sect2>
<sect2>
<title>Other Suggestions</title>
<para>When committing documentation changes, use a spell checker
before committing. For all XML docs, verify that the
formatting directives are correct by running
<command>make lint</command> and
<package>textproc/igor</package>.</para>
<para>For manual pages, run <package>sysutils/manck</package>
and <package>textproc/igor</package>
over the manual page to verify all of the cross
references and file references are correct and that the man
page has all of the appropriate <varname>MLINK</varname>s
installed.</para>
<para>Do not mix style fixes with new functionality. A style
fix is any change which does not modify the functionality of
the code. Mixing the changes obfuscates the functionality
change when asking for differences between revisions, which
can hide any new bugs. Do not include whitespace changes with
content changes in commits to <filename>doc/</filename> .
The extra clutter in the diffs
makes the translators' job much more difficult. Instead, make
any style or whitespace changes in separate commits that are
clearly labeled as such in the commit message.</para>
</sect2>
<sect2>
<title>Deprecating Features</title>
<para>When it is necessary to remove functionality from software
in the base system, follow these guidelines
whenever possible:</para>
<orderedlist>
<listitem>
<para>Mention is made in the manual page and possibly the
release notes that the option, utility, or interface is
deprecated. Use of the deprecated feature generates a
warning.</para>
</listitem>
<listitem>
<para>The option, utility, or interface is preserved until
the next major (point zero) release.</para>
</listitem>
<listitem>
<para>The option, utility, or interface is removed and no
longer documented. It is now obsolete. It is also
generally a good idea to note its removal in the release
notes.</para>
</listitem>
</orderedlist>
</sect2>
<sect2>
<title>Privacy and Confidentiality</title>
<orderedlist>
<listitem>
<para>Most &os; business is done in public.</para>
<para>&os; is an <emphasis>open</emphasis> project. Which
means that not only can anyone use the source code, but
that most of the development process is open to public
scrutiny.</para>
</listitem>
<listitem>
<para>Certain sensitive matters must remain private or
held under embargo.</para>
<para>There unfortunately cannot be complete transparency.
As a &os; developer you will have a certain degree of
privileged access to information. Consequently you are
expected to respect certain requirements for
confidentiality. Sometimes the need for confidentiality
comes from external collaborators or has a specific time
limit. Mostly though, it is a matter of not releasing
private communications.</para>
</listitem>
<listitem>
<para>The Security Officer has sole control over the
release of security advisories.</para>
<para>Where there are security problems that affect many
different operating systems, &os; frequently depends on
early access to be able to prepare advisories for
coordinated release. Unless &os; developers can be
trusted to maintain security, such early access will not
be made available. The Security Officer is responsible
for controlling pre-release access to information about
vulnerabilities, and for timing the release of all
advisories. He may request help under condition of
confidentiality from any developer with relevant knowledge
to prepare security fixes.</para>
</listitem>
<listitem>
<para>Communications with Core are kept confidential for as
long as necessary.</para>
<para>Communications to core will initially be treated as
confidential. Eventually however, most of Core's business
will be summarized into the monthly or quarterly core
reports. Care will be taken to avoid publicising any
sensitive details. Records of some particularly sensitive
subjects may not be reported on at all and will be
retained only in Core's private archives.</para>
</listitem>
<listitem>
<para>Non-disclosure Agreements may be required for access
to certain commercially sensitive data.</para>
<para>Access to certain commercially sensitive data may
only be available under a Non-Disclosure Agreement. The
FreeBSD Foundation legal staff must be consulted before
any binding agreements are entered into.</para>
</listitem>
<listitem>
<para>Private communications must not be made
public without permission.</para>
<para>Beyond the specific requirements above there is a
general expectation not to publish private communications
between developers without the consent of all parties
involved. Ask permission before forwarding a message onto
a public mailing list, or posting it to a forum or website
that can be accessed by other than the original
correspondents.</para>
</listitem>
<listitem>
<para>Communications on project-only or restricted access
channels must be kept private.</para>
<para>Similarly to personal communications, certain
internal communications channels, including &os; Committer
only mailing lists and restricted access IRC channels
are considered private communications. Permission is
required to publish material from these
sources.</para>
</listitem>
<listitem>
<para>Core may approve publication.</para>
<para>Where it is impractical to obtain permission due to
the number of correspondents or where permission to
publish is unreasonably withheld, Core may approve release
of such private matters that merit more general
publication.</para>
</listitem>
</orderedlist>
</sect2>
</sect1>
<sect1 xml:id="archs">
<title>Support for Multiple Architectures</title>
<para>&os; is a highly portable operating system intended to
function on many different types of hardware architectures.
Maintaining clean separation of Machine Dependent (MD) and
Machine Independent (MI) code, as well as minimizing MD code, is
an important part of our strategy to remain agile with regards
to current hardware trends. Each new hardware architecture
supported by &os; adds substantially to the cost of code
maintenance, toolchain support, and release engineering. It
also dramatically increases the cost of effective testing of
kernel changes. As such, there is strong motivation to
differentiate between classes of support for various
architectures while remaining strong in a few key architectures
that are seen as the &os; <quote>target audience</quote>.</para>
<sect2>
<title>Statement of General Intent</title>
<para>The &os; Project targets "production quality commercial
off-the-shelf (COTS) workstation, server, and high-end
embedded systems". By retaining a focus on a narrow set of
architectures of interest in these environments, the &os;
Project is able to maintain high levels of quality, stability,
and performance, as well as minimize the load on various
support teams on the project, such as the ports team,
documentation team, security officer, and release engineering
teams. Diversity in hardware support broadens the options for
&os; consumers by offering new features and usage
opportunities (such as support for 64-bit CPUs, use in
embedded environments, etc.), but these benefits must always
be carefully considered in terms of the real-world maintenance
cost associated with additional platform support.</para>
<para>The &os; Project differentiates platform targets into
four tiers. Each tier includes a specification of the
requirements for an architecture to be in that tier,
as well as specifying the obligations of developers with
regards to the platform. In addition, a policy is defined
regarding the circumstances required to change the tier
of an architecture.</para>
</sect2>
<sect2>
<title>Tier 1: Fully Supported Architectures</title>
<para>Tier 1 platforms are fully supported by the security
officer, release engineering, and toolchain maintenance staff.
New features added to the operating system must be fully
functional across all Tier 1 architectures for every release
(features which are inherently architecture-specific, such as
support for hardware device drivers, may be exempt from this
requirement). In general, all Tier 1 platforms must have
build and Tinderbox support either in the FreeBSD.org cluster,
or be easily available for all developers. Embedded platforms
may substitute an emulator available in the &os; cluster
for actual hardware.</para>
<para>Tier 1 architectures are expected to be Production Quality
with respects to all aspects of the &os; operating system,
including installation and development environments.</para>
<para>Tier 1 architectures are expected to be completely
integrated into the source tree and have all features
necessary to produce an entire system relevant for that target
architecture. Tier 1 architectures generally have at least 6
active developers.</para>
<para>Tier 1 architectures are expected to be fully supported by
the ports system. All the ports should build on a Tier 1
platform, or have the appropriate filters to prevent the
inappropriate ones from building there. The packaging system
must support all Tier 1 architectures. To ensure an
architecture's Tier 1 status, proponents of that architecture
must show that all relevant packages can be built on that
platform.</para>
<para>Tier 1 embedded architectures must be able to cross-build
packages on at least one other Tier 1 architecture. The
packages must be the most relevant for the platform, but may
be a non-empty subset of those that build natively.</para>
<para>Tier 1 architectures must be fully documented. All basic
operations need to be covered by the handbook or other
documents. All relevant integration documentation must also
be integrated into the tree, or readily available.</para>
<para>Current Tier 1 platforms are &arch.i386; and
&arch.amd64;.</para>
</sect2>
<sect2>
<title>Tier 2: Developmental Architectures</title>
<para>Tier 2 platforms are not supported by the security officer
and release engineering teams. Platform maintainers are
responsible for toolchain support in the tree. The toolchain
maintainers are expected to work with the platform maintainers
to refine these changes. Major new toolchain components are
allowed to break support for Tier 2 architectures if the
&os;-local changes have not been incorporated upstream.
The toolchain maintainers are expected to provide prompt
review of any proposed changes and cannot block, through their
inaction, changes going into the tree. New features added to
&os; should be feasible to implement on these platforms,
but an implementation is not required before the feature may
be added to the &os; source tree. New features that may be
difficult to implement on Tier 2 architectures should provide
a means of disabling them on those architectures. The
implementation of a Tier 2 architecture may be committed to
the main &os; tree as long as it does not interfere with
production work on Tier 1 platforms, or substantially with
other Tier 2 platforms. Before a Tier 2 platform can be added
to the &os; base source tree, the platform must be able to
boot multi-user on actual hardware. Generally, there must be
at least three active developers working on the
platform.</para>
<para>Tier 2 architectures are usually systems targeted at Tier
1 support, but that are still under development.
Architectures reaching end of life may also be moved from Tier
1 status to Tier 2 status as the availability of resources to
continue to maintain the system in a Production Quality state
diminishes. Well supported niche architectures may also be
Tier 2.</para>
<para>Tier 2 architectures have basic support for them
integrated into the ports infrastructure. They may have cross
compilation support added, at the discretion of portmgr. Some
ports must built natively into packages if the package system
supports that architecture. If not integrated into the base
system, some external patches for the architecture for ports
must be available.</para>
<para>Tier 2 architectures can be integrated into the &os;
handbook. The basics for how to get a system running must be
documented, although not necessarily for every single board or
system a Tier 2 architecture supports. The supported hardware
list must exist and be relatively recent. It should be
integrated into the &os; documentation.</para>
<para>Current Tier 2 platforms are &arch.arm;, &arch.arm64;,
&arch.ia64; (through &os; 10),
&arch.pc98;, &arch.powerpc;, and &arch.sparc64;.</para>
</sect2>
<sect2>
<title>Tier 3: Experimental Architectures</title>
<para>Tier 3 platforms are not supported by the security officer
and release engineering teams. At the discretion of the
toolchain maintainers, they may be supported in the toolchain.
Tier 3 platforms are architectures in the early stages of
development, for non-mainstream hardware platforms, or which
are considered legacy systems unlikely to see broad future
use. Initial support for Tier 3 platforms is worked on
in external SCM repositories.
The transition to &os;'s subversion takes place after
the platform boots multi-user on hardware; sharing via
subversion is needed for wider exposure; and multiple
developers are actively working on the platform.
Platforms that transition to Tier 3 status may be
removed from the tree if they are no longer actively supported
by the &os; developer community at the discretion of the
release engineer.</para>
<para>Tier 3 platforms may have ports support, either integrated
or external, but do not require it.</para>
<para>Tier 3 platforms must have the basics documented for how
to build a kernel and how to boot it on at least one target
hardware or emulation environment. This documentation need
not be integrated into the &os; tree.</para>
<para>Current Tier 3 platforms are &arch.mips;, and
&arch.riscv;.</para>
</sect2>
<sect2>
<title>Tier 4: Unsupported Architectures</title>
<para>Tier 4 systems are not supported in any form by the
project.</para>
<para>All systems not otherwise classified into a support tier
are Tier 4 systems. The &arch.ia64; platform is transitioning
to Tier 4 status in &os; 11.</para>
</sect2>
<sect2>
<title>Policy on Changing the Tier of an Architecture</title>
<para>Systems may only be moved from one tier to another by
approval of the &os; Core Team, which shall make that
decision in collaboration with the Security Officer, Release
Engineering, and toolchain maintenance teams.</para>
</sect2>
</sect1>
<sect1 xml:id="ports">
<title>Ports Specific FAQ</title>
<qandaset>
<qandadiv xml:id="ports-qa-adding">
<title>Adding a New Port</title>
<qandaentry xml:id="ports-qa-add-new">
<question>
<para>How do I add a new port?</para>
</question>
<answer>
<para>First, please read the section about repository
copies.</para>
<para>The easiest way to add a new port is the
<command>addport</command> script located in the
<filename>ports/Tools/scripts</filename> directory. It
adds a port from the directory specified, determining
the category automatically from the port
<filename>Makefile</filename>. It also adds an entry to
the port's category <filename>Makefile</filename>. It
was written by &a.mharo.email;, &a.will.email;, and
&a.garga.email;. When sending questions about this
script to the &a.ports;, please also CC &a.crees.email;,
the current maintainer.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-add-new-extra">
<question>
<para>Any other things I need to know when I add a new
port?</para>
</question>
<answer>
<para>Check the port, preferably to make sure it compiles
and packages correctly. This is the recommended
sequence:</para>
<screen>&prompt.root; <userinput>make install</userinput>
&prompt.root; <userinput>make package</userinput>
&prompt.root; <userinput>make deinstall</userinput>
&prompt.root; <userinput>pkg add <replaceable>package you built above</replaceable></userinput>
&prompt.root; <userinput>make deinstall</userinput>
&prompt.root; <userinput>make reinstall</userinput>
&prompt.root; <userinput>make package</userinput></screen>
<para>The <link
xlink:href="&url.books.porters-handbook;/index.html">Porters
Handbook</link> contains more detailed
instructions.</para>
<para>Use &man.portlint.1; to check the syntax of the
port. You do not necessarily have to eliminate all
warnings but make sure you have fixed the simple
ones.</para>
<para>If the port came from a submitter who has not
contributed to the Project before, add that person's
name to the <link
xlink:href="&url.articles.contributors;/contrib-additional.html">Additional
Contributors</link> section of the &os;
Contributors List.</para>
<para>Close the PR if the port came in as a PR. To close
a PR, change the state to <literal>Issue
Resolved</literal> and the resolution as
<literal>Fixed</literal>.</para>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-removing">
<title>Removing an Existing Port</title>
<qandaentry xml:id="ports-qa-remove-one">
<question>
<para>How do I remove an existing port?</para>
</question>
<answer>
<para>First, please read the section about repository
copies. Before you remove the port, you have to verify
there are no other ports depending on it.</para>
<itemizedlist>
<listitem>
<para>Make sure there is no dependency on the port
in the ports collection:</para>
<itemizedlist>
<listitem>
<para>The port's PKGNAME appears in exactly
one line in a recent INDEX file.</para>
</listitem>
<listitem>
<para>No other ports contains any reference
to the port's directory or PKGNAME in their
Makefiles</para>
<tip>
<para>When using <application>Git</application>,
consider using <command>git grep</command>, it
is much faster than <command>grep
-r</command>.</para>
</tip>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Then, remove the port:</para>
<procedure>
<step>
<para>Remove the port's files and directory with
<command>svn remove</command>.</para>
</step>
<step>
<para>Remove the <varname>SUBDIR</varname> listing
of the port in the parent directory
<filename>Makefile</filename>.</para>
</step>
<step>
<para>Add an entry to
<filename>ports/MOVED</filename>.</para>
</step>
<step>
<para>Search for entries in
<filename>ports/security/vuxml/vuln.xml</filename>
and adjust them accordingly. In particular,
check for previous packages with the new name
which version could include the new port.</para>
</step>
<step>
<para>Remove the port from
<filename>ports/LEGAL</filename> if it is
there.</para>
</step>
</procedure>
</listitem>
</itemizedlist>
<para>Alternatively, you can use the
<command>rmport</command> script, from
<filename>ports/Tools/scripts</filename>. This script
was written by &a.vd.email;. When sending questions
about this script to the &a.ports;, please also CC
&a.crees.email;, the current maintainer.</para>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-re-adding">
<title>Re-adding a Deleted Port</title>
<qandaentry xml:id="ports-qa-resurrect">
<question>
<para>How do I re-add a deleted port?</para>
</question>
<answer>
<para>This is essentially the reverse of deleting a
port.</para>
<important>
<para>Do not use <command>svn add</command> to add the
port. Follow these steps. If they are unclear, or
are not working, ask for help, do not just
<command>svn add</command> the port.</para>
</important>
<procedure>
<step>
<para>Figure out when the port was removed. Use this
<link
xlink:href="http://people.freebsd.org/~crees/removed_ports/index.xml">list</link>,
or look for the port on <link
xlink:href="http://www.freshports.org/">freshports</link>,
and then copy the last living revision of the
port:</para>
<screen>&prompt.user; <userinput>cd /usr/ports/<replaceable>category</replaceable></userinput>
&prompt.user; <userinput>svn cp 'svn+ssh://repo.freebsd.org/ports/head/<replaceable>category</replaceable>/<replaceable>portname</replaceable>/@<replaceable>XXXXXX</replaceable>' <replaceable>portname</replaceable></userinput></screen>
<para>Pick the revision that is just before the
removal. For example, if the revision where it was
removed is <literal>269874</literal>, use
<literal>269873</literal>.</para>
<para>It is also possible to specify a date. In that
case, pick a date that is before the removal but
after the last commit to the port.</para>
<screen>&prompt.user; <userinput>cd /usr/ports/<replaceable>category</replaceable></userinput>
&prompt.user; <userinput>svn cp 'svn+ssh://repo.freebsd.org/ports/head/<replaceable>category</replaceable>/<replaceable>portname</replaceable>/@{<replaceable>YYYY-MM-DD</replaceable>}' <replaceable>portname</replaceable></userinput></screen>
</step>
<step>
<para>Make the changes necessary to get the port
working again. If it was deleted because the
distfiles are no longer available, either
volunteer to host the distfiles, or find someone
else to do so.</para>
</step>
<step>
<para>If some files have been added, or were removed
during the resurrection process, use <command>svn
add</command> or <command>svn remove</command> to
make sure all the files in the port will be
committed.</para>
</step>
<step>
<para>Restore the <varname>SUBDIR</varname> listing of
the port in the parent directory
<filename>Makefile</filename>, keeping the entries
sorted.</para>
</step>
<step>
<para>Delete the port entry from
<filename>ports/MOVED</filename>.</para>
</step>
<step>
<para>If the port had an entry in
<filename>ports/LEGAL</filename>, restore it.</para>
</step>
<step>
<para><command>svn commit</command> these changes,
preferably in one step.</para>
</step>
</procedure>
<tip>
<para>The <command>addport</command> script mentioned in
<xref linkend="ports-qa-adding"/> now detects when the
port to add has previously existed, and attempts to
handle all except the <filename>ports/LEGAL</filename>
step automatically.</para>
</tip>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-repocopies">
<title>Repository Copies</title>
<qandaentry xml:id="ports-qa-repocopy-when">
<question>
<para>When do we need a repository copy?</para>
</question>
<answer>
<para>When you want to add a port that is related to any
port that is already in the tree in a separate
directory, you have to do a repository copy. Here
<wordasword>related</wordasword> means it is a different
version or a slightly modified version. Examples are
<filename>print/ghostscript*</filename> (different
versions) and <filename>x11-wm/windowmaker*</filename>
(English-only and internationalized version).</para>
<para>Another example is when a port is moved from one
subdirectory to another, or when the name of a directory
must be changed because the authors renamed their
software even though it is a descendant of a port
already in a tree.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-repocopy-how">
<question>
<para>What do I need to do?</para>
</question>
<answer>
<para>With Subversion, a repo copy can be done by any
committer:</para>
<itemizedlist>
<listitem>
<para>Doing a repo copy:</para>
<procedure>
<step>
<para>Verify that the target directory does
not exist.</para>
</step>
<step>
<para>Use <command>svn up</command> to make
certain the original files, directories, and
checkout information is current.</para>
</step>
<step>
<para>Use <command>svn move</command> or
<command>svn copy</command> to do the repo
copy.</para>
</step>
<step>
<para>Upgrade the copied port to the new version.
Remember to add or change the
<varname>PKGNAMEPREFIX</varname> or
<varname>PKGNAMESUFFIX</varname> so there are no
duplicate ports with the same name. In some
rare cases it may be necessary to change the
<varname>PORTNAME</varname> instead of adding
<varname>PKGNAMEPREFIX</varname> or
<varname>PKGNAMESUFFIX</varname>, but this
is only done when it is really needed
— for example, using an existing port as the base
for a very similar program with a different
name, or upgrading a port to a new upstream
version which actually changes the distribution
name, like the transition from
<filename>textproc/libxml</filename> to
<filename>textproc/libxml2</filename>. In most
cases, adding or changing
<varname>PKGNAMEPREFIX</varname> or
<varname>PKGNAMESUFFIX</varname>
suffices.</para>
</step>
<step>
<para>Add the new subdirectory to the
<varname>SUBDIR</varname> listing in the parent
directory <filename>Makefile</filename>. You
can run <command>make checksubdirs</command> in
the parent directory to check this.</para>
</step>
<step>
<para>If the port changed categories, modify the
<varname>CATEGORIES</varname> line of the port's
<filename>Makefile</filename> accordingly</para>
</step>
<step>
<para>Add an entry to
<filename>ports/MOVED</filename>, if you remove
the original port.</para>
</step>
<step>
<para>Commit all changes on one commit.</para>
</step>
</procedure>
</listitem>
<listitem>
<para>When removing a port:</para>
<procedure>
<step>
<para>Perform a thorough check of the ports
collection for any dependencies on the old port
location/name, and update them. Running
<command>grep</command> on
<filename>INDEX</filename> is not enough because
some ports have dependencies enabled by
compile-time options. A full
<command>grep -r</command> of the ports
collection is recommended.</para>
</step>
<step>
<para>Remove the old port and the
old <varname>SUBDIR</varname> entry.</para>
</step>
<step>
<para>Add an entry to
<filename>ports/MOVED</filename>.</para>
</step>
</procedure>
</listitem>
<listitem>
<para>After repo moves (<quote>rename</quote>
operations where a port is copied and the old
location is removed):</para>
<procedure>
<step>
<para>Follow the same steps that are outlined in
the previous two entries, to activate the new
location of the port and remove the old
one.</para>
</step>
</procedure>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-freeze">
<title>Ports Freeze</title>
<qandaentry xml:id="ports-qa-freeze-what">
<question>
<para>What is a <quote>ports freeze</quote>?</para>
</question>
<answer>
<para>A <quote>ports freeze</quote> was a restricted state
the ports tree was put in before a release. It was used
to ensure a higher quality for the packages shipped with
a release. It usually lasted a couple of weeks. During
that time, build problems were fixed, and the release
packages were built. This practice is no longer used,
as the packages for the releases are built from the
current stable, quarterly branch.</para>
<para>For more information on how to merge commits to the
quarterly branch, see <xref
linkend="ports-qa-misc-request-mfh"/>.</para>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-quarterly">
<title>Quarterly Branches</title>
<qandaentry xml:id="ports-qa-misc-request-mfh">
<question>
<para>What is the procedure to request authorization for
merging a commit to the quarterly branch?</para>
</question>
<answer>
<para>When doing the commit, add the branch name to the
<literal>MFH:</literal> line, for example:</para>
<programlisting>MFH: <replaceable>2014Q1</replaceable></programlisting>
<para>It will automatically notify the &a.ports-secteam; and
the &a.portmgr;. They will then decide if the commit can be
merged and answer with the procedure.</para>
<para>If the commit has already been made, send an email
to the &a.ports-secteam; and the &a.portmgr; with the revision
number and a small description of why the commit needs
to be merged.</para>
</answer>
</qandaentry>
+ <qandaentry xml:id="ports-qa-blanket">
+ <question>
+ <para>Are there any changes that can be committed without
+ approval?</para>
+ </question>
+
+ <answer>
+ <para>The following blanket approvals are in effect:</para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>Fixes that do not result in a change in contents
+ of the resulting package. For example:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><filename>pkg-descr</filename>:
+ <literal>WWW:</literal> URL updates (existing
+ 404, moved or incorrect)</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>Build, runtime or packaging fixes, if the
+ quarterly branch version is currently broken.</para>
+
+ <important>
+ <para>These fixes <emphasis>must</emphasis> be
+ tested on the quarterly branch.</para>
+ </important>
+ </listitem>
+
+ <listitem>
+ <para>Missing dependencies (detected, linked against
+ but not registered via
+ <varname><replaceable>*</replaceable>_DEPENDS</varname>).</para>
+ </listitem>
+
+ <listitem>
+ <para>Fixing <link
+ xlink:href="&url.books.porters-handbook;/uses-shebangfix.html">shebangs</link>,
+ stripping installed libraries and binaries, and
+ plist fixes.</para>
+ </listitem>
+
+ <listitem>
+ <para>Backport of security and reliability fixes which
+ only result in <varname>PORTREVISION</varname> bumps
+ and no changes to enabled features. for example,
+ adding a patch fixing a buffer overflow.</para>
+ </listitem>
+ </itemizedlist>
+
+ <important>
+ <para>No unauthorized commits can ever be made without
+ approval of either &a.ports-secteam; or
+ &a.portmgr;.</para>
+ </important>
+ </answer>
+ </qandaentry>
+
<qandaentry xml:id="ports-qa-misc-commit-mfh">
<question>
<para>What is the procedure for merging commits to the
quarterly branch?</para>
</question>
<answer>
<para>A script is provided to automate merging a specific
commit: <filename>ports/Tools/scripts/mfh</filename>.
It is used as follows:</para>
<screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/mfh 380362</userinput>
U 2015Q1
Checked out revision 380443.
A 2015Q1/security
Updating '2015Q1/security/rubygem-sshkit':
A 2015Q1/security/rubygem-sshkit
A 2015Q1/security/rubygem-sshkit/Makefile
A 2015Q1/security/rubygem-sshkit/distinfo
A 2015Q1/security/rubygem-sshkit/pkg-descr
Updated to revision 380443.
--- Merging r380362 into '2015Q1':
U 2015Q1/security/rubygem-sshkit/Makefile
U 2015Q1/security/rubygem-sshkit/distinfo
--- Recording mergeinfo for merge of r380362 into '2015Q1':
U 2015Q1
--- Recording mergeinfo for merge of r380362 into '2015Q1/security':
G 2015Q1/security
--- Eliding mergeinfo from '2015Q1/security':
U 2015Q1/security
--- Recording mergeinfo for merge of r380362 into '2015Q1/security/rubygem-sshkit':
G 2015Q1/security/rubygem-sshkit
--- Eliding mergeinfo from '2015Q1/security/rubygem-sshkit':
U 2015Q1/security/rubygem-sshkit
M 2015Q1
M 2015Q1/security/rubygem-sshkit/Makefile
M 2015Q1/security/rubygem-sshkit/distinfo
Index: 2015Q1/security/rubygem-sshkit/Makefile
===================================================================
--- 2015Q1/security/rubygem-sshkit/Makefile (revision 380443)
+++ 2015Q1/security/rubygem-sshkit/Makefile (working copy)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= sshkit
-PORTVERSION= 1.6.1
+PORTVERSION= 1.7.0
CATEGORIES= security rubygems
MASTER_SITES= RG
Index: 2015Q1/security/rubygem-sshkit/distinfo
===================================================================
--- 2015Q1/security/rubygem-sshkit/distinfo (revision 380443)
+++ 2015Q1/security/rubygem-sshkit/distinfo (working copy)
@@ -1,2 +1,2 @@
-SHA256 (rubygem/sshkit-1.6.1.gem) = 8ca67e46bb4ea50fdb0553cda77552f3e41b17a5aa919877d93875dfa22c03a7
-SIZE (rubygem/sshkit-1.6.1.gem) = 135680
+SHA256 (rubygem/sshkit-1.7.0.gem) = 90effd1813363bae7355f4a45ebc8335a8ca74acc8d0933ba6ee6d40f281a2cf
+SIZE (rubygem/sshkit-1.7.0.gem) = 136192
Index: 2015Q1
===================================================================
--- 2015Q1 (revision 380443)
+++ 2015Q1 (working copy)
Property changes on: 2015Q1
___________________________________________________________________
Modified: svn:mergeinfo
Merged /head:r380362
Do you want to commit? (no = start a shell) [y/n]</screen>
<para>At that point, the script will either open a shell
for you to fix things, or open your text editor with the
commit message all prepared and then commit the
merge.</para>
<para>The script assumes that you can connect to
<literal>repo.FreeBSD.org</literal> with
<application>SSH</application> directly, so if your
local login name is different than your &os; cluster
account, you need a few lines in your
<filename>~/.ssh/config</filename>:</para>
<programlisting>Host repo.freebsd.org # Can be *.freebsd.org
User <replaceable>freebsd-login</replaceable></programlisting>
<tip>
<para>The script is also able to merge more than one
revision at a time. If there have been other updates
to the port since the branch was created that have not
been merged because they were not security related.
Add the different revisions <emphasis>in the order
they were committed</emphasis> on the
<command>mfh</command> command line.
The new commit log message will contain the combined
log messages from all the original commits. These
messages <emphasis>must</emphasis> be edited to show
what is actually being done with the new
commit.</para>
<screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/mfh r407208 r407713 r407722 r408567 r408943 r410728</userinput></screen>
</tip>
<note>
<para>The mfh script can also take an optional first
argument, the branch where the merge is being done.
Only the latest quarterly branch is supported, so
specifying the branch is discouraged. To be safe, the
script will give a warning if the quarterly branch is
not the latest:</para>
<screen>&prompt.user; <userinput>/usr/ports/Tools/scripts/mfh 2016Q1 r407208 r407713</userinput>
/!\ The latest branch is 2016Q2, do you really want to commit to 2016Q1? [y/n]</screen>
</note>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-new-category">
<title>Creating a New Category</title>
<qandaentry xml:id="ports-qa-new-category-how">
<question>
<para>What is the procedure for creating a new
category?</para>
</question>
<answer>
<para>Please see <link
xlink:href="&url.books.porters-handbook;/makefile-categories.html#proposing-categories">
Proposing a New Category</link> in the Porter's
Handbook. Once that procedure has been followed and the
PR has been assigned to the &a.portmgr;, it is their
decision whether or not to approve it. If they do, it
is their responsibility to:</para>
<procedure>
<step>
<para>Perform any needed moves. (This only applies
to physical categories.)</para>
</step>
<step>
<para>Update the <varname>VALID_CATEGORIES</varname>
definition in
<filename>ports/Mk/bsd.port.mk</filename>.</para>
</step>
<step>
<para>Assign the PR back to you.</para>
</step>
</procedure>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-new-category-physical">
<question>
<para>What do I need to do to implement a new physical
category?</para>
</question>
<answer>
<procedure>
<step>
<para>Upgrade each moved port's
<filename>Makefile</filename>. Do not connect the
new category to the build yet.</para>
<para>To do this, you will need to:</para>
<procedure>
<step>
<para>Change the port's
<varname>CATEGORIES</varname> (this was the
point of the exercise, remember?) The new
category is listed
<emphasis>first</emphasis>. This will help to
ensure that the <varname>PKGORIGIN</varname> is
correct.</para>
</step>
<step>
<para>Run a <command>make describe</command>.
Since the top-level
<command>make index</command> that you will be
running in a few steps is an iteration of
<command>make describe</command> over the entire
ports hierarchy, catching any errors here will
save you having to re-run that step later
on.</para>
</step>
<step>
<para>If you want to be really thorough, now
might be a good time to run
&man.portlint.1;.</para>
</step>
</procedure>
</step>
<step>
<para>Check that the <varname>PKGORIGIN</varname>s are
correct. The ports system uses each port's
<varname>CATEGORIES</varname> entry to create its
<varname>PKGORIGIN</varname>, which is used to
connect installed packages to the port directory
they were built from. If this entry is wrong,
common port tools like &man.pkg.version.1; and
&man.portupgrade.1; fail.</para>
<para>To do this, use the
<filename>chkorigin.sh</filename> tool:
<command>env
PORTSDIR=<replaceable>/path/to/ports</replaceable>
sh -e
<replaceable>/path/to/ports</replaceable>/Tools/scripts/chkorigin.sh</command>.
This will check <emphasis>every</emphasis> port in
the ports tree, even those not connected to the
build, so you can run it directly after the move
operation. Hint: do not forget to look at the
<varname>PKGORIGIN</varname>s of any slave ports of
the ports you just moved!</para>
</step>
<step>
<para>On your own local system, test the proposed
changes: first, comment out the
<varname>SUBDIR</varname> entries in the old ports'
categories' <filename>Makefile</filename>s; then
enable building the new category in
<filename>ports/Makefile</filename>. Run
<command>make checksubdirs</command> in the affected
category directories to check the
<varname>SUBDIR</varname> entries. Next, in the
<filename>ports/</filename>
directory, run <command>make index</command>. This
can take over 40 minutes on even modern systems;
however, it is a necessary step to prevent problems
for other people.</para>
</step>
<step>
<para>Once this is done, you can commit the updated
<filename>ports/Makefile</filename> to connect the
new category to the build and also commit the
<filename>Makefile</filename> changes for the old
category or categories.</para>
</step>
<step>
<para>Add appropriate entries to
<filename>ports/MOVED</filename>.</para>
</step>
<step>
<para>Update the documentation by modifying:</para>
<itemizedlist>
<listitem>
<para>the <link
xlink:href="&url.books.porters-handbook;/makefile-categories.html#PORTING-CATEGORIES">list
of categories</link> in the Porter's
Handbook</para>
</listitem>
<listitem>
<para>
<filename>doc/en_US.ISO8859-1/htdocs/ports</filename>.
Note that these are now displayed by sub-groups,
as specified in
<filename>doc/en_US.ISO8859-1/htdocs/ports/categories.descriptions</filename>.</para>
</listitem>
</itemizedlist>
<para>(Note: these are in the docs, not the ports,
repository). If you are not a docs committer, you
will need to submit a PR for this.</para>
</step>
<step>
<para>Only once all the above have been done, and no
one is any longer reporting problems with the new
ports, should the old ports be deleted from their
previous locations in the repository.</para>
</step>
</procedure>
<para>It is not necessary to manually update the
<link xlink:href="&url.base;/ports/index.html">ports web
pages</link> to reflect the new category. This is
done automatically via the change to
<filename>en_US.ISO8859-1/htdocs/ports/categories</filename>
and the automated rebuild of
<filename>INDEX</filename>.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-new-category-virtual">
<question>
<para>What do I need to do to implement a new virtual
category?</para>
</question>
<answer>
<para>This is much simpler than a physical category. Only
a few modifications are needed:</para>
<itemizedlist>
<listitem>
<para>the <link
xlink:href="&url.books.porters-handbook;/makefile-categories.html#PORTING-CATEGORIES">list
of categories</link> in the Porter's
Handbook</para>
</listitem>
<listitem>
<para><filename>en_US.ISO8859-1/htdocs/ports/categories</filename></para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
</qandadiv>
<qandadiv xml:id="ports-qa-misc-questions">
<title>Miscellaneous Questions</title>
<qandaentry xml:id="ports-qa-misc-correctly-building">
<question>
<para>How do I know if my port is building correctly or
not?</para>
</question>
<answer>
<para>The packages are built multiple times each week. If
a port fails, the maintainer will receive an email from
<literal>pkg-fallout@FreeBSD.org</literal>.</para>
<para>Reports for all the package builds (official,
experimental, and non-regression) are aggregated at
<link
xlink:href="https://pkg-status.freebsd.org/">pkg-status.FreeBSD.org</link>.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-misc-INDEX">
<question>
<para>I added a new port. Do I need to add it to the
<filename>INDEX</filename>?</para>
</question>
<answer>
<para>No. The file can either be generated by running
<command>make index</command>, or a pre-generated
version can be downloaded with
<command>make fetchindex</command>.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-misc-no-touch">
<question>
<para>Are there any other files I am not allowed to
touch?</para>
</question>
<answer>
<para>Any file directly under <filename>ports/</filename>,
or any file under a subdirectory that starts with an
uppercase letter (<filename>Mk/</filename>,
<filename>Tools/</filename>, etc.). In particular, the
&a.portmgr; is very protective of
<filename>ports/Mk/bsd.port*.mk</filename> so do not
commit changes to those files unless you want to face
their wra(i)th.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-qa-misc-updated-distfile">
<question>
<para>What is the proper procedure for updating the
checksum for a port's distfile when the file changes
without a version change?</para>
</question>
<answer>
<para>When the checksum for a distribution file is updated
due to the author updating the file without changing the
port's revision, the commit message includes a
summary of the relevant diffs between the original and
new distfile to ensure that the distfile has not been
corrupted or maliciously altered. If the current
version of the port has been in the ports tree for a
while, a copy of the old distfile will usually be
available on the ftp servers; otherwise the author or
maintainer should be contacted to find out why the
distfile has changed.</para>
</answer>
</qandaentry>
<qandaentry xml:id="ports-exp-run">
<question>
<para>How can an experimental test build of the ports tree
(<emphasis>exp-run</emphasis>) be requested?</para>
</question>
<answer>
<para>An exp-run must be completed before patches with a
significant ports impact are committed. The patch can
be against the ports tree or the base system.</para>
<para>Full package builds will be done with the patches
provided by the submitter, and the submitter is required
to fix detected problems (<emphasis>fallout</emphasis>)
before commit.</para>
<procedure>
<step>
<para>Go to the <link
xlink:href="https://bugs.freebsd.org/submit">Bugzilla
new <acronym>PR</acronym> page</link>.</para>
</step>
<step>
<para>Select the product your patch is about.</para>
</step>
<step>
<para>Fill in the bug report as normal. Remember to
attach the patch.</para>
</step>
<step>
<para>If at the top it says <quote>Show Advanced
Fields</quote> click on it. It will now say
<quote>Hide Advanced Fields</quote>. Many new
fields will be available. If it already says
<quote>Hide Advanced Fields</quote>, no need to do
anything.</para>
</step>
<step>
<para>In the <quote>Flags</quote> section, set the
<quote>exp-run</quote> one to <literal>?</literal>.
As for all other fields, hovering the mouse over any
field shows more details.</para>
</step>
<step>
<para>Submit.</para>
</step>
<step>
<para>When the &a.portmgr; replies, fix the fallout.
The fallout might be a bug in the original patch or
other ports that need to be fixed. Both need to be
addressed. Update the patch to repair all the
fallout and repeat.</para>
</step>
</procedure>
</answer>
</qandaentry>
</qandadiv>
</qandaset>
</sect1>
<sect1 xml:id="non-committers">
<title>Issues Specific to Developers Who Are Not
Committers</title>
<para>A few people who have access to the &os; machines do not
have commit bits. Almost all of this document will apply to
these developers as well (except things specific to commits and
the mailing list memberships that go with them). In particular,
we recommend that you read:</para>
<itemizedlist>
<listitem>
<para><link linkend="admin">Administrative
Details</link></para>
</listitem>
<listitem>
<para><link
linkend="conventions-everyone">Conventions</link></para>
<note>
<para>Get your mentor to add you to the
<quote>Additional Contributors</quote>
(<filename>doc/en_US.ISO8859-1/articles/contributors/contrib.additional.xml</filename>),
if you are not already listed there.</para>
</note>
</listitem>
<listitem>
<para><link linkend="developer.relations">Developer
Relations</link></para>
</listitem>
<listitem>
<para><link linkend="ssh.guide">SSH Quick-Start
Guide</link></para>
</listitem>
<listitem>
<para><link linkend="rules">The &os; Committers' Big List
of Rules</link></para>
</listitem>
</itemizedlist>
</sect1>
<sect1 xml:id="google-analytics">
<title>Information About &ga;</title>
<para>As of December 12, 2012, &ga; was enabled on the
&os; Project website to collect anonymized usage statistics
regarding usage of the site. The information collected is
valuable to the &os; Documentation Project, to
identify various problems on the &os; website.</para>
<sect2 xml:id="google-analytics-policy">
<title>&ga; General Policy</title>
<para>The &os; Project takes visitor privacy very
seriously. As such, the &os; Project website honors the
<quote>Do Not Track</quote> header <emphasis>before</emphasis>
fetching the tracking code from Google. For more information,
please see the
<link xlink:href="http://www.FreeBSD.org/privacy.html">&os;
Privacy Policy</link>.</para>
<para>&ga; access is <emphasis>not</emphasis> arbitrarily
allowed — access must be requested, voted on by the
&a.doceng;, and explicitly granted.</para>
<para>Requests for &ga; data must include a specific purpose.
For example, a valid reason for requesting access would be
<quote>to see the most frequently used web browsers when
viewing &os; web pages to ensure page rendering speeds are
acceptable.</quote></para>
<para>Conversely, <quote>to see what web browsers are most
frequently used</quote> (without stating
<emphasis>why</emphasis>) would be rejected.</para>
<para>All requests must include the timeframe for which the data
would be required. For example, it must be explicitly stated
if the requested data would be needed for a timeframe covering
a span of 3 weeks, or if the request would be one-time
only.</para>
<para>Any request for &ga; data without a clear, reasonable
reason beneficial to the &os; Project will be
rejected.</para>
</sect2>
<sect2 xml:id="google-analytics-data">
<title>Data Available Through &ga;</title>
<para>A few examples of the types of &ga; data available
include:</para>
<itemizedlist>
<listitem>
<para>Commonly used web browsers</para>
</listitem>
<listitem>
<para>Page load times</para>
</listitem>
<listitem>
<para>Site access by language</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 xml:id="misc">
<title>Miscellaneous Questions</title>
<qandaset>
<qandaentry>
<question>
<para>Why are trivial or cosmetic changes to files on a
vendor branch a bad idea?</para>
</question>
<answer>
<itemizedlist>
<listitem>
<para>From now on, every new vendor release of that file
will need to have patches merged in by hand.</para>
</listitem>
<listitem>
<para>From now on, every new vendor release of that file
will need to have patches
<emphasis>verified</emphasis> by hand.</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>How do I add a new file to a branch?</para>
</question>
<answer>
<para>To add a file onto a branch, simply checkout or update
to the branch you want to add to and then add the file
using the add operation as you normally would. This works
fine for the <literal>doc</literal> and
<literal>ports</literal> trees. The
<literal>src</literal> tree uses SVN and requires more
care because of the <literal>mergeinfo</literal>
properties. See the
<link linkend="subversion-primer">Subversion Primer</link>
for details on how to perform an MFC.</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>How do I access <systemitem
class="fqdomainname">people.FreeBSD.org</systemitem> to
put up personal or project information?</para>
</question>
<answer>
<para><systemitem
class="fqdomainname">people.FreeBSD.org</systemitem> is
the same as <systemitem
class="fqdomainname">freefall.FreeBSD.org</systemitem>.
Just create a <filename>public_html</filename> directory.
Anything you place in that directory will automatically be
visible under <uri
xlink:href="http://people.FreeBSD.org/">http://people.FreeBSD.org/</uri>.</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>Where are the mailing list archives stored?</para>
</question>
<answer>
<para>The mailing lists are archived under
<filename>/local/mail</filename> on <systemitem
class="fqdomainname"
>freefall.FreeBSD.org</systemitem>.</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>I would like to mentor a new committer. What process
do I need to follow?</para>
</question>
<answer>
<para>See the <link
xlink:href="http://www.freebsd.org/internal/new-account.html">New
Account Creation Procedure</link> document on the
internal pages.</para>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 xml:id="benefits">
<title>Benefits and Perks for &os; Comitters</title>
<sect2 xml:id="benefits-recognition">
<title>Recognition</title>
<para>Recognition as a competent software engineer is the
longest lasting value. In addition, getting a chance to work
with some of the best people that every engineer would dream
of meeting is a great perk!</para>
</sect2>
<sect2 xml:id="benefits-freebsdmall">
<title>FreeBSD Mall</title>
<para>&os; committers can get a free 4-CD or DVD set at
conferences from
<link xlink:href="http://www.freebsdmall.com">&os; Mall,
Inc.</link>.</para>
</sect2>
<sect2 xml:id="benefits-irc">
<title><acronym>IRC</acronym></title>
<para>In addition, developers may request a cloaked hostmask
for their account on the Freenode IRC network in the form
of
<literal>freebsd/developer/</literal><replaceable>freefall
name</replaceable> or
<literal>freebsd/developer/</literal><replaceable>NickServ
name</replaceable>. To request a cloak, send an email to
&a.irc.email; with your requested hostmask and NickServ
account name.</para>
</sect2>
<sect2 xml:id="benefits-gandi">
<title><systemitem
class="domainname">Gandi.net</systemitem></title>
<para>Gandi provides website hosting, cloud computing, domain
registration, and X.509 certificate services.</para>
<para>Gandi offers an E-rate discount to all &os; developers.
Send mail to <email>non-profit@gandi.net</email> using your
<literal>@freebsd.org</literal> mail address, and indicate
your Gandi handle.</para>
</sect2>
</sect1>
</article>