The FeedTree publishing tool
Table of Contents
The FeedTree publishing tool is a Java daemon (a faceless application) which you can run to turn a legacy RSS or Atom feed into a FeedTree feed. The publisher will poll your feed(s) on aggressive schedule; when it finds new or changed entries, it will push them out immediately to all FeedTree users. If there's no new data, it will send a heartbeat message to let other clients know that an authoritative feed publisher exists.
The publisher can also digitally sign new entries and heartbeats with a cryptographic key; by signing feed updates, clients can be sure that—even though they may have received the update from a peer in the network, thanks to Scribe multicast—the content of the update is authentic. It is strongly recommended that feed owners who use the publisher sign their updates.
Download the publisher
See the download page.
Launching the publisher
To run the publishing tool from a Unix or Windows command prompt, type:
$ java -jar ftpublisher.jar
[Linux/Unix users: There will soon be System V init-scripts (that is, init.d style scripts) to control the publishing tool.]
All operating parameters are defined in the publisher.conf file (included in the zipfile with the publisher JAR). The included publisher.conf is an example; you can either use the guided configuration script to write your own, or edit the file by hand.
The new configure-publisher script (in the tools directory of the repository; download it from the Subversion repository here) is a Python script (tested on Linux/Unix/Mac, might work on Windows too) that will walk you through the process of creating a publisher.conf file. If you elect to sign your feed (a very good idea) it will also help you generate a cryptographic key and provide instructions on how to augment your existing RSS or Atom feed to point to the key's certificate.
Run it by executing either this command:
python configure-publisher --signed
or this one if you don't intend to sign your feed updates:
python configure-publisher --unsigned
The script will walk you through the rest. python configure-publisher --help will tell you about some of the other command-line flags available.
Once you've configured the publisher, you'll need to edit your feeds to point to your public certificate (if you chose to sign your feed updates). See "FEED XML CHANGES" below.
You can use the Java keytool to generate a public/private key pair from scratch; however, you can also just use the existing SSL keypair on your website, if you have one.
Once you have your keypair you'll need to import it into a keystore file (like a GPG keyring, but for Java apps).
$ keytool -import -keystore keystore.jks -storetype JKS -alias "default" -file <ssl-certificate>
Finally, you'll want to cough up a copy of the public key in DER format:
$ keytool -export -keystore keystore.jks -alias "default" -rfc > certificate.pem $ openssl x509 -inform pem -outform der < certificate.pem > certificate.cer
Now you can add this info to the publisher.conf:
keystore = keystore.jks keystore_type = JKS keystore_password = monkey key_name = default key_password = monkey
Feed XML Changes
For FeedTree clients to know how to get your public key, you want to add some special information from the feedtree: namespace to your RSS or Atom feed. The data is the same for either format; here's an example of Slashdot's RSS feed, with the necessary additions being the xmlns:feedtree line and the feedtree:publickey element:
<?xml version="1.0" encoding="ISO-8859-1"?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://purl.org/rss/1.0/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/" xmlns:feedtree="http://feedtree.net/ns/feedtree" > <channel rdf:about="http://slashdot.org/"> <title>Slashdot</title> <link>http://slashdot.org/</link> <description>News for nerds, stuff that matters</description> <feedtree:publickey url="http://slashdot.org/cert/slashdot.cer" fingerprint="09:90:15:FF:CB:3D:F9:58:7D:2B:23:2E:6E:79:31:3C:AD:3A:EC:EC" />
Note that the fingerprint is the SHA-1 hash of the certificate, which you can retrieve using openssl:
$ openssl x509 -inform der -fingerprint -sha1 < certificate.cer
The client appends a special HTML footer to each entry in each feed it generates for users of the proxy. (This footer isn't shared with other FeedTree clients; it is purely a decoration added for the benefit of the user's news reader.) When a signed item, sent by the Publisher, is received, the blue "wax seal S" icon is included in this footer, along with a message signifying that the entry was signed by the publisher's private key:
See publisher.conf in the Subversion repository.