Re: A very 'trivial' question about /root
Hi Julian, you played Devil's advocate well actually as I don't know which idea would be more audacious, letting httpd access files from your root dir or exporting /root via nfs. :) Both of them sound more like a lab scenario than a real one. I understand that launching a chmod 700 /root it's a matter of something between 1 and 3 seconds. I do also understand that I had /root closed for long time and never had the need to set permissions back loose and this triggered my point. Why is it that open? :) On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote: Hi, Reference: From: ASV a...@inhio.eu Date: Thu, 27 Jun 2013 21:39:20 +0200 ASV wrote: Thanks for your reply Polytropon, I'm using FreeBSD since few years already and I'm kind of aware of the dynamics related to permissions, many of them are common to many Unices. I agree that the installer doesn't put anything secret but as a home dir for the root user it's highly likely that something not intended to be publicly readable will end up there soon after the installation. Which IMHO it's true also for any other user homedir which gets created by default using a pretty relaxed umask 022, but that seems to be the default on probably any other UNIX like system I've put my hands on AFAIR. Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine is just a concern about these permission defaults which look to me a bit too relaxed and cannot find yet a reason why not to restrict it. After all I believe having good default settings may make the difference in some circumstances and/or save time. On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: There's any reason (and should be a fairly good one) why the /root directory permissions by default are set to 755 (for sure on releases 8.0/8.1/9.0/9.1) This is the default permission for user directories, as root is considered a user in this (special) case, and /root is its home directory. The installer does not put anything secret in there, but _you_ might, so there should be no issue changing it to a more restricted access permission. Hint: When a directory is r-x for other, then it will be indexed by the locate periodic job, so users could use the locate command (and also find) to look what's in there. If this is not desired, change to rwx/---/---, or rwx/r-x/--- if you want to allow (trusted) users of the wheel group to read and execute stuff from that directory (maybe homemade admin scripts in /root/bin that should not be public). There are few things that touch /root content. System updating might be one of them, but as it is typically run as root (and even in SUM), restrictive permissions above the default are no problem. To summarize the answer for your question: It's just the default. :-) I'll play Devil's advocate for a moment ;-) One reason not to tighten ~root is because one might want ~root/httpuserfile to be readable by httpd to access the crypted passwords of locked web page. ... ;-) No not really, that's perverted, I wouldn't reccomend an http://localhost/~root/ regardless of password locked pages or not. But it shows how lateral head scratching might be appropriate before removing read perms on ~root/ . { A bit like wrong ownership on / can surprisingly kill AMD NFS access } ... some unexpected constraints can take some thinking through, It might be quickest for a number of us to just try chmod 700 ~root for a while see if we get trouble. Cheers, Julian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MAC and Xorg on FBSD 9.1-p4 (re-sending)
Hi all, as you can see from the footer I've already posted this on the list trustedbsd-disc...@freebsd.org but because that one seems to be dead to me I apologise if I'm trying to get some hint here. Briefly, I'm trying to run X on my FreeBSD 9.1 with the following MAC modules enabled: mac_biba mac_mls mac_seeotheruids mac_partition I'm still actually in the learning process of this very granular but complex security system but I'm learning fast as I found it very interesting. Unfortunately when it comes to X it seems to be more complicated. I cannot run it not even as root. I get: .. Unable to map MMIO aperture. Permission denied (13) Memory map the MMIO region failed .. until the timeout and back to prompt. I get the same error with root which is the default login class and on an ad-hoc restricted user. As soon as I disable the modules everything works well. I know this is a very brief description but it should be enough for now to know if this is a known issue and/or the X system is known as NOT WORKING/HAVING PROBLEMS with MAC. And as MAC on FreeBSD is dark matter (googling is basically useless if not for basic conf.) any hint would be highly appreciated. Thanks a lot. ___ trustedbsd-disc...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss To unsubscribe, send any mail to trustedbsd-discuss-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A very 'trivial' question about /root
On Fri, 28 Jun 2013, ASV wrote: Hi Julian, you played Devil's advocate well actually as I don't know which idea would be more audacious, letting httpd access files from your root dir or exporting /root via nfs. :) Both of them sound more like a lab scenario than a real one. A diskless FreeBSD will use an NFS-mounted /root. See: http://www.freebsd.org/doc/handbook/network-diskless.html http://www.nber.org/sys-admin/FreeBSD-diskless.html So it is more than a theoretical possibility. I would also add that putting stricter permissions on perfectly public information may not lead to improved security, if it leads to programs and daemons that would otherwise run as nobody having to run with root priviledges. daniel feenberg I understand that launching a chmod 700 /root it's a matter of something between 1 and 3 seconds. I do also understand that I had /root closed for long time and never had the need to set permissions back loose and this triggered my point. Why is it that open? :) On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote: Hi, Reference: From: ASV a...@inhio.eu Date: Thu, 27 Jun 2013 21:39:20 +0200 ASV wrote: Thanks for your reply Polytropon, I'm using FreeBSD since few years already and I'm kind of aware of the dynamics related to permissions, many of them are common to many Unices. I agree that the installer doesn't put anything secret but as a home dir for the root user it's highly likely that something not intended to be publicly readable will end up there soon after the installation. Which IMHO it's true also for any other user homedir which gets created by default using a pretty relaxed umask 022, but that seems to be the default on probably any other UNIX like system I've put my hands on AFAIR. Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine is just a concern about these permission defaults which look to me a bit too relaxed and cannot find yet a reason why not to restrict it. After all I believe having good default settings may make the difference in some circumstances and/or save time. On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: There's any reason (and should be a fairly good one) why the /root directory permissions by default are set to 755 (for sure on releases 8.0/8.1/9.0/9.1) This is the default permission for user directories, as root is considered a user in this (special) case, and /root is its home directory. The installer does not put anything secret in there, but _you_ might, so there should be no issue changing it to a more restricted access permission. Hint: When a directory is r-x for other, then it will be indexed by the locate periodic job, so users could use the locate command (and also find) to look what's in there. If this is not desired, change to rwx/---/---, or rwx/r-x/--- if you want to allow (trusted) users of the wheel group to read and execute stuff from that directory (maybe homemade admin scripts in /root/bin that should not be public). There are few things that touch /root content. System updating might be one of them, but as it is typically run as root (and even in SUM), restrictive permissions above the default are no problem. To summarize the answer for your question: It's just the default. :-) I'll play Devil's advocate for a moment ;-) One reason not to tighten ~root is because one might want ~root/httpuserfile to be readable by httpd to access the crypted passwords of locked web page. ... ;-) No not really, that's perverted, I wouldn't reccomend an http://localhost/~root/ regardless of password locked pages or not. But it shows how lateral head scratching might be appropriate before removing read perms on ~root/ . { A bit like wrong ownership on / can surprisingly kill AMD NFS access } ... some unexpected constraints can take some thinking through, It might be quickest for a number of us to just try chmod 700 ~root for a while see if we get trouble. Cheers, Julian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A very 'trivial' question about /root
Hi, Reference: From: ASV a...@inhio.eu Date: Fri, 28 Jun 2013 10:10:02 +0200 [ I jhs@ reverted asv@'s top post to bottom post ] On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote: Hi, Reference: From: ASV a...@inhio.eu Date: Thu, 27 Jun 2013 21:39:20 +0200 ASV wrote: Thanks for your reply Polytropon, I'm using FreeBSD since few years already and I'm kind of aware of the dynamics related to permissions, many of them are common to many Unices. I agree that the installer doesn't put anything secret but as a home dir for the root user it's highly likely that something not intended to be publicly readable will end up there soon after the installation. Which IMHO it's true also for any other user homedir which gets created by default using a pretty relaxed umask 022, but that seems to be the default on probably any other UNIX like system I've put my hands on AFAIR. Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine is just a concern about these permission defaults which look to me a bit too relaxed and cannot find yet a reason why not to restrict it. After all I believe having good default settings may make the difference in some circumstances and/or save time. On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: There's any reason (and should be a fairly good one) why the /root directory permissions by default are set to 755 (for sure on releases 8.0/8.1/9.0/9.1) This is the default permission for user directories, as root is considered a user in this (special) case, and /root is its home directory. The installer does not put anything secret in there, but _you_ might, so there should be no issue changing it to a more restricted access permission. Hint: When a directory is r-x for other, then it will be indexed by the locate periodic job, so users could use the locate command (and also find) to look what's in there. If this is not desired, change to rwx/---/---, or rwx/r-x/--- if you want to allow (trusted) users of the wheel group to read and execute stuff from that directory (maybe homemade admin scripts in /root/bin that should not be public). There are few things that touch /root content. System updating might be one of them, but as it is typically run as root (and even in SUM), restrictive permissions above the default are no problem. To summarize the answer for your question: It's just the default. :-) I'll play Devil's advocate for a moment ;-) One reason not to tighten ~root is because one might want ~root/httpuserfile to be readable by httpd to access the crypted passwords of locked web page. ... ;-) No not really, that's perverted, I wouldn't reccomend an http://localhost/~root/ regardless of password locked pages or not. But it shows how lateral head scratching might be appropriate before removing read perms on ~root/ . { A bit like wrong ownership on / can surprisingly kill AMD NFS access } ... some unexpected constraints can take some thinking through, It might be quickest for a number of us to just try chmod 700 ~root for a while see if we get trouble. Cheers, Julian ASV wrote: Hi Julian, you played Devil's advocate well actually as I don't know which idea would be more audacious, letting httpd access files from your root dir or exporting /root via nfs. :) Both of them sound more like a lab scenario than a real one. I understand that launching a chmod 700 /root it's a matter of something between 1 and 3 seconds. I do also understand that I had /root closed for long time and never had the need to set permissions back loose and this triggered my point. Why is it that open? :) Here is a patch: http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/src/gen/etc/mtree/BSD.root.dist.REL=ALL.diff Before we might ask (via send-pr) for it to be commited, we should various of us run chmod 750 /root;chown root:wheel /root give it a couple of months to see if problems. I doubt there will be a problem with /root/.forward , as lrwxr-xr-x 1 root wheel /usr/sbin/sendmail - /usr/sbin/mailwrapper -r-xr-xr-x 1 root wheel /usr/sbin/mailwrapper jb.1234a...@gmail.com 's ref to https://bugzilla.redhat.com/show_bug.cgi?id=578470 relates to Linux upgrade procedures /root I don't see it affects how we should perceive an idealised Unix. ( I'd guess OpenBSD might go for a tighter /root though, as they're supposedly keen on security. ) Daniel Feenberg wrote: A diskless FreeBSD will use an NFS-mounted /root. See: .^. No, that spelling/ phrase is mis-leading, better to say an NFS-mounted root, or an NFS-mounted /. /root under / is merely a level one sub
Re: A very 'trivial' question about /root
On Fri, 28 Jun 2013 15:25:44 +0200, Julian H. Stacey wrote: Before we might ask (via send-pr) for it to be commited, we should various of us run chmod 750 /root;chown root:wheel /root give it a couple of months to see if problems. Done years ago: drwxr-x--- 7 root wheel 512 2013-04-05 21:42:34 /root/ System has been installed in August 2011. No problems so far. :-) ( I'd guess OpenBSD might go for a tighter /root though, as they're supposedly keen on security. ) Currently I've got no OpenBSD installation at hand to verify, but I _assume_ they still have the same defaults as FreeBSD regarding permissions of /root. if it leads to programs and daemons that would otherwise run as nobody having to run with root priviledges. Good point, we should be cautious, best if lots of us try chmod 750 /root for a couple of months see if any burnt fingers. What programs or daemons should attention be paid at, especially? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A very 'trivial' question about /root
Polytropon free...@edvax.de writes: On Fri, 28 Jun 2013 15:25:44 +0200, Julian H. Stacey wrote: ( I'd guess OpenBSD might go for a tighter /root though, as they're supposedly keen on security. ) Currently I've got no OpenBSD installation at hand to verify, but I _assume_ they still have the same defaults as FreeBSD regarding permissions of /root. That's correct. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
pure-ftpd Ldap
hey! I installed Pure-ftpd + Ldap and add a user in Ldap but Pure-ftpd don't recognize that user how can i fix this issue? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: pure-ftpd Ldap
On Fri, 28 Jun 2013 09:37:12 -0500, maral ff ffma...@gmail.com wrote: I installed Pure-ftpd + Ldap and add a user in Ldap but Pure-ftpd don't recognize that user how can i fix this issue? We're going to need some sort of confirmation that you actually configured pure-ftpd to bind to your LDAP server. Can you provide your pureftpd-ldap.conf? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Resolving conflict with libcrypto
I am stuck with the following and cannot figure out the resolution /usr/bin/ld: warning: libcrypto.so.6, needed by /usr/lib/libgssapi_krb5.so, may conflict with libcrypto.so.8 ../../lib/dns/libdns.a(gssapictx.o)(.text+0xabf): In function `dst_gssapi_initctx': : undefined reference to `__gss_spnego_mechanism_oid_desc' *** Error code 1 Stop in /usr/ports/dns/samba-nsupdate/work/bind-9.8.4-P1/bin/nsupdate. *** Error code 1 Stop in /usr/ports/dns/samba-nsupdate/work/bind-9.8.4-P1/bin. *** Error code 1 Stop in /usr/ports/dns/samba-nsupdate/work/bind-9.8.4-P1. *** Error code 1 Stop in /usr/ports/dns/samba-nsupdate. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Retrieving a FreeBSD installation
On Thu, Jun 27, 2013 at 1:17 PM, Polytropon free...@edvax.de wrote: On Thu, 27 Jun 2013 07:28:49 +, KK CHN wrote: List, I accidentally installed a Linux variant(mint OS) on my Harddisk where FreeBSD is installed( which contains my data). Is there a possibility to retrieve that FreeBSD Installation which is overwritten by Linux installation. In most cases: What has been overwritten is lost. But: What has only been disallocated (data still on disk) can _sometimes_ be recovered. So it depends on _what_ is still left. Anyway, do not do anything with the disk. Do not try any recovery on the disk itself. Make an image of the disk and use that image file for any further action. In case you damage it, make a new copy. Only work with copies. One wrong step can massively decrease your chances of recovery. Any hints welcome! It will be a very hard thing. You will probably have a lot of trial error experience, and you will surely learn a lot, for example about file systems. I've written about this topic on this list already, and I will again re-use some details from a previous post to make a list for what you can try. Boot from a live CD or USB stick or a different disk. Then make a copy of the disk using # dd if=/dev/ad0 of=disk.dd where /dev/ad0 is the disk you have accidentally overwritten your OS installation. In case the disk makes any trouble, use dd_rescue or ddrescue (from ports). You can also try this: # fetch -rR /dev/ad0 Also recoverdisk could be useful. Maybe there's enough information left to re-instantiate the file systems? Also try testdisk. When no file system can be re-instantiated, but you're sure your data is still somewhere, you can use photorec for recovery. It is able to recover a lot more than just photos. The ports collection contains further programs that might be worth investigating; just in case they haven't been mentioned yet: ddrescue dd_rescue - use this to make an image of the disk! magicrescue testdisk- restores content recoverjpeg foremost photorec Then also ffs2recov scan_ffs should be mentioned. And finally, the cure to everything is found in The Sleuth Kit (in ports: tsk): fls dls ils autopsy Keep in mind: Read the manpages before using the programs. It's very important to do so. You need to _know_ what you're dealing with, or you'll probably fail. There is no magical tetroplyrodon to click ^Z and get everything back. :-) Proprietary (and expensive) tools like R-Studio or UFS Explorer can still be considered worth a try. Their trial versions are for free. UFS Explorer even works using wine (I've tried it). If you can remember significant content of your data, you can even use # grep pattern disk.dd to see if it's still in there. With magicrescue, you can try something like this: # magicrescue -r /usr/local/share/magicrescue/recipes -d out disk.dd where out/ is the directory where your results will be written to. Keep in mind that _this_ approach will _not_ recover file _names_! I know how bad it feels for such a simple mistake and I won't make fun on you, pointing you to use your backups. Of course you always have the option to send your disk to a professional recovery company. This substitutes learning and trying yourself by impressive amounts of money. ;-) Good luck! Thank you very much, I am going to invest my time to try the valuable tips you shared. I admit the wrong step I made. Thanks again. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FFMpeg and FreeBSD
On Thu, 27 Jun 2013 12:25:19 +0930, Shane Ambler free...@shaneware.biz wrote: On 27/06/2013 09:57, Simon wrote: Hello Everyone, Does anyone use the latest FFMpeg version 1.2 and FreeBSD? How did you compile it? did you run into any issues? The FFMpeg port is 6+ months behind and I feel like I'm the only one who uses this which would be very odd given everything uses video nowadays. You need to look a little closer. We have three versions available in ports - multimedia/ffmpeg which is at 0.7.15 multimedia/ffmpeg1 which is at 1.2.1 - updated 2 days ago multimedia/ffmpeg-devel which is an svn snapshot at 2012.10.13 You will find a lot of ports are still configured to use 0.7.15. The main catch is the ports are designed to co-exist so ffmpeg1 has the trailing 1 added to all the lib/cli names. I have had no problems using ffmpeg1 with my version of blender for several months now. It has a cmake option for lib names and then I added include/ffmpeg1 to C/CXXFLAGS and lib/ffmpeg1 to LDFLAGS. Hi Shane, This should probably be in the multimedi chapter of the Handbook or the FAQ, or in the UPDATING file of the ports. Would you mind if I copied parts of the text and added them to e.g the FAQ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Firefox 21 not proceeding to URL
Using Firefox 21, if I enter this URL: http://www.nclawreview.org/documents/91/1/wegner.pdf nothing happens. The PDF is not displayed nor is there any evidence that Firefox did anything at all. Now, entering the same URL using the same version of Firefox on a Windows machine, it works perfectly. No surprise there. Why is it failing on the FreeBSD machine? I posted on another forum and was told it works under Linux, so it must be a FreeBSD problem. Can anyone confirm this or have an idea what the problem is? -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A very 'trivial' question about /root
Julian H. Stacey jhs at berklix.com writes: jb.1234abcd at gmail.com 's ref to https://bugzilla.redhat.com/show_bug.cgi?id=578470 relates to Linux upgrade procedures /root I don't see it affects how we should perceive an idealised Unix. The upgrade was a canary that told the user there is a problem. The idealized UNIX is standardized. According to Filesystem Hierarchy Standard (FHS), a UNIX standard: /root : Home directory for the root user (optional) Purpose The root account's home directory may be determined by developer or local preference, but this is the recommended default location. [17] [17] If the home directory of the root account is not stored on the root partition it will be necessary to make certain it will default to / if it can not be located. The above means that there has to be implied equivalency and consistency of permisssions between /root and / in order to ensure trouble-free operation of any process that may rely on any of them. That Linux case I referred to was a case about a system that relied on the above 0755 setup for /root dir, with an interesting twist of having it as a dummy account/dir for consistency, but having other accounts play the role of a superuser. Another example: some app (perhaps an installer) runs as non-root (e.g. Apache) user and needs to be able to read the root ssh public key from /root dir. There could be many such apps, accessing a front-end system, having to check for permission in /root dir for whatever they want to do, anywhere in sys admin, remote control, management, installation, etc areas. By changing this default you may ambush many unsuspecting users. jb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firefox 21 not proceeding to URL
28.06.2013 21:07, Jerry пишет: Using Firefox 21, if I enter this URL: http://www.nclawreview.org/documents/91/1/wegner.pdf nothing happens. The PDF is not displayed nor is there any evidence that Firefox did anything at all. Now, entering the same URL using the same version of Firefox on a Windows machine, it works perfectly. No surprise there. Why is it failing on the FreeBSD machine? I posted on another forum and was told it works under Linux, so it must be a FreeBSD problem. Can anyone confirm this or have an idea what the problem is? This works for me: Edit - Prefernces - Applications - PDF: preview in Firefox. As well as other viewer (mupdf tested). My current Firefox version is 22.0 though. But I recall it working at previous firefox versions. -- WBR, Boris Samorodov (bsam) FreeBSD Committer, http://www.FreeBSD.org The Power To Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firefox 21 not proceeding to URL
On Fri, 28 Jun 2013 21:46:43 +0400 Boris Samorodov articulated: This works for me: Edit - Prefernces - Applications - PDF: preview in Firefox. As well as other viewer (mupdf tested). My current Firefox version is 22.0 though. But I recall it working at previous firefox versions. I have tried every setting listed under the TAB, but they all fail. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Compile a port without its dependencies?
Is there a way to compile a port without its dependencies? I ask because recently I wanted two shlibs: wnck.so and rsvg.so (they are provided by x11-toolkits/py-gnome-desktop). I didn't need all the accompanying baggage (half of GNOME it seems), but it dragged in over 80 other packages. In the end I let it have its way, copied the libs to a safe place, then uninstalled all the packages and copied the libs back again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Compile a port without its dependencies?
Sometimes build dependencies are just that -- You might benefit from using the poudriere tool to build these things in a clean environment and then you can just install the package/runtime dependencies. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firefox 21 not proceeding to URL
On 2013-06-28 19:07, Jerry wrote: Using Firefox 21, if I enter this URL: http://www.nclawreview.org/documents/91/1/wegner.pdf nothing happens. The PDF is not displayed nor is there any evidence that Firefox did anything at all. Now, entering the same URL using the same version of Firefox on a Windows machine, it works perfectly. No surprise there. Why is it failing on the FreeBSD machine? I posted on another forum and was told it works under Linux, so it must be a FreeBSD problem. Can anyone confirm this or have an idea what the problem is? Works as intended, asks if i want to save it or open it. Mozilla Firefox 21.0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD Appliance Questions
I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Troubleshooting a gmirror disk marked broken
On Wed, Jun 26, 2013 at 10:09:33PM -0500, Adam Vande More wrote: On Wed, Jun 26, 2013 at 9:38 PM, Nikola Pavlović n...@riseup.net wrote: Hi, Last night during a massive (~1 year worth :| ) portsnap fetch the server went unresponsive and ssh eventually disconnected. I decided to leave it during the night, and, sure enough, the situation was the same in the morning, so I had to do a hard reset. It came back up, but one of the two gmirror components was marked as broken and deactivated. The hang happened during the 'fetching new files or ports' (~24000 of them, there are currently ~1 snapshots in /var/db/portsnap) phase of postsnap fetch. /var/log/messages was completely silent during the period between the hang and the reset. Googling around I found a mention that it's possible to sometimes get a 'blip'[*] during busy periods, so I decided to just bite the bullet and reinsert the component with # gmirror forget gm0 # gmirror clean ad4 # gmirror insert gm0 ad4 Currently it's syncing and things *seem* OK. My question is how much should I be worried and what could be the cause of this? Is it possible that ports snapshot fetching caused this, or that perhaps it was the other way around (a failing disk causing the machine to choke during the huge portsnap fetch)? How to proceed? :) The messages log definitely shows problems with your io. The smart log of the disks are also at least mildly concerning and indicates the drives are in a preliminary stage of death. Some HD deaths take years to complete. Expect random glitches and intermittent reduced performance as a continuous degradation. You might be able to alleviate some of this by switching to the AHCI driver and bumping up timeouts but at the end of the day 2 flaky disks in a mirror don't inspire confidence. About AHCI, it didn't attach after setting ahci_load=YES in loader.conf so I assumed it wasn't enabled in BIOS. As I don't have physical access to the machine I asked the support to enable it, and presumably they did (that's what they said, and the machine was rebooted when they said they did). But still no luck. It's a VIA 6420 controller and maybe it doesn't support AHCI (couldn't find anything definitive on the net about that). If that's the case, is it even possible that there exists an option to enable it in BIOS? I'm confused because they didn't say it doesn't support it, but explicitly that they enabled it. It's possible to request KVM-over-IP, so I can look for myself, but I don't want to waste time (and install Java just for this) if it's useless. -- To criticize the incompetent is easy; it is more difficult to criticize the competent. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On 06/28/2013 05:27 PM, Tim Daneliuk wrote: I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, Oh one more thing - does anyone have experience - good or bad - with installing and running the Tivoli TSM Client software under the FreeBSD Linux emulation? -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On Fri, Jun 28, 2013 at 6:28 PM, Tim Daneliuk tun...@tundraware.com wrote: On 06/28/2013 05:27 PM, Tim Daneliuk wrote: I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, Oh one more thing - does anyone have experience - good or bad - with installing and running the Tivoli TSM Client software under the FreeBSD Linux emulation? would help to know the manufacturer, might be able to help nail down the version of the OS -- --**--** Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On 06/28/2013 05:31 PM, Outback Dingo wrote: On Fri, Jun 28, 2013 at 6:28 PM, Tim Daneliuk tun...@tundraware.com mailto:tun...@tundraware.com wrote: On 06/28/2013 05:27 PM, Tim Daneliuk wrote: I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, Oh one more thing - does anyone have experience - good or bad - with installing and running the Tivoli TSM Client software under the FreeBSD Linux emulation? would help to know the manufacturer, might be able to help nail down the version of the OS It is an EMC/Isolon but I'm not sure which model. Still looking into it. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Troubleshooting a gmirror disk marked broken
On Thu, Jun 27, 2013 at 10:06:45AM -0700, Charles Swiger wrote: Hi-- On Jun 27, 2013, at 9:58 AM, Adam Vande More amvandem...@gmail.com wrote: On Thu, Jun 27, 2013 at 10:16 AM, Charles Swiger cswi...@mac.com wrote: If you haven't rebuilt the mirror already, running a full disk read scan against both drives (ie, via dd if=/dev/ad4 of=/dev/null bs=1m or similar) might be prudent. That will help identify/migrate any sectors which are failing but still recoverable via ECC to the spare sectors. I was going to say something like that too but AFAIK sectors aren't remapped on failed reads, has to be written to(dd if=/dev/zero of=/dev/ad4 bs=1m). If it were me, I make sure I had fully tested complete backups before I broke the mirror and did that. If the drive reads a sector with ECC-correctable errors, it's supposed to try to re-write that sector in order to fix up the ECC data. If that write fails, it remaps. Of course, your suggestion of blanking the entire drive and restoring from the mirror or a backup would be best, or perhaps better short of replacing the drive. OK, thank you both for suggestions. It rebuilt fine, and it's working fine. If it starts giving me trouble again I'll try your suggestions, or, ultimately, ask to get the disk replaced (although I don't expect a much better replacement, it's one of those cheap rental servers, you get what you pay :)) I'm still a bit reluctant to run the ports tree update again, but I'll ask on -ports@ for further assistance with that. -- Writing free verse is like playing tennis with the net down. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On Fri, Jun 28, 2013 at 6:35 PM, Tim Daneliuk tun...@tundraware.com wrote: On 06/28/2013 05:31 PM, Outback Dingo wrote: On Fri, Jun 28, 2013 at 6:28 PM, Tim Daneliuk tun...@tundraware.commailto: tun...@tundraware.com** wrote: On 06/28/2013 05:27 PM, Tim Daneliuk wrote: I am working on an NAS appliance built on FreeSBD. Several questions: - The vendor has rebranded everything so uname isn't helping me determine what exact branch of FreeBSD they used. Is there another canonical way to figure this out? - For any reasonably recent version of FBSD, is it likely that the Linux emulation will work correctly or are there certain versions of FreeBSD that do this better than others? Thanks, Oh one more thing - does anyone have experience - good or bad - with installing and running the Tivoli TSM Client software under the FreeBSD Linux emulation? would help to know the manufacturer, might be able to help nail down the version of the OS It is an EMC/Isolon but I'm not sure which model. Still looking into it. research shows http://en.wikipedia.org/wiki/OneFS_distributed_file_system -- --**--** Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
On 06/28/2013 05:46 PM, Outback Dingo wrote: research shows http://en.wikipedia.org/wiki/OneFS_distributed_file_system D'oh. I looked it up under Isolon but not OneFS. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Troubleshooting a gmirror disk marked broken
On Sat, Jun 29, 2013 at 12:36:59AM +0200, Nikola Pavlović wrote: I'm still a bit reluctant to run the ports tree update again, but I'll ask on -ports@ for further assistance with that. Actually, no need. I retried it and it worked without any problem. -- Fantasies are free. NO!! NO!! It's the thought police ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Appliance Questions
Hi. Have some experience with isilon NL and ssd iseries. Onefs 6.5 . Dont go mucking around like you are on a normal bsd system. It doesnt work that way. They have a system which is similar to cfengine which overwrites changes so you need to do things their way not the bsd way. Their support is crap since emc purchase. Threw some avere cacheing in front of our silos but still no plans on upgrading.. On Jun 28, 2013 5:59 PM, Tim Daneliuk tun...@tundraware.com wrote: On 06/28/2013 05:46 PM, Outback Dingo wrote: research shows http://en.wikipedia.org/wiki/** OneFS_distributed_file_systemhttp://en.wikipedia.org/wiki/OneFS_distributed_file_system D'oh. I looked it up under Isolon but not OneFS. -- --**--** Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FFMpeg and FreeBSD
On 29/06/2013 02:07, Giorgos Keramidas wrote: I have had no problems using ffmpeg1 with my version of blender for several months now. It has a cmake option for lib names and then I added include/ffmpeg1 to C/CXXFLAGS and lib/ffmpeg1 to LDFLAGS. Hi Shane, This should probably be in the multimedi chapter of the Handbook or the FAQ, or in the UPDATING file of the ports. Would you mind if I copied parts of the text and added them to e.g the FAQ? sure - I'm thinking FAQ. Maybe start with the following - To use ffmpeg1 with an existing port. The first step is to get the ffmpeg1 headers and libs found, this should be easily accomplished with the following (an easy way to first check that the port compiles with ffmpeg1) - CFLAGS+=-I${LOCALBASE}/include/ffmpeg1 CXXFLAGS+= -I${LOCALBASE}/include/ffmpeg1 LDFLAGS+= -L${LOCALBASE}/lib/ffmpeg1 If the project source hasn't kept up with ffmpeg changes then you may be able to replace some of the old functions to quickly keep it working with the newer version. Blender can be source of inspiration for this - http://projects.blender.org/scm/viewvc.php/trunk/blender/intern/ffmpeg/ffmpeg_compat.h?view=markuproot=bf-blender The next step is to get it linking with the new lib names, these are the ffmpeg lib names with a 1 appended to them eg. libavcodec1 instead of libavcodec. Some ports may have options to make this easy for example graphics/blender has a cmake variable called FFMPEG_LIBRARIES so adding CMAKE_ARGS+=-DFFMPEG_LIBRARIES:STRING=avformat1;avcodec1;avutil1;avdevice1;swscale1 to the port Makefile handles that. Other ports may need a search and replace such as sed 's|avcodec|avcodec1|g' or a patch manually made for their Makefiles. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Troubleshooting a gmirror disk marked broken
On Fri, Jun 28, 2013 at 5:28 PM, Nikola Pavlović n...@riseup.net wrote: About AHCI, it didn't attach after setting ahci_load=YES in loader.conf so I assumed it wasn't enabled in BIOS. As I don't have physical access to the machine I asked the support to enable it, and presumably they did (that's what they said, and the machine was rebooted when they said they did). But still no luck. It's a VIA 6420 controller and maybe it doesn't support AHCI (couldn't find anything definitive on the net about that). This appears to be the case. There may be some sysctl which can alter ata settings that might help like stuff under kern.geom.mirror. It's already been a long time since I've used 8.x so I don't remember everything. Just have to dig around. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Firefox 21 not proceeding to URL
2013-06-28 19:07, Jerry skrev: Using Firefox 21, if I enter this URL: http://www.nclawreview.org/documents/91/1/wegner.pdf nothing happens. The PDF is not displayed nor is there any evidence that Firefox did anything at all. Now, entering the same URL using the same version of Firefox on a Windows machine, it works perfectly. No surprise there. Why is it failing on the FreeBSD machine? I posted on another forum and was told it works under Linux, so it must be a FreeBSD problem. Can anyone confirm this or have an idea what the problem is? It works for me. 9.1-RELEASE-p3 Firefox 22 and Xpdf /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org