Re: Import of DragonFly Mail Agent

2014-02-24 Thread Don Lewis
On 25 Feb, Peter Jeremy wrote:
> On 2014-Feb-24 10:44:30 -0600, Bryan Drewery  wrote:
>>
>>I have the Oreilly sendmail book here and it's thicker than The Design
>>and Implementation of the FreeBSD Operating System. That's quite an
>>application!
> 
> More impressively, ISTR it's thicker than "The Magic Garden Explained"
> - which is the SVR4 internals.

Not counting the covers, they are about the same thickness.  It's
thinner than "TCP/IP Illustrated Volume 2", and *way* thinner than
"Advanced Programming in the UNIX Environment".

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Peter Jeremy
On 2014-Feb-24 10:44:30 -0600, Bryan Drewery  wrote:
>
>I have the Oreilly sendmail book here and it's thicker than The Design
>and Implementation of the FreeBSD Operating System. That's quite an
>application!

More impressively, ISTR it's thicker than "The Magic Garden Explained"
- which is the SVR4 internals.

-- 
Peter Jeremy


pgpXr6FrMeCfw.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Mark Linimon
On Mon, Feb 24, 2014 at 09:40:26AM -0600, Bryan Drewery wrote:
> IMHO base should be the very minimalistic needs to get a server online,
> and should be secure and simple by default. ...
> Anything not meeting the bare-bones criteria can be installed with 'pkg
> install' or ports.

+1 (OTOH I am not volunteering to do the work :-) )

mcl
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Julio Merino
On Mon, Feb 24, 2014 at 6:47 AM, Thomas Mueller
wrote:

> To Julio Merino:  How long did NetBSD include both sendmail and postfix in
> base?  What NetBSD releases?  What was the first release that included both
> sendmail and postfix, and the first release where sendmail was dropped?
>

As far as I can tell, postfix was added in NetBSD 1.5 (Dec 6, 2000), made
the default in NetBSD 2.0 (Dec 9, 2004) and sendmail was removed in NetBSD
4.0 (Dec 19, 2007). That's a 7-year long transitional period.

I haven't been able to find the discussion for the removal of sendmail
unfortunately.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Build failed in Jenkins: FreeBSD_HEAD #176

2014-02-24 Thread jenkins-admin
See 

Changes:

[eadler] hier(7): Add /usr/lib/private

Requested by:   theraven
MFC After:  3 days

--
[...truncated 246402 lines...]
--- rsu-rtl8712fw.fw ---
uudecode -p 

 > rsu-rtl8712fw.fw
--- rsu-rtl8712fw.o ---
cc  -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc   
-DHAVE_KERNEL_OPTION_HEADERS -include 
/usr/obj
 -I. -I@ -I@/contrib/altq -fno-common -gdwarf-2 -fno-omit-frame-pointer 
-mno-omit-leaf-frame-pointer 
-I/usr/obj 
 -mno-aes -mno-avx -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float 
 -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector 
-std=iso9899:1999 -Qunused-arguments  -fstack-protector -Wall -Wredundant-decls 
-Wnested-externs -Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith 
-Winline -Wcast-qual  -Wundef -Wno-pointer-sign -fformat-extensions  
-Wmissing-include-dirs -fdiagnostics-show-option  
-Wno-error-tautological-compare -Wno-error-empty-body  
-Wno-error-parentheses-equality -Wno-unused-function   -c rsu-rtl8712fw.c
--- rsu-rtl8712fw.fw.fwo ---
rsu-rtl8712fw.fw rsu-rtl8712fw.fw
--- rsu-rtl8712fw.o ---
ctfconvert -L VERSION -g rsu-rtl8712fw.o
--- rsu-rtl8712fw.ko.debug ---
ld  -d -warn-common -r -d -o rsu-rtl8712fw.ko.debug rsu-rtl8712fw.fw.fwo 
rsu-rtl8712fw.o
ctfmerge -L VERSION -g -o rsu-rtl8712fw.ko.debug rsu-rtl8712fw.fw.fwo 
rsu-rtl8712fw.o
:> export_syms
awk -f 

 rsu-rtl8712fw.ko.debug  export_syms | xargs -J% objcopy % 
rsu-rtl8712fw.ko.debug
--- rsu-rtl8712fw.ko.symbols ---
objcopy --only-keep-debug rsu-rtl8712fw.ko.debug rsu-rtl8712fw.ko.symbols
--- rsu-rtl8712fw.ko ---
objcopy --strip-debug --add-gnu-debuglink=rsu-rtl8712fw.ko.symbols 
rsu-rtl8712fw.ko.debug rsu-rtl8712fw.ko
===> usb/rum (all)
--- if_rum.o ---
cc  -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc   
-DHAVE_KERNEL_OPTION_HEADERS -include 
/usr/obj
 -I. -I@ -I@/contrib/altq -fno-common -gdwarf-2 -fno-omit-frame-pointer 
-mno-omit-leaf-frame-pointer 
-I/usr/obj 
 -mno-aes -mno-avx -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float 
 -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector 
-std=iso9899:1999 -Qunused-arguments  -fstack-protector -Wall -Wredundant-decls 
-Wnested-externs -Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith 
-Winline -Wcast-qual  -Wundef -Wno-pointer-sign -fformat-extensions  
-Wmissing-include-dirs -fdiagnostics-show-option  
-Wno-error-tautological-compare -Wno-error-empty-body  
-Wno-error-parentheses-equality -Wno-unused-function   -c 

ctfconvert -L VERSION -g if_rum.o
--- if_rum.ko.debug ---
ld  -d -warn-common -r -d -o if_rum.ko.debug if_rum.o
ctfmerge -L VERSION -g -o if_rum.ko.debug if_rum.o
:> export_syms
awk -f 

 if_rum.ko.debug  export_syms | xargs -J% objcopy % if_rum.ko.debug
--- if_rum.ko.symbols ---
objcopy --only-keep-debug if_rum.ko.debug if_rum.ko.symbols
--- if_rum.ko ---
objcopy --strip-debug --add-gnu-debuglink=if_rum.ko.symbols if_rum.ko.debug 
if_rum.ko
===> usb/run (all)
--- if_run.o ---
cc  -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc   
-DHAVE_KERNEL_OPTION_HEADERS -include 
/usr/obj
 -I. -I@ -I@/contrib/altq -fno-common -gdwarf-2 -fno-omit-frame-pointer 
-mno-omit-leaf-frame-pointer 
-I/usr/obj 
 -mno-aes -mno-avx -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float 
 -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector 
-std=iso9899:1999 -Qunused-arguments  -fstack-protector -Wall -Wredundant-decls 
-Wnested-externs -Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith 
-Winline -Wcast-qual  -Wundef -Wno-pointer-sign -fformat-extensions  
-Wmissing-include-dirs -fdiagnostics-show-option  
-Wno-error-tautological-compare -Wno-error-empty-body  
-Wno-error-parentheses-equality -Wno-unused-function   -c 

ctfconvert -L VERSION -g if_run.o
--- if_run.ko.debug ---
ld  -d -warn-common -r -d -o if_run.ko.debug if_run.o
ctfmerge -L VERSION

Re: Import of DragonFly Mail Agent

2014-02-24 Thread Julian Elischer

On 2/24/14, 7:47 PM, Thomas Mueller wrote:

I never got far enough with DragonFlyBSD or OpenBSD on live USB to see osmpd or 
opensmtpd (OpenBSD or dma (DragonFly).

I couldn't read hard drive from either OpenBSD or DragonFly, could read OpenBSD 
but not DragonFly live USB stick from FreeBSD and NetBSD, meaning poor 
interoperability on my system.

But I find sendmail practically impossible to setup, and rather useless for my 
purposes.

I use msmtp and mpop from ports for SMTP and POP3 mail, including SSL 
capability.  These clients even allow multiple email accounts and multiple 
users, user name need not necessarily be the same as computer hostname.

I've wondered if I'd lose anything by building FreeBSD WITHOUT_SENDMAIL.

I looked and found mail/dma in FreeBSD ports tree.  Could it be easily set up 
to use as SMTP client?

I don't believe BSD users use base system of itself to send and receive email.  
They use ports (FreeBSD) or equivalent in other BSDs.

I do (though recompiling with SASL and TLS was a pain in the neck.


Can't really say for Linux; "base system" is ill-defined given the anarchy of 
many different distributions.

To Julio Merino:  How long did NetBSD include both sendmail and postfix in 
base?  What NetBSD releases?  What was the first release that included both 
sendmail and postfix, and the first release where sendmail was dropped?

But I think sendmail is still available in pkgsrc for users who'd rather have 
sendmail.
  
Tom


___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"



___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Julian Elischer

On 2/24/14, 10:45 PM, Mark Felder wrote:

On Mon, Feb 24, 2014, at 3:41, Joe Holden wrote:

On 24/02/2014 04:26, Julio Merino wrote:

On Sun, Feb 23, 2014 at 4:11 PM, Baptiste Daroussin wrote:


Hi,

As some of you may have noticed, I have imorted a couple of days ago dma
(DragonFly Mail Agent) in base. I have been asked to explain my motivation
so
here they are.

DragonFly Mail Agent is a minimalistic mailer that is able to relay mails
to
some smtp servers (with TLS, authentication and so on)

It supports MASQUERADE and NULLCLIENT, and is able to deliver mails locally
(respecting aliases).

I imported it because dma is lightweight, BSD license and easy to use.

The code base is rather small and easy to capsicumize (which I plan to do)

My initial goal is not to replace sendmail.


But is it an eventual goal?  *I* don't see why not, but if it is: what's
the plan?  How is the decision to drop sendmail going to be made when the
time comes?  (I.e. who _can_ and will make the call?)



All I want is a small mailer
simple to configure, and not listening to port 25, suitable for small
environment (embedded and/or resource bounded) as well as for server
deployment.


Playing devil's advocate: what specific problems is this trying to solve?
   I'd argue, for example, that postfix can be also easily configured and can
be made to not listen on port 25 for local mail delivery, while at the same
time it is a fully-functional MTA that could replace sendmail altogether.
   (Which, by the way, is the configuration with which postfix ships within
the NetBSD base system.)

The reason I'm asking these questions is because I have seen NetBSD
maintain two MTAs (sendmail + postfix) in the base system for _years_ and
it was not a pretty situation.  The eventual removal of sendmail was
appreciated, but of course it came with the associated bikeshedding.

*dons flame-proof suit*

The trend towards having sensible lightweight things in the base is a
good thing IMO.  There is no need for things like bind (replaced by
unbound), or a full featured mta like sendmail in the base, base install
should contain enough to get going but for specific functions like
performing MTA tasks, the user can install the appropriate software,
such as postfix.

Just my 2p :)


I fully agree here. Lightweight services in base, fully featured in
ports. It makes it easier for users to follow the latest and greatest
MTA, DNS, etc this way as well.


Once again I repeat my suggestion that we should at some stage be
splitting up our distribution into a smaller "required" core, a slightly
larger "usual" and a larger "extended"
software sets, where the last one would be maintained in ports but
with a distinction that failure in those ports is a reason to hold up 
a release etc.
i.e. "some ports are more important than others" and we should take 
that into account

officially.
I'd also like to see the PCBSD PBI formats more integrates into our 
release..





Another nice feature of dma is that it's a perfect compliment to your
lightweight jails -- emails can get out, but no worrying about conflicts
on ports 25.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"



___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Benjamin Kaduk

On Mon, 24 Feb 2014, Lyndon Nerenberg wrote:



What would really help is if the ports fetch-recursive-list target could 
extend to reliably include the distfiles for the runtime dependencies as 
well.  But I'm not even sure that's possible.  We tried a few different 
things, but in the end we had to brute force it by running 'make fetch' 
in every one of the ports directories in order to get all the distfiles 
onto an external system, which we then rsynced to a USB drive, marched 
inside, and rsynced to the fileserver.  Not pretty ... but with all the 
distfiles at hand we knew the inside ports builds wouldn't fail due to 
missing dependencies.


I'm rather confused by why it isn't working for you. 
http://svnweb.freebsd.org/ports/head/Mk/bsd.port.mk?revision=345884&view=markup#l5187 
is quite clearly looking in ALL-DEPENDS-LIST, which includes runtime 
dependencies.  The only thing I can think of is that non-default 
configurations are in play, so that 'make config && make config-recursive' 
should be (re-)run until it does not prompt, and only then 
fetch-recursive-list be used.  I suppose there could be broken ports that 
always prompt (ISTR kde used to do this), but I thought we had moved away 
from that.


-Ben
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: March 13: Jenkins and BHyve presentation

2014-02-24 Thread Craig Rodrigues
On Mon, Feb 24, 2014 at 1:04 AM, Craig Rodrigues wrote:

> Hi,
>
> I will be giving a talk discussing what I have done
> settings up Jenkins ( https://jenkins.freebsd.org )
> in the FreeBSD cluster, using BHyve VM's:
>
> The presentation will be on March 13 in Mountain View, California, U.S.A.:
>
> http://www.meetup.com/BAFUG-Bay-Area-FreeBSD-User-Group/events/167325932/
>
> If you think you can come, please RSVP on the Meetup site, so that
> the organizers can get a big enough room.
>
> I am interested in collaborating with FreeBSD hackers who can
> contribute to the effort and help expand testing of FreeBSD!!
>


Hi,

For those who cannot attend the meetup in Mountain View, California,
U.S.A., I will post a link to the slides after the presentation.
I am not sure if video/webcast will be available.

I have given a similar presentation at the 2013 FreeBSD Vendor Summit
describing the use of Jenkins in the FreeNAS project, so you can look at
this to get an idea:

http://www.ixsystems.com/whats-new/jenkins-bhyve-and-webdriver-continuous-integration-testing-on-freenas/

However, my presentation on March 13 will be focused on
how I set up https://jenkins.freebsd.org

If you cannot make the March 13 meetup, I will be giving
a similar presentation on May 17 at BSDCan:

http://www.bsdcan.org/2014/schedule/events/445.en.html

and on May 15 there will be a working group where we will discuss
how to expand Continuous Testing in the FreeBSD project:

https://wiki.freebsd.org/201405DevSummit

Hope to see folks at one of these events, so we can do some
interesting collaboration!
--
Craig
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[head tinderbox] failure on sparc64/sparc64

2014-02-24 Thread FreeBSD Tinderbox
TB --- 2014-02-24 23:45:01 - tinderbox 2.20 running on freebsd-current.sentex.ca
TB --- 2014-02-24 23:45:01 - FreeBSD freebsd-current.sentex.ca 8.3-PRERELEASE 
FreeBSD 8.3-PRERELEASE #0: Mon Mar 26 13:54:12 EDT 2012 
d...@freebsd-current.sentex.ca:/usr/obj/usr/src/sys/GENERIC  amd64
TB --- 2014-02-24 23:45:01 - starting HEAD tinderbox run for sparc64/sparc64
TB --- 2014-02-24 23:45:01 - cleaning the object tree
TB --- 2014-02-24 23:45:01 - /usr/local/bin/svn stat /src
TB --- 2014-02-24 23:45:04 - At svn revision 262455
TB --- 2014-02-24 23:45:05 - building world
TB --- 2014-02-24 23:45:05 - CROSS_BUILD_TESTING=YES
TB --- 2014-02-24 23:45:05 - MAKEOBJDIRPREFIX=/obj
TB --- 2014-02-24 23:45:05 - PATH=/usr/bin:/usr/sbin:/bin:/sbin
TB --- 2014-02-24 23:45:05 - SRCCONF=/dev/null
TB --- 2014-02-24 23:45:05 - TARGET=sparc64
TB --- 2014-02-24 23:45:05 - TARGET_ARCH=sparc64
TB --- 2014-02-24 23:45:05 - TZ=UTC
TB --- 2014-02-24 23:45:05 - __MAKE_CONF=/dev/null
TB --- 2014-02-24 23:45:05 - cd /src
TB --- 2014-02-24 23:45:05 - /usr/bin/make -B buildworld
>>> Building an up-to-date make(1)
>>> World build started on Mon Feb 24 23:45:12 UTC 2014
>>> Rebuilding the temporary build tree
>>> stage 1.1: legacy release compatibility shims
>>> stage 1.2: bootstrap tools
>>> stage 2.1: cleaning up the object tree
>>> stage 2.2: rebuilding the object tree
>>> stage 2.3: build tools
>>> stage 3: cross tools
>>> stage 4.1: building includes
>>> stage 4.2: building libraries
[...]
===> lib/libiconv_modules/UTF8 (all)
cc  -fPIC -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/UTF8/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -fstack-protector -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings 
-Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline 
-Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/UTF8/citrus_utf8.c -o citrus_utf8.So
building shared library libUTF8.so.4
===> lib/libiconv_modules/VIQR (all)
cc  -fPIC -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/VIQR/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -fstack-protector -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings 
-Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline 
-Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/VIQR/citrus_viqr.c -o citrus_viqr.So
cc1: warnings being treated as errors
/src/lib/libiconv_modules/VIQR/citrus_viqr.c: In function 
'_citrus_VIQR_encoding_module_init':
/src/lib/libiconv_modules/VIQR/citrus_viqr.c:460: warning: comparison of 
unsigned expression < 0 is always false
*** Error code 1

Stop.
bmake[5]: stopped in /src/lib/libiconv_modules/VIQR
*** Error code 1

Stop.
bmake[4]: stopped in /src/lib/libiconv_modules
*** Error code 1

Stop.
bmake[3]: stopped in /src/lib
*** Error code 1

Stop.
bmake[2]: stopped in /src
*** Error code 1

Stop.
bmake[1]: stopped in /src
*** Error code 1

Stop.
bmake: stopped in /src
*** Error code 1

Stop in /src.
TB --- 2014-02-25 00:12:08 - WARNING: /usr/bin/make returned exit code  1 
TB --- 2014-02-25 00:12:08 - ERROR: failed to build world
TB --- 2014-02-25 00:12:08 - 1253.09 user 287.77 system 1627.07 real


http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-sparc64-sparc64.full
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[head tinderbox] failure on powerpc64/powerpc

2014-02-24 Thread FreeBSD Tinderbox
TB --- 2014-02-24 23:32:29 - tinderbox 2.20 running on freebsd-current.sentex.ca
TB --- 2014-02-24 23:32:29 - FreeBSD freebsd-current.sentex.ca 8.3-PRERELEASE 
FreeBSD 8.3-PRERELEASE #0: Mon Mar 26 13:54:12 EDT 2012 
d...@freebsd-current.sentex.ca:/usr/obj/usr/src/sys/GENERIC  amd64
TB --- 2014-02-24 23:32:29 - starting HEAD tinderbox run for powerpc64/powerpc
TB --- 2014-02-24 23:32:29 - cleaning the object tree
TB --- 2014-02-24 23:32:29 - /usr/local/bin/svn stat /src
TB --- 2014-02-24 23:32:32 - At svn revision 262455
TB --- 2014-02-24 23:32:33 - building world
TB --- 2014-02-24 23:32:33 - CROSS_BUILD_TESTING=YES
TB --- 2014-02-24 23:32:33 - MAKEOBJDIRPREFIX=/obj
TB --- 2014-02-24 23:32:33 - PATH=/usr/bin:/usr/sbin:/bin:/sbin
TB --- 2014-02-24 23:32:33 - SRCCONF=/dev/null
TB --- 2014-02-24 23:32:33 - TARGET=powerpc
TB --- 2014-02-24 23:32:33 - TARGET_ARCH=powerpc64
TB --- 2014-02-24 23:32:33 - TZ=UTC
TB --- 2014-02-24 23:32:33 - __MAKE_CONF=/dev/null
TB --- 2014-02-24 23:32:33 - cd /src
TB --- 2014-02-24 23:32:33 - /usr/bin/make -B buildworld
>>> Building an up-to-date make(1)
>>> World build started on Mon Feb 24 23:32:40 UTC 2014
>>> Rebuilding the temporary build tree
>>> stage 1.1: legacy release compatibility shims
>>> stage 1.2: bootstrap tools
>>> stage 2.1: cleaning up the object tree
>>> stage 2.2: rebuilding the object tree
>>> stage 2.3: build tools
>>> stage 3: cross tools
>>> stage 4.1: building includes
>>> stage 4.2: building libraries
[...]
===> lib/libiconv_modules/UTF8 (all)
cc  -fpic -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/UTF8/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -fstack-protector -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings 
-Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline 
-Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/UTF8/citrus_utf8.c -o citrus_utf8.So
building shared library libUTF8.so.4
===> lib/libiconv_modules/VIQR (all)
cc  -fpic -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/VIQR/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -fstack-protector -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings 
-Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline 
-Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/VIQR/citrus_viqr.c -o citrus_viqr.So
cc1: warnings being treated as errors
/src/lib/libiconv_modules/VIQR/citrus_viqr.c: In function 
'_citrus_VIQR_encoding_module_init':
/src/lib/libiconv_modules/VIQR/citrus_viqr.c:460: warning: comparison of 
unsigned expression < 0 is always false
*** Error code 1

Stop.
bmake[5]: stopped in /src/lib/libiconv_modules/VIQR
*** Error code 1

Stop.
bmake[4]: stopped in /src/lib/libiconv_modules
*** Error code 1

Stop.
bmake[3]: stopped in /src/lib
*** Error code 1

Stop.
bmake[2]: stopped in /src
*** Error code 1

Stop.
bmake[1]: stopped in /src
*** Error code 1

Stop.
bmake: stopped in /src
*** Error code 1

Stop in /src.
TB --- 2014-02-25 00:09:49 - WARNING: /usr/bin/make returned exit code  1 
TB --- 2014-02-25 00:09:49 - ERROR: failed to build world
TB --- 2014-02-25 00:09:49 - 1740.28 user 364.45 system 2239.88 real


http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-powerpc64-powerpc.full
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[head tinderbox] failure on powerpc/powerpc

2014-02-24 Thread FreeBSD Tinderbox
TB --- 2014-02-24 23:23:18 - tinderbox 2.20 running on freebsd-current.sentex.ca
TB --- 2014-02-24 23:23:18 - FreeBSD freebsd-current.sentex.ca 8.3-PRERELEASE 
FreeBSD 8.3-PRERELEASE #0: Mon Mar 26 13:54:12 EDT 2012 
d...@freebsd-current.sentex.ca:/usr/obj/usr/src/sys/GENERIC  amd64
TB --- 2014-02-24 23:23:18 - starting HEAD tinderbox run for powerpc/powerpc
TB --- 2014-02-24 23:23:18 - cleaning the object tree
TB --- 2014-02-24 23:23:18 - /usr/local/bin/svn stat /src
TB --- 2014-02-24 23:23:22 - At svn revision 262455
TB --- 2014-02-24 23:23:23 - building world
TB --- 2014-02-24 23:23:23 - CROSS_BUILD_TESTING=YES
TB --- 2014-02-24 23:23:23 - MAKEOBJDIRPREFIX=/obj
TB --- 2014-02-24 23:23:23 - PATH=/usr/bin:/usr/sbin:/bin:/sbin
TB --- 2014-02-24 23:23:23 - SRCCONF=/dev/null
TB --- 2014-02-24 23:23:23 - TARGET=powerpc
TB --- 2014-02-24 23:23:23 - TARGET_ARCH=powerpc
TB --- 2014-02-24 23:23:23 - TZ=UTC
TB --- 2014-02-24 23:23:23 - __MAKE_CONF=/dev/null
TB --- 2014-02-24 23:23:23 - cd /src
TB --- 2014-02-24 23:23:23 - /usr/bin/make -B buildworld
>>> Building an up-to-date make(1)
>>> World build started on Mon Feb 24 23:23:29 UTC 2014
>>> Rebuilding the temporary build tree
>>> stage 1.1: legacy release compatibility shims
>>> stage 1.2: bootstrap tools
>>> stage 2.1: cleaning up the object tree
>>> stage 2.2: rebuilding the object tree
>>> stage 2.3: build tools
>>> stage 3: cross tools
>>> stage 4.1: building includes
>>> stage 4.2: building libraries
[...]
===> lib/libiconv_modules/UTF8 (all)
cc  -fpic -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/UTF8/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -fstack-protector -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings 
-Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline 
-Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/UTF8/citrus_utf8.c -o citrus_utf8.So
building shared library libUTF8.so.4
===> lib/libiconv_modules/VIQR (all)
cc  -fpic -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/VIQR/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -fstack-protector -Wsystem-headers -Werror -Wall 
-Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes 
-Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings 
-Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline 
-Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/VIQR/citrus_viqr.c -o citrus_viqr.So
cc1: warnings being treated as errors
/src/lib/libiconv_modules/VIQR/citrus_viqr.c: In function 
'_citrus_VIQR_encoding_module_init':
/src/lib/libiconv_modules/VIQR/citrus_viqr.c:460: warning: comparison of 
unsigned expression < 0 is always false
*** Error code 1

Stop.
bmake[5]: stopped in /src/lib/libiconv_modules/VIQR
*** Error code 1

Stop.
bmake[4]: stopped in /src/lib/libiconv_modules
*** Error code 1

Stop.
bmake[3]: stopped in /src/lib
*** Error code 1

Stop.
bmake[2]: stopped in /src
*** Error code 1

Stop.
bmake[1]: stopped in /src
*** Error code 1

Stop.
bmake: stopped in /src
*** Error code 1

Stop in /src.
TB --- 2014-02-25 00:00:24 - WARNING: /usr/bin/make returned exit code  1 
TB --- 2014-02-25 00:00:24 - ERROR: failed to build world
TB --- 2014-02-25 00:00:24 - 1733.25 user 338.78 system 2225.26 real


http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-powerpc-powerpc.full
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[head tinderbox] failure on mips64/mips

2014-02-24 Thread FreeBSD Tinderbox
TB --- 2014-02-24 23:19:00 - tinderbox 2.20 running on freebsd-current.sentex.ca
TB --- 2014-02-24 23:19:00 - FreeBSD freebsd-current.sentex.ca 8.3-PRERELEASE 
FreeBSD 8.3-PRERELEASE #0: Mon Mar 26 13:54:12 EDT 2012 
d...@freebsd-current.sentex.ca:/usr/obj/usr/src/sys/GENERIC  amd64
TB --- 2014-02-24 23:19:00 - starting HEAD tinderbox run for mips64/mips
TB --- 2014-02-24 23:19:00 - cleaning the object tree
TB --- 2014-02-24 23:19:00 - /usr/local/bin/svn stat /src
TB --- 2014-02-24 23:19:03 - At svn revision 262455
TB --- 2014-02-24 23:19:04 - building world
TB --- 2014-02-24 23:19:04 - CROSS_BUILD_TESTING=YES
TB --- 2014-02-24 23:19:04 - MAKEOBJDIRPREFIX=/obj
TB --- 2014-02-24 23:19:04 - PATH=/usr/bin:/usr/sbin:/bin:/sbin
TB --- 2014-02-24 23:19:04 - SRCCONF=/dev/null
TB --- 2014-02-24 23:19:04 - TARGET=mips
TB --- 2014-02-24 23:19:04 - TARGET_ARCH=mips64
TB --- 2014-02-24 23:19:04 - TZ=UTC
TB --- 2014-02-24 23:19:04 - __MAKE_CONF=/dev/null
TB --- 2014-02-24 23:19:04 - cd /src
TB --- 2014-02-24 23:19:04 - /usr/bin/make -B buildworld
>>> Building an up-to-date make(1)
>>> World build started on Mon Feb 24 23:19:11 UTC 2014
>>> Rebuilding the temporary build tree
>>> stage 1.1: legacy release compatibility shims
>>> stage 1.2: bootstrap tools
>>> stage 2.1: cleaning up the object tree
>>> stage 2.2: rebuilding the object tree
>>> stage 2.3: build tools
>>> stage 3: cross tools
>>> stage 4.1: building includes
>>> stage 4.2: building libraries
[...]
===> lib/libiconv_modules/UTF8 (all)
cc  -fpic -DPIC  -O -pipe -G0  
-I/src/lib/libiconv_modules/UTF8/../../libc/iconv -Dbool=_Bool -std=gnu99  
-Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/UTF8/citrus_utf8.c -o citrus_utf8.So
building shared library libUTF8.so.4
===> lib/libiconv_modules/VIQR (all)
cc  -fpic -DPIC  -O -pipe -G0  
-I/src/lib/libiconv_modules/VIQR/../../libc/iconv -Dbool=_Bool -std=gnu99  
-Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/VIQR/citrus_viqr.c -o citrus_viqr.So
cc1: warnings being treated as errors
/src/lib/libiconv_modules/VIQR/citrus_viqr.c: In function 
'_citrus_VIQR_encoding_module_init':
/src/lib/libiconv_modules/VIQR/citrus_viqr.c:460: warning: comparison of 
unsigned expression < 0 is always false
*** Error code 1

Stop.
bmake[5]: stopped in /src/lib/libiconv_modules/VIQR
*** Error code 1

Stop.
bmake[4]: stopped in /src/lib/libiconv_modules
*** Error code 1

Stop.
bmake[3]: stopped in /src/lib
*** Error code 1

Stop.
bmake[2]: stopped in /src
*** Error code 1

Stop.
bmake[1]: stopped in /src
*** Error code 1

Stop.
bmake: stopped in /src
*** Error code 1

Stop in /src.
TB --- 2014-02-24 23:45:00 - WARNING: /usr/bin/make returned exit code  1 
TB --- 2014-02-24 23:45:00 - ERROR: failed to build world
TB --- 2014-02-24 23:45:00 - 1173.83 user 280.47 system 1560.18 real


http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-mips64-mips.full
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[head tinderbox] failure on mips/mips

2014-02-24 Thread FreeBSD Tinderbox
TB --- 2014-02-24 22:55:50 - tinderbox 2.20 running on freebsd-current.sentex.ca
TB --- 2014-02-24 22:55:50 - FreeBSD freebsd-current.sentex.ca 8.3-PRERELEASE 
FreeBSD 8.3-PRERELEASE #0: Mon Mar 26 13:54:12 EDT 2012 
d...@freebsd-current.sentex.ca:/usr/obj/usr/src/sys/GENERIC  amd64
TB --- 2014-02-24 22:55:50 - starting HEAD tinderbox run for mips/mips
TB --- 2014-02-24 22:55:50 - cleaning the object tree
TB --- 2014-02-24 22:55:50 - /usr/local/bin/svn stat /src
TB --- 2014-02-24 22:55:53 - At svn revision 262455
TB --- 2014-02-24 22:55:54 - building world
TB --- 2014-02-24 22:55:54 - CROSS_BUILD_TESTING=YES
TB --- 2014-02-24 22:55:54 - MAKEOBJDIRPREFIX=/obj
TB --- 2014-02-24 22:55:54 - PATH=/usr/bin:/usr/sbin:/bin:/sbin
TB --- 2014-02-24 22:55:54 - SRCCONF=/dev/null
TB --- 2014-02-24 22:55:54 - TARGET=mips
TB --- 2014-02-24 22:55:54 - TARGET_ARCH=mips
TB --- 2014-02-24 22:55:54 - TZ=UTC
TB --- 2014-02-24 22:55:54 - __MAKE_CONF=/dev/null
TB --- 2014-02-24 22:55:54 - cd /src
TB --- 2014-02-24 22:55:54 - /usr/bin/make -B buildworld
>>> Building an up-to-date make(1)
>>> World build started on Mon Feb 24 22:56:01 UTC 2014
>>> Rebuilding the temporary build tree
>>> stage 1.1: legacy release compatibility shims
>>> stage 1.2: bootstrap tools
>>> stage 2.1: cleaning up the object tree
>>> stage 2.2: rebuilding the object tree
>>> stage 2.3: build tools
>>> stage 3: cross tools
>>> stage 4.1: building includes
>>> stage 4.2: building libraries
[...]
===> lib/libiconv_modules/UTF8 (all)
cc  -fpic -DPIC  -O -pipe -G0  
-I/src/lib/libiconv_modules/UTF8/../../libc/iconv -Dbool=_Bool -std=gnu99  
-Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/UTF8/citrus_utf8.c -o citrus_utf8.So
building shared library libUTF8.so.4
===> lib/libiconv_modules/VIQR (all)
cc  -fpic -DPIC  -O -pipe -G0  
-I/src/lib/libiconv_modules/VIQR/../../libc/iconv -Dbool=_Bool -std=gnu99  
-Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/VIQR/citrus_viqr.c -o citrus_viqr.So
cc1: warnings being treated as errors
/src/lib/libiconv_modules/VIQR/citrus_viqr.c: In function 
'_citrus_VIQR_encoding_module_init':
/src/lib/libiconv_modules/VIQR/citrus_viqr.c:460: warning: comparison of 
unsigned expression < 0 is always false
*** Error code 1

Stop.
bmake[5]: stopped in /src/lib/libiconv_modules/VIQR
*** Error code 1

Stop.
bmake[4]: stopped in /src/lib/libiconv_modules
*** Error code 1

Stop.
bmake[3]: stopped in /src/lib
*** Error code 1

Stop.
bmake[2]: stopped in /src
*** Error code 1

Stop.
bmake[1]: stopped in /src
*** Error code 1

Stop.
bmake: stopped in /src
*** Error code 1

Stop in /src.
TB --- 2014-02-24 23:23:18 - WARNING: /usr/bin/make returned exit code  1 
TB --- 2014-02-24 23:23:18 - ERROR: failed to build world
TB --- 2014-02-24 23:23:18 - 1181.09 user 333.38 system 1647.40 real


http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-mips-mips.full
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


FreeBSD in GSoC 2014! (mentors wanted)

2014-02-24 Thread Wojciech A. Koszek
(cross-posted message; keep discussion on hackers@ only)

Hello,

So we're in GSOC 2014! Our logo is featured on the main website:

http://www.google-melange.com/gsoc/homepage/google/gsoc2014

Everybody can submit ideas through a web form:

http://tinyurl.com/FreeBSD-GSOC2014

To help, please add/review/revisit ideas from the FreeBSD Wiki and provide
mentorship!

https://wiki.freebsd.org/SummerOfCode2014

There are ideas without mentors and ideas with only 1 mentor, as well as
tasks which haven't been reviewed..

Help would be appreciated,

Thanks,

-- 
Wojciech A. Koszek
wkos...@freebsd.czest.pl
http://FreeBSD.czest.pl/~wkoszek/
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[head tinderbox] failure on ia64/ia64

2014-02-24 Thread FreeBSD Tinderbox
TB --- 2014-02-24 22:43:14 - tinderbox 2.20 running on freebsd-current.sentex.ca
TB --- 2014-02-24 22:43:14 - FreeBSD freebsd-current.sentex.ca 8.3-PRERELEASE 
FreeBSD 8.3-PRERELEASE #0: Mon Mar 26 13:54:12 EDT 2012 
d...@freebsd-current.sentex.ca:/usr/obj/usr/src/sys/GENERIC  amd64
TB --- 2014-02-24 22:43:14 - starting HEAD tinderbox run for ia64/ia64
TB --- 2014-02-24 22:43:14 - cleaning the object tree
TB --- 2014-02-24 22:43:14 - /usr/local/bin/svn stat /src
TB --- 2014-02-24 22:43:23 - At svn revision 262455
TB --- 2014-02-24 22:43:24 - building world
TB --- 2014-02-24 22:43:24 - CROSS_BUILD_TESTING=YES
TB --- 2014-02-24 22:43:24 - MAKEOBJDIRPREFIX=/obj
TB --- 2014-02-24 22:43:24 - PATH=/usr/bin:/usr/sbin:/bin:/sbin
TB --- 2014-02-24 22:43:24 - SRCCONF=/dev/null
TB --- 2014-02-24 22:43:24 - TARGET=ia64
TB --- 2014-02-24 22:43:24 - TARGET_ARCH=ia64
TB --- 2014-02-24 22:43:24 - TZ=UTC
TB --- 2014-02-24 22:43:24 - __MAKE_CONF=/dev/null
TB --- 2014-02-24 22:43:24 - cd /src
TB --- 2014-02-24 22:43:24 - /usr/bin/make -B buildworld
>>> Building an up-to-date make(1)
>>> World build started on Mon Feb 24 22:43:30 UTC 2014
>>> Rebuilding the temporary build tree
>>> stage 1.1: legacy release compatibility shims
>>> stage 1.2: bootstrap tools
>>> stage 2.1: cleaning up the object tree
>>> stage 2.2: rebuilding the object tree
>>> stage 2.3: build tools
>>> stage 3: cross tools
>>> stage 4.1: building includes
>>> stage 4.2: building libraries
[...]
===> lib/libiconv_modules/UTF8 (all)
cc  -fpic -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/UTF8/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -Wsystem-headers -Werror -Wall -Wno-format-y2k -W 
-Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith 
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter 
-Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/UTF8/citrus_utf8.c -o citrus_utf8.So
building shared library libUTF8.so.4
===> lib/libiconv_modules/VIQR (all)
cc  -fpic -DPIC  -O2 -pipe  -I/src/lib/libiconv_modules/VIQR/../../libc/iconv 
-Dbool=_Bool -std=gnu99  -Wsystem-headers -Werror -Wall -Wno-format-y2k -W 
-Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith 
-Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter 
-Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -c 
/src/lib/libiconv_modules/VIQR/citrus_viqr.c -o citrus_viqr.So
cc1: warnings being treated as errors
/src/lib/libiconv_modules/VIQR/citrus_viqr.c: In function 
'_citrus_VIQR_encoding_module_init':
/src/lib/libiconv_modules/VIQR/citrus_viqr.c:460: warning: comparison of 
unsigned expression < 0 is always false
*** Error code 1

Stop.
bmake[5]: stopped in /src/lib/libiconv_modules/VIQR
*** Error code 1

Stop.
bmake[4]: stopped in /src/lib/libiconv_modules
*** Error code 1

Stop.
bmake[3]: stopped in /src/lib
*** Error code 1

Stop.
bmake[2]: stopped in /src
*** Error code 1

Stop.
bmake[1]: stopped in /src
*** Error code 1

Stop.
bmake: stopped in /src
*** Error code 1

Stop in /src.
TB --- 2014-02-24 23:18:59 - WARNING: /usr/bin/make returned exit code  1 
TB --- 2014-02-24 23:18:59 - ERROR: failed to build world
TB --- 2014-02-24 23:18:59 - 1585.11 user 390.16 system 2144.81 real


http://tinderbox.freebsd.org/tinderbox-head-build-HEAD-ia64-ia64.full
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Jilles Tjoelker
On Mon, Feb 24, 2014 at 07:01:54PM +0400, Slawa Olhovchenkov wrote:
> On Mon, Feb 24, 2014 at 03:30:14PM +0100, Baptiste Daroussin wrote:

> > On Mon, Feb 24, 2014 at 06:17:37PM +0400, Slawa Olhovchenkov wrote:
> > > On Sun, Feb 23, 2014 at 10:11:56PM +0100, Baptiste Daroussin wrote:

> > > > As some of you may have noticed, I have imorted a couple of days
> > > > ago dma (DragonFly Mail Agent) in base. I have been asked to
> > > > explain my motivation so here they are.

> > > What's about suid, security separations & etc?

> > What do you mean? dma is changing user as soon as possible, dma will
> > be capsicumized, what else do you want as informations?

> sendmail (in the past) have same behaviour (run as root and chage
> user).
> This is some security risk.
> For many  scenario change user is not simple (for example -- send file
> from local user A to local user B, file with permsion 0400).
> sendmail will be forced to change behaviour -- mailnull suid program
> for place mail into queue and root daemon for deliver to user.
> This is more complex.
> Can be dma avoid this way?

I'm a bit disappointed that dma uses setuid/setgid binaries, although it
is not a regression because sendmail also uses this Unix misfeature.

To avoid the large attack surface of set*id binaries (the untrusted user
can set many process parameters, pass strange file descriptors, send
signals, etc), I think it is better to implement trusted submission
differently. A privileged daemon (not necessarily running as root) can
listen on a Unix domain socket and use getpeereid(3) to verify the
credentials of the client.

Note that the largest gain with set*id binaries is obtained when the
last set*id binary is removed; we are pretty far from that.

-- 
Jilles Tjoelker
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Slawa Olhovchenkov
On Mon, Feb 24, 2014 at 10:00:57AM -0800, Don Lewis wrote:

> I forgot to mention that the command line tools are feel cumbersome.  To
> restart a service:
>   FreeBSD:   /etc/rc.d/foo restart

service foo restart

>   Old Linux: /etc/init.d/foo restart

service foo restart

>   Systemd:   systemctl restart foo.service
> seems worse that that when I'm actually typing it ...
> 
> > Would it take seemingly forever?
> > 
> > I would like to try systemd in Linux, can't say at this stage whether
> > I'll like it, hate it, or somewhere in between.
> 
> There's no substitute for firsthand experience.
> 
> ___
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Mark Felder


On Mon, Feb 24, 2014, at 12:46, Bryan Drewery wrote:
> On 2/23/2014 3:11 PM, Baptiste Daroussin wrote:
> > Hi,
> > 
> > As some of you may have noticed, I have imorted a couple of days ago dma
> > (DragonFly Mail Agent) in base. I have been asked to explain my motivation 
> > so
> > here they are.
> > 
> 
> Does this support a /usr/sbin/sendmail wrapper for sending mail through
> CLI?
> 

Yes.

mailer.conf:

sendmail/usr/local/libexec/dma
send-mail   /usr/local/libexec/dma
mailq   /usr/local/libexec/dma
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Hans Ottevanger
On 02/24/14 17:16, Lucius Rizzo wrote:
> * Bryan Drewery  [2014-02-24 09:40]:
>  
>> Remembering the time I spent trying to configure sendmail to not accept
>> inbound mail, and trying to get it to behave how I want, I fully support
>> this. Of all the years I've messed with sendmail, I still have little
>> understanding of how to configure it or if I've done it right.
> 
> Hush! No sendmail hating :P. I remember it being a right of passage to
> graduate to a ^real^ UNIX admin when you had lost half of your hair
> while working on sendmail.cf. In a era now long gone, I remember
> carrying the sendmail bible (thick with detailed instructions on cf
> vars) as protection vs. say a baseball bat. 
> 
> The Sendmail manual was thick, heavy and while I never did use it as a
> weapon; I had imagined many times throwing it at a server and see if
> that maybe fixed the problem with sendmail.cf.
> 
> I've worked with MTA's a lot. I have hated and loved Sendmail. ATM, I am
> back in my I <3 Sendmail mode and have it running quite well -- with a
> lot of cool milters on some of my servers. But sendmail is not for the
> faint of heart, or ones who are at risk of hair loss. In fact, I would
> highly discourage sendmail use in the latter case. 
> 
>> My exaggerated view of sendmail as a user:
> 
> [...]
> 
> Poof..that's easy :P
> 
>>> # Uncomment if you want STARTTLS support (only used in combination
>>> with # SECURETRANSFER) #STARTTLS
>>
>> Yes please. Simple.
>>
>> I'm not sure where to even start with sendmail to enable those
>> options.
> 
> 
> See! That wasn't hard at all!! I don't get why people get so worried.
> What you posted was mostly mc stuff anyways. I would be far more
> impressed if you would have debugged that in the cf or via sendmail
> flags. :)))
> 
> I often use ssmtp on servers that run Wordpress etc and collect most
> mail to a mailhub which routes it internally and externally. 
> 
> I <3 Sendmail.
> 

I have been using Sendmail for about 25 years now and I must say that I
still find it quite satisfactory, though a bit overkill for the current
needs of me and my customers. And I certainly lost a lot of hair, but
not just due to using Sendmail 8-). So you understand that I grew quite
attached to Sendmail. Nevertheless, I would like see Sendmail moved to
ports and replaced by DMA in base, as proposed by Baptiste. Sendmail can
receive much better care as a port and it also should become much easier
to configure it for special needs (authentication, etc). This would also
open possibilities to experiment more with newer and lighter MTA's like
Postfix and OpenSMTPD without having parts of sendmail still lying
around and sendmail being rebuilt on every buildworld.

Go for it, and don't wait too long!

Kind regards,

Hans




___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Nikolai Lifanov
On 02/24/14 13:00, Don Lewis wrote:
> On 24 Feb, Thomas Mueller wrote:
>> from Don Lewis:
>>
>>> I've got a Fedora server here that has systemd and I've come to
>>> dislike it.  It seems to be one of those "Do not open.  No user
>>> serviceable parts inside." sorts of things.
>>   
>>> I was never able to get it to start NUT properly.
>>   
>>> More often than not, it fails to come up multi-user.  The machine has
>>> a large number of disks (mostly JFS and XFS) attached to it, and even
>>> after what I think should be a clean shutdown, it seems to want to
>>> fsck a bunch of them. Unfortunately, there seems to be some sort of
>>> timeout on that, so a bunch get skipped and then don't get mounted. 
>>> I have to manually fsck everything in single user mode.  Then if I
>>> reboot, it
>>> *might* come up properly.  I haven't been able to find any knobs to
>>> adjust the timeout.  Sometimes, there is just a message that says
>>> something like "an error occurred" at the top of the screen, just
>>> before the prompt for the single-user password, with no clue as to
>>> what it is unhappy about.
>>
>>> Emergency shutdown can also be a problem.  If I'm around when the
>>> power fails, I manually try to shut down the machine before the UPS
>>> battery runs down.  I don't have the screen on the UPS, so I hit the
>>> power button and cross my fingers that the machine will make it
>>> through the clean shutdown sequence in time.  It seems to take
>>> forever (many minutes) and I have no idea what the heck it is
>>> spending all of its time on.
>>
>>> The documentation seems to be very sparse.
>>
>>> My plan is to migrate this function to a FreeBSD server.
>>
>> This looks scandalously slow.  It reminds me of the time with OS/2
>> Warp 4 in the late 1990s when I had to close Netscape web browser in
>> preparation for shutdown, and it took 15 minutes because it was a hog
>> for memory, by late 1990s standards.  I had 20 MB RAM, not bad for
>> those days.
>>
>> What would happen if you typed at the command prompt
>> shutdown -r now
>> or
>> shutdown -p now
>> ?
>> Would it take seemingly forever?
> 
> In Linux-land "shutdown -h now" does what our "shutdown -p now" does.
> For whatever reason, doing shutdown that way seems faster.  That's not
> so handy for me in the power loss case because the machine is running X
> and is most likely sitting in the screensaver.  Switching to another
> vty, doing a root login, and typing in the shutdown command is a lot of
> typing to get right while flying blind without a monitor.
> 
> There might also be a slowdown due to the network being down, though
> it's hard to tell in my case.  I'm also not using NFS, which would be
> the obvious culprit.
> 
> I forgot to mention that the command line tools are feel cumbersome.  To
> restart a service:
>   FreeBSD:   /etc/rc.d/foo restart
>   Old Linux: /etc/init.d/foo restart
>   Systemd:   systemctl restart foo.service
> seems worse that that when I'm actually typing it ...
> 

The Handbook-recommended invocation, which also works on linux, is
"service foo restart".

>> Would it take seemingly forever?
>>
>> I would like to try systemd in Linux, can't say at this stage whether
>> I'll like it, hate it, or somewhere in between.
> 
> There's no substitute for firsthand experience.
> 

- Nikolai Lifanov
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Bryan Drewery
On 2/23/2014 3:11 PM, Baptiste Daroussin wrote:
> Hi,
> 
> As some of you may have noticed, I have imorted a couple of days ago dma
> (DragonFly Mail Agent) in base. I have been asked to explain my motivation so
> here they are.
> 

Does this support a /usr/sbin/sendmail wrapper for sending mail through CLI?

-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature


Re: [HEADSUP] Jenkins running in FreeBSD cluster

2014-02-24 Thread Craig Rodrigues
On Feb 24, 2014 6:06 AM, "Jonathan Anderson"  wrote:
>
> This is great stuff, thanks!
>
> Can you say what the relationship with tinderbox is intended to be? Is
this supposed to subsume tinderbox, or will they have different niches? Is
Jenkins going to start e-mailing likely culprits (with e.g.
https://wiki.jenkins-ci.org/display/JENKINS/Email-ext+plugin)? Also, can we
see more architectures built by Jenkins?
>
> Thanks,
>
>
> Jon

Although Jenkins has a lot of tinderbox-like functionality, the effort to
set up Jenkins in the FreeBSD cluster is independent of the current FreeBSD
Tinderbox system.  The FreeBSD Tinderbox is maintained by a separate set of
volunteers, and we wish to peacefully coexist with all FreeBSD volunteer
projects.

However, if you have any ideas for expanded use of Jenkins in the FreeBSD
cluster, such as email notifications, take a look at the contact
information on our web page and let us know:

http://wiki.freebsd.org/Jenkins

We are open to feedback, and are just getting started!

--
Craig
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Joe Nosay
On Mon, Feb 24, 2014 at 1:07 PM, Joe Nosay  wrote:

>
>
>
> On Mon, Feb 24, 2014 at 12:53 PM, Mark Felder  wrote:
>
>>
>>
>> On Mon, Feb 24, 2014, at 9:50, Lyndon Nerenberg wrote:
>> >
>> > On Feb 24, 2014, at 7:40 AM, Bryan Drewery 
>> wrote:
>> >
>> > > Anything not meeting the bare-bones criteria can be installed with
>> 'pkg
>> > > install' or ports.
>> >
>> > Try this in a shop where all your machines are completely air-gapped
>> from
>> > the internet.
>> > Email had 1 attachment:
>> > + signature.asc
>> >   1k (application/pgp-signature)
>>
>> You might want to consult with Devin Teske. He deals with mass
>> installations of airgapped FreeBSD and may be able to lend some tips on
>> how he has tackled such challenges provided he doesn't have a massive
>> NDA preventing him from talking about these high level details.
>> ___
>> freebsd-current@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org
>> "
>>
>
>
> Since Nathan did the basic setup of bsdinstall, why not ask him if it can
> be configured with an options screen?
> On the screen, let the user have his/her choice for mail agent, time
> server, et al; but, the user is able to only choose one. Just an isea.
>

I meant "idea". Sorry
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Joe Nosay
On Mon, Feb 24, 2014 at 12:53 PM, Mark Felder  wrote:

>
>
> On Mon, Feb 24, 2014, at 9:50, Lyndon Nerenberg wrote:
> >
> > On Feb 24, 2014, at 7:40 AM, Bryan Drewery  wrote:
> >
> > > Anything not meeting the bare-bones criteria can be installed with 'pkg
> > > install' or ports.
> >
> > Try this in a shop where all your machines are completely air-gapped from
> > the internet.
> > Email had 1 attachment:
> > + signature.asc
> >   1k (application/pgp-signature)
>
> You might want to consult with Devin Teske. He deals with mass
> installations of airgapped FreeBSD and may be able to lend some tips on
> how he has tackled such challenges provided he doesn't have a massive
> NDA preventing him from talking about these high level details.
> ___
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
>


Since Nathan did the basic setup of bsdinstall, why not ask him if it can
be configured with an options screen?
On the screen, let the user have his/her choice for mail agent, time
server, et al; but, the user is able to only choose one. Just an isea.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Don Lewis
On 23 Feb, David Chisnall wrote:

> 5) In a world where we're moving towards sandboxing services via
> Capsicum, the service launcher needs to be able to create services
> with a potentially large set of initial file descriptors (including a
> socket to Casper), based on the configuration policy.

I don't think we want to lose the option of running the daemon in debug
mode in the foreground with extra verbosity sent to stdout/stderr and
possibly launched from gdb.

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Don Lewis
On 24 Feb, Thomas Mueller wrote:
> from Don Lewis:
> 
>> I've got a Fedora server here that has systemd and I've come to
>> dislike it.  It seems to be one of those "Do not open.  No user
>> serviceable parts inside." sorts of things.
>   
>> I was never able to get it to start NUT properly.
>   
>> More often than not, it fails to come up multi-user.  The machine has
>> a large number of disks (mostly JFS and XFS) attached to it, and even
>> after what I think should be a clean shutdown, it seems to want to
>> fsck a bunch of them. Unfortunately, there seems to be some sort of
>> timeout on that, so a bunch get skipped and then don't get mounted. 
>> I have to manually fsck everything in single user mode.  Then if I
>> reboot, it
>> *might* come up properly.  I haven't been able to find any knobs to
>> adjust the timeout.  Sometimes, there is just a message that says
>> something like "an error occurred" at the top of the screen, just
>> before the prompt for the single-user password, with no clue as to
>> what it is unhappy about.
> 
>> Emergency shutdown can also be a problem.  If I'm around when the
>> power fails, I manually try to shut down the machine before the UPS
>> battery runs down.  I don't have the screen on the UPS, so I hit the
>> power button and cross my fingers that the machine will make it
>> through the clean shutdown sequence in time.  It seems to take
>> forever (many minutes) and I have no idea what the heck it is
>> spending all of its time on.
> 
>> The documentation seems to be very sparse.
> 
>> My plan is to migrate this function to a FreeBSD server.
> 
> This looks scandalously slow.  It reminds me of the time with OS/2
> Warp 4 in the late 1990s when I had to close Netscape web browser in
> preparation for shutdown, and it took 15 minutes because it was a hog
> for memory, by late 1990s standards.  I had 20 MB RAM, not bad for
> those days.
> 
> What would happen if you typed at the command prompt
> shutdown -r now
> or
> shutdown -p now
> ?
> Would it take seemingly forever?

In Linux-land "shutdown -h now" does what our "shutdown -p now" does.
For whatever reason, doing shutdown that way seems faster.  That's not
so handy for me in the power loss case because the machine is running X
and is most likely sitting in the screensaver.  Switching to another
vty, doing a root login, and typing in the shutdown command is a lot of
typing to get right while flying blind without a monitor.

There might also be a slowdown due to the network being down, though
it's hard to tell in my case.  I'm also not using NFS, which would be
the obvious culprit.

I forgot to mention that the command line tools are feel cumbersome.  To
restart a service:
FreeBSD:   /etc/rc.d/foo restart
Old Linux: /etc/init.d/foo restart
Systemd:   systemctl restart foo.service
seems worse that that when I'm actually typing it ...

> Would it take seemingly forever?
> 
> I would like to try systemd in Linux, can't say at this stage whether
> I'll like it, hate it, or somewhere in between.

There's no substitute for firsthand experience.

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Mark Felder


On Mon, Feb 24, 2014, at 9:50, Lyndon Nerenberg wrote:
> 
> On Feb 24, 2014, at 7:40 AM, Bryan Drewery  wrote:
> 
> > Anything not meeting the bare-bones criteria can be installed with 'pkg
> > install' or ports.
> 
> Try this in a shop where all your machines are completely air-gapped from
> the internet.
> Email had 1 attachment:
> + signature.asc
>   1k (application/pgp-signature)

You might want to consult with Devin Teske. He deals with mass
installations of airgapped FreeBSD and may be able to lend some tips on
how he has tackled such challenges provided he doesn't have a massive
NDA preventing him from talking about these high level details.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Mark Felder
On Mon, Feb 24, 2014, at 8:56, Daniel Kalchev wrote:
> 
> On 24.02.14 13:47, Thomas Mueller wrote:
> > I don't believe BSD users use base system of itself to send and receive 
> > email.  They use ports (FreeBSD) or equivalent in other BSDs.
> 
> One of the beauties of the BSD 'base system' is that upon installation 
> you have an usable workstation/server environment that can be 
> immediately used for most Internet-related tasks -- and this most 
> certainly includes SMTP. Or NTP. Or... used to include DNS.
> 

And one of the warts is our dedication to long support on FreeBSD
releases; FreeBSD 8 is still supported with 8.3 and 8.4 releases.
RELENG_8 was branched in August of 2009. FreeBSD 8.4 has an estimated
EoL of June 30 2015. This is nearly 6 years since the original release
-- an incredible amount of time to be maintaining such complex software.
(Though I'm aware that Sendmail's release process is rather slow)

> We can strip pieces of FreeBSD off and end up with an kernel. Or we 
> could keep the system very much usable out of the box.
> 

Imagine a world where everything in FreeBSD is a package and we have a
working "PROVIDES" framework. Upon installation you can choose the
software that "provides" the MTA role. Same for DNS, NTP, database,
webserver... That would be a great accomplishment along with a framework
to create a master install image utilizing the options/packages you
desire. I think this type of thing is definitely plausible if we keep
moving forward. My personal opinion remains that complex software is
better served/secured/maintained when it is handled in ports not in
base.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Lyndon Nerenberg

On Feb 24, 2014, at 8:50 AM, David Chisnall  wrote:

> Or, purely hypothetically, if your goal was to make it work, you could just 
> use Poudriere which will take a list of packages that you need and build a 
> package set for you, which you can stick on a DVD / USB stick / whatever and 
> take into your production environment.

For all the air-gapped shops I dealt with, any package builds had to be done 
inside the air-gap.  (Those were the rules - I didn't make them.)

The bottom line was: the fewer external dependencies to build a basically 
useful system, the better.

> If Poudriere doesn't do what you want, then constructive feature requests are 
> always welcome (bapt likes having us add things to his to-do list - he has 
> way too much free time).

What would really help is if the ports fetch-recursive-list target could extend 
to reliably include the distfiles for the runtime dependencies as well.  But 
I'm not even sure that's possible.  We tried a few different things, but in the 
end we had to brute force it by running 'make fetch' in every one of the ports 
directories in order to get all the distfiles onto an external system, which we 
then rsynced to a USB drive, marched inside, and rsynced to the fileserver.  
Not pretty ... but with all the distfiles at hand we knew the inside ports 
builds wouldn't fail due to missing dependencies.

--lyndon



signature.asc
Description: Message signed with OpenPGP using GPGMail


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Poul-Henning Kamp
In message , Lyndon Nerenberg 
writes:

>On Feb 24, 2014, at 7:56 AM, Poul-Henning Kamp  =
>wrote:
>
>> Bullshit.
>
>Sounds like your week didn't get off to a good start.

No, I'm simply calling your argument bullshit, because it is.

>> You got FreeBSD in there in the first place, there clearly
>> is some kind of aperture through which software can migrate.
>
>Yes, we walk in a DVD-ROM with a FreeBSD installation image on it.

So put your packages on there as well, if they're not already there
(did you even check ?)

Or do a "cd /usr/ports && make fetch" and write a (number of ?) DVD's with 
the resulting distfiles, and carry those behind the firewall, knowing
that you have 20k pieces of software including NetHack and and an
INTERCAL compiler, so you will never be bored, no matter how long
airgap remains open.

I've been doing exactly that since 1998 and I know it is both
trivially easy and wonderfully assuring to the customer when you
can tell them:  "*All* the source code is here, and you are running
a system verifiably compiled from it."

Just recently one of those old but still running FreeBSD systems
were plucked out for a random audit.  They found the CD's in storage,
installed the FreeBSD 2.2.5 on a machine, also from storage,
recompiled everything from sources, built the embedded image,
installed the image and passed all the test-cases.

And yes, now we're talking about a much overdue upgrade.

QED:  Bullshit.

And no, we obviously should not move /bin/sh to ports, but
software maintained by compet^H^H^H^H^H^capable projects
outside of FreeBSD should not be imported into FreeBSD
absent compelling reasons, and already imported software
should be constantly scrutinized to see if there are better
solutions.

-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


[PATCH] Re: svn commit: r262439 - head/sys/dev/usb/input

2014-02-24 Thread David Wolfskill
I encountered an error during buildkernel:

...
===> usb/atp (all)
--- atp.o ---
clang -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc   
-DHAVE_KERNEL_OPTION_HEADERS -include 
/common/S4/obj/usr/src/sys/CANARY/opt_global.h -I. -I@ -I@/contrib/altq 
-fno-common -gdwarf-2 -I/common/S4/obj/usr/src/sys/CANARY  -mno-aes -mno-avx 
-mno-mmx -mno-sse -msoft-float -ffreestanding -fstack-protector 
-std=iso9899:1999 -Qunused-arguments  -fstack-protector -Wall -Wredundant-decls 
-Wnested-externs -Wstrict-prototypes  -Wmissing-prototypes -Wpointer-arith 
-Winline -Wcast-qual  -Wundef -Wno-pointer-sign -fformat-extensions  
-Wmissing-include-dirs -fdiagnostics-show-option  
-Wno-error-tautological-compare -Wno-error-empty-body  
-Wno-error-parentheses-equality -Wno-unused-function   -c 
/usr/src/sys/modules/usb/atp/../../../dev/usb/input/atp.c
/usr/src/sys/modules/usb/atp/../../../dev/usb/input/atp.c:797:40: error: unused 
variable 'atp_sensor_data_interpreters' [-Werror,-Wunused-const-variable]
static const sensor_data_interpreter_t 
atp_sensor_data_interpreters[TRACKPAD_FAMILY_MAX] = {
   ^
1 error generated.
*** [atp.o] Error code 1


The attached patch worked for me.

Now running:

FreeBSD 11.0-CURRENT #1172  r262439M/262439:119: Mon Feb 24 08:06:04 PST 
2014 root@localhost:/common/S4/obj/usr/src/sys/CANARY  i386

Peace,
david
-- 
David H. Wolfskill  da...@catwhisker.org
Taliban: Evil cowards with guns afraid of truth from a 14-year old girl.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Index: sys/dev/usb/input/atp.c
===
--- sys/dev/usb/input/atp.c	(revision 262439)
+++ sys/dev/usb/input/atp.c	(working copy)
@@ -794,11 +794,6 @@
 static void	 atp_reset_buf(struct atp_softc *);
 static void	 atp_add_to_queue(struct atp_softc *, int, int, int, uint32_t);
 
-static const sensor_data_interpreter_t atp_sensor_data_interpreters[TRACKPAD_FAMILY_MAX] = {
-	[TRACKPAD_FAMILY_FOUNTAIN_GEYSER] = fg_interpret_sensor_data,
-	[TRACKPAD_FAMILY_WELLSPRING]  = wsp_interpret_sensor_data,
-};
-
 /* Device methods. */
 static device_probe_t  atp_probe;
 static device_attach_t atp_attach;


pgpd4zSYOX4H_.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread David Chisnall
On 24 Feb 2014, at 16:39, Lyndon Nerenberg  wrote:

> If the above doesn't work, you have to fall back to ports.  And this is where 
> things get really hairy.  Just generating the list of required distfiles is 
> problematic. 'make fetch-recursive-list' will give you a script to run to 
> pull down the direct build dependencies, but this misses run-time 
> dependencies.  Generating that list takes a lot of manual work, and is *very* 
> time consuming.

Or, purely hypothetically, if your goal was to make it work, you could just use 
Poudriere which will take a list of packages that you need and build a package 
set for you, which you can stick on a DVD / USB stick / whatever and take into 
your production environment.  It will also let trivially update the package set 
to the latest version and build the packages with your specific configuration.

If you need an environment this customised, but don't want to use the tools 
specifically designed for building such a setup, then you don't really get to 
complain.  If Poudriere doesn't do what you want, then constructive feature 
requests are always welcome (bapt likes having us add things to his to-do list 
- he has way too much free time).

David

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Bryan Drewery
On 2/24/2014 10:16 AM, Lucius Rizzo wrote:
> * Bryan Drewery  [2014-02-24 09:40]:
>  
>> Remembering the time I spent trying to configure sendmail to not accept
>> inbound mail, and trying to get it to behave how I want, I fully support
>> this. Of all the years I've messed with sendmail, I still have little
>> understanding of how to configure it or if I've done it right.
> 
> Hush! No sendmail hating :P. I remember it being a right of passage to
> graduate to a ^real^ UNIX admin when you had lost half of your hair
> while working on sendmail.cf. In a era now long gone, I remember
> carrying the sendmail bible (thick with detailed instructions on cf
> vars) as protection vs. say a baseball bat. 
> 


I have the Oreilly sendmail book here and it's thicker than The Design
and Implementation of the FreeBSD Operating System. That's quite an
application!

-- 
Regards,
Bryan Drewery
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Lyndon Nerenberg
On Feb 24, 2014, at 7:56 AM, Poul-Henning Kamp  wrote:

> Bullshit.

Sounds like your week didn't get off to a good start.

> You got FreeBSD in there in the first place, there clearly
> is some kind of aperture through which software can migrate.

Yes, we walk in a DVD-ROM with a FreeBSD installation image on it.  This works 
because there is a self-contained installer that contains a very complete 
system.  Certainly enough to build things like file servers and network 
infrastructure machines (dhcp, ntp, other general network services).

Installing ports/pkgs, on the other hand, is a real pain.  For pre-built 
packages, you can build a list of dependencies, download the packages to an 
external machine, copy them to a portable drive, and walk them over to a shared 
filesystem.  This works, provided there are pre-built images of the package and 
its recursive dependency tree (and that they are configured in a way that works 
for your environment).

If the above doesn't work, you have to fall back to ports.  And this is where 
things get really hairy.  Just generating the list of required distfiles is 
problematic.  'make fetch-recursive-list' will give you a script to run to pull 
down the direct build dependencies, but this misses run-time dependencies.  
Generating that list takes a lot of manual work, and is *very* time consuming.

The increasing focus on securing systems from network attacks in only 
increasing the number of air-gapped environments (and I know this from first 
hand experience).  The sort of massive unbundling that a few people are tossing 
around here has the potential to exponentially increase the workload of people 
operating in the environments I have witnessed (and worked in).  I want them to 
realize that there are ramifications to those sort of changes that need to be 
taken into consideration.

These days UNIX tends to be single-user environment, for the most part.  
Because of that it is very easy for people to get into the mindset that "if I 
don't use it, nobody else uses it," and thus losing sight of the whole being so 
much greater than the sum of its parts.

That said, I can understand wanting to unbundle some of the very complex but 
lesser used components (e.g. bind).  But there's always a balancing act to be 
performed here.  Making every command in /usr/bin its own package serves 
nobody.  (Yes, I exaggerate to make a point.)

--lyndon



signature.asc
Description: Message signed with OpenPGP using GPGMail


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Bryan Drewery
On 2/24/2014 9:56 AM, Poul-Henning Kamp wrote:
> In message , Lyndon 
> Nerenberg 
> writes:
> 
>> Try this in a shop where all your machines are completely air-gapped
>>from the internet.
> 
> Bullshit.
> 
> You got FreeBSD in there in the first place, there clearly
> is some kind of aperture through which software can migrate.
> 

This. You pulled in something from somewhere. Build your own packages
from that somewhere and send them along in your image to 'pkg add' on
first boot, or install them into the image directly so they are already
there.

I can't imagine an air-gapped default FreeBSD being of much use without
*any* packages/ports installed.

-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Freddie Cash
On Feb 24, 2014 7:50 AM, "Lyndon Nerenberg"  wrote:
>
>
> On Feb 24, 2014, at 7:40 AM, Bryan Drewery  wrote:
>
> > Anything not meeting the bare-bones criteria can be installed with 'pkg
> > install' or ports.
>
> Try this in a shop where all your machines are completely air-gapped from
the internet.

Install from DVD which includes the vast majority of packages built from
the ports tree.

If you have a way to install FreeBSD, you have a way to get software onto
it.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Lucius Rizzo
* Bryan Drewery  [2014-02-24 09:40]:
 
> Remembering the time I spent trying to configure sendmail to not accept
> inbound mail, and trying to get it to behave how I want, I fully support
> this. Of all the years I've messed with sendmail, I still have little
> understanding of how to configure it or if I've done it right.

Hush! No sendmail hating :P. I remember it being a right of passage to
graduate to a ^real^ UNIX admin when you had lost half of your hair
while working on sendmail.cf. In a era now long gone, I remember
carrying the sendmail bible (thick with detailed instructions on cf
vars) as protection vs. say a baseball bat. 

The Sendmail manual was thick, heavy and while I never did use it as a
weapon; I had imagined many times throwing it at a server and see if
that maybe fixed the problem with sendmail.cf.

I've worked with MTA's a lot. I have hated and loved Sendmail. ATM, I am
back in my I <3 Sendmail mode and have it running quite well -- with a
lot of cool milters on some of my servers. But sendmail is not for the
faint of heart, or ones who are at risk of hair loss. In fact, I would
highly discourage sendmail use in the latter case. 

> My exaggerated view of sendmail as a user:

[...]

Poof..that's easy :P

> > # Uncomment if you want STARTTLS support (only used in combination
> > with # SECURETRANSFER) #STARTTLS
> 
> Yes please. Simple.
> 
> I'm not sure where to even start with sendmail to enable those
> options.


See! That wasn't hard at all!! I don't get why people get so worried.
What you posted was mostly mc stuff anyways. I would be far more
impressed if you would have debugged that in the cf or via sendmail
flags. :)))

I often use ssmtp on servers that run Wordpress etc and collect most
mail to a mailhub which routes it internally and externally. 

I <3 Sendmail.

-- 

| _o_ |_)o_ _  _  
|_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel
--
++ The greatest griefs are those we cause ourselves. ++
++  -- Sophocles ++
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Joe Holden

On 24/02/2014 15:40, Poul-Henning Kamp wrote:

In message <530b666a.1000...@rewt.org.uk>, Joe Holden writes:


Please check how NTP is authenticated before giving bad advice,
it's all in the RFC.


v3 or v4? It is an optional part of the spec in both cases and again
isn't required for 99% of people using ntpd as a client, which was the
entire point of this exercise in the first place.


Authentication of NTP is rapidly gaining focus these days, for obvious
reasons, so I think adopting software now which don't support it would
be needlessly shortsighted.

3 years ago I would have agree with you, but not now.

Fair enough, that isn't the real problem we are facing but rather than 
derail this thread even further I think it would be best to discuss that 
another day :)

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Poul-Henning Kamp
In message , Lyndon Nerenberg 
writes:

>Try this in a shop where all your machines are completely air-gapped
>from the internet.

Bullshit.

You got FreeBSD in there in the first place, there clearly
is some kind of aperture through which software can migrate.

-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Lucius Rizzo
* Don Lewis  [2014-02-24 00:56]:
> On 23 Feb, Lucius Rizzo wrote:
> > * Andreas Nilsson  [2014-02-23 09:33]:
> >> Imho, the replacement to init and rc-scripts I sometimes think about
> >> would be to import SMF from opensolaris/illumos. There one can at
> >> least get the commands run and config used without looking at the
> >> source code.
> > 
> > I like SMF from Solaris 11 onwards and even SmartOS. However, I have
> > found to like systemd and use via systemctl on Arch far nicer than any
> > other rc scripts to date. 
> > 
> > Anyone care to share their thoughts on the pros and cons of something
> > like systemd the way Arch does?
> 
> I've got a Fedora server here that has systemd and I've come to dislike
> it.  It seems to be one of those "Do not open.  No user serviceable
> parts inside." sorts of things.

I had an entirely different experience - albeit on Arch. I had to use
systemd via systemctl for pretty much everything to build on the
machine. I use btrfs + linux-ck on Arch with systemd. In order to get
stuff to work, I had a pretty detailed  learning  experience with
systemd when I helped on the sendmail AUR port for Arch including
writing/enabling scripts to work with journald and systemd. 

Naturally, I'm somewhat surprised to see the the author's attitude
towards licensing and non-Linux support. Its rare to come across devs
who are zealous to such a degree. 

However, there seems to be an agreement at least in part to modernize or
optimize the boot-up/rc env in FreeBSD.

I don't know for most of you but for me, while this is interesting...I
almost never really reboot that often for me to actually see a real
advantage of a 3 sec boot-up difference by throwing away what we have and
migrating to something else. 

Which is why we should also consider more than just boot-up times -- for
me having a newer more intelligent way to manage rc environment might
bear more interest than a few second boot difference that I only see
once in a blue moon.

Though, now I am also at a point where I know commands in -
Debian/CentOS/Arch, BSD (FreeBSD/NetBSD) and Solaris 10/11/SmartOS (all
with different ways of doing thing). What's annoying is that each of
these OS/flavors have nuances in use of their rc scripts and while
^now^ it doesn't bother me at all, I imagine it may for a newb. 

In most cases, everything works. But when it doesn't, its  annoying to
remember svcadmin vs systemctl vs /etc/init.d vs service vs /etc/rc.d/
along with all the other commands just to check the logs...

-- 

| _o_ |_)o_ _  _  
|_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel
--
++ New members are urgently needed in the Society for Prevention of ++
++  Cruelty to Yourself.  Apply within. ++
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Lyndon Nerenberg

On Feb 24, 2014, at 7:40 AM, Bryan Drewery  wrote:

> Anything not meeting the bare-bones criteria can be installed with 'pkg
> install' or ports.

Try this in a shop where all your machines are completely air-gapped from the 
internet.


signature.asc
Description: Message signed with OpenPGP using GPGMail


Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Poul-Henning Kamp
In message <530b666a.1000...@rewt.org.uk>, Joe Holden writes:

>> Please check how NTP is authenticated before giving bad advice,
>> it's all in the RFC.
>>
>v3 or v4? It is an optional part of the spec in both cases and again 
>isn't required for 99% of people using ntpd as a client, which was the 
>entire point of this exercise in the first place.

Authentication of NTP is rapidly gaining focus these days, for obvious
reasons, so I think adopting software now which don't support it would
be needlessly shortsighted.

3 years ago I would have agree with you, but not now.

-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Bryan Drewery
On 2/23/2014 3:11 PM, Baptiste Daroussin wrote:
> Hi,
> 
> As some of you may have noticed, I have imorted a couple of days ago dma
> (DragonFly Mail Agent) in base. I have been asked to explain my motivation so
> here they are.
> 
> DragonFly Mail Agent is a minimalistic mailer that is able to relay mails to
> some smtp servers (with TLS, authentication and so on)
> 
> It supports MASQUERADE and NULLCLIENT, and is able to deliver mails locally
> (respecting aliases).
> 
> I imported it because dma is lightweight, BSD license and easy to use.
> 

IMHO base should be the very minimalistic needs to get a server online,
and should be secure and simple by default. Being able to connect to the
server sending *out* messages to the world is quite important. Receiving
and processing messages is not. I.e., there is no httpd, it is not
critical for operation of system. There is no desktop environment or
scripting language as they are not critical.

Anything not meeting the bare-bones criteria can be installed with 'pkg
install' or ports.

Having an full smtpd in base scares me as I never know if it is
configured to prevent relaying or not. I go to extremes and block port
25/587 to be sure.

Remembering the time I spent trying to configure sendmail to not accept
inbound mail, and trying to get it to behave how I want, I fully support
this. Of all the years I've messed with sendmail, I still have little
understanding of how to configure it or if I've done it right.

My exaggerated view of sendmail as a user:

> # grep sendmail /etc/defaults/rc.conf
> mta_start_script="/etc/rc.sendmail"
> # Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
> sendmail_enable="NO"# Run the sendmail inbound daemon (YES/NO).
> sendmail_pidfile="/var/run/sendmail.pid"# sendmail pid file
> sendmail_procname="/usr/sbin/sendmail"  # sendmail process name
> sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
> sendmail_submit_enable="YES"# Start a localhost-only MTA for mail 
> submission
> sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
> sendmail_outbound_enable="YES"  # Dequeue stuck mail (YES/NO).
> sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound 
> only)
> sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
> sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
> # Flags for sendmail_msp_queue daemon.
> sendmail_rebuild_aliases="NO"   # Run newaliases if necessary (YES/NO).

>  # grep sendmail /etc/rc.conf
> sendmail_enable="NO"
> sendmail_submit_enable="YES"
> sendmail_outbound_enable="NO"
> sendmail_msp_queue_enable="YES"

This is quite obscure. Sendmail is not enabled? Outbound is not enabled?
Sure they are. Submit is enabled? Is that port 587? 0.0.0.0:25? I don't
want that.

The RC script also leads to much confusion in this configuration:

> # service sendmail stop
> Stopping sendmail.
> Waiting for PIDS: 80956.
> sendmail_submit not running? (check /var/run/sendmail.pid).
> Stopping sendmail_clientmqueue.
> Waiting for PIDS: 81322.

It wasn't running? Was it broken? Is that why I couldn't send mail?

> # service sendmail start
> Cannot 'start' sendmail. Set sendmail_enable to YES in /etc/rc.conf or use 
> 'onestart' instead of 'start'.

Oh, it didn't start?

>  # ps uaxw|grep sendmail
> root   64518  0.0  0.1  6020  2980  ??  Ss   10:19AM   0:00.00 sendmail: 
> accepting connections (sendmail)
> smmsp  64726  0.0  0.1  6020  2924  ??  Ss   10:19AM   0:00.00 sendmail: 
> Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)

Oh.

Can I restart?

> # service sendmail restart
> Cannot 'restart' sendmail. Set sendmail_enable to YES in /etc/rc.conf or use 
> 'onerestart' instead of 'restart'.
> Stopping sendmail_submit.

Oh it looks dead again.

>  # ps uaxw|grep sendmail
> smmsp  64726  0.0  0.0  6020 0  ??  IWs  - 0:00.00 sendmail: 
> Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail)
> root   88210  0.0  0.1  6020  3008  ??  Ss   10:20AM   0:00.00 sendmail: 
> accepting connections (sendmail)
> root   93369  0.0  0.1  3464  1296  18  S+   10:20AM   0:00.00 grep 
> sendmail

Nope.

RC script bugs aside, how about modifying the actual configuration?

> [/etc/mail] # ls
> ./READMEaliases.db
> freebsd.submit.cf mailer.conf   submit.cf
> ../   access.sample freebsd.cf
> freebsd.submit.mc mailertable.samplevirtusertable.sample
> Makefile  aliases   freebsd.mchelpfile
>   sendmail.cf

*lost*

I just want to relay elsewhere.

> # grep -i relay *|wc -l
>  232

Having done this before I know it is SMART_HOST:

> # grep SMART *
> freebsd.mc:dnl define(`SMART_HOST', `your.isp.mail.server')

So do I edit this mc file? Then what? run make? Do I need it in the
freebsd.submit.mc too?

sendmail

Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Joe Holden

On 24/02/2014 13:52, Poul-Henning Kamp wrote:

In message <530b2dee.3030...@rewt.org.uk>, Joe Holden writes:


The other point I should make here is that if you care that much about
time security you shouldn't be contacting ntp servers over 3rd party
networks anyway, at least not without some IP-level
encryption/authentication, or use a source that can't easily be used as
an attack surface, such as GPS/MSF etc.


Please check how NTP is authenticated before giving bad advice,
it's all in the RFC.

v3 or v4? It is an optional part of the spec in both cases and again 
isn't required for 99% of people using ntpd as a client, which was the 
entire point of this exercise in the first place.  If the argument is 
that X feature is missing then we may as well replace sendmail with exim 
as it has even more features, for example.


But most importantly, explain how it was bad advice?  There are 
provisions for integrity checking (not authentication) and autokey.  My 
point was that if you need to authenticate ntp to avoid mitm-style 
attacks then perhaps the setup you have is wrong.  If there is something 
huge I have missed then feel free to correct me!

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Daniel Kalchev


On 24.02.14 13:47, Thomas Mueller wrote:

I don't believe BSD users use base system of itself to send and receive email.  
They use ports (FreeBSD) or equivalent in other BSDs.


One of the beauties of the BSD 'base system' is that upon installation 
you have an usable workstation/server environment that can be 
immediately used for most Internet-related tasks -- and this most 
certainly includes SMTP. Or NTP. Or... used to include DNS.


We can strip pieces of FreeBSD off and end up with an kernel. Or we 
could keep the system very much usable out of the box.


Indeed, the current integration of sendmail is far from optimal. In 
fact, BIND was better integrated but is now gone. NTP is also pretty 
well integrated -- it is nice to have ready access to such tools on 
*any* FreeBSD system.


If one needs to strip down FreeBSD, there are already plenty of tools to 
do it, including WITHOUT_SENDMAIL.


One of the many problems with removing functionality is very well 
illustrated by what happens now, when you upgrade an pre-10 system 
running nameserver: you end up without it and eventually without your 
nameserver database as well. Imagine, one day a user updates their 
10-stable to 11-stable only to find out mail is no more.


Currently, without any user configuration, sendmail is run in send-only 
mode. You need to explicitly request for it to not run at all. If there 
is suitable replacement that performs the tasks the send-only sendmail 
does, I see no problem to remove it. Or at least make it non-default for 
a release or two.


The only remaining issue to solve is "I just upgraded FreeBSD and now 
mail is not working". Perhaps by installing sendmail with pkg if it is 
requested in rc.conf?


Daniel
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Slawa Olhovchenkov
On Mon, Feb 24, 2014 at 03:30:14PM +0100, Baptiste Daroussin wrote:

> On Mon, Feb 24, 2014 at 06:17:37PM +0400, Slawa Olhovchenkov wrote:
> > On Sun, Feb 23, 2014 at 10:11:56PM +0100, Baptiste Daroussin wrote:
> > 
> > > As some of you may have noticed, I have imorted a couple of days ago dma
> > > (DragonFly Mail Agent) in base. I have been asked to explain my 
> > > motivation so
> > > here they are.
> > 
> > What's about suid, security separations & etc?
> 
> What do you mean? dma is changing user as soon as possible, dma will be
> capsicumized, what else do you want as informations?

sendmail (in the past) have same behaviour (run as root and chage
user).
This is some security risk.
For many  scenario change user is not simple (for example -- send file
from local user A to local user B, file with permsion 0400).
sendmail will be forced to change behaviour -- mailnull suid program
for place mail into queue and root daemon for deliver to user.
This is more complex.
Can be dma avoid this way?


___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Mark Felder
On Mon, Feb 24, 2014, at 3:41, Joe Holden wrote:
> On 24/02/2014 04:26, Julio Merino wrote:
> > On Sun, Feb 23, 2014 at 4:11 PM, Baptiste Daroussin wrote:
> >
> >> Hi,
> >>
> >> As some of you may have noticed, I have imorted a couple of days ago dma
> >> (DragonFly Mail Agent) in base. I have been asked to explain my motivation
> >> so
> >> here they are.
> >>
> >> DragonFly Mail Agent is a minimalistic mailer that is able to relay mails
> >> to
> >> some smtp servers (with TLS, authentication and so on)
> >>
> >> It supports MASQUERADE and NULLCLIENT, and is able to deliver mails locally
> >> (respecting aliases).
> >>
> >> I imported it because dma is lightweight, BSD license and easy to use.
> >>
> >> The code base is rather small and easy to capsicumize (which I plan to do)
> >>
> >> My initial goal is not to replace sendmail.
> >
> >
> > But is it an eventual goal?  *I* don't see why not, but if it is: what's
> > the plan?  How is the decision to drop sendmail going to be made when the
> > time comes?  (I.e. who _can_ and will make the call?)
> >
> >
> >> All I want is a small mailer
> >> simple to configure, and not listening to port 25, suitable for small
> >> environment (embedded and/or resource bounded) as well as for server
> >> deployment.
> >>
> >
> > Playing devil's advocate: what specific problems is this trying to solve?
> >   I'd argue, for example, that postfix can be also easily configured and can
> > be made to not listen on port 25 for local mail delivery, while at the same
> > time it is a fully-functional MTA that could replace sendmail altogether.
> >   (Which, by the way, is the configuration with which postfix ships within
> > the NetBSD base system.)
> >
> > The reason I'm asking these questions is because I have seen NetBSD
> > maintain two MTAs (sendmail + postfix) in the base system for _years_ and
> > it was not a pretty situation.  The eventual removal of sendmail was
> > appreciated, but of course it came with the associated bikeshedding.
> *dons flame-proof suit*
> 
> The trend towards having sensible lightweight things in the base is a 
> good thing IMO.  There is no need for things like bind (replaced by 
> unbound), or a full featured mta like sendmail in the base, base install 
> should contain enough to get going but for specific functions like 
> performing MTA tasks, the user can install the appropriate software, 
> such as postfix.
> 
> Just my 2p :)
> 

I fully agree here. Lightweight services in base, fully featured in
ports. It makes it easier for users to follow the latest and greatest
MTA, DNS, etc this way as well.

Another nice feature of dma is that it's a perfect compliment to your
lightweight jails -- emails can get out, but no worrying about conflicts
on ports 25.  
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Baptiste Daroussin
On Mon, Feb 24, 2014 at 06:17:37PM +0400, Slawa Olhovchenkov wrote:
> On Sun, Feb 23, 2014 at 10:11:56PM +0100, Baptiste Daroussin wrote:
> 
> > As some of you may have noticed, I have imorted a couple of days ago dma
> > (DragonFly Mail Agent) in base. I have been asked to explain my motivation 
> > so
> > here they are.
> 
> What's about suid, security separations & etc?

What do you mean? dma is changing user as soon as possible, dma will be
capsicumized, what else do you want as informations?

regards,
Bapt


pgpUcUDC1pDni.pgp
Description: PGP signature


Re: libinit idea

2014-02-24 Thread Christian Laursen

On 02/24/14 14:34, Andreas Nilsson wrote:

On Mon, Feb 24, 2014 at 2:25 PM, Matthias Gamsjager wrote:


How about delaying the startup of services that are not necessary right at
the start. For example sshd, samba etc could be loaded after xdm ( or even
after the DE has loaded).



On my core i5 with regular hdd I get:
23sec to boot kernel
13sec from mounted root to slim login promp.


I have not done any measurements here but this is what I experience as 
well. Once / has been mounted the rest of the startup doesn't take long.



Fixing the kernel boot time seems like a bigger gain, imho.


+1

--
Christian Laursen
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Slawa Olhovchenkov
On Sun, Feb 23, 2014 at 10:11:56PM +0100, Baptiste Daroussin wrote:

> As some of you may have noticed, I have imorted a couple of days ago dma
> (DragonFly Mail Agent) in base. I have been asked to explain my motivation so
> here they are.

What's about suid, security separations & etc?
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: [HEADSUP] Jenkins running in FreeBSD cluster

2014-02-24 Thread Jonathan Anderson
This is great stuff, thanks!

Can you say what the relationship with tinderbox is intended to be? Is this
supposed to subsume tinderbox, or will they have different niches? Is
Jenkins going to start e-mailing likely culprits (with e.g.
https://wiki.jenkins-ci.org/display/JENKINS/Email-ext+plugin)? Also, can we
see more architectures built by Jenkins?

Thanks,


Jon


On 22 February 2014 19:54, Craig Rodrigues  wrote:

> Hi,
>
> I just wanted to let the FreeBSD community know that
> with the help of some FreeBSD hackers,
> we have set up an initial Jenkins Continuous Integration
> server in the FreeBSD cluster.  We are the jenkins-admin team
> and you can contact us at jenkins-ad...@freebsd.org.
>
> We have a few initial builds going and you can see things here:
>
> https://jenkins.freebsd.org
>
> We are still working on a few problems, and have some
> ambitious plans moving forward, which you can read about
> on our status page:
>
> http://wiki.freebsd.org/Jenkins
>
> Lastly, if you are able to attend the FreeBSD DevSummit
> in Ottawa later this year, we will have a working group discussion
> on Jenkins and Continuous Integration testing for FreeBSD on May 15, 2014:
>
> https://wiki.freebsd.org/201405DevSummit/Jenkins
>
> We'd love to get more FreeBSD hackers involved to
> get this going and improve continuous integration and testing
> on FreeBSD.  We would like to use the freebsd-test...@freebsd.org
> mailing list for followup discussions.
>
> I'd like to thank my fellow members of the jenkins-admin team
> for helping to get things going:
>
> Steve Kreuzer 
> Li-Wen Hsu 
> Steve Wills 
> R. Tyler Croy 
>
> If we can integrate more automated testing of FreeBSD with this,
> that would be really great!
> --
> Craig
> ___
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
>



-- 
Jonathan Anderson

jonat...@freebsd.org
http://freebsd.org/~jonathan/
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Poul-Henning Kamp
In message <530b2dee.3030...@rewt.org.uk>, Joe Holden writes:

>The other point I should make here is that if you care that much about 
>time security you shouldn't be contacting ntp servers over 3rd party 
>networks anyway, at least not without some IP-level 
>encryption/authentication, or use a source that can't easily be used as 
>an attack surface, such as GPS/MSF etc.

Please check how NTP is authenticated before giving bad advice,
it's all in the RFC.

-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Andreas Nilsson
On Mon, Feb 24, 2014 at 2:25 PM, Matthias Gamsjager wrote:

> On Mon, Feb 24, 2014 at 2:15 PM, Bruno Lauzé  wrote:
>
> > It's really good to read the comments and see people point of view on
> this
> > topic.
> > I totally agree RC system is really good and stable, easy and extensible.
> > The main concern I have here is performance. Starting a system is really
> > slow.
> > Boot to X (with simple xdm) is minimum 25 secs and I just feel there's
> > something to do to cut this delay.
> >
>
>
>
> How about delaying the startup of services that are not necessary right at
> the start. For example sshd, samba etc could be loaded after xdm ( or even
> after the DE has loaded).


On my core i5 with regular hdd I get:
23sec to boot kernel
13sec from mounted root to slim login promp.

Fixing the kernel boot time seems like a bigger gain, imho.

Best regards
Andreas
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread David Chisnall
On 24 Feb 2014, at 13:25, Matthias Gamsjager  wrote:

> How about delaying the startup of services that are not necessary right at
> the start. For example sshd, samba etc could be loaded after xdm ( or even
> after the DE has loaded).

It's a good idea, but it depends on a far more complex system than our current 
rc.  

For example, what happens if you're mounting home directories over SMB?  You 
need to make sure that XDM doesn't complete the login until samba has started, 
which requires automounter / autofs integration with the init system.  You want 
to speculatively start samba (because you know a user is going to need it), but 
in such a way that you can delay directory lookup resolution until it's 
actually started.

There is a reason most systems are moving away from services started by a pile 
of shell scripts: the complex dependencies and event models that they must 
handle require some complex generic logic.  You can probably implement this in 
shell scripts, but it probably won't be fast and it definitely won't be 
maintainable.  

I would be fully in favour of importing a modern, flexible, service management 
framework into FreeBSD, but it needs some very careful design.  Launchd, 
systemd, SMF, and so on all have some good ideas, but none is quite the right 
fit for FreeBSD.

David

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Matthias Gamsjager
On Mon, Feb 24, 2014 at 2:15 PM, Bruno Lauzé  wrote:

> It's really good to read the comments and see people point of view on this
> topic.
> I totally agree RC system is really good and stable, easy and extensible.
> The main concern I have here is performance. Starting a system is really
> slow.
> Boot to X (with simple xdm) is minimum 25 secs and I just feel there's
> something to do to cut this delay.
>



How about delaying the startup of services that are not necessary right at
the start. For example sshd, samba etc could be loaded after xdm ( or even
after the DE has loaded).
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


RE: libinit idea

2014-02-24 Thread Bruno Lauzé
It's really good to read the comments and see people point of view on this 
topic. 
I totally agree RC system is really good and stable, easy and extensible.
The main concern I have here is performance. Starting a system is really slow.
Boot to X (with simple xdm) is minimum 25 secs and I just feel there's 
something to do to cut this delay.




> Date: Sun, 23 Feb 2014 11:33:30 -0800
> From: list_free...@bluerosetech.com
> To: fjwc...@gmail.com
> Subject: Re: libinit idea
> CC: freebsd-current@freebsd.org
>
> On 2/23/2014 10:31 AM, Freddie Cash wrote:
>> The main developer for systemd is very anti-portability and anti-!Linux. He
>> had actively rejected patches that made his projects work on non-Linux
>> systems. In order to port systemd to a non-Linux system, he wants you to
>> first implement every Linux feature that systemd uses.
>>
>> systemd is a non-starter, and not with considering.
>
> It's pretty clear Lennart Poettering failed history.
>
> Perhaps the best examples of why systemd is an anti-pattern is this:
> systemd stores logs in a binary journal. After the Linux zealots have
> spent about two decades using binary system data storage as one of the
> reasons Windows sucks, that strikes me as particularly ironic.
>
> The RC system we have is proof you do not need anything more than bourne
> and a respectable amount of intelligence to design a good init system.
> ___
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
>   
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Thomas Mueller
I never got far enough with DragonFlyBSD or OpenBSD on live USB to see osmpd or 
opensmtpd (OpenBSD or dma (DragonFly).

I couldn't read hard drive from either OpenBSD or DragonFly, could read OpenBSD 
but not DragonFly live USB stick from FreeBSD and NetBSD, meaning poor 
interoperability on my system.

But I find sendmail practically impossible to setup, and rather useless for my 
purposes. 

I use msmtp and mpop from ports for SMTP and POP3 mail, including SSL 
capability.  These clients even allow multiple email accounts and multiple 
users, user name need not necessarily be the same as computer hostname.

I've wondered if I'd lose anything by building FreeBSD WITHOUT_SENDMAIL.

I looked and found mail/dma in FreeBSD ports tree.  Could it be easily set up 
to use as SMTP client?

I don't believe BSD users use base system of itself to send and receive email.  
They use ports (FreeBSD) or equivalent in other BSDs.

Can't really say for Linux; "base system" is ill-defined given the anarchy of 
many different distributions.

To Julio Merino:  How long did NetBSD include both sendmail and postfix in 
base?  What NetBSD releases?  What was the first release that included both 
sendmail and postfix, and the first release where sendmail was dropped? 

But I think sendmail is still available in pkgsrc for users who'd rather have 
sendmail.
 
Tom

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Joe Holden

On 24/02/2014 11:26, Joe Holden wrote:

On 24/02/2014 11:18, Ollivier Robert wrote:

According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +:

hm, I can't say I have noticed this as being a problem where I've
used it, are there any scenarios where this is a showstopper?


Non-support for auth is a concern, lack of NTPv4 protocol support is
another.  Base ntpd also include SNTP which is a lightweight NTPv3
client.


I suspect if you can't be reasonably sure about the integrity of your
network traffic you have other problems anyway... one can run ntpd -s to
get a similar function to ntpdate/sntp.

But again, for 99% of installs as a client, auth and/or ntpv4 doesn't
matter and much like sendmail/dma, one can always install ntp.org from
ports if they require authentication (I've never seen it used).


The other point I should make here is that if you care that much about 
time security you shouldn't be contacting ntp servers over 3rd party 
networks anyway, at least not without some IP-level 
encryption/authentication, or use a source that can't easily be used as 
an attack surface, such as GPS/MSF etc.


___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Joe Holden

On 24/02/2014 11:18, Ollivier Robert wrote:

According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +:

hm, I can't say I have noticed this as being a problem where I've
used it, are there any scenarios where this is a showstopper?


Non-support for auth is a concern, lack of NTPv4 protocol support is another.  
Base ntpd also include SNTP which is a lightweight NTPv3 client.

I suspect if you can't be reasonably sure about the integrity of your 
network traffic you have other problems anyway... one can run ntpd -s to 
get a similar function to ntpdate/sntp.


But again, for 99% of installs as a client, auth and/or ntpv4 doesn't 
matter and much like sendmail/dma, one can always install ntp.org from 
ports if they require authentication (I've never seen it used).

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


ntpd replacement (Was: Re: Import of DragonFly Mail Agent)

2014-02-24 Thread Ollivier Robert
According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +:
> hm, I can't say I have noticed this as being a problem where I've
> used it, are there any scenarios where this is a showstopper?

Non-support for auth is a concern, lack of NTPv4 protocol support is another.  
Base ntpd also include SNTP which is a lightweight NTPv3 client.

-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- robe...@keltia.net
In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Poul-Henning Kamp
In message <530b2953.3030...@rewt.org.uk>, Joe Holden writes:

>> openntpd not able to authenticate the sources it is using and thus lack a big
>> ntp feature as a client.

Last I looked its clock-discipline algorithm were non-existent, it just
slammed the clock around.

>hm, I can't say I have noticed this as being a problem where I've used 
>it, are there any scenarios where this is a showstopper?

Yes, for this date and time it is a showstopper.



-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Baptiste Daroussin
On Mon, Feb 24, 2014 at 11:13:23AM +, Joe Holden wrote:
> On 24/02/2014 11:08, Baptiste Daroussin wrote:
> > On Mon, Feb 24, 2014 at 11:04:48AM +, Joe Holden wrote:
> >> On 24/02/2014 10:56, Poul-Henning Kamp wrote:
> >>> In message <530b2500.5030...@rewt.org.uk>, Joe Holden writes:
> >>>
>  Can I also suggest that ntp.org shouldn't be in the base either? :P
> >>>
> >>> I absolutely agree, but the replacement is less clear in that case.
> >>>
> >>>
> >> I'd suggest openntpd as a candidate as it would require less work than
> >> dntpd since that has some kernel changes.
> >>
> >> At ~400K it is pretty lightweight and doesn't listen at all by default,
> >> suitable as a default ntpd that just maintains time - one can always
> >> install ntp.org from ports should they need more features (such as
> >> access control and monlist, etc)
> >
> > openntpd not able to authenticate the sources it is using and thus lack a 
> > big
> > ntp feature as a client.
> >
> > regards,
> > Bapt
> >
> hm, I can't say I have noticed this as being a problem where I've used 
> it, are there any scenarios where this is a showstopper?

Yes when you really need to trust what ntp sources you are using, which means
there are lots of scenarios.

regards,
Bapt


pgpRBW4zzgZze.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Joe Holden

On 24/02/2014 11:08, Baptiste Daroussin wrote:

On Mon, Feb 24, 2014 at 11:04:48AM +, Joe Holden wrote:

On 24/02/2014 10:56, Poul-Henning Kamp wrote:

In message <530b2500.5030...@rewt.org.uk>, Joe Holden writes:


Can I also suggest that ntp.org shouldn't be in the base either? :P


I absolutely agree, but the replacement is less clear in that case.



I'd suggest openntpd as a candidate as it would require less work than
dntpd since that has some kernel changes.

At ~400K it is pretty lightweight and doesn't listen at all by default,
suitable as a default ntpd that just maintains time - one can always
install ntp.org from ports should they need more features (such as
access control and monlist, etc)


openntpd not able to authenticate the sources it is using and thus lack a big
ntp feature as a client.

regards,
Bapt

hm, I can't say I have noticed this as being a problem where I've used 
it, are there any scenarios where this is a showstopper?

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Baptiste Daroussin
On Mon, Feb 24, 2014 at 11:04:48AM +, Joe Holden wrote:
> On 24/02/2014 10:56, Poul-Henning Kamp wrote:
> > In message <530b2500.5030...@rewt.org.uk>, Joe Holden writes:
> >
> >> Can I also suggest that ntp.org shouldn't be in the base either? :P
> >
> > I absolutely agree, but the replacement is less clear in that case.
> >
> >
> I'd suggest openntpd as a candidate as it would require less work than 
> dntpd since that has some kernel changes.
> 
> At ~400K it is pretty lightweight and doesn't listen at all by default, 
> suitable as a default ntpd that just maintains time - one can always 
> install ntp.org from ports should they need more features (such as 
> access control and monlist, etc)

openntpd not able to authenticate the sources it is using and thus lack a big
ntp feature as a client.

regards,
Bapt


pgpvHtzhKeN_u.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Joe Holden

On 24/02/2014 10:56, Poul-Henning Kamp wrote:

In message <530b2500.5030...@rewt.org.uk>, Joe Holden writes:


Can I also suggest that ntp.org shouldn't be in the base either? :P


I absolutely agree, but the replacement is less clear in that case.


I'd suggest openntpd as a candidate as it would require less work than 
dntpd since that has some kernel changes.


At ~400K it is pretty lightweight and doesn't listen at all by default, 
suitable as a default ntpd that just maintains time - one can always 
install ntp.org from ports should they need more features (such as 
access control and monlist, etc)

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Thomas Mueller
from Don Lewis:

> I've got a Fedora server here that has systemd and I've come to dislike
> it.  It seems to be one of those "Do not open.  No user serviceable
> parts inside." sorts of things.
  
> I was never able to get it to start NUT properly.
  
> More often than not, it fails to come up multi-user.  The machine has a
> large number of disks (mostly JFS and XFS) attached to it, and even
> after what I think should be a clean shutdown, it seems to want to fsck
> a bunch of them. Unfortunately, there seems to be some sort of timeout
> on that, so a bunch get skipped and then don't get mounted.  I have to
> manually fsck everything in single user mode.  Then if I reboot, it
> *might* come up properly.  I haven't been able to find any knobs to
> adjust the timeout.  Sometimes, there is just a message that says
> something like "an error occurred" at the top of the screen, just before
> the prompt for the single-user password, with no clue as to what it is
> unhappy about.

> Emergency shutdown can also be a problem.  If I'm around when the power
> fails, I manually try to shut down the machine before the UPS battery
> runs down.  I don't have the screen on the UPS, so I hit the power
> button and cross my fingers that the machine will make it through the
> clean shutdown sequence in time.  It seems to take forever (many
> minutes) and I have no idea what the heck it is spending all of its time
> on.

> The documentation seems to be very sparse.

> My plan is to migrate this function to a FreeBSD server.

This looks scandalously slow.  It reminds me of the time with OS/2 Warp 4 in 
the late 1990s when I had to close Netscape web browser in preparation for 
shutdown, and it took 15 minutes because it was a hog for memory, by late 1990s 
standards.  I had 20 MB RAM, not bad for those days.

What would happen if you typed at the command prompt
shutdown -r now
or
shutdown -p now
?

Would it take seemingly forever?

I would like to try systemd in Linux, can't say at this stage whether I'll like 
it, hate it, or somewhere in between.

Tom
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Poul-Henning Kamp
In message <530b2500.5030...@rewt.org.uk>, Joe Holden writes:

>Can I also suggest that ntp.org shouldn't be in the base either? :P

I absolutely agree, but the replacement is less clear in that case.


-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Joe Holden

On 24/02/2014 10:00, Baptiste Daroussin wrote:

On Mon, Feb 24, 2014 at 09:56:05AM +, Poul-Henning Kamp wrote:

In message <530b13ca.6000...@rewt.org.uk>, Joe Holden writes:

On 24/02/2014 04:26, Julio Merino wrote:

On Sun, Feb 23, 2014 at 4:11 PM, Baptiste Daroussin wrote:



As some of you may have noticed, I have imorted a couple of days ago dma
(DragonFly Mail Agent) in base. I have been asked to explain my motivation
so here they are.



I'd argue, for example, that postfix can be also easily configured and can
be made to not listen on port 25 for local mail delivery, while at the same
time it is a fully-functional MTA that could replace sendmail altogether.



The trend towards having sensible lightweight things in the base is a
good thing IMO.


Fully agree.

To the extent we can manage it, we should have minimal client-focused
tools for things like DNS, SMTP and NTP in the tree and make it
trivial for people to install the fully featured server version of
their choice from ports.


That's is what I'm doing with dma :)

you want a full featured smtp server:
pkg install ${FAVORITESMTP:-opensmtpd}

regards,
Bapt


Can I also suggest that ntp.org shouldn't be in the base either? :P
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Baptiste Daroussin
On Mon, Feb 24, 2014 at 09:56:05AM +, Poul-Henning Kamp wrote:
> In message <530b13ca.6000...@rewt.org.uk>, Joe Holden writes:
> >On 24/02/2014 04:26, Julio Merino wrote:
> >> On Sun, Feb 23, 2014 at 4:11 PM, Baptiste Daroussin 
> >> wrote:
> 
> >>> As some of you may have noticed, I have imorted a couple of days ago dma
> >>> (DragonFly Mail Agent) in base. I have been asked to explain my motivation
> >>> so here they are.
> 
> >> I'd argue, for example, that postfix can be also easily configured and can
> >> be made to not listen on port 25 for local mail delivery, while at the same
> >> time it is a fully-functional MTA that could replace sendmail altogether.
> 
> >The trend towards having sensible lightweight things in the base is a 
> >good thing IMO.
> 
> Fully agree.
> 
> To the extent we can manage it, we should have minimal client-focused
> tools for things like DNS, SMTP and NTP in the tree and make it
> trivial for people to install the fully featured server version of
> their choice from ports.

That's is what I'm doing with dma :)

you want a full featured smtp server:
pkg install ${FAVORITESMTP:-opensmtpd}

regards,
Bapt


pgpPev5S4fve2.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Poul-Henning Kamp
In message <530b13ca.6000...@rewt.org.uk>, Joe Holden writes:
>On 24/02/2014 04:26, Julio Merino wrote:
>> On Sun, Feb 23, 2014 at 4:11 PM, Baptiste Daroussin wrote:

>>> As some of you may have noticed, I have imorted a couple of days ago dma
>>> (DragonFly Mail Agent) in base. I have been asked to explain my motivation
>>> so here they are.

>> I'd argue, for example, that postfix can be also easily configured and can
>> be made to not listen on port 25 for local mail delivery, while at the same
>> time it is a fully-functional MTA that could replace sendmail altogether.

>The trend towards having sensible lightweight things in the base is a 
>good thing IMO.

Fully agree.

To the extent we can manage it, we should have minimal client-focused
tools for things like DNS, SMTP and NTP in the tree and make it
trivial for people to install the fully featured server version of
their choice from ports.

-- 
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Joe Holden

On 24/02/2014 04:26, Julio Merino wrote:

On Sun, Feb 23, 2014 at 4:11 PM, Baptiste Daroussin wrote:


Hi,

As some of you may have noticed, I have imorted a couple of days ago dma
(DragonFly Mail Agent) in base. I have been asked to explain my motivation
so
here they are.

DragonFly Mail Agent is a minimalistic mailer that is able to relay mails
to
some smtp servers (with TLS, authentication and so on)

It supports MASQUERADE and NULLCLIENT, and is able to deliver mails locally
(respecting aliases).

I imported it because dma is lightweight, BSD license and easy to use.

The code base is rather small and easy to capsicumize (which I plan to do)

My initial goal is not to replace sendmail.



But is it an eventual goal?  *I* don't see why not, but if it is: what's
the plan?  How is the decision to drop sendmail going to be made when the
time comes?  (I.e. who _can_ and will make the call?)



All I want is a small mailer
simple to configure, and not listening to port 25, suitable for small
environment (embedded and/or resource bounded) as well as for server
deployment.



Playing devil's advocate: what specific problems is this trying to solve?
  I'd argue, for example, that postfix can be also easily configured and can
be made to not listen on port 25 for local mail delivery, while at the same
time it is a fully-functional MTA that could replace sendmail altogether.
  (Which, by the way, is the configuration with which postfix ships within
the NetBSD base system.)

The reason I'm asking these questions is because I have seen NetBSD
maintain two MTAs (sendmail + postfix) in the base system for _years_ and
it was not a pretty situation.  The eventual removal of sendmail was
appreciated, but of course it came with the associated bikeshedding.

*dons flame-proof suit*

The trend towards having sensible lightweight things in the base is a 
good thing IMO.  There is no need for things like bind (replaced by 
unbound), or a full featured mta like sendmail in the base, base install 
should contain enough to get going but for specific functions like 
performing MTA tasks, the user can install the appropriate software, 
such as postfix.


Just my 2p :)

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


March 13: Jenkins and BHyve presentation

2014-02-24 Thread Craig Rodrigues
Hi,

I will be giving a talk discussing what I have done
settings up Jenkins ( https://jenkins.freebsd.org )
in the FreeBSD cluster, using BHyve VM's:

The presentation will be on March 13 in Mountain View, California, U.S.A.:

http://www.meetup.com/BAFUG-Bay-Area-FreeBSD-User-Group/events/167325932/

If you think you can come, please RSVP on the Meetup site, so that
the organizers can get a big enough room.

I am interested in collaborating with FreeBSD hackers who can
contribute to the effort and help expand testing of FreeBSD!!

--
Craig
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: libinit idea

2014-02-24 Thread Don Lewis
On 23 Feb, Lucius Rizzo wrote:
> * Andreas Nilsson  [2014-02-23 09:33]:
>> Imho, the replacement to init and rc-scripts I sometimes think about
>> would be to import SMF from opensolaris/illumos. There one can at
>> least get the commands run and config used without looking at the
>> source code.
> 
> I like SMF from Solaris 11 onwards and even SmartOS. However, I have
> found to like systemd and use via systemctl on Arch far nicer than any
> other rc scripts to date. 
> 
> Anyone care to share their thoughts on the pros and cons of something
> like systemd the way Arch does?

I've got a Fedora server here that has systemd and I've come to dislike
it.  It seems to be one of those "Do not open.  No user serviceable
parts inside." sorts of things.

I was never able to get it to start NUT properly.

More often than not, it fails to come up multi-user.  The machine has a
large number of disks (mostly JFS and XFS) attached to it, and even
after what I think should be a clean shutdown, it seems to want to fsck
a bunch of them. Unfortunately, there seems to be some sort of timeout
on that, so a bunch get skipped and then don't get mounted.  I have to
manually fsck everything in single user mode.  Then if I reboot, it
*might* come up properly.  I haven't been able to find any knobs to
adjust the timeout.  Sometimes, there is just a message that says
something like "an error occurred" at the top of the screen, just before
the prompt for the single-user password, with no clue as to what it is
unhappy about.

Emergency shutdown can also be a problem.  If I'm around when the power
fails, I manually try to shut down the machine before the UPS battery
runs down.  I don't have the screen on the UPS, so I hit the power
button and cross my fingers that the machine will make it through the
clean shutdown sequence in time.  It seems to take forever (many
minutes) and I have no idea what the heck it is spending all of its time
on.

The documentation seems to be very sparse.

My plan is to migrate this function to a FreeBSD server.

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Baptiste Daroussin
On Mon, Feb 24, 2014 at 12:38:14PM +0400, Lev Serebryakov wrote:
> Hello, Baptiste.
> You wrote 24 февраля 2014 г., 1:11:56:
> 
> BD> DragonFly Mail Agent is a minimalistic mailer that is able to relay mails 
> to
> BD> some smtp servers (with TLS, authentication and so on)
>  One question: why not OpenSMTPD from OpenBSD?

Just because it is not minimalistic, but I have to admit that OpenSMTPD is
really attractive as well :)

(and iirc it doesn't support NULLCLIENT - not 100% sure about that)

regards,
Bapt


pgpZsVWAE5i9n.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread David Chisnall
On 24 Feb 2014, at 08:35, Baptiste Daroussin  wrote:

> dma can exactly do that :) while being smaller than opensmtpd (which is very
> very nice as well, this is the one I use when I need a full smtp setup :))

Sounds excellent then.  We definitely should be moving to a world where all of 
the base system services are compartmentalised with capsicum and given the 
attack surface and complex security requirements of an MTA, it sounds like it 
would be an excellent idea.  If you're willing to do the work then that's 
excellent (and makes you the de-facto winner of any resulting bikeshed)!

It would be good to have it merged to 10 for 10.2 so that people can play with 
it early.  If we decide to switch for 11, then it would also be a good idea to 
teach the upgrade process how to recognise non-default sendmail configurations 
(or, at least, ask the question), move them to /usr/local, and install a 
sendmail port, so that people who want to be using it will keep doing so.  I'm 
only using sendmail because I learned just enough of the config file syntax to 
do what I wanted 10 or so years ago and then I had a working config and never 
overcame the inertia required to switch - a clean and modern replacement in 
base would give me the right incentive!

David

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: Import of DragonFly Mail Agent

2014-02-24 Thread Lev Serebryakov
Hello, Baptiste.
You wrote 24 февраля 2014 г., 1:11:56:

BD> DragonFly Mail Agent is a minimalistic mailer that is able to relay mails to
BD> some smtp servers (with TLS, authentication and so on)
 One question: why not OpenSMTPD from OpenBSD?

-- 
// Black Lion AKA Lev Serebryakov 

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: Import of DragonFly Mail Agent

2014-02-24 Thread Baptiste Daroussin
On Mon, Feb 24, 2014 at 08:32:13AM +, David Chisnall wrote:
> On 24 Feb 2014, at 07:34, Baptiste Daroussin  wrote:
> 
> > Usual complains about sendmail in base until now has been:
> > - complex configuration
> > - long history of security concerns
> > - no need for a full mta in base
> 
> The other complaint is that sendmail is only half of a useable MTA in base.  
> If you actually want to use it for anything other than local delivery, then 
> you need to turn on authentication, which means installing the saslauthd port 
> and then recompiling sendmail from source.  As soon as you do a 
> freebsd-update, email stops working and you need to recompile sendmail again, 
> meaning that you can't get binary security updates for one of the parts of 
> the system with the worst security record.
> 
> I would love to have something in the base system that can handle mail 
> delivery and authenticated relaying out of the box.  OpenBSD now ships with 
> osmpd, which seems to work quite well for this, and if dma can as well then 
> I'm very much in favour of it.

dma can exactly do that :) while being smaller than opensmtpd (which is very
very nice as well, this is the one I use when I need a full smtp setup :))

regards,
Bapt


pgppUevqGuoCu.pgp
Description: PGP signature


Re: Import of DragonFly Mail Agent

2014-02-24 Thread David Chisnall
On 24 Feb 2014, at 07:34, Baptiste Daroussin  wrote:

> Usual complains about sendmail in base until now has been:
> - complex configuration
> - long history of security concerns
> - no need for a full mta in base

The other complaint is that sendmail is only half of a useable MTA in base.  If 
you actually want to use it for anything other than local delivery, then you 
need to turn on authentication, which means installing the saslauthd port and 
then recompiling sendmail from source.  As soon as you do a freebsd-update, 
email stops working and you need to recompile sendmail again, meaning that you 
can't get binary security updates for one of the parts of the system with the 
worst security record.

I would love to have something in the base system that can handle mail delivery 
and authenticated relaying out of the box.  OpenBSD now ships with osmpd, which 
seems to work quite well for this, and if dma can as well then I'm very much in 
favour of it.

David

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"