Re: Discussing ideas or wish list
On 08/08/2013 16:36, Mark Felder wrote: On Thu, Aug 8, 2013, at 10:34, Mark Felder wrote: After the EoL of FreeBSD 8 (estimated June 30, 2015) the old package tools are scheduled to be removed from FreeBSD. This change will be MFC'd back to 9-STABLE and the release at that time (perhaps 9.4-RELEASE?) will not have the old pkg_* tools. This seems a bit odd to happen in the middle of a series because of POLA, but we can't support the old package tools forever and FreeBSD 9.1-9.3 will have given you plenty of opportunity to migrate to the new package format and ease the upgrade to FreeBSD 10.x. Note this isn't set in stone. Watch the Roadmap on this page: https://wiki.freebsd.org/pkgng/CharterAndRoadMap Actually, that RoadMap is in dire need of updating. The OS release schedule got reworked after the RoadMap was written and the security incident and the consequent necessity of completely redesigning and rebuilding the pkgng package building system has added various delays too. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matt...@infracaninophile.co.uk signature.asc Description: OpenPGP digital signature
Re: Vice versa of 'pkg_info -W'
On 02/01/2013 17:55, rank1see...@gmail.com wrote: For example: # pkg_info -W /usr/local/bin/lynx /usr/local/bin/lynx was installed by package lynx-2.8.7.2,1 # pkg_deinstall lynx-2.8.7.2,1 # pkg_info -W /usr/local/bin/lynx pkg_info: /usr/local/bin/lynx: file cannot be found As you can figure it out, I want a reverse method, that is ... If I want to have '/usr/local/bin/lynx' installed, which port origin(s), would install it? Well, in the case of lynx, where the filename of the executable matches the package name, it's fairly simple: lucid-nonsense:/usr/ports:% cd /usr/ports lucid-nonsense:/usr/ports:% make search name=lynx Port: ja-lynx-2.8.7.r1 Path: /usr/ports/japanese/lynx Info: A terminal-based World-Wide Web Client with multi-byte modification Maint: po...@freebsd.org B-deps: libiconv-1.14 R-deps: libiconv-1.14 WWW:http://lynx.isc.org/current/ Port: ja-lynx-2.8.8.d3 Path: /usr/ports/japanese/lynx-current Info: A terminal-based World-Wide Web Client with multi-byte modification (development version) Maint: po...@freebsd.org B-deps: libiconv-1.14 R-deps: libiconv-1.14 WWW:http://lynx.isc.org/current/ Port: lynx-2.8.7.2,1 Path: /usr/ports/www/lynx Info: A non-graphical, text-based World-Wide Web client Maint: jhar...@widomaker.com B-deps: gettext-0.18.1.1 libiconv-1.14 openssl-1.0.1_4 R-deps: gettext-0.18.1.1 libiconv-1.14 openssl-1.0.1_4 WWW:http://lynx.isc.org/ Port: lynx-2.8.8d12_1 Path: /usr/ports/www/lynx-current Info: A non-graphical, text-based World-Wide Web client Maint: joh...@freebsd.org B-deps: gettext-0.18.1.1 libiconv-1.14 libidn-1.25 openssl-1.0.1_4 pkgconf-0.8.9 R-deps: gettext-0.18.1.1 libiconv-1.14 libidn-1.25 mime-support-3.52.2 openssl-1.0.1_4 pkgconf-0.8.9 WWW:http://lynx.isc.org/current/ However, in the general case, there isn't (as far as I know) a database of all of the files installed by all of the packages that can be generated from the ports. I believe bapt@ had plans to gather this sort of data on the yet-to-be-commisioned pkgng build cluster. As that's currently out of action as a consequence of the security incident, and the whole package building system is being revised, I don't know if that's still on the cards or likely to be implemented any time soon. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matt...@infracaninophile.co.uk signature.asc Description: OpenPGP digital signature
Re: Gentoo Solution to Nanny Terminal Problem
On 05/07/2012 15:58, Sean wrote: On 05/07/2012, at 10:02 PM, Richard Yao wrote: The second is the e-file command, which will query that database for whatever follows it. For example, if I want to find out which package installs repoman, I can do `e-file repoman`. I can also do `e-file /usr/bin/repoman`. if FreeBSD had an equivalent to this command, this command, then I imagine that calls for Ubuntu/Fedora features should cease. Gentoo users seem to be happy with e-file. 0:55 Fri 06-Jul sean@queen [~] pkg_info -W bash /usr/local/bin/bash was installed by package bash-4.2.28 0:57 Fri 06-Jul sean@queen [~] pkg_info -W /usr/local/sbin/sendmail /usr/local/sbin/sendmail was installed by package postfix-2.9.3,1 Not the same thing. Richard's command doesn't need the packages to be installed first. It's answering what package should I install to get this program? rather than what package did this program come from? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Pull in upstream before 9.1 code freeze?
On 05/07/2012 19:09, Mark Felder wrote: On Thu, 05 Jul 2012 11:05:42 -0500, Damien Fleuriot m...@my.gd wrote: Using a third-party's name servers is not an option And how can you trust that your port 53 TCP/UDP traffic isn't being redirected and you're talking to the real root servers? I think you're being a bit too paranoid... DNSSEC. That's how. Well, it doesn't stop your traffic being redirected, but it does guarantee that the data you receive is authentic. The tricky bit is ensuring that your queries don't get redirected between the stub-resolver built into libc, and whatever trusted recursive resolver does the DNSSEC validation for you. AFAIK, no operating system has a stub resolver the capability to validate DNSSEC. But that would be a really excellent enhancement if it was feasible. Cheers, Matthew PS. Too paranoid? That's impossible. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Better error messages for command not found (was Re: Pull in upstream before 9.1 code freeze?)
On 05/07/2012 19:06, Yuri wrote: It would be useful to have a command that finds the port name(s) by the command name when needed though. Today, for example, while searching for package that has a command 'svlc' I do 'cd /usr/ports make search key=svlc' and it finds nothing instead of finding multimedia/vlc. make search seems to search through package names, dependency names, but not command names for some reason. make search uses the INDEX, and that doesn't contain any information about the files installed by ports. Building a file index might be possible, but it would be several times the size of the existing INDEX and take correspondingly longer to generate. Also, you'ld probably want it as a sqlite database or BDB file for performance, rather than plain text. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: TeXLive merge into FreeBSD ports tree - FreeBSD project idea
On 21/06/2012 21:41, Christopher J. Ruwe wrote:
In portage, there is a knob package_provided meaning that the package
referenced as being provided is installed externally and that portage
does not need to resolve said dependancy, as it is already there.
I do not know of a similar FreeBSD-construct, but have really wished for
something alike to stop the pulling in of the teTeX-tree.
Ports sort of does this automatically. Some of the time. It depends on
how the port is written.
If you've got a dependency line like:
RUN_DEPENDS=fc-cache:${PORTSDIR}/x11-fonts/fontconfig
or
LIB_DEPENDS=expat:${PORTSDIR}/textproc/expat2
then in the first instance the ports will check for the existence of
fc-cache as an executable on $PATH, and in the second instance for
libexpat.so as a shared library known to ld.so(1). There's nothing to
say that either of those files should have been installed from the
ports, and you can install quite happily against a non-ports-installed
dependency. Ports management software like portmaster(8) or
portupgrade(8) can get confused by this and may try and install the
dependency from ports in some circumstances.
However, if you've got a dependency that looks like so:
BUILD_DEPENDS= p5-BerkeleyDB0:${PORTSDIR}/databases/p5-BerkeleyDB
ie. with or = and a version number, then the ports checks for the
installation of a package of at least the specified version. So in this
case, the ports has to be used to fulfil the dependency. (Perl module
dependencies are pretty much always done in this form nowadays in order
to avoid having to use ${SITE_PERL} in dependency lines.)
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
signature.asc
Description: OpenPGP digital signature
Re: [ANN] host-setup 4.0 released
On 03/01/2012 16:52, Rick Macklem wrote: The basics are in RFC4291, but I think that inet_pton(3) knows how to deal with it. (I think :: can be used once to specify the longest # of 16bit fields that are all zeros.) RFC 4291 has a basic description of the textual representation of IPv6 addresses, but it is ambiguous: there are several different ways to present the same address according to the RFC 4291 rules. inet_pton(3) follows RFC 5952 which is a superset of the 4291 rules, only allowing a single, unambiguous representation for each IPv6 number. After inet_pton() has translated it to a binary address, then the macros in sys/netinet6/in6.h can be used to determine if the address is a loopback, etc. While 5952 describes how to correctly present an IPv6 address, there's still lots of important other stuff in 4291. For instance bit 70 in an IPv6 address flags that the address is derived from a number hardwired into the interface -- typically the ethernet MAC address, as is commonly done for SLAAC (StateLess Address Autoconfiguration: RFC 4862, rtsold(8), rtadvd(8)). So an arbitrarily invented address should have that bit set to zero. Bit 71 is also special, indicating manycast vs unicast, and should also be zero for the vast majority of uses. See http://www.infracaninophile.co.uk/articles/hotchpotch.html#rand-.pl for some perl code that operates in this area. Also of interest: RFC 5156 which lists IPv6 address ranges dedicated to special purpose usages, and RFC 4193 which roughly is the IPv6 equivalent to RFC 1918, but somewhat more complicated. You might find https://www.sixxs.net/tools/grh/ula/ relevant too, although actually using that as a registry is pretty pointless. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: [ANN] host-setup 4.0 released
On 03/01/2012 17:59, Garrett Cooper wrote: 4. Prefixing the IPv6 address with fe80: generally means it's an IPv4 - IPv6 address (IIRC). Nope. That's a link-local address. Any NIC can configure itself with and address using that prefix and a host part generated from the MAC address completely automatically, and thus communicate on any locally attached network. (See RFC 5156 for the gory details.) IPv4 mapped addresses are like this: :::192.0.2.0 (or you can express the 32 bits of the IPv4 address as two colon-separated hex strings in the usual IPv6 idiom.) Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: [ANN] host-setup 4.0 released
On 03/01/2012 18:11, Devin Teske wrote: -Original Message- From: owner-freebsd-hack...@freebsd.org [mailto:owner-freebsd- hack...@freebsd.org] On Behalf Of Matthew Seaman Sent: Tuesday, January 03, 2012 10:07 AM To: freebsd-hackers@freebsd.org Subject: Re: [ANN] host-setup 4.0 released On 03/01/2012 17:59, Garrett Cooper wrote: 4. Prefixing the IPv6 address with fe80: generally means it's an IPv4 - IPv6 address (IIRC). Nope. That's a link-local address. Any NIC can configure itself with and address using that prefix and a host part generated from the MAC address completely automatically, and thus communicate on any locally attached network. (See RFC 5156 for the gory details.) IPv4 mapped addresses are like this: :::192.0.2.0 (or you can express the 32 bits of the IPv4 address as two colon-separated hex strings in the usual IPv6 idiom.) Out of curiousity, when did the spec change from single-octets to double-octets? I remember early-on seeing IPv6 addresses represented in a form that resembled MAC address specifications. AFAIK, it's been groups of up to four hex digits from the start -- certainly it's been that way for 15 years or more. At least, I've never seen anything different, other than the special exemption for IPv4 mapped addresses. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Does anyone use nscd?
On 05/10/2011 09:43, Dag-Erling Smørgrav wrote: While we're at it, I'd be very grateful if someone could email me a quick and dirty guide to setting up an LDAP server for testing. I have too much on my plate right now to start reading documentation... The Quick Start guide on the OpenLDAP site is pretty good: http://www.openldap.org/doc/admin24/quickstart.html although steps 1 -- 8 just boil down to 'install from ports' on FreeBSD. Notes: 1) Don't enable SASL -- it adds a lot of complexity but doesn't change anything fundamental in the way LDAP works for testing purposes. 2) The default schema include inetOrgPerson and Posix which is enough to deal with basic Unix users and groups. If you want to do anything more advanced (eg. sudo related or OpenSSH LPK patches) then you'll need to import some external schema. I recommend always copying the schema files into $PREFIX/etc/openldap/schema or else casually removing a port could prevent your slapd from restarting days or weeks later... 3) The structure of an LDAP tree is site-specific and can be quite different between different organizations, but in essence it consists of sorting and grouping various classes of objects into various subdirectories of your directory tree. For testing purposes, impose at least a minimal amount of structure. As the quick start guide suggests, use the dc=example,dc=com form based on your domain name to root your LDAP tree. Within that, create some sub-directories 'ou=Users', 'ou=Groups', 'ou=Hosts' for storing objects of the appropriate types. This should provide a reasonable parallel to what most people would use in production. 4) ACLs and permissions are pretty complex in LDAP. This is something where you are going to have to spend some quality time with the manuals I'm afraid. 5) phpldapadmin is a pretty good tool for populating a directory with test data. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: ifconfig output: ipv4 netmask format
On 08/04/2011 16:53, Garrett Cooper wrote: One thing I've been curious about for a while that I haven't had an opportunity to look into is: what does IPV6 look like? I understand that the /netmask bit is added to the end of addresses, but what does the netmask actually look like? Like this: lucid-nonsense:~:% ifconfig re0 inet6 re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=389bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC inet6 fe80::e2cb:4eff:fe26:6481%re0 prefixlen 64 scopeid 0x1 inet6 2001:8b0:151:1:e2cb:4eff:fe26:6481 prefixlen 64 inet6 2001:8b0:151:1:: prefixlen 64 anycast inet6 2001:8b0:151:1:3950:9ee6:9c6b:8a8b prefixlen 64 inet6 2001:8b0:151:1:3fd3:cd67:fafa:3d78 prefixlen 64 inet6 2001:8b0:151:1:78ea:429a:bbd9:f62f prefixlen 64 inet6 2001:8b0:151:1:d2f:23d1:314c:5e2e prefixlen 64 inet6 2001:8b0:151:1:57f9:9484:e8b0:12d1 prefixlen 128 IPv6 doesn't deal in netmasks per-se: just in the length of the network prefix. (64 is typical. 48 also fairly common.) Cheers -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: [RELEASE] host-setup(1): a dialog(1)-based utility for configuring FreeBSD
On 11/02/2011 18:08, Devin Teske wrote:
$ time blen2netmask 26
255.255.255.192
real0m0.004s
user0m0.001s
sys 0m0.004s
That's pretty fast, I'd say ^_^ (faster than the other implementations
-- especially considering that it doesn't have to fork anything).
There are only 33 possible netmasks -- did you evaluate simply
enumerating them all and simply looking up the result?
Hmmm...
blen2netmask() {
local nbits=$1
case $nbits in
0) echo '0.0.0.0' ;;
1) echo '128.0.0.0' ;;
2) echo '192.0.0.0' ;;
3) echo '224.0.0.0' ;;
4) echo '240.0.0.0' ;;
5) echo '248.0.0.0' ;;
6) echo '252.0.0.0' ;;
7) echo '254.0.0.0' ;;
8) echo '255.0.0.0' ;;
9) echo '255.128.0.0' ;;
10) echo '255.192.0.0' ;;
11) echo '255.224.0.0' ;;
12) echo '255.240.0.0' ;;
13) echo '255.248.0.0' ;;
14) echo '255.252.0.0' ;;
15) echo '255.254.0.0' ;;
16) echo '255.255.0.0' ;;
17) echo '255.255.128.0' ;;
18) echo '255.255.192.0' ;;
19) echo '255.255.224.0' ;;
20) echo '255.255.240.0' ;;
21) echo '255.255.248.0' ;;
22) echo '255.255.252.0' ;;
23) echo '255.255.254.0' ;;
24) echo '255.255.255.0' ;;
25) echo '255.255.255.128' ;;
26) echo '255.255.255.192' ;;
27) echo '255.255.255.224' ;;
28) echo '255.255.255.240' ;;
29) echo '255.255.255.248' ;;
30) echo '255.255.255.252' ;;
31) echo '255.255.255.254' ;;
32) echo '255.255.255.255' ;;
*) echo $nbits -- not a valid IPv4 netmask length
return -1 ;;
esac
return 0
}
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
Re: Slow disk access while rsync - what should I tune?
On 24/10/2010 14:15, cronfy wrote: I tried to enable async (in hope it will make rsync faster) or even disable softupdates on /backup partition (in hope it will make rsync slower and OS filesytem cache will not be flushed by backups), it did not help. I also want to try to upgrate to Adaptec 5405 (it has 256M of write cache) or move mysql databases on a separate SAS disk, but I just not quite sure what will help better. rsync has standard options to limit the bandwidth it will consume. Making it write through a narrow pipe will also slow down the rate of disk accesses, so should help control the impact on other services on the machine. However, taking backups slowly makes it harder to ensure you have a consistent backup, so I recommend you investigate snapshotting the filesystem (well supported for UFS, trivially easy for ZFS) and then backup the snapshot as slowly as you like. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: virtual machine on mac os x 10.6 to run FreeBSD ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/03/2010 12:41:57, Jiandong Lu wrote: I have a macbook pro,and I want to do hack onFreeBSD.I have tried sun virtualbox,and failed to install FreeBSD 8 on virtualbox. Works for me. IIRC the trick was to tick the 'Enable IO APIC' check box. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkustT0ACgkQ8Mjk52CukIznCACePL2KVgPN+qLDBHF3XwX2MynN xZQAmgLIE3uAHmBCj8+h9Epc9CdbJqL/ =LABr -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: To sendmail or to postfix that is the question?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/03/2010 10:13:21, Paul Wootton wrote: Sorry to hi-jack your thread, but this is also something I am currently looking in to I really wanted to use Sendmail as a friend knows Sendmail fairly well and I have a Sendmail book, but what I am wanting is the ability to have mail for virtual users, ie I might have 4 admin accounts, ad...@domain1.com ad...@domain2.com ad...@domain3.com and ad...@domain4.com and want all the accounts to be independent of each other and not necessarily have a real UNIX user account. I know I can create 4 different admin accounts say admin1, admin2, admin3, admin4 and then use the virtual users table, but I can see that getting a little messy and from the end user's point they are going to have unusual login names. I know I can do this in Postfix, but is it possible in Sendmail? Sure, this is possible in sendmail, and you have already identified the way to do it: virtusertable, but as you say, the local user accounts end up looking pretty unusual. Unless you've got a delivery system that also takes account of the domain part of an e-mail address (something that is pretty unusual with sendmail(8)) you have to map all of the accepted mail addresses into a set of local userids: so ad...@domainx.com -- admin-domainX. The only good way of doing that is with virtusertable, since that's the only aliasing mechanism in sendmail which looks at the domain part of an address. aliases treats all of the RHSes as equivalent, so long as they belong to the set of addresses sendmail knows is locally delivered. On the other hand, virtusertable is a 1:1 transformation, aliases is a 1:many transformation -- the two different address transformation mechanisms is a historical peculiarity of sendmail and makes virtual server setups like this pretty tricky. To deliver to mailboxes where the userid includes a domain part, you have to have a mail-user database distinct from the password file and you will need to rewrite large parts of the basic message processing in sendmail.cf. As well, you'll need a fairly heavy-weight IMAP server like cyrus IMAPd for this functionality (does dovecot support it? no idea.) Doing this sort of stuff in other MTAs is easier than doing it in sendmail. postfix would be my choice. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuYzzYACgkQ8Mjk52CukIxSMwCffdtKiVQ8XWvpjLPs+zMmsDth aw8Ani9AhuC04YMAkLsDLfMWhR4mo9QP =FMxw -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Jail on 2 interfaces?
Mel Flynn wrote: Hi, I don't see this documented in jail(8) nor rc(8) nor defaults/rc.conf, so is it possible to have 2 IP's on 2 ethernet interfaces? And if so, is it settable for rc(8)? The usage case is to have the same jailed proxy server on two seperate internal networks. Ideally, the proxy will use one address for outgoing, so I guess I'll need a default route or dive into the squid config. At present I have: ifconfig_bge0=inet 192.168.177.60 netmask 255.255.255.0 ifconfig_em0=inet 192.168.176.60 netmask 255.255.255.0 ifconfig_em0_alias0=inet 192.168.176.62 netmask 255.255.255.255 jail_squid_rootdir=/usr/squid jail_squid_ip=192.168.177.62 jail_squid_ip_multi0=192.168.176.62 jail_squid_interface=bge0 But this created the IP on bge0 even though one exists on em0. Is it as simple as not specifying the interface and add the 177.62 alias on bge0? Ideally I'd have a jail_$jail_ip_multi$aliasno_interface=foo0, but my main worry is that the jail infrastructure understands the routing involved. To do this directly is now possible in 8.0-RELEASE or better. You will need a custom kernel with 'options VIMAGE' and I believe the standard jail startup scripts need a bit of work in order for them to start the jail with the correct command line arguments to enable the vnet functionality. Note that vnet is /experimental/. It may eat your homework and blame it on your dog. It is also known not to work yet with various subsystems which haven't had the necessary recoding to understand the new kernel structures. Probably the most significant missing bit is pf(4). Alternatively, you can achieve much the same effect that you want by using a simple one-ip jail and writing firewall rules to redirect traffic into it, and NAT traffic coming out of it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: small usr.bin/find patch
Alexander Best wrote: hmmm...but dd e.g. uses lowercase instead of upercase letters to indicate kilobyte, megabyte and so on. isn't there some unix/posix/whatever standard telling app developers what to use? Sure. The standard for scale-prefixes is defined by the Systeme Internationale as part of the definition of SI units: http://www.npl.co.uk/reference/measurement-units/si-prefixes/ Note that these are strictly powers-of-10^3 multipliers, and explicitly not the computing style powers-of-2^10 commonly used for file sizes or hard drive capacities, which should instead use the somewhat clunky Ki, Mi, Gi etc. forms: http://physics.nist.gov/cuu/Units/binary.html These binary prefixes are mandated by the IEC and approved by the IEEE amongst others. Not that many people use the binary prefixes appropriately, relying on context to disambiguate 1 MB = 1024 KB = 1,048,576 Bytes etc. Except that (confusingly) as a measure of network bandwidth 10 Mb/s always was 10,000,000 b/s and never 10,485,760 b/s; a fact that has caught me out more than a few times. Making find(1) / dd(1) / etc. operate pedantically correctly with these scale-factor symbols would cause a certain degree of pain for little practical gain. Unless there was a broad consensus amongst all Unixoid OS providers, I can't see that change ever happening. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK signature.asc Description: OpenPGP digital signature
Re: gcache [was: Re: 3x read to write ratio on dump/restore]
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Christian Brueffer wrote: | On Mon, Jan 12, 2009 at 11:41:11AM +0100, Christoph Mallon wrote: | Yoshihiro Ota schrieb: | Try GEOM Cache(gcache). | Just a side note: gcache does not seem to have any documentation. man | gcache is unsuccessful, geom(8) does not mention it (geom and gcache | are the same hardlinked binary). Is there information about it somewhere? | ___ | | A manpage for gcache is currently under review. Hopefully it will be | committed in the next couple of days. Unfortunate name clash with apache13-ssl's gcache though. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 ~ 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate ~ Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAklrN/0ACgkQ8Mjk52CukIxRcwCfQYWp6FHjrsFn0u3MBofWlhNg mhgAnRz2zNyW4WSe8W8Lc+0XK49LVPud =trWs -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Severe DNS Problems, 6.2-RELEASE, BIND 9.5.2
[EMAIL PROTECTED] wrote: I'm having severe DNS problems. I'm running 6.2-RELEASE, and I upgraded to the bind9 port (after cvsup) on July 14. Starting yesterday morning, DNS became very, very slow. If I repeated a dig command three or four times, I could get an answer after 20-30 seconds. This morning I cvsupped again and installed the bind95 port. Still very, very slow. I will probably shift my server to a FreeBSD 7.0 system this weekend, but I would like very much to understand what's going on. Did you configure DLV (DNSSEC Look-aside Validation)? If so, you were probably bitten by the ISC key timing out. Key roll-over was scheduled for the month leading up to Tuesday 21st. Get the new key from: https://secure.isc.org/ops/dlv/index.php#dlv_key Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SSH Brute Force attempts
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Oliver Fromme wrote:
| Ollivier Robert wrote:
| According to Henrik Hudson:
|Yeap, -security
|
|However, also try this in pf.conf (specific rules related to this; you'll need
|more for a real pf.conf):
|
|table badguys { } persist
|block in quick from badguys
|pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state
|(max-src-conn 5, max-src-conn-rate 4/300, overload badguys flush global)
|
| That one is very effective.
|
| It's especially effective to enable to DoS you.
| An attacker simply has to spoof the source address
| on SYN packets, which is trivial. :-(
Adding a whitelist of ssh addresses that should never be blocked is equally
trivial
But, like the perl folk say: TIMTOWTDI.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. Flat 3
~ 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
~ Kent, CT11 9PW, UK
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREDAAYFAkjiQKsACgkQ3jDkPpsZ+VbzsgCfY64vNfuMhRrGRYgK4rDawWq4
xDwAnRMXY54hiooKCFBp7U/SxILUsxsa
=yQm5
-END PGP SIGNATURE-
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SSH Brute Force attempts
Jeremy Chadwick wrote: You naturally have to keep pf.conf.ssh-* in sync if you have multiple machines. You can use pfsync(4) to accomplish this task (I think), or you can do it the obvious way (make a central distribution box that scp/rsync's the files out and runs /etc/rc.d/pf reload). pfsync sychronises the dynamic state sessions between machines -- ie. basically what you see by doing 'pfctl -ss' It doesn't as far as I know synchronise table contents even if the table changes are themselves dynamically generated in response to traffic. rsync is your friend here. As for blocking based on geographical source of IPs -- I see where you're coming from, but you've missed out one of the largest territories that is the source of this sort of thing, namely the USA. The best strategy IMHO is to foil the automated password guessers but not using passwords. SSH key based auth works nicely, is easy to setup and use and is unfeasible to break by trial and error across a remote network connection. Using firewall blocking on top of this is still useful (to reduce the noise in the log files and stop system resources being sucked up by SSH's crypto requirements) but it shouldn't be a necessity. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Temp files in /etc
Joshua Piccari wrote: I have a shared /etc folder that is mounted read-only to the different jails that share it. Some of the configuration files which need to be dynamic from jail to jail are replaced with symbolic links to the jails /usr/local/etc folder. The reason for mount /etc as read-only is to ensure that none of the jails accidentally modify the configurations for all the jails sharing these configurations. However, there is an issue with creating temp files on a read-only system which means I will have to work around this somehow. I thought about setting the schg flag on all the files in the shared /etc folder but I don't want one jail to be able to add a rc.d script for every jail. Can't you use a unionfs to achieve what you want? Abstract out all the common data to filesystem that you mount read-only, and then use unionfs to mount a per-jail read/write overlay on top of that? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Idea for FreeBSD
Jeremy Chadwick wrote: On Wed, Aug 06, 2008 at 07:14:51PM -0400, [EMAIL PROTECTED] wrote: To who it may concern, I am A FreeBSD administrator as well as a Solaris Administrator. I use BSD at home but Solaris at work. I love both OS's but I would like to increase the administrative capability of FreeBSD. In Solaris 10 the Services Management Facility (SMF) was introduced. Basically what it does, is take all the rc.d scripts and puts them into a database to manage. Everything is converted to XML and two basic commands (svcs and svcadm) are used to manage everything. I highly recommend you and anyone advocating the use of XML for such things read the following whitepaper/study, in full: http://www.cs.kent.ac.uk/pubs/2004/2102/content.pdf Heh. Loved all the little asides to Nancy... Amazing it hasn't been fixed in 4 years. Anyhow, yes: ASN.1 is smaller, and hence faster than XML for networked applications. Which is fine, but as far as I can see doesn't address the question at hand. There are two connected questions here: * What technology should be used to implement the FreeBSD rc.subr system? * What functionality could or should be added to the FreeBSD rc.subr system? Where the answer to the first question clearly constrains the results of the second. So what are the requirements for the rc system? Off the top of my head -- and I've probably missed some vital considerations here -- in order of priority: 1 reliability. The system has to boot up. 2 repeatability. The system has to boot up in a consistent state 3 fault tolerance. The system cannot fail to boot up unless the problems really are terminal. 4 configurability. The system has to boot up correctly for all conceivable combinations of hardware and software. 5 portability. Should run on anything from the smallest of embedded devices to the most enormous high power super computers to the most transient of virtualized hosts. 6 manageability. Must be comprehensible by ordinary mortals. 7 efficiency. Must bring the system up as fast as is practicable and without excessive use of system resources What does XML-based technology bring to this? As the OP states the primary benefit is in manageability. I would contend that the advantage claimed here is rather less significant than indicated. We already have a central database of configuration information -- /etc/rc.conf -- and while we don't have one single application to control starting and stopping services we have the next best thing: a consistent user interface for calling the individual rc-scripts. Indeed, as other posters have shown elsewhere in this thread, adding that sort of functionality is only a Small Matter of Programming using the existing tools. What's wrong wwith using XML? XML adds significantly to the complexity of an rc system -- it's suddenly necessary to have another shlib or two and several compiled applications available early in the boot process. XML itself is too general-purpose: it has too much baggage designed for its primary function of facilitating interoperation between diverse systems in different zones of control, none of which is particularly applicable to system startup. I can see the attraction of writing a nice pointy-clicky database-backed GUI management interface to encourage the uninitiated administrator, but that can only be an adjunct to the current setup, not a replacement. If you can't fix a broken system via a text only serial console accessed across whatever sort of low-bandwidth emergency connectivity you could imagine, then I suspect quite strongly it's not going to receive wholehearted community approval. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: IPv6 CVS
Stefan Sperling wrote: On Tue, Aug 05, 2008 at 02:16:35PM +0400, Maxim Konovalov wrote: On Tue, 5 Aug 2008, 19:52+1000, Tim Clewlow wrote: Hi all, Does anyone know if there are any IPv6 CVS servers for FreeBSD? (As in receiving the STABLE and ports branches) I currently use cvs.freebsd.org but it dosent have an record. Ta Peg dig cvsup4.freebsd.org cvs != cvsup. Speaking of cvsup -- cvsup4.ru.freebsd.org has an ipv6 address as well. AFAIK the Modula3 runtime does not support IPv6. Yeah, you have to use an IPv6 to IPv4 proxy like stone. (ports: net/stone, http://www.gcd.org/sengoku/stone/) Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: embedding pdf viewers in firefox
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
KAYVEN RIESE wrote:
as you can see, i am running the freeBSD OS. i have a gnome desktop. i
usually run firefox browser (i note that gnome has built in browser
called ephinany). i am dissatisfied with the fact that if i browse to a
webpage that contains pdf content that i am forced to save the file.
Verb. Sap. It's best to start a new thread when you have a new subject.
Changing the subject on an old thread will tend to hide your message
quite effectively in some mail clients, plus hijacking someone else's
thread is rude at best. This is also a subject more suitable for
[EMAIL PROTECTED] rather than [EMAIL PROTECTED]
Anyhow, if you are running native FreeBSD firefox, then simply install
print/acroread7. This includes a browser plugin that has the effect you
desire:
/usr/local/Adobe/Acrobat7.0/ENU/Browser/intellinux/nppdf.so
In order to get firefox to load the plugin it needs to be wrapped in a
small amount of translation code and made available in the appropriate
directory. To do that install the www/nspluginwrapper port. Then run:
% nspluginwrapper -v -a -i
as your own UID. This will create objects in ${HOME}/.mozilla/plugins
Stop and restart firefox. Type about:plugins into the URL bar and it should
now show (amongst others):
Adobe Reader 7.0
File name: npwrapper.nppdf.so
The Adobe Reader plugin is used to enable viewing of PDF and FDF files from
within the browser.
Et voilĂ .
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHnEz88Mjk52CukIwRCKduAJ4v7lCxGbsiCjyzLqGb+dRKtRCeJwCdH1rD
iycULv8rmO1PSozE2xRkWBs=
=MzpM
-END PGP SIGNATURE-
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fetching thermal information from HP servers
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Jeremy Chadwick wrote: On Fri, Jan 25, 2008 at 11:27:35AM +0100, Attila Nagy wrote: Any ideas what could be done to make the hardware sensors usable on HP servers? I have a bunch of DL3xx, BL2xp, BL4xxc machines running FreeBSD and all of them have: hw.acpi.thermal.tz0.temperature: 8.3C hw.acpi.thermal.tz0._PSV: 9.8C hw.acpi.thermal.tz0._CRT: 31.3C These values are constant on all machines, regardless of the number of CPUs, the type and the load. The sysctls remaining static is due to the BIOS vendor choosing to make them static values, rather than tying them into the HWM hardware on the board. This is common on a lot of Asus consumer motherboards as well. All you can do is complain to the system/BIOS manufacturer. It ultimately depends on what HWM is on all of the above servers, and whether or not utilities like sysutils/mbmon or sysutils/healthd (the code between the two is very similar, with sysutils/mbmon being more recent) can talk to the IC via old ISA I/O ports or via SMBus drivers. This also depends on some BIOS code to be in place. I'm in a similar boat with our Supermicro SuperServer 5015M-T+ boxes, which use a Winbond W83627EHF IC for serial/lpt/floppy/etc. as well as providing HWM capability. I've been hacking on some code to talk to it for a while via SMBus, and am having some mixed results. (I'm probably going to have to talk to Supermicro...) If HWM is important to you enough to switch OSes, take a look at Linux's lm-sensors framework (which is now in the 2.4 and 2.6 kernels), as it's significantly more advanced than the above two. With HP kit you can also frequently get at the on-board sensors via IPMI - -- kldload ipmi and install ipmitool from ports. Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmdln3jDkPpsZ+VYRA+0LAJ90aVm6RhL4G91weRC1+Q3cK4jrQgCcDvA0 trBjl290pdEc+dDw23xUe0U= =5Bd+ -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tar output mode for installworld
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim Kientzle wrote: Paul Schenkeveld wrote: Having a file describing everything that gets installed would also benefit later upgrades to a system. One of my questions: Does my proposed format suffice for these other purposes? If not, what other features would be required? Is it worth trying to design a single format that handles these various cases? Being able to record a series of incremental changes in a filesystem hierarchy, and then roll them back as required. That would be exceedingly useful, and I think your 'ntree' format has virtually everything necessary to do that. The most obvious missing bit I can see is creating a backup of a file before overwriting it with different content. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGmyP+8Mjk52CukIwRCGaUAJ0c8j9l4h08dIRBY8bFuX0XA/v4HgCfR7iX F0BjIjIz0ds+EEV74H/JIBs= =J76U -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tar output mode for installworld
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim Kientzle wrote: Being able to record a series of incremental changes in a filesystem hierarchy, and then roll them back as required. That would be exceedingly useful, and I think your 'ntree' format has virtually everything necessary to do that. The most obvious missing bit I can see is creating a backup of a file before overwriting it with different content. Is this something that requires changes to the specification file format, or just a feature of the tool that uses the specification file? If the former, what do you envision would be required? In your example earlier you said not entirely unlike the following: #%ntree bin/echo contents=my/bin/echo uid=0 gid=0 group=wheel I've taken the liberty of reordering it a bit, because then it can be interpreted (for example) as directly translating into a sequence of shell commands: cp my/bin/echo /bin/echo chown 0 /bin/echo chgrp 0 /bin/echo chgrp wheel /bin/echo This could be seen as a fragment of the process of building the /bin filesystem from scratch, or as a patch to an existing /bin filesystem, overlaying the echo command with a new version. Thinking of it as the latter, so long as you know where to copy the original /bin/echo to and how to record various other metadata then you can fairly readily write another ntree program that reverses the effect of this one[*]. The tool used to unpack the ntree file would have to record the original file metadata (presumably directly in ntree format), and you'ld probably need a reasonably cunning approach to storing the backup copies of files so you avoid accidentally overwriting them. (Use the checksum of the file as the name to store it under? Some sort of directory hashing probably useful too) Cheers, Matthew [*] almost literally by reversing the sense of each command and then reversing the order they are applied. Admittedly this is a trivial example, but I don't see why that approach shouldn't work in general. - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGm6zb8Mjk52CukIwRCCTtAJ9cLxb13VEmr06WVKX4r7D3z9UkVQCePB94 SE++fRzlgNecWtv6svCYIzE= =o4XJ -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for speed increases in make index and pkg_version for ports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stephen Montgomery-Smith wrote: I have been thinking a lot about looking for speed increases for make index and pkg_version and things like that. So for example, in pkg_version, it calls make -V PKGNAME for every installed package. Now make -V PKGNAME should be a speedy operation, but the make has to load in and analyze bsd.port.mk, a quite complicated file with about 200,000 characters in it, when all it is needing to do is to figure out the value of the variable PKGNAME. pkg_version is one thing -- but to build the INDEX you need to extract at least the values of the following variables: PKGNAME .CURDIR PREFIX COMMENT DESCR MAINTAINER CATEGORIES EXTRACT_DEPENDS PATCH_DEPENDS FETCH_DEPENDS BUILD_DEPENDS RUN_DEPENDS LIB_DEPENDS Plus you need to grep in the referenced pkg-descr file for any WWW links. I also extract the values of: MASTER_PORT .MAKEFILE_LIST SUBDIR for my FreeBSD::Portindex stuff. Trouble is, by the time you've extracted all that lot, you have pretty much done the same level of variable processing as you would were you actually going to build the port. One thing that would speed up this process would be a make option to just do parsing of the Makefile and variable expansion, without calling stat(2) on all the various sources and dependencies involved. For instance: happy-idiot-talk:...ports/databases/mysql-connector-java:% truss make -V PKGNAME | grep stat | wc -l 49 It is quite instructive to see what files make(1) touches while doing that. At least half of them are irrelevant if all make(1) is going to do is print out the values of some variables. Multiply that by 17,000 and it adds up to a big waste of effort. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGWpTA8Mjk52CukIwRCI0BAJ0bX5hTAJkMCO6Pl+cA4THv3mKulwCgg+39 kCyAGOTYYz9vEzzM9NRe3no= =MqFV -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for speed increases in make index and pkg_version for ports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ivan Voras wrote: Stephen Montgomery-Smith wrote: I have been thinking a lot about looking for speed increases for make index and pkg_version and things like that. So for example, in pkg_version, it calls make -V PKGNAME for every installed package. Now make -V PKGNAME should be a speedy operation, but the make has to load in and analyze bsd.port.mk, a quite complicated file with about 200,000 characters in it, when all it is needing to do is to figure out the value of the variable PKGNAME. As long as far-out ideas are being discussed, how about caching such information (including dependenices) in a file (I'd call it a database but then I'd had to start a holy war :) ) so it's calculated only once, preferably on the portsnap / cvsup servers and not at the end-user? Good idea. http://www.infracaninophile.co.uk/portindex/ Been done before though. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGWwnL8Mjk52CukIwRCNDLAJ4jFCpr5y7uAQi97mVRV3Pc4+c99ACeN9vQ tOc6IzTQ90+wObG34KWQzzw= =XuiO -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DPS Initial Ideas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kris Kennaway wrote: The problem is that maintaining the INDEX is expensive and/or tricky. p5-FreeBSD-Portindex comes close but seems to have some wrinkles. If you'ld just tell me what you perceive the wrinkles to be, then I'd have a fighting chance at addressing them, which I would be glad to do... Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGRsJI8Mjk52CukIwRCCK/AJ0YAGY7HWil/8Lctfr8N4dVfPXUdwCfQeDQ q38/HxnVPoTNBcM25eWWNh8= =y8AK -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DPS Initial Ideas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kris Kennaway wrote: On Sun, May 13, 2007 at 08:46:17AM +0100, Matthew Seaman wrote: Kris Kennaway wrote: The problem is that maintaining the INDEX is expensive and/or tricky. p5-FreeBSD-Portindex comes close but seems to have some wrinkles. If you'ld just tell me what you perceive the wrinkles to be, then I'd have a fighting chance at addressing them, which I would be glad to do... I only looked today so I didn't have time to fully investigate things, which is why you didn't hear from me directly yet :) Basically there are some differences (extra whitespace, etc) that are cosmetic but which make validation against the full INDEX build more difficult, but the major one seems to be that ports that change their name dynamically (depending on e.g. installed ports detected, or changes in build options) do not seem to have this reflected in the incremental index. Extra whitespace I can fix for you -- it's just the COMMENT field which is affected IIRC. I just copy the string exactly as shown in the port's Makefile. make index collapses multiple whitespace to single. As you say, cosmetic. Also I get the sorting 'for free' by using the properties of BDB btrees. Unfortunately it disagrees somewhat with the collation order generated by sort. Ports that change their name dynamically are tricky. If it really is an automatic change without administrative intervention then there's not a lot I can do -- and I believe such behaviour is held to be a bug by the ports system. I do use the port directory as the unique key for referring to any port, whereas make index uses the pkgname when writing out the INDEX, which causes some differences. An example: games/freeciv. If you have one of the gtk packages installed (as I do) it will automatically change package name: happy-idiot-talk:...ports/games/freeciv:% make -V PKGNAME freeciv-gtk2-2.0.8_2 This generates an warning about 'duplicate package name' with make index, (due to a collision with the games/freeciv-gtk2 slave port) and only one row in the final INDEX. With FreeBSD::Portindex, no errors are generated at all, and there are entries for both the main and slave ports like so: happy-idiot-talk:/usr/ports:% grep ^freeciv-gtk2 INDEX-6 | cut -c 1-78 freeciv-gtk2-2.0.8_2|/usr/ports/games/freeciv|/usr/local|Free turn-based multi freeciv-gtk2-2.0.8_2|/usr/ports/games/freeciv-gtk2|/usr/local|Free turn-based I can certainly add a check for duplicate PKGNAME and emit warnings. In order to be sure of getting the canonical INDEX-N you'ld need a system with no ports installed. Well, other than p5-FreeBSD-Portindex and dependencies -- none of which suffer from this problem. Where the package name changes due to explicit administrative choice, in the main that's either due to setting variables in the environment (which make later picks up), setting variables in the make infrastructure (eg /etc/make.conf) or using one of those blue and grey options screens, which changes a Makefile under /var/db/ports. There's already a facility for scrubbing everything out of the environment except USER, HOME, PATH, SHELL, TERM and TERMCAP Changes in well known Makefiles like /etc/make.conf or any Makefiles under /usr/ports will either trigger a warning message (generally saying you need to reinitialise the cache, because otherwise it would lead to rechecking every port, which might be a big waste of time depending on the nature of the changes to the makefile) or cause any port that includes that Makefile to be re-checked and its cache entry updated. That will pick up most of the places where an administrator might make changes to affect how ports are compiled, although a sufficiently ingenious admin could still put things in such odd places p5-FreeBSD-Portindex wouldn't find them... Tracking changes to OPTIONS settings is a good point though. I need to implement that. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGRvCE8Mjk52CukIwRCEvTAJ98KhyNpbVoSNQ7Aisk6MNQIrDg9ACfXeGc Pjnzdg9a5syzSFs6lKsJkzg= =/Vzb -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DPS Initial Ideas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Matthew Seaman wrote: Extra whitespace I can fix for you -- it's just the COMMENT field which is affected IIRC. I just copy the string exactly as shown in the port's Makefile. make index collapses multiple whitespace to single. As you say, cosmetic. Also I get the sorting 'for free' by using the properties of BDB btrees. Unfortunately it disagrees somewhat with the collation order generated by sort. Here's the result of crunching multiple spaces in the COMMENT fields: happy-idiot-talk:/tmp:% diff -C 0 -u bar foo - --- bar Sun May 13 18:12:08 2007 +++ foo Sun May 13 18:12:01 2007 @@ -1402 +1402 @@ - -lrzsz-0.12.20_1|Receive/Send files via X/Y/ZMODEM protocol. (unrestrictive) +lrzsz-0.12.20_1|Receive/Send files via X/Y/ZMODEM protocol. (unrestrictive) @@ -1476 +1476 @@ - -zmtx-zmrx-1.02|Receive/Send files via ZMODEM protocol. (unrestrictive) +zmtx-zmrx-1.02|Receive/Send files via ZMODEM protocol. (unrestrictive) @@ -1809,2 +1809,2 @@ - -p5-DBI-1.54|The perl5 Database Interface. Required for DBD::* modules - -p5-DBI-1.37_1|The perl5 Database Interface. Required for DBD::* modules +p5-DBI-1.54|The perl5 Database Interface. Required for DBD::* modules +p5-DBI-1.37_1|The perl5 Database Interface. Required for DBD::* modules @@ -1962 +1962 @@ - -postgresql-libpq++-4.0_3|C++ interface for PostgreSQL +postgresql-libpq++-4.0_3|C++ interface for PostgreSQL @@ -2287 +2287 @@ - -vym-1.8.1|VYM (View Your Mind) is a tool to generate and manipulate maps +vym-1.8.1|VYM (View Your Mind) is a tool to generate and manipulate maps @@ -2490 +2490 @@ - -cvs+ipv6-1.11.17_1|IPv6 enabled cvs. You can use IPv6 connection when using pserver +cvs+ipv6-1.11.17_1|IPv6 enabled cvs. You can use IPv6 connection when using pserver @@ -3046 +3046 @@ - -newt-0.51.0_3|Not Erik's Windowing Toolkit: console I/O handling library +newt-0.51.0_3|Not Erik's Windowing Toolkit: console I/O handling library @@ -4189 +4189 @@ - -py24-simpletal-4.1|Stand alone TAL Python implementation to power HTML XML templates +py24-simpletal-4.1|Stand alone TAL Python implementation to power HTML XML templates @@ -4783 +4783 @@ - -vile-9.5n|VI Like Emacs. a vi workalike, with many additional features +vile-9.5n|VI Like Emacs. a vi workalike, with many additional features @@ -4943 +4943 @@ - -vMac-0.1.9.3_1|Emulates a MacPlus machine! Runs MacOS versions up to 7.5.5 +vMac-0.1.9.3_1|Emulates a MacPlus machine! Runs MacOS versions up to 7.5.5 @@ -5582 +5582 @@ - -libfov-1.0.2|C library for calculating fields of view on low resolution rasters +libfov-1.0.2|C library for calculating fields of view on low resolution rasters @@ -6039 +6039 @@ - -xkobo-1.11|Multi-way scrolling shoot 'em up game for X. Strangely addictive +xkobo-1.11|Multi-way scrolling shoot 'em up game for X. Strangely addictive @@ -7304 +7304 @@ - -ja-mypaedia-fpw-1.4.3_2|An encyclopedia Mypaedia (EPWING V1 format) +ja-mypaedia-fpw-1.4.3_2|An encyclopedia Mypaedia (EPWING V1 format) @@ -9582 +9582 @@ - -xless-1.7|An X11 viewer for text files. Useful as an add-on tool for other apps +xless-1.7|An X11 viewer for text files. Useful as an add-on tool for other apps @@ -11135 +11135 @@ - -sniffit-0.3.7b_2|A packet sniffer program. For educational use +sniffit-0.3.7b_2|A packet sniffer program. For educational use @@ -11562 +11562 @@ - -cups-samba-6.0|The Common UNIX Printing System: MS Windows client drivers +cups-samba-6.0|The Common UNIX Printing System: MS Windows client drivers @@ -11825 +11825 @@ - -ru-apache-1.3.37+30.23|The extremely popular Apache http server. Very fast, very clean +ru-apache-1.3.37+30.23|The extremely popular Apache http server. Very fast, very clean @@ -12023 +12023 @@ - -chrootuid-1.3|A simple wrapper that combines chroot(8) and su(1) into one program +chrootuid-1.3|A simple wrapper that combines chroot(8) and su(1) into one program @@ -14936 +14936 @@ - -mozex-1.07_5|Mozex allows users of to use external programs for mail, news, etc. +mozex-1.07_5|Mozex allows users of to use external programs for mail, news, etc. @@ -15712 +15712 @@ - -webreport-1.5|WebReport is a web log statistics program for web hosting sites +webreport-1.5|WebReport is a web log statistics program for web hosting sites This is after running the generated INDEX files through: cut -d '|' -f 1,4 INDEX Mostly it's the standard 'two spaces after a full stop', but there are a number of what look to me like mistakes. I can't parse that mosex entry at all.. Cheers, MAtthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGR0n
Re: DPS Initial Ideas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Matthew Seaman wrote: I can certainly add a check for duplicate PKGNAME and emit warnings. In order to be sure of getting the canonical INDEX-N you'ld need a system with no ports installed. Well, other than p5-FreeBSD-Portindex and dependencies -- none of which suffer from this problem. Hmmm, well, I have the first cut at this now. As an added bonus, it enforces having the port mentioned in the $SUBDIR variable of the category Makefile before it will add it to the INDEX[*]. Turns out there are at least 6 ports present in the tree but not hooked up in that way: happy-idiot-talk:/tmp:% portindex -o INDEX.m | grep 'not referenced' FreeBSD::Portindex::Tree:printindex(): /usr/ports/emulators/linux-vmware-toolbox6 is not referenced from the /usr/ports/emulators category -- not added to INDEX FreeBSD::Portindex::Tree:printindex(): /usr/ports/emulators/vmware-guestd6 is not referenced from the /usr/ports/emulators category -- not added to INDEX FreeBSD::Portindex::Tree:printindex(): /usr/ports/net-mgmt/nipper is not referenced from the /usr/ports/net-mgmt category -- not added to INDEX FreeBSD::Portindex::Tree:printindex(): /usr/ports/net/asterisk12-app-ldap is not referenced from the /usr/ports/net category -- not added to INDEX FreeBSD::Portindex::Tree:printindex(): /usr/ports/x11-fonts/libXfont is not referenced from the /usr/ports/x11-fonts category -- not added to INDEX FreeBSD::Portindex::Tree:printindex(): /usr/ports/x11-fonts/xfs is not referenced from the /usr/ports/x11-fonts category -- not added to INDEX as well as a number of duplicate PKGNAMEs -- mostly to do with A4 vs letter paper size. Cheers, Matthew [*] Should this always be enforced? Hmmm... I think I'll add a '--strict' option, including that. Being able to add arbitrary ports into the INDEX can be vaguely useful sometimes. - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGR4Wi8Mjk52CukIwRCKGwAJ9sflhEHhm7980YfgGWmqGeubMjjgCcDPIi veocs5SgrNnmF6CJ7XBFfL0= =xCKf -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: User mounting take 2
Joe Marcus Clarke wrote: //[EMAIL PROTECTED]/homes/home/%u/smb_homesmbfsrw,noauto,user 0 0 Then, a user could just run, for example: mount /home/marcus/smb_home And their SMB home directory would get mounted (~/.nsmbrc is also respected). Nice. Very nice. A couple of questions though: What happens if the 'noauto' flag is omitted? Or the 'user' flag? Should %u or wild cards work for root? Should they work at boot time (ie. when 'mount -a' is run)? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Using any network interface whatsoever
Mike Meyer wrote: In [EMAIL PROTECTED], Daniel Rock [EMAIL PROTECTED] typed: So I doubt that the overwriting of an Ingres database really happened in Solaris, like some other poster described - unless the administrator fiddled with /etc/path_to_inst by hand (you are free to shoot in your own foot). That happened very early in the life of Solaris, in the early 90s. Persistent numbering was added to Solaris in response to this incident (there were probably others as well). This was on a relatively large server, with something like 4 SCSI buses. A drive was added to a previously unused bus, making it appear between two drives that were already in the system. This gave all the drives further on in the probe sequence a device number one higher than they had previously had. It sounds for me as if you (Mike Meyer) are asking for something like 'acpidump -d' or 'pciconf -l -v' output, but translated into a filesystem abstraction -- ie a tree of directories corresponding to different busses containing device files ordered according to the bus slot they are plugged into. This would be something that you can use either in place of the traditional /dev or as an adjunct to it. I believe Solaris has a /devices tree which does essentially this. In practice however on the systems we deploy we know that the principal network interfaces are the ones on-board the motherboard, and we know that em0 or bge0 is the one closest to the PSU. Similarly for other devices -- disk device numbers can be deduced from the physical slot they are in. Sure it's just a convention, and it helps that the equipment supplier we use is very consistent about such things, and that in general we don't go around plugging USB disk devices into server systems that frequently. But on the whole it works. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: freebsd problem: Cannot detect Hard Disks as RAID
On Wed, Feb 16, 2005 at 05:33:09PM -0800, Amandeep Pannu wrote: I have this Supermicro MB P4SCI and I am using the onboard SATA controllers and making a RAID of two Seagate 80Gb SATA drives but when I try to install FreeBSD 4.11 it doesnt see the drives configured as RAID. Any ideas as if this is supported or not. If I try single drives wihout RAID it sees them happily. This is really [EMAIL PROTECTED] material, but WTH. In one of those coincidental ways these things seem to happen, I just installed 4.11 on one of those mobos a few days ago. One way that seems to work is to set the BIOS to use 'legacy mode', install FreeBSD on the 1st hard drive and then: # atacontrol create RAID1 ad0 ad1 This will create a device ar0 -- so you'll need to modify /etc/fstab at least. I found it easier just to do a minimal install at first in order to get atacontrol working, then just re-install from scratch onto the newly created ar0 device. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor School Rd PGP: http://www.infracaninophile.co.uk/pgpkey Tilmanstone Tel: +44 1304 617253 Kent, CT14 0JL UK pgpYTujhGnzdf.pgp Description: PGP signature
Re: ZFS
On Wed, Sep 15, 2004 at 05:43:38PM +0200, Wilko Bulte wrote: On Wed, Sep 15, 2004 at 05:26:39PM +0200, Andrea Campi wrote.. On Wed, Sep 15, 2004 at 10:59:36AM -0500, Sam wrote: Call me crazy, but does anyone else see this as hooey? 2^64 512B sectors is 8192 zettabytes (zetta, exa, peta, tera, ...). [...] Crappy marketing articles. This one's good though. fortune(6) worthy, I mean: Populating 128-bit file systems would exceed the quantum limits of earth-based storage. You couldn't fill a 128-bit storage pool without boiling the oceans. H... that explains the global warming then... I once calculated that there were sufficient IPv6 addresses (another 128 bit quantity) to provide a distinct address for every cluster of about 10^12 atoms within planet Earth. 10^12 atoms sounds like quite a lot, but it is much smaller than a typical bacterium and a hell of a lot smaller than any transistor ever manufactured: even if you converted the entire planet into a data storage system, you wouldn't have enough matter to build a filesystem that big, let alone power supplies, cabling, support structures etc. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpLsx5R6bUqQ.pgp Description: PGP signature
Re: general load balancing issues
On Mon, Dec 15, 2003 at 12:46:52PM +0100, Bogdan TARU wrote: Right now I am considering a setup with one common NFS repository for the configuration files, Apache binaries, Web content and temp directory for PHP, NFS resource which will be mounted on all the 'front' webservers. I am wondering, though, if I will be able (by having one common temp directory for PHP) to load-balance the domains involving sessions: will the sessions be lost when connsecutive hits go to different webservers, or not? The canonical answer to this is to store the session data in the back-end database, so that it's accessible to all of your servers. See the PHP docs for session_set_save_handler(). There's an example of how to do this in the O'Reilly Platypus book Web Database Applications with PHP and MySQL, or contact me off list and I can send you some sample code. Probably a good idea to take this off-list anyhow, as it's not really [EMAIL PROTECTED] material. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: testing for substrings in perl
On Sun, Oct 05, 2003 at 11:32:11AM -0400, Dan Langille wrote:
Hi,
I have a perl regex to test if a file resides under a particular
directory. The test looks like this:
if ($filename =~ $directory) {
# yes, this filename resides under directory
}
This is working for most cases. However, it fails is the directory
contains a +. For example:
$filename = 'ports/www/privoxy+ipv6/files/patch-src::addrlist.c';
$match = ^/? . 'ports/www/privoxy+ipv6' . /;
if ($filename =~ $match) {
print found\n;
} else{
print NOT found\n;
}
Yes, I can escapte the + in the directory name, but then I'd have to test
for all those special regex characters and escape them too.
That's why perl has the \Q...\E metasymbols:
Try:
$match = qr{^/?\Q$dirname\E/};
See perldoc perlre for details.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp0.pgp
Description: PGP signature
Re: My jail can not ssh..
On Tue, Sep 16, 2003 at 04:16:31AM +0800, maillist bsd wrote: I am just testing jail on my FreeBSD4.8-stable box, i found i can not ssh to the jail environment, but i can telnet to jail environment, the sshd is running both inside and outside jail. What's the problem. This is [EMAIL PROTECTED] material, rather than [EMAIL PROTECTED] I suspect that your problem is that the sshd(8) in your host and jail environments are both binding to IN_ADDR_ANY. That means both daemons are fighting over the loopback interface (at least). Cure is to tell sshd which interfaces to bind to explicitly. So, assuming your host environment uses 192.168.0.1 and your jail uses 192.168.0.2, then add: ListenAddress 127.0.0.1 ListenAddress 192.168.0.1 ListenAddress ::1 to /etc/ssh/sshd_config in the host environment, and ListenAddress 192.168.0.2 to /etc/ssh/sshd_config in the jail environment. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: kern/40611 linux compatibility fix
On Fri, Feb 28, 2003 at 04:47:42PM -0800, Brooks Davis wrote: On Fri, Feb 28, 2003 at 11:47:42AM -0800, Luoqi Chen wrote: Dear Hackers, Is there any chance that the patch given in kern/40611 could be committed to the 4-STABLE tree? It has the desirable effect of making eg. the linux-sun-jdk14 port usable as a non-root user. This would appear to my untutored eye to be a sub-set of the differences already existing between the HEAD and RELENG_4 versions of src/sys/posix4/p1003_1b.c I've a similar but more complete patch. It handles both get and set cases, and also takes into account jailed environment. It should have identical semantics to -current (except for the see_other_uids flag), at least at the time when I created the patch. You may inspect the patch at http://people.freebsd.org/~luoqi/p1003_1b.diff The following is also require for that one to compile. -- Brooks --- posix4.h27 Dec 1999 10:22:09 - 1.6 +++ posix4.h1 Mar 2003 00:00:42 - @@ -61,8 +61,6 @@ MALLOC_DECLARE(M_P31B); #define p31b_malloc(SIZE) malloc((SIZE), M_P31B, M_WAITOK) #define p31b_free(P) free((P), M_P31B) -int p31b_proc __P((struct proc *, pid_t, struct proc **)); - void p31b_setcfg __P((int, int)); #ifdef _KPOSIX_PRIORITY_SCHEDULING Seeing as I had to recompile anyhow because of the sendmail fun'n'games, I decided to give Books' and Luoqi's patches a spin. Happy to say, everything works fine and I have the linux-sun-jdk14 port running happily as non-root both in a jail and under the host environment using 4.8-RC as of yesterday. Is it too late to get these patches into 4.8-RELEASE ? Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
kern/40611 linux compatibility fix
Dear Hackers, Is there any chance that the patch given in kern/40611 could be committed to the 4-STABLE tree? It has the desirable effect of making eg. the linux-sun-jdk14 port usable as a non-root user. This would appear to my untutored eye to be a sub-set of the differences already existing between the HEAD and RELENG_4 versions of src/sys/posix4/p1003_1b.c Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Resizing file-backed vnode disklabels
On Fri, Feb 07, 2003 at 01:30:52PM -0800, Hans Zaunere wrote: Fairly straight forward question I suppose. I'm creating several file-backed vnode devices on a single physical disklabel to support some jails. If I start the file at 1gb is it possible to increase the file without losing the data within it? Would growfs be safe to use? Could I be so bold as to just tack on 100mb of null chars at the end of the file (I would doubt it, although it'd be nice). That's doable. You have to re-write the disklabel to correspond to the new size of the backing store, and you need to make sure the fsize, bsize and bps/cpg fields in the disklabel are set to reasonable values in order for growfs(8) to do it's thing. http://www.freebsd.org/cgi/getmsg.cgi?fetch=403393+411791+/usr/local/www/db/text/2002/freebsd-questions/20021006.freebsd-questions Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Multi-threaded or async Mozilla (NSPR, really)
On Mon, Dec 30, 2002 at 07:56:46PM -0600, D J Hawkey Jr wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] writes: On Sun, Dec 22, 2002 at 07:18:54AM -0600, D J Hawkey Jr wrote: I can't imagine what Moz is doing within it's DNS code, even with the serialized DNS lookups. If nslookup replies within fractions of a second, why doesn't Moz?? Take a look at look at the getaddrinfo(3) man page and then try doing a look up of the or A6 records for the troublesome locations. After looking at the man page, and understanding all of ~35% of it, I'll ask this: Are you referring to the oft-mentioned, ill-configured, INET6 records in some DNS servers, or are you referring to less-than-correct code in FreeBSD's TCP/IP stack, or are NSPR's routines indeed flawed? None of the above --- although they may have an effect in addition to what's observed. It's sites that run DNS server software that doesn't do the right thing when confronted by a lookup of a RR type they don't recognise. Instead of returning a not found result, they seem to not reply at all, which leaves the machine asking the question no option but to sit and wait until the 30s timeout before it can assume it's not going to get a reply. Quite apart from the fact that a request (let alone A6 or DNAME or any of the other more recently introduced types) is hardly that exotic nowadays and any reasonable DNS server software should be able to cope, even if there is no appropriate data available. It's particularly annoying that the prime culprits always seem to be the companies that run banner adverts, and you're left waiting for some silly top of the page image before your browser will render the rest of the page which it has retrieved quite smartly. I've found the http://www.theregister.co.uk/ quite often suffers like that. Of course, just telling Mozilla to refuse the images from the advertiser makes things a whole lot nicer. I guess I'll ask this, too: is getaddrinfo(3) called by gethostbyname(3)? It's the latter that Mozilla/NSPR calls, and is the blamed culprit. Hmmm... it seems not to. My misunderstanding, although it doesn't detract from my main point. According to the man page getaddrinfo(3) is apparently a more modern replacement for gethostbyname(3), and I'd read that as implying that it handled IPv6 whereas gethostbyname(3) didn't. However, a quick peek at the gethostbyname(3) source shows that it is IPv6 capable too, and that gethostbyname(3) doesn't call getaddrinfo(3) or vice versa. For giggles, I disabled INET6 in the kernel, re- built and installed it, and the problem vanished. But this doesn't answer the question: Is it problematic DNS records, a problematic OS, or what? The second, I doubt... It is no fault of yours, for using an OS that follows standards like RFC 2553 which have only been around for 4 years. Eventually, the rest of the world will catch up... Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming, or what? Exactly. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Multi-threaded or async Mozilla (NSPR, really)
On Sun, Dec 22, 2002 at 07:18:54AM -0600, D J Hawkey Jr wrote: I can't imagine what Moz is doing within it's DNS code, even with the serialized DNS lookups. If nslookup replies within fractions of a second, why doesn't Moz?? Take a look at look at the getaddrinfo(3) man page and then try doing a look up of the or A6 records for the troublesome locations. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Perl issue on freebsd 4.x?
On Thu, Dec 19, 2002 at 06:40:21PM -0500, Leo Bicknell wrote: In a message written on Thu, Dec 19, 2002 at 05:45:34PM -0600, GB Clark wrote: What version of Perl is this? I've used syslogging with FreeBSD 4.4/4.5. Have not tried it lately. /usr/bin/perl as shipped on 4.4, 4.5, and 4.7. The perl-5.6.1 and perl-5.8.0 ports show exactly the same behaviour on 4.7. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: X11 display problem
On Thu, Oct 24, 2002 at 06:52:32PM -0700, Kris Kennaway wrote: --nolisten-tcp was added deliberately for security reasons: see the commit logs (it's also documented clearly at the top of the startx manpage). It sounds like an oversight that xdm doesn't do this; I've asked the XFree86 maintainer to investigate and make the corresponding change if necessary. As in: --- /usr/X11R6/lib/X11/xdm/Xservers.origFri Mar 22 18:30:32 2002 +++ /usr/X11R6/lib/X11/xdm/Xservers Fri Oct 25 09:23:10 2002 @@ -10,4 +10,4 @@ # look like: # XTerminalName:0 foreign # -:0 local /usr/X11R6/bin/X +:0 local /usr/X11R6/bin/X -nolisten tcp A very good move indeed, IMHO. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Perl module for periodic scripts
On Tue, Jun 12, 2001 at 02:57:46AM +0200, Cyrille Lefevre wrote: To: Matthew Seaman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Perl module for periodic scripts Reply-To: Cyrille Lefevre [EMAIL PROTECTED] Mail-Copies-To: never From: Cyrille Lefevre [EMAIL PROTECTED] Date: 12 Jun 2001 02:57:46 +0200 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) Matthew Seaman [EMAIL PROTECTED] writes: [snip] by which time the script might just as well be pure perl anyhow... and the perl polution continue... while some people claims perl should goes off whenever possible, you're claiming it should goes on. No. I'm not out to re-write the world in Perl. If you like sh/sed/awk, then great, write code in sh/sed/awk. Me, I prefer perl, but it's not a religious thing. FYI, the date stuff can be written in pure shell. don't know yet about the uniq -i but should be possible w/o perl. I don't doubt that it's possible, but for me, it's a lot easier to do it in Perl. see the following url on a portable (awk and ksh) replacement for date -v-1d : http://groups.google.com/groups?as_q=date2julianas_ugroup=fr.comp.os.unixas_uauthors=cyrille%20lefevre Impressively complicated stuff. Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Perl module for periodic scripts
Valentin Nechayev wrote:
Tue, Jun 12, 2001 at 02:57:46, clefevre-lists (Cyrille Lefevre) wrote about Re:
Perl module for periodic scripts:
FYI, the date stuff can be written in pure shell. don't know yet
about the uniq -i but should be possible w/o perl.
tr '[A-Z]' '[a-z]' | uniq
(does this uniquing requires to preserve case of at least one variant?
I suppose no)
Hmmm...
claudette:/tmp:% cat /tmp/foo
aaa
aaa
aaa
AAB
aab
aab
AAB
AAC
aac
AAC
aac
aac
aac
aac
aad
AAD
AAD
aad
aad
claudette:/tmp:% cat /tmp/foo | sort -f | uniq -ic
3 aaa
4 AAB
7 AAC
5 AAD
claudette:/tmp:% cat /tmp/foo | tr '[A-Z]' '[a-z]' | sort | uniq -c
3 aaa
4 aab
7 aac
5 aad
claudette:/tmp:% cat /tmp/foo | perl -ne '$s{lc $_}++; END { for (sort keys %s) {
printf %4d $_, $s{$_}; }}'
3 aaa
4 aab
7 aac
5 aad
It's not quite the same, but probably good enough.
see the following url on a portable (awk and ksh) replacement for
date -v-1d :
Then the program will contain perl, ksh and awk code? There are too many
languages used, aren't there? Also realize please that base system does not
contain ksh. Monolithic perl code, without awk ksh, will be better because
perl is in base system already...
Quite so. The current admixture of sh and perl in 470.status-named seems unaesthetic
to me.
On the other hand, FreeBSD /bin/sh is a lot more like Solaris /bin/ksh than it is like
Solaris /bin/sh. Cyrille's ksh code should
port fairly readily to FreeBSD /bin/sh.
Matthew
--
Matthew Seaman Tel: 01628 498661
Certe, Toto, sentio nos in Kansate non iam adesse.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message
Perl module for periodic scripts
Dear all,
I've slung together a tiny little perl module to enable
periodic(8) scripts to access periodic.conf(5) settings without having
to use sh(1). I thought it might be useful to some, so I tidied it up
and made it available for download at:
http://www.plasm.demon.co.uk/FreeBSD-Periodic-0.1.tar.gz
This all came about when I foolishly started porting some of the
periodic scripts over to a Solaris8 box. Particularly
470.status-named. Solaris `date' doesn't support the `-v' flag, so:
date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'
becomes
perl -MPOSIX print strftime %b %e, localtime (time - 24 * 60 * 60);
and then Solaris `uniq' doesn't support the `-i' flag so:
sort -f | uniq -ic |
becomes:
perl -ne '$s{lc $_}++; \
END { for (sort { $s{$a} cmp $s{$b} } keys %s) { \
printf %4d $_, $s{$_} } }'
by which time the script might just as well be pure perl anyhow...
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message
Re: how to test out cron.c changes? (was: cvs commit: src/etc crontab)
Dan Langille wrote: On 11 Jan 2001, at 16:33, Greg Black wrote: We'd need some guarantees that the attempt to maintain current behaviour was done correctly -- i.e., without introducing bugs that broke things. What sort of guarantees are acceptable? In the beginning, something like CRON_DST_HACK="NO" in rc.conf with a comment pointing to the explanation should cover both these items. If more is needed later, then it can be added. Do you mean /etc/defaults/rc.conf? Howabout having a setting: TZ=GMT0BST or TZ=Europe/London in the crontab file, analogous to the MAILTO= or USER= settings that already exist. That would mean individual user crontabs could run on different timezones --- or would that just be too complicated? I suppose the default (with no TZ= setting) should be to work just as cron does now, using the system standard timezone, without DST hacks, or you could choose a timezone setting without DST changes: TZ=UTC and probably TZ=localtime to use the system default time zone, with DST hacks. Matthew PS. If anyone is counting, put me down as one who thinks the DST hack is a good idea. -- Certe, Toto, sentio nos in Kansate non iam adesse. Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1T 2NU Tel: +44 20 7631 4644 x229 Fax: +44 20 7631 4844 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: kernel type
Jordan Hubbard wrote: Yeah, but in what sense is that use of Mach a serious microkernel, if it's only got one server: BSD? I've never understood the point of that sort of use. It makes sense for a QNX or GNU/Hurd or minix or Amoeba style of architecture, but how does Mach help Apple, instead of using the bottom half of BSD as well as the top half? That's actually a much better question and one I can't really answer. One theory might be that the NeXT people were simply Microkernel bigots for no particularly well-justified reason and that is simply that. Another theory might be that they were able to deal with the machine-dependent parts of Mach far more easily given its comparatively minimalist design and given their pre-existing expertise with it. Another theory, sort of related to the previous one, is that Apple has some sort of plans for the future which they're not currently sharing where Mach plays some unique role. As I remember, way back in the mists of 1990 when I first encountered a NeXT box, one of the principal reasons for selecting the Mach 2.x micro kernel was "mach messaging". This was a unified mechanism for almost all IPC both within one host or distributed over a network, where eg. sockets (netork or unix domain), pipes etc. were seen as abstractions of the core messaging function. This fitted very well with the general OO design philosophy of the company. If anyone has access to a copy of the socket(2) man page from any NeXTSTEP version, I dimly remember there being an informative paragraph about this point. Whilst Mach messaging was not commonly used directly in the Unix userland which was pretty much stock BSD 4.3, it was very important in the AppKit --- NeXT's real stock in trade. Matthew -- Certe, Toto, sentio nos in Kansate non iam adesse. Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1T 2NU Tel: +44 20 7631 4644 x229 Fax: +44 20 7631 4844 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: How to make *real* random bits.
Poul-Henning Kamp wrote: Ok, some people just can't leave an open end dangling (people like me for instance :-) I located a surplus german geiger counter cheaply [1], I have always wanted to have one anyway, and in my junkbox I already had an old smoke alarm [2]. The Geiger counter has a thin-walled tube which takes about 15 events per second from the Am-241 source in the smoke alarm. Nice. If you're thinking about this a possible commercial product, I'd be a bit dubious though. Even if Am-241 is just an alpha emitter, I'd still be a bit worried about having it built into the guts of a PC. Perhaps there is a cheaper alternative as a good source of random bits. As a former NMR spectroscopist, I know that if you take an Inductive - Capacitive resonant tuned circuit (typically somewhere in the range 5MHz -- 1GHz for NMR), carefully sheilded from any rf interference and amplify the bejezus out of the (non)-output, feed the result into a heterodyne radio receiver tuned to the same frequency as the circuit and then digitise the audio frequency result, and you should end up with a pretty perfect white noise signal. That signal is principally due to the random thermal motion of electrons in the circuitry. What's more, if you choose the operating frequencies wisely, such a circuit can be put together from off-the-shelf components cheaply. Standard audio ADC's should give you about 20,000 samples per second. Efficiently converting the normally distributed white noise samples to the evenly distributed random numbers most computer uses require is left as an exercise for the student. Matthew -- Certe, Toto, sentio nos in Kansate non iam adesse. Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1T 2NU Tel: +44 20 7631 4644 x229 Fax: +44 20 7631 4844 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ILOVEYOU
Taavi Talvik wrote: On Thu, 4 May 2000, Jeremiah Gowdy wrote: Yes, it was real virus and quite nasty one. Which remainds us, that quite soon we cannot live without freebsd naitive virus scanning engine. Such things don't spread so easily, when ISPs are able to scan e-mail and other content they serve. lol. The only way you could really have a virus in freebsd is if it was launched or infected as root. Otherwise the virus would be VERY limited. If you are talking about scanning incoming email for viruses/scripts that were destined for Windows computers, ok, I'd say that's not a bad idea. Yes, I was talking about virus scanning on behalf of Windows users. Anyway, most files, emails, web pages are served or pass through unix (and quite often *BSD) systems. There seems to be program called AMAVIS (http://satan.oih.rwth-aachen.de/AMaViS/amavis.html), which can do some scanning. It probably needs some investigation and freebsd porting. BTDT. Grab procmail out of ports, and wander along to ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html for some pre-canned recipies that will block e-mails with this infection. Worked perfectly here. Matthew -- Certe, Toto, sentio nos in Kansate non iam adesse. Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1P 2AX Tel: +44 171 631 4644 x229 Fax: +44 171 631 4844 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
