/usr/include/machine/endian.h:123: syntax error

[Dennis Glatting]

While compiling a port...


btw> uname -a
FreeBSD btw 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #55: Sat Dec 11 22:48:59 
PST 2010 r...@btw:/usr/src/sys/amd64/compile/BTW  amd64




btw# portupgrade devel/libgdata



  GISCAN gdata/GData-0.0.gir
/usr/include/machine/endian.h:123: syntax error, unexpected '{' in ' 
return (__extension__ ({ register __uint64_t __X = (_x); __asm ("bswap %0" 
: "+r" (__X)); __X; }));' at '{'


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Noob Jail question.

[Da Rock]

On 12/16/10 09:32, Dave wrote:

Hi.

As some of you may remember, I've managed to build a F'BSD V8.0 based
system that provides me with:-

Local GPS disiplined NTP server (working very well) the reason I built
the thing in the first place, but it seems FreeBSD can do so much more,
so I also have.

Hiawatha webserver (also working well)

FTPD for updating the web pages Hiawatha serves up (working well)  Other
systems here generate data, that is FTP'd over the LAN to the web page
folders.

SSH remote login for admin needs (But not for "root" login) Also working
well.

All this will start happily, boot and sort itself out as a "headless"
machine, and if needed collapse gracefully and shutdown cleanly, with one
press of the power button.  I am impressed!

I've been reading the FreeBSD Manual (a dangerous thing to do during
lunchtimes!) relating to Jails.  Other than making my head spin, I'm
finding it a tad dificult finding out just what you can/cant do with a
Jail.  Mainly, because I'm not familiar with a lot of the terms used, and
though the man pages are no doubt correct as a reference, they don't
"explain" it well, in as much as how to use it, well in my addled mind at
the moment.

I think I'd like to run Hiawatha in a Jail, as it seems "the right thing
to do" with something that will be exposed to the www.
(Comments/advice?)

But, how do I arrange it to safely get (read only) access to the website
data, without preventing the FTPD service from having access to update
that data.  FTPD will only be reachable from LAN side of the main gateway
router, Hiawatha will have an outside world port forwarded to it by the
router.

What I'm asking I guess, is..  Can a jail'd app, reach outside the jail
in "read only" mode.   (I suspect, maybe?)   Or can an app outside the
jail, drop stuff off inside the jail?  (For whatever reason, I suspect
not?)

If anyone understands what the heck I'm blathering on about, please
explain it to me, as I think I've lost the plot.

Comments, advice, brickbats etc?

Best Regards.

Dave B.
   
Sounds good. A jail is essentially paravirtualisation, in other words it 
partitions your OS into distinct segments. Linux has just started making 
inroads on this with vserver and such.


The kernel stays the same, but you actually have separately distinct 
kernel code, security, etc for each jail. So it make sense then to run 
just one service within it, but its possible to run an entire system- 
with multiple systems on one host. This method is extremely fast, barely 
any trade off compared to running say VirtualBox, VMWare, or Qemu.


As you read, you hand off a branch in your file system to hold the data 
for the jail (kernel, world, and apps and associated data etc), and the 
jail system inside the jail can only see that branch. Thats its 
equivalent of / on the host. It can't see outside of that unless you 
place something inside that banch from the host. You even have to 
actually mount a separate devfs inside the jail if required.


So you want FTPD to drop files into the webserver, and the webserver is 
in a jail; then (consider the security of what your attempting) either 
FTPD has to access the branch containing the jail and webroot, or mount 
using nullfs the branch containing FTPD directory inside the jail.


HTH and good luck. For bonus points you can even try a service only 
jail, where you don't need the whole system in the jail, just the 
libraries needed by the service app :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Creating clone of a HDD including boot partition

[Mehmet Erol Sanliturk]

On Wed, Dec 15, 2010 at 12:57 PM, bsd  wrote:


Just to be precise, I am not trying to do an ISO image of a running root FS,
> but of a USB attached disk.
>
> …
>
>

I did not apply the following steps for FreeBSD , but I have applied them in
Mandriva Linux a few times :


Assume that the operating system is broken and it is not possible to repair
it ,
and the data files are not destroyed ( in Mandriva Linux , /home/ is in a
different partition ) .


I am removing power line of broken OS hard disk ( to prevent accidental
overwrite ) .
I am attaching a new hard disk .
I am installing the Mandriva Linux from scratch onto the new hard disk .
I am attaching the power line of previous hard disk .
I am mounting required partition(s)  of  the previous hard disk .
I am using copy from previous hard disk  with recursive parameter on
required directories .

After making a complete copy and verifying that everything is copied
properly ,
I am re-using the previous hard disk for another task ( mostly it remains on
the same computer for a possible new recovery ) .


In that way , it is not necessary to use same size hard disks .

Thank you very much .


Mehmet Erol Sanliturk
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: boot, rc script and logs

[Ian Smith]

On Wed, 15 Dec 2010 15:42:29 +0100, Samuel Martín Moro wrote:
 > On Wed, Dec 15, 2010 at 4:57 AM, Ian Smith  wrote:
[..]
 > >  > Dec 14 13:26:47 camtrace13 kernel: ^[[m
 > >  > Dec 14 13:26:47 camtrace13 kernel: ^[[39;49m^[[=1S
 > >  > Dec 14 13:26:47 camtrace13 kernel:
 > >  >
 > > ^[[39;49m^[[m^[[H^[[J^[[17d^[[36m^[[44m^[[1m^[[J^[[H^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B
 > > * > ^[[37m^[[**47mÿÿ**
 > > [[m^[[30m^[[47mÿÿ[[m^[[**36m^[[44m^[[1m^[[K^[[B*
 > >
 > err.. we may have a encoding problem.

Indeed.  I originally quoted yours from a digest, which are text-only, 
US-ASCII.  Your reply has your name in ISO-8859-1, but both text and 
HTML parts in UTF-8.  I expect this reply (with your i-acute correct) 
will be text-only, ISO-8859-1.  pine does its best, but gmail confuses 
it; I don't know if not also sending HTML parts to the list may help, 
as mailman drops non-plaintext attachments, including HTML, anyway.

 > but I'm quite sure it only is clearscreen, colors, and tputs stuff
 > 
 > >  > ^[[37m^[[47mÿÿ[[m^[[30m^[[47m^[[68X^[[74`ÿÿ[[m^[[30m^[[40m^[[1m
 > >  > ^[[36m^[[44m^[[K^[[B^[[37m^[[47mÿÿ[[m^[[30m^[[47m   Checking DB
 > >  > 1/2^[[20X^[[74`ÿÿ[[m^[[30m^[[40m^[[1m  ^[[36m^[[44m^[[K^[[B
 > > [..]
 > >  > Dec 14 13:26:48 camtrace13 kernel: Starting slim.
 > >  > Dec 14 13:26:48 camtrace13 kernel: Starting
 > >
 > 
 > > You'll need to rework this somehow so dialog's stdout isn't written to
 > > /dev/console, though that may seem necessary if you want it coming up on
 > > the VTY0 boot screen.  It may involve decoupling this task from running
 > > 'inline' as a boot script somehow, or else making sure that output is
 > > redirected to a log or temporary file instead of directly into dialog.
 > >
 > kay.
 > It's now fixed.
 > OUT=`/sbin/conscontrol | /usr/bin/sed -n 's;^Configured: 
 > .*\(tty[^,]*\).*$;/dev/\1;p'`
 > (is it always /dev/ttyv0? in doubt, I'll trust conscontrol)
 > [...] $DIALOG [...] >$OUT

Ah, bien.  Yes I think it'll always be ttyv0 at that time, but that's an 
elegant solution.  Thanks, we've both learned something!

cheers, Ian___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

KMix v3.7 Added sound driver info

[Steven Friedrich]

Why can't I change the Mute setting?

I click it, nothing happens.  Can't change the capture setting either.

-- 
System Name: laptop2.StevenFriedrich.org
Hardware:2.80GHz Intel Pentium 4 (HTT) with 2 GB memory
OS version:  FreeBSD 8.1-RELEASE-p2 i386 (5.1 MB kernel)
Window Manager(s):   kde4-4.5.4 
X Window System: xorg-7.5X.Org X Server 1.7.5

FreeBSD Audio Driver (newpcm: 32bit 2009061500/i386)
Installed devices:
pcm0:  (play/rec) default
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

KMix v3.7

[Steven Friedrich]

Why can't I change the Mute setting?

I click it, nothing happens.  Can't change the capture setting either.

-- 
System Name: laptop2.StevenFriedrich.org
Hardware:2.80GHz Intel Pentium 4 (HTT) with 2 GB memory
OS version:  FreeBSD 8.1-RELEASE-p2 i386 (5.1 MB kernel)
Window Manager(s):   kde4-4.5.4 
X Window System: xorg-7.5X.Org X Server 1.7.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Noob Jail question.

[Indexer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> 
> 
> SSH remote login for admin needs (But not for "root" login) Also working 
> well.

Good!

> I think I'd like to run Hiawatha in a Jail, as it seems "the right thing 
> to do" with something that will be exposed to the www.  
> (Comments/advice?)

- From a security standpoint it makes sense, as it confines a malicous user 
*if* they get in.

> 
> But, how do I arrange it to safely get (read only) access to the website 
> data, without preventing the FTPD service from having access to update 
> that data.  FTPD will only be reachable from LAN side of the main gateway 
> router, Hiawatha will have an outside world port forwarded to it by the 
> router.

You notice the way jails work? they are essentially a fenced off part of your 
filesystem. So your jail may live in /usr/jails on the host system. You can 
access all the contents of the jail from the host of course.

An easy answer to this would be something like, have a directory called 
/var/www and have the FTPD write to that. Then mount /var/www as a nullfs in 
read only mode to /usr/jails/var/www, and point your webserver (which inside 
the jail is unaware of some of this) to /var/www (or to the host, the 
/usr/jails/var/www)


> 
> What I'm asking I guess, is..  Can a jail'd app, reach outside the jail 
> in "read only" mode.   (I suspect, maybe?)   Or can an app outside the 
> jail, drop stuff off inside the jail?  (For whatever reason, I suspect 
> not?)

A jailed app cannot reach "outside" , this defeat the purpose. On the other 
hand the host can "reach in"

The best way to learn is to try, so setting it up on a dev machine is probably 
the best way to go. Again, if you need more help, email this list.


Sincerely

William Brown

pgp.mit.edu



-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJNCVW3AAoJEHF16AnLoz6JXo4P/Rg0+pdhxP8tiKeqSGi6n9dy
hYj4KsnnG1diggB/+VI7tnffJqhm9HTqds9f+VXqx/YkTXNZirTBSbQtqAPz41Z6
FwAr1bAw5aUVQf8Pc80xsk9UMeI9L1wM7/rjRYRab1h6g8SBv2Gf/AZ4oLC3rO4C
PQwigplntB/MIYMBrAsizpBar7f+sPPpftxlYAIl3s3prysja1KTOW4l+NDOPO4U
OUQ2o5x4Gpbt/suhlrx/jjWhSRqyhwblN8DEXkwuIyR6HT9PuUOH05YDB1bg4nSs
OW8N5ZD6VoTkcDP1kayBoD5kEcRQX4eji9LksTnsJoxXb4bers1JyT2wsAYZr5LC
W45UEtvaHjidsP4mpnnaWMeHL7U89YEaUub8PtR3NYs2ky2A3stw2qKDemvQuP1q
QntJVeq8VETig139aKjBcEs04NW/8MkEajKigkDFmUEoHpFfxAsIsIUZO6P0QElQ
whcFTDLiq9IG+J+eeq3/YcykCWLJju1cnL0Nzah91L5GHTi866cR2vafP8aJN1/5
D2EQEoghbstIjgTtTBC5Y+csBDffzAS6MfjsJ0S8TC8fYBRSF5sAqQXAc3x/pNZ6
lw8GNgkAmLrrKMmRpbmnHJbGOs22udzfuqtEKMs+dme+L0xNeCuZSJGbxC2+CXtD
qayfvD4Kqj8yK+vYMBAt
=8A/f
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Noob Jail question.

[Dave]

Hi.

As some of you may remember, I've managed to build a F'BSD V8.0 based 
system that provides me with:-

Local GPS disiplined NTP server (working very well) the reason I built 
the thing in the first place, but it seems FreeBSD can do so much more, 
so I also have.

Hiawatha webserver (also working well)

FTPD for updating the web pages Hiawatha serves up (working well)  Other 
systems here generate data, that is FTP'd over the LAN to the web page 
folders.

SSH remote login for admin needs (But not for "root" login) Also working 
well.

All this will start happily, boot and sort itself out as a "headless" 
machine, and if needed collapse gracefully and shutdown cleanly, with one 
press of the power button.  I am impressed!

I've been reading the FreeBSD Manual (a dangerous thing to do during 
lunchtimes!) relating to Jails.  Other than making my head spin, I'm 
finding it a tad dificult finding out just what you can/cant do with a 
Jail.  Mainly, because I'm not familiar with a lot of the terms used, and 
though the man pages are no doubt correct as a reference, they don't 
"explain" it well, in as much as how to use it, well in my addled mind at 
the moment.

I think I'd like to run Hiawatha in a Jail, as it seems "the right thing 
to do" with something that will be exposed to the www.  
(Comments/advice?)

But, how do I arrange it to safely get (read only) access to the website 
data, without preventing the FTPD service from having access to update 
that data.  FTPD will only be reachable from LAN side of the main gateway 
router, Hiawatha will have an outside world port forwarded to it by the 
router.

What I'm asking I guess, is..  Can a jail'd app, reach outside the jail 
in "read only" mode.   (I suspect, maybe?)   Or can an app outside the 
jail, drop stuff off inside the jail?  (For whatever reason, I suspect 
not?)

If anyone understands what the heck I'm blathering on about, please 
explain it to me, as I think I've lost the plot.

Comments, advice, brickbats etc?

Best Regards.

Dave B.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD IPSec stack contains backdoors?

[Outback Dingo]

Even if it is FUD, seeing as there is smoke, a complete audit of said code,
and subsystems must be completed for assurance

On Wed, Dec 15, 2010 at 12:55 PM, bsd  wrote:

> This is not so clear !
>
>
> http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant
>
> We should ask competent persons like Colin Percival… the FreeBSD Security
> Officer since 2005.
> He would have a point of view much more precise than anyone of us could
> have.
>
> ;-)
>
>
> Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit :
>
> > Hi folks,
> > Recently OpenBSD developer Gregory Perry disclosed information about
> > possible backdoors in OpenBSD IPSec stack (see
> > http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular,
> > Gregory Perry, who has been working on a OpenBSD -ish implementation
> > of IPSec says a number of backdoors have been introduced into the
> > code.
> >
> > As far as I am aware, FreeBSD contains considerable amount of code
> > ported from OpenBSD. The question is: was the FreeBSD's ipsec code
> > ported from OpenBSD's implementation? If so, what might be the impact
> > of this?
> >
> > Thanks,
> > Victor Lyapunov.
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
>
> ––
> -> Grégory Bernard Director <-
> ---> www.osnet.eu <---
> --> Your provider of OpenSource appliances <--
> ––
> OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD IPSec stack contains backdoors?

[Arthur Chance]

[Top posting edited out, with heavy elisions]

On 12/15/10 17:55, bsd wrote:

Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit :



Recently OpenBSD developer Gregory Perry disclosed information about
possible backdoors in OpenBSD IPSec stack

As far as I am aware, FreeBSD contains considerable amount of code
ported from OpenBSD. The question is: was the FreeBSD's ipsec code
ported from OpenBSD's implementation? If so, what might be the impact
of this?



This is not so clear !

http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant


Possibly a little more information:

http://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/


We should ask competent persons like Colin Percival… the FreeBSD Security 
Officer since 2005.
He would have a point of view much more precise than anyone of us could have.


I have no doubt he's looking at it, but waiting until he knows something 
before making an announcement. Let him take as much time as he needs.


Auditing the code seems a good idea, panicking about it a bad one.

How many people actually use IPSec anyway? The one time I was forced to 
use it, it seemed like a hideous, designed by committee nightmare. 
(Having to set up incoming and outgoing crypto independently, who 
thought that was a good idea?) I'd always use something like OpenVPN by 
preference.


--
"Although the wombat is real and the dragon is not, few know what a
wombat looks like, but everyone knows what a dragon looks like."

-- Avram Davidson, _Adventures in Unhistory_
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Creating clone of a HDD including boot partition

[Warren Block]

On Wed, 15 Dec 2010, bsd wrote:


Is there a way to dd to a file to create an iso image and then restore (still 
using dd from this image).
I only have one IDE <--> USB cable so this is the reason why It'd more simple 
for me to create an iso image of the disk and then restore.


Use dd's of= parameter to send output to a file.  If it really has to be 
an ISO, pipe it to mkisofs.  Using dd like that makes big files with 
lots of wasted space.  The article I posted earlier shows how to save 
some of that by filling the disk's empty space with zeros.  Then gzip 
can do some useful compression.



Using dump won't be very useful because I won't be able to get the first 63 
segments where boot info are written, I need something of lower level 
(obviously dd will be my friend).


A hybrid approach would be to save the first 63 blocks with dd, then use 
dump for the UFS filesystems.


dd if=/dev/ad0 of=mbr.bin count=63

PS: top-posting bad, inline with trimmed irrelevancies good.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: binutils problem? WAS [Re: static linking error: ELF binary type "0" not known. Exec format error. Binary file not executable.]

[Tijl Coosemans]

On Monday 06 December 2010 16:16:30 Anton Shterenlikht wrote:
> On Mon, Dec 06, 2010 at 02:06:22PM +0100, Tijl Coosemans wrote:
>> On Monday 29 November 2010 14:04:16 Anton Shterenlikht wrote:
>>> - Forwarded message from Marcel Moolenaar  -
 On Nov 10, 2010, at 5:32 AM, Anton Shterenlikht wrote:
> [ia64]
> ia64% file a.out 
> a.out: ELF 64-bit LSB executable, IA-64, version 1 (SYSV), statically
> linked, not stripped
> 
> [amd64]
> amd64% file a.out 
> a.out: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD),
> statically linked, for FreeBSD 9.0 (900023), not stripped
 
 The branding on ia64 is wrong. The executable is not marked as being
 a FreeBSD executable. It's declared as SYSV, whereas on amd64 it's
 properly declared as FreeBSD.
 
 This is a binutils problem.
>>>
>>> Anybody here can explain better what Marcel meant
>>> by "binutils problem", and how to fix it?
>>> 
>>> I've binutils-2.20.1_3 installed from devel/binutils.
>> 
>> As a workaround you could manually brand the executable:
>> brandelf -f 9 a.out
> 
> this works fine.

A fix has been committed to CURRENT, 8-STABLE and 7-STABLE. You should
no longer have to brand executables manually.


signature.asc
Description: This is a digitally signed message part.

Re: Creating clone of a HDD including boot partition

[bsd]

Just to be precise, I am not trying to do an ISO image of a running root FS, 
but of a USB attached disk.  

… 

Le 15 déc. 2010 à 16:45, Giorgos Keramidas a écrit :

> On Wed, 15 Dec 2010 16:11:45 +0100, bsd  wrote:
>> Is there a way to dd to a file to create an iso image and then restore
>> (still using dd from this image).  I only have one IDE <--> USB cable
>> so this is the reason why It'd more simple for me to create an iso
>> image of the disk and then restore.
>> 
>> Using dump won't be very useful because I won't be able to get the
>> first 63 segments where boot info are written, I need something of
>> lower level (obviously dd will be my friend).
>> 
>> Thanks everyone. I'll try to post the line code once I got It up and
>> running.
> 
> No dd(1) cannot do that.
> 
> What you _can_ do is boot into single-user mode, and then use mkisofs
> with burncd or growisofs from dvd+rw-tools to burn an image while still
> in single-user mode.  The only user mode process is your root shell at
> that point, so you can be relatively sure there are no major changes
> happening somewhere at the filesystem while you are still dumping it to
> a CD-ROM or DVD-ROM disk.
> 
> 


––
-> Grégory Bernard Director <-
---> www.osnet.eu <---
--> Your provider of OpenSource appliances <--
––
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD IPSec stack contains backdoors?

[bsd]

This is not so clear ! 

http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant

We should ask competent persons like Colin Percival… the FreeBSD Security 
Officer since 2005. 
He would have a point of view much more precise than anyone of us could have. 

;-) 


Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit :

> Hi folks,
> Recently OpenBSD developer Gregory Perry disclosed information about
> possible backdoors in OpenBSD IPSec stack (see
> http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular,
> Gregory Perry, who has been working on a OpenBSD -ish implementation
> of IPSec says a number of backdoors have been introduced into the
> code.
> 
> As far as I am aware, FreeBSD contains considerable amount of code
> ported from OpenBSD. The question is: was the FreeBSD's ipsec code
> ported from OpenBSD's implementation? If so, what might be the impact
> of this?
> 
> Thanks,
> Victor Lyapunov.
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


––
-> Grégory Bernard Director <-
---> www.osnet.eu <---
--> Your provider of OpenSource appliances <--
––
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Creating clone of a HDD including boot partition

[Giorgos Keramidas]

On Wed, 15 Dec 2010 16:11:45 +0100, bsd  wrote:
> Is there a way to dd to a file to create an iso image and then restore
> (still using dd from this image).  I only have one IDE <--> USB cable
> so this is the reason why It'd more simple for me to create an iso
> image of the disk and then restore.
>
> Using dump won't be very useful because I won't be able to get the
> first 63 segments where boot info are written, I need something of
> lower level (obviously dd will be my friend).
>
> Thanks everyone. I'll try to post the line code once I got It up and
> running.

No dd(1) cannot do that.

What you _can_ do is boot into single-user mode, and then use mkisofs
with burncd or growisofs from dvd+rw-tools to burn an image while still
in single-user mode.  The only user mode process is your root shell at
that point, so you can be relatively sure there are no major changes
happening somewhere at the filesystem while you are still dumping it to
a CD-ROM or DVD-ROM disk.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Creating clone of a HDD including boot partition

[bsd]

Is there a way to dd to a file to create an iso image and then restore (still 
using dd from this image). 
I only have one IDE <--> USB cable so this is the reason why It'd more simple 
for me to create an iso image of the disk and then restore. 

Using dump won't be very useful because I won't be able to get the first 63 
segments where boot info are written, I need something of lower level 
(obviously dd will be my friend). 


Thanks everyone. I'll try to post the line code once I got It up and running.  


Thanks. 



Le 15 déc. 2010 à 09:00, Robert Bonomi a écrit :

> 
>> From owner-freebsd-questi...@freebsd.org  Tue Dec 14 09:01:02 2010
>> From: nagios 
>> Date: Tue, 14 Dec 2010 15:42:42 +0100
>> To: Liste FreeBSD 
>> Subject: Creating clone of a HDD including boot partition
>> 
>> Hello,
>> 
>> I have setup a tailored made configuration (1 UFS partition + 1
>> swap + boot sectors) for some hardware that I am reselling and
>> would like to clone one existing HDD (tailor made) and be able to
>> dump to another new HDD.
>> 
>> System is running pfSense with FreeBSD 7.2 and soon 8.x
>> 
>> What would be your suggested method to achieve this goal.
> 
> *IF* the disks are the same size/geometry, then simply dd(1) from one raw
> device to the other.
> 
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


––
-> Grégory Bernard Director <-
---> www.osnet.eu <---
--> Your provider of OpenSource appliances <--
––
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Creating clone of a HDD including boot partition

[Warren Block]

On Wed, 15 Dec 2010, Polytropon wrote:


On Wed, 15 Dec 2010 02:00:15 -0600 (CST), Robert Bonomi 
 wrote:

What would be your suggested method to achieve this goal.


*IF* the disks are the same size/geometry, then simply dd(1) from one raw
device to the other.


Also works if the target disk is larger than the source.  Of course some 
unused space will be left at the end of the target disk.



And if it's not, use the recommended standard transfer
method of dump + restore. Before you can do so, run a
script (e. g. from a live system CD) to perform the
slicing and partitioning according to your needs
(fdisk, disklabel/bsdlabel, newfs, tunefs, or geom
tools, or zfs tools).


This method will (hopefully) recreate the MBR or GPT, but not copy it. 
Which is probably fine, but just mentioned in light of the Subject.


"Backup Options For FreeBSD" is an article I wrote not too long ago 
comparing the use of dump/restore, dd, and Clonezilla:


http://www.wonkity.com/~wblock/docs/html/backup.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

FreeBSD IPSec stack contains backdoors?

[Victor Lyapunov]

Hi folks,
Recently OpenBSD developer Gregory Perry disclosed information about
possible backdoors in OpenBSD IPSec stack (see
http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular,
Gregory Perry, who has been working on a OpenBSD -ish implementation
of IPSec says a number of backdoors have been introduced into the
code.

As far as I am aware, FreeBSD contains considerable amount of code
ported from OpenBSD. The question is: was the FreeBSD's ipsec code
ported from OpenBSD's implementation? If so, what might be the impact
of this?

Thanks,
Victor Lyapunov.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: boot, rc script and logs

[Samuel Martín Moro]

On Wed, Dec 15, 2010 at 4:57 AM, Ian Smith  wrote:

> In freebsd-questions Digest, Vol 341, Issue 3, Message: 17
> On Tue, 14 Dec 2010 19:02:54 +0100 Samuel Mart?n Moro 
> wrote:
>  > Hi,
>  >
>  > I'm adding some scripts to FreeBSD boot.
>  > One of this script runs a binary that checks our postgres database, its
>  > output being redirected to a dialog --gauge.
>  > But I noticed that the dialog output, while correctly displayed on the
>  > terminal, is also dumped into /var/log/console.log and
> /var/log/messages.
>  >
>  > I'm not even sure about how this is happening... I can't find about
> messages
>  > nor console.log in /etc/rc*
>
> As you indicate below, 'tty is /dev/console' while running the boot rc
> scripts, so it's normal to see these scripts logged to console.log when
> that's ebabled .. presumably /etc/syslog.conf includes something like:
> # uncomment this to log all writes to /dev/console to /var/log/console.log
> console.info/var/log/console.log
>
indeed it does.

>
>  > Is there a way to disable log output in a given rc.script?
>  >
>  > here's my script:
>  > #!/bin/sh
>  > [...]
>  > test "$1" = 'start' -o "$1" = 'faststart' || exit 0
>  > Prg=`basename $_file`
>  > exec 2>/var/log/$Prg.log
>
> You're redirecting stderr to your logfile, but not stdout, so standard
> output from the below goes to /dev/console, so also to /console.log
>
>  > test "$TERM" || export TERM=cons25
>  > DIALOG="/usr/local/bin/dialog --no-collapse --cr-wrap --colors"
>  > echo "tty is `tty`" >&2 #debug, prints: tty is /dev/console
>  > echo "= Checking DB 1/2 =" >&2
>
> The above line is also written to stdout, so to console.log below, so
> I'm not sure whether your exec usage | syntax | redirection is correct.
>
it is
dialog is used to display menus using curses
during the boot process, everything "looks" fine (except for logs), menus
are correctly displayed, while processing the DB scan.

>
>  > dbcheck -s | $DIALOG --gauge "\n  Checking DB 1/2" 7 70
> 2>/dev/null
>  > echo "= Checking DB 2/2 =" >&2
>  > dbcheck -r -s | $DIALOG --gauge "\n  Checking DB 2/2" 7 70
> 2>/dev/null
>  > [...]
>  >
>  > here is what it gives in /var/log/messages:
>  > Dec 14 13:26:46 camtrace13 dhclient: New Subnet Mask (wlan0):
> 255.255.255.0
>  > Dec 14 13:26:46 camtrace13 dhclient: New Broadcast Address (wlan0):
>  > 192.168.0.255
>  > Dec 14 13:26:46 camtrace13 dhclient: New Routers (wlan0): 192.33.160.111
>  > Dec 14 13:26:47 camtrace13 kernel: m  ^[[36m^[[44m^[[K^[[16;6H^[[1K
>  > ^[[30m^[[40m^[[70X^[[77`^[[36m^[[44m^[[K^[[13;9H^[[39;49m^[[m
>  > Dec 14 13:26:48 camtrace13 kernel: m  ^[[36m^[[44m^[[K^[[16;6H^[[1K
>  > ^[[30m^[[40m^[[70X^[[77`^[[36m^[[44m^[[K^[[13;9H^[[39;49m^[[m
>
> I don't know why those two dialog lines are sent to /var/log/messages;
> perhaps they indicate some error, only those being logged with *.notice?
>
this lines are mostly color code, used to display a grey window with a
gauge, on a blue background.

>
> [..]
>
>  > and here is what I can read in /var/log/console.log:
>  > Dec 14 13:26:43 camtrace13 kernel: Starting apache.
>  > Dec 14 13:26:46 camtrace13 kernel: Starting pgsql.
>
> If you view these scripts you'll see that they don't themselves write to
> stdout .. it's the rc system logging these.
>
indeed, I noticed yesterday that "Starting ${name}" is part of rc.subr

>
>  > Dec 14 13:26:47 camtrace13 kernel: ^[[m
>  > Dec 14 13:26:47 camtrace13 kernel: ^[[39;49m^[[=1S
>  > Dec 14 13:26:47 camtrace13 kernel:
>  >
> ^[[39;49m^[[m^[[H^[[J^[[17d^[[36m^[[44m^[[1m^[[J^[[H^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B^[[K^[[B
> * > ^[[37m^[[**47m谀哪哪**
> 哪哪哪腲[[m^[[30m^[[47m縙[[m^[[**36m^[[44m^[[1m^[[K^[[B*
>
err.. we may have a encoding problem.
but I'm quite sure it only is clearscreen, colors, and tputs stuff

>  > ^[[37m^[[47m砠[[m^[[30m^[[47m^[[68X^[[74`砠[[m^[[30m^[[40m^[[1m
>  > ^[[36m^[[44m^[[K^[[B^[[37m^[[47m砠[[m^[[30m^[[47m   Checking DB
>  > 1/2^[[20X^[[74`砠[[m^[[30m^[[40m^[[1m  ^[[36m^[[44m^[[K^[[B
> [..]
>  > Dec 14 13:26:48 camtrace13 kernel: Starting slim.
>  > Dec 14 13:26:48 camtrace13 kernel: Starting
>

> You'll need to rework this somehow so dialog's stdout isn't written to
> /dev/console, though that may seem necessary if you want it coming up on
> the VTY0 boot screen.  It may involve decoupling this task from running
> 'inline' as a boot script somehow, or else making sure that output is
> redirected to a log or temporary file instead of directly into dialog.
>
kay.
It's now fixed.
OUT=`/sbin/conscontrol | /usr/bin/sed -n 's;^Configured: .*\(tty[^,
]*\).*$;/dev/\1;p'`
(is it always /dev/ttyv0? in doubt, I'll trust conscontrol)
[...] $DIALOG [...] >$OUT

>
>  > dhclient and oss seem to dump their output in /var/log/messages, while
>  > apache, postgresql and slim dump their one in /var/log/console.log
>  > So... How 

Re: Creating clone of a HDD including boot partition

[Polytropon]

On Wed, 15 Dec 2010 02:00:15 -0600 (CST), Robert Bonomi 
 wrote:
> > What would be your suggested method to achieve this goal.
> 
> *IF* the disks are the same size/geometry, then simply dd(1) from one raw
> device to the other.

And if it's not, use the recommended standard transfer
method of dump + restore. Before you can do so, run a
script (e. g. from a live system CD) to perform the
slicing and partitioning according to your needs
(fdisk, disklabel/bsdlabel, newfs, tunefs, or geom
tools, or zfs tools).



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

FTP server link aggregation

[Matthew Law]

I have a single FreeBSD box acting as an FTP server for multiple FreeBSD
and Linux clients on the same /24 subnet (all gigabit ethernet).  It is
currently connected by just one of it's two gig ethernet ports.  I also
have two cisco switches with an etherchannel between them (using 2 x gig
ports on each switch).  I would like to connect the remaining NIC on my
FreeBSD box to the other switch and enable 802.3ad on those switch ports
to aggregate traffic between them.

This is in the hope that it can better serve multiple FTP clients.  Is my
thinking correct?  Other than the network interface changes which are
documented here:
http://www.freebsd.org/doc/handbook/network-aggregation.html are there any
further tweaks I could make to improve things? -the server is a 'standard
install' and does not use ZFS.  It has an adaptec 5408 RAID card with 4 x
SATA II drives and, IIRC, 128K stripe size and plenty of RAM.

Is there a way of testing this other than initiating large file transfers
to this server from multiple hosts?


Many thanks,

Matt.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: ZFS over nfs

[Sven-Åke Svensson]

Ok, thank you. If I understand what you say there could be an 
administrative mess but no real problem with the file system.



Regards

Sven-Åke


2010-12-10 16:09, krad skrev:



On 10 December 2010 13:57, Sven-Åke Svensson mailto:s...@mbg.se>> wrote:

Hi


I have a file server with an zfs system. I have set up nfs shares
using "zfs nfsshare" as it says in the documentation. Then the
system use the file /etc/zfs/exports.

But I find out that I also can share this directories using the
standard /etc/exports. This way I have all administration of shares
in the same place. But are there any disadvantages doing it this
way? Anybody know?

System is Freebsd 8.1.


Best regards

Sven-Åke Svensson

___
freebsd-questions@freebsd.org 
mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscr...@freebsd.org
"



if you put it in exports zfs cant manage it, therefore the zfs
filesystem set command becomes redundent and inoperative, so it doesnt
fit in with zfs standard way of doing things. Not really an issue but
possibly a little confusing.

I know its not necessary the case for bsd yet, but on solaris if you
have made the jump to zfs, you have most likely gone for a pure zfs
installation, therefore it all hangs together nicely.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Creating clone of a HDD including boot partition

[Robert Bonomi]

> From owner-freebsd-questi...@freebsd.org  Tue Dec 14 09:01:02 2010
> From: nagios 
> Date: Tue, 14 Dec 2010 15:42:42 +0100
> To: Liste FreeBSD 
> Subject: Creating clone of a HDD including boot partition
>
> Hello,
>
> I have setup a tailored made configuration (1 UFS partition + 1
> swap + boot sectors) for some hardware that I am reselling and
> would like to clone one existing HDD (tailor made) and be able to
> dump to another new HDD.
>
> System is running pfSense with FreeBSD 7.2 and soon 8.x
>
> What would be your suggested method to achieve this goal.

*IF* the disks are the same size/geometry, then simply dd(1) from one raw
device to the other.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"