Re: UPDATE: www/webalizer

[Uwe Dippel]

On Tue, Jan 4, 2011 at 12:31 AM, Giovanni Bechis  wrote:

>>> Update to latest version 2.23.03.28, finally dns cache seems to work on
>>> OpenBSD too, ok ?

Yes, the diff that you sent for 4.8 worked. But now after the package
update together with the upgrade 4.8->4.9 something is broken again;
at least here exactly since those days of the pkg_add -ui all country
indication is gone, and I get 0 for all; just one line. What could
have gone wrong?
webalizer-2.23.03.28 web server log file analysis program
is what I get from pkg_info, and I have this on all my machines; so it
seems to be a systematic thing.

Uwe

Re: Check for localtime?

[Uwe Dippel]

On 05/05/2011 01:21 PM, Barbier, Jason wrote:
The easiest way I could think of off the top of my head is copy 
/usr/share/zoneinfo/Singapore to /var/spool/postfix/etc/localtime and 
that should keep the sanity and isolation of the jail. But that seems 
like a bit of a hack to me, would anyone like to tell me I am wrong?


cp /etc/localtime /var/spool/postfix/etc/localtime

is the right thing to do. Thanks for the off-line hint. This solves the 
warning, but doesn't explain the change in the behaviour of the port, when 
upstream didn't do any changes.

Uwe

Check for localtime?

[Uwe Dippel]

I upgraded my OpenBSD from 4.8 to 4.9; that is postfix 2.7.1 to 2.7.2
Now when I start, it complains about
postfix/postfix-script: warning: /var/spool/postfix/etc/localtime and 
/etc/localtime differ

It doesn't on 2.7.1, though both are different as well:
# ls -l /etc/localtime
lrwxr-xr-x  1 root  wheel  29 Dec  1  2006 /etc/localtime -> 
/usr/share/zoneinfo/Singapore

# ls -l /var/spool/postfix/etc/localtime
-rw-r--r--  1 root  wheel  171 Mar 23  2010 
/var/spool/postfix/etc/localtime


I did ask at the postfix mailing list, and the reply was, that no 
changes were done in this respect in postfix from 2.7.1 to 2.7.2.
Any hint on how to conveniently tell postfix to forget about this? I 
know it is a warning only, though I like to make it go away. And it is 
not as easy as with other, similar, warnings (services, e.g.) due to one 
of the two being a link that might not work outside the chroot-ed 
spooler area.


Thanks in advance,

Uwe

Re: webalizer

[Uwe Dippel]

On Fri, Oct 29, 2010 at 3:58 PM, Giovanni Bechis  wrote:

> Are you using DNSCache on webalizer.conf ?

I *think* you didn't ask me; though I answer from my side:
Yes. And then it fails as described, and miserably.
No. When I disable it, it works fine.

Uwe

Re: Upgrade MySql to 5.1: skip-bdb is deadly

[Uwe Dippel]

On Tue, Jun 1, 2010 at 5:18 PM, Antti Harri  wrote:

> I wasn't aware either and I had some weird problems when I upgraded from 5.0
> to 5.1. I recall they were mostly procedure/trigger related.

Yep, that's what the mysql_upgrade corrected here, mostly.

Still, maybe someone should complain upstream about this behaviour:
100531 20:37:23 [ERROR] /usr/local/libexec/mysqld: unknown option '--skip-bdb'
100531 20:37:23 [ERROR] Aborting
?

A number of people have been bitten (lucky, for me, so to say) and had
their application aborted.
What, actually, is wrong to abort a configuration setting
# why not?
this is totally nonsense
# it really is!
especially, when 'this is totally nonsense' is a deprecated, earlier
valid, setting?

I for preferred any message of an invalid parameter in the log file,
instead of aborting.

But that's my 2 sen.

Uwe

Re: mail/courier-imap

[Uwe Dippel]

On Thu, May 27, 2010 at 11:54 AM, William Yodlowsky  wrote:

>> > I am working with Giovanni to get the fix into -stable... should happen
>> > in the next day or so.
>>
>> Thank you guys for the great work.
>> I will wait for -stable.
>
> It was just committed.

Great!
Could anyone make a 'stable' package courier-imap-4.6.0p1 for i386
available; so that I can save the whole ports tree and compilation on
a small, but production box?

Uwe

Upgrade MySql to 5.1: skip-bdb is deadly

[Uwe Dippel]

(I hope I'm the only one who fell for this.)

If you happen to have
skip-bdb
in your my.cnf, do not update to 4.7 (or the like).

My MySQL failed miserably at start:


100531 20:37:22 mysqld_safe Starting mysqld daemon with databases from 
/var/mysql
100531 20:37:23 [Note] Plugin 'FEDERATED' is disabled.
100531 20:37:23 [Note] Plugin 'InnoDB' is disabled.
/usr/local/libexec/mysqld: Table 'mysql.plugin' doesn't exist
100531 20:37:23 [ERROR] Can't open the mysql.plugin table. Please run 
mysql_upgrade to create it.
100531 20:37:23 [ERROR] /usr/local/libexec/mysqld: unknown option '--skip-bdb'
100531 20:37:23 [ERROR] Aborting

100531 20:37:23 [Note] /usr/local/libexec/mysqld: Shutdown complete


The tip with mysql_upgrade doesn't work, since MySQL needs to run for 
the upgrade. With the help of Google, I found the solution: disable 
skip-bdb. And then, running mysql_upgrade, quite a large number of 
tables were found that needed corrections.


1. Remove skip-bdb from your config-file!

2. I wasn't aware of the need to run mysql_upgrade after an(y) upgrade. 
Actually, the man page says it should be done after any upgrade.

Should this eventually be mentioned in the install message?

Uwe

Re: mail/courier-imap

[Uwe Dippel]

Giovanni Bechis  openbsd.org> writes:

> Thanks for spotting this, attached is a diff for Courier-imap 4.6.0 
> (which fixes man pages as well) and one for 4.7.0 (I will commit this 
> update soon).
>   Cheers
>Giovanni

Thanks. But here all files are shown inline, and I can't for my life 
make out which is which. 
Is there any location from where I could download the file(s),
to simply drop into my stable ports tree of 4.6, and do 
some 'make && make install'?

Or, is there any download location from where I could get an 
updated package?

Thanks,

Uwe

Re: webalizer still buggy on 4.6-amd64

[Uwe Dippel]

Uwe Dippel  uniten.edu.my> writes:

> Picking up from some earlier complaints with the then new webalizer, 
> which broke all my setups (though I followed the suggestions - 
> http://article.gmane.org/gmane.os.openbsd.ports/29855), I tried yet 
> another time:
> 
> Removed all webalizer stuff, pkg_delete webalizer, rm 
> /var/log/webalizer*, rm /var/log/dns_cache.db.
> Checked with 'locate webalizer', nothing left (aside from in 
> /usr/ports). So I assume everything is clean.
> So I could do
> pkg_add webalizer, then the following changes in /etc/webalizer.conf:
> 
> > # diff /etc/webalizer.conf 
> > /usr/local/share/examples/webalizer/sample.conf 
> > 31,32d30
> > < LogFile/var/www/logs/access_log
> > 47,48d44
> > < OutputDir  /var/www/htdocs/webstat
> > 59,60d54
> > < HistoryName /var/log/webalizer.hist
> > 76,77d69
> > < Incremental yes
> > 87,88d78
> > < IncrementalName /var/log/webalizer.current
> > 125,126d114
> > < PageType  php
> > 144,145d131
> > < DNSCache  /var/log/dns_cache.db
> > 160,161d145
> > < DNSChildren 15
> > 338,339d321
> > < TopKURLs   30
> > 649,650d630
> > < MangleAgents   1

Did the same on my second box (correct me if something was done wrong, please!),
and there it does go through:

Webalizer Xtended RB21 (08-Dec-2007) / OpenBSD 4.6 / English
Copyright 2005-2007 by Patrick K. Frei
Based on Webalizer V2.01-10
Using logfile /var/www/logs/access_log (clf)
Using default GeoIP database:
GEO-106FREE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved
DNS Lookup (15): 61 addresses in 0.25 seconds
Using DNS cache file /var/log/dns_cache.db
Creating output in /var/www/htdocs/webstat

but the country statistics are all (100%) unresolved. Where did the 61 addresses
actually go?
I only removed the two DNS entries from the cache (DNSCache and DNSChildren)
next, rm /var/log/webalizer.*, and ran it again, browser refresh, and all
countries *are* displayed. 
Maybe during package creation, DNS was not specified? And even if, should it not
handle this situation in a more robust manner?

Any hint appreciated,

Uwe

webalizer still buggy on 4.6-amd64

[Uwe Dippel]

Picking up from some earlier complaints with the then new webalizer, 
which broke all my setups (though I followed the suggestions - 
http://article.gmane.org/gmane.os.openbsd.ports/29855), I tried yet 
another time:


Removed all webalizer stuff, pkg_delete webalizer, rm 
/var/log/webalizer*, rm /var/log/dns_cache.db.
Checked with 'locate webalizer', nothing left (aside from in 
/usr/ports). So I assume everything is clean.

So I could do
pkg_add webalizer, then the following changes in /etc/webalizer.conf:

# diff /etc/webalizer.conf 
/usr/local/share/examples/webalizer/sample.conf 
31,32d30

< LogFile/var/www/logs/access_log
47,48d44
< OutputDir  /var/www/htdocs/webstat
59,60d54
< HistoryName /var/log/webalizer.hist
76,77d69
< Incremental yes
87,88d78
< IncrementalName /var/log/webalizer.current
125,126d114
< PageType  php
144,145d131
< DNSCache  /var/log/dns_cache.db
160,161d145
< DNSChildren 15
338,339d321
< TopKURLs   30
649,650d630
< MangleAgents   1


Now, when I start webalizer for the first time, it goes like:
# webalizer 
Webalizer Xtended RB21 (08-Dec-2007) / OpenBSD 4.6 / English

Copyright 2005-2007 by Patrick K. Frei
Based on Webalizer V2.01-10
Using logfile /var/www/logs/access_log (clf)
Using default GeoIP database:
GEO-106FREE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights 
Reserved

DNS Lookup (15):
and stands there forever, until I do Ctrl-C. But then, at least, a new 
dns_cache.db is available.
$ ls -l /var/log/dns_cache.db 
-rw-r--r--  1 root  wheel  196608 Mar 29 17:28 /var/log/dns_cache.db


Still, 'webalizer' is not doing okay:


# webalizer
Webalizer Xtended RB21 (08-Dec-2007) / OpenBSD 4.6 / English
Copyright 2005-2007 by Patrick K. Frei
Based on Webalizer V2.01-10
Using logfile /var/www/logs/access_log (clf)
Using default GeoIP database:
GEO-106FREE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights 
Reserved
DNS Lookup (15): Error: Unable to open DNS cache file 
/var/log/dns_cache.db

Creating output in /var/www/htdocs/webstat
Hostname for reports is 'metalab.uniten.edu.my'
Reading history file... /var/log/webalizer.hist
Reading previous run data.. /var/log/webalizer.current
Skipping bad record (1)
Error: Skipping oversized log record
Error: Skipping oversized log record
Saving current run data... [03/29/2010 17:50:12]
Generating report for March 2010
Generating summary report
Saving history information...
54834 records (54412 ignored, 3 bad) in 0.54 seconds


Why and how can webalizer not read the DNS cache that it just produced 
itself?
Why does it never leave the creation of this cache? How would it be at 
an update?

Re: Install new postfix (2.6.2) - mailer.conf.postfix missing

[Uwe Dippel]

Stuart Henderson wrote:



hmm. it seems like you probably installed the default mailer.conf
from etc46.tgz, overwriting the postfix one.
  


This is what I call overlap. I had just done my studies, and came out 
with exactly the same conclusion.
I guess a number of people use postfix, and mailer.conf shouldn't be 
there (Upgrade Guide) in the first place.
Because then, after reboot, incidentally, automagically Sendmail will be 
back, while the user thinks it is (still) postfix; or postfix to be 
re-enabled. But that's not the case any longer with the more recent 
code: enable-postfix tries to shut down postfix and fails:

system(/bin/sh, -c, /usr/local/sbin/postfix stop) failed:  exit(1)
Good, now it ought to know that it didn't run. But it is blind to this 
fact, and removes all traces of a postfix-mailer:

postfix mailer.conf disabled, old mailer.conf enabled.
The old mailer.conf was the sendmail one, so whatever one does, it 
toggles between sendmail and sendmail.
Actually, this is a bit of shoddy programming: assuming that the user 
knows what he's running. It is out of sync by one toggle now, and the 
mailer.conf of postfix has no handle any longer, respectively is lost.

(I have yet to find out, where the mailer.conf.postfix went, though.)
Does it make sense to check the content of mailer.conf before toggling 
forth and back?


Uwe

Re: Install new postfix (2.6.2) - mailer.conf.postfix missing

[Uwe Dippel]

It seems there is an error in the script, which allows to get the 
mailers out of sync:


# pkg_delete postfix-2.6.2
postfix/postfix-script: fatal: the Postfix mail system is not 
running  
postfix-2.6.2: 
complete   

Clean shared items: 
complete 


--- postfix-2.6.2 ---
system(/bin/sh, -c, /usr/local/sbin/postfix stop) failed:  exit(1)
postfix mailer.conf disabled, old mailer.conf enabled
You should also run /usr/sbin/userdel _postfix
You should also run /usr/sbin/groupdel _postdrop
You should also run /usr/sbin/groupdel _postfix  
# cat /etc/mailer.conf

sendmail/usr/local/sbin/sendmail
send-mail   /usr/local/sbin/sendmail
mailq   /usr/local/sbin/sendmail
newaliases  /usr/local/sbin/sendmail
# ls -l /usr/local/sbin/sendmail
ls: /usr/local/sbin/sendmail: No such file or directory

So, finally postfix is enabled, but can't run, ever.

Here is how to recover:

# pkg_add -v postfix-2.6.2

[ for information:
# ls -l 
/etc/mailer.conf*   


-rw-r--r--  1 root  wheel  137 Nov 24  2008 /etc/mailer.conf
-rw-r--r--  1 root  wheel  137 Mar 24 13:06 /etc/mailer.conf.postfix

# diff /etc/mailer.conf /etc/mailer.conf
#
]



# cat 
/var/backups/etc_mailer.conf.current  


#   $OpenBSD: mailer.conf,v 1.4 2009/03/16 14:26:22 jacekm Exp $
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail/usr/libexec/sendmail/sendmail
send-mail   /usr/libexec/sendmail/sendmail
mailq   /usr/libexec/sendmail/sendmail
makemap /usr/libexec/sendmail/makemap
newaliases  /usr/libexec/sendmail/sendmail
hoststat/usr/libexec/sendmail/sendmail
purgestat   /usr/libexec/sendmail/sendmail

# cp /var/backups/etc_mailer.conf.current 
/etc/mailer.conf  



# /usr/local/sbin/postfix-enable
old /etc/mailer.conf saved as /etc/mailer.conf.pre-postfix
postfix /etc/mailer.conf enabled

NOTE: do not forget to add sendmail_flags="-bd" to
 /etc/rc.conf.local to startup postfix correctly.

NOTE: do not forget to add "-a /var/spool/postfix/dev/log" to
 syslogd_flags in /etc/rc.conf.local and restart syslogd.

NOTE: do not forget to remove the "sendmail clientmqueue runner"
 from root's crontab.
# reboot

And now everything is okay.
It could have been done just swapping the mailer.conf-files, but I 
didn't know by then.


Chances are, the swap-the-mailer.conf should not be run blindly.

Uwe

Re: Install new postfix (2.6.2) - mailer.conf.postfix missing

[Uwe Dippel]

Uwe Dippel wrote:

On Tue, Mar 23, 2010 at 6:59 PM, Stuart Henderson  wrote:
  

It's probably already enabled, check in /etc/mailer.conf.
It used to be necessary to re-enable it after each upgrade but
that was fixed (I thought it was before 4.6 though I could be
mistaken..).



No, alas not:
$ telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 coit.uniten.edu.my ESMTP Sendmail 8.14.3/8.14.3; Tue, 23 Mar 2010
19:11:13 +0800 (SGT)

Please, check the error message in the install message:
--- postfix-2.5.6 ---
system(/bin/sh, -c, /usr/local/sbin/postfix stop) failed:  exit(1)

How to recover from here?
(I have no idea, why the postfix stop failed! It has always been
running as long as the system was 4.5)

Uwe
  


Next step also failed:

I tried postfix-disable (even though it was not active), which went 
through; followed by postfix-enable, which also went through this time, 
as always before.

I rebooted to make sure, and what I get is - sendmail!

It seems to be bastardly stubborn at keeping its place in 4.6, at least 
here.


Which is now the suggested, and clean and sustainable version to tell 
sendmail to p*** off; please?


These are the commands run *after* the first reboot:
# /usr/local/sbin/postfix 
status


postfix/postfix-script: the Postfix mail system is not running
# /usr/local/sbin/postfix start 
postfix/postfix-script: starting the Postfix mail system

# /usr/local/sbin/postfix status
postfix/postfix-script: the Postfix mail system is not running
# 
/usr/local/sbin/postfix-enable


can't find /etc/mailer.conf.postfix, postfix not enabled
# /usr/local/sbin/postfix-disable
postfix mailer.conf disabled, old mailer.conf enabled
# /usr/local/sbin/postfix-enable 
old /etc/mailer.conf saved as /etc/mailer.conf.pre-postfix

postfix /etc/mailer.conf enabled

NOTE: do not forget to add sendmail_flags="-bd" to
 /etc/rc.conf.local to startup postfix correctly.

NOTE: do not forget to add "-a /var/spool/postfix/dev/log" to
 syslogd_flags in /etc/rc.conf.local and restart syslogd.

NOTE: do not forget to remove the "sendmail clientmqueue runner"
 from root's crontab.
# /usr/local/sbin/postfix status 
postfix/postfix-script: the Postfix mail system is not running
# /usr/local/sbin/postfix start  
postfix/postfix-script: starting the Postfix mail system

# /usr/local/sbin/postfix status
postfix/postfix-script: the Postfix mail system is not running
# less 
/var/log/maillog 


...
postfix/master[25923]: fatal: bind 0.0.0.0 port 25: Address already in use
...

No surprises here.

/etc/rc.conf.local looks okay as well:
...
# we want sendmail to accept mail from the Internet: no, we sit on postfix !
#sendmail_flags="-L sm-mta -bd -q30m"

# postfix wants other flags:
sendmail_flags="-bd"

# postfix needs its own syslogd flags
syslogd_flags="-a /var/spool/postfix/dev/log"


Uwe

Re: Install new postfix (2.6.2) - mailer.conf.postfix missing

[Uwe Dippel]

On Tue, Mar 23, 2010 at 6:59 PM, Stuart Henderson  wrote:
> On 2010/03/23 18:28, Uwe Dippel wrote:
>> After continuous upgrades of OpenBSD from 4.0 to 4.6, I always issued
>> the usual
>> /usr/local/sbin/postfix-enable
>> This time, it comes back with
>> can't find /etc/mailer.conf.postfix, postfix not enabled
>>
>> Never had this before, and can't find any mailer.conf.postfix on the system.
>> Yes, I also googled, but there is not much of an indication what went wrong.
>> On another machine, running 4.5, there is also no such file.
>
> It's probably already enabled, check in /etc/mailer.conf.
> It used to be necessary to re-enable it after each upgrade but
> that was fixed (I thought it was before 4.6 though I could be
> mistaken..).

No, alas not:
$ telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 coit.uniten.edu.my ESMTP Sendmail 8.14.3/8.14.3; Tue, 23 Mar 2010
19:11:13 +0800 (SGT)

Please, check the error message in the install message:
--- postfix-2.5.6 ---
system(/bin/sh, -c, /usr/local/sbin/postfix stop) failed:  exit(1)

How to recover from here?
(I have no idea, why the postfix stop failed! It has always been
running as long as the system was 4.5)

Uwe

Install new postfix (2.6.2) - mailer.conf.postfix missing

[Uwe Dippel]

After continuous upgrades of OpenBSD from 4.0 to 4.6, I always issued 
the usual

/usr/local/sbin/postfix-enable
This time, it comes back with
can't find /etc/mailer.conf.postfix, postfix not enabled

Never had this before, and can't find any mailer.conf.postfix on the system.
Yes, I also googled, but there is not much of an indication what went wrong.
On another machine, running 4.5, there is also no such file.

The install message said:


--- postfix-2.5.6 ---
system(/bin/sh, -c, /usr/local/sbin/postfix stop) failed:  exit(1)
--- postfix-2.6.2 ---


Note: the following files or directories still exist but are
no longer part of Postfix:

 /etc/postfix/postfix-files /etc/postfix/postfix-script
 /etc/postfix/post-install


+---
| The existing configuration files in /etc/postfix have been preserved.
| You may want to compare them to the current sample files,
| /usr/local/share/examples/postfix, and update your configuration as 
needed.

+---

Postfix can be set up to replace sendmail entirely. Please read the
documentation at file:/usr/local/share/doc/postfix/html/index.html or
http://www.postfix.org/ carefully before you decide to do this!

To replace sendmail with postfix you have to install a new mailer.conf
using the following command:

/usr/local/sbin/postfix-enable

If you want to restore sendmail, this is done using the following command:

/usr/local/sbin/postfix-disable


It doesn't make me much wiser here. There is no mailer.conf.postfix in
/usr/local/share/examples/postfix
either.

Any hint appreciated,

Uwe

  

webalizer

[Uwe Dippel]

Since the 'old' webalizer was replaced with the Xtended, I have nothing 
but trouble with it.
I mentioned it in here, twice, and also contacted the author of Xtended, 
who was quite helpful, asked for some input, logs, and finally excused 
him with having 'other things to do', and would revert back. He never did.


Again, many times webalizer goes through, but at times it forks 20+ 
children until it gets stuck (needs to be manually killed), at other 
times, it doesn't like the standard Apache weblog and segfaults.


With respect to reliability and robustness, I can only suggest to revert 
to the old mrunix version, which never failed me through many years.


2 sen,

Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

Marc Balmer wrote:



It will be one of your users.  Looking at the logfiles you will
quickly identify him.
  


You came into the thread later ... it is me. :)

  


I suggest that you take your concern upstream, i.e. to the courier
developers.  Here, we more or less only package what they provide
us with.
  


I know. Going in circles. I started upstream, with a few posts, but got 
one single answer: courier-imap does not fork. I showed my 100 
processes, all trying to search an item, and all evolved from a single 
search of a single user. No answer was forthcoming. Only then did I 
start the thread in here. And in here,  Alf pointed to the culprit: 
re-requesting searches after a specific time. I posted this upstream, 
but not a single answer. So what it made from this, was that there was 
no interest, sort of 'works for me'.  But 'works for me' still is no 
security means. If I can DoS a 1.7 GHz/256MB box through dial-up, 
involuntarily, who would want to argue that larger iron could not. A new 
term is born: "Security through processing power" ;),



Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

Marc Balmer wrote:


Indeed,  I will try to test an update soon.   BTW:  we are using the
OpenBSD/courier-imap combo for real large mailserver and don't see the
problems that were described.
  


Yes, Marc, yes, Jason, neither did I see them on the Dual-Xeon. But the 
Dual-Xenon with 15k-SCSI is bigger iron, and the search finishes in 
below a minute easily.
Don't get me wrong, my concern is not on the slow little bugger to not 
finish a search. My concern is how far this is an exploit, a DoS, 
eventually via dial-up, once it is known. What I seem to observe, is 
that a client can start a (full text==Entire Message) search at any 
moment she so desires. And it also seems, that this doesn't fall under 
the limitations of MAXPERIP. If what I have to assume, an attacker 
*could* resend a search request with a higher frequency or on a larger 
mailbox, or (DDoS) to a system with higher load, due to distributed 
searches (a plurality of searches on different accounts).
The critical case seems to be, when a search takes longer than the 
TCP-timeout of the client. I think, in the cases described in here, this 
simply was not the case, due to 'big iron' and a somewhat randomised 
access and search by the independent users. What happens if someone 
gobbles together a 10- or 20-liner perl script that bombards the daemon 
with 'Entire Search'-requests of increasing frequency? Let's say, 60 
seconds, 30 seconds, 10 seconds, 3 seconds, 2 seconds, 1 second. At one 
moment in time, our bigger irons will also fail to come up with a full 
search within these shorter periods. And when the script misses the 
result returned, it will resend the search. And so forth. Since this 
search cannot be performed within these few seconds, also this second 
request will not result in anything, and the script will repeat the 
search request ad infinitum.
If someone wanted to try, do a 'Entire Message' search in Thunderbird 
(on a slow system with a large folder), and you'll see - surprise, 
surprise - that once per minute the client will connect and parse a 
(new) search request: Once per minute the status bar displays 
"Connecting to  " "Sending Login information" for a short time, and 
the number of imapd processes goes up by one. Until exhaustion, maybe. 
And to me it looks like a possibly exploitable behaviour. The most 
straightforward solution: limit the number of concurrent searches per 
username to one.


Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

[EMAIL PROTECTED] wrote:



Okay, I have an interest in this so I tested it quickly just now.

/etc/courier/imapd:  MAXPERIP=1

Connection 1:
% telnet foo.bar.baz 143
Connected to foo.bar.baz.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS LOGINDISABLED] 
Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for 
distribution information.

Connection 2:
% telnet foo.bar.baz 143
Connected to oolong.backend.invalid.
Escape character is '^]'.
Connection closed by foreign host.
%

So I apparently cannot reproduce the failure to enforce MAXPERIP.  This
is 4.3-stable with courier-imap-4.1.1p2-imap_bugs
  


Read my mail carefully. It says that clicking another folder beyond the 
MAXPERIP *is* honoured. One way or another, this does not apply for 
searches.


  


Sam is terse.  You asked about imapd forking and he answered that.
  


Yes. He said that it will be one, except of in cases of encrypted link, 
which will make it two.

Which is not true in this case.

Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

Stuart Henderson wrote:


You can restrict sessions per IP very easily with PF.
  


Yes, Stuart,

and no. It is never good engineering practice to turn two knobs at the 
same time. Firstly, when opening a new folder, courier-imap honours its 
limitation gracefully. Second, it would limit the communication channel 
between daemon and client. An innocuous 'go to another folder' or even 
'stop search' (agree, it doesn't work as of now, but it should!) would 
be dropped. It would still not deliver search results, because it would 
spawn N identical searches (N defined by pf). I could try, and I would 
as well have to look into it myself, because I don't know how long the 
timed-out earlier requests would still count as 'link', since the client 
seems to consider them dead after Thunderbirds 60-second mailnews.timeout.
Now, thinking of it, if you don't mind following the line of arguments: 
even worse:
- the links are considered 'timed-out', then pf doesn't limit the 
number of searches
- the links are considered 'active by pf, then any request by the 
client of moving away and going to another folder is dropped

Couldn't be worse, could it!?


What bugs me as well: I have been discussing the matter on the 
courier-imap list, but nobody answered, and the upstream writer never 
wrote anything but that line of 'courier-imap does not fork'. Over the 
years, I have entrusted by IMAP-clients to courier-imap thinking it was 
well-written. I start to have my doubts.
Can anyone with dovecot on a very tiny box confirm or deny that it acts 
differently? One needs to have more mails in a box than the daemon can 
search within the 60 seconds time-out. Then, in the status bar of 
Thunderbird, it will say something like 'Connecting to imap.example.com 
...' once per minute. Let it go for some minutes, and then observe the 
resource usage on the server.

If dovecot is fine, I'll change immediately. :)

Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

Federico G. Schwindt wrote:
It is a nice DoS-combo, what courier-imap in conjunction with  
Thunderbird offer here, and one doesn't even need local access. Just any  
remote Thunderbird client will do, and we can't prevent the user from  
drag&drop some tens of thousands of messages into a folder. Or, even  
easier, reduce mailnews.tcptimeout, and we get one new process per one  
second. Sick.



  This is not a DoS, just a configuration issue.
  Have you tried changing the class to something else than daemon?
  


Which one? I used default, and it doesn't make a difference. Okay, I 
didn't let it drive up loads of 80. Simply stopped around 7, once some 8 
processes were running.

Still, I wonder why it won't stop at 4, despite -maxperip=4
If it was a configuration problem, I'd have to create an extra, very 
restrictive login class for it. And then, the install message should say 
so. And even then, with

maxproc=10
I'd get loads of close to 10, and no result forever.

I'm not an email expert, but I'd think that firstly, it should actually 
limit the sessions per IP, not the number of processes: If you have 10 
users on, they might get well 5 processes each. If there was only 1 
user, he still ought not get 50 processes.
Furthermore, it should limit to one search per user login at a time. 
Then, whatever the setting of the client, there would be one search 
coming to a proper end before another could be spawned.


Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

Alf Schlichting wrote:



We had a similar problem on our mailserver and thunderbird as mail client.
Basicly, thunderbird has a certain timeout  value for searches. If thunderbird
doesn't get a result for a search after  seconds, it assumes some
error and requests the search again. new search ->  new fork -> more load
and so on. Other MUAs may have similar settings. Solution:
Search and set the timeout value in thunderbird's config editor
(IRC mailnews.tcptimeout, defaults to 60)
  


Alf, thanks, and thumbs up. It is not so much of a fault of OpenBSD as 
it is on courier-imap and thunderbird.
I did have to restart Thunderbird to make mailnews.tcptimeout actually 
use 600 seconds, which is sick otherwise. But after some 2.5 minutes it 
had nicely found the string in 'Entire Message', and otherwise behaved: 
no forking, no too high load.
It is a nice DoS-combo, what courier-imap in conjunction with 
Thunderbird offer here, and one doesn't even need local access. Just any 
remote Thunderbird client will do, and we can't prevent the user from 
drag&drop some tens of thousands of messages into a folder. Or, even 
easier, reduce mailnews.tcptimeout, and we get one new process per one 
second. Sick.
With the larger part of the blame on courier-imap, because it does not 
seem to honour its own limit of 4 or 5 sessions per IP:

#  Maximum number of connections to accept from the same IP address
MAXPERIP=4
Also, Thunderbird surely needs two dials: mailnews.tcptimeout is pretty 
much okay with 60 seconds default, but its mistake is to consider a 
search-still-in-the-making as 'connection failure'. And to spawn a new one.



Use smaller inboxes
Get more iron:)
  


Sorry, no. We need to do better than allowing an easy DoS. The lever 
must not be iron or size, it needs to be predictable and always 
reasonable behaviour of the softwares.


Thanks again, would have never found the problem on my own!

Uwe

Re: Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

[EMAIL PROTECTED] wrote:



Based on my experience with courier I don't think it's OpenBSD's issue.

What client is this?  Login (new connection) = new process, and some
popular clients login multiple times.  If you click a lot while it's
doing something, it gets worse.  What does syslog say?

Have you enabled IMAPDEBUGging or tcpdumped the connections to see
what's going on?

  


No, I have already tried a few times, very carefully, and made sure that 
none other users log on, and even that the single user would not click 
anything else. Search 'Entire Message' simply and invariably spawns and 
spawns.
Okay, so I put the whole lot here, sorry for the length, that I sent to 
courier-imap mailing list.

If you feel that IMAPDEBUG could help, I'll read up on it and try.

Uwe

OpenBSD mybox.myplace.edu.my  4.3 
GENERIC#698 i386

pkg_info:
courier-imap-4.1.1p2 imap server for maildir format mailboxes

It starts pretty idle, then I do heavy searches, sending, on a remote 
client (Thunderbird 2.0):


load averages:  0.19,  0.17,  0.1018:01:15
 1948 udippel20 5292K 6048K sleepselect   27:55  7.62% imapd

This is still very much okay and expected; the loads are low.
But at 18:07 I start search 'Entire Message', in the Inbox, for the 
single string 'Young'. This is where the explosion occurs:


$  while [ 2 -ge 1 ]
> do
> date
> top -b | grep averages
> top -b | grep imapd
> echo 
""

> sleep 300
> done
Mon Jun 30 17:56:15 SGT 2008
load averages:  0.19,  0.15,  0.0917:56:15
12202 udippel20 5400K 6056K idle select   13:55  1.17% imapd
 1948 udippel20 5256K 6012K idle select   27:45  0.24% imapd

Mon Jun 30 18:01:15 SGT 2008
load averages:  0.19,  0.17,  0.1018:01:15
 1948 udippel20 5292K 6048K sleepselect   27:55  7.62% imapd
12202 udippel20 5380K 6036K idle select   14:01  1.17% imapd

Mon Jun 30 18:06:15 SGT 2008
load averages:  0.25,  0.18,  0.1218:06:15
12202 udippel20 5404K 6060K idle select   14:05  1.76% imapd
 1948 udippel20 5292K 6048K idle select   28:04  0.63% imapd
 3989 udippel20  900K 1444K sleepselect0:02  0.49% imapd

Mon Jun 30 18:11:15 SGT 2008
load averages:  3.74,  1.68,  0.7518:11:16
24013 udippel   -50 3392K 4232K sleepbiowait   0:35 11.72% imapd
 1948 udippel   -50 5352K 6332K sleepbiowait  29:12 11.33% imapd
 5798 udippel   -50 3388K 4216K sleepgetblk0:13 10.79% imapd
22070 udippel   -50 3276K 4192K sleepbiowait   0:04  8.79% imapd
12202 udippel20 5388K 6044K idle select   14:10  1.76% imapd
 3989 udippel20  912K 1448K idle select0:03  0.00% imapd

Mon Jun 30 18:16:17 SGT 2008
load averages:  7.91,  5.06,  2.5418:16:18
28253 udippel   -50 3456K 4244K sleepgetblk0:21  5.71% imapd
24013 udippel   580 3424K 4384K run  - 1:01  5.22% imapd
 5798 udippel   470 3436K 4328K run  - 0:38  4.98% imapd
 1948 udippel   -50 5364K 6344K sleepgetblk   29:35  4.83% imapd
22628 udippel   -50 3296K 4228K sleepbiowait   0:14  4.79% imapd
22070 udippel   -50 3312K 4248K sleepbiowait   0:29  4.69% imapd
15284 udippel   -50 3348K 4220K sleepbiowait   0:08  4.64% imapd
21101 udippel   -50 3264K 4192K sleepgetblk0:03  3.86% imapd
12202 udippel20 5364K 6020K sleepselect   14:12  0.83% imapd

Mon Jun 30 18:21:19 SGT 2008
load averages: 11.62,  8.63,  4.9118:21:22
24013 udippel   -50 3408K 4376K sleepbiowait   1:18  4.59% imapd
28678 udippel   -50 3480K 4244K sleepgetblk0:10  4.05% imapd
 5798 udippel   530 3436K 4392K run  - 0:54  3.81% imapd
28253 udippel   510 3492K 4336K run  - 0:35  3.08% imapd
22628 udippel   460 3320K 4260K run  - 0:28  2.98% imapd
15284 udippel   500 3352K 4232K run  - 0:22  2.88% imapd
 5550 udippel   -50 3320K 4228K sleepbiowait   0:12  2.88% imapd
22070 udippel   460 3336K 4328K run  - 0:45  2.83% imapd
21101 udippel   490 3284K 4228K run  - 0:17  2.78% imapd
31467 udippel   -50 3468K 4228K sleepbiowait   0:06  2.05% imapd
22556 udippel   -50 3404K 4100K sleepbiowait   0:00  1.95% imapd
21472 udippel   -50 3304K 4196K sleepbiowait   0:03  1.90% imapd
12202 udippel20 5396K 6052K sleepselect   14:15  0.34% imapd

Mon Jun 30 18

Courier-IMAP brings down system when searching Entire Message

[Uwe Dippel]

... when a user has close to 20.000 mails in the Inbox.
It chucks out courier-imap when  more processes are involved than allowed:
(This is after some 3 hours of increasing load, searching around 1 GB in 
cur:


load averages: 84.11, 83.12, 80.7721:04:01
10218 udippel  -140 3504K 4336K sleepinode 0:00  0.88% imapd
5550 udippel   -50 3372K 1972K sleepgetblk1:31  0.15% imapd
2566 udippel  -140 3368K 2080K sleepinode 0:54  0.15% imapd
2623 udippel  -140 3296K 1892K sleepinode 0:49  0.15% imapd
25935 udippel   -50 3504K 1872K sleepgetblk0:47  0.15% imapd
21550 udippel  -140 3356K 1816K sleepinode 0:27  0.15% imapd
30191 udippel  -140 3256K 1944K sleepinode 0:24  0.15% imapd
14507 udippel  -140 3284K 2080K sleepinode 0:54  0.10% imapd
28879 udippel   -50 3416K 1976K sleepgetblk0:46  0.10% imapd
21472 udippel  -140 3368K 1972K sleepinode 1:15  0.05% imapd
8937 udippel   -50 3404K 1792K sleepgetblk0:48  0.05% imapd
20352 udippel  -140 3492K 1940K sleepinode 0:15  0.05% imapd
11819 udippel  -140 3268K 1956K sleepinode 0:14  0.05% imapd
15284 udippel  -140 3384K 1820K sleepinode 1:38  0.00% imapd
21101 udippel  -140 3320K 1892K sleepinode 1:34  0.00% imapd
[,,,]


A moment later the thing is done:

Mon Jun 30 21:09:35 SGT 2008
/bin/ksh: cannot fork - try again

I wrote to the courier-imap list, and Sam Varshavchik wrote:

"imapd does not fork any processes. There is always a single process for 
each

login (and a second, if encryption is used). "

I assume Sam knows. But why does OpenBSD fork like rabbits when a user 
searches 'Entire Message' in a large mailbox?


Uwe

postfix start problem at boot

[Uwe Dippel]

(I wonder if this belongs here or to misc?)

I have been having some problems over the last year with starting 
postfix after a regular shutdown at times:
It would not start when the system starts. This is the maillog of the 
last fail:



Jul 11 11:56:19 claude authdaemond: modules="authuserdb authpwd authpgsql authld
ap authmysql authpipe", daemons=5
Jul 11 11:56:19 claude authdaemond: Installing libauthuserdb
Jul 11 11:56:19 claude authdaemond: File not found
Jul 11 11:56:19 claude authdaemond: Installing libauthpwd
Jul 11 11:56:19 claude authdaemond: Installation complete: authpwd
Jul 11 11:56:19 claude authdaemond: Installing libauthpgsql
Jul 11 11:56:19 claude authdaemond: File not found
Jul 11 11:56:19 claude authdaemond: Installing libauthldap
Jul 11 11:56:19 claude authdaemond: File not found
Jul 11 11:56:19 claude authdaemond: Installing libauthmysql
Jul 11 11:56:19 claude authdaemond: File not found
Jul 11 11:56:19 claude authdaemond: Installing libauthpipe
Jul 11 11:56:19 claude authdaemond: Installation complete: authpipe
Jul 11 11:56:20 claude postfix/postfix-script[17841]: fatal: Postfix integrity c
heck failed!


But a few minutes later, and me doing nothing whatsoever, 'postfix 
check' will be okay (no output), and postfix status and postfix start 
will result in:



Jul 11 12:28:59 claude postfix/postfix-script[25863]: the Postfix mail system is
 not running
Jul 11 12:29:10 claude postfix/postfix-script[26985]: starting the Postfix mail 
system

Jul 11 12:29:11 claude postfix/master[27825]: daemon started -- version 2.5.1, c
onfiguration /etc/postfix


Now I wonder if eventually some files or directories are not (yet) 
available after boot when postfix starts?


% uname -vsrm
OpenBSD 4.3 GENERIC#698 i386

% pkg_info | grep postf
postfix-2.5.1p0 fast, secure sendmail replacement

cat /etc/rc.conf.local   
ntpd_flags=""

accounting=YES
pf=YES
named_flags=""
httpd_flags=""
sendmail_flags="-bd"
syslogd_flags="-a /var/spool/postfix/dev/log"


Any idea how to debug the situation is welcome,

Uwe

Re: Stable ports and packages

[Uwe Dippel]

Edd Barrett wrote:


Can you build packges for me then :P
  


Sure. But I said what I require: an automagic update of my ports tree, 
one way or another.
If what Jacob mentions (cvs) helps you, we can set up one for you, 
provided we don't run out of space.
Though I still believe it is easier to gobble together a small script 
that extracts the diffs from a comprehensive tar in /usr/ports/ and 
applies the respective diffs and churns out a list of all locations 
where updates have to be made.


But don't be disappointed, we're running a server, no X. So I could 
build, but not test.
I don't mind to set up a cronjob that copies all packages as created 
into a web-accessible location for downloads and tests by others.


Our package list is rather short, something like

aalib-1.2p3-no_x11
apg-2.2.3p0
autoconf-2.13p0
autoconf-2.52p1
autoconf-2.57p0
autoconf-2.59p1
bzip2-1.0.4
c-client-2007
cdrtools-2.01p1
curl-7.17.1
cyrus-sasl-2.1.22p2
db-4.6.21
dvd+rw-tools-7.0p0
freetds-0.63p1
gd-2.0.35
gdbm-1.8.3p0
gettext-0.16.1
gmake-3.80p1
gmp-4.2.2
gtar-1.19
help2man-1.29p0
iodbc-3.52.4p2
jpeg-6bp3
kermit-8.0.211
libdnet-1.10p2
libgcrypt-1.2.4
libgpg-error-1.5
libiconv-1.9.2p5
libidn-1.1
libltdl-1.5.22p3
libmcrypt-2.5.7p1
libtool-1.5.22p14
libxml-2.6.30
libxslt-1.1.22
lrzsz-0.12.20p0
lua-5.1.2p1
metaauto-0.7
mhash-0.9.1p1
mini_sendmail-chroot-1.3.6p0
minicom-2.2
mysql-client-5.0.51a
mysql-server-5.0.51a
nano-2.0.7
net-snmp-5.4.1p0
nmap-4.53
openldap-client-2.3.39
p5-DBD-mysql-4.005
p5-DBI-1.59
p5-Net-Daemon-0.43
p5-PlRPC-0.2018p0
pcre-7.6
pfstat-2.3p0
php5-core-5.2.5p2
php5-gd-5.2.5-no_x11
php5-mysql-5.2.5
php5-xsl-5.2.5
pine-4.64p4
png-1.2.22
postfix-2.5.1p0
postgresql-client-8.2.6
python-2.4.4p6
qemu-0.9.0p1
sdl-1.2.13p0
sqlite-2.8.17p1
sqlite3-3.4.2
t1lib-5.1.0p1
tcl-8.4.7p6
texi2html-1.64
tk-8.4.7p1
unzip-5.52
webalizer-2.01.10p5
wget-1.10.2p1
zip-2.32

Uwe

Re: Stable ports and packages

[Uwe Dippel]

Edd Barrett wrote:


`pkg_add -u` is the way I would suggest you use our packages.
  


Thanks, Ed, this is great. So sad, it is a complete miss here, we are 
running amd64 on Dual-Xeon.
In any case, both i386 and sparc package directories for 4.3 are empty 
on your site.


Uwe

Re: Stable ports and packages

[Uwe Dippel]

Ian McWilliam wrote:




My own 2 sen: As much as your work is great, IMHHO the 'glue' is 
missing. We sysadmins (at least me) have no time at all to visit a 
website (yours) regularly and manually compare the list of patches 
with our various installations.
That's funny, I remember submitting many updates for 'stable' ports to 
ports@ for 4.2 at least. I don't remember any feedback or comments at 
all. You obviously read this list.


Yes, I do read this list, and I did test some of the ports (those that I 
use) and gave feedback to [EMAIL PROTECTED]
Then, after some time, I found that I simply did not have the time for 
periodically manually comparing the lists of my installed ports on the 
various boxes with the alphabetic list of updates provided on a webpage 
by [EMAIL PROTECTED], download the patches manually, etc. I tried 
my best, until I ran out of time. Therefore, it is on the funny side 
that some people on ports@ know better about my times and duties than I 
myself.
My mistake could only have been in the formulation of my message: While 
I intended to *laud* the effort and *encourage* someone in the know how 
to kind of streamline the process for the volunteers 
([EMAIL PROTECTED] and Edd Barrett), some have misread the matter 
as ¨whining¨.
I repeat my offer: I volunteer to test -stable patches on my production 
boxes, if someone helps out with a glue (script) that gets the patches 
into the ports tree and lists the ports where I should ´make update´.


Uwe

Re: Stable ports and packages

[Uwe Dippel]

[EMAIL PROTECTED] wrote:

Do you have an account?



@openbsd.org?  No, I don't.

  

Has anyone agreed to officially bring back the stable tree?



One developer was interested in pursuing it, but he is very busy with
other things.
  


My own 2 sen: As much as your work is great, IMHHO the 'glue' is 
missing. We sysadmins (at least me) have no time at all to visit a 
website (yours) regularly and manually compare the list of patches with 
our various installations.
Plus, download the respective patches into the proper directories, 
'patch' them, cd, make update or whatever.
Previously using the cvs to auto-patch followed by a list of outdated 
parts on each box to 'cd and 'make update' was without all the manual, 
administrative overhead. If you could get some account @openbsd or just 
another location (@rutgers, e.g.), I'd immediately start using your 
work. But, as mentioned above, I only have the time to apply the patches 
indicated by some 'out-of-date' program.


Uwe

Problems with webalizer - anyone?

[Uwe Dippel]

Since the upgrade 4.2->4.3 I have some non-reproducible fault of the 
'new' webalizer.
maybe one out of twenty runs it does not finish, and takes some 
resources, until I kill its running ~15 child processes manually.
It is started from daily.local here, and on those days I don't get the 
mail, because webalizer never returns control to the OS.


My daily.local looks like this:


...
# updates httpd-usage
/usr/local/bin/webalizer > /dev/null

# checks for incidences
/usr/local/sbin/logwatch/scripts/logwatch.pl >/dev/null 2>&1
...


The logwatch will never be run on those days until I kill webalizer.
Then the daily output will contain 
Running daily.local:
Terminated 
write error: Broken pipe

write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
write error: Broken pipe
/usr/sbin/apachectl stop: httpd stopped
/usr/sbin/apachectl graceful: httpd not running, trying to start
/usr/sbin/apachectl graceful: httpd started


I have started with a fresh webalizer.current.
I also contacted the author of the 'new' webalizer, but he has never heard or 
seen any of such problems and suggested they might be restricted to amd64 and / 
or OpenBSD.
Since the 'old' webalizer has never had any problems for all those years on the 
same machines and the same installs (before upgrading) I wonder if anyone else 
has observed a similar condition.
[Personally, I wouldn't mind to go back to the tested and robust 'old' 
webalizer; instead of running my production boxes on a somewhat flimsy version.]

Thanks for any feedback; especially from those with similar observations.
For those in the know, dmesg is found below

Uwe



OpenBSD 4.3 (GENERIC.MP) #1582: Wed Mar 12 11:16:45 MDT 2008
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2147033088 (2047MB)
avail mem = 2073280512 (1977MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xec000 (62 entries)
bios0: vendor HP version "D17" date 02/15/2006
bios0: HP ProLiant ML350 G4
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SPCR MCFG APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.53 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
cpu0: 1MB 64b/line 8-way L2 cache
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.11 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
cpu1: 1MB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.12 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
cpu2: 1MB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 7 (application processor)
cpu3: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.11 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,LONG
cpu3: 1MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0 apid 9 pa 0xfec1, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 9
ioapic2 at mainbus0 apid 10 pa 0xfec8, version 20, 24 pins
ioapic3 at mainbus0 apid 11 pa 0xfec80400, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 2 (IPXB)
acpiprt2 at acpi0: bus 6 (PCXA)
acpiprt3 at acpi0: bus 9 (PCXB)
acpiprt4 at acpi0: bus 5 (PTA0)
acpiprt5 at acpi0: bus 13 (PTB0)
acpiprt6 at acpi0: bus 16 (PTC0)
acpiprt7 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpitz0 at acpi0: critical temperature 31 degC
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "Intel E7520 Host" rev 0x0c
ppb0 at pci0 dev 2 function 0 "Intel E7520 PCIE" rev 0x0c
pci1 at ppb0 bus 5
ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci2 at ppb1 bus 6
ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 9
ppb3 at pci0 dev 4 function 0 "Intel E7520 PCIE" rev 0x0c
pci4 at ppb3 bus 13
ppb4 at pci0 dev 6 function 0 "Intel E7520 PCIE" rev 0x0c
pci5 at ppb4 bus 16
ppb5 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02
pci6 at ppb5 bus 2
mpi0 at pci6 dev 3 function 0 "Symbios Logic 53c1030" rev 0x08: apic 9 int 0 
(irq 5)
scsibus0 at mpi0: 16 targets
sd0

Re: Courier-imap on 4.2 stable

[Uwe Dippel]

Steve Shockley wrote:
 
http://shockley.net/OpenBSD/courier-imap-4.3.0.diff

http://shockley.net/OpenBSD/courier-authlib-0.60.2.diff

It's been lightly tested on amd64.


Both apply cleanly and both run properly here when restarted.

In your diff,


mkdir -p /var/run/courier{,-auth}/

if [ -x /usr/local/sbin/authdaemond ]; then
echo -n ' authdaemon';  /usr/local/sbin/authdaemond start

if [ -x /usr/local/libexec/imapd.rc ]; then
echo -n ' imap';
/usr/local/libexec/imapd-ssl.rc start

fi
if [ -x /usr/local/libexec/imapd-ssl.rc ]; then
echo -n ' imap-ssl';
/usr/local/libexec/imapd-ssl.rc start

fi
fi
I fully agree at removing my silly comments. But you might still comment 
on the difference imap / imap-over-ssl; and not necessarily start both.
Plus, there is a copy error: of course for imapd.rc the command needs to 
be '/usr/local/libexec/imapd.rc start' (without the -ssl).


Uwe

Re: ClamAV 0.91.2 for OpenBSD 4.2?

[Uwe Dippel]

Stuart Henderson wrote:


There isn't a normal procedure for 4.2 -stable ports/packages,
these don't exist at the moment


We all know, and it would be good to discuss this in a very civilised 
manner; avoiding pointing of fingers.


But this situation also reduces the tracking of OpenBSD, and its 
attraction. I adore the developers for the huge advances in hardware 
compatibility, keeping the system with a beautiful simplicity, and 
giving me as system administrator the coziest feeling of security. This 
is why I have been tracking it, from 3.3 to 4.2 (yesterday finished 
upgrading the last box to 4.2).
Until recently, I felt that the 'most relevant' ports and packages 
(whatever that is) were reasonably updated, at least as far as security 
is concerned. Now, with 4.2, most of the (again, relevant) ports and 
packages are already close to half a year of age. I will only have 
another window in time for 4.2->4-3->4.4 in a year from now. The cozy 
feeling will alas be somewhat gone, running mid-2007 software throughout 
2008, without reasonable backports of security-challenged applications.
I have no solution for this within OpenBSD. If a 'distribution' where 
hacking happens only at the bleeding edge is viable, I don't know. It 
surely is fun, though.


Uwe

Re: Courier-imap on 4.2 stable

[Uwe Dippel]

Steve Shockley wrote:


Why would you want to delete imapd.pem?  Then your users have to 
install a new cert.  I think current (3.x) versions of Thunderbird 
will refuse to connect.

Want ? probably not needed, but gets us going at following the instructions.
New cert is very much in order, since by default it lasts 12 months 
only. If I do it now, fine. If I don't, I have to dig up the whole lot 
over a short period.
Here the version is still at 2.x (2.0.0.4), and it flawlessly took over 
even without shutting down. The users only had to (once again) accept 
the new cert.


Uwe

Courier-imap on 4.2 stable

[Uwe Dippel]

I permit myself to post this here, in case someone else has a need to know.

pkg_add -ui -F update -F updatedepends
failed me with the following:


Collision: the following files already exist
/usr/local/sbin/courierlogger (courier-imap-3.0.5p4)
/usr/sbin/pkg_add: fatal issues in  installing courier-authlib-0.58p3


Same result with pkg_add courier-authlib-0.58p3.
Only chance out:


# pkg_delete courier-imap
Warning: obsolete construct: @ignore   
/usr/sbin/pkg_delete: Can't read /usr/local/man/man1/courierlogger.1
courier-imap-3.0.5p4: complete 
# pkg_add courier-authlib-0.58p3
courier-authlib-0.58p3: 
complete 
--- courier-authlib-0.58p3 ---

Sample configuration files are installed in /etc/courier/.
# pkg_add courier-imap   
courier-imap-4.1.1p2: 
complete   
--- courier-imap-4.1.1p2 ---

You now need to edit appropriately the Courier-IMAP configuration files
installed in /etc/courier/courier/.


The latter alas is already wrong. There is no /etc/courier/courier/. It 
is simply /etc/courier.

(It is true, you need to set CN, though)


 When this
is done, you can use the 'mkimapdcert' script to automatically generate
a server certificate, which is installed into /etc/ssl/private/imapd.pem


this better reads /usr/local/sbin/mkimapdcert because the directory is 
not in the path.
It still fails, though, because /etc/ssl/private/imapd.pem exists. 
Delete it.


The following


To control the daemon use /usr/local/libexec/imapd.rc and
/usr/local/libexec/imapd-ssl.rc, and to run the authdaemon, place the
following in /etc/rc.local:

mkdir -p /var/run/courier{,-auth}/
/usr/local/sbin/authdaemond start
is not quite complete. /usr/local/libexec/imapd.rc also needs to be 
'start'ed,

and it could be helpful to point this out.
Here the whole lot looks like


# we need subdirectories for the PIDs
mkdir -p /var/run/courier{,-auth}
# we start the authentication daemon
if [ -x /usr/local/sbin/authdaemond ]; then
echo -n ' authdaemon';  /usr/local/sbin/authdaemond start
# no authentication - no SSL
if [ -x /usr/local/libexec/imapd-ssl.rc ]; then
echo -n ' imap-ssl';
/usr/local/libexec/imapd-ssl.rc start

fi
fi


If you do an upgrade on a production box, like here, this might be helpful
and saves you from some inconveniences, like when your imapd doesn't 
start. ;)


Uwe

Re: make update problem for php5

[Uwe Dippel]

On 6/24/07, Uwe Dippel <[EMAIL PROTECTED]> wrote:


> ===> Updating for php5-core-5.1.6p1
> Upgrading from php5-core-5.1.6p0
> Old package php5-core-5.1.6p0 contains potentially unsafe operations
> @unexec rm -f /usr/lib/apache/modules/libphp5.so
> Can't update php5-core-5.1.6p0 into php5-core-5.1.6p1
> /usr/sbin/pkg_add: /usr/ports/packages/amd64/all/php5-core-5.1.6p1.tgz:Fatal 
error
> *** Error code 1
>
> Stop in /usr/ports/www/php5/core (line 1428 of 
/usr/ports/infrastructure/mk/bsd.port.mk).


Okay, I understood (too late to avoid this post):
pkg_add -r -F update php5-core-5.1.6p1.tgz
is needed because of the module deletion,
followed by
apachectl stop
/usr/local/sbin/phpxs -s
apachectl graceful|start

Uwe

make update problem for php5

[Uwe Dippel]

/usr/ports/infrastructure/build/out-of-date on 4.1 tells me:

www/php5/core,-main# 5.1.6p0 -> 5.1.6p1
www/php5/extensions,-gd,no_x11 # 5.1.6 -> 5.1.6p3
www/php5/extensions,-mysql # 5.1.6p1 -> 5.1.6p2
www/php5/extensions,-xsl   # 5.1.6p1 -> 5.1.6p2

So I go to /usr/ports/www/php5/core/ and 'make update'.
Alas, it fails at the very end:


===>  Building package for php5-core-5.1.6p1
Create /usr/ports/packages/amd64/all/php5-core-5.1.6p1.tgz
Switching to /usr/ports/www/php5/core/pkg/PFRAG.shared-main
Link to /usr/ports/packages/amd64/ftp/php5-core-5.1.6p1.tgz
Link to /usr/ports/packages/amd64/cdrom/php5-core-5.1.6p1.tgz
`/usr/ports/www/php5/core/w-php-5.1.6/fake-amd64/.fake_done' is up to date.
`/usr/ports/www/php5/core/w-php-5.1.6/pkg/DESCR-main' is up to date.
`/usr/ports/www/php5/core/w-php-5.1.6/pkg/COMMENT-main' is up to date.
`/usr/ports/www/php5/core/w-php-5.1.6/pkg/DESCR-pear' is up to date.
`/usr/ports/www/php5/core/w-php-5.1.6/pkg/COMMENT-pear' is up to date.
===>  Building package for php5-pear-5.1.6p1
Create /usr/ports/packages/amd64/all/php5-pear-5.1.6p1.tgz
Link to /usr/ports/packages/amd64/ftp/php5-pear-5.1.6p1.tgz
Link to /usr/ports/packages/amd64/cdrom/php5-pear-5.1.6p1.tgz
===> Updating for php5-core-5.1.6p1
Upgrading from php5-core-5.1.6p0
Old package php5-core-5.1.6p0 contains potentially unsafe operations
@unexec rm -f /usr/lib/apache/modules/libphp5.so
Can't update php5-core-5.1.6p0 into php5-core-5.1.6p1
/usr/sbin/pkg_add: /usr/ports/packages/amd64/all/php5-core-5.1.6p1.tgz:Fatal 
error
*** Error code 1

Stop in /usr/ports/www/php5/core (line 1428 of 
/usr/ports/infrastructure/mk/bsd.port.mk).


And I have never downloaded any -current or so. Just plain 4.1.

What went wrong ?

Uwe

P.S.: The 'make update' of the extensions goes through without a hitch:
% pkg_info
[...]
php5-core-5.1.6p0   server-side HTML-embedded scripting language
php5-gd-5.1.6p3-no_x11 image manipulation extensions for php5
php5-mysql-5.1.6p2  mysql database access extensions for php5
php5-xsl-5.1.6p2XSL functions for php5
[...]

Report on package updates

[Uwe Dippel]

Done with the proposed package update
(http://www.openbsd.org/faq/upgrade41.html):
pkg_add -ui -F update -F updatedepends
did a good job; maybe except of
"Cannot find updates for php5-extensions-5.1.4
php5-mysql-5.1.4-hardened  pkgconfig-0.19p0 "
, because apache didn't start until I did
pkg_delete php5-extensions-5.1.4
pkg_delete php5-mysql-5.1.4-hardened
pkg_add php5-mysql
/usr/local/sbin/phpxs -s
/usr/local/sbin/phpxs -a mysql

Also, at the end, there were plenty of install/uninstall messages
flushing by. Does it make any sense to propose to suppress these in
case of an upgrade of package foo ? At least, if there is no change ?

Finally, for whatever reason and despite of the upgrade going through
perfectly well, postfix was replaced by sendmail. Which could be
rectified with /usr/local/sbin/postfix-enable
Still, is there a good reason for this to happen ?

Overall, a great experience and what an improvement ! Thanks !

Uwe

Re: pkg_add too "aggressive" ?

[Uwe Dippel]

Any proxy anywhere ?



Eventually, but none that I could circumvent; none under my control.

pkg_add is not aggressive, but it relies on being able to abort connections

after transferring the beginning of a package.



I see.

We fixed a bug in ftp_proxy sometimes ago which did result on former

connections not getting dropped properly.



Which version ? Can I use that one to upgrade 3.9->4.0 ?

Uwe

pkg_add too "aggressive" ?

[Uwe Dippel]

Had this problem for 3.8->3.9; and now again, 3.9->4.0:
pkg_add -ui -F update -F updatedepends
fails with various responses; but it always refers to the number of threads
that it starts, like

Error from ftp://openbsd.ftp.fu-berlin.de/pub/OpenBSD/4.0/packages/i386/:
530 Sorry, your system may not connect more than 3 times.
ftp: Login failed.
421 Service not available, remote server has closed connection.

421 There are too many connections from your internet address.
ftp: Can't connect or login to host `mirror.switch.ch'
Temporary error, sleeping 10 seconds

There are not that many connections from here; probably only one machine.

I have restarted, just issuing that command, on a single box, no changes. It
is 100% reproducable here, for any mirror, as well as the master site.

Uwe

Re: adduser, batch

[Uwe Dippel]

On Thu, 28 Dec 2006 12:55:14 +0800, Uwe Dippel wrote:

> I can't seem to get the -batch to work.

Apologies, wrong group !

adduser, batch

[Uwe Dippel]

I can't seem to get the -batch to work.
What I want, is to create user $stuid and group $stuid; of course put the
user into their group; with a password $STUD.

I have tried tens of combinations, but I don't get there, yet.
I follow the two examples at the end of the man pages and do something
like
adduser -unencrypted -batch $stuid $stuid $STUD
, but it wouldn't:
Group ``rr09876'' does not exist
I leave out one of the $stuid; along the example
Create user ``falken'' and login group ``falken''.  Invite user
``falken'' into groups ``guest'', ``staff'', and ``beer''.  Realname
(fullname) is ``Prof. Falken''.  Password is ``joshua'' [...]
# adduser -batch falken guest,staff,beer 'Prof. Falken' joshua
and it still wouldn't. The only thing that I get to work is
adduser -unencrypted -batch $stuid nobody $STUD
, but that's not what I want. I tried -group $stuid and -group USER, but
then it always doesn't like the non-existing group '-group'.
I also tried the third example, which looks quite different, (I leave out
all the variations), still, no success.
I wonder, if the examples are clear; to me not.

Yes, I have tried Google, but essentially end at the examples from the man
page.

Thanks for any help,

Uwe

Questions to out-of-date

[Uwe Dippel]

My /usr/ports/infrastructure/build/out-of-date on 4.0 suggests the 
following:

databases/mysql# 5.0.22 -> 5.0.24a
databases/mysql,-server# 5.0.22 -> 5.0.24a
databases/p5-DBD-mysql # mysql-client-5.0.22,p5-DBI-1.52 -> 
mysql-client-5.0.24a,p5-DBI-1.51

databases/p5-DBI   # 1.52 -> 1.51
databases/postgresql   # 8.1.4 -> 8.1.5
devel/libtool  #  -> libltdl-1.5.22p1
graphics/gd# png-1.2.12 -> png-1.2.12p0
graphics/png   # 1.2.12 -> 1.2.12p0
mail/postfix/stable# 2.3.3 -> 2.3.2
net/curl   # 7.15.5 -> 7.15.4
net/net-snmp   # 5.1.3p3 -> 5.1.3p4
Mostly, the packages are upgraded, but some also go downward; like 
p5-DBI, postfix, curl.


And when I run the update (in ports) these downgrades do happen, like:
Upgrading from curl-7.15.5
curl-7.15.4 (extracting): complete
curl-7.15.5 (deleting): complete
curl-7.15.4 (installing): complete

Plus, having done all of these, I still get:
www/php5/extensions,-mysql,no_x11,hardened # mysql-client-5.0.22 -> 
mysql-client-5.0.24a

But pkg_info says:
mysql-client-5.0.24a

Could someone please shed a light on these ? Thanks,

Uwe

php5 extensions fail to compile

[Uwe Dippel]

Can someone please help me with the compilation of extensions from ports
on stable ?
I'd like to understand where that previously applied patch could result
from; and why 'make clean' does not help here.

Thanks,

Uwe

# make
===> www/php5/extensions,hardened,no_x11
===>  php5-extensions-5.1.4 depends on: libxml-2.6.26 - found
===>  php5-extensions-5.1.4 depends on: gettext->=0.14.5 - found
===>  php5-extensions-5.1.4 depends on: metaauto-0.5 - found
===>  php5-extensions-5.1.4 depends on: autoconf-2.52p1 - found
===>  php5-extensions-5.1.4 depends on: bzip2-* - found
===>  php5-extensions-5.1.4 depends on: curl-* - found
===>  php5-extensions-5.1.4 depends on: gdbm-* - found
===>  php5-extensions-5.1.4 depends on: jpeg-* - found
===>  php5-extensions-5.1.4 depends on: png-* - found
===>  php5-extensions-5.1.4 depends on: t1lib-* - found
===>  php5-extensions-5.1.4 depends on: gmp-* - found
===>  php5-extensions-5.1.4 depends on: c-client-* - found
===>  php5-extensions-5.1.4 depends on: openldap-client-* - found
===>  php5-extensions-5.1.4 depends on: libmcrypt-* - found
===>  php5-extensions-5.1.4 depends on: libltdl-* - found
===>  php5-extensions-5.1.4 depends on: mhash-* - found
===>  php5-extensions-5.1.4 depends on: mysql-client-* - not found
===>  Verifying install for mysql-client-* in databases/mysql
===>  Patching for mysql-client-5.0.22
Ignoring previously applied (or reversed) patch.
4 out of 4 hunks ignored--saving rejects to configure.in.rej
***>   patch-configure_in did not apply cleanly
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to include/my_global.h.rej
***>   patch-include_my_global_h did not apply cleanly
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to innobase/Makefile.in.rej
***>   patch-innobase_Makefile_in did not apply cleanly
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to mysql-test/Makefile.in.rej
***>   patch-mysql-test_Makefile_in did not apply cleanly
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to mysql-test/mysql-test-run.sh.rej
***>   patch-mysql-test_mysql-test-run_sh did not apply cleanly
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to scripts/Makefile.in.rej
***>   patch-scripts_Makefile_in did not apply cleanly
Ignoring previously applied (or reversed) patch.
11 out of 11 hunks ignored--saving rejects to scripts/mysql_install_db.sh.rej
***>   patch-scripts_mysql_install_db_sh did not apply cleanly
Ignoring previously applied (or reversed) patch.
4 out of 4 hunks ignored--saving rejects to scripts/mysqld_safe.sh.rej
***>   patch-scripts_mysqld_safe_sh did not apply cleanly
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to sql/mysqld.cc.rej
***>   patch-sql_mysqld_cc did not apply cleanly
*** Error code 1

Stop in /usr/ports/databases/mysql (line 1860 of 
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/databases/mysql (line 1326 of 
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/www/php5/extensions (line 1441 of 
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/www/php5 (line 103 of 
/usr/ports/infrastructure/mk/bsd.port.subdir.mk).

pkg_add -ui -F update -F updatedepends

[Uwe Dippel]

pkg_add -ui -F update -F updatedepends
did a pretty job for me; from 3.9 (stable) to 4.0 (stable).
and - jump at me: - from i386 to amd64 in one go. So far FYI.

Minor observations:

It asked for a bunch of Firefox alternatives in between (1.5.0.5 or
1.5.0.6 or 1.5.0.7 or 1.5.0.8 if memory serves me well). Why wouldn't it
(or how could I) use the most recent one by default ?

It somehow missed out on some x... packages, though: It didn't feel like
updating xmms-1.2.10p6 to xmms-1.2.10p7. Similarly for a few xfce4
packages; which have a higher patch number.
The rest went through smoothly.

There were a few packages left over from the previous i386 install,
though, those with unchanged version/patch number. I wrote a hacky script
to extract those and do a -F installed. (This is also where I found the
mistakes on the x as above, since they stopped saying that the
package doesn't exist. Then I removed the -versionpatch and they did
'upgrade' from i386 to amd64 properly.)

Two questions after this exercise:
1. Is there a suitable and recommended modification of the command to
force all packages to update ? (For those who want to migrate between
architectures)

2. Any chance to not simply exit the script when package is not found ?
Currently, when passing the packages like
pkg_add  -F installed software1-1.1p1 software2-5.6p3
softwaren-2.3.4p4
will exit when software1-1.1p1 is not found in the package directory.
Could it drop the trial of software1 and try the software2 instead; and so
forth ?

For the rest: a great experience, the new OpenBSD packages update ! Thanks
for the vast improvement !

Uwe

Re: Gnumeric - missing mibrary gsf-1.12.1?

[Uwe Dippel]

On Sat, 23 Sep 2006 07:33:07 +0200, Oliver J. Morais wrote:

> iso8879-1986, tiff-3.8.2p0, libiconv-1.9.2p3, bzip2-1.0.3,
> docbook-4.4, gconf2-2.10.1p2, libgsf-gnome-1.11.1p2,
> gnome-mime-data-2.4.2, esound-0.2.34p0, png-1.2.12,
> scrollkeeper-0.3.14p2, libxml-2.6.26
> Maybe it's in a dependent package, but not tagged with @lib ?
> (check with pkg_info -K -L)
> If you are still running 3.6 packages, update them.
> *** Error code 1
> 
> Stop in /usr/ports/math/gnumeric (line 2064 of
> /usr/ports/infrastructure/mk/bsd.port.mk).

Steven helped you out. But I got exactly the same (this is why I checked
the archives) on a fresh install of 4.0-stable/release.
Nothing more done than make && make install; out of the box:

===>  gnumeric-1.4.3p3 depends on: gettext->=0.10.38 - found
===>  Installing gnumeric-1.4.3p3 from /usr/ports/packages/amd64/all/
Can't install /usr/ports/packages/amd64/all/gnumeric-1.4.3p3.tgz: lib not found
gsf-1.12.1
Even by looking in the dependency tree:
libart-2.3.17, glib2-2.10.3, gnome-vfs2-2.10.1p0, libgnomeprintui-2.10.2
p3, libbonoboui-2.10.1p2, gettext-0.14.5p1, gnome-icon-theme-2.10.1, libIDL-0.8.
5p0, cdparanoia-3.a9.8p0, jpeg-6bp3, libglade2-2.5.1p5, glitz-0.4.4, popt-1.7p0,
 libxslt-1.1.17, libgcrypt-1.2.0p1, gtk+2-2.8.20, libgnomeui-2.10.1p2, gnome-key
ring-0.4.4p2, libgnomeprint-2.10.3p0, hicolor-icon-theme-0.5p0, shared-mime-info
-0.15p1, expat-2.0.0, pango-1.12.3, cairo-1.0.4p0, ORBit2-2.12.2p2, libgnomecanv
as-2.10.2p2, atk-1.10.3p1, libbonobo-2.10.1p0, docbook-dsssl-1.72, libaudiofile-
0.2.6p0, libgnome-2.10.0p0, libgpg-error-1.1p0, iso8879-1986, tiff-3.8.2p0, libi
conv-1.9.2p3, bzip2-1.0.3, docbook-4.4, gconf2-2.10.1p2, libgsf-gnome-1.11.1p2,
gnome-mime-data-2.4.2, esound-0.2.34p0, png-1.2.12, scrollkeeper-0.3.14p2, libxm
l-2.6.26
Maybe it's in a dependent package, but not tagged with @lib ?
(check with pkg_info -K -L)
If you are still running 3.6 packages, update them.
*** Error code 1

Stop in /usr/ports/math/gnumeric (line 2057 of /usr/ports/infrastructure/mk/bsd.
port.mk).

$ pkg_info | grep gsf 
libgsf-1.11.1p2 GNOME Structured File library
libgsf-gnome-1.11.1p2 GNOME specific extensions to libgsf

Yes, I *can see* that this is wrong. But it's not of my invention to have
it here.

No, never used any snapshots or stuff. As I said, straightforward install
from scratch.

Uwe

Re: TK doesn't install from ports

[Uwe Dippel]

Mikolaj Kucharski wrote:

Would it be feasible to source some network.conf.recent (located under 
/usr/ports/CVS) at the end of 
/usr/ports/infrastructure/templates/network.conf.template

(or just overwrite the latter) at a ports update ?



You mean updates similar to:

cd /usr/ports && cvs -q up -Pd -rOPENBSD_3_8

right?


cvs -q -d [EMAIL PROTECTED]:/cvs up -r OPENBSD_3_8 -Pd
, to be precise. Copied from the FAQ.
Anything wrong with this or my suggestion ?

Uwe

Re: TK doesn't install from ports

[Uwe Dippel]

Alexandre Anriot wrote:


I don't know if you are still running 3.8, but ovh.dl.sourceforge.net
has been removed from network.conf.template more than six months ago.


Yes, I'm on 3.8.
And I do regular ports updates (CVS).
Would it be feasible to source some network.conf.recent (located under 
/usr/ports/CVS) at the end of 
/usr/ports/infrastructure/templates/network.conf.template

(or just overwrite the latter) at a ports update ?

Uwe

TK doesn't install from ports

[Uwe Dippel]

make REFETCH=true
===>  Checking files for tk-8.4.7
>> tk8.4.7-src.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch /usr/ports/distfiles/tk8.4.7-src.tar.gz from 
>> http://ovh.dl.sourceforge.net/sourceforge/tcl/.
>> Size does not match for /usr/ports/distfiles/tk8.4.7-src.tar.gz
/bin/sh: test: 3: unexpected operator/operand
*** Error code 2

Stop in /usr/ports/x11/tk/8.4 (line 1990 of 
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/x11/tk/8.4 (line 1444 of 
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/x11/tk/8.4 (line 1633 of 
/usr/ports/infrastructure/mk/bsd.port.mk).


I checked, it comes as 'failed mirror' and it is true; the directory
doesn't exist there.

Uwe

Re: Hylafax: faxaddmodem stuck at flow control

[Uwe Dippel]

On Tue, 11 Jul 2006 19:55:44 +0200, Toni Mueller wrote:

> Hmmm? If the fax is garbled, I suspect that you have flow control
> problems with your modem.

No. That was just quite another item. See below.

First, second and third I want to thank 3 nice guys for helping me offline
!!!

Now to what transpired; FYI:

1. 4.1.5 has a procedural problem to faxsetup and faxaddmodem on
   recent OpenBSDs. It doesn't go through; observed by others as well.

2. Some unofficial port (or the straightforward make && make install)
   of 4.2.5 or 4.3.0 do go through *if done from scratch*

3. faxaddmodem of 4.2.5 and 4.3.0 will *not* go through on a system
   that had 4.1.5 installed earlier.
3.a. pkg_delete hylafax leaves a lot of files inclusive the whole
   /var/spool/hylafax intact. That's from where a faulty variable 
   stems that hinders any faxaddmodem to go through. Therefore

4. in order to get it running, a fresh make && make install on a 
   fresh system (or one cleansed from any hyla and fax) of 
   4.2.5 or 4.3.0 is needed.

5. The EOL error of my out-of-the-box install of original hylafax4.3.0
   is completely unrelated:
   http://www.hylafax.org/archive/2005-12/msg00255.php
   One might think of setting
   Class2RecvDataTrigger:  "\022"
   in /etc/config.tty0x by default

Uwe

Re: Hylafax: faxaddmodem stuck at flow control

[Uwe Dippel]

Here is a bit more on this:

I made a fresh install of 3.9, followed by just pkg_add hylafax. The
behaviour is the same, at faxsetup / faxaddmodem flow control scheme
it gets stuck.
I also used another - also serial - modem type; it shows the identical
behaviour.
minicom sees the modem working okay: ATDT123435 dials out to 12345;
and when I dial the phone, RING shows on the terminal screen.

[Once again, the same modem has worked for years on 3.3-3.5, same hylafax.]

It's getting worse:
I downloaded hylafax 4.3.0 (the lastest of a few weeks ago), patched
its configure in vi to make it compile and install. Ran faxsetup /
faxaddmodem and it does *not* stop at flow control. It doesn't find
the preset modem-config; but in the end - after adding it to ttys - it
answers the phone and receives a fax (alas, faulty, but that has
probably to make with my horrible patch-ing; there's an EOL error.)

All this is no solution, but *maybe* it rings some bell ... ?!

Uwe




On 7/10/06, Uwe Dippel <[EMAIL PROTECTED]> wrote:

This is astonishing, because the modem has been working earlier (on
earlier OpenBSDs and earlier main boards).

But now it doesn't work any longer, whatever I try, it stops at DTE-DCE
flow control scheme [default]. I can still press enter or anything, but
faxaddmodem waits indefinitely (for what ?).
I also tried xonxoff and rtscts; with the same result. I also tried
class 1; same result. (I use class 2 here, because this modem always
worked well with class 2)

I searched the archives and google; and found one similar occurrence:
http://www.bsdforums.org/forums/showthread.php?t=34612
Is this a BSD-problem, eventually ?

This is about what it does:


Are these ok [yes]?

Now we are going to probe the tty port to figure out the type
of modem that is attached.  This takes a few seconds, so be patient.
Note that if you do not have the modem cabled to the port, or the
modem is turned off, this may hang (just go and cable up the modem
or turn it on, or whatever).

Probing for best speed to talk to modem: 38400 OK.

This modem looks to have support for Class 1 and 2.
How should it be configured [1]? 2

Hmm, this looks like a Class 2 modem.
Modem manufacturer is "PHILIPS".
Modem model is "ROCKWELL 144DPI".
DTE-DCE flow control scheme [default]?
whatever I type
here, it is echoed.
But no DTE-DCE takes place.


Any hint welcome,

Uwe


OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 3000+ ("AuthenticAMD" 686-class, 256KB
L2 cache) 1.61 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD Powernow: TS TTP TM STC
real mem  = 469278720 (458280K)
avail mem = 421019648 (411152K)
using 4278 buffers containing 23568384 bytes (23016K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(05) BIOS, date 06/05/06, BIOS32 rev. 0 @ 0xfb300
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xd324
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd200/256 (14 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xde00 0xd/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA C51 Host" rev 0xa2 at pci0 dev 0 function 0 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 1 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 2 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 3 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 4 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 5 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 6 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 7 not configured
ppb0 at pci0 dev 2 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci2 at ppb1 bus 2
ppb2 at pci0 dev 4 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci3 at ppb2 bus 3
vga1 at pci0 dev 5 function 0 "NVIDIA GeForce 6100" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"NVIDIA MCP51 Host" rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 "NVIDIA MCP51 ISA" rev 0xa3
"NVIDIA MCP51 SMBus" rev 0xa3 at pci0 dev 10 function 1 not configured
"NVIDIA MCP51 Memory" rev 0xa3 at pci0 dev 10 function 2 not configured
ohci0 at pci0 dev 11 function 0 "NVIDIA MCP51 USB" rev 0xa3: irq 10,
version 1.0, leg

Hylafax: faxaddmodem stuck at flow control

[Uwe Dippel]

This is astonishing, because the modem has been working earlier (on
earlier OpenBSDs and earlier main boards).

But now it doesn't work any longer, whatever I try, it stops at DTE-DCE
flow control scheme [default]. I can still press enter or anything, but
faxaddmodem waits indefinitely (for what ?).
I also tried xonxoff and rtscts; with the same result. I also tried
class 1; same result. (I use class 2 here, because this modem always
worked well with class 2)

I searched the archives and google; and found one similar occurrence:
http://www.bsdforums.org/forums/showthread.php?t=34612
Is this a BSD-problem, eventually ?

This is about what it does:


Are these ok [yes]?

Now we are going to probe the tty port to figure out the type
of modem that is attached.  This takes a few seconds, so be patient.
Note that if you do not have the modem cabled to the port, or the
modem is turned off, this may hang (just go and cable up the modem
or turn it on, or whatever).

Probing for best speed to talk to modem: 38400 OK.

This modem looks to have support for Class 1 and 2.
How should it be configured [1]? 2

Hmm, this looks like a Class 2 modem.
Modem manufacturer is "PHILIPS".
Modem model is "ROCKWELL 144DPI".
DTE-DCE flow control scheme [default]?
whatever I type
here, it is echoed.
But no DTE-DCE takes place.


Any hint welcome,

Uwe


OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 3000+ ("AuthenticAMD" 686-class, 256KB 
L2 cache) 1.61 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3

cpu0: AMD Powernow: TS TTP TM STC
real mem  = 469278720 (458280K)
avail mem = 421019648 (411152K)
using 4278 buffers containing 23568384 bytes (23016K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(05) BIOS, date 06/05/06, BIOS32 rev. 0 @ 0xfb300
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xd324
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd200/256 (14 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xde00 0xd/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
"NVIDIA C51 Host" rev 0xa2 at pci0 dev 0 function 0 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 1 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 2 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 3 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 4 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 5 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 6 not configured
"NVIDIA C51 Memory" rev 0xa2 at pci0 dev 0 function 7 not configured
ppb0 at pci0 dev 2 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci2 at ppb1 bus 2
ppb2 at pci0 dev 4 function 0 "NVIDIA C51 PCIE" rev 0xa1
pci3 at ppb2 bus 3
vga1 at pci0 dev 5 function 0 "NVIDIA GeForce 6100" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"NVIDIA MCP51 Host" rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 "NVIDIA MCP51 ISA" rev 0xa3
"NVIDIA MCP51 SMBus" rev 0xa3 at pci0 dev 10 function 1 not configured
"NVIDIA MCP51 Memory" rev 0xa3 at pci0 dev 10 function 2 not configured
ohci0 at pci0 dev 11 function 0 "NVIDIA MCP51 USB" rev 0xa3: irq 10, 
version 1.0, legacy support

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ehci0 at pci0 dev 11 function 1 "NVIDIA MCP51 USB" rev 0xa3: irq 5
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 8 ports with 8 removable, self powered
pciide0 at pci0 dev 13 function 0 "NVIDIA MCP51 IDE" rev 0xa1: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
ppb3 at pci0 dev 16 function 0 "NVIDIA MCP51 PCI-PCI" rev 0xa2
pci4 at ppb3 bus 4
eap0 at pci4 dev 7 function 0 "Ensoniq CT5880" rev 0x02: irq 5
ac97: codec id 0x83847609 (SigmaTel STAC9721/23)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at eap0
midi0 at eap0: 
"Texas Instruments TSB43AB23 FireWire" rev 0x00 at pci4 dev 14 function 
0 not configured
nfe0 at pci0 dev 20 function 0 "NVIDIA MCP51 LAN" rev 0xa3: irq 11, 
address 00:16:e6:4f:31:1e
ukphy0 at nfe0 phy 1: Generic IEEE 802.3u me

Re: packages - screwed up

[Uwe Dippel]

vladas wrote:


Come on, man, it still worked.


Sure. But with what effort !


Its quite a luxury to install pkgs
by realtime-unpacking them as Mark Espie mentioned.


Also true. Though, I wouldn't mind to wait two seconds more for
1. download into /tmp
2. check
3. add
4. rm /tmp/pkg
Would have effectively saved me some time today.

Re: packages - screwed up

[Uwe Dippel]

... and the rest of the story:
abiword-2.4.2.tgz doesn't come down properly from my mirror (mirror.switch.ch).
So I downloaded it locally from ftp.openbsd.org. And subsequently:

# pkg_delete partial-abiword
Can't resolve partial-abiword to an installed package name [it had been removed]
# pkg_add -v abiword-2.4.2.tgz
parsing abiword-2.4.2
Dependencies for abiword-2.4.2 resolve to: libgnomeprintui-2.10.2p2,
gettext-0.14.5p1, gtk+2-2.6.10p1, fribidi-0.10.4p0, libiconv-1.9.2p3
found libspec art_lgpl_2.5.17 in dependent package libart-2.3.17
found libspec atk-1.0.1011.3 in dependent package atk-1.10.3p1
found libspec glade-2.0.0.7 in dependent package libglade2-2.5.1p4
found libspec glib-2.0.800.4 in dependent package glib2-2.8.4
found libspec gnomecanvas-2.1000.2 in dependent package libgnomecanvas-2.10.2p1
found libspec gnomeprint-2-2.1.0 in dependent package libgnomeprint-2.10.3p0
found libspec pango-1.0.1001.1 in dependent package pango-1.10.2p0
found libspec png.4.2 in dependent package png-1.2.8p0
found libspec popt.0.3 in dependent package popt-1.7p0
found libspec xml2.9.0 in dependent package libxml-2.6.16p8
Collision: the following files already exist
Looking for collisions in libart-2.3.17
Looking for collisions in cairo-1.0.2p0
Looking for collisions in lame-3.96.1p1
Looking for collisions in libxml-2.6.16p8
Looking for collisions in hylafax-4.1.5p4-a4
Looking for collisions in gettext-0.14.5p1
Looking for collisions in libgnomecanvas-2.10.2p1
Looking for collisions in ghostscript-fonts-6.0p0
Looking for collisions in gnome-icon-theme-2.10.1
Looking for collisions in imlib2-1.1.2p2
Looking for collisions in glib2-2.8.4
Looking for collisions in libtheora-1.0alpha4p0
Looking for collisions in tiff-3.7.3p1
Looking for collisions in png-1.2.8p0
Looking for collisions in ghostscript-7.05p7-a4
Looking for collisions in cdparanoia-3.a9.8p0
Looking for collisions in dvd+rw-tools-5.21.4.10.8
Looking for collisions in gtk+-1.2.10p4
Looking for collisions in jpeg-6bp3
Looking for collisions in fluxbox-0.9.14
Looking for collisions in libungif-4.1.4
Looking for collisions in mplayer-1.0pre7p15
Looking for collisions in popt-1.7p0
Looking for collisions in glitz-0.4.4
Looking for collisions in libgnomeprintui-2.10.2p2
Looking for collisions in libgnomeprint-2.10.3p0
Looking for collisions in minicom-2.00.0p1
Looking for collisions in hicolor-icon-theme-0.5p0
Looking for collisions in libltdl-1.5.22p1
Looking for collisions in glib-1.2.10p1
Looking for collisions in atk-1.10.3p1
Looking for collisions in gtk+2-2.6.10p1
Looking for collisions in libogg-1.1.3
Looking for collisions in kermit-8.0.211
Looking for collisions in fribidi-0.10.4p0
Looking for collisions in bzip2-1.0.3
Looking for collisions in libiconv-1.9.2p3
Looking for collisions in libglade2-2.5.1p4
Looking for collisions in cdrtools-2.01
Looking for collisions in lrzsz-0.12.20
Looking for collisions in expat-1.95.6p1
Looking for collisions in pango-1.10.2p0
   /usr/local/share/doc/abiword/Manual/Abiword_Manual.abw (different md5)
/usr/sbin/pkg_add: fatal issues in installing abiword-2.4.2 [no, not
quite, not yet]
# rm -Rf /usr/local/share/doc/abiword
#pkg_add -v /home/myhome/abiword-2.4.2.tgz
parsing abiword-2.4.2
Dependencies for abiword-2.4.2 resolve to: libgnomeprintui-2.10.2p2,
gettext-0.14.5p1, gtk+2-2.6.10p1, fribidi-0.10.4p0, libiconv-1.9.2p3
found libspec art_lgpl_2.5.17 in dependent package libart-2.3.17
found libspec atk-1.0.1011.3 in dependent package atk-1.10.3p1
found libspec glade-2.0.0.7 in dependent package libglade2-2.5.1p4
found libspec glib-2.0.800.4 in dependent package glib2-2.8.4
found libspec gnomecanvas-2.1000.2 in dependent package libgnomecanvas-2.10.2p1
found libspec gnomeprint-2-2.1.0 in dependent package libgnomeprint-2.10.3p0
found libspec pango-1.0.1001.1 in dependent package pango-1.10.2p0
found libspec png.4.2 in dependent package png-1.2.8p0
found libspec popt.0.3 in dependent package popt-1.7p0
found libspec xml2.9.0 in dependent package libxml-2.6.16p8
abiword-2.4.2: complete


To me, though it worked like this, a conceptual error of the tool.

Uwe

Re: packages - screwed up

[Uwe Dippel]

On 7/7/06, Marc Espie <[EMAIL PROTECTED]> wrote:


Just remove the file manually, and try again...



It works, but :

abiword-2.4.2|**   | 59%
^CError reading from archive: abiword-2.4.2: complete
/usr/sbin/pkg_add: Caught SIGINT. Installation of abiword-2.4.2 failed
, partial installation recorded as partial-abiword-2.4.2

# pkg_delete partial-abiword
partial-abiword-2.4.2: complete
Clean shared items: complete
--- partial-abiword-2.4.2 ---
Error deleting directory /usr/local/share/doc/abiword/Manual:
Directory not empty
Error deleting directory /usr/local/share/doc/abiword: Directory not empty

... not completely.

The tool is the one on 3.9-Stable.
The whole matter is not satisfying; IMHO. As long as the download is
incomplete, there is no reason to install partially; no reason not to
clean up.
I compare with Debian, and apt-get. There I never have such trouble:
1. Download
2. Check sum
3. Install

Maybe I'm too much of a fool for the tool to be proof to me ... ;)

Uwe

packages - screwed up

[Uwe Dippel]

Tried to 'listen' and install packages.
# pkg-add -v abiword
brought in many dependencies; finally abiword itself. Got stuck at 59% for ages.
Ctrl-C brought a relief; and partial-abiword-2.4.2.
# pkg_delete partial-abiword

Another go:
# pkg-add -v abiword
now got stuck at some MD5-sum

# pkg_add -v -i -q -r abiword
parsing abiword-2.4.2
Dependencies for abiword-2.4.2 resolve to: libgnomeprintui-2.10.2p2,
gettext-0.14.5p1, gtk+2-2.6.10p1, fribidi-0.10.4p0, libiconv-1.9.2p3
found libspec art_lgpl_2.5.17 in dependent package libart-2.3.17
found libspec atk-1.0.1011.3 in dependent package atk-1.10.3p1
found libspec glade-2.0.0.7 in dependent package libglade2-2.5.1p4
found libspec glib-2.0.800.4 in dependent package glib2-2.8.4
found libspec gnomecanvas-2.1000.2 in dependent package libgnomecanvas-2.10.2p1
found libspec gnomeprint-2-2.1.0 in dependent package libgnomeprint-2.10.3p0
found libspec pango-1.0.1001.1 in dependent package pango-1.10.2p0
found libspec png.4.2 in dependent package png-1.2.8p0
found libspec popt.0.3 in dependent package popt-1.7p0
found libspec xml2.9.0 in dependent package libxml-2.6.16p8
Collision: the following files already exist
Looking for collisions in libart-2.3.17
Looking for collisions in cairo-1.0.2p0
Looking for collisions in lame-3.96.1p1
Looking for collisions in libxml-2.6.16p8
Looking for collisions in hylafax-4.1.5p4-a4
Looking for collisions in gettext-0.14.5p1
Looking for collisions in libgnomecanvas-2.10.2p1
Looking for collisions in ghostscript-fonts-6.0p0
Looking for collisions in gnome-icon-theme-2.10.1
Looking for collisions in imlib2-1.1.2p2
Looking for collisions in glib2-2.8.4
Looking for collisions in libtheora-1.0alpha4p0
Looking for collisions in tiff-3.7.3p1
Looking for collisions in png-1.2.8p0
Looking for collisions in ghostscript-7.05p7-a4
Looking for collisions in cdparanoia-3.a9.8p0
Looking for collisions in gtk+-1.2.10p4
Looking for collisions in jpeg-6bp3
Looking for collisions in fluxbox-0.9.14
Looking for collisions in libungif-4.1.4
Looking for collisions in mplayer-1.0pre7p15
Looking for collisions in popt-1.7p0
Looking for collisions in glitz-0.4.4
Looking for collisions in libgnomeprintui-2.10.2p2
Looking for collisions in libgnomeprint-2.10.3p0
Looking for collisions in minicom-2.00.0p1
Looking for collisions in hicolor-icon-theme-0.5p0
Looking for collisions in libltdl-1.5.22p1
Looking for collisions in glib-1.2.10p1
Looking for collisions in atk-1.10.3p1
Looking for collisions in gtk+2-2.6.10p1
Looking for collisions in libogg-1.1.3
Looking for collisions in kermit-8.0.211
Looking for collisions in fribidi-0.10.4p0
Looking for collisions in bzip2-1.0.3
Looking for collisions in libiconv-1.9.2p3
Looking for collisions in libglade2-2.5.1p4
Looking for collisions in lrzsz-0.12.20
Looking for collisions in expat-1.95.6p1
Looking for collisions in pango-1.10.2p0
   /usr/local/bin/AbiWord-2.4 (different md5)
/usr/sbin/pkg_add: fatal issues in installing abiword-2.4.2

# pkg_delete partial-abiword
Can't resolve partial-abiword to an installed package name

Now I'm out of ideas. Thanks for further help ! (How can there be
/usr/local/bin/AbiWord-2.4 after a partial-abiword removal ??)

Re: Problem building nmap-no_x11

[Uwe Dippel]

Lars Hansson wrote:


No, packages has a better method.


Since you are up-to-date, please share with me: which ?

"make install" for a port will not update an 
already installed port.
 


True. "make clean" won't neither. But "make update" does. Surprised ?


If you cant figure that out by yourself maybe OpenBSD is not for you.


"If you don't know from your first day on this system what you do, 
better move elsewhere." ??



will need X even on a non-X system to satisfy dependencies." in the
Installation-FAQ will remedy the situation for newcomers proactively.
   


Something along the lines of "In case you want to use ports later, you


Except that you dont need X to build ports. You only need it for ports that is 
using X.
 

Fine. Then add "In case you want to use ports later, be aware that for 
some the dependencies resolve to X. Except of space, there is no harm 
installing 'all'."


Uwe

Re: Problem building nmap-no_x11

[Uwe Dippel]

Joachim Schipper wrote:


OTOH, it is expected you either know what you are doing or just install
packages - and in fact, if you do know what you are doing, you typically
*still* install packages.
 

Or, maybe, if you know what you are doing, you still install ports, for 
their IMHO better method of updating.
I am not the greatest fan of Linux, but that famous 'apt-get upgrade' is 
still the most simple way for updating outdated (binary) packages. 
AFAIK, we don't have any similar tool (I dunno about 3.9; haven't 
updated yet, though).


Since this type of question comes up repeatedly, I suggest to add 
something to the FAQ here:


"The files that the install program finds will be shown to you on the 
screen. Your job is just to specify which files you want. By default 
all the non-X file sets are selected; however, some advanced users may 
wish to limit this to the bare minimum required to run OpenBSD, which 
would be base39.tgz, etc39.tgz and bsd. Most people will want to 
install all file sets. The example below is that of a full install."


Here everyone who knows what he does, usually, that is no X on a 
firewall, router, server, will be bitten.
Something along the lines of "In case you want to use ports later, you 
will need X even on a non-X system to satisfy dependencies." in the 
Installation-FAQ will remedy the situation for newcomers proactively.


My 2 sen,

Uwe

Re: KDE: ark

[Uwe Dippel]

On Wed, 22 Mar 2006 07:38:47 +0100, Otto Moerbeek wrote:

> It depends on what you call "proper".

Naïve as I am, just when I tar /home/users/, that it doesn't bug out 
on long filenames/paths. Most of those come without the users being
guilty; from titles of movies and MP3s.

> You're just using a gnu extension. Gnu tar archives are not portable.
> When do you want to encounter that? ONn archive build or archive extract?

IMHO, it seems to work when I tar and untar with gtar. 
I'd prefer the native tar, though. But its error messages on build don't
make me feel at ease.

Uwe

Re: KDE: ark

[Uwe Dippel]

On Tue, 21 Mar 2006 14:50:30 +0100, Alf Schlichting wrote:

> The following diff makes the ark archiver from kdeutils3 use gtar instead of 
> OpenBSDs native tar(1).

Almost OT:
OpenBSD's tar also fails on longer path/filenames (haven't checked
properly; I'd guess around 100+ characters).
Replacing (in my case hardcoded) tar with gtar results in proper archives.
(OpenBSD 3.8, in case someone asked)

Uwe

Re: mysql-fun

[Uwe Dippel]

On Wed, 14 Dec 2005 14:34:37 +0800, Lars Hansson wrote:

> Check the ownership and permissions for /var/mysql when mounted as it's
> own partition. It is supposed to be owned by _mysql.

The subject was right: fun. No idea what happened.
I simply shut down mysql, mounted the partition-to-be to /mnt/; cp -Rp all
files from /var/mysql to /mnt/, re-inserted the partition into fstab, and
rebooted. Works without a hitch.
I'll try next time again; and report back if anything strange occurs.
Otherwise my excuses for noise,

Uwe

mysql-fun

[Uwe Dippel]

I wanted to pull a clever one and created /var/mysql as separate partition.
But it fails miserably.
At install, it will tell me that there is already a database, though
/var/mysql is empty.
mysqld_safe & 
won't start; with an error 'already running' though there is no pid.

So I simply removed the entry in fstab and now everything works fine;
except that my /var/ is much too small.

I wonder why. Of course, I couldn't rm -Rf /var/mysql at de-install
('busy'), but that is understood.
What I don't understand is, how mysql can be clever enough to distinguish
between /var/mysql on /var/ and /var/mysql/ as single partition. I use to
create /var/mail, /var/www without any problem.

Uwe,

curious for any pointer

Re: /var/www/foo versus /var/www/htdocs/foo ?

[Uwe Dippel]

On Mon, 28 Nov 2005 10:36:12 +0100, frantisek holop wrote:

> /var/www and /var/www/htdocs might have different owners sometimes 

Sure. So as of now I take it that my earlier suspicion of 'elegance' kicks
in. I never doubted the way it is done, and from your answer I take it
that putting the files further down does not have a generic security
(dis)advantage.

Thanks for all answers,

Uwe

Re: /var/www/foo versus /var/www/htdocs/foo ?

[Uwe Dippel]

On Mon, 28 Nov 2005 08:00:33 +, Antoine Jacoutot wrote:

> You don't _have_ to link files.
> You can use the Alias directive in your httpd.conf.
> 
> Alias /phpmyadmin/ /var/www/phpmyadmin/

All clear. Only my original question was pointing into another
corner: Why link / alias instead of just putting the files there ?
Is there any *security* improvement through moving the files out of
/htdocs/ respectively /users/ ?

Uwe

/var/www/foo versus /var/www/htdocs/foo ?

[Uwe Dippel]

probably a stupid one, but that's me, then:
some applications (wordpress, phpmyadmin) put their files into
/var/www/foo and symlink to these dir from /var/www/htdocs/ to ../foo.

Is this elegance or anything on security ?

Thanks for some help here,

Uwe

Re: no freshclam since clamav-0.87.1

[Uwe Dippel]

On Thu, 17 Nov 2005 09:04:02 +0800, Uwe Dippel wrote:

Thanks for all the replies !
It is okay now:

> Removed clamav and compiled / installed again.
> 
> No, I didn't change the freshclam.conf at update.

Yes, I did. I *must* have changed it, and changed to _clamav as database
owner; in the conf only. Though I don't remember.

Sorry for the noise && Thanks again,

Uwe

no freshclam since clamav-0.87.1

[Uwe Dippel]

Am I the only one seeing this ?

Immediately after the update, freshclam didn't work any longer:

freshclam
ClamAV update process started at Thu Nov 17 08:56:11 2005
main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm)
Downloading daily.cvd [*]
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...

This has been going on for the last three days and I had never seen it
before. Tried around ten times manually, over and over, at different
times. Searched Google.
Removed clamav and compiled / installed again.

No, I didn't change the freshclam.conf at update.

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

On Thu, 27 Oct 2005 13:41:57 +0100, David Cathcart wrote:

> pkg_info -M `ls -rt /var/db/pkg/`

Good one, but incomplete:

# pkg_add /usr/ports/packages/i386/all/postfix-2.2.5p0.tgz  
  <
postfix-2.2.5p0: complete
--- postfix-2.2.5p0 ---
-> Creating /etc/mailer.conf.postfix
-> Creating Postfix spool directory and chroot area under /var/spool/postfix


+---
| The existing configuration files in /etc/postfix has been preserved.
| You may want to compare them to the current sample files,
| /usr/local/share/examples/postfix, and update your configuration as needed.
|
| /etc/postfix/post{fix-{script,files},-install} has been updated.
+---


+---
| Don't forget to add "-a /var/spool/postfix/dev/log" to syslogd_flags
| in /etc/rc.conf.local (or /etc/rc.conf) and restart syslogd.
+---

+---
| Postfix can be set up to replace sendmail entirely. Please read the
| documentation at file:/usr/local/share/doc/postfix/html/index.html or
| http://www.postfix.org/ carefully before you decide to do this!
|
| To replace sendmail with postfix you have to install a new mailer.conf
| using the following command:
|
| /usr/local/sbin/postfix-enable
|
| If you want to restore sendmail, this is done using the following command:
|
| /usr/local/sbin/postfix-disable
+---

# pkg_info -M `ls -rt /var/db/pkg/`
Information for metaauto-0.5




Information for pcre-4.5p1


Information for postfix-2.2.5p0


#



Uwe

'bulk' build of php5-extensions dies

[Uwe Dippel]

While individual extensions built (tried some), a bulk (simply make
clean && make && make install) dies with

checking for mkfifo... (cached) yes
checking for getrlimit... (cached) yes
checking for PSPELL support... no
checking for libedit readline replacement... no
checking for readline support... no
checking for recode support... no
checking whether to enable PHP sessions... yes
checking for mm support... no
checking whether pwrite works... no
checking whether pread works... no
checking whether to enable shmop support... yes, shared
checking whether to enable simplexml support... yes
checking whether libxml build works... (cached) yes
checking for SNMP support... yes, shared
checking OpenSSL dir for SNMP... no
checking for snmp_parse_oid in -lnetsnmp... no
checking for init_snmp in -lnetsnmp... no
configure: error: SNMP sanity check failed. Please check config.log for more 
information.
*** Error code 1

Stop in /usr/ports/www/php5/extensions (line 1778 of 
/usr/ports/infrastructure/mk/bsd.port.mk).

config.log is almost 200k. What to do ?

Uwe

make search key=" log "

[Uwe Dippel]

Wanted to check the log watchers in the ports; instead of my current
favourite logwatch.

make search key=" log "
did not work as I'd personally expect it to: discarding occurrences like
"prolog" and "logged".
Are my expectations wrong ? Probably yes, but I'd still be grateful for a
hint !
And, what would be the difference then between 
make search key="samba" [FAQ] and 
make search key=samba ?

Uwe

Re: sparc64 and clamav

[Uwe Dippel]

On Tue, 08 Nov 2005 18:06:19 +0200, Yiorgos Adamopoulos wrote:

> When I try to pkg_add clamav it tries to install arc for which there is 
> no package prepared at ftp.openbsd.org (or mirrors)!

(May I suggest to check the archives; that's faster than writing and
waiting ...)

Check the archive dated September 22, 2005, Subject 'clamav package
dependency missing'.
It has been known that clamav has questionable dependency ideas. Think
about it, how many .arc and .zoo archives did you ever get ? And in case
you didn't want to check archives at all ? But I don't want to refresh
that discussion ... .

Uwe

Re: New ports tree feature

[Uwe Dippel]

On Mon, 07 Nov 2005 02:24:48 +0100, viq wrote:

> for i in `/usr/ports/infrastructure/build/out-of-date | cut -d" " -f1` ;
> do cd /usr/ports/$1 ; make update clean; done

Similar to what I suggested earlier: export the package names from an
updated ports tree as reference (file).
Might as well relieve load on the cvs-es, when the 
cvs -q -d [EMAIL PROTECTED]:/cvs up -r OPENBSD_3_n -Pd 
is no longer needed to check for updates ?
You'd simply diff the installed ports / packages against this
relatively small file (much faster than navigating the whole tree
remotely) purely locally and then refetch the packages to be updated.
Respectively make the update as described by you. The FLAVOR and
eventually SUBPACKAGE thing is something else, then.
Could - while 'make'ing in the ports collection - the parameters
eventually be remembered ?

> Just my .02 for "you guys rock!"

Very much agreed here !

Uwe

Re: RFC changes in version numbering schemes

[Uwe Dippel]

On Thu, 03 Nov 2005 11:04:35 +0100, Marc Espie wrote:

> This does not take care of branch issues...

started to think and don't see this.
File: abiword-2.2.11.tgz8160 KB 01/11/0514:41:00
File: abiword-2.2.9.tgz 8159 KB 04/09/0519:19:00

Why are there two ? 2.2.9 is 'release', and 2.2.11 is 'stable', right ?
Why, when you pkg_update, does 2.9 resp. 2.11 take care of branch issues,
while 2.9-1234 respectively 2.7-2345 would not ?

In the first case, it would be 2.2.9 used as flag for 'release', in the
second case 1234.
Why, if you move the id from version number to fingerprint, branches are
not considered ?

Another method: offer a local flat database pkg38rel.db containing all
package names for 'release'; while pkg38st.db contain all packages for
stable. Then, if a vendor version decrements, pkg_ff wouldn't even
notice, but 'update' to the version identified in the local database.

Uwe

Re: RFC changes in version numbering schemes

[Uwe Dippel]

On Thu, 03 Nov 2005 15:49:39 -0700, andrew fresh wrote:

> Human readable, date based serials would be nice as that is something
> easy to recognize and compare.  If the serial was human readable, I
> don't think there would be a need for the p* numbers as with the serial,
> you would know which was newer.  The vendor version would not have any
> impact on the package version which would be nice.

This is what I had in mind. Consider the unix time as 'academic' example.

As an aside, just upgraded a 'real life' desktop notebook to 3.8. Works
great. But packages didn't. Not more than 1/3 upgraded with the proposed 
pkg_add -r -F update -F updatedepends -q list_of_new_pkgs
and 3.8 (Release) pkg_add.
Mainly due to versioning: abiword-2.0.7 is 'Fatal error'; just as
abiword. As an example. 
I don't know about the precise working of pkg_add in current, but logic
implies that a package is called - from a user perspective - by its name
alone. There must be an identifier to distinguish different versions
(*could* be human readable), and preferably a version number for users.

Anything else can - I am afraid - logically not work as expected:
Nobody wants to install amanda-client-2.4.5p1.tgz. What you want is
install amanda-client. Later on, you want to see that you have version
2.4.5; and eventually that it is patched twice (p1). The rest must be
behind the scenes; from a finger-print.

Uwe

Re: NEW: pkg_check

[Uwe Dippel]

On Thu, 03 Nov 2005 08:09:22 +0100, Antoine Jacoutot wrote:

> Quick guess because you need a ports tree.

Of course, there was something I overlooked !

On the other hand, cvs remains the 'master', and instead of manually
updating a reference site, would it not be better and simpler to refer to
the reference(s) given by the 'master' ? Like skimming through the ports
tree locally on the master and create a reference directory to check
against ? Instead of checking against a third repository updated manually ?

This is no criticism of the work of the OP, and the additional information
is good as well. For practicalities like a regular check, though, the
whichever version is principally enough.

Or am I just wrong another time ?

Uwe

Re: RFC changes in version numbering schemes

[Uwe Dippel]

On Thu, 03 Nov 2005 00:04:15 +0100, Marc Espie wrote:

> Opinions ?

If you dared to be radical, you'd split the name into 3 parts:
generic name - human readable version - unix time.

That would read
python-expat-2.3.5-1131013320

python-expat: package name
2.3.5: for us humans to know the base version
1131013320: actual version to be used by pkg_foo

Irrespective of version numbers going up or down, the package tools will
only look at the unix time and update (including reverting to a lower
'human readable version') to a later (in unix time) version.

Of course, for us humans a patched version may as well read
python-expat-2.3.5p2-1131013320
or similar. No package tool would ever look at that p2; it is part of the
human readable version of the package identifier.

If tomorrow an older version is required, it could be put up as 
python-expat-2.1.3r1-1131099720
With the unix time 86400 seconds more recent, pkg_add will update to this
version. With r1 being a *possible* indicator for going back in base
version to the human *only*.

Uwe

Re: NEW: pkg_check

[Uwe Dippel]

On Wed, 02 Nov 2005 17:54:03 +0100, Hans van Leeuwen wrote:

> "pkg_check is build on top of OpenBSD's ports-system. It checks a given 
> list of packages for vulnerablities against the VuXML database. If no 
> package is given all installed packages will be checked."

This may be a dumb one, but I am curious:
Why not check against the package names as they come from cvs ?

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

On Thu, 27 Oct 2005 13:41:57 +0100, David Cathcart wrote:

> pkg_info -M `ls -rt /var/db/pkg/`
> 
> Most recent last, easier not to miss things.

Thanks; *now* I have learnt something. This is pretty close already; and
something I have missed earlier.
(Also here, would be good to add this into the FAQ ?)

This is workable.

May I nevertheless dream on ?
Most messages are empty. There is no persistent behaviour.
If I were a better coder, I'd scribble something to do like this:

#-- php5-core-5.0.3p1 --- 
# To finish the install, enable the php5 module with:
/usr/local/sbin/phpxs -s

# To enable parsing of PHP scripts, add the following to
# /var/www/conf/httpd.conf:

#AddType application/x-httpd-php .php

# Copy the config file below into /var/www/conf/php.ini
# /usr/local/share/examples/php5/php.ini-recommended
#-

Current flag: [ ]
Action:
[R] - Run now
[A] - Run always (Toggle)
[n/N] - next / previous message
[X] - Expunge message
[Q] - Quit

This script is something to be run at any upgrade and update, so I press
'A' and it will show
...
# /usr/local/share/examples/php5/php.ini-recommended
#-

Current flag: [A]
Action:
...

Of course, with a '/' to search for the next occurrence as usual.
A basic vipkg, so to say.

And when I copy this 'database' to another box, it will gladly apply the
same behaviour there. 

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

On Thu, 27 Oct 2005 14:22:32 +0200, Hannah Schroeter wrote:

> Then, script (from base!) or screen (from ports) can help.
> 
> For screen, be sure to increase the scrollback, something like
>   defscrollback 500
> in your .screenrc helps much.

Thanks, Hannah, but this isn't what I was asking for. I am aware of those
utilities. Why would I want to skim through thousands of lines to find
out which package / port comes with a short install message ? I wouldn't
know why. If it can be done automatically.

> And with screen, you can even cut&paste with the keyboard only. Or use
> the cut&paste features of wsmoused.

With all my love for full screen; doing this is not optimal. I can't take
any pride in doing things the difficult way, when they can be done in a
simple manner. I do not like the way my 'other system' (Debian) handles
this and activates anything apt-get-ed on its own. On the other hand, I
don't see why an install message is obfuscated, suggested to be recovered
from pages over pages of 'script' with weird keyboard action (no, there is
no need to ever carry a mouse to the server room in my sometimes weird 
opinion).

My job is teaching CS; R&D in CS. It is not my job and pride to remember to 
phpxs -s after an upgrade. Neither to be able to extract an install
message from a screendump.

Thanks again for the suggestions, nevertheless.

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

On Thu, 27 Oct 2005 13:18:32 +0200, Bernd Ahlers wrote:

> I think Marc is speaking of using the xterm of your workstation and 
> login to your server via ssh. ;)

I think we all understand this.
Believe me or not - I am not speaking for Keith here - the way I work,
there isn't. *Later*, at remote administration, there is. 
At install, there isn't.
Also, my weak eyes relish from not having some xterm but a real console.
I prefer Crtl-Alt-Fn to mouse clicking. Even if some think that I have
an issue here. If there was, it would be mine in any case.
And we don't tell others how to do their jobs, do we ?

Thanks for sticking to the technical and not the ergonomic aspects,

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

Marc Espie wrote:


You have an issue with the way you do stuff. If you install enough packages
to have these scroll by and get lost, then use tools to store the output,
like script and friends...


No fun on ports, I tell you.
I still think the 'hook' doing it for me is much easier.

> I'm at a loss, I *never* had to deal with this

issue, I always have something like the scrollbar of my xterm to get back
to the messages...


Everyone works differently. Quite frequently there is no xterm. On my 
servers never. And then I sit in front of them ...



Well, tell you what, I'll get pkg_add and pkg_delete to print a summary
of what changed (+pkg1 pkg2 -pkg1 pkg2).


Oh, that would be something ! And once you have it, why not add three 
lines to *display* pkg_info -M /var/db/pkg/foo_s/+DISPLAY if these exist 
? Then I can seat myself in front of an xterm (I usually don't) and do 
what I actually proposed, at least conceptually.



That's quite enough. You know you can do pkg_info -M /var/db/pkg/*
and get all install notices displayed, don't you ?


Not so horribly interesting, I am afraid. I prefer your earlier 
suggestion as above.


Thanks !

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

On Thu, 27 Oct 2005 08:43:31 +0200, Nikolay Sturm wrote:

> You didn't mention the OpenBSD version, but AFAIR it was 3.7?

True. Currently sitting on 3.7.

> This issue
> is dealt with insofar, as all MESSAGEs are collected until pkg_add is
> done. Then all MESSAGEs are shown together. This feature will be in 3.8.

Not quite, I'm afraid. I don't want to see them necessarily at the end of
a pkg_add (respectively make install, in my case); because I will have
quite a few more things to be added without being forced to act after
pkg_add mysql-server; later after pkg_add courier-imap; later after
pkg_add postfix.
My suggestion is, that when all stuff has been added / built, I grab my
favourite drink. *Afterwards" I call 'post_pkg' (or whatever), and it
will show me the messages one by one. 
>
> Package activation is a different story which isn't that simple, one has
> to think about it.

Right. This is best done after my favourite drink. Then I read all those
and start thinking, for a change. And then I can C&P or press 'R' for
'run this script'.
Why should it make any difference if I C&P including the CRLF and drop it
into a term or press 'R' ?

Uwe

Re: Package post-install scripts ?

[Uwe Dippel]

Marc Espie wrote:


The --- around it show that this is stuff that gets shown at the end
of pkg_add. You *have* to read that stuff.


I *want* to read this stuff, but I *cannot see it* if it flashes by. And 
then I do not know which packages installed and which of those actually 
contained such a message.


(And thanks for your generally favourable reply !)


You *can* recall such messages later. pkg_info -M will show the message
again.


I know. Only: once the package is installed, the link is lost. I am sure 
I was clear enough on this and don't have to repeat this.



This is a good suggestion, we already try to do stuff so that it is ready
for cut&paste, adding comments makes a lot of sense.


Thanks, yes. As of now I do likewise: whenever I can get hold of a 
message, I copy and paste the content into a specific directory under 
the package name; to be able to remember that something needed to be 
done. Usually, I postpone these actions for just a short time. Like when 
all packages are installed.



Yeah, that's another good suggestion, but as usual, we need to proceed really
carefully there... the old package tools had ways more install scripts and
nuts than the new ones, I don't think anyone wants to go back.


Not a question. I know you are working on it and you are doing a good 
job. So I thought it would be a good moment to add a hook or two now to 
be used later for calling script 'foo' to store / call the respective 
post-install script while installing / updating.
(With another, independent, routine for the manual processing of those 
scripts at sysadmin's convenience.)



Also, we want to deal with updates gracefully. There have already been huge
improvements over the last months, let's go further.


Right. Exactly right. My proposal does not warrant any action by the 
maintainers as of now. As of now it won't *run* the post-install message 
if it isn't a script. But it could still *store* these messages
- respectively a pointer to them - to be called for display on demand; 
in the sequence as installed.


Once those hooks are in the pkg_add (or even pkg_*), it will be rather 
simple to add the extra functionality since the messages are relatively 
few and short and plain text and change definitively less frequently 
compared to the other parameters of a port.


Uwe

Package post-install scripts ?

[Uwe Dippel]

[This is and remains an annoyance to me.]
After some installs, an install message shows. Except it is a dependency
of a package to be installed later; then it flushes by and is gone. Some
packages have install messages, others don't.
It needs my eyes being glued to the screen or browsing
/var/db/pkg/foor/bar to see the message - *if* there is one.

Example:

-- php5-core-5.0.3p1 --- 
To finish the install, enable the php5 module with:
/usr/local/sbin/phpxs -s

To enable parsing of PHP scripts, add the following to
/var/www/conf/httpd.conf:

AddType application/x-httpd-php .php

Copy the config file below into /var/www/conf/php.ini
/usr/local/share/examples/php5/php.ini-recommended
-

I was bitten by this problem a few days ago (see post):
At an upgrade, what needs to be done again ?
[Please, no posts of RTFM; I could; but I am not paid to take all this
hassle; and find out what all of these do; where, and how often]

Suggestion:
Write the post-install message as scripts with comment lines.
Remember those packages only that generate a '+DISPLAY', at some place.
At any convenient moment, we can call up a small utility 'foo' showing these
script(s), in the sequence of the installs, one by one. At the same time
we'd be given a chance to execute the scripted part. Now comes the trick:
if we so did (execute); this would be remembered and this script executed
again at an update. Respectively not being executed at an update if we
declined the execution.

Therefore, the upper example could look like 

#-- php5-core-5.0.3p1 --- 
# To finish the install, enable the php5 module with:
/usr/local/sbin/phpxs -s

# To enable parsing of PHP scripts, add the following to
# /var/www/conf/httpd.conf:

#AddType application/x-httpd-php .php

# Copy the config file below into /var/www/conf/php.ini
# /usr/local/share/examples/php5/php.ini-recommended
#-

Firstly, there would be a user-friendly way to activate newly installed
packages. 
Secondly, it will still follow the philosophy of OpenBSD:
You "need to know" and act in order to get a service activated.
Thirdly, at an update specific action would be repeated; triggered by the
user having done it earlier.

Of course, a basic database could help to display the respective
settings and give the chance to activate / deactivate these executions.
Copying this database (flat file ?) to another box can help deploy and
upgrade: I use to copy the httpd.conf, php.ini, etc. to the new box. If I
also copied this 'post-install-scripts-permissions' to a new box, I'd only
have to execute make install // pkg_add, and everything would be in place
and activated.


Uwe

Re: curl/clamav on 3.7-stable breaks

[Uwe Dippel]

Ray Lai wrote:


So according to this, you uninstalled curl-old, which also uninstalled
clamav-old, then installed curl-new, and tried to install clamav-old?
If that's the case, I'm guessing clamav-old depended on the curl.2.2
library from curl-old, which probably got updated to curl.4.8 or
something.  Try rebuilding clamav?


checking for curl >= 7.10.0... ./configure[11430]: test: stdin:1:: 
unexpected operator/operand

FAILED
configure: WARNING: 7.15.0 is too old. Need version 7.10.0 or higher.

[At times, we can see that our PCs are not exactly AI, yet.]

But in the end, the new build installs; you're right.

Uwe

curl/clamav on 3.7-stable breaks

[Uwe Dippel]

curl has been updated for stable recently. So I issued a make / pkg-delete
curl [where I also had to delete the dependent clamav] / make install.
Everything went smoothly until  
pkg_add /usr/ports/packages/i386/all/clamav-0.87.tgz
which bounced with

Can't install /usr/ports/packages/i386/all/clamav-0.87.tgz: lib not found 
curl.2.2
Even by looking in the dependency tree:
arc-5.21e, unzip-5.51, unarj-2.43, curl-7.15.0, gmp-4.1.4, zoo-2.10.1, 
unrar-3.43, bzip2-1.0.2, lha-1.14i.p0
Maybe it's in a dependent package, but not tagged with @lib ?
(check with pkg_info -K -L)
If you are still running 3.6 packages, update them.

What went wrong ?

Uwe

Re: PHP5-core-5.0.4p0 weirdness ??

[Uwe Dippel]

On Sat, 22 Oct 2005 17:50:45 +0200, Nikolay Sturm wrote:

> In php5's PLIST we find this entry
> 
> @unexec rm -f /usr/lib/apache/modules/libphp5.so
> 
> and in php5's MESSAGE we find
> 
> To finish the install, enable the php5 module with:
> ${PREFIX}/sbin/phpxs -s

Thanks for the pointer ! My mistake, alas. I never thought of the function
of that latter one and never guessed I had to redo it after an upgrade.

I will contact the maintainer and ask for some clarification here.

Uwe

PHP5-core-5.0.4p0 weirdness ??

[Uwe Dippel]

[I had to do an apachectl stop / start]
Syntax error on line 258 of /var/www/conf/httpd.conf:
Cannot load /usr/lib/apache/modules/libphp5.so into server: Can't open file
/usr/sbin/apachectl start: httpd could not be started

Uuuh, what's wrong ? I used my backup-httpd.conf; same result.
[this is fun on a production box !]
True: /usr/lib/apache/modules/libphp5.so doesn't exist.
What did I do to it ? No clue.
# locate libphp5
doesn't show anything close, but one
/usr/local/lib/php/libphp5.so
What the hell, so let's try and change httpd.conf to it. Despair.
*Worx* !!
Q: Why ?
My index.php (Testpage) shows 
Build Date  Oct 17 2005 15:29:21
Yes, I updated the ports tree. AFAIR, very much the proper way.

Question unanswered: why did this chap move ? If I am the only one, fine.
Some crap on my side. But chances are, that something went wrong at the
upgrade; and will go wrong for more people, then: FYI.

Uwe

Re: Updating Ports

[Uwe Dippel]

On Fri, 14 Oct 2005 13:42:04 +0200, Bruno Rohee wrote:

> /usr/ports/infrastructure/build/out-of-date
> 
> Will give you a list of all outdated ports installed on your system.

Uhh, what phantastic ! - I knew that was a dumby question.

Can I nevertheless suggest to add this to the FAQ ? Yes, I checked and it
doesn't show anywhere. I think I am not the only one who would love to
know this.

Thanks a bunch !

Uwe

Updating Ports

[Uwe Dippel]

(my excuses if this is a dumb one. I tried archives and FAQ and google,
but didn't find what I was looking for)

Firstly, I prefer ports (compared to packages)
Secondly, I manage to update the ports collection to stable with cvs

Thirdly, [after all this easy and joyful work:] I skim through the list
and update (pkg_delete, make, install) port by port manually.
Is this dumb or necessary ? Can the 'U /section/app/xxx' not generate a
list of ports and eventually make this thing more automatically ?

Uwe

Re: clamav 0.86.2p0: cl_dup compile error in STABLE

[Uwe Dippel]

On Thu, 22 Sep 2005 10:47:29 +1000, Ian McWilliam wrote:

> Pkg_delete the old clamav port you have installed before building this 
> one or build it on a machine with no clamav installed.

Right-o ! But it (0.86.2p0) still isn't up at the latest patch level:
WARNING: Current functionality level = 5, recommended = 6
Right ?

Uwe

pseudo packages ? - local list ?

[Uwe Dippel]

With the advances of pkg_add, are there any plans to add pseudo-packages ?
Like pkg_add [xfce4 | gnome | kde ] ?
With the pseudo-package mainly being a meta package containing a package
list with elements (individual packages) that can be commented /
uncommented ? Should make installs easier.
(I wonder, checked the archives of ports@, but didn't see any ...)

Second item: We read again and again about 'unavailable' packages; the
difficulties to identify which package exactly is called what (pkg_add
likes that).
Any plans here to store and *update* a local list of the packages on the
mirrors and from there simplify selection and install instead of ftp and
then pipe to pkg_add or shooting into the dark with pkg_add ?
Here something like 
cat pkg_list | grep kde > tobeinstall.ed
pkg_add -v < tobeinstall.ed
comes into mind.
As well as a CLI-tool to do so; ncurses-based eventually, similar to
ntsysv (for those who know that)

Sorry, if either or both are known and implemented. There was nothing like
this in the FAQ.

Uwe

Re: SECURITY UPDATE: security/clamav

[Uwe Dippel]

On Thu, 28 Jul 2005 15:29:43 +0800, Uwe Dippel wrote:

> and clamav is downgraded from 0.86.1 to 0.83

Got an off-list message today, that it has been committed by now.
Tried it and worx.
Upgrade your installs !

Thanks,

Uwe

Re: SECURITY UPDATE: security/clamav

[Uwe Dippel]

On Mon, 25 Jul 2005 17:21:59 +0300, Mike Pechkin wrote:

> http://www.security.nnov.ru/Jdocument282.html
> update for clamav 0.86.2
> Have fun!

Don't get it, sorry, where is the update ?

Suddenly, with 

cvs -d [EMAIL PROTECTED]:/cvs update clamav

I get 
? clamav/nomake
? clamav/w-clamav-0.83
cvs server: Updating clamav
cvs server: Updating clamav/patches
cvs server: Updating clamav/pkg

and clamav is downgraded from 0.86.1 to 0.83

What went wrong ?

Uwe

Re: hylafax in 3.7

[Uwe Dippel]

On Sat, 04 Jun 2005 00:32:07 -0400, Steve Shockley wrote:

> Try 4.2.1, it fixes a potential security vulnerability:
> http://marc.theaimsgroup.com/?m=110546971307585
> 
> http://shockley.net/OpenBSD/hylafax-4.2.1-port.tgz

At least, installs much better. Only error remains the inability to create
the FIFO.tty02.

It also seems to receive faxes, at least picks up, but won't send:

I set postfix as pointed out in the hylafax mailing list, to
transport to 'fax'. And this has always worked out well.

Now we don't have that user; to whom should I sent it !?
The processes run under uucp.
(Probably this is why the earlier install 'duplicated' the ID; creating 
a new user 'fax' ?)

I don't think sending to uucp will get me much further:

# ls -l /var/spool/hylafax/
total 72
-r--r--r--  1 root  dialer  5426 Jun  4 19:27 COPYRIGHT
prw---  1 uucp  dialer 0 Jun  4 20:54 FIFO
prw---  1 uucp  dialer 0 Jun  4 19:52 FIFO.tty02
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 archive
drwxr-xr-x  2 root  wheel512 Jun  4 19:41 bin
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 client
drwxr-xr-x  2 root  wheel   1536 Jun  4 19:28 config
drwxr-xr-x  2 root  wheel512 Jun  4 19:58 dev
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 docq
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 doneq
drwxr-xr-x  2 root  wheel512 Jun  4 19:53 etc
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 info
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 log
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 pollq
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 recvq
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 sendq
drwxr-xr-x  2 root  wheel512 Jun  4 19:41 status
drwxr-xr-x  2 root  wheel512 Jun  4 19:28 tmp

Uwe

Re: hylafax in 3.7

[Uwe Dippel]

On Sat, 04 Jun 2005 00:32:07 -0400, Steve Shockley wrote:

> Since I don't use HF any more, I can't really test it in production. 
> Please let me know if it works for you.

Sent you a lengthy detailed description, but got a bounce on name
resolution.
Please, tell me how to keep in contact,

Uwe

Re: hylafax in 3.7

[Uwe Dippel]

On Sat, 04 Jun 2005 00:32:07 -0400, Steve Shockley wrote:

> Try 4.2.1, it fixes a potential security vulnerability:
> http://marc.theaimsgroup.com/?m=110546971307585
> 
> http://shockley.net/OpenBSD/hylafax-4.2.1-port.tgz

Thanks so much; I will and I will report, for sure !

> Since I don't use HF any more, I can't really test it in production. 
> Please let me know if it works for you.

Oh, I do. So I'll keep you updated !

> Does the Hylafax port install a fax user?  That doesn't sound right.  If 
> it created a user it'd be named _fax and have uid >= 500 anyway.

Yes, it has been doing this for > 2 years. No, no _fax; but > 500.

> I read this part after I finished updating the port for 4.2.1.  I'll add 
> your startup script and cron suggestions in later.  A couple of the 
> other issues are addressed in the newer install message.

Okay, I'll try yours, and I also go through the details. I use it as
fax-to-amail and email-to-fax gateway; does a great job, except of nobody
ever correcting the really ugly port.
My only real gripe since I moved to 3.7, and I do run a lot of stuff !

Uwe

hylafax in 3.7

[Uwe Dippel]

stands still in the 4.1.5 version; and still suffers from the same errors
as 2 years ago (see archive; search hylafax). What a pity ...
In between, Steve has sent two updates to 4.1.8 and 4.2.0 (Sept 04).

Okay, I didn't send an official patch file, but a complete description of
the errors; but I will do so again if desired.

Now I have another problem with 4.1.5:
I installed it, and later de-installed it; and re-installed it.
Now it won't send out faxes; with this message:

"Command died with status
255:"/usr/local/bin/faxmail". Command output: faxmail: Login failed:
530 Userfax access denied..>" [Postfix]

This is true, because everything in /var/spool/hylafax sits on fax /
dialler:
prw---  1 fax   dialer0 Jun  2 22:14 FIFO
drwx--  2 fax   dialer  512 Jun  2 22:14 archive
drwxr-xr-x  2 fax   dialer  512 Jun  2 22:14 bin
drwxr-xr-x  2 fax   dialer  512 Jun  2 22:14 client
drwxr-xr-x  2 fax   dialer  512 Jun  2 22:14 config
drwxr-xr-x  2 fax   dialer  512 Jun  2 22:14 dev
drwx--  2 fax   dialer  512 Jun  2 22:14 docq
drwx--  2 fax   dialer  512 Jun  2 22:14 doneq

while everything on a sane install sits on uucp:
prw---  1 uucp  dialer 0 Jun  2 04:27 FIFO
prw---  1 uucp  users  0 May 15 15:20 FIFO.tty02
drwx--  5 uucp  dialer   512 May 31  2004 Maildir
drwx--  2 uucp  dialer   512 May 20  2004 archive
drwxr-xr-x  2 uucp  dialer   512 May 20  2004 bin
drwxr-xr-x  2 uucp  dialer   512 May 15 15:08 client
drwxr-xr-x  2 uucp  dialer  1024 May 20  2004 config

But a chown uucp leaves everything on fax (I even don't know if this is
the real problem).
Okay another uninstall; remove /var/spool/hylafax; new install.
But it won't help:
During faxsetup it tells me:

Setting Ghostscript font path in /usr/local/lib/fax/hyla.conf.


Make /var/spool/hylafax/bin/ps2fax a link to
/var/spool/hylafax/bin/ps2fax.gs.


Make /var/spool/hylafax/bin/pdf2fax a link to 
/var/spool/hylafax/bin/pdf2fax.gs.

Warning:  does not exist!

The file  does not exist or is not a regular file.
This file specifies which clients are permitted to use the HylaFAX
server.  The file will be initialized so that local clients are
provided service.  Consult the HTML documentation and the manual
page hosts.hfaxd(5F) for more information on setting up this file.

Update /var/spool/hylafax/status/any.info.

The thing is probably about those two empty spaces between 'Warning:' and
'does not exist'.
It was supposed to give a filename; but it doesn't.
I tried a last time; uninstall, remove everything; including 
/usr/local/lib/fax/
(pkg_delete had complains about it being not empty); but still the same.

Finally, I tar-ed a /var/spool/hylafax from a sane machine; but on the
said one, it untars also as 'fax / dialer'.

My wild guesses left: it must have something to do with fax and uucp
sitting on the same user-id (66). And the uninstall misses out something
here.

Sorry, but this is as far as my knowledge goes; and now I need some help.
I definitively don't want to re-install the whole machine (which took me
quite some time to do; hylafax was supposed to be the last).

Thanks,

Uwe

 
Here again the same gripe; for the last two years:
(and repeated until someone updates the port)

Creating new
configuration file /var/spool/hylafax/etc/config...

Restarting HylaFAX server processes.
/usr/local/sbin/faxsetup: syntax error: `(' unexpected
/usr/local/sbin/faxsetup: syntax error: `(' unexpected
/usr/local/sbin/faxsetup: syntax error: `(' unexpected
Should I restart the HylaFAX server processes [yes]?

Minor, cosmetics.

But it doesn't create the FIFO (forced exit), so you have to do it
manually.

The port also gives the wrong install message. It would have to be 

#
# we start hylafax: I - spooler
if [ -x /usr/local/sbin/faxq ]; then
echo -n ' faxq';/usr/local/sbin/faxq
fi
#
# we start hylafax: II - daemon
if [ -x /usr/local/sbin/hfaxd ]; then
echo -n ' hfaxd';   /usr/local/sbin/hfaxd -i hylafax
fi
#

in rc.local

Plus, it forgets conveniently the two cronjobs to be done hourly:

/usr/local/sbin/faxqclean

and daily:

/usr/local/sbin/faxcron | mail -s "HylaFAX Usage Report" faxmaster

Plus, we don't have cua but tty to be set in /etc/ttys

Re: UPDATE: John the Ripper

[Uwe Dippel]

On Sun, 29 May 2005 15:38:19 +0200, Alexandre Anriot wrote:

> John the Ripper 1.6.38 just goes out
> (http://marc.theaimsgroup.com/?l=openwall-announce&m=111587390912061&w=2ini).
> Here is an update of the port.

Highly recommended. Anything below 1.6.38 may dump core and contains an
error; for me this happened with unshadow.
I discussed this with Solar Designer and he included the patch in 1.6.38.

FYI