Re: Next stable version
Hi, according to the schedule, 8.0-RELEASE is a bit delayed. This is quite usual, but epecially for 8.0 there have been a lot of last minute fixes. The main schedule is here: http://www.freebsd.org/releng/index.html#schedule which links to more updated and detailed information in the wiki: http://wiki.freebsd.org/8.0TODO If the schedule is still accurate, looks like release building will start in about a week. Personally, I often wait untill the X.1 or X.2 release before upgrading systems allready in production, unless I need a new feature, but I advise testing the BETA's and RC's prior to release, so you can report bugs/issues to be fixed prior to the RELEASE. Best regards, Daniel Bond. On Oct 28, 2009, at 12:02 PM, Alex Huth wrote: Hi! Is there any timeline when 8.0 becomes stable to use it in production? Thx Alex Never be afraid to try something new. Remember, amateurs built the ark. Professionals built the Titanic. — unknow ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org PGP.sig Description: This is a digitally signed message part
Re: Next stable version
On Oct 28, 2009, at 1:24 PM, Alex Huth wrote: We actual have 6.4 on our production server. I don't want to upgrade, because i need a different layout. I need the feature to use several IP in a jail. That's why i am waiting for 8.0. But i have the possibillity to build it on a secondary testing system, which will be later the productive system. You could optionally use 7.2-RELEASE also, which was the first release to support for multiple IP4/6 in jail. Best regards, Daniel Bond. PGP.sig Description: This is a digitally signed message part
Re: Next stable version
On Oct 28, 2009, at 1:54 PM, Miroslav Lachman wrote: If you only need jails with several IPs, IPv6 or noIPs, you can go for 7-STABLE. The multi-IP was committed right after the 7.2-RELEASE and I an running it for half a year without any problems + cpuset ability. It should be included in 7.2-RELEASE, according to announcements and the manual page. - Daniel PGP.sig Description: This is a digitally signed message part
Re: em0 watchdog timeouts
Hi, I've been struggling with watchdog timeouts in 7.1/7.2-RELEASE for the past 6months too. It looks related. I've tried to replace the hardware 3 times (2 different IBM x3755 chassis, one IBM x3650 chassis). I tried first with onboard broadcom NICs (bce-based) PCIx-based, until I had issues with watchdog timeout. I tried replacing it with a 4-port pci-x Intel NIC, which gave me same problems. I was told that the 4-port intel NICs had an onboard bus- controller, that could cause trouble, so I replaced this with a 2-port PCI-e intel, which I was told by a Sepherosa Ziehau was the best performing gig-e NIC (rx/tx). Still getting watchdog timeouts, I tried upgrading all sort of sysctls I found in mailing-list threads (disable msi/msix interrupts, adjust rx/tx processing, etc, etc). I tried upgrading BIOS, firmware on all kinds of stuff (disks, BMC, etc, etc) to newest version. I also tried using a different qlogic isp(4) FC-controller (PCI-e). No matter what I tried, I could not diagnose this problem, or at least fix it. Also it happened rarely enough, to not be easy to debugging. I would get a series of watchdog timeout -- resetting, until the NIC would go completly offline - at the point I'd reboot it from console. This happened about once every 1-10 days, usually about 11-13:00. This machine has now been replaced with Linux, unfortunately, just to avoid more customer complaints and downtime. The IBM x3755 with FreeBSD7.2 which was replaced with Linux, is still online, and can be put at disposal for any developers who would like to debug this further. Like Stefan Krueger mentioned, this machine is also running as NFS server, with a mix of BSD and Linux clients, and it's getting hit pretty hard by clients. Hope we can iron this bug out, in the future. Best regards, Daniel Bond. On Oct 2, 2009, at 10:36 PM, Rudy wrote: Ah, I'll stop messing with them. I just set them all to 0 to see if that will help and noticed the card was leaving tx_int_delay=1. # sysctl dev.em.4.debug=1 Oct 2 13:26:07 mango kernel: em4: tx_int_delay = 1, tx_abs_int_delay = 0 Oct 2 13:26:07 mango kernel: em4: rx_int_delay = 0, rx_abs_int_delay = 0 # sysctl dev.em.4 dev.em.4.%desc: Intel(R) PRO/1000 Network Connection 6.9.12 dev.em.4.rx_int_delay: 0 dev.em.4.tx_int_delay: 0 dev.em.4.rx_abs_int_delay: 0 dev.em.4.tx_abs_int_delay: 0 Splitting traffic to different ports has brought down the watchdog events to once a day. ... essentially, I have a quad 30Mbps (not quad 1Gbps) card. heheh. Would turning off net.inet.ip.fastforwarding or any other setting help? Today, I set net.inet.ip.fw.enable=0 and I'll see if that helps. I have a feeling that isn't related to the NIC at all, but I'm not sure what else to try. Rudy Jack Vogel wrote: Watchdog resets the adapter. Messing with these values is of dubious value anyway. Jack On Fri, Oct 2, 2009 at 11:36 AM, Rudy cra...@monkeybrains.net wrote: I noticed something interesting. I set the rc_int_delay to 0: sysctl dev.em.5.rx_int_delay=0 Chcking via sysctl dev.em.5.debug=1 shows ex_int_delay is indeed 0: Oct 1 17:32:41 mango kernel: em5: rx_int_delay = 0, rx_abs_int_delay = 66 After a watchdog event, sysctl dev.em.5.debug=1 shows ex_int_delay is now 32: Oct 2 11:29:49 mango kernel: em5: rx_int_delay = 32, rx_abs_int_delay = 66 However, running sysctl dev.em.5 shows it as 0: dev.em.5.rx_int_delay: 0 dev.em.5.tx_int_delay: 66 Seems like the adapter and the kernel don't agree on the rx_int_delay value. Rudy ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org PGP.sig Description: This is a digitally signed message part
Re: em0 watchdog timeouts
Hi Jack, I'll comment your mail inline: On Oct 5, 2009, at 6:57 PM, Jack Vogel wrote: This posting just muddies the issue, first you talk about having a problem that involves Broadcom, ok, so post about that on something other than em :) I only meant to indicate that the problem might exist outside the intel driver. I'm also indicating that it happens with several drivers (bge, bce and em) on several different machines, on both pci-x and pci-e. I'm sorry if this is confusing to you, but I still think it's relevant to mention. Then you make some references to hardware that you might have bought but didn't, I'm not about debugging 'possible worlds problems' though so can't help you there either :) No. I only made references to hardware I actually used, and had real- world issues with. Finally you never say what the actual hardware is, other than a person who I do not know told you it was the best performer... so, what exactly is it? Sepherosa is a guy that writes drivers for BSD based operating systems. Including FreeBSD. He has a lot of knowledge in this area. http://people.freebsd.org/~sephe/ The NIC you are referring to, the one sephe recommended me, is a 82571EB. I didn't mention specific hardware, as I think it's more important to note this is an issue I'm experiencing across different sets of hardware and drivers. You have a problem once every 10 days, and at a specific time no less, this almost always means something in your environment, a cron job run amok, a piece of hardware that resets, I dunno, but the last thing I would suspect given this description is the driver. This is not what I wrote. I wrote I had a problem every 1-10 days, but it would usually happen once every 3-4 days. At worst, every day in periods. It's not at any specific time. If you read my email correctly, I say it *usually* happens arround 11-13:00, but it has happened at random times too. This is my point exactly. I don't think it's the Intel-driver, I think the problem is elsewhere. I had a suspicion it had to do with the combination of nic + qlogic fc-controller, but I have no evidence of this. You need a good sysadmin for this debugging I would venture, not a driver developer. What I need is useful advice/help. I never stated I needed a driver developer. I'd like to be able to run my favorite OS on cool hardware, in the future, for a high-performing NFS-server, without problems like I've experienced the past 6months, on a production system. Please note that I'm managing a server-park almost completely based on FreeBSD, and I'm running many NFS servers on other hardware, for other services, without issues. I've seen several other FreeBSD-users having problems with this too, so I think it's of importance for the project. As I mentioned originally, I'm happy to dispose the hardware to any FreeBSD developer that might want to look further into this. Debugging it further is above my skill-set, I don't even know where to begin looking, especially since I can't produce any panics. I'm sorry to say, but your reply was %0 useful, Jack. Jack - Daniel PGP.sig Description: This is a digitally signed message part
Re: openssh concerns
Hi. I explained my opinion quite well (imo) a bit further down in my previous email. I'm not sure what to answer. I don't necessarily think it's relevant for every computer running sshd. I see a tendency to change sshd port to 2022 and other port numbers. I'm not sure everyone doing it is aware that using unprivileged ports also has consequences, compared to (often) a few harmless logentries. I'd much rather use an privileged port, or mac_portacl(4), like mentioned earlier. Best regards, Daniel. I've noticed quite a bit of suggestions to use 2022, and such On Oct 5, 2009, at 11:58 PM, Doug Barton wrote: Daniel Bond wrote: However, I'm concerned about the suggestion of using an unprivileged port Please explain your reasoning, and how it's relevant in a world where the vast majority of Internet users have complete administrative control over the systems they use. Doug -- This .signature sanitized for your protection ___ freebsd-secur...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org PGP.sig Description: This is a digitally signed message part
[PATCH] Portsnap - set a good umask, for ports consistancy
Hi, I have a case where some users have different umasks (0077 in some cases). When these users call portsnap (via sudo), it leaves the port- directories permissions in an inconsistent state, and people need to use sudo to list files. I'm not sure honoring umask is good from a users-perspective, even if umask is a standard UNIX mechanism of directory and file permissions. I suggest setting a reasonable umask, for the duration of the portsnap program. As far as I know, this should only effect /usr/ports, and if a user wishes to hide the contents of this folder, a manual chmod of it should not be overridden, until /usr/ports is completely removed and recreated. If this is a bad suggestion, would it be feasible to make it a config- option? BTW, I really like portsnap - it is a great program. Also I'd like to note that I am very happy with speed from european mirrors these days, which I've been grunting about earlier. Thanks for the effort you put into this! :) Best regards, Daniel Bond. Begin forwarded message: From: Daniel Bond d...@g5.nsn.no Date: August 25, 2009 10:28:58 AM GMT+02:00 To: d...@danielbond.org Subject: [PATCH] Portsnap - set a good umask, for ports consistancy PGP.sig Description: This is a digitally signed message part
Re: [PATCH] Portsnap - set a good umask, for ports consistancy
Sorry, seems the patch was not included. when I forwarded mail. I've attached it to this mail. Cheers! portsnap.umask.patch Description: Binary data On Aug 25, 2009, at 10:40 AM, Daniel Bond wrote: Hi, I have a case where some users have different umasks (0077 in some cases). When these users call portsnap (via sudo), it leaves the port-directories permissions in an inconsistent state, and people need to use sudo to list files. I'm not sure honoring umask is good from a users-perspective, even if umask is a standard UNIX mechanism of directory and file permissions. I suggest setting a reasonable umask, for the duration of the portsnap program. As far as I know, this should only effect /usr/ ports, and if a user wishes to hide the contents of this folder, a manual chmod of it should not be overridden, until /usr/ports is completely removed and recreated. If this is a bad suggestion, would it be feasible to make it a config-option? BTW, I really like portsnap - it is a great program. Also I'd like to note that I am very happy with speed from european mirrors these days, which I've been grunting about earlier. Thanks for the effort you put into this! :) Best regards, Daniel Bond. Begin forwarded message: From: Daniel Bond d...@g5.nsn.no Date: August 25, 2009 10:28:58 AM GMT+02:00 To: d...@danielbond.org Subject: [PATCH] Portsnap - set a good umask, for ports consistancy PGP.sig Description: This is a digitally signed message part
Re: PAM completeness and standardization [PR:bin/71290]
Hi Steve and Oliver, thanks for your replies. Sorry it has taken me some time to reply. I'm willing to put in some time into this issue too, maybe we could do a joint effort on this? The problem report with the most information in is http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/71290 - DES has some good reasons, for why the patch has not been included in FreeBSD. Here are some of my viewpoints about the comments in the ticket. - I think it is really important we preserve all command-line options, and do not break any existing functionality what so ever. - I also think exposing PAM code for changing passwords is a good thing. Either we want PAM support in FreeBSD, or we don't. If we do, we need to support the PAM core features - exposing this code is necessary, and the code needs to be polished accordingly. - The documentation changes is nice to have, let's think about this when we are happy with the other stuff. I have a NetBSD 5.0 installation on my private server, I'll start looking at how they have implemented PAM. Any comments? Pointers to code that would need cleanup? Anything we need to be extra careful with? Best regards, Daniel. -- GPG public key: EDE9C925 On Apr 17, 2009, at 8:59 PM, Steve Polyack wrote: Daniel Bond wrote: FreeBSD has excellent PAM-support, except for the passwd-command. The passwd-command gained PAM support quite a while ago, but there is a test preventing it from working with PAM. There have been outstanding PR's for this minor issue for years now, I think it's time this one got fixed. People find it frustrating that they can't change their passwords (LDAP etc), like they can in a normal PAM-based system. I'd be happy to fix whatever needs to be done, but I need to know why it's not been fixed / what needs to be done for it to be accepted by the community. I've looked at this recently and came to a roadblock after sufficiently modifying passwd code (removing the test and an additional few lines) as well as including the proper lines in /etc/ pam.d/sshd. I can't recally the exact problem I had. I will probably give this another go in the future, so I am willing to put in some time on this issue. Anyways, I don't have a reason for you as to why it hasn't been fixed or accepted yet. It is a long-standing issue from what I understand. PGP.sig Description: This is a digitally signed message part
PAM completeness and standardization
Hi, FreeBSD has excellent PAM-support, except for the passwd-command. The passwd-command gained PAM support quite a while ago, but there is a test preventing it from working with PAM. There have been outstanding PR's for this minor issue for years now, I think it's time this one got fixed. People find it frustrating that they can't change their passwords (LDAP etc), like they can in a normal PAM-based system. I'd be happy to fix whatever needs to be done, but I need to know why it's not been fixed / what needs to be done for it to be accepted by the community. -DB. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Using FreeBSD Update to deploy system updates from custom builds
Hi Tom, I don't know how much documentation there is on this, but if you are investigating this issue, maybe you would like to contribute/update some documentation on it? Royce gave me a link to the tools, http://www.freebsd.org/cgi/cvsweb.cgi/projects/freebsd-update-server/ reading through some of the scripts might give some clues. Regards, Daniel Bond. On Jan 14, 2009, at 6:05 AM, Tom Judge wrote: Hi, I was wondering if anyone was using freebsd-update to manage deployment of custom FreeBSD builds to there systems. Here is the scenario, I have 2 binary build servers at the moment (one for i386 and one for amd64) and currently we stage the deployments of updates on NFS servers at each site. We use make installworld/kernel to update the servers from read only src and obj NFS mounts. I'm now looking to remove the src trees from the NFS servers and possibly the obj trees and use freebsd-update to deploy and maintain the custom build installation and updates. So I have 2 questions: 1) Does this seem sensible? It seems within scope of what freebsd- update was designed to do. 2) How does one go about building the binary distributions that freebsd-update expects to be on the update server? Thanks Tom ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: kernel dump with 7.1-RELEASE
Hi, I'm assuming you configured a a dump-device in rc.conf, but just in case, here are the options: db ~ grep dump /etc/defaults/rc.conf [...@gonzales] dumpdev=AUTO# Device to crashdump to (device name, AUTO, or NO). dumpdir=/var/crash # Directory where crash dumps are to be stored savecore_flags= # Used if dumpdev is enabled above, and present. using SWAP as the dumpdevice is the recommended way, as you sorta pointed out. More information can be found at: http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug.html On Jan 8, 2009, at 5:05 PM, Omer Faruk Sen wrote: Hi, I am having kernel dumps with FreeBSD 7.1 panic: semexit - semid not allocated cpuid = 1 Uptime : 8m22s Cannot dump. No dump device defined Sleeping thread (tid 100129, pid 1479) owns a non-sleepable lock I know it is not clear and there were no swap space configured on this server (which I will re-install with swap space) but can someone enlighten me about this since I think this bug was also in FreeBSD 6.2 and fixed in FreeBSD 6.3 Regards. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: NIC for VLAN
Hi, BCE-based cards looks good on paper, but it's firmware is of poor quality compared to BGE-based cards. The BCE-cards could sink 1.48Mpps, but it ftq drops 800Kpps, and the host sees 600Kpps. TX is ~800Kpps (according to sephe). That said, I'm using dot1q vlan trunks on both bce and bge based cards, and it's working well. Regards, Daniel. On Jan 8, 2009, at 11:26 AM, Oliver Fromme wrote: Edvaldo Silva wrote: Please, can someone point a NIC, PCI 2.2 specs, full VLAN capable under FreeBSD? I'm using bge(4) and bce(4) interfaces (Broadcom GBit) and fxp(4) ones (100 MBit) in enviroments with heavy use of VLANs. They work very well. There are no problems with the MTU. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd A language that doesn't have everything is actually easier to program in than some that do. -- Dennis M. Ritchie ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
freebsd-update painfully slow - slower than source code build of world and kernel
Hi, I'm not sure where to post this, I had trouble finding a suitable mailing-list. Please point me in the right direction, if this is the wrong place to post this message. First off, I love the binary update tool for FreeBSD. It is an excellent tool, and saves a lot of time and trouble compared to the old method (or so I thought, until recently). I also like seeing the freebsd-update method is in the release notes for 7.1-RELEASE, as a official way to upgrade a system. Yesterday I was struck by happiness, as I noticed 7.1-RELEASE was out on ftp.freebsd.org - and decided to start off by upgrading one of my companies development servers. Usually an update with FreeBSD-update is quite quick, but today and yesterday it has just been to slow to use, after two days of trying - I've still not completed a single upgrade. The server in question is connected to gigabit internet. I think it is embarrassing that the binary update tool, is actually slower to use than compiling the whole operating system and kernel - even on a slow machine! The reason for this, is not the tool it self, the tool is excellent - but there are no mirrors.. We need some mirrors, or such a great tool is not really usable at all (except for the really patient). This also goes for portsnap. Portsnap is also an excellent tool, but the experience from using it could be much better. The european portsnap mirror is actually slower, than the one in the US. I've been in contact with Colin, twice, about hosting another portsnap mirror. Using a proxy server, does not cut it - not for my use, sorry. I tried it, it didn't help. The last time I didn't receive an answer. As I was saying to Colin, both myself and a friend who works for the Norwegian government, should be able to run a mirror for portsnap on good bandwidth. Many other people have offered to host mirrors, why is having mirrors a bad thing? I know the 6.4 and 7.1 releases have very many patches, due to conversion from CVS to SVN. I have previously upgraded servers in Norway and UK to 6.4-RELEASE with freebsd-update, and speed has been acceptable, not great, but enough to keep me using and loving the tool. Still, I think more people will use freebsd- update, since it is more practical to use, especially for non homogenous environments. Hopefully this will improve in the future, I don't mean to come across as a whining grunge, but it is quite frustrating to me, as a loving freebsd user. Congrats on a new release, I will be using it in a another day or so (or whenever freebsd-update is done - maybe I will eat my own words, and just do a regular build)! Best regards, Daniel Bond. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: freebsd-update painfully slow - slower than source code build of world and kernel
Hi Stefan. Yes, I am also noticing this. Luckily interrupting it and starting it again resumes. Judging from the speed of http://www.daemonology.net/ (hosted on same site), the freebsd-update server must be absolutely hammered. On Jan 6, 2009, at 9:50 AM, Stefan Miklosovic wrote: Hi, My opinion is same. I tried to upgrade from 7.0-RELEASE to 7.1- RELEASE but even after copying all the stuff from 7.0-RELEASE CD (src etc) and having GENERIC kernel in /boot/, freebsd-update upgrade -r 7.1-RELEASE started to work properly but hase not done its work. All tries stopped at some failure during a downloading. I have been trying this about half a day, three times, but no change :(( On Tue, Jan 6, 2009 at 9:03 AM, Daniel Bond d...@danielbond.org wrote: Hi, I'm not sure where to post this, I had trouble finding a suitable mailing-list. Please point me in the right direction, if this is the wrong place to post this message. First off, I love the binary update tool for FreeBSD. It is an excellent tool, and saves a lot of time and trouble compared to the old method (or so I thought, until recently). I also like seeing the freebsd-update method is in the release notes for 7.1-RELEASE, as a official way to upgrade a system. Yesterday I was struck by happiness, as I noticed 7.1-RELEASE was out on ftp.freebsd.org - and decided to start off by upgrading one of my companies development servers. Usually an update with FreeBSD-update is quite quick, but today and yesterday it has just been to slow to use, after two days of trying - I've still not completed a single upgrade. The server in question is connected to gigabit internet. I think it is embarrassing that the binary update tool, is actually slower to use than compiling the whole operating system and kernel - even on a slow machine! The reason for this, is not the tool it self, the tool is excellent - but there are no mirrors.. We need some mirrors, or such a great tool is not really usable at all (except for the really patient). This also goes for portsnap. Portsnap is also an excellent tool, but the experience from using it could be much better. The european portsnap mirror is actually slower, than the one in the US. I've been in contact with Colin, twice, about hosting another portsnap mirror. Using a proxy server, does not cut it - not for my use, sorry. I tried it, it didn't help. The last time I didn't receive an answer. As I was saying to Colin, both myself and a friend who works for the Norwegian government, should be able to run a mirror for portsnap on good bandwidth. Many other people have offered to host mirrors, why is having mirrors a bad thing? I know the 6.4 and 7.1 releases have very many patches, due to conversion from CVS to SVN. I have previously upgraded servers in Norway and UK to 6.4-RELEASE with freebsd-update, and speed has been acceptable, not great, but enough to keep me using and loving the tool. Still, I think more people will use freebsd-update, since it is more practical to use, especially for non homogenous environments. Hopefully this will improve in the future, I don't mean to come across as a whining grunge, but it is quite frustrating to me, as a loving freebsd user. Congrats on a new release, I will be using it in a another day or so (or whenever freebsd-update is done - maybe I will eat my own words, and just do a regular build)! Best regards, Daniel Bond. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: freebsd-update painfully slow - slower than source code build of world and kernel
Thanks for pointing me in the right direction. Regarding portsnap in my previous post, I think you misunderstood me. This is not a new one time problem regarding a specific case, portsnap is allways slow. This is observed from heavy usage of it, over a long period of time. Great to see that there will be an update2.freebsd.org - unfortunately, that a new release generates more traffic than update- server handles is not acceptable (imho). People should be able to upgrade to a new release, once it is out. Sadly, I don't think one more mirror will cut it. Especially if it is going to be of the same quality as the other portsnap mirrors. Also, sadly CP isn't looking for more mirrors, while a large chunk of users trying to upgrade *are* looking for mirrors. Look at CVSUP mirrors, they have always worked fine, even directly after a new release. We even have a few of them here in Norway, and they are fast as hell. Look how many there are of them, spread around the world.. This works out great! It is easy for anyone to setup a CVSup mirror. It is open and well documented. Anyone could create a CVSup mirror, any where they please and mirror FreeBSD's sourcecode and ports. However, freebsd-update is closed. I've searched the web for how the protocol works, how the server-part of it works, with metadata, checksums and all. How the mirroring of it works, basicly. There are no public available documents on this. Do we have to reverse-engineer it, or what? I think Colin made a really nice tool, but he needs opening up (for the project and everyone's good) - he is controlling the service with a iron grip, dictating who gets to host a mirror and who dosn't. I'm sure the service is allways very good for CP, the servers are probably on his LAN or somewhere close, and he has the power to create mirrors where ever he pleases, at home, at office.. but nobody else can have that power.. Regards, Daniel Bond. On Jan 6, 2009, at 11:26 AM, Christopher Arnold wrote: On Tue, 6 Jan 2009, Daniel Bond wrote: I'm not sure where to post this, I had trouble finding a suitable mailing-list. Please point me in the right direction, if this is the wrong place to post this message. I think freebsd-ports would have been the place. Yesterday I was struck by happiness, as I noticed 7.1-RELEASE was out on ftp.freebsd.org - and decided to start off by upgrading one of my companies development servers. Usually an update with FreeBSD-update is quite quick, but today and yesterday it has just been to slow to use, after two days of trying - I've still not completed a single upgrade. The server in question is connected to gigabit internet. I think it is embarrassing that the binary update tool, is actually slower to use than compiling the whole operating system and kernel - even on a slow machine! The reason for this, is not the tool it self, the tool is excellent - but there are no mirrors.. We need some mirrors, or such a great tool is not really usable at all (except for the really patient). This is a known issue that Colin sent out a message about to freebsd- ports and freebsd-questions. Basically there is a surge in in traffic right now due to the 7.1 release. And there is another update machine on the way. The message is included belov my sig. /Chris Hi all, For the benefit of those of you who are noticing problems with portsnap right now: The release of FreeBSD 7.1 has resulted in a very large amount of traffic to update1.freebsd.org, which is hosted by the same box as portsnap-master... so the portsnap mirrors are having some trouble syncing right now. If you find that portsnap doesn't work, please be patient -- once the flood of people upgrading systems to 7.1-RELEASE has subsided things should get back to normal. (Before people ask: update2.freebsd.org is going to exist soon. No, I'm not looking for more mirrors right now.) -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: freebsd-update painfully slow - slower than source code build of world and kernel
Hi again Christopher, reading your answer, you are obviously confusing what I am saying about freebsd-update with the portsnap program. Also, I also wrote in my first post that HTTP_PROXY / Caching proxy server does not help me much. This is because I download a lot of initial tarball snapshots.. I would rarely see Cache hits in my proxy log. I guess I could set something up to fetch nightly via proxy, to keep the data in house, for when I need it. I don't want to use a PROXY server, I feel this is attacking the problem at the wrong end. I agree, I am interested to hear the views of the wise ones. Personally I'm going back to CVSup until freebsd-update and portsnap mirrors are in a more distributed or usable state. Cheers. On Jan 6, 2009, at 12:59 PM, Christopher Arnold wrote: On Tue, 6 Jan 2009, Daniel Bond wrote: Regarding portsnap in my previous post, I think you misunderstood me. This is not a new one time problem regarding a specific case, portsnap is allways slow. This is observed from heavy usage of it, over a long period of time. This is not my experience, but shure i realise that mileages can vary. Great to see that there will be an update2.freebsd.org - unfortunately, that a new release generates more traffic than update-server handles is not acceptable (imho). People should be able to upgrade to a new release, once it is out. Sadly, I don't think one more mirror will cut it. Especially if it is going to be of the same quality as the other portsnap mirrors. Also, sadly CP isn't looking for more mirrors, while a large chunk of users trying to upgrade *are* looking for mirrors. portsnap is extremly lightweight, so it might be just fine. But then i am not arguing against you, more and better infrastructure is always good. Lets wait untill the us has woken up (And maybe add some extra time for the right person to look into the current problems) and see what kind of feedback we get from people who have more insight into this issue. Look at CVSUP mirrors, they have always worked fine, even directly after a new release. We even have a few of them here in Norway, and they are fast as hell. Look how many there are of them, spread around the world.. This works out great! My experience from when i was based in Sweden is the opposit. Shortly after a major release cvsup always had problems syncing due to the load on the servers. However, freebsd-update is closed. I've searched the web for how the protocol works, how the server-part of it works, with metadata, checksums and all. How the mirroring of it works, basicly. There are no public available documents on this. Do we have to reverse- engineer it, or what? If we start off with portsnap it is http-based and the in the manual you can find: If you wish to use portsnap to keep a large number of machines up to date, you may wish to set up a caching HTTP proxy. Since portsnap uses fetch(1) to download updates, setting the HTTP_PROXY environment variable will direct it to fetch updates from the given proxy. This is much more efficient than mirroring the files on the portsnap server, since the vast majority of files are not needed by any particular client. So it's straight forward to speed up portsnap. (But then if the central servers break like today this dosn't help.) Im not shure about freebsd-update, but since they are both written by Colin and the fact that they seem simmilar in config etc. i would guess that the same applies to freebsd-update. So lets wait for some input from Colin or someone else who know the ins and outs of freebsd-update. /Chris -- http://www.arnold.se/chris/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: freebsd-update painfully slow - slower than source code build of world and kernel
The same could be said about CVSup, one could write a caching cvsup proxy-server, and then we could just get rid of all the other cvsup- servers, except two (like freebsd-update soon will have). The point is, for portsnap and freebsd-update to scale properly, it needs to be opened up to the public, like CVSup is. People running a single server at home, or maybee two, most like won't want to set up a PROXY server, and they would be required to update both servers at the same day for the Proxy server to actually cache something - which many may not want. And there are a lot of people running a few servers, here and there. Sure, a national squid-proxy could work - although, there is no individual proxy setting for portsnap/freebsd-update.. It honors HTTP_PROXY environment variable, which a lot of other tools also use. Some tools might not work via this proxy, especially for local addresses - the administrators of these servers probably don't want all the ports tarballs to go via these, and people could use them for nasty things. So, then we are back to manually setting/specifying the proxy-server, each time one wants to run the commands - which people might forget. (Is this getting complicated enough yet..?) We would basically be creating a whole lot of new potential problems for the users, to solve the problem in question.. I am also interested in learning how the portsnap protocol works, maybe there are potential issues with it, that a second eye might spot, or room for improvement? From what I gather, Colin is a very cleaver guy, so it is not very likely, but still, other people could learn from it. I would like to see these tools as the default recommended tools to use in the future, and that is why I am so worried about this. The point I am trying to make is, or actually the question is: Why is freebsd-update (and portsnap) so secretive? Why can't the average Joe run his own portsnap-mirror at home? What are we afraid of? I don't see any problems with this, except maybe loosing some detail in Colin's nice graphs (which would be the case for proxies too). Cheers, Daniel. On Jan 6, 2009, at 5:42 PM, Christopher Arnold wrote: On Tue, 6 Jan 2009, Daniel Bond wrote: reading your answer, you are obviously confusing what I am saying about freebsd-update with the portsnap program. Also, I also wrote in my first post No i'm not confusing them, just trying to follow two subjects at the same time. Sorry if that is confusing. that HTTP_PROXY / Caching proxy server does not help me much. This is because I download a lot of initial tarball snapshots.. I would rarely see Cache hits in my proxy log. I guess I could set something up to fetch nightly via proxy, to keep the data in house, for when I need it. I don't want to use a PROXY server, I feel this is attacking the problem at the wrong end. Ok, lets go again. Either you mirror (maybe by having a squid proxy and walk the tree) and thats going to me even worse for you. Or you use a squid proxy to keep stuff you need close to you and share among different installations. Or you setup one or more national squid proxies and configure your machines manually just like you do with cvsup. I agree, I am interested to hear the views of the wise ones. Personally I'm going back to CVSup until freebsd-update and portsnap mirrors are in a more distributed or usable state. At least portsnap started to work for me earlier today. Havn't tried update yet. But yes i agree, update and portsnap infrastructure could be done better. I have some ideas and will try to write them down in a while. /Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: freebsd-update painfully slow - slower than source code build of world and kernel
Hi, thanks for useful and relevant information. However, this is just one part of the process. Generating the diffs, prepping the server, and the whole server-side setup/management of it is another - I am sure there are tools for this too. Cheers, Daniel. On Jan 6, 2009, at 6:30 PM, Vincent Hoffman wrote: Daniel Bond wrote: The same could be said about CVSup, one could write a caching cvsup proxy-server, and then we could just get rid of all the other cvsup-servers, except two (like freebsd-update soon will have). The point is, for portsnap and freebsd-update to scale properly, it needs to be opened up to the public, like CVSup is. People running a single server at home, or maybee two, most like won't want to set up a PROXY server, and they would be required to update both servers at the same day for the Proxy server to actually cache something - which many may not want. And there are a lot of people running a few servers, here and there. Sure, a national squid-proxy could work - although, there is no individual proxy setting for portsnap/freebsd-update.. It honors HTTP_PROXY environment variable, which a lot of other tools also use. Some tools might not work via this proxy, especially for local addresses - the administrators of these servers probably don't want all the ports tarballs to go via these, and people could use them for nasty things. So, then we are back to manually setting/specifying the proxy-server, each time one wants to run the commands - which people might forget. (Is this getting complicated enough yet..?) We would basically be creating a whole lot of new potential problems for the users, to solve the problem in question.. I am also interested in learning how the portsnap protocol works, maybe there are potential issues with it, that a second eye might spot, or room for improvement? From what I gather, Colin is a very cleaver guy, so it is not very likely, but still, other people could learn from it. well portsnap/freebsd-update are shell scripts so not too hard to read. The actual transfer protocol is piplined http and is done by /usr/libexec/phttpget (in base so src code available /usr/src/usr.sbin/portsnap/phttpget/phttpget.c ) also see http://www.daemonology.net/phttpget/ I would like to see these tools as the default recommended tools to use in the future, and that is why I am so worried about this. The point I am trying to make is, or actually the question is: Why is freebsd-update (and portsnap) so secretive? Why can't the average Joe run his own portsnap-mirror at home? What are we afraid of? I seem to remember once reading that Colin wanted to make it a more polished system before he release it, but i cant find that email anymore. Vince I don't see any problems with this, except maybe loosing some detail in Colin's nice graphs (which would be the case for proxies too). Cheers, Daniel. On Jan 6, 2009, at 5:42 PM, Christopher Arnold wrote: On Tue, 6 Jan 2009, Daniel Bond wrote: reading your answer, you are obviously confusing what I am saying about freebsd-update with the portsnap program. Also, I also wrote in my first post No i'm not confusing them, just trying to follow two subjects at the same time. Sorry if that is confusing. that HTTP_PROXY / Caching proxy server does not help me much. This is because I download a lot of initial tarball snapshots.. I would rarely see Cache hits in my proxy log. I guess I could set something up to fetch nightly via proxy, to keep the data in house, for when I need it. I don't want to use a PROXY server, I feel this is attacking the problem at the wrong end. Ok, lets go again. Either you mirror (maybe by having a squid proxy and walk the tree) and thats going to me even worse for you. Or you use a squid proxy to keep stuff you need close to you and share among different installations. Or you setup one or more national squid proxies and configure your machines manually just like you do with cvsup. I agree, I am interested to hear the views of the wise ones. Personally I'm going back to CVSup until freebsd-update and portsnap mirrors are in a more distributed or usable state. At least portsnap started to work for me earlier today. Havn't tried update yet. But yes i agree, update and portsnap infrastructure could be done better. I have some ideas and will try to write them down in a while. /Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable
Re: FreeBSD Update slow right now, please be patient
Hi Colin, is there anything I can do to help? Will this also resolve connect- issues close up to future releases? I had some correspondence with you about additional mirrors earlier, but it stopped (guessing too many similar requests, to answer them all). Cheers, Daniel. On Jan 6, 2009, at 9:55 PM, Colin Percival wrote: Hi all, FreeBSD Update is being slow right now due to server load issues. It will improve. Please be patient. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [Working fix] Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello! Dmitriy Kirhlarov wrote: | Hi! | | Daniel Bond wrote: | | I'm pretty sure my ldap.conf and nsswitch.conf are OK, but here they are | anyway: | | | /usr/local/etc/nss_ldap.conf - openldap/ldap.conf | /usr/local/etc/ldap.conf - openldap/ldap.conf | | I'm not sure is it correct. | etc/ldap.conf and etc/openldap/ldap.conf -- different files for | different purposes. | etc/nss_ldap.conf - etc/ldap.conf -- it's correct. | The ldap.conf file is only used for nss_ldap and pam_ldap, so I don't suppose it really matters where the config-file resides. | port 389 | ldap_version 3 | bind_policy soft | ^^ | | Try replace to | bind_policy hard | | Developers doesn't like soft. I don't know why, but it periodically | it's broken in new versions nss_ldap (2 time for last 3 years AFAIR). | I'm not sure about current status. It must be tested. | You are absolutely correct, when I change *bind_policy* to *hard*, the problem goes away, nss_ldap stops whining about contacting server in /var/log/auth.log. SSH with pubkey-exchange or password authentication also works with bind_policy hard. Allthough it would be nice to have bind_policy soft working properly (I'm still interested in fixing this if I can manage to track it down), this is a sollution I'm quite happy with, and seems to work well. Thanks! | Also try | | echo debug 9 /usr/local/etc/ldap.conf | | For details see | slapd.conf(5) about loglevel | | WBR. | Dmitriy | ___ | freebsd-stable@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-stable | To unsubscribe, send any mail to [EMAIL PROTECTED] Cheers and happy easter, Daniel Bond, Network Solutions Norway. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH4P2IUR3pKhqN0EoRAoWdAJoDN3unZP4doZ/B1QbdgJw2gwbUmgCeOw49 hf6DTOvORC6md3jeMy6Qa6c= =K/Vc -END PGP SIGNATURE- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Valerio Daelli wrote: | On Mon, Mar 17, 2008 at 5:03 PM, Daniel Bond [EMAIL PROTECTED] wrote: | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | Hi, | Now, if I uncomment the line with pam_mkhomedir.so on it, logins stop to | work. In /var/log/auth.log I now see two lines appearing: | | Mar 17 16:46:40 webmail sshd[98923]: nss_ldap: could not search LDAP | server - Server is unavailable | Mar 17 16:46:40 webmail sshd[98923]: error: PAM: pam_open_session(): | error in service module | | Hi | not sure if this may solve your problem. We found a similar problem | on FreeBSD 7.0 with pam_mkhomedir.so and sshd. We solved using pam_exec.so | and a custom shell script to create the home directories. | Hope this help | | Valerio Daelli | ___ | freebsd-stable@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-stable | To unsubscribe, send any mail to [EMAIL PROTECTED] Hi, thanks for the quick reply. This is a workaround that addresses the issue of users homedir not existing upon login-time, but there seems to be a serious problem in the underlying pam_ldap/nss_ldap modules somewhere. I've noticed after posting the previous post that ssh-pubkey/ssh-password authentication no longer works with PAM/ldap-setups, which I need for our external developers. I *really* want to find the underlying issue in this case, and resolve it. I have got some days off in the easter where I will look deeper into it, hoping to find an underlying issue, and create a patch. My only concern is not being able to find the bug, so I'm very happy for any suggestions on how to track this down, or any suspicions to what could be causing the problem. Cheers and happy Easter, Daniel Bond. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH35POUR3pKhqN0EoRApSkAJ9ywSzttH+VJTRrVQLtRvIXcwvyJgCeKkcO BuqV2YXaP+u8ve4tbyfInj8= =YMBU -END PGP SIGNATURE- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0
direction, I will greatly appreciate it. If I posted it to wrong forum, please point me to the correct/optimal forum. Otherwize I'm pleased to see the impressive new performance in 7.0, and better support for IBM Bladeservers and Qlogic 4gig FC-controllers :-) Great release! Thanks in advance. Kind regards, Daniel Bond. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH3pY3UR3pKhqN0EoRAiedAJ0UK99P265XutZKb5dY5TY4siwfMgCeNDJs 6buxnV3WFV/G2cs6reBg0c0= =kVlJ -END PGP SIGNATURE- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how much beer do I need to get this patch applied?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I like Kurt's approach, having a mailfilter/script-pipe which could remove dynamic variables like timestamps etc, and checksum it against against a empty template to see if its deletable. This also verifies that mail-delivery is working, and machine is not dead. What also could be done is feed this information into a database, and show more information, ie: group portaudits on host like: www/apache2: (apache-2.0.55_3,apache-2.0.58) host1,host2,host3,host4,,[see all] For portaudit I use a small ruby-program w/Net::SSH which runs portaudit-threads on machines, and groups it like somewhat like above on a web-interface. I intend to publish this when it's more production ready, and not so specific for my use. Sorry for going off-topic. - -DB. Jo Rhett wrote: On Jun 20, 2007, at 12:56 PM, Kurt Buff wrote: Currently, if you get no message from that box, *something* is broken. I am not capable as a human being of noticing the lack of one message, when without this patch I would get more than 2,000 each day. The more likely is that the OP starts deleting the messages unread each day and thus never sees an actual failure report. Failure of imagination. No. Having done the work to verify that failures will be reported, I configure the mail system to only send me mail on errors. Better design. Perhaps a separate mailbox dedicated to this task, with a script (grep?) that parses the emails in that mailbox daily looking for expected messages, noting and deleting them, with unsent messages noted via an email and messages with unexpected content forwarded as well? This doesn't solve the lack of a message problem you mentioned above. It also requires a new system to be designed and configured, which could have failures of its own. This is more abstraction and zero gain for our environment. Any error should be read in our situation. A non-error does not need to be read. In any case, the primary consideration with this patch is that it allows either model to work. You can do it your way, and we can do it our way. --Jo Rhett senior geek Silicon Valley Colocation Support Phone: 408-400-0550 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGeYyAUR3pKhqN0EoRAgbUAJ93Rq0FwoYRZfL2PnUGaDHwl8jbbgCfcc22 uUkANgaHrRsY9RQrDKLUbKk= =N5D4 -END PGP SIGNATURE- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Panics on IBM Bladecenter HS20/amd64 blades
: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 uhub2: Cypress Semiconductor 4 Port Hub, class 9/0, rev 1.10/0.01, addr 2 uhub2: 4 ports with 4 removable, bus powered ukbd0: IBM PPC I/F, rev 1.10/0.01, addr 3, iclass 3/1 kbd1 at ukbd0 ums0: IBM PPC I/F, rev 1.10/0.01, addr 3, iclass 3/1 ums0: X report 0x0002 not supported device_attach: ums0 attach returned 6 ukbd1: IBM HIDK/M, rev 1.10/0.01, addr 4, iclass 3/1 kbd2 at ukbd1 ums0: IBM HIDK/M, rev 1.10/0.01, addr 4, iclass 3/1 ums0: 3 buttons and Z dir. Timecounter TSC frequency 2800109935 Hz quality 800 Timecounters tick every 1.000 msec IP Filter: v4.1.8 initialized. Default = pass all, Logging = enabled Waiting 5 seconds for SCSI devices to settle mpt0:vol0(mpt0:0:0): Settings ( Hot-Plug-Spares ) mpt0:vol0(mpt0:0:0): Using Spare Pool: 0 mpt0:vol0(mpt0:0:0): 2 Members: (mpt0:0:0): Primary (mpt0:0:1): Secondary mpt0:vol0(mpt0:0:0): RAID-1 - Optimal mpt0:vol0(mpt0:0:0): Status ( Enabled ) (mpt0:vol0:0): Physical (mpt0:0:0), Pass-thru (mpt0:1:0) (mpt0:vol0:0): Online (mpt0:vol0:1): Physical (mpt0:0:1), Pass-thru (mpt0:1:1) (mpt0:vol0:1): Online pass1 at mpt0 bus 1 target 0 lun 0 pass1: IBM-ESXS ST973401LCFN B41D Fixed unknown SCSI-4 device pass1: 320.000MB/s transfers (160.000MHz, offset 63, 16bit), Tagged Queueing Enabled pass2 at mpt0 bus 1 target 1 lun 0 pass2: IBM-ESXS ST973401LCFN B41D Fixed unknown SCSI-4 device pass2: 320.000MB/s transfers (160.000MHz, offset 63, 16bit), Tagged Queueing Enabled da0 at mpt0 bus 0 target 0 lun 0 da0: LSILOGIC 1030 IM IM 1000 Fixed Direct Access SCSI-2 device da0: 320.000MB/s transfers (160.000MHz, offset 63, 16bit), Tagged Queueing Enabled da0: 69878MB (143110144 512 byte sectors: 255H 63S/T 8908C) Trying to mount root from ufs:/dev/da0s1a WARNING: / was not properly dismounted WARNING: /usr was not properly dismounted bge1: link state changed to UP -- Med vennlig hilsen / Best regards, -- Daniel Bond PGP: C822C4BD -- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Patch for GBDE rc-script
On 12:34 Sun 10 Sep, Tobias Roth wrote: On Sat, Sep 09, 2006 at 11:22:08PM +0200, Daniel Bond wrote: On 14:13 Fri 08 Sep, Tobias Roth wrote: How is this better/different from just adding the gbde device to /etc/fstab and have it mounted along with all other filesystems? It says in the handbook: Since encrypted file systems cannot yet be listed in /etc/fstab for automatic mounting, the file systems must be checked for errors by running fsck(8) manually before mounting. Interesting. I have had this line in my /etc/fstab for almost a year now and it just works(tm): /dev/ad0s4d.bde /home ufs rw2 2 Since during startup, gbde is run before fsck, I don't see why there would be any problems with this. Thanks, Tobias Maybee this should be updated in the handbook then? (Along with the placement for the lockfile, since GBDE defaultly looks in /etc/partition.lock (not: /etc/gbde/partition)) I could do it if I knew how. -- Med vennlig hilsen / Best regards, -- Daniel Bond PGP: C822C4BD -- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Patch for GBDE rc-script
On 14:13 Fri 08 Sep, Tobias Roth wrote: On Thu, Sep 07, 2006 at 08:13:11PM +0200, Daniel Bond wrote: Hi, I just setup GBDE on my laptop, encrypting my 512M cf-card. This works like a charm, but I felt the need to enchance the rc-script a little to automatically mount the encrypted drive(s), if you have the following in /etc/rc.conf: [snip] How is this better/different from just adding the gbde device to /etc/fstab and have it mounted along with all other filesystems? Thanks, Tobias It says in the handbook: Since encrypted file systems cannot yet be listed in /etc/fstab for automatic mounting, the file systems must be checked for errors by running fsck(8) manually before mounting. -- Med vennlig hilsen / Best regards, -- Daniel Bond PGP: C822C4BD -- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Patch for GBDE rc-script
Hi,
I just setup GBDE on my laptop, encrypting my 512M cf-card.
This works like a charm, but I felt the need to enchance the rc-script a
little to automatically mount the encrypted drive(s), if you have the
following in /etc/rc.conf:
* gbde_autoattach_all=YES
* gbde_devices=device1 device2 .. etc
So I added another option:
* gbde_mountpoint=/private to /etc/defaults/rc.conf
This option acts like a basedir for mounting the partition, IE. after running
/etc/rc.d/gbde start, I get the following mount entry in the the mount-command
output:
/dev/ad1s1c.bde on /private/bde_ad1s1c (ufs, local, soft-updates)
Note: I also altered the output of which device is beeing attached, so that it
also specifies which lockfile it is using. The reason for this is that the
handbook example of gbde init uses /etc/gbde/ad4s1c as lockfile, while the
rc-script defaultly uses /etc/ad4s1c.lock. For a regular user this will cause
great frustration, because while booting it will basicly just tell the user
that the password is wrong, not that the lockfile dosn't exist (debugging the
rc-script to find out what was going on triggered me to start this
enchancement).
I'm not sure that the naming of my rc.conf variable is optimal (couldn't
think of a short/descriptive name for it), and the same with
/mount/point/bde_device.
Also, I am not sure that the new script-logic takes care of everything that
could go
wrong, so please review it carefully.
I hope this patch might be usefull for other users (maybee especially
laptop-users),
and if so, that it might be a part of the project :-)
If I mailed the wrong mailinglist, please let me know.
--
Med vennlig hilsen / Best regards,
--
Daniel Bond
PGP: C822C4BD
--
--- gbde.orig Thu Sep 7 20:03:46 2006
+++ gbdeThu Sep 7 20:01:46 2006
@@ -84,7 +84,7 @@
parent_=`ltr ${parent} '/' '_'`
eval
lock=\${gbde_lock_${parent_}-\${gbde_lockdir}/${parent_}.lock\}
if [ -e /dev/${parent} -a ! -e /dev/${parent}.bde ]; then
- echo Configuring Disk Encryption for ${parent}.
+ echo Configuring Disk Encryption for ${parent}.
(Lockfile: ${gbde_lockdir}/${parent_}.lock)
count=1
while [ ${count} -le ${gbde_attach_attempts} ]; do
@@ -94,6 +94,14 @@
gbde attach ${parent}
fi
if [ -e /dev/${parent}.bde ]; then
+ if [ -e ${gbde_mountpoint} ]; then
+ if [ ! -e
${gbde_mountpoint}/bde_${parent} ]; then
+ mkdir -p
${gbde_mountpoint}/bde_${parent}
+ fi
+ if fsck -p -t ffs
/dev/${parent}.bde 1/dev/null; then
+ mount
/dev/${parent}.bde ${gbde_mountpoint}/bde_${parent}
+ fi
+ fi
break
fi
echo Attach failed; attempt ${count} of
${gbde_attach_attempts}.
pgpsxFfB6sALU.pgp
Description: PGP signature
Re: Patch for GBDE rc-script
On 11:31 Thu 07 Sep, Paul Allen wrote: From Daniel Bond [EMAIL PROTECTED], Thu, Sep 07, 2006 at 08:13:11PM +0200: Hi, I just setup GBDE on my laptop, encrypting my 512M cf-card. This works like a charm, but I felt the need to enchance the rc-script a little to automatically mount the encrypted drive(s), if you have the following in /etc/rc.conf: * gbde_autoattach_all=YES * gbde_devices=device1 device2 .. etc So I added another option: * gbde_mountpoint=/private to /etc/defaults/rc.conf This option acts like a basedir for mounting the partition, IE. after running /etc/rc.d/gbde start, I get the following mount entry in the the mount-command output: /dev/ad1s1c.bde on /private/bde_ad1s1c (ufs, local, soft-updates) It seems to me that this is really something that belongs in devd. Boot-time is decidedly not ideal. Paul Nice, thankyou :) -- Med vennlig hilsen / Best regards, -- Daniel Bond PGP: C822C4BD -- ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hey all
Sam Stein wrote: Hey everyone, just joined the list. Hope I can be of some use, or something of the like. Welcome to the list :) Regards, Daniel Bond. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Texas Instruments Card Reader.
Hi, I'm running FreeBSD 6.1-prerelease on my laptop and it is running really great, except my SD/MMC Cardreader. Its a Texas Instrumens Chip, I'l paste the interesting snip from pciconf: snip [EMAIL PROTECTED]:9:3: class=0x018000 card=0x300717c0 chip=0x8033104c rev=0x00 hdr=0x00 vendor = 'Texas Instruments (TI)' device = 'PCIxx21 Integrated FlashMedia Controller' class= mass storage /snip I would like to store geli-keys and ssh-host and maybe have a litte encrypted partition on a memorycard too. I've been googling the subject for several weeks, I'm sure that if I find the driver it's only a matter of adding the device-id and possibly do some minimal hacking. I'm pretty sure there is a driver, because I've seen so many posts about people saying their texas-instr. based cardreaders work. Can anyone point me in a direction on this one? :-) -Danny. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Save the Demon!
Hi! Would it be a good idea to make a separate mailing-list for the logo, or using logo-contest.freebsd.org for discussion and logo-suggestions. I feel this is off-topic, and besides; it seems that the decision has already been made to change logo, and keep beastie as mascot. We need a logo that is more pro-commerce, and lay the platform down for company's to hype FreeBSD like companies is doing with Linux. Looking forward to the logo results! (I might give it a shoot myself (no foot-shooting of course haha)) Regards! Oliver Fromme wrote: Nobody is proposing to change the existing mascot, so there is no foot shooting. Best regards Oliver ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to disable ACPI in 5.3
thanks for clearing this up for me, pcib0 seems to be a child of legacy0. Yet my system hangs.. I'm moving my Hi-Point ata100 controller in a 4.8 box instead, so this system becomes stable. On Fri, Oct 29, 2004 at 02:45:51PM -0400, John Baldwin wrote: you can run devinfo to list your device tree. If pcib0 is a child of acpi0, then you are using ACPI. If it is a child of legacy0, then you aren't. On Thursday 28 October 2004 10:20 pm, Daniel Bond wrote: Yet, still I find ACPI in my kernel: ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with ipfilter and todays -stable
On Tue, Sep 28, 2004 at 10:05:50AM -0700, Greg White wrote: On Mon, 27 Sep 2004 23:11:22 +0200, Bernhard Valenti [EMAIL PROTECTED] wrote: hi, is this issue fixed yet? i didnt see any commits to the ipfilter code. Not as of Sept. 15th, for sure, and I've not seen any other list traffic on the subject, either here or on the ipfilter list. I re-cvsup'd the morning of the 16th with the 15th's code and buildworld/installworld-ed, hoping that the reason noone had said anything was that the problem had been fixed. Same oddity with ipf -V output being version mangled, and same lack of functioning icmp echo. -- Greg White ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] I have been told that ipfilter has some kind of licence agreement, that requires all code-changes to be aproved by the ipfilter-guy. This is supposed to be the reason why OpenBSD made PF(PacketFilter), insted of implementing ALT-Q and other functionality into IPF. This is probably useless information since the problem, most probably lies in FreeBSD's implementation of IPFilter, and not the IPFilter program it self. None the less, It might be more interesting than spam :P -- | Daniel Bond[EMAIL PROTECTED] | | Mobile: 936 18 243 | | | | Unixcore (www.unixcore.com) [EMAIL PROTECTED] | ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
