Re: Call for testers: www/shellinabox (Shell in a Box)

[Vitaly Magerya]

Olivier Cochard-Labbé wrote:
 I've just finished my port of Shell in a Box: It's a secure web server
 that provide ajax terminal emulator.
 More information on the official website: 
 http://code.google.com/p/shellinabox/

After looking at the port for a while, I have some suggestions.

The port creates ${PREFIX}/etc/shellinabox directory, chowns it to
nobody and chmods it to 777. The reason for this is that shellinabox
creates certificates during the runtime and stores them into that
directory, but it only does that after dropping to nobody user.

As the author of shellinabox notes [1], this is a bad idea, because any
user can read and modify your keys this way. I also have a vague feeling
that storing variable files in ${PREFIX}/etc/shellinabox is a bad idea
as well (to compare, Debian port uses /var/lib/shellinabox).

So what I propose is this:
1. Create shellinabox user and group (via USERS and GROUPS).
2. Update rc script to start shellinaboxd with that user and group.
3. Make the certificate directory 700, owned by shellinabox:shellinabox.
4. Move the certificate directory to /var/shellinabox or similar
   (what's our conventional location for this kind of files?).

I'm not sure on the 4 though. Any thoughts?

[1] http://code.google.com/p/shellinabox/issues/detail?id=22#c2
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Possibly unbuildable ports reminder

[Bill Fenner]

Dear porters,

  This is just a reminder to please periodically check the list of
unbuildable ports at http://pointyhat.freebsd.org/errorlogs/ .
A list by MAINTAINER is

http://people.freebsd.org/~fenner/errorlogs/

so you can easily check the status of ports that you maintain.  In
addition, the list of ports with no MAINTAINER with build problems is

http://people.freebsd.org/~fenner/errorlogs/po...@freebsd.org.html

Since no one is responsible for these ports, the problem won't get
fixed unless someone on this list takes the initiative.

Thanks for your help!

Bill annoying port email Fenner
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Early CONFLICTS detection is POLA viloation?

[Dominic Fandrey]

On 27/06/2010 20:04, Lev Serebryakov wrote:
 Hello, Freebsd-ports.
 
   I  understand,  that  this  change (ports/137855, bsd.port.mk:1.632)  was  
 made 6 months ago, but I've
  noticed it only now (twice in one day!).
 
   Am  I  only  person,  who  thinks,  that  this  change  is HUGE POLA
  violation?

Definitely not, I actually got abuse reported by portmgr for my
very upset e-mails. I'm kinda mystified who was offended in which
way, I have reread my e-mails and though they were born of my
annoyance I find nothing there that would have offended me
had I been at the receiving end.

-- 
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail? 
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Current unassigned ports problem reports

[FreeBSD bugmaster]

(Note: an HTML version of this report is available at
http://www.freebsd.org/cgi/query-pr-summary.cgi?category=ports .)

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker  Resp.  Description

o ports/148198[MAINTAINER UPDATE] sysutils/rdup: update to 1.1.7
f ports/148195[patch] fix \ prefixed mapping for textproc/scim-kmfl-
o ports/148188Update port: print/latex-csquotes update to 5.0a
o ports/148187update mail/vm to 8.1.0
o ports/148182[patch] Font-size in www/webkit-gtk2 error template.
o ports/148181games/ftjava: wrong site address
f ports/148170net/sslh: patch that add rc startup script
f ports/148168[PATCH] update deskutils/alexandria to 0.6.6
o ports/148158[PATCH] net/p5-IO-Socket-INET6: update to 2.65
o ports/148156[MAINTAINER] devel/doxygen: update to 1.7.1
f ports/148145print/cups-samba: Add ability to use difference samba 
o ports/148142Update port: astro/glunarclock version update 0.34.1
f ports/148141Update port: net/ssltunnel-client
f ports/148140Update and unbreak port: net/ssltunnel-server
o ports/148135[MAINTAINER] databases/pgsphere: fix deinstallation wh
o ports/148131Update port: java/castor to version 1.3.1
o ports/148122Update Port: deve/libdombey = 1.2
o ports/148115[PATCH] devel/nant: update to 0.90, take maintainershi
o ports/148114Update port: java/jgraph Update and claim maintainersh
o ports/148113Maintainer update: textproc/atom change MASTER_SITES
o ports/148099patch available for emacs movemail vulnerability.
o ports/148098new port: math/x12arima
s ports/148090[PATCH] security/ike: update to 2.1.5
o ports/148085Port update: comms/uhso-kmod - Update to v20100416
f ports/148082Update port: audio/musicpd from 0.15.8 to 0.15.10
o ports/148075[PATCH] oss/files path issue with soundon script
o ports/148065net-mgmt/rate: rate program put interface in promiscuo
f ports/148057[patch] upgrade of security/ossec-hids-server and secu
o ports/148044www/squid31: Updating squid 3.1.3 to 3.1.4 fails on Fr
f ports/148036[PATCH] ports-mgmt/p5-FreeBSD-Ports-INDEXhash: require
f ports/148028[PATCH] net/haproxy: update to 1.4.8
o ports/148027New port: graphics/ramenhdr, node based video composit
o ports/148025When you open the zip file, mc looking unzip down the 
o ports/148021irc/minbif port update (1.0.2-1.0.3)
o ports/148020[Patch] audio/cmus update to 2.3.3
o ports/148014[update] libticonv/libtifiles2/libticables2/libticalcs
o ports/148012[maintainer update] net/ucarp: cosmetic fixes.
o ports/148010bug in net/freeswitch-core
o ports/148007[UPDATE] arabic/kacst_fonts
f ports/147997[UPDATE] Update mail/dovecot-sieve to 0.1.17
f ports/147996[UPDATE] Update mail/dovecot to 1.2.12
o ports/147994[PATCH] www/scloader: update to 0.32
f ports/147993[patch] mail/dkim-milter -- plist problems
o ports/147987ftp/hsftp update
f ports/147982[patch] multimedia/xmms-weasel fix depends
o ports/147981[patch] multimedia/xmms-status-plugin fix depends
f ports/147977[patch] irc/ratbox-services mark MAKE_JOBS_UNSAFE
f ports/147973[patch] audio/xmmsctrl fix depends
f ports/147970net/quagga: Ipv6 addresses cannot be assigned to inter
o ports/147958[MAINTAINER] sysutils/luckybackup: Update to 0.4.0
o ports/147944[NEW PORT] net/gogoc: GogoCLIENT, which is needed to c
o ports/147943New port: net/radsecproxy Radsecproxy is a generic RAD
o ports/147942www/moinmoin sends wrong http header when in editor mo
o ports/147936New port: sysutils/dtpstree Display a tree of processe
o ports/147930[ports] maintainer update: devel/google-perftools
f ports/147922[PATCH] audio/aumix: update to 2.9.1
f ports/147921add reload command to rc script of audio/icecast2
f ports/147916[PATCH] net/empty: update to 0.6.18b
o ports/147911[PATCH] net-im/ejabberd: update to 2.1.4
f ports/147907[patch] www/tclhttpd don't hardcode -j2
o ports/147898[patch] sysutils/uhidd: open /usr/local/etc/uhidd.conf
o ports/147895[MAINTAINER] sysutils/fusefs-mhddfs: update to 0.1.35
o ports/147889New port: devel/maven-ant-tasks Allows Maven's handlin
o ports/147882Maintainer 

Re: Call for testers: www/shellinabox (Shell in a Box)

[Eric]

 From: Vitaly Magerya vmage...@gmail.com
[SNIP]
 4. Move the certificate directory to /var/shellinabox or similar
(what's our conventional location for this kind of files?).
 
 I'm not sure on the 4 though. Any thoughts?

Id say possibly /var/db/shellinabox

/var/db/ seems to be used by a fair number of services for record keeping of
various things.


___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Call for testers: www/shellinabox (Shell in a Box)

[Olivier Cochard-Labbé]

2010/6/28 Vitaly Magerya vmage...@gmail.com:


 So what I propose is this:
 1. Create shellinabox user and group (via USERS and GROUPS).
 2. Update rc script to start shellinaboxd with that user and group.
 3. Make the certificate directory 700, owned by shellinabox:shellinabox.

Thanks for your tips, I've updated the port, here how to proceed now:

cd /usr/port/www
fetch http://gugus69.free.fr/tools/shellinabox.tgz
tar zxvf shellinabox.tgz
cd shellinabox
patch ../../UIDs UIDs.diff
patch ../../GIDs GIDs.diff
make install clean
/usr/local/etc/rc.d/shellinaboxd onestart

For information:
MD5 (shellinabox.tgz) = c553fd6b05d0b136cbef95f8cb808072
I've used the UID/GID 139 that seem available.


 4. Move the certificate directory to /var/shellinabox or similar
   (what's our conventional location for this kind of files?).

 I'm not sure on the 4 though. Any thoughts?

I let the certificate in /usr/local/etc/shellinabox (on my nanoBSD,
/var is a volatile RAM disk).

Regards,

Olivier
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: flag to tell ports that you are only building for yourself

[RW]

On Sun, 27 Jun 2010 23:09:47 -0400
Eitan Adler li...@eitanadler.com wrote:

 I'd like to add a flag to tell ports that you are building only for
 yourself that and optimizations that typically are not enabled could
 be turned on.

You can do this yourself. If you add in make.conf something like

.if defined(BUILD_FOR_SELF)
CPUTYPE?=  athlon64
.endif




# cd /ports/www/squid

# make -V CFLAGS
-O2 -pipe  -fno-strict-aliasing

# setenv BUILD_FOR_SELF yes

# make -V CFLAGS
-O2 -pipe -march=athlon-mp  -fno-strict-aliasing
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

net/Sockets

[Andrea Venturoli]

Hello.
Any news on updating this port?

Latest version is 2.3.9.2.
We have:
net/Sockets = 2.1.4
net/Sockets-devel = 1.9.9 (!!!)

Is anyone working on this?
If not I might give a try at updating this port.

 bye  Thanks
av.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: net/Sockets

[Mark Linimon]

On Mon, Jun 28, 2010 at 09:19:05PM +0200, Andrea Venturoli wrote:
 Any news on updating this port?

They're unmaintained, so it's probably up to you to do it :-)

mcl
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: This construction doesn't work

[Gabor Kovesdan]

Em 2010.06.29. 0:24, Paul Schmehl escreveu:
I'm working on a port update for one of the ports that I maintain, and 
I've run into a problem that I can't seem to solve.


I use this construction to ensure that the port doesn't overwrite the 
conf file, if one exists:


.for f in barnyard2.conf
   ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}-sample
   [ -f ${PREFIX}/etc/${f} ] || \
   ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${PREFIX}/etc/${f}
.endfor

But it gets overwritten anyway.  What am I doing wrong?  I thought 
this worked before, but I can't be sure.  Testing proves that it does 
not work now.  I tried to changing to an if [ ! -f construction, but 
that didn't do a thing.


I think it should work, I used to write the same in audio/shoutcast. Are 
you testing by installing from port or from package? It should work for 
ports but for packages, you need some more magic in pkg-plist. You can 
also refer to audio/shoutcast how it is done there. Maybe is it what you 
missed?


Regards,
Gabor
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Fwd: [sudo-workers] sudo 1.7.3rc1 available

[Wesley Shields]

See below for the changes to sudo 1.7.3 which is set to be released
soon. If you want to test out the 1.7.3rc1 update please fetch the patch
from http://people.freebsd.org/~wxs/sudo.diff, apply it and rebuild.
Please reply back to me privately with reports of success or failures.

I'll probably get the update in the tree sometime early or mid-July.

-- WXS

- Forwarded message from Todd C. Miller todd.mil...@courtesan.com -

Date: Mon, 28 Jun 2010 09:56:10 -0400
From: Todd C. Miller todd.mil...@courtesan.com
To: sudo-work...@sudo.ws
Cc: sudo-us...@sudo.ws
Subject: [sudo-workers] sudo 1.7.3rc1 available

The first release candidate of sudo 1.7.3 is now available.
Sudo 1.7.3 is scheduled for release on June 30th.

Download links:
http://www.sudo.ws/sudo/dist/beta/sudo-1.7.3rc1.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.3rc1.tar.gz

Major changes between sudo 1.7.2p7 and 1.7.3rc1:

 * Support for logging I/O for the command being run.
   For more information, see the documentation for the log_input
   and log_output Defaults options in the sudoers manual.  Also
   see the sudoreplay manual for how to replay I/O log sessions.

 * The use_pty sudoers option can be used to force a command to be
   run in a pseudo-pty, even when I/O logging is not enabled.

 * On some systems, sudo can now detect when a user has logged out
   and back in again when tty-based time stamps are in use.  Supported
   systems include Solaris systems with the devices file system,
   Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
   only).

 * On AIX systems, the registry setting in /etc/security/user is
   now taken into account when looking up users and groups.  Sudo
   now applies the correct the user and group ids when running a
   command as a user whose account details come from a different
   source (e.g. LDAP or DCE vs.  local files).

 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
   When multiple entries are listed, sudo will try each one in the
   order in which they are specified.

 * Sudo's SELinux support should now function correctly when running
   commands as a non-root user and when one of stdin, stdout or stderr
   is not a terminal.

 * Sudo will now use the Linux audit system with configure with
   the --with-linux-audit flag.

 * Sudo now uses mbr_check_membership() on systems that support it
   to determine group membership.  Currently, only Darwin (Mac OS X)
   supports this.

 * When the tty_tickets sudoers option is enabled but there is no
   terminal device, sudo will no longer use or create a tty-based
   ticket file.  Previously, sudo would use a tty name of unknown.
   As a consequence, if a user has no terminal device, sudo will
   now always prompt for a password.

 * The passwd_timeout and timestamp_timeout options may now be
   specified as floating point numbers for more granular timeout
   values.

 * Negating the fqdn option in sudoers now works correctly when sudo
   is configured with the --with-fqdn option.  In previous versions
   of sudo the fqdn was set before sudoers was parsed.
 
sudo-workers mailing list sudo-work...@sudo.ws
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-workers

- End forwarded message -
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org