from:"Kövesdán Gábor"


Giorgos Keramidas wrote:


On 2006-03-04 00:44, K?vesd?n G?bor [EMAIL PROTECTED] wrote:
 


Hello,

look at this:

[EMAIL PROTECTED] w
12:41AM  up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]

Where am I? :) I don't know exactly how it happened, but I'll
investigate, I have an idea and I'll report if I find out.
   



Some programs may tweak wtmp to `hide' users that are actively logged
in.  One program that I know can do this is screen(1).  Hitting ``^A L''
here, between successive `w' invocations, I can see this:

[EMAIL PROTECTED]:/root# w
2:04AM  up  2:10, 1 user, load averages: 0.07, 0.16, 0.19
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]:/root# w
2:05AM  up  2:11, 2 users, load averages: 0.03, 0.14, 0.17
USER TTY  FROM  LOGIN@  IDLE WHAT
root pts/0:0:S.02:05AM - w
[EMAIL PROTECTED]:/root#

 

And what do the other logged in users see? With my method I can 
completely hide, nobody can see me logged in. So I think it might be an 
opportunity to abusing. I'll send a PR soon, I just wanted to know 
before if somebody already knows about this trick.


Gabor Kovesdan

P.S.: It happened on a RELENG_5_3 system via SSH, but I suppose it can 
be triggered locally.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Where am I? :)


Erik Greenwald wrote:


On Sat, Mar 04, 2006 at 12:44:19AM +0100, K?vesd?n G?bor wrote:
 


Hello,

look at this:

[EMAIL PROTECTED] w
12:41AM  up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]

Where am I? :) I don't know exactly how it happened, but I'll 
investigate, I have an idea and I'll report if I find out.
   



I've seen that happen when the userland and kernel are out of sync.
(not too long ago, I did a make buildworld kernel, was waiting for
an opportune time to installworld, and suffered some kinda failure
causing a reboot).

Check the uname -a date and the date of /bin/w or something? perhaps
go through a cvsup/upgrade to try to sync things up? :)

 

No, they are in sync. :) Being out of sync for the kernel and the 
userland is not so common, because it derives from the forgetfullness of 
the administrator, but this trick can be triggered every time.


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Where am I? :)


Mike Tancsa wrote:


On Sat, 04 Mar 2006 00:44:19 +0100, in sentex.lists.freebsd.questions
you wrote:

 


Hello,

look at this:

[EMAIL PROTECTED] w
12:41AM  up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]

Where am I? :) I don't know exactly how it happened, but I'll 
investigate, I have an idea and I'll report if I find out.
   




Does 
w -n


work ?




No, I get the same.

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Where am I? :)


Giorgos Keramidas wrote:


On 2006-03-04 09:00, Kovesdan Gabor [EMAIL PROTECTED] wrote:
 


Giorgos Keramidas wrote:
   


On 2006-03-04 00:44, Kovesdan Gabor [EMAIL PROTECTED] wrote:
 


Hello,
look at this:

[EMAIL PROTECTED] w
12:41AM  up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]

Where am I? :) I don't know exactly how it happened, but I'll
investigate, I have an idea and I'll report if I find out.
   


Some programs may tweak wtmp to `hide' users that are actively logged
in.  One program that I know can do this is screen(1).  Hitting ``^A L''
here, between successive `w' invocations, I can see this:

[EMAIL PROTECTED]:/root# w
2:04AM  up  2:10, 1 user, load averages: 0.07, 0.16, 0.19
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]:/root# w
2:05AM  up  2:11, 2 users, load averages: 0.03, 0.14, 0.17
USER TTY  FROM  LOGIN@  IDLE WHAT
root pts/0:0:S.02:05AM - w
[EMAIL PROTECTED]:/root#
 


And what do the other logged in users see?
   



Only what `w' can see too.

 


With my method I can completely hide, nobody can see me logged in.
   



What is your method?  I haven't seen any description of how *you* ended
up not being logged in.  Are you using screen(1) or another program that
tweaks /var/log/wtmp?  Which program?  Have you found out why your login
seems record in wtmp was marked as logged out?

 


Here's my method:

http://www.freebsd.org/cgi/query-pr.cgi?pr=94060


So I think it might be an opportunity to abusing. I'll send a PR soon,
I just wanted to know before if somebody already knows about this
trick.
   



I don't think this is a bug.  The permissions of ``/var/log/wtmp'' are:

   $ ls -ld /var/log/wtmp
   -rw-r--r--  1 root  wheel  - 8052 Mar  4 16:51 /var/log/wtmp

What a bug about this would report is that set-user-id programs, like
screen(1), can do all sorts of nasty things if abused.  This isn't
exactly a bug, but common knowledge.

- Giorgos

 

/bin/login is suid, too. Can't screen and login be modified somehow to 
take care of this issue?


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Where am I? :)


Oliver Leitner wrote:


Big one, so you know howto use a log cleaner.

am i am the only one that is not impressed?

btw, did you actually realize, that  log cleaner wont clean the history
file? just a suggestion...

 

I don't use any log cleaner, I triggered this accidentally. Please read 
the whole thread if you're interested or see this:

http://www.freebsd.org/cgi/query-pr.cgi?pr=94060

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Where am I? :)


Oliver Leitner wrote:


Yea... Right...

well, however...

log out and log back in, it should start the logs again.

in case you really dropped it accidently, look if the system logging
daemon is running.

 

Yes, of course it is running. Logging out and logging in solves this 
issue, but the point is here that even a single user without root acces 
can be hiding. He can do anything and nobody will notice that he is even 
loggod in. We discussed in the list that /var/log/wtmp helds the login 
states and only suid programs can access it, e.g. screen or login. As 
for login, it will be fixed if possible since it is in the base system.


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Where am I? :)


Oliver Leitner wrote:


Well, it could have different reasons then:

1. your box has been hacked, and you have a somewhat crippled login or
shell, try to replace that things with clean ones.

2. maybe there is something wrong with memory mapping, eventually diag
your ram, or build a new kernel.

3. its just one of those accidently things that happen every 10 years
once...

 


4, It is just a bug in login, or it is the normail behavior. :)

As for the first and second assumption, I can guarantee they are wrong. 
I do a lot of effort to keep the machine secure. As for the second one, 
this machine has a quite big uptime:


11:44PM  up 83 days,  9:09, 1 user, load averages: 0.04, 0.05, 0.01

It has been running for 83 days without any deficiency.

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Where am I? :)

2006-03-03 Thread Kövesdán Gábor


Hello,

look at this:

[EMAIL PROTECTED] w
12:41AM  up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY  FROM  LOGIN@  IDLE WHAT
[EMAIL PROTECTED]

Where am I? :) I don't know exactly how it happened, but I'll 
investigate, I have an idea and I'll report if I find out.


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How to delete ports?

2006-02-22 Thread Kövesdán Gábor


Jose Borquez wrote:

Is it safe to go into /usr/ports and delete the entire contents of the 
ports and then do a cvsup to download only the needed ports?  Is there 
another method to do this?


Yes, you can safely delete /usr/ports. You can define the unwanted 
directories with refuse files for CVSup. See cvsup(1), it is described 
there well enough.


Regards,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Ruby crashes with portupgrade

2006-02-20 Thread Kövesdán Gábor


Andrew Pantyukhin wrote:


On 2/19/06, Kövesdán Gábor [EMAIL PROTECTED] wrote:
 


Hello,

Ruby always crashes and makes a coredump when I try to use portupgrade:

[EMAIL PROTECTED] portupgrade -ai
---  Session started at: Sun, 19 Feb 2006 15:32:51 +0100
[Updating the pkgdb format:dbm_hash in /var/db/pkg ... - 313 packages
found (-5 +4) (...)/usr/local/lib/ruby/site_ruby/1.8/pkgdb.rb:466: [BUG]
Segmentation fault
ruby 1.8.4 (2005-12-24) [amd64-freebsd5]

Abort trap (core dumped)

I tried to reinstall both of them but no use. Have somebody experiencd
and fixed such issue?
   




1. Try removing /var/db/pkg/pkgdb.db
 


Thanks, it helped.


2. Try rebuilding ruby WITHOUT_PTHREADS
 


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Ruby crashes with portupgrade

2006-02-19 Thread Kövesdán Gábor


Hello,

Ruby always crashes and makes a coredump when I try to use portupgrade:

[EMAIL PROTECTED] portupgrade -ai
---  Session started at: Sun, 19 Feb 2006 15:32:51 +0100
[Updating the pkgdb format:dbm_hash in /var/db/pkg ... - 313 packages 
found (-5 +4) (...)/usr/local/lib/ruby/site_ruby/1.8/pkgdb.rb:466: [BUG] 
Segmentation fault

ruby 1.8.4 (2005-12-24) [amd64-freebsd5]

Abort trap (core dumped)

I tried to reinstall both of them but no use. Have somebody experiencd 
and fixed such issue?


Thanks,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up VPN+IPSec+Racoon

2006-02-17 Thread Kövesdán Gábor


Mike Tancsa wrote:


On Thu, 16 Feb 2006 18:26:42 +0100, in sentex.lists.freebsd.questions
you wrote:

 


Hello,

it is the first time I have to set up such configuration. Could you tell 
me some guidelines? What should I care about? I see there's a chapter in 
the Handbook about VPN. It mentions the FAST_IPSEC kernel option in 
   

5.X. Should I use this implemetation or the KAME implementation? What 
 


are the differencies, and what are the advantages, disadvantages of each?
If you know some other good tutorial or howto, please let me know.

   




FAST_IPSEC allows for hardware crypto offloading (see man 4 crypto).
Even without it, the author claims its faster than KAME.  However, its
important to note FAST_IPSEC cannot work with INET6 in the kernel.
Also, you want to use it mostly with RELENG_6 if possible.  Also, dont
use racoon, better to use ipsec-tools.  Its also in the ports.

 


I meant that port, the binary called racoon there, too.


As for tutorials, google around and read through various posts.  There
is lots of good info out there.  Perhaps if you describe what you want
to do, people can make specific suggestions.

---Mike

 


Unfortunately, I haven't found a good howto. The situation is the following:
This project will be some kind of SMS service. The serv will connect to 
the SMS server and get the received SMSes, but the connection to the SMS 
server is only allowed via VPN. Here are two IP addresses, one of them 
is the VPN peers address. I have to set up a VPN connection to this host 
with 3DES SHA IPsec and a DH pre-shared key. The other IP address is the 
SMS servers adress but that is only accessible via VPN.


I've installed ipsec-tools, and tried to configure it, but I can't start 
racoon and I get a configuration file parse error. I couldn't found out 
which line is wrong. I just got this:

racoon: failed to parse configuration file.

Here is the racoon.conf:

# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $

path include @sysconfdir_x@/racoon;
#include remote.conf;

path pre_shared_key @sysconfdir_x@/racoon/vodafone.psk;
path certificate @sysconfdir_x@/cert;
log debug2;

# padding defines some padding parameters.  You should not touch these.
padding
{
   maximum_length 20;  # maximum padding length.
   randomize off;  # enable randomize length.
   strict_check off;   # enable strict check.
   exclusive_tail off; # extract last one octet.
}

# if no listen directive is specified, racoon will listen on all
# available interface addresses.
listen
{
   #isakmp ::1 [7000];
   #isakmp 202.249.11.124 [500];
   #admin [7002];  # administrative port for racoonctl.
   #strict_address;# requires that all addresses must be bound.
}

# Specify various default timers.
timer
{
   # These value can be changed per remote node.
   counter 5;  # maximum trying count to send.
   interval 20 sec;# maximum interval to resend.
   persend 1;  # the number of packets per send.

   # maximum time to wait for completing each phase.
   phase1 30 sec;
   phase2 15 sec;
}

remote 80.244.96.229
{
   exchange_mode main,aggressive;
   doi ipsec_doi;
   situation identity_only;

   my_identifier asn1dn;
   certificate_type x509 my.cert.pem my.key.pem;

   nonce_size 16;
   initial_contact on;
   proposal_check obey;# obey, strict, or claim

   proposal {
   encryption_algorithm 3des;
   hash_algorithm sha1;
   authentication_method pre_shared_key;
   dh_group 2;
   }
}

sainfo 80.244.96.229
{
   pfs_group 2;
   encryption_algorithm 3des;
   authentication_algorithm hmac_sha1;
   compression_algorithm deflate;
}


I've just modified what I considered necessary.

I haven't found anything useful with google. Please help me fixing this.

Thanks in advance,

Gabor Kovesdan

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Set up routing?

2006-02-17 Thread Kövesdán Gábor


Hello,

I'm trying to set up an additional routing for a host via a VPN tunnel 
with IPsec. The tunnel is working now, I see tcp packages going out with 
tcpdump, but IMCP host unreachable packages coming in from the VPN peer.

What I did:

route add A.B.C.D W.X.Y.Z

Where A.B.C.D is the target machine and W.X.Y.Z is the VPN peer. Now 
when I type netstat -rn, I see in these first two entries:


server# netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
defaultP.Q.R.SUGS 3 5369402848sk0
A.B.C.DW.X.Y.Z  UGHS0  667   gre0

It seems good to me, but it doesn't work. Am I doung something wrong?

I can reach the VPN peer with traceroute, but not the A.B.C.D machine.

Thanks in advance,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Setting up VPN+IPSec+Racoon

2006-02-17 Thread Kövesdán Gábor


Mike Tancsa wrote:


At 11:26 AM 17/02/2006, Kövesdán Gábor wrote:


Mike Tancsa wrote:


As for tutorials, google around and read through various posts.  There
is lots of good info out there.  Perhaps if you describe what you want
to do, people can make specific suggestions.

---Mike


Unfortunately, I haven't found a good howto. The situation is the 
following:




freebsd ipsec tutorial

in google comes up with a number of starting points including

http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD_Basics.html




This project will be some kind of SMS service. The serv will connect 
to the SMS server and get the received SMSes, but the connection to 
the SMS server is only allowed via VPN. Here are two IP addresses, 
one of them is the VPN peers address. I have to set up a VPN 
connection to this host with 3DES SHA IPsec and a DH pre-shared key. 
The other IP address is the SMS servers adress but that is only 
accessible via VPN.




First, you need to show what your policy is.

typical setup described is

internalNet_AexternalIP_A---internet-externalIP_BinternalNet_B 



Where internalNet_A needs to talk to internalNet_B in a safe and 
secure way.



So, identify what those parts of the policy are.

Put it in a shell script like

Bsubnet=172.24.0.17/29
BexternalIP=80.244.96.229
Asubnet=192.168.2.186/32
AexternalIP=80.98.231.227
setkey -F
setkey -FP

/usr/sbin/setkey -c EOF1
spdadd $Asubnet $Bsubnet any -P out ipsec 
esp/tunnel/$AexternalIP-$Bsubnet/unique;
spdadd $Bsubnet $Asubnet any -P in ipsec 
esp/tunnel/$Bsubnet-$AexternalIP/unique;

EOF1

This sets up the policy.

Type
setkey -DP

It will show you the installed policies.  Once you try and send some 
traffic across with PhaseI and PhaseII negotiated, you will see the 
associations with

setkey -D




I've installed ipsec-tools, and tried to configure it, but I can't 
start racoon and I get a configuration file parse error. I couldn't 
found out which line is wrong. I just got this:

racoon: failed to parse configuration file.



IPSEC Tools is fussy about where the config is.  Its saying it cant 
find the config.

Try racoon -d -f /usr/local/etc/racoon/racoon.conf


Also, make sure for your sainfo config, it must match your policies, 
otherwise it will hit the anonymous config. For your initial setup, 
try it with an anonymous config for now and then work on getting only 
a specific config.

e.g.
sainfo address 172.24.0.17/29 any address 192.168.2.186/24 any

Thanks, it seems to be okay now, racoon is running, and I see tcp 
packages going out via the VPN, but icmp host unreachable packets are 
coming from the VPN peer. I think there's some problem with the routing 
here, I started a new thread about this.


Thanks in advance,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Setting up VPN+IPSec+Racoon

2006-02-16 Thread Kövesdán Gábor


Hello,

it is the first time I have to set up such configuration. Could you tell 
me some guidelines? What should I care about? I see there's a chapter in 
the Handbook about VPN. It mentions the FAST_IPSEC kernel option in 
5.X. Should I use this implemetation or the KAME implementation? What 
are the differencies, and what are the advantages, disadvantages of each?

If you know some other good tutorial or howto, please let me know.

Thanks in advance,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: 6.0 on DVD

2006-02-11 Thread Kövesdán Gábor


RW wrote:


On Saturday 04 February 2006 13:38, Chris wrote:
 


It would be nice if FBSD offered at least a torrent download of the DVD.
If it's out there - where?
   



I'm not sure about this, but aren't the DVD versions created by a third-party 
company?
 

Afaik, only BSDMall sells DVD versions. The release building Makefile 
doesn't haven an option to build a DVD, but I agree it would be a nice 
feature.


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Ports vs. Gentoo Portage (a matter of concept)

2006-02-07 Thread Kövesdán Gábor


lars wrote:


FreeBSD Prospect [EMAIL PROTECTED] wrote:
 


Hi,

Reading a lot about FreeBSD recently made me really curious. I know, that the 
founder of Gentoo (the well known GNU/Linux meta-distribution, which is also 
based on compiling everything from source) was using FreeBSD for some time, 
before continuing creating Gentoo, what's why portage (the Gentoo software 
management system) is generally based on FreeBSD's ports. 

FreeBSD is generally seen as being more secure, more stable, has a lot more 
software in ports, and used to be the better choice especially for production 
servers. Now I am wondering, how this is even possible considering the 
following: 

- Portage divides all software into three states: hardmasked, masked 
unstable/testing (~arch) and stable (arch). 

- In ports there is no such difference, which means the lastest software is 
just available using the usual port management features, without the need to 
fiddle around with unmasking something, to be able to install it. In most 
cases (even the usual desktop stuff, like Gnome  KDE) software in ports is 
more up-to-date than in portage. 

That means, to be able to compare Gentoo Linux with FreeBSD, you would have to 
run a pure unstable (~arch) Gentoo system, which is generally not 
recommended, and especially not for a production system. 

So how is it possible, that FreeBSD is considered to be more suited as a 
production environment, if it runs the latest software-versions, which are 
considered unstable/testing in Gentoo? 
   


Since FreeBSD splits the system into (Kernel+Userland/World = base) and the 
rest,
the base is considered stable and recommended for production, whether the rest
is to be considered stable and usable for production is the responsibility
of the maker of that software and the user.

How can the FreeBSD project say whether some Oracle or PostgreSQL
port or package is stable enough for production?
 



How comes, that a FreeBSD system is considered to cause less work do 
administer this way (thinking of regular updates of installed ports, and if 
it's only for security fixes - compare that to the frequent changes in ~arch 
portage)? 
   


Exactly because of the split between Base (Kernel+Userland) and the
Rest.
 



And shouldn't a FreeBSD system break more often, if kept up to date on a 
regular basis (this is meant concerning the software installed from ports, 
not the base-system)? 
   


No it shouldn't and it also doesn't, thanks to the efforts of the
porters. Thanks guys!
 



Maybe I am missing something here, or maybe the procedure to get something 
into ports is different (more test in advance by the contributors/devs?), but 
I could not find more info about that matter until now. 

Don't get me wrong, I think the portage way with the three different states is 
useful, and the more I read about the ports system in FreeBSD, the less I 
think, ports are superior to portage (at least if you are used to portage and 
USE flags). But hands down, using Gentoo, even a stable (arch) system can 
break from time to time, and a mixture of stable (arch) and unstable/testing 
(~arch) packages may also not be the best approach (try to hold an unstable 
package by using something like =sys-apps/baselayout-1.12.0_pre13-r1 and 
see that particular ebuild disappear in favor of newer unstable versions with 
portage complaining about no suitable versions being available for your 
setup). 
   


That is exactly why a FreeBSD system is less of a hassle.
What's the point of all that masking and unmasking, stable and unstable?
Ontology is obsolete ;-)
 



The FreeBSD way, to split the base system (the OS itself) from addon software, 
is a really good idea, so that the base system can be kept stable and profen 
to be well tested, but I just don't understand, how this is fitting under one 
hat, with having a stable OS  all the lastest add-on software installed. How 
does this work out in the FreeBSD world?
   


It works out great, because people know whom to complain to.
Why complain to the system guys when GNOME is broken?



But there is something to your argument, Ports are a moving target.

But packages aren't. And when installing a Port you create a package.
So if you're happy with that particular version of the Port, save the
package.
 

I also consider it very important. Before a release comes out there is a 
code freeze to ensure that the code is very stable and reliable, and 
only security fixes and bugfixes can be committed with the particular 
approval from the releng team. Similarly, there is a ports freeze before 
the release. This has the same goal for the ports tree, only the portmgr 
team can approve a commit. So, the ports tree gets well-tested and 
stable. After that it gets tagged and the package builds are done from 
this tagged version for the upcoming release. After the tagging the 
ports tree is open again. In this open state, less tested or less stable 
software might go to the ports tree, too,

Re: Possibility to submit requests for new ports?

2006-02-06 Thread Kövesdán Gábor


FreeBSD Prospect wrote:


Hi!

I was wondering, if there is any communication channel to request new ports.

I mean, isn't it likely, that a FreeBSD user (not a codergeek able to create 
ports himself) is looking for some software, which is available open-source 
for Linux, but hasn't been ported yet?


Wouldn't it be useful, to have an own mailing list for that?

Or is freebsd-ports thought to be suiteable for that matter (I am subscribed 
to that mailing-list, but didn't see much traffic until now, and no port 
requests at all)?


 


Hello,

I think freebsd-ports@ is suitable for that. It's true that we don't see 
port request there. Maybe this is beacuse the most used softwares are 
already ported. But I think new ideas are always welcome. Not only 
committers can help you, there are a lot of contributors subscribed to 
the freebsd-ports@ list, so please feel free to write there and maybe 
somebody will take care of your request.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: question

2006-02-05 Thread Kövesdán Gábor


Eduard Suica wrote:


   Hello, my name is Eduard Suica, and I'm representing RadGs Software. We developed a new Programming Language called Concept 
(visit our website www.radgs.com = made in Concept) . Concept is a language (Object Oriented) wich wants to develop server-side 
applications, but NOT only Web applications (like php). It makes it possible to develop fully desktop-style 
applications, that run on server-side, with an interface piped to the Client (on a network, Internet, etc). Our server 
is FreeBSD 6 and we had very good results. It was compiled on FreeBSD, and works just fine. We are interested on including Concept 
platform on FreeBSD distribution. Concept it's free, under a freeware licence. We are still to decide if it will be Open 
source or partially open source ... (with some obfuscated code to protect the kernel). How ever, we'll 
assume responsabilty over it.

An applications is for Concept what a database is for a database server. Something like 
an Application server.

My regards,
Eduard Suica

 


Hello,

Why don't you make a FreeBSD port and send it via send-pr?
Here's a useful documentation:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/index.html

Regards,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Getting a new server

2006-02-01 Thread Kövesdán Gábor


Lisa Casey wrote:


Hi,

My company (a medium sized ISP) has decided to replace one of our mail 
servers. We need more CPU power, memory, etc. My boss is talking about 
getting 2 good size hard drives with a raid card to mirror these. I 
was planning to install FreeBSD 5.3 (because that's the latest distro 
I have CD's for) unless anyone has a good reason why not.


I'll be installing Sendmail, mimedefang/spamassassin (somewhat CPU 
intensive), bind (for  a caching name server), Qpopper, procmail. We 
currently have 500 - 600 mail accounts on the current server, and plan 
to move these to the new server plus use the new one for growth (I 
don't know how quickly new mail accounts will be added, but say 20 to 
50 accounts per month.


I'd suggest using courier-imap or something else instead of qpopper. 
Afaik, qpopper supports only the mailbox format, which is slower and 
less secure than the maildir format used by modern pop3/imap servers. 
Courier-imap has a pop3 and an imap part, both of them have SSL support 
and are easily configurable. Your company migth benefit from running an 
imap server too. It has a bunch of advantages over pop3, so this might 
make your users feel more appreciated.


Regards,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Upgrading apache form 2.0.x to 2.2.x

2006-02-01 Thread Kövesdán Gábor


Kövesdán Gábor wrote:


Charles Swiger wrote:


On Jan 31, 2006, at 10:06 AM, Kövesdán Gábor wrote:

I've upgradde today, but SSL doesn't work with the old settings. I  
suspect something's wrong with my self-signed certificates. If I  
set SSLEngine On globally, I get this:


[Tue Jan 31 14:11:09 2006] [warn] RSA server certificate is a CA  
certificate (BasicConstraints: CA certificate (BasicConstraints: CA  
== TRUE !?)




Yeah, the RSA cert you use for your CA to sign other certs should 
not  be used as a host cert for SSL.  Generate a new RSA cert, 
generate a  CSR, and use the CA cert to sign your new RSA cert for 
the webserver:



   openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem - 
days 365
   openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out  
tmp.pem

   openssl ca -policy policy_anything -out newcert.pem -infiles tmp.pem
   #  (newcert.pem contains signed certificate, newreq.pem still  
contains

   #  unsigned certificate and private key)

Thanks, I see the point, but I don't really experienced in generating 
certs. The lines you wrote lead me to the following:


[EMAIL PROTECTED] openssl req -nodes -new -x509 -keyout newreq.pem -out 
newreq.pem -days 365

Generating a 1024 bit RSA private key
.++
..++
writing new private key to 'newreq.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or 
a DN.

There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:HU
State or Province Name (full name) [Some-State]:Budapest
Locality Name (eg, city) []:Budapest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:T-Hosting.Hu
Organizational Unit Name (eg, section) []:HTTP Server
Common Name (eg, YOUR name) []:server.t-hosting.hu
Email Address []:[EMAIL PROTECTED]
[EMAIL PROTECTED] openssl x509 -x509toreq -in newreq.pem -signkey 
newreq.pem -out  tmp.pem

Getting request Private Key
Generating certificate request
[EMAIL PROTECTED] openssl ca -policy policy_anything -out newcert.pem 
-infiles tmp.pem

Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
46641:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_lib.c:329:group=CA_default 
name=unique_subject
46641:error:02001002:system library:fopen:No such file or 
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:276:fopen('./demoCA/private/cakey.pem','r') 

46641:error:20074002:BIO routines:FILE_CTRL:system 
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278: 


unable to load CA private key
Segmentation fault (core dumped)

Could you tell me what's wrong?

Thanks,

Gabor Kovesdan



Hi again,

since then I've found a howto about certs: 
http://www.debian-administration.org/articles/284

I followed the steps, and now I have three separate files:
1, the ca cert, called cacert.pem
2, the signed cert, called cert.pem
3, the private key, called key.pem

My httpd.conf contains this about SSL configuration:

IfModule mod_ssl.c

NameVirtualHost 217.20.133.7:443
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl

SSLPassPhraseDialog  builtin

SSLCertificateFile /usr/local/etc/apache22/cert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/key.pem
SSLCACertificateFile /usr/local/etc/apache22/cacert.pem

SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex

SSLEngine   Off

/IfModule

Now, if I globally set SSLEngine On apache doesn't start and writes 
nothing to the error log. If I only set SSLEngine On is a VirtualHost 
section, I get the same Invalid method in request message.


Does somebody have any idea?

Thanks,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Getting a new server

2006-02-01 Thread Kövesdán Gábor

Hi,

Lisa Casey wrote:

Hi Gabor,

I'd suggest using courier-imap or something else instead of qpopper.
Afaik, qpopper supports only the mailbox format, which is slower and
less secure than the maildir format used by modern pop3/imap servers.
Courier-imap has a pop3 and an imap part, both of them have SSL
support and are easily configurable. Your company migth benefit from
running an imap server too. It has a bunch of advantages over pop3,
so this might make your users feel more appreciated.

I agree you have a pointg here, my main concerns are:

1) I'm used to Sendmail/Qpopper. I'm used to installing these,
maintaining these and troubleshooting these. I also want changing over
the mail server to be as seamless as possible for our customers. So I
don't really want to add a Courier-imap learning curve (for both
myself and my customers) right on top of things.

I see that, but it isn't so hard if you can use MySQL or OpenLDAP, and I
assume you can use MySQL at least. PostgreSQL is okay, of course. The
basic configuration is pretty straightforward. You have to set the basic
options about the behaviour of the imap server, then you have to create
an SQL table or an LDAP directory where you store all the mail account
information. Then you specify to the courier-server which SQL server,
which table, ... to use. That's it. There are a bunch of good howto
documents on the net, and if you use MySQL I can send you a sample
configuration, too. As for your customers, they dont have to learn
anything new about that. Courier-imap has a pop3 part, too, as I said,
so they can still use their mailer program set up. Using courier-imap
means you just more functionality, not less and not different.
As for sendmail, it can handle maildirs, I don't know how to configure,
because I use Postfix, but it can't be so hard.
Here are some howtos if you want to take a look. They use Postfix as an
MTA, but the courier-imap part is useful for you:

http://postfixwiki.org/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL
http://www.phparchitecture.com/howto_show.php?id=2
http://workaround.org/articles/ispmail-sarge/
http://www.marlow.dk/site.php/tech/postfix

2) I also am used to (and kind of like) having all of the mailboxes in
one location on the system (/var/mail/). How much of a performance hit
is there in mbox mailboxes vs mdir format mailboxes?

I managed to find a benchmark about this:
http://www.courier-mta.org/mbox-vs-maildir/

Anyway, here's a benchmark about MTAs if you're interested. Postfix does
much faster than sendmail. And much easier configurable, so it is also
easy to learn.

http://www-dt.e-technik.uni-dortmund.de/~ma/postfix/bench2.html

Regards,

Gabor Kovesdan

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Upgrading apache form 2.0.x to 2.2.x

2006-01-31 Thread Kövesdán Gábor


Hello,

I've upgradde today, but SSL doesn't work with the old settings. I 
suspect something's wrong with my self-signed certificates. If I set 
SSLEngine On globally, I get this:


[Tue Jan 31 14:11:09 2006] [warn] RSA server certificate is a CA 
certificate (BasicConstraints: CA certificate (BasicConstraints: CA == 
TRUE !?)


And httpd stops.
If I set it only in a VirtualHost section, the server is working, but I 
get this if I try to see that secured virtualhost:


[Tue Jan 31 14:13:59 2006] [error] [client 1.2.3.4] Invalid method in 
request \x80U\x01\x03


Could somebody help me fixing this? Googling didn't help too much.

Thanks in advance,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Upgrading apache form 2.0.x to 2.2.x

2006-01-31 Thread Kövesdán Gábor


Charles Swiger wrote:


On Jan 31, 2006, at 10:06 AM, Kövesdán Gábor wrote:

I've upgradde today, but SSL doesn't work with the old settings. I  
suspect something's wrong with my self-signed certificates. If I  set 
SSLEngine On globally, I get this:


[Tue Jan 31 14:11:09 2006] [warn] RSA server certificate is a CA  
certificate (BasicConstraints: CA certificate (BasicConstraints: CA  
== TRUE !?)



Yeah, the RSA cert you use for your CA to sign other certs should not  
be used as a host cert for SSL.  Generate a new RSA cert, generate a  
CSR, and use the CA cert to sign your new RSA cert for the webserver:



   openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem - 
days 365
   openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out  
tmp.pem

   openssl ca -policy policy_anything -out newcert.pem -infiles tmp.pem
   #  (newcert.pem contains signed certificate, newreq.pem still  
contains

   #  unsigned certificate and private key)

Thanks, I see the point, but I don't really experienced in generating 
certs. The lines you wrote lead me to the following:


[EMAIL PROTECTED] openssl req -nodes -new -x509 -keyout newreq.pem -out 
newreq.pem -days 365

Generating a 1024 bit RSA private key
.++
..++
writing new private key to 'newreq.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:HU
State or Province Name (full name) [Some-State]:Budapest
Locality Name (eg, city) []:Budapest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:T-Hosting.Hu
Organizational Unit Name (eg, section) []:HTTP Server
Common Name (eg, YOUR name) []:server.t-hosting.hu
Email Address []:[EMAIL PROTECTED]
[EMAIL PROTECTED] openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem 
-out  tmp.pem

Getting request Private Key
Generating certificate request
[EMAIL PROTECTED] openssl ca -policy policy_anything -out newcert.pem 
-infiles tmp.pem

Using configuration from /etc/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
46641:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_lib.c:329:group=CA_default 
name=unique_subject
46641:error:02001002:system library:fopen:No such file or 
directory:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:276:fopen('./demoCA/private/cakey.pem','r')
46641:error:20074002:BIO routines:FILE_CTRL:system 
lib:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:278:

unable to load CA private key
Segmentation fault (core dumped)

Could you tell me what's wrong?

Thanks,

Gabor Kovesdan

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How do I subscribe to this list?

2006-01-16 Thread Kövesdán Gábor


Rick McCombs wrote:



How do I subscribe to this list?
I could not find on the web how to subcribe.
I tried majordomo and apparently there is no majordomo.

Go to http://lists.freebsd.org/mailman/listinfo and choose the list You 
want to subscribe. Fill in the form, and follow the insructions.


Regards,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Users unknown in jail, what to do?

2005-12-30 Thread Kövesdán Gábor


Hello,

I've set up a jail and started it with:

jail -u root /path/to/jail hostname ip /bin/sh

When I tried to install a port inside the jail I got an error message 
that I don't have the mtree files. I don't know why those files haven't 
been built but I copied it from the host system to the jail. Now I get:


mtree: line 6: unknown user root
*** Error code 1

I copied passwd, master.passwd, group, nsswitch.conf files, too, but I 
get the same. Could somebody tell me how can I solve this?


Thanks in advance,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Simple question

2005-12-23 Thread Kövesdán Gábor


Teilhard Knight wrote:


as root:  /etc/gdm stop



Are you sure? I haven't tried it, but seems something is missing. 
Thanks anyway.


Teilhard. 


/etc/rc.d/gdm stop

See:
rc(8)
rcorder(8)
rc.conf(5)

Regards,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Download the whole ports tree

2005-12-17 Thread Kövesdán Gábor


RW wrote:


On Saturday 17 December 2005 07:54, Kris Kennaway wrote:
 


Well, if you really think you want this, then just:

cd /usr/ports
make fetch
   



Just idle curiosity, but does anyone have a feeling for how much that would 
download?
 

This would not fetch all of the distfiles, because there are broken 
ports that are unfetchable and the fetching would stop when reaching the 
first such port.


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Download the whole ports tree

2005-12-17 Thread Kövesdán Gábor


Michael C. Shultz wrote:


On Saturday 17 December 2005 09:03, Kövesdán Gábor wrote:
 


RW wrote:
   


On Saturday 17 December 2005 07:54, Kris Kennaway wrote:
 


Well, if you really think you want this, then just:

cd /usr/ports
make fetch
   


Just idle curiosity, but does anyone have a feeling for how much that
would download?
 


This would not fetch all of the distfiles, because there are broken
ports that are unfetchable and the fetching would stop when reaching the
first such port.

Gabor Kovesdan
   



Even with:  make fetch -i  ?

-Mike
 


Haven't tried, but I suppose it would be okay with -i.

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: which IRC server ?

2005-11-29 Thread Kövesdán Gábor


Frank Bonnet wrote:


Hello

I would like to setup an IRC server here to serve the students
community but I'm stuck to choose one in all those proposed in
the ports/irc directory ... I am at 6.0

Someone could help ?

Thank you !


I suggest UnrealIRCd and IRCServices. Both available as a FreeBSD port 
in the ports category, and both are easily configurable and reliable. 
UnrealIRCd is an advanced ircd, it has many extra features.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: 4.7 -- 6.0 via cvsup

2005-11-28 Thread Kövesdán Gábor


hal wrote:


I have a system running 4.7.  Can I upgrade it to
6.0 via cvsup?  If not what is the best way?

Afaik, You must upgrade to 5.x first and then You can move to 6.x. 
Anyway FreeBSD 4.x uses an older and slower filesystem UFS1, whilst 
FreeBSD 5.x and newer uses UFS2. Accordingly, a fresh install is 
recommended with the repartitioning of the disk.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: EM64T supported?

2005-11-17 Thread Kövesdán Gábor

EM64T is Intel's 64-bit processor architecture. It uses 64 bit registers 
so it gets around the 4GB limit. It is very similar to AMD64 
architecture and fully supported via the amd64 port. If You have an 
EM64T machine use the amd64 version of FreeBSD.


Cheers,

Gabor Kovesdan

Marc G. Fournier wrote:

First off, what is it?  On 32bit platforms, to address 4G of RAM, I 
recall that there is some sort of 'paging' that has to be done to 
address it ... does EM64T get around that somehow, or is this just 
another name for it?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

What happened with portaudit?

2005-11-06 Thread Kövesdán Gábor


Hello,

One of my machines I got a report about 3 vulnerable packages (php4, 
ruby, openssl) in tomorrows security run output, but in today's security 
run output all of them disappeared, but nobody upgraded or removed the 
affected packages. I reinstalled portaudit, refreshd its database, but 
now it reports 0 affected pakages. The pkg_info command lists that three 
packages, so they are still installed. Does anybody suspect what's wrong?


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Sed howto

2005-10-30 Thread Kövesdán Gábor




I concur.  The 20 pages on sed are probably part of what you want.  It
doesn't answer your besides... however.  Perhaps someone else can help
there.  Here's a link to O'Reilly:

http://www.oreilly.com/openbook/utp/UnixTextProcessing.pdf

 

It is a really such a book, that I should read. Not only the sed part, 
but the entire book seems interesting and useful. Thanks.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Sed howto

2005-10-28 Thread Kövesdán Gábor


Hello,

I'm looking for a good sed howto that can be useful for contributing to 
ports collection. Replacing text is I'm especially interested in. 
Besides, could somebody explain me, when we use USE_REINPLACE= YES and 
${REINPLACE_CMD}, and when we use just ${SED}?


Thanks in advance,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: automatic fsck -y at boot

2005-10-17 Thread Kövesdán Gábor


kyr wrote:


Hello,
   This is the first time I'm asking for help because all my other 
problems were solved by the handbook or other e-mails.


The question is how can i make freebsd to AUTOMATICALLY CORRECT (fsck 
-y not just fsck) the inconsistency of a HD at boot time after a power 
failure.


After a non clean shutdown I always have a problem with the /var 
partition (because the squid cache is there) it always corrects with 
the fsck -y in single mode manually but the problem is that the server 
is located in a basement where the access is not very easy especially 
when raining :(


Put in your /etc/rc.conf:
fsck_y_enable=YES

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Sharing /usr/ports

2005-09-24 Thread Kövesdán Gábor


Gordon Ross wrote:

I've got two FreeBSD 5.4 machines. One is a server, the other is a 
desktop.


I've mounted on the desktop the /usr/ports directory from the server. 
My idea being that I could share the one /usr/ports directory amongst 
my machines and save disc space, and also save having to recompile 
everything whenever I install a port.


My problem is that, if I do a make on one machine, I can't then do a 
make install on the other machine. (When I try, nothing happens)


I haven't mounted any of the directories from under /var/db (e.g. pkg, 
ports)


Is what I'm trying to do possible ?
If so, what am I missing or doing wrong ?


What if You do make FORCE_PKG_REGISTER=YES install on the client machine?

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Sharing /usr/ports

2005-09-24 Thread Kövesdán Gábor


Gordon Ross wrote:


On Sat, 24 Sep 2005, [ISO-8859-1] Kövesdán Gábor wrote:


Gordon Ross wrote:

I've got two FreeBSD 5.4 machines. One is a server, the other is a 
desktop.


I've mounted on the desktop the /usr/ports directory from the 
server. My idea being that I could share the one /usr/ports 
directory amongst my machines and save disc space, and also save 
having to recompile everything whenever I install a port.


My problem is that, if I do a make on one machine, I can't then do 
a make install on the other machine. (When I try, nothing happens)


I haven't mounted any of the directories from under /var/db (e.g. 
pkg, ports)


Is what I'm trying to do possible ?
If so, what am I missing or doing wrong ?

What if You do make FORCE_PKG_REGISTER=YES install on the client 
machine?



Hmm. No joy. Just the same, nothing. :-(


Then I suggest You doing make package instead of make install and 
then You will get a file called ${PORTNAME}-${PORTVERSION}.tbz. This is 
a simple package file, You can install this with pkg_add filename.tbz 
on all machines You want.


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: make release problem

2005-09-15 Thread Kövesdán Gábor


Beecher Rintoul wrote:

I just did a release snapshot and everything worked except the last steps 
creating the CD iso files. they simply don't exist. All of the supporting 
files are in place and I can do a mkisofs and create a bootable working disk. 
Can someone shed some light on how to get the script working? Here is the 
last part of make release:


Setting up FTP distribution area
0 blocks
0 blocks
touch ftp.1
Building CDROM live filesystem image
0 blocks
0 blocks
0 blocks
0 blocks
0 blocks
0 blocks
0 blocks
0 blocks
Setting up CDROM boot area
touch cdrom.1
Building CDROM disc1 filesystem image
0 blocks
0 blocks
Building CDROM disc2 filesystem image
touch cdrom.2
Building bootonly CDROM filesystem image
touch cdrom.3
Release done

TIA 


Beech

 


Did You set MAKE_ISOS like make MAKE_ISOS=YES release?

Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: GCC snapshots and the ports collection

2005-09-11 Thread Kövesdán Gábor


Kris Kennaway wrote:


On Sat, Sep 10, 2005 at 01:41:15PM +0200, K?vesd?n G?bor wrote:
 


Hello,

I have two issues with selecting the appropriate version of gcc:

1, There is the port net/verlihub, that needs gcc 3.3 that is broken 
under amd64. What solution do You recommend?
   



You could try it with the system compiler, but chances are it depends
on gcc 3.3 because later versions cannot compile it (they are stricter
about the conforming code they will compile, particularly C++)
 

I've tried it, but unfortunately it fails. If I download the official 
tarball and try to compile that, it succeeds, however. Accordingly, I 
think the port can be fixed to compile with the stock compiler, but 
unfortunately I can't figure out what the problem is.


2, There are gcc snapshots in the ports collection like lang/gcc34, 
lang/gcc40, lang/gcc41, but there aren't releaes, just snapshots. Are 
these gcc snapshots as reliable as the releases are? Can I use for 
instance lang/gcc34 for production goals instead of the stock compiler, 
or is it just for development/testing usage?
   



Not for building world, but you can use them for your own purposes.

 

But if these aren't so reliable as the gcc releases are, why don't we 
have the releases in the ports collection instead of the snapshots? Or 
has anybody thought of porting the official releases as lang/gcc401 or 
something like that?


Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

GCC snapshots and the ports collection

2005-09-10 Thread Kövesdán Gábor


Hello,

I have two issues with selecting the appropriate version of gcc:

1, There is the port net/verlihub, that needs gcc 3.3 that is broken 
under amd64. What solution do You recommend? I haven't used the 
compatibility layer yet, but what if I make buildworld/installworld to 
enable the compatibility layer? Is there any way to cross-compile ports 
similar to make TARGET_ARCH=i386 buildworld? Is this macro usable with 
ports collection like cd /usr/ports/lang/gcc33  make TARGET_ARCH=i386 
install?


2, There are gcc snapshots in the ports collection like lang/gcc34, 
lang/gcc40, lang/gcc41, but there aren't releaes, just snapshots. Are 
these gcc snapshots as reliable as the releases are? Can I use for 
instance lang/gcc34 for production goals instead of the stock compiler, 
or is it just for development/testing usage?


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: kill the zombie processes

2005-09-03 Thread Kövesdán Gábor


Akhthar Parvez K wrote:


HI all,

Is there any way to kill the zombie processes in FreeBSD other than 
rebooting the server. Thanks


 

Look for the pid number in the output of ps aux, and issue kill -KILL 
pid.
Normally kill sends a SIGTERM signal but if You specify the -KILL option 
it sends the SIGKILL signal.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Freebsd 6.0 Release Time

2005-08-22 Thread Kövesdán Gábor


Emanuel Strobl wrote:


What's TBA?

But I'd like to advise Pablo to go with 6.0-RC, or even with BETA3 if 
neccessarry, tracking a stable or RELEASE branch in FreeBSD is very easy 
and worth the building mechanisms, especially if you have 10 similar 
machines to maintain. You have a very convenient way to keep security 
risks minimalised and in almost any environment you'll benefit from the 
RELENG_6 performance and hardware enhancements.


 

That's TBD (= to be decided), not TBA. Jerry mispelled it. I would also 
use BETA3 or RC. It is very
easy to upgrade same machines. One can build an install disc on one of 
the machines and upgrade via
sysinstall with that disc. There's no need to do a 'make buildworld' on 
each machine.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

i386 compatibility under amd64

2005-08-16 Thread Kövesdán Gábor


Hello,

If I try to run an i386 binary uner amd64 I get this:

ELF interpreter /libexec/ld-elf32.so.1 not found
Abort trap

I have options COMPAT_IA32 in my kernel config file but I don't know 
what should I do besides this.


Cheers,

Gabor Kovesdan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: 4.7-Release

2005-08-08 Thread Kövesdán Gábor


Eric Wolfe wrote:

Hi, I'm trying to upgrade a system using 4.7 to 5.4 or whatever, but,  
I'm having problems finding 4.7 anywhere on the net to do the upgrade 
(since it asks for it). Any suggestions?

--Eric Wolfe


You don't need it. Just upgrade your source tree via cvsup and make 
buildworld and installworld. You can find further information about this 
kind of upgrading in FreeBSD Handbook. Anyway, FreeBSD 5.x has a new, 
better and faster filesystem and if You want to use it You should 
repartition your hard drive with an 5.4 install disc, but You could just 
refresh to 5.4 and keep the old filesystem untouched.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: gaim or aim on 5.4 amd64 ?

2005-08-07 Thread Kövesdán Gábor


Bill Schoolcraft wrote:


Hello Family,

I'm trying to get either GAIM or AIM to work on my 5.4 amd64 to no
avail.  It works on my 5.4 i386 and I was wondering if anyone can
help, here is my ports failure message for GAIM.  AIM reports only
being ported to i386.

#

[EMAIL PROTECTED] /usr/ports/net/gaim]- make install clean

===  gaim-1.2.1 has known vulnerabilities:
= gaim -- Yahoo! remote crash vulnerability.
  Reference:
http://www.FreeBSD.org/ports/portaudit/2701611f-df5c-11d9-b875-0001020eed82.html
= gaim -- MSN Remote DoS vulnerability.
  Reference:
http://www.FreeBSD.org/ports/portaudit/b6612eee-df5f-11d9-b875-0001020eed82.html
= gaim -- MSN remote DoS vulnerability.
  Reference:
http://www.FreeBSD.org/ports/portaudit/ad5e70bb-c429-11d9-ac59-02061b08fc24.html
= gaim -- remote crash on some protocols.
  Reference:
http://www.FreeBSD.org/ports/portaudit/889061af-c427-11d9-ac59-02061b08fc24.html
= Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/net/gaim.

#

Thanks in advance.

 

It isn't a compiling error. There is a tool called portaudit, which 
checks the ports against security vulnerabilities, and gaim 1.2.1 has 
some security issues, thus portaudit prevents You from installing it. Is 
your ports tree up-to-date? I don't think so. Gaim 1.2.1 is pretty old. 
Upgrade yout ports tree via cvsup and try again. If the new version has 
security issues, too, You could decide to configure portaudit to ignore 
this problem.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: rshd vs 5.4

2005-07-29 Thread Kövesdán Gábor


hal wrote:


Trying to connect to my new backup server running 5.4 using rsh fails.

It worked well on my old backup server running 4.7 P25.

inetd.conf has the /usr/libexec/rshd line un-commented.

hosts.allow permits the remote host to connect to rshd.

The rsh file in /etc/pam.d has been patched by hand and looks good.

The message I am getting after some timeout period is:

server.host.name: Connection refused

It appears that inetd, which is running by the way, is not starting  
rshd.


Can anyone give me a pointer or two to get this thing working?

hal


Unfortunately, I don't know the solution for your problem, but I'm 
really intersted what's the point in using rshd? SSH is more common and 
it is secure. Security is not necessary in a trusted subnet, but sshd 
would suffice your needs. And FreeBSD is shipped with a working sshd 
configurations, what You have to do is only enabling it in rc.conf.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD 6

2005-07-27 Thread Kövesdán Gábor


Nikolas Britton wrote:


On 7/26/05, Kövesdán Gábor [EMAIL PROTECTED] wrote:
 


Nikolas Britton wrote:

   


Is it just me or is -O2 now the default for kernel builds? What about
-Os, safe to use?



 


So is it for me. But if I specify some CFLAGS, for example -O3
-march=athlon64, the
building fails, but CFLAGS mustn't affect the kernel compiling process
afaik. There is
COPTFLAGS for that reason. I've also made a PR about this new, unwanted
behaviour,
but haven't got any answers so yet.

   



You are right, COPTCLAGS is for the kernel only. -O3 is not officially
supported for CFLAGS or COPTFLAGS. If you use -O3 for CFLAGS it will
break some ports. Also from my experience using anything higher then
CPUTYPE=p2 will break ports (like gstreamer).

This is what I normally add to my make.conf file:
CPUTYPE=p2
CFLAGS= -Os -pipes
COPTFLAGS= -Os -pipes
#CXXFLAGS= don't remember what I set this too, don't use it a lot.

If I want a port to build with different settings I just tell it to
inline... make CPUTYPE=p4 install clean etc.

 

Yes, I know -O3 isn't supported for either, but I didn't mean ports. The 
kernel building

fails with this:
CFLAGS=-O3 -march=athlon64
#COPTFLAGS=-O3 -march=athlon64   -This is commenred out!
And this breaks the kernel compiling. See this:

http://www.freebsd.org/cgi/query-pr.cgi?pr=83995



As far as -O2 as the default for the kernel... I thought it was more
important to have a small kernel then a faster but fatter one. The
smaller the kernel the more you can put in L1,2, and 3 cache and the
smaller the program the less it needs to hit ram, swap, and hard disk?
isn't this what apple does with their OS-X builds?
 


I also use -Os -march=athlon64 on the server I administer. :)

Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD 6

2005-07-27 Thread Kövesdán Gábor


Nikolas Britton wrote:


On 7/27/05, Kövesdán Gábor [EMAIL PROTECTED] wrote:
 


Nikolas Britton wrote:

   


On 7/26/05, Kövesdán Gábor [EMAIL PROTECTED] wrote:


 


Nikolas Britton wrote:



   


Is it just me or is -O2 now the default for kernel builds? What about
-Os, safe to use?





 


So is it for me. But if I specify some CFLAGS, for example -O3
-march=athlon64, the
building fails, but CFLAGS mustn't affect the kernel compiling process
afaik. There is
COPTFLAGS for that reason. I've also made a PR about this new, unwanted
behaviour,
but haven't got any answers so yet.



   


You are right, COPTCLAGS is for the kernel only. -O3 is not officially
supported for CFLAGS or COPTFLAGS. If you use -O3 for CFLAGS it will
break some ports. Also from my experience using anything higher then
CPUTYPE=p2 will break ports (like gstreamer).

This is what I normally add to my make.conf file:
CPUTYPE=p2
CFLAGS= -Os -pipes
COPTFLAGS= -Os -pipes
#CXXFLAGS= don't remember what I set this too, don't use it a lot.

If I want a port to build with different settings I just tell it to
inline... make CPUTYPE=p4 install clean etc.



 


Yes, I know -O3 isn't supported for either, but I didn't mean ports. The
kernel building
fails with this:
CFLAGS=-O3 -march=athlon64
#COPTFLAGS=-O3 -march=athlon64   -This is commenred out!
And this breaks the kernel compiling. See this:

http://www.freebsd.org/cgi/query-pr.cgi?pr=83995
   



Isn't their a way to overide any setting in make.conf by putting it (
-O flags ) inside the kernel config file, I seem to remember doing
something like that in the passed. Or you could do it all inline again
like: nice -20 make -j2 CYPUTYPE=p4 CFLAGS= -Os -pipe
KERNCONF=ME_COLONEL buildkernel
 


IIRC, the makeoptions option is to do this in the kernel config file.
E.g. makeoptions   MODULES_OVERRIDE= to skip modules building.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD 6

2005-07-26 Thread Kövesdán Gábor


Nikolas Britton wrote:


Do I always need to run 'make cleandepend' when rebuilding a kernel,
normally I build my kernels the old school way?

 

I suspect it is only needed, when You want to rebuild Your custom 
kernel, but haven't deleted
the /usr/src/sys/arch/compile/KERNCONF/ directory, so there is some old 
junk.



Is it just me or is -O2 now the default for kernel builds? What about
-Os, safe to use?

 

So is it for me. But if I specify some CFLAGS, for example -O3 
-march=athlon64, the
building fails, but CFLAGS mustn't affect the kernel compiling process 
afaik. There is
COPTFLAGS for that reason. I've also made a PR about this new, unwanted 
behaviour,

but haven't got any answers so yet.


The kernel build failed when it tired to compile the r128drm device.

Is it safe to run the ULE scheduler instead of the 4BSD scheduler, ULE
is commented out in the default kernel?

 

It's nice for me. I had a general protection fault, but I can't prove, 
that ULE made that,
I had similar with 4BSD. FreeBSD 6 is quite stable for me when I don't 
use my nve network

interface that has a poor driver.


Is the new ATA RAID stuff, metadata something, going to be backported
to 5.x? I'm trying setup a RAID 1 mirror with Intel ICH5R / Adaptec
HostRAID but it looks like it's not supported in 5.x

--

Feel free to add more questions to this thread.
___
 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Trouble with PHP4-extensions

2005-07-23 Thread Kövesdán Gábor


On 7/23/05, Jack Raats [EMAIL PROTECTED] wrote:


I had installed Apache, PHP4.40 and imap on a FreeBSD 5.4-STABLE server. It 
worked OK. I had to recompile IMAP and after this apache refuses to start. I 
have to recompile the php4-imap part of php.

How to do this?
Deinstall php4 completely and then reinstall it
or
Can i use the extensions to recompile only a part?

Met vriendelijke groeten
Jack Raats

Just delete only php4-imap with pkg_delete, then mkdir to 
/usr/ports/lang/php4-extensions and make config. Make only imap part 
selected and make FORCE_PKG_REGISTER=YES install.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ISOs

2005-07-21 Thread Kövesdán Gábor


Colin A. Aldred wrote:


Please can you tell me why there are two 'ISO' disc images for FreeBSD?

Namely:

5.4-RELEASE-i386-disc1.iso
5.4-RELEASE-i386-disc2.iso

Disc1 is larger than a standard CD so requires a DVD...so why bother
splitting them into disc1 and 2 when both would easily fit on one handy
DVD???
 

Beacuse not everybody can afford a DVD-writer. And FreeBSD is supposed 
to run on older hardware that doesn't even have a DVD-ROM drive. 
Releasing DVD images would be a nice feature, but CD images are still 
necessary for many people.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

What to do when panic?

2005-07-21 Thread Kövesdán Gábor


Hello,

I've never debugged FreeBSD, but now I've decided to help the testing 
process of  FreeBSD 6. I installed it, and then I had a panic. I got a 
debugger prompt, but I don't know what to do with that. I don't know the 
debugger commands. Please let me know what should I do when I have an 
another panic. What should I type and what kind of information should I 
send as a PR.


Thanks,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: What to do when panic?

2005-07-21 Thread Kövesdán Gábor


Scot Hetzel wrote:


On 7/21/05, Kövesdán Gábor [EMAIL PROTECTED] wrote:
 


FreeBSD 6. I installed it, and then I had a panic. I got a
debugger prompt, but I don't know what to do with that. I don't know the
debugger commands. Please let me know what should I do when I have an
another panic. What should I type and what kind of information should I
send as a PR.

   


Look at the FreeBSD Developer HandBook on debugging:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/debugging.html

http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html

Scot

 

Thanks for the quick answer. Just one more question: if I have a crash 
dump should I provide the whole of it? Or is there any way to obtain the 
useful information? I have 512MB memory and my network interface causes 
panics thus it would be very-very hard to upload the whole dump to make 
it online.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: ps -awux

2005-07-20 Thread Kövesdán Gábor


Akhthar Parvez. K wrote:


Hello,

When I run the command ps -awux from a user's bash shell(not root), it's 
listing the processes under the particular user only. Can anyone tell me why?


 


You must have these two sysctls set to 0:

security.bsd.see_other_gids
security.bsd.see_other_uids

This prevents that users see processes running under another uid.

Or You  must have mac_seeotheruids MAC module enabled. This module is 
for hardening the previous two sysctls.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Cross-compiling for other architectures

2005-07-19 Thread Kövesdán Gábor


Chris Hodgins wrote:


Is it possible to cross-compile the base system for the sparc
architecture from an x86 machine?  I thought I had seen an article on
setting this sort of thing up before but I can no longer find it.
 


You should use the TARGET_ARCH macro. See release(7).

Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Courier-IMAPD problem with fam(d)

2005-07-19 Thread Kövesdán Gábor


David Kelly wrote:

/var/log/maillog is spayed full of the following message repeated  
hundreds or thousands of times. No matter if the courier-imap port is  
with or with out FAM.


Jul 18 19:44:19 Grumpy imapd: Failed to create cache file:  
maildirwatch (dkelly)

Jul 18 19:44:19 Grumpy imapd: Error: Input/output error
Jul 18 19:44:19 Grumpy imapd: Check for proper operation and  
configuration

Jul 18 19:44:19 Grumpy imapd: of the File Access Monitor daemon (famd).

The only client used is Apple's Mail.app. This has been going on for  
the past year. Sometimes in spite of the error log messages all seems  
to be Good Enough. Then other times Mail.app can't hold a connection.


Elsewhere found a suggestion that the following in my FreeBSD-hosted  
Maildir would help, but has not:


% cd Maildir
% ln -s . .INBOX
% ln -s . .INBOX.

Just now when I deleted the above symbolic links, my mail downloaded  
altho there is another of the above imapd error messages in maillog,  
apparently one for each mailbox message downloaded.


When ever Mail.app gets stuck it seems like all is needed is for the  
mailbox directory to change somehow, or a message or two downloaded,  
deleted or something, then Mail.app is perfectly happy.


Bulk in maillog is nothing but a nuisance. Failed connection is  
worse. How the heck is fam supposed to be configured? Or how the heck  
can I get rid of it?


The mail/courier-imap port installs famd as a dependency, but You have 
to manually configure and start it. Take a look at 
/usr/local/etc/fam.conf. Anyway, this is a deficiency in the new 
versions of courier-imap. There isn't some kind of --without-fam 
configure options, the new versions require fam.
As for me, I had the same problem with it. My maillog was full of junk, 
but I didn't notice any kind of error. I could use imap well, but the 
junk in my log was very annoying, so I applied a little hack.
I did make patch and found the logging part of the source code and 
simply deleted those lines. Now, I had a well-working mail system and 
there isn't such junk in my maillog.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Courier-IMAPD problem with fam(d)

2005-07-19 Thread Kövesdán Gábor


David Kelly wrote:



On Jul 19, 2005, at 6:36 AM, Kövesdán Gábor wrote:



The mail/courier-imap port installs famd as a dependency, but You  
have to manually configure and start it. Take a look at /usr/local/ 
etc/fam.conf.



I don't see anything about starting there or in fam(1M) other than  
if fam is started by inetd.


Honestly speaking I don't know how to start it. Maybe inetd starts it, 
maybe courier-imap or You might start it manually?! Unfortunately I dont 
have such problems You have without fam. But if You have found out 
please let me know, I'm interested. :)


Anyway, this is a deficiency in the new versions of courier-imap.  
There isn't some kind of --without-fam configure options, the new  
versions require fam.



/usr/ports/mail/courier-imap/Makefile says fam is disabled by default:

OPTIONS=OPENSSL Build with OpenSSL  
supporton \
FAM Build in fam support for IDLE  
command off \
DRACBuild in DRAC  
support off \
TRASHQUOTA  Include deleted mails in the  
quotaoff \
GDBMUse gdbm db instead of system  
bdb off \
IPV6Build with IPv6  
support   on


If You take a look what the WITH_FAM macro actually does, You'll see it 
only adds fam as a dependency and adds some extra cc flags, but leave 
the CONFIGURE_ARGS untouched. Afaik fam can't be actually disabled in 
courier-imap.


.if defined(WITH_FAM) || exists(${LOCALBASE}/lib/libfam.so)
CONFIGURE_ENV=  CPPFLAGS=-I${LOCALBASE}/include \
   LDFLAGS=${LDFLAGS}
LDFLAGS+=   -L${LOCALBASE}/lib
LIB_DEPENDS+=   fam.0:${PORTSDIR}/devel/fam
.endif


I suspect but haven't been able to prove fam is somehow running, if  
only as a library linked to imapd. When Mail.app has connection  
problems its instantly disconnected but sometimes a few messages get  
thru. Sometimes a simple ssh to the FreeBSD machine, mutt to view the  
mailbox, close it with messages now tagged as old, is all it takes  
for Mail.app and courier-imap combination to be happy.


Likely there is the libfam.so linked, as You can see above, but that is 
only a prerequisite to use famd. Famd must be running as a separate 
process and courier-imap connects to famd with the help of libfam.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Change of FQDN

2005-07-18 Thread Kövesdán Gábor


Robert Slade wrote:


Hiya,

Just a quick question, I need to change the domain name of a machine
running 5.4. I see that it is set when the machine boots up but I can't
find out where is is set.

Rob

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
 


You can change it in /etc/rc.conf or via sysinstall.

Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

rcNG issue

2005-07-18 Thread Kövesdán Gábor


Hello,

I have a problem with my rcNG scripts. There are three scripts: 
named.sh, apache2.sh and proftpd.sh. Apache and ProFTPd require hostname 
resolving thus named should start firstly. The headers of my scripts are:


named.sh:

#!/bin/sh
#

# PROVIDE: named
# REQUIRE: SERVERS
# BEFORE:  apache2 proftpd mysqld
# KEYWORD: FreeBSD shutdown

. /etc/rc.subr





apache2.sh:

#!/bin/sh
#

# PROVIDE: apache2
# REQUIRE: NETWORKING SERVERS named
# BEFORE: DAEMON
# KEYWORD: FreeBSD shutdown

. /etc/rc.subr



proftpd.sh:

#!/bin/sh
#

# PROVIDE: proftpd
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: FreeBSD shutdown

. /etc/rc.subr





And when I enable all the three scripts in rc.conf, the apache hangs 
because it can't resolve the computer's hostname. It's really annoying, 
I have to manually start it after a reboot, or wait for the cronscript 
that checks whether it is running.

What's wrong?

Thanks in advance,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: rcNG issue

2005-07-18 Thread Kövesdán Gábor


Chad Leigh -- Shire.Net LLC wrote:



Where do these scripts live?  Are they in /usr/local/etc/rc.d?

If so, they run in lexographic order.  The rc ordering stuff does not  
apply to /usr/local/etc/rc.d



Thanks, they were there but I moved them.

Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Building an ISO for CD release of a custom FreeBSD 5.4

2005-07-13 Thread Kövesdán Gábor


Jonathan Beit-Aharon wrote:


I tried the following:

   cd /usr/src/release
   make release CHROOTDIR=/usr/v54export BUILDNAME=FBSD54_050712 
RELEASETAG=RELENG_5 \
   CVSROOT=:pserver:[EMAIL PROTECTED]:/home/ncvs 
EXTSRCDIR=/usr/src \
   MAKE_ISOS=/usr/v54export COMPAT_DISTS=compat4x 
OTHER_DISTS=manpages \

   NOPORTS=YES

It complained that the connection to the CVS repository is being 
refused.  I tried changing the CVSROOT to :pserver:[EMAIL PROTECTED] 
but that and several other protocol variations didn't help.   I can't 
see why -- does anyone know/care?   Is there a simple way to overcome 
this obstacle (is the documentation wrong/typo'ed)?


There are three main components of a custom install disc: Distributions 
(binaries), documentations, ports collection.
As for the binaries, they are built from /usr/src since You use EXTRCDIR 
macro. As for ports collection, it won't be integrated since You 
specified NOPORTS=YES. As for documentation, it will be built from the 
CVS repository if You don't specify EXTDOCDIR, so the documentation will 
be checked out from the repository and You can only specify a local 
directory where the CVS repository is mirrored, afaik. I haven't seen 
any example that used that pserver address. So You'd better mirror it 
with CVSup and then You could specify such /usr/home/ncvs, if your 
mirror is located under /usr/home/ncvs


Cheers,

Gábor Kövesdán

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: How to pass configure options

2005-07-11 Thread Kövesdán Gábor


[EMAIL PROTECTED] wrote:


Hi all,

How can I pass some extra configure options when making ports?

I could not find it on FAQ or handbook.

I´m using the hard way.

make fetch
cd work/someprog/
./configure --with...
cd ../../
make
make install

Is there any other way to do that from make command line?


- Marcelo



 


Try something like this:

make CONFIGURE_ARGS+=--with-feature1 --with-feature2 ... install

I'm not sure it works, but there is a CONFIGURE_ARGS macro in the ports' 
Makefile for this purpose and You should be able to extend that in this 
way afaik.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Make Image of Hard Drive

2005-07-10 Thread Kövesdán Gábor


Phusion wrote:


I recently built a FreeBSD server, and was wondering how I can make an
image of the hard drive. I am going to build an another FeeBSD server
using identical hardware. How can I make an image of the hard drive of
the original server I built and copy/install it to the new server?
Each server has a 6.4 GB hard drive. Is there a way I can create an
image then install via the network to a new server in the future if
need be? Let me know.

There is the dd command. You can make a copy into a file in the 
following way:


dd if=/dev/ad0s1a of=/usr/home/you/backup

(ad0s1a is your partition that You want to backup, and the backup goes 
to the /usr/home/you/backup file.)

Transfer the backup to the another machine and type:

dd if=/path/to/backup of=/dev/ad0s1a

It is very simple and straightforward. The if option always refers to 
the input and the of refers to the output. See dd(1) for further info.


There is an another utility made for complete partition backups, called 
dump. See: dump(8).


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Libz

2005-07-07 Thread Kövesdán Gábor


Frank de Bot wrote:

Recently a bug was discoverd which affected various unix platforms 
including FreeBSD. ( 
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc 
)


But it say it only affects the 5.x releases and not the 4. Is it true 
only the 5.x releases are affected? (I think it rather odd, because 
libz is pretty 'universal'



Hi,

Yes, it's true. Only 5.3 and 5.4 are affected. Colin Percival has 
confirmed this on the freebsd-security list.


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

sysctls issue


Hello,

I think the net.link.ether.inet.log_arp_movements and 
net.link.ether.inet.log_arp_wrong_iface sysctls should control the arp 
messages in /var/log/messages. I don't want to see this kind of errors, 
thus I've set them to 0. Now there mustn't be any arp logs in 
/var/log/messages, must they?


Actually, there has been one since I set the two sysctls:
Jun 28 12:51:42 server kernel: arplookup 195.70.50.6 failed: host is not 
on local network



Before I set them to 0, there had been much more arplookup messages, 
just the same as I wrote above. Have I missed something? Or should I 
post this issue as a bugreport?


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: bsdextended mac module question




I think you'll need to allow stat permission too - say rxs not
just rx.

You may also want to think about what this rule does to /tmp.

David.
 


Works fine in this way, thanks.

Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Remounting root


Hello,

could somebody tell me how to reboot the root filesystem in read-write 
mode under single user mode?


Thanks,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Remounting root




# mount -u /

The -u option is actually the update option, which tries to restore 
the mount options of the file system to the defaults defined in 
/etc/fstab

(which includes rw too).


I've tried it, but when I run fsck it wrtites:

** /dev/as0s1a (NO WRITE)

And if I try to enable MAC multilabeling or SoftUpdates I get:

tunefs: /dev/ad0s1a: Failed to write superblock


Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Remounting root



Probably because you have already remounted your root file system as 
read-write.


- Giorgos


Okay, thanks. :) You're right, I thought I should remount root in 
read-only mode to toggle multilabel since its setting is stored in the 
superblock, and when one change it one should write to the superblock.


Thanks,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

bsdextended mac module question

2005-06-27 Thread Kövesdán Gábor


Hello,

I try to make a bsdextended mac policy and when I add the following 
rule, I can't login with a simple user:


ugidfw add subject not uid root object uid root mode rx

This rule is for protecting root's files from others in any case.
And I've got the following message:

/libexec/ld-els.so.1: Cannot fstat /lib/libedit.so.4
Jun 27 10:36:25 localhost login: _secure_path: cannot stat 
/etc/login.conf: Permission denied


What's wrong?

Btw, could somebody tell what the a mode means in bsdextended rules?

Thanks,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

4.x - 5.x

2005-06-20 Thread Kövesdán Gábor


Hello,

it must be a well-discussed topic, but I don't know where to find a good 
description about upgrading from 4.x to 5.x. There is a production 
machine running 4.10 and the owner wants me to upgrade it to 5.4. Could 
somebody tell me the most important points to care? Or do You know a 
good howto?


Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: login.conf limits

2005-06-14 Thread Kövesdán Gábor


In this case it works.

Lowell Gilbert wrote:


What happens if testuser is assigned the default login class?  Does
the login still fail?  [If so, it has nothing to do with your login
settings.] 
 



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: login.conf limits

2005-06-14 Thread Kövesdán Gábor


Lowell Gilbert wrote:


Okay, so it is the login settings.

I'm a little suspicious of commenting out the lines in the middle of
the settings.  I think that may comment out the continuation
character, ending the setting at that point.  Try moving those lines
out of the way and rebuild the database.  It also might be a good idea
to include the default entry explicitly at the end, to make sure you
know you have good defaults.
 



I've made a new class with modifying the maxproc only and it works. I 
should modify the limits step-by-step to find which is wrong..

Thanks for the suggestion.

Cheers,

Gábor Kövesdán
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: login.conf limits


Hi,

The password entry:
testuser:$1$Q.F0GW3J$ylBS3GPfPbF4jjCbin2OP0:6673:6675:shuser:0:0:User 
:/home/testuser:/bin/sh


In the /var/log/auth.log I see this:
Jun 13 09:42:31 server sshd[63714]: Accepted keyboard-interactive/pam 
for testuser from 217.20.133.7 port 1049 ssh2


But my when I type my password:
Password:
Connection to 217.20.133.7 closed by remote host.
Connection to 217.20.133.7 closed.

Cheers,

Gábor Kövesdán

[EMAIL PROTECTED] wrote:


Hi,

What is shown in the logs? Why the connection failed?
Show the passwd entry for that user, or any other info the help
us.

- Marcelo Souza

 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Makefile question


Hello,

I'm trying to make a new port, but the software I'm porting has an 
awkward configure script, and when I run ./configure --prefix=/usr/local 
then every file goes to directly to /usr/local not to /usr/local/bin, 
/usr/local/etc, ...

Thus I would like to install it into /usr/local/appname.
I wrote to my Makefile:

GNU_CONFIGURE=  YES
CONFIGURE_ARGS= --prefix=${PREFIX}/appname

But the situation is the same. Everything goes directly to /usr/local, 
as if I wrote just --prefix=${PREFIX}.


What can I do now?

Cheers,

Gábor Kövesdán

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Makefile question

Oh, I didn't mean that. Both the configure script and the application 
Makefile are working. What I mean is,

that the configure script doesn't let me to specify --libdir, --bindir, ...
Thus a lot of files would be installed directly under the default 
${PREFIX}, which is /usr/local, that's why I

would like to specify a separated subdirectory under the ${PREFIX}, but my
CONFIGURE_ARGS=--prefix=${PREFIX}/appname doesn't work, but I don't know 
why.
I thought it is syntactically correct, but it had the same effect as is 
I wrote only ${PREFIX} instead of

${PREFIX}/appname.

Cheers,

Gbor Kvesdn

Dan Nelson wrote:


Maybe the problem is not the configure script but the Makefile install
target.  Check to see what the generated Makefile looks like.  It's
possible that it uses gnumake syntax, in which case you may need
USE_GMAKE=yes in the port Makefile.  Or, if it doesn't install many
files, you can just provide a do-install: target in your port Makefile
and install the files yourself.

 



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Makefile question

You misunderstood what I want. As I mentioned the configure script is 
awkward and I can't specify
--bindir, --libdir,  everything goes to the specified --prefix. Thus 
I won't have any subdirectories in

/usr/local/appname, just an executable and some sample config and doc.

Vasil Dimov wrote:


Who will find executables located in /usr/local/appname/bin/ ?
 



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Makefile question

Yes, it worked when I specified it by hand. But Johnny has found out 
what was the problem. The bsd.port.mk file
overrides the prefix, thus I had to specify my CONFIGURE_ARGS after the 
include line.


Cheers,

Gábor Kövesdán

Dan Nelson wrote:


Yes, that should have worked.  Does it do what you want if you manually
run ./configure --prefix=/usr/local/appname ?  If not, then the
configure script of the Makefile is broken, and you will need to patch
it or install the files yourself.

 



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Makefile question