Re: [Leaf-devel] Some small modifications to upgrade to libc 2.2 documentation
Hello SImon, Kim and others on this thread. First of all sorry for the late response of the bering crew. Jacques is out of town for the rest of this week, and I just ended a 24 Hr shift , so i wasn't able to read the mails. To answer a few questions. The lrpkg.back.script is name dependent. With the usual *.list etc is a include and exclude file list created. Before the create and compress the tar file command is executed, there is a statement like If the name is initrd. then gzip the image and write it to initrd.lrp otherwise create a tar file and gzip it. I planned a rewrite of the script but jacques and I agreed that it wouldn't be good to make a complete change on a 3. release candidate (this will be something for 1.1 :) ) I don't see a problem for a larger initial ramdisk, but this is more Jacques area ;) I will be away for a vacation also, so please excuse If you don't get an immediate answer. Greetings Eric Wolzak member of the Bering team Hi Kim On Mon, Jun 24, 2002 at 03:05:38PM +0200, [EMAIL PROTECTED] said: Aanhalen Simon Blake [EMAIL PROTECTED]: Really? It worked for me - the packages out the far end were perfectly backupable. I fail to see what temporary name you give your image while you populate it important - what is crucial is that at the end of the process, the image must be gzipped, and called initrd.lrp. How you get to that stage is up to you. Was this on a RC3 or a RC2 machine? If it was on RC3 can somebody of the bering crew confirm that something changed in the backupscript the fix the problem I had with backing up under RC2. Both - but in both cases you have to tell lrcfg.back.initrd the size of the initrd to make - ie increase INITRD_SIZE from 1500 to 2000. I've amended the recipe to specifically point that out, but as long as you do that, both RC2 and RC3 work fine. Judging by the timestamps, I don't think anything about the backup scripts has changed between RC2 and RC3 I am not really getting an error I get a package that is too small to be right. If I reboot I get a kernel panick attempt to kill init. And yes I do rename the package to initrd.lrp How much to small? 600Kb, rather than 650Kb? If that's the case, it sounds like you need to increase INITRD_SIZE as above. Bering team, is there any reason the default ramdisk size can't be 2MB? I don't think it would make more than a few bytes difference to the size on disk. Cheers Si --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Introducing myself
On Wed, Jun 26, 2002 at 09:36:46AM +0100, Luis.F.Correia wrote: To my (slight) surprise, Mike invited me to join LEAF as a developer. Welcome! Welcome to all! My knowledge in Linux is relatively small. My main work, training and experience is with Windoze. It may suck but that's what pays :) Ah, but for me, UNIX is what pays :P --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] OpenSSH security
On Mon, Jun 24, 2002 at 03:14:39PM -0700, Mike Noyes wrote: There is a problem with OpenSSH. [Fwd: [SECURITY] [DSA-134-1] OpenSSH remote vulnerability] Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH (a free implementation of the Secure SHell protocol). They are refusing to provide any details on the vulnerability but instead are advising everyone to upgrade to the latest release, version 3.3. Sounds like the bug isn't fixed but a work-around exists... Here is how the Mandrake Security Release reads: Mandrake Linux Security Update Advisory Package name: openssh Advisory ID:MDKSA-2002:040 Date: June 24th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 Problem Description: Details of an upcoming OpenSSH vulnerability will be published early next week. According to the OpenSSH team, this remote vulnerability cannot be exploited when sshd is running with privilege separation. The priv separation code is significantly improved in version 3.3 of OpenSSH which was released on June 21st. Unfortunately, there are some known problems with this release; compression does not work on all operating systems and the PAM support has not been completed. The OpenSSH team encourages everyone to upgrade to version 3.3 immediately and enable privilege separation. This can be enabled by placing in your /etc/ssh/sshd_config file the following: UsePrivilegeSeparation yes The vulnerability that will be disclosed next week is not fixed in version 3.3 of OpenSSH, however with priv separation enabled, you will not be vulnerable to it. This is because privilege separation uses a seperate non-privileged process to handle most of the work, meaning that any vulnerability in this part of OpenSSH will never lead to a root compromise. Only access as the non-privileged user restricted in chroot would be available. MandrakeSoft encourages all of our users to upgrade to the updated packages immediately. This update creates a new user and group on the system named sshd that is used to run the non-privileged processes. References: http://marc.theaimsgroup.com/?l=openssh-unix-devm=102495293705094w=2 --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] OpenSSH security
On Wed, 2002-06-26 at 07:05, David Douthitt wrote: On Mon, Jun 24, 2002 at 03:14:39PM -0700, Mike Noyes wrote: There is a problem with OpenSSH. [Fwd: [SECURITY] [DSA-134-1] OpenSSH remote vulnerability] Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH (a free implementation of the Secure SHell protocol). They are refusing to provide any details on the vulnerability but instead are advising everyone to upgrade to the latest release, version 3.3. Sounds like the bug isn't fixed but a work-around exists... David, You're correct. There are a list of recent security advisories on this at: http://www.linuxsecurity.com/advisories/index.html NetSecurity has an in-depth article on this vulnerability. http://www.net-security.org/article.php?id=138 -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [Leaf-devel] Hi there, and (bug?) report
if you included your package name as the last one, did you produce an extra line at the end? Debian based systems like and extra line at the end. Or I might also be wrong :) -Original Message- From: Jon Clausen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 9:57 AM To: [EMAIL PROTECTED] Subject: [Leaf-devel] Hi there, and (bug?) report Hi everyone I must say I was quite flattered to be invited to join ;) I don't see myself as much of a capacity, being the relative newbie and all, but hey, if I can help out in any way, I'll be glad to... Quick rundown: My name is Jon Clausen, I'm 36 and have been using linux (SuSE mostly) for some three years now. I've been using LRP/LEAF for little over a year. I'm not exactly sure what I'll be able to help with in this group, but I guess we're about to find out :) Some of you might remember me from leaf-user, in such threads as 'How do I access the weblet from outside' and more recently my 'blinder' project. I think that small write-ups, like the one about the weblet, is probably a pretty good sample of what I might help out with. Which brings me to the second item on the agenda for this mail: I've now gotten to the point where my blinder software is working, and the stuff is in the right locations in the filesystem. And I have managed to make a blinder.lrp out of it. I did have *some* trouble making the package, though. Following the 'how do I create an lrp-package', everything went well, until steps 5/6. step5: Edit /var/lib/lrpkg/packages, to trick the backup system into believing that the package is already installed step6: Go to the backup menu. And I quote If you don't have a backup option for your package, you didn't do step 5 correctly. checked, doublebechecked, rechecked, no joy. Tried remoing some of the other package names from .../packages, no change in the backup menu... I then tried renaming .../packages to something else, and *no* change in the backup menu(?!) So I started looking through the scripts, and found that what is actually checked by lrcfg.back, in the sub SetPkg() is /var/lib/lrpkg/backdisk. So I put 'blinder=-t msdos...' at the end, fired up lrcfg, and lo and behold, I had the option :) So either something is weird on my host (bering 1.0rc2), there's a bug in the backup scripts somewhere, or the documentation is not quite up to par... I haven't checked anything much, but I thought I might as well let you all know what I found... cheers, Jon Clausen --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, Jun 26, 2002 at 06:27:31PM +0100, Luis.F.Correia wrote: if you included your package name as the last one, did you produce an extra line at the end? Debian based systems like and extra line at the end. Or I might also be wrong :) No,no, you're quite right in that there should be an empty line at the end (if that's what you meant), at least that's what I learned from the docs... But that was exactly one of the things that I checked. I did try out a couple of things before I started reading through the scripts: - Check that indeed there were empty lines in all the files (.list .conf .version and .help) - Move my package name up among the others listed in 'packages' - Tried (just for the h*ll of it) to add the package to syslinux.cfg - shuffle the order in 'packages' You know, just 'o.k. so what if I push *this* button'... also I did restore whatever files to their original state before I started down a new path. None of it made any difference, but when not even renaming 'packages' to 'packs.safe' had any effect on the backup list... I started thinking that something might have changed on Bering, that wasn't reflected in the docs. I know that some things *did* change, because Dachstein which is what I've been using 'till now, doesn't have the 'backup floppy' option... Am I the only one who saw this? 'cause if I am, I must presume something is amiss wrt to my system... Nice thing is, that I managed to make the package anyway, and I can now try it out on a newer Bering... :) Comments welcome. Cheers, Jon P.S. I posted the first msg *hours* ago... Is this delay normal, or is there something in my mail setup that's confusing the list server? I recently switched from Kmail to Postfix/Fetchmail/Procmail/Mutt, and I wouldn't be surprised if something *is* shady in that department... --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, 2002-06-26 at 11:09, Jon Clausen wrote: P.S. I posted the first msg *hours* ago... Is this delay normal, or is there something in my mail setup that's confusing the list server? I recently switched from Kmail to Postfix/Fetchmail/Procmail/Mutt, and I wouldn't be surprised if something *is* shady in that department... Jon, I see a lag in your posts of +7 hrs. and -20 min. I don't know what happened to your post earlier today, but a lag that large is not normal. Is the clock on your system set correctly? The second post seems to indicate it's not. Message-ID: [EMAIL PROTECTED] Wed, 26 Jun 2002 10:57:04 +0200 (CEST) Wed, 26 Jun 2002 13:22:53 -0400 (EDT) Message-ID: [EMAIL PROTECTED] Wed, 26 Jun 2002 20:09:45 +0200 (CEST) Wed, 26 Jun 2002 14:51:09 -0400 (EDT) -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, 2002-06-26 at 12:26, Mike Noyes wrote: On Wed, 2002-06-26 at 11:09, Jon Clausen wrote: P.S. I posted the first msg *hours* ago... Is this delay normal, or is there something in my mail setup that's confusing the list server? I recently switched from Kmail to Postfix/Fetchmail/Procmail/Mutt, and I wouldn't be surprised if something *is* shady in that department... Jon, I see a lag in your posts of +7 hrs. and -20 min. I don't know what happened to your post earlier today, but a lag that large is not normal. Is the clock on your system set correctly? The second post seems to indicate it's not. Message-ID: [EMAIL PROTECTED] Wed, 26 Jun 2002 10:57:04 +0200 (CEST) Wed, 26 Jun 2002 13:22:53 -0400 (EDT) Message-ID: [EMAIL PROTECTED] Wed, 26 Jun 2002 20:09:45 +0200 (CEST) Wed, 26 Jun 2002 14:51:09 -0400 (EDT) Jon, Disregard the system clock comment. Apparently I'm unable to do simple math today. :-( May I have the dunce cap please. -- Mike Noyes [EMAIL PROTECTED] --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, Jun 26, 2002 at 10:57:04AM +0200, Jon Clausen wrote: Quick rundown: My name is Jon Clausen, I'm 36 and have been using linux (SuSE mostly) for some three years now. I've been using LRP/LEAF for little over a year. How about a round of (re)introductions? Just an idea... I then tried renaming .../packages to something else, and *no* change in the backup menu(?!) So I started looking through the scripts, and found that what is actually checked by lrcfg.back, in the sub SetPkg() is /var/lib/lrpkg/backdisk. So I put 'blinder=-t msdos...' at the end, fired up lrcfg, and lo and behold, I had the option :) So either something is weird on my host (bering 1.0rc2), there's a bug in the backup scripts somewhere, or the documentation is not quite up to par... Isn't backdisk and lrcfg.back specific to Dachstein and Bering? Oxygen doesn't have it and neither does LRP, as far as I know. I would also argue that the problem you ran into is an example of a surprise and should be fixed. --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
Mike Noyes wrote May I have the dunce cap please. -- Mike Noyes [EMAIL PROTECTED] /me slides cap to Mike sp You can have it, I'm tired of wearing it :) and now a word from our sponer's.. This moment brought to you by D'oh Unlimited... Bringing public moments to you for a lifetime ;) --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
Hi, So either something is weird on my host (bering 1.0rc2), there's a bug in the backup scripts somewhere, or the documentation is not quite up to par... I had the same problem when trying to build a package for openvpn ( openvpn.sourceforge.net) I think that the documentation doesn't (yet) describe the changes in the dachstein backup scripts made ( by Charles) to support the partial backup when he released dachstein CD Just my 2 (euro) cents Regards I haven't checked anything much, but I thought I might as well let you all know what I found... cheers, Jon Clausen --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, Jun 26, 2002 at 10:57:04AM +0200, Jon Clausen wrote: Hi everyone Hi! You said you were wondering about mail problems? My setup must be quite similar to yours; I use Postfix + Cyrus IMAP + Fetchmail + Mutt, and it works well. I also prefer KMail while using KDE... I'll take an attempt at analyzing this... I like the challenge. I trust and hope that someone will tell me if I get this wrong... Here's some of the headers from your first message (some lines'll wrap...): Received: from qst.callsign.net (unix.hoseo.ac.kr [203.241.128.39]) by mailbag.com (8.12.2/8.12.2) with ESMTP id g5QHNNAt018534 for [EMAIL PROTECTED]; Wed, 26 Jun 2002 12:23:24 -0500 26 Jun 17:23:24 UTC Received at my main mailbox (mailbag.com) from my redirector. Received: from SMTP32-FWD by qst.callsign.net (SMTP32) id A04BC; Wed, 26 Jun 2002 17:26:54 + Received: from usw-sf-list2.sourceforge.net [216.136.171.252] by qst.callsign.net with ESMTP (SMTPD32-7.07) id A95DEB30090; Wed, 26 Jun 2002 17:26:53 + 26 Jun 17:26:54 UTC Received at my main mail redirection service (callsign.net) Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13] helo=usw-sf-list1.sourceforge.net) by usw-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17NGUW-0004F8-00; Wed, 26 Jun 2002 10:22:04 -0700 Received: from cicero0.cybercity.dk ([212.242.40.52]) by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17NGPQ-0004Ls-00 for [EMAIL PROTECTED]; Wed, 26 Jun 2002 10:16:48 -0700 26 Jun 17:22:04 UTC Processed at SourceForge (sourceforge.net). 26 Jun 17:16:48 UTC Received at SourceForge (sourceforge.net). Received: from a13-8.kinkon (port115.ds1-noe.adsl.cybercity.dk [212.242.52.118]) by cicero0.cybercity.dk (Postfix) with ESMTP id 2E6B8102942 for [EMAIL PROTECTED]; Wed, 26 Jun 2002 10:57:05 +0200 (CEST) 26 Jun 08:57:05 UTC Received at cybercity.dk. Received: by a13-8.kinkon (Postfix on SuSE Linux 8.0 (i386), from userid 500) id BF1D31A20E; Wed, 26 Jun 2002 10:57:04 +0200 (CEST) 26 Jun 08:57:04 UTC Received at kinkon. In short: 26 Jun 17:23:24 UTC Received at my main mailbox (mailbag.com) 26 Jun 17:26:54 UTC Received at my main mail redirection 26 Jun 17:22:04 UTC Processed at SourceForge (sourceforge.net). 26 Jun 17:16:48 UTC Received at SourceForge (sourceforge.net). 26 Jun 08:57:05 UTC Received at cybercity.dk. 26 Jun 08:57:04 UTC Received at kinkon. It doesn't appear to be some sort of bad time setting, either on kinkon, cybercity.dk, OR sourceforge.net. I deduce this because: 1) the host cicero0.cybercity.dk (212.242.40.52) and kinkon (212.242.52.118) are separate hosts yet have same time (8:57 UTC give or take) and same timezone (CEST); 2) hosts beyond cicero0.cybercity.dk are all different timezones except they have the same time UTC (after accounting for the U.S. 12-hour clock). From 08:57:05 UTC to 17:16:48 UTC it remained on cicero0.cybercity.dk (212.242.40.52). It appears to me that cybercity.dk held your mail for 8.25 hours... (!) --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, 2002-06-26 at 13:37, David Douthitt wrote: 26 Jun 17:23:24 UTC Received at my main mailbox (mailbag.com) 26 Jun 17:26:54 UTC Received at my main mail redirection 26 Jun 17:22:04 UTC Processed at SourceForge (sourceforge.net). 26 Jun 17:16:48 UTC Received at SourceForge (sourceforge.net). 26 Jun 08:57:05 UTC Received at cybercity.dk. 26 Jun 08:57:04 UTC Received at kinkon. It doesn't appear to be some sort of bad time setting, either on kinkon, cybercity.dk, OR sourceforge.net. I deduce this because: 1) the host cicero0.cybercity.dk (212.242.40.52) and kinkon (212.242.52.118) are separate hosts yet have same time (8:57 UTC give or take) and same timezone (CEST); 2) hosts beyond cicero0.cybercity.dk are all different timezones except they have the same time UTC (after accounting for the U.S. 12-hour clock). From 08:57:05 UTC to 17:16:48 UTC it remained on cicero0.cybercity.dk (212.242.40.52). It appears to me that cybercity.dk held your mail for 8.25 hours... (!) David, Nice job. :-) I should have looked for the machine causing the lag also. I'm keeping this analysis as a template for future troubleshooting. -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] OpenSSH security
On Wed, 2002-06-26 at 08:08, Mike Noyes wrote: On Wed, 2002-06-26 at 07:05, David Douthitt wrote: Sounds like the bug isn't fixed but a work-around exists... David, You're correct. There are a list of recent security advisories on this at: http://www.linuxsecurity.com/advisories/index.html NetSecurity has an in-depth article on this vulnerability. http://www.net-security.org/article.php?id=138 Everyone, The vulnerability details are now public. http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Development Annoyances...
There's an annoyance that comes up only in development, and I was wondering how others handle it. The problem is this: a development cycle (for me, anyway) goes like this: boot, fiddle, doesn't work fix, reboot, fiddle, fiddle, reboot, fiddle... NOW it works... However. NOW the disk image is configured for my environment, and needs to be cleaned out. The usual way is to go back through ALL configurations, reading and using grep, et al. Isn't there a better way? I was wondering... what if you set up some sort of new pkg.cf (for configuration files) or pkg.sane (for sane configuration :) file (or whatever it is) that allows you to ERASE those files entirely. This would assume that the configuration files are matched by conffile-dist files for example... Perhaps: cd /var/lib/lrpkg for i in $(cat $PKG.cf) ; do mv ${i}-dist $i done rm $PKG.cf apkg -s $PKG # save package... The other annoyance in development is this - to restate the above dev. cycle slightly: bot. diddle, diddle, fix, reboot diddle, patch, fix, save, rebot You get the idea :-) What's the best way to get around this? Besides getting a cup of coffee, I mean :-) I've tried UMLinux but that never did work and seemed to require a patched system. I think VMWare worked, I forget but $300+? Someday... --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Mail headers
On Wed, Jun 26, 2002 at 01:53:36PM -0700, Mike Noyes wrote: Nice job. :-) Thank you! I'm still learning. Mail processing has been a weak point; now that I've three of my own domains and am serving all of them on one mailserver I think I've learned something along the way - at least I hope so... I should have looked for the machine causing the lag also. I'm keeping this analysis as a template for future troubleshooting. Thanks for the compliment! The biggest thing that helped me was to convert to UTC - and to remember things like: 1. Some U.S. (North American?) hosts don't report time in 24h format. So 01:15:01 -007 could be 08:15:01 UTC or it could be 20:15:01 UTC. 2. Sometimes the timezone is wrong but the time is right... or worse... 3. Don't forget that sometimes headers lie - that is, they are forged headers - but if you aren't looking at spam, they should be valid. I'm trying to learn all I can about mail; need to be up to speed so I can do it right. --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Mail headers
On Wed, 2002-06-26 at 14:14, David Douthitt wrote: On Wed, Jun 26, 2002 at 01:53:36PM -0700, Mike Noyes wrote: The biggest thing that helped me was to convert to UTC - and to remember things like: 1. Some U.S. (North American?) hosts don't report time in 24h format. So 01:15:01 -007 could be 08:15:01 UTC or it could be 20:15:01 UTC. 2. Sometimes the timezone is wrong but the time is right... or worse... 3. Don't forget that sometimes headers lie - that is, they are forged headers - but if you aren't looking at spam, they should be valid. I'm trying to learn all I can about mail; need to be up to speed so I can do it right. David, It looks like you're doing a great job. The only two things I can add to the cogent advice above are: 1. Join the mailing list for the MTA you use. 2. Evaluate the use of SpamAssassin at SMTP time. http://marc.merlins.org/linux/exim/sa.html -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Development Annoyances...
On Wednesday 26 June 2002 16:24, Michael D. Schleif wrote: This is pretty much where Serge Caron came in with `enclosures' . . . at least, part of his enclosure construct does exactly what you describe . . . I use it for early package development. It's nice to simply delete the update(d) package and have a clean system again. I'm using a PacketFilter box in production as well the connection auto-detection and hardened system is pretty much 'boot and forget' depending on your particular use(s). There are some very interesting things in there ;-) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, Jun 26, 2002 at 09:53:35PM +0200, Etienne Charlier wrote: Hi, So either something is weird on my host (bering 1.0rc2), there's a bug in the backup scripts somewhere, or the documentation is not quite up to par... I had the same problem when trying to build a package for openvpn ( openvpn.sourceforge.net) I think that the documentation doesn't (yet) describe the changes in the That's pretty much what I suspected. Especially since it worked (well looked/behaved as such) nicely after I made the change in backdisk instead of packages... But other than making the entry in backdisk, should I also be adding it to packages, or will the system do that when the package gets loaded on next boot? Anything else? So I guess the docs need updating? And in that case; Would it be a matter of simply adding a note about this difference in Dach/Bering? Or are there more things should be added? TIA Jon --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Weblet-webconfig
## Moved from (leaf-user) # On Wednesday 26 June 2002 17:33, Richard Amerman wrote: I currently have a modification that has a new list of all the configuration files on the left side. I have included all the main networking files, modules file, ppp files, and all of shorewall. I did this with a combination of index.html modification (including some cleanup, primarily with an added style entry above that took out all the remaining style info bellow) and some changes in the showlogsx cgi scripts. Very nice, Bering is setup nicer in this way. DF's network.conf really needed to be chopped up to be cleaner in the end. I'm modularizing the configuration which can reduce the total space taken up and also allow for reduced (auto-)backup time/resources. I am planning to look at something along the lines of SSL for authentication or a SUID binary, but I haven't researched into how feasible this would be. In any regards, some form of authentication needs to be implemented. I plan on setting up a demo box outside our firewall that everyone can access to check out these changes. I will let the list know when I have this set up. Neat, let us know! ;-) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Re: OpenSSH security
I got OpenSSH 3.3p1 working today with priv separation, but compression must be disabled (mmap error.) A couple of questions: - 3.3p1 with priv separation wants to have a sshd user and a sshd group. Those aren't in Bering or Oxygen's passwd/group/shadow files. I made the accounts UID 22 and GID 22 here; do you all have any suggestions for what UID/GID should be? Do you all see any problems with adding it into the standard LEAF distros (Dachstein/Oxygen/Bering/etc?) Or do you all favor changing the opensSHH code to use an existing user/group? - Eric Wolzak indicates Jacques won't be back till next week, but that's when the vulnerability details are supposed to be published. For management reasons I have a need to deploy the fix before Monday. :-) The package I have is based on Jacques' package, but compiled for libc 2.1.3 (Oxygen). If you want, I'll be happy to A) recompile for libc 2.0.7 and post or B) give you all my notes and you can build a package. Of course if no-one else has the same pressures to release before monday, its fine for us to run with non-standard lrp's. Thanks! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [Leaf-devel] Weblet-webconfig
Thanks for moving the thread Lynn! I actualy did set up the config dump. I now have two new links, one that gives you a single page with all the major configuration files from /etc and another for all the Shorewall files. These two lists are hardcoded in the scripts so it is a temporary hack. I would like to directly link these to the packages so that they are dynamic. I would also like to make the initial page more dynamic, move it from a static page to a seperate script. Here are a few of my thoughts. Reguarless of any changes to the weblet content it would be best to secure it. If it was secure, this would open the door to web remote management. Web remote management could start with basic control panel items including: Bringing interfaces up and down Bring Shorewall up and down From their you could eventualy edit the config files directly. I know this is facilitated fine with the config menus, but if there was a full web interface to LEAF this would open things up to a much wider audience. Well, one thing at a time. I will have that demo up soon. It will be easier to talk about this with a working example for people to comment on. Richard Amerman -Original Message- From: guitarlynn [mailto:[EMAIL PROTECTED]] Sent: Wed 6/26/2002 4:47 PM To: [EMAIL PROTECTED] Cc: Subject: [Leaf-devel] Weblet-webconfig ## Moved from (leaf-user) # On Wednesday 26 June 2002 17:33, Richard Amerman wrote: I currently have a modification that has a new list of all the configuration files on the left side. I have included all the main networking files, modules file, ppp files, and all of shorewall. I did this with a combination of index.html modification (including some cleanup, primarily with an added style entry above that took out all the remaining style info bellow) and some changes in the showlogsx cgi scripts. Very nice, Bering is setup nicer in this way. DF's network.conf really needed to be chopped up to be cleaner in the end. I'm modularizing the configuration which can reduce the total space taken up and also allow for reduced (auto-)backup time/resources. I am planning to look at something along the lines of SSL for authentication or a SUID binary, but I haven't researched into how feasible this would be. In any regards, some form of authentication needs to be implemented. I plan on setting up a demo box outside our firewall that everyone can access to check out these changes. I will let the list know when I have this set up. Neat, let us know! ;-) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel N¬±ùÞµéX¬²'²Þu¼i¶Þ¬Üí+,¶1ëÞÚ¶¬y«(*^r¥¡÷Þú+9 Íéz» i¶Þ¬*'m4Ø ÛM¶)쬶Þèm¶ÿà #i¶ÞÊ'}Êþ·}ׯzYX§X¬´·}ׯzYb²Û,¢êÜyú+éÞ¶m¦Ïÿ+-²Ê.Ç¢¸ë+-³ùb²Ø§~åy§Ýz÷¥
Re: [Leaf-devel] Hi there, and (bug?) report
On Wed, Jun 26, 2002 at 01:53:36PM -0700, Mike Noyes wrote: On Wed, 2002-06-26 at 13:37, David Douthitt wrote: 26 Jun 17:23:24 UTC Received at my main mailbox (mailbag.com) 26 Jun 17:26:54 UTC Received at my main mail redirection 26 Jun 17:22:04 UTC Processed at SourceForge (sourceforge.net). 26 Jun 17:16:48 UTC Received at SourceForge (sourceforge.net). 26 Jun 08:57:05 UTC Received at cybercity.dk. 26 Jun 08:57:04 UTC Received at kinkon. It doesn't appear to be some sort of bad time setting, either on kinkon, cybercity.dk, OR sourceforge.net. I deduce this because: 1) the host cicero0.cybercity.dk (212.242.40.52) and kinkon (212.242.52.118) are separate hosts yet have same time (8:57 UTC give or take) and same timezone (CEST); 2) hosts beyond cicero0.cybercity.dk are all different timezones except they have the same time UTC (after accounting for the U.S. 12-hour clock). From 08:57:05 UTC to 17:16:48 UTC it remained on cicero0.cybercity.dk (212.242.40.52). It appears to me that cybercity.dk held your mail for 8.25 hours... (!) David, Nice job. :-) I should have looked for the machine causing the lag also. I'm keeping this analysis as a template for future troubleshooting. Yeah, I agree... nice analysis :) I should have guessed, though. Cybercity is my ISP, and they've been mucking around with the mailsystem since spring... I just hope they get their act together, soon. I'm just always nervous that the fault's at my end :-P Example: I ruined my 170+ days uptime by rebooting my LRP box during last fall's rash of code/nimda because my adsl was slowing to a crawl, and I thought something had gone sour in the box. When that didn't help I called CC, and it turned out that the cisco677 was configured to respond to port 80 (dunno why) and that *it* was getting bashed by all that crap... The support person shut off port80, and everythings been fine ever since (124 days) note to self: Don't automatically assume that *you're* at fault ;) Anyway, my next msg arrived in reasonable time, so I guess they're back on track now... maybe ;-P Jon --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Weblet-webconfig
On Wednesday 26 June 2002 19:13, Richard Amerman wrote: Thanks for moving the thread Lynn! np I actualy did set up the config dump. I now have two new links, one that gives you a single page with all the major configuration files from /etc and another for all the Shorewall files. These two lists are hardcoded in the scripts so it is a temporary hack. I would like to directly link these to the packages so that they are dynamic. I would also like to make the initial page more dynamic, move it from a static page to a seperate script. I think that is along the lines of my thinking as well. Reguarless of any changes to the weblet content it would be best to secure it. If it was secure, this would open the door to web remote management. Web remote management could start with basic control panel items including: Bringing interfaces up and down Bring Shorewall up and down I won't release anything that is not secured via authentication. This would cause more problems for the project than what the ease of administration would be worth IMHO. In curiousity, being that you are a little further along with your project, would you mind checking out stunnel for authentication possibility. Someone is using it, but I haven't researched it (yet). A quick look would indicate that it could (should) be compiled statically. The dependancies look huge though. http://www.stunnel.org/ # Pre-compiled packages. http://www.s-me.co.jp/mosquito/mos3_2/packages/ From their you could eventualy edit the config files directly. I know this is facilitated fine with the config menus, but if there was a full web interface to LEAF this would open things up to a much wider audience. Well, my thought was to create and CLI config script or menu program instead of forcing direct edits with CLI. Something similar to the Install-scripts I was playing with: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/guitarlynn/scripts.tar.gz Have you had to make any concessions to get the conf files to write because of permissions? I've been expecting to have problems with the UID weblet runs with. If so, I imagine that you could still use the weblet's UID with 744 permissions. Any thoughts-experiences??? -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Weblet-webconfig
On Wed, 26 Jun 2002, guitarlynn wrote: I won't release anything that is not secured via authentication. This would cause more problems for the project than what the ease of administration would be worth IMHO. In curiousity, being that you are a little further along with your project, would you mind checking out stunnel for authentication possibility. Someone is using it, but I haven't researched it (yet). A quick look would indicate that it could (should) be compiled statically. The dependancies look huge though. http://www.stunnel.org/ This project interests me also. One note, stunnel -also- uses the OpenSSL crypto libs. If those were shared between stunnel and ssh, you could save a bit of space. John --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] OpenSSH security
On Wed, 2002-06-26 at 08:08, Mike Noyes wrote: The vulnerability details are now public. Thanks for the heads-up, Mike. Unfortunately I only subscribe to the digest, so I got your notice after my post. Needless to say, I'll be putting together a brand-new *3.4* openSSH lrp tomorrow, if anyone is interested. Anyway, thanks again, Mike. I really appreciate your efforts. --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] OpenSSH security
On Wed, 2002-06-26 at 17:59, Nathan Angelacos wrote: On Wed, 2002-06-26 at 08:08, Mike Noyes wrote: The vulnerability details are now public. Thanks for the heads-up, Mike. Unfortunately I only subscribe to the digest, so I got your notice after my post. Needless to say, I'll be putting together a brand-new *3.4* openSSH lrp tomorrow, if anyone is interested. Nathan, Please consider contributing your new package to us in the SourceForge patch manager. Thanks. LEAF Contributions http://leaf-project.org/mod.php?mod=userpagemenu=16page_id=22 -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Introduction for Brad Fritz
Hello, everyone. I am another of the new developer invitees. At Mike and David's suggestion I would like to introduce myself, but first let me say that it is an honor to be a member of such a great group. Thank you for inviting me. I'm a 26 year old software developer. Most of my projects are web applications, the majority of them written in Java. I also help maintain a handful of small networks in the Kansas City area. My first experience with LEAF, technically LRP at the time, was with Eigerstein, and I currently have four Dachstein and Bering firewalls deployed for my clients. All of them are very happy by the way, thanks to all of *your* hard work. One of them is using a 10 year old recycled Packard Bell 486 to protect several machines on his T1. It was up for 218 days before I powered it down to plug it into a UPS. It's been up for 95 days since. Have I mentioned that I love Linux?! :) My free time is fairly limited right now, but I hope to answer leaf-user postings when I have useful information to contribute. I also hope to get X running on my Bering/glibc 2.2 Ipaq IA-1 [1] soon-to-be-mp3-jukebox-frontend and post the setup details. Thanks again everyone. Sincerely, Brad Fritz key fp: BEF3 1F93 9399 FD8B A7AA 932D B9A6 D18E 7E69 9F03 [1] http://athome.compaq.com/showroom/static/ipaq/intappliance.asp msg05069/pgp0.pgp Description: PGP signature
[Leaf-devel] [ leaf-Bugs-574454 ] pcmcia-cs support,don't use kernel's one
Bugs item #574454, was opened at 2002-06-27 16:00 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=113751aid=574454group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Resolution: None Priority: 5 Submitted By: George Vieira (djtremors) Assigned to: Jacques Nilo (jnilo) Summary: pcmcia-cs support,don't use kernel's one Initial Comment: Hi, I am using a Nokia C910 which uses the Cirrus Logic chipset and compatible with the i82365 drivers. Problem is that I can only get this card working under linux if I disable PCMCIA on the 2.4.18 kernel and use the pcmcia-cs 3.1.33 drivers. Using the Bering distro, it won't load the hermes driver automatically and complains about unresolved links in the ds driver.. I'm lost on this floppy distro and don't know how to rebuild/recompile this version.. Is the next Bering release going to NOT use the default kernel release of PCMCIA support as it's doesn't support 32bit card bus very well thnx -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=113751aid=574454group_id=13751 --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel