Re: [leaf-devel] ipt_CONNMARK.o

[Paul Traina]

You two are right, I'm so sorry, if I had used my own damn tools  
instead of doing it by hand it would have showed up.  I keep doing  
crap like this, sorry for being unobservant.

On Dec 19, 2006, at 11:49 PM, KP Kirchdoerfer wrote:

> Am Mittwoch, 20. Dezember 2006 00:06 schrieb Paul Traina:
>> It looks like ipt_CONNMARK.o is not in the Bering*_modules.tgz file
>> in the iso image.
>>
>> Can we please get this in as part of the standard build before
>> shipping 3.0?  It's needed for TCP connection tracking when using
>> shorewall to do intelligent rate limiting of flows.
>
> tar -tvzf Bering-uClibc_modules_2.4.33.tar.gz | grep ipt_CONNMARK
> -rw-r--r-- root/root  2184 2006-11-27 21:29:59
> 2.4.33/kernel/net/ipv4/netfilter/ipt_CONNMARK.o
>
> At least in the tarball I'll upload in a few minutes.
>
> kp
>
> -- 
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to  
> share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php? 
> page=join.php&p=sourceforge&CID=DEVDEV
>
> ___
> leaf-devel mailing list
> leaf-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-devel


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] ipt_CONNMARK.o

[Paul Traina]

It looks like ipt_CONNMARK.o is not in the Bering*_modules.tgz file  
in the iso image.

Can we please get this in as part of the standard build before  
shipping 3.0?  It's needed for TCP connection tracking when using  
shorewall to do intelligent rate limiting of flows.

Much thanks,

Paul

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] QBox - Back under active development

[Paul Traina]

Ron Senykoff wrote:
> Sorry for the duplicate emails Eric...
> 
>>> Instead of branching out, you could create a custom QOS, configdb and
>>> moddb package and a lwp plugin. The packages can be merged in an automatic
>>> way with the standard package to an image. This way you can just keep pace
>>> with Bering-uClibc development without putting effort in creating images
>>> on your own.
> 
> This sounds great. I'll read up on all the docs for 3.0 over the next
> few days and of course, ask questions. ;)
> 
>>> Btw, what's wrong with shorewall's QOS implementation?
> 
> 1 - requires shorewall (the goal here is QoS, not firewalling or
> trying to solve every problem in one package)

right, you don't have to turn on the firewalling part of shorewall

> 2 - the last I checked shorewall still required that you define your
> own QoS parameters, edit config files etc. In QBox, the default
> installation allows you to simply plug in your bandwidth specs and
> ports / IPs that you'd like to manage.

no, that was completely rewritten a while back, and later even made 
operable :-)  I use it now and it works quite well.

> 3 - QBox uses well tested queueing schemes. For example, would you
> want to apply SFQ (Stochastic Fairness Queueing) to video traffic?
> Short answer: no. Long answer: I've tried this, and found that every
> time the SFQ algorithm rehashes (default is 30 secs I believe) you
> will get 'pops' in audio and video.

interesting for the cases where you're doing video over udp/rtp

I'd like to see that fixed in shorewall's framework

> The goal of QBox is to allow someone who knows absolutely nothing
> about linux, queuing schemes, or text editors to implement QoS at home
> or a small to mid office environment. A friend of mine is running one
> on a 10Mb internet link no problem. I picked the PC Engines WRAP board
> as something I will maintain an image for, so people don't have to
> deal with any hardware / driver issues. My install directions include
> Windows step by step to use syslinux to install. If you use the WRAP
> board, it just works out of the box like a Linksys router or the like.
> Also, by sticking with some defined hardwaree platform(s), I hope to
> provide accurate measurements of throughput capability. This becomes
> more important as I add Layer 7 filtering capability.

One of the things I always bitch about here (and unfortunately don't 
help enough with) is improving on exactly this thing -- the packaging 
and installation of B-U along with the dev environment.

If you feel the same way, it would be totally cool if you would be 
willing to take some time and look at the updates to B-U and shorewall 
since the last time you looked, and consider adding your effort to the 
existing distribution.  I don't think the goals of the projects are 
dissimilar, I just think that the priorities are not.  With someone 
actually spending real time working on adapting B-U to your target 
audience (e.g. yourself and any others who jump on your bandwagon as 
soon as they see how cool the work is that you're doing), you'll be able 
to focus on QoS and UI issues rather than that plus all the other stuff 
of building your own special distribution as a fork.

Best of luck either way,

Paul


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] ez-ipupdate?

[Paul Traina]

Doh, I'm an ass.  I found it just after I sent the note out... I was 
thinking, "I know it was in 2.x..."

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Documentation in Shorewall Configuration Files

[Paul Traina]

Eric Spakman wrote:
> Hi Paul,
> 
>>> What troubles me more is that Tom updates the documentation on his site
>>>  to represent the state of the art in shorewall v5, and the currently
>>> shipping versions of LEAF or BU are using shorewall v3, our
>>> documentation will not match the code we're shipping.
>> 
>>
> There is no shorewall version 5, the current Stable Release version is 
> 3.2.6 which is what we use. The development release is version 3.3.5,
> which will become 3.4.x when stable. When this version is stable, that one
> is going to be used in BU.
> 
> Eric
> 
> 

Sorry, that was a "hypothetical."

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] ez-ipupdate?

[Paul Traina]

Is there a reason the ez-ipupdate package for 3.x isn't in the packages 
3.x list?  Does it not build or?

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Documentation in Shorewall Configuration Files

[Paul Traina]

Mike Noyes wrote:
> I believe, an even better solution is using DocBook XInclude from LEAF
> to the Shorewall site. This is only possible if you're using DocBook XML
>  to generate man pages, and the docbook xml source is
> available via uri.
> 

The only problem with that idea that I can think of, is that it 
vulnerable to Tom changing URLs or updating the documentation for 
Shorewall while we have not updated or changed ours.

Up to you.

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] bristuff02 on cvs repository

[Paul Traina]

Andrea Fino wrote:
> 
> Hi to all,
> 
> I have put the ast*.lrp packages on the cvs repository on sourceforge.
> 
> here they are: devel/faino/asterisk/packages/bri2/
> 
> Moreover, I have put all the things needed to build them. If someone is
> interested I can write down some doc about building them.
> 
> Best regards,
> Andrea Fino
> 

Better yet, how about integrating them into the buildtool.pl system so 
we don't need to know how to build them, we can just run buildtool.pl.

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] new stuff is running great

[Paul Traina]

Eric,

The new .lrp files are running on the home router as well as the 
development systems.  I can't begin to tell you how happy I am that this 
will be the last 3 hours of manual diffing and patching I had to do for 
LEAF configurations when doing a forklift upgrade.

Paul

p.s. I've got a new rules file for you for shorewall that cleans up some 
formatting bugs and adds support for traceroute.

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] yet another functionality request for 3.0 - ancillary file storage .lrp

[Paul Traina]

Eric Spakman wrote:
> Please take a look at the local.lrp package of 3.x, it has a new
> functionality. You can list the added files that you want to save. Before
> use check the help file of local.lrp.

That's good enough, thanks Eric!

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] yet another functionality request for 3.0 - ancillary file storage .lrp

[Paul Traina]

The 2.x distribution had one particularly nice feature that I'd like to 
see reimplemented in 3.x.  From the looks of it, saving the config 
currently only checks the collection of config files enumerated in 
/var/lib/lrpkg/*.config.

There are times when I need ancillary scripts and crap on the router and 
don't have them in a package format (and don't want them in their own 
separate package), but there's no way to save them between reboots.

For example, when I'm working on tools like the modules building script, 
or if I'm doing some lightweight firewalling and don't want to use 
shorewall, I might just have a simple script in /usr/bin or /etc/init.d 
respectively.

It would be cool if we could have a local.lrp similar to configdb and 
moddb that contained any extra files not explicitly enumerated in the 
loaded packages package lists (obviously excluding /dev and /var and any 
other random generated crap).  We used to have a local.lrp that covered 
everthing in /usr/local, but honestly that was a bit limiting anyway (my 
local stuff inevitably got saved in the 2.x etc.lrp).

If there's no official behavior for this currently (I could be blind, 
I'm cutting over to 3.x at high speed and not reading docs all that 
well), would you mind if I created something?  Do you have opinions 
about how it should behave?

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] how is the CD actually made?

[Paul Traina]

Cédric Schieli wrote:
> The best doc (or starting point) should be the script 
> tools/createimage.sh in buildtool

Awesome, much thanks!

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] how is the CD actually made?

[Paul Traina]

OK, what I'd like to do is reproduce the build sequence that you guys 
use, exactly, to create the CD.  What I'd like to do is have a unified 
build from scratch and build from source environment (perhaps modulo 
lrpstat).

Is there any documentation on that?

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] apkg wishlist functionality...

[Paul Traina]

I'm going to try to pound out something to do this, unless someone
tells me that there's already a better way of doing it.  I don't quite
understand apkg.merge yet so I'm still scratching my head on how to do
it most efficiently.

I would like some functionality that would generate a diff -u file of:

1) The current running configuration vs. the current saved configuration
   in configdb.

   "What changes am I about to make before I save the configuration?"

2) The current saved configuration vs. the distribution .lrp configuration.

   "What makes this router special?"

   I realize that configdb carries all changed files, but I want to know
   what config changed, not just which files changed.  That way I can
   keep archives of config changes of all of my machines on a central host
   and quickly see if someone did something stupid to the network.

Is anyone (hopefully) already working on adding that functionality to apkg?

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] patch: enable traceroute in busybox

[Paul Traina]

On Fri, Sep 08, 2006 at 06:18:01PM +0200, Eric Spakman wrote:
> I'd be interested to know how much adding traceroute to busybox does 
> with the size of the initrds.

With traceroute:

-rwxr-xr-x  1 root root 272952 2006-09-08 00:52 busybox

Without:

-rwsr-xr-x  1 root root 266136 Sep  4  2006 /bin/busybox

Speaking of busybox, I noticed that you're linking busybox to its linked
commands with symbolic links instead of hardlinks.  Using hardlinks
should be more memory and space efficient *if* using a symbolic link
takes up an inode in the filesystem in memory/on disk.  Unfortunately,
my memory is too foggy to remember exactly which filesystems symbolic
links take inodes in vs directory entries.

> Having argument processing is indeed nice, but automatically finding 
> boot media is not really necessary in my opinion. It doesn't need to 
> be a fully automatic process. If you just mount the device and 
> something like 'loadmod /mnt/Bering-uClibc-2.4.33.tar.gz' it should 
> be enough for a start.

OK, then you're welcome to add this to the distribution. :-)
Feel free to bang on it.


#!/bin/sh
#
# Build /lib/modules based upon the contents of /etc/modules and a
# defined modules repository.
#
# Copyright (c) Paul Traina 2006, GPL v2
#
MODLIST=/etc/modules
MODREPO=/mnt/modules.tgz
LIBMOD=/lib/modules

##
progname=`basename $0`

usage() {
cat >&2 <<-EOF
Usage: $progname [ -m modules ] [ -f modules.tar.gz ] [ -l module-dir ]

Defaults:
-m $MODLIST
-f $MODREPO
-l $LIBMOD

Extract kernel modules from $MODREPO into $LIBMOD
based upon the contents of $MODLIST.
EOF
}

args=`getopt -a -o hm:f:l: -n "$progname" -- "$@"`
if [ $? != 0 ] ; then
usage
exit 1
fi

eval set -- "$args"
while true ; do
case "$1" in
-h) usage;  exit 0  ;;
-m) MODLIST="$2";   shift 2 ;;
-f) MODREPO="$2";   shift 2 ;;
-l) LIBMOD="$2";shift 2 ;;
--) shift;  break   ;;
*)  echo >&2 "Internal error";  exit 1  ;;
esac
done

if [ ! -f $MODLIST ] ; then
echo >&2 "$progname: module list $MODLIST not found"
exit 1
fi

if [ ! -f $MODREPO ] ; then
echo >&2 "$progname: module repository $MODREPO not found"
exit 1
fi

if [ ! -d $LIBMOD ] ; then
echo >&2 "$progname: module directory $LIBMOD not found"
exit 1
fi

##

MODLIST=/tmp/build-modules-list.$$
MODTEMP=/tmp/build-modules-extract.$$

for mod in $modules ; do
   if [ ! -f $LIBMOD/${mod}.o ] ; then
   missing="${mod}.o ${missing}"
   fi 
done

# Nothing missing...
if [ -z "$missing" ] ; then
exit 0
fi 

echo "Missing kernel modules: ${missing}"

#
# get absolute path of all modules in tarfile first (sigh)
#
trap "rm -f $MODLIST" 0 1 2
tar tzf $MODREPO > $MODLIST

for mod in $missing ; do
findmod="`grep -F ${mod} $MODLIST` ${findmod}"
done

rm -f $MODLIST
trap '' 0 1 2

#
# Now do the actual module extraction to a temporary area and then
# move the modules to /lib/modules
#
trap "rm -rf $MODTEMP" 0 1 2
mkdir $MODTEMP

tar xzf $MODREPO -C $MODTEMP $findmod

echo
echo -n "Installing modules:"
for mod in $findmod ; do
echo -n " `basename $mod .o`"
mv $MODTEMP/$mod $LIBMOD/`basename $mod`
done
echo

rm -rf $MODTEMP
trap '' 0 1 2

exit 0
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] example "build modules" engine...

[Paul Traina]

Here's what I was talking about...  this is the core engine, obviously
it should take some command arguments, and make some intelligent guesses
about where .lrp files exist (stealing from apkg/lrcfg), but I wanted
to show actual working code to make this a non-academic pitch.

Even if folks don't like the idea of dynamic modules extraction at start,
this is a useful tool in its current condition for building up your
modules on demand and saving them with lrcfg.

Regards,

Paul
#!/bin/sh
#
# Build /lib/modules based upon the contents of /etc/modules and a
# defined modules repository
#
MODLIST=/etc/modules
MODREPO=/mnt/mod2433.tgz

LIBMOD=/lib/modules
MODLIST=/tmp/build-modules-list.$$
MODTEMP=/tmp/build-modules-extract.$$

modules=`sed -e 's/#.*//' -e 's/ .*//' -e '/^ *$/d' /etc/modules | sort`
missing=""

for mod in $modules ; do
   if [ ! -f $LIBMOD/${mod}.o ] ; then
   if [ -z "$missing" ] ; then
  echo -n "Missing kernel modules:"
   fi  
   echo -n " ${mod}"
   missing="${mod}.o ${missing}"
   fi 
done

# Nothing missing...
if [ -z "$missing" ] ; then
exit 0
fi 

echo "."
echo "Extracting modules..."

#
# Ugly -- get absolute path of all modules since we don't have tar -X
#
trap "rm -f $MODLIST" 0 1 2
tar tzf $MODREPO > $MODLIST

for mod in $missing ; do
findmod="`grep -F ${mod} $MODLIST` ${findmod}"
done

rm -f $MODLIST
trap '' 0 1 2

#
# Now do the actual module extraction to a temporary area and then
# move the modules to /lib/modules
#
trap "rm -rf $MODTEMP" 0 1 2
mkdir $MODTEMP

tar -xzf $MODREPO -C $MODTEMP $findmod

echo
echo "Installing modules:"
for mod in $findmod ; do
echo -n " `basename $mod .o`"
mv $mod $LIBMOD/`basename $mod`
done
echo

rm -rf $MODTEMP
trap '' 0 1 2
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] patch: enable traceroute in busybox

[Paul Traina]

? busybox-1.2.1
Index: .config
===
RCS file: /cvsroot/leaf/src/bering-uclibc/apps/busybox/.config,v
retrieving revision 1.10
diff -u -r1.10 .config
--- .config 13 Aug 2006 20:22:05 -  1.10
+++ .config 8 Sep 2006 05:08:09 -
@@ -547,10 +547,10 @@
 # CONFIG_FEATURE_TFTP_PUT is not set
 # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
 # CONFIG_DEBUG_TFTP is not set
-# CONFIG_TRACEROUTE is not set
-# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
-# CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE is not set
-# CONFIG_FEATURE_TRACEROUTE_USE_ICMP is not set
+CONFIG_TRACEROUTE=y
+CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
+CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE=y
+CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y
 
 #
 # udhcp Server/Client

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] dynamic generation of dropbear keys if not present

[Paul Traina]

Please consider applying this patch to dropbear.  It will dynamically
create the dropbear host key files if they don't exist.  This is EXTREMELY
useful for bringup from scratch.  If you don't have access to the serial
port, at least you can ssh into the box.  I wish I had had it today.

With this change, there is no need for gendropbearkeys anymore.




rm gendropbearkeys
cvs rm gendropbearkeys

Index: buildtool.cfg
===
RCS file: /cvsroot/leaf/src/bering-uclibc/apps/dropbear/buildtool.cfg,v
retrieving revision 1.9
diff -u -r1.9 buildtool.cfg
--- buildtool.cfg   26 Jun 2006 17:56:31 -  1.9
+++ buildtool.cfg   8 Sep 2006 04:54:58 -
@@ -17,12 +17,6 @@
   Directory = dropbear
 
 
-
-  Server = cvs-sourceforge
-  Revision = HEAD
-  Directory = dropbear
-
-
 
   Server = cvs-sourceforge
   Revision = HEAD
@@ -99,12 +93,6 @@
Type= link
 
  
-   Source  = usr/bin/gendropbearkeys
-   Filename= usr/bin/gendropbearkeys
-   Type= binary
-   Permissions = 755
-
- 
Filename= etc/dropbear
Type= directory
Type= local
Index: dropbear.init
===
RCS file: /cvsroot/leaf/src/bering-uclibc/apps/dropbear/dropbear.init,v
retrieving revision 1.1
diff -u -r1.1 dropbear.init
--- dropbear.init   1 Jul 2004 14:40:54 -   1.1
+++ dropbear.init   8 Sep 2006 04:54:58 -
@@ -20,10 +20,12 @@
 
 if [ -n "$DB_RSAFILE" ]; then
DB_OPTIONS="$DB_OPTIONS -r $DB_RSAFILE"
+   test -f $DB_RSAFILE || dropbearkey -t rsa $DB_RSAFILE
 fi
 
 if [ -n "$DB_DSSFILE" ]; then
DB_OPTIONS="$DB_OPTIONS -d $DB_DSSFILE"
+   test -f $DB_DSSFILE || dropbearkey -t dss $DB_DSSFILE
 fi
 
 if [ -n "$DB_BANNER" ]; then

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] dynamic modules building idea

[Paul Traina]

I don't know how popular this is going to be, but I'll toss it out anyway.

For 99% of leaf users, storage is no longer ultra critical.  This idea 
is not meant to eliminate the current way of doing things (for those 
folks who really are tight on secondary storage, things stay the same), 
but I'd like to make a modest proposal.

If a file on the boot media called modules.tgz (or 
Bering-uClibC-modules-2.4.33.tar.gz for the ISO image) is present, 
extract the required modules from that file in realtime, on boot.  That 
way we're not saving & storing custom moddb.lrps if all the modules that 
would normally be in that file are already in the default distribution.

It's fairly trivial, I wrote some shell code in realtime to do it 
because I needed to populate /lib/modules for my box.  I like this idea 
better (or as an alternate to the web based stuff Arne did) because I 
know the source of my modules and keep them in exact sync with the kernel.

The code I kinda cobbled together in realtime did something like this. 
This is just for an example, it is not productized or tested...


# generate a list of module names
modules=`sed -e 's/#.*//' -e 's/[^ ].*//' -e '/^[ ]*$/d' 
/etc/modules`

mkdir /tmp/mods.$$
cd /tmp/mods.$$
zcat /mnt/Bering-uClibc-2.4.33.tar.gz | tar xf -
for file in $modules ; do
 fn=`find /tmp/mods.$$ -name ${file}.o`
 if [ ! -f /lib/modules/`basename $fn` ] ; then
echo -n "Extracting $fn"
cp $fn /lib/modules
echo "."
 fi
done
cd /tmp
rm -rf /tmp/mods.$$


Obviously, it should be done with tar -X so we don't fill up /tmp with a 
bunch of memory resident crap that is just going away, but that's tbd 
only if this sounds interesting to the B-U community.

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] initial 3.0 beta feedback

[Paul Traina]

Just my random notes.  I built a leaf flash from scratch using pxeboot 
on a spare box using the CVS .lrp packages

diff.lrp is not being built?

a port of traceroute would be a good thing (feedback from burning man)
ditto iperf

not having a WRAP configdb kinda sucked... (the whole serial console 
thing was a pain in the ass again).  Could we uncomment the /dev/ttyS0 
line in the default /etc/inittab until this stuff gets hammered out?
It's much better to have to turn off a tty that you don't want than be 
unable to access an unconfigured machine.


lrpstat & friends aren't in the packages directory

webwlan was not either

should we be saving /var/lib/random-seed in configdb?

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] runtime fixup of /etc/inittab for serial consoles

[Paul Traina]

Sorry for the delay getting back to you, just got back from a week on 
the playa lighting up dust storms with 2.4 and 5.8ghz wifi... :-)

> The reason I'm not really enthusiastic about this idea is that it adds a
> new dependency between sylinux, initrd and the etc package and also adds
> extra complexity to the linuxrc script. Something that I like to avoid as
> much as possible, because, for example, makes a change to a different
> kernel more difficult.

Not really, or not as I understand it.  It's looking at /proc/cmdline, 
which is going to have the console port specified on it if a serial
console is chosen, unless someone makes source code changes to the 
kernel or is running a non x86 kernel, neither of which are B-U worries 
until the cross compilation environment works. :-)  As far as I can 
tell, there is no dependency on initrd, or syslinux at all.  I would do 
the same thing running grub or any other kind of boot loader.

If you're going to actually publish and maintain hardware specific 
configdb's, then what I'm proposing is not necessary.  However, I've 
become a big fan of having code just "do the right thing" when the right 
thing is fairly obvious and considered this in the same vein as my 
runtime patch to figure out that the keyboard controller wasn't present. 
  Just a year ago you were compiling (or not, as the case was) special 
kernels for the WRAP unit when all we needed was a one line test in the 
kernel to support a runtime fix.  The serial console stuff is currently 
the one thing getting in the way of just copying the .lrp files over and 
having them run.

> An advantage of using some hardware specific configdb packages is that you
> can also set some other standard options, like selecting the right modules
> in /etc/modules, some network options and comment out the normal ttys.

I was going to ask you what configdb things you would do for hardware 
specific changes besides fixing inittab.  Frankly, a HW specific 
distribution with pre-populated moddb's wouldn't be awful.

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] runtime fixup of /etc/inittab for serial consoles

[Paul Traina]

Eric Spakman wrote:
> Hi Paul,
> 
>> Not if it's not.  You're the software developer,  you make the  
>> distribution etc.lrp.  The whole point of this thing is to get people  
>> running with a working console.  Once they're on their feet, i.e. if  
>> they edit the /etc/inittab or do a backup after the real inittab is  
>> working, things behave just as before.
>>
>> What it saves them from having to do is hand mess with etc.lrp on a  
>> second system the very first time they load the flash.
>>
> There is absolutly no need for that. We will release some specific 
> configdb packages for certain types of hardware, so it's just a 
> matter of copying the right configdb package to the storage media and 
> of you go.
> 
> Eric
> 

OK, fair enough, if the console speed and everything else is the same.
I'm not sure I understand the reluctance to using this idea, but since 
I'm not the one stuck doing maintenance, it's wrong of me to continue to 
try to argue with you.  Sorry for being a pain in the ass--I re-read my 
last message and the tone is not what I intended.

Best and thanks,

Paul

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] bug in showtraf/cron integration

[Paul Traina]

Currently, /etc/init.d/showtraf adds a line to /etc/crontab.
This is seriously bogus.

Instead, showtraf.lrp should own a file called

/etc/cron.d/showtraf

and any showtraf cron commands should be in that file.

Otherwise, if you back up etc.lrp while showtraf is running,
you'll get showtraf's crontab lines.

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] new config/backup system

[Paul Traina]

Cool.  I'm heading out to the desert for 2 weeks, I'll check back in 
once I have come home and washed all the dust off and regained my sanity.

Paul


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] new config/backup system

[Paul Traina]

Your call, but the stuff in the help file isn't formalized and it isn't 
validated in any way since it was always human input.

When are you guys shooting for a 3.0 alpha test release?  I just whacked 
together stuff for burning man based on 2.4.2 even though that's a bit 
creaky because I wasn't sure of the current snapshot state of cvs.

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] new config/backup system

[Paul Traina]

Eric & KP,

Looks nice, been trying to catch up on things...

Couple of questions, while we're doing the 3.0 flag day, would it be OK
if we made the package dependancies explicit, not part of the help file?

/var/lib/apkg/.depend

which would contain a list of packages that the current package depends upon
one per line:
e.g.

$ cat /var/lib/apkg/tcpdump.depend
libpcap

$ cat /var/lib/apkg/easyrsa.depend
openssl

The dependencies should theoretically be recursive (there are pros and cons).

easyrsa would depend upon openssl (but not directly on libssl)
openssl should depend upon libssl

The pro is that indirect dependencies really shouldn't exist.  The con is
that this could lead a naive user to have to do more lrpkg's or reboots,
however he does his test installs.

$ lrpkg -i /mnt/easyrsa
lrpkg: not installing easyrsa, openssl required

$ lrpkg --fulfill-dependencies -i /mnt/easyrsa
lrpkg: installing openssl
lrpkg: installing libssl
lrpkg: installing libcrpto

If a dependency wasn't there...

$ lrpkg --fulfil-dependancies -i /mnt/easyrsa
lrpkg: installing openssl
lrpkg: installing libssl
lrpkg: not installing easyrsa, openssl, libssl: libcrpto not found


In any case, the magic needed to be done to apkg/lrpkg can come later,
but we need to get the new hooks into the package control files sooner
rather than later.

I propose modifying the XML to formalize the dependancies instead of
putting them in the help file, and creating .depend control
files.

What do you guys think?


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] hostapd + wpa2 + madwifi_ng = broken

[Paul Traina]

Hi Eric and friends,

I stumbled across a couple of problems today while playing with hostapd.

It looks like WPA2 (psk) is not working properly with my Atheros CM9 
card.  I did a cursory visual inspection of the source and it looks like 
the problem might be fixed by compiling with MADWIFI_NG.  Unfortunately, 
I no longer have a linux development system (it got replaced with a Mac 
this week) so I can't verify it.

The problem I was seeing is that clients attempting to negotiate WPA2 
were generating the following message:

"No WPA/RSN element for station!?" in the debug output.  I noticed that 
there is some conditional code ifdef'ed on MADWIFI_NG.  Since leaf 
currently ships with madwifi_ng, not the old madwifi code, it would be 
good to make sure that little bit of code gets compiled in.  Again, I'm 
sorry, this is just by inspection.  (oops, update, if the dev 
environment was correct, we should have set it based upon 
IEEE_80211_IOCTL_SETWMMPARAMS up at the top of the file... so I am 
confused).  Are we compiling against the right headers?

If I have a free afternoon (was hoping to do it this weekend), I'll try 
to get parallels desktop up and running to creat a virtual linux machine 
under macos running so I can do occasional leaf development.

-

The second problem is probably a madwifi driver bug or an inability of 
the CM9 card.

I was trying to run WPA with CCMP (AES in CBC mode) as one of the 
available cyphers.  (hostapd was configured to allow ccmp as well as 
tkip).  My Mac was working fine, but my wife's PC was crapping out.

When hostapd attempts to configure the atheros card to do CCMP, we get a 
bad ioctl error.  The CM9 should support this:


wlan: 0.8.4.2 (0.9.0)
wlan: mac acl policy registered
ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
ath_rate_sample: 1.2 (0.9.0)
ath_pci: 0.9.4.5 (0.9.0)
wifi0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 
24Mbps 36Mbps 48Mbps 54Mbps
wifi0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: turboG rates: 6Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 5.9 phy 4.3 radio 3.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0x8000, irq=12




FWIW, does anyone know if the openwrt development environment works in a 
cross compilation scenario?  I never thought I'd actually get caught by 
all of my whining about cross compilation for leaf over the years, but 
now I find myself actually able to consolodate all of my computer crud 
into one mac laptop and, honestly, so far I'm pretty damn happy.

I would be willing and able to test hostapd.lrp's if someone else can 
build them.

Paul




___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] New LEAF branch?

[Paul Traina]

I would love to remove the documentation from the configuration files since it 
is a PITA to maintain but when I've suggested that idea in the past, the 
moans and cries have been absolutely pitiful to hear :-)


-Tom


I agree and stand corrected. :-)


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] New LEAF branch?

[Paul Traina]

Eric,
This isn't magic.  Debian solved this quite nicely years ago.


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] New LEAF branch?

[Paul Traina]

I'm glad to hear that someone with energy and good ideas is looking at this.

"In a perfect world" what I'd like to see is binaries come with default 
sensible configurations, and the user is simply responsible for 
specifying and maintaining divergences from that configuration.  There 
are a whole lot of ways to skin this cat, some are difficult and work 
well, some are simple and work poorly.


In the most simplistic solution, we could make the binary .lrp packages 
read-only.  They always carry the "default" /etc configuration files.
When a LRP package is installed, we look up the package config files, 
check our own local config patches (from a config area possibly stored 
in a config.lrp?), and apply them.  In theory, tools like ucf(1) make 
this fairly painless.


In reality, most of the binaries that we ship have configuration files 
with tons of needless text and comments and examples in them, these 
inactive sections of the configuration files are often changed since 
they are the defacto documentation for a given config file, so 3 way 
diffs and merges almost never work without manual intervention.  That's 
wrong.


For example, a typical dnsmasq.conf has 9 lines of active commands in it 
and some of those may even mirror compiled in defaults, but with 
comments, my dnsmasq.conf is 380+ lines.  Shorewall is another example, 
the documentation is in the configuration files.  The average shorewall 
configuration file has 0 lines of active commands in it (grin) but has 
at least 150 lines of comments.


A junos or IOS configuration is just the minimal changes off of the 
default to turn on the bits you need.  There's a little semantic or 
syntactic structure to make it easy to migrate back and forward between 
binary versions.


We could auto-generate config /etc files from a database.  This is what 
we did in the JUNOS UI (my baby).  Later on, we decided that XML 
constructs work very nicely for this kind of thing, but the overhead and 
bloat are high, and I think that the re-engineering effort alone for any 
database driven project would make such a project a non-starter, no 
matter how appealing it is.




---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] Re: floppy vs flash drive

[Paul Traina]

I think the question is, should the PRIMARY b-u distribution be geared 
towards a floppy release, or something more modern.  If people with 
floppy only hardware want to maintain a stripped down floppy only 
version, that's great, but do we really want the fate of B-U tied to 
such limitations?


Frankly, I have a love hate relationship with B-U, and I think it's 
destined to fail for more than a lack of a snazzy web interface.  I'm 
not trying to blame anyone, I'm just stating issues getting in the way 
of B-U's usefullness for the general DIY router crowd.  I've put up with 
them because I've been a unix hacker and router hacker for over 15 
years, but I still find them painful:


1) I was a core developer for FreeBSD for over six years.  I've been
   a Debian follower for about eight years as well.  Both projects
   lost major mindshare because their software was too difficult for
   folks to install.  As dedicated hackers, we looked at ourselves and
   said: "WTF?"  Then Mandrake and later Fedora came along and we saw
   how installs should work.  Even eye candy can be important. :-(

   Installing B-U on modern hardware is still a pain requiring multiple
   tools and sometimes multiple operating systems.  Installing mono0wall
   is as simple as running dd or pfwrite with a single binary.  Until
   you can make BU easy to install on something other than a box with a
   floppy, you're cutting off most of your "try it and see" crowd.

2) It's insanely tedious to upgrade the software because the configs
   are still stored with the binaries, and there are no tools for
   merging diffs between the configs (e.g. ucf).

3) There's no easy way to figure out what modules should be updated.

Other developer rants:

4) The development environment is a mess.  It needs to be portable and
   self contained.  People should be able to build a development
   environment on any POSIX based system, even a cygwin environment.

(wishlist much much lower priority):

5) The way we use CVS is a mess.  Because diffs are stored out of tree
   in .tar.gz files and applied at build time, it's a pain in the ass
   to see what work other people have done.  Debian has this problem,
   FreeBSD does not.  CVS and SVN have branches, sources should be
   tracked and imported.

These are all common problems in open software projects like this.  Once 
you climb over the hurdle of getting the damn thing working, you no 
longer care about the install experience, but to gain additional workers 
and reduce your support load, this needs to be done.  In any commercial 
endeavor (e.g. even Ubuntu and RedHat like commercializations of Linux), 
initial user experience is the FIRST priority, not the last priority.


Am I volunteering to fix any of this?  Nope, not anymore.  I bought a 
bunch of wrt54gl's and am using openwrt which provides similar 
capabilities on less expensive hardware and there's a much larger active 
developer base.  That doesn't mean I don't like B-U and the team, I 
think you guys are awesome.


Paul


---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] Re: [leaf-user] pptpd current b-u problems

[Paul Traina]

I got my dev environment working (limping) again.
I built a pptpd with symbols and statically linked.

It was crashing in libwrap.
I added the line "pptpd: ALL" to /etc/hosts.allow and now it works.

My libwrap hosts.deny is the default, libwrap should obviously not
be crashing.  Unfortunately I didn't compile uClibc and libwrap with
symbols so I don't know what libwrap screwed up (or uClibc):

Core was generated by `./pptpd --fg'.
Program terminated with signal 11, Segmentation fault.
#0  0x0805207d in inet_pton ()
(gdb) where
#0  0x0805207d in inet_pton ()
#1  0x08052452 in getaddrinfo ()
#2  0x0804bb70 in sock_hostname (host=0xb880) at socket.c:265
#3  0x0804b560 in eval_hostname (host=0xb880) at eval.c:77
#4  0x0804a402 in host_match (tok=0xbfffee85 "PARANOID", host=0xb880)
at hosts_access.c:316
#5  0x0804a108 in list_match (list=0xbfffee84 " PARANOID", request=0xb770, 
match_fn=0x804a1e5 ) at hosts_access.c:217
#6  0x0804a005 in table_match (table=0xbfffee84 " PARANOID", 
request=0xb770) at hosts_access.c:173
#7  0x08049f0a in hosts_access (request=0xb770) at hosts_access.c:133
#8  0x0804968d in pptp_manager (argc=2, argv=0xbdf4) at pptpmanager.c:219
#9  0x08048745 in main (argc=2, argv=0xbdf4) at pptpd.c:420
(gdb) up
#1  0x08052452 in getaddrinfo ()
(gdb) up
#2  0x0804bb70 in sock_hostname (host=0xb880) at socket.c:265
265 if (getaddrinfo(host->name, NULL, &hints, &res0) != 0) {
(gdb) print host->name
$1 = "protempore.shockwave.org", '\0' 
(gdb) print hints
$1 = {ai_flags = 3, ai_family = 2, ai_socktype = 1, ai_protocol = 0, 
  ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, ai_next = 0x0}
(gdb) print res0
$2 = (struct addrinfo *) 0x0
(gdb) quit

The arguments being passed into getaddrinfo look, at first glance, to
be reasonable.  I looked over the hints getting passed in, they look good.

There may be a generic problem dealing with ALL: PARANOID, this is the
first time I've ever actually violated a libwrap directive since my
firewall usually protects everything.

Worst case, I'll need to rebuild uclibc with symbols, but I'm not looking
forward to that, my dev environment is quite shakey thanks to compiler
mismatches.  I was hoping to not do any more leaf development until the
upgrade to gcc-4.0 and a recent uclibc.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] ipp2p

[Paul Traina]

I thought, at one point, the ipp2p matching code was part of the build
kernel, but it doesn't appear as if it's in the 2.4.32 kernel you compiled.


No, the ipp2p code isn't in yet. I know Arne created some setups for it,
but we still need to discuss a bit about what's the best way to implement
it in buildtool.


How can I help?


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] ipp2p

[Paul Traina]

Eric,

I thought, at one point, the ipp2p matching code was part of the build 
kernel, but it doesn't appear as if it's in the 2.4.32 kernel you 
compiled.  If not, this would be a nice capability for BU to carry 
forward.  I find that the p2p traffic on my network is bogging stuff 
down a bit (especially the voip stuff) and rather than trying to 
enumerate all the voip connections, it would be easier to kick the p2p 
traffic back to a max of 80% of my b/w.


Much thanks,

Paul


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] 7 problems building B-U from scratch (entire distribution)

[Paul Traina]

No clear differentiation between programs that run in the host environment
and programs that need to be compiled in the target environment.
Good exercise would be to build LEAF on a non x86 linux box and find all
of this crap (for example, linux/scripts/mkdep (a binary) is compiled
against uclibc by the target compiler, but run on the host).

(Of course, I've mentioned this before... but it really needs to get fixed
 as our host and target environments diverge)

Good luck on that one. I'd really like to see that too, but the last
time I tried, I failed miserably. There are _many_ configure scripts out
there that simply cannot cope with a true cross-compile - many assume
that the build host will also be the target host.
If you specify the appropriate options (--build and --host, if I recall
correctly), they fail. So, even if we fix all the "crap" that's compiled
against uclibc but runs on the build-host, it wouldn't really help much,
unless somebody takes the time and cleans up those troublesome configure
scripts too, and then takes the changes upstream, so the changes to the
configure scripts wouldn't have to be re-applied with the next version.


True, but the only way to solve this is to start, one package at a time. 
 Some better documentation on the build environment would help (no, I'm 
not volunteering at the moment), perhaps what we need is a "hello world" 
package that works in a completely cross-compiled environment as a 
start?  Sorry, I can't volunteer for this this year, my head is 
exploding with other work (in fact, apologies for the delay in replying).



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] 7 problems building B-U from scratch (entire distribution)

[Paul Traina]

Eric Spakman wrote:

Hi Paul,


Something needs to be done so that the pthread include files are used
instead of the system include files.


The pthread library is part of uClibc and compiled with the initial build
of buildenv. The pthread.h file is also part of uClibc and placed in the
.../staging/include directory.
I rebuilded the upnpd sources and looked through the source and
buildtoollog, but I  didn't saw a reference to my host pthread.h file.
This would also be very strange, because the include path is set in the
target gcc compiler which will look for headers in the .../staging/include
directory.

Can you point where you found the reference to the host include files?

Eric


You're absolutely right, I must have gotten a bad batch of crack that 
night, this bug report seems off.  Sorry.  upnpd shouldn't need lpthread 
at all.  I think I noticed it by inspection.



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] 7 problems building B-U from scratch (entire distribution)

[Paul Traina]

Eric Spakman wrote:

Hi Paul,


(6)


upnpd package needs to depend upon lpthread in sources.conf


That's not needed, the pthread library is build as part of uClibc and
already build in the buildenv setup. The pthread setup is only to create
the package, it's no dependency of upnpd.

Eric



Something needs to be done so that the pthread include files are used 
instead of the system include files.



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] 7 problems building B-U from scratch (entire distribution)

[Paul Traina]

(1)

gpio fails to package
tries to package staging/lib/modules/gpio.o
file is really   staging/lib/modules/2.4.32/gpio/gpio.o

--

(2)

initrd needs to be built as real root, not fakeroot because it tries to
mount loopback filesystems in order to make the packages

--

(3)

lrpstat requires java_home & java sdk to be built but is not documented
and not depended upon...

--

(4)

shorewall fails to package, cp is failing on /etc/shorewall/*, looks like
this cp happens *AFTER* "Cleaning up dir /tmp/BUILDTOOL_STAGING_"

Creating dir /tmp/BUILDTOOL_STAGING_iYSA/etc/default/
 Creating dir /tmp/BUILDTOOL_STAGING_iYSA/etc/default
executing cp /home/pst/leaf/buildtool/staging/etc/default/shorewall 
/tmp/BUILDTOOL_STAGING_iYSA/etc/default/shorewall
executing cp /home/pst/leaf/buildtool/staging/etc/shorewall/* 
/tmp/BUILDTOOL_STAGING_iYSA/etc/shorewall
cp: omitting directory 
`/home/pst/leaf/buildtool/staging/etc/shorewall/start.d'
cp: omitting directory 
`/home/pst/leaf/buildtool/staging/etc/shorewall/stop.d'
Cleaning up dir /tmp/BUILDTOOL_STAGING_iYSA
Copying file /home/pst/leaf/buildtool/staging/etc/shorewall/* failed. No 
such file or directory at ./buildpacket.pl line 416
main::system_exec('cp 
/home/pst/leaf/buildtool/staging/etc/shorewall/* /tmp/BUIL...', 'Copying file 
/home/pst/leaf/buildtool/staging/etc/shorewall/*...') called at 
./buildpacket.pl line 517
main::copyBinariesToPackageStaging('HASH(0x8487bcc)', 
'/home/pst/leaf/buildtool/staging') called at ./buildpacket.pl line 1150

--

(5)

pptpd is attempting to execute aclocal1.9 as part of the build

it should be depending upon the version of autotools inside the leaf
buildtool environment, not trying to use a hardcoded explicit version
in the host environment.

--

(6)

upnpd package needs to depend upon lpthread in sources.conf

--

(7)

No clear differentiation between programs that run in the host environment
and programs that need to be compiled in the target environment.
Good exercise would be to build LEAF on a non x86 linux box and find all
of this crap (for example, linux/scripts/mkdep (a binary) is compiled
against uclibc by the target compiler, but run on the host).

(Of course, I've mentioned this before... but it really needs to get fixed
 as our host and target environments diverge)


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] openssl

[Paul Traina]

Guys, I see folks are starting to work on the new kernel, at this point, 
it would be a good thing update openssl to 0.97i (or 0.98a if you're 
going to refresh binaries as well).


More security holes.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] runtime keyboard controller detection for LEAF

[Paul Traina]

KP, here's a change I'd like to see implemented in the kernel.  It 
removes the old hard-coded keyboard controller check code for a much 
more simple runtime detection of the keyboard.  With this patch, there 
will be no more reason to produce two different kernels for B-U afaik.


Everything goes in the linux top level buildtool.mk directory

buildtool.cfg has replaced the old patch with the new one
buildtool.mk has been fixed to call the new patch and ALSO
srcclean cleans openswan_dir
kbc_runtime_detect_2_4.diff.gz is the new patch

Please send me e-mail with any questions.

Paul
# buildtool make file for buildenv
# $Id: buildtool.mk,v 1.15 2005/07/29 21:19:10 espakman Exp $
# 
# Note that this is some kind of a hack as you normally should do things 
# not the way they are handled here 

OPENSWAN_DIR:=openswan-1.0.9

include $(MASTERMAKEFILE)

$(BT_LINUX_DIR)/.source:
bzcat $(KERNEL_SOURCE) | tar -xvf -
ln -s linux-2.4.31 linux
zcat $(KERNEL_PATCH1) | patch -d linux -p1
zcat $(KERNEL_PATCH2) | patch -d linux -p1
zcat $(KERNEL_PATCH3) | patch -d linux -p1
zcat $(KERNEL_PATCH4) | patch -d linux -p1 
zcat $(KERNEL_PATCH5) | patch -d linux -p1  
zcat $(KERNEL_PATCH6) | patch -d linux -p1  

zcat $(KERNEL_PATCH7) | patch -d linux -p1
zcat $(KERNEL_PATCH8) | patch -d linux -p1
zcat $(KERNEL_PATCH9) | patch -d linux -p1
zcat $(KERNEL_PATCH10) | patch -d linux -p1
zcat $(KERNEL_PATCH11) | patch -d linux -p1
# openswan stuff
zcat $(OPENSWAN_SOURCE) | tar -xvf -
# this patches the kernel - so we'll do it here
$(MAKE) KERNELSRC=$(BT_LINUX_DIR) -C $(OPENSWAN_DIR) insert
cp $(LINUX_CONFIG) linux/.config 
touch $(BT_LINUX_DIR)/.source


$(BT_LINUX_DIR)/.configured: $(BT_LINUX_DIR)/.source
perl -i -p -e 's,EXTRAVERSION\s*=.*,EXTRAVERSION =,g' 
$(BT_LINUX_DIR)/Makefile
$(MAKE) -C linux oldconfig
$(MAKE) -C linux include/linux/version.h
touch $(BT_LINUX_DIR)/.configured   

source: $(BT_LINUX_DIR)/.source $(BT_LINUX_DIR)/.configured

build:  $(BT_LINUX_DIR)/.configured
echo "nothing done here right now, all done by buildenv and kernel 
package"

clean:
-rm $(BT_LINUX_DIR)/.configured
$(MAKE) -C linux clean

srcclean:   
rm -rf linux
rm -rf linux-2.4.31
rm -rf $(OPENSWAN_DIR)
# things for kernel source


Type = http
Name = www.de.kernel.org
Serverpath = /pub/linux/kernel/v2.4



Server = kernel.org
envname = KERNEL_SOURCE



Server = cvs-sourceforge
Directory = linux
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH1
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH2
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH3
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH4
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH5
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH6
Revision = HEAD



Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH7
Revision = HEAD


#connmark support

Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH8
Revision = HEAD


#wireless extensions v18

Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH9
Revision = HEAD


Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH10
Revision = HEAD

#fix ipv6 bug

Server = cvs-sourceforge
Directory = linux/patches
envname = KERNEL_PATCH11
Revision = HEAD



Server = cvs-sourceforge
Directory = linux
envname = LINUX_CONFIG
Revision = HEAD



Server = cvs-sourceforge
envname = OPENSWAN_SOURCE
directory = openswan
revision = HEAD




kbc_runtime_detect_2_4.diff.gz
Description: Binary data

[leaf-devel] B-U wrap gpio patched into the kernel

[Paul Traina]

Would someone with kernel privs add the wrap gpio driver that Luis did 
into the kernel module build process?  It doesn't have to go in the 
default modules file, but it should be built by the leaf team instead of 
people having to manually do it.


Paul


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] shorewall uploaded

[Paul Traina]

A port of 2.2.3 to B-U's buildtool has been uploaded to
devel/pstraina/shorewall.

Please code review and send opinions/hate-mail, etc.

Thanks,

Paul


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] how is shorwall.lrp produced for Bering uClibc?

[Paul Traina]

Agreed.

On Mon, Apr 11, 2005 at 01:54:10PM -0700, Tom Eastep wrote:
> Tom Eastep wrote:
> 
> > 
> > Thanks -- I note that KP had added another change to the rules file in
> > LrpN which I hadn't included in my patch. Something to do with dnsmasq...
> > 
> 
> Ok -- I took a look at that and it has to do with DHCP -- I personally
> think that a better approach is to set the 'dhcp' option on the local
> interface in the interfaces file.
> 
> -Tom
> -- 
> Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA  \ [EMAIL PROTECTED]
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
> 


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] how is shorwall.lrp produced for Bering uClibc?

[Paul Traina]

Hmm, OK, there are a couple patches in here I assume you didn't want 
anymore... based upon your changelog saying you weren't going to set up 
default stuff anymore in /etc?

Specifically:
Tom Eastep wrote:
--- /home/teastep/Shorewall/Shorewall2/interfaces   2005-04-08 
10:19:05.0 -0700
+++ ./interfaces2005-04-11 13:03:40.0 -0700
@@ -204,4 +204,6 @@
 ##
 #ZONE   INTERFACE  BROADCAST   OPTIONS
 #
+net eth0detect  dhcp,routefilter,norfc1918
+loc eth1detect dhcp
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
and

diff -au /home/teastep/Shorewall/Shorewall2/masq ./masq
--- /home/teastep/Shorewall/Shorewall2/masq 2004-12-31 09:41:44.0 
-0800
+++ ./masq  2005-02-02 13:10:52.0 -0800
@@ -197,4 +197,5 @@
 #
 ###
 #INTERFACE SUBNET  ADDRESS PROTO   PORT(S) IPSEC
+eth0   eth1
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
and
diff -au /home/teastep/Shorewall/Shorewall2/policy ./policy
--- /home/teastep/Shorewall/Shorewall2/policy	2005-03-30 07:03:32.0 -0800
+++ ./policy	2005-04-06 10:11:20.0 -0700
@@ -68,24 +68,24 @@
 #			and the size of an acceptable burst. If not specified,
 #			TCP connections are not limited.
 #
-#	Example:
+#	As shipped, the default policies are:
 #
 #	a) All connections from the local network to the internet are allowed
 #	b) All connections from the internet are ignored but logged at syslog
 #	   level KERNEL.INFO.
 #	d) All other connection requests are rejected and logged at level
 #	   KERNEL.INFO.
-#
-#	#SOURCE		DEST		POLICY		LOG
-#	#		LEVEL
-#	loc		net		ACCEPT
-#	net		all		DROP		info
-#	#
-#	# THE FOLLOWING POLICY MUST BE LAST
-#	#	
-#	all		all		REJECT		info 
-#
 ###
 #SOURCE		DEST		POLICY		LOG		LIMIT:BURST
 #		LEVEL
+loc		net		ACCEPT
+net		all		DROP		ULOG
+# If you want open access to the Internet from your Firewall
+# remove the comment from the following line.
+#fw net ACCEPT
+
+#
+# THE FOLLOWING POLICY MUST BE LAST
+#	
+all		all		REJECT		ULOG
 #LAST LINE -- DO NOT REMOVE
and
diff -au /home/teastep/Shorewall/Shorewall2/rules ./rules
--- /home/teastep/Shorewall/Shorewall2/rules2005-03-01 10:29:15.0 
-0800
+++ ./rules 2005-04-11 13:05:09.0 -0700
@@ -330,4 +330,26 @@
 

 #ACTION  SOURCEDESTPROTO   DESTSOURCE 
ORIGINAL RATEUSER/
 #  PORTPORT(S)DEST 
LIMIT   GROUP
+#  Accept DNS connections from the firewall to the network
+#
+ACCEPT  fw  net tcp 53
+ACCEPT  fw  net udp 53
+#   Accept SSH connections from the local network for administration
+#
+ACCEPT  loc fw  tcp 22
+#   Allow Ping To Firewall
+#
+ACCEPT  loc fw  icmp8
+ACCEPT  net fw  icmp8
+#
+#  Allow all ICMP types (including ping) From Firewall
+#
+ACCEPT  fw  loc icmp
+ACCEPT  fw  net icmp
+#
+# Bering specific rules:
+# allow loc to fw udp/53 for local/caching DNS servers to work
+# allow loc to fw tcp/80 for weblet to work
+ACCEPT  loc   fwudp 53
+ACCEPT  loc   fwtcp 80
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
and
--- /home/teastep/Shorewall/Shorewall2/zones2005-02-02 07:39:59.0 
-0800
+++ ./zones 2005-02-02 13:10:52.0 -0800
@@ -11,15 +11,9 @@
 # OVERLAPPING ZONES DEFINED THROUGH /etc/shorewall/hosts.
 #
 # See http://www.shorewall.net/Documentation.htm#Nested
-#
-# Example zones:
 #
-#You have a three interface firewall with internet, local and DMZ 
interfaces.
-#
-#  #ZONE   DISPLAY COMMENTS
-#  net InternetThe big bad Internet
-#  loc Local   Local Network
-#  dmz DMZ Demilitarized zone.
-#
-#ZONE  DISPLAY COMMENTS
+#ZONE  DISPLAY COMMENTS
+netNet Internet
+locLocal   Local networks
+#dmz   DMZ Demilitarized zone
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
The stuff in shorewall.conf and to start and stop I assumed were ok to 
keep.  Which way do you want me to go?  Blank, or KP-style defaults?

---

Re: [leaf-devel] how is shorwall.lrp produced for Bering uClibc?

[Paul Traina]

Tom Eastep wrote:
Paul Traina wrote:
Actually, that's exactly what I was suggesting we do as well, although
there's not consensus about it.
Let me take a whack at it this afternoon and see how cleanly I can do
it.  If people like the results, great, if not, no worries.  The biggest
problem with the way I was /intending/ to do it was that I was going to
do it inside the Bering uClibc buildtool environment, and B-U is not the
only lrp based distribution out there.
I'll see if I can make it generic-LEAF friendly.

You can certainly use the 'install.sh' script as a basis for building
and populating the directory tree. That's what is done when I build the
.rpm. Note the PREFIX environmental variable -- allows installing in a
directory other than /.
-Tom
Tom,
Would you be willing to refresh the lrp version /etc files to match what 
you believe they should be?  I know you changed your policy on template 
stuff to reduce your support load, but the lrp versions don't represent 
that change.  I've made some guesses, but...  are you the maintainer of 
the lrp versions of these files, or is KP?

Your install script assumes it runs as root, which may not be correct if 
we're using PREFIX.  Currently I'm using fakeroot as a wrapper to avoid 
dealing with the -o owner -g group arguments in install.  I was thinking 
of patching your install.sh script to something like:

if using prefix and `id -u` != 0
OWNERSHIP=""
else
OWNERSHIP="-o $OWNER -g $GROUP"
fi
and then replacing the explicit stuff with $OWNAGE, but I didn't want to 
 have to manage that patch outside of your environment.

I'll send you a patch along shortly showing you the differences between 
your LRP and what I am currently generating.

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] how is shorwall.lrp produced for Bering uClibc?

[Paul Traina]

Actually, that's exactly what I was suggesting we do as well, although 
there's not consensus about it.

Let me take a whack at it this afternoon and see how cleanly I can do 
it.  If people like the results, great, if not, no worries.  The biggest 
problem with the way I was /intending/ to do it was that I was going to 
do it inside the Bering uClibc buildtool environment, and B-U is not the 
only lrp based distribution out there.

I'll see if I can make it generic-LEAF friendly.
Paul
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] how is shorwall.lrp produced for Bering uClibc?

[Paul Traina]

I don't see it in buildtool?  Tom's got some changes in CVS I want to 
play with to test UPnP integration, and I wanted to see about making 
some local changes.

I realize shorewall isn't compiled per-se, but shouldn't it be under 
buildtool anyway so we can patch in local changes?

Confused...
Paul
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] buildtool not clean enough yet...?

[Paul Traina]

Warning:The symlink from /lib/ld-uClibc.so.0 -->
/home/pst/LEAF/buildtool/staging/lib/ld-uClibc.so.0 does not exist,
this may cause problems with some configure scripts that try to run
a compiled program

Do we still need this link?  If this is the case, then how can buildtool 
do cross-arch targeting?  We shouldn't be running any target-compiled 
executables on the host environment.

If someone can point me at the program/issue that was causing the
problem, I'll take a peek at fixing it.

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] ANN: UPnP support for Bering-uClibc (repost)

[Paul Traina]

Mike asked me to repost this to leaf-devel as well.
I'll also introduce myself a bit more.
I'm an ex-router software developer (if you're desperately interested, 
google me) who really doesn't want to spend his retirement working on 
software routers, but hates the state of the art in consumer grade 
routers you can buy off the shelf (if they just hand dnsmasq and support 
for multiple-ip-addresses when NATing, I wouldn't be here at all).

I feel like a crack whore (no offense to crack whores, since this is 
even lower than that...) for even considering turning on UPnP, much less 
porting it over to uClibc,  but I hate than static configurations for 
hosts.  We shouldn't ever have to think about IP address allocation in 
this day and age, and the thought of putting in static DNAT rules so 
that I can download stuff with bittorrent was making me unhappy.

Other than that, well, here's a port of UPnP IGD services for 
Bering-uClibc. I've tried to make integration with Shorewall as simple 
as possible, if you have any questions, I'll try to answer them.

 Original Message 
Subject: [leaf-user] ANN: UPnP support for Bering-uClibc
Date: Wed, 6 Apr 2005 09:24:21 -0700
From: Paul Traina <[EMAIL PROTECTED]>
To: leaf-user@lists.sourceforge.net
Hi folks,
I just wanted to introduce myself and let people know that I've uploaded
Universal Plug-N-Play Internet Gateway Device support for Bering uClibc.
This is a port of the project at linux-igd.sourceforge.net with some
help for integrating with Shorewall.
UPnP IGD services provide firewall and NAT traversal support
for applications that need bidirectional connection establishment
(e.g. peer-to-peer applications like audio & video chatting with most
IM programs, or bittorrent/gnutella type programs).
Documentation on how to install and use should be available in the Bering
uClibc users guide.
Two warnings:
1) This implementation supports one upstream/external interface and
   one "local" interface.  You can have more interfaces on your router
   but only one will listen to UPnP control points (clients) and only
   one gets firewall/NAT traversal rules.
2) Any time you allow hosts to automatically add rules to your firewall
   configuration, you're potentially asking for a security issue.
   Please take care to trust all the hosts on your internal interface,
   or create some policy in front of the UPnP auto-generated rules to
   disallow any unacceptable behavior.  See the documentation in
   the Bering uClibc users guide for more detail.
Installation support, bug reports, et al should come to me and please
cc the leaf-user mailing list.
Paul
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Re: [leaf-devel] why do we install non-build binaries in bt_staging_dir?

[Paul Traina]

Sigh, I forgot, I already asked this question in Feburary, I just didn't 
like the answer then so I forgot it...

K.-P. Kirchdörfer wrote:
> The long term idea by Arne or Martin has been  to chroot into staging
> and run our own distro from there.
> I've asked myself, but then with all the problems with some packages
> leaking on some machines, I understood it may help in the long run.
I happen to disagree on this one, but I'll follow their lead...
I think that it's more important to keep staging dir clean, and if you 
want to test-run a distro (assuming you have the same CPU), you 
could/should just have a small script that untar's all the LRPs into a 
chroot jail.  That way you also test to make sure the .lrp's were 
packaged correctly (you remembered to include all the files the router 
needs).

I feel that the staging directory really should be reserved for the 
toolchain and supporting libraries (i.e. include files and shared 
libraries) required by other packages.

I've been building both debugging and non-debugging versions of upnpd, 
and I live in fear that I didn't sanitize staging_dir and clean out the 
old libraries.  It's much easier to just rm -rf target_dir/upnpd and not 
worry.  It also means I can have separate versions of upnpd in the tree 
and not have them install crap over each other.

Minor point, but just wanted to share my two cents.  I'll follow the 
current consensus of the group.

Paul
p.s. has anyone tested how "clean" our build environment really is?
I've got some worries about include file and library file 
cross-polination from the host build environment...but I haven't dug 
into the gcc spec file for the cross compiler to make sure it never 
includes anything from /usr/include and LD never looks at /usr/lib.
can buildtool run under freebsd to produce a LEAF binary?
can buildtool run on a powerpc to produce an i386 binary?


---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] best way to keep "new" files that are part of an lrp?

[Paul Traina]

In the upnpd package, I create several new files that are part of the 
package and are LEAF environment specific.  At first, I was keeping them 
in a patch file, but that seems like I'm mis-using cvs.  I think it 
would be best to actually keep them as individual source files right in 
CVS so people can easily use CVS to see diffs, merge, update, etc...

upnpd/
buildtool.cfg
buildtool.mk
libupnp-1.2.1a.tar.gz   -upstream
libupnp-1.2.1a-1.diff.gz-leaf patch
upnpd_cvs20050215.tar.gz-upstream
upnpd_cvs20050215-1.diff.gz -leaf patch
etc/-new files
init.d/
upnpd
default/
upnpd
shorewall/
action.allowinUPnP
action.allowoutUPnP
action.forwardUPnP
start.d/
upnpd_start
First off, would it be bad form to do it this way?
Secondly, if I do, am I stuck creating a  line in buildtool.cfg 
for every single file, or could I just specify a directory?


Server = cvs-sourceforge
Revision = HEAD
Directory = upnpd

Thanks, and sorry for flooding everyone with all of these newbie 
developer questions, I just want to make things as clean as possible and 
not crap all over the project.

---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] why do we install non-build binaries in bt_staging_dir?

[Paul Traina]

I certainly understand why we copy the toolchain, libraries, and include 
files into bt_staging_dir, but it seems somewhat bogus that we're doing 
so for end-binaries (i.e. things that nothing else is ever going to 
depend upon)...

Is there a reason for this?  It seems that there was a change in the 
charter for bt_staging_dir at some point (the documentation discusses 
that it's just for the toolchain elements, but all the example 
buildtool.mk files I've seen copy binaries and configuration files in 
there that are not part of the toolchain).

I realize I'm just talking about one line in a buildtool.mk file, but it 
just seems curious that we're polluting what would otherwise be a clean 
and hopefully idempotent toolchain directory.

Thanks,
Paul
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

[leaf-devel] adding files to /etc/shorewall from a different package?

[Paul Traina]

Hi,
I'm packaging upnpd.lrp.  I'd like to add a few user defined actions to 
shorewall to make integrating leaf and shorewall a bit easier.  I'm 
wondering what the best way to do this is...

currently I'm having the user add:
/etc/shorewall/action.allowinUPnP
/etc/shorewall/action.allowoutUPnP
/etc/shorewall/action.forwardUPnP
/etc/shorewall/start.d/upnpd_start
modify /etc/shorewall/modules   (add ipt_owner)
modify /etc/shorewall/actions   (register the actions)
I'd like to just include these files right in the upnpd.lrp file.
1) Since I'm a .lrp file, should the new files be added to 
/usr/share/shorewall?  The new files aren't really meant for user 
consumption or manipulation

2) What's the best way to insure that upnpd.lrp "owns" these files
   when the user does a backup of either shorewall or upnpd?  It
   would be evil for me to modify any of shorewalls files or package
   config excludes?
Paul
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
___
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel