PHP-MySQL-Apache madness!
I am tearing my hair out. I like to compile PHP and MySQL from source, for use with Apache on OpenBSD - due to a recent intrusion via PHP vulnerability, I absolutely need to run the latest versions of everything. I have PHP-MySQL-Apache(CHROOT) working fine on a 3.8 installation but cannot get it working with 3.6 anymore. Please don't tell me the upgrade the 3.6, the server is in a remote location and the FAQ does not recommend upgrading the OS remotely anymore. PHP and MySQL compile and install fine, but Apache exits with no error codes in this configuration. I have put Apache in debug mode and it still exits with no error codes! When I remove the PHP module, Apache starts fine. PHP works fine on the command line. MySQL fine works on the command line. The most @#$1!% frustrating thing is that all was working fine on this configuration with MySQL 4 and PHP 4.4.0. When I upgraded to PHP 4.4.1 and restarted Apache it all worked fine... then one day later the OpenBSD kernel panic'ed or was otherwise unresponsive. A full reboot was required by pulling the plug, because the console would not respond (I walked my brother through this over the phone - remote location). When the system came back up, Apache would not start. Annoyed, I uninstalled PHP and then installed the PHP binary package, which is somewhat out of date. Then Apache worked fine, but I absolutely cannot run with an old version of PHP due to security issues. I am at the point of compiling Apache on my own and getting that running. It is maddening that there are no error logs in this configuration (see above). It makes no sense why it was working before, and not now. I have even reverted back to PHP 4.4.0 and it still doesn't work like it did before. Tried uninstalling PHP before 'make install' of the old version but still no dice. Same thing with PHP 5.0.5. Please help this is driving me fucking nuts. Best regards, Kelly Martin -- Kelly's Red Beet Factory www.redbeet.com
Re: pkg_add, pkg_delete -- can't force
Chris wrote: How can I get Horde3 installed without using php5? I prefer not to have to resort to installing from the tarball, as I like the installation db to be accurate, and I want to stay within the audited code. I ran into the same problem (php5 as a dependency but not supported by Horde...). What I did is simply installed horde, imp... for the official tarballs. Anyway, I still have problem under 3.8 and current with Horde, some https pids get killed while accessing some pages. Since I did not have the time to debug this for now, I'm stuck with horde2. Antoine
Re: OpenBSD official media
On Sat, 5 Nov 2005 23:35:14 -0600, Marco Peereboom [EMAIL PROTECTED] wrote: You mean because hppa, mac68k, m88k and sparc, just to name a few, have outstanding DVD devices available. Marco, now that's very unlike you -You left out the most important part of the punch line; phear my 1337 DVD-booting vaxen ;-) JCR
State of ACPI in OpenBSD
Among other new features in 3.8 I've noticed acpid(8) daemon and manpage. According to manpage, The acpid command appeared in OpenBSD 3.8 and /etc/acpi/suspend and /etc/acpi/powerdown are the files that contain the host's customized actions. But there is no /etc/acpi directory. And there is no any notices about acpid at http://www.openbsd.org/38.html. So what about ACPI in OpenBSD for now? Is acpid(8) and its manpage only a stub for future functionality?
Re: PHP-MySQL-Apache madness!
On Sun, Nov 06, 2005 at 04:30:46AM -0500, Kelly Martin wrote: I am tearing my hair out. I like to compile PHP and MySQL from source, for use with Apache on OpenBSD - due to a recent intrusion via PHP vulnerability, I absolutely need to run the latest versions of everything. I have PHP-MySQL-Apache(CHROOT) working fine on a 3.8 installation but cannot get it working with 3.6 anymore. Please don't tell me the upgrade the 3.6, the server is in a remote location and the FAQ does not recommend upgrading the OS remotely anymore. PHP and MySQL compile and install fine, but Apache exits with no error codes in this configuration. I have put Apache in debug mode and it still exits with no error codes! When I remove the PHP module, Apache starts fine. PHP works fine on the command line. MySQL fine works on the command line. The most @#$1!% frustrating thing is that all was working fine on this configuration with MySQL 4 and PHP 4.4.0. When I upgraded to PHP 4.4.1 and restarted Apache it all worked fine... then one day later the OpenBSD kernel panic'ed or was otherwise unresponsive. A full reboot was required by pulling the plug, because the console would not respond (I walked my brother through this over the phone - remote location). When the system came back up, Apache would not start. Annoyed, I uninstalled PHP and then installed the PHP binary package, which is somewhat out of date. Then Apache worked fine, but I absolutely cannot run with an old version of PHP due to security issues. I am at the point of compiling Apache on my own and getting that running. It is maddening that there are no error logs in this configuration (see above). It makes no sense why it was working before, and not now. I have even reverted back to PHP 4.4.0 and it still doesn't work like it did before. Tried uninstalling PHP before 'make install' of the old version but still no dice. Same thing with PHP 5.0.5. Please help this is driving me fucking nuts. Best regards, Kelly Martin Maybe the httpd binary or some library got damaged in the kernel panic? If you have some way of discovering what fsck did to your filesystem, that might give you a clue. Otherwise, recompiling 3.6-stable may help. Have you checked to see if there are any important OpenBSD-specific patches to PHP in the ports tree? It might be better to manually apply the diff between PHP 4.4.0 and PHP 4.4.1 to the OpenBSD version, checking for problems as you go. Aside from these shots in the dark, I know too little to offer any real assistance. Joahim
Re: smartmontools (smartd) kills system [trace/gdb]
Kenneth R Westerback wrote: On Fri, Nov 04, 2005 at 03:22:33PM +0100, per engelbrecht wrote: Kenneth R Westerback wrote: On Fri, Nov 04, 2005 at 07:14:05AM +0100, per engelbrecht wrote: K WESTERBACK wrote: I'm interested. Ken Hi again Ken If you find anything of value it would be nice to know. (putting the box into production real soon) Thank you. /per [EMAIL PROTECTED] I hope to be able to investigate this weekend. I had a look at the code and, well, it looked pretty weird. :-). Ken Hi Ken When you say weird I get the same sensation as when my dentist say 'Uups' :-S That would be just brilliant if you could. If not, fine too. I just appresiate having you to on it. The best /per [EMAIL PROTECTED] The ahd timeout code is definately and completely borked. Thanks very much for finding a program that proved this. Hi Ken (damn, you move fast) I think of it as more of a coincidence, but you're welcome :) This diff puts ahd back to the primitive 'timeout == bus reset that most other drivers use. Now I can 'smartctl -a /dev/sd1c' many times without crashing or hanging the machine. Sounds like it's heading in the right direction. In addition I suppress a lot of useless verbiage so that you can actually read the program output. Nice. I'll be investigating further as to how much of this will committed, and trying to figure out why it's timing out in the first place, and why the results are inconsistant. The inconsistancy is that sometimes commands fail, sometimes 'SMART Health Status: OK' is displayed. A few times I've also seen 'SMART Health Status: OK' randomly displayed among lots of dump output. Unable to catch it though. Let me know if this helps you. I sure will. Can't do it right now, but I'll give it a go around 1800 CEST and give you the result. Thank you for your time so fare Ken. /per [EMAIL PROTECTED] Ken Index: aic79xx.c === RCS file: /cvs/src/sys/dev/ic/aic79xx.c,v retrieving revision 1.28 diff -u -p -r1.28 aic79xx.c --- aic79xx.c 4 Oct 2005 23:52:04 - 1.28 +++ aic79xx.c 5 Nov 2005 19:12:57 - @@ -253,9 +253,6 @@ u_int ahd_resolve_seqaddr(struct ahd_so void ahd_download_instr(struct ahd_softc *ahd, u_int instrptr, uint8_t *dconsts); intahd_probe_stack_size(struct ahd_softc *ahd); -intahd_other_scb_timeout(struct ahd_softc *ahd, - struct scb *scb, - struct scb *other_scb); intahd_scb_active_in_fifo(struct ahd_softc *ahd, struct scb *scb); void ahd_run_data_fifo(struct ahd_softc *ahd, @@ -3124,7 +3121,7 @@ ahd_set_syncrate(struct ahd_softc *ahd, ahd_send_async(ahd, devinfo-channel, devinfo-target, CAM_LUN_WILDCARD, AC_TRANSFER_NEG, NULL); #endif - if (1 /*bootverbose*/) { + if (bootverbose) { if (offset != 0) { int options; @@ -9148,305 +9145,41 @@ ahd_timeout(void *arg) { struct scb *scb = (struct scb *)arg; struct ahd_softc *ahd; + char channel; + long s; + int found; +#ifdef AHD_DEBUG + int was_paused; +#endif ahd = scb-ahd_softc; - if ((scb-flags SCB_ACTIVE) != 0) { - if ((scb-flags SCB_TIMEDOUT) == 0) { - LIST_INSERT_HEAD(ahd-timedout_scbs, scb, -timedout_links); - scb-flags |= SCB_TIMEDOUT; - } - ahd_recover_commands(ahd); - } -} - -/* - * ahd_recover_commands determines if any of the commands that have currently - * timedout are the root cause for this timeout. Innocent commands are given - * a new timeout while we wait for the command executing on the bus to timeout. - * This routine is invoked from a thread context so we are allowed to sleep. - * Our lock is not held on entry. - */ -void -ahd_recover_commands(struct ahd_softc *ahd) -{ - struct scb *scb; - struct scb *active_scb; - longs; - int found; - int was_paused; - u_int active_scbptr; - u_int last_phase; - ahd_lock(ahd, s); +#ifdef AHD_DEBUG + was_paused = ahd_is_paused(ahd); + printf(%s: SCB %d timed out - Card was %spaused\n, ahd_name(ahd), + SCB_GET_TAG(scb), was_paused ? : not ); + ahd_dump_card_state(ahd); +#endif + /* * Pause the controller and manually flush any * commands that have just completed but that our * interrupt handler has yet to see. */ - was_paused = ahd_is_paused(ahd); - - printf(%s: Recovery Initiated - Card was %spaused\n, ahd_name(ahd), -
Re: OT: 10 things i hate most on unix
At first I thought perhaps my sarcasm detector (now _there's_ a real useful invention!) was broken, but apparently this guy is serious. To put a new twist on the old aphorism: Those who do not understand the UNIX Hater's Handbook are doomed to reinvent it poorly. (Or maybe plagiarize it poorly, I can't tell.) If you haven't read it, it's worth taking a look at. Very much tongue-in-cheek, of course, and due to its age, not entirely correct now (being written prior to the rise of Linux and *BSD). If nothing else, read dmr's anti-foreword and the appendix where Thompson, Kernhigan, and Ritchie admit UNIX and C were April Fool's pranks. Nick's taking himself seriously bit and subsequent deconstruction reminded me of this publication (I mean this as a compliment, really!). I still keep the KR C book on my shelf (long live 1TBS!). It's the 2nd ed. though... being young enough to learn C as ANSI C, I find the earlier style of code positively icky, and I think the ansify commits in the CVS logs agree with me. :-) Speaking of going off-topic... -Andrew
Re: OT: 10 things i hate most on unix
On Sun, Nov 06, 2005 at 06:22:29AM -0600, Andrew Daugherity wrote: At first I thought perhaps my sarcasm detector (now _there's_ a real useful invention!) was broken, but apparently this guy is serious. I'm seriously falling into this troll trap.. oh well. It's an interesting article but in the end it doesn't really say anything and leaves the reader with nothing. If this guy was serious he'd proactively provide an alternative to UNIX. But he doesn't. He just cries about how much UNIX sucks for his purposes. He mentions QNX and how nice that is, but he fails to mention that QNX isn't Open Source and that you gotta buy it. And you probably don't get the source with it either. I for one think the Unix-like Operating System of my choice outweighs any nitpicks of this crank. -peter
Re: OT: 10 things i hate most on unix
Nick Holland wrote The whole C doesn't do strings has always been complete Bull Sh*t in my mind. C does strings like the processor underneath does -- it doesn't make complex operations involving moving thousands of bytes look simple. While I do use Perl for some apps, the stuff it lets you get away with in one line creeps me out horribly...knowing C and a few (ancient) assembly languages, I know what is going on under the covers, but I have sympathy for the new programmer (or very experienced programmer who lacks certain bits of experience) who writes a ten line program and wonders why it takes twenty minutes to run... I also think C is a great language. I also think it does strings well, you just need to be a little creative about it. A pointer here and a data structure there will go along way. If someone can't make C do strings I think they need to reevaluate there creativity. You have to play a game here or there but once you do it and figure it out - its done forever. Anthony
Re: hostname detective
On 11/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I found the thread below on google when searching for the hostname detective issue. I appreciate this was raised in June 2004, but there doesnt appear to be many more instances of this issue on the net. Question is did you find out what caused it? I have it on my network and Id like to know how to prevent reoccurrence. Thanks Mark Skimming through my leases file I noticed a bogus MAC address of 45:3b:13:0d:89:0a as well as two others which used the hostname detective and leased all of the available IP addresses in my pool for two minutes. I googled for this situation and found a published log from some college's dhcp.leases file with the same MAC address and hostname being used. Has anyone else seen this behavior before? The only interface serving DHCP is my internal one with only two machines on it. Almost sounds like one of them got hacked. Does anyone know what virus/spyware would've caused this? I don't think a virus or spyware is probable (I might be wrong) - could it be someone brought a device along (small embedded computer, zaurus/other pda etc) and scanned/enumerated your internal network? otoh, I fail to see the relationship to openbsd --knitti
Re: OT: 10 things i hate most on unix
I always thought that the number one reason Unix sucked as lack of support for Mind-Reading Markup Language so I don't have to use any input device anymore. I guess I was wrong.
Re: FYI: new mailing list anti-spam measures
After talking to some folks who would be negatively impacted by this I've decided to drop the dial-ups blacklist and hope that greylisting catches the bulk of the spam (which for most compromised windows hosts is the case). - todd
Re: OT: 10 things i hate most on unix
On Sun, Nov 06, 2005 at 12:40:12AM -0200, Gustavo Rios wrote: Hey folks, sorry, but i found this on the web. May someone tell if it is serious, i myself could not believe it. http://www.informit.com/articles/article.asp?p=424451seqNum=1 Looks like a rehash of http://research.microsoft.com/~daniel/unix-haters.html with its Anti-Foreward by Dennis Ritchie. Whether you think it is humurous or not is of course up to you. I thought it was funny when I read it '94. Ken
Re: OT: 10 things i hate most on unix
On Sun, 6 Nov 2005 00:40:12 -0200, Gustavo Rios [EMAIL PROTECTED] wrote: Hey folks, sorry, but i found this on the web. May someone tell if it is serious, i myself could not believe it. http://www.informit.com/articles/article.asp?p=424451seqNum=1 I didn't even bother loading the page... if it's sarcasm, should be funny, but if it's not funny, the guy is probably serious. If you want a critical look at UNIX, with comparisons, google up a copy of the UNIX Haters Handbook, It's good reading even if you are a devout weenix uni. JCR
Re: rapid response to ordering :-)
Hmmm, I ordered mine over 2 weeks ago and still haven't seen them. Probably stuck somewhere with the good old USPS. Greg Me too, I preordered my CD set to OpenBSD/Europe (I live in Spain ) at the beginning of october and I am still waiting, :-( . Anyway, I asume they are busy sending so many CDs. Ramiro.
Re: State of ACPI in OpenBSD
It will eventually happen but not until it can be done right. Keep an eye out on the lists for this over the next few months. On Sun, Nov 06, 2005 at 01:13:11PM +0300, Anton Karpov wrote: Among other new features in 3.8 I've noticed acpid(8) daemon and manpage. According to manpage, The acpid command appeared in OpenBSD 3.8 and /etc/acpi/suspend and /etc/acpi/powerdown are the files that contain the host's customized actions. But there is no /etc/acpi directory. And there is no any notices about acpid at http://www.openbsd.org/38.html. So what about ACPI in OpenBSD for now? Is acpid(8) and its manpage only a stub for future functionality?
Re: OpenCVS Questions
On 11/5/05, J.C. Roberts [EMAIL PROTECTED] wrote: I was looking to learn more about OpenCVS, in particular, reading the cvsintro docs mentioned here: http://www.opencvs.org/manual.html Unfortunately the links are broken. Could someone drop-kick me in the right direction? I need to (better) learn both CVS usage and CVS setup/administration. Based on what Tedu suggested please see if this will be of any help for now http://cvsbook.red-bean.com/cvsbook.html :-) kind regards Siju -- Siju Oommen George, Network Consultant. HiFX IT MEDIA SERVICES PVT. LTD. http://www.hifx.net
pptp-linux to access Microsoft VPN servers
Hello! Has anyone working pptp-linux client to access MS VPN servers? Could someone share config? Thanks!
Re: Setting up printer with cups Epson Stylus Photo 820
Not really. I want to use cups for network printing and it requires esp ghostscript for which there is no port. Also, gutenprint provides newer drivers than gimp-print. Date: Sat, 5 Nov 2005 23:13:54 -0800 From: Jacob Meuser [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: Setting up printer with cups Epson Stylus Photo 820 Message-ID: [EMAIL PROTECTED] On Sun, Nov 06, 2005 at 12:22:55AM -0600, Jeff Roach wrote: I finally got it working. Here are the steps, you could have read this post to ports@ from a few days ago instead: http://marc.theaimsgroup.com/?l=openbsd-portsm=113082409018820 probably would have been much less work for you. -- [EMAIL PROTECTED]
Re: Dual Head Graphic Card
I was thinking about something like that: http://disjunkt.com/dualhead/ http://cambuca.ldhs.cetuc.puc-rio.br/multiuser/ http://www.ltn.lv/~aivils/ http://www.itsopen.net/projects/x-hack/ http://www.google.com/search?hl=enlr=safe=offq=Linux+multi+local+X... What i need is not to proliferate desktop around. 2005/11/6, Nick Holland [EMAIL PROTECTED]: Gustavo Rios wrote: Dear friends, mo desktop box's graphic card has support for two monitor. I have two sets containing each: 1 monitor, 1 mouse and 1 keyboard. The mouse and keyboard are connected to the monitor via USB. I wonder if i could have a configuration like that: I would like to have the first 5 ttys connected to the one set of devices, and the second set holding the seconds 5 ttys. The ideia is to be able to have two users connected independently to a single desktop. Could i made my self clear about my goal? Is that possible to achieve? Thanks in advance for your time and cooperation. Best regards. Of course it is possible. Just write enough code. Don't waste your time. Add an old, second computer pulled out of the trash to the puzzle, run X on it, and use it as an X terminal for the first. You have accomplished your stated goal using tools the way they were intended to be used, rather than twisting them in ways they were not intended. Plus, you have much greater scalablity -- what do you do for the THIRD, fourth, or twentieth user on your system? With my recommendation, just add more junk computers. Your idea? Not going to happen. Nick.
Re: Setting up printer with cups Epson Stylus Photo 820
On Sun, 6 Nov 2005 14:08:04 -0600 Jeff Roach [EMAIL PROTECTED] wrote: Not really. I want to use cups for network printing and it requires esp ghostscript for which there is no port. I'm sort of working on that with a very low priority. I'll have a look at that again this week. I'll try to fix an outdated gimp-print port too. I hope that may help you. [...] -- [EMAIL PROTECTED] Cheers, Jasper -- Security is decided by quality -- Theo de Raadt
RE: Re: OT: 10 things i hate most on unix
[EMAIL PROTECTED] wrote: On Sun, Nov 06, 2005 at 12:40:12AM -0200, Gustavo Rios wrote: Hey folks, sorry, but i found this on the web. May someone tell if it is serious, i myself could not believe it. http://www.informit.com/articles/article.asp?p=4244 51seqNum=1 Looks like a rehash of http://research.microsoft.com/~daniel/unix-haters.h tml with its Anti-Foreward by Dennis Ritchie. Whether you think it is humurous or not is of course up to you. I thought it was funny when I read it '94. Ken Looks like a good book. Thanks. from the Preface Deficient by Design Being small and simple is more important than being complete and correct You only have to solve 90% of the problem. Everything is a stream of bytes. Despite a plethora of fine books on the subject, Unix security remains an elusive goal at best. There is an obvious implication for Windows security. These attitudes are no longer appropriate for an operating system that hosts complex and important applications The gripes may be legitimate, but really, are we any closer to finishing that last 10% than we were 40 years ago? Before there even were such things as operating systems and editors and such. Probably the real reason to hate Unix is that it has outlived its betters, and will most likely continue to do so. Somehow the assumption that you have 100% (when only 90% is attainable) seems to be eventually fatal.
Re: PHP-MySQL-Apache madness!
Kelly Martin wrote: OpenBSD kernel panic'ed or was otherwise unresponsive. A full reboot was required by pulling the plug, because the console would not respond (I walked my brother through this over the phone - remote location). When the system came back up, Apache would not start. I know you wrote not to suggest to upgrade to 3.8, but look to me that you have your brother available to help. I know I wrote the instruction before for a friend that never even touch Unix in his life before on how to set this up (OpenBSD). If you think about it for a few seconds. I would definitely argue that you would have lost less time by writing the instruction and sending them to your brother, let him wipe it clean and bring it back up where you can then ssh to it and do all that you need form that point. From the CD, or even from the bsd.rd version, setting up a box is really quick, ok if you need to download the full system from the bsd.rd version over ftp it may take a bit more time, but still, a few simple question to answer and you are home free, unless you really don't trust your brother, but even then... Not what you want to ear I know for sure, but just think about it... I am sure it would take you less time this way and you would not have to deal with madness... I am sure you can setup your box from scratch in less then 10 minutes with a CD. Have your brother do that over the phone if you have to. I am sure he will fell good in the end and your problem will be gone as well, plus you would have an upgraded version. Think how much time you already spend on it. Hope this provide you some moral support anyway. Daniel
Jacek Artymiak's Book
Has anyone heard when the new version of Jacek's PF book will be released? Thanks, Jim
pkg_add -r TWiki
I was just wondering if anyone has had any problems with updating the TWiki package? I had a few fatal errors, and while my content was not removed from disk, it is no longer accessable from the wiki...
Problem ripping audio CD in Liteon DVD-DL drive [RESOLVED]
Thanks for your help Jake. I mixed up the packaging and found it was an LG drive when I pulled the machine apart. It was a combination of two things, I upgrade the firmware per your suggestion and this fixed a lot of other unrelated errors. Firmware upgrade was from A100 to A105. Also for some reason I had to turn the other bit to write on the /dev/cd0* device. I have never had to do this before to do a user read on an audio device, but anyway it fixed the issues I was having. Thanks for your help Jase ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, 4 November 2005 5:32 PM To: misc@openbsd.org Subject: Re: Problem ripping audio CD in Liteon DVD-DL drive On Fri, Nov 04, 2005 at 03:25:48PM +1100, Tubnor, Jason B wrote: Hi, I have a problem ripping an audio CD with cdparanoia. Software that I am using is grip and cdparanoia from the 3.8 packages tree. The drive that I have is a Liteon DVD-DL (IDE). When I put the audio CD in the cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, A100 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 that is an LG, not a LiteOn. some searching on google found other people having issues with these as well, but I also found a page where the authors used several brands of DVD media and they recommend the drive, but note I have strong faith that with a little more firmware tweaking, 16x single layer, and even dual layer recording could be made quite stable and effective. you appear to have a first generation firmware, A100. perhaps your problem is related to that? I can confirm that cdparanoia works correctly for me on -current with a LiteOn DVDRW SOHW-1633S with same IDE controller as you, VIA VT82C571 IDE rev 0x06. if I were you, I'd try to update the firmware of the drive. -- [EMAIL PROTECTED]