Re: how to install perl modules w/ dependencies that mix packages & CPAN
On Sat, Sep 01, 2018 at 12:52:57AM +, Jonathan Thornburg wrote: > What's the "OpenBSD way" to install Perl modules which don't exist > as packages? > > The usual Perl idiom for "install module foo & all of its (recursive) > dependencies" is "cpan install foo", but this fetches all dependencies > from CPAN, ignoring any OpenBSD packages which may exist. What I'd like > is something like "cpan install foo", but with the semantics that for > each dependency, if there's OpenBSD package in /etc/installurl which > is the same module version as the latest CPAN version, then install > the OpenBSD package instead. Is there a utility already around which > does this? > Afraid not. I've only added or updated a very small number of Perl ports. I've found that some are very simple to do. Just learn how and submit it to ports@ (which is the correct list for this question, just remember that for the future,please). Others must have patches. Really, they need some minor but crucial patches to be "OpenBSDified". This isn't linux. And when you start to talk about recursively adding multiple dependencies, that's where disaster strikes. A big mess with wrong locations, wrong this, wrong that. And exactly how would you even figure out the nightmare of updating or removal? After all, you don't have any idea where anything is. Testing? Not gonna work out. Security? Oh yeah, that's not important, is it? Your clients or your own data getting processed or lost? Oops! This is why everything is moving as a solid unified system and packages. Everything is examined by multiple eyes. Some Perl modules don't and cannot ever work under OpenBSD. Our ports system works well, but is plagued by all of those screwy linuxisms. Now, if you really want to do this sort of thing without adding to and using the existing ports tree, feel free to. See the instructions for doing a fresh re-install. You might need it. Seriousness aside, it's a good question to ask and anyone coming from another OS usually wants (expects?) to be able to do this. Welcome to OpenBSD! It's a tight ship and those ships usually don't sink! ;>) Chris Bennett
Re: how to install perl modules w/ dependencies that mix packages & CPAN
On Fri, Aug 31, 2018 at 10:08:48PM -0300, Alceu Rodrigues de Freitas Junior wrote: > Em 31/08/2018 21:52, Jonathan Thornburg escreveu: > > What's the "OpenBSD way" to install Perl modules which don't exist > > as packages? > I'm afraid that is no such thing. My best would to search something on ports > to do exactly that. I don't know of anything in ports to automatically merge CPAN dependencies and the ports tree, but I do know of portgen. http://man.openbsd.org/portgen > If there is no repository, you might want to take a look in ways to convert > Perl modules from CPAN into OpenBSD packages. I know there is an effort to > build those packages automatically for Linux (Ubuntu and CentOS). portgen is pretty good at it, I usually start there. It gets you most of the way to submitting something to be included in the ports tree. I don't know that it will ever reach the point where it just pulls stuff directly off the CPAN, but I do hope that someday what's required to exist in the ports tree is fairly minimal. For now though, portgen will create ports for the module and any dependencies that you can then adjust for anything that was not detected automatically. > Another possibility is to use perlbrew instead. I do use plenv for testing things on multiple perl versions and with different perl modules, but generally if I want to run something for real, rather than just from my homedir, I'll make ports for the required modules. https://github.com/tokuhirom/plenv l8rZ, -- andrew - http://afresh1.com Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie
Re: how to install perl modules w/ dependencies that mix packages & CPAN
I'm afraid that is no such thing. My best would to search something on ports to do exactly that. If there is no repository, you might want to take a look in ways to convert Perl modules from CPAN into OpenBSD packages. I know there is an effort to build those packages automatically for Linux (Ubuntu and CentOS). Another possibility is to use perlbrew instead. Regards, Alceu Em 31/08/2018 21:52, Jonathan Thornburg escreveu: What's the "OpenBSD way" to install Perl modules which don't exist as packages? The usual Perl idiom for "install module foo & all of its (recursive) dependencies" is "cpan install foo", but this fetches all dependencies from CPAN, ignoring any OpenBSD packages which may exist. What I'd like is something like "cpan install foo", but with the semantics that for each dependency, if there's OpenBSD package in /etc/installurl which is the same module version as the latest CPAN version, then install the OpenBSD package instead. Is there a utility already around which does this?
how to install perl modules w/ dependencies that mix packages & CPAN
What's the "OpenBSD way" to install Perl modules which don't exist as packages? The usual Perl idiom for "install module foo & all of its (recursive) dependencies" is "cpan install foo", but this fetches all dependencies from CPAN, ignoring any OpenBSD packages which may exist. What I'd like is something like "cpan install foo", but with the semantics that for each dependency, if there's OpenBSD package in /etc/installurl which is the same module version as the latest CPAN version, then install the OpenBSD package instead. Is there a utility already around which does this?
Re: isakmpd and iked on the same box
Tommy Nevtelen wrote on 31-8-2018 16:12: On 2018-08-31 10:44, Daniel Polak wrote: Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it all at the same time and that is not very good for SLAs which complicates things. Or am I missing something? Would it work for you to add a separate VPN gateway with iked next to the VPN gateway running isakmpd? If you do that you can then set routes to direct traffic for networks that have migrated to ikev2 to the iked gateway. Sure, there are many solutions. But that is kind of a lot of work and investment in hardware compared to just running both at the same time right? Of course it is but if the work on and the investment in software has not been done for you by the OpenBSD developers (or sometimes their sponsors) then that's how it is. Needs must.
Re: isakmpd and iked on the same box
Hello Philipp, I use to (reliably) run from two to four parallel instances of isakmpd on same boxes (for years) - first using different ports, then different IPs. It seems like they've had to (peacefully) share the SADB. Did I just not have enough tunnels to trigger the problem? If this isn't the case, why can't iked be as "nice" as isakmpd? Just wondering. Thursday, August 30, 2018, 10:39:21 AM, you wrote: PB> Hi, PB> Am 30.08.2018 10:27 schrieb Sebastian Reitenbach: >> Hi, >> >> I'm wondering if it would be possible to add iked to my box already >> running isakmpd. >> I found this quite old thread: >> http://openbsd-archive.7691.n7.nabble.com/iked-isakmpd-on-the-same-machine-td246610.html PB> Why is it "always" my old threads in this area? :-) PB> I was not following development too closely, but I think that on the PB> kernel side PB> things have not changed. Which means iked and isakmpd will happily "toe PB> tap" PB> on each others SADB in the kernel (even if there is *some* PID PB> handling). PB> Would like to hear if kernel side has "improved" lately, but the overall PB> standpoint PB> looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked PB> some "months ago"). PB> [Still stuck with my ikev2 with strongswan on a different box solution] PB> HTH... wait, no: PB> ciao -- Best regards, Borismailto:psi...@prodigy.net
Re: Selling things through the mailing list allowed? I have compatible THIN CLIENTS for Firewall / Router appliance use Available
On Fri, 31 Aug 2018 08:16:12 +0100, Maurice McCarthy wrote: > On 31/08/2018, Alexis wrote: >> >> Jon Tabor writes: >> >>> Yep, right there with ya. So, ah...what's everyone using for >>> mail >>> filtering these days? Spamassassin? ClamAV? Something else >>> entirely? >> >> i use maildrop: >> >> http://www.courier-mta.org/maildrop/ > > $ pkg_info fdm I like sieve, mostly because it's a publicly specified language. pkg_info shows three manage-sieve implementations. I think most sieve implementations are included with LDAs, which prolly means IMAP servers (I use Dovecot's, which is called pigeonhole; I don't have managesieve turned on so it's just a file in my home dir and sievec to compile/validate it). Amy!
Re: isakmpd and iked on the same box
On 2018-08-31 10:44, Daniel Polak wrote: Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it all at the same time and that is not very good for SLAs which complicates things. Or am I missing something? Would it work for you to add a separate VPN gateway with iked next to the VPN gateway running isakmpd? If you do that you can then set routes to direct traffic for networks that have migrated to ikev2 to the iked gateway. Sure, there are many solutions. But that is kind of a lot of work and investment in hardware compared to just running both at the same time right? -- Tommy
Re: Block TLD senders with opensmtpd
Hello,
compli...@risei.net (Scott Seekamp), 2018.08.31 (Fri) 00:55 (CEST):
> Looking at the manpage for smtpd.conf it’s possible to block a domain
> with:
> reject sender
> and put:
> @domain.tld
> Is it possible to block entire tld’s and if so what would the syntax be?
> I’d like to filter out high spam content senders “.bid, .date, .us”
> that I”m seeing and avoid spam processing altogether.
I think you cannot match on the "From:" in the mail header.
Remember config syntax and structure in 6.4 will be different from 6.3,
you did not tell what you use...
What I *would* try for -current:
table denydomains { "*.bid", "*.data" }
match mail-from reject
match helo reject
"smtpd -n -v -f" says that's OK, I'm not going to test it live.
And it's only for "MAIL FROM:" and "HELO", easy to forge.
I think with 6.3 (or earlier) this is *not* going to work, unless
someone sends with "MAIL FROM:":
table badsenders { "@biz", "@date" }
reject from any sender
Marcus
Re: Block TLD senders with opensmtpd
See this Scott: http://www.OpenSMTPd.Org/list.html Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: isakmpd and iked on the same box
Am Donnerstag, August 30, 2018 17:39 CEST, Philipp Buehler schrieb: > Hi, > > Am 30.08.2018 10:27 schrieb Sebastian Reitenbach: > > Hi, > > > > I'm wondering if it would be possible to add iked to my box already > > running isakmpd. > > I found this quite old thread: > > http://openbsd-archive.7691.n7.nabble.com/iked-isakmpd-on-the-same-machine-td246610.html > > Why is it "always" my old threads in this area? :-) > > I was not following development too closely, but I think that on the > kernel side > things have not changed. Which means iked and isakmpd will happily "toe > tap" > on each others SADB in the kernel (even if there is *some* PID > handling). > > Would like to hear if kernel side has "improved" lately, but the overall > standpoint > looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked > some "months ago"). > > [Still stuck with my ikev2 with strongswan on a different box solution] isakmpd and iked on separate nodes still seems to be the way to go. thanks everyone. Sebastian > > HTH... wait, no: > ciao > -- > pb
Re: isakmpd and iked on the same box
Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it all at the same time and that is not very good for SLAs which complicates things. Or am I missing something? Would it work for you to add a separate VPN gateway with iked next to the VPN gateway running isakmpd? If you do that you can then set routes to direct traffic for networks that have migrated to ikev2 to the iked gateway.
make(1) and multiple outputs
Short: is there a way to manage multiple outputs from a single command with OpenBSD's make(1)? Longer story. I have a site that generates a few hundred articles using sblg(1). Each output article is indexNNN.html, which depends upon every input indexNNN.xml. So a change to any indexNNN.xml must result in rebuilding all indexNNN.html using a single command. In GNU make, I can use the pattern substring match to effect this: all: index001.html index002.html index001%html index002%html: index001.xml index002.xml sblg -L index001.xml index002.xml But obviously that's GNU-only. It is, as a fallback, possible to have sblg(1) create one output per input and play nice with make(1): index001.html: index001.xml index002.xml sblg -C index001.xml index001.xml index002.xml But with hundreds of articles (each of which depends upon parsing hundreds of articles), those are a lot of wasted cycles. I currently just use the GNU make, but I'd rather use only stock components on the server. Any thoughts?
Re: Selling things through the mailing list allowed? I have compatible THIN CLIENTS for Firewall / Router appliance use Available
On 31/08/2018, Alexis wrote: > > Jon Tabor writes: > >> Yep, right there with ya. So, ah...what's everyone using for >> mail >> filtering these days? Spamassassin? ClamAV? Something else >> entirely? > > i use maildrop: > > http://www.courier-mta.org/maildrop/ > > Alexis. > $ pkg_info fdm
