Re: login.conf -- UTF-8
On Wed, 02 Apr 2014 09:53:49 -0700, Sean Bruno sbr...@ignoranthack.me wrote: I'd like to make this change to login.conf for default installs. This removes some amount of hackery in the ports system that is working around our lack of UTF-8 in the base. This should be step 0 in a language agnostic installer project that is beyond the scope of making the system more useable. --- login.conf2013-10-21 15:51:14.553992170 -0700 +++ /etc/login.conf 2014-03-31 09:26:17.588503798 -0700 @@ -45,7 +45,9 @@ :kqueues=unlimited:\ :priority=0:\ :ignoretime@:\ - :umask=022: + :umask=022:\ + :lang=en_US.UTF-8:\ + :charset=UTF-8: # Changing the default LC_COLLATE is risky, how about keeping LC_COLLATE=C by default? --- /usr/src/etc/login.conf 2013-09-30 19:04:24.0 + +++ /etc/login.conf 2013-09-30 19:02:22.0 + @@ -26,7 +26,7 @@ :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ - :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ + :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,LC_COLLATE=C:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\ :nologin=/var/run/nologin:\ :cputime=unlimited:\ @@ -44,7 +44,9 @@ :pseudoterminals=unlimited:\ :priority=0:\ :ignoretime@:\ - :umask=022: + :umask=022:\ + :charset=UTF-8:\ + :lang=en_US.UTF-8: # -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: PGP signature
Re: using nscd (ldap) makes passwd/group disappearing while installing ports
On 01/31/2012 03:03 PM, O. Hartmann wrote: I'm using on a couple of servers the nameservice cache dameon nscd and cache group, passwd and sudoers. Backend is LDAP, but local files should searched first. then ldap. cache is searched the very first even before files. Well, I'd expect that if a group is present, like cups or dhcp and reside in the local file (/etc/group or /etc/passwd), they are cached. Installing net/isc-dhcp42-server fails with this error: gmake[1]: Leaving directory `/usr/ports/net/isc-dhcp42-server/work/dhcp-4.2.3-P2/server' gmake[1]: Entering directory `/usr/ports/net/isc-dhcp42-server/work/dhcp-4.2.3-P2' gmake[1]: Nothing to be done for `all-am'. gmake[1]: Leaving directory `/usr/ports/net/isc-dhcp42-server/work/dhcp-4.2.3-P2' === Installing for isc-dhcp42-server-4.2.3_2 === Generating temporary packing list === Creating users and/or groups. Creating group `dhcpd' with gid `136'. pw: group disappeared during update *** Error code 70 Stop in /usr/ports/net/isc-dhcp42-server. *** Error code 1 Stop in /usr/ports/net/isc-dhcp42-server. What's going on is: 1) The port checks if the group exists 2) nscd caches that the group does not exist in its negative cache 3) pw(8) creates the group then checks if it exists 4) nscd returns the negative cache entry (group does not exist) This causes pw(8) to error since it expects the group that it just created to exist. I also have this error very often when rebuilding/updating or even installing cups when nscd is enabled. A simple restart of nscd helps in most cases, most times I need to disable cache tag in /etc/nsswitch.conf, then everything runs smooth. Well, this behaviour is since a couple of years now, occurs sporadic. I have had in FreeBSD 7, 8, 9 and I see it in 10. What is it? I like the cache facility, since in domains with a lot of users searching LDAP takes some time and caching help keeping traffic and latency short. But the namservice caching mechanism seems to be unreliable. What is up there? You should put files before cache in /etc/nsswitch.conf, e.g.: group: files cache ldap passwd: files cache ldap The problem is that tools that modify the passwd and group files, like pw(8), don't invalidate nscd's negative cache entries when making changes. -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature
[patch] Unbreak libgssapi and upgrade for heimdal-1.1
Hello, The following patch unbreaks libgssapi and upgrades it to be consistent with the previous heimdal-1.1 merge: http://www.b1c1l1.com/media/patches/libgssapi-9.0-CURRENT.diff.bz2 http://www.b1c1l1.com/media/patches/libgssapi-8.1-STABLE.diff.bz2 Currently, libgssapi is out of date because it was not upgraded when the rest of heimdal was upgraded to heimdal-1.1. Also, 3 new libraries (libgssapi_krb5, libgssapi_ntlm, libgssapi_spnego) were unnecessarily introduced -- MIT Kerberos separates these libraries, but Heimdal does not. This broke some libgssapi-dependent applications (e.g. www/mod_auth_kerb2, PR #147282). SHLIB_MAJOR is bumped from 10 to 11, so libgssapi-dependent applications must be rebuilt after applying this patch. I renamed some of upstream's files due to filename collisions. If buildworld can create corresponding subdirectories in obj/ to match src/, then the renames are not necessary. Feedback is appreciated. Thanks, -- Benjamin Lee http://www.b1c1l1.com/ signature.asc Description: OpenPGP digital signature