Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Mike Clarke
On Wednesday 11 July 2012 16:20:41 Joseph Lenox wrote:
 What about a ZFS root? Just make sure both disks are in the BIOS/EFT
 boot order.
 http://www.aisecure.net/2011/11/28/root-zfs-freebsd9/

 Something else we noticed on our site is that backup of a system
 snapshot can be quickly restored using just a live CD (do up to step 5,
 then replace steps 6-7 with a zfs receive of the desired snapshot).

Since the system is to be restored from the snapshot then I suppose most of 
steps 8 to 12 wouldn't be needed either. But what about step 5 before the 
restore:

zpool export zroot
zpool import -o cachefile=/var/tmp/zpool.cache zroot

And then step 10 after running zfs receive

cp /var/tmp/zpool.cache /mnt/boot/zfs/zpool.cache

Are these steps needed when restoring from a snapshot?

-- 
Mike Clarke
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: OT

2012-07-12 Thread Виталий Туровец
2012/7/12 Hasse Hansson ha...@thorshammare.org:
 Hello all
 Needed an extra box today for some experimental use, and serarched my 
 storeroom.
 Found an old Compaq and fired it up. All I changed was the networksettings, 
 and there it was.
 IPv6 connectivity and all. Amasing, last serving 2003.
 Those were the days.

 Last login: Sun Dec 28 22:43:46 2003 from thor.swedehost.
 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
 The Regents of the University of California.  All rights reserved.

 FreeBSD 4.9-RELEASE (LOKE) #0: Sun Dec 28 17:16:47 CET 2003

 $ uname -a
 FreeBSD loke.thorshammare.org 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sun Dec 28 
 17:16:47 CET 2003 r...@loke.swedehost.com:/usr/obj/usr/src/sys/LOKE  i386

Huh, cool indeed!
Two month ago i've been called to help with a small FreeBSD-based
gateway which stopped working after electrical troubles (it was a
rainy day before hehe).
After i came to the place, the only thing i had to do with a box is
just change the dead NIC.
The OS there is FreeBSD 5.3-RELEASE, and the box was setup and
forgotten just in two or three days after release.
It hasn't been touched by anyone since then :)
For me this really proves how stable my favourite OS is :)

 Regards
 Hasse


 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org



-- 




~~~
WBR,
Vitaliy Turovets
Systems Administrator
Corebug.Net
+38(093)265-70-55
VITU-RIPE
X-NCC-RegID: ua.tv
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Why is Gluster not available in FreeBSD?

2012-07-12 Thread Lowell Gilbert
Brent Clark brentgclarkl...@gmail.com writes:

 A question I would like to ask, if no one minds.
 Whys is Gluster not available in FreeBSD?

 It is that Gluster just cant run on FreeBSD, or no one can port it?

http://wiki.freebsd.org/GlusterFS
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Joseph Lenox

On 07/12/2012 05:47 AM, Mike Clarke wrote:

On Wednesday 11 July 2012 16:20:41 Joseph Lenox wrote:

What about a ZFS root? Just make sure both disks are in the BIOS/EFT
boot order.
http://www.aisecure.net/2011/11/28/root-zfs-freebsd9/

Something else we noticed on our site is that backup of a system
snapshot can be quickly restored using just a live CD (do up to step 5,
then replace steps 6-7 with a zfs receive of the desired snapshot).

Since the system is to be restored from the snapshot then I suppose most of
steps 8 to 12 wouldn't be needed either. But what about step 5 before the
restore:

zpool export zroot
zpool import -o cachefile=/var/tmp/zpool.cache zroot

And then step 10 after running zfs receive

cp /var/tmp/zpool.cache /mnt/boot/zfs/zpool.cache

Are these steps needed when restoring from a snapshot?
I believe preserving the zpool cache is important, but I haven't tested 
not doing so. Logically, the zroot is still new, and the restore from 
snapshot would still populate the cachefile (which would default to 
writing in the live CD's /var/tmp, not the target system's /var/tmp.


Here's my suggested instructions, adapted from 
http://www.aisecure.net/2012/01/16/rootzfs/ and my own experimentation, 
for restoring from a snapshot. It can also be used to clone a system 
configuration from one system to another (very convenient). This is for 
single-drive, just set up a mirror in the initial steps if you are going 
that route.


1. Boot from a FreeBSD9 installation DVD or memstick and choose Live CD.
2. Create the necessary partitions on the disk(s) and add ZFS aware
   boot code.

   gpart create -s gpt ada0

   gpart add -b 34 -s 94 -t freebsd-boot ada0

   gpart add -t freebsd-zfs -l disk0 ada0

   gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0

3. Align the Disks for 4K and create the pool.

   gnop create -S 4096 /dev/gpt/disk0

   zpool create -o altroot=/mnt -o cachefile=/var/tmp/zpool.cache zroot 
/dev/gpt/disk0.nop

   zpool export zroot

   gnop destroy /dev/gpt/disk0.nop

   zpool import -o altroot=/mnt -o cachefile=/var/tmp/zpool.cache zroot

4. Set the bootfs property on zroot.

   zpool set bootfs=zroot zroot

5. Mount the memory stick containing the snapshot. Most memory sticks
   are formatted fat32 or ntfs, and the LiveCD will at least read ntfs.

   mount -t ntfs /da0s1 /media/

 * This assumes that the memory stick is NTFS formatted and it ends
   up as da0 in the system.
6. Receive snapshot.

   gunzip -dc /media/snapshot_name.gz | zfs receive -vF zroot

 * snapshot_name.gz is a placeholder for the actual name of the
   file on the media. I've assumed that the snapshot is gzip'd,
   otherwise cat the snapshot file.
7. Copy zpool.cache (very important!!!)

   cp /var/tmp/zpool.cache /mnt/boot/zfs/zpool.cache

8. If this is a clone of another system, edit pre-existing rc.conf and
   rc.local.conf files to suit new network configuration.
 * Specifically, the hostname and the IP need to change if the new
   system is on the network.
9. Reboot
 * Remember to set the correct boot drive in new system BIOS.


--
--Joseph Lenox, BS, MS
I'm an engineer. I solve problems.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


ppp connection goes down - requires reboot

2012-07-12 Thread David Banning
Lately I have a problem where the ppp connection goes down. 
Watching the log I see the following;

Jul 12 09:54:58 3s1 ppp[30841]: tun0: Phase: deflink: Connected!
Jul 12 09:54:58 3s1 ppp[30841]: tun0: Phase: deflink: opening - dial
Jul 12 09:54:58 3s1 ppp[30841]: tun0: Phase: deflink: dial - carrier
Jul 12 09:55:12 3s1 ppp[31114]: Phase: Using interface: tun0
Jul 12 09:55:12 3s1 ppp[31114]: Phase: deflink: Created in closed state
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: disable ipv6cp
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set dial
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set login
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set ifaddr 
209.161.205.12 206.221.248.4
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set ifaddr 10.0.0.1/0 
10.0.0.2/0
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: add default HISADDR
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: nat enable yes
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set device PPPoE:fxp0
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set mru 1492
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set mtu 1492
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set authname [login was 
here]
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set authkey 
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set log Phase tun 
command
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: disable ipv6cp
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set dial
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set login
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set ifaddr 
209.161.205.12 206.221.248.4
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: set ifaddr 10.0.0.1/0 
10.0.0.2/0
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: add default HISADDR
Jul 12 09:55:12 3s1 ppp[31114]: tun0: Command: default: nat enable yes
Jul 12 09:55:12 3s1 ppp[31115]: tun0: Phase: PPP Started (ddial mode).
Jul 12 09:55:12 3s1 ppp[31115]: tun0: Phase: bundle: Establish
Jul 12 09:55:12 3s1 ppp[31115]: tun0: Phase: deflink: closed - opening
Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: Connected!
Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: opening - dial
Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: dial - carrier
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Disconnected!
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: carrier - hangup
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Connect time: 5 secs: 0 
octets in, 0 octets out
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: 0 packets in, 0 packets 
out
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase:  total 0 bytes/sec, peak 0 
bytes/sec on Thu Jul 12 09:55:13 2012
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: hangup - opening
Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Enter pause (30) for 
redialing.

I shutdown ppp and restart it with no luck.  I shutoff modem and 
reboot it and wait for connection light to go solid - still no go. 

I called ISP and they say there is no problem.
I try to login to the ISP with a windows box and am successful.

Having no luck connecting with my server, I reboot, and all is fine. 

What could it be about rebooting the server that allows connection
where otherwise it is not possible?

Any ideas where I can look for answers?

my ppp.conf follows;

default: # or name_of_service_provider
  set device PPPoE:fxp0 # replace xl1 with your ethernet device
  set mru 1492
  set mtu 1492
  set authname ***
  set authkey ***
  set log Phase tun command # you can add more detailed logging if you wish
  disable ipv6cp
  set dial
  set login
  set ifaddr 209.161.205.12 206.221.248.4
  set ifaddr 10.0.0.1/0 10.0.0.2/0
  add default HISADDR
  nat enable yes 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Wojciech Puchar


I am no expert at this however a quick Google search comes up with:

http://www.freebsd.org/doc/handbook/geom-mirror.html


The procedure shown there produces a mirror that will not boot on FreeBSD 9.


no idea but my procedure certainly would work if you use installer

1) install to first disk
2) gmirror label system /dev/seconddisk
3) bsdlabel -w /dev/mirror/system
4) bsdlabel -e /dev/mirror/system - make partitions as required.
5) bsdlabel -B /dev/mirror/system
6) newfs all created partitions (/dev/mirror/systema etc...)
7) add

vfs.root.mountfrom=ufs:mirror/systema

to loader.conf

edit /etc/fstab and change all things to new places
8) mount and copy files using tar or dump/restore to new place
9) reboot. system will start from gmirror
10) gmirror insert system /dev/firstdisk

all done.

if installer is not used but bootable media with complete system, just 
create gmirror then as usual.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: ppp connection goes down - requires reboot

2012-07-12 Thread Mike Tancsa
On 7/12/2012 10:18 AM, David Banning wrote:
 Lately I have a problem where the ppp connection goes down. 
 Watching the log I see the following;
 Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: opening - dial
 Jul 12 09:55:13 3s1 ppp[31115]: tun0: Phase: deflink: dial - carrier
 Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Disconnected!
 Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: carrier - hangup
 Jul 12 09:55:18 3s1 ppp[31115]: tun0: Phase: deflink: Connect time: 5 secs: 0 
 octets in, 0 octets out


5 seconds seems like a pretty tight for it to give up. Do you have any
other defaults in your ppp.conf not shown below ?

also add

 enable echo
 disable vjcomp
 set lqrperiod 10
 set cd 10

and when its not working, try

tcpdump -nei fxp0

You should see responses to your PADI requests from the remote BAS.
Also get rid of the 209.161.205.12 line. Typically your ISP will assign
you the static IP out of RADIUS and you dont need to specify it.

---Mike

 
 I shutdown ppp and restart it with no luck.  I shutoff modem and 
 reboot it and wait for connection light to go solid - still no go. 
 

 
 my ppp.conf follows;
 
 default: # or name_of_service_provider
   set device PPPoE:fxp0 # replace xl1 with your ethernet device
   set mru 1492
   set mtu 1492
   set authname ***
   set authkey ***
   set log Phase tun command # you can add more detailed logging if you 
 wish
   disable ipv6cp
   set dial
   set login
   set ifaddr 209.161.205.12 206.221.248.4
   set ifaddr 10.0.0.1/0 10.0.0.2/0
   add default HISADDR
   nat enable yes 
 
 
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
 
 


-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Warren Block

On Thu, 12 Jul 2012, Wojciech Puchar wrote:



I am no expert at this however a quick Google search comes up with:

http://www.freebsd.org/doc/handbook/geom-mirror.html


The procedure shown there produces a mirror that will not boot on FreeBSD 
9.


no idea but my procedure certainly would work if you use installer

1) install to first disk
2) gmirror label system /dev/seconddisk
3) bsdlabel -w /dev/mirror/system
4) bsdlabel -e /dev/mirror/system - make partitions as required.
5) bsdlabel -B /dev/mirror/system
6) newfs all created partitions (/dev/mirror/systema etc...)
7) add

vfs.root.mountfrom=ufs:mirror/systema

to loader.conf

edit /etc/fstab and change all things to new places
8) mount and copy files using tar or dump/restore to new place
9) reboot. system will start from gmirror
10) gmirror insert system /dev/firstdisk

all done.

if installer is not used but bootable media with complete system, just create 
gmirror then as usual.


The current Handbook procedure avoids the copy by using the existing 
disk as-is and just writing the gmirror metadata to the last block.  If 
that last block is already part of an MBR partition, the more strict 
checking stops booting in 9.0.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman
Hi,

I am trying to introduce FreeBSD into my office and it's been looked
at with quite a bit of enthusiasm however, what makes it look bad is
our companies 'security' policy to block FTP.

At present they are running a whole bunch of CentOS based boxes and
VM's which of course can be run through port 80 when using YUM.


How does one get round this issue as my superiors are telling me that
opening up FTP is a security risk and therefor don't want to proceed?


I would like to use ports specifically and not the pkg_add tool to get software.


Can anyone sugget anything?


Regards,


Kaya
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Devin Teske

On Jul 12, 2012, at 9:23 AM, Kaya Saman wrote:

 Hi,
 
 I am trying to introduce FreeBSD into my office and it's been looked
 at with quite a bit of enthusiasm however, what makes it look bad is
 our companies 'security' policy to block FTP.
 
 At present they are running a whole bunch of CentOS based boxes and
 VM's which of course can be run through port 80 when using YUM.
 
 
 How does one get round this issue as my superiors are telling me that
 opening up FTP is a security risk and therefor don't want to proceed?
 
 
 I would like to use ports specifically and not the pkg_add tool to get 
 software.
 
 
 Can anyone sugget anything?
 

env ftp_proxy=host:port command

where command is your normal command, such as fetch.

For a full list of environment variables you can use,…

$ ldd -f '%p\n' `which fetch` | xargs grep -alr ftp_proxy | xargs strings -n 7 
| grep _proxy 
fetch_no_proxy_match
fetch_default_proxy_port
http_proxy
ftp_proxy
no_proxy

-- 
Devin

_
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman
On Thu, Jul 12, 2012 at 5:33 PM, Devin Teske devin.te...@fisglobal.com wrote:

 On Jul 12, 2012, at 9:23 AM, Kaya Saman wrote:

 Hi,

 I am trying to introduce FreeBSD into my office and it's been looked
 at with quite a bit of enthusiasm however, what makes it look bad is
 our companies 'security' policy to block FTP.

 At present they are running a whole bunch of CentOS based boxes and
 VM's which of course can be run through port 80 when using YUM.


 How does one get round this issue as my superiors are telling me that
 opening up FTP is a security risk and therefor don't want to proceed?


 I would like to use ports specifically and not the pkg_add tool to get 
 software.


 Can anyone sugget anything?


 env ftp_proxy=host:port command

 where command is your normal command, such as fetch.

 For a full list of environment variables you can use,…

 $ ldd -f '%p\n' `which fetch` | xargs grep -alr ftp_proxy | xargs strings -n 
 7 | grep _proxy
 fetch_no_proxy_match
 fetch_default_proxy_port
 http_proxy
 ftp_proxy
 no_proxy

 --
 Devin

 _
 The information contained in this message is proprietary and/or confidential. 
 If you are not the intended recipient, please: (i) delete the message and all 
 copies; (ii) do not disclose, distribute or use the message in any manner; 
 and (iii) notify the sender immediately. In addition, please be aware that 
 any message addressed to our domain is subject to archiving and review by 
 persons other than the intended recipient. Thank you.

Thanks Devin for this however,

setenv ftp_proxy ftp://ip:port indicates that FTP is being proxied out.

We simply have it banned on a Juniper firewall. So http is being
proxied by a web appliance but that's it... nothing else.


Regards,

Kaya
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Mark Felder

On Thu, 12 Jul 2012 11:23:29 -0500, Kaya Saman kayasa...@gmail.com wrote:



I would like to use ports specifically and not the pkg_add tool to get  
software.


Getting the ports tree with csup/cvsup wouldn't use ftp. You could run  
your own local mirror (net/cvsup-mirror) as well.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman
On Thu, Jul 12, 2012 at 5:47 PM, Mark Felder f...@feld.me wrote:
 On Thu, 12 Jul 2012 11:23:29 -0500, Kaya Saman kayasa...@gmail.com wrote:


 I would like to use ports specifically and not the pkg_add tool to get
 software.


 Getting the ports tree with csup/cvsup wouldn't use ftp. You could run your
 own local mirror (net/cvsup-mirror) as well.
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Yeah, this is a good idea I was actually thinking about this.

I've never done it so I'd need to google around a bit and do some
testing but it is probably what we would want to do!


Regards,


Kaya
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Mark Felder

On Thu, 12 Jul 2012 12:00:01 -0500, Kaya Saman kayasa...@gmail.com wrote:



Yeah, this is a good idea I was actually thinking about this.

I've never done it so I'd need to google around a bit and do some
testing but it is probably what we would want to do!



Install the port, run the setup script, answer something like four  
questions, and you're done -- it will begin mirroring automatically. It  
might tell you to add a one-liner to cron but that's it. *Magic* :-)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Mark Blackman

On 12 Jul 2012, at 17:23, Kaya Saman wrote:

 How does one get round this issue as my superiors are telling me that
 opening up FTP is a security risk and therefor don't want to proceed?
 
 
 I would like to use ports specifically and not the pkg_add tool to get 
 software.
 
 
 Can anyone sugget anything?

The usual solution appears to be to add

   MASTER_SORT_REGEX = ^http

to your /etc/make.conf file

see

http://lists.freebsd.org/pipermail/freebsd-questions/2011-January/226342.html

- Mark

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Devin Teske

On Jul 12, 2012, at 9:42 AM, Kaya Saman wrote:

 On Thu, Jul 12, 2012 at 5:33 PM, Devin Teske devin.te...@fisglobal.com 
 wrote:
 
 On Jul 12, 2012, at 9:23 AM, Kaya Saman wrote:
 
 Hi,
 
 I am trying to introduce FreeBSD into my office and it's been looked
 at with quite a bit of enthusiasm however, what makes it look bad is
 our companies 'security' policy to block FTP.
 
 At present they are running a whole bunch of CentOS based boxes and
 VM's which of course can be run through port 80 when using YUM.
 
 
 How does one get round this issue as my superiors are telling me that
 opening up FTP is a security risk and therefor don't want to proceed?
 
 
 I would like to use ports specifically and not the pkg_add tool to get 
 software.
 
 
 Can anyone sugget anything?
 
 
 env ftp_proxy=host:port command
 
 where command is your normal command, such as fetch.
 
 For a full list of environment variables you can use,…
 
 $ ldd -f '%p\n' `which fetch` | xargs grep -alr ftp_proxy | xargs strings -n 
 7 | grep _proxy
 fetch_no_proxy_match
 fetch_default_proxy_port
 http_proxy
 ftp_proxy
 no_proxy
 
 --
 Devin
 
 _
 The information contained in this message is proprietary and/or 
 confidential. If you are not the intended recipient, please: (i) delete the 
 message and all copies; (ii) do not disclose, distribute or use the message 
 in any manner; and (iii) notify the sender immediately. In addition, please 
 be aware that any message addressed to our domain is subject to archiving 
 and review by persons other than the intended recipient. Thank you.
 
 Thanks Devin for this however,
 
 setenv ftp_proxy ftp://ip:port indicates that FTP is being proxied out.
 
 We simply have it banned on a Juniper firewall. So http is being
 proxied by a web appliance but that's it... nothing else.
 
 

Yep. It's up to your proxy server whether it's going to handle FTP or only HTTP 
(and/or HTTPS).

I use squid a lot and it handles FTP great.
-- 
Devin

_
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Lowell Gilbert
Kaya Saman kayasa...@gmail.com writes:

 On Thu, Jul 12, 2012 at 5:47 PM, Mark Felder f...@feld.me wrote:
 On Thu, 12 Jul 2012 11:23:29 -0500, Kaya Saman kayasa...@gmail.com wrote:


 I would like to use ports specifically and not the pkg_add tool to get
 software.


 Getting the ports tree with csup/cvsup wouldn't use ftp. You could run your
 own local mirror (net/cvsup-mirror) as well.

 Yeah, this is a good idea I was actually thinking about this.

 I've never done it so I'd need to google around a bit and do some
 testing but it is probably what we would want to do!

It's quite easy. It does require letting cvsup through the firewall,
though. Getting the ports tree through HTTP is best done with portsnap,
but once you get it inside your network you can run a cvsup server, NFS
mount it on the other machines, or even run your own internal ports
build server.

As for fetching the distfiles, most of them are available through HTTP
URLs as well as FTP. For ones that aren't, (and assuming the rather
silly security policies won't allow for an external web-based FTP proxy)
you may need to bring them in by offline media.

Good luck.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman
On Thu, Jul 12, 2012 at 6:15 PM, Devin Teske devin.te...@fisglobal.com wrote:

 On Jul 12, 2012, at 9:42 AM, Kaya Saman wrote:

 On Thu, Jul 12, 2012 at 5:33 PM, Devin Teske devin.te...@fisglobal.com 
 wrote:

 On Jul 12, 2012, at 9:23 AM, Kaya Saman wrote:

 Hi,

 I am trying to introduce FreeBSD into my office and it's been looked
 at with quite a bit of enthusiasm however, what makes it look bad is
 our companies 'security' policy to block FTP.

 At present they are running a whole bunch of CentOS based boxes and
 VM's which of course can be run through port 80 when using YUM.


 How does one get round this issue as my superiors are telling me that
 opening up FTP is a security risk and therefor don't want to proceed?


 I would like to use ports specifically and not the pkg_add tool to get 
 software.


 Can anyone sugget anything?


 env ftp_proxy=host:port command

 where command is your normal command, such as fetch.

 For a full list of environment variables you can use,…

 $ ldd -f '%p\n' `which fetch` | xargs grep -alr ftp_proxy | xargs strings 
 -n 7 | grep _proxy
 fetch_no_proxy_match
 fetch_default_proxy_port
 http_proxy
 ftp_proxy
 no_proxy

 --
 Devin

 _
 The information contained in this message is proprietary and/or 
 confidential. If you are not the intended recipient, please: (i) delete the 
 message and all copies; (ii) do not disclose, distribute or use the message 
 in any manner; and (iii) notify the sender immediately. In addition, please 
 be aware that any message addressed to our domain is subject to archiving 
 and review by persons other than the intended recipient. Thank you.

 Thanks Devin for this however,

 setenv ftp_proxy ftp://ip:port indicates that FTP is being proxied out.

 We simply have it banned on a Juniper firewall. So http is being
 proxied by a web appliance but that's it... nothing else.



 Yep. It's up to your proxy server whether it's going to handle FTP or only 
 HTTP (and/or HTTPS).

 I use squid a lot and it handles FTP great.
 --
 Devin

 _
 The information contained in this message is proprietary and/or confidential. 
 If you are not the intended recipient, please: (i) delete the message and all 
 copies; (ii) do not disclose, distribute or use the message in any manner; 
 and (iii) notify the sender immediately. In addition, please be aware that 
 any message addressed to our domain is subject to archiving and review by 
 persons other than the intended recipient. Thank you.


We have an 'appliance' based proxy and as company policy FTP should be
restricted, ie. not active on this as it's a security risk.

Thats my major issue.


I will try the suggested method of:

MASTER_SORT_REGEX = ^http

for the time being to see if that helps before setting up our own repository.


Regards,


Kaya
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Wojciech Puchar

I am trying to introduce FreeBSD into my office and it's been looked
at with quite a bit of enthusiasm however, what makes it look bad is
our companies 'security' policy to block FTP.


do you work FOR that company. Ask administrator to unblock if for you as 
you need it for work.


Do you do your private things at worktime? Then stop it.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Wojciech Puchar


The current Handbook procedure avoids the copy by using the existing disk 
as-is and just writing the gmirror metadata to the last block.

Exactly what i do doing instalations manually!


If that last block is already part of an MBR partition, the more strict checking stops 
booting in 9.0.


not making MBR partition would not make problems.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman
On Thu, Jul 12, 2012 at 6:41 PM, Wojciech Puchar
woj...@wojtek.tensor.gdynia.pl wrote:
 I am trying to introduce FreeBSD into my office and it's been looked
 at with quite a bit of enthusiasm however, what makes it look bad is
 our companies 'security' policy to block FTP.


 do you work FOR that company. Ask administrator to unblock if for you as you
 need it for work.

 Do you do your private things at worktime? Then stop it.

I do infact work for this company and additionally I am one of the
administrators of the company.

The information comes straight down from the IT director who will
**not** change his mind on this as I have asked several times in the
past.


Basically without getting too distracted and off-topic: I open the
ports on the firewall - tomorrow I am not employed anymore
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Peter Vereshagin
Hello.

2012/07/12 13:19:56 -0400 Lowell Gilbert 
freebsd-questions-lo...@be-well.ilk.org = To Kaya Saman :
LG URLs as well as FTP. For ones that aren't, (and assuming the rather
LG silly security policies won't allow for an external web-based FTP proxy)
LG you may need to bring them in by offline media.

I believe there should be the way of using the passive ftp (and any other
protocol) via the HTTP CONNECT method to the ftp (or any other port needed for
other protocol/app) port and then handling the both control and data
connections through the consequent copmmands and data exhange.

As far as I remember this can be done at least via the http://delegate.org
software, certainly available in the ports collection.

Kaya, if your http proxy handles HTTP CONNECT to the port 21/ftp this can be
the workaround for you about the freebsd ports requiring ftp download ability.

Most surprise for me is why no one is interested about what kind of a danger
the ftp protocol can ever be? i. e. skype is much more vicious in comparison to
ftp and s much harder to be restricted by a packet filter if even possoible.

--
Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: A0E26627 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Warren Block

On Thu, 12 Jul 2012, Wojciech Puchar wrote:



The current Handbook procedure avoids the copy by using the existing disk 
as-is and just writing the gmirror metadata to the last block.

Exactly what i do doing instalations manually!

If that last block is already part of an MBR partition, the more strict 
checking stops booting in 9.0.


not making MBR partition would not make problems.


There's no guarantee that bsdlabel checking won't be made more strict. 
No matter what type of partitioning scheme, the metadata should not be

inside the data area.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


IPv6 getaddrinfo(3C)

2012-07-12 Thread Matthias Apitz

Hello,

I'm playing around with IPv6 code on a FreeBSD 9 system and can't get
getaddrinfo(3C) to do what it should do as stated in its man page:
accept an IPv6 and IPv4 IP addr, it only works with the IPv6 form:

$ ./a.out ::1
host: ::1
read: SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
$ ./a.out 127.0.0.1
host: 127.0.0.1
ssh: getaddrinfo failed code 8: hostname nor servname provided, or not known
$ telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010

the used C-code is attached below; what I'm doing wrong in the code?

Thanks

matthias

/* IPv6 client code using getaddrinfo */

#include stdlib.h
#include sys/types.h
#include sys/socket.h
#include netinet/in.h
#include stdio.h
#include netdb.h
#include string.h


main(argc, argv)/* client side */
int argc;
char   *argv[];
{

struct addrinfo req, *ans;
int code, s, n;
char buf[1024];

memset(req, 0, sizeof(req));
req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST;
req.ai_family = AF_INET6;   /* Same as AF_INET6. */
req.ai_socktype = SOCK_STREAM;

/* */
/* Use default protocol (in this case tcp) */
/* */

req.ai_protocol = 0;

printf(host: %s\n, argv[1]);
if ((code = getaddrinfo(argv[1], ssh, req, ans)) != 0) {
fprintf(stderr, ssh: getaddrinfo failed code %d: %s\n, code, 
gai_strerror(code));
exit(1);
}
 
 
/* */
/* ans must contain at least one addrinfo, use */
/* the first.  */
/* */ 

s = socket(ans-ai_family, ans-ai_socktype, ans-ai_protocol);
if (s  0) {
perror(ssh: socket);
exit(3);
}

/* Connect does the bind for us */

if (connect(s, ans-ai_addr, ans-ai_addrlen)  0) {
perror(ssh: connect);
exit(5);
}

n = read(s, buf, 1024);
printf (read: %s, buf);

/* */
/* Free answers after use */
/* */ 
freeaddrinfo(ans);

exit(0);
}


-- 
Matthias Apitz
e g...@unixarea.de - w http://www.unixarea.de/
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman
On Thu, Jul 12, 2012 at 6:41 PM, Peter Vereshagin pe...@vereshagin.org wrote:
 Hello.

 2012/07/12 13:19:56 -0400 Lowell Gilbert 
 freebsd-questions-lo...@be-well.ilk.org = To Kaya Saman :
 LG URLs as well as FTP. For ones that aren't, (and assuming the rather
 LG silly security policies won't allow for an external web-based FTP proxy)
 LG you may need to bring them in by offline media.

 I believe there should be the way of using the passive ftp (and any other
 protocol) via the HTTP CONNECT method to the ftp (or any other port needed for
 other protocol/app) port and then handling the both control and data
 connections through the consequent copmmands and data exhange.

 As far as I remember this can be done at least via the http://delegate.org
 software, certainly available in the ports collection.

 Kaya, if your http proxy handles HTTP CONNECT to the port 21/ftp this can be
 the workaround for you about the freebsd ports requiring ftp download ability.

 Most surprise for me is why no one is interested about what kind of a danger
 the ftp protocol can ever be? i. e. skype is much more vicious in comparison 
 to
 ftp and s much harder to be restricted by a packet filter if even possoible.

 --
 Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: A0E26627
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Thanks Peter for the advise.

Our system is totally locked down with hardly any ports open on our
NAT, only the necessary ones.

I'm not sure if the Proxy would support the HTTP CONNECT as it's an
appliance which my superior has control over.

I will check it out however and see if that method is best, however
CVSup would be the best way for us and I'm already looking at this:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html


which should be enough to get a demo up and running.


Regards,


Kaya
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Wojciech Puchar

The information comes straight down from the IT director who will
**not** change his mind on this as I have asked several times in the
past.


I just told about solution to a problem. Not a workaround.
How you can make your work if your director actively prevent it!?


Basically without getting too distracted and off-topic: I open the
ports on the firewall - tomorrow I am not employed anymore


Do not change anything in config if you got fired. It is not the clever 
and polite.


Spent your time for starting out your own business or at least choose 
better employee, instead of revenge.



PS. Start out using real private e-mail not @gmail.com if you want to be 
treated more seriously and not hurt yourself anymore.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Wojciech Puchar

Most surprise for me is why no one is interested about what kind of a danger
the ftp protocol can ever be? i. e. skype is much more vicious in comparison to


As in lots of companies where idiots are directors (common case) the 
danger is because it is something that doesn't exist. As we all know 
only WWW do exist ;)


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Wojciech Puchar
If that last block is already part of an MBR partition, the more strict 
checking stops booting in 9.0.


not making MBR partition would not make problems.


There's no guarantee that bsdlabel checking won't be made more strict. No 
matter what type of partitioning scheme, the metadata should not be

inside the data area.


gmirror puts it's metadata at the end of disk.
bsdlabel is at the beginning. what a problem?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Lowell Gilbert
Peter Vereshagin pe...@vereshagin.org writes:

 2012/07/12 13:19:56 -0400 Lowell Gilbert 
 freebsd-questions-lo...@be-well.ilk.org = To Kaya Saman :
 LG URLs as well as FTP. For ones that aren't, (and assuming the rather
 LG silly security policies won't allow for an external web-based FTP proxy)
 LG you may need to bring them in by offline media.

 I believe there should be the way of using the passive ftp (and any other
 protocol) via the HTTP CONNECT method to the ftp (or any other port needed for
 other protocol/app) port and then handling the both control and data
 connections through the consequent copmmands and data exhange.

You've just described an FTP proxy. That's already been ruled out.

 Most surprise for me is why no one is interested about what kind of a danger
 the ftp protocol can ever be? i. e. skype is much more vicious in comparison 
 to
 ftp and s much harder to be restricted by a packet filter if even possoible.

Unfortunately, it's common. Often it's a reaction to the idea that FTP
is an insecure protocol -- which is true, in a sense, because
authentication information is passed in the clear, but irrelevant to
anonymous use. This is silly, yes, but it's fairly popular among the
types of IT people who think that NAT is a security service. Or
possibly Nothing But HTTP is allowed through the firewall (which is, at
least, a rational response to not knowing much about TCP/IP).

Be well.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Peter Vereshagin
Hello.

Why don't you use a portsnap? it's over http...

2012/07/12 19:01:15 +0100 Kaya Saman kayasa...@gmail.com = To Peter 
Vereshagin :
KS I will check it out however and see if that method is best, however
KS CVSup would be the best way for us and I'm already looking at this:
KS 
KS http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html

1. cvsup is not about comparison to ftp. cvsup is a way to obtain fresh port
for the program distribution, ie set of patches, list of package's files,
sample configuration files for the particular program(s) those are not the part
of the base system but supplied with taking the OS specs in mind.

ftp is a way to obtain a distfile, ie what the 3rd party software developer use
to distribute. For FreeBSD ports cvsup and ftp are not competent in the daiy
use as they have different purposes.

Some 3rd party software is released and published authoritatively on ftp only.
And that is the only problem possible for you on ftp usage by freebsd ports.
But I believe there is only a few of them you need if any at all.

I guess you may want to download the initial ports tree tarball, the ports.tgz,
via the ftp. But it's certainly a) available over there via the http and b) is
outdated and is needed to be updated via the portsnap and/or cvsup.

2. Use csup from the base system, don't use cvsup from ports if you use its
protocol. And, portsnap seems to be even more recommended since some days.

KS which should be enough to get a demo up and running.

A Demo? Am I invited for the show? ;-)

--
Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: A0E26627 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Warren Block

On Thu, 12 Jul 2012, Wojciech Puchar wrote:

If that last block is already part of an MBR partition, the more strict 
checking stops booting in 9.0.


not making MBR partition would not make problems.


There's no guarantee that bsdlabel checking won't be made more strict. No 
matter what type of partitioning scheme, the metadata should not be

inside the data area.


gmirror puts it's metadata at the end of disk.
bsdlabel is at the beginning. what a problem?


It's not the label, it's what the label declares for the partitions.  If 
the last partition includes the block of gmirror metadata, that's an 
error.  Pardon the ASCII diagrams.


Wrong:

partition table

partition 1---
| |
 -

...

partition n---
| |
|gmirror metadata |
 -


Right:

partition table

partition 1-
|   |
 ---

...

partition n-
|   |
 ---

gmirror metadata
|   |
 ---
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Wojciech Puchar

last partition includes the block of gmirror metadata, that's an error.


no it doesn't

i do this 2 ways:

method 1) i FIRST do gmirror on whole disk

THEN partition it, so partition sizes sums up to gmirror size which is 1 
sector less disk size.


then bsdlabel -B

method 2) i make same disklabel on both disk, then bsdlabel -B, them 
gmirror each partitions separately.
often i do not mirror all partitions, ew. i do not for squid proxy data if 
used.



both method results in system bootable from both drives and proper 
disklabels.



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Peter Vereshagin
Hello.

2012/07/12 14:44:48 -0400 Lowell Gilbert 
freebsd-questions-lo...@be-well.ilk.org = To Peter Vereshagin :
LG Peter Vereshagin pe...@vereshagin.org writes:
LG 
LG  2012/07/12 13:19:56 -0400 Lowell Gilbert 
freebsd-questions-lo...@be-well.ilk.org = To Kaya Saman :
LG  LG URLs as well as FTP. For ones that aren't, (and assuming the rather
LG  LG silly security policies won't allow for an external web-based FTP 
proxy)
LG  LG you may need to bring them in by offline media.
LG 
LG  I believe there should be the way of using the passive ftp (and any other
LG  protocol) via the HTTP CONNECT method to the ftp (or any other port 
needed for
LG  other protocol/app) port and then handling the both control and data
LG  connections through the consequent copmmands and data exhange.
LG 
LG You've just described an FTP proxy. That's already been ruled out.

But I thought the squid-like http proxy while serving the FTP URLs is what the
ftp proxy is? It's a different matter at least because it's a nothing about
HTTP's CONNECT method.

Can you point me to a definition of 'ftp proxy' please? Wikipedia and Google
have nothing on this.

What I described is mentioned as 'http tunneling' in delegate's docs and isn't
specific for ftp at all.

LG  Most surprise for me is why no one is interested about what kind of a 
danger
LG  the ftp protocol can ever be? i. e. skype is much more vicious in 
comparison to
LG  ftp and s much harder to be restricted by a packet filter if even 
possoible.
LG 
LG Unfortunately, it's common. Often it's a reaction to the idea that FTP
LG is an insecure protocol -- which is true, in a sense, because
LG authentication information is passed in the clear, but irrelevant to
LG anonymous use. This is silly, yes, but it's fairly popular among the
LG types of IT people who think that NAT is a security service. Or
LG possibly Nothing But HTTP is allowed through the firewall (which is, at
LG least, a rational response to not knowing much about TCP/IP).

Management is always the same on both sides of Earth, right.

--
Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: A0E26627 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


re: Patch failed to apply cleanly [chromium-20.0.1132.57] FreeBSD 9.0-RELEASE

2012-07-12 Thread Alexander Kapshuk
When attempting to upgrade chromium-19.0.1084.56_1 to 
chromium-20.0.1132.57 on FreeBSD9.0 (FreeBSD box2 9.0-RELEASE FreeBSD 
9.0-RELEASE #0: Tue Jan  3 07:15:25 UTC 2012 
r...@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386), one of 
the patches failed to apply:

--
===  Applying extra patch /usr/ports/www/chromium/files/extra-patch-gcc
===  Applying FreeBSD patches for chromium-20.0.1132.57
patch:  malformed patch at line 15:  #if PLATFORM(CHROMIUM)
= Patch patch-third_party__WebKit__Source__WebCore__config.h failed to 
apply cleanly.

--
There seems to be a patch available that has been reported as having 
worked on a 9.0-RELEASE/amd64:

http://www.mail-archive.com/freebsd-chromium@freebsd.org/msg00340.html
-
www/chromium/files/patch-third_party__WebKit__Source__WebCore__config.h.orig 


2012-07-12 09:19:26.0 +
+++ www/chromium/files/patch-third_party__WebKit__Source__WebCore__config.h
2012-07-12 10:49:20.0 +
@@ -1,6 +1,6 @@
 third_party/WebKit/Source/WebCore/config.h.orig2012-05-30
10:05:35.0 +0300
-+++ third_party/WebKit/Source/WebCore/config.h 2012-06-05 
22:32:48.0

+0300
-@@ -127,6 +127,11 @@
+--- third_party/WebKit/Source/WebCore/config.h.orig2012-07-10
07:52:48.0 +
 third_party/WebKit/Source/WebCore/config.h 2012-07-12 
10:48:15.0

+
+@@ -127,6 +127,14 @@
  #define WTF_USE_NEW_THEME 1
  #endif // PLATFORM(MAC)
-
Is there a patch available to an x86 based system?

Thanks.

Alexander Kapshuk.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Warren Block

On Thu, 12 Jul 2012, Wojciech Puchar wrote:


last partition includes the block of gmirror metadata, that's an error.


no it doesn't


You appear to be agreeing with me, but saying that your method does not 
produce that problem.



i do this 2 ways:

method 1) i FIRST do gmirror on whole disk

THEN partition it, so partition sizes sums up to gmirror size which is 1 
sector less disk size.


then bsdlabel -B

method 2) i make same disklabel on both disk, then bsdlabel -B, them gmirror 
each partitions separately.
often i do not mirror all partitions, ew. i do not for squid proxy data if 
used.



both method results in system bootable from both drives and proper 
disklabels.


Yes, these are the same methods that can be used with MBR partitions. 
The second works with GPT partitioning also.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: How to mirror the FreeBSD OS on two disks

2012-07-12 Thread Wojciech Puchar


no it doesn't


You appear to be agreeing with me, but saying that your method does not 
produce that problem.


sorry - possibly i missed something.

both method results in system bootable from both drives and proper 
disklabels.


Yes, these are the same methods that can be used with MBR partitions. The 
second works with GPT partitioning also.


true. first doesn't. for now i use only second method in spite of not 
using GPT. being able to de-mirror selectively a partition or not mirror 
some partitions at all is quite a big adventage.


definitely not possible with hardware RAID.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Wojciech Puchar

Does your IT director understand the active/passive distinction? If not


From what he described his director is plain moron. He required him to 
block things that HE needs to work, leaving port 80 open so things that 
are best in distracting from work (youtube, facebook...) works, as well as 
major virus source.


In places i work i was requested to

a) block some websites (facebook always first on list - very good).
b) block most things EXCEPT the ones needed for work, full access only 
for some people. So some ports and some targets do work, rest does not.


This is normal IMHO.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman

On 07/12/2012 07:54 PM, Peter Vereshagin wrote:

Hello.

Why don't you use a portsnap? it's over http...

2012/07/12 19:01:15 +0100 Kaya Saman kayasa...@gmail.com = To Peter 
Vereshagin :
KS I will check it out however and see if that method is best, however
KS CVSup would be the best way for us and I'm already looking at this:
KS
KS http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html

1. cvsup is not about comparison to ftp. cvsup is a way to obtain fresh port
for the program distribution, ie set of patches, list of package's files,
sample configuration files for the particular program(s) those are not the part
of the base system but supplied with taking the OS specs in mind.

ftp is a way to obtain a distfile, ie what the 3rd party software developer use
to distribute. For FreeBSD ports cvsup and ftp are not competent in the daiy
use as they have different purposes.

Some 3rd party software is released and published authoritatively on ftp only.
And that is the only problem possible for you on ftp usage by freebsd ports.
But I believe there is only a few of them you need if any at all.

I guess you may want to download the initial ports tree tarball, the ports.tgz,
via the ftp. But it's certainly a) available over there via the http and b) is
outdated and is needed to be updated via the portsnap and/or cvsup.

2. Use csup from the base system, don't use cvsup from ports if you use its
protocol. And, portsnap seems to be even more recommended since some days.

KS which should be enough to get a demo up and running.

A Demo? Am I invited for the show? ;-)

--
Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: A0E26627
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Hi Peter,

portsnap works fine :-)

My issues start coming into play when building the actual port itself. 
Ie. fetching the distfile, as you suggested above.



As soon as I start running portmaster -a or a 'make install clean' on 
certain ports, the progress just bombs out totally.



It would be really cool if I could find a way to centrally manage all of 
this. So perhaps in conjunction with CVSup.



Something like a Linux repo server if you will - though I mention the 
term very loosely.



Regards,


Kaya




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman

On 07/12/2012 08:13 PM, kpn...@pobox.com wrote:

On Thu, Jul 12, 2012 at 06:44:56PM +0100, Kaya Saman wrote:

I do infact work for this company and additionally I am one of the
administrators of the company.

The information comes straight down from the IT director who will
**not** change his mind on this as I have asked several times in the
past.


Basically without getting too distracted and off-topic: I open the
ports on the firewall - tomorrow I am not employed anymore

So called active ftp requires having the server open a connection back
to the client. This will be blocked by a firewall unless the firewall
has special support for it. I can see having a firewall not allow
those connections into your network.

With passive ftp with or without a proxy all connections are opened from
your end. No opening up of the firewall is required.  Plus, if you don't
touch your filewall then attempted use of active ftp will just result in
a hung network connection.

I believe active ftp was the default and perhaps only option for a number
of years.

Does your IT director understand the active/passive distinction? If not
then perhaps you could explain it in a way that acknowledges that his
concerns have some merit but those concerns are not relevant to passive
ftp.

Yes, this is very easy for me to suggest since I don't know any of the
relevant people and my paycheck is not on the line. And my suggestion
may be worth what you paid for it. ;)


Hi,

of course everything is known but still it is preferred to keep a total 
lock-down on outbound ports.


We handle a lot of highly sensitive information and that's the need for 
the severe lock-down. Even the web-proxy is restricted to the sites 
accessible meaning that we need to request access if we need to go 
somewhere not governed by that proxy.



Regards,


Kaya

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Wojciech Puchar


My issues start coming into play when building the actual port itself. Ie. 
fetching the distfile, as you suggested above.



As soon as I start running portmaster -a or a 'make install clean' on certain 
ports, the progress just bombs out totally.



as you've said it is not a problem at all tomorrow.



It would be really cool if I could find a way to centrally manage all of 
this. So perhaps in conjunction with CVSup.


What you mean? common /usr/ports/distfiles
?

You may mirror it all if you wish and then NFS export.
But if you want to install lots of ports to many computers i would 
recommend building on one and then just make binary packages.



Something like a Linux repo server if you will
no idea what it is. have not use linux for 9 years, and before that few 
years using my own manual distro as anything else wasn't usable.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Matthew Seaman
On 12/07/2012 21:26, Kaya Saman wrote:
 My issues start coming into play when building the actual port itself.
 Ie. fetching the distfile, as you suggested above.
 
 
 As soon as I start running portmaster -a or a 'make install clean' on
 certain ports, the progress just bombs out totally.
 
 
 It would be really cool if I could find a way to centrally manage all of
 this. So perhaps in conjunction with CVSup.
 
 
 Something like a Linux repo server if you will - though I mention the
 term very loosely.

Have you played with pkgng at all?  It's a bit new to use in production
just yet, although reports from testers have been pretty positive so
far, and it's perfectly fine for evaluation purposes.

It will solve your main problem of not being allowed FTP traffic, as you
can select a package repository accessible through HTTP -- like
the main test repository http://pkgbeta.freebsd.org/freebsd-9-amd64/latest

See http://wiki.freebsd.org/pkgng

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey





signature.asc
Description: OpenPGP digital signature


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Peter Vereshagin
Hello.

2012/07/12 21:26:22 +0100 Kaya Saman kayasa...@gmail.com = To 
freebsd-questions@freebsd.org :
KS  A Demo? Am I invited for the show? ;-)
KS Something like a Linux repo server if you will - though I mention the 
KS term very loosely.

SHould you try with a ixsystems's pcbsd.org then? http://pcbsd.org

If you need to install a program from a freebsd port then pcbsd allows it,too.

--
Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: A0E26627 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread Kaya Saman

On 07/12/2012 09:46 PM, Matthew Seaman wrote:

On 12/07/2012 21:26, Kaya Saman wrote:

My issues start coming into play when building the actual port itself.
Ie. fetching the distfile, as you suggested above.


As soon as I start running portmaster -a or a 'make install clean' on
certain ports, the progress just bombs out totally.


It would be really cool if I could find a way to centrally manage all of
this. So perhaps in conjunction with CVSup.


Something like a Linux repo server if you will - though I mention the
term very loosely.

Have you played with pkgng at all?  It's a bit new to use in production
just yet, although reports from testers have been pretty positive so
far, and it's perfectly fine for evaluation purposes.

It will solve your main problem of not being allowed FTP traffic, as you
can select a package repository accessible through HTTP -- like
the main test repository http://pkgbeta.freebsd.org/freebsd-9-amd64/latest

See http://wiki.freebsd.org/pkgng

Cheers,

Matthew



Thanks Matthew I will give this a go, although currently I have 2x 
FreeBSD machines in 'almost' full production as testing will cease quite 
shortly.


It might actually be quite useful in conjunction with Puppet and Cobbler 
(not sure if is for FreeBSD too).



Regards,


Kaya

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Is there a way to run FreeBSD ports through port 80?

2012-07-12 Thread dweimer

On 2012-07-12 15:26, Kaya Saman wrote:

On 07/12/2012 07:54 PM, Peter Vereshagin wrote:

Hello.

Why don't you use a portsnap? it's over http...

2012/07/12 19:01:15 +0100 Kaya Saman kayasa...@gmail.com = To 
Peter Vereshagin :
KS I will check it out however and see if that method is best, 
however
KS CVSup would be the best way for us and I'm already looking at 
this:

KS
KS 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html


1. cvsup is not about comparison to ftp. cvsup is a way to obtain 
fresh port
for the program distribution, ie set of patches, list of package's 
files,
sample configuration files for the particular program(s) those are 
not the part

of the base system but supplied with taking the OS specs in mind.

ftp is a way to obtain a distfile, ie what the 3rd party software 
developer use
to distribute. For FreeBSD ports cvsup and ftp are not competent in 
the daiy

use as they have different purposes.

Some 3rd party software is released and published authoritatively on 
ftp only.
And that is the only problem possible for you on ftp usage by 
freebsd ports.

But I believe there is only a few of them you need if any at all.

I guess you may want to download the initial ports tree tarball, the 
ports.tgz,
via the ftp. But it's certainly a) available over there via the http 
and b) is

outdated and is needed to be updated via the portsnap and/or cvsup.

2. Use csup from the base system, don't use cvsup from ports if you 
use its
protocol. And, portsnap seems to be even more recommended since some 
days.


KS which should be enough to get a demo up and running.

A Demo? Am I invited for the show? ;-)

--
Peter Vereshagin pe...@vereshagin.org (http://vereshagin.org) pgp: 
A0E26627

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org


Hi Peter,

portsnap works fine :-)

My issues start coming into play when building the actual port
itself. Ie. fetching the distfile, as you suggested above.


As soon as I start running portmaster -a or a 'make install clean' on
certain ports, the progress just bombs out totally.


It would be really cool if I could find a way to centrally manage all
of this. So perhaps in conjunction with CVSup.


Something like a Linux repo server if you will - though I mention the
term very loosely.


Regards,


Kaya




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org


If the volume of machines you have isn't very high I would consider 
asking the Director if you could have a machine in the DMZ that would be 
able to use FTP, and cvsup to get outbound.  Install Squid on that, and 
allow Squid to use FTP then allow only SSH from the inside systems to 
that machine.  From there you can use SSH on the inside systems to 
tunnel the cvsup data outbound for source updates, and to tunnel the 
Squid connection outbound to be able to use FTP for the port updates via 
the SSH tunnel using Squids FTP connect over HTTP.


This method would eliminate the need to setup your own local cvsup 
mirror, but does still allow FTP, but it doesn't leave any internal 
connections possible except when intended.  It doesn't open it up to any 
users without SSH access into the DMZ machine so it can be controlled 
who has access to it.


As the goto guy at my company for internet security I understand the 
need to lock things down and sadly wish my boss would allow me to lock 
down ours more than it is, though I don't see blocking outbound FTP as a 
requirement (though we only allow passive).  Its interesting to see this 
from the side of the other guy who's stuff doesn't work due to the 
restrictions in place.  I deal all the time with employees trying to do 
online conferences or file downloads with other companies using obscure 
tools that won't work through an HTTP proxy, use some random high port 
like 1 and want me to open up the port through the firewall right 
then so they can do the conference or get the file without any time to 
make sure the application is actually safe.  Of course the main response 
to no I can't do that, is why does it work for everyone else on the 
conference.  Can't seem to make them understand that the other people 
might not have to explain to the bank why they weren't following the PCI 
(payment card industry) guidelines they signed a document stating we 
would adhere to.  And its my job on the line and not theirs if my 
allowing the port through the firewall for them allows the security 
breach.


--
Thanks,
   Dean E. Weimer
   http://www.dweimer.net/
___
freebsd-questions@freebsd.org mailing list

Re: IPv6 getaddrinfo(3C)

2012-07-12 Thread Doug Hardie

On 12 July 2012, at 07:24, Matthias Apitz wrote:

 
 Hello,
 
 I'm playing around with IPv6 code on a FreeBSD 9 system and can't get
 getaddrinfo(3C) to do what it should do as stated in its man page:
 accept an IPv6 and IPv4 IP addr, it only works with the IPv6 form:
 
 $ ./a.out ::1
 host: ::1
 read: SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
 $ ./a.out 127.0.0.1
 host: 127.0.0.1
 ssh: getaddrinfo failed code 8: hostname nor servname provided, or not known
 $ telnet 127.0.0.1 22
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
 
 the used C-code is attached below; what I'm doing wrong in the code?
 
 Thanks
 
   matthias
 
 /* IPv6 client code using getaddrinfo */
 
 #include stdlib.h
 #include sys/types.h
 #include sys/socket.h
 #include netinet/in.h
 #include stdio.h
 #include netdb.h
 #include string.h
 
 
 main(argc, argv)  /* client side */
   int argc;
   char   *argv[];
 {
 
   struct addrinfo req, *ans;
   int code, s, n;
   char buf[1024];
 
   memset(req, 0, sizeof(req));
   req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST;
   req.ai_family = AF_INET6;   /* Same as AF_INET6. */
   req.ai_socktype = SOCK_STREAM;
 
   /* */
   /* Use default protocol (in this case tcp) */
   /* */
 
   req.ai_protocol = 0;
 
   printf(host: %s\n, argv[1]);
   if ((code = getaddrinfo(argv[1], ssh, req, ans)) != 0) {
   fprintf(stderr, ssh: getaddrinfo failed code %d: %s\n, code, 
 gai_strerror(code));
   exit(1);
   }


   /* */
   /* ans must contain at least one addrinfo, use */
   /* the first.  */
   /* */ 
   
   s = socket(ans-ai_family, ans-ai_socktype, ans-ai_protocol);
   if (s  0) {
   perror(ssh: socket);
   exit(3);
   }
 
   /* Connect does the bind for us */
   
   if (connect(s, ans-ai_addr, ans-ai_addrlen)  0) {
   perror(ssh: connect);
   exit(5);
   }
 
   n = read(s, buf, 1024);
   printf (read: %s, buf);
   
   /* */
   /* Free answers after use */
   /* */ 
   freeaddrinfo(ans);
 
   exit(0);
 }
 
  

I won't claim to be an expert on this, but I have used getaddrinfo successfully 
in servers.  The only thing I see that might be an issue is the use of zero for 
ai_protocol.  The comment in the man page implies that value is for servers and 
not clients.  I suspect you have to set the specific protocol you want.  You 
haven't included AI_PASSIVE so I suspect its expecting you to use the address 
to contact a server.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


profiling library smaller than non-profiling, while it contains more symbols. Why?

2012-07-12 Thread Anton Shterenlikht
While updating my port (math/slatec) to use
the new OPTIONS framework, I did some
experiments with the profiling library.

I don't know much about this, so what surprised me
is that the profiling library is smaller:

# ls -al lib*a
-rw-r--r--  1 root  wheel  6582354 Jul 12 22:56 libslatec.a
-rw-r--r--  1 root  wheel  6555122 Jul 12 23:02 libslatec_p.a
#

while it adds .mcount symbol to each object file:

# nm libslatec.a  nm
# nm libslatec_p.a  nmp
# wc nm nmp
   16436   36675  373033 nm
   17885   39573  413605 nmp
   34321   76248  786638 total
# grep -c mcount nmp
1449
# expr 16436 + 1449
17885
#

Using diff I can confirm that the only difference
between the 2 libs is the .mcount symbol for
each object file in the profiling library.

So how can the profiling library be smaller?

-- 
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: profiling library smaller than non-profiling, while it contains more symbols. Why?

2012-07-12 Thread Anton Shterenlikht
On Thu, Jul 12, 2012 at 11:31:31PM +0100, Anton Shterenlikht wrote:
 While updating my port (math/slatec) to use
 the new OPTIONS framework, I did some
 experiments with the profiling library.
 
 I don't know much about this, so what surprised me
 is that the profiling library is smaller:
 
 # ls -al lib*a
 -rw-r--r--  1 root  wheel  6582354 Jul 12 22:56 libslatec.a
 -rw-r--r--  1 root  wheel  6555122 Jul 12 23:02 libslatec_p.a
 #
 
 while it adds .mcount symbol to each object file:
 
 # nm libslatec.a  nm
 # nm libslatec_p.a  nmp
 # wc nm nmp
16436   36675  373033 nm
17885   39573  413605 nmp
34321   76248  786638 total
 # grep -c mcount nmp
 1449
 # expr 16436 + 1449
 17885
 #
 
 Using diff I can confirm that the only difference
 between the 2 libs is the .mcount symbol for
 each object file in the profiling library.
 
 So how can the profiling library be smaller?
 

Also, the library compiled on amd64 has lots more
symbols than if compiled on ia64. For example:

amd64:

zbesy.o:
 r .LC0
0008 r .LC1
0010 r .LC11
0020 r .LC12
0028 r .LC13
0030 r .LC14
0010 r .LC2
0018 r .LC5
 r .LC6
 U cos
 U d1mach_
 U exp
 U i1mach_
 U sin
 U zbesh_
 T zbesy_

and ia64:

zbesy.o:
 U cos
 U d1mach_
 U exp
 U i1mach_
 U sin
 U zbesh_
 T zbesy_

Why the difference?

-- 
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: IPv6 getaddrinfo(3C)

2012-07-12 Thread Robert Bonomi


 From: Doug Hardie bc...@lafn.org
 Date: Thu, 12 Jul 2012 14:21:38 -0700
 Subject: Re: IPv6  getaddrinfo(3C)

 On 12 July 2012, at 07:24, Matthias Apitz wrote:

  Hello,
 
  I'm playing around with IPv6 code on a FreeBSD 9 system and can't get 
  getaddrinfo(3C) to do what it should do as stated in its man page: 
  accept an IPv6 and IPv4 IP addr, it only works with the IPv6 form:
 
  $ ./a.out ::1
  host: ::1 read: SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
  $ ./a.out 127.0.0.1
  host: 127.0.0.1 ssh: getaddrinfo failed code 8: hostname nor servname 
  provided, or not known
  $ telnet 127.0.0.1 22
  Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 
  SSH-2.0-OpenSSH_5.6p1 FreeBSD-2010
 
  the used C-code is attached below; what I'm doing wrong in the code?
 
  Thanks
 
   matthias
 
  /* IPv6 client code using getaddrinfo */
 
  #include stdlib.h
  #include sys/types.h
  #include sys/socket.h
  #include netinet/in.h
  #include stdio.h
  #include netdb.h
  #include string.h
 
 
  main(argc, argv)/* client side */
   intargc; char   *argv[];
  {
 
   struct addrinforeq, *ans; int  code, s, n; char buf[1024];
 
   memset(req, 0, sizeof(req));
   req.ai_flags = AI_ADDRCONFIG|AI_NUMERICHOST; 
   req.ai_family = AF_INET6;  /* Same as AF_INET6. */ 

Isn't the setting of 'req.ai_family', above, going to guarantee that
something that looks like  an IPv4 address will not be considered valid?

After all, what *POSSIBLE* _IPv6_info_ is there about an IPv4 address?

Per the manpage example, try PF_UNSPEC.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: profiling library smaller than non-profiling, while it contains more symbols. Why?

2012-07-12 Thread Robert Bonomi
 From owner-freebsd-questi...@freebsd.org  Thu Jul 12 17:34:12 2012
 Date: Thu, 12 Jul 2012 23:31:31 +0100
 From: Anton Shterenlikht me...@bristol.ac.uk
 To: freebsd-questions@freebsd.org
 Subject: profiling library smaller than non-profiling,
   while it contains more symbols. Why?

 While updating my port (math/slatec) to use
 the new OPTIONS framework, I did some
 experiments with the profiling library.

 I don't know much about this, so what surprised me
 is that the profiling library is smaller:

 # ls -al lib*a
 -rw-r--r--  1 root  wheel  6582354 Jul 12 22:56 libslatec.a
 -rw-r--r--  1 root  wheel  6555122 Jul 12 23:02 libslatec_p.a
 #

It it possible that libslatac.a has debggingn symbols, and the profiling
library does not?

Or that the profiling library was compiled with a lower degree of
optimization ?  (many of the 'higher'-level optimizations cause
_larger_, albeit faster, code to be generated)

Any other differences in compilation flags?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: profiling library smaller than non-profiling, while it contains more symbols. Why?

2012-07-12 Thread Robert Bonomi

 Date: Thu, 12 Jul 2012 23:52:18 +0100
 From: Anton Shterenlikht me...@bristol.ac.uk
 Subject: Re: profiling library smaller than non-profiling,
   while it contains more symbols. Why?

 Also, the library compiled on amd64 has lots more
 symbols than if compiled on ia64.

This is _not_ unexpected with different processor architectures, and thus
different instruction sets.

Speculation: the values lfor the .LC* variables look like bit-masks -- it 
may be that ia64 has opcodes that allow immediate operannds, obviating
the need for a 'data' consntat in memory.

Something in the source causes different processor-specific code to be
generated -- one processor uses 'data' constants, the other doesn't.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org