Re: freebsd-update and archs
On 01/22/12 03:45, Christer Solskogen wrote: On Sat, Jan 21, 2012 at 1:21 PM, Colin Percival cperc...@freebsd.org wrote: Try doing a release cross-build and compare it against a non-crossed release build; extract the built tarballs and send me a list of which ones aren't identical. I know which files normally build differently so I can look over the list and tell you if there's something which shouldn't be there. I just did, and the file list is the same. Or do you want me to do a md5 of every file? Yes, I meant to compare the contents of files (or their hashes of course). -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update and archs
On 01/23/12 06:59, Christer Solskogen wrote: On Mon, Jan 23, 2012 at 3:03 PM, Colin Percival cperc...@freebsd.org wrote: On 01/22/12 03:45, Christer Solskogen wrote: I just did, and the file list is the same. Or do you want me to do a md5 of every file? Yes, I meant to compare the contents of files (or their hashes of course). Here you go: http://antarctica.no/~solskogen/temp/cross.txt.bz2 http://antarctica.no/~solskogen/temp/native.txt.bz2 http://antarctica.no/~solskogen/temp/diff.txt.bz2 Hmm, you've got almost everything being different there. Did you use the same src tree as the release? If you checked out the tree via CVS it won't match. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update and archs
On 01/21/12 02:25, Christer Solskogen wrote: I've just finished installing FreeBSD on my new Mac mini G4, and when I ran freebsd-update on it I found out that freebsd-update only supports i386 and amd64 architectures. How come? We don't have suitable build hardware for other architectures, and there are some problems with release cross-building which aren't fixed yet. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update and archs
On 01/21/12 04:15, Christer Solskogen wrote: On Sat, Jan 21, 2012 at 12:42 PM, Colin Percival cperc...@freebsd.org wrote: We don't have suitable build hardware for other architectures, and there are some problems with release cross-building which aren't fixed yet. I found out that building ppc with TARGET= worked nicely on 9.0-RELEASE. Do you know what problems? Maybe I can help. IIRC there were some data files (fortunes? magic? something like that...) which had platform-specific formats (presumably pointer size and endianness issues) and didn't have properly crossing build tools. It's possible that these have been fixed by now, though. Try doing a release cross-build and compare it against a non-crossed release build; extract the built tarballs and send me a list of which ones aren't identical. I know which files normally build differently so I can look over the list and tell you if there's something which shouldn't be there. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update(8) under sparc64? Why is it not available?
John Baldwin wrote: On Friday 26 March 2010 11:00:28 am Colin Percival wrote: I think the best approach towards having FreeBSD Update support for sparc64 is to get release cross-building working; that way we would be able to use amd64 hardware, which I think we can safely assume will continue to be available in ever-increasing speeds. Err, release cross-building does work AFAIK. ru@ worked on it many years ago. Have you tried it and run into problems? Cross-building works in the sense of finishing with something which looks like a release; but when I tried it a few years ago (when I was writing the current generation of freebsd-update) there were some files which built differently for cross vs. native builds. IIRC it wasn't a huge number of files, though. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update(8) under sparc64? Why is it not available?
Hi all, Marius Strobl wrote: On Thu, Mar 25, 2010 at 02:11:00PM +, Craig Butler wrote: World build started on Sat Mar 20 23:34:54 EDT 2010 World build completed on Sun Mar 21 00:50:58 EDT 2010 Can we bend the rules a little ?? Who set the requirement of an hour ? freebsd-update might be a good thing to have.. IIRC it was Colin who once mentioned that this was decided by the Security Officers in order to be able to react to high impact security issues affecting multiple branches in a timely manner should the need ever arise. In any case he should be the right person to talk to about this so I CC'ed him. The can-buildworld-in-an-hour is a rough rule of thumb, but it's pretty good. The issue here, as Marius said, is that we want to be able to push out advisories promptly; this isn't a problem when we're only dealing with one branch, but sometimes we have issues which affects all the releases -- currently we support {6.4, 7.1, 7.2, 7.3, 8.0}, which is a fairly typical set -- and each run of patch builds requires two complete buildworlds plus some other stuff (kernel builds, comparing bits between builds, shuffling them around, building binary patches)... so I imagine that a 1.5 hour sparc64 buildworld time would put us at over 24 hours for a complete set of patch builds. And that's not counting the fact that every new FreeBSD release takes longer to build. Some people have suggested in the past that we could do sparc64 update builds but not hold up advisories waiting for them -- but I really don't like that option, since it would train people to use binary updates rather than source updates, and the times when they would need to wait -- time-sensitive security advisories -- are exactly the times when they shouldn't wait. (As a side note, for obvious security reasons I don't want to add hardware outside of the established FreeBSD.org datacenters for this sort of thing.) I think the best approach towards having FreeBSD Update support for sparc64 is to get release cross-building working; that way we would be able to use amd64 hardware, which I think we can safely assume will continue to be available in ever-increasing speeds. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update userland sources
On Sunday 02 August 2009 16:10:37 Tom Mende wrote: Is there a way to get freebsd-update to keep userland sources up to date? Yes. If you have source code installed (for the right version of FreeBSD) in /usr/src, then freebsd-update will keep it updated. (Slight complication: Because freebsd-update builds are normally done before patches are committed to SVN, you won't get the updated SVN revision numbers or the new entries in UPDATING via freebsd-update -- but you will get all of the security/errata fixes.) -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Login accounts don't work after update to 7.1
Lowell Gilbert wrote: Bert-Jan i...@bert-jan.com writes: What is the proper way to handle this ? Can I run a command after the update finishes that regenerates the account databases from the master.passwd ? I checked the history and *I* never touched it during the update, so it was merged like it should. I'm not sure what the proper way is; there's certainly code in there to update the databases automatically, so you *shouldn't* have to do anything. To do the same thing manually, you can use pwd_mkdb(8). When you edit the password database with vipw(8), this is handled for you. If freebsd-update installs a new master.passwd file, it will regenerate the databases from it. All I can guess in this case is that freebsd-update couldn't manage to merge updates into master.passwd automatically, and when it opened up the file in an editor for you to fix, you didn't merge things properly. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD Update should be back to normal
Hi all, There are now more freebsd-update mirrors and it looks like they're handling the load quite well. It's possible that the load balancing between mirrors will need to be tweaked a bit. If you have problems accessing a mirror (e.g., if freebsd-update exits with an error of downloading files... failed or complains that a file does not exist) please: 1. Try again using the -s option to make sure that you're accessing the same mirror (to make sure that this wasn't a temporary network glitch). 2. Assuming the first mirror still fails, use the -s option to pick a different mirror. 3. Assuming that the second mirror works, send me an email telling me which mirror failed and which one worked so that I can have the load balancing adjusted. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FYI, portsnap problems
Hi all, For the benefit of those of you who are noticing problems with portsnap right now: The release of FreeBSD 7.1 has resulted in a very large amount of traffic to update1.freebsd.org, which is hosted by the same box as portsnap-master... so the portsnap mirrors are having some trouble syncing right now. If you find that portsnap doesn't work, please be patient -- once the flood of people upgrading systems to 7.1-RELEASE has subsided things should get back to normal. (Before people ask: update2.freebsd.org is going to exist soon. No, I'm not looking for more mirrors right now.) -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update can't find update.FreeBSD.org
RW wrote: With portsnap the default server is itself one of the servers on the SRV list, so portsnap should fall-back to a working server even when DNS is unavailable (behind a proxy) or screwed-up by a router etc. I dont see a reason why update.FreeBSD.org shouldn't have the same A-record as update1.FreeBSD.org, so that it just works. With portsnap, I asked for the A record to be created not as a fallback for people with broken DNS, but instead as a backwards compatibility mechanism for people who were running old versions of portsnap which didn't do SRV lookups. To be honest, I didn't realize that there were so many people with broken DNS resolution. I'll ask the FreeBSD DNS admins to add an A record for update.freebsd.org. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: corporate backers of freebsd
Giorgos Keramidas wrote: Yes, Gary, there are companies who also fund FreeBSD work in several ways [...] Some examples which I recall off the top of my head are: Don't forget pair Networks, which has generously supported phk, andre, and myself on our respective sponsored FreeBSD coding fundraising drives of 2004, 2005, and 2006, with slightly over $40,000 in total. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.3 or 7.0 Release?
Julian Bolivar wrote: Mi question is because checking the FreeBSD 6.3 and 7.0 Release schedule, I note that version 6.3 is upcoming and few days later 7.0 will be releaced, anyone know if this schedule is updated or is in time? or only one of both will be released? My guess, informed only by knowledge of where things are currently at and how these things usually go, is that we'll see 6.3-RELEASE some time in the first week of January, and 7.0-RELEASE two or three weeks later. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: script to upgrade 6.0 to 6.2
Le Cocq Michel wrote: can you tell me what you think about this article ? I test on a computer in my lab, it seems to work, but I don't know exactly what it does ? http://www.daemonology.net/blog/2006-11-26-freebsd-6.1-to-6.2-binary-upgrade.html I recommend following the instructions at http://www.daemonology.net/blog/2007-11-10-freebsd-minor-version-upgrade.html instead -- or more to the point, the version of FreeBSD Update which the newer article points at. It contains all the functionality of the older script plus some more (e.g., merging changes to configuration files) which you'll probably find useful when upgrading from 6.0. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap question
Novembre wrote: Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found. Fetching snapshot tag from portsnap3.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Fri Oct 5 16:39:29 CDT 2007 to Wed Nov 7 17:22:07 CST 2007. Fetching 4 metadata patches... done. Applying metadata patches... done. Fetching 4 metadata files... done. Fetching 2125 patches.102030405060708090100110120130140150160170180190200210220230240250260270280290300310320330340350360370380390... done. Applying patches... done. Fetching 1882 new ports or files... done. I'm wondering why it says 'fetching 2125 patches...' and then downloading only 396 of them. Probably there was either a glitch on the mirror or you're behind a transparent HTTP proxy which misbehaved. Portsnap falls back to downloading complete files if it can't fetch or apply patches (which is why the 1882 new ports or files is such a large number), so all this means is that a bit more bandwidth was used than necessary. I have not run 'portsnap update' yet since I was afraid it might ruin my ports tree. Is there anyway to force portsnap fetch a new snapshot without telling me 'no updates needed'? Don't worry, you can run `portsnap update` safely. Not relevant in this case, but for the benefit of the archives: In the rare case where portsnap's locally stored snapshot becomes corrupt (most often as a result of filesystem not being unmounted cleanly), deleting everything inside /var/db/portsnap will result in portsnap downloading a complete new snapshot the next time `portsnap fetch` is run. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What is affected by FreeBSD-SA-07:08.openssl ?
Alexandre Biancalana wrote: $ grep -lr SSL_get_shared_ciphers /usr/src 2 /dev/null /usr/src/crypto/openssl/apps/s_client.c /usr/src/crypto/openssl/apps/s_server.c /usr/src/crypto/openssl/doc/ssleay.txt /usr/src/crypto/openssl/doc/ssl/ssl.pod /usr/src/crypto/openssl/ssl/ssl.h /usr/src/crypto/openssl/ssl/ssl_lib.c /usr/src/crypto/openssl/util/ssleay.num /usr/src/secure/lib/libssl/man/ssl.3 Doesn't revel much about what is affected by this bug Have someone made some deeper analysis about what is affected ? It doesn't look like anything in the base system uses this function, but I just zgrepped my /usr/ports/distfiles and found that mysql uses this if it is compiled with DBUG_OFF not defined. Assuming that you keep all of your ports distfiles, you can run $ zgrep -R SSL_get_shared_ciphers /usr/ports/distfiles and any applications which use said function will probably show up. But as for a deep analysis -- not that I'm aware of. We fixed this because there might be an application which used this function in a way which made this buffer overflow exploitable, not because we knew that such an application existed. Colin Percival FreeBSD Security Officer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ports tree is already up to date.
Zbigniew Szalbot wrote: Coincidence or the portsnap server is wrong? ./port.sh Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found. Fetching snapshot tag from portsnap2.FreeBSD.org... done. Latest snapshot on server matches what we already have. No updates needed. Ports tree is already up to date. Portsnap builds were offline over the weekend due to a hardware failure, but this is now fixed and portsnap should now be able to update again. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Waiting for BIND security announcement
Jeffrey Goldberg wrote: Anyway, I was disappointed that the BIND fix didn't make it into RELENG_6_2. Give us a little time. Unless an issue is exceptionally urgent, it usually takes us about a week to confirm that we're affected, to get a patch from upstream or create our own, to make sure the patch fixes the issue and doesn't create any new problems (there have been several issues lately where the upstream patches were broken), to confirm that the patch applies cleanly to all of our supported branches, and to write our advisory. Usually the FreeBSD Security Team hears about issues in major contrib code (e.g., sendmail, bind, openssl, openssh) ahead of time and is able to prepare before the issues become public, but this time we didn't get any advance warning. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Patching with freebsd-update from 6.2-RELEASE-p4 to 6.2-RELEASE-p5
Stevan Tiefert wrote: The problem is that in these two chapters of the handbook is not handling freebsd-update... And if you use freebsd-update you need not necessarily to do a buildkernel or buildworld. I've been meaning to write a handbook chapter about FreeBSD Update for many months, but haven't managed to find time, unfortunately. Obviously if someone else wants to write such a chapter, I'd be overjoyed to review it and help get it committed. :-) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Crypto missing after FreeBSD-Update to 6.2-RELEASE
Matt Bostock wrote: I've been using freebsd-update for some time now and it's been fantastic. I recently used Colin's upgrade script[1] to upgrade to 6.2-RELEASE, but it seems that the crypto distribution is now missing from my system. What makes you think that the crypto code is missing? With previous versions of freebsd-update I would have used --branch, but later versions this option is omitted. What's the safest way to get freebsd-update to recognise that I need the crypto libraries and install them? Starting in FreeBSD 5.3, the cryptographic libraries were required instead of being optional; and starting at some point in 5.x -- I can't remember exactly when -- the kerberos code stopped being distributed as separate distributions. Since the --branch option had become obsolete, I removed it. :-) PS On a side note, what happened to the IDS option? I'd like to use it to exclude files in a backup script. If you have a suggestion for nice alternative, please let me know :-) I removed the IDS option because I didn't think anyone used it. Since then I have heard from lots of people who used it, so I'm going to add the IDS option back soon. :-) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New != Faster
Tim Daneliuk wrote: Old 2 PIII @600Mhz 768K26M/sec4.11-stable/SMP 50-60 min New Pent D (2 core)@3.2GHz 2G 50M/sec6.2-stable/SMP 40-50 min Fast 2 Xeon @3GHz 3G130M/sec4.11-stable/SMP 8 min Is the difference in speed attributable to 4.11 being faster than 6.2? Close. The difference in speed is due to the compiler in 4.11 being faster than the compiler in 6.2. FreeBSD uses the gcc compiler, and between FreeBSD 4.11 and FreeBSD 6.2 that has been upgraded from 2.9 to 3.4. The general trend each time gcc is upgraded is that it takes 2x longer to compile code, but produces code which is 5% faster (as a result of working harder to find optimizations). FreeBSD 6.2 is faster than FreeBSD 4.11 for almost everything except compiling itself. :-) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSD derivatives
Bill Moran wrote: OpenBSD puts security higher on its list of project goals and motivating factors than any other OS I know. I disagree. I'd say that OpenBSD and FreeBSD put security in exactly the same place -- at the top of the list. I think the distinction to draw is that FreeBSD has a longer (albeit unwritten) list of project goals, with the effect that a smaller proportion of the development being done on FreeBSD is security-related; this may make it look like we care less about security, but it's really just a sign that FreeBSD is a larger project. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-update and kernel
Manolis Kiagias wrote: Well, after freebsd-update from my p4 system, uname continued showing p4 as well. Yes, this is because the update from 6.2-RELEASE-p4 to 6.2-RELEASE-p5 didn't modify the kernel. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fix this: The Regents of the University of California. Allrights reserved.
Ted Mittelstaedt wrote: what was historically done with BSD software is when someone wrote a piece of it they would sign over copyright rights to UCB which would immediately license the stuff under a license that basically revoked all rights that a normal copyright owner would have. The same thing is done these days with the FreeBSD Project. No. The FreeBSD Project does not take copyright assignments; in fact, since the FreeBSD Project does not legally exist, it isn't possible for the project to take copyright assignments. Where you see Copyright ... The FreeBSD Project, you're looking at a collective pseudonym, like Nicolas Bourbaki. Most copyright laws make provisions for authors to publish their work under a pseudonym without it having any effect on the copyright status of a work providing that the real author is identifiable. (This is not legal advice, I am not a lawyer, etc.) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Maple 10
Sandy Rutherford wrote: On Wed, 23 May 2007 you wrote: Wow, this is news to me. Did the Maple 10 installer work, or did you have to use linux to install and then copy the installed files across? No problem with the installer. It's java-based and I used the FreeBSD native version of jdk1.4.2. Hmm. Maybe it was 9.5 which I last tried -- I ran into problems with the installer saying hey, you're running FreeBSD. I have no idea what that is, so I'm going to refuse to install. I'll have to try this again some day and come bug you if I still can't get it to work. :-) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Maple 10
Sandy Rutherford wrote: I have been trying to get Maple 10 working on FreeBSD 6.2. With the patch to the kernel to add `linux_rt_sigpending', it works fine with the exception of the help command. Wow, this is news to me. Did the Maple 10 installer work, or did you have to use linux to install and then copy the installed files across? Colin getting tired of running Maple over ssh Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [FreeBSD 7.0-CUR/gcc 4.2/portsnap]: portsnap fetch reports illegal portsnap tag!
O. Hartmann wrote: Fetching snapshot tag from portsnap1.FreeBSD.org... Illegal instruction invalid snapshot tag. Is there anything wrong? I remember myself of issues with OpenSSL and gcc 4.2, so due to the calculation of the checksum this might cause the error. This is the OpenSSL/gcc42 bug being invoked when portsnap calls openssl to verify a signature. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what's up with portsnap?
[EMAIL PROTECTED] wrote: # portsnap fetch Looking up portsnap.FreeBSD.org mirrors... 3 mirrors found. Fetching snapshot tag from portsnap3.FreeBSD.org... done. Latest snapshot on server is older than what we already have! Cowardly refusing to downgrade from Thu May 10 10:42:40 EDT 2007 to Mon Apr 16 10:17:39 EDT 2007. That's really strange. And it doesn't happen for me. Is it possible that you have a misbehaving proxy which is caching a month-old snapshot? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Xorg 7.2.0 Release
Garrett Cooper wrote: Please be aware that the portsnap snapshot hasn't been updated yet to include the X.org 7.2 addition, if you use portsnap. Right now, portsnap is distributing half of Xorg 7.2. This isn't portsnap's fault; the portsnap buildbox CVSuped from cvsup-master in the middle of flz's commit. The rest should be available via portsnap in approximately 45 minutes. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security Patches using freebsd-update(8)
Guido Demmenie wrote: I'm really glad the FreeBSD team brought freebsd-update(8) in the base system. Now I can do my security patches with much less hassle. But i have one question about this great tool. When do I have to reboot? If in doubt, reboot. While there are obvious cases (e.g., you should reboot after applying a kernel security patch) it's almost impossible to give advice which will be correct for every situation. One item on my FreeBSD Update feature wishlist is to provide such guidance; there's a Google Summer of Code student working on FreeBSD Update who might have time to do this towards the end of the summer. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-update and locally modfied files
Zbigniew Szalbot wrote: Can you help me by suggesting what I need to do when I want to use freebsd-update fetch (FBSD 6.2) but get the following message: The following files are affected by updates, but no changes have been downloaded because the files have been modified locally: /etc/rc.d/jail Probably what happened is that you installed a patched FreeBSD (e.g., 6.2-RELEASE-p2) in which /etc/rc.d/jail was already updated. As a result of CVS modifying $FreeBSD$ tags when commits happen, this makes the /etc/rc.d/jail file which you get by installing from the source code very slightly different from what you get by using FreeBSD Update (since the FreeBSD Update patches are built before the CVS commits are done, this is unavoidable); consequently, FreeBSD Update doesn't recognize the file and thinks that you modified it locally. Now, I do not recall ever playing with jail. Anyway, how do I update the system (and keep changes to /etc/rc.d/jail (if any))? The easiest solution is to remove /etc/ from the UpdateIfUnmodified line in /etc/freebsd-update.conf and run freebsd-update again. Make sure that you add /etc/ back afterwards. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CVS tags
Josef Grosch wrote: I have been spending a lot of time building machines at work. Our engineers want to have the machine in question to have a specific version of FreeBSD, ie. FreeBSD 4.11-RELEASE-p11 for example. I have noticed that there is not a CVS tag for this in the tree. Is there a specific reason why we do not tag the tree for the patch levels? Yes; two reasons in fact: 1. Tagging the tree for every security update isn't feasible in CVS. 2. There is a branch available for RELEASE plus the all available security and critical errata fixes (RELENG_X_Y for X.Y-RELEASE), and you should never not install all available security and critical errata fixes. Colin Percival FreeBSD Security Officer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-update question
Angelin Lalev wrote: I have machine wich is build from sources (FreeBSD 6.2p3 , RELENG_6_2). Can I use freebsd-update on that machine straight away? Yes. If you made any changes to the source code before compiling, you may need to edit /etc/freebsd-update.conf (and in particular, the IgnorePaths and UpdateIfUnmodified directives). In the article that appears on top of google (http://www.daemonology.net/freebsd-update/binup.html), there is section about removing kernel counters, perllocal.pod etc. It's not clear for me if that step should be taken at server's or the client's side. That's done at the server side, as part of the process of building the updates. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Virally licensed code in FreeBSD kernel
Brett Glass wrote: There is a huge problem in that the CDDL is viral. It infects products with which it is combined. This is why zfs isn't part of GENERIC. We've distributed tainted kernel modules for a long time, and there's nothing wrong with that -- GPL/CDDL taint doesn't cross dynamic linking. Colin Percival ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
Robert Huff wrote: Check out Addonics, particularly the Saturn system. I have one of these: http://www.addonics.com/products/Saturn/aeschd.asp I recommend against buying anything from a company which (a) uses DES, (b) describes it as bullet proof protection, or (c) doesn't explain how they're using it (there are several methods for performing full disk encryption using a block cipher; some are better than others). Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Protsnap won't fetch updates
[EMAIL PROTECTED] wrote: I've installed portsnap and setup the conf file, but when I run it with the fetch command, it always says I have the latest snapshot [...] The /usr/ports/UPDATING file never gets updated, so I know it's not working! Any suggestions? You might be running a very old version of portsnap. Uninstall portsnap and install the version from the ports tree which you downloaded. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Linux equivalent to freebsd
[EMAIL PROTECTED] wrote: We are running in a situation where a customer needs Zend platform 3 (http://www.zend.com/products/zend_platform) which won't be available for freebsd until the end of the year... Have you tried the linux emulation layer? Could you recommend a distribution you are using in production, we've check ubuntu, fedora and Debian, but I wonder what freebsd users recommend... I recommend FreeBSD. :-) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: error fetching signatures
Zbigniew Szalbot wrote: I am using 6.2 release and it is second time the system cannot fetch updates signature. etching updates signature... fetch: http://update.daemonology.net/i386/6.2/updates.sig: Not Found Error fetching updates What's the exact command you ran? What does `uname -r` say? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: error fetching signatures
Zbigniew Szalbot wrote: etching updates signature... fetch: http://update.daemonology.net/i386/6.2/updates.sig: Not Found Error fetching updates What's the exact command you ran? What does `uname -r` say? 6.2-RELEASE I must have set up something long ago because until your email I was sure it was part of the OS functionality (the email came from Charlie Root). Ah, I see what's going on now. You had FreeBSD Update installed from the ports tree, and then you upgraded the system to FreeBSD 6.2. As you say, FreeBSD Update is now part of the FreeBSD base system; so you can uninstall the port (pkg_delete freebsd-update-\*). I am ashamed but I do not recall typing any commands. Have inspected crontab but not seeing any entries there either. Have you looked in /var/cron/tabs/root ? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-update
eoghan wrote: Hi I am trying to run the freebsd-update, so as root I do: /usr/local/sbin/freebsd-update fetch And I get: Fetching public key... fetch: http://update.daemonology.net/amd64/6.1/pub.key: Not Found Updates aren't being built for amd64 for the version of FreeBSD Update in the ports tree. If you upgrade to FreeBSD 6.2, you can use the version of FreeBSD Update which it contains (for which amd64 updates are being built). Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem upgrading from 6.1-RELEASE to 6.2-RELEASE
Amarendra Godbole wrote: Fetching metadata index... done. Fetching 1 metadata patches. done. Applying metadata patches... done. Fetching 1 metadata files... failed. Is this because of a connectivity issue on my end, or some issue with update1.freebsd.org? I don't see any connectivity issues from my side though. Thanks in advance. The server has rebooted a couple of times in the past week (I needed to upgrade it, too!) so it's possible that you were just happened to hit the window when it was inaccessible. Aside from that, I haven't seen any connectivity problems -- but the internet being as unreliable as it is, it's entirely possible. FWIW, no files are installed until after everything is fetched, so if the downloading fails, you can always try again. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how much space does freebsd-update need for the workdir?
Jay Chandler wrote: lveax wrote: i have upgraded to 6.2. i notice there is a new tool freebsd-update. where i can find the freebsd-update mirror server list? The FreeBSD Update client does that automatically, using DNS SRV magic. and how much space does it need? That depends upon how many security updates are issued. Hopefully not much space. :-) More seriously, the /var/db/freebsd-update/ directory holds the new and old versions of any files which are updated, in order to allow you to rollback security updates (not that I ever expect this to be necessary). As a wild guess, I'm going to say that this is likely to add up to about 20MB/year. On a related note, I already have the freebsd-update port installed. Should I uninstall it and use the one that's part of the OS, or keep going as I've been doing? Uninstall the port. The new FreeBSD Update code in the base system is much better. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: is THIS why the 6.2 release seems stalled ?
Nikolas Britton wrote: I don't have time to contribute work, I have a business to manage as well as other obligations that come first... I need this stuff to just work... so I can get real things done. In other words, you want us to hurry up and do more unpaid work, so that you can make more money? Colin Percival PS. http://www.freebsd.org/donations/ PPS. http://www.freebsdfoundation.org/donate/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: stop a freebsd server from responding to pinging?
Chuck Swiger wrote: On Nov 30, 2006, at 10:55 AM, Wasp King wrote: 1. How do I stop others from port scanning a server? Marcus Ranum suggests using wirecutters on the ethernet cable. If the server is internet-reachable, then it can be port-scanned. Considering that many systems these days have 802.11 hardware, I'd also suggest applying wirecutters to the power cable. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 'seq' at a BSD-like OS?
Soo-Hyun Choi wrote: If I'm at a Linux machine, I can use 'seq'. (Okay, everyone knows it.) But when I'm at a BSD-like OS, I can't find 'seq' from the coreutils. The program you're looking for is called jot. I have no idea why Linux distributions get the name wrong. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD UFS vulnerability: Is NIST off its medication, or am I missing something?
Bill Moran wrote: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824 Following the links around, it seems that you would have to mount a corrupt or malicious filesystem in order to exploit this vulnerability. Yes, NIST claims there is no authentication required to exploit? Are new versions of FreeBSD suddenly allowing unauthenticated users to mount filesystems by default? If so, something's wrong with my 6.1 workstation! It seems like this is the 2nd or 3rd vulnerability I've seen that's been blown out of proportion by NIST, or am I missing something? CVE names are assigned, and NIST creates an entry in its database, whenever someone claims that a security problem exists; their purpose is to provide a consistent name for whatever people are talking about, not to decide what exactly constitutes a security issue (as I explained in my BSDCan'06 paper, different vendors have many different policies about what constitute security issues). In this case (and another very similar bug found by the MoKB people), the FreeBSD security team has no intention to handle the bug as a security issue; obviously this is a kernel bug and deserves to be fixed, but no more so than any other kernel bug, and in fact this bug seems far less important than most. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap mirrors not being updated (?)
martinko wrote: I've seen the following for around last two days: Looking up portsnap.FreeBSD.org mirrors... 2 mirrors found. Fetching snapshot tag from portsnap1.FreeBSD.org... done. Latest snapshot on server matches what we already have. No updates needed. Is something going on with portsnap's mirror building ? Two problems happened almost simultaneously, actually: 1. Due to some chaos surrounding the relocation of the main FreeBSD.org cluster, the portsnap builds stopped for about 20 hours. They're running again now, but will probably stop on Monday as the FreeBSD.org cluster continues its relocation. (On the positive side, nobody can commit to the ports tree while the cluster is in transit, so portsnap users won't be missing anything at this point.) 2. One of the portsnap mirrors, portsnap1.freebsd.org, is not updating at the moment; I've sent an email to the administrator of this server asking him to investigate. Until it starts updating again (most likely a matter of hours), you can force portsnap to use the other mirror: # portsnap -s portsnap2.freebsd.org fetch Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd-update vs. make buildworld
Paul Schmehl wrote: I use both methods; freebsd-update when I'm using a GENERIC kernel with no changes and the traditional method when the source has been altered, the kernel is customized or the processor is not supported under freebsd-update. FWIW, the version of FreeBSD Update which is now in the base system (starting with 6.2-BETA1) supports upgrading the world, kernel, and source code separately, so on systems with custom kernel configurations you'll be able to use FreeBSD Update to update the world + source code and then only rebuild the kernel. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: clean old portsnap snapshots?
Joe Auty wrote: What is the best mechanism for deleting old portsnap shots to free up some space? Or, is this supposed to be handled automatically? It should be handled automatically. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using external USB2.0 HDD for backup
Toomas Aas wrote: Does anyone have good experience using external USB 2.0 HDD for backup with FreeBSD 6? Yes. I have a 250GB Seagate drive inside a Vantec NexStar3 USB enclosure and it works quite well -- the performance is slightly worse than the raw drive specs, but at 25 MB/s transfer rate it's certainly good enough for backups. More details: http://www.daemonology.net/blog/2006-01-28-vantex-nexstar3.html Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Bill Moran wrote: This report seems pretty vague. I'm unsure as to whether the alleged bug gives the user any more permissions than he'd already have? Anyone know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. VI. VENDOR RESPONSE The policy of the FreeBSD Security Team is that local denial of service bugs not be treated as security issues; it is possible that this problem will be corrected in a future Erratum. If there was any potential for (a) privilege escalation, (b) disclosure of potentially sensitive information, or (c) denial of service by a non-authenticated attacker, we would have issued a security advisory. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Bill Moran wrote: Colin Percival [EMAIL PROTECTED] wrote: This is a local denial of service bug, which was fixed 6 weeks ago in HEAD ^^^ That was what I expected. Section III seems to hint that it could be used by an unprivilidged user to crash or lock a system. Yes. An unprivileged user who is able to execute code on an affected system can cause a kernel panic. There are a variety of reasons for not treating bugs like this as security issues; the strongest reason imho is that if one of your users is making a system crash, you can disable his account and call the police. BTW, are you going to be at NYCBSDCon? No -- I only go to conferences if I have a paper to present. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl
Bill Moran wrote: Can anyone define exceptionally large as noted in this statement?: NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by prohibiting the use of exceptionally large public keys. It is believed that no existing applications legitimately use such key lengths as would be affected by this change. It would be nice if exceptionally large were replaced with keys in excess of x bits in size or something. I don't expect that this will affect me, but ambiguous statements like that make me uncomfortable. DH and DSA are limited to 1 bits. RSA is limited to 16400 or 4112 bits depending upon whether the public exponent is less or more than 72 bits. I wouldn't have allowed this change into the security branches if I was not very very confident that no applications would be affected by this. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb -Uu
ke han wrote: I am using portsnap fetch portsnap update to sync my ports tree on FreeBSd 6.1...it seems it maintains an index when I run update. Yes. I am used to using: portsversion and portsupdate to upgrade ports...in this method I have also used portsdb -Uu to rebuild an index anytime prior to running these commands...yes portsdb takes a while and I've always wondered if this is necessary prior to running any of these commands.. portsdb -Uu does two things: 1. It rebuilds the ports INDEX. This is done by portsdb -U and takes a long time. 2. It rebuilds the ports INDEX.db database. This is done by portsdb -u, takes only a few seconds, and is done automatically when you run portupgrade if the database is out of date. So my question is: Is the index being maintained by portsnap the same or a replacement to that used by portupgrade? Do I have to maintain both sets of indexes in order to use portsupdate?? The ports INDEX file generated by portsdb -U is the same file as portsnap generates. Since the INDEX.db database is generated automatically, this means there is no need to run portsdb between running portsnap and running portupgrade. My standard ports update/upgrade procedure is: portsnap fetch portsnap update pkg_version -vIL= # this is equivalent to portversion -vL= portupgrade -a Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Automatic Script for /usr/src security updates
Chris Maness wrote: Is there an application that can be triggered by security advisory e-mails, or the like, to automatically do cvsup and rebuild the system? I know that would probably be a little difficult with the mergemaster command. I know that someone has written a script which parses security advisories; but it sounds to me like you're really looking for FreeBSD Update. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: RSSreader: Recommendations Sought
Marc G. Fournier wrote: 'k, what port is this in? :( I just searched all the kde ones I know about, and can't find it ... I think Jonathan probably meant akregator, which is part of kdepim. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: binary upgrade issues
John Rogers wrote: /boot/kernel/aic.ko ... /boot/kernel/zlib.ko It looks like lots of kernel modules weren't installed (or, more likely, were installed but glitched when the system rebooted). If you don't expect to use any of these modules, it's probably safe to ignore this; otherwise, you'll have to upgrade those to 6.1. Given that you've now upgraded your world to 6.1, I don't know if it will be safe to revert back to a 6.0 kernel in order to re-run the upgrade script, though, so I'm not sure exactly what to recommend. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: binary upgrade issues
John Rogers wrote: Before I saw your reply, I just manually created those old-index etc by following upgrade.sh, and ran the rest of the upgrade.sh from the Removing schg flag from existing files... part. After that I have ran portupgrade, portsnap etc, and so far don't see problem. Do I still need to go back to 6.0 and run upgrade.sh? You're probably ok, but there's a chance that you managed to not upgrade all the binaries on the system. I recommend running `freebsd-update IDS`; this will tell you which files, if any, don't match the versions shipped with the release. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap oddities
Gary Newcombe wrote: I'm getting the following error when I use portsnap lately on one of my servers: [snip] Fetching 2 new ports or files... gunzip: stdin: not in gzip format snapshot is corrupt. I have now removed /var/db/portsnap and started from scratch 3 times. This fixes the problem, but a few days later, I get the same story. I haven't had any problems on any of the other servers (although they have older kernels), so I'm guessing this could be a problem with portsnap from this kernel build or it's related to something else. First, the obvious thing to check: Are you running out of disk space on /var ? Second, please run 'portsnap --debug fetch' and send me the output; this will give me a chance of identifying the problem. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap oddities
Gary Newcombe wrote: Fetching 2 new ports or files... /usr/libexec/phttpget portsnap1.FreeBSD.org f/ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd.gz f/ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3.gz http://portsnap1.FreeBSD.org/f/ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166 564e61666d059f1b8fd.gz: 200 OK http://portsnap1.FreeBSD.org/f/ad3d51001a264245eab5894cece6c902d073841143e9f fc7ee8379948a44aae3.gz: 200 OK gunzip: stdin: not in gzip format snapshot is corrupt. Strange. I've checked on portsnap1.freebsd.org, and those files are definitely intact. Are you using an HTTP proxy? It's possible that it might have cached a broken version of those files. Could you look in /var/db/portsnap and tell me how large those two files are? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project v1.0
User Freebsd wrote: 'k folks ... the quick and dirty .. actually, not too dirty ... The attached script [...] Can you make this into a port which users can install? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap oddities
Gary Newcombe wrote: Yes, nail on the head methinks. This server is behind a proxy and portsnap works fine with it disabled. With combination of advproxy, havp and privoxy: [mesh:/var/db/portsnap]# l *[3d].gz -rw-r--r-- 1 root wheel64B 5 Aug 12:51 ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd.gz -rw-r--r-- 1 root wheel64B 5 Aug 12:51 ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3.gz Without: [...] Fetching 2 patches... [...] done. Applying patches... done. Fetching 0 new ports or files... done. [mesh:/var/db/portsnap]# l *[3d].gz -rw-r--r-- 1 root wheel64B 5 Aug 13:32 ad06d1f7b82db9ebcb496e7d48a754932622f1c8d6166564e61666d059f1b8fd.gz -rw-r--r-- 1 root wheel64B 5 Aug 13:32 ad3d51001a264245eab5894cece6c902d073841143e9ffc7ee8379948a44aae3.gz So the files did seem to be intact initially anyway? Everything seems to be working fine now. You can delete those two files; they were left behind because I forgot to handle the case of 'file download failed, portsnap gets run again, and then patch download succeeds'. The correct versions of the files are stored in the /var/db/portsnap/files/ directory. Just clearing the cache for the proxy didn't seem to solve the problem btw. It's possible that your cache gets confused by pipelined HTTP. It wouldn't be the first time that has happened... Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: **SPAM** binary upgrade issues
John Rogers wrote: Hi, I was upgrading following Colin's FreeBSD 6.0 to FreeBSD 6.1 binary upgrade http://www.daemonology.net/freebsd-upgrade-6.0-to-6.1/ but it failed. I installed freebsd 6.0 release and only used Colin's freebsd-update to updae before. There is plenty of free space on that partition. What do you advise me to do to finish the upgrade? Based on what you pasted below, I suggest 1. Figure out why /usr/bin/gdbtui can't be read. In particular, make sure your hard drive isn't dying. 2. The error which made the script terminate is either due to a dying hard drive or a network problem which made it impossible to fetch some files. Re-run the script; it won't bother fetching files which it already has. Note that at this point all the script has done is to examine your system and download files; it won't start actually upgrading anything until it makes sure that it has all the files it needs. :-) I also wonder why these binary update and upgrade are not legitimized in the freebsd core distribution. An important reason why linux is used by more is its easy update solution similar to Microsoft's Windows Update. Sure make world is fun especially to developers. But providing easy update and upgrade tools in addition will attract a large user base who just need a stable and easy to use operation system - and many of them can be companies who can be potential donors to the freebsd project. So the effort to this path will be well rewarded. We're moving in that direction. Everything starts out by being experimental before becoming officially supported and endorsed. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: binary upgrade issues
Oops, I forgot to edit the subject line before hitting 'Send' -- for some reason, SpamAssassin thought that John's original email needed to be marked as **SPAM**. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: binary upgrade issues
John Rogers wrote: Installing new kernel into /boot/GENERIC... done. Moving /boot/kernel to /boot/kernel.old... done. Moving /boot/GENERIC to /boot/kernel... done. Removing schg flag from existing files... Then my connection to the server froze and I found the server rebooted itself. After login I found it was 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 04:32:43 UTC 2006. Don't know why it rebooted, and my concern it: had it finished upgrading? Probably not. I looked into the upgrade.sh and found it should continue working on files referred in old-index, new-index-nonkern, new-index. However none of these files were found in the directory. Also I am worried whether the schg flags were recovered. How can I check these? Sounds like a generic case of 'system crashed and recently created files weren't written to disk yet'. I'm really suspicious of the hardware here, but I'd suggest 1. mv /boot/kernel /boot/kernel.new 2. mv /boot/kernel.old /boot/kernel 3. reboot (back into 6.0-RELEASE) 4. Run the script again and hope that it manages to finish installing everything this time. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gotta start somewhere ... how many of us are really out there?
User Freebsd wrote: On Sun, 30 Jul 2006, Colin Percival wrote: Approximately 15000 portsnap snapshots (i.e., /var/db/portsnap or /usr/local/portsnap directories) are being kept updated on systems which send HTTP requests to portsnap*.freebsd.org. Of these, about 4300 are running FreeBSD 6.0, 4500 are running FreeBSD 6.1, 2400 are running FreeBSD 6-STABLE, 300 are running FreeBSD 5.5, and the remaining 3500 are using copies of portsnap installed from the ports tree (presumably on earlier FreeBSD releases, since the portsnap port won't install if portsnap is already part of the FreeBSD base system). 'k, *this* sounds like it might be perfect ... would it be possible to get a copy of the portsnap logs to see about setting up some sort of auto-parse? Maybe setup some statistics and graphs? You mean something like http://www.daemonology.net/portsnap/stats.html ? BTW, is portsnap meant to replace cvsup, or ... ? Or are we still only getting half the picture if we look at portsnap only? There are still a lot of people (particularly on pre-6.0 systems) who are using CVSup rather than portsnap for updating their ports trees. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gotta start somewhere ... how many of us are really out there?
Alex Zbyslaw wrote: Counting portsnap and cvsup accesses is non-intrusive - i.e. nothing sent from local host - will count systems from any version of FreeBSD, but will never count everything because sites with multiple hosts may easily have local propagation mechanisms. But you will get an order of magnitude. However, how do you deal with systems with variable IPs? For the portsnap usage statistics, I'm measuring how many days of updates were downloaded per day. In the long run this will be equal to the number of systems using portsnap, whether they update daily or monthly, and whether they have a fixed IP address or a different IP address every time. The only problem I've seen with this method is that it is rather sensitive to holidays: There is a dip in measured portsnap usage in late December, folllowed by a sharp spike in early January before the measured usage returns to normal, since many systems were not being updated over the Christmas holiday, and then suddenly needed to catch up in early January (and since they were downloading several weeks of updates, they each looked like several machines). Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gotta start somewhere ... how many of us are really out there?
User Freebsd wrote: We can also collect the access information of the cvsup server and portsnap server, can't we? What does that give? Approximately 15000 portsnap snapshots (i.e., /var/db/portsnap or /usr/local/portsnap directories) are being kept updated on systems which send HTTP requests to portsnap*.freebsd.org. Of these, about 4300 are running FreeBSD 6.0, 4500 are running FreeBSD 6.1, 2400 are running FreeBSD 6-STABLE, 300 are running FreeBSD 5.5, and the remaining 3500 are using copies of portsnap installed from the ports tree (presumably on earlier FreeBSD releases, since the portsnap port won't install if portsnap is already part of the FreeBSD base system). Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: after i upgraded 6.0 to 6.1, do i need to rebuild all of the ports i installed?
lveax wrote: after i upgraded from freebsd5.4 to 6.0 in 2005,i got some error when run a part of installed ports was installed in version 5.4,until a committer tell me to rebuild all of my ports. now i want to upgrade from 6.0 to 6.1 do i need to do this? No. This is what a stable branch means -- you can upgrade from 5.x to 5.x or from 6.x to 6.x without rebuilding everything, but when you upgrade from FreeBSD 5.x to FreeBSD 6.x you have to rebuild. i have already got the source tag: RELENG_6_1 use cvsup,and i will use it to upgrade to 6.1,is it right? You can do that, or you could instead use the binary upgrade script which I posted to freebsd-stable about earlier today: http://www.daemonology.net/freebsd-upgrade-6.0-to-6.1/ Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FBSD 4 series
Bill Moran wrote: Anish Mistry [EMAIL PROTECTED] wrote: http://security.freebsd.org/ You should be transitioning to 6.x now/soon. ??? 4.11 will be supported for another 18 months. Last time I looked at my calendar, January 31st, 2007 was only 7 months away. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD-SA-06:17.sendmail : sendmail/src/mime.c:106: error: number of arguments doesn't match prototype
Rene van Hoek wrote: While applying security advisory FreeBSD-SA-06:17.sendmail, the compilation of sendmail stops with error code 1. In applying the patch, it gives me some failures. Some hunks failed. When I continue with the compile, it stops while compiling contrib/sendmail/src/mime.c: on line 106. It looks like you haven't applied the patch from FreeBSD-SA-06:13.sendmail yet. You have to apply that patch before you can apply the patch from this latest advisory. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hardware
horn wrote: Whether it will be installed FreeBSD 6.1-RELEASE and whether after will work on a computer: Proc: Pentium 75 MHz Menory: 16 MB RAM HDD: 1.2 Gb ? Not unless you do build a custom kernel first. I couldn't get FreeBSD 5.4 to boot a GENERIC kernel on a system with 16 MB of RAM (until I added another 16 MB), and FreeBSD 6.1 will need at least as much. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: transfer speed of USB on a Dell PE2650
Jon Falconer wrote: I thought that an external USB hard drive would make a good backup device. So I did some trial file copies. Even though the servers USB ports are USB2.0 and the hard drive enclosure is USB2.0 I was getting a little less than 1MByte per second of throughput. I do have the ehci device as well as uhci and ohci configured into the kernel. But looking at the boot messages I do not see that it finds an ehci device, only an ohci. Has anyone gotten a full USB2.0 throughput on Dell PowerEdge server hardware? I haven't used Dell servers, but I've gotten 25MB/s to a USB-attached hard drive on a Dell laptop, so at least some Dell hardware works. :-) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kern.ngroups == num. process groups ?
Duane Whitty wrote: I saw a reference to kern.ngroups on this list and didn't know what it meant. I decided to peek at the source and it seems to me that it is the number of process groups. Is that correct? No, kern.ngroups is the maximum number of groups to which a user can belong at the same time. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD Security Survey
Dear FreeBSD users and system administrators, While the FreeBSD Security Team has traditionally been very good at investigating and responding to security issues in FreeBSD, this only solves half of the security problem: Unless users and administrators of FreeBSD systems apply the security patches provided, the advisories issued accomplish little beyond alerting potential attackers to the presence of vulnerabilities. The Security Team has been concerned for some time by anecdotal reports concerning the number of FreeBSD systems which are not being promptly updated or are running FreeBSD releases which have passed their End of Life dates and are no longer supported. In order to better understand which FreeBSD versions are in use, how people are (or aren't) keeping them updated, and why it seems so many systems are not being updated, I have put together a short survey of 12 questions. The information gathered will inform the work done by the Security Team, as well as my own personal work on FreeBSD this summer. If you administrate system(s) running FreeBSD (in the broad sense of are responsible for keeping system(s) secure and up to date), please visit http://people.freebsd.org/~cperciva/survey.html and complete the survey below before May 31st, 2006. Thanks, Colin Percival FreeBSD Security Officer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Find the Date a Port Was Installed
Jeff Cross wrote: Is it possible to determine which ports weren't upgraded so I can deal with them manually or is it possible to show the install date for all ports? If I can pull the install date for all of them I can see which ones are older than today and deal with them individually. # stat -f %Sm %N /var/db/pkg/*/+COMMENT | cut -f 1,5 -d / | tr -d / Replace %Sm with %m if you want the install dates as seconds-since-epoch. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD-Update and 6.1
Matt Bostock wrote: Understood; but Colin Percival (freebsd-update's author) does publish upgrade guides on his website for upgrading from one version to another (daemonology.net). I will be publishing a similar guide (and maybe a shell script which automates some of it...) for upgrading 6.0 to 6.1 in the near future. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Estimated EoL for 6.1-Release
Kenneth Bond wrote: As per the security advisories page on the FreeBSD website, the 6.1 release is to be supported by the security officer for a period of 24 months, yet it is listed as a Normal release Oops. indicating a 12 month security support period. Is this correct? Branch Release Type Release Date Estimated EoL RELENG_6_1 6.1-RELEASE Normal May 9, 2006 May 31, 2008 Once the web site rebuilds, it will be correctly listed as an Extended release. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why do I have to keep doing portsnap extract?
Peggy Wilkins wrote: On 5/4/06, Colin Percival [EMAIL PROTECTED] wrote: Do you have a .portsnap.INDEX file in your ports tree? Yes; I don't know if it was there before I ran portsnap today, though. -rw-r--r-- 1 root wheel 1230186 May 4 16:39 .portsnap.INDEX Does 'portsnap update' work now? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portupgrade
Arno Schleich wrote: portugrade -a results in a repetitive rebuild of the package database whenever the database is accessed. [Updating the pkgdb format:dbm_hash in /var/db/pkg ... Inappropriate file type or format - /var/db/pkg/pkgdb; rebuild needed] [Rebuilding the pkgdb format:dbm_hash in /var/db/pkg ... - 435 packages found (-0 +435) You probably recently upgraded from FreeBSD 5.x to FreeBSD 6.x: http://www.daemonology.net/blog/2006-04-14-portupgrade-errors.html Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why do I have to keep doing portsnap extract?
Peggy Wilkins wrote: On 5/4/06, Jason Morgan [EMAIL PROTECTED] wrote: Did you run `extract' after your original `fetch'? Yes, I did; I followed the instructions exactly. I ran portsnap for the first time a couple weeks ago after which I successfully did a bunch of portupgrades. Then the ports tree sat there on my disk untouched for a couple of weeks until I ran portsnap fetch update today. For some reason it insisted that I needed to run extract when as far as I can tell that shouldn't have been necessary. Do you have a .portsnap.INDEX file in your ports tree? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap question
Jon Falconer wrote: Is there a utility that whould show what ports will be updated from the current fetched files? The man page does not indicate that there is a show what would happen but don't do it option. I'm not sure why you would want to do this, but sort /var/db/portsnap/INDEX | comm -3 - /usr/ports/.portsnap.INDEX | cut -f 1 -d '|' should output the files/directories being added and removed in the 1st and 2nd columns respectively. (Something which is modified will appear in both columns, of course.) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: When 5.5-stable?
Gary Kline wrote: PS: Any big gotchas in goingfrom 5.5 - 6.1??? Kris? Anybody?? -g I haven't upgraded any systems from 5.5 to 6.1, but going from 5.4 to 6.0 there wasn't anything major. The three points which were non-trivial are 1. Addition of _dhcp user and group, 2. ABI differences mean that everything installed from the ports tree should be rebuilt, and 3. Portupgrade gets confused due to database format changes, do you should run `portupgrade -fR portupgrade` before portupgrading anything else. More details: http://www.daemonology.net/freebsd-upgrade-5.4-to-6.0/ Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /boot at beginning of drive
Brendan Grossman wrote: Here is my reason for separating /tmp and mounting it noexec,nosuid: http://www.sagonet.com/forums/showthread.php?t=2852 Quoth mount(8): noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. Note: This option was not designed as a security feature and no guarantee is made that it will prevent malicious code execution; for example, it is still possible to execute scripts which reside on a noexec mounted partition. Mounting /tmp as noexec causes perfectly good code to gratuitously fail, while providing no real security improvement. Colin Percival FreeBSD Security Officer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap DOESN'T WORK
Andrew Pantyukhin wrote: BTW, I didn't want to bother you, but I've had a similar problem on a very slow link. Portsnap tends to time out (in spite of the download is in progress, bytes are coming - just very slowly) and says that something is corrupt. I think time outs should be tuned. What does portsnap --debug fetch report? Are you using a proxy? Which part is timing out, downloading the initial snapshot tarball or downloading lots of patches? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Noise On Screen
Jeff Molofee wrote: If I enable cups or webmin, I get a small line of random graphics across the top of my screen. The line does not affect the system stability, but it's extremely annoying. It takes up anywhere from 10 to 20 lines of my display, and displays random colors from red, green, blue to purples and yellows. [...] Has anyone else experienced this? Is there a fix? I don't mind not having webmin, but cups is fairly important. I see the same thing when I switch between ttyv0 (text mode) and ttyv8 (X11), but it goes away when the afflicted windows are redrawn. While you're running cups, could you switch through consoles ttyv0 -- ttyv7 and see if there's anything similarly garbaged on them? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap DOESN'T WORK
Wojciech Puchar wrote: [EMAIL PROTECTED] portsnap fetch [...] Fetching 4 metadata files... /usr/sbin/portsnap: cannot open 4ad98b45a8fb7f262971491949ddd63be3fa066a31d5d09d53a9eddff3276698.gz: No such file or directory metadata is corrupt. tried cleaning /var/db/portsnap completely too. it fetched all data first and then got the same exactly what's wrong? What does portsnap --debug fetch report? Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pow function working unexpectedly
Andy Reitz wrote: So, clearly, something is optimizing the pow() function away when the arguments are hard-coded lvalues, instead of varibles. Now, what that thing *is*, I don't know. The C compiler precomputes constant expressions; your pow(2,3) is being rewritten to 8 by the compiler. Similarly, if you write 1 + 2 / 3 + 4 * 5 - 6, the C compiler will turn this into 15 rather than producing a series of instructions which computes the expression. When you reference variables, this optimization isn't possible, since those variables might be modified before you reach the line where they are used. (Obviously this doesn't happen in your program, but the compiler isn't smart enough to figure that out.) Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap FAILS! (why?!)
Wojciech Puchar wrote: [EMAIL PROTECTED] portsnap fetch Looking up portsnap.FreeBSD.org mirrors... using portsnap2.FreeBSD.org. Fetching public key... failed. Usually this is due to network problems. If you run # portsnap --debug fetch it will probably show you what the problem is. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Small Laser Printers
Robert Uzzi wrote: Any one using a current small laser printer that cost's in the 100 to 200 dollar range. I've been looking at several to print Invoices on but I keep running in circles trying to figure out if they will work. If you got something in that range to work which one? I bought a Brother HL-2070N two weeks ago for C$183 (about $150US). It is fast and produces good quality output, but getting it working in the first place was a bit difficult -- see http://www.daemonology.net/blog/2006-03-17-brother-hl-2070n.html for more details and the instructions which worked for me. Now that I've written down the instructions for setting it up, I have no hesitation in recommending this printer. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail patches
David Kirchner wrote: The patches listed in the recent advisory about sendmail don't currently exist on the FTP server. Does this mean: a) They're just not there yet. b) They were there, but they were taken down because of some problem with them. They're just not there yet. ftp.freebsd.org mirrors from ftp-master.freebsd.org; the files are on ftp-master, but they apparently haven't been mirrored yet. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 6.0 - SMP Generic Kernels via freebsd-update
Kenneth Bond wrote: I am trying to confirm whether or not Generic SMP kernels for FreeBSD 6.0-RELEASE are offered via freebsd-update, as they were with 5.3-RELEASE, 5.4-RELEASE, etc. Basically does the procedure described at the URL below work for the 6.0-RELEASE? http://lists.freebsd.org/pipermail/freebsd-security/2005-June/002975.html Yes. Starting with 6.1-RELEASE, this sort of ugly hack should be unnecessary, since SMP kernels are going to be distributed as part of the release. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to upgrade portsnap in freebsd 6.0?
Steve P. wrote: pkg_delete worked, as confirmed by pkg_version does not show it anymore. However, when I attempt to make install it from ports, I get this: # make install === portsnap-1.0 portsnap now contained in the base system. *** Error code 1 Any idea? # /usr/sbin/portsnap fetch update As the error message indicates, portsnap is now contained in the base system. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap failing
Ceri Davies wrote: On 23/2/06 11:33, Ashley Moran [EMAIL PROTECTED] wrote: Updating from Wed Feb 15 08:30:17 GMT 2006 to Thu Feb 23 10:20:03 GMT 2006. Fetching 3 metadata patches.. done. Applying metadata patches... done. Fetching 3 metadata files... /usr/sbin/portsnap: cannot open f1777c019669546744ef448c17531bdd125884253a6bf4b73f6e77001d7a0b12.gz: No such file or directory Go on, humour me and run that bad boy with -x! sh -x /usr/sbin/portsnap fetch Even better, throw in the --debug flag as well: sh -x /usr/sbin/portsnap --debug fetch Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portsnap
Gerard Seibert wrote: I just started using 'portsnap' on my FreeBSD 5.4 PC. If I were to run cvsup again, and perhaps 'portsdb -Uu' would that cause a problem if 'portsnap' were run again? Would I have to run the extract command again to initialize the ports tree? If you run CVSup, you'll make some changes to the tree -- updating some ports, and probably adding and removing others. When you next run portsnap, it will look at its index of what is supposed to be in the existing ports tree, and re-extract all the ports which it thinks have been modified. In the end, portsnap will have done more work than necessary, and in the unlikely scenario that a port was added and then removed between the two runs of portsnap you'll end up with an orphaned port directory left behind; but nothing catastrophic will have happened. Running `portsdb -Uu` will have no ill effects at all: Portsnap will overwrite the INDEX files with new versions it builds, while portsnap will (as usual) ignore the INDEX.db file entirely. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portsnap
Chris wrote: I contacted the dev and he confirmed the ports version is old so I guess the ports maintainer needs to update it until that is done I dont reccomend it for 5.3 and older. *cough* Yes, the maintainer of the sysutils/portsnap port should update it. The maintainer of the misc/bsdiff port should update that one, too. *cough* For now, people using the portsnap port can get the same performance as the version in the base system provides by passing the undocumented -x option to portsnap. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsnap: corrupt snapshot?
Justin Meyer wrote: I'm doing a portsnap fetch here, and getting the following error: [snip] Can anybody tell me what's going on here, or how to fix it? Some files didn't get uploaded from the machine which performs the portsnap builds to the mirrors due to a network outage (note to self: I need to handle problems like this better!) I've manually copied the missing files into the appropriate places and everything should be working again now. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel forces machdep.hlt_cpus, how to change?
Walter Hop wrote: I'm testing out FreeBSD 6.0R on a Dual Xeon. I want to do some benchmarking of hyperthreading before I put this machine into use, so I am trying to turn off the HLTing of logical cpu's. Read FreeBSD-SA-05:09.htt : ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc and then, if you don't have any local untrusted users, consider setting machdep.hyperthreading_allowed=1 in /boot/loader.conf. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Obtaining an @freebsd.org email address.
Kevin Brunelle wrote: Does anyone know what the requirements for a freebsd.org email address are? Except in very unusual circumstances, @freebsd.org email addresses are only available to committers. I have read the following from the porter's handbook ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/keeping-up.html ) If you wish to use FreshPorts, all you need is an account. If your registered email address is @FreeBSD.org, you will see the opt-in link on the right hand side of the webpages. For those of you who already have a FreshPorts account, but are not using your @FreeBSD.org email address, just change your email to @FreeBSD.org, subscribe, then change it back again. I have no idea what this quote is trying to say, so I don't think I can clarify it for you. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pkgdb format
Mark Ovens wrote: After reading this thread, I killed the upgrade, deleted INDEX-6, INDEX-6.db, and pkgdb.db; rebuilt pkgdb.db using `pkgdb -u' and re-ran `portupgrade -af' It started off OK (using dbm_hash) but after a couple of hours it had started continually rebuilding pkgdb.db. Anyone else got any ideas? I had exactly the same problem during portupgrading after a 5.4-6.0 base system upgrade until I did a `portupgrade -fR portupgrade`, at which point it stopped (and has been fine ever since). I have no idea what the problem is or why this would fix it, but you might like to try this and see if it helps. Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]