Re: 9.1 permissions in the / directory
On Wed, Nov 14, 2012 at 05:12:59PM -0500, Joseph Mays wrote: Have a recently set up 9.1 RC1 system. Someone (not me, just sayin') did a chmod 600 in the / directory. Needless to say this caused numerous problems. I tried to change them back as best I could by comparing them to an older directory, but some things are still not right. Trying to log in, via either console or ssh as anyone other than root. Ssh gets: %ssh mays@[redacted] Password: Last login: Wed Nov 14 15:50:37 2012 Could not chdir to home directory /home/mays: Permission denied /bin/tcsh: Permission denied Connection to [redacted] closed. % followed by a disconnect. Console complains about the /home/user directory not being there (though it is and the permissions look normal), says it's logging in with slash instead, then says /bin/tcsh: no such file or directory, though /bin/tcsh is there and permissions look fine. I'm attaching a screenshot of the message log that shows up on console logins. So, two questions. What is causing the problem, and does anyone have anything that shows what the normal / directory permissions for 9.1 RC1 should look like? First, login fails to read the user's home directory, because the permissions on either /usr or /home (depending on whether your /home is a directory, or a symlink to /usr/home) don't allow it to see any contained files or directories, even though, from what you say, all contained files and subdirectory permissions are correct. It then attempts to fall back to using / as an emergency home for this session, but then fails to find /bin/tcsh, because the permissions on /bin prevent it from seeing anything it contains. Second, you can restore most, if not all, of the correct permissions with the mtree tool. Log in as root, and then run this: # cd / # mtree -Uef /etc/mtree/BSD.root.dist The mtree specification file, /etc/mtree/BSD.root.dist, contains a list of the files and directories that are installed in a standard FreeBSD system, along with the correct ownership and permissions for those objects. The -U flag tells mtree to modify any objects that don't match the specification, and the -e flag tells it not to warn about files it finds on disk but not in the specification file. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpnuhNxAl49N.pgp Description: PGP signature
On-access AV scanning
Are there any current options available to support on-access antivirus scanning on FreeBSD? security/dazuko doesn't build on FreeBSD more recent than 8[0], so that's a non-starter, and it looks as if the FreeBSD zfs implementation lacks support for the vscan property[1], so using vscan with c-icap[2] is apparently not an option, either. I am in no way clever enough to even consider attempting to add vscan support. I met the new CIO of my company yesterday, and out of that conversation, I am putting together a case for getting a FreeBSD or Solaris workstation to replace the aged Windows XP machine I've been on for the last three years. My first choice would be FreeBSD, but I need to convince him that AV provisions are adequate to meet corporate IT policy guidelines. With the hardware specifications we are looking at, it would be possible to configure a full, on-demand scan every few hours, but on-access capability would be nice. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! Thanks for any hints, Dan [0]: security/dazuko/Makefile:22 [1]: cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c:1456-1461 (FreeBSD 9.1-PRERELEASE from two days ago) [2]: https://www.sunwfrk.com/2009/04/19/zfs-with-on-access-virus-scan/ -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgph8o2CvNoPi.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain of dismissal. I don't want to lose my job, because you said I didn't need AV software. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp5nybljJpkE.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain Well, there is AV software for FreeBSD - we use Kaspersky on our FreeBSD based mailserver, but the viruses it looks for are Windows viruses. I don't know if that will satisfy your IT policy. Maybe you should be looking at Cygwin? Or, can FreeBSD run under HyperV? Thanks, Daniel. I have looked at Kaspersky, and various others, but the main sticking point, as I see it, is that there is no on-access scanning capability in any of the AV packages available for FreeBSD. It's not essential to build my case, but it would certainly strengthen it. I use ClamAV on my home mail server, and it works well. I have also tested it out on a desktop machine to run on-demand scans, and it works just fine, and doesn't impose so much of a load as to be a nuisance. We have had a couple of virus outbreaks recently, so this is quite a high profile concern around here at the moment. The CIO is from a technical background, so I might well be able to convince him of FreeBSD's strengths as a very secure system, but I will still need to accede to the IT policy, sadly - no way around it. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpmcMu7t87SO.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 01:23:36PM +0200, Polytropon wrote: On Fri, 27 Jul 2012 12:00:19 +0100, Daniel Bye wrote: All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain of dismissal. Why is the AV software running on FreeBSD not sufficient in the opinion of your superior (or by the guidelines of the corporate directives)? And those who bring a smartphone to work (private or company use), how do they run AV software on those _IT devices_? :-) Oh, and how is AV software brought to the company network printers, the LAN gear and WLAN APs and everything else that can be infected, exploited, ruined or damaged? Or do they simply not count as desktop/workstation as you mentioned? In that case: Happy attack vectors. :-) Well, no, they don't count, according to our policy, because they're not desktops. I know, I know - but I didn't write the damn policy - I just have to live by it! :-/ Excuse my sarcasm, but there's a little truth in it, when seen from an IT security point of view. I know, you make valid points - but I am merely a minor functionary on the content development department, and not a global IT policy maker. If it were up to me, everyone in the company would be on UNIX of some kind or other, but it just isn't up to me. Hopefully, I can convince those that need convincing that what is available is sufficient. I've only been using FreeBSD for the last 13 years, after all, and in that time can count on the fingers of no hands the number of security flaws that have allowed any of the machines under my care to be compromised... I know that's no reason for complacency, and that I have been lucky, but it's still a comforting statistic. Thanks for your thoughts, guys. Of course, I'm going to extol FreeBSD's virtues (it'd be great to get it in the datacentre, wouldn't it?), and we'll see how we go! Really, I _do_ understand your problem (or better the problems others created for you). Try to get more specific statements to what kind of AV software with which action attributes is required and try to construct a solution that will be sufficient in the _view_ of the responsible superiors. The less they do actually understand, the easier it should be. FreeBSD does _have_ AV software, but not _for_ FreeBSD per se (as it cannot be infected by viruses, trojans and malware that are designed explicitely for Windows platforms), but it can very well detect them. This all still does not help against human stupidity. Aye, quite so. Preaching to the choir, brother. Feel free to show this article and make use of its arguments: Robert McMillan: Is Antivirus Software a Waste of Money? http://www.wired.com/wiredenterprise/2012/03/antivirus/ Thanks for the link - I'll certainly have a read of it, and might well drop the link in my email to him. A _responsible_ and well-educated IT representative should form his own intelligent opinions, instead of trying to blindly corporate guidelines which are possibly _impossible_ to instantiate. Oh, this guy isn't frightened of change, so I'm just trying to build the best case I can for his accepting FreeBSD. He seems very reasonable, and I'm sure will be able to make an informed decision based on what I tell him, and his own knowledge and experience. To be honest, when I asked him for a UNIX workstation, I was expecting him to just laugh at me, so to be given the opportunity to make a case for FreeBSD came as a very welcome surprise. My idea for a solution: You can use a file access monitor (FAM) to detect when a new file enters the system, and then immediately have it scanned by a virus scanner you have already installed from ports. Yep - exactly the solution that occurred to me a few minutes ago. A project for the weekend! Because looking after a 6-month-old baby doesn't take up all our time... Next issue: You need a virus scanner that inspects network packets! :-) lol. Don't! Like I said, I'm just a code jockey in the content development department - all that stuff happens way up there, out sight of us mere bottom-dwellers! Cheers, Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpDEDncQmqJK.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 01:52:16PM +0200, Damien Fleuriot wrote: FUSE ClamFS Ah, thanks for that. I'll check it out. But then, FUSE... ew... I know. But, if it gets me my workstation... ;-) Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp6MJm1b2W4J.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 07:15:29PM +0700, Erich Dollansky wrote: Hi, On Fri, 27 Jul 2012 12:47:29 +0100 Daniel Bye freebsd-questi...@slightlystrange.org wrote: On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? why should it be available when it is not needed? Because the IT policy (currently) requires it. I don't agree with that policy, but there you are - I don't have the authority to simply ignore it. FreeBSD doesn't need this as there are no viruses on that system. Ok, this is a bad reasoning. Thanks, Daniel. I have looked at Kaspersky, and various others, but the main sticking point, as I see it, is that there is no on-access scanning capability in any of the AV packages available for FreeBSD. You will not find them. The scanners running on FreeBSD are looking for Windows pests. Yes, I know. But we have petabytes of file systems shared over SMB/CIFS, so if a Windows machine inroduces something to the network, it strikes me as reasonable that if my (still putative) FreeBSD system finds it before another Windows system, I have potentially prevented a much wider problem. It's not essential to build my case, but it would certainly strengthen it. I use ClamAV on my home mail server, and it works well. I have also tested it out on a desktop machine to run on-demand scans, and it works just fine, and doesn't impose so much of a load as to be a nuisance. Does it scan for FreeBSD viruses? I would wonder. I wouldn't waste your time wondering, if I were you. Of course they *all* look for malware that infests Windows machines. But, that nontwithstanding, I have to adhere to the policy, whether I like it or not. We have had a couple of virus outbreaks recently, so this is quite a high profile concern around here at the moment. The CIO is from a technical background, so I might well be able to convince him of FreeBSD's strengths as a very secure system, but I will still need to accede to the IT policy, sadly - no way around it. You will have to give it a miss then. The security concepts of FreeBSD are 100% different. They will never match this kind of policy. Yes, and I am hoping that that fact is enough to persuade him that the current policy (which he inherited, by the way, he didn't have a hand it its establishment) is no longer applicable in an increasingly mixed environment (Polytropon brought up the obvious matter of smartphones and tablets and other devices). Thanks for your thoughts. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpZZcvYWv02S.pgp Description: PGP signature
Re: On-access AV scanning
On Fri, Jul 27, 2012 at 10:02:26AM -0500, Paul Schmehl wrote: --On July 27, 2012 11:43:08 AM +0100 Daniel Bye freebsd-questi...@slightlystrange.org wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? Clamav. I use it on my home mail server (I have a Windows machine on my network, so want to trap anything nasty that comes in to protect that). It integrates well with exim's malware ACL checks. I did some testing several years ago with ClamAV, Sophos and McAfee (scanning incoming mail), and ClamAV was comparable to McAfee in detection rates - over 98%. Yes, it's a good product, no doubt. If you run the daemon you have on access scanning. Seems like that would satisfy the policy. No - the daemon only provides on-demand scanning on FreeBSD. That is, it only scans files that are explicitly passed to it by some other process - usually an MTA or the clamscan command line tool. On-access scanning requires an additional layer on top of the file system, which intercepts certain file system operations, sending files transparently to the scanner. Opening a file in your editor, for example, might cause the file to first be scanned before your editor can get it. Likewise, trying to download something from the web in your browser would cause the file to be scanned before it's saved to disk. That's what the dazuko port was for (although it doesn't work on FreeBSD9, and the latest version is a Linux-only rewrite.) As Polytropon pointed out, it should be possible to create a passing approximation by using FAM/Gamin. Thanks, everyone, for all your input. I think I have enough to be able to put a strong case forward. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpWnIudkhITd.pgp Description: PGP signature
Re: Question about install from ports
On Mon, Jul 23, 2012 at 03:45:35AM -0700, Mr U wrote: hi all I want to install openbox from ports collection. freebsd attempting to download libxml2 from fr.rpmfind.net but I don't know why connection speed slow down after a while and finally failed. is it possible to change download location (mirror) or is it possible to download file manually and add file in openbox dir? If you can find the file on a faster site, you can download it and put it in /usr/ports/distfiles/rpm/i386/fedora/10/ and restart the OpenBox build, or you can put these two settings in /etc/make.conf: MASTER_SITE_BACKUP?=\ ftp://ftp.uk.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/ MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP} Change the uk to point to a site near to your geographical location. With these lines, your ports system will first look for distfiles on the FreeBSD mirror site, and will only go to the MASTER_SITE in a port's Makefile if the FreeBSD site doesn't have the required file. This is sometimes faster than going to the MASTER_SITE first. Or, as RW suggested, try setting RANDOMIZE_MASTER_SITES. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpbbi9WCa4Im.pgp Description: PGP signature
Re: Question about install from ports
On Mon, Jul 23, 2012 at 08:08:47AM -0700, Mr U wrote: thank you dan but how i can use RANDOMIZE_MASTER_SITES temporary? i tried google but i didn't find any info about this!!! It's just a shell variable, so you can temporarily set it by defining it on the command line for which you want it to apply. In this case, you'd want to go back to the OpenBox directory, and type RANDOMIZE_MASTER_SITES=1 make all install clean (That's the number one after the `='. It doesn't really matter what value it is set to - the important thing is that it's set) For this one command, RANDOMIZE_MASTER_SITES is in effect. Looking at this again, it seems I got myself confused as to where you should download the distribution file. I think your system is trying to download a plain tbz file, and not an RPM. If that's the case, the downloaded file will actually go in /usr/ports/distfiles. The fact you mentioned fr.rpmfind.net was enough to send me off down the wrong path... Sorry for making things more complicated than they needed to be! Dan - Original Message - From: Daniel Bye freebsd-questi...@slightlystrange.org To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Cc: Sent: Monday, July 23, 2012 6:29 PM Subject: Re: Question about install from ports On Mon, Jul 23, 2012 at 03:45:35AM -0700, Mr U wrote: hi all I want to install openbox from ports collection. freebsd attempting to download libxml2 from fr.rpmfind.net but I don't know why connection speed slow down after a while and finally failed. is it possible to change download location (mirror) or is it possible to download file manually and add file in openbox dir? If you can find the file on a faster site, you can download it and put it in /usr/ports/distfiles/rpm/i386/fedora/10/ and restart the OpenBox build, or you can put these two settings in /etc/make.conf: MASTER_SITE_BACKUP?= \ ftp://ftp.uk.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/ MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP} Change the uk to point to a site near to your geographical location. With these lines, your ports system will first look for distfiles on the FreeBSD mirror site, and will only go to the MASTER_SITE in a port's Makefile if the FreeBSD site doesn't have the required file. This is sometimes faster than going to the MASTER_SITE first. Or, as RW suggested, try setting RANDOMIZE_MASTER_SITES. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpBLKGxZjMLX.pgp Description: PGP signature
Re: Enabling FTP and Telnet access for root and users
On Thu, Dec 15, 2011 at 06:26:09AM -0600, Daniel Lewis wrote: How do I enable Telnet and ftp access for root and users? I turned on ftp and telnet in inetd but when at telenet or ftp prompt access is denied. Can we see the error message? Are you sure inetd is running? Using the right username/password combination? In all honesty, you're better off enabling sshd instead, which encrypts your communication, and offers numerous other security enhancements over plain telnet and ftp. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp4YL4cuTyVV.pgp Description: PGP signature
Re: fetchmail in system-wide mode
On Wed, Sep 07, 2011 at 05:25:50AM +0200, Xavier FreeBSD questions wrote: On Tue, Sep 06, 2011 at 03:19:36PM +0100, Daniel Bye wrote: I paste the fetchmail_startup in: http://pastebin.com/vFqdhwfg For you, the answer of why don't worked for me fetchmail is lines 502 and 503 ? Looks like a permissions problem on the fetchmail config file, /usr/local/etc/fetchmailrc. What do you get when you run $ ls -l /usr/local/etc/fetchmail* ? I have just freshly installed fetchmail on a new system, and I see this: -rw--- 1 fetchmail fetchmail 130 7 Sep 21:24 - /usr/local/etc/fetchmailrc -rw-r--r-- 1 fetchmail fetchmail 130 7 Sep 21:24 - /usr/local/etc/fetchmailrc.sample If you see something different, try setting the permissions and ownership to what you see here, or try reinstalling the port. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp7g4H3AKS9O.pgp Description: PGP signature
Re: fetchmail in system-wide mode
On Wed, Sep 07, 2011 at 11:17:15PM +0200, Xavier FreeBSD questions wrote: 2011/9/7 Daniel Bye freebsd-questi...@slightlystrange.org Hi Daniel, On Wed, Sep 07, 2011 at 05:25:50AM +0200, Xavier FreeBSD questions wrote: On Tue, Sep 06, 2011 at 03:19:36PM +0100, Daniel Bye wrote: I paste the fetchmail_startup in: http://pastebin.com/vFqdhwfg For you, the answer of why don't worked for me fetchmail is lines 502 and 503 ? Looks like a permissions problem on the fetchmail config file, /usr/local/etc/fetchmailrc. What do you get when you run $ ls -l /usr/local/etc/fetchmail* ? I have just freshly installed fetchmail on a new system, and I see this: -rw--- 1 fetchmail fetchmail 130 7 Sep 21:24 - /usr/local/etc/fetchmailrc -rw-r--r-- 1 fetchmail fetchmail 130 7 Sep 21:24 - /usr/local/etc/fetchmailrc.sample If you see something different, try setting the permissions and ownership to what you see here, or try reinstalling the port. I don't have the /usr/local/etc/fetchmailrc because I use a user local file. Well, there you go, then. The system global operation requires that file. You'll need to run per-user daemons, which can be set up by following the instructions in /usr/local/etc/rc.d/fetchmail. In particular, pay attention to `fetchmail_users'. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpjHgB8dCSYF.pgp Description: PGP signature
Re: fetchmail in system-wide mode
On Tue, Sep 06, 2011 at 03:10:50PM +0200, Xavier FreeBSD questions wrote: Hello, On the Internet there are some sites where they say to start fetchmail(1) in system-wide should put these two options in rc.conf(5) : fetchmail_enable=YES fetchmail_polling_interval=60 This has worked for me in the past when I've needed fetchmail(1). Although the second is optional and at first has little to do with this question because this question is addressed rather to the first option. I searched in /etc/defaults/rc.conf and rc.conf(5) manual and find no reference to these two options. This is to be expected. fetchmail(1) is a port, not part of the base system. I have them in my rc.conf(5) but fetchmail(1) does not start automatically. In /usr/src/UPDATING not found any reference to it. Again, what you'd expect. Which is the correct way to start fetchmail(1) in system-wide? Is fetchmail installed on your system? If so, and you still can't get it to start automatically, try this: # script fetchmail_startup sh -x /usr/local/etc/rc.d/fetchmail start You'll now have a file called `fetchmail_startup' which will contain a record of exactly what the fetchmail rc script did as it executed, which may or may not prove informative. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpqwPjWkYetD.pgp Description: PGP signature
Re: /etc/rc.d/jail using new-style jail command?
On Sun, Jun 19, 2011 at 10:16:05PM -0400, Fbsd8 wrote: Give the qjail port a try. It has the ability to reference jails by name and create jails without starting them. Though it does not use the new-style jail command. root@fbsd:/usr/ports/sysutils/qjail zsh/2 1002 # make install === Installing for qjail-1.0 === Generating temporary packing list === Checking if sysutils/qjail already installed install: /data/portbuild/usr/ports/sysutils/qjail/work/qjail-1.0/qjail-jail2: No such / file or directory *** Error code 71 Stop in /usr/ports/sysutils/qjail. Any progress on getting the port fixed? I really like qjail, and find it pretty intuitive, but the port hasn't worked properly since it was added to the collection. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpmwu9g0nQln.pgp Description: PGP signature
Re: /etc/rc.d/jail using new-style jail command?
On Mon, Jun 20, 2011 at 11:41:21AM -0400, Fbsd8 wrote: Daniel Bye wrote: On Sun, Jun 19, 2011 at 10:16:05PM -0400, Fbsd8 wrote: Give the qjail port a try. It has the ability to reference jails by name and create jails without starting them. Though it does not use the new-style jail command. root@fbsd:/usr/ports/sysutils/qjail zsh/2 1002 # make install === Installing for qjail-1.0 === Generating temporary packing list === Checking if sysutils/qjail already installed install: /data/portbuild/usr/ports/sysutils/qjail/work/qjail-1.0/qjail-jail2: No such / file or directory *** Error code 71 Stop in /usr/ports/sysutils/qjail. Any progress on getting the port fixed? I really like qjail, and find it pretty intuitive, but the port hasn't worked properly since it was added to the collection. Dan Dan, qjail installs fine for me. You have something mis-configured on your system. /data/portbuild/ is invalid path which is not part of an normal install. My system is set up just fine, thanks. My ports tree is located on a single server, and shared via NFS. To avoid hitting the rather slow disks in the host machine, each client sets WRKDIRPREFIX so that ports build locally. This is fully supported by the ports system, and should not cause a well-behaved port to break.[1] And indeed, this configuration has been working flawlessly now for well over 6 years, and it is not the source of the problem now. This is what happens when I try to install qjail on the host where the ports tree lives: root@catflap(1):/usr/ports/sysutils/qjail zsh/3 1001 # make install === Installing for qjail-1.0 === Generating temporary packing list === Checking if sysutils/qjail already installed install: /usr/ports/sysutils/qjail/work/qjail-1.0/qjail-jail2: No such file or directory *** Error code 71 Stop in /usr/ports/sysutils/qjail. root@catflap(1):/usr/ports/sysutils/qjail zsh/3 1007 # ls /usr/ports/sysutils/qjail/work/qjail-1.0/qjail-jail2 ls: /usr/ports/sysutils/qjail/work/qjail-1.0/qjail-jail2: No such file or directory The file isn't there. Bah! Scratch that. Just ran make distclean make install and it works. My apologies, Joe, I should have tried that much sooner... I can only assume it happened because I installed the port by hand shortly after you announced its release a few months ago, before it was formally accepted as part of the tree. I guess I forgot to clean up after that manual test install and grab the latest version from the ports. To the originator of this thread - do give qjail a try - it's very good. ~runs away and hides Dan 1 http://www.freebsd.org/doc/en/books/porters-handbook/porting-wrkdirprefix.html -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpla2mVd79lP.pgp Description: PGP signature
Re: FreeBSD Python version
On Wed, May 25, 2011 at 07:58:56AM +0300, Patrick Brookings wrote: Hello, Can you please tell me what standard version of Python comes with the latest FreeBSD? And also, is it possible to upgrade to a newer version without breaking other functionalities? FreeBSD doesn't have Python installed as part of the standard system - it is available as a third party port. The default port version was recently upgraded to 2.7, and the entry for 20110304 in /usr/ports/UPDATING has clear instructions on how to upgrade already installed Python packages. I am asking because more and more scripts require at least Python 2.5, whereas CentOS for example only comes with 2.4.3, and it's pretty much impossible to upgrade the system Python without breaking yum and things like that. There is nothing in the base system that relies on Python, so following the upgrade procedure will not break any essential standard tools. If all your currently installed Python packages were installed by means of the ports system, the update should correctly update them all for you. Anything installed by any other means, though, will need to be dealt with manually. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp8dlu20T57b.pgp Description: PGP signature
Re: using dovecot, where is ICOMING mail stored?
On Wed, Mar 09, 2011 at 05:23:34PM -0800, Gary Kline wrote: Does anybody know about this obscure stuff? In late DEcember, 2007 my FreeBSD server started having serious problems that were over my head. I asked this list for help but no one could help me; long-story-short, a guy from the DFW area, a self-taught net-wizard came to my rescue. Via the yahoo IM application and thanks to a fellow here with two strong arms, this network guy set me up with a pfSense firewall (on an old Kayak), and fixed/changed stuff on my server. He installed some mail tool called dovecot and deployed that on my server. At the time I was running FreeBSD everywhere except one of my four other computers. He also found something to let me still use mutt. I prefer CLI and text--8859-1 or ASCII. Hand on keyboard; my should got destroyed many years ago so the less motion between keyboard and mouse, the better. This morning I found the 15 or 20 messages in my incoming mail queue gone. Vanished. ---I do of course backup stuff in my ~/Maildir on my server. I checked my bup. Nothing. Does anybody know what this dovecot does with its incoming mail files? I only do one daily backup that it ccron'd for 03:00 [[along with a bunch of other critical directories, of course]] If you haven't changed the dovecot config file, look in it for the mail_location setting. For example, mine is set to: mail_location = maildir:~/Maildir From what you say above, about backups of ~/Maildir, I would expect you to find something very similar. If that's not what you find, try looking in the location it does point to. If you still have no luck, look at your SMTP server's config and figure out how it handles local deliveries. For example, my exim install is set up to send messages for local delivery through a pipe to the maildrop program, which in turn delivers them to folders under my ~/Maildir according to my filtering rules. Good luck! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpz2bgjh8n5d.pgp Description: PGP signature
Re: Portupgrade and Updating the portsdb
On Thu, Feb 10, 2011 at 04:33:17PM +0300, c0re wrote: Hello all! I've got set of servers that uses NFS mounted /usr/ports. When I use portupgrade samba on 1st server it says [/usr/ports/INDEX-7.db: unexpected file type or format -- Invalid argument] [Updating the portsdb format:bdb_btree in /usr/ports ... - 22601 port entries found error] Remove and try again. [Updating the portsdb format:dbm_hash in /usr/ports ... - 22601 port entries found .1000.2000.3000.4000.5000.6000.7000.8000.9000.1.11000.12000.13000.14000.15000.16000.17000.18000.19000.2.21000.22000.. . done] Okay. It took 10-15 mins to rebuild. Then I say portupgrade samba on 2nd server it says again [/usr/ports/INDEX-7.db: unexpected file type or format -- Invalid argument] [Updating the portsdb format:bdb_btree in /usr/ports ... - 22601 port entries found error] Remove and try again. and rebuild portsdb. Why is it so? Ports are updated via portsnap fetch update. /etc/portsnap.conf has INDEX INDEX-5 DESCRIBE.5 INDEX INDEX-6 DESCRIBE.6 INDEX INDEX-7 DESCRIBE.7 INDEX INDEX-8 DESCRIBE.8 So while portupgrade rebuilds portsdb it's not possible use portupgrade on 2nd server because later build process will fail on 1st or second server. What can I do with it? Why portupgrade always thinks that [/usr/ports/INDEX-7.db: unexpected file type or format -- Invalid argument]? Are you using the same versions of ruby, portupgrade, ruby-bdb and bdb on both machines? Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp3ptuxyGw1i.pgp Description: PGP signature
Re: pf, binat, rdr, and one ip
On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote: On 02/09/11 01:18, Daniel Bye wrote: On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote: A very quick question. PF firewall. One static public IP. About 6 servers on the internal network (dmz). One server binat in the pf.conf, the rest redirected. Possible? Or would it die in the hole? I guess you're concerned about performance and resource usage? If so, this may be helpful. http://www.openbsd.org/faq/pf/perf.html Dan Useful info to have, thanks. But no, I'm interested in if the binatting will interfere with the rdr's (or vice versa). Ah, I see. I don't know, is the straight answer - I've never needed to use both together. A bit of idle googling seems to suggest it's possible, but I don't have time right now to dig any deeper. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpcn2GmX6LOS.pgp Description: PGP signature
Re: pf, binat, rdr, and one ip
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote: A very quick question. PF firewall. One static public IP. About 6 servers on the internal network (dmz). One server binat in the pf.conf, the rest redirected. Possible? Or would it die in the hole? I guess you're concerned about performance and resource usage? If so, this may be helpful. http://www.openbsd.org/faq/pf/perf.html Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgplWu1QraHO6.pgp Description: PGP signature
Re: Starting from Scratch!
On Wed, Feb 02, 2011 at 12:09:11PM -, Graham Bentley wrote: After several months away from FreeBSD I am asking for advice on versions for general desktop / interest use [non critical learning platform] Should I hang on a bit for 8.2 to go current? Nah, install now and upgrade when 8.2 is released - after all, your stated use for the system is learning! Or will I easily be able to update RC3 in any case? Yes, very easily, provided you follow the prescribed technique. Full details in the handbook, of course. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpBt1BYi5fBA.pgp Description: PGP signature
Re: Upgrading autoconf
On Fri, Oct 01, 2010 at 12:13:28PM +0300, Odhiambo Washington wrote: On Thu, Sep 30, 2010 at 6:59 PM, Daniel Bye freebsd-questi...@slightlystrange.org wrote: On Thu, Sep 30, 2010 at 06:50:22PM +0300, Odhiambo Washington wrote: I am trying this out: #portupgrade -f 'autoconf*' 'automake*' Try upgrading the failing ports by hand. portupgrade tends to suppress full error output, making it difficult to ascertain exactly what's gone wrong. Alternatively, I would be tempted to just uninstall autoconf* and automake*, since they will get pulled in as dependencies whenever you come to build another port that requires them. Hi Dan, Turns out the culprit was m4. Once I did 'portupgrade m4' successfully, everything now compiled fine. The box is running FreeBSD 6.4-STABLE which I was ashamed to mention:-) Glad you fixed it! Will migrate it to 8.x soon, by doing a new installation and migrating. Or should I wait for FreeBSD-9 ?? I'd go for 8.x as soon as possible. It'll be a while before 9 is ready for production, and when it is released, it should be pretty straight forward to upgrade from 8.x using the standard buildworld cycle, provided your setup isn't too outlandish! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp7nxygb4Lhw.pgp Description: PGP signature
Re: Upgrading autoconf
On Fri, Oct 01, 2010 at 03:02:10PM +0300, Odhiambo Washington wrote: Will migrate it to 8.x soon, by doing a new installation and migrating. Or should I wait for FreeBSD-9 ?? I'd go for 8.x as soon as possible. It'll be a while before 9 is ready for production, and when it is released, it should be pretty straight forward to upgrade from 8.x using the standard buildworld cycle, provided your setup isn't too outlandish! Update 6.4 to 8.x?? Or you mean some upgrade path like install 8.x and then migrate services?:-) Since you're crossing two major versions, I'd go for a clean install. You could conceivably go straight to 8 using buildworld, but I think the safest and simplest course of action is to take good backups and start from scratch. As for going from 8.x to 9.x, that should be pretty easy, if, as I said, your setup isn't too far from the default. But of course, only you can make that call. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpH6dN2QDWf5.pgp Description: PGP signature
Re: router / firewall with PF and carp.
On Fri, Oct 01, 2010 at 09:40:56AM -0400, Kevin Wilcox wrote: On 1 October 2010 05:29, krad kra...@gmail.com wrote: In my experiance freebsd should work fine. However I would say openbsd is probably better suited to your needs, due to its tighter security model (auditing) Krad, I was under the impression that 'audit' from TrustedBSD is built into FreeBSD. Is there a facility in OpenBSD that is better or is there something in 'audit' that is lacking? I think krad is referring to the well-publicised code audit that the OpenBSD project conducts, rather than the TrustedBSD audit framework. As far as I know, OpenBSD doesn't have anything comparable, but it's a long time since I looked at it, so I might be typing out of me ear... Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpu4rTdktZV6.pgp Description: PGP signature
Re: Upgrading autoconf
On Thu, Sep 30, 2010 at 06:50:22PM +0300, Odhiambo Washington wrote: I am trying this out: #portupgrade -f 'autoconf*' 'automake*' Try upgrading the failing ports by hand. portupgrade tends to suppress full error output, making it difficult to ascertain exactly what's gone wrong. Alternatively, I would be tempted to just uninstall autoconf* and automake*, since they will get pulled in as dependencies whenever you come to build another port that requires them. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpR3Lo2vM9Gt.pgp Description: PGP signature
Re: TCP Logs Why Connection attempt to closed port
On Mon, Sep 20, 2010 at 11:58:38AM +0100, David Southwell wrote: Large quantities of these errors constantly appear in log/dmesg.today. Can anyone explain what is going on and whether any action is needed. If so how to go about tracing the cause. I think you probably have the net.inet.tcp.log_in_vain sysctl set to something other than 0, causing the kernel to log these connection attempts on ports where no service is listening. It is probably nothing to worry about. If you want to turn these warnings off, check in your /etc/rc.conf for `log_in_vain=1' or similar and remove it - the default, set in /etc/defaults/rc.conf, is to not log these attempts. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp58aKT7MgYT.pgp Description: PGP signature
Re: /usr/local/etc/rc.d/imapproxyd start
On Fri, Sep 17, 2010 at 01:02:03PM +0200, n dhert wrote: There seems to be a problem with starting up the IMAP proxy server imapproxyd: # /usr/local/etc/rc.d/imapproxyd start says Starting imapproxyd. but doesn't return the # prompt ... # ps -jawx | grep imap root 21490 21426 21490 64248 1 S+ 3 0:00.01 /bin/sh /usr/local/etc/rc.d/imapproxyd start root 21496 21490 21490 64218 1 S+ 3 0:00.01 /usr/local/sbin/in.imapproxyd I would expect the /bin/sh line to disappear and the # prompt to come back. And so it should. I have just installed and tested it, and it works fine. The only way I can replicate the behaviour you report is if I misspell the name of the backend IMAP server - so start checking there. If it's not a typo, it is likely some other variety of DNS error. If (from another terminal window) I do # /usr/local/etc/rc.d/imapproxyd stop is says Stopping imapproxyd. # (returns the prompt) If the first window, it says: Terminated /usr/local/etc/rc.d/imapproxyd: WARNING: failed to start imapproxyd ?? 1. what is wrong here and how to correct it ? 2. also, although I do have a user nobody and a group nobody in FreeBSD 8 and the config file /usr/local/etc/imapproxyd.conf specifies (default setting) proc_username nobody proc_groupname nobody I wonder why the processes (ps -jawx) show root as the process owner ? It will need to start as root in order to bind all the resources it needs, before dropping privileges. Remember that only root can bind ports below 1024. It works fine here. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp4BlcxyfoWN.pgp Description: PGP signature
Re: What's the best way to upgrade 8.0 ?
On Thu, Sep 02, 2010 at 12:13:18AM -0700, zaxis wrote: uname -a FreeBSD mybsd.zsoft.com 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Wed Jul 14 15:35:26 CST 2010 r...@mybsd.zsoft.com:/media/G/usr/obj/media/G/usr/src/sys/MYKERNEL i386 Now i want to upgrade it to 8.1 realease. Since you appear to be running a custom kernel, building from source is the way to go. Chapter 24 of the handbook will be helpful. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpRkfB7WrIKt.pgp Description: PGP signature
Re: reboot options
On Mon, Aug 30, 2010 at 11:43:33AM -0700, Chip Camden wrote: Is there a way to specify which boot option to choose on the next reboot? I often find that I'll start a reboot and then get distracted by something else and miss my chance to specify which way to boot before the beastie screen times out. A nit, I know -- but bothersome to a nitwit such as I. A nit by which others have obviously been irritated - nextboot(8) is probably what you're looking for! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpUS15D2loGH.pgp Description: PGP signature
Re: Grepping a list of words
On Wed, Aug 11, 2010 at 06:00:22PM -0500, Jack L. Stone wrote: Kindly appreciate help with how to grep (or similar) a list of words to determine if any of them are in a file rather than grepping one word at a time. Something like this should do the trick: egrep (word1|word2|word3) file Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgplIzwvUzzGB.pgp Description: PGP signature
Re: Bind9.7.1 Package
On Fri, Aug 06, 2010 at 10:15:15AM -0500, Martin McCormick wrote: In the /usr/ports/dns/bind9 ports there is a bind97 port that I had no trouble at all installing on a 8.0 system. If I do a pkg_add -r bind97, however, pkg_add reports that it is unavailable. I will be building several FreeBSD boxes with bind9.7.1 on them so a package would be faster. Am I missing the name of the package? If there is no package of bind97, this is not a huge setback but it will make each installation take longer before named starts to work. If you can build the port successfully, you can build your own package. `make package' in the appropriate place will do it for you. Note that you will probably have to uninstall BIND first on the build machine, but `make package' will install it and create a binary package for you. You can then put the package on a local ftp server and point pkg_add in its direction or use NFS to share it. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpTurowcwPYQ.pgp Description: PGP signature
Re: Why am I getting mail rejects?
On Tue, Jul 27, 2010 at 06:33:48PM -0400, Grant Peel wrote: Hi everyone, I asked this a few days ago, and did not get a response. I have this in my /etc/periodic.conf: constellation# more periodic.conf # 460.status-mail-rejects daily_status_mail_rejects_enable=NO # Check mail rejects daily_status_mail_rejects_logs=0# How many logs to check daily_status_mail_rejects_shorten=NO # Shorten output And have chnaged this in my /etc/defaults/periodic.conf: Don't change anything in /etc/defaults. These are sourced before the local config files, so anything set correctly in your local config will override the default settings anyway. # 460.status-mail-rejects daily_status_mail_rejects_enable=NO # Check mail rejects daily_status_mail_rejects_logs=3# How many logs to check daily_status_mail_rejects_shorten=NO # Shorten output And am still getting all the reject mail data showing in my daily periodic output. I am using FreeBSD 8.0 p#3 The mta is Exim 4.69_4 built from ports. What am I doing incorrectly? Why am I still getting all the mail reject log lines in my daily periodic output? In /etc/periodic.conf: exim_status_mail_rejects_enable=NO Exim installs its own rejects status script in /usr/local/etc/periodic. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpiWb1wAn77D.pgp Description: PGP signature
Re: where is pfm2afm
On Thu, Jul 22, 2010 at 04:57:10PM +0200, Matthias Apitz wrote: El día Thursday, July 22, 2010 a las 09:47:52AM -0500, Ryan Coleman escribió: It converts Postscript Font files into Adobe Font Manager files. I've have not a use for it (yet). Background of my question is the need of Type 1 font files which cover most of the European Unicode scripts for the usage in CUPS. In some FAQ I read: http://tldp.org/HOWTO/html_single/Font-HOWTO/ 9.2. Type 1 Fonts and Metafont 9.2.1. Dealing With Mac and Windows Formats Many foundries ship fonts with Windows and Mac users in mind. This can sometimes pose a problem. Typically, the ``Windows fonts'' are fairly easy to handle, because they are packed in a zip file. The only work to be done is converting the pfm file to and afm file (using pfm2afm) That's why the question: Is 'pfm2afm' part of some port in /usr/ports? Thanks in advance print/ghostscript* installs something called pf2afm, which seems to be the same thing. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgprZ0wRICco6.pgp Description: PGP signature
Re: custom log in website folder
On Tue, Jul 20, 2010 at 01:18:50PM +0200, Zbigniew Szalbot wrote: Dear all, All my website logs are in /var/log but one user would like to have access to a custom log specific to his site. Sites are in /usr/local/v/ How can I make /var/log/custom.log available to him in /usr/local/v/site/logs/? Does it need a symlink? But will he be able to read the log if it is only a symlink to /var/log/custom.log? I'd appreciate your suggestions and sorry for asking a basically non-freebsd related question but this community has always been a wonderul source of inspiration and help. You can probably configure your web server to write separate logs for each site you host. That way, you don't need to expose the entire log data to each user - each will see only what's relevant to their site. How you do this depends on the web server you use, of course. You should also be able to have the log files written to your preferred location. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpe2SmC47hsK.pgp Description: PGP signature
Re: Ports PHP 4.4.9 - GD Extension
On Thu, Jul 08, 2010 at 10:41:55AM -0400, Grant Peel wrote: Hi all, I am attempting to insall the GD PHP extension on FreeBSD 8 and am getting this at build time. (I need to have a php4 and mysql 4 server for compatability reasons). It appears that the PNG version the port is trying to build has a security issue. How can I work arround this (I really need the GD extension). Any help would be appreciated. ds9# pwd /usr/ports/lang/php4-extensions === png-1.4.1_1 is forbidden: vulnerable to remote buffer overflow. png is currently at version 1.4.3 in ports. Try updating your ports tree and give it another go. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpDHcEbj0W2p.pgp Description: PGP signature
Re: move back to preceding ports ?
On Tue, Jun 29, 2010 at 11:49:38AM +0200, Frank Bonnet wrote: Hello Due to my unsolved problem with openldap24-server 2.4.22 port I would like to know of ot is possible to move backward the ports tree in order to reuse the 2.4.21 version. ports-mgmt/portdowngrade is likely what you are looking for. The machine is dedicated to LDAP service so it won't hurt anything else :-) Thanks F ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpdZ8SPtyPRX.pgp Description: PGP signature
Re: upgrading 8.0 to 8.1, which tag to use?
On Mon, May 24, 2010 at 12:11:06PM -0400, Aleksandr Miroslav wrote: I have a FreeBSD box running 8.0-RELEASE, that I would like to upgrade to 8.1 I am aware that 8.1 is not released yet, when 8.1-RELEASE is cut, I will rebuild at that point. My question is about which CVS tag to use. Should I use RELENG_8, or is there a RELENG_8_1 that I can use? RELENG_8 will get you STABLE, or, at the moment, 8.1-PRERELEASE. When 8.1-RELEASE is finished, you'll be able to get it with RELENG_8_1. I don't think the tag exists just yet, though. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpedC2gr1cwY.pgp Description: PGP signature
Re: pf suggestions for paced attack
On Mon, May 03, 2010 at 11:39:33AM -0500, John wrote: Hi, Matthew. Indeed, yes, you may not recall, but my rules are based on a set that I originally got from you, and I do, in fact, have a white list, which I should have mentioned, but some of my users are road warriors and could be coming from virtually anywhere. You're right, though - it's time to look into alternatives to password-based authenticaion. I think I've taken password-based protection and rate adaptive rules to their logical limit. Depending on the platforms these people use, you might find OpenVPN useful. It has some excellent features for protecting against the sort of attack you are seeing, if you use the default UDP transport. The setup is really quite simple, and it runs on *BSD, Linux, Mac OS X and Windows (probably others, but I've never needed to use it anywhere but the 4 listed). You can then allow users on the VPN to access ssh, along with the whitelisted addresses already in your pf tables. I've been using this setup for a while, and am very happy with it. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp0XwSmfa6js.pgp Description: PGP signature
Re: RELENG_8 and clang
On Wed, Mar 31, 2010 at 02:34:11PM +0200, Svein Skogen wrote: What is the current status of getting FreeBSD and clang to play nice with eachother? Does world and kernel build? How far along is the project to replace GCC in the base system? Take a look at http://wiki.freebsd.org/BuildingFreeBSDWithClang I haven't tried it for a couple of months, at which point I ran into a build problem I didn't have time to investigate. Will have another go over the long weekend, I think! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpvGpn3ioF8M.pgp Description: PGP signature
Re: FreeBSD8.0 Firewall Script behaves much differently than 6.x
On Wed, Mar 31, 2010 at 09:43:53AM -0500, Martin McCormick wrote: I have just answered part of my own question. If you background the process as in sh /etc/rules.fw it works. You still get knocked off the remote connection but the backgrounded process continues to run without a controlling terminal and completes. The only remaining part of the question is: If one modifies the firewall rules and wants to make sure they are good, is there a more correct way to safely reload them from the script? One possible approach might be to make a copy of your rules, edit that and then do something like this in one session: # sleep 300 sh /etc/rules.fw And load the new rules from the new file in another: # sh /etc/rules.fw.new Now, if you lock yourself out, you wait 5 minutes before the last, presumably good, ruleset, gets reloaded and normality is restored. If you don't get locked out, simply kill the sleep process (which is why it's important to use instead of ; between your commands), and move the new ruleset to the original file name. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Creating multiple directories simultaneously
On Fri, Mar 26, 2010 at 07:12:48AM -0400, Jerry wrote: I could have sworn that I saw a method of creating several directories, actually a parent direct and several sub-directories simultaneously; however, I cannot fine the documentation any longer. Assume I want to create a directory: FOO with three directories under it, foo-1, foo-2 and foo-3. I tried: mkdir -p foo {foo-1, foo-2, foo-3} Almost. $ mkdir -p FOO/{foo-1,foo-2,foo-3} -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpGZtGlDJ3t0.pgp Description: PGP signature
Re: delete directory
On Wed, Mar 24, 2010 at 08:29:41AM +0800, Aiza wrote: This directory named empty has read/exec permissions. How do I delete it? # /usr/jails/newjail/var ls -l total 2 dr-xr-xr-x 2 root wheel 512 Nov 21 22:53 empty # /usr/jails/newjail/var cd empty # /usr/jails/newjail/var/empty ls -l total 0 # /usr/jails/newjail/var/empty cd .. # /usr/jails/newjail/var rmdir empty rmdir: empty: Operation not permitted # /usr/jails/newjail/var rm -rf empty rm: empty: Operation not permitted # /usr/jails/newjail/var chmod 777 empty chmod: empty: Operation not permitted I'd suggest you don't remove it - from sshd(8): /var/empty chroot(2) directory used by sshd during privilege separation in the pre-authentication phase. The directory should not contain any files and must be owned by root and not group or world- writable. If you intend to run sshd in your jail, you'd be better off leaving it. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What is the path of knowledge from Novice to committer, In FreeBSD?
On Mon, Mar 15, 2010 at 09:11:34AM +0530, Vishal Kashyap wrote: Respected Sir, *I am MCA(Master Of Computer Application) Student from India,Asia *and much intrested about UNIX or UNIX-like OS. As per my knowledge, in FreeBSD; there are *Volunteers(For Questioning) -- Contributers -- Committers* * 1] To be VOLUNTEER 2] After That; To Be Contributer 3] After That; To Be a Committer. * (Everyone is a volunteer, insofar as they don't get paid by FreeBSD for their work - that applies to those of us who answer the occasional question on the list to the most active kernel developers.) So, please guide me sir, about the above path (iff, it is correct) i.e. how could i cover above path? I mean to say, how could I develop my Knowlwdge in FreeBSD to follow above path. Find something in FreeBSD that you would like to see improved, study it, and improve it. If your patches are accepted, you have become a contributor. If you continue to provide high quality patches that lead to an improvement in FreeBSD's overall quality, you will one day be given commit rights. It's as easy as that. Note that your patches could be for utility or kernel code, or for documentation. The important thing is that they improve the quality of the system. Please, guide me with any thing you think better for me(books,web links,any thing). I've average knowledge of UNIX. And, right now; I am studying FreeBSD on Vmware Workstation. Use the source. It is freely available and is in any case what you will be working with if you intend to provide patches. There are various mailing lists that may prove useful (check out the available lists on the FreeBSD web site (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/eresources.html#ERESOURCES-MAIL) Good luck! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Loader.conf mfs statements
On Thu, Mar 04, 2010 at 09:48:27PM +0800, Fbsd1 wrote: Tyring to understand what mfsbsd is doing. In its loader.conf file i see these statements geom_uzip_load=YES mfs_load=YES mfs_type=mfs_root mfs_name-/mfsroot tmpfs_laod=YES vfs.root.mountfrom=ufs:/dev/mdo Where do I find documentation on the meaning of these statements? loader.conf(5) and /boot/defaults/loader.conf -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VirtualBox doesn't start
On Sun, Jan 31, 2010 at 08:39:49PM +0100, Frank Wi?mann wrote: Hi, Glen! Glen Barber schrieb: 2.) What version of VirtualBox is this? virtualbox-ose-3.1.2 and above do not require procfs(5); lesser versions do. When I try to mount /proc via fstab and mount -u -a I get the following error message: mount: proc : Invalid argument The line in /etc/fstab is as following: proc /proc procfs rw 0 0 procfs /proc procfs rw 0 0 ^^ Something is wrong here, too, but what? Greetings Frank -- GU d- s:+ a+ C+$ UBS$ P L- !E--- W N+@ !o K--? !w--- O !M- !V- PS+ PE Y? !PGP- t+ 5 X !R tv- b++ DI !D G e h+ r- y? When pack meets pack in the jungle and no one will move from the trail wait till the leaders have spoken it may be fair words shall prevail (Rudyard Kipling) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org !DSPAM:4b65dc85942291048420163! -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /etc/hosts.deniedssh
On Tue, Jan 19, 2010 at 02:22:03AM +0200, Ed Jobs wrote: On Tuesday 19 January 2010 00:39, David Southwell wrote: Examples from hosts.deniedssh I seem to be on the receiving end of a concerted series of unsuccessful break in attacks on one of our systems. One small part of the attack has resulted in over 2000 entries in our hosts.deniedssh file in less than 1 hour. I would be interested in any comments on the small example shown below and any advice. Thanks in advance David snip 2k entries are too much indeed. Really? wc -l /etc/hosts.deniedssh 12476 /etc/hosts.deniedssh Unless you mean specifically that a couple thousand in an hour is a lot, which I'd agree with, but wouldn't necessarily worry about it. are you running ssh on port 22? if yes, (and your users are ok with it) you can change it to another port. No, don't do that. Instead, consider using public key authentication and disabling password authentication. There are also various settings you can tweak to control the number of unsuccessful login attempts you are prepared to tolerate from an address in a predefined interval. sshd_config(5) will show you the way. Additionally, put all your permitted ssh users in a new group, and set the sshd config option AllowGroups. Better yet, as others have suggested, filter with a firewall - if you use pf, you can leverage your /etc/hosts.deniedssh file by using it to populate a pf table. You will need to configure DenyHosts to not resolve ip addresses, and then you can put these in /etc/pf.conf: table denyhosts persist file /etc/hosts.deniedssh block in log quick on $ext_if from denyhosts to any (Be sure to put these in suitable places. I don't have examples of using ipf or ipfw, but I'm sure they can handle it just as well.) DenyHosts provides a plugin system that allows you to run an arbitrary command upon addition or purging of an address. I use it to reload my pf denyhosts table so I can be reasonably sure that the firewall's opinion of whom to block is congruent with what DenyHosts thinks. A simple `pfctl -t denyhosts -T reload -f /etc/hosts.deniedssh' should be sufficient in either case, but you can get as fancy as you like. or maybe, temporary disable ssh login and use cron to enable it again in some time in the future. I would recommend against this, on the grounds that there may be a real administrative need to connect to the server during this dark period. With no ssh service until cron does its thing, you have no way of getting in, which makes me far more nervous than people knocking at my ssh port... Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: can't build pidgin...
On Mon, Jan 18, 2010 at 09:29:05PM -0800, Gary Kline wrote: when I do a make install clean in net-im/pidgin I constantly get rejects about the datestamp being wrong and the file is not retrieved. any help will be greatly appreciated. It sounds like a previous attempt to install it failed in some way, either through error or because you cancelled it. In any case, run `make distclean' in net-im/pidgin and try again. That will delete the portion of the distfile that you already have, and allow the ports system to fetch it again. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
gmirror, gjournal and glabel - which order?
Hi all, I'm having a hard time trying to work out which order I should set up gmirror, glabel and gjournal on a new system. I want to journal my /home partition, label all the partitions for ease of reference, and use gmirror to save me in the event a disk goes bad. I am struggling to fit the pieces together conceptually in my mind. I understand the processes involved in setting each part separately - my problem is in trying to build this up in the right order so that it all makes sense. So far, I have labelled the primary drive and set up the journal. I have edited fstab to reflect the labels and journalled file system on /home. If I now build a mirror, don't I need to alter fstab to mount that and not the stuff in /dev/label? In which case, I guess I need to build the mirror first, and then set up labels and journals? I'm going round and round in circles here and none of the stuff I've read on the web enlightens me... :-/ Any insights or suggestions would be taken as a great kindness! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpDBqKL2AYI3.pgp Description: PGP signature
Re: gmirror, gjournal and glabel - which order?
On Tue, Oct 13, 2009 at 01:08:46AM +0300, Manolis Kiagias wrote: Daniel Bye wrote: Hi all, I'm having a hard time trying to work out which order I should set up gmirror, glabel and gjournal on a new system. I want to journal my /home partition, label all the partitions for ease of reference, and use gmirror to save me in the event a disk goes bad. I am struggling to fit the pieces together conceptually in my mind. I understand the processes involved in setting each part separately - my problem is in trying to build this up in the right order so that it all makes sense. So far, I have labelled the primary drive and set up the journal. I have edited fstab to reflect the labels and journalled file system on /home. If I now build a mirror, don't I need to alter fstab to mount that and not the stuff in /dev/label? In which case, I guess I need to build the mirror first, and then set up labels and journals? I'm going round and round in circles here and none of the stuff I've read on the web enlightens me... :-/ Any insights or suggestions would be taken as a great kindness! Dan When not mirroring, I first create the journals and then label the resulting ad.journal devices In case you are doing a gmirror device, you would not really need the separate label step - the gm device name won't change and gmirror is not affected if the device names of the individual disks change (the disks are marked as part of a mirror and scanned at startup). When you are creating the composite gmirror device you are effectively labeling it anyway i.e. gmirror label gm0... Now if you follow the usual tutorials found in the web you would be using gm0 / gm1 but you actually name it any way you wish. If you really need to label the separate gmirrored partitions, do it after setting up the mirror. Concerning the order of journals and mirroring, I create the journals first, then mirror the result. This has always worked fine for me. Thanks much, Manoli. After posting, I came to more or less the same conclusion, but it's good to get confirmation from someone who clearly knows more about this stuff than I do! I'd still be interested to hear what others think/do. As ever, thanks for your time. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpH9gEpBAJ2C.pgp Description: PGP signature
Re: Updating the ports collection
On Tue, Oct 06, 2009 at 09:07:07PM -0400, Chris Hill wrote: On Wed, 7 Oct 2009, Olivier Nicole wrote: Hi Chris, The FreeBSD handbook section 4.5.1 describes several methods for obtaining the ports collection including CVSup, Portsnap, and sysinstall. Section 4.5.1 also describes how to update the ports collection, but only for the CVSup and Portsnap methods. Q1: How do I update the ports collection after using sysinstall to obtain it? I cannot speak for postsnap, but for cvsup: csup works (almost?) the same as cvsup, and is in the base system nowadays. I used to install cvsup, but now I only install fastest_cvsup; it's just a utility to find the fastest server for you at the moment. Some may correct me, but I use a file that contains: *default tag=. *default host=cvsup2.jp.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs *default delete use-rel-suffix *default compress ports-all I do the same, and run csup as: csup -g -h `/usr/local/bin/fastest_cvsup -Q -c us` /etc/supfile.ports You can set SUPHOST= `/usr/local/bin/fastest_cvsup -Q -c us` SUPFLAGS= -g in /etc/make.conf and save yourself some typing. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpgwSQSo6iuQ.pgp Description: PGP signature
Re: migrating users from one machine to another machine
On Fri, Oct 02, 2009 at 06:45:12AM +0700, Olivier Nicole wrote: Hi, What is the best way of migrating users from one machine (FreeBSD 6.3) to a new machine (FreeBSD 7.2)? I need to migrate their user account settings (shell, password, expiry etc) and also their data that they have in their directories. Basically: - you need to vipw on both machine and copy the user accounts from the old machine to the new machine, that is fast; Or copy /etc/passwd from the old machine to the new one, and run pwd_mkdb, which is essentially what vipw does anyway. And don't forget to sync your groups file as well! Dan - you need to copy the home directories of your users from one machine to the other, that can take long time if you have a lot of users with a lot of data. To be sure that there is no change being made by the users while you are copying the data/accounts, you must disable any login during the copy process. You can practice copying the accounts while the machines are online (login enabled); but be certain to do a final copy with the machine offline (login disabled). If copying data would take too long time and you cannot afford to put the system offline for such a long period, you could install rsync on both machines. - keep machines online and rsync the users data from the old machine to the new one. - repeat rsyncing indefinitely, this will continue copying file that has changed. - put the machine offline and do a last rsync: that one should not take too long as it will only copy what has changed since the very last run of rsync. Another way regarding the users' data, if they reside on a separate hard disk, you can simply physically mount that hard disk in the new machine. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpbqMzTvPJpt.pgp Description: PGP signature
Re: libxcb won't compile from ports
On Thu, Sep 17, 2009 at 09:35:55AM -0700, David Newman wrote: On 9/17/09 8:10 AM, Daniel Bye wrote: On Thu, Sep 17, 2009 at 07:45:52AM -0700, David Newman wrote: FreeBSD 7.2-RELEASE, i386 Running 'make install clean' from /usr/ports/x11/libxcb returns the patch error pasted below. Thanks in advance for clues on resolving this. I did not see anything helpful in the archives or on Google. Try `make distclean' and then `make make install' This produced the same result. Thanks again for any additional clues in resolving this error. dn o# cd /usr/ports/x11/libxcb/ somehost# make distclean === Cleaning for libxcb-1.4 === Deleting distfiles for libxcb-1.4 somehost# make make install === Vulnerability check disabled, database not found = libxcb-1.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch from http://xcb.freedesktop.org/dist/. libxcb-1.4.tar.bz2100% of 298 kB 29 kBps 00m00s === Extracting for libxcb-1.4 = MD5 Checksum OK for libxcb-1.4.tar.bz2. = SHA256 Checksum OK for libxcb-1.4.tar.bz2. === Patching for libxcb-1.4 === Applying FreeBSD patches for libxcb-1.4 1 out of 1 hunks failed--saving rejects to src/xcb_auth.c.rej = Patch patch-src-xcb_auth.c failed to apply cleanly. = Patch(es) patch-Makefile.in applied cleanly. *** Error code 1 Stop in /usr/ports/x11/libxcb. Hmm... I don't have the file patch-src-xcb_auth.c in x11/libxcb/files. Is your ports tree up to date? Other than that, I'm afraid I'm out of ideas. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpi7mxWJoYZd.pgp Description: PGP signature
Re: libxcb won't compile from ports
On Thu, Sep 17, 2009 at 07:45:52AM -0700, David Newman wrote: FreeBSD 7.2-RELEASE, i386 Running 'make install clean' from /usr/ports/x11/libxcb returns the patch error pasted below. Thanks in advance for clues on resolving this. I did not see anything helpful in the archives or on Google. Try `make distclean' and then `make make install' Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpXmxSCcgygO.pgp Description: PGP signature
Re: linux-pango won't install
On Sat, Sep 12, 2009 at 10:24:21PM -0600, Chad Perrin wrote: On Sat, Sep 12, 2009 at 02:19:22PM +0400, Boris Samorodov wrote: On Fri, 11 Sep 2009 23:01:23 -0600 Chad Perrin wrote: How long has this been broken for 7.2? Considering all the stuff that depends on linux-pango, I'm surprised it hasn't been fixed. It will be broken until someone provide an URL to non-vulnerable RPM package. Daniel Bye's comments seem to indicate that FreeBSD 8.x doesn't have this problem. Did I misunderstand? FreeBSD 8 uses linux-f10 as its default linuxulator, and in that, pango has been updated to 1.22.3, which doesn't seem to suffer from the same vulnerabilities. Or at least, they haven't yet been exposed! ;-) You may be able to use f10 on 7.2 - set compat.linux.osrelease=2.6.16 in /etc/sysctl.conf, and OVERRIDE_LINUX_BASE_PORT=f10 OVERRIDE_LINUX_NONBASE_PORTS=f10 in /etc/make.conf, then reinstall all your linux stuff. I did this before moving on to 8BETA1 and it worked OK. I think I ended up deleting all the old stuff, before installing afresh. As all the packages are already compiled, it shouldn't take long. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpBBmbqIrFzL.pgp Description: PGP signature
Re: linux-pango won't install
On Thu, Sep 10, 2009 at 09:49:13PM -0600, Chad Perrin wrote: For some reason, the x11-toolkits/linux-pango port won't install on my FreeBSD 7.2 system. When I try, I get the following: [Gathering depends for x11-toolkits/linux-pango .. done] --- Installing 'linux-pango-1.10.2_3' from a port (x11-toolkits/linux-pango) --- Building '/usr/ports/x11-toolkits/linux-pango' === Cleaning for linux-pango-1.10.2_3 ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portinstall20090910-66072-gzj01-0 env make ** Fix the problem and try again. ** Listing the failed packages (-:ignored / *:skipped / !:failed) ! x11-toolkits/linux-pango (unknown build error) How can I fix this? My Google and FreeBSD documentation searches have proven fruitless. I remember having the devil's own job upgrading this a while ago. Try running the install manually - portinstall tends to obscure the real error message, making it harder to track down the specific problem. Doing it manually should at least let you see what's going wrong! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpmtkTx4NvTn.pgp Description: PGP signature
Re: linux-pango won't install
On Fri, Sep 11, 2009 at 11:49:25AM +0100, Matthew Seaman wrote: Daniel Bye wrote: On Thu, Sep 10, 2009 at 09:49:13PM -0600, Chad Perrin wrote: For some reason, the x11-toolkits/linux-pango port won't install on my FreeBSD 7.2 system. When I try, I get the following: [Gathering depends for x11-toolkits/linux-pango .. done] --- Installing 'linux-pango-1.10.2_3' from a port (x11-toolkits/linux-pango) --- Building '/usr/ports/x11-toolkits/linux-pango' === Cleaning for linux-pango-1.10.2_3 ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portinstall20090910-66072-gzj01-0 env make ** Fix the problem and try again. ** Listing the failed packages (-:ignored / *:skipped / !:failed) ! x11-toolkits/linux-pango (unknown build error) How can I fix this? My Google and FreeBSD documentation searches have proven fruitless. I remember having the devil's own job upgrading this a while ago. Try running the install manually - portinstall tends to obscure the real error message, making it harder to track down the specific problem. Doing it manually should at least let you see what's going wrong! Dan Perhaps this will prove enlightening: significant-gravitas-shortfall:~:% portaudit -a Affected package: linux-f8-pango-1.18.4_1 Type of problem: pango -- integer overflow. Reference: http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035.html 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. Ah yes, now I remember! I recently upgraded to 8-BETA* which uses f10 by default, and the f10 linux pango doesn't seem to have that problem. Perhaps that's how I ended up fixing it... Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpERPFvQA70K.pgp Description: PGP signature
Re: Using mdconfig for swap space
On Tue, Sep 08, 2009 at 07:52:59PM -0400, Jerry McAllister wrote: On Tue, Sep 08, 2009 at 04:51:20PM -0500, Peter Steele wrote: Are there any advantages to using mdconfig and creating a virtual disk for swap space as opposed to having a designated swap partition? For example, I could do something like this: Unless I am missing something basic here, it seems like a bad idea to me - to carve out and use up some memory to use as extra storage for processes that need more memory that you have taken away to give to swap. That is self defeating. In addition, one use of swap is to write dumps to if there is a crash. If you put it in memory, it is gone when you reboot. He's talking about using a swap file, rather than a dedicated partition on the disk, not in RAM! Although it is slightly slower, as Chuck has already pointed out, it might, in certain circumstances, be a somewhat more convenient solution than repartitioning/reinstalling the whole system. And as RW has said, the facility already exists and can be enabled with a couple of knobs in /etc/rc.conf. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpMvbL6kGGlc.pgp Description: PGP signature
Re: Using mdconfig for swap space
On Wed, Sep 09, 2009 at 10:59:23AM -0400, Jerry McAllister wrote: On Wed, Sep 09, 2009 at 11:57:07AM +0100, Daniel Bye wrote: On Tue, Sep 08, 2009 at 07:52:59PM -0400, Jerry McAllister wrote: On Tue, Sep 08, 2009 at 04:51:20PM -0500, Peter Steele wrote: Are there any advantages to using mdconfig and creating a virtual disk for swap space as opposed to having a designated swap partition? For example, I could do something like this: Unless I am missing something basic here, it seems like a bad idea to me - to carve out and use up some memory to use as extra storage for processes that need more memory that you have taken away to give to swap. That is self defeating. In addition, one use of swap is to write dumps to if there is a crash. If you put it in memory, it is gone when you reboot. He's talking about using a swap file, rather than a dedicated partition on the disk, not in RAM! Although it is slightly slower, as Chuck has already pointed out, it might, in certain circumstances, be a somewhat more convenient solution than repartitioning/reinstalling the whole system. And as RW has said, the facility already exists and can be enabled with a couple of knobs in /etc/rc.conf. I understand using a file and making it in to swapspace. I have used that a couple of times when I needed to add some swap space temporarily. But isn't the command he is trying to use (mdconfig) for creating a memory filesystem - eg use a chunk of memory and make a file from it (then use it for swap or whatever)?That is in RAM. No, with the -t vnode and -f filename options, he'd actually be creating a file-backed memory disk. The terminology can be a little confusing, but in this instance the file wouldn't be loaded into RAM, but would instead be treated as any other disk-like device. It's exactly the same approach as used by /etc/rc.d/addswap, which gets its configuration from $swapfile set in /etc/rc.conf. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpucoDWr6Wwu.pgp Description: PGP signature
Re: Regex Help - Greedy vs. Non-Greedy
On Wed, Sep 09, 2009 at 09:15:25AM -0700, Drew Tomlinson wrote: I'm trying to do a search and replace in vim. I have lines like this: http://site1/dir/; http://site2/dir/;LastName, FirstName;Phone; http://site3/dir/;LastName, FirstName; http://site4/dir/; I'm want to match http:* and stop matching at the first ;. My basic regex is: /http:.\+;/ But it's matching *all* the semi-colons. Thus I've Googled and tried various incatations to try and make my regex non-greedy but I can't seem to come up with the correct combination. How can I write a regex that stops matching at the first semi-colon? Tested in vi, not vim: /http:[^;]*/ Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgphr4aSkzZCA.pgp Description: PGP signature
Re: What invokes cricket on FreeBSD
On Thu, Sep 03, 2009 at 10:42:57AM -0400, Jerry wrote: On Thu, 3 Sep 2009 09:41:07 -0400 stan st...@panix.com wrote: OK, I found in the cron man page the following: Before running a command from a per-account crontab file, cron checks the status of the account with pam(3) and skips the command if the account is unavailable, e.g., locked out or expired. So, now the question is, how do I unlock that user? This gets strnager. I found the pw cammand, which should do thatm but: pnoc# pw unlock cricket pw: user 'cricket' is not locked So, how come: pnoc# su - cricket This account is currently not available. Something appears to be broken. You might try a new installation. The port creates the user and group if it does not exist. No, this is the expected behaviour when an account has /sbin/nologin as its shell. Matthew has already offered a solution to this problem, several replies ago. As root: # su -m cricket Which will give you a basic prompt belonging to cricket. Then: $ crontab -e Or, in one command, as root: # crontab -u cricket -e In either case, you shoule be left with an editor session in which you can create or modify user cricket's crontab. If not, tell us the error message. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpKA7HBsufpM.pgp Description: PGP signature
Re: jpeg-7 - rebuild all dependencies - how?
On Fri, Jul 24, 2009 at 02:03:43PM +0200, Ewald Jenisch wrote: Hi, Updating one of my sytems I followed /usr/ports/UPDATING and did a pkg_delete -r jpeg-6b_7 - only to discover that everything that Au contraire, Blackadder. UPDATING says to run either of portmaster -r jpeg* OR portupgrade -fr graphics/jpeg It says nothing of pkg_delete. depends on jpeg-* is gone - this involves little wonders like the complete gnome2 environment plus e.g. firefox, gimp, openoffice. pkg_delete -r package - recursively delete package and all others that depend on it. What's really bad however is that all information about the dependencies that were there before is now gone, i.e. the system has no clue that e.g. gnome2 was installed. Yep, because pkg_delete removed their entries from the registry. Fortunately, in my particular case, I did a pkg_info -Rx jpeg- prior to that pkg_delete so at least I have clue as to the state of my ports that depend on jpeg-* before that pkg_delete. So here are my questions: o) Do I really have to re-build every port that depends on jpeg-* from scratch; i.e. make make installing every port? (i.e. take the list from pkg_info (see above) and build everything by hand) That's going to be the best bet, yes. o) Is there a less painful way to upgrade everything that depends on jpeg-* You could try installing prebuilt packages, but they might not all have been updated yet to use the new version of jpeg. PS: To my understanding the information in /usr/ports/UPDATING is a little misleading without mentioning anything that pkg_delete basically removing all dependencies leaving the system in a state with the dependent packages deleted having no clue as to what was there before. Maybe a little hint about this would possibly keep others from falling into similar traps Read the relevant entry again. It mentions nothing about running pkg_delete. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpWdOudX4FgG.pgp Description: PGP signature
Re: jpeg-7 - rebuild all dependencies - how?
Ooops! My apologies - it seems that an earlier version of UPDATING did indeed say to pkg_delete. Ewald, I'm sorry for sounding so patronising - I feel like a total fool now. ~blush Dan On Fri, Jul 24, 2009 at 01:55:42PM +0100, Daniel Bye wrote: On Fri, Jul 24, 2009 at 02:03:43PM +0200, Ewald Jenisch wrote: Hi, Updating one of my sytems I followed /usr/ports/UPDATING and did a pkg_delete -r jpeg-6b_7 - only to discover that everything that Au contraire, Blackadder. UPDATING says to run either of portmaster -r jpeg* OR portupgrade -fr graphics/jpeg It says nothing of pkg_delete. depends on jpeg-* is gone - this involves little wonders like the complete gnome2 environment plus e.g. firefox, gimp, openoffice. pkg_delete -r package - recursively delete package and all others that depend on it. What's really bad however is that all information about the dependencies that were there before is now gone, i.e. the system has no clue that e.g. gnome2 was installed. Yep, because pkg_delete removed their entries from the registry. Fortunately, in my particular case, I did a pkg_info -Rx jpeg- prior to that pkg_delete so at least I have clue as to the state of my ports that depend on jpeg-* before that pkg_delete. So here are my questions: o) Do I really have to re-build every port that depends on jpeg-* from scratch; i.e. make make installing every port? (i.e. take the list from pkg_info (see above) and build everything by hand) That's going to be the best bet, yes. o) Is there a less painful way to upgrade everything that depends on jpeg-* You could try installing prebuilt packages, but they might not all have been updated yet to use the new version of jpeg. PS: To my understanding the information in /usr/ports/UPDATING is a little misleading without mentioning anything that pkg_delete basically removing all dependencies leaving the system in a state with the dependent packages deleted having no clue as to what was there before. Maybe a little hint about this would possibly keep others from falling into similar traps Read the relevant entry again. It mentions nothing about running pkg_delete. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpszwDjGvazU.pgp Description: PGP signature
Re: jpeg-7 - rebuild all dependencies - how?
On Fri, Jul 24, 2009 at 03:16:54PM +0200, Peter Boosten wrote: Daniel Bye wrote: On Fri, Jul 24, 2009 at 02:03:43PM +0200, Ewald Jenisch wrote: Hi, Updating one of my sytems I followed /usr/ports/UPDATING and did a pkg_delete -r jpeg-6b_7 - only to discover that everything that Au contraire, Blackadder. UPDATING says to run either of portmaster -r jpeg* OR portupgrade -fr graphics/jpeg It says nothing of pkg_delete. Not anymore, no. This is what's in my UPDATING: quote 20090719: AFFECTS: users of graphics/jpeg AUTHOR: din...@freebsd.org jpeg has been updated to 7.0. Quick instructions: pkg_delete -r jpeg-6b_7 Please rebuild all ports that depends on it. /quote I thought it to be the most stupid upgrade strategy ever, but indeed it was there in the beginning. Yes, now that I look at it, it does seem a little brain damaged... I must admit that when I went through the update a few days ago, I automatically used portupgrade - didn't even notice it said pkg_delete... Here's a list of things I've learnt today: * Don't gob off before you have all the facts to hand. * Being a clever bastard has the unfortunate tendency to backfire, leaving one looking like a prat. *facepalm* Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpw7dDrOEX29.pgp Description: PGP signature
Re: Can't login to the system...!
On Thu, Jul 23, 2009 at 04:56:35PM +0300, thanos trompoukis wrote: Hi all, I am a noobie here. I was in the system as root and I type this command: chsh -s usr/local/bin/bash (without reason,by mistake) when I reboot the system I give username password and I see this: login: usr/local/bin/bash: No such file or directory FreeBSD/i386 (leonidas.MSHOME) (ttyv0) login: But I can access the system as another user, and when I type *su* I can login as root fine. I have no idea what i've done. Give me your lights please. You mangled the path to bash in the chsh command - note the absense of a leading / Become root using su, then change your root shell back to /bin/tcsh: # chsh -s /bin/tcsh All should now be well. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpB2GKHQLZTp.pgp Description: PGP signature
Re: cupssamba jailed
On Tue, Jun 23, 2009 at 08:07:19PM -0500, Derek Funk wrote: Attempting to setup cups and samba into a jail. How do you mount/add device node /dev/ulpt0 within a jail. Essentially I would like to know, how to add device nodes within jail /dev for specifically the devices I want? You need to create some devfs rules, which live in a file called /etc/devfs.rules in the HOST system. As an example to get you going, here is what I use (edited for brevity): [localrules=101] add path 'da*' mode 0664 group operator add path 'acd*' mode 0666 group operator add path 'cd*' mode 0666 group operator [hide_all=201] add hide [unhide_basic=301] add path null unhide add path zero unhide add path crypto unhide add path random unhide add path urandom unhide add path net unhide add path net/lo0 unhide add path net/nfe0 unhide [unhide_login=401] add path 'ptyp*' unhide add path 'ptyq*' unhide add path 'ptyr*' unhide .. # Devices usually found in a jail. # [devfsrules_jail=501] add include $hide_all add include $unhide_basic add include $unhide_login And then in /etc/rc.conf, you'll need a couple of extra settings: devfs_system_ruleset=localrules jail_jailname_devfs_ruleset=devfsrules_jail In your case, you'd want to put the printer device node in either one of the already defined rulesets, or in a new set which you then include in the [devfsrules_jail=501] section. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpSjwZEYDpx7.pgp Description: PGP signature
Re: Files in /var/ftp/etc directory.
On Wed, Jun 17, 2009 at 10:22:14AM -0400, Carmel NY wrote: This is probably a dumb question; however, since I don't know the answer I figured I might as well ask. On a new installation of FreeBSD-7.2, I opted to set up an anonymous FTP server. I just noticed that there are three files in the '/etc' directory. 1) ftpmold 2) group 3) pwd.db They are to enable group and uid lookups when a logged in client issues, for example, an ls command. Without them, clients will only see the numeric user and group ids. And is it really pwd.db? I would expect passwd, but I haven't run an anonymous ftp server for about a decade now... In either case, both files must be readable by everyone, or lookups would fail. Compare the files of the same name in your system's /etc - both have rw-r--r-- permissions, for the same reason - to commands invoked by ordinary users to perform user name and group name lookups. I know what the first one is, but what are the other two for? They are visible and down loadable to any visitor who accesses the site. Is this normal or is this something I should be concerned about? Can I just delete the two files I am unsure of? -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpL56oa36ich.pgp Description: PGP signature
Re: Problem with bash script
On Tue, Jun 16, 2009 at 02:33:37PM +, Paul Schmehl wrote: --On Tuesday, June 16, 2009 08:09:09 -0500 Carmel NY carmel...@hotmail.com wrote: I am attempting to write a simple Bash script that will find all the '*.pem' files in a directory structure and move them to another directory. It seems to work until I get to the copy part where it fails. My scripting skills are not that good. Perhaps someone could tell me what I am doing wrong. This is the script: # ! /usr/bin/env bash # Save the field separator oIFS=$IFS # Set it to line breaks IFS=$'\n' for i in $(find ./ -name *.pem -print); do # Get the basename BN=$(basename $i) # copy the file to another directory using the base name cp $i /usr/home/tmp/$BN done # Reset the IFS variable IFS=$oIFS exit When I write scripts, I test them on the commandline to see if they're doing what I think they're doing. I don't get the $(find ) It does exactly the same as `command -a rgs`, but all characters between the parentheses are taken literally (in the backtick form, certain chars have special meaning, but not in the $() form.) construction. You're invoking find from within a for loop to return a value. Use backticks. This works. for i in `find ./ -name *.pem -print` do foo bar done It also works with the $() form, provided the target directory exists! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp7aBx5Ctfjr.pgp Description: PGP signature
Re: jail's adjkerntz
On Wed, May 20, 2009 at 11:31:46AM +0200, Herbert J. Skuhra wrote: 2009/5/20 alexus ale...@gmail.com: inside of my jail i get following emails... adjkerntz[25058]: sysctl(set: machdep.adjkerntz): Operation not permitted i dont remember getting these before... i did changed time zone recently though... Hi! You can disable adjkerntz in /etc/crontab: #1,31 0-5 * * * rootadjkerntz -a And then run '/etc/rc.d/cron restart'. No need. cron wakes up every minute and reads all known crontabs afresh, including the system one in /etc/crontab. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp2c62KmrrkP.pgp Description: PGP signature
Re: ppc install problem
On Mon, May 18, 2009 at 02:38:17PM -0500, Jason wrote: Hello, Hello. I attempt to boot the ppc 7.2 install cd on a G4 Tower (Yikes!, I believe). It gets past open firmware without problem. It enters the normal boot process for FreeBSD. It starts loading drivers, and it fails on loading bmac. It says that it is failing to initialize the hardware. Then, the machine freezes. Do you know what piece of hardware bmac is initing, and can you imagine what the problem might be? Has anyone else encountered this? If you haven't already, I suggest asking this on the ppc@ mailing list - the guys over there are really helpful. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpa5kzuQX1Va.pgp Description: PGP signature
Re: /etc/ttys
On Thu, May 07, 2009 at 10:18:03PM +1000, Ian Fitzgerald wrote: Dumb question because of dumb action: can anyone point me to a place where I can find a copy of /etc/ttys? - suitable for FreeBSD v7.2 /usr/share/examples/etc/ttys -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpHmHp92JwGR.pgp Description: PGP signature
Re: Using portsuprade only for security
On Tue, May 05, 2009 at 08:37:28AM -0400, Daniel Underwood wrote: I ran a portsupgrade scan, and was presented with a long list of installed ports and whether an update was available. In general, I prefer not to update ports/packages between FreeBSD releases. An obvious exception to this general rules is the patching of security vulnerabilities; of course not all available updates are security fixes. So my question is: how or where can I monitor security vulnerabilities? Or, how can I keep my system up-to-date with respect to security, without applying every non-security update? Subscribe to security-notifications@ (for base system security alerts), and install ports-mgmt/portaudit. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpU18cwmGxMS.pgp Description: PGP signature
Re: French-Canadian Keyboard keyboard switching
On Tue, Apr 28, 2009 at 06:42:52AM -0400, PJ wrote: Anyway, everything I have tried does not work on FreeBSD or on xorg. What have you tried already? Are you using hald to autoconfigure Xorg, or are you still using the static xorg.conf file? Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpsbLhxu3Hys.pgp Description: PGP signature
Re: bash suddenly doesn't like $() syntax
On Sat, Mar 21, 2009 at 08:49:01AM -0400, Michael P. Soulier wrote: Hello, I'm running the shells/bash port on 6.3, and I recently ran a portupgrade. All of a sudden when I login, my standard .profile and .bashrc are causing a bunch of error messages, like so -bash: command substitution: line 39: syntax error near unexpected token `)' -bash: command substitution: line 39: `})' It would see that bash no longer likes the $() command substitution syntax. Does that mean that it's defaulting to some sort of posix compatibility mode now? It's a bug in bash 4. It was discussed here a few days ago. I would deinstall v.4 and install shells/bash3 until the bug's fixed. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp4WojuUNcqj.pgp Description: PGP signature
Re: portupgrade, afterwards
On Mon, Mar 09, 2009 at 02:03:59PM -0700, gahn wrote: Hi all: Where is the result of portupgrade -fa stored at? it showed a bunch files didn't go through or failed. just wondering whether I can take look at the results after I rebooted the server. If that's exactly how you ran portupgrade, then I'm afraid you won't have any log info anywhere. You need the -L flag to portupgrade, which takes a printf(3) style format string (see man portupgrade for an example of how to use it), or you can run portupgrade in a script(1) session, something like this: # script /var/log/portupgrade.log portupgrade -fa Note that this approach will log ALL output generated by portupgrade, stderr and stdout, so the log file will get large. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp7W00FyC3CM.pgp Description: PGP signature
Re: freebsd-update patch not being applied
On Sun, Mar 01, 2009 at 08:50:48AM -0800, James wrote: For some reason when i type uname -a on my desktop, which is running 7.1, all I see is this: $ uname -a FreeBSD me 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 08:58:24 UTC 2009 r...@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 But if i run freebsd-update fetch i get this $ sudo freebsd-update fetch Password: Looking up update.FreeBSD.org mirrors... 2 mirrors found. Fetching metadata signature for 7.1-RELEASE from update2.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 7.1-RELEASE-p3. Everytime the application has said there are new updates i installed them with `freebsd-update install`, and eventually i got around to restarting, but when I log back in and type `uname -a` I get the same message as above: `7.1-RELEASE #0` Now on a seperate system running 7.0 I have a similar problem where uname -a always reports `7.0-RELEASE-p7 #0` even though freebsd-update reports Looking up update.FreeBSD.org mirrors... 2 mirrors found. Fetching metadata signature for 7.0-RELEASE from update2.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 7.0-RELEASE-p10. Now I'm new to the BSD world, but i do have a fair amount of experience with Linux. What I am trying to figure out here, is why uname -a reports a different patch number than it should. This is the normal behaviour for freebsd-update. The patch level number will only bump if an update affects the kernel. The most recent updates for 7.1 didn't touch the kernel, so you still see the previous (somewhat confusing) version number. However, if the next update requires that the kernel be replaced, then you'll see the patch level number increase. Hope this makes sense... Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpra17LS9ofP.pgp Description: PGP signature
Re: Can stock syslog do hostA - fileA?
On Thu, Feb 26, 2009 at 10:19:34AM -0400, Paul Halliday wrote: I am collecting syslogs from a PIX and a couple of Barracudas. It would be a lot easier for each to have their own logfile. I have been poking around a bit; I saw this one: +host1 /var/log/host1 but it doesn't appear to work. Is it being trumped by something else in the config file? Is the syntax wrong? See this page in the handbook. http://www.freebsd.org/doc/en/books/handbook/network-syslogd.html I just followed it and it works fine. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpPg6R2KmTnd.pgp Description: PGP signature
Re: make config options find / used same as binary package
On Mon, Feb 23, 2009 at 09:20:54AM +0200, Brent Clark wrote: Hiya Recently someone asked about the showing of the config options from the ports. My questions is, how do we see or find what were the options used when installed from binary (pkg_add -r binaryPackage). If you install packages from the FreeBSD package servers, they will have been built with the default set of options. In each case, you can check the Makefile and/or config dialog in the package's port to discover exactly what that means for any given package. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpgKng96abUt.pgp Description: PGP signature
Re: xorg 7.4 keyboard localisation (xorg.conf vs hal)
On Sun, Feb 01, 2009 at 05:42:39PM +0100, Sebastien Chassot wrote: Hi, I've upgrade to xorg7.4 and apparently keyboard and mouse are now working with hald. In xorg.conf changing old keybord config as no effect and I can't find how change it with hal. I've got /usr/local/etc/hal/fdi/* but no *keymap* and I don't know how build such a file. This should get you started: ?xml version=1.0 encoding=ISO-8859-1? deviceinfo version=0.2 device match key=info.capabilities contains=input.keyboard merge key=input.xkb.layout type=stringgb/merge /match /device /deviceinfo Change the `gb' in the example to your local keymap name, save the file as /usr/local/etc/hal/fdi/policy/x11-input.fdi and restart hald. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpYsxps4y2qv.pgp Description: PGP signature
Re: Registry corrupt?
On Sat, Jan 24, 2009 at 07:53:47AM -0600, Jack L. Stone wrote: At 07:29 AM 1.24.2009 -0600, Jack L. Stone wrote: At 07:06 AM 1.24.2009 -0600, Jack L. Stone wrote: At 04:33 PM 1.23.2009 +0100, cpghost wrote: On Fri, Jan 23, 2009 at 05:56:45PM +0300, Odhiambo Washington wrote: On Fri, Jan 23, 2009 at 5:19 PM, Jack L. Stone ja...@sage-american.comwrote: During an upgrade from fbsd-6.3 -- fbsd-7.0, something strange happened. Some of the programs will not run after rehash or even when given the precise path to the program. System doesn't see several but not all programs. I've upgraded several servers (using source files -- cvsup) withoug any such problem. It's just this one machine. BTW2: Yes, I do know this isn't windows and doesn't have a registry per se in that regard, but something does keep track of the programs installed and I've never located that place/file/db not having a crucial reason to before. Ports and packages are, if you like, 'registered' in subdirectories of /var/db/pkg Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpXJ9CDDMjUk.pgp Description: PGP signature
Re: Registry corrupt?
On Fri, Jan 23, 2009 at 05:02:27PM +0100, Wojciech Puchar wrote: it's not windows. there are fortunately no registry in unix. your problem explanation is too short to help you. describe something more. and what you mean rehash? `rehash' is a builtin in some shells - csh and zsh come to mind. It is used to cause the shell to reread the PATH environment variable and rebuild its internal hash (hence rehash) list of items in the path. The hash is used by the shell as a mapping between program names and their canonical location on the file system. It's what lets you say `ls' instead of having to say `/bin/ls', etc. If you install a new port then such shells will not immediately pick up the new executable - which is when you need to `rehash'. bash handles these cases differently, obviating the need for the rehash command. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp7wRnAMJQLI.pgp Description: PGP signature
Re: Createing a package.
On Sat, Jan 03, 2009 at 12:23:06PM -0500, stan wrote: I have managed to build OO on a machine of the same architecture as I want to run it oon. The target machine does not seem to be capable of building it. I suspect that it does not have enough memory. Can I create a package on the donor machine to move this to the target machine? Or is there a better way to do this? No, this is about the best way to do it. The tool you need is pkg_create. # pkg_create -b portname should do it. You'll need the full version number, so on my system the portname bit is openoffice.org-2.4.2. Good luck! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgprT47q7sqyC.pgp Description: PGP signature
Re: Simple swap question
On Thu, Dec 18, 2008 at 10:28:18AM -0600, Kirk Strauser wrote: On Thursday 18 December 2008 09:16:10 FreeBSD wrote: Hi everyone, I have a FreeBSD 7.0-Release server that started to swap after an error in a shell script (process spawning competition ;-) ). I killed the shell and the RAM is now OK. The problem is that the swap is still used. How can I reset the swap? You don't. The system will handle it for you, I promise. :-) And very well, too. You can prompt it to move pages back into RAM if you start using a swapped- out process again - say, for example, a quiescent word processor had been swapped out, you could get it back by raising it and starting to type. But as Kirk said, there really is no need. It's one of the kernel's many jobs, and I'm inclined to leave it get on with it! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgptlItQtAV8U.pgp Description: PGP signature
Re: Simple swap question
On Thu, Dec 18, 2008 at 12:02:06PM -0500, FreeBSD wrote: Daniel Bye a ?crit : On Thu, Dec 18, 2008 at 10:28:18AM -0600, Kirk Strauser wrote: On Thursday 18 December 2008 09:16:10 FreeBSD wrote: Hi everyone, I have a FreeBSD 7.0-Release server that started to swap after an error in a shell script (process spawning competition ;-) ). I killed the shell and the RAM is now OK. The problem is that the swap is still used. How can I reset the swap? You don't. The system will handle it for you, I promise. :-) And very well, too. You can prompt it to move pages back into RAM if you start using a swapped- out process again - say, for example, a quiescent word processor had been swapped out, you could get it back by raising it and starting to type. But as Kirk said, there really is no need. It's one of the kernel's many jobs, and I'm inclined to leave it get on with it! Dan Thanks for your answer. I'm asking here because it's been several days and there is still used swap for data that should never be used anymore. If the kernel wants to keep it, why not move it to RAM now that there is some free? Because it has swapped out an entire process, which hasn't subsequently been woken up again. It's you that says the data are never going to be needed again - the kernel doesn't know that, so keeps the pages there in swap until you either reawaken the process, or kill it, at which point the swap space they occupied will be freed up. You can see which processes are swapped out in top - the process name is in parentheses. If it is irking you sufficiently, you can kill the processes and reclaim your swap ;-) Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpxjvbhYUZzD.pgp Description: PGP signature
Re: portsnap and portupgrade
On Thu, Dec 18, 2008 at 04:41:22PM +0100, Pieter Donche wrote: Portsnap doesn't know about anything in the ports tree that it didn't put there itself. For that reason it needs to bring the tree to an initial known-state by replacing all port directories and other files. For the same reason you shouldn't mix portsnap and c[v]sup. So, do you confirm my statement that only a portsnap update is OK? After the initial fetch and extract, yes, you should use update. The extract will bring the tree up-to-date with the fetched snapshot. You could use extract instead of update all the time, except that it's slower and deletes user generated files in the ports directories (e.g. README.html). So since it's faster and doesn't delete user generated files, upgrade is always to be preferred over extract, right? Yes. As RW has already noted, extract will replace the entire ports tree with the pristine version in portsnap's archive. This is quite a lengthy process, given the size of the ports tree these days. update on the other hand, only replaces those ports that are different between the currently installed tree, and the tree in the new portsnap archive. I hope that makes sense... Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpKftKvspQs1.pgp Description: PGP signature
Re: /tmp running out of inodes
On Thu, Dec 18, 2008 at 08:54:33AM -0800, Tankko wrote: On a side question...what the the best policy for deleting files from /tmp? Seems like a lot of apps are happy to leave files in /tmp. Is clean up commonly done as a cron job? What about files like mysql.sock= which are important. I can't just blindly remove everything in /tmp each night. As Kirk has already said, you need to figure why this is happening in the first place, but there is a periodic job which can help keep /tmp tidy for you. It is in /etc/periodic/daily/110.clean-tmps and can be enabled with this in /etc/periodic.conf: daily_clean_tmps_enable=YES You can tailor its behaviour depending on your needs - look for the relevant knobs in /etc/defaults/periodic.conf Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpG0snG3rd8V.pgp Description: PGP signature
Re: Any doc reference on /entropy file ?
On Tue, Dec 16, 2008 at 02:08:10PM +0100, Bernard Dugas wrote: Hi, When i look at / in a standard installation like : FreeBSD XXX 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 r...@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 There is only 1 file, named entropy : -rw--- 1 root wheel 4096 Dec 11 17:36 entropy I can't find any reference to that file in FreeBSD doc. Any reference to it ? What is it used for ? I have look in RANDOM area, but no reference... Do i have to keep it read/write ? Can i put it in /var instead of / to be able to keep / read-only ? It is used to safely seed the random number generator, I believe. A quick search through /etc/rc.d/* and /etc/defaults/rc.conf reveals that you can set $entropy_file in /etc/rc.conf to anything you like, although a comment suggests # Set to NO to disable caching entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. So yes, it seems you could move it off / if you want. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpzUNzpkVMxg.pgp Description: PGP signature
Re: Sticky mouse pointer on machine with high load
On Fri, Dec 05, 2008 at 07:23:48PM -0800, Yuri wrote: Often when my machine has load is 2 or higher it becomes very visible that mouse motion isn't smooth. Mouse moves in a series of quite long jumps. I believe this effect is especially pronounced when some applications read/write a lot of files. My understanding is that this is because signal from mouse gets stuck in the fifo somewhere and not processed by x-server in time. Is there any solution to this problem? Not guaranteed, but it has worked for several people in the past - try rebuilding your kernel with the SCHED_ULE scheduler, instead of the SCHED_BSD4 scheduler. Although ostensibly its benefits are more obvious on multi-processor machines, it does often seem to fix this mouse lag issue that comes up from time to time. It has been discussed on the list several times, so you might find some interesting further reading if you search the archives. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpsCPHbWhT2p.pgp Description: PGP signature
Re: Firewalls using a DNSbl (and distributed ssh attacks)
On Wed, Dec 03, 2008 at 07:43:26PM -0600, Jeffrey Goldberg wrote: It's not a big issue, but I'm wondering if there is a DNSBl that lists IPs that are engaging in brute force ssh attacks. And if there is such a list, is there a way to integrate that information into a firewall or sshd. As I've said this really isn't a big issue for me, as the brute force attempts at sshd are nothing but an annoyance as I review logs. The attacks that I'm seeing appear to be coordinated and distributed. That is, there will be one attempt on username fred from one IP immediately followed by an attempt on freddy from another IP followed by an attempt on fredrick from a third source and so on. I don't know of any DNSbl type service, but I am using DenyHosts with very great success. Its synchronisation feature allows participating instances of the script to share IP addresses of misbehaving hosts, so as soon as an address hits the database, it's only a matter of an hour or so before your instance can start blocking it. The basic setup uses TCP wrappers to block offending hosts, but I am using the datafile it maintains as a file-based table in pf, which I reload periodically from a cronjob. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpTYCn2NsJaz.pgp Description: PGP signature
Re: Ruby on rails on freebsd 7
On Fri, Nov 28, 2008 at 11:30:20AM +0200, Robby Balona wrote: Has anybody managed to get Ruby on Rails 2 working on Freebsd 7 . I have tried for 3 day now . Done portupgrades and portsnaps but still cant seem to get it to work Yes, I'm using it very successfully. The version of Rails in ports seems to have stuck at 1.2.6. I get the following error when I run rails ../lib/rails_generator/options.rb:32:in default_options: undefined method write_inheritable_attribute I googled this error and found very little to help except that it looks like its something to do with activesupport-1.4.2 not being install correctly... rails 2.* ships with activsupport 2.*. Your best bet will be to upgrade your installed gems: $ sudo gem upgrade --system (If that doesn't work, try `update_rubygems' instead) Gems should now report its version as 1.3.1: $ gem -v 1.3.1 Now you can simply use gems to install Rails and its dependencies: $ sudo gem install rails --include-dependencies If you really want version 2.0 or 2.1 instead of the recently released 2.2, include a --version=2.1 to the command. However, given the enhancements, I'd go with the latest. HTH, Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpb2OAo28bZi.pgp Description: PGP signature
Re: Disabling boot messages
On Wed, Nov 12, 2008 at 06:40:29PM +0800, Fbsd1 wrote: Running a release 7.0 Xorg / Gdm / Xfce Desktop world. Would like to go from powering on the PC directly to the Gdm login screen. Don't want the users seeing all those boot message roll by. Can this be done? It can - see the FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/x.html#INSTALL-SPLASH Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpg0VnQJWOPv.pgp Description: PGP signature
Re: How to restore a lost root password...
On Sun, Oct 26, 2008 at 09:18:25PM +0100, Rada alive wrote: I have seen a How to about this but I have a problem, i set the console to insecure, so when I try to do the step of the how to i get a message to input the root password or Ctrl-D to enter in multiuser mode. What happened to just booting into single-user mode and issuing passwd? The OP made a point of letting us know that he has marked his console `insecure' in /etc/ttys. In order to even get a shell in single user, he needs the root password. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpdPWpeb3Vw7.pgp Description: PGP signature
Re: DHCP server
On Fri, Oct 24, 2008 at 11:43:32AM +0200, Svein Halvor Halvorsen wrote: Hi, I'm not sure if this is an issue with my dhcp server or the client, but since I seem to get troubles with two different clients, I'm thinking it might be the server: I've got a FreeBSD 7.0-p4 machine running isc-dhcp3-server-3.0.5_2 serving my home network. When my Linux (Archlinux) client request a lease, this happens: [EMAIL PROTECTED]:~]$ dhcpcd -n eth0 eth0: dhcpcd 4.0.2 starting eth0: broadcasting for a lease eth0: offered 10.0.0.176 from 10.0.1.1 `mirrorball' eth0: checking 10.0.0.176 is available on attached networks ... and then it times out, and does not configure the network. This makes me think that there may be a client issue, since the DCHP server does indeed offer an address. But I also have troubles with a Mac OS X client (although it's a little more vague about the errors). If the server is handing out /24 network prefixes, then once your clients bind the offered address in 10.0.0/24, they can no longer communicate with the server in 10.0.1/24. You can a) give the DHCP server an alias IP address in 10.0.0/24 on the appropriate interface b) change the network prefix to 16 bits, so that 10.0.0 and 10.0.1 (and ALL other addresses with the prefix 10.0) are in the same logical network space c) renumber your DHCP pool Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpj91QEftOyE.pgp Description: PGP signature
Re: FreeBSD and Nagios - permissions
On Thu, Oct 16, 2008 at 01:04:52AM -0700, Jeremy Chadwick wrote: On Thu, Oct 16, 2008 at 09:32:02AM +0200, Per olof Ljungmark wrote: The nrpe daemon that handles the script runs as the nagios user and the command needed is camcontrol: camcontrol inquiry da0 The nagios user does not have a shell by default in FreeBSD: nagios:*:181:181::0:0:Nagios pseudo-user:/var/spool/nagios:/usr/sbin/nologin so the script will obviously fail. I think the problem is probably more along the lines of: you can't run camcontrol as user nagios, because root access is required to communicate with CAM (open /dev/xptX). Two recommendations: 1) Write wrapper program (this requires C) which calls camcontrol inquiry da0. The wrapper binary should be owned by root:nagios, and perms should be 4710 (so that individuals in the nagios group can run the binary, but no one else). This C program is very, very simple. 2) Use sudo and set up a ***VERY*** restrictive command list for user nagios, meaning, only allowed to run /sbin/camcontrol. I DO NOT recommend this method, as it's possible for someone to use nagios to run something like camcontrol reset or camcontrol eject as root, or even worse, camcontrol cmd (could induce a low-level format of one of your disks), It is possible to configure sudo to run only exactly the required command (including arguments) precisely to guard against this type of abuse - I use it extensively in my own nagios setup. This Cmnd_Alias in sudoers will do the trick: Cmnd_Alias NAGIOS_CMNDS = /sbin/camcontrol inquiry da0 man sudoers for more information about what you can do with sudo. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpeTPtDTfHCY.pgp Description: PGP signature
Re: FreeBSD and Nagios - permissions
On Thu, Oct 16, 2008 at 12:05:01PM +0100, Daniel Bye wrote: It is possible to configure sudo to run only exactly the required command (including arguments) precisely to guard against this type of abuse - I use it extensively in my own nagios setup. This Cmnd_Alias in sudoers will do the trick: Cmnd_Alias NAGIOS_CMNDS = /sbin/camcontrol inquiry da0 man sudoers for more information about what you can do with sudo. I just realised this example is woefully incomplete - apologies for that. There are a few ways you can set up /usr/local/etc/sudoers (make sure you use visudo to edit it, as it will catch any syntax errors for you, thus helping somewhat to prevent breaking your setup). The simplest case will just be to allow nagios to run the command, as root, without a password: nagios ALL=(root) NOPASSWD: /sbin/camcontrol inquiry da0 If, as is quite possible, nagios should be able to run more than just that one command, you can define a Cmnd_Alias, as above. To include more than one command in the alias, simply separate them with a comma. You can use `\' to escape newlines and make your file a little easier to read: Cmnd_Alias NAGIOS_CMNDS = /sbin/camcontrol inquiry da0 \ /sbin/camcontrol inquiry da1 and so on. Now, to use that alias, set the user's permissions to nagios ALL=(root) NOPASSWD: NAGIOS_CMNDS The sudoers man page has more information, and there is also a good tutorial by M Lucas on O'Reilly's Big Scary Daemons (it's from 2002, but still a good introduction): http://www.onlamp.com/pub/a/bsd/2002/08/29/Big_Scary_Daemons.html?page=1 Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgputr2fYSiXj.pgp Description: PGP signature
Re: OpenGL things crash X in FB7-Stable, nVidia Card
On Fri, Sep 26, 2008 at 11:14:05PM +0100, Kemian Dang wrote: Daniel Bye wrote: On Fri, Sep 26, 2008 at 04:58:10PM +0100, Kemian Dang wrote: Hi all, I have a FreeBSD 7 Stable box with a nVidia 6150 Go Graphic Card. Everything was OK sometime before, but after a series updated on ports, ( I am not sure about the time, I have not use OpenGL stuff for long time) running a program with OpenGL will cause the X crashed. [ -- snip -- ] The last crash is when I choose a OpenGL screensaver. The ports is updated nearly daily, and I think this may happen after sometime after I updated the latest nVidia-driver. Any ideas about this problem? Try reinstalling the nVidia driver port. It installs its own GL libs, which may have been replaced by another port, depending on the order in which your ports were updated. Reinstalling should ensure you have the correct libs in the correct place... Dan Thanks for reply Daniel. I have re-installed the nvidia-driver and tested OpenGL - Crash again. So it seems not the case... Rats! Sorry that didn't help. One other thing occurs to me - you mentioned you updated some ports. Have you also updated your system source tree without doing a full buildworld cycle? If so, chances are that your nVidia driver is built against a different version of the kernel source than the running kernel. Although any differences will be minimal, there is a chance that something changed enough to upset the driver. Failing that, all I can suggest is that you keep an eye on your console and see if the driver emits any messages just before it chokes. Good luck! Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpvBaj88bPVt.pgp Description: PGP signature
Re: neon28 fails, conflicts with neon26
On Sat, Sep 27, 2008 at 01:28:47PM -0400, Eduardo Cerejo wrote: Here's what it says above that line, I just don't see any more errors above that line, it only says it conflicts with neon26. [Updating the pkgdb format:bdb_btree in /var/db/pkg ... - 1001 packages found (-1 +0) (...) done] --- Installing the new version via the port === Installing for neon28-0.28.3 === neon28-0.28.3 depends on shared library: expat.6 - found === neon28-0.28.3 depends on shared library: intl - found === Generating temporary packing list === Checking if www/neon28 already installed ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.1108.0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=neon26-0.26.4_1 UPGRADE_PORT_VER=0.26.4_1 make reinstall --- Restoring the old version pkg_add: package 'neon26-0.26.4_1' conflicts with neon28-0.28.2_1 pkg_add: -f specified; proceeding anyway ** Fix the installation problem and try again. [Updating the pkgdb format:bdb_btree in /var/db/pkg ... - 1002 packages found (-0 +1) . done] ** Listing the failed packages (-:ignored / *:skipped / !:failed) ! www/neon28 (neon26-0.26.4_1) (install error) I remember I manually removed neon26 when I upgraded subversion. It'll probably work fine, but check to see what other ports, if any, have a dependency on neon26 so you can upgrade them as well. Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpyZpETwbdIs.pgp Description: PGP signature
Re: OpenGL things crash X in FB7-Stable, nVidia Card
On Fri, Sep 26, 2008 at 04:58:10PM +0100, Kemian Dang wrote: Hi all, I have a FreeBSD 7 Stable box with a nVidia 6150 Go Graphic Card. Everything was OK sometime before, but after a series updated on ports, ( I am not sure about the time, I have not use OpenGL stuff for long time) running a program with OpenGL will cause the X crashed. [ -- snip -- ] The last crash is when I choose a OpenGL screensaver. The ports is updated nearly daily, and I think this may happen after sometime after I updated the latest nVidia-driver. Any ideas about this problem? Try reinstalling the nVidia driver port. It installs its own GL libs, which may have been replaced by another port, depending on the order in which your ports were updated. Reinstalling should ensure you have the correct libs in the correct place... Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpl7fI2jxNPv.pgp Description: PGP signature
Re: FSJ clone
On Sun, Sep 21, 2008 at 03:25:44PM -0400, Tsu-Fan Cheng wrote: Hi, is there a similar program like FSJ, file split/join tool on freebsd? thanks!! split(1) and cat(1) Dan -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgplzQMR6i9DW.pgp Description: PGP signature
Re: Where I can download the full source tree for Freebsd (MISA processor)
On Sun, Sep 21, 2008 at 12:36:57PM -0700, jack wang wrote: HI, Please refer me the web page to download the full source tree for freebsd (MIPS processor), that I could download and compile the source tree for mips cpu specific http://www.freebsd.org/platforms/mips.html Don't expect too much, unless you want to help with the port. -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpw1eeDDibdq.pgp Description: PGP signature