Re: Break of today current and patch
On Thu, 8 Jul 1999, David O'Brien wrote: > > todays current breaks in build of libgcc > > Since libgcc/Makefile hasn't been touched since April, me thinks > something else is going on in your environment. > > > ===> gnu/lib/libgcc > > c++ -O2 -mpentium -fpcc-struct-return -ffast-math -fno-strength-reduce > ... You don't have CXXFLAGS set in your environment, do you? That will break several of the things under gnu/ Kris - "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: HELP!!! -CURRENT libtool problem.
On Sun, 11 Jul 1999, Jordan K. Hubbard wrote: > > Q: I want to use this cool piece of software that's in the FreeBSD > > ports system. But I can't build it on my 3.x-stable system. > > > > Why not? > > A. Likely because someone running only on a -current box last committed >a change to the port which broke it with 3.x. Please submit a bug >report on this with send-pr since the -current ports collection is supposed >to work with both the -current and -stable branches. If you're running a >release version that lags significantly behind -current or -stable, you >will require a ports upgrade kit from http://www.freebsd.org/ports Does someone plan to add this question and the other one about the dangers of -current to the FAQ? I think they are both well-answered. Kris - "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Moving ipf(1) to ipf(8)?
On Mon, 19 Jul 1999, Nik Clayton wrote: > docs/7791 is of the opinion that ipf(1) should be moved to ipf(8), to > (among other things) be consistent with ipfw(8). > > Anyone care to comment one way or the other? Definitely. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Unkillable processes
I've got myself two processes which can't be gotten rid of by SIGKILL: kkenn 92724 32.0 0.8 5736 356 ?? RN6:25PM 136:52.96 kvt -T Terminal - kkenn 1103 0.0 0.0 5740 388 ?? TWN - 0:00.00 (kvt) (kvt is the KDE 1.1.1 xterm) I am able to trigger this by attempting to paste the contents of a large buffer from xemacs (v21.1 from ports) into the pico editor from pine4. Any ideas before I recompile kvt with -g and try and track down what it's doing? Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Unkillable processes
On Sat, 24 Jul 1999, Kevin Day wrote: > For one, do another 'ps' with the 'l' option, so you can see what it's stuck > on. UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND 1000 1103 1086 29 75 20 5740 384 - TWN ??0:00.00 (kvt) 1000 1109 1103 0 4 0 15040 ttywri IWs+ p10:00.00 (tcsh) 1000 92724 1086 279 105 20 5736 356 - RN?? 139:40.13 kvt -T Termi 1000 92743 92724 2 18 0 15760 pause IWs p80:00.00 (tcsh) > The second process is a zombie, which isn't killable until the parent tells > it to go away. (Which could very possibly be the first kvt) Both still present empty terminal windows on my desktop and were spawned from the KDE panel. The second one was running a copy of pine and was in the same state as the other initially, until I kill -KILL'ed the pine process, at which point it changed to what it is now. Kris > Kevin To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Unkillable processes
On Sat, 24 Jul 1999, Kevin Day wrote: > > > For one, do another 'ps' with the 'l' option, so you can see what it's stuck > > > on. > > > > UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND > > 1000 1103 1086 29 75 20 5740 384 - TWN ??0:00.00 (kvt) > > 1000 1109 1103 0 4 0 15040 ttywri IWs+ p10:00.00 (tcsh) > > > > 1000 92724 1086 279 105 20 5736 356 - RN?? 139:40.13 kvt -T Termi > > 1000 92743 92724 2 18 0 15760 pause IWs p80:00.00 (tcsh) > > > > > The second process is a zombie, which isn't killable until the parent tells > > > it to go away. (Which could very possibly be the first kvt) > > > > Both still present empty terminal windows on my desktop and were spawned > > from the KDE panel. The second one was running a copy of pine and was in > > the same state as the other initially, until I kill -KILL'ed the pine > > process, at which point it changed to what it is now. > > > > Kris > > Well, since the CPU time in the active process (92724) went up since your > last e-mail, and it's in the RUN state (a - in the WCHAN and a R in the > STAT), it looks like the process is just spinning, eating CPU. Correct. Yet I cannot kill -9 it. > The tcsh listed below that is a zombie of the running kvt. If you can > somehow kill that kvt, the tcsh will go away. I can't kill -9 any of the processes listed above. > The top kvt (1103) is also a zombie, waiting for it's parent to reap it. > Whatever process 1086 is decided not to clean it up, you may want to see > what it's doing. That's kfm. > Will process 92724 die if you kill -9 it? No. Yet it continues to run and chew up CPU.. > This seems to be more of a kvt bug than a freebsd bug. :) I don't doubt it's mediated by KDE in some way, but I didn't think it was possible for processes to trap or ignore SIGKILLs and continue to run (chew up CPU). Zombie processes I can deal with, even if the window manager continues to present a window for them :-) Kris > Kevin To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Unkillable processes
On Sun, 25 Jul 1999, Greg Lehey wrote: > > The tcsh listed below that is a zombie of the running kvt. > > There aren't any zombies here. Right, they'd show up as 'Z' in the state field, I'd guess. > > This seems to be more of a kvt bug than a freebsd bug. :) > > I don't see that either. The fact that process 1103 is stopped is one > thing; is there a gdb process in sight? Nope. I did attach to it with gdb at one point to try and figure out what it was running, but because it was compiled w/o debugging symbols I didn't get anything out of a backtrace except for something similar to: #0 0x28557c28 in ?? () #1 0x804f0c7 in ?? () #2 #3 0x2851f918 in ?? () #4 0x8053038 in ?? () #5 0x8050273 in ?? () #6 0x8056369 in ?? () #7 0x28388581 in ?? () #8 0x28388369 in ?? () #9 0x2838960c in ?? () #10 0x283882f5 in ?? () #11 0x805dca2 in ?? () #12 0x804f020 in ?? () (this is from process 92724 which is still running). I might try and compile kvt with debugging support and see what it's doing; I think I can repeat the problem at will. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Unkillable processes
On Sun, 25 Jul 1999, Amancio Hasty wrote: > while you are at it try to compile a kernel with symbols ... I already have (this is my standard practice). What should I do with it here? Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ftp and cdrom image
On Fri, 20 Aug 1999, Mete Balci wrote: > I have some questions for distribution. I have started to download freebsd > 3.2-current via ftp but it seems to be huge. I think it will be 2 CD. > First, how do I have to split it to 2 CDs ? which dirs will going to first > and which to second CD ? Second, I have seen there is an iso image file > for rel. 4.0. So why is it just 1 CD ? I have experienced Linux for 3 > years at an administration level but no idea about freebsd. Which type of > download could you recommend to me ? I recommend you download FreeBSD 3.2-STABLE, not FreeBSD 4.0-CURRENT, which is the developer's version and for experienced hackers only (see http://www.freebsd.org/FAQ/FAQ7.html#7) For instructions on how to install FreeBSD-STABLE, please see http://www.freebsd.org/handbook/install.html. Note that 3.3 is coming out in a few weeks, but there aren't likely to be many differences between the current snapshot of 3.2-STABLE and 3.3-RELEASE (see http://www.freebsd.org/FAQ/FAQ8.html#8 for why). In general, be sure to always consult the FAQ, handbook, and mailing list archives with your problems before posting to a mailing list - chances are they have been answered (many times) before. Thanks and good luck! Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IPFW
On Mon, 27 Dec 1999, Emre wrote: > Not really. All my other boxes (NetBSD/OpenBSD) run -current so I'm > used to be on the "bleeding edge" I figured it would be enabled > by default, since FreeBSD promises to be _the_ Server O/S. Please see http://www.freebsd.org/handbook/cutting-edge.html#CURRENT This question was really freebsd-questions material and not the kind of thing which is appropriate for freebsd-current. If you're running FreeBSD-CURRENT you're expected to be familiar with the technicalities of FreeBSD (i.e. not just NetBSD/OpenBSD), which I'm not sure that you are, yet. It's not (just) about the danger to your own system, it's the hand-holding load on the developers when a FreeBSD neophyte thinks he's ready to run the developer's version :-( Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: buildworld failure
On Sun, 26 Dec 1999, Randy Bush wrote: > mkdep -f .depend -a >-I/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/include >-I/usr/obj/usr/src/kerberosIV/lib/libkadm/../../include >-I/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/krb >-I/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kdb >-I/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm >-I/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/roken >-I/usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkrb >-I/usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkadm >-I/usr/obj/usr/src/kerberosIV/lib/libkadm >-I/usr/src/kerberosIV/lib/libkadm/../../include -DHAVE_CONFIG_H >-I/usr/obj/usr/src/kerberosIV/lib/libkadm/../../include -DBINDIR=\"/usr/bin\" >-DSBINDIR=\"/usr/sbin\" -I/usr/obj/usr/src/i386/usr/include >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_stream.c >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_supp.c >/usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkadm/kadm_err.c >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/check_password.c > In file included from >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_locl.h:79, > from >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c:30: > /usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkrb/krb_err.h:17: invalid macro >name > In file included from >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_locl.h:82, > from >/usr/src/kerberosIV/lib/libkadm/../../../crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c:30: > /usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkadm/kadm_err.h:13: warning: >`ERROR_TABLE_BASE_' redefined > /usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkrb/krb_err.h:13: warning: this >is the location of the previous definition > /usr/obj/usr/src/kerberosIV/lib/libkadm/../../lib/libkadm/kadm_err.h:17: invalid >macro name [SNIP] I saw these too when I was building with a fresh tree checked out from internat. Mark? :) Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Y2K problems? I thought it was over.
On Mon, 3 Jan 2000, Andrew Sherrod wrote: > Do you know which version is shipping with FreeBSD 3.4? http://www.freebsd.org/ports/mail.html says elm-2.4ME+61 Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: options COMPAT_LINUX makes kernel fail to compile
On Tue, 4 Jan 2000, Matthew Dillon wrote: > genassym is now in /usr/src/usr.bin/genassym, compile and install that > then try your make again. The one in the local compile directory is > still being used for other things (and not compatible with the one > in /usr/src/usr.bin/ ) We seem to have re-reverted to "make world before make kernel" :-/ Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
ATA lost contact
One of my Western Digital Caviars doesn't work under the new ATA driver: upon trying to access the disk (via swapon or mount during boot) it gives the famous "lost contact with disk" message and falls back to PIO mode. Interestingly, my two older WDCs work fine - although I notice that ad1 and ad2 are only detected as WDMA2, when it seems (from the udma=2) that they can handle UDMA - is this a cabling issue or something (I'm not familiar with IDE cabling requirements)? Kris Copyright (c) 1992-2000 The FreeBSD Project. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. FreeBSD 4.0-CURRENT #1: Tue Jan 4 01:44:37 PST 2000 [EMAIL PROTECTED]:/usr5/src2/src/sys/compile/MORDEN Calibrating clock(s) ... TSC clock: 120042068 Hz, i8254 clock: 1193601 Hz Timecounter "i8254" frequency 1193601 Hz Timecounter "TSC" frequency 120042068 Hz CPU: Pentium/P54C (120.04-MHz 586-class CPU) Origin = "GenuineIntel" Id = 0x525 Stepping = 5 Features=0x1bf real memory = 50331648 (49152K bytes) Physical memory chunk(s): 0x1000 - 0x0009, 651264 bytes (159 pages) 0x00325000 - 0x02fe, 46968832 bytes (11467 pages) avail memory = 45641728 (44572K bytes) bios32: Found BIOS32 Service Directory header at 0xc00fac90 bios32: Entry = 0xfb150 (c00fb150) Rev = 0 Len = 1 pcibios: PCI BIOS entry at 0xb180 pnpbios: Found PnP BIOS data at 0xc00fb9f0 pnpbios: Entry = f:ba18 Rev = 1.0 Other BIOS signatures found: ACPI: Intel Pentium detected, installing workaround for F00F bug VESA: information block 56 45 53 41 02 01 48 56 00 c0 00 00 00 00 8f 56 00 c0 20 00 de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de VESA: 29 mode(s) found VESA: v1.2, 2048k memory, flags:0x0, mode table:0xc00c568f (c000568f) VESA: Tseng Labs ET4000 pci_open(1):mode 1 addr port (0x0cf8) is 0x805c pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=122d8086) npx0: on motherboard npx0: INT 16 interface i586_bzero() bandwidth = 155884645 bytes/sec bzero() bandwidth = 78076202 bytes/sec pci_open(1):mode 1 addr port (0x0cf8) is 0x pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=122d8086) pcib0: on motherboard found-> vendor=0x8086, dev=0x122d, revid=0x02 class=06-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 found-> vendor=0x8086, dev=0x122e, revid=0x02 class=06-01-00, hdrtype=0x00, mfdev=1 subordinatebus=0secondarybus=0 found-> vendor=0x8086, dev=0x1230, revid=0x02 class=01-01-80, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 map[20]: type 1, range 32, base 3000, size 4 found-> vendor=0x100c, dev=0x3206, revid=0x00 class=03-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=11 map[10]: type 1, range 32, base f000, size 24 found-> vendor=0x9004, dev=0x5078, revid=0x01 class=01-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=10 map[10]: type 1, range 32, base 6000, size 8 map[14]: type 1, range 32, base f100, size 12 pci0: on pcib0 CPU Inactivity timer: clocks Peer Concurrency: enabled CPU-to-PCI Write Bursting: enabled PCI Streaming: enabled Bus Concurrency: enabled Cache: 256K pipelined-burst secondary; L1 enabled DRAM: no memory hole, 60 MHz refresh Read burst timing: x-2-2-2/x-3-3-3 Write burst timing: x-3-3-3 RAS-CAS delay: 3 clocks isab0: at device 7.0 on pci0 I/O Recovery Timing: 8-bit 1 clocks, 16-bit 1 clocks Extended BIOS: enabled Lower BIOS: enabled Coprocessor IRQ13: enabled Mouse IRQ12: disabled Interrupt Routing: A: disabled, B: IRQ10, C: IRQ11, D: disabled MB0: disabled, MB1: disabled isa0: on isab0 ata-pci0: at device 7.1 on pci0 ata-pci0: Busmastering DMA supported ata0: iobase=0x01f0 altiobase=0x03f6 bmaddr=0x3000 ata0: mask=03 status0=50 status1=50 ata0: mask=03 status0=52 status1=50 ata0: devices = 0x3 ata0 at 0x01f0 irq 14 on ata-pci0 ata1: iobase=0x0170 altiobase=0x0376 bmaddr=0x3008 ata1: mask=03 status0=50 status1=00 ata1: mask=03 status0=50 status1=00 ata1: devices = 0x9 ata1 at 0x0170 irq 15 on ata-pci0 vga-pci0: irq 11 at device 18.0 on pci0 ahc0: irq 10 at device 19.0 on pci0 ahc0: No SEEPROM available. ahc0: Using left over BIOS settings ahc0: aic7850 Single Channel A, SCSI Id=7, 3/255 SCBs ahc0: Downloading Sequencer Program... 407 instructions downloaded Trying Read_Port at 203 Trying Read_Port at 243 CTL0031: start dependant CTL0031: adding irq mask 0x20 CTL0031: adding dma mask 0x2 CTL0031: adding dma mask 0x20 CTL0031:
Re: ATA lost contact
On Wed, 5 Jan 2000, Soren Schmidt wrote: > The disk probably has problems with DMA mode (lots of older WD disks > has that). You only get WDMA2 mode since you controller is an older > Intel PIIX that can't do UDMA... Hmm..This disk was bought in about March 99..you're sure that's the reason? Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Advance notice: Removing SHA1 passwords
Tomorrow I plan to remove the support for SHA1 passwords from libcrypt: this was (re-)added silently by Mark Murray a few months ago as part of a cleanup/re-merging of the libcrypt code, and he's already okayed the re-removal. The reason I want to remove this is because I intend to reimplement libcrypt in a more extensible way sometime over the next few months (assuming I can get over/around/under a final hurdle), and I'd prefer not to have any more compatability warts than necessary (if this were to make it into a release we'd have to support it forever). There's no real advantage to using SHA1 passwords anyway, since they're an algorithmically identical format to the default MD5 system, and there's nothing inherently insecure about that one. If anyone has been using SHA1 passwords, now's the time to regenerate them :-) Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
HEADS UP: SHA-1 password support gone
As warned yesterday, I've just removed the ability for libcrypt to understand SHA-1 passwords. This was present but undocumented in the tree for the past few months and was removed so it can be reimplemented properly as part of a revamped libcrypt at a later date. Anyone who was actually making use of the feature will have to update their passwords back to MD5 before they reinstall the library. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Compiling 3.4 Problems
On Fri, 7 Jan 2000, Etienne De Bruin wrote: > When compiling 3.4-RELEASE I find that whilst linking in src/bin/csh, > the linker complains about not finding the following symbols: And this has exactly what to do with FreeBSD 4.0-CURRENT? Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: -current or 3.4 with KAME ???
On Thu, 6 Jan 2000, Boozy wrote: > How are the implementation of IPv6 in FreeBSD 4.0? Is it available? Is it > stable? It's in the process of being integrated, and is therefore still incomplete. It's hoped that by the time of 4.0-RELEASE (not long away) it will be fully functional. If you need a fully functional IPv6 today, stick with FreeBSD 3.4 + KAME. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: IPSEC broken, was Re: IPv6 testing...willing to help
On Sun, 9 Jan 2000, Leif Neland wrote: > Kernel build stops with "Don't know how to make sha1.c". > sha was removed a few days ago, a "heads up" said. Different instance - that was just SHA1-format passwords. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: current hangs in make world (softupdates on ccd on ata)
On Mon, 10 Jan 2000, Marcel Moolenaar wrote: > The format used for mkstemp has been changed (4 chars. longer). Does the > following patch work? Sorry, but FWIW I did test the change by recompiling cvs (which uses yacc) before I committed it :( I guess it was just the gods of stack which allowed that one to build. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
ATA CDROM problems
In addition to my lost contact problems with the ATA driver and one of my WDC drives, my CDROM no longer works properly under the new drivers. Accessing the drive causes excessive pauses and seems to chew lots of CPU in the kernel: the system becomes very sluggish with about 4 or 5 seconds to respond to a keystroke or change of virtual console. I can still mount and read CDs, but it takes about 90 seconds to mount, and about 30 to do a ls /cdrom. Reading audio CDs (e.g. with cdcontrol) does not work at all: it spins the CPU with HD and CDROM activity light solid for about 40 seconds before returning: acd0: PLAY_BIG - ILLEGAL REQUEST asc=21 ascq=00 error=04 I also get an error message at boot time, shown in the dmesg output below. This CD is a crappy old Goldstone (?), but it always worked perfectly under the old drivers. Copyright (c) 1992-2000 The FreeBSD Project. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. FreeBSD 4.0-CURRENT #4: Mon Jan 10 23:47:56 PST 2000 [EMAIL PROTECTED]:/usr5/src2/src/sys/compile/MORDEN Calibrating clock(s) ... TSC clock: 120041588 Hz, i8254 clock: 1193596 Hz Timecounter "i8254" frequency 1193596 Hz Timecounter "TSC" frequency 120041588 Hz CPU: Pentium/P54C (120.04-MHz 586-class CPU) Origin = "GenuineIntel" Id = 0x525 Stepping = 5 Features=0x1bf real memory = 50331648 (49152K bytes) Physical memory chunk(s): 0x1000 - 0x0009, 651264 bytes (159 pages) 0x00342000 - 0x02fe, 46850048 bytes (11438 pages) avail memory = 45527040 (44460K bytes) bios32: Found BIOS32 Service Directory header at 0xc00fac90 bios32: Entry = 0xfb150 (c00fb150) Rev = 0 Len = 1 pcibios: PCI BIOS entry at 0xb180 pnpbios: Found PnP BIOS data at 0xc00fb9f0 pnpbios: Entry = f:ba18 Rev = 1.0 Other BIOS signatures found: ACPI: Intel Pentium detected, installing workaround for F00F bug VESA: information block 56 45 53 41 02 01 48 56 00 c0 00 00 00 00 8f 56 00 c0 20 00 de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de VESA: 29 mode(s) found VESA: v1.2, 2048k memory, flags:0x0, mode table:0xc00c568f (c000568f) VESA: Tseng Labs ET4000 pci_open(1):mode 1 addr port (0x0cf8) is 0x805c pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=122d8086) npx0: on motherboard npx0: INT 16 interface i586_bzero() bandwidth = 155836060 bytes/sec bzero() bandwidth = 78094494 bytes/sec pci_open(1):mode 1 addr port (0x0cf8) is 0x pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=122d8086) pcib0: on motherboard found-> vendor=0x8086, dev=0x122d, revid=0x02 class=06-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 found-> vendor=0x8086, dev=0x122e, revid=0x02 class=06-01-00, hdrtype=0x00, mfdev=1 subordinatebus=0secondarybus=0 found-> vendor=0x8086, dev=0x1230, revid=0x02 class=01-01-80, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 map[20]: type 1, range 32, base 3000, size 4 found-> vendor=0x100c, dev=0x3206, revid=0x00 class=03-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=11 map[10]: type 1, range 32, base f000, size 24 found-> vendor=0x9004, dev=0x5078, revid=0x01 class=01-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=10 map[10]: type 1, range 32, base 6000, size 8 map[14]: type 1, range 32, base f100, size 12 pci0: on pcib0 CPU Inactivity timer: clocks Peer Concurrency: enabled CPU-to-PCI Write Bursting: enabled PCI Streaming: enabled Bus Concurrency: enabled Cache: 256K pipelined-burst secondary; L1 enabled DRAM: no memory hole, 60 MHz refresh Read burst timing: x-2-2-2/x-3-3-3 Write burst timing: x-3-3-3 RAS-CAS delay: 3 clocks isab0: at device 7.0 on pci0 I/O Recovery Timing: 8-bit 1 clocks, 16-bit 1 clocks Extended BIOS: enabled Lower BIOS: enabled Coprocessor IRQ13: enabled Mouse IRQ12: disabled Interrupt Routing: A: disabled, B: IRQ10, C: IRQ11, D: disabled MB0: disabled, MB1: disabled isa0: on isab0 ata-pci0: port 0x3000-0x300f at device 7.1 on pci0 ata-pci0: Busmastering DMA supported ata0: iobase=0x01f0 altiobase=0x03f6 bmaddr=0x3000 ata0: mask=03 status0=50 status1=50 ata0: mask=03 status0=50 status1=50 ata0: devices = 0x3 ata0 at 0x01f0 irq 14 on ata-pci0 ata1: iobase=0x0170 altiobase=0x0376 bmaddr=0x3008 ata1: mask=03 status0=50 status1=00 ata1: mask=03 status0=50 status1=00 ata1: devices = 0x9 ata1 at 0x0170 irq 15 on ata-pci0 vga-pci0: mem 0xf000-0xf0ff irq 11 at device 18.
Re: Can't "kldload" modules due to "symbol NDFREE undefined"
On Tue, 11 Jan 2000 [EMAIL PROTECTED] wrote: > At least from the January 9 after 'cvsup', > 'make buildworld','make installworld', 'make & install kernel' > I can't 'kldload linux'. 'Kldload" says: Probably one of these is not up to date, or is out of sync. I had this problem yesterday when my modules were out of date. Please double-check to make sure.. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Any Wine or Mozilla hackers here?
On Tue, 11 Jan 2000, Donn Miller wrote: > I figured I'd address these two issues in one posting here. First of > all, does anyone work with Mozilla by checking out the source code by > anon cvs? One of the build stages does a "cvs co" when you do gmake They should use cvs -R to do it read-only.. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ATAPI CDROM trouble
On Fri, 14 Jan 2000, Vladimir B. Grebeschikov wrote: > while I am do 'mount_cd9660 /dev/acd0c /m/cd' > system compleatly holds, no core, no panic - hold (may be deadloop in > kernel mode ?) Does it freeze completely, or just for a long time? I see something very similar, but mine unwedges after about 1 1/2 - 2 minutes (it just seems to be spinning hard in the kernel). Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: cvs commit: src/secure/lib/libcrypto Makefile.inc Makefile
On Sat, 15 Jan 2000, Kris Kennaway wrote: > Support RSA via RSAref. This autodetects the RSAref package, and if it > is not found, compiles without RSA. Openssl should now be fully functional for both US and international users - please report any problems you have in using it to me. You should be able to compile all openssl-using code (some of them require rsaref and therefore cannot be used in a commercial setting, others do not), although the ports may need tweaking to deal with the changed base location (/usr instead of /usr/local). Dirk Froemberg ([EMAIL PROTECTED]) has kindly offered to help with integration issues with the ports - so any issues with ports please CC to both of us (and the maintainer). The only outstanding issue I'm aware of with OpenSSL is enabling platform-specific optimizations (e.g. assembler versions of algorithms) which is next on my list of things to tackle. Thanks, Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Nuking /usr/src/contrib/patch
Bruce tells me there were good reasons why patch won't be upgraded
("downgraded") from 2.1 to 2.5 - it was already tried once and reverted.
Should we blow away /usr/src/contrib/patch if it's never going to be used?
Kris
"How many roads must a man walk down?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Mandating USA_RESIDENT
In order to know whether or not to build the patent-restricted RSA code, the openssl build needs to look at the value of USA_RESIDENT, which isn't set by default. If this value is unset, or anything other than 'NO'[*], it assumes the user is in the USA and doesn't build the RSA code (or uses RSAref if present). The problem is that a lot of ports depend on RSA being there, so we need to be able to provide it if at all possible. To that end, I'd like to add a check to 'make world' for an appropriate value of USA_RESIDENT so it definitively knows which version to build. crypto code obtained from freefall is no problem, but a lot of US people probably get theirs from internat, so that version has to be able to decide how to build. We should also ask users to pick a value in sysinstall to cover the binary installation path (and document it in the upgrade notes in case they don't use either). In the long run I'd like to see sysinstall fetching an international-version package of the openssl libraries if they choose 'no', but given the timeframe, we'll probably have to settle for documentation explaining what to do manually (i.e. pkg_add the openssl-int package, or the rsaref and openssl-usa-rsaref packages if they want RSA support). Unless Jordan's obtained advice to the contrary yet someone else will have to build the international version externally. I'll build the USA package. I'm not entirely sure this is the best way to go about things (it's a messy area) - any suggestions are welcome. Kris [*] I should make the matching more flexible. "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: cvs commit: src/secure/lib/libcrypto Makefile.inc Makefile
On 17 Jan 2000, Satoshi - Ports Wraith - Asami wrote:
> Should I add some stuff to handle the differences in bsd.port.mk (like
> we did with perl5)?
It may be useful - although there are a lot of inconsistencies in how the
openssl ports look for it. Dirk Froemberg was going to help with this -
I'm not sure exactly what the best way to do it is. For example, ports
like w3m-ssl pass the location of the openssl include directory, which
needs to be either /usr/include or ${LOCALBASE}/include. Perhaps the best
thing would be to bump OSVERSION (belatedly).
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: world broken using /usr/local/lib?
On Mon, 17 Jan 2000, Robert C. Noland III wrote: > You have a libcrypto in /usr/local/lib which was not compiled with > rsaref. When it reaches out to get rsaref, it also picks up the > libcrypto and libssl from /usr/local/lib rather than the build tree. > Move them out of the way... I figured this out late last night (I couldn't reproduce it for a long time because my test boxes didn't have the openssl port installed) - I'm looking at how to fix it. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: cvs commit: src/secure/lib/libcrypto Makefile.inc Makefile
On Mon, 17 Jan 2000, Jim Bloom wrote: > Add lynx-ssl to the list of ports which are broken on current. This was > as of Jan. 16 at 14:00 EST cvsup of ports and source followed by a make > world. Well, that makes a list of one. Can you provide more information (e.g. a transcript?) Are you using openssl-rsaref, or openssl with no RSA (the latter will break many ports, the former has a restrictive license). Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Rolling OSVERSION
Unless anyone objects I'm going to bump OSVERSION tonight to provide a cutoff for whether or not openssl is available in the base system. Ports need to behave differently in either case.. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
USE_OPENSSL
[Cross-posting to -current because I would like some feedback about the last paragraph - namely how to test for RSA capability] How about the following: 1) I bump OSVERSION due to the (potential) presence of openssl in the base system. 2) We add a USE_OPENSSL knob to bsd.port.mk which tests for this and the openssl libraries in /usr/lib, and sets LIB_DEPENDS appropriately. 3) Setting USE_OPENSSL=RSA requires a RSA-capable version of openssl (i.e. they've either built with USA_RESIDENT=NO, or have installed rsaref and rebuilt) and emits an explanatory warning if it's not available. The only problem I can see so far is how to tell whether RSA support is available. We can do a dynamic check to see if openssl(1) can actually do RSA, but that's not as good as an existence check of something. Currently we don't build libRSARefglue.a because I couldn't see what it was useful for (it's rolled into libcrypto for us), but this still wouldn't differentiate between an (international) full openssl a (USA) neutered one without rsaref. Hmm, it may cause problems for ports which expect it, though :-( Stuffing a file in /etc is an obvious solution, but there may be a better one. Anyone? Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Mon, 17 Jan 2000, David O'Brien wrote: > Due to the concequence involved, you really do need to check for 'NO', > 'YES', and "other". Rather than combining 'YES' and "other". You're suggesting not building openssl at all if they don't have a boolean value? Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Rolling OSVERSION
On Mon, 17 Jan 2000, John Polstra wrote: > You mean "__FreeBSD_version" (in src/sys/sys/param.h), right? Right, sorry. OSVERSION is what bsd.port.mk calls it. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Why not a default number of pings?
On Tue, 18 Jan 2000, Leif Neland wrote: > If somebody _really_ want to ping forever, let them use -t0, and > defend the rest of us from our blunders of forgetting a ping, keeping > the line open infinitely. I use ping for precisely this purpose. Yes, I could change my setup, but so could you :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Feature test for OpenSSL + RSA
The simplest way to test whether OpenSSL can do RSA is to write a file at
install-time, like the following patch. Any objections?
Kris
Index: Makefile
===
RCS file: /home/ncvs/src/secure/lib/libcrypto/Makefile,v
retrieving revision 1.5
diff -u -r1.5 Makefile
--- Makefile2000/01/16 05:23:21 1.5
+++ Makefile2000/01/18 05:50:34
@@ -206,7 +206,13 @@
${LCRYPTO_SRC}/$$i ${DESTDIR}/usr/include/openssl; \
done; \
${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
- ${.OBJDIR}/openssl/opensslconf.h ${DESTDIR}/usr/include/openssl
+ ${.OBJDIR}/openssl/opensslconf.h \
+ ${DESTDIR}/usr/include/openssl
+.if defined(WITH_RSA) && ${WITH_RSA} == YES
+ /usr/bin/touch /etc/ssl/openssl_hasrsa
+.else
+ rm -f /etc/ssl/openssl_hasrsa
+.endif
.PATH: ${LCRYPTO_SRC} ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/bf \
${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/buffer \
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Feature test for OpenSSL + RSA
On Mon, 17 Jan 2000, Kris Kennaway wrote: > + rm -f /etc/ssl/openssl_hasrsa Doh, I meant /bin/rm Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Feature test for OpenSSL + RSA
On Tue, 18 Jan 2000, jack wrote:
> On Jan 17 Kris Kennaway wrote:
>
> > > + rm -f /etc/ssl/openssl_hasrsa
> >
> > Doh, I meant /bin/rm
>
> No, you meant ${RM}
I couldn't find this defined in /usr/share/mk/* - it's only in
bsd.port.mk, AFAICT.
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Feature test for OpenSSL + RSA
On Tue, 18 Jan 2000, Chuck Robey wrote:
> > > No, you meant ${RM}
> >
> > I couldn't find this defined in /usr/share/mk/* - it's only in
> > bsd.port.mk, AFAICT.
>
> I'm note sure mine's up to date, where the definition is on line 876 of
> bsd.port.mk ... but I'm *sure* it's in there, it has been for ages!
Reread the above. I know it's in bsd.port.mk, but that doesn't help me
when I'm building in /usr/src/secure/lib/libcrypto ;-)
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Feature test for OpenSSL + RSA
On Tue, 18 Jan 2000, Sheldon Hearn wrote:
> On Mon, 17 Jan 2000 21:53:10 PST, Kris Kennaway wrote:
>
> > +.if defined(WITH_RSA) && ${WITH_RSA} == YES
> > + /usr/bin/touch /etc/ssl/openssl_hasrsa
>
> Um, are you sure you want that hard path, /etc/ssl ? Shouldn't there be
> a ${DESTDIR} in there? What do you need this for?
Yep, I realised this when I was falling asleep last night. Thanks :)
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Tue, 18 Jan 2000, Sheldon Hearn wrote: > Does sysinstall set this one? If not, it should. Then we can stop > worrying about it. :-) Not yet, but it should. If someone can help me out here it would be greatly appreciated. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Feature test for OpenSSL + RSA
On Tue, 18 Jan 2000, Peter Wemm wrote:
> Yes, This should most definately have ${DESTDIR} for this sort of thing, but
> even then I'm not sure this is a good change.. We have got to find a better
> way than this.
I've said this a couple of times in private, but will repeat it again for
the list: we could do something like `nm /usr/lib/libcrypto.so | grep
RSA_free`, but this seemed ugly and non-obvious to me (e.g. if someone who
is not bsd.port.mk wanted to check whether their openssl port was
RSA-enabled). It also seems to get invoked about 20 times during the
course of making an openssl-using port (at least, that's how many times
my debugging echos get run :)
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Tue, 18 Jan 2000, Patrick Bihan-Faou wrote: > If we are changing the meaning of "USA_RESIDENT", could we replace it by We're not. It's just that until now it hasn't really mattered if it wasn't set (the cases where it did matter, like whether or not to fetch a crypto port from a US site, it was required it to be set there). Now it needs to be set to do a buildword. > It seems to me that a things progress, the crypto regulation gets more > complicated everyday. Why not have a "CRYPTO_COUNTRY" variable that could be > set to "USA" "FRANCE" "CANADA" or "other" based where you live and weither > special consideration must be taken relative to the crypto code ? I don't know much about the restrictions of other countries. If the current crypto policies were a legal problem for someone else we can surely change them to suit, but I'd rather not complicate things even more than they are already without a reason.. > The other thing that could be set based on the CRYPTO_COUNTRY code is where > to get the FreeBSD crypto related source from. Well, right now there is only one non-US crypto repository (AFAIK), so "closest" is a degenerate case :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Tue, 18 Jan 2000, Warner Losh wrote: > In message <[EMAIL PROTECTED]> Satoshi - Ports Wraith - Asami >writes: > : Won't people get into legal trouble (technically) if they build the > : wrong version? > > RESIDENT= > CITIZEN= What about us dual citizens? :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Tue, 18 Jan 2000, Taavi Talvik wrote: > Maybe we should extend meaning of USA_RESIDENT or introduce new variable > indicating contry. After doing netfork install, subsecuent fetces for > ports/packages/distfiles from nearest > ftp.xx.freebsd.org/cvsup.xx.freebsd.org is really handy. Specially for > newcomers, who do not yet have idea of editing /etc/make.conf There seems to be broad support for this idea, but I'd prefer to leave it as is for now and get it working properly, then we can revisit it after 4.0-REL. Fetching packages due to network topology is another idea I've wanted to implement for a while, although I was thinking of doing it dynamically by testing the available bandwidth to each of the hosts (and storing it in a database) and using them in order of increasing bandwidth. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Make world break on openssl...
On Tue, 18 Jan 2000, Patrick Bihan-Faou wrote:
> cc -O -pipe -DMONOLITH -DNO_IDEA -I/usr/src-freebsd-4.x/secure/usr.bin/opens
> sl -DRSAref -I/usr/obj/usr/src-freebsd-4.x/i386/usr/include -o openssl
> apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dsa.o dsaparam.o
> enc.o errstr.o gendh.o gendsa.o genrsa.o nseq.o openssl.o pkcs12.o pkcs7.o
> pkcs8.o req.o rsa.o s_cb.o s_client.o s_server.o s_socket.o s_time.o
> sess_id.o speed.o verify.o version.o
> x509.o -lssl -lcrypto -L/usr/local/lib -lrsaref
> speed.o: In function `speed_main':
> speed.o(.text+0x60a): undefined reference to `RSA_PKCS1_RSAref'
> /usr/local/lib/libcrypto.so: undefined reference to
> `ERR_load_RSAREF_strings'
it's a known problem which I hope to fix tonight - pkg_delete or move
aside your openssl installation (e.g. /usr/local/lib/lib{crypto,ssl}.*).
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Tue, 18 Jan 2000, David O'Brien wrote: > I think this is the only way to properly handle it. As Garrett pointed > out, some people in the USA actually do have a licence to use the "good" > version of RSA. Is this the same Garrett who persuaded me not to include the RSA code at all in the freefall repository so that people wouldn't get in trouble for simply posessing it? :) > We could default if we wanted to: > > USA_RESIDENT=YES==> CRYPTO_RSA=RSAref > USA_RESIDENT=NO ==> CRYPTO_RSA=RSAintl > > if CRYPTO_RSA was unset. I have no problem with this, but it means either we have to have people who have an RSA license get their crypto from internat, or freefall has to have the RSA code (possbibly in another cvsup collection). Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Mandating USA_RESIDENT
On Tue, 18 Jan 2000, Garrett Wollman wrote: > No, this is the same Garrett who persuaded you not to include the RSA > code at all in the freefall repository so that I could continue to > maintain a mirror without getting into trouble with the Technology The upshot of all of which is that people who want RSA and have a license would have to get their crypto from internat, or from freefall with a special cvsup collection :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: YAWF: World failure- undefined reference to `RSA_PKCS1_RSAref'
On Tue, 18 Jan 2000, FreeBSD mailing list wrote: > speed.o(.text+0x60a): undefined reference to `RSA_PKCS1_RSAref' > /usr/local/lib/libcrypto.so: undefined reference to `ERR_load_RSAREF_strings' Please pay attention to the mailing list. I'm testing the fix for this now with a make world of both possible cases, but ppkg_delete or move aside the openssl libraries in /usr/local/lib for now. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: make world break
On Wed, 19 Jan 2000, Stephan van Beerschoten wrote: > cc -O -pipe -DMONOLITH -DNO_IDEA >-I/mnt/archive/CVS/4.0-CURRENT/src/secure/usr.bin/openssl -DRSAref >-I/usr/obj/mnt/archive/CVS/4.0-CURRENT/src/i386/usr/include -o openssl apps.o >asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dsa.o dsaparam.o enc.o errstr.o >gendh.o gendsa.o genrsa.o nseq.o openssl.o pkcs12.o pkcs7.o pkcs8.o req.o rsa.o >s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o speed.o verify.o version.o >x509.o -lssl -lcrypto -L/usr/local/lib -lrsaref > speed.o: In function `speed_main': > speed.o(.text+0x60a): undefined reference to `RSA_PKCS1_RSAref' > > This is going on since openssl changed its place in the sourcetree. > Am I forgetting something ? (updated -CURRENT as of an hour ago). Move aside or pkg_delete your openssl port, and read the mailing lists so I don't have to explain this n times. A fix is coming, but I have to test it on 4 different cases, and the buildworlds take time. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: make world break
On Wed, 19 Jan 2000, Charles Anderson wrote: > be successful. But my last question still remains, why is it looking at > anything outside of the /usr/src, /usr/obj world? It was supposed to just pick up the rsaref library so you can use RSA crypto in openssl, but was also picking up the stale libcrypto.so in /usr/local/lib due to the -L path. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: NO_IDEA
On Wed, 19 Jan 2000, Terje Elde wrote: > Because of copyright issues OpenSSL is being built with -DNO_IDEA. IMHO > it's bad to do this for all systems, as it's only limited in some > countries. > > What I'm wondering if we could do is to add a COUNTRY=whatever, which > could be used to look up a value in a file which could provide information > about patent issues for algorithms like IDEA, as well as be a nice index > to which ftp server to use by default. This has already been suggested..it won't be implemented for 4.0, but might be looked at afterwards. The problem is the extra complexity it adds.. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: passwords got smashed by make installworld
On Fri, 21 Jan 2000, Brian Hechinger wrote: > rebooted, tried to log in and couldn't. not as root, not as my regular user. Sounds like you clobbered your DES libcrypt libraries with non-DES ones, and now you can't use your DES passwords. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: mcrypt
On Sun, 23 Jan 2000, Douglas Kuntz wrote: > -c functions/mcrypt.c -o functions/mcrypt.o > functions/mcrypt.c:172: #error Please update your mcrypt library > *** Error code 1 > > Is this a ports problem, or a current problem? Ports. Looks like it's trying to use the library from security/mcrypt. Do you have an old version of this installed which the configure script might be locating? BTW, please don't reply to an unrelated message when starting a new topic. It screws up the message threading for people who use a MUA which can do that. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Missing ATAPI CD
Since the most recent round of ATA updates, my CDROM is no longer even probed at boot time. device ata0 device atadisk0 device atapicd0 options ATA_STATIC_ID Copyright (c) 1992-2000 The FreeBSD Project. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. FreeBSD 4.0-CURRENT #9: Sun Jan 23 23:20:33 PST 2000 [EMAIL PROTECTED]:/usr5/src2/src/sys/compile/MORDEN Calibrating clock(s) ... TSC clock: 120041864 Hz, i8254 clock: 1193600 Hz Timecounter "i8254" frequency 1193600 Hz Timecounter "TSC" frequency 120041864 Hz CPU: Pentium/P54C (120.04-MHz 586-class CPU) Origin = "GenuineIntel" Id = 0x525 Stepping = 5 Features=0x1bf real memory = 50331648 (49152K bytes) Physical memory chunk(s): 0x1000 - 0x0009, 651264 bytes (159 pages) 0x0038b000 - 0x02fe, 46551040 bytes (11365 pages) avail memory = 45232128 (44172K bytes) bios32: Found BIOS32 Service Directory header at 0xc00fac90 bios32: Entry = 0xfb150 (c00fb150) Rev = 0 Len = 1 pcibios: PCI BIOS entry at 0xb180 pnpbios: Found PnP BIOS data at 0xc00fb9f0 pnpbios: Entry = f:ba18 Rev = 1.0 Other BIOS signatures found: ACPI: Intel Pentium detected, installing workaround for F00F bug VESA: information block 56 45 53 41 02 01 48 56 00 c0 00 00 00 00 8f 56 00 c0 20 00 de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de de c0 ad de VESA: 29 mode(s) found VESA: v1.2, 2048k memory, flags:0x0, mode table:0xc00c568f (c000568f) VESA: Tseng Labs ET4000 pci_open(1):mode 1 addr port (0x0cf8) is 0x805c pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=122d8086) npx0: on motherboard npx0: INT 16 interface i586_bzero() bandwidth = 155787505 bytes/sec bzero() bandwidth = 78076202 bytes/sec pci_open(1):mode 1 addr port (0x0cf8) is 0x pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=122d8086) pcib0: on motherboard found-> vendor=0x8086, dev=0x122d, revid=0x02 class=06-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 found-> vendor=0x8086, dev=0x122e, revid=0x02 class=06-01-00, hdrtype=0x00, mfdev=1 subordinatebus=0secondarybus=0 found-> vendor=0x8086, dev=0x1230, revid=0x02 class=01-01-80, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 map[20]: type 1, range 32, base 3000, size 4 found-> vendor=0x100c, dev=0x3206, revid=0x00 class=03-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=11 map[10]: type 1, range 32, base f000, size 24 found-> vendor=0x9004, dev=0x5078, revid=0x01 class=01-00-00, hdrtype=0x00, mfdev=0 subordinatebus=0secondarybus=0 intpin=a, irq=10 map[10]: type 1, range 32, base 6000, size 8 map[14]: type 1, range 32, base f100, size 12 pci0: on pcib0 CPU Inactivity timer: clocks Peer Concurrency: enabled CPU-to-PCI Write Bursting: enabled PCI Streaming: enabled Bus Concurrency: enabled Cache: 256K pipelined-burst secondary; L1 enabled DRAM: no memory hole, 60 MHz refresh Read burst timing: x-2-2-2/x-3-3-3 Write burst timing: x-3-3-3 RAS-CAS delay: 3 clocks isab0: at device 7.0 on pci0 I/O Recovery Timing: 8-bit 1 clocks, 16-bit 1 clocks Extended BIOS: enabled Lower BIOS: enabled Coprocessor IRQ13: enabled Mouse IRQ12: disabled Interrupt Routing: A: disabled, B: IRQ10, C: IRQ11, D: disabled MB0: disabled, MB1: disabled isa0: on isab0 ata-pci0: port 0x3000-0x300f at device 7.1 on pci0 ata-pci0: Busmastering DMA supported ata0: iobase=0x01f0 altiobase=0x03f6 bmaddr=0x3000 ata0: mask=03 status0=50 status1=50 ata0: mask=03 status0=50 status1=50 ata0: devices = 0x3 ata0 at 0x01f0 irq 14 on ata-pci0 ata1: iobase=0x0170 altiobase=0x0376 bmaddr=0x3008 ata1: mask=03 status0=50 status1=00 ata1: mask=03 status0=50 status1=00 ata1: devices = 0x9 ata1 at 0x0170 irq 15 on ata-pci0 vga-pci0: mem 0xf000-0xf0ff irq 11 at device 18.0 on pci0 ahc0: port 0x6000-0x60ff mem 0xf100-0xf1000fff irq 10 at device 19.0 on pci0 ahc0: No SEEPROM available. ahc0: Using left over BIOS settings ahc0: aic7850 Single Channel A, SCSI Id=7, 3/255 SCBs ahc0: Downloading Sequencer Program... 408 instructions downloaded Trying Read_Port at 203 Trying Read_Port at 243 CTL0031: start dependant CTL0031: adding irq mask 0x20 CTL0031: adding dma mask 0x2 CTL0031: adding dma mask 0x20 CTL0031: adding io range 0x220-0x22f, size=0x10, align=0x1 CTL0031: adding io range 0x330-0x331, size=0x2, align=0x1 CTL0031: adding io range 0x388-0x38b, size=0x4, align=0x1 CTL0031: start dependant CT
ipfilter and ipfstat
Okay, so I finally decided to take the plunge and check out ipfilter. ipf seemed to load my ruleset with no problems, but ipfstat dies with: ioctl(SIOCGETFS): Invalid argument I have remade the 'ipl' target in MAKEDEV, and my kernel and userland are in sync. I have options IPFILTER and options IPFILTER_LOG in the kernel (because the kld wouldn't load for me). What am I doing wrong? Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: 4.0 CODE FREEZE WILL BEGIN IN FIVE (5) DAYS
On Mon, 24 Jan 2000, Jordan K. Hubbard wrote: > On the 29th of January, I'll be freezing the -current branch (well, > OK, the trunk). That means NO commits without my review first and I Hmm. What does this mean for the ATA driver? I know Soren has some more updates in the wings, and I'm grateful for his continued work, but the truth of the matter is that it has never worked properly for my system (therefore by extension, those of a lot of other people out there who have working systems at present but who aren't using -current), and 5 days isn't likely to fix everyone's problems. I think we should consider defaulting back to the wd drivers unless soren can work miracles in the meantime, rather than risking a large subset of the user base finding 4.0 doesn't work right on their machines :-( Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: 4.0 CODE FREEZE WILL BEGIN IN FIVE (5) DAYS
On Mon, 24 Jan 2000, Soren Schmidt wrote: > Huh, you have only told me about the missing CDROM (should be fixed > with the commit I just did), what else seems to be a problem ?? My WDC drive falling back to PIO mode..see the dmesg in the previous message. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
OpenSSL docs for FAQ
Can people please review this for style and content, for inclusion in
the FAQ? I'll also need someone to mark it up once it's ready since SGML
is currently not among my abilities :-)
Thanks,
Kris
As of FreeBSD 4.0, the OpenSSL toolkit is a part of the base
system. OpenSSL [http://www.openssl.org] provides a general-purpose
cryptography library, as well as the Secure Sockets Layer v2/v3
(SSLv2/SSLv3) and Transport Layer Security v1 (TLSv1) network security
protocols.
However, some of the algorithms (specifically, RSA and IDEA) included
in OpenSSL are protected by patents in the USA and elsewhere and are
not available for unrestricted use. In addition, export of
cryptographic code from the USA has (until recently) been heavily
restricted. As a result, FreeBSD has available three different
versions of OpenSSL depending on geographical location (US/non-US) and
compliance with the RSAREF license (see below).
RSA is a useful algorithm which is required for a lot of third-party
software which uses OpenSSL (as well as for the SSLv2 protocol), so
you should enable it if at all possible. See below for more
information.
SOURCE-CODE INSTALLATIONS
INTERNATIONAL (NON-US) USERS:
People who are located outside the USA, and who obtain their crypto
sources from internat.freebsd.org (the International Crypto
Repository), will build a version of OpenSSL which includes RSA, but
does not include IDEA, because the latter is restricted in certain
locations elsewhere in the world. In the future a more flexible
identification system may allow building of IDEA in countries for
which it is not restricted.
US USERS:
As noted above, RSA is patented in the US, with terms preventing
general use without an appropriate license. Therefore the OpenSSL RSA
code may not be used in the US, and has been removed from the version
of OpenSSL carried on US mirror sites. The RSA patent is due to expire
on September 20, 2000, at which time it is intended to add the "full"
RSA code back to the US version of OpenSSL.
However (and fortunately), the RSA patent holder (RSA Security,
[http://www.rsasecurity.com]) has provided a "RSA reference
implementation" toolkit ("RSAREF") which is available for *certain
classes of use*, including "non-commercial use" (see the RSAREF
license [XXX - We should put this on the website too since I can't
find an external URL for it] for the definition of
"non-commercial").
If you meet the conditions of the RSAREF license and wish to build
your OpenSSL sources with RSAREF support, you must first install the
rsaref port in /usr/ports/security/rsaref before (re)building OpenSSL
(e.g. by 'make world'). Please obtain legal advice if you are unsure
of your compliance with the license terms.
IDEA code is also removed from the US version of OpenSSL for patent
reasons.
BINARY INSTALLATIONS
If your FreeBSD installation was a binary installation (e.g. installed
from CDROM, or from a snapshot downloaded from ftp.freebsd.org) and
you selected to install the 'crypto' module, then you will have the
non-RSA capable US version of the OpenSSL code (see above). If you
wish to install another version (US RSAREF, or International) you will
need to obtain and install one of the following packages:
* OpenSSL package with RSAREF support for US users (NOTE: Be sure to
read the license before installing! This is NOT licensed for
general-purpose use!)
ftp://ftp.freebsd.org/XXX
* OpenSSL package for International (non-US) users. This is not legal
for use in the US, but international users should use this one
because the RSA implementation is faster and more flexible.
ftp://internat.freebsd.org/XXX
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSL docs for FAQ
On Tue, 25 Jan 2000, Nik Clayton wrote: > Is this FAQ material, or better off in the installation section of the > Handbook? I'd veer towards the Handbook myself. Seemed like a potential Frequently Asked Question to me, is all. I defer to your superior knowledge of our documentation standards :-) > I can't speak to the veracity of the content, but I can mark it up for > the Handbook as necessary. Thanks! :) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ipfilter and ipfstat
On Tue, 25 Jan 2000, the Webslave wrote: > > Okay, so I finally decided to take the plunge and check out ipfilter. ipf > > seemed to load my ruleset with no problems, but ipfstat dies with: > > > > ioctl(SIOCGETFS): Invalid argument > > And what would that ruleset be? > # Default to deny block in log on tun0 from any to any # Block unroutables block in quick on tun0 from 192.168.0.0/16 to any block in quick on tun0 from 172.16.0.0/12 to any block in quick on tun0 from 10.0.0.0/8 to any block in quick on tun0 from 127.0.0.0/8 to any # Allow us to initiate any outgoing connections pass out quick on tun0 proto tcp/udp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state # Allow incoming trojans pass in quick on tun0 proto tcp from any to any port = 12345 flags S keep state keep frags pass in quick on tun0 proto udp from any to any port = 31337 keep state # Allow loopback pass out quick on lo0 pass in quick on lo0 Note that I haven't been able to test this ruleset for legitimacy yet because I can't interface with ipfstat :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: help! need kernel!
On Thu, 27 Jan 2000, Alexandr Listopad wrote: > there no tools/ dir in /usr/src - why? Because you didn't download it? > doc-all > src-base > src-bin > src-contrib > src-etc > src-gnu > src-include > src-lib > src-libexec > src-release > src-sbin > src-share > src-sys src-tools > src-usrbin > src-usrsbin Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
This is getting ridiculous..
/home/kris/tmp/world/obj/.amd_mnt/freefall/host/c/users/kris/tmp/world/src/alpha/.amd_mnt/freefall/host/c/users/kris/tmp/world/src/gnu/usr.bin/cc/cpp/../cc_int/libcc_int.a(choose-temp.o): In function `choose_temp_base': choose-temp.c(.text+0x218): warning: mktemp() possibly used unsafely; consider using mkstemp() /home/kris/tmp/world/obj/.amd_mnt/freefall/host/c/users/kris/tmp/world/src/alpha/.amd_mnt/freefall/host/c/users/kris/tmp/world/src/gnu/usr.bin/cc/cpp/../cc_fbsd/libcc_fbsd.a(mktemp.o): In function `_gettemp': mktemp.c(.text+0x3f0): undefined reference to `_open' mktemp.c(.text+0x3f4): undefined reference to `_open' *** Error code 1 1 error This is from a freshly checked-out tree on beast, with no local mods outside of secure/. I've verified twice it's up-to-date with CVS.. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: cvs commit: src/secure/usr.bin/openssl Makefile
On Wed, 19 Jan 2000, Kris Kennaway wrote:
> Modified files:
> secure/usr.bin/openssl Makefile
> Log:
> Don't search for libraries in ${LOCALBASE}. This should fix the problems
> people were seeing with conflicts with the openssl port.
I tried to test all of the possible cases here, so I hope this hasn't
broken anyone :-) Internat will follow tomorrow, all being well.
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
kernel breakage from ipfw6?
I get this whenever I try and build a kernel (with or without IPFIREWALL): linking kernel.debug ip6_fw.o: In function `ip6_fw_init': /sys/compile/MORDEN/../../netinet6/ip6_fw.c(.text+0x18a4): undefined reference to `ip6_fw_chk_ptr' /sys/compile/MORDEN/../../netinet6/ip6_fw.c(.text+0x18ae): undefined reference to `ip6_fw_ctl_ptr' *** Error code 1 1 error I've just verified my sources are up-to-date from cvsup3. Kernel config: #$Id: GENERIC,v 1.130 1998/11/03 22:01:21 des Exp $ machine i386 cpu I586_CPU ident MORDEN maxusers32 makeoptions DEBUG="-g" #Build kernel with gdb(1) debug symbols options INCLUDE_CONFIG_FILE # Include this file in kernel options MAXMEM="(48*1024)" options COMPAT_43 options USER_LDT#allow user-level control of i386 ldt options CPU_FASTER_5X86_FPU options CLK_USE_I8254_CALIBRATION options CLK_USE_TSC_CALIBRATION options MSGBUF_SIZE=65536 options SYSVSHM options SYSVSEM options SYSVMSG options INVARIANTS options INVARIANT_SUPPORT options MD5 options VESA# needs VM86 defined too!! options DDB options KTRACE #kernel tracing options UCONSOLE options INET#Internet communications protocols options INET6 options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) options IPSEC_IPV6FWD #IP security tunnel for IPv6 options IPSEC_DEBUG #debug for IP security options PPP_FILTER #enable bpf filtering (needs bpfilter) options PPP_DEFLATE #PPP zlib/deflate/gzip support options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped #packets #optionsIPFILTER #optionsIPFILTER_LOG options ICMP_BANDLIM options FFS #Fast filesystem options MFS #Memory File System options NFS #Network File System options MSDOSFS #MS DOS File System options PROCFS #Process filesystem options FFS_ROOT#FFS usable as root device options SOFTUPDATES options NSWAPDEV=4 options MAXCONS=12 # number of virtual consoles options SC_HISTORY_SIZE=200 # number of history buffer lines options COMPAT_LINUX options P1003_1B options _KPOSIX_PRIORITY_SCHEDULING options _KPOSIX_VERSION=199309L options TCP_RESTRICT_RST options TCP_DROP_SYNFIN options ICMP_BANDLIM pseudo-device loop#Network loopback device pseudo-device bpf 4 #Berkeley packet filter pseudo-device tun 2 #Tunnel driver (user process ppp(8) pseudo-device ppp 2 pseudo-device pty 32 #Pseudo ttys - can go as high as 256 pseudo-device speaker #Play IBM BASIC-style noises out your speaker pseudo-device gzip#Exec gzipped a.out's pseudo-device vn #Vnode driver (turns a file into a device) pseudo-device snp 1 #Snoop device - to look at pty/vty/etc.. pseudo-device splash #device pnp0 device isa0 device pci0 device npx0at nexus? port IO_NPX flags 0x0 irq 13 device ata0 device atadisk0 device atapicd0 options ATA_STATIC_ID device fdc0at isa? port IO_FD1 irq 6 drq 2 device fd0 at fdc0 drive 0 device scbus0 #base SCSI code device cd0 #SCSI CD-ROMs device pass0 #CAM passthrough driver device ahc0 device sio0at isa? port IO_COM1 flags 0x10 irq 4 device sio1at isa? port IO_COM2 irq 3 device pcm0 device sbc0 device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 device psm0at atkbdc? irq 12 device vga0at isa? port ? conflicts device sc0 at isa? "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
USE_OPENSSL update (READ ME!)
I'm hearing precious little feedback about this, guys. I need to know if
this works properly on your 3.x and 4.0 systems so I can get it into the
tree in time for the ports freeze.
This version fixes rsaref support for non-4.0 systems and has a different
hack for the CFLAGS problem if we don't use a configure script. This has
only been necessary so far for pipsecd and seems to fix the problem there.
New patched ports (see http://www.freebsd.org/~kris/openssl):
w3m-ssl
pipsecd (updated)
Kris
Index: Mk/bsd.port.mk
===
RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.326
diff -u -r1.326 bsd.port.mk
--- Mk/bsd.port.mk 2000/01/21 11:08:06 1.326
+++ Mk/bsd.port.mk 2000/01/30 01:45:15
@@ -571,6 +571,47 @@
PREFIX?= ${LOCALBASE}
.endif
+.if defined(USE_OPENSSL)
+.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.a)
+.if ${USE_OPENSSL} == RSA
+_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | /usr/bin/grep RSA_free`"
+.if empty(_HASRSA)
+.BEGIN:
+ @${ECHO} "This port requires RSA crypto, which is not present in your"
+ @${ECHO} "version of OpenSSL. Please see Chapter XX in the FAQ for"
+ @${ECHO} "a description of the problem and alternative solutions."
+ @${FALSE}
+.endif
+.endif
+OPENSSLBASE= /usr
+OPENSSLDIR=/etc/ssl
+# OpenSSL in the base system doesn't include IDEA for patent reasons.
+OPENSSL_IDEA= no
+# XXX Might not valways work - this is a hack
+.if defined(HAS_CONFIGURE)
+CFLAGS+= -DNO_IDEA
+.else
+OPENSSL_CFLAGS+=-DNO_IDEA
+MAKE_ARGS+=OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
+.endif
+.else
+LIB_DEPENDS+= crypto.1:${PORTSDIR}/security/openssl
+OPENSSLBASE?= ${LOCALBASE}
+OPENSSLDIR?= ${OPENSSLBASE}/openssl
+.endif
+.if ${USE_OPENSSL} == RSA && defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref
+# We set this so ports can decide whether or not to link against librsaref
+# and libRSAglue
+OPENSSL_RSAREF=yes
+.endif
+OPENSSLLIB=${OPENSSLBASE}/lib
+OPENSSLINC=${OPENSSLBASE}/include
+MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
+ OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
+RESTRICTED="Contains cryptography."
+.endif
+
.endif
# End of pre-makefile section.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: USE_OPENSSL update (READ ME!)
Ack, this was meant for ports, although the additional testing would certainly be welcome :) Sorry.. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: kernel breakage from ipfw6?
On Sat, 29 Jan 2000, Jim Bloom wrote: > The problem here is that ip6_fw.c is dependent upon INET6 instead of > IPv6FIREWALL. I sent mail to shin a little while ago about the > problem. If you want to compile a kernel in the interim, change the > line for ip6_fw.c in sys/conf/files to > > netinet6/ip6_fw.c optional ipv6firewall > > I believe this is the correct fix in any case. Thanks, this fixes it, but I have INET6 anyway.. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
identcpu.c change causes panic
This commit causes my P5 to panic at boot: kato2000/01/28 23:49:03 PST Modified files: sys/i386/i386identcpu.c Log: Simplify messages of Pentium II, Pentium II Xeon, Celeron, Pentium III and Pentium III Xeon CPUs. If a CPU is one of Pentium II, Pentium II Xeon and Celeron, the message is always "Pentium II/Pentium II Xeon/Celeron". If a CPU is one of Pentium III and Pentium III Xeon, the message is always "Pentium III/Pentium III Xeon". Revision ChangesPath 1.80 +5 -12 src/sys/i386/i386/identcpu.c Copyright (c) 1992-2000 The FreeBSD Project. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. FreeBSD 4.0-CURRENT #16: Sat Jan 29 22:48:36 PST 2000 [EMAIL PROTECTED]:/usr5/src2/src/sys/compile/MORDEN Timecounter "i8254" frequency 1193593 Hz Timecounter "TSC" frequency 120041220 Hz CPU: Pentium/P54C (120.04-MHz 586-class CPU) Origin = "GenuineIntel" Id = 0x525 Stepping = 5 Features=0x1bf "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Still problems with latest ATA
My CDROM still refuses to work with cdcontrol, although the 30-seconds of kernel spinning is now fixed. Trying to play a track gives: acd0: PLAY_BIG - ILLEGAL REQUEST asc=21 ascq=00 error=04 One of my WDC's still falls back to PIO mode at boot time (see previous messages, nothing has changed). If anything has changed in the verbose boot I can provide a copy of it, otherwise all my relevant details are in the archives from previous messages.. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Still problems with latest ATA
On Sun, 30 Jan 2000, Soren Schmidt wrote: > > Trying to play a track gives: > > > > acd0: PLAY_BIG - ILLEGAL REQUEST asc=21 ascq=00 error=04 > > I'll bet this drive doesn't support PLAY_BIG but only PLAY_MSF. > The problem here is that PLAY_MSF's parameters are either in > binary or in BCD, but you dont know which one to use, as this > is screwed in more drives than those missing PLAY_BIG. This drive worked fine under wcd. It would be kind of disconcerting to be told that my CD is no longer supported and I have to buy a new one. > > One of my WDC's still falls back to PIO mode at boot time (see previous > > messages, nothing has changed). > > Its not able to do DMA then, besides cluttering up the console with > the retries, it does work afterwards right ? It works fine afterwards, but according to http://www.westerndigital.com/products/drives/specs/oldspecs/AC26400.html it is certainly DMA-capable. It *does* say, interestingly, that older versions cannot do Ultra ATA 66 (I purchased this as an Ultra ATA 66 drive, but..). I'll see what the diagnostic utility has to say about it. > Send me one, there are a few changed items, I'll see what can be done... Will do tomorrow.. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: identcpu.c change causes panic
On Sun, 30 Jan 2000, KATO Takenori wrote: > It sounds strange. I didn't modify any P5 stuff. > > I attached the patch from 1.79 to 1.80 diff in this mail. > > - Could you try to this patch with the -R option? Yes, when I back out this revision (& nothing else) I can boot fine :-) > - Please report the panic message you got. I'll have to write this down by hand - it didn't look very interesting, though. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: identcpu.c change causes panic - not identcpu.c?
On Mon, 31 Jan 2000, Greg Childers wrote: > A panic also occurred on my Pentium (P54C) 66MHz, but backing identcpu.c > to 1.79 didn't stop the panic. Here is the panic info, copied by hand. (I > hope there are no typos!) Well, I rebuilt a kernel with 1.80 of identcpu.c and it booted fine this time, so it looks like you can ignore my previous report. My best guess is that something in my kernel was out of sync with itself (I built multiple times to try and get the ipfw6 error to go away, perhaps it didn't recompile an object file when it should have). Sorry for the false alarm, Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ipfilter and ipfstat
On Tue, 1 Feb 2000, Guido van Rooij wrote: > ipfstat and its friends (ipf, ipnat and ipmon) now live in /sbin > It might be you are using an old version (these programs used to live in > /usr/sbin but are moved to /sbin to be able to use them early atr > system startup). Aha! This looks to be the case - thanks, Guido! Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: update /etc (mergemaster) prior first boot after update (makeworld) ?
On Tue, 1 Feb 2000, Andreas Klemm wrote: > One additional question... What would be the best time to update > /etc after an update from 3.4-STABLE to 4.0-current ? > > - prior or > - after booting freshly compiled updated system ? Before, because (in general) it may not boot to multiuser mode at all otherwise. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: wired devices under current?
On Tue, 1 Feb 1900, I am not any sort of Fluffy wrote: Please fix your mailer. It is over 100 years old. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: cvsup8.freebsd.org gone?
On Wed, 2 Feb 2000, Maxim Sobolev wrote: > What happed with much-advertised by Polstra cvsup8.freebsd.org cvsup mirror? He advertised shortly thereafter that it had died :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: libcrypto (DES - MD5)
On Thu, 3 Feb 2000, Anders Andersson wrote: > I add a new user, and with 'vipw' I notices that this user now gets a > DES based passwd. (we only use MD5 passwords around). Then I looked in > /usr/lib and noticed that libcrypt now is symlinked to libdescrypt: AFAIK this has always been the way it works: if you install libdescrypt, the system makes the (mistaken) assumption you want DES passwords all the time. For now, just repoint the symlinks and edit out the build of secure/lib/libcrypt - a proper fix might be to add a login class which determines which of MD5 and DES you should use for new passwords, but I won't be able to get that committed until after 4.0. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Will the real libcrypto please stand up?
On Thu, 3 Feb 2000, bush doctor wrote: > I'm a bit confused about the libcrypto situation and need some clarification :) > I'm running -current and rebuilt the apache13-php3 port recently. The port > depends on /usr/local/lib/libcrypto.so.1, however when starting the ssl version > I get the following: Jim Bloom and I are in the process of preparing patches for all of the openssl-using ports. See http://www.freebsd.org/~kris/openssl for some of them, although I haven't added the latest ones Jim has sent me. I don't think the apache13-php3 has been fixed yet. I've had very minimal feedback about these, and none from our Ports Wraith (the change to bsd.port.mk really needs to go into the ports tree asap so we can start fixing them), but I hope to get them all fixed by the ports freeze on the 14th. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ata1
On Sat, 5 Feb 2000, Klaus Herrmann wrote: > options ATA_ENABLE_ATAPI_DMA#Enable DMA on ATAPI devices Try removing this. According to the warning in LINT, this breaks many CDROMs. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Fri, 11 Feb 2000, Mark Huizer wrote: > I installed a fresh 4.0 release candidate this morning, including the > crypto stuff (des, kerberos...). Tried to install openssh from ports > tree as well, but couldn't. It was looking for > /usr/include/openssl/rsa.h which was not there, and I couldn't find a > knob to turn RSA requirement off. Where did you obtain your crypto sources from? You should be using internat.freebsd.org, which should have the RSA header (i.e you should not be using a US mirror site). Can you verify this? I haven't updated the openssh port yet to use the system version of openssl - once it's updated it will point you to a section of the handbook to explain what you need to do first (Chapter 6.5, thanks Jim :-) if it can't build with the version of openssl you currently have. The packages it refers to aren't yet available, because I haven't had the time to build them, but I'll either be doing this tonight or over the weekend. You'll have to rebuild from source as it explains there. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Sat, 12 Feb 2000, Motoyuki Konno wrote: > Related question: > > Are there any plan to distribute USA_RESIDENT=NO version of > des binary distribution? > > If not, non-USA users must rebuilt the crypto libraries from > source to use international-crypto packages. > > The des distribution (des/des.??) of the 4.0 release candidate > does not includes RSA headers nor RSA binaries, because they > were built as USA_RESIDENT=YES. Are you referring to the crypto distribution? Mark Murray ([EMAIL PROTECTED]) is the person you need to talk to about non-US crypto stuff. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Sat, 12 Feb 2000, John Hay wrote: > and to me it looks like rsa.h is included: > > internat:/home/ftp/pub/FreeBSD/releases/i386/4.0-2211-SNAP/des > cat des.?? | >tar -tzvf - | grep rsa > -r--r--r-- root/wheel12208 Feb 12 07:09 2000 usr/include/openssl/rsa.h > > Or is there something that I miss? That looks right. I think the original person was getting their crypto from the wrong place. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Sat, 12 Feb 2000, Poul-Henning Kamp wrote: > Could somebody send a short overview of the "crypto in FreeBSD" > situation ? I bet there are more people than me who have lost > track of what is in, what is out and what USA_RESIDENT changes... See the new chapter 6.5 in the handbook for an explanation of the openssl situation. That's all thats really changed lately. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: openssh install not straight forward: openssl-0.9.4 purportedto be in base, but isn't?
On Sat, 12 Feb 2000, Adrian Steinmann wrote:
> cd /usr/ports/security/openssl
> make -V FORBIDDEN
> "OpenSSL is already in the base system"
> yet it doesn't appear to be.
Yes it is :-) Install the crypto sources from internat.
> This causes openssh to fail likewise because it depends on openssl
> (crypto.1 shared library), the patch below removes that dependancy
> so
> cd /usr/ports/security/openssh
> make USA_RESIDENT=NO
> works after the 3.4 openssl port is installed.
I sent green a patch yesterday (attached) which will allow it to build
properly on all versions of FreeBSD. Since the ports freeze is on monday,
I'll commit it myself if I dont hear back from him before then.
> The real fix would be to really put openssl into the base system.
Thanks, already fixed about a month ago :-)
Kris
Index: Makefile
===
RCS file: /home/ncvs/ports/security/openssh/Makefile,v
retrieving revision 1.43
diff -u -r1.43 Makefile
--- Makefile2000/02/10 12:23:49 1.43
+++ Makefile2000/02/12 07:55:10
@@ -14,7 +14,7 @@
MAINTAINER=[EMAIL PROTECTED]
-LIB_DEPENDS= crypto.1:${PORTSDIR}/security/openssl
+USE_OPENSSL= RSA
.include
CAT?= /bin/cat
@@ -29,13 +29,9 @@
CVS_DATE_!=${ECHO} -n "${CVS_DATE}" | ${SED} 's/[ \t:]/_/g'
CVS_SITES= [EMAIL PROTECTED]:/cvs \
:pserver:[EMAIL PROTECTED]:/cvs
-CRYPTOLIBS=-L${PREFIX}/lib -lcrypto
-.ifdef USA_RESIDENT
-.if ${USA_RESIDENT} == YES
-CRYPTOLIBS+= -lRSAglue -lrsaref
-.endif
-.else
-.error "USA_RESIDENT must be set to 'YES' or 'NO' correctly!"
+CRYPTOLIBS=-L${OPENSSLLIB} -lcrypto
+.if defined(OPENSSL_RSAREF)
+CRYPTOLIBS+= -lRSAglue -L${LOCALBASE}/lib -lrsaref
.endif
# Here, MANDIR is concetenated to DESTDIR which all forms the man install dir...
MAKE_ENV= DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"
Index: patches/patch-ab
===
RCS file: /home/ncvs/ports/security/openssh/patches/patch-ab,v
retrieving revision 1.9
diff -u -r1.9 patch-ab
--- patches/patch-ab2000/02/09 03:28:48 1.9
+++ patches/patch-ab2000/02/12 07:58:06
@@ -1,5 +1,5 @@
Makefile.inc.orig Wed Feb 9 01:00:11 2000
-+++ Makefile.inc Wed Feb 9 01:08:09 2000
+--- Makefile.inc.orig Fri Feb 11 23:56:29 2000
Makefile.inc Fri Feb 11 23:57:56 2000
@@ -2,10 +2,14 @@
.include
@@ -15,7 +15,7 @@
+TCP_WRAPPERS?=yes
+.if !defined(MAKEFILE_INC_FIRST_PASS)
+MAKEFILE_INC_FIRST_PASS= 0
-+CFLAGS+= -I${PREFIX}/include ${INET6FLAGS}
++CFLAGS+= -I${OPENSSLINC} ${INET6FLAGS}
LDADD+= -L${.CURDIR}/../lib -lssh
DPADD+= ${.CURDIR}/../lib/libssh.a
.endif
Re: newer binutils for CURRENT ? Ask H.J. Lu
On Sat, 12 Feb 2000, Daniel Robbins wrote: > URL above, and it seemed to work ok. You *can expect* problems and > challenges integrating 2.95.2 into FreeBSD -- it's like a whole new > compiler. And it *will* cause new compile errors that were not > flagged before. That's just the nature of the new gcc. In the end, > it will be worth it. # gcc -v Using builtin specs. gcc version 2.95.2 19991024 (release) # which gcc /usr/bin/gcc -current has been using 2.95.2 for some time, and yes, it caused new compile errors that were not seen before (especially in ports) :-). Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
OpenSSL packages available
I'm in the process of uploading the i386 and alpha packages for the two US versions of openssl (NORSA & RSAref). As described in chapter 6.5 of the handbook, you can pkg_add these instead of having to do a source-recompile of the openssl stuff (the NORSA package is what you get by default, actually, but if you add OpenSSL-rsaref and then remove it you'll have to add this one back again). These will shortly be moving somewhere on ftp.freebsd.org (Hi jkh :) but in the meantime you can get them from http://www.freebsd.org/~kris/openssl Hopefully international versions of the packages should be appearing soon on ftp.internat.freebsd.org Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: /usr/ports/ too big?
On Thu, 10 Feb 2000, Christopher Masto wrote: > I've often thought that it might be better if each port were a single > tar file or something instead of the 30+ files that many of them now > contain. From there, it seems like a straightforward step to not keep > the tar files on your machine, much like you don't keep the distfiles. > "make-port xmms" or whatever could go out and grab the xmms port tar > file from ftpX.freebsd.org, extract it to the appropriate place, then > do a make as usual. Sorry if this has already come up - I haven't read the rest of this monster thread yet, but the portcheckout port does exactly this. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Marathon
On Thu, 24 Feb 2000, Jeffrey J. Mountin wrote: > So when is this event scheduled to end, so we can go for a test drive? > > 57^H^H61 commits to -current and counting... The last message to show up in the series said Mark was finished and about to collapse unconscious, so I guess that means "let the bug reports begin"! Please check that your bug hasn't already been reported before mailing, though, eh? Making Mark pass out again in fright due to 3000 new messages in -current when he wakes up won't help anyone, least of all him :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: openssh uses /etc (bad)
On Fri, 25 Feb 2000, Ollivier Robert wrote: > I just saw that openssh (thanks Mark!) is using /etc/ for its configuration > file. As the author of the "--with-etcdir" option of SSH (back in '96) and > for the sake of consistency, I'd like to create a /etc/ssh directory and > move everything there. In case you hadn't already found out, Peter fixed this. > We have /etc/ssl, /etc/mail, /etc/ppp, /etc/uucp and the ssh2 port uses > /etc/ssh2 so it is only natural to use /etc/ssh. > > BTW manual build in /usr/src/crypto/openssh (i.e. outside buildworld) is > rather broken but I'm sure Mark will look at that. crypto/ is the analogue of contrib/ for crypto code. You're not supposed to build there..look under secure/. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: buildworld failed in libpam due to crypto changes.
On Sat, 26 Feb 2000, Munehiro Matsuda wrote:
> Hi all,
>
> Buildworld failed due to crypto related changes in libpam.
> With following patch, buildworld and installworld went successful for me.
This patch looks correct to me, with one change. However I think the
pam_ssh module needs to go under secure/ with the rest of the crypto code
because of export restrictions (I know the regulations changed, but we
dont yet have a legal ruling on it).
> -.if !defined(NO_OPENSSL)
> +.if exists(${.CURDIR}/../../../crypto) && !defined(NO_OPENSSL)
.if exists(${.CURDIR}/../../../crypto) && !defined(NO_OPENSSL) &&
!defined(NO_OPENSSH)
NO_OPENSSL should imply NO_OPENSSH since the latter depends on the former,
but we also use NO_OPENSSH in other places to turn it off more finely.
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: openssh: fatal: rsa_private_decrypt() failed
On Fri, 25 Feb 2000, Alfred Perlstein wrote: > Can anyone working on the recent sshd black magic linkage stuff please > step up and explain? > > Or shall i move it to network_pass4? Please just let mark fix it..don't want the too many cooks problem :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
OpenSSH /etc patch
Does this patch fix the problems people are seeing? It also generates the
hostkey if it doesnt exist.
Oops, the NO_DESCRYPT line in the /etc/defaults/make.conf patch shouldn't
be committed yet..I'm still testing that one.
Index: rc
===
RCS file: /home/ncvs/src/etc/rc,v
retrieving revision 1.211
diff -u -r1.211 rc
--- rc 2000/02/23 18:05:57 1.211
+++ rc 2000/02/26 07:18:54
@@ -301,6 +301,15 @@
;;
esac
+# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
+# so we do it unconditionally on sshd_enable.
+#
+if [ ! -f /etc/ssh/ssh_host_key -a -x /usr/bin/ssh-keygen ]; then
+ echo 'generating an SSH host key:'
+ /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
+ echo ' done.'
+fi
+
if [ -n "${network_pass2_done}" ]; then
network_pass3
fi
@@ -391,6 +400,15 @@
[Yy][Ee][Ss])
if [ -r /etc/mail/sendmail.cf ]; then
echo -n ' sendmail';/usr/sbin/sendmail ${sendmail_flags}
+ fi
+ ;;
+esac
+
+case ${sshd_enable} in
+[Yy][Ee][Ss])
+ if [ -x ${sshd_program:-/usr/sbin/sshd} ]; then
+ echo -n ' sshd';
+ ${sshd_program:-/usr/sbin/sshd} ${sshd_flags}
fi
;;
esac
Index: rc.network
===
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.71
diff -u -r1.71 rc.network
--- rc.network 2000/02/24 23:12:04 1.71
+++ rc.network 2000/02/26 05:49:08
@@ -603,13 +603,6 @@
;;
esac
- case ${sshd_enable} in
- [Yy][Ee][Ss])
- echo -n ' sshd';
- ${sshd_program:-/usr/sbin/sshd} ${sshd_flags}
- ;;
- esac
-
echo '.'
network_pass3_done=YES
}
Index: defaults/make.conf
===
RCS file: /home/ncvs/src/etc/defaults/make.conf,v
retrieving revision 1.92
diff -u -r1.92 make.conf
--- defaults/make.conf 2000/02/24 23:08:17 1.92
+++ defaults/make.conf 2000/02/26 05:56:04
@@ -27,10 +27,11 @@
#PERL_THREADED=true
#
# To avoid building various parts of the base system:
-#NO_SENDMAIL= true
#NO_CVS= true
+#NO_DESCRYPT= true# Don't build a DES libcrypt
#NO_OPENSSH= true
-#NO_OPENSSL= true
+#NO_OPENSSL= true# Implies NO_OPENSSH
+#NO_SENDMAIL= true
#
# To tell the base system that you are using RSAREF (from ports).
# (This needs revisiting) - it is very likely that this is too
Index: defaults/rc.conf
===
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.51
diff -u -r1.51 rc.conf
--- defaults/rc.conf2000/02/24 23:08:19 1.51
+++ defaults/rc.conf2000/02/26 05:40:20
@@ -124,9 +124,9 @@
pppoed_provider="*"# Provider and ppp(8) config file entry.
pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
pppoed_interface="fxp0"# The interface that pppoed runs on.
-sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
-sshd_enable="NO"# Enable sshd
-sshd_flags="" # Additional flags for sshd.
+sshd_enable="NO" # Enable sshd, if installed.
+sshd_program="/usr/sbin/sshd" # Path to sshd, if you want a different one.
+sshd_flags="" # Flags to sshd (if enabled).
### Network Time Services options: ###
timed_enable="NO" # Run the time daemon (or NO).
Index: mtree/BSD.root.dist
===
RCS file: /home/ncvs/src/etc/mtree/BSD.root.dist,v
retrieving revision 1.45
diff -u -r1.45 BSD.root.dist
--- mtree/BSD.root.dist 2000/02/25 14:18:48 1.45
+++ mtree/BSD.root.dist 2000/02/26 07:19:44
@@ -28,8 +28,8 @@
monthly
..
..
- ssh
- ..
+ssh
+..
ssl
..
gnats
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH /etc patch
yOn Sat, 26 Feb 2000, Jordan K. Hubbard wrote:
> > +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> > +# so we do it unconditionally on sshd_enable.
>
> Are you sure ssh requires a host key? I could have sworn this was
> entirely related to sshd and could thus be lumped into the same
> "if sshd_enable=YES" clause.
The code does not lie :-)
>From ssh.c:
/*
* If we successfully made the connection, load the host private
key
* in case we will need it later for combined rsa-rhosts
* authentication. This must be done before releasing extra
* privileges, because the file is only readable by root.
*/
if (ok) {
host_private_key = RSA_new();
if (load_private_key(HOST_KEY_FILE, "", host_private_key,
NULL))
host_private_key_loaded = 1;
}
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH /etc patch
On Sat, 26 Feb 2000 [EMAIL PROTECTED] wrote: > But this means that ssh must be setuid root. Some of us insist on *not* > using rsa-rhosts authentication, and install ssh without any privileges. > > Looks to me like we need a couple of alternatives here. If you want to tinker with the file permissions, can't you deal with the fact that the startup scripts will create a host key for you the first time you boot with it installed? What do you want alternatives to? Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH /etc patch
On 26 Feb 2000, Bjoern Groenvall wrote: > Right, the code does not lie (if ssh is setuid root). But, if the host > key has not yet been created, then no host can have the public key and > thus rsa-rhosts authentication won't work anyways. It is not required > to run ssh-keygen to make ssh work, Sshd still requires the host key > to operate. I don't follow you - if no host key is generated, then you can't ever use the RSA-rhosts authentication mechanism to log into another server until you do. Thus part of ssh's functionality is broken until you generate that key, so we do it for you the first time you boot. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH /etc patch
On Sat, 26 Feb 2000 [EMAIL PROTECTED] wrote: > > If you want to tinker with the file permissions, can't you deal with the > > fact that the startup scripts will create a host key for you the first > > time you boot with it installed? > > As long as there is an easy way of running ssh without any special privs, > I'm happy. ssh 'seemed to work' when not setuid. I could log in using RSA authentication as well as password-based, but didnt try much else. >From /usr/src/crypto/openssh/OVERVIEW: - The client is suid root. It tries to temporarily give up this rights while reading the configuration data. The root privileges are only used to make the connection (from a privileged socket). Any extra privileges are dropped before calling ssh_login. This comment doesn't seem to be completely accurate given what I earlier posted from the code (it's also used for RSA-rhosts authentication), but for most purposes you can safely remove the setuid flag. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Build World dies....
On Sat, 26 Feb 2000, Ben Smithurst wrote: > William Woods wrote: > > > Grr..cant say I like that idea, I would like to have them both... > > Oh. You *have* cvsup'ed the cvs-crypto collection, right? I think that's > the one you need. You need: src-crypto src-secure Are you still having the problem with the latest sources? Peter made some more changes last night. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
NO_DESCRYPT patch
This is something which has been requested a fair bit..it will disable the
building of the DES CRYPT libraries even if you have the crypto sources
installed, so you can e.g. get OpenSSL/OpenSSH without having to deal with
the pitfalls of libdescrypt. It seems to work fine for me..if I hear any
other positive feedback I'll commit it.
Kris
Index: lib/Makefile
===
RCS file: /home/ncvs/src/lib/Makefile,v
retrieving revision 1.106
diff -u -r1.106 Makefile
--- lib/Makefile2000/01/21 02:00:53 1.106
+++ lib/Makefile2000/02/26 05:30:38
@@ -43,7 +43,7 @@
.endif
_libcrypt= libcrypt
-.if exists(${.CURDIR}/../secure) && !defined(NOSECURE) && !defined(NOCRYPT)
+.if exists(${.CURDIR}/../secure) && !defined(NOSECURE) && !defined(NOCRYPT) &&
+!defined(NO_DESCRYPT)
# Build both libraries. They have different names, so no harm,
# and this avoids having stale libscrypt.*
_libcrypt+=../secure/lib/libcrypt
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
