Re: Recommendation for Beowulf/Apache Setup

2009-05-07 Thread Will Maier
Hi Vivek-

On Thu, May 07, 2009 at 09:36:17AM -0700, Vivek Ayer wrote:
> 1 OpenBSD Router running 4.5 routing to a subnet of 13 nodes running
> FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql server and the
> 12 nodes will run apache running LAMP-like services. The router will
> round-robin using hoststated for load-balancing.

There are some FreeBSD clusters out there (NCSA has one, IIRC), but
they're certainly not as common as Linux. If your users can run on
FreeBSD, you might as well use it. If their code is all Linuxy (and lots
of cluster and -- even more so -- grid code make silly assumptions like
that), you should give them a platform that they can easily use.

> However, they will serve an additional task: The master mysql server
> will be head node for MPI jobs delivered to the 12 nodes. Basically,
> this setup will double up as a beowulf and web server. Is this
> efficient? I imagine the MPI jobs won't be running all the time and
> while they're up, might as well do something.

This might work. But you're setting yourself up for contention and
degraded service to at least one set of users. Do the people who care
about perfomance of your LAMP stack mind waiting a bit while MPI jobs
chew memory and network bandwidth? Do your MPI users mind if their jobs
take longer to complete while your LAMP stuff is getting pounded?

With regard to MPI, what sort of interconnects will your execute nodes
have? MPI wants lots of bandwidth between nodes and regular gigabit
might not cut it (depending on your users' applications).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*



[OT] Re: Recommendation for Beowulf/Apache Setup

2009-05-07 Thread Will Maier
Hi Vivek-

This has gone decidedly off topic...

On Thu, May 07, 2009 at 12:05:35PM -0700, Vivek Ayer wrote:
> I was going to start small given the budget I have. Eventually, I'd
> like dedicate a gigabit switch for HTTP traffic and Infiniband for
> compute traffic. At first, I don't expect too much MPI work to be
> done, but I've heard FreeBSD performing better under duress than linux
> as the number of HTTP threads increases.
[...]
> The final option would be to divide and conquer: 6 for HTTP, 6 for
> computing, but my reasoning is why not scale for HTTP as much as
> possible.

This is really the only reasonable approach. No one would run a
production web service on top of a parallel computing cluster unless
they had to. Remember that your execute nodes will run random jobs from
random users -- do you want that on a box that hosts a critical database
or webserver? The scenario is worse if you participate on a grid.

As always, use the best tool for the job. As you've noticed, OpenBSD
will do well managing your network. Frankly, in most cases it also
makes for an excellent database or webserver. As for the execute nodes,
run Linux on them unless you have some reason (user requirements,
demonstrated performance gains, etc) to do otherwise.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*



Re: Separate desktop list?

2009-06-08 Thread Will Maier
Hi Bill-

On Mon, Jun 08, 2009 at 04:33:56PM +0200, Bill Maas wrote:
[...]

> Granted, only the last one is a potential GNOME bug, but they're
> definitely all "desktop". These occur on _my_ machine, I don't know
> if these quirks are universal and reproducible, hence the need for
> discussion before firing bug reports at maintainers.

You don't need to show that the failure is universal to make it worth a
note to the maintainer. If you can reproduce it (and you're running a
reasonably configured system without any frankentweaks), send a message.
If the maintainer can't help you (or times out), contact po...@.

> I've been reluctant to post a message each time I encounter an issue
> like these, because I know (and strongly agree) that desktop isn't
> OpenBSD's core business. 

There certainly are developers for whom OpenBSD-on-the-desktop matters
very much.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*



Re: Automated service/daemon management

2009-06-09 Thread Will Maier
On Tue, Jun 09, 2009 at 02:06:59PM -0400, (private) HKS wrote:
> The much larger problem, though, is with starting/stopping/restarting
> services. Say I add spamd as an enabled service on host1. For my
> scripts to start it properly, I have to replicate the code already in
> /etc/rc defining how spamd starts. This is prone to errors and runs
> the risk of breaking on upgrades. Restarting services that need more
> than a HUP is also a chore. As for stopping, some services like
> postgresql need some careful attention. This means replicating code
> from /etc/rc.shutdown.

You can make this easier in rc.local by using a construct along the
lines described here:

http://erdelynet.com/tech/openbsd/rclocal-trick/

> I've looked at adding some stupid delimiters to /etc/rc,
> /etc/rc.local, and /etc/rc.shutdown so I can just pull in the
> necessary chunks, but I'm wondering if there's anything available
> that's more elegant and won't break on every upgrade.

It sounds like using rc.d would be better suited to your
environment. FreeBSD and NetBSD both use rcorder(8), which runs well
on OpenBSD. Hook that into your rc.local and write/manage init
scripts under /etc/rc.d.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*



Re: Best way to automate administration of multiple servers

2007-11-14 Thread Will Maier
On Wed, Nov 14, 2007 at 07:45:06PM +1100, Mikel Lindsaar wrote:
> 1) Create images or post install diffs so that if I need to add a
> blade to expand, I put it in, connect via the console, install via
> PXE and then download the diff - I know you can do this wth the
> post install scrips in OpenBSD's install script, but any real
> world use of this, things to avoid or good things to do?

cfengine[0] (which we use at work to manage ~500 Linux machines) or
radmind (which I use at home to manage my OpenBSD servers,
workstations and laptops).

There are at least two schools of thought on how one should manage >
1 machine. cfengine is the most popular convergent tool, where you
specify an ideal state using a declarative language and the clients
iterate towards that state. radmind is the most useful congruent
tool, where you specify (or directly imply) the exact sequence of
operations that each client must perform to reach an ideal state.

I've used both approaches for years, and I greatly prefer radmind
both for its simple design and the implicit guarantees of
congruence. See below for references on each:

http://www.cfengine.org/papers.html
http://www.infrastructures.org/papers/turing/turing.html

> 2) Keeping 10 - 20 copies of OpenBSD up to the latest patch levels
> without having to do more than trial on one (for each type) and
> then for the rest type something as trivial as "/bin/sh -x
> update.sh" rotating through the servers and testing as you go?  I
> can see myself spending two days a month otherwise doing upgrades
> on all the servers.

Same as above.

> 3) Guides on how to manage the logs of this many servers.  Any
> experiences with splunk on this sort of environment, other
> options?

Log centrally using syslog; syslog-ng is a well-used central log
server.

[0] http://www.cfengine.org/
[1] http://rsug.itd.umich.edu/software/radmind/

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Best way to automate administration of multiple servers

2007-11-14 Thread Will Maier
On Wed, Nov 14, 2007 at 02:30:34PM +, Edd Barrett wrote:
> On 14/11/2007, Mikel Lindsaar <[EMAIL PROTECTED]> wrote:
> > Hello all,
> > I want to automate handling them as much as possible and would like
> > some list suggestions on reading materials, software, or web howtos.
> 
> The multixterm program that comes with expect is useful for ssh'ing to
> lots of machines and running the same commands on them all.

See also sysutils/clusterit, which has several tools useful for this
purpose. I use dsh to run oneliners on groups of machines, though
you can use it interactively, too.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: What is our ultimate goal??

2008-02-17 Thread Will Maier
On Sun, Feb 17, 2008 at 04:18:16PM +0100, Zbigniew Baniewski wrote:
> On Sun, Feb 17, 2008 at 09:50:21AM -0500, William Boshuck wrote:
> > I can imagine one response:  Port whatever it is, or else
> 
> That cannot be a valid response, when given to the _user_.

You don't get it. This system isn't for you, even if you donate a
bazillion dollars. This system is for the people who make it. Time
and again, the people who make it have very clearly explained that
they have no intention of making silly changes just to please or
expand the user base.

For some reason, new users sometimes seem to have a hard time
understanding or accepting this concept. I suggest you spend some
time thinking about it before you fuel the next time-wasting
flamefest.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Possible discrepancy between sshd_config(5) and ssh-agent(1)

2008-03-13 Thread Will Maier
On Thu, Mar 13, 2008 at 02:07:57PM +0200, Lars Nood'en wrote:
> http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1
>  ssh-agent(1)
>...
>  -t life
>   Set a default value for the maximum lifetime of
>   identities added to the agent.  The lifetime may
>   be specified in seconds or in a time format
>   specified in sshd_config(5).  A lifetime
>   specified for an identity with ssh-add(1)
>   overrides this value.  Without this option the
>   default maximum lifetime is forever...

Both this reference and the quoted reference in ssh-add(1) refer to
a _time format_ defined in sshd_config(5), not a keyword. Look in
sshd_config(5) under TIME FORMATS.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Forcing ports install

2008-04-02 Thread Will Maier
On Wed, Apr 02, 2008 at 10:33:00PM +1000, N J wrote:
> Basically my question is how do I get the port to install without
> having to remove then old package and dependencies first?  I'm
> trying to build pidgin out of the ports tree.

See bsd.port.mk(5) -- specifically, look at the update (or
reinstall) target. Folks using ports should be pretty familiar with
things like bsd.port.mk(5) and ports(7), though. Is there a reason
you're not using packages from the mirrors?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: how to get new port versions when following 4.0-patch

2006-12-11 Thread Will Maier
On Mon, Dec 11, 2006 at 01:12:15PM +0100, Robert Urban wrote:
> Is there any "supported" way of getting 0.88.6 via ports? 

If you're following the -stable branch, you will receive security
(and, as of late, some feature) updates to your ports tree. If you
want/need a feature that isn't backported to -stable but is in
-current, you have to do the (unsupported) backporting yourself.

> Or are people running production systems installed from -RELEASE
> versions never supposed to benefit from newer port versions?

You get the new ports when you update your system to the next
release.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Errors Compiling OpenOffice

2006-12-17 Thread Will Maier
On Sun, Dec 17, 2006 at 08:22:05AM -0500, Jim Michael wrote:
> I apologize.  I incorrectly reported that I am using stable.  I
> did upgrade ports to -current on 12/16 before make install.  

Did you also upgrade your base system to -current?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: revision control system for system administration

2006-12-19 Thread Will Maier
On Tue, Dec 19, 2006 at 03:00:04AM -0700, Clint Pachl wrote:
> I would use a dedicated, highly secure and always backed-up box to
> store/manage a central repository (CVS/SVN). This repos will hold
> all the necessary bytes (binaries, config files, ports, etc.) to
> "re-image" any machine from scratch. Each node on the network
> would then "pull" everything it needs from the central repos using
> method X. That's the part I'm trying to figure out. I want the
> whole automation system to be simple and would like to use only
> default tools.

I think I understand the reason why you want this ('only default
tools'). That said, there are good reasons that specialized tools
exist to solve this problem: it's complex. You want your install and
configuration management system to be robust; something hacked out
of whatever happens to be in base seems potentially quite fragile.

A pull-only system assumes that the clients actually pull. What if
they don't? How do you know when their last successful pull was? If
all they're doing is pulling, do you need eg one pf.conf file per
client? How many clients do you have? How many might you have in a
year? two years? Using a client imaging system as the sole
configuration management system is heavy-handed and inflexible --
you'll find lots of situations where you want more control over who
gets what file (or what action occurs where).

cfengine was mentioned elsewhere in this thread, and it's the most
prominent FOSS configuration management thingy that I'm aware of.
It's got warts, but it's widely used and mostly solves the problems
you're looking to solve. I've worked at large sites that used
cfengine, and large sites that used hacked imaging systems based on
rsync or rdist. I quickly came to understand and appreciate _why_
cfengine exists, even if I also started a list of Things I Don't
Really Like About CFengine. It's a mixed bag, but in my experience,
the warts are worth it.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: revision control system for system administration

2006-12-19 Thread Will Maier
On Tue, Dec 19, 2006 at 05:44:45AM -0700, Clint Pachl wrote:
> So your're saying cfengine would need to be included in an install
> set, such as base40.tgz or some custom install set in order to be
> used in a base install (an obvious yes)? So how do we automate to
> that point? I would like to automate the install process, as well
> as the upgrade process. What do you do when you need to install 50
> machines? I may be wrong, but if cfengine can take me from a bare
> bones system to a fully function server, let me know.

I assume you've already checked the FAQ:

http://www.openbsd.org/faq/faq4.html#site
http://www.openbsd.org/faq/faq4.html#Multiple

> I am currently working on the automated install script and it is
> fairly simple. In fact, once it is setup and talking to a central
> repository for install purposes, making it also perform system
> updates will be a breeze.

cfengine isn't an automated installer; it's a configuration
management thingy. At my previous job, we used kickstart (solaris)
and FAI (debian) to automate the installation, and cfengine to
manage post-install configuration.

> I will look into cfengine. I always figured it was one of those
> bloated apps that did about 90% of what you needed, dropping the
> ball on the last and most complex 10%. For that last 10% you
> usually end up building a custom solution. Can others comment on
> cfengine? How many managed boxen? What are its quirks, pros, cons?

We manage several thousand compute and storage nodes in a dozen or
so labs with cfengine in our grid; in my department, we manage maybe
600 CPUs. We use it to install complicated software (eg dCache,
which requires java and postgres and all sorts of badnesses), sync
user accounts/uids, etc. cfengine is the best thing available, but
it's not perfect. I've looked briefly at the obvious alternatives
(bcfg2, puppet), but wasn't impressed. radmind (also in ports) might
work for some sites; I haven't had time to really evaluate it.

I and others have already mentioned some benefits of cfengine --
other advantages should be obvious by now. As for drawbacks, you
should know that cfengine is declarative, so some procedural tasks
(like, in our case, installing dCache) are a bit trickier than I
wish they were. There are some problems with the upstream code, too
(string handling) that have been kludged-around in the OpenBSD port.
Lastly, cfengine2 has been evolving for a while, so it's a bit
crufty and at times befuddling. cfengine3 will (hopefully) address
this problem with a rewrite, but that's still years away.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: revision control system for system administration

2006-12-19 Thread Will Maier
On Tue, Dec 19, 2006 at 06:23:16AM -0700, Clint Pachl wrote:
> I'm not so convinced it is that complex on a homogeneous OpenBSD
> network. OpenBSD is a very manageable system, such as the entire
> OS contained in compressed tarballs for easy extraction and the
> flexible ports system. Both of these entities are easily
> scriptable. Then all there is to worry about is system configs and
> custom binaries, which can be easily managed by CVS. A hierarchal
> CVS structure can be built to mange global (all nodes in network),
> group (groups of similar servers), and single (things specific to
> a node, like /etc/myname) nodes. You apply global settings first,
> overwriting with more specific settings.

You now have an asston of files to keep track of. We did this _exact
thing_ using rsync at my previous job. It sucked. We moved to
cfengine. It sucked less.

> If you implement a "push" system, how do you know if something was
> actually pushed? What if something was pushed, how do you know the
> "pushee" did the right thing with what it was given? This argument
> goes both ways, but solved simply. A system should report what it
> does after it pushes or pulls. The other end should also report.
> So if the results show someone is pushing, but no one is pulling
> or visa-versa, you have a problem. This system could be
> implemented using mail or central syslog.

My point wasn't that it's not possible, but that you have to do it
yourself. There are lots of details that make these management
systems reasonable; if you're building your own, you've got a lot of
work cut out for you. And if you make a mistake, things hit the fan
rather quickly. It's not fun, and, in a lot of cases, not necessary.

[...]
> This is what I don't like to hear:  as you say, "It's got
> worts...", "mostly solves the problems.." Why not build something
> that has no worts and solves all problems all the time to your
> specs. And most importantly, I use OpenBSD because of its
> simplicity and robustness and I like my tools to act the same. I
> guess I haven't heard enough good about cfengine to pique my
> interest in it.

I gave up looking for perfect software a long time ago. Everything I
use -- including OpenBSD -- has bugs. I accept that. I agree that
finding the simplest solution to a problem is a good approach, but I
haven't found that designing and implementing a brand new
configuration management scheme is ever a simple approach, and I've
designed a couple in-house ones before. These days, I look for what
sucks the least, and improve it as best I can to meet my needs.

There are presentations every year at conferences like LISA about
the state of configuration management, and it's getting better. But
all of those systems have problems, and the one you plan to build
will have problems, too. People have been working on this for
decades, now, and it's not an easy problem to solve. Perhaps your
site/case is relatively straightforward and you can come up with a
compact solution that works for you. That'd be cool. 

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: revision control system for system administration

2006-12-20 Thread Will Maier
On Wed, Dec 20, 2006 at 02:31:09PM +, Brian Candler wrote:
> That makes a lot of sense. But enforcing that policy might be
> difficult. This is important if you're relying on your gold server
> for disaster recovery purposes - if the target machines had some
> change made which nobody remembers and weren't reflected in the
> gold server, then any freshly-built machines will be
> non-functional.

This is a cultural problem, but there's an adequate technical
solution: aggressively sync the client machines. Admins quickly
learn to make changes in the central when their changes get blown
away every hour.

At my last job, we used cfengine to manage a handful of Solaris
zones that bounced around a cluster of machines. Each zone would be
built and destroyed every time it moved from one machine to the
other, so any non-cfengine changes made to the system would be lost.
We hadn't been using cfengine for very long, but everyone picked up
on it quite rapidly. ;)

cfengine (and other configuration management thingies, I suppose)
can alert you when key files change. So if someone's mucking around
with /etc/rc on the machine, cfengine can back it up, put in the
'gold' copy, and whine about it.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Groklaw artical about the BSD license

2007-01-16 Thread Will Maier
On Tue, Jan 16, 2007 at 10:44:54PM +0100, Vim Visual wrote:
> btw are you using X? and if so, which wm? most of them are under
> the gpl, right? this must hurt if you're such a bsd license
> defender...

Stop baiting the list. 

Also, not that it's related to anything, but there are a number of
BSD-licensed WMs, several of which can be found in the ports tree.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: p5-MIME-tools-5.420.tgz

2007-01-17 Thread Will Maier
On Wed, Jan 17, 2007 at 06:36:31PM -0800, sausted wrote:
> I am trying to install p5-MIME-tools-5.420 using pkg_add but I keep getting
> the following error:
> 
> p5-MIME-tools-5.420:Can't find p5-Convert-BinHex-1.119
> /usr/sbin/pkg_add: p5-Convert-BinHex-1.119:Fatal error
> 
> I am new to OpenBSD...could someone help me?

Did you read the FAQ[0] and pkg_add[1] man page? Is PKG_PATH set
correctly in your environment?

[0] http://www.openbsd.org/faq
[1] http://www.openbsd.org/cgi-bin/man.cgi?query=pkg_add, pkg_add(1)

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Virtualisation on OpenBSD?

2007-01-24 Thread Will Maier
On Wed, Jan 24, 2007 at 08:02:01AM -0800, Lawrence Horvath wrote:
> I tried looking for source but was unable, vmware is a closed
> source as far as i can tell(please correct me if im wrong, as i
> like to get hold of the source) when i was looking for it online
> you have to download the binarys, and you have to email in for a
> serial number to use it, they also have higher up pay-for
> versions, with more features

VMware is closed source.

http://www.vmware.com/download/eula/workstation.html

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: packages question

2007-01-29 Thread Will Maier
On Mon, Jan 29, 2007 at 02:56:44PM -0800, Daniel E. Hassler wrote:
> Is it reasonable to assume all of the dependencies for a package
> should also be available as either packages or via ports?

Yes. Some ports have licenses which prohibit redistribution as
packages, though, so N(ports) > N(packages).

> I'm trying to install p5-Mail-Box-2.018.  - "p5-Mail-Box-2.018:Can't 
> find p5-Convert-BinHex-1.119"
> I can't find p5-Convert-BinHex-1.119 in either packages or ports.
> p5-MIME-tools-5.420 has the same dependency.

How are you looking?

$ man 7 ports
$ cd /usr/ports
$ make search name="BinHex"
Port:   p5-Convert-BinHex-1.119p1
Path:   converters/p5-Convert-BinHex
Info:   module to extract data from Macintosh BinHex files
Maint:  The OpenBSD ports mailing-list 
Index:  converters perl5
L-deps:
B-deps:
R-deps:
Archs:  any

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Can OpenBSD do what BusyBox does?

2007-03-21 Thread Will Maier
On Wed, Mar 21, 2007 at 11:04:32PM +1100, Sunnz wrote:
> I doubt if OpenBSD can be replace it on the router... but if you
> has done so it be cool to know how you made it work.

It would help if you mentioned what hardware you're running on...

OpenBSD is an operating system; Busybox is a single executable that
rolls many common *nix utilities into one. They're totally
different things. Busybox doesn't have a kernel or a packet filter
(or a web server, or a...), so I don't know what the point of
comparing them is.

If you want to run OpenBSD on your router, you'd need to tell us
what hardware you're using, though I haven't heard of anyone
installing OpenBSD on something like the Linksys WRT54G. If you want
to run an OpenBSD router, grab a Soekris or an old i386 and install
OpenBSD on it. Many, many people do this; it works well.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Problem on installing new packages

2007-03-26 Thread Will Maier
On Mon, Mar 26, 2007 at 11:31:56PM +0800, Stephen Liu wrote:
> > On 2007/03/26 23:14, Stephen Liu wrote:
> > > 250 CWD command successful
> > > ftp> exit
> > > 221 Goodbye
> > 
> > try 'ls' too; it will open a data channel. certain
> > firewall/nat-related problems will allow the command channel to
> > open but not the data channel.
> 
> # ls
> .Xauthority .cshrc .klogin .login .profile .ssh
> 
> Other noted wit tks.

Is that in a shell? or during your FTP session? Simply running
/bin/ls in your shell isn't helpful. Stuart wanted you to use FTP's
data channel to make sure that you could fully communicate with the
server. I doubt he cares what files you have in your home directory.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: sshd.config and AllowUsers

2007-03-26 Thread Will Maier
On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote:
> I want to add something like this:
> 
> AllowUsers user1, user2, user3
> 
> I added that in but also with an # in front like all the other
> entries. Now I find that I can still ssh to the box with a user
> acct that I didn't include in the entry. Should it be in there
> without the #? 

Yes. sshd_config(5)

> And if so, do I also then have to uncomment all the other
> entries??

No, they're the default settings.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



cron doesn't run commands in /etc/crontab?

2007-03-28 Thread Will Maier
According to cron(8), cron should be able to read commands from a
properly formatted and chmoded /etc/crontab file. I've created such
a file, but I can't seem to get cron to run the test command in it.

# cat < /etc/crontab
*/1  *   *   *   *   /usr/bin/touch /tmp/crontest
EOF
# chmod 0600 /etc/crontab

cron then successfully loads the changes made to that file:

Mar 28 07:23:01 lass cron[11652]: (*system*) RELOAD (/etc/crontab)

I can also verify that the system file is loaded by watching the
output of `cron -x load`. The command is valid per crontab(5) and
works when inserted in root's tab using `crontab -e`.

After the system tab is reloaded, cron fails to run any commands
listed there: no CMD messages are logged (or seen in the debugging
output) and the file is never touched.

I've tried to get this to work on a semi-recent -current/i386 as
well as the latest snapshot (also i386) with no luck. I browsed the
code, but didn't see any obvious problems.

Any ideas?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: cron doesn't run commands in /etc/crontab?

2007-03-28 Thread Will Maier
On Wed, Mar 28, 2007 at 03:58:35PM +0200, Paul de Weerd wrote:
> Reread crontab(5), the /etc/crontab has a slightly different
> format (to specify username).

Oh. ;) Quite right -- thanks for the cluestick.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Problem: Raid mounting root as read-only, and not from the partition desired...

2007-04-07 Thread Will Maier
On Sat, Apr 07, 2007 at 12:11:23PM -0700, Merp.com Volunteer wrote:
> Considering all the workarounds to even just getting
> python/zope/plone to install, let alone the list of other
> bugs/issues related to that config on openbsd (that hasn't been an
> issue on other bsd and nix setups for us), as well as the
> scattered knowledge/experience of openbsd in the volunteer group
> (whereas most are familiar with Linux), should we just abandon the
> entire effort of converting to openbsd and just stick with Linux?

You sound like a Linux shop. It doesn't sound like your group has
sufficient background to migrate whole-hog to OpenBSD (or Solaris,
or AIX, or Windows). What problem are you trying to solve by
migrating to OpenBSD?

> Or will there be sufficient support from the openbsd community to
> help us get through the entire trainsition to openbsd?

This list (and the other various parts of the user and developer
communities) is a great resource, but it shouldn't be part of your
migration plan. From what you've described, OpenBSD is a fine
technical solution to your problem. But with your group, it doesn't
sound like you can make it work in the time you have. Migrations are
big, scary things, and they need planning and experience. Even a
great list like this can't be the cornerstone of your plan.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Binary kernel and base update

2007-04-09 Thread Will Maier
On Tue, Apr 10, 2007 at 01:43:56AM +0200, [EMAIL PROTECTED] wrote:
> I have noticed that the OpenBSD team puts a lot of emphasis on
> using binary packets rather than building from ports, which I
> think IMHO is good, but why is it that there is no binary kernel
> updates, rather than patching the kernel from source?

Among the several likely reasons I can think of, one obvious one is
that there simply isn't enough hardware or free development time to
manage that infrastructure. It takes time and work to make binary
patches, and OpenBSD isn't as large (or as well-funded) a project as
Debian, which you mention later.

[...]
> Last week management decided to go back to using Debian on some of
> our servers due to them being easy to upgrade including kernel and
> basesystem upgrades. 

OpenBSD is quite easy to upgrade if you have a build host for your
network. Setting one up on a spare box is rather straightforward
(release(8), among other things).

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Webservers with Terrabytes of Data in - recomended setups

2007-04-20 Thread Will Maier
On Fri, Apr 20, 2007 at 09:03:54AM -0500, Jacob Yocom-Piatt wrote:
> from my observations redundancy is the biggest problem with NFS
> and that its ability to efficiently serve up data is more than
> ample.

Redundancy is certainly a problem, but lots of US HPC and
distributed computing sites have severe scaling problems with NFS.
High r/w traffic has killed several file servers in projects that we
work with, and it sucks big time. I don't know anyone who's happy or
excited or confident in their HPC NFS deployments; everyone I've
talked to hopes for a real solution to this problem. ;)

If the OP's use case involves lots of writes (especially from many
clients), I'd be concerned about NFS' ability to keep up. Then
again, I've had problems with pretty much all of the network
filesystems (including AFS, though it's the least bad in my
experience).

I'm still waiting for Ceph[0] to mature (and to shed its linuxisms).
;)

[0] http://ceph.sf.net/

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: www.openbsd.org (and vs openbsd.org)

2007-05-10 Thread Will Maier
On Fri, May 11, 2007 at 12:10:13AM +0200, Martin Toft wrote:
> Nobody answered my second "question" though :) Maybe nobody knows
> the answer? :) Summary: I was once told not to use openbsd.org; it
> was said that www.openbsd.org was the only valid site (ignoring
> mirror sites). Is this just bullshit?

Yes, it's bullshit, and yes, Theo answered your question. www is
a mirror.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: issues starting wmii window manager

2007-05-19 Thread Will Maier
On Sun, May 20, 2007 at 12:21:16AM +1000, atstake atstake wrote:
> I just installed wmii window manager on 4.1 on i386 but when I try
> to start by typing "wmii" it says -
> 
> "wmiiwm: cannot open display"
> 
> However, I can start fvwm fine by typing "startx" in the console. And
> /usr/X11R6/bin in my $PATH

xinit(1), startx(1); specifically, look at ~/.xinitrc.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: OpenBSD and Kerberos Client

2007-06-05 Thread Will Maier
On Tue, Jun 05, 2007 at 01:59:07PM +0100, [EMAIL PROTECTED] wrote:
> Any chance you could help write up some documentation? Kerberos on
> OpenBSD doesn't really have any good docs that I could find. Maybe
> I could then retry this effort in the future. For expediency
> though, I will have to reinstall with RedHat as it only takes 5
> minutes to get it working as a kerberos client.

I set up a Heimdal kdc and several OpenBSD clients with krb5 auth in
about ten minutes based on the info page. What, exactly, is lacking
in the documentation? I'm no fan of info pages, but Heimdal's
covered all the topics I needed to get set.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: OpenBSD and Kerberos Client

2007-06-05 Thread Will Maier
On Tue, Jun 05, 2007 at 03:16:06PM +0100, [EMAIL PROTECTED] wrote:
> I don't have the audacity to do anything. The email signature is
> defined through company policy and tacked on by the M$ Exchange
> Server on the way out. I have no say and only see it when I get
> replies to my email.

Have you considered getting a free mail account somewhere else and
using that for your non-work correspondence?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Locations of stable ports vs current ports

2007-06-20 Thread Will Maier
On Wed, Jun 20, 2007 at 10:05:25AM -0700, Joe S wrote:
> This site has a nice interface to ports: http://ports.openbsd.nu/
> But they ports it says are in OpenBSD are not in my tree. Is this
> site showing current only?

That site isn't run by the project; I assume it follows -current,
but you could check their FAQ (or compare file revisions).

> The cvs website on openbsd.org
> (http://www.openbsd.org/cgi-bin/cvsweb/ports/) also has the www/rt
> port. Is the cvs website showing current too?

cvsweb will show you whatever you want it to. Look for the 'Show
only files with tag' button at the bottom, and select the version
you're interested in.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: telnetd ?

2007-06-25 Thread Will Maier
On Mon, Jun 25, 2007 at 02:59:58PM -0400, stan wrote:
> Yes, I know it's a bad idea, but for reasons beyond my control, I
> need to provide a telnet service on an OpeBSD 4.0 machine.
> Unfortunately there does not seem to be a telnetd built by
> default.
> 
> How can I get this daemon built?

Search the archives...

http://marc.info/?l=openbsd-misc&w=2&r=1&s=telnetd&q=b?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: ps wrapping

2007-06-26 Thread Will Maier
On Tue, Jun 26, 2007 at 02:28:37PM -0400, Nick Guenther wrote:
> Is there anyway to make ps format its output to not cut off lines
> at the edge of the screen? Is have a long command line I'm trying
> to remember and I can't see it all. I tried -o command but it's
> still too long.

ps(1):

 -w  Use 132 columns to display information, instead of the default,
 which is the window size.  If the -w option is specified more
 than once, ps will use as many columns as necessary without re-
 gard for window size.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Rename multiple files at once

2007-06-27 Thread Will Maier
On Wed, Jun 27, 2007 at 02:37:07PM +0200, Pieter Verberne wrote:
> How do I rename multiple files at once?

This is a function of your shell, not mv. See ksh(1), zsh(1), etc...

Alternatively, you could write a simple script/function to address
the same problem:

for FILE in *jpg; do
NEW=$(echo $FILE | sed -e 's/\.jpg$/_thumb.jpg/')
mv "${FILE}" "${NEW}"
done

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Double mails from mailing list

2007-06-27 Thread Will Maier
On Wed, Jun 27, 2007 at 04:57:17PM +0200, Pieter Verberne wrote:
> I'm getting some mails double from [EMAIL PROTECTED] In the
> header is this:
> X-Loop: misc@openbsd.org
> 
> Does that say enough?

Some people are setting To: to misc@openbsd.org and adding you to
the Cc:.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: dhcp question

2007-07-03 Thread Will Maier
On Tue, Jul 03, 2007 at 02:45:00PM +0100, mgb wrote:
> So if I defined a large pool of IP addresses in dhcpd.conf that
> would avert the problem described above, however I'm struggling to
> think of a solution on how would clients would request the correct
> configuration file? and how could I handle new clients replacing
> broken ones with regard to dishing out the correct configuration
> file?

Use lladdrs, not IP addresses, to name or serve the files. This is
how most PXE setups work. See pxeboot(8) for some discussion.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Secure Network File System - Or Lack Thereof

2007-07-14 Thread Will Maier
On Sat, Jul 14, 2007 at 02:41:40PM +0200, Landry Breuil wrote:
> man -k afs seems to say that AFS is in base, using ARLA
> implementation. 

This is true, but ARLA doesn't have a production server
implementation available. The AFS client is great (and obviously)
interoperates with OpenAFS servers).

> (and OpenAFS is in ports)

This port is a bit broken, IIRC, and out of date. I spent a week or
two a few months ago trying to update the port, but it's
non-trivial. It would be great to update it, but I wasn't really
making progress.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: How to track port updates in stable?

2007-08-03 Thread Will Maier
On Fri, Aug 03, 2007 at 06:35:51PM -0500, Todd Pytel wrote:
> I don't spend as much time following OpenBSD as I used to, so
> perhaps I'm missing something. But there used to be a
> ports-security mailing list used for announcing updated ports.
> That list doesn't exist any more, or at least doesn't appear to
> have had anything posted to it in a very long time.

It exists, but is inactive.

> Is there some other official way to track changes to ports? 

By looking at the output of `cvs up`? By watching commits via
[EMAIL PROTECTED] I do both, and find it sufficient.

> Absent that, has anyone come up with a simple hack to feed to cron
> to accomplish the same thing? 

I pull updated ports and src daily via cron, and read
(ports|source)-changes@ for commit messages, etc. Does that not
achieve what you need?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: howto set global environment variable (e.g. PATH, JAVA_HOME)

2007-08-08 Thread Will Maier
On Wed, Aug 08, 2007 at 06:09:16AM -0700, pixotec wrote:
> but I want it for all users:
> 1. could change all .profile-files of all users: no thanx ;-( (and
> change /etc/skel/.profile for future new users)

This would work.

> 2. change /etc/login.conf ???

This would also work (see login.conf(5)).

> 3. create /etc/profile, change all existing .profile of users (to
> source /etc/profile) and change /etc/skel/.profile

As would this.

> 4. change /etc/ksh.kshrc and create .kshrc sourcing /etc/ksh.kshrc
> for all users (and in /etc/skel...)

And this.

> IS THERE A EASY WAY (change only on central file for all users) TO
> SET THEM?

Well, choose whichever of the above is easiest for you. Based on
your criteria, it seems that modifying login.conf would require the
fewest keystrokes. I prefer to provide a global/site profile or
shell init script and allow users to source it if they'd like, but
that fits my site's policies well; depending on what you do and
where you work, loginf.conf(5) may be more appropriate.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add can't install a package

2007-08-17 Thread Will Maier
On Fri, Aug 17, 2007 at 11:48:34AM +0300, Tomas wrote:
> I'm having some trouble installing clamav-0.90.3.tgz package. I'm using 
> OpenBSD_4_1.
> My steps:
> 1. export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386
> 2. sudo pkg_add -v clamav-0.90.3.tgz
> And I have this error:
> 
> parsing clamav-0.90.3
> Can't install clamav-0.90.3 because of conflicts (.libs-clamav-0.90)
^
> Error from ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/:
> ftp: -: short write
> 421 Service not available, remote server has closed connection.
> /usr/sbin/pkg_add: clamav-0.90.3.tgz:Fatal error

Use pkg_delete(1) to remove the .libs- package.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add can't install a package

2007-08-17 Thread Will Maier
On Fri, Aug 17, 2007 at 12:58:34PM +0300, Tomas Stankevicius wrote:
> But then again... Why .libs-clamav-0.90 was left behind when I
> removed clamav-0.90.tgz with pkg_delete ?

This has been covered in the archives[0]. When you delete a package
that may still have shared libraries in use by other packages, a
.libs stub is kept for compatibility purposes with older stuff.

[0] http://marc.info/?l=openbsd-misc&m=117742456031949&w=2

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Looking for something similar to "screen"-command

2007-09-12 Thread Will Maier
On Wed, Sep 12, 2007 at 01:50:00PM +0200, Jon Sj"ostedt wrote:
> I have installed BitTorrent-4.2.2 on my 3.9-box. With this i would like to
> start file sharing on a console, logout, login later and reattach to the
> console of the BitTorrent-4.2.2 session. AFAIK this is done in most
> Linux-distros using the command screen, but how can I do it in BSD?

You can install the screen package?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Package configurations

2006-06-09 Thread Will Maier
On Fri, Jun 09, 2006 at 05:06:48AM -0700, Allen Theobald wrote:
> For installing a package how can I tell what the configure script
> (./configure) or command line arguments to the build were?

packages(7) are built from ports(7). In most (all?) cases, they use
the default configuration specified in the port; packages with a
FLAVOR (eg 'no_x11') will use the FLAVOR's specific configuration.

-- 

o------{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*



Re: recording streams with OpenBSD

2006-06-14 Thread Will Maier
On Wed, Jun 14, 2006 at 12:57:48PM -0700, Bryan wrote:
> Does anyone have a good way of taking streams from the web (like music 
> streams) and record them to whatever format, specifically .ogg or 
> .mp3? I first tried to use Mplayer and "dd if=/dev/sound 
> of=/var/audio.raw" like in the FAQ, but it kept saying that the audio 
> device was busy.

$ man mplayer
[...]
$ mplayer -dumpstream http://your.stream.com/stream.mp3 -dumpfile stream.mp3

-- 

o------{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*



Re: recording streams with OpenBSD

2006-06-15 Thread Will Maier
On Wed, Jun 14, 2006 at 03:01:58PM -0700, Bryan wrote:
> Will Maier wrote:
> >$ mplayer -dumpstream http://your.stream.com/stream.mp3 -dumpfile 
> >stream.mp3
> 
> I did find that, but the stream is not an .mp3 file.

So? Mplayer will dump an ASF stream. In fact, I tried that with your
stream, and it worked fine. What's the problem?

> Can I dump the stream directly as an .mp3 file?  

Prolly not directly with Mplayer, but you could dump to a FIFO and
read the FIFO in your encoder (or decoder first) of choice. Or just
reencode the dumped ASF file later on, although that will likely
degrade file quality.

-- 

o------{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*



Re: cruxports for OpenBSD

2006-06-17 Thread Will Maier
On Sat, Jun 17, 2006 at 07:51:15PM +0530, Siju George wrote:
> it didn't update my packages. Could someone please tell me what I missed 
> out?

Did you read pkg_add(1)? '-F' requires _keywords_, not package
names, as its option.

> # echo $PKG_PATH
> ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/
> #
> # pkg_add -uF mozilla-firefox-1.5.0.1

pkg_add understands 'mozilla*' as the argument to '-F' here; since
it's not a valid keyword, it tries to update all your packages
(hence the 'Candidates...' stuff). Use '-i' to manually select from
a list of possible candidates to resolve the 'Ambiguous...'
warnings.

> # Candidates for updating clamav-0.88 -> clamav-0.88 clamav-0.88.2
> ksh: Candidates: not found

What are you doing here?

> # Ambiguous: clamav-0.88 could be clamav-0.88 clamav-0.88.2
> ksh: Ambiguous:: not found

And here?

This is all very straightforward and, more importantly, spelled out
very explicitly in pkg_add(1).

Read it.

-- 

o--{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*



Re: FIX:vpnc

2006-06-18 Thread Will Maier
Alexander-

Your mail would probably do more good on [EMAIL PROTECTED]

On Mon, Jun 19, 2006 at 01:22:41AM +0200, Alexander Hall wrote:
> Some updates to vpnc:
> 
> - Put vpnc.conf in /etc instead of /etc/vpnc where it does no good.
> - Install the supplied man file
> 
> /Alexander
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/vpnc/Makefile,v
> retrieving revision 1.9
> diff -u -r1.9 Makefile
> --- Makefile  4 Mar 2006 15:10:31 -   1.9
> +++ Makefile  15 Jun 2006 14:57:38 -
> @@ -34,5 +34,6 @@
>   ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
>   ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
>   ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
> + ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
>  
>  .include 
> Index: pkg/PLIST
> ===
> RCS file: /cvs/ports/security/vpnc/pkg/PLIST,v
> retrieving revision 1.4
> diff -u -r1.4 PLIST
> --- pkg/PLIST 11 Nov 2005 19:38:07 -  1.4
> +++ pkg/PLIST 15 Jun 2006 14:57:38 -
> @@ -1,4 +1,5 @@
>  @comment $OpenBSD: PLIST,v 1.4 2005/11/11 19:38:07 sturm Exp $
> [EMAIL PROTECTED] man/man8/vpnc.8
>  sbin/vpnc
>  share/doc/vpnc/
>  share/doc/vpnc/README
> @@ -10,6 +11,6 @@
>  @mode
>  share/examples/vpnc/vpnc.conf
>  @mode 0600
> [EMAIL PROTECTED] ${SYSCONFDIR}/vpnc/vpnc.conf
> [EMAIL PROTECTED] ${SYSCONFDIR}/vpnc.conf
>  @mode
>  share/examples/vpnc/vpnc.sh

-- 

o--{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add -ui - Using Ports except or real Packages?

2006-06-19 Thread Will Maier
Sebastian: you screwed up the attributions. That makes things (more)
confusing. Fix your MUA.

On Mon, Jun 19, 2006 at 05:10:21PM +0200, [EMAIL PROTECTED] wrote:
> > You can do this the other way round, and make ports use packages
> > where possible; see FETCH_PACKAGES in bsd.port.mk(5).
> 
> Bad idea because the packages at $ANY_OFFICIAL_FTP are not
> updated.

Yes, they are. Packages are built for stable, too, if security
updates are backported to the stable ports tree. What's the problem
here?

> That`s not what I ment as I said up2date. up2date for stables
> means all Patches avaiable for stable. So if you use Stable but
> curl *.1 except of *.3 you`re not up2date. :) That`s how I ment
> it.

What? I have no clue what you meant by this. Updated packages are
bulit for stable when updates are backported. Period. Look at the
updates[0] available for 3.9-stable. What's the problem here?

> > Or if you have enough systems using the same arch for it to be
> > worthwhile, you can build your own packages and point PKG_PATH
> > there.
> 
> Well at home 1 AMD64 and 3 i386 (even just 2 of 3 use OpenBSD). I
> just wanted to point out that with pkg_add -ui there`s a VERY GOOD
> solution but even the best solution is useless if the packages
> don`t get updated. Maybe that can get solved with a Script *looks
> to the dev-Team* to update the packages on the FTP if a update is
> avaiable via Ports.

This happens already[0].

> Or, the other solution, would be enable pkg_add -ui (maybe with
> another argument to use Ports) using the Port-system to update.

> It`s not so easy to update all machines using the ports Easy
> == like pkg_add -ui :-/

So, assuming there's no package available, just make the package
(ports(7)) and install it on other machines with the same arch (like
Stuart suggested). Or add your build machine to your other machines'
PKG_PATH. It's easy.

But chances are, there's an updated package available. Don't expect
new features if you're running -stable.

> That`s all I wanted to point out. Why not using this neat
> update-tool (pkg_add -ui) because for now the dev-team limits it
> to a "upgrade"-tool (from one release to another) except an
> update-tool. And that`s kind of sad in my oppinion.

Again, this is unclear. But pkg_add handles upgrades _and_ updates.
If you're running -stable, you might not notice many package
updates, since that'll only happen when a new package is built to
address a security problem. If you want more packages to be built
faster, submit diffs to update the ports you're concerned with,
donate resources for a larger build infrastructure, or build your
own packages.

[0]http://www.openbsd.org/pkg-stable.html

-- 

o--{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add -u not working

2006-06-20 Thread Will Maier
On Tue, Jun 20, 2006 at 09:29:08AM -0500, Benjamin Collins wrote:
> What actually happens after the above invocation is what Sebastian
> pointed out - updatable package names are printed, but nothing is
> actually updated.

And you're running 3.9 or -current?

-- 

o------{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:..#openbsd,#madlug |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add -u not working

2006-06-20 Thread Will Maier
On Tue, Jun 20, 2006 at 06:41:09PM +0200, [EMAIL PROTECTED] wrote:
> 3.9-amd64 (stable).
> But it was mentioned that there are no updated packages avaiable for amd64...
> Yes I can update using Ports... but it`s realy not so good (compared to
> pkg_add -ui).

Right; pkg_add is nice.

> *my oppinion*
> There are not so many updates in the STABLE-Branch so I realy
> don`t understand why nobody can spend 3hrs of Compiling (a day, in
> the night, even developers have to speel :)) ) STABLE Packages
> (just the updated software! Not ALL Packages..).  It`s realy
> something I can`t understand if it deals with the great idea of
> pkg_add -ui.
> */my oppinion*

It's not that developers don't have time; it's that they don't have
resources. We all agree -- it would be great to see updates built
for more/all of the arches. And that can happen, I imagine. The only
problem is money and resources.

So if you care as much about having packages built for your arch as
you seem to, donate money or hardware.

Nikolay has already asked[0] for an amd64 to make -stable packages
happen; can you help?

[0]http://undeadly.org/cgi?action=article&sid=20060619214229

-- 

o--{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:..#openbsd,#madlug |
*--[ BSD Unix: Live Free or Die ]--*



Re: Webalizer packages for AMD64 is corrupted

2006-06-26 Thread Will Maier
On Mon, Jun 26, 2006 at 04:35:11PM -0400, Daniel Ouellet wrote:
> # pkg_add webalizer
> Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/amd64/:
> Unknown command.
> Can't install gd-2.0.33p2: lib not found fontconfig.3.0

Do you have the x*.tgz sets installed?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Webalizer packages for AMD64 is corrupted

2006-06-26 Thread Will Maier
On Mon, Jun 26, 2006 at 05:16:58PM -0400, Daniel Ouellet wrote:
> Interesting as I never install any x* before 3.9. Never did on any
> systems what so ever. Not sure why it's needed now, but you were
> right. 

Search the archives; there was a bit of a to-do over it.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: nload on OpenBSD - or an alternative

2006-07-19 Thread Will Maier
On Wed, Jul 19, 2006 at 04:34:49PM +0100, Richard Wilson wrote:
> Did it ever make it in? Might it at some point? Possibly a better
> question, is there something similar/better already there?

$ cd /usr/ports && make search key='bandwidth.*monitor'
Port:   bwm-ng-0.5p0
Path:   net/bwm-ng
Info:   realtime bandwidth monitoring of interfaces
Maint:  Genadijus Paleckis <[EMAIL PROTECTED]>
Index:  net
L-deps: 
B-deps: 
R-deps: 
Archs:  any

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: OpenWebMail (package)

2006-07-20 Thread Will Maier
On Thu, Jul 20, 2006 at 04:06:54PM -0700, Rob Baldassano wrote:
> However, when I tried to install the package, the system gave an
> error message about not finding a library. Forgive me I don't
> have the error handy at the moment but it was a P5 (something
> about compression) lib. 

I'd take a look at the FAQ[0]; did you install the x* filesets? It's
hard to read minds -- pasting the error will get you better help
here.

> Does anyone know if this is fixed in the 3.9 release? If so,
> COOL. If Not, any suggestions for getting around this issue? 

The port hasn't been touched in 16 months[1]. If you really have
found a problem, it still need fixing, although I bet you're just
missing some libs.

[0]http://www.openbsd.org/faq/faq15.html#PkgInstall
[1]http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/openwebmail/

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Man mksmbpasswd

2006-07-26 Thread Will Maier
On Wed, Jul 26, 2006 at 12:50:41PM +0200, Karel Kulhavy wrote:
> [EMAIL PROTECTED]:~$ which mksmbpasswd
> /usr/local/bin/mksmbpasswd
> [EMAIL PROTECTED]:~$ man mksmbpasswd
> man: no entry for mksmbpasswd in the manual.
> [EMAIL PROTECTED]:~$ pkg_info | grep samba
> samba-3.0.21bp2 SMB and CIFS client and server for UNIX
> 
> Is there an aim in OpenBSD to have also manual pages for programs
> where the original supplier doesn't supply a manual page?

Sure, but not every binary has/needs its own man page. The package
you're talking about comes with fully 39 man pages, including
smbpasswd(8). I don't use samba, but I'd be surprised if whatever it
was you were looking for wasn't described in one of those 39 pages.

$ grep '@man' /usr/ports/net/samba/pkg/PLIST*
39

net/samba could hardly be called undocumented. If you think
mksmbpasswd needs a man page, you should probably send a diff to the
samba folks.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Easy for a newbie to manage an OpenBSD server?

2006-08-01 Thread Will Maier
On Tue, Aug 01, 2006 at 10:26:23AM -0500, Titan wrote:
> I have quite a predicament.  I have been tasked with setting up an
> FTP server for the research group I'm involved with.

Do you need FTP? Can you use SFTP instead?

> The problem is once I'm gone someone with no *NIX experience will
> be maintaining the server.

Why? Can't you train them? I can understand if most research groups
can't afford to hire a full sysadmin, but hiring an up-and-coming
undergrad for seven peanuts an hour shouldn't be too bad.

> I've been considering using OpenBSD because it looks like it can
> go far longer without updates than Windows and Linux servers and
> looks to be very secure.

/me sighs

OpenBSD, while very, very useful, isn't a magic bullet. System
security is as much the admin's job as it is the OS's. If you leave
your box unpatched, even if it's running IdealOS v20, you'll
eventually regret it. Period.

No matter what OS you put on your server, you'll need to make sure
that it's patched. Some OSes make that task easier; others have
strong security track records. But with a dumb or negligent admin at
the console, it doesn't matter what bonafides your OS has -- you're
screwed.

> In your experience, would it be possible for someone with no *NIX
> experience to maintain a simple FTP server?

Yes.

> How long would you trust an unpatched OpenBSD server to go
> unhacked?

This is silly. Patch your system. If you and your successor spend a
day or two reading the FAQ and afterboot(8) and keep your eye on
your system, you'll stand a good chance of not having too much
trouble.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: firefox 1.5.0.6 for openbsd

2006-08-03 Thread Will Maier
On Thu, Aug 03, 2006 at 12:11:08PM -0400, David T Harris wrote:
> The easiest way to install firefox on OpenBSD or any other package
> (that is available from OpenBSD) is to download the package from
> the OpenBSD website (or a mirror) or the ftp mirrors.

No, the easiest way is like so:

$ man pkg_add
[...]

$ ftp ftp://ftp.openbsd.org/pub/OpenBSD/ftplist
[choose a mirror]
$ export PKG_PATH="ftp://your.mirror.com/pub/OpenBSD/$(sysctl -n 
kern.version)/packages/$(machine)/"
$ sudo pkg_add -i your-package

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Multi-tabbed Terminal

2006-08-04 Thread Will Maier
On Fri, Aug 04, 2006 at 10:02:50AM -0700, Clint Pachl wrote:
> Can anyone recommend a light-weight multi-tabbed terminal for OBSD 3.9? 
> I looked through the i386 packages, but didn't notice any. I'm using FVWM2.

xterm + misc/screen.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Tyan v. Supermicro for Opteron?

2006-08-06 Thread Will Maier
On Sun, Aug 06, 2006 at 03:47:02PM -0700, Darrin Chandler wrote:
> Ok, I've got it narrowed down a bit. Anyone have experiences good
> or bad to report with Tyan versus Supermicro mobos? I find
> archives for people using one or the other, so they both seem
> workable. Anyone used both and prefer one for some reason? I'm
> looking at 2xCPU, and maybe dual-core in addition.

We've been buying Supermicro Opterons (dual duals) for the past year
or so. We're not running OpenBSD, but we've been quite pleased with
the boards. 

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: obsd 3.8 does not detect new HD

2006-08-09 Thread Will Maier
On Wed, Aug 09, 2006 at 04:29:26PM -0300, Gustavo Rios wrote:
> i am running 3.8 stable on a DELL Precision Workstation 370. In my
> first hard disk i have openbsd and Windows XP. I have bought a
> second Hard Disk. It is working perfectly on XP, OpenBSD 3.8 does
> not detec it.
> 
> Have anyone already faced such scenario?

Maybe -- how should I know, though, when you don't even say what
type of disk it is? or provide a dmesg? or give us any indication as
to what you've tried to do to get it recognized?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: mirroring packages without much bandwidth overhead

2006-08-14 Thread Will Maier
On Mon, Aug 14, 2006 at 03:47:07PM +0200, Andreas Bartelt wrote:
> is there a simple way to efficiently mirror packages solely based on 
> package filenames in order to reduce bandwidth overhead?

A bit of shell/Perl scripting could compare the index.txt on the FTP
mirror with what you have locally...

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Web access to sysctl hw.sensors

2006-08-17 Thread Will Maier
On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote:
> 1. Is there an easier way to remotely observe such hardware status?

SNMP (for better or worse) or any number of real monitoring products
do that for you; nagios and munin are both in ports.

If you really want to write your own, consider logging information
from hw.sensors to a file available in the chroot and running your
CGI on that.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: packages failure (was dsniff ports failure)

2006-08-24 Thread Will Maier
On Thu, Aug 24, 2006 at 01:44:04PM -0700, Edward Ray wrote:
[...]
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/
> 
> # pkg_add bash-3.1.1p0.tgz
> Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
> Unknown command.
> Not an ustar archive header
> bash-3.1.1p0:libiconv-1.9.2p3: complete
> Adjusting md5 for /usr/local/lib/libiconv.a from
> 044a57b2de335fa8b5c24f977e9dc0af to 4e50ca5fc370e7247ffddea2ac1bd5af
> /usr/sbin/pkg_add: Installation of libiconv-1.9.2p3 failed , partial
> installation recorded as partial-libiconv-1.9.2p3 # bash

$(pkg_info | grep partial) should verify that
partial-libiconv-1.9.2p3 is installed. You should use pkg_delete to
get rid of the partial- package (and figure out what you did to
cause pkg_add to fail).

> ksh: bash: not found
> # pkg_add amap-5.2.tgz
> Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
> Unknown command.
> amap-5.2:pcre-6.4p1: complete
> 
> amap-5.2: complete

OK...

> # pkg_add nmap-3.95p0.tgz
> Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
> Unknown command.
> Can't install libiconv-1.9.2p3 because of conflicts
> (partial-libiconv-1.9.2p3)
> /usr/sbin/pkg_add: libiconv-1.9.2p3:Fatal error # pkg_add wget-1.10.2p0.tgz
> Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/:
> Unknown command.
> Can't install libiconv-1.9.2p3 because of conflicts
> (partial-libiconv-1.9.2p3)
> /usr/sbin/pkg_add: libiconv-1.9.2p3:Fatal error

This is quite clear. It can't install libiconv because it conflicts
with the partial- package it told you that it installed above.
Delete the partial- package, figure out what's really wrong (if
anything), and try again.

> My only choice appears to be rebuild, which I have done three
> times now.

Rebuild what? libiconv? pkg_add will fetch dependencies for you. If
you're having trouble with ports, stop using them (except for the
very few cases where licensing dictates otherwise).

> If someone could point me to the magic formula of package
> downloads, much appreciated.

pkg_add(1), pkg_delete(1), the FAQ.

> I am trying to build a box for pen testing, and will switch to a
> Linux variant or FreeBSD if OpenBSDs ports and packages are
> screwed up.

Packages and ports have worked just fine for me on 3.9 and -current.

> It never used to be that difficult to build an OpenBSD pen test
> box, at least with v3.6/v3.7/v3.8

It still isn't. Make sure your kernel and userland are up to date,
and use packages. It's easy.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: UTC vs UCT timezone

2006-09-05 Thread Will Maier
On Tue, Sep 05, 2006 at 06:31:21PM -0300, Gustavo Rios wrote:
> On 9/5/06, Scott Plumlee <[EMAIL PROTECTED]> wrote:
> >The FAQ seems to reference UTC (at least in section 8), which would
> >translate at Universal Time, Coordinated, from what I understand.  Are
> >these two the same?
>
> I had always had sych questions and had never had an answer. Good
> question Plumlee.

http://en.wikipedia.org/wiki/Coordinated_Universal_Time#Abbreviation

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: XEN

2006-09-08 Thread Will Maier
On Fri, Sep 08, 2006 at 11:08:49PM +0200, openbsd misc wrote:
> I wasn't able to figure out if it is possible to run openbsd
> as xen guest system. Does anyone know?

Short answer: not yet, really.

Longer answer: people are working on it.

http://www.google.com/search?rls=en&q=openbsd+xen
http://anil.recoil.org/blog/articles/2006/08/21/openbsd-xen-boots-multi-user
http://kerneltrap.org/openbsd/c2k6/who1
http://hg.recoil.org/openbsd-xen-sys.hg

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: preferred hardware platform

2006-09-10 Thread Will Maier
On Sun, Sep 10, 2006 at 11:39:57AM +0530, Raja Subramanian wrote:
> rdiff-backup however, does not suffer from this problem.
> And it's a bit more space efficient than rsnapshot as
> well.  Give it a shot and I doubt you'll be disappointed.

I've had an experimental port of rdiff-backup 1.0.4 and librsync
(upon which it depends) available[0] for a month or two. I haven't
looked at it much since the ports tree locked, but it's working well
on several systems running -current.

Feel free to give it a try; I'd be glad to get feedback on it, but
it won't be a priority until after the thaw.

[0]http://www.lfod.us/openbsd/ports.html#rdiff-backup
   http://www.lfod.us/openbsd/ports.html#librsync

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: clearing /tmp

2008-10-30 Thread Will Maier
Hi Lars-

On Thu, Oct 30, 2008 at 05:15:53PM +0200, Lars Nood'en wrote:
> I notice there is also /var/tmp.  What is the reason for having
> two directories for apparently similar purposes?   Would there be
> any major problems from combining the two, either by linking or
> symlinking one to the other?

Did you check hier(7)?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Unbound: a validating, recursive, and caching DNS resolver

2008-05-21 Thread Will Maier
On Wed, May 21, 2008 at 02:09:23PM -0300, Andr'es wrote:
> I just read about this project, might be of interest:
> http://unbound.net/
> 
> It's developed by Kirei, NLnet Labs, Nominet, and VeriSign; and
> released under a permissive free software license:
> http://unbound.net/svn/trunk/LICENSE
> 
> I read about it at:
> http://tech.slashdot.org/tech/08/05/21/0153201.shtml
> 
> Original source for the article:
> http://www.networkworld.com/news/2008/052008-open-source-dns-server.html

And jakob@ has already made a draft port[0] available. There's still
time to follow up on ports@ with test results.

[0] http://www.schlyter.se/jakob/openbsd/unbound.tar.gz
http://archive.netbsd.se/?ml=openbsd-ports&a=2008-05&m=7431665

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Why Perl for pkg_* tools ?

2008-05-23 Thread Will Maier
On Fri, May 23, 2008 at 01:42:05PM +0200, Almir Karic wrote:
> On Fri, May 23, 2008 at 9:37 AM, Marc Espie <[EMAIL PROTECTED]> wrote:
> > As far as perl goes, it's about the only language that fit the
> > bill.  The older pkg_* were totally impossible to maintain and
> > extend, and I needed a sensible script language that was in
> > base.
> 
> at the risk of starting a flame war, considered python? beside not
> being in the base, any other downsides for this particular task?

That's a pretty big downside.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Monitor Open Files

2008-06-20 Thread Will Maier
On Fri, Jun 20, 2008 at 07:22:40PM -0700, Peter_APIIT wrote:
> I think this command may help you. lsof. 

On OpenBSD, fstat(1) is often more interesting. As an added bonus,
it's in base.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: mirror.cs.wisc.edu

2008-07-01 Thread Will Maier
Hi Roger-

On Tue, Jul 01, 2008 at 06:54:32AM -0500, Roger Midmore wrote:
> I actually made a mistake for the email address for technical
> support is [EMAIL PROTECTED] although the I think csl might work as
> well since it stands for Computer Systems Lab. But sending to lab
> actually creates a complaint that is logged and taken care of as
> soon as possible. I forwarded your message on to the department
> though. If you notice anything else just send a message to lab
> with [CSL #354961] in the subject since someone else noticed that
> to be the proper path to the release should be /pub/OpenBSD not
> /pub/mirrors/OpenBSD. I created a request for them to add a link
> to fix that problem as well.

Thanks for getting this started. I've contacted the CSL and will
work to get their mirror in order and listed on ftp.html. I work at
hep.wisc.edu, so it shouldn't be too hard to keep them on top of
updates. ;)

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Broken Webalizer for 4.3?

2008-07-08 Thread Will Maier
On Tue, Jul 08, 2008 at 01:34:32PM -0500, L. V. Lammert wrote:
> OpenBSD Zeus.omnitec.net 4.3 GENERIC#698 i38
>
> Looks like a problem with webalizer:
>
> # pkg_add webalizer-2.01.10p5
> Can't install gd-2.0.35: lib not found fontconfig.5.1
> Dependencies for gd-2.0.35 resolve to: libiconv-1.9.2p5, jpeg-6bp3, png-1.2.22
> Full dependency tree is libiconv-1.9.2p5,jpeg-6bp3,png-1.2.22
> Can't install gd-2.0.35: lib not found freetype.16.0
> Can't install webalizer-2.01.10p5: can't resolve gd-2.0.35
>
> Looks like gd-2.0.35 is requiring freetype.16.0? The current freetype is: 
> freetype-1.3.1p3?

Do you have the X sets installed?

http://www.openbsd.org/faq/faq15.html#NoFun

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Broken Webalizer for 4.3?

2008-07-08 Thread Will Maier
On Tue, Jul 08, 2008 at 01:43:06PM -0500, L. V. Lammert wrote:
> At 01:34 PM 7/8/2008 -0500, you wrote:
>> # pkg_add webalizer-2.01.10p5
>> Can't install gd-2.0.35: lib not found fontconfig.5.1
>
> Looks like fontconfig might have been moved to xbase? WHY?? What's
> the  reason to install X on a production server just to get some
> bogus libraries for web work? Sounds pretty BOGUS to me??

If you can't stand the idea of untarring the entire fileset (and
you're moderately clever), grab the libraries you need.

In my book, 'BOGUS' includes:

* Not checking the archives for answers to a question before
  spamming the list
* Not checking the FAQ
    * Whining

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: sendmail STARTTLS

2008-07-10 Thread Will Maier
On Thu, Jul 10, 2008 at 02:08:30PM +0200, GVG GVG wrote:
[...]
> did try to setup STARTTLS but I don't think that it works! here are the
> modifications in my .mc file:
> 
> --
> define(`CERT_DIR', `MAIL_SETTINGS_DIR`'CA')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/cacert.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
> -

Do those files exist?

> Following 'man starttls' I should get:
[...]
> but I'm missing the '250 STARTTLS' entry from the above output!
> 
> Any idea what might gone wrong?

Did you look in your maillogs?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: sendmail STARTTLS

2008-07-10 Thread Will Maier
On Thu, Jul 10, 2008 at 03:56:48PM +0200, GVG GVG wrote:
> On Thu, Jul 10, 2008 at 3:33 PM, Will Maier <[EMAIL PROTECTED]> wrote:
> > On Thu, Jul 10, 2008 at 02:08:30PM +0200, GVG GVG wrote:
> > > --
> > > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'CA')dnl
> > > define(`confCACERT_PATH', `CERT_DIR')dnl
> > > define(`confCACERT', `CERT_DIR/cacert.pem')dnl
> > > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
> > > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
> > > define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
> > > define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
> > > -
[...]
> Yes they do exist:
> 
> --
> -bash-3.2$ pwd
> /etc/mail/CA
> -bash-3.2$ ls -l
> total 56
> -rw-r--r--  1 root  wheel  1229 Jun 23 17:02 cacert.pem
> -rw-r--r--  1 root  wheel   875 Jun 18 13:46 cacert.pm
> -rw---  1 root  wheel  3848 Jun 23 17:11 cert.pem
> drwxr-xr-x  2 root  wheel   512 Jun 17 16:25 certs
> drwxr-xr-x  2 root  wheel   512 Jun 23 17:17 crl
> -rw---  1 root  wheel 3 Jun 23 17:17 crlnumber
> -rw---  1 root  wheel68 Jun 23 17:11 index.txt
> -rw---  1 root  wheel21 Jun 23 17:11 index.txt.attr
> -rw-r--r--  1 root  wheel 0 Jun 23 16:46 index.txt.old
> -rw-r--r--  1 root  wheel  1679 Jun 23 17:04 key.pem
> drwxr-xr-x  2 root  wheel   512 Jun 23 17:11 newcerts
> drwx--  2 root  wheel   512 Jun 23 16:53 private
> -rw---  1 root  wheel 3 Jun 23 17:11 serial
> -rw-r--r--  1 root  wheel 3 Jun 23 16:46 serial.old
> ---

You're missing my{cert,key}.pem.

> and in the mail_log there is nothing recorded! No errors or
> warnings!

Did you restart sendmail?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: sendmail STARTTLS

2008-07-10 Thread Will Maier
On Thu, Jul 10, 2008 at 04:26:38PM +0200, GVG GVG wrote:
> In a sendmail book I found following entry they suggested to put
> in the .mc file. Could be the reason for my problems?
> 
> --
> dnl define(`confCRL', `CERT_DIR/crl/crl.pem')dnl
> -

No. So you updated your .mc file as above, installed it as
/etc/mail/localhost.cf and HUPed sendmail? By default on OpenBSD,
sendmail is started with the following flags:

-L sm-mta -C/etc/mail/localhost.cf -bd -q30m

If you installed your new .cf file as sendmail.cf, sendmail won't
read it (unless you change or drop the -C flag).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: sshd_config(5) PermitRootLogin yes

2008-07-10 Thread Will Maier
On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote:
> Am I reading this right?

Yes.

[...]
> I remember that I filed PRs with FreeBSD/NetBSD a few years ago to get  
> this changed, but Redhat Support is giving some some noise about:
>
> "Well the source vendor doesn't disable it by default ..."

This has been discussed. Check the archives if you'd like.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Sendmail won't use port 587 instead of 25

2008-07-14 Thread Will Maier
On Sun, Jul 13, 2008 at 04:16:20PM -0700, Joe S wrote:
> I can't get sendmail to use port 587 and not port 25, which my ISP
> Comcast blocks.
> 
> I've added these lines to my sendmail.mc file, which is a copy of
> openbsd-proto.mc I've tried this with the openbsd-localhost.mc file
> also, but no success.
> 
> ~
> define(`SMART_HOST', `smtp.comcast.net')dnl
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> define(`SMTP_MAILER_ARGS', `TCP $h 587')dnl
> MASQUERADE_AS(`comcast.net')dnl
> FEATURE(masquerade_envelope)dnl
> ~

These defines need to come before the MAILER macros. Though you
didn't post your whole .mc, I bet the above defines are down by the
MASQUERADE* section, which is too late.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: 'Nother broken package - git-1.5.4.2

2008-07-15 Thread Will Maier
On Tue, Jul 15, 2008 at 02:30:36PM -0500, L. V. Lammert wrote:
> Depends on tcl-8.4.7p6, .. maybe, .. but what does X have to do
> with git??

http://en.wikipedia.org/wiki/Tk_%28framework%29

>   Can't install tk-8.4.7p1: lib not found X11.11.1
>
> Is this a broken dependency 

No.

> or . . . ? Seems like git installed cleanly on 4.2.

Are you going to send a mail to misc@ every time a package depends
on X?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: OpenBSD 4.3 FAQ in PDF?

2008-07-22 Thread Will Maier
On Tue, Jul 22, 2008 at 09:32:15AM -0500, Daniel A. Ramaley wrote:
> The number list could be collapsed into `seq 1 15` on a system
> with seq installed.

Have you met jot(1)?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*-[ BSD: Live Free or Die ]*



Re: Low priority or real coders

2006-09-14 Thread Will Maier
On Thu, Sep 14, 2006 at 11:29:49AM -0400, steve szmidt wrote:
> (Say what you will about Linux being inferior in ways, it managed
> to do what no other Unice did for all that time -- captured a
> mainstream. A lot of development is being done benefitting most if
> not all Open Source platforms because of the attention coming down
> the Linux shute. So in the end we all win regardless of the O/S.)

In many cases, this is simply not true. Much of the hardware support
added to Linux is prohibitively Linux-specific or not worth the
effort to bring over to OpenBSD (or other BSDs) -- assuming the
driver is something more than a wrapper around a binary. Much of the
new software developed for GNU/Linux systems is messy, unportable
and utterly useless on different platforms. Linux's popularity has
drawn developers to Linux, and they've developed Linuxy things. In
some cases, BSD users benefit, too, especially when licensing and
code portability aren't total disasters. In lots of cases, though,
we get nil.

And as you should know, Unix *was* the computing mainstream for a
long period. Not on home desktops (which didn't exist for most of
that period), granted, but on workstations and servers, Unix was The
Right Choice. IMHO, Unix *continues* to be the right choice in its
traditional environments, and has become quite useful on desktops
and laptops in the last decade or so.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Upgrading 3.7 -> 3.9

2006-09-19 Thread Will Maier
On Tue, Sep 19, 2006 at 02:28:06PM -0400, ICMan wrote:
> I want to upgrade from 3.7 to 3.9.  Can someone give me some pointers?

http://www.openbsd.org/faq/

If you have specific problems, ask here again. You may find it
easier to simply reinstall.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Help with chroot

2006-09-19 Thread Will Maier
On Tue, Sep 19, 2006 at 09:59:38PM -0400, Kim Mackey wrote:
> Anyway the symptom is that when I visit my wiki site I go there
> with  the url 192.168.1.106/wiki/  but as it starts to load the
> page it  changes my url to
> myhost.my.domain/wiki/index.php/Main_Page and then  fails to load.
> but if I type the url as 192.168.1.106/wiki/index.php/ Man_Page it
> will load the page just fine.  From there I can click on  the
> links and every thing continues to work fine.  (On some pages if
> I leave the page up for a little while it will automaticallyswithc
> the url to the myhostname.my.domain and fail to load.  I just
> retype  the url with my local IP and things load back up fine
> again, but I  have to leave that page or it will fail again.

Either configure your wiki correctly or add a line to /etc/hosts.

hosts(5)

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Some recommendations on file locations sought

2006-09-22 Thread Will Maier
On Fri, Sep 22, 2006 at 01:29:56PM -0700, John Draper wrote:
> Here is what I did...
> 
> htpasswd -c /var/www/conf/auth/passwd edp
> < I set the password here >
> 
> chown root.nogroup /var/www/conf/auth/passwd
> chmod 640 /var/www/conf/auth/passwd

What user/group are you running httpd as? Is that user a member of
nogroup? Can that user read the file?

[...]
> But the Apache rejects my password.  I tried it several times,
> same thing,  rejection.

Did you look at the error_log?

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: couple of scp questions

2006-09-23 Thread Will Maier
On Sat, Sep 23, 2006 at 12:27:21PM +0200, frantisek holop wrote:
> i realize that for some, this might seem as an unnecessary wasting
> of resources (think moving lots of small files) but i think it's
> good to know if the transport was really finished and the files
> really are the ones i started copying and not only its parts.
> 
> was there any consideration to give scp similar functionality?

$ scp [EMAIL PROTECTED]:file file.part && mv file.part file

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: ipsec vpn: freebsd and openbsd

2006-10-05 Thread Will Maier
On Thu, Oct 05, 2006 at 03:47:07PM +0200, Martin Schr"oder wrote:
> Should I take the silence of the list as evidence that all ports
> are secure or is the list simply ignored by the developers? Or is
> it only used in dire emergencies (like security-announce)?

The list just hasn't been used in a while. It could be seen as
redundant effort, since ports-changes@ receives messages for each
commit to the ports tree (including security-related commits), and
pkg-stable.html is updated rather frequently.

This issue has come up on #OpenBSD on freenode a few times recently,
too. Would it be a good idea to update the FAQ to point to
pkg-stable.html and [EMAIL PROTECTED] Or would it be preferable to
make use of that list again (in conjunction, perhaps, with updates
to the VuXML)?

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: File system monitoring: another PCI cert requirement question

2006-10-09 Thread Will Maier
On Mon, Oct 09, 2006 at 04:07:52PM -0400, stuartv wrote:
> In the company I work for's ever expanding quest for PCI certification,
> I am told that we are required to have in place something to monitor all
> system files and log files for changes.  Does anyone have any suggestions
> on software to do this?  I am currently looking at Osiris but would like
> some input as to what is out there and actually being used by people.

Well, /etc/security already does some of this. See security(8) for
more info; you can extend it pretty easily.

Otherwise, there's AIDE or Tripwire, among others.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: ports question

2006-10-11 Thread Will Maier
On Wed, Oct 11, 2006 at 03:28:08PM -0700, Bryan Irvine wrote:
> Sometimes these get installed as a dependency of another app
> though and so the screen just keeps right on trucking and you
> don't have time to read it.  Is there some command or somewhere
> you can go to see what the message was?

$ man pkg_info
$ pkg_info -D python-2.4.3p0
Information for python-2.4.3p0

Install notice:
If you want to use this package as your default system python, create
symbolic links like so:
ln -s /usr/local/bin/python2.4 /usr/local/bin/python
ln -s /usr/local/bin/pydoc2.4  /usr/local/bin/pydoc

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: update automaticly

2006-10-19 Thread Will Maier
On Thu, Oct 19, 2006 at 09:28:23PM +0700, sonjaya wrote:
> i have script for update automaticly here:
> # cat /root/update_part1.sh
> #!/bin/csh
> cd /usr/src
> setenv CVS_CLIENT_PORT -1
> setenv CVSROOT [EMAIL PROTECTED]:/cvs
> cvs -d $CVSROOT -q up -rOPENBSD_3_9 -Pd
> date > /root/update_part1.log
> 
> when i try run that script get error such like this :
> # sh /root/update_part1.sh
> /root/update_part1.sh[3]: setenv: not found
> /root/update_part1.sh[4]: setenv: not found
> cvs update: CVSROOT "-q" must be an absolute pathname
> cvs [update aborted]: Bad CVSROOT.

sh(1) isn't csh(1) -- if you run `sh your_csh_script.sh`, sh ignores
the interpreter line and tries to run the script itself. sh doesn't
use setenv, which is why you get 'setenv: not found.'

If I were you, I'd write the script in sh. csh has long been
considered harmful, and isn't very much fun to write.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Freetype2 without X11 or no_x11 package

2006-10-30 Thread Will Maier
On Tue, Oct 31, 2006 at 02:24:58AM +0100, Jean-Gerard Pailloncy wrote:
> How to solve this ?
> Create flavor no_x11 ?
> But, I need the freetype2 ! and there is no package.
> Create a freetype2 package ?!?!
> Or install X11...

It seems like you should already know what you need to do (per the
FAQ[0] and the messages pkg_add(1) spits at you), but this thread[1]
explains why the change was made.

In that thread, Matthieu Herrb wrote:
For now install 'xbase39.tgz' or the strict subset of it that
ports depending on X need. dot.

This may change in future OpenBSD release, but dont start
building plans on it.
 
Search the archives next time...

[0] http://www.openbsd.org/faq/faq15.html#PkgInstall
[1] http://marc.theaimsgroup.com/?l=openbsd-ports&m=114794229516567&w=2

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add(1) over ssh(1)?

2006-11-01 Thread Will Maier
On Wed, Nov 01, 2006 at 07:45:16PM +0100, Andreas Bartelt wrote:
> is there any documentation about using pkg_add over ssh available
> yet?  

pkg_add(1); look for 'scp://'...

> Can this feature be used with some of the official mirrors?

If you have ssh access on them, sure.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: pkg_add(1) over ssh(1)?

2006-11-01 Thread Will Maier
On Wed, Nov 01, 2006 at 02:25:23PM -0500, John Fiore wrote:
> > is there any documentation about using pkg_add over ssh
> > available yet?  Can this feature be used with some of the
> > official mirrors?
> 
> Just out of curiosity, why would you want to do this?  pkg_add
> verifies the packages after downloading them.  Is this some kind
> of firewalling issue?

As espie@ has said a couple of times now, pkg_add(1) over ssh is
much faster since it only uses one TCP connection. In my testing, it
has been much faster than similar operations over FTP and has
approached local disk reads in speed.

It's a real handy addition.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Large scale deployments

2006-11-02 Thread Will Maier
On Thu, Nov 02, 2006 at 08:10:50PM -0500, Michael Lockhart wrote:
> 2. Command and Control.  What projects or capabilities are
> available for performing remote command and control over services,
> packages, and system health?  Currently, all push/pull is done
> with perl/sh scripts to bring files over, sanity check, install,
> update, etc.  I've been leaning towards creating a daemon that
> runs on each system and has a secure connection back to a
> centralized location for determining if updates are available.  My
> proof of concept works, but thoughts on how to do this right are
> GREATLY appreciated.

I've used cfengine on large (500+ nodes) Linux clusters. There lots
of things I wish were better in cfengine, but I haven't found a more
capable tool. For one-time mass administration tasks, I use dsh from
sysutils/clusterit, though the scenario you describe above seems
cfenginy to me.

> 3. Remote upgrading.  Going from 3.2 -> 3.8 or 4.0 is going to be
> very difficult, and the approach that I am taking right now is
> creating a bsd.rd based kernel/image that will boot fully into
> memory, and contain the appropriate scripts to re-initialized the
> disks, rsync/scp/ftp/get/whatever the new base image and kernel
> over, then reboot, and go into the new image, and perform the rest
> of the upgrade from there.  Has anyone done something similar to
> this or know of any projects along these lines?

Upgrading from 3.2 to 4.0 is going to be a headache. The clusters
I've worked in have all used network filesystems (mostly AFS) for
most data storage; reimaging a node has never cost much. Combined
with a well-thought-out configuration management system, and major
upgrades seem like less of a problem.

Of course, you need to vet your new system image with your
applications first.

I sure wish I had 600 OpenBSD boxes to worry about...Scientific
Linux is a headache.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Shared library without SHARED_LIBS:

2006-11-07 Thread Will Maier
On Tue, Nov 07, 2006 at 11:04:26AM +0100, Badbanchi Hossein wrote:
> Tried to install the 3.8 package. Didn't work since the 3.8 packages are
> linked against 3.8 libraries.

This is documented in the FAQ; it's unsupported.

> Next installed 3.8 ports.tar.gz on my 3.9 OpenBSD, and tried "make build
> key=mysql-server-4.0.24p1".

ports(7); key=... is not used.

> The process stops by creating the "mysql-client-4.0.24" package, with
> the following message:

This, too, is documented in the FAQ; it's unsupported.

[...]
> Have tried all I could think of, and have done much googling, but
> no chance.

In all your googling, you didn't find the FAQ entries that make it
clear that what your doing isn't supposed to work?

> From the list of what I have already tried:
> 1) Added 
> #SHARED_LIBS= ???
> to /usr/ports/infrastructure/templates/Makefile.template.

bsd.port.mk(5); Makefile.template isn't read by anything. Moreover,
how could adding a comment affect anything?

The right way to do what you want to do is to build the old MySQL
yourself. Better yet, fix/ditch the software that requires the old
MySQL.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Error in php5-gd-5.1.4 packages for OpenBSD 4.0

2006-11-09 Thread Will Maier
On Thu, Nov 09, 2006 at 05:00:34PM +0100, Anders J wrote:
> I think something is wrong in the php5-gd-5.1.4 packages (all
> flavors) The dependency can't be satisfied (see below) and i find
> only freetype-1.3.1p2.tgz and not freetype.13.1 in
> /4.0/packages/i386

It's not a package dependency; freetype.13.1 is provided by the X
install sets. Read the FAQ.

http://www.openbsd.org/faq/faq15.html#PkgInstall

If you're still confused, read the port's Makefile.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: where is unarj-2.43?

2006-11-11 Thread Will Maier
On Sat, Nov 11, 2006 at 08:07:24PM -0600, Default User wrote:
> Okay, I give up. Where is unarj-2.43 in the OpenBSD 4.0 i386
> packages?  Clamav seems to need it, but pkg_add said it could not
> be found.  Is it indeed missing? 

Look at the port's Makefile.

http://www.openbsd.org/cgi-bin/cvsweb/ports/archivers/unarj/Makefile

Blame upstream. If you need the package, you get to build it
yourself.

-- 

o------{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: Firewall partially failing with high traffic

2006-11-14 Thread Will Maier
On Tue, Nov 14, 2006 at 09:28:47AM -0700, Chris Cameron wrote:
> Upgrading isn't an option. I mean it is, but as soon as I say
> "Don't know, lets just upgrade", that's a major hit to something
> that was tough to get in in the first place. This will be a
> Firewall-1 shop again quite quickly and any future thing I
> recommend isn't going to have much weight.

You need to upgrade anyway to properly keep up with security
updates. You're now running a system that is no longer supported;
upgrading to a supported system is a Good Thing regardless of the
issue you're currently dealing with.

As a bonus, things generally get better and 'more fixed' with each
new version and, as Tobias says, there's a good chance the problem
you're running up against is resolved.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: packages

2006-11-15 Thread Will Maier
On Wed, Nov 15, 2006 at 08:24:16AM -0500, Marc Ravensbergen wrote:
> Hi, is there any way I can find out the entire list of files (and
> dependencies) needed before installing a given package? Let's say
> I  want to add "wget" to openbsd. I export the PKG_PATH to the
> appropriate mirror, then type "pkg_add wget". This will do the
> installation of wget and all dependencies, but I would like to
> know  before the actual installation what files are needed (if
> possible of  course).

First, ftp(1) does much of what you get from wget(1), and is
included in base.

As to your question, pkg_add(1) suggests:

 [...]
 -n   Don't actually install a package, just report the steps that
  would be taken if it was.

As espie@ noted in a previous thread on this topic[0], you can just
install pkg_add on the system with the nice network connection and
use PKG_CACHE to download the files.

See also pkg_info(1), though package signatures will give you more
information than you're probably looking for:

 [...]
 -S  Show the package signature for each package.  This signature is a
 unique tag showing the package name, and the version number of
 every dependency and shared library necessary to build this pack-
 age.

If you have a ports tree handy, you could also use the
'print-run-depends' or 'describe' make targets documented in
bsd.port.mk(5) and ports(7).

> My reason for this is so that I can generate a complete list of
> files  needed to download for a given program, run over to a
> computer with  high speed, download, run back to my computer, dump
> the files in the  correct directory (/var/db/pkg) and then install
> the package.

Don't do that. You can use pkg_add(1) on local files, too, you know.

$ sudo pkg_add all the packages you downloaded at your friend's house

This is a rather common question -- search the archives next time.

[0] http://marc.theaimsgroup.com/?l=openbsd-misc&m=115041186327151&w=2

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



Re: ports installing files in /etc?

2006-11-18 Thread Will Maier
On Sat, Nov 18, 2006 at 02:35:27PM +0100, Igor Sobrado wrote:
> I suppose that configuration files were on a different directory,
> as in NetBSD.  As both NetBSD and OpenBSD are using the same tools
> to manage ports/packages, and I am certainly accustomed to
> /usr/pkg/etc on NetBSD, I supposed it was an error on these
> packages.

OpenBSD and NetBSD do not use the same tools to manage ports and
packages.

> As I said, it is a certainly unusual behaviour and it is not
> described on the pkg_* manual pages (though!).  As I did not find
> a comment on this behaviour on pkg_add(1), but there are detailed
> notes on the use of /usr/ports, /usr/local, /var/db/pkg and so on
> I supposed I did a mistake installing the packages.

Look at hier(7):

 /usr/  Contains the majority of user utilities and applications.
 [...]
local/Local executables, libraries, etc.

Also, look at packages(7):

 [...]
 Some packages installation scripts will also create new configuration
 files in /etc, or need some working directory under /var to function cor-
 rectly (e.g., squid, or mysql).

This is well documented; as you noted, there's even a helpful FAQ
entry.

> I read a lot of documentation on the utilities for managing
> packages on NetBSD, where /usr/pkg/etc is used.  I expected the
> same behaviour on OpenBSD.  

Why would you expect that?

> I just asked because this behaviour is not documented on the man
> pages and it is certainly different to the way pkg_* works on
> NetBSD (where there is a different /etc for the packages).

Assuming OpenBSD works just like NetBSD will make things hard for
you. Read the FAQ and man pages, and trust pkg_info(1).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*



  1   2   >