Tequila Fish

If you’ve ever tried to edit a Windows-created file in Unix or OSX, you’ve probably encountered a messy translation in line breaks: A file full of “^M” characters. There is an easy search/replace you can use in vi/vim to format the file Unix-style:

I needed to upgrade my OpenSSL installation on FreeBSD without having to recompile everything (make installworld), and found out that you can do so by installing the openssh-portable port. You must force it to replace the base OpenSSL install, so you pass in the proper options:

This went great, however, I could no longer log in remotely. It would prompt me for username and password then just hang until it times out.

This happens because newer versions of sshd have “UsePrivilegeSeparation” (privsep) set to YES by default, so sshd will always try to verify the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address.

Because sshd is chrooted to /usr/local/empty, it is unable to read /etc/resolv.conf and fails any name lookups. This is why we are hanging! To fix it, I found some people suggesting to copy /etc/resolv.conf to /var/empty/etc/resolv.conf. I decided to try a symbolic link instead, but got the following error.

This is probably caused by some flags or the schg bit on the dir, and I didn’t want to deal with it. Instead I decided to take the easy (even though probably unsafe) way out: disable privsep. Open up your /etc/ssh/ssd_config file and add the following:

Restart your sshd with /etc/rc.d/sshd restart and you should be good to go! I know it’s probably not a good idea to run with privsep off, but with it on, NOBODY could log into the server via ssh, including myself, and that’s no good. Hopefully OpenSSH and the FreeBSD ports people will find a way to make things work with privsep enabled in the near future.

I ran into a few problems trying to install Xdebug into PHP on both FreeBSD 5.2 and FreeBSD 5.4. My research led me to this PHP bug thread and the proper solution. Here’s a quick summary to get you going with Xdebug:

Xdebug is installed via phpize, and phpize has some requirements:

• autoconf: 2.13
• automake: 1.4+
• libtool: 1.4.x+ (except 1.4.2)
• bison: 1.28 (preferred), 1.35, or 1.75
• flex: 2.5.4

I was able to get mine up and running with the following versions:

• autoconf: 2.59_2
• automake: 1.9.5
• libtool: 1.5.10_1
• bison: 1.75_2
• flex: 2.5.4

However, the ports packages for autoconf, automake, and libtool that come with FreeBSD are installed into non-standard locations, so phpize is unable to find them. This is easily fixed with symlinks (NOTE: symlinks will vary depending on which versions you have installed):

Now, assuming you have all the correct versions installed and paths present, phpize should be able to find everything and Xdebug should install as expected:

I’m normally a manually-compile-from-source type of guy, but I thought I’d give FreeBSD’s ports system a try. Right away I ran into an annoyance, and something that underscores a constant battle: trading customizability for ease-of-use. Yes, ports makes installing things easier, but you lose a certain level of control and customizability.

Installing vim from ports seems easy enough, right? Sure, if you want tons of bloat included! A simple make; make install in /usr/ports/editors/vim started a flurry of downloads for things like X11toolkits, X11R6.8.2, etc, etc.. in other words, installing vim from ports was trying to also install X-Windows on my machine!! This is a server, I do NOT need the bloat of X-Windows simply to run a frickin’ text editor like vim.

So, after some research, I discovered that you can in fact control port installs with various arguments. Here’s how I installed vim:

PRESTO, a nice, clean, bloat-free, non-X-Windows install of vim. As a general tip, you can look inside the port’s Makefile to see various arguments that you can pass in.

A caveat though, if you ever upgrade all your ports with portupgrade, all of your ports will upgrade with the default arguments. So if I ran portupgrade and a new version of vim was available, it would install vim and all the X-Windows crap along with it.

Luckily, FreeBSD provides a way to automatically provide arguments to auto-upgrades via portupgrade: Simply open up /usr/local/etc/pkgtools.conf and fill in the MAKE_ARGS tag like so:

Now the next time you upgrade vim using portupgrade, the WITHOUT_X11 argument will be automatically included, so you won’t have to worry about all that extra X11 crap being included in your install.

I just installed FreeBSD 5.4 on my Abit AA8-DuraMax, but I’ve run into some troubles with my networking. It seems that the on-board NIC doesn’t properly detect when a cable is plugged in. ifconfig shows it as “status: no carrier”

I know it’s not the router or the cable, because they both work fine on other machines. The 8100S chipset is listed as supported on the FreeBSD 5.4 Hardware compatibility list, as well as the man pages for the re driver.

Some other weirdness: If I plug the ethernet cable from the BSD machine to another machine’s NIC, it is properly detected. It only doesn’t detect when connected to my router. Also, if I manually set the card to 10baseT/UTP using ifconfig’s media parameter, it also works. It doesn’t work on autoselect, or any other media setting besides 10baseT/UTP.

Anyone have any ideas? Some info:

If you enable the $message_envelope variable in the config.php file of phplist for processing bounces, sendmail will probably complain with the following header in your email:

This is because only “trusted users” are allowed to change the message envelope. By default, sendmail only considers root, daemon, and uucp as trusted users, so if you try changing the message envelope as the user Apache is running under (in my case httpd) sendmail will attach that nasty warning header to all your outgoing mails. Spam blockers don’t like this!

There are a couple of ways to fix this:

1. Add httpd (or whatever user Apache is running under) to the daemon group:
   pw groupmod daemon -M httpd
2. Add httpd (or whatever user Apache is running under) to Sendmail’s trusted-users file. Open up /etc/mail/your.domain.com.submit.mc in vi and insert the following line:
   FEATURE(`use_ct_file’) dnl # Trusted users

   Save & Exit.
   Now you must create the trusted-users file in /etc/mail:

   touch /etc/mail/trusted-users

   Open /etc/mail/trusted-users with vi and on one line simply add the name of the user under which Apache is running:

   httpd

   Save & Exit. Run the following commands in /etc/mail to comit the changes to Sendmail and restart the server:

   make install
   make restart

That’s it, you should be good to go. Mail sent via PHP/Apache will no longer contain the X-Authentication-Warning header.

Note that there is a downside to this. Any user on your system can now use PHP to send email with “forged” headers. You basically just gave everyone on your system “Trusted User” status to Sendmail, so be sure that you trust your users before actually doing this!

UPDATE: How to do the same in Linux

Ran into a little problem installing libpng 1.2.8 on FreeBSD 5.4. Running make gives the following:

I found out that there is a typo in the INSTALL file that tells you to use the wrong makefile. It tells you to cp scripts/makefile.hpgcc makefile when in fact you should cp scripts/makefile.freebsd makefile. Using the correct makefile, of course, make works as expected!