From owner-freebsd-arch@FreeBSD.ORG Sat May 31 23:35:14 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CF6E37B401 for ; Sat, 31 May 2003 23:35:14 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C2E343F75 for ; Sat, 31 May 2003 23:35:13 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfi3c.dialup.mindspring.com ([165.247.200.108] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19MMQx-0007EO-00; Sat, 31 May 2003 23:35:12 -0700 Message-ID: <3ED99E4F.751182A2@mindspring.com> Date: Sat, 31 May 2003 23:33:51 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Gordon Tetlow References: <20030531193849.GR87863@roark.gnf.org> <3ED90796.91188E84@mindspring.com> <20030531204804.GS87863@roark.gnf.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a49535310e0a68daa61a14c723f8fa6b0ea8438e0f32a48e08350badd9bab72f9c350badd9bab72f9c cc: arch@FreeBSD.org Subject: Re: Moving some items out of src/sbin to src/usr.sbin X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 06:35:14 -0000 Gordon Tetlow wrote: > On Sat, May 31, 2003 at 12:50:46PM -0700, Terry Lambert wrote: > > I would actually be tempted to go farther, and to adopt the SVR4 > > layout for these types of programs, and the stub programs that > > call them, and put them under /libexec; that probably would not > > fly to well, even though it would mean you could drop in new > > file systems, and the tools would "just know" about them. > > They already do. mount -t foo will try execing /sbin/mount_foo > and then /usr/sbin/mount_foo. You'd know that if you read the > source. This is disingenuous. By saying this, you imply that the mount code is able to access things that, it'd be there in the default case, of programs with the install disks. As an example, using your approach, it would be impossible to install from an NTFS partition... which is to say it'd be impossible to install from Winwodws XP. -- Terry From owner-freebsd-arch@FreeBSD.ORG Sun Jun 1 05:26:59 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 110C137B401 for ; Sun, 1 Jun 2003 05:26:59 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFBA343FEA for ; Sun, 1 Jun 2003 05:25:37 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246]) by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id WAA21379; Sun, 1 Jun 2003 22:25:27 +1000 Date: Sun, 1 Jun 2003 22:25:26 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Gordon Tetlow In-Reply-To: <20030531225040.GV87863@roark.gnf.org> Message-ID: <20030601221123.B11577@gamplex.bde.org> References: <20030531202221.GA22056@dragon.nuxi.com> <20030531225040.GV87863@roark.gnf.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: arch@freebsd.org cc: Julian Elischer Subject: Re: Moving some items out of src/sbin to src/usr.sbin X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 12:26:59 -0000 On Sat, 31 May 2003, Gordon Tetlow wrote: > On Sat, May 31, 2003 at 03:28:22PM -0700, Julian Elischer wrote: > > > On Sat, May 31, 2003 at 12:38:49PM -0700, Gordon Tetlow wrote: > > > > To cut down on the size of a dynamically-linked root, I'd like to > > > > repo-copy the following utilities from src/sbin to src/usr.sbin: > > > > > > > > mount_portalfs > > > > mount_nwfs > > > > mount_smbfs > > > > natd > > > > ipnat > > > > > > > > Does anyone have any objections? > > it would make it hard to mount an smbfs /usr right? > > > > I think it goes against POLA to mofe mount subtypes away from where they > > are.. > > mount_smbfs is dynamically linked currently. You can't use it to mount > /usr even if you wanted to. No POLA will be broken by moving it. And > if you are using nwfs or portalfs for /usr, may $DEITY have pity on your > soul. There is little point in moving the utilities for the dynamically linked case, since they are small in that case. Just don't put their libraries in the root partition, so that they work like mount_smbfs does now (not, if /usr is not mounted). mount_smbfs isn't actually dynamically linked currently: %%% $ file /sbin/mount_smbfs /sbin/mount_smbfs: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), for FreeBSD 5.0, statically linked, stripped %%% The world was built with NOSHARED=yes. This seems to be a bug in mount_smbfs/Makefile: %%% # Needs to be dynamically linked for optional dlopen() access to # userland libiconv (see the -E option). # NOSHARED?= NO %%% If it really needs to be dynamically linked, then NOSHARED should be set unconditionally. BTW, rc.ng still doesn't support nfs-mounting /usr. It attempts to use utilities in /usr before /usr is mounted. From console.log: %%% ... May 29 20:51:15 gamplex kernel: /dev/ad0s2h: clean, 1098574 free (14 frags, 137320 blocks, 0.0% fragmentation) May 29 20:51:15 gamplex kernel: chown: not found May 29 20:51:15 gamplex kernel: Setting hostname: gamplex.bde.org. May 29 20:51:15 gamplex kernel: fxp0: flags=8843 mtu 1500 May 29 20:51:15 gamplex kernel: inet 192.168.2.3 netmask 0xffffff00 broadcast 192.168.2.255 May 29 20:51:15 gamplex kernel: ether 00:90:27:99:02:99 May 29 20:51:15 gamplex kernel: media: Ethernet autoselect (100baseTX ) May 29 20:51:15 gamplex kernel: status: active May 29 20:51:15 gamplex kernel: lo0: flags=8049 mtu 16384 May 29 20:51:15 gamplex kernel: inet 127.0.0.1 netmask 0xff000000 May 29 20:51:15 gamplex kernel: id: not found ... %%% Bruce From owner-freebsd-arch@FreeBSD.ORG Sun Jun 1 11:02:31 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5B5237B401 for ; Sun, 1 Jun 2003 11:02:31 -0700 (PDT) Received: from mail.ryu16.org (YahooBB219005044040.bbtec.net [219.5.44.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4D8F43F93 for ; Sun, 1 Jun 2003 11:02:29 -0700 (PDT) (envelope-from imura@ryu16.org) Received: from redeye.xt.ryu16.org (localhost [IPv6:::1]) by mail.ryu16.org (8.12.6/8.12.5) with ESMTP id h51I0qtW023214; Mon, 2 Jun 2003 03:00:52 +0900 (JST) (envelope-from imura@redeye.xt.ryu16.org) Received: (from imura@localhost) by redeye.xt.ryu16.org (8.12.6/8.12.6/Submit) id h51I0Vgu023207; Mon, 2 Jun 2003 03:00:31 +0900 (JST) Date: Mon, 2 Jun 2003 03:00:31 +0900 From: "R. Imura" To: Bruce Evans Message-ID: <20030602030031.H77796@ryu16.org> References: <20030531202221.GA22056@dragon.nuxi.com> <20030531225040.GV87863@roark.gnf.org> <20030601221123.B11577@gamplex.bde.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Mutt/1.2.5i-jp2 In-Reply-To: <20030601221123.B11577@gamplex.bde.org>; from bde@zeta.org.au on Sun, Jun 01, 2003 at 10:25:26PM +1000 cc: Julian Elischer cc: arch@freebsd.org Subject: Re: Moving some items out of src/sbin to src/usr.sbin X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 18:02:32 -0000 Hi, Bruce, On Sun, Jun 01, 2003 at 10:25:26PM +1000, Bruce Evans wrote: > mount_smbfs isn't actually dynamically linked currently: > > %%% > $ file /sbin/mount_smbfs > /sbin/mount_smbfs: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), for FreeBSD 5.0, statically linked, stripped > %%% > > The world was built with NOSHARED=yes. > > This seems to be a bug in mount_smbfs/Makefile: > > %%% > # Needs to be dynamically linked for optional dlopen() access to > # userland libiconv (see the -E option). > # > NOSHARED?= NO > %%% > > If it really needs to be dynamically linked, then NOSHARED should > be set unconditionally. When statically linked, mount_smbfs is limited to no character conversion based on libiconv.so, because dlopen() returns "Service unavailable". Since smbfs works fine w/o code conversion, if someone wants, he can make it statically linked. I think European need dynamically linked for their character code conversion purpose. (In my case, I(japanese) don't use -E option for mount_smbfs, because it doesn't work for 16bit chars, so I can make it statically linked.) Anyway, I think this is not a bug of mount_smbfs/Makefile, IMHO. - R. Imura From owner-freebsd-arch@FreeBSD.ORG Sun Jun 1 15:31:08 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18CAE37B401 for ; Sun, 1 Jun 2003 15:31:08 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4F7B43F3F for ; Sun, 1 Jun 2003 15:31:04 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h51MV0Ed037271 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 Jun 2003 01:31:01 +0300 (EEST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h51MUxfH037260; Mon, 2 Jun 2003 01:30:59 +0300 (EEST) (envelope-from ru) Date: Mon, 2 Jun 2003 01:30:59 +0300 From: Ruslan Ermilov To: Gordon Tetlow Message-ID: <20030601223059.GC33993@sunbay.com> References: <20030531193849.GR87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/3yNEOqWowh/8j+e" Content-Disposition: inline In-Reply-To: <20030531193849.GR87863@roark.gnf.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org Subject: Re: Moving some items out of src/sbin to src/usr.sbin X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 22:31:08 -0000 --/3yNEOqWowh/8j+e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 31, 2003 at 12:38:49PM -0700, Gordon Tetlow wrote: > To cut down on the size of a dynamically-linked root, I'd like to > repo-copy the following utilities from src/sbin to src/usr.sbin: >=20 > mount_portalfs > mount_nwfs > mount_smbfs > natd > ipnat >=20 > Does anyone have any objections? >=20 natd(8) is there for a good reason; it's usually started synchronously with ipfw(8), at which time /usr may not yet be available. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer. --/3yNEOqWowh/8j+e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+2n6jUkv4P6juNwoRAj+iAJ9czIKYISTLJs9J731UOB4SiNdhGwCdFVrE 1Gi+xPMqMJ4S2zfsDgLNcpg= =JOof -----END PGP SIGNATURE----- --/3yNEOqWowh/8j+e-- From owner-freebsd-arch@FreeBSD.ORG Sun Jun 1 15:53:24 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3B2537B401 for ; Sun, 1 Jun 2003 15:53:23 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F20943F75 for ; Sun, 1 Jun 2003 15:53:22 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246]) by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id IAA26980; Mon, 2 Jun 2003 08:52:51 +1000 Date: Mon, 2 Jun 2003 08:52:50 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: "R. Imura" In-Reply-To: <20030602030031.H77796@ryu16.org> Message-ID: <20030602083714.A13535@gamplex.bde.org> References: <20030531202221.GA22056@dragon.nuxi.com> <20030601221123.B11577@gamplex.bde.org> <20030602030031.H77796@ryu16.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Julian Elischer cc: arch@freebsd.org Subject: Re: Moving some items out of src/sbin to src/usr.sbin X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 22:53:24 -0000 On Mon, 2 Jun 2003, R. Imura wrote: > On Sun, Jun 01, 2003 at 10:25:26PM +1000, Bruce Evans wrote: > > mount_smbfs isn't actually dynamically linked currently: > > > > %%% > > $ file /sbin/mount_smbfs > > /sbin/mount_smbfs: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), for FreeBSD 5.0, statically linked, stripped > > %%% > > > > The world was built with NOSHARED=yes. > > > > This seems to be a bug in mount_smbfs/Makefile: > > > > %%% > > # Needs to be dynamically linked for optional dlopen() access to > > # userland libiconv (see the -E option). > > # > > NOSHARED?= NO > > %%% > > > > If it really needs to be dynamically linked, then NOSHARED should > > be set unconditionally. > > When statically linked, mount_smbfs is limited to no character conversion > based on libiconv.so, because dlopen() returns "Service unavailable". > Since smbfs works fine w/o code conversion, if someone wants, he can > make it statically linked. I think European need dynamically linked > for their character code conversion purpose. > (In my case, I(japanese) don't use -E option for mount_smbfs, because > it doesn't work for 16bit chars, so I can make it statically linked.) > > Anyway, I think this is not a bug of mount_smbfs/Makefile, IMHO. I like this treatment, provided the error is sufficiently obvious. I think we will get similar behaviour for NSS. It's not an error for a module to be missing if it is not needed, and static linkage just limits the accessible modules. Bruce From owner-freebsd-arch@FreeBSD.ORG Sun Jun 1 16:58:07 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73DC237B401 for ; Sun, 1 Jun 2003 16:58:07 -0700 (PDT) Received: from eq10.eq.uc.pt (eq10.eq.uc.pt [193.137.214.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FDF143FCB for ; Sun, 1 Jun 2003 16:58:05 -0700 (PDT) (envelope-from alunos-admin@eq.uc.pt) Received: from eq10.eq.uc.pt (list@localhost [127.0.0.1]) h51Nw1Xk012156 for ; Mon, 2 Jun 2003 00:58:01 +0100 Date: Mon, 02 Jun 2003 00:58:01 +0100 Message-ID: <20030601235801.12144.61796.Mailman@eq10.eq.uc.pt> From: alunos-admin@eq.uc.pt To: freebsd-arch@freebsd.org X-Ack: no Sender: alunos-admin@eq.uc.pt Errors-To: alunos-admin@eq.uc.pt X-BeenThere: alunos@eq.uc.pt X-Mailman-Version: 2.0.11 Precedence: bulk Subject: Your message to Alunos awaits moderator approval X-BeenThere: freebsd-arch@freebsd.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 23:58:07 -0000 Your mail to 'Alunos' with the subject Re: 45443-343556 Is being held until the list moderator can review it for approval. The reason it is being held: Post to moderated list Either the message will get posted to the list, or you will receive notification of the moderator's decision. From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 01:21:49 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BAE037B401; Mon, 2 Jun 2003 01:21:49 -0700 (PDT) Received: from mail.auriga.ru (mail.auriga.ru [80.240.102.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id C99D943FAF; Mon, 2 Jun 2003 01:21:47 -0700 (PDT) (envelope-from alex.neyman@auriga.ru) Received: from mail.loopback.interface ([127.0.0.1] helo=vagabond.auriga.ru) by mail.auriga.ru with esmtp (Exim 4.14) id 19Mkcy-0003SF-Ia; Mon, 02 Jun 2003 12:25:12 +0400 From: Alexey Neyman Organization: Auriga, Inc To: "David E. O'Brien" Date: Mon, 2 Jun 2003 12:21:47 +0400 User-Agent: KMail/1.5.2 References: <200306020643.h526hGg8017066@repoman.freebsd.org> In-Reply-To: <200306020643.h526hGg8017066@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_bkw2+ELhZpXchWs" Message-Id: <200306021221.47700.alex.neyman@auriga.ru> cc: arch@freebsd.org Subject: Re: cvs commit: src/sys/i386/i386 atomic.c autoconf.c bios.c busdma_machdep.c critical.c db_disasm.c db_interface.c db_trace.c dump_machdep.c elan-mmcr.c elf_machdep.c genassym.c i386-gdbstub.c i686_mem.c identcpu.c in_cksum.c initcpu.c k6_mem.c legacy.c ... X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 08:21:49 -0000 --Boundary-00=_bkw2+ELhZpXchWs Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi, there! On Monday 02 June 2003 10:43, David E. O'Brien wrote: DE> Modified files: DE> sys/i386/i386 atomic.c autoconf.c bios.c DE> busdma_machdep.c critical.c db_disasm.c DE> db_interface.c db_trace.c dump_machdep.c DE> elan-mmcr.c elf_machdep.c genassym.c DE> i386-gdbstub.c i686_mem.c identcpu.c DE> in_cksum.c initcpu.c k6_mem.c legacy.c DE> machdep.c math_emulate.c mem.c mp_clock.c DE> mp_machdep.c mpapic.c nexus.c perfmon.c DE> pmap.c sys_machdep.c trap.c tsc.c vm86.c DE> vm_machdep.c DE> Log: DE> Use __FBSDID(). BTW, I have a patch that strips the version information (more precisely, .comment section, that contains $FreeBSD$ strings and a handful of compiler versions "GCC: (GNU) 3.2.2 [FreeBSD] 20030205 (release)") into a separate file and installs it under a separate name (${KMOD}.version or kernel.version). Even now, .comment section in GENERIC is somewhat about 30K (this gives about 2.5K in the compressed kernel), but it will obviously grow as more __FBSDID()s are added. PS. The patch is against ~1 week old sources, however, it should apply ok. Regards, Alexey. -- ,----------------------------------------, | A quoi ca sert d'etre sur la terre | Alexey V. Neyman | Si c'est pour faire nos vies a genoux! | mailto:alex.neyman@auriga.ru `------------------( Les Rois du Monde )-' --Boundary-00=_bkw2+ELhZpXchWs Content-Type: text/plain; charset="koi8-r"; name="patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch" diff -ur sys/conf/kern.post.mk sys/conf/kern.post.mk --- sys/conf/kern.post.mk Mon May 26 08:26:42 2003 +++ sys/conf/kern.post.mk Mon May 26 19:50:41 2003 @@ -187,6 +187,10 @@ .else ${INSTALL} -p -m 555 -o root -g wheel ${KERNEL_KO} ${DESTDIR}${KODIR} .endif +.if !defined(NO_IDENTFILES) + ${INSTALL} -p -m 444 -o root -g wheel ${KERNEL_KO}.version \ + ${DESTDIR}${KODIR} +.endif kernel-reinstall: @-chflags -R noschg ${DESTDIR}${KODIR} @@ -194,6 +198,10 @@ ${INSTALL} -p -m 555 -o root -g wheel ${FULLKERNEL} ${DESTDIR}${KODIR} .else ${INSTALL} -p -m 555 -o root -g wheel ${KERNEL_KO} ${DESTDIR}${KODIR} +.endif +.if !defined(NO_IDENTFILES) + ${INSTALL} -p -m 444 -o root -g wheel ${KERNEL_KO}.version \ + ${DESTDIR}${KODIR} .endif config.o: diff -ur sys/conf/kern.pre.mk sys/conf/kern.pre.mk --- sys/conf/kern.pre.mk Mon May 26 07:32:48 2003 +++ sys/conf/kern.pre.mk Mon May 26 19:57:28 2003 @@ -14,9 +14,12 @@ M= ${MACHINE_ARCH} AWK?= awk +IDENT?= ident NM?= nm OBJCOPY?= objcopy +SED?= sed SIZE?= size +SORT?= sort COPTFLAGS?=-O -pipe .if !defined(NO_CPU_COPTFLAGS) @@ -71,7 +74,11 @@ SYSTEM_LD= @${LD} ${FMT} -Bdynamic -T $S/conf/ldscript.$M \ -warn-common -export-dynamic -dynamic-linker /red/herring \ -o ${.TARGET} -X ${SYSTEM_OBJS} vers.o -SYSTEM_LD_TAIL= @${OBJCOPY} --strip-symbol gcc2_compiled. ${.TARGET} ; \ +SYSTEM_LD_TAIL= @${OBJCOPY} -j .comment ${.TARGET} \ + ${KERNEL_KO}.comment 2>/dev/null ; \ + ${OBJCOPY} --strip-symbol gcc2_compiled. -R .comment ${.TARGET} ; \ + ${IDENT} ${KERNEL_KO}.comment | ${SED} '1d' | \ + ${SORT} -u > ${KERNEL_KO}.version ; \ ${SIZE} ${FMT} ${.TARGET} ; chmod 755 ${.TARGET} SYSTEM_DEP+= $S/conf/ldscript.$M diff -ur sys/conf/kmod.mk sys/conf/kmod.mk --- sys/conf/kmod.mk Mon May 26 07:52:49 2003 +++ sys/conf/kmod.mk Mon May 26 19:55:58 2003 @@ -58,9 +58,13 @@ # AWK?= awk +IDENT?= ident KMODLOAD?= /sbin/kldload KMODUNLOAD?= /sbin/kldunload OBJCOPY?= objcopy +SED?= sed +SORT?= sort +TEST?= test .if defined(KMODDEPS) .error "Do not use KMODDEPS on 5.0+, use MODULE_VERSION/MODULE_DEPEND" @@ -122,6 +126,10 @@ ${FULLPROG}: ${KMOD}.kld ${LD} -Bshareable ${LDFLAGS} -o ${.TARGET} ${KMOD}.kld + ${OBJCOPY} -j .comment ${.TARGET} ${KMOD}.comment 2>/dev/null + ${OBJCOPY} -R .comment ${.TARGET} + ${IDENT} ${KMOD}.comment 2>/dev/null | ${SED} '1d' | \ + ${SORT} -u > ${KMOD}.version EXPORT_SYMS?= NO .if ${EXPORT_SYMS} != YES @@ -206,10 +214,18 @@ _kmodinstall: ${INSTALL} -o ${KMODOWN} -g ${KMODGRP} -m ${KMODMODE} \ ${_INSTALLFLAGS} ${FULLPROG} ${DESTDIR}${KMODDIR} +.if !defined(NO_IDENTFILES) + ${TEST} -s ${KMOD}.version && ${INSTALL} -o ${KMODOWN} -g ${KMODGRP} \ + -m 444 ${_INSTALLFLAGS} ${KMOD}.version ${DESTDIR}${KMODDIR} +.endif .else _kmodinstall: ${INSTALL} -o ${KMODOWN} -g ${KMODGRP} -m ${KMODMODE} \ ${_INSTALLFLAGS} ${PROG} ${DESTDIR}${KMODDIR} +.if !defined(NO_IDENTFILES) + ${TEST} -s ${KMOD}.version && ${INSTALL} -o ${KMODOWN} -g ${KMODGRP} \ + -m 444 ${_INSTALLFLAGS} ${KMOD}.version ${DESTDIR}${KMODDIR} +.endif .include --Boundary-00=_bkw2+ELhZpXchWs-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 08:02:48 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2803437B401 for ; Mon, 2 Jun 2003 08:02:48 -0700 (PDT) Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B83E43F3F for ; Mon, 2 Jun 2003 08:02:47 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1]) by dragon.nuxi.com (8.12.9/8.12.9) with ESMTP id h52F2dVm088187; Mon, 2 Jun 2003 08:02:39 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.12.9/8.12.9/Submit) id h52F2aQN088186; Mon, 2 Jun 2003 08:02:36 -0700 (PDT) Date: Mon, 2 Jun 2003 08:02:36 -0700 From: "David O'Brien" To: Alexey Neyman Message-ID: <20030602150236.GE87972@dragon.nuxi.com> Mail-Followup-To: David O'Brien , Alexey Neyman , arch@freebsd.org References: <200306020643.h526hGg8017066@repoman.freebsd.org> <200306021221.47700.alex.neyman@auriga.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306021221.47700.alex.neyman@auriga.ru> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 5.1-BETA Organization: The NUXI BSD Group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 cc: arch@freebsd.org Subject: Re: cvs commit: src/sys/i386/i386 atomic.c autoconf.c bios.c busdma_machdep.c critical.c db_disasm.c db_interface.c db_trace.c dump_machdep.c elan-mmcr.c elf_machdep.c genassym.c i386-gdbstub.c i686_mem.c identcpu.c in_cksum.c initcpu.c k6_mem.c legacy.c ... X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: arch@freebsd.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 15:02:48 -0000 On Mon, Jun 02, 2003 at 12:21:47PM +0400, Alexey Neyman wrote: > Hi, there! > > On Monday 02 June 2003 10:43, David E. O'Brien wrote: > DE> Modified files: > DE> sys/i386/i386 atomic.c autoconf.c bios.c > DE> busdma_machdep.c critical.c db_disasm.c > DE> db_interface.c db_trace.c dump_machdep.c > DE> elan-mmcr.c elf_machdep.c genassym.c > DE> i386-gdbstub.c i686_mem.c identcpu.c > DE> in_cksum.c initcpu.c k6_mem.c legacy.c > DE> machdep.c math_emulate.c mem.c mp_clock.c > DE> mp_machdep.c mpapic.c nexus.c perfmon.c > DE> pmap.c sys_machdep.c trap.c tsc.c vm86.c > DE> vm_machdep.c > DE> Log: > DE> Use __FBSDID(). > > BTW, I have a patch that strips the version information (more precisely, > .comment section, that contains $FreeBSD$ strings and a handful of > compiler versions "GCC: (GNU) 3.2.2 [FreeBSD] 20030205 (release)") into > a separate file and installs it under a separate name (${KMOD}.version > or kernel.version). What's the problem with a large amount .comment section bits? They should not be loaded into memory when an ELF file is loaded. The only place it causes trouble is on the installation floppies when the size of the file on disk is an issue -- but we strip out the .comment section when building the floppy images. From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 09:40:20 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6380737B404 for ; Mon, 2 Jun 2003 09:40:20 -0700 (PDT) Received: from mail.auriga.ru (mail.auriga.ru [80.240.102.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB91E43FA3 for ; Mon, 2 Jun 2003 09:40:18 -0700 (PDT) (envelope-from alex.neyman@auriga.ru) Received: from mail.loopback.interface ([127.0.0.1] helo=vagabond.auriga.ru) by mail.auriga.ru with esmtp (Exim 4.14) id 19MsPG-00079M-M6; Mon, 02 Jun 2003 20:43:34 +0400 From: Alexey Neyman Organization: Auriga, Inc. To: "David O'Brien" Date: Mon, 2 Jun 2003 20:40:11 +0400 User-Agent: KMail/1.5.1 References: <200306020643.h526hGg8017066@repoman.freebsd.org> <200306021221.47700.alex.neyman@auriga.ru> <20030602150236.GE87972@dragon.nuxi.com> In-Reply-To: <20030602150236.GE87972@dragon.nuxi.com> MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200306022039.29859.alex.neyman@auriga.ru> Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit cc: arch@freebsd.org Subject: Re: cvs commit: src/sys/i386/i386 atomic.c autoconf.c bios.c busdma_machdep.c critical.c db_disasm.c db_interface.c db_trace.c dump_machdep.c elan-mmcr.c elf_machdep.c genassym.c i386-gdbstub.c i686_mem.c identcpu.c in_cksum.c initcpu.c k6_mem.c legacy.c ... X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 16:40:20 -0000 hi, there! On Monday 02 June 2003 19:02, David O'Brien wrote: DO>> BTW, I have a patch that strips the version information (more precisely, DO>> .comment section, that contains $FreeBSD$ strings and a handful of DO>> compiler versions "GCC: (GNU) 3.2.2 [FreeBSD] 20030205 (release)") into DO>> a separate file and installs it under a separate name (${KMOD}.version DO>> or kernel.version). DO> DO> What's the problem with a large amount .comment section bits? They DO> should not be loaded into memory when an ELF file is loaded. The only DO> place it causes trouble is on the installation floppies when the size of DO> the file on disk is an issue -- but we strip out the .comment section DO> when building the floppy images. Well, sorry for the noise. I just checked that 5.0-RELEASE floppies contain the .comment section in the kernel. However, 5.1-BETA2 do not, that is, such stripping was introduced somewhere in between... This, of course, renders this patch useless. Regards, Alexey. -- A quoi ca sert d'etre sur la terre Si c'est pour faire nos vies a genoux? From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 10:19:52 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 528E637B404 for ; Mon, 2 Jun 2003 10:19:52 -0700 (PDT) Received: from ns1.gnf.org (ns1.gnf.org [63.196.132.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9587843FAF for ; Mon, 2 Jun 2003 10:19:48 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns1.gnf.org (8.12.8p1/8.12.8) with ESMTP id h52HJltF091986 for ; Mon, 2 Jun 2003 10:19:47 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Mon, 2 Jun 2003 10:19:43 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h52HJhjX018462; Mon, 2 Jun 2003 10:19:43 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h52HJgXx018461; Mon, 2 Jun 2003 10:19:42 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 2 Jun 2003 10:19:42 -0700 From: Gordon Tetlow To: arch@FreeBSD.org Message-ID: <20030602171942.GA87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/ke75lzkNdJ8e8mR" Content-Disposition: inline User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 02 Jun 2003 17:19:43.0381 (UTC) FILETIME=[2859C450:01C3292B] cc: Tim Kientzle Subject: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 17:19:52 -0000 --/ke75lzkNdJ8e8mR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I'm planning on making a dynamically-linked root partition by 5.2. To that end, I'm planning on doing to the following: Integrate Tim Kientzle's /rescue patches into the tree Create /lib and populate with all the libs needed to support dynamically linked binaries in /bin and /sbin Have a big (probably NO_DYNAMIC_ROOT) knob to switch from static to dynamic. There will be a performance hit associated with this. I did a quick measurement at boot and my boot time (from invocation of /etc/rc to the login prompt) went from 12 seconds with a static root to 15 seconds with a dynamic root. I have yet to perform a worldstone on it. The reason to do this is two-fold. One is to give better support for PAM and NSS in the base system. The second is to save some disk space. Currently (on my x86 box), /bin and /sbin are 32 MB. With a dynamically linked root (and some pruning of some binaries), the /bin, /lib, and /sbin come out to 6.1 MB. This should be great for people with 2.x and 3.x era root partitions that are only about 50 MB. My preliminary patches are at http://people.freebsd.org/~gordon/patches/dynamic.patch.small They are a bit rough, but I'm working on finishing up the work and integrating it after 5.1 is released. -gordon --/ke75lzkNdJ8e8mR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+24cuRu2t9DV9ZfsRAiQfAKDDJ8wPIaBEGiACn+ZmuNYVMkrLYQCeOrPX 5aL7ZVISUxOKNmIeJ4qWCjM= =r6oJ -----END PGP SIGNATURE----- --/ke75lzkNdJ8e8mR-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 12:10:10 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C90537B404 for ; Mon, 2 Jun 2003 12:10:10 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFF8043FDD for ; Mon, 2 Jun 2003 12:10:08 -0700 (PDT) (envelope-from sean@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id 8000D2105A; Mon, 2 Jun 2003 12:10:07 -0700 (PDT) Date: Mon, 2 Jun 2003 12:10:07 -0700 From: Sean Chittenden To: Gordon Tetlow Message-ID: <20030602191007.GE65470@perrin.int.nxad.com> References: <20030602171942.GA87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline In-Reply-To: <20030602171942.GA87863@roark.gnf.org> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i cc: arch@FreeBSD.org cc: Tim Kientzle Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 19:10:10 -0000 --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > I'm planning on making a dynamically-linked root partition by > 5.2. To that end, I'm planning on doing to the following: >=20 > Integrate Tim Kientzle's /rescue patches into the tree > Create /lib and populate with all the libs needed to support dynamically > linked binaries in /bin and /sbin > Have a big (probably NO_DYNAMIC_ROOT) knob to switch from static to > dynamic. I didn't see the bits for /rescue in the attached patch listed to know if there is a more updated /rescue patch available, but I just want to emphasize the caution necessary for this. I'm on the road at the moment and decided to update my laptop last night. This morning when I did an installworld/installkernel, my copy of ld-elf.so.1 was hosed. I think it had something to do with libmap, but I haven't spent the time to figure it out yet. With my cdrom drive and floppy about 700mi away, I was counting my lucky stars that my old ld-elf.so.1 was backed up as ld-elf.so.1.old and that /bin|/sbin were statically compiled. On a different note regarding /rescue, would it be possible to add less(1) to the rescue set? In single user mode, scroll lock doesn't work and there's no way to read recent entries in UPDATING without cat(1) or head(1). Lastly, on install, given the importance of having functioning binaries for /bin and /sbin, has it been considered to have the programs executed once before install to see if they can run, possibly with the -V flag? ./[progname] --test install [progname] /bin Having make bomb out after having the program run a "self test" that tests its ability to execute with ld would save many headaches. As for the performance hit that you describe, have you investigated the prebinding work to see how that affects performance with /lib and /usr/lib prebound? -sc --=20 Sean Chittenden --82I3+IH0IqGh5yIs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iD8DBQE+26EP3ZnjH7yEs0ERAu/TAKDO/CqiUVMEkpGcI+0JM2I45upQ0QCgwsVH wXnXfWniYhYODXShYz58aGI= =pJo+ -----END PGP SIGNATURE----- --82I3+IH0IqGh5yIs-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 12:23:08 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B23437B401 for ; Mon, 2 Jun 2003 12:23:08 -0700 (PDT) Received: from ns1.gnf.org (ns1.gnf.org [63.196.132.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51A4B43F75 for ; Mon, 2 Jun 2003 12:23:06 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns1.gnf.org (8.12.8p1/8.12.8) with ESMTP id h52JN4tF094357 for ; Mon, 2 Jun 2003 12:23:04 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Mon, 2 Jun 2003 12:23:05 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h52JN5jX020381; Mon, 2 Jun 2003 12:23:05 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h52JN51v020380; Mon, 2 Jun 2003 12:23:05 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 2 Jun 2003 12:23:05 -0700 From: Gordon Tetlow To: Sean Chittenden Message-ID: <20030602192305.GC87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> <20030602191007.GE65470@perrin.int.nxad.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AkcDN4P/vcry3ns+" Content-Disposition: inline In-Reply-To: <20030602191007.GE65470@perrin.int.nxad.com> User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 02 Jun 2003 19:23:06.0063 (UTC) FILETIME=[64B165F0:01C3293C] cc: arch@FreeBSD.org cc: Tim Kientzle Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 19:23:08 -0000 --AkcDN4P/vcry3ns+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2003 at 12:10:07PM -0700, Sean Chittenden wrote: > > I'm planning on making a dynamically-linked root partition by > > 5.2. To that end, I'm planning on doing to the following: > >=20 > > Integrate Tim Kientzle's /rescue patches into the tree > > Create /lib and populate with all the libs needed to support dynamically > > linked binaries in /bin and /sbin > > Have a big (probably NO_DYNAMIC_ROOT) knob to switch from static to > > dynamic. >=20 > I didn't see the bits for /rescue in the attached patch listed to know > if there is a more updated /rescue patch available, but I just want to > emphasize the caution necessary for this. Part of the reason for this email was to communicate to Tim that I'd like his patches to integrate into my tree. > On a different note regarding /rescue, would it be possible to add > less(1) to the rescue set? In single user mode, scroll lock doesn't > work and there's no way to read recent entries in UPDATING without Hmm, my scroll lock works in single-user. > cat(1) or head(1). Lastly, on install, given the importance of having > functioning binaries for /bin and /sbin, has it been considered to > have the programs executed once before install to see if they can run, > possibly with the -V flag? >=20 > ./[progname] --test > install [progname] /bin This isn't a bad idea going down the road. > Having make bomb out after having the program run a "self test" that > tests its ability to execute with ld would save many headaches. >=20 > As for the performance hit that you describe, have you investigated > the prebinding work to see how that affects performance with /lib and > /usr/lib prebound? I imagine it would help, but I don't think mdodd's prebinding stuff is to the point where we can use it. -gordon --AkcDN4P/vcry3ns+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+26QZRu2t9DV9ZfsRAuA3AKCZcYQiaCbEjxe039bPj8hCLn2cKQCgh9Jt 8OLG745f5j1SAbPluGubUUM= =L7bw -----END PGP SIGNATURE----- --AkcDN4P/vcry3ns+-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 12:42:25 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EACB37B401 for ; Mon, 2 Jun 2003 12:42:25 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC4FC43F75 for ; Mon, 2 Jun 2003 12:42:24 -0700 (PDT) (envelope-from sean@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id F2C9C21065; Mon, 2 Jun 2003 12:42:23 -0700 (PDT) Date: Mon, 2 Jun 2003 12:42:23 -0700 From: Sean Chittenden To: Gordon Tetlow Message-ID: <20030602194223.GG65470@perrin.int.nxad.com> References: <20030602171942.GA87863@roark.gnf.org> <20030602191007.GE65470@perrin.int.nxad.com> <20030602192305.GC87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="R3G7APHDIzY6R/pk" Content-Disposition: inline In-Reply-To: <20030602192305.GC87863@roark.gnf.org> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i cc: arch@FreeBSD.org cc: Tim Kientzle Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 19:42:25 -0000 --R3G7APHDIzY6R/pk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Part of the reason for this email was to communicate to Tim that I'd > like his patches to integrate into my tree. Careful Tim, this is a slippery slope!!! > > On a different note regarding /rescue, would it be possible to add > > less(1) to the rescue set? In single user mode, scroll lock > > doesn't work and there's no way to read recent entries in UPDATING > > without >=20 > Hmm, my scroll lock works in single-user. :-/ Interesting, mine doesn't. *kicks latitude* Works when I'm in X though. *sigh* > > cat(1) or head(1). Lastly, on install, given the importance of > > having functioning binaries for /bin and /sbin, has it been > > considered to have the programs executed once before install to > > see if they can run, possibly with the -V flag? > >=20 > > ./[progname] --test > > install [progname] /bin >=20 > This isn't a bad idea going down the road. If you'd like to shovel the grunt work off on someone, let me know, I'm due for a bit of mindless work. -sc --=20 Sean Chittenden --R3G7APHDIzY6R/pk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iD8DBQE+26if3ZnjH7yEs0ERAllTAJ0aRnfw4OGWDsvQ3EIZ1cHGPTXVowCgkfVw 6gq11PqdTDjHgDRxGlbXC6Q= =yeMl -----END PGP SIGNATURE----- --R3G7APHDIzY6R/pk-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 12:58:54 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3320037B401 for ; Mon, 2 Jun 2003 12:58:53 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4505243F93 for ; Mon, 2 Jun 2003 12:58:52 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h52JwpMD026126 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 2 Jun 2003 15:58:51 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h52Jwkq45826; Mon, 2 Jun 2003 15:58:46 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16091.44150.539095.704531@grasshopper.cs.duke.edu> Date: Mon, 2 Jun 2003 15:58:46 -0400 (EDT) To: Gordon Tetlow In-Reply-To: <20030602171942.GA87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: arch@FreeBSD.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 19:58:54 -0000 Gordon Tetlow writes: > > There will be a performance hit associated with this. I did a quick > measurement at boot and my boot time (from invocation of /etc/rc to > the login prompt) went from 12 seconds with a static root to 15 > seconds with a dynamic root. I have yet to perform a worldstone on > it. Wow! That's a 25% pessimization. I'm afraid that other heavily scripted and or fork intensive environments may fair just as poorly (dynamic web content, SMTP servers, etc) as the startup scripts. I don't want to sound harsh, and I do appreciate your work. However, I think the last thing FreeBSD needs now is to get slower. We're already far slower than that other free OS. Shouldn't we consider making the dynamic root optional and leaving a static root as standard? > The reason to do this is two-fold. One is to give better support > for PAM and NSS in the base system. The second is to save some disk Are better support for these features worth the 25% performance penalty you mention above? > space. Currently (on my x86 box), /bin and /sbin are 32 MB. With > a dynamically linked root (and some pruning of some binaries), the > /bin, /lib, and /sbin come out to 6.1 MB. This should be great for > people with 2.x and 3.x era root partitions that are only about 50 > MB. Assuming disks cost $1.00 US per gig, this 25% performance penalty saves roughly 2.5 cents worth of disk space. Admittedly, embedded environments need the disk savings and might not care about the performance penalty. But that's just another argument for making it optional. Drew From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 13:13:39 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44C0D37B410 for ; Mon, 2 Jun 2003 13:13:39 -0700 (PDT) Received: from ns1.gnf.org (ns1.gnf.org [63.196.132.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38E1743F85 for ; Mon, 2 Jun 2003 13:13:38 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns1.gnf.org (8.12.8p1/8.12.8) with ESMTP id h52KDatF094706 for ; Mon, 2 Jun 2003 13:13:36 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Mon, 2 Jun 2003 13:13:37 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h52KDbjX021269 for ; Mon, 2 Jun 2003 13:13:37 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h52KDbtx021268 for arch@FreeBSD.org; Mon, 2 Jun 2003 13:13:37 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 2 Jun 2003 13:13:37 -0700 From: Gordon Tetlow To: arch@FreeBSD.org Message-ID: <20030602201337.GD87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> <16091.44150.539095.704531@grasshopper.cs.duke.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C6nHA5rIg3zAawEK" Content-Disposition: inline In-Reply-To: <16091.44150.539095.704531@grasshopper.cs.duke.edu> User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 02 Jun 2003 20:13:38.0066 (UTC) FILETIME=[73E85720:01C32943] Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 20:13:39 -0000 --C6nHA5rIg3zAawEK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2003 at 03:58:46PM -0400, Andrew Gallatin wrote: >=20 > Gordon Tetlow writes: > >=20 > > There will be a performance hit associated with this. I did a quick > > measurement at boot and my boot time (from invocation of /etc/rc to > > the login prompt) went from 12 seconds with a static root to 15 > > seconds with a dynamic root. I have yet to perform a worldstone on > > it. >=20 > Wow! That's a 25% pessimization. I'm afraid that other heavily > scripted and or fork intensive environments may fair just as poorly > (dynamic web content, SMTP servers, etc) as the startup scripts. You need to realize that with the advent of rcNG that their are alot of additional shell invocations. Also bear in mind that your dynamic web content and SMTP servers are already going to be dynamically linked. In fact, the thing that will be hardest hit will be the boot scripts. -gordon --C6nHA5rIg3zAawEK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+26/xRu2t9DV9ZfsRAmyUAKC0RErC7j0gK6lMiNNpe/RIRQETfwCbBtct X8QEZbX35sP61QgSkvR9ZD4= =gQM6 -----END PGP SIGNATURE----- --C6nHA5rIg3zAawEK-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 13:21:22 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66FFE37B401 for ; Mon, 2 Jun 2003 13:21:21 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 843AA43F85 for ; Mon, 2 Jun 2003 13:21:20 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 34B1C5308; Mon, 2 Jun 2003 22:21:17 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Gordon Tetlow References: <20030602171942.GA87863@roark.gnf.org> From: Dag-Erling Smorgrav Date: Mon, 02 Jun 2003 22:21:16 +0200 In-Reply-To: <20030602171942.GA87863@roark.gnf.org> (Gordon Tetlow's message of "Mon, 2 Jun 2003 10:19:42 -0700") Message-ID: User-Agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: arch@FreeBSD.org cc: Tim Kientzle Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 20:21:22 -0000 Gordon Tetlow writes: > There will be a performance hit associated with this. I did a quick > measurement at boot and my boot time (from invocation of /etc/rc to > the login prompt) went from 12 seconds with a static root to 15 > seconds with a dynamic root. I have yet to perform a worldstone on > it. Was /bin/sh dynamically linked? It shouldn't be. DES -- Dag-Erling Smorgrav - des@ofug.org From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 13:22:06 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6447A37B401 for ; Mon, 2 Jun 2003 13:22:06 -0700 (PDT) Received: from alpha.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 043CC43FA3 for ; Mon, 2 Jun 2003 13:22:05 -0700 (PDT) (envelope-from culverk@yumyumyum.org) Received: from alpha.yumyumyum.org (localhost [127.0.0.1]) by alpha.yumyumyum.org (8.12.9/8.12.9) with ESMTP id h52KMCbB011074; Mon, 2 Jun 2003 16:22:12 -0400 (EDT) (envelope-from culverk@yumyumyum.org) Received: from localhost (culverk@localhost)h52KMBYe011071; Mon, 2 Jun 2003 16:22:11 -0400 (EDT) (envelope-from culverk@yumyumyum.org) X-Authentication-Warning: alpha.yumyumyum.org: culverk owned process doing -bs Date: Mon, 2 Jun 2003 16:22:11 -0400 (EDT) From: Kenneth Culver To: arch@freebsd.org In-Reply-To: <16091.44150.539095.704531@grasshopper.cs.duke.edu> Message-ID: <20030602162027.E11044-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-8.0 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,X_AUTH_WARNING version=2.53 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 20:22:06 -0000 > I don't want to sound harsh, and I do appreciate your work. However, > I think the last thing FreeBSD needs now is to get slower. We're > already far slower than that other free OS. Shouldn't we consider > making the dynamic root optional and leaving a static root as > standard? Since when are we "far slower" than the other free operating system? According to all my benchmarks and personal use, the two are about the same, with FreeBSD "feeling" slightly faster. That said, I think making the / binaries dynamically linked optional is a good idea. Ken From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 13:29:49 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAB2437B401 for ; Mon, 2 Jun 2003 13:29:49 -0700 (PDT) Received: from ns1.gnf.org (ns1.gnf.org [63.196.132.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 058DC43F3F for ; Mon, 2 Jun 2003 13:29:49 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns1.gnf.org (8.12.8p1/8.12.8) with ESMTP id h52KTltF094793 for ; Mon, 2 Jun 2003 13:29:47 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Mon, 2 Jun 2003 13:29:48 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h52KTmjX021527; Mon, 2 Jun 2003 13:29:48 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h52KTlDa021526; Mon, 2 Jun 2003 13:29:47 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 2 Jun 2003 13:29:47 -0700 From: Gordon Tetlow To: Dag-Erling Smorgrav Message-ID: <20030602202947.GE87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YvpLBQJFkgiI+gkH" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 02 Jun 2003 20:29:48.0894 (UTC) FILETIME=[B690EFE0:01C32945] cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 20:29:50 -0000 --YvpLBQJFkgiI+gkH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2003 at 10:21:16PM +0200, Dag-Erling Smorgrav wrote: > Gordon Tetlow writes: > > There will be a performance hit associated with this. I did a quick > > measurement at boot and my boot time (from invocation of /etc/rc to > > the login prompt) went from 12 seconds with a static root to 15 > > seconds with a dynamic root. I have yet to perform a worldstone on > > it. >=20 > Was /bin/sh dynamically linked? It shouldn't be. Why shouldn't it be dynamically linked? I'd like to be able to use ~username expansion via nss_ldap. -gordon --YvpLBQJFkgiI+gkH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+27O7Ru2t9DV9ZfsRAjikAKCP9D3g7SHP/gGcZrB+t2/+nvAKSwCgiJhC QyWE4/qb0f6KMb5Goz1Jx18= =SLcO -----END PGP SIGNATURE----- --YvpLBQJFkgiI+gkH-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 13:46:00 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4C7637B401 for ; Mon, 2 Jun 2003 13:46:00 -0700 (PDT) Received: from lakemtao07.cox.net (lakemtao07.cox.net [68.1.17.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE68443F3F for ; Mon, 2 Jun 2003 13:45:59 -0700 (PDT) (envelope-from mezz7@cox.net) Received: from sysinfo.mezzweb.com ([68.103.37.247]) by lakemtao07.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20030602204557.EYGW4514.lakemtao07.cox.net@sysinfo.mezzweb.com>; Mon, 2 Jun 2003 16:45:57 -0400 To: Kenneth Culver , arch@freebsd.org References: <20030602162027.E11044-100000@alpha.yumyumyum.org> Message-ID: Content-Type: text/plain; charset=utf-8; format=flowed From: Jeremy Messenger MIME-Version: 1.0 Date: Mon, 02 Jun 2003 15:31:30 -0500 In-Reply-To: <20030602162027.E11044-100000@alpha.yumyumyum.org> User-Agent: Opera7.11/Linux M2 build 406 Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 20:46:01 -0000 On Mon, 2 Jun 2003 16:22:11 -0400 (EDT), Kenneth Culver wrote: >> I don't want to sound harsh, and I do appreciate your work. However, >> I think the last thing FreeBSD needs now is to get slower. We're >> already far slower than that other free OS. Shouldn't we consider >> making the dynamic root optional and leaving a static root as >> standard? > > Since when are we "far slower" than the other free operating system? > According to all my benchmarks and personal use, the two are about the > same, with FreeBSD "feeling" slightly faster. That said, I think making > the / binaries dynamically linked optional is a good idea. IMO, lose the 25% of performance is not an opinion. Cheers, Mezz > Ken -- bsdforums.org 's moderator, mezz. From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 14:05:41 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5902E37B401 for ; Mon, 2 Jun 2003 14:05:41 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id B345F43F75 for ; Mon, 2 Jun 2003 14:05:40 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id DE6305308; Mon, 2 Jun 2003 23:05:38 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Gordon Tetlow References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> From: Dag-Erling Smorgrav Date: Mon, 02 Jun 2003 23:05:37 +0200 In-Reply-To: <20030602202947.GE87863@roark.gnf.org> (Gordon Tetlow's message of "Mon, 2 Jun 2003 13:29:47 -0700") Message-ID: User-Agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 21:05:41 -0000 Gordon Tetlow writes: > On Mon, Jun 02, 2003 at 10:21:16PM +0200, Dag-Erling Smorgrav wrote: > > Was /bin/sh dynamically linked? It shouldn't be. > Why shouldn't it be dynamically linked? I'd like to be able to use > ~username expansion via nss_ldap. Because forking a dynamically linked binary is slower, and /bin/sh forks a lot. DES -- Dag-Erling Smorgrav - des@ofug.org From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 14:07:38 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A76837B401 for ; Mon, 2 Jun 2003 14:07:38 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBB0A43F75 for ; Mon, 2 Jun 2003 14:07:37 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h52L7bMD000500 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 2 Jun 2003 17:07:37 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h52L7WN45895; Mon, 2 Jun 2003 17:07:32 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16091.48276.54493.198345@grasshopper.cs.duke.edu> Date: Mon, 2 Jun 2003 17:07:32 -0400 (EDT) To: Gordon Tetlow In-Reply-To: <20030602201337.GD87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> <16091.44150.539095.704531@grasshopper.cs.duke.edu> <20030602201337.GD87863@roark.gnf.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 21:07:38 -0000 Gordon Tetlow writes: > On Mon, Jun 02, 2003 at 03:58:46PM -0400, Andrew Gallatin wrote: > > > > Gordon Tetlow writes: > > > > > > There will be a performance hit associated with this. I did a quick > > > measurement at boot and my boot time (from invocation of /etc/rc to > > > the login prompt) went from 12 seconds with a static root to 15 > > > seconds with a dynamic root. I have yet to perform a worldstone on > > > it. > > > > Wow! That's a 25% pessimization. I'm afraid that other heavily > > scripted and or fork intensive environments may fair just as poorly > > (dynamic web content, SMTP servers, etc) as the startup scripts. > > You need to realize that with the advent of rcNG that their are alot > of additional shell invocations. Also bear in mind that your dynamic In the boot scripts. I agree that the time to boot is not a concern. My main concern is other scripting intensive areas of the system which you may not have measured. > web content and SMTP servers are already going to be dynamically linked. Sure, but if they're using shell scripting at all, then the applications they invoke may not be. /bin/sh and /bin/ls, for example. > In fact, the thing that will be hardest hit will be the boot scripts. If that's true, then that's fine. However, if you propose making such a big change, then I think the burden is on you to prove that it will not impact other areas of the system. I look forward to seeing the worldstones, preferrably from a -j4 or higher build. If there's not a measurable slowdown there, then I'll shutup. Thanks, Drew From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 14:19:36 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5FBF37B401 for ; Mon, 2 Jun 2003 14:19:36 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E1D643FBD for ; Mon, 2 Jun 2003 14:19:36 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h52LJZMD001159 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 2 Jun 2003 17:19:35 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h52LJUC45911; Mon, 2 Jun 2003 17:19:30 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16091.48994.166392.824851@grasshopper.cs.duke.edu> Date: Mon, 2 Jun 2003 17:19:30 -0400 (EDT) To: Kenneth Culver In-Reply-To: <20030602162027.E11044-100000@alpha.yumyumyum.org> References: <16091.44150.539095.704531@grasshopper.cs.duke.edu> <20030602162027.E11044-100000@alpha.yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 21:19:37 -0000 Kenneth Culver writes: > > I don't want to sound harsh, and I do appreciate your work. However, > > I think the last thing FreeBSD needs now is to get slower. We're > > already far slower than that other free OS. Shouldn't we consider > > making the dynamic root optional and leaving a static root as > > standard? > > Since when are we "far slower" than the other free operating system? > According to all my benchmarks and personal use, the two are about the > same, with FreeBSD "feeling" slightly faster. That said, I think making > the / binaries dynamically linked optional is a good idea. Since SMPng. Try running webstone (available in ports) on a server with multiple 10/100 links, or a gig link. By any metric you choose, 5.x is slower than 4.x, and much slower than linux. Note this is not intended to be a criticism of SMPng. Once the locking in 5.x is completed, I think things will look a _LOT_ better. But as it is now, we're paying most of the price and not reaping many benefits because too much of the system is still under Giant. Drew From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 14:25:45 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A20637B401 for ; Mon, 2 Jun 2003 14:25:45 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9F9943FA3 for ; Mon, 2 Jun 2003 14:25:44 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h52LPiVI002292; Mon, 2 Jun 2003 14:25:44 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h52LPhhc002291; Mon, 2 Jun 2003 14:25:43 -0700 (PDT) Date: Mon, 2 Jun 2003 14:25:43 -0700 (PDT) From: Matthew Dillon Message-Id: <200306022125.h52LPhhc002291@apollo.backplane.com> To: Dag-Erling Smorgrav References: <20030602171942.GA87863@roark.gnf.org> cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 21:25:45 -0000 : :Gordon Tetlow writes: :> On Mon, Jun 02, 2003 at 10:21:16PM +0200, Dag-Erling Smorgrav wrote: :> > Was /bin/sh dynamically linked? It shouldn't be. :> Why shouldn't it be dynamically linked? I'd like to be able to use :> ~username expansion via nss_ldap. : :Because forking a dynamically linked binary is slower, and /bin/sh :forks a lot. : :DES :-- :Dag-Erling Smorgrav - des@ofug.org I think you meant 'EXECing' a dynamically linked binary is slower. fork() should not be appreciably slower. An exec will take a lot of copy-on-write faults vs static, fork() might take one or two extra faults due to data being strewn all over the place vs static. In anycase, this is a convenience vs performance issue. I think a number of solutions should be investigated before people give up and start hacking dynamic vs static binaries. For example, a lot of startup delay is due to disk waiting (since nothing is in the disk cache at system start!). Running certain daemon startups in the background might yield a significant overall improvement in startup times. e.g. instead of running 'sshd' you would run sshd in a subshell, aka (sshd &), so the RC script can continue on with the next thing without having to wait for sshd to fault-in from disk. Same goes for sendmail and many other daemons. -Matt From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 14:49:58 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFF4437B401 for ; Mon, 2 Jun 2003 14:49:58 -0700 (PDT) Received: from ns2.gnf.org (ns2.gnf.org [63.196.132.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAFEC43FA3 for ; Mon, 2 Jun 2003 14:49:57 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns2.gnf.org (8.12.8p1/8.12.8) with ESMTP id h52LnsRo033006 for ; Mon, 2 Jun 2003 14:49:54 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Mon, 2 Jun 2003 14:49:57 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h52LnvjX022584; Mon, 2 Jun 2003 14:49:57 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h52Lnurm022583; Mon, 2 Jun 2003 14:49:56 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 2 Jun 2003 14:49:56 -0700 From: Gordon Tetlow To: Matthew Dillon Message-ID: <20030602214956.GG87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7raWMR16iNBCoLkx" Content-Disposition: inline In-Reply-To: <200306022125.h52LPhhc002291@apollo.backplane.com> User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 02 Jun 2003 21:49:57.0689 (UTC) FILETIME=[E8D4D290:01C32950] cc: arch@freebsd.org cc: Dag-Erling Smorgrav Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 21:49:59 -0000 --7raWMR16iNBCoLkx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: >=20 > In anycase, this is a convenience vs performance issue. I think a nu= mber > of solutions should be investigated before people give up and start= =20 > hacking dynamic vs static binaries. For example, a lot of startup de= lay > is due to disk waiting (since nothing is in the disk cache at system > start!). Running certain daemon startups in the background might yie= ld > a significant overall improvement in startup times. =20 Actually, it was a diskless boot, so it was in the system cache. =3D) I know this is a rigged demo, but the point is the same, yes, it's slower, but we also have a huge gain from going to a dynamically linked world. It would also serve as encouragement to get things like pre-binding and caching working. -gordon --7raWMR16iNBCoLkx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+28aERu2t9DV9ZfsRAo1KAJ9v90bPH4IAwoAczvpcY9GQ63MvfwCgmtp1 Uq/Rohdl1Vl/QLjFWbpVA1o= =aM2N -----END PGP SIGNATURE----- --7raWMR16iNBCoLkx-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 15:19:05 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C778137B401 for ; Mon, 2 Jun 2003 15:19:05 -0700 (PDT) Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BC9843F85 for ; Mon, 2 Jun 2003 15:19:05 -0700 (PDT) (envelope-from kientzle@acm.org) Received: from acm.org (big.x.kientzle.com [66.166.149.54]) by kientzle.com (8.12.9/8.12.9) with ESMTP id h52MJ4tJ097198; Mon, 2 Jun 2003 15:19:04 -0700 (PDT) (envelope-from kientzle@acm.org) Message-ID: <3EDBCDD2.1080900@acm.org> Date: Mon, 02 Jun 2003 15:21:06 -0700 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011206 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dag-Erling Smorgrav References: <20030602171942.GA87863@roark.gnf.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kientzle@acm.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 22:19:06 -0000 Dag-Erling Smorgrav wrote: > Gordon Tetlow writes: >>... my boot time ... went from 12 seconds with a static root to 15 >>seconds with a dynamic root. > > Was /bin/sh dynamically linked? It shouldn't be. Sorry, but /bin/sh calls 'getpwnam()', which means /bin/sh should use NSS, and thus needs to be dynamically linked. The _only_ program that I can see any useful debate about is /sbin/init. Making it dynamic requires implementing safety features in the kernel to run /rescue/init if /sbin/init is present but fails. Once those features are present, then I think _everything_ (but /rescue) should be dynamic. Period. Tim From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 15:24:18 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E133D37B401 for ; Mon, 2 Jun 2003 15:24:18 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41BC543F75 for ; Mon, 2 Jun 2003 15:24:18 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h52MOIVI002730; Mon, 2 Jun 2003 15:24:18 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h52MOIwj002729; Mon, 2 Jun 2003 15:24:18 -0700 (PDT) Date: Mon, 2 Jun 2003 15:24:18 -0700 (PDT) From: Matthew Dillon Message-Id: <200306022224.h52MOIwj002729@apollo.backplane.com> To: Gordon Tetlow References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> <20030602214956.GG87863@roark.gnf.org> cc: arch@freebsd.org cc: Dag-Erling Smorgrav Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 22:24:19 -0000 :Actually, it was a diskless boot, so it was in the system cache. =3D) I :know this is a rigged demo, but the point is the same, yes, it's slower, :but we also have a huge gain from going to a dynamically linked world. :It would also serve as encouragement to get things like pre-binding and :caching working. : :-gordon Ah, but you are still waiting on 'disk I/O'... it just happens to be *network* disk I/O, so it doesn't matter if it's in the server's cache or not. A lot of the delay is due to the client program stalling until the page is faulted in over the network (and not doing any other work in the mean time), then running for a few cycles and stalling again waiting for the next random page to be faulted in. Another big issue with the diskless code is the path cache. Whenever a shell script runs a program using a relative path (like 'ls' instead of '/bin/ls'), it tries to stat the program file for each path element in the path. With a local disk the local system's name cache is coherent and these operations are nearly instantanious. Over NFS, however, a lot of retesting of the same paths are done over the network over and over again, leading to a massive perceived slow down, and even retesting a good path like /bin/sh often generates NFS traffic looking up "/bin/sh" over and over again. For example, if in one window you start a tcpdump and monitor port 2049 (typically nfsd), and in another window you run /bin/sh, you will see at least 3 NFS lookups. If you exit the shell and run it again you will see the same 3 NFS lookups again. And again, and again. This alone is probably responsible for most of the rc script slowdown. It is probably all the path lookups on the dynamic link libraries at program startup that is causing the problem, not exec() per-say. If you think running /bin/sh produces a lot of NFS traffic, try running '/usr/bin/nm' without any arguments and look at the NFS traffic. /usr/bin/nm, being a dynamic executable, will do no less then 14 uncacheable synchronous NFS operations just to deal with its shared libraries. -Matt From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 15:47:44 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12D1537B401 for ; Mon, 2 Jun 2003 15:47:44 -0700 (PDT) Received: from ns1.xcllnt.net (209-128-86-226.BAYAREA.NET [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3E2743FA3 for ; Mon, 2 Jun 2003 15:47:42 -0700 (PDT) (envelope-from marcel@xcllnt.net) Received: from dhcp01.pn.xcllnt.net (dhcp01.pn.xcllnt.net [192.168.4.201]) by ns1.xcllnt.net (8.12.9/8.12.9) with ESMTP id h52MlZwk004284; Mon, 2 Jun 2003 15:47:35 -0700 (PDT) (envelope-from marcel@piii.pn.xcllnt.net) Received: from dhcp01.pn.xcllnt.net (localhost [127.0.0.1]) by dhcp01.pn.xcllnt.net (8.12.9/8.12.9) with ESMTP id h52MlZfA001600; Mon, 2 Jun 2003 15:47:35 -0700 (PDT) (envelope-from marcel@dhcp01.pn.xcllnt.net) Received: (from marcel@localhost) by dhcp01.pn.xcllnt.net (8.12.9/8.12.9/Submit) id h52MlZnV001599; Mon, 2 Jun 2003 15:47:35 -0700 (PDT) Date: Mon, 2 Jun 2003 15:47:34 -0700 From: Marcel Moolenaar To: Gordon Tetlow Message-ID: <20030602224734.GC1345@dhcp01.pn.xcllnt.net> References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> <20030602214956.GG87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030602214956.GG87863@roark.gnf.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org cc: Matthew Dillon cc: Dag-Erling Smorgrav Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 22:47:44 -0000 On Mon, Jun 02, 2003 at 02:49:56PM -0700, Gordon Tetlow wrote: > On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: > > > > In anycase, this is a convenience vs performance issue. I think a number > > of solutions should be investigated before people give up and start > > hacking dynamic vs static binaries. For example, a lot of startup delay > > is due to disk waiting (since nothing is in the disk cache at system > > start!). Running certain daemon startups in the background might yield > > a significant overall improvement in startup times. > > Actually, it was a diskless boot, so it was in the system cache. =) I > know this is a rigged demo, but the point is the same, yes, it's slower, > but we also have a huge gain from going to a dynamically linked world. > It would also serve as encouragement to get things like pre-binding and > caching working. Please do not rectify or relativate the performance loss of a 100% shared world by hinting towards pre-binding and/or caching. If the success of a 100% shared world depends on prebinding, then I suggest we abandon the attempt right here, right now. I don't think it is realized how big a wormhole prebinding really is. I support a 100% shared world, but we should not abandon staticly linked /bin and /sbin. Let's just create the mechanics to allow one to choose for whatever reason one might have to choose one way or the other and let's make sure that we nailed it completely. I don't want to see any entries in UPDATING to overcome switching from one to the other or to describe the steps required to do a trivial source upgrade. I suggest we get the functionality in without actually changing the default. We can change the default anytime after that when we are confident that we covered everything and have understanding of the overall impact of switching... My $0.02, FWIW ($0.02 presumably) -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 15:58:11 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E0E437B401 for ; Mon, 2 Jun 2003 15:58:10 -0700 (PDT) Received: from ns1.gnf.org (ns1.gnf.org [63.196.132.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5CF543F93 for ; Mon, 2 Jun 2003 15:58:09 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns1.gnf.org (8.12.8p1/8.12.8) with ESMTP id h52Mw7tF095632 for ; Mon, 2 Jun 2003 15:58:07 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Mon, 2 Jun 2003 15:58:09 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h52Mw8jX023588; Mon, 2 Jun 2003 15:58:09 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h52Mw76H023587; Mon, 2 Jun 2003 15:58:07 -0700 (PDT) (envelope-from gtetlow) Date: Mon, 2 Jun 2003 15:58:07 -0700 From: Gordon Tetlow To: Marcel Moolenaar Message-ID: <20030602225807.GI87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> <20030602214956.GG87863@roark.gnf.org> <20030602224734.GC1345@dhcp01.pn.xcllnt.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6DpgemkcHclpK+A" Content-Disposition: inline In-Reply-To: <20030602224734.GC1345@dhcp01.pn.xcllnt.net> User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 02 Jun 2003 22:58:09.0398 (UTC) FILETIME=[6FAE1160:01C3295A] cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 22:58:11 -0000 --d6DpgemkcHclpK+A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 02, 2003 at 03:47:34PM -0700, Marcel Moolenaar wrote: > On Mon, Jun 02, 2003 at 02:49:56PM -0700, Gordon Tetlow wrote: > >=20 > > Actually, it was a diskless boot, so it was in the system cache. =3D) I > > know this is a rigged demo, but the point is the same, yes, it's slower, > > but we also have a huge gain from going to a dynamically linked world. > > It would also serve as encouragement to get things like pre-binding and > > caching working. >=20 > Please do not rectify or relativate the performance loss of a 100% > shared world by hinting towards pre-binding and/or caching. If the > success of a 100% shared world depends on prebinding, then I suggest > we abandon the attempt right here, right now. I don't think it is > realized how big a wormhole prebinding really is. I'm not saying we need either solution for a shared world to work. I was trying to say that if people think that a shared world is slow that it might cause someone to do something clever and get pre-binding or the like working. Again, it's not strictly needed. > I support a 100% shared world, but we should not abandon staticly > linked /bin and /sbin. Let's just create the mechanics to allow > one to choose for whatever reason one might have to choose one way > or the other and let's make sure that we nailed it completely. I > don't want to see any entries in UPDATING to overcome switching > from one to the other or to describe the steps required to do a > trivial source upgrade. My hope is to do just that and make it as painless as possible to switch. It's non-trivial and considering the easy with which foot- shooting can commence, I hestiate to ask people to touch any of my patches. > I suggest we get the functionality in without actually changing the > default. We can change the default anytime after that when we are > confident that we covered everything and have understanding of the > overall impact of switching... I'm trying to provide options. I'm encouraging a dynamic world (and think it's the correct solution for 5.2, esp if we are going to be touting our NSS support). -gordon --d6DpgemkcHclpK+A Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+29Z/Ru2t9DV9ZfsRAg6EAKCvMeTT2L/PQ/KOQ39YUlovOwvbGgCfQD8J i1sgJf5Xy5Qxu6V2Y3tW00g= =bCOw -----END PGP SIGNATURE----- --d6DpgemkcHclpK+A-- From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 16:18:01 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B946C37B404 for ; Mon, 2 Jun 2003 16:18:01 -0700 (PDT) Received: from ns1.xcllnt.net (209-128-86-226.BAYAREA.NET [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29EA143FAF for ; Mon, 2 Jun 2003 16:18:00 -0700 (PDT) (envelope-from marcel@xcllnt.net) Received: from dhcp01.pn.xcllnt.net (dhcp01.pn.xcllnt.net [192.168.4.201]) by ns1.xcllnt.net (8.12.9/8.12.9) with ESMTP id h52NHxwk004463; Mon, 2 Jun 2003 16:17:59 -0700 (PDT) (envelope-from marcel@piii.pn.xcllnt.net) Received: from dhcp01.pn.xcllnt.net (localhost [127.0.0.1]) by dhcp01.pn.xcllnt.net (8.12.9/8.12.9) with ESMTP id h52NHxfA001704; Mon, 2 Jun 2003 16:17:59 -0700 (PDT) (envelope-from marcel@dhcp01.pn.xcllnt.net) Received: (from marcel@localhost) by dhcp01.pn.xcllnt.net (8.12.9/8.12.9/Submit) id h52NHxdX001703; Mon, 2 Jun 2003 16:17:59 -0700 (PDT) Date: Mon, 2 Jun 2003 16:17:59 -0700 From: Marcel Moolenaar To: Gordon Tetlow Message-ID: <20030602231759.GE1345@dhcp01.pn.xcllnt.net> References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> <20030602214956.GG87863@roark.gnf.org> <20030602224734.GC1345@dhcp01.pn.xcllnt.net> <20030602225807.GI87863@roark.gnf.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030602225807.GI87863@roark.gnf.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 23:18:02 -0000 On Mon, Jun 02, 2003 at 03:58:07PM -0700, Gordon Tetlow wrote: > > My hope is to do just that and make it as painless as possible to > switch. It's non-trivial and considering the easy with which foot- > shooting can commence, I hestiate to ask people to touch any of my > patches. Fair enough. > I'm trying to provide options. I'm encouraging a dynamic world (and > think it's the correct solution for 5.2, esp if we are going to be > touting our NSS support). Let's cross that bridge when we come to it. I can't recall seeing a technical reason why we should not *allow* a shared world (I've seen technical reasons why we should allow it). Most, if not all resistence is about making it the default (AFAICT). Let's allow it first. Have a bike shed about the default later. -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 17:05:17 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F20E37B401 for ; Mon, 2 Jun 2003 17:05:17 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50A2F43F75 for ; Mon, 2 Jun 2003 17:05:16 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h5305DMD008808 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 2 Jun 2003 20:05:13 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h53058746113; Mon, 2 Jun 2003 20:05:08 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16091.58932.136814.96996@grasshopper.cs.duke.edu> Date: Mon, 2 Jun 2003 20:05:08 -0400 (EDT) To: arch@freebsd.org In-Reply-To: <20030602231759.GE1345@dhcp01.pn.xcllnt.net> References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> <20030602214956.GG87863@roark.gnf.org> <20030602224734.GC1345@dhcp01.pn.xcllnt.net> <20030602225807.GI87863@roark.gnf.org> <20030602231759.GE1345@dhcp01.pn.xcllnt.net> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 00:05:17 -0000 Marcel Moolenaar writes: > technical reasons why we should allow it). Most, if not all resistence > is about making it the default (AFAICT). Let's allow it first. Have a > bike shed about the default later. I'm in 100% agreement with this. Drew From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 18:06:02 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76B3D37B401 for ; Mon, 2 Jun 2003 18:06:02 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EF3843FB1 for ; Mon, 2 Jun 2003 18:06:00 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.8/8.12.3) with ESMTP id h5315ckA007890; Mon, 2 Jun 2003 19:05:38 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 02 Jun 2003 19:05:32 -0600 (MDT) Message-Id: <20030602.190532.01207353.imp@bsdimp.com> To: arch@freebsd.org, gallatin@cs.duke.edu From: "M. Warner Losh" In-Reply-To: <16091.44150.539095.704531@grasshopper.cs.duke.edu> References: <20030602171942.GA87863@roark.gnf.org> <16091.44150.539095.704531@grasshopper.cs.duke.edu> X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 01:06:02 -0000 In message: <16091.44150.539095.704531@grasshopper.cs.duke.edu> Andrew Gallatin writes: : > space. Currently (on my x86 box), /bin and /sbin are 32 MB. With : > a dynamically linked root (and some pruning of some binaries), the : > /bin, /lib, and /sbin come out to 6.1 MB. This should be great for : > people with 2.x and 3.x era root partitions that are only about 50 : > MB. : : Assuming disks cost $1.00 US per gig, this 25% performance penalty : saves roughly 2.5 cents worth of disk space. Admittedly, embedded : environments need the disk savings and might not care about the : performance penalty. But that's just another argument for making it : optional. I actually have used this to upgrade a system I've been using for a while. Warner From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 18:08:29 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1310E37B405 for ; Mon, 2 Jun 2003 18:08:27 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1A0443F75 for ; Mon, 2 Jun 2003 18:08:22 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.8/8.12.3) with ESMTP id h5318AkA007928; Mon, 2 Jun 2003 19:08:10 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 02 Jun 2003 19:08:04 -0600 (MDT) Message-Id: <20030602.190804.68159355.imp@bsdimp.com> To: gallatin@cs.duke.edu From: "M. Warner Losh" In-Reply-To: <16091.58932.136814.96996@grasshopper.cs.duke.edu> References: <20030602225807.GI87863@roark.gnf.org> <20030602231759.GE1345@dhcp01.pn.xcllnt.net> <16091.58932.136814.96996@grasshopper.cs.duke.edu> X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 01:08:29 -0000 In message: <16091.58932.136814.96996@grasshopper.cs.duke.edu> Andrew Gallatin writes: : Marcel Moolenaar writes: : > technical reasons why we should allow it). Most, if not all resistence : > is about making it the default (AFAICT). Let's allow it first. Have a : > bike shed about the default later. : : I'm in 100% agreement with this. ME TOO!!! These patches have already proven useful to me. Warner From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 23:31:16 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33DF437B401 for ; Mon, 2 Jun 2003 23:31:16 -0700 (PDT) Received: from pop015.verizon.net (pop015pub.verizon.net [206.46.170.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5987B43FA3 for ; Mon, 2 Jun 2003 23:31:15 -0700 (PDT) (envelope-from mtm@identd.net) Received: from kokeb.ambesa.net ([138.88.0.86]) by pop015.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030603063114.CBRK20810.pop015.verizon.net@kokeb.ambesa.net>; Tue, 3 Jun 2003 01:31:14 -0500 Date: Tue, 3 Jun 2003 02:31:13 -0400 From: Mike Makonnen To: Gordon Tetlow In-Reply-To: <20030602201337.GD87863@roark.gnf.org> References: <20030602171942.GA87863@roark.gnf.org> <16091.44150.539095.704531@grasshopper.cs.duke.edu> <20030602201337.GD87863@roark.gnf.org> X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at pop015.verizon.net from [138.88.0.86] at Tue, 3 Jun 2003 01:31:14 -0500 Message-Id: <20030603063114.CBRK20810.pop015.verizon.net@kokeb.ambesa.net> cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 06:31:16 -0000 On Mon, 2 Jun 2003 13:13:37 -0700 Gordon Tetlow wrote: > On Mon, Jun 02, 2003 at 03:58:46PM -0400, Andrew Gallatin wrote: > > > > Wow! That's a 25% pessimization. I'm afraid that other heavily > > scripted and or fork intensive environments may fair just as poorly > > (dynamic web content, SMTP servers, etc) as the startup scripts. > > You need to realize that with the advent of rcNG that their are alot > of additional shell invocations. Also bear in mind that your dynamic > web content and SMTP servers are already going to be dynamically linked. > In fact, the thing that will be hardest hit will be the boot scripts. Gordon, Here's a patch that goes through the most often used portions of rc.d and uses absolute pathnames for commands as well as substite the shell builtin function, test instead of [ ... ]. It shaved 6 seconds off my boot of a statically linked root on an AMD K6-333. Cheers. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 mtm@FreeBSD.Org| FreeBSD - The Power To Serve From owner-freebsd-arch@FreeBSD.ORG Mon Jun 2 23:55:41 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A840137B401 for ; Mon, 2 Jun 2003 23:55:41 -0700 (PDT) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2640643F75 for ; Mon, 2 Jun 2003 23:55:41 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfj2f.dialup.mindspring.com ([165.247.204.79] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19N5hr-0001N1-00; Mon, 02 Jun 2003 23:55:39 -0700 Message-ID: <3EDC4627.E40F8DC2@mindspring.com> Date: Mon, 02 Jun 2003 23:54:31 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Gordon Tetlow References: <20030602171942.GA87863@roark.gnf.org> <20030602201337.GD87863@roark.gnf.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4c7db0bac6e47487f14ded1b7a0b23a70350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 06:55:41 -0000 Gordon Tetlow wrote: > You need to realize that with the advent of rcNG that their are alot > of additional shell invocations. Also bear in mind that your dynamic > web content and SMTP servers are already going to be dynamically linked. > In fact, the thing that will be hardest hit will be the boot scripts. You'd think it'd be possible to take all the scripts and put them together into one script, and cache a copy of it for the next invocation, with a single uncoelesced stub script that checked the dates on the files vs. the cached copy, and regenereated a new cached copy, if the cached copy were older than any of the files. -- Terry From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 00:15:24 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AA9437B401 for ; Tue, 3 Jun 2003 00:15:24 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77C0543F93 for ; Tue, 3 Jun 2003 00:15:23 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfj2f.dialup.mindspring.com ([165.247.204.79] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19N60m-0004e9-00; Tue, 03 Jun 2003 00:15:13 -0700 Message-ID: <3EDC4ABA.F923A9C8@mindspring.com> Date: Tue, 03 Jun 2003 00:14:02 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Dillon References: <20030602171942.GA87863@roark.gnf.org> <20030602202947.GE87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> <200306022224.h52MOIwj002729@apollo.backplane.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4da9196cd59c2088f9440058127991a97387f7b89c61deb1d350badd9bab72f9c350badd9bab72f9c cc: Dag-Erling Smorgrav cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 07:15:24 -0000 Matthew Dillon wrote: > Ah, but you are still waiting on 'disk I/O'... it just happens to be > *network* disk I/O, so it doesn't matter if it's in the server's > cache or not. > > A lot of the delay is due to the client program stalling until the page > is faulted in over the network (and not doing any other work in the mean > time), then running for a few cycles and stalling again waiting for the > next random page to be faulted in. Yes. This is still incredibly frustrating; the same stall happens in N:M and N:1 threading models, whenever a page fault happens, since it stalls the kernel thread where the fault occurred, meaning it can't run other user space code while it's waiting for the fault to be satisfied. It would be very useful if other code could proceed while waiting for the fault; particularly when it's a decriptor with non-blocking I/O set on it (you'd expect the fault to proceed in the background, and make the data be there for when you retry the read). > Another big issue with the diskless code is the path cache. Whenever > a shell script runs a program using a relative path (like 'ls' instead of > '/bin/ls'), it tries to stat the program file for each path element in > the path. With a local disk the local system's name cache is coherent > and these operations are nearly instantanious. Over NFS, however, a > lot of retesting of the same paths are done over the network over and > over again, leading to a massive perceived slow down, and even retesting > a good path like /bin/sh often generates NFS traffic looking up "/bin/sh" > over and over again. The effects of this should be much less than you imply, as long as you are hitting the same terminal object name several times (that's why the name cache support negative caching). > For example, if in one window you start a tcpdump and monitor port > 2049 (typically nfsd), and in another window you run /bin/sh, you > will see at least 3 NFS lookups. If you exit the shell and run it again > you will see the same 3 NFS lookups again. And again, and again. Then the negative caching is broken, and needs to be fixed. Actually, there's probably some extra wire traffic happening, if you aren't using NFSv3, which caches VOP_ACCESS() calls when it can. Probably the name cache code should be done higher up in the VFS layer, so that it's mostly operating no local nfsnode data, or just the vnode; only it's not. -- Terry From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 01:05:13 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7203E37B401 for ; Tue, 3 Jun 2003 01:05:13 -0700 (PDT) Received: from cirb503493.alcatel.com.au (c18609.belrs1.nsw.optusnet.com.au [210.49.80.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id D388F43F3F for ; Tue, 3 Jun 2003 01:05:11 -0700 (PDT) (envelope-from peterjeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])h53850p9057807; Tue, 3 Jun 2003 18:05:00 +1000 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost) by cirb503493.alcatel.com.au (8.12.8/8.12.8/Submit) id h5384v1o057806; Tue, 3 Jun 2003 18:04:57 +1000 (EST) Date: Tue, 3 Jun 2003 18:04:56 +1000 From: Peter Jeremy To: Matthew Dillon Message-ID: <20030603080456.GA57773@cirb503493.alcatel.com.au> References: <20030602171942.GA87863@roark.gnf.org> <200306022125.h52LPhhc002291@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306022125.h52LPhhc002291@apollo.backplane.com> User-Agent: Mutt/1.4.1i cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 08:05:13 -0000 On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: > start!). Running certain daemon startups in the background might yield > a significant overall improvement in startup times. > > e.g. instead of running 'sshd' you would run sshd in a subshell, aka > (sshd &), so the RC script can continue on with the next thing without > having to wait for sshd to fault-in from disk. Same goes for sendmail > and many other daemons. This isn't a definite win. I know in the past it used to actually slow things down: To take your example, having both sshd and sendmail attempting to fault-in from disk in parallel will thrash both the disk and cache far more than sshd and sendmail sequentially faulting in. A very large number of daemons trying to start in parallel will also stress the scheduler. Peter From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 01:11:58 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C201537B401 for ; Tue, 3 Jun 2003 01:11:58 -0700 (PDT) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CD3843FAF for ; Tue, 3 Jun 2003 01:11:57 -0700 (PDT) (envelope-from danfe@regency.nsu.ru) Received: from mail by mx.nsu.ru with drweb-scanned (Exim 3.36 #1 (Debian)) id 19N6wj-0007UZ-00; Tue, 03 Jun 2003 15:15:05 +0700 Received: from regency.nsu.ru ([193.124.210.26]) by mx.nsu.ru with esmtp (Exim 3.36 #1 (Debian)) id 19N6wQ-0007Mt-00; Tue, 03 Jun 2003 15:14:46 +0700 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.8/8.12.8) with ESMTP id h538BVM5043600; Tue, 3 Jun 2003 15:11:31 +0700 (NOVST) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.8/8.12.8/Submit) id h538BT5s043599; Tue, 3 Jun 2003 15:11:29 +0700 (NOVST) Date: Tue, 3 Jun 2003 15:11:29 +0700 From: Alexey Dokuchaev To: arch@freebsd.org Message-ID: <20030603081129.GC42929@regency.nsu.ru> References: <20030602171942.GA87863@roark.gnf.org> <16091.44150.539095.704531@grasshopper.cs.duke.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <16091.44150.539095.704531@grasshopper.cs.duke.edu> User-Agent: Mutt/1.4i X-Envelope-To: arch@freebsd.org, gordont@gnf.org X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.1.4 X-Spam-Status: No, hits=-134.0 required=5.0 tests=BOGOFILTER_TEST_PASS,EMAIL_ATTRIBUTION,IN_REP_TO, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT,USER_IN_WHITELIST version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 08:11:59 -0000 On Mon, Jun 02, 2003 at 03:58:46PM -0400, Andrew Gallatin wrote: > > Gordon Tetlow writes: > > > > There will be a performance hit associated with this. I did a quick > > measurement at boot and my boot time (from invocation of /etc/rc to > > the login prompt) went from 12 seconds with a static root to 15 > > seconds with a dynamic root. I have yet to perform a worldstone on > > it. > > Wow! That's a 25% pessimization. I'm afraid that other heavily > scripted and or fork intensive environments may fair just as poorly > (dynamic web content, SMTP servers, etc) as the startup scripts. > > I don't want to sound harsh, and I do appreciate your work. However, > I think the last thing FreeBSD needs now is to get slower. We're > already far slower than that other free OS. Shouldn't we consider Can you show any evidence of how slow is RELENG_5 (and _4) compared to those "other free OS"? Some folks make such statements occasionally, but I haven't heard of any decent benchmarks from them. That would be interesting to know though. Thank you. ./danfe From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 01:37:42 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54DDD37B401 for ; Tue, 3 Jun 2003 01:37:42 -0700 (PDT) Received: from cirb503493.alcatel.com.au (c18609.belrs1.nsw.optusnet.com.au [210.49.80.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2756B43F75 for ; Tue, 3 Jun 2003 01:37:41 -0700 (PDT) (envelope-from peterjeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])h538bbp9057881; Tue, 3 Jun 2003 18:37:38 +1000 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost) by cirb503493.alcatel.com.au (8.12.8/8.12.8/Submit) id h538bW2m057880; Tue, 3 Jun 2003 18:37:32 +1000 (EST) Date: Tue, 3 Jun 2003 18:37:32 +1000 From: Peter Jeremy To: Sean Chittenden Message-ID: <20030603083732.GB57773@cirb503493.alcatel.com.au> References: <20030602171942.GA87863@roark.gnf.org> <20030602191007.GE65470@perrin.int.nxad.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030602191007.GE65470@perrin.int.nxad.com> User-Agent: Mutt/1.4.1i cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 08:37:42 -0000 On Mon, Jun 02, 2003 at 12:10:07PM -0700, Sean Chittenden wrote: >On a different note regarding /rescue, would it be possible to add >less(1) to the rescue set? less needs libcurses which needs termcap which is in /usr. less is also non-trivial in size. Why don't we just add emacs (or perl)? Then we wouldn't need ls or cat or less or sh or ... :-) > In single user mode, scroll lock doesn't work It does on every system I've ever used FreeBSD on - it's handled inside syscons(4). You might like to verify that your scroll lock button is actually returning the keycode that syscons expects. > and there's no way to read recent entries in UPDATING without >cat(1) or head(1). UPDATING is in /usr - by which time you should have cat(1) and head(1). In any case, you can write a "good-enuf" tool to read files in sh: cat() { while read x; do echo $x; done < $1 } (for extra points, make it correctly handle whitespace and pause every screenful of output, using shell builtins only). With a bit of thought, you should be able to read UPDATING from the boot loader. > Lastly, on install, given the importance of having >functioning binaries for /bin and /sbin, has it been considered to >have the programs executed once before install to see if they can run, >possibly with the -V flag? > > ./[progname] --test > install [progname] /bin > >Having make bomb out after having the program run a "self test" that >tests its ability to execute with ld would save many headaches. What does 'see if they can run' cover? Given lazy binding shared libraries, it's quite possible for a program to manage to get to main() and print out a message whilst being unable to actually do any useful work because a critical shared library entry point is missing for some reason. Even without lazy binding, it's still non-trivial to have "self test" code that validates even the "major" code paths (for some definition of "major"). Peter From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 02:43:45 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BCC237B401 for ; Tue, 3 Jun 2003 02:43:45 -0700 (PDT) Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A1A143FBD for ; Tue, 3 Jun 2003 02:43:44 -0700 (PDT) (envelope-from mb@imp.ch) Received: from cvs.imp.ch (cvs.imp.ch [157.161.4.9]) by mail.imp.ch (8.12.6p2/8.12.3) with ESMTP id h539hKEU044222; Tue, 3 Jun 2003 11:43:21 +0200 (CEST) (envelope-from Martin.Blapp@imp.ch) Date: Tue, 3 Jun 2003 11:43:20 +0200 (CEST) From: Martin Blapp To: Andrew Gallatin Message-ID: <20030603113927.I71313@cvs.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 09:43:45 -0000 Hi, >I don't want to sound harsh, and I do appreciate your work. However, >I think the last thing FreeBSD needs now is to get slower. We're >already far slower than that other free OS. Shouldn't we consider >making the dynamic root optional and leaving a static root as >standard? This is during startup. Webservers and all other applications are still dynamically linked as before. No speed loss there. There are other places to speed up the startup ... For example, with my dhclient patch you can speedup the startup time by 5 seconds if you use dhcp ... Martin Martin Blapp, ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 61 826 93 00 Fax: +41 61 826 93 01 PGP: PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 02:59:37 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA03037B401 for ; Tue, 3 Jun 2003 02:59:37 -0700 (PDT) Received: from hannibal.servitor.co.uk (hannibal.servitor.co.uk [195.188.15.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id 220BB43F85 for ; Tue, 3 Jun 2003 02:59:37 -0700 (PDT) (envelope-from paul@hannibal.servitor.co.uk) Received: from paul by hannibal.servitor.co.uk with local (Exim 4.14) id 19N8Zt-000FgB-4M; Tue, 03 Jun 2003 10:59:37 +0100 Date: Tue, 3 Jun 2003 10:59:37 +0100 From: Paul Robinson To: Martin Blapp Message-ID: <20030603095937.GC92839@iconoplex.co.uk> References: <20030603113927.I71313@cvs.imp.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030603113927.I71313@cvs.imp.ch> Sender: Paul Robinson cc: arch@FreeBSD.org cc: Andrew Gallatin Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 09:59:38 -0000 On Tue, Jun 03, 2003 at 11:43:20AM +0200, Martin Blapp wrote: > This is during startup. Webservers and all other applications are > still dynamically linked as before. No speed loss there. Two points (and I apologise for coming in a little late): 1. There is a speed loss in a dynamic environment. It's marginal, and it depends on the apps you need bootstrapping, but it's there. If you require me to benchmark, give me until the weekend. 2. The real issue with dynamic linking is not performance - it's mounting. If I *need* an application up for the box to be useful to me (e.g., lights out server, other continent, I need sshd up) and it can't bootstrap because /usr/local isn't available due to an fsck problem, I'm in a bit of trouble. This is why root's shell should alwayd be statically linked, always in /bin and why for years when su'ing the first command I would type would be /usr/local/bin/tcsh rather than have tcsh as my default root shell. As an appendix, I could point out the security problems a dynamically linked environment *could* present as well, but normally people aren't that stupid in the administration of their machines. Everything in base required to get a box up to the point of a login prompt, and preferably a remote login, should be statically linked IMHO. > There are other places to speed up the startup ... This is starting to sound like the Microsoft "well, we haven't got it to stop crashing, but the reboots only take 10 seconds now" argument for Win2K. Nobody cares about the speed of startup except laptop users (of which I am one), but rather the security and sanity of startup. Sure, it would be nice if my laptop booted up -STABLE 8.6 seconds quicker than before, but to be honest, I'm just glad it works and I can be sure it will definitely come up no matter what, and no matter how long it will take, and if it won't I have a statically linked shell to help me sort it out. > For example, with my dhclient patch you can speedup the startup > time by 5 seconds if you use dhcp ... That's great again for laptop users, but when you're an admin with a few hundred boxes on the other side of the country, this interesting performance increase doesn't seem quite so funky... -- Paul Robinson From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 03:28:18 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 002D637B401 for ; Tue, 3 Jun 2003 03:28:17 -0700 (PDT) Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01F1743F75 for ; Tue, 3 Jun 2003 03:28:17 -0700 (PDT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Tue, 3 Jun 2003 11:28:09 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 19N8zC-0005MC-00; Tue, 03 Jun 2003 11:25:46 +0100 Date: Tue, 3 Jun 2003 11:25:46 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: Tim Kientzle In-Reply-To: <3EDBCDD2.1080900@acm.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant cc: arch cc: Dag-Erling Smorgrav Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 10:28:18 -0000 On Mon, 2 Jun 2003, Tim Kientzle wrote: > Dag-Erling Smorgrav wrote: > > > Gordon Tetlow writes: > >>... my boot time ... went from 12 seconds with a static root to 15 > >>seconds with a dynamic root. > > > > Was /bin/sh dynamically linked? It shouldn't be. > > > Sorry, but /bin/sh calls 'getpwnam()', which means > /bin/sh should use NSS, and thus needs to be > dynamically linked. I don't think this reasoning is completely sound. A functional (but minimalist) static /bin/sh (or /sbin/sh) will still let you run /usr/local/bells-and-whistles/sh if you need ~user. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Axioms speak louder than words. From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 04:41:05 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8CF637B401 for ; Tue, 3 Jun 2003 04:41:05 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26ECA43F85 for ; Tue, 3 Jun 2003 04:41:05 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h53Bf2MD010007 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 3 Jun 2003 07:41:02 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h53Beu747282; Tue, 3 Jun 2003 07:40:56 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16092.35144.948752.554975@grasshopper.cs.duke.edu> Date: Tue, 3 Jun 2003 07:40:56 -0400 (EDT) To: Martin Blapp In-Reply-To: <20030603113927.I71313@cvs.imp.ch> References: <20030603113927.I71313@cvs.imp.ch> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@FreeBSD.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 11:41:06 -0000 Martin Blapp writes: > > Hi, > > >I don't want to sound harsh, and I do appreciate your work. However, > >I think the last thing FreeBSD needs now is to get slower. We're > >already far slower than that other free OS. Shouldn't we consider > >making the dynamic root optional and leaving a static root as > >standard? > > This is during startup. Webservers and all other applications are > still dynamically linked as before. No speed loss there. > Webservers and all other applications which run shell scripts exec a shell to interpret that script. Regardless of how the parent is linked, if the exec'ed shell is dynamically linked, there is an added cost to exec'ing it. Drew From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 04:53:19 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B1B437B401 for ; Tue, 3 Jun 2003 04:53:19 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1F9F43F3F for ; Tue, 3 Jun 2003 04:53:18 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h53BrHMD010376 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 3 Jun 2003 07:53:17 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h53BrCg47296; Tue, 3 Jun 2003 07:53:12 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16092.35880.546049.416629@grasshopper.cs.duke.edu> Date: Tue, 3 Jun 2003 07:53:12 -0400 (EDT) To: Alexey Dokuchaev In-Reply-To: <20030603081129.GC42929@regency.nsu.ru> References: <20030602171942.GA87863@roark.gnf.org> <16091.44150.539095.704531@grasshopper.cs.duke.edu> <20030603081129.GC42929@regency.nsu.ru> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 11:53:19 -0000 Alexey Dokuchaev writes: > > I don't want to sound harsh, and I do appreciate your work. However, > > I think the last thing FreeBSD needs now is to get slower. We're > > already far slower than that other free OS. Shouldn't we consider > > Can you show any evidence of how slow is RELENG_5 (and _4) compared to > those "other free OS"? Some folks make such statements occasionally, > but I haven't heard of any decent benchmarks from them. That would be > interesting to know though. Thank you. Sure, I can mail you benchmark results privately if you agree not to repost them in a public forum. I don't want the results public because they use a pre-release version of my company's network device driver, and because I no longer have the hosts to duplicate those results. The results were taken on old Dual PIIIs, which I've just upgraded to 3.06Ghz P4s, and I haven't had time to re-run the numbers. But you can also just run /usr/ports/www/webstone yourself. You need to saturate the server, so make sure to use multiple 100Mb links or a Gig link if you have modern hardware. I used apache for a server because its seems to be the most common. Drew From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 04:54:34 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66A6D37B401 for ; Tue, 3 Jun 2003 04:54:34 -0700 (PDT) Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A24C43F3F for ; Tue, 3 Jun 2003 04:54:33 -0700 (PDT) (envelope-from mtm@identd.net) Received: from kokeb.ambesa.net ([138.88.0.86]) by out002.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net>; Tue, 3 Jun 2003 06:54:32 -0500 Date: Tue, 3 Jun 2003 07:54:31 -0400 From: Mike Makonnen To: Andrew Gallatin In-Reply-To: <16092.35144.948752.554975@grasshopper.cs.duke.edu> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from [138.88.0.86] at Tue, 3 Jun 2003 06:54:32 -0500 Message-Id: <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> cc: arch@freebsd.org cc: mb@imp.ch Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 11:54:34 -0000 On Tue, 3 Jun 2003 07:40:56 -0400 (EDT) Andrew Gallatin wrote: > > Webservers and all other applications which run shell scripts exec a > shell to interpret that script. Regardless of how the parent is > linked, if the exec'ed shell is dynamically linked, there is an added > cost to exec'ing it. and these are usually perl, php, or compiled cgi programs, not /bin/sh. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 mtm@FreeBSD.Org| FreeBSD - The Power To Serve From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 04:57:27 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B524B37B401 for ; Tue, 3 Jun 2003 04:57:27 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id F32E443FB1 for ; Tue, 3 Jun 2003 04:57:26 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h53BvQMD010482 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 3 Jun 2003 07:57:26 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h53BvLF47305; Tue, 3 Jun 2003 07:57:21 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16092.36129.388194.477452@grasshopper.cs.duke.edu> Date: Tue, 3 Jun 2003 07:57:21 -0400 (EDT) To: Mike Makonnen In-Reply-To: <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 11:57:28 -0000 Mike Makonnen writes: > On Tue, 3 Jun 2003 07:40:56 -0400 (EDT) > Andrew Gallatin wrote: > > > > > Webservers and all other applications which run shell scripts exec a > > shell to interpret that script. Regardless of how the parent is > > linked, if the exec'ed shell is dynamically linked, there is an added > > cost to exec'ing it. > > and these are usually perl, php, or compiled cgi programs, not /bin/sh. > Ok, maybe a webserver is a bad example. But you must admit that /bin/sh is commonly used outside the startup scripts. Drew From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 05:22:27 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAC0037B401 for ; Tue, 3 Jun 2003 05:22:27 -0700 (PDT) Received: from pop018.verizon.net (pop018pub.verizon.net [206.46.170.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2871443F85 for ; Tue, 3 Jun 2003 05:22:27 -0700 (PDT) (envelope-from mtm@identd.net) Received: from kokeb.ambesa.net ([138.88.0.86]) by pop018.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net>; Tue, 3 Jun 2003 07:22:26 -0500 Date: Tue, 3 Jun 2003 08:22:25 -0400 From: Mike Makonnen To: Andrew Gallatin In-Reply-To: <16092.36129.388194.477452@grasshopper.cs.duke.edu> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <16092.36129.388194.477452@grasshopper.cs.duke.edu> X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at pop018.verizon.net from [138.88.0.86] at Tue, 3 Jun 2003 07:22:26 -0500 Message-Id: <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 12:22:28 -0000 On Tue, 3 Jun 2003 07:57:21 -0400 (EDT) Andrew Gallatin wrote: > > Ok, maybe a webserver is a bad example. But you must admit that > /bin/sh is commonly used outside the startup scripts. Yes, I agree. But... So far I think the arguments against it are two-fold: 1. Performance 2. What happens if I hose one of the libraries? I think Gordon has already answered them adequately: 1. If you don't want it, turn it off 2. there will be a statically linked /rescue to pull your bacon out of the fire. I think for _most_ situations, including the boot scripts, the extra added time is negligible. In the boot scripts some of that added time can be recuperated in other ways (look at the patch I post earlier in the thread). But most importantly, I think people are forgetting that this is going to be *optional*. If you don't want to use it, don't. In many ways this boils down to the age-old bikeshed of "do we want to keep moving into the future or stay tied to the past because we don't want to lose a single bit of performance on that old 386 with 8MB ram we have lying around." For those of us who can't get our companies/clients to use FreeBSD because it can't be integrated into their network this feature is fantastic. For those of us who would rather stay with something that works for us and we're happy with, we can chose not to enable it. Cheers. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 mtm@FreeBSD.Org| FreeBSD - The Power To Serve From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 05:31:02 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 512B237B401 for ; Tue, 3 Jun 2003 05:31:02 -0700 (PDT) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCFDD43FA3 for ; Tue, 3 Jun 2003 05:31:00 -0700 (PDT) (envelope-from danfe@regency.nsu.ru) Received: from mail by mx.nsu.ru with drweb-scanned (Exim 3.36 #1 (Debian)) id 19NAz9-0003il-00; Tue, 03 Jun 2003 19:33:51 +0700 Received: from regency.nsu.ru ([193.124.210.26]) by mx.nsu.ru with esmtp (Exim 3.36 #1 (Debian)) id 19NAxw-0003Vx-00; Tue, 03 Jun 2003 19:32:36 +0700 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.8/8.12.8) with ESMTP id h53CTJM5053465; Tue, 3 Jun 2003 19:29:19 +0700 (NOVST) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.8/8.12.8/Submit) id h53CTJK9053464; Tue, 3 Jun 2003 19:29:19 +0700 (NOVST) Date: Tue, 3 Jun 2003 19:29:18 +0700 From: Alexey Dokuchaev To: Mike Makonnen Message-ID: <20030603122918.GA53376@regency.nsu.ru> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <16092.36129.388194.477452@grasshopper.cs.duke.edu> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> User-Agent: Mutt/1.4i X-Envelope-To: mtm@identd.net, gallatin@cs.duke.edu, arch@freebsd.org X-Bogosity: No, tests=bogofilter, spamicity=0.000060, version=0.11.1.4 X-Spam-Status: No, hits=-134.0 required=5.0 tests=BOGOFILTER_TEST_PASS,EMAIL_ATTRIBUTION,IN_REP_TO, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT,USER_IN_WHITELIST version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: arch@freebsd.org cc: Andrew Gallatin Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 12:31:02 -0000 On Tue, Jun 03, 2003 at 08:22:25AM -0400, Mike Makonnen wrote: > On Tue, 3 Jun 2003 07:57:21 -0400 (EDT) > Andrew Gallatin wrote: > > > > > Ok, maybe a webserver is a bad example. But you must admit that > > /bin/sh is commonly used outside the startup scripts. > > Yes, I agree. But... > > So far I think the arguments against it are two-fold: > > 1. Performance > 2. What happens if I hose one of the libraries? > > I think Gordon has already answered them adequately: > > 1. If you don't want it, turn it off Plus numerous people mentioned that they have local patches that yield performance boost substantially enough (5 secs and more). ./danfe From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 05:31:26 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E28437B401 for ; Tue, 3 Jun 2003 05:31:26 -0700 (PDT) Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 097C043F3F for ; Tue, 3 Jun 2003 05:31:25 -0700 (PDT) (envelope-from gallatin@cs.duke.edu) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.12.9/8.12.9) with ESMTP id h53CVOMD012387 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 3 Jun 2003 08:31:24 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id h53CVJh47339; Tue, 3 Jun 2003 08:31:19 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16092.38167.415865.253265@grasshopper.cs.duke.edu> Date: Tue, 3 Jun 2003 08:31:19 -0400 (EDT) To: Mike Makonnen In-Reply-To: <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <16092.36129.388194.477452@grasshopper.cs.duke.edu> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 12:31:26 -0000 Mike Makonnen writes: > importantly, I think people are forgetting that this is going to be *optional*. > If you don't want to use it, don't. > What's going to matter is what the default is. Ideally, we'd have an installer that would give a new user the option "Do you want a fully functional NSS and PAM implementation at the cost of higher overhead for shell scripts", and would install the correct binaries and set something in /etc/make.conf so that source upgrades preserved her choice. But that's another issue. As far as getting people to adopt FreeBSD .. you're helping me much more than any of this NSS / pam stuff. At least to me, a functional 1:1 (or M:N) is much more important. Drew From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 06:39:42 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D223837B401 for ; Tue, 3 Jun 2003 06:39:42 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FC8D43FB1 for ; Tue, 3 Jun 2003 06:39:42 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h53DcaOn080387; Tue, 3 Jun 2003 09:38:36 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h53DcaT8080384; Tue, 3 Jun 2003 09:38:36 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 3 Jun 2003 09:38:36 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Alexey Dokuchaev In-Reply-To: <20030603081129.GC42929@regency.nsu.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 13:39:43 -0000 On Tue, 3 Jun 2003, Alexey Dokuchaev wrote: > > I don't want to sound harsh, and I do appreciate your work. However, > > I think the last thing FreeBSD needs now is to get slower. We're > > already far slower than that other free OS. Shouldn't we consider > > Can you show any evidence of how slow is RELENG_5 (and _4) compared to > those "other free OS"? Some folks make such statements occasionally, > but I haven't heard of any decent benchmarks from them. That would be > interesting to know though. Thank you. One of the reasons we don't yet have a RELENG_5 is the performance issue: you'll notice we're cutting the 5.x releases off of the HEAD while stability and maturity are still in the works. If you take a look at the 5.2 TODO list, you'll see a number of interesting performance-related activities that are intended to restore the higher interrupt latency to lower levels, lower context switch costs, improve parallelism, etc. In the long term, we're going for both higher levels of parallelism and a more explicit synchronization model in the kernel (which will have its own benefits architecturally). Any help you or others can give us on the way to those goals would be much appreciated :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 06:47:02 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6739437B401 for ; Tue, 3 Jun 2003 06:47:02 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C0C343FAF for ; Tue, 3 Jun 2003 06:47:01 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h53DjtOn080452; Tue, 3 Jun 2003 09:45:55 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h53DjtN1080449; Tue, 3 Jun 2003 09:45:55 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 3 Jun 2003 09:45:54 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Andrew Gallatin In-Reply-To: <16092.36129.388194.477452@grasshopper.cs.duke.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 13:47:02 -0000 On Tue, 3 Jun 2003, Andrew Gallatin wrote: > > > Webservers and all other applications which run shell scripts exec a > > > shell to interpret that script. Regardless of how the parent is > > > linked, if the exec'ed shell is dynamically linked, there is an added > > > cost to exec'ing it. > > > > and these are usually perl, php, or compiled cgi programs, not /bin/sh. > > Ok, maybe a webserver is a bad example. But you must admit that /bin/sh > is commonly used outside the startup scripts. I think this is an area where an investment of time in prebinding may have a substantial payoff. Matt Dodd has been doing some experimentation on a number of different prebinding approaches, and has demonstrated pretty measurable performance improvements for common dynamically linked applications (of which we have a number that would really benefit from it). Presumably prebinding wouldn't 100% recover the cost of a switch to dynamic linking for a static binary, but it could well recover 90%. Hopefully Matt can post some of his initial experimentation results in the next few weeks as they become more mature. Unfortunately, the /bin/sh case really does appear to be the most pessimal case for even optimized dynamic linking: sh has a sufficiently short run time and small enough memory footprint that the reduced memory overhead of using shared memory for its libc access presumably doesn't outweight the startup costs. There are presumably environments where sh is invoked a lot -- perhaps in some CGI environments, during large builds, etc. I'd be very interested in seeing some performance results there. Unfortunately, our benchmarking capacity for things like this is a bit limited while the 5.x kernel still has lower I/O throughput due to fine-grained locking not hitting some of the storage subsystems. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:14:55 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D1F837B401 for ; Tue, 3 Jun 2003 09:14:55 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B534E43F93 for ; Tue, 3 Jun 2003 09:14:52 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h53GEqVI008309; Tue, 3 Jun 2003 09:14:52 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h53GEqkU008308; Tue, 3 Jun 2003 09:14:52 -0700 (PDT) Date: Tue, 3 Jun 2003 09:14:52 -0700 (PDT) From: Matthew Dillon Message-Id: <200306031614.h53GEqkU008308@apollo.backplane.com> To: Peter Jeremy References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:14:55 -0000 :On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: :> start!). Running certain daemon startups in the background might yield :> a significant overall improvement in startup times. :> :> e.g. instead of running 'sshd' you would run sshd in a subshell, aka :> (sshd &), so the RC script can continue on with the next thing without :> having to wait for sshd to fault-in from disk. Same goes for sendmail :> and many other daemons. : :This isn't a definite win. I know in the past it used to actually :slow things down: To take your example, having both sshd and sendmail :attempting to fault-in from disk in parallel will thrash both the disk :and cache far more than sshd and sendmail sequentially faulting in. A :very large number of daemons trying to start in parallel will also :stress the scheduler. : :Peter I'm fairly sure there isn't an issue. Both a hard drive's own on-board cache and FreeBSD's clustering and caching code are *very* well suited to this sort of parallel initiation. There is certainly no scheduler issue. The key advantage here is that you are removing serialization that would otherwise cause both cpu cycles and disk cycles to be wasted waiting for each other. Take sendmail for example. sendmail usually takes upwards of a second to startup due to initial DNS lookups that it makes and other things. sshd doesn't start instantaniously either, I think due to creating the initial session keys. -Matt Matthew Dillon From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:27:37 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9813437B401 for ; Tue, 3 Jun 2003 09:27:37 -0700 (PDT) Received: from mx.nsu.ru (mx.nsu.ru [212.192.164.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id E685043F85 for ; Tue, 3 Jun 2003 09:27:35 -0700 (PDT) (envelope-from danfe@regency.nsu.ru) Received: from mail by mx.nsu.ru with drweb-scanned (Exim 3.36 #1 (Debian)) id 19NEg1-0004M7-00; Tue, 03 Jun 2003 23:30:21 +0700 Received: from regency.nsu.ru ([193.124.210.26]) by mx.nsu.ru with esmtp (Exim 3.36 #1 (Debian)) id 19NEfV-0003rx-00; Tue, 03 Jun 2003 23:29:49 +0700 Received: from regency.nsu.ru (localhost [127.0.0.1]) by regency.nsu.ru (8.12.8/8.12.8) with ESMTP id h53GQ8M5064781; Tue, 3 Jun 2003 23:26:08 +0700 (NOVST) (envelope-from danfe@regency.nsu.ru) Received: (from danfe@localhost) by regency.nsu.ru (8.12.8/8.12.8/Submit) id h53GQ8Ge064780; Tue, 3 Jun 2003 23:26:08 +0700 (NOVST) Date: Tue, 3 Jun 2003 23:26:08 +0700 From: Alexey Dokuchaev To: Matthew Dillon Message-ID: <20030603162607.GA64568@regency.nsu.ru> References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> <200306031614.h53GEqkU008308@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306031614.h53GEqkU008308@apollo.backplane.com> User-Agent: Mutt/1.4i X-Envelope-To: dillon@apollo.backplane.com, peterjeremy@optushome.com.au, arch@freebsd.org X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.11.1.4 X-Spam-Status: No, hits=-134.0 required=5.0 tests=BOGOFILTER_TEST_PASS,EMAIL_ATTRIBUTION,IN_REP_TO, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT,USER_IN_WHITELIST version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:27:38 -0000 On Tue, Jun 03, 2003 at 09:14:52AM -0700, Matthew Dillon wrote: > > :On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: > :> start!). Running certain daemon startups in the background might yield > :> a significant overall improvement in startup times. > :> > :> e.g. instead of running 'sshd' you would run sshd in a subshell, aka > :> (sshd &), so the RC script can continue on with the next thing without > :> having to wait for sshd to fault-in from disk. Same goes for sendmail > :> and many other daemons. > : > :This isn't a definite win. I know in the past it used to actually > :slow things down: To take your example, having both sshd and sendmail > :attempting to fault-in from disk in parallel will thrash both the disk > :and cache far more than sshd and sendmail sequentially faulting in. A > :very large number of daemons trying to start in parallel will also > :stress the scheduler. > : > :Peter > > I'm fairly sure there isn't an issue. Both a hard drive's own > on-board cache and FreeBSD's clustering and caching code are *very* well > suited to this sort of parallel initiation. There is certainly no > scheduler issue. The key advantage here is that you are removing > serialization that would otherwise cause both cpu cycles and disk > cycles to be wasted waiting for each other. Take sendmail for example. > sendmail usually takes upwards of a second to startup due to initial > DNS lookups that it makes and other things. sshd doesn't start > instantaniously either, I think due to creating the initial > session keys. Methinks that Matt's suggestion of (sshd &) and alikes does indeed sound very cool, and at least worth of reference implementation and seeing it in action. As already mentioned by Matt, the bottleneck here is not in I/O (which is, in fact, really fast nowadays) but in either network access (in case of sendmail) or (and?) CPU-intensive routines (speaking of sshd, respectively). Just my $.02 though, as it all had been already said more or less the same way by other folks. ./danfe From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:32:05 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA83D37B401 for ; Tue, 3 Jun 2003 09:32:05 -0700 (PDT) Received: from hannibal.servitor.co.uk (hannibal.servitor.co.uk [195.188.15.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A6A443F3F for ; Tue, 3 Jun 2003 09:32:05 -0700 (PDT) (envelope-from paul@hannibal.servitor.co.uk) Received: from paul by hannibal.servitor.co.uk with local (Exim 4.14) id 19NEhg-00099k-Fi; Tue, 03 Jun 2003 17:32:04 +0100 Date: Tue, 3 Jun 2003 17:32:04 +0100 From: Paul Robinson To: Matthew Dillon Message-ID: <20030603163204.GA29331@iconoplex.co.uk> References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> <200306031614.h53GEqkU008308@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306031614.h53GEqkU008308@apollo.backplane.com> Sender: Paul Robinson cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:32:05 -0000 On Tue, Jun 03, 2003 at 09:14:52AM -0700, Matthew Dillon wrote: > I'm fairly sure there isn't an issue. Both a hard drive's own > on-board cache and FreeBSD's clustering and caching code are *very* well > suited to this sort of parallel initiation. There is certainly no > scheduler issue. The key advantage here is that you are removing > serialization that would otherwise cause both cpu cycles and disk > cycles to be wasted waiting for each other. Take sendmail for example. > sendmail usually takes upwards of a second to startup due to initial > DNS lookups that it makes and other things. sshd doesn't start > instantaniously either, I think due to creating the initial > session keys. I'm sorry, I think I have to point something out here: We're talking about shaving a few seconds off a process that on a well-maintained server happens once a week at most - i.e. a cvsupdate, buildworld, install-kernel, reboot on a Monday morning. That's a few seconds a week. This is a lot of effort for shaving a few seconds off a week. It's all well and good talking about getting rid of "wasted cpu cycles and disk cycles" for something that happens perhaps a few times a second, but once a week? And this is to give us a performance advantage over Linux? Not being funny, but is this another troll thread? If you really want to speed up boot times because you're moving a laptop around a lot, great, there is a possibility that an argument can be made that someone could be looking at the serialisation of tasks that assist in bootstrapping other processes - e.g. a dns resolver process that gets all the "usual" hostnames into cache, key initiation stuff, etc... or of course, we could look at getting rid of the incredibly serial rc scripts for certain tasks so lot's of things bootstrap at once - providing dependancies are tracked, and then we get into a discussion akin to package management. Interesting discussion, but are there not other areas we could look at for performance gains? Or am I just not "getting it"? -- Paul Robinson From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:35:35 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E63537B401 for ; Tue, 3 Jun 2003 09:35:35 -0700 (PDT) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8BF443F85 for ; Tue, 3 Jun 2003 09:35:34 -0700 (PDT) (envelope-from sam@errno.com) Received: from melange (melange.errno.com [66.127.85.82]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.9) with ESMTP id h53GZTpw077657 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Tue, 3 Jun 2003 09:35:29 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <093601c329ee$24fe0b90$52557f42@errno.com> From: "Sam Leffler" To: "Mike Makonnen" , "Andrew Gallatin" References: <20030603113927.I71313@cvs.imp.ch><16092.35144.948752.554975@grasshopper.cs.duke.edu><20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net><16092.36129.388194.477452@grasshopper.cs.duke.edu> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> Date: Tue, 3 Jun 2003 09:34:59 -0700 Organization: Errno Consulting MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4920.2300 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:35:35 -0000 > I think for _most_ situations, including the boot scripts, the extra added time > is negligible. In the boot scripts some of that added time can be recuperated > in other ways (look at the patch I post earlier in the thread). But most > importantly, I think people are forgetting that this is going to be *optional*. > If you don't want to use it, don't. > > In many ways this boils down to the age-old bikeshed of "do we want to keep > moving into the future or stay tied to the past because we don't want to lose a > single bit of performance on that old 386 with 8MB ram we have lying around." > For those of us who can't get our companies/clients to use FreeBSD because it > can't be integrated into their network this feature is fantastic. For those of > us who would rather stay with something that works for us and we're happy with, > we can chose not to enable it. Gordon posted boot-time numbers because I prodded him about not committing the changes until he had a handle on the performance implications. The time for a system to reach the "login prompt" was one criteria for some companies I watched go through the same exercise (I also suggested some other tests for which I haven't seen results). Mind you they were not talking about a diskless boot to "login:" but rather booting into a GUI environment where a lot of applications run during startup. The point, regardless, was that blindly making these changes while we are still trying to resolve basic system performance issues is not a great idea. netbsd recently switched to a dynamically-linked root and before committing to the change they devoted a bunch of effort into improving the performance of their dll runtime. Sam From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:43:54 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC05437B401 for ; Tue, 3 Jun 2003 09:43:54 -0700 (PDT) Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27CF143F85 for ; Tue, 3 Jun 2003 09:43:54 -0700 (PDT) (envelope-from kientzle@acm.org) Received: from acm.org (big.x.kientzle.com [66.166.149.54]) by kientzle.com (8.12.9/8.12.9) with ESMTP id h53GhntJ099736; Tue, 3 Jun 2003 09:43:50 -0700 (PDT) (envelope-from kientzle@acm.org) Message-ID: <3EDCD0C1.1020300@acm.org> Date: Tue, 03 Jun 2003 09:45:53 -0700 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011206 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jan Grant References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: arch cc: Dag-Erling Smorgrav Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kientzle@acm.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:43:55 -0000 Jan Grant wrote: > On Mon, 2 Jun 2003, Tim Kientzle wrote: >>Dag-Erling Smorgrav wrote: >>>Was /bin/sh dynamically linked? It shouldn't be. >> >>Sorry, but /bin/sh calls 'getpwnam()', which means >>/bin/sh should use NSS, and thus needs to be >>dynamically linked. > > I don't think this reasoning is completely sound. A functional (but > minimalist) static /bin/sh (or /sbin/sh) will still let you run > /usr/local/bells-and-whistles/sh if you need ~user. My reasoning is correct. The point here is that /bin/sh is not minimalist, as evidenced by the fact that it calls getpwnam(). (Yes, this implies that 'ps', 'ls', 'date', and even 'cat' are not "minimalist," either, since they require pluggable library features.) If you want to remove features from /bin/sh to make it truly minimal, or add a new static shell to the base system, that's a different issue. The current /bin/sh must be dynamically linked because it relies on NSS. Tim P.S. I personally doubt that a static /bin/sh would actually impact the boot performance much at all. From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:48:51 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7042E37B421 for ; Tue, 3 Jun 2003 09:48:51 -0700 (PDT) Received: from hannibal.servitor.co.uk (hannibal.servitor.co.uk [195.188.15.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD60743F93 for ; Tue, 3 Jun 2003 09:48:50 -0700 (PDT) (envelope-from paul@hannibal.servitor.co.uk) Received: from paul by hannibal.servitor.co.uk with local (Exim 4.14) id 19NExn-0009W4-VR; Tue, 03 Jun 2003 17:48:43 +0100 Date: Tue, 3 Jun 2003 17:48:43 +0100 From: Paul Robinson To: Sam Leffler Message-ID: <20030603164843.GB29331@iconoplex.co.uk> References: <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <093601c329ee$24fe0b90$52557f42@errno.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <093601c329ee$24fe0b90$52557f42@errno.com> Sender: Paul Robinson cc: arch@freebsd.org cc: Andrew Gallatin Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:48:51 -0000 On Tue, Jun 03, 2003 at 09:34:59AM -0700, Sam Leffler wrote: > Gordon posted boot-time numbers because I prodded him about not committing > the changes until he had a handle on the performance implications. The time > for a system to reach the "login prompt" was one criteria for some companies > I watched go through the same exercise (I also suggested some other tests > for which I haven't seen results). Mind you they were not talking about a > diskless boot to "login:" but rather booting into a GUI environment where a > lot of applications run during startup. And they clocked performance from boot time? Weeeeeee! OK, since my last post (3 minutes ago) I've thought about this. Is there not a way of just adding sendmail_enable_background as well as sendmail_enable, and if set to YES the command is run with &, otherwise without? With the default behaviour being with? Do this for everything else that rc.conf has an enable that executes an external program/script? That's like, an hours work across the tree, possible backing out of some with strange dependancies once people complain and raise a few PRs, and then we can go on about how much FreeBSD r0x0rs when it's been DoS'ed? I'm being serious, I think, but I think on a box with sendmail, dns, apache, mysql, inetd, sshd, etc... you could shave 20 seconds off boot time on a slower box. > The point, regardless, was that blindly making these changes while we are > still trying to resolve basic system performance issues is not a great idea. Ahhh, we're back into dynamic-linking again. I think you're going to find two clear opinions on this: 1. Those people who cut their teeth in the old days with the guiding hand of a bearded man in sandals telling you what is "good" and what is "bad", insisting that root's shell should always be a statically-linked /bin/sh and everything you need to get the box up to single-user should be statically linked 2. Those who didn't who are prepared to "compete" with other Unixes, even if the decisions they've made may be wrong, incoherent, or even (shock!) based on inexperience and a naieve belief that they will be considered "better" because they're "faster" rather than being "better" because they're more "stable" or "secure" or "bring-back-from-the-dead-able". Which one FBSD goes for is open vote, and has a ring of bikeshed about it, but it's important. It could have major consequences. Of course, there is a flag to make buildworld already that makes everything dynamic... > netbsd recently switched to a dynamically-linked root and before committing > to the change they devoted a bunch of effort into improving the performance > of their dll runtime. NetBSD are also interested in lots of embedded systems where bootstrap time isn't just nice to keep low, it's essential. I don't even have a commit bit, so don't listen to me. I can't even make the changes I'm suggesting as a stop-gap, but I thought I'd whack my 2p in. -- Paul Robinson From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 09:57:47 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F284137B401 for ; Tue, 3 Jun 2003 09:57:46 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FF7E43F75 for ; Tue, 3 Jun 2003 09:57:46 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h53GvjVI008615; Tue, 3 Jun 2003 09:57:46 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h53Gvjla008614; Tue, 3 Jun 2003 09:57:45 -0700 (PDT) Date: Tue, 3 Jun 2003 09:57:45 -0700 (PDT) From: Matthew Dillon Message-Id: <200306031657.h53Gvjla008614@apollo.backplane.com> To: Paul Robinson References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> <20030603163204.GA29331@iconoplex.co.uk> cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 16:57:47 -0000 :I'm sorry, I think I have to point something out here: : :We're talking about shaving a few seconds off a process that on a :well-maintained server happens once a week at most - i.e. a cvsupdate, :buildworld, install-kernel, reboot on a Monday morning. : :That's a few seconds a week. This is a lot of effort for shaving a few :seconds off a week. It's all well and good talking about getting rid of :"wasted cpu cycles and disk cycles" for something that happens perhaps a few :times a second, but once a week? And this is to give us a performance :advantage over Linux? Not being funny, but is this another troll thread? : :If you really want to speed up boot times because you're moving a laptop :around a lot, great, there is a possibility that an argument can be made :that someone could be looking at the serialisation of tasks that assist in :bootstrapping other processes - e.g. a dns resolver process that gets all :the "usual" hostnames into cache, key initiation stuff, etc... or of course, :we could look at getting rid of the incredibly serial rc scripts for certain :tasks so lot's of things bootstrap at once - providing dependancies are :tracked, and then we get into a discussion akin to package management. : :Interesting discussion, but are there not other areas we could look at for :performance gains? Or am I just not "getting it"? : :-- :Paul Robinson Well, not all FreeBSD installations are servers sitting in machine rooms. I have two 'kitchen terminals', both netbooted boxes (and the one in my kitchen actually boots over the wireless network). It sure would be nice if those boxes could boot up faster without too much hackery. Laptop operation is also a reasonable place where faster bootup times would be nice. In the case of the wireless netbooted box I have carefully examined the network traffic during bootup. The wireless network is not even 10% loaded for 90% of the time during the boot sequence... the delays are due to serialization of the boot process waiting for network I/O turnaround. My read is that the serialization delays are primarily due to page fault stalls and NFS. In the case of the second netbooted box, which is on a 100BaseT hardline, the same problems exist but bootup time is faster due to faster network I/O turnaround (lower latencies). In the case of a locally booted box, such as my Laptop or a normal server, bootup times are fast enough that I don't care... the kernel itself takes long to get through to the rc scripts then the rc scripts take to run. In anycase, parallelization would likely benefit these boxes. RCNG is fairly well suited to adding the capability since it already has the dependancy graph. -Matt Matthew Dillon From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 10:53:31 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 146A537B401 for ; Tue, 3 Jun 2003 10:53:31 -0700 (PDT) Received: from mail.soaustin.net (mail.soaustin.net [207.200.4.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8282043F75 for ; Tue, 3 Jun 2003 10:53:30 -0700 (PDT) (envelope-from linimon@lonesome.com) Received: by mail.soaustin.net (Postfix, from userid 502) id DBBD5140CB; Tue, 3 Jun 2003 12:53:29 -0500 (CDT) Date: Tue, 3 Jun 2003 12:53:29 -0500 (CDT) From: Mark Linimon X-X-Sender: linimon@pancho To: Paul Robinson In-Reply-To: <20030603164843.GB29331@iconoplex.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Sam Leffler cc: Andrew Gallatin cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 17:53:31 -0000 On Tue, 3 Jun 2003, Paul Robinson wrote: > Ahhh, we're back into dynamic-linking again. I think you're going to find > two clear opinions on this: IMHO you forgot: 3. People who want to see performance numbers from a prototype installation so that they can quantify the tradeoffs involved in a large change which could be potentially destabilizing. mcl From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 22:02:22 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF5BC37B405 for ; Tue, 3 Jun 2003 22:02:22 -0700 (PDT) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2A7F43FA3 for ; Tue, 3 Jun 2003 22:02:21 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfk3b.dialup.mindspring.com ([165.247.208.107] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19NQPV-0005qv-00; Tue, 03 Jun 2003 22:02:06 -0700 Message-ID: <3EDD7CFA.4795FB99@mindspring.com> Date: Tue, 03 Jun 2003 22:00:42 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Jeremy References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a469078f9ef7624eb53b3580900cb48cfc667c3043c0873f7e350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org cc: Matthew Dillon Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 05:02:23 -0000 Peter Jeremy wrote: > On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: > > start!). Running certain daemon startups in the background might yield > > a significant overall improvement in startup times. > > This isn't a definite win. I know in the past it used to actually > slow things down: To take your example, having both sshd and sendmail > attempting to fault-in from disk in parallel will thrash both the disk > and cache far more than sshd and sendmail sequentially faulting in. A > very large number of daemons trying to start in parallel will also > stress the scheduler. The main problem we ran into with doing this on the InterJet was thatsome services started later would finish starting before earlier services on which they were dependent. It's not very good, for example, for sendmail to try to get its name that it's going to use in conversations with its peers from a DNS that's not up yet, or for it to try to log an error about that failure to a syslogd that's not up yet, or for cron to try to send a mail message about a job that's just completed, but sendmail isn't up, etc.. People try to pretend that the dependencies that exist are between programs, but they're actually between service providers and service consumers, and largely independent of the programs providing the services. On top of that, the dependencies tend to be both hard and soft, e.g. it's possible to continue to offer a degraded service, rather than failing outright, if some dependent services aren't there (e.g. you can log by IP address if DNS isn't up to provide reverse name mappings to look pretty in your logs, etc.). -- Terry From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 22:21:47 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D26237B401 for ; Tue, 3 Jun 2003 22:21:47 -0700 (PDT) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CA6D43F3F for ; Tue, 3 Jun 2003 22:21:46 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfk3b.dialup.mindspring.com ([165.247.208.107] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19NQiW-0000rO-00; Tue, 03 Jun 2003 22:21:45 -0700 Message-ID: <3EDD81A4.B6F83135@mindspring.com> Date: Tue, 03 Jun 2003 22:20:36 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Makonnen References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a42b33c15d3d01924639362c2ce0254325350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org cc: Andrew Gallatin Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 05:21:47 -0000 Mike Makonnen wrote: > 2. What happens if I hose one of the libraries? I always love this one. The same thing that happens if you hose your shell, any of your kernel modules get corruptes, you hose your kernel, you hose any of the files that the boot loader looks in before actually loading the kernel, you hose init, or you hose mount, or any one of dozens of other files. It's not like linking shared gives you any kind of statistically significant increase in the number of single points of failure or the overall MTBF for the overall system. > I think Gordon has already answered them adequately: > > 1. If you don't want it, turn it off This is probably the most important statement anyone can make on the issue, IMO. -- Terry From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 22:29:32 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A77C637B401 for ; Tue, 3 Jun 2003 22:29:32 -0700 (PDT) Received: from espresso.bsdmike.org (espresso.bsdmike.org [65.39.129.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07CAE43F3F for ; Tue, 3 Jun 2003 22:29:32 -0700 (PDT) (envelope-from mike@espresso.bsdmike.org) Received: by espresso.bsdmike.org (Postfix, from userid 1002) id 0FA989C8E; Wed, 4 Jun 2003 01:13:15 -0400 (EDT) Date: Wed, 4 Jun 2003 01:13:15 -0400 From: Mike Barcroft To: Terry Lambert Message-ID: <20030604011315.F70533@espresso.bsdmike.org> References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> <3EDD7CFA.4795FB99@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EDD7CFA.4795FB99@mindspring.com>; from tlambert2@mindspring.com on Tue, Jun 03, 2003 at 10:00:42PM -0700 Organization: The FreeBSD Project cc: Matthew Dillon cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 05:29:32 -0000 Terry Lambert writes: > Peter Jeremy wrote: > > On Mon, Jun 02, 2003 at 02:25:43PM -0700, Matthew Dillon wrote: > > > start!). Running certain daemon startups in the background might yield > > > a significant overall improvement in startup times. > > > > This isn't a definite win. I know in the past it used to actually > > slow things down: To take your example, having both sshd and sendmail > > attempting to fault-in from disk in parallel will thrash both the disk > > and cache far more than sshd and sendmail sequentially faulting in. A > > very large number of daemons trying to start in parallel will also > > stress the scheduler. > > The main problem we ran into with doing this on the InterJet > was thatsome services started later would finish starting > before earlier services on which they were dependent. > > It's not very good, for example, for sendmail to try to get > its name that it's going to use in conversations with its > peers from a DNS that's not up yet, or for it to try to log > an error about that failure to a syslogd that's not up yet, > or for cron to try to send a mail message about a job that's > just completed, but sendmail isn't up, etc.. > > People try to pretend that the dependencies that exist are > between programs, but they're actually between service > providers and service consumers, and largely independent of > the programs providing the services. On top of that, the > dependencies tend to be both hard and soft, e.g. it's possible > to continue to offer a degraded service, rather than failing > outright, if some dependent services aren't there (e.g. you > can log by IP address if DNS isn't up to provide reverse > name mappings to look pretty in your logs, etc.). I think if we identify the dependency graph we can restrict the parallelization to only the leaf nodes. Granted, we're probably missing some non-obvious dependencies in rc.d like the cron/sendmail one you mentioned. Best regards, Mike Barcroft From owner-freebsd-arch@FreeBSD.ORG Tue Jun 3 23:14:34 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AC0A37B401; Tue, 3 Jun 2003 23:14:34 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2F7D43F75; Tue, 3 Jun 2003 23:14:33 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4]) by attbi.com (rwcrmhc52) with ESMTP id <2003060406143305200r1u3ge>; Wed, 4 Jun 2003 06:14:33 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id XAA98153; Tue, 3 Jun 2003 23:14:32 -0700 (PDT) Date: Tue, 3 Jun 2003 23:14:31 -0700 (PDT) From: Julian Elischer To: Mike Barcroft In-Reply-To: <20030604011315.F70533@espresso.bsdmike.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: arch@freebsd.org cc: Matthew Dillon Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 06:14:34 -0000 On Wed, 4 Jun 2003, Mike Barcroft wrote: > > I think if we identify the dependency graph we can restrict the > parallelization to only the leaf nodes. Granted, we're probably > missing some non-obvious dependencies in rc.d like the cron/sendmail > one you mentioned. > Given a lot of daemons allow their shell to continue almost immediatly, how do you tell the difference between the daemon starting, but destined to eventually fail, and starting and destined to succeed? The fact that the shell continued with no error condition is not any reflection as to whether the service (e.g an IP address in the case of dhclient) is available yet or not.) In the end every possible 'service' has to have its own 'test of completion'.. e.g. "does fxp0 have an IP address yet?", or "can we resolve a hostname yet?", or, "is /usr mounted yet". We solved this on teh Interjet because we had a known set of services and we literally hard-coded a lot of stuff. From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 00:59:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAEC837B401 for ; Wed, 4 Jun 2003 00:59:21 -0700 (PDT) Received: from HAL9000.homeunix.com (ip232.bella-vista.sfo.interquest.net [66.199.86.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id F403043F75 for ; Wed, 4 Jun 2003 00:59:20 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.9/8.12.5) with ESMTP id h547xIqG008545; Wed, 4 Jun 2003 00:59:18 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.9/8.12.5/Submit) id h547xIjk008544; Wed, 4 Jun 2003 00:59:18 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Date: Wed, 4 Jun 2003 00:59:18 -0700 From: David Schultz To: Terry Lambert Message-ID: <20030604075918.GA8419@HAL9000.homeunix.com> Mail-Followup-To: Terry Lambert , Peter Jeremy , arch@freebsd.org, Matthew Dillon References: <20030602171942.GA87863@roark.gnf.org> <20030603080456.GA57773@cirb503493.alcatel.com.au> <3EDD7CFA.4795FB99@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EDD7CFA.4795FB99@mindspring.com> cc: Matthew Dillon cc: arch@FreeBSD.ORG Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 07:59:22 -0000 On Tue, Jun 03, 2003, Terry Lambert wrote: > The main problem we ran into with doing this on the InterJet > was thatsome services started later would finish starting > before earlier services on which they were dependent. You can solve this problem by enforcing the rule that when a service forks off a daemon process, the parent does not exit until the child is ready to accept requests. I think Oracle and Postgresql work like this. Alternatively, as with named, you perform all necessary initialization and opening of sockets before forking at all. There may be some services that don't offer this level of sanity, but these services can probably be fixed without too much effort. In the worst case, you will need a wrapper to poll the daemon until it is running normally. Once all of your services' startup scripts can make this guarantee, writing a program to do parallel boot is easy. You continuously try to start as many ``exposed'' nodes in your dependency graph at a time as you can (up to some concurrency limit), where an exposed node is a node whose ancestors have all finished starting. (Wasn't this mentioned in NetBSD's original rcNG proposal?) > On top of that, the > dependencies tend to be both hard and soft, e.g. it's possible > to continue to offer a degraded service, rather than failing > outright, if some dependent services aren't there (e.g. you > can log by IP address if DNS isn't up to provide reverse > name mappings to look pretty in your logs, etc.). Distinctions like this are particularly important if you would like to make use of the information about dependencies between processes for more than just parallel boot. Consider how you could get your server to automatically recover if named dies versus if your database dies. From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 01:38:18 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0BD737B401 for ; Wed, 4 Jun 2003 01:38:17 -0700 (PDT) Received: from subway.linast.de (linast.blasberg-computer.de [62.67.45.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70F0643F75 for ; Wed, 4 Jun 2003 01:38:16 -0700 (PDT) (envelope-from sl@subway.linast.de) Received: from subway.linast.de (sl@localhost.linast.de [127.0.0.1]) by subway.linast.de (8.12.6/8.12.6) with ESMTP id h548c2qq074377 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 4 Jun 2003 10:38:02 +0200 (CEST) (envelope-from sl@subway.linast.de) Received: (from sl@localhost) by subway.linast.de (8.12.6/8.12.6/Submit) id h548c1br074376; Wed, 4 Jun 2003 10:38:01 +0200 (CEST) Date: Wed, 4 Jun 2003 10:38:01 +0200 From: Sebastian Lederer To: Tim Kientzle Message-ID: <20030604083801.GA74277@subway.linast.de> References: <3EDCD0C1.1020300@acm.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: <3EDCD0C1.1020300@acm.org> User-Agent: Mutt/1.4i cc: Jan Grant cc: Dag-Erling Smorgrav cc: arch Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 08:38:18 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 03, 2003 at 09:45:53AM -0700, Tim Kientzle wrote: [...] > My reasoning is correct. The point here is that /bin/sh is not > minimalist, as evidenced by the fact that it calls getpwnam(). (Yes, > this implies that 'ps', 'ls', 'date', and even 'cat' are not "minimalist," > either, since they require pluggable library features.) If you want to > remove features from /bin/sh to make it truly minimal, or add a new static > shell to the base system, that's a different issue. >=20 > The current /bin/sh must be dynamically linked because it relies on NSS. One could implement an NSS proxy/cache daemon like lookupd in Mac OS X=20 (or nscd in Linux/Solaris, although the general impression seems to be=20 that "nscd sucks"). This way static binaries could use dynamic NSS=20 plugins. The cache daemon can be dynamically linked and make full use of all=20 NSS plugins. A small NSS module that can talk to the daemon can be included into=20 all statically linked programs. So when the daemon is not running, programs just use the default=20 static NSS modules (files, NIS, dns, hesiod). When the daemon IS=20 running, all programs, statically or dynamically linked, can utilize=20 all NSS modules which can be loaded dynamically by the daemon. I think this will also improve performance in certain cases, mostly=20 when using LDAP, because not every invocation of "ls" will need to=20 make a new connection to the LDAP server to resolve the uids/gids. - Sebastian Lederer --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3a/p3rj1BcWb4ZsRAmtgAKCtaf0I/0ZarhgHnztcZnArtAwTdQCfTe1g 04XMbOQLD6s2YdpClI2n1m0= =62Kf -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6-- From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 06:42:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCBBB37B401 for ; Wed, 4 Jun 2003 06:42:21 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A003643FB1 for ; Wed, 4 Jun 2003 06:42:19 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h54Dg9l00485; Wed, 4 Jun 2003 10:42:09 -0300 Message-ID: <3EDDF732.1060606@tcoip.com.br> Date: Wed, 04 Jun 2003 10:42:10 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4a) Gecko/20030416 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: Terry Lambert References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> In-Reply-To: <3EDD81A4.B6F83135@mindspring.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 13:42:22 -0000 Terry Lambert wrote: > Mike Makonnen wrote: > >>2. What happens if I hose one of the libraries? > > I always love this one. The same thing that happens if you hose > your shell, any of your kernel modules get corruptes, you hose > your kernel, you hose any of the files that the boot loader looks > in before actually loading the kernel, you hose init, or you hose > mount, or any one of dozens of other files. > > It's not like linking shared gives you any kind of statistically > significant increase in the number of single points of failure or > the overall MTBF for the overall system. It doesn't? If /bin/sh is hosed, I use /bin/csh. If /bin/ls is hosed, I use 'echo *'. If /boot/kernel/kernel gets hosed, I use /boot/kernel.old/kernel. If a module gets hosed, I don't load it or use the one in kernel.old. And so forth. If libc gets hosed, *ALL* programs stop working. So, I did not have any single point of failure for single file corruption before. Now I do. But you claim there was not significant increase, statistically speaking. Could you please point out what am I missing? -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net Sushido, n: The way of the tuna. From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 08:21:59 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FA8837B401 for ; Wed, 4 Jun 2003 08:21:59 -0700 (PDT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FB3543F75 for ; Wed, 4 Jun 2003 08:21:58 -0700 (PDT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.9/8.12.3) with ESMTP id h54FLuvN000549; Wed, 4 Jun 2003 08:21:56 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.9/8.12.3/Submit) id h54FLuX3000546; Wed, 4 Jun 2003 08:21:56 -0700 Date: Wed, 4 Jun 2003 08:21:56 -0700 From: Brooks Davis To: "Daniel C. Sobral" Message-ID: <20030604152156.GB25240@Odin.AC.HMC.Edu> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jq0ap7NbKX2Kqbes" Content-Disposition: inline In-Reply-To: <3EDDF732.1060606@tcoip.com.br> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 15:21:59 -0000 --jq0ap7NbKX2Kqbes Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 04, 2003 at 10:42:10AM -0300, Daniel C. Sobral wrote: > Terry Lambert wrote: > >Mike Makonnen wrote: > > > >>2. What happens if I hose one of the libraries? > > > >I always love this one. The same thing that happens if you hose > >your shell, any of your kernel modules get corruptes, you hose > >your kernel, you hose any of the files that the boot loader looks > >in before actually loading the kernel, you hose init, or you hose > >mount, or any one of dozens of other files. > > > >It's not like linking shared gives you any kind of statistically > >significant increase in the number of single points of failure or > >the overall MTBF for the overall system. >=20 > It doesn't? If /bin/sh is hosed, I use /bin/csh. If /bin/ls is hosed, I= =20 > use 'echo *'. If /boot/kernel/kernel gets hosed, I use=20 > /boot/kernel.old/kernel. If a module gets hosed, I don't load it or use= =20 > the one in kernel.old. And so forth. >=20 > If libc gets hosed, *ALL* programs stop working. >=20 > So, I did not have any single point of failure for single file=20 > corruption before. Now I do. But you claim there was not significant=20 > increase, statistically speaking. Could you please point out what am I=20 > missing? /rescue/sh -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --jq0ap7NbKX2Kqbes Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+3g6SXY6L6fI4GtQRAjYfAJ4jc2A4wc3nUFiYpT6lCCqtuF9YvgCgsEjD Ydk3R+ADGim0tId/aaTAjnw= =+i/I -----END PGP SIGNATURE----- --jq0ap7NbKX2Kqbes-- From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 08:53:26 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95F2C37B401 for ; Wed, 4 Jun 2003 08:53:26 -0700 (PDT) Received: from smtp4.server.rpi.edu (smtp4.server.rpi.edu [128.113.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD28B43F3F for ; Wed, 4 Jun 2003 08:53:25 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp4.server.rpi.edu (8.12.9/8.12.9) with ESMTP id h54FrMPx004349; Wed, 4 Jun 2003 11:53:24 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <3EDDF732.1060606@tcoip.com.br> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> Date: Wed, 4 Jun 2003 11:53:21 -0400 To: "Daniel C. Sobral" , Terry Lambert From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 15:53:26 -0000 At 10:42 AM -0300 6/4/03, Daniel C. Sobral wrote: >So, I did not have any single point of failure for single >file corruption before. Now I do. But you claim there was >not significant increase, statistically speaking. Could >you please point out what am I missing? If you do not want a dynamically-linked root, then do not turn on the option which will give you one. Me, if any of these files are corrupt, I generally reboot into a different snapshot of freebsd, or boot up off a CD and fix things from there. While it's an entertaining exercise to see if you can rescue a badly-damaged system while running from that very same system, the same way it was exciting to watch "Das Boot" and see if the crew will survive, I usually have better things I would like to do with my time. Furthermore, you're approaching this as if "corruption" is only a hardware issue. What if the "corruption" is that your system has just been broken into? Well, then, you pretty much can not trust anything, even if a program does run. So why not have a plan (such as a bootable CD-rom) which works for all kinds of corruption? Personally, I'm a lot more concerned about a break-in than hardware-failure, but maybe I'm just lucky with hardware. I realize that there are many legitimate uses which will have problems with a dynamically-linked root, but I expect that for most users that is not a requirement. For the situations where it is important, I do expect that freebsd should always support the option to have a statically-linked root. If a user needs a statically-linked root but does not know they need it, then they probably won't know enough to fix a severely-broken system anyway. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 09:25:56 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3A5E37B40A for ; Wed, 4 Jun 2003 09:25:53 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E0D743F3F for ; Wed, 4 Jun 2003 09:25:51 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h54GPal04274; Wed, 4 Jun 2003 13:25:37 -0300 Message-ID: <3EDE1D7F.1090501@tcoip.com.br> Date: Wed, 04 Jun 2003 13:25:35 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4a) Gecko/20030416 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: Brooks Davis References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <20030604152156.GB25240@Odin.AC.HMC.Edu> In-Reply-To: <20030604152156.GB25240@Odin.AC.HMC.Edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 16:25:56 -0000 Brooks Davis wrote: > On Wed, Jun 04, 2003 at 10:42:10AM -0300, Daniel C. Sobral wrote: > >>Terry Lambert wrote: >> >>>Mike Makonnen wrote: >>> >>> >>>>2. What happens if I hose one of the libraries? >>> >>>I always love this one. The same thing that happens if you hose >>>your shell, any of your kernel modules get corruptes, you hose >>>your kernel, you hose any of the files that the boot loader looks >>>in before actually loading the kernel, you hose init, or you hose >>>mount, or any one of dozens of other files. >>> >>>It's not like linking shared gives you any kind of statistically >>>significant increase in the number of single points of failure or >>>the overall MTBF for the overall system. >> >>It doesn't? If /bin/sh is hosed, I use /bin/csh. If /bin/ls is hosed, I >>use 'echo *'. If /boot/kernel/kernel gets hosed, I use >>/boot/kernel.old/kernel. If a module gets hosed, I don't load it or use >>the one in kernel.old. And so forth. >> >>If libc gets hosed, *ALL* programs stop working. >> >>So, I did not have any single point of failure for single file >>corruption before. Now I do. But you claim there was not significant >>increase, statistically speaking. Could you please point out what am I >>missing? > > /rescue/sh Sorry, Terry didn't answer /rescue/sh. He disclaimed the need for one because, see, the risk we are incurring by having root dynamically linked isn't greater. Yes, /rescue/sh answer this question. But I'm not questioning the proposal, I'm questioning Terry's answer to a valid question (which *should* have been /rescue/sh). -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net Your reasoning powers are good, and you are a fairly good planner. From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 10:08:06 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 152BE37B401 for ; Wed, 4 Jun 2003 10:08:06 -0700 (PDT) Received: from hirsch.in-berlin.de (hirsch.in-berlin.de [192.109.42.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A26E43FBD for ; Wed, 4 Jun 2003 10:08:04 -0700 (PDT) (envelope-from wagner@luthien.iceflower.in-berlin.de) Received: from hirsch.in-berlin.de (localhost [127.0.0.1]) h54H82wV026111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 4 Jun 2003 19:08:02 +0200 Received: (from uucp@localhost)h54H82IE026109 for freebsd-arch@freebsd.org; Wed, 4 Jun 2003 19:08:02 +0200 X-Envelope-From: wagner@luthien.iceflower.in-berlin.de X-Envelope-To: freebsd-arch@freebsd.org Received: (from wagner@localhost) by luthien.iceflower.in-berlin.de (8.12.8p1/8.12.8) id h54H43DC044521; Wed, 4 Jun 2003 19:04:03 +0200 (CEST) (envelope-from wagner) Date: Wed, 4 Jun 2003 19:04:03 +0200 (CEST) From: Olaf Wagner Message-Id: <200306041704.h54H43DC044521@luthien.iceflower.in-berlin.de> To: freebsd-arch@freebsd.org X-Newsgroups: luthien.freebsd.arch In-Reply-To: <3EDCD0C1.1020300@acm.org> <20030604083801.GA74277@subway.linast.de> Organization: 'Holistic Computing Services' User-Agent: tin/pre-1.4-19990216 ("Styrofoam") (UNIX) (FreeBSD/4.8-RELEASE (i386)) Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 17:08:06 -0000 In article <20030604083801.GA74277@subway.linast.de> you wrote: > --IJpNTDwzlM2Ie8A6 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable >> The current /bin/sh must be dynamically linked because it relies on NSS. > One could implement an NSS proxy/cache daemon like lookupd in Mac OS X=20 > (or nscd in Linux/Solaris, although the general impression seems to be=20 > that "nscd sucks"). This way static binaries could use dynamic NSS=20 > plugins. > The cache daemon can be dynamically linked and make full use of all=20 > NSS plugins. > A small NSS module that can talk to the daemon can be included into=20 > all statically linked programs. I especially like this suggestion. Are there any plans to implement a lookupd for FreeBSD or is anybody already working on it? If not, could the MacOS X sources be used (i.e. are they contained in Darwin)? -- /\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ || Olaf Wagner | wagner@luthien.in-berlin.de (private) | || Cranachstrasse 7 | wagner@elego.de (business) | || D-12157 Berlin | phone: +49 30 85 60 26 70 | || Germany / Deutschland | fax: +49 30 85 58 01 88 | \///////////////////////////////////////////////////////////////// From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 13:48:36 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B74A37B435 for ; Wed, 4 Jun 2003 13:48:36 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0A0943F3F for ; Wed, 4 Jun 2003 13:48:34 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h54KmXuD044327 for ; Wed, 4 Jun 2003 21:48:33 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h54KmW0P044326 for arch@freebsd.org; Wed, 4 Jun 2003 21:48:33 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.9/8.12.9) with ESMTP id h54KgoHh007445 for ; Wed, 4 Jun 2003 21:42:50 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306042042.h54KgoHh007445@grimreaper.grondar.org> To: arch@freebsd.org Date: Wed, 04 Jun 2003 21:42:50 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=2.2 required=5.0 tests=FROM_NO_LOWER version=2.55 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 20:48:36 -0000 Hello all The (lib)telnet(d) build in our tree has always been a bit of an anachronism. We have 2 sets of code to build it, and three different flavours of telnet. We have 1) No crypto telnet, 2) crypto telnet 3) crypto telnet with Kerberos5. During a "make world", these various builds take it in turn to be built, and jump all over each other in annoying ways. This has happened for years. The 2 sets of code are for a) no crypto and b) crypto (+ KRB5). The former is an unifdef(1)ed subset of the latter. We've had continual problems with divergent code (when folks don't commit correctly to both). I propose to 'cvs rm' the 'base' telnet, and build base telnet by not defining the appropriate macros. This achieves the same result as unifdef(1). This involves .PATH: magic to the "full" telnet. For telnet-with-crypto, and telnet-with-crypto+krb5, the appropriate options are already in the tree, so the 'base' telnet will just add them if needed. This is similar in concept to the way crypto is added to bin/ed and gnu/usr.bin/cvs. secure/ and kerberos5/ will then no longer need private copies of (lib)telnet(d), and 'make world' will simplify. Functionality loss will be NIL, complexity will be reduced and a tiny bit of code bloat will be gone. The downside is that base telnet will depend on src/crypto/telnet, so folks in dodgy countries which don't allow them to have crypto source will not be able to do telnet development, and they will not get a "fresh" telnet[d] after a make world. Comments? I'm keen to go on this. M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 14:10:53 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85FDB37B404 for ; Wed, 4 Jun 2003 14:10:53 -0700 (PDT) Received: from ns1.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA15043F93 for ; Wed, 4 Jun 2003 14:10:52 -0700 (PDT) (envelope-from marcel@xcllnt.net) Received: from athlon.pn.xcllnt.net (athlon.pn.xcllnt.net [192.168.4.3]) by ns1.xcllnt.net (8.12.9/8.12.9) with ESMTP id h54LAqwk019383; Wed, 4 Jun 2003 14:10:52 -0700 (PDT) (envelope-from marcel@piii.pn.xcllnt.net) Received: from athlon.pn.xcllnt.net (localhost [127.0.0.1]) by athlon.pn.xcllnt.net (8.12.9/8.12.9) with ESMTP id h54LAqK2002096; Wed, 4 Jun 2003 14:10:52 -0700 (PDT) (envelope-from marcel@athlon.pn.xcllnt.net) Received: (from marcel@localhost) by athlon.pn.xcllnt.net (8.12.9/8.12.9/Submit) id h54LAqbO002095; Wed, 4 Jun 2003 14:10:52 -0700 (PDT) Date: Wed, 4 Jun 2003 14:10:52 -0700 From: Marcel Moolenaar To: Mark Murray Message-ID: <20030604211052.GA2050@athlon.pn.xcllnt.net> References: <200306042042.h54KgoHh007445@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306042042.h54KgoHh007445@grimreaper.grondar.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 21:10:53 -0000 On Wed, Jun 04, 2003 at 09:42:50PM +0100, Mark Murray wrote: > > I propose to 'cvs rm' the 'base' telnet, and build base telnet by > not defining the appropriate macros. [snip] > The downside is that base telnet will depend on src/crypto/telnet, > so folks in dodgy countries which don't allow them to have crypto > source will not be able to do telnet development, and they will > not get a "fresh" telnet[d] after a make world. I think it's a good idea. Do you know how many (which?) dodgy countries there are on this particular rock we call the earth? I mean, WRT to this particular issue of course :-) -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 14:28:36 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A2F437B401 for ; Wed, 4 Jun 2003 14:28:36 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB69C43F93 for ; Wed, 4 Jun 2003 14:28:34 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h54LSYuD044784; Wed, 4 Jun 2003 22:28:34 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h54LSY30044783; Wed, 4 Jun 2003 22:28:34 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h54LQxHh008013; Wed, 4 Jun 2003 22:26:59 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306042126.h54LQxHh008013@grimreaper.grondar.org> To: Marcel Moolenaar In-Reply-To: Your message of "Wed, 04 Jun 2003 14:10:52 PDT." <20030604211052.GA2050@athlon.pn.xcllnt.net> Date: Wed, 04 Jun 2003 22:26:59 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 21:28:36 -0000 Marcel Moolenaar writes: > On Wed, Jun 04, 2003 at 09:42:50PM +0100, Mark Murray wrote: > > > > I propose to 'cvs rm' the 'base' telnet, and build base telnet by > > not defining the appropriate macros. > > [snip] > > > The downside is that base telnet will depend on src/crypto/telnet, > > so folks in dodgy countries which don't allow them to have crypto > > source will not be able to do telnet development, and they will > > not get a "fresh" telnet[d] after a make world. > > I think it's a good idea. Do you know how many (which?) dodgy countries > there are on this particular rock we call the earth? I mean, WRT to this > particular issue of course :-) The only one that I can think of that makes public domain crypto illegal is Myanmar/Burma, and this is because owning a computer is illegal. China makes certain crypto _use_ illegal. This is not a problem here. France just got rid of a law (or published a clarification) that makes this not a problem. M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 14:38:29 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4713737B401 for ; Wed, 4 Jun 2003 14:38:29 -0700 (PDT) Received: from ns1.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48CD943F93 for ; Wed, 4 Jun 2003 14:38:24 -0700 (PDT) (envelope-from marcel@xcllnt.net) Received: from athlon.pn.xcllnt.net (athlon.pn.xcllnt.net [192.168.4.3]) by ns1.xcllnt.net (8.12.9/8.12.9) with ESMTP id h54LcNwk019522; Wed, 4 Jun 2003 14:38:23 -0700 (PDT) (envelope-from marcel@piii.pn.xcllnt.net) Received: from athlon.pn.xcllnt.net (localhost [127.0.0.1]) by athlon.pn.xcllnt.net (8.12.9/8.12.9) with ESMTP id h54LcNK2002278; Wed, 4 Jun 2003 14:38:23 -0700 (PDT) (envelope-from marcel@athlon.pn.xcllnt.net) Received: (from marcel@localhost) by athlon.pn.xcllnt.net (8.12.9/8.12.9/Submit) id h54LcNf0002277; Wed, 4 Jun 2003 14:38:23 -0700 (PDT) Date: Wed, 4 Jun 2003 14:38:23 -0700 From: Marcel Moolenaar To: Mark Murray Message-ID: <20030604213823.GB2050@athlon.pn.xcllnt.net> References: <20030604211052.GA2050@athlon.pn.xcllnt.net> <200306042126.h54LQxHh008013@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200306042126.h54LQxHh008013@grimreaper.grondar.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 21:38:29 -0000 On Wed, Jun 04, 2003 at 10:26:59PM +0100, Mark Murray wrote: > Marcel Moolenaar writes: > > On Wed, Jun 04, 2003 at 09:42:50PM +0100, Mark Murray wrote: > > > > > > I propose to 'cvs rm' the 'base' telnet, and build base telnet by > > > not defining the appropriate macros. > > > > [snip] > > > > > The downside is that base telnet will depend on src/crypto/telnet, > > > so folks in dodgy countries which don't allow them to have crypto > > > source will not be able to do telnet development, and they will > > > not get a "fresh" telnet[d] after a make world. > > > > I think it's a good idea. Do you know how many (which?) dodgy countries > > there are on this particular rock we call the earth? I mean, WRT to this > > particular issue of course :-) > > The only one that I can think of that makes public domain crypto > illegal is Myanmar/Burma, and this is because owning a computer > is illegal. :-) It looks to me that we can remove the base telnet. I'm game. -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 15:39:06 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44AC237B404 for ; Wed, 4 Jun 2003 15:39:06 -0700 (PDT) Received: from newsguy.com (smtp.newsguy.com [129.250.170.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CF8343F3F for ; Wed, 4 Jun 2003 15:39:03 -0700 (PDT) (envelope-from dcs@newsguy.com) Received: from newsguy.com (200-140-081-201.bsace7025.dsl.brasiltelecom.net.br [200.140.81.201]) by newsguy.com (8.9.1p2/8.9.1) with ESMTP id PAA44729; Wed, 4 Jun 2003 15:38:52 -0700 (PDT) Message-ID: <3EDE74EF.6060507@newsguy.com> Date: Wed, 04 Jun 2003 19:38:39 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507 X-Accept-Language: en,pt-BR,pt,en-GB,en-US,ja MIME-Version: 1.0 To: Mark Murray References: <200306042042.h54KgoHh007445@grimreaper.grondar.org> In-Reply-To: <200306042042.h54KgoHh007445@grimreaper.grondar.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 22:39:06 -0000 Mark Murray wrote: > > The downside is that base telnet will depend on src/crypto/telnet, > so folks in dodgy countries which don't allow them to have crypto > source will not be able to do telnet development, and they will > not get a "fresh" telnet[d] after a make world. > > Comments? I'm keen to go on this. Err... what do you expect the people in countries that don't allow them to have crypto to use? ssh? -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@professional.bsdconspiracy.net Spellng is overated anywy. From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 16:14:24 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 557BE37B401 for ; Wed, 4 Jun 2003 16:14:19 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id E280243F3F for ; Wed, 4 Jun 2003 16:14:18 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.8/8.12.3) with ESMTP id h54NEIkA026484; Wed, 4 Jun 2003 17:14:18 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Wed, 04 Jun 2003 17:14:09 -0600 (MDT) Message-Id: <20030604.171409.32720803.imp@bsdimp.com> To: dcs@newsguy.com From: "M. Warner Losh" In-Reply-To: <3EDE74EF.6060507@newsguy.com> References: <200306042042.h54KgoHh007445@grimreaper.grondar.org> <3EDE74EF.6060507@newsguy.com> X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: arch@freebsd.org cc: mark@grondar.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 23:14:25 -0000 In message: <3EDE74EF.6060507@newsguy.com> "Daniel C. Sobral" writes: : Mark Murray wrote: : > : > The downside is that base telnet will depend on src/crypto/telnet, : > so folks in dodgy countries which don't allow them to have crypto : > source will not be able to do telnet development, and they will : > not get a "fresh" telnet[d] after a make world. : > : > Comments? I'm keen to go on this. : : Err... what do you expect the people in countries that don't allow them : to have crypto to use? ssh? If there are still countries where exporting crypto in a binary-only product is illegal, then we'd need to make it possible to build the non-crypto enabled telnet. Warner From owner-freebsd-arch@FreeBSD.ORG Wed Jun 4 16:40:25 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE77137B404 for ; Wed, 4 Jun 2003 16:40:25 -0700 (PDT) Received: from shrike.submonkey.net (pc1-cdif2-5-cust38.cdif.cable.ntl.com [81.101.150.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1615C43FB1 for ; Wed, 4 Jun 2003 16:40:25 -0700 (PDT) (envelope-from setantae@submonkey.net) Received: from setantae by shrike.submonkey.net with local (Exim 4.20) id 19Nhre-000Cry-G1; Thu, 05 Jun 2003 00:40:18 +0100 Date: Thu, 5 Jun 2003 00:40:18 +0100 From: Ceri Davies To: "Daniel C. Sobral" Message-ID: <20030604234018.GA49435@submonkey.net> Mail-Followup-To: Ceri Davies , "Daniel C. Sobral" , Mark Murray , arch@freebsd.org References: <200306042042.h54KgoHh007445@grimreaper.grondar.org> <3EDE74EF.6060507@newsguy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EDE74EF.6060507@newsguy.com> User-Agent: Mutt/1.5.4i Sender: Ceri Davies cc: arch@freebsd.org cc: Mark Murray Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2003 23:40:26 -0000 On Wed, Jun 04, 2003 at 07:38:39PM -0300, Daniel C. Sobral wrote: > Mark Murray wrote: > > > >The downside is that base telnet will depend on src/crypto/telnet, > >so folks in dodgy countries which don't allow them to have crypto > >source will not be able to do telnet development, and they will > >not get a "fresh" telnet[d] after a make world. > > > >Comments? I'm keen to go on this. > > Err... what do you expect the people in countries that don't allow them > to have crypto to use? ssh? rlogin? Ceri [only half-joking] -- From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 00:13:40 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DACA37B401 for ; Thu, 5 Jun 2003 00:13:40 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1880C43F75 for ; Thu, 5 Jun 2003 00:13:39 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h557DbuD071736; Thu, 5 Jun 2003 08:13:37 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h557DbgH071735; Thu, 5 Jun 2003 08:13:37 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h5570tHh011399; Thu, 5 Jun 2003 08:00:55 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306050700.h5570tHh011399@grimreaper.grondar.org> To: "Daniel C. Sobral" In-Reply-To: Your message of "Wed, 04 Jun 2003 19:38:39 -0300." <3EDE74EF.6060507@newsguy.com> Date: Thu, 05 Jun 2003 08:00:55 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 07:13:40 -0000 "Daniel C. Sobral" writes: > Mark Murray wrote: > > > > The downside is that base telnet will depend on src/crypto/telnet, > > so folks in dodgy countries which don't allow them to have crypto > > source will not be able to do telnet development, and they will > > not get a "fresh" telnet[d] after a make world. > > > > Comments? I'm keen to go on this. > > Err... what do you expect the people in countries that don't allow them > to have crypto to use? ssh? The number of countries on this list is very small. Those countries can still get a binary telnet. M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 00:28:44 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D454F37B401 for ; Thu, 5 Jun 2003 00:28:44 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3E0C43F3F for ; Thu, 5 Jun 2003 00:28:43 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h557SeuD071908; Thu, 5 Jun 2003 08:28:41 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h557SeNe071907; Thu, 5 Jun 2003 08:28:40 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h557N7Hh011684; Thu, 5 Jun 2003 08:23:07 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306050723.h557N7Hh011684@grimreaper.grondar.org> To: "M. Warner Losh" In-Reply-To: Your message of "Wed, 04 Jun 2003 17:14:09 MDT." <20030604.171409.32720803.imp@bsdimp.com> Date: Thu, 05 Jun 2003 08:23:06 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 07:28:45 -0000 "M. Warner Losh" writes: > : Err... what do you expect the people in countries that don't allow them > : to have crypto to use? ssh? > > If there are still countries where exporting crypto in a binary-only > product is illegal, then we'd need to make it possible to build the > non-crypto enabled telnet. The non-crypto binary telnet is unchanged by this proposed change. M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 03:46:46 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D90B637B401 for ; Thu, 5 Jun 2003 03:46:46 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABB1B43F85 for ; Thu, 5 Jun 2003 03:46:39 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h55AkVEd049894 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Jun 2003 13:46:31 +0300 (EEST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h55AkKbU049870; Thu, 5 Jun 2003 13:46:20 +0300 (EEST) (envelope-from ru) Date: Thu, 5 Jun 2003 13:46:20 +0300 From: Ruslan Ermilov To: Mark Murray Message-ID: <20030605104620.GA47983@sunbay.com> References: <200306042042.h54KgoHh007445@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh" Content-Disposition: inline In-Reply-To: <200306042042.h54KgoHh007445@grimreaper.grondar.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 10:46:47 -0000 --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 04, 2003 at 09:42:50PM +0100, Mark Murray wrote: [...] > I propose to 'cvs rm' the 'base' telnet, and build base telnet by > not defining the appropriate macros. >=20 > secure/ and kerberos5/ will then no longer need private copies of > (lib)telnet(d), and 'make world' will simplify. >=20 Yes, please. I am all for it, if we're going to vote. ;) > The downside is that base telnet will depend on src/crypto/telnet, > so folks in dodgy countries which don't allow them to have crypto > source will not be able to do telnet development, and they will > not get a "fresh" telnet[d] after a make world. >=20 > Comments? I'm keen to go on this. >=20 I'm not so sure about this. If it would be possible to extract the crypto bits of the telnet sources to separate source files, and leave them under src/crypto/, I think that would be the best, but if it's too hard, well, the price could be paid. Still, even if we decide to leave both copies of sources, reducing the number of (lib)telnet(d) makefiles to one set is the way to go. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3x98Ukv4P6juNwoRAguUAJ9HSkXmXo01BEfPCx2+wCt1u8K5DACfV51H fj5W/pACpktN4QTanIG6bGk= =Y69e -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh-- From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 04:40:50 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F368237B401 for ; Thu, 5 Jun 2003 04:40:49 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FC6F43FCB for ; Thu, 5 Jun 2003 04:40:49 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfmr7.dialup.mindspring.com ([165.247.219.103] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19Nt3H-0005VP-00; Thu, 05 Jun 2003 04:37:04 -0700 Message-ID: <3EDF2B1C.6E9C892E@mindspring.com> Date: Thu, 05 Jun 2003 04:35:56 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Daniel C. Sobral" References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4394c788ad27863506842e947ee2fc584548b785378294e88350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 11:40:50 -0000 "Daniel C. Sobral" wrote: > > I always love this one. The same thing that happens if you hose > > your shell, any of your kernel modules get corruptes, you hose > > your kernel, you hose any of the files that the boot loader looks > > in before actually loading the kernel, you hose init, or you hose > > mount, or any one of dozens of other files. > > > > It's not like linking shared gives you any kind of statistically > > significant increase in the number of single points of failure or > > the overall MTBF for the overall system. > > It doesn't? If /bin/sh is hosed, I use /bin/csh. If /bin/ls is hosed, I > use 'echo *'. If /boot/kernel/kernel gets hosed, I use > /boot/kernel.old/kernel. If a module gets hosed, I don't load it or use > the one in kernel.old. And so forth. And if init or mount gets hosed? > So, I did not have any single point of failure for single file > corruption before. Yes, you do. You're just ignoring them in favor of knocking down strawmen that are only strawmen because you have local, physical access to the console on the machine. If you were remote, you would have to also add hosing the loader.conf to not enable the serial console, or any of the files the boot loader looks at. > Now I do. But you claim there was not significant increase, > statistically speaking. Could you please point out what am I > missing? You're not so much missing anything as you are ignoring the examples which are inconvenient to arguing your position. -- Terry From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 04:43:48 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1F9737B401; Thu, 5 Jun 2003 04:43:48 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADABD43FBF; Thu, 5 Jun 2003 04:43:47 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h55BhkuD074511; Thu, 5 Jun 2003 12:43:46 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h55BhkT3074510; Thu, 5 Jun 2003 12:43:46 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h55BeFHh013268; Thu, 5 Jun 2003 12:40:15 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306051140.h55BeFHh013268@grimreaper.grondar.org> To: Ruslan Ermilov In-Reply-To: Your message of "Thu, 05 Jun 2003 13:46:20 +0300." <20030605104620.GA47983@sunbay.com> Date: Thu, 05 Jun 2003 12:40:15 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 11:43:49 -0000 Ruslan Ermilov writes: > > The downside is that base telnet will depend on src/crypto/telnet, > > so folks in dodgy countries which don't allow them to have crypto > > source will not be able to do telnet development, and they will > > not get a "fresh" telnet[d] after a make world. > > > > Comments? I'm keen to go on this. > > > I'm not so sure about this. If it would be possible to extract > the crypto bits of the telnet sources to separate source files, > and leave them under src/crypto/, I think that would be the best, > but if it's too hard, well, the price could be paid. The point is that src/crypto is the part of the tree that will be trimmed if there is a ban on crypto source. Part of the same point is to avoid having duplicate sources, resulting in folks editing only one and having code divergence between the two. > Still, even if we decide to leave both copies of sources, > reducing the number of (lib)telnet(d) makefiles to one set > is the way to go. Thats the idea! M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 04:48:36 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D91E37B401 for ; Thu, 5 Jun 2003 04:48:36 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71A9143F3F for ; Thu, 5 Jun 2003 04:48:35 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfmr7.dialup.mindspring.com ([165.247.219.103] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19NtEP-0006zO-00; Thu, 05 Jun 2003 04:48:34 -0700 Message-ID: <3EDF2DCE.2B2DBAAA@mindspring.com> Date: Thu, 05 Jun 2003 04:47:26 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Daniel C. Sobral" References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <20030604152156.GB25240@Odin.AC.HMC.Edu> <3EDE1D7F.1090501@tcoip.com.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4394c788ad2786350eac809866615a819a2d4e88014a4647c350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 11:48:36 -0000 "Daniel C. Sobral" wrote: > Sorry, Terry didn't answer /rescue/sh. He disclaimed the need for one > because, see, the risk we are incurring by having root dynamically > linked isn't greater. > > Yes, /rescue/sh answer this question. But I'm not questioning the > proposal, I'm questioning Terry's answer to a valid question (which > *should* have been /rescue/sh). If init or mount gets toasted, you are just as toasted by a single file failure as if everything were linked dynamic and you lost ld.so or libc.so. You can type incantations at the boot loader prompt (if you are local, or if you are remote, and the single points of failure of the boot loader configuration files for enabling the serial console don't get hosed) until you are blue in the face, but unless you have everything installed on / so you can rebuild init or mount from sources, you are screwed by these single points of failure. -- Terry From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 05:09:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06D4537B401 for ; Thu, 5 Jun 2003 05:09:21 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D7AA43F93 for ; Thu, 5 Jun 2003 05:09:16 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) h55C96Ed058372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Jun 2003 15:09:07 +0300 (EEST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.9/8.12.8/Submit) id h55C930G058363; Thu, 5 Jun 2003 15:09:03 +0300 (EEST) (envelope-from ru) Date: Thu, 5 Jun 2003 15:09:03 +0300 From: Ruslan Ermilov To: Mark Murray Message-ID: <20030605120903.GB53363@sunbay.com> References: <20030605104620.GA47983@sunbay.com> <200306051140.h55BeFHh013268@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PmA2V3Z32TCmWXqI" Content-Disposition: inline In-Reply-To: <200306051140.h55BeFHh013268@grimreaper.grondar.org> User-Agent: Mutt/1.5.4i cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 12:09:21 -0000 --PmA2V3Z32TCmWXqI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 05, 2003 at 12:40:15PM +0100, Mark Murray wrote: [...] > > I'm not so sure about this. If it would be possible to extract > > the crypto bits of the telnet sources to separate source files, > > and leave them under src/crypto/, I think that would be the best, > > but if it's too hard, well, the price could be paid. >=20 > The point is that src/crypto is the part of the tree that will be > trimmed if there is a ban on crypto source. Part of the same point > is to avoid having duplicate sources, resulting in folks editing > only one and having code divergence between the two. >=20 I understand this. I just thought that it maybe possible to extract the crypto bits out of sources into separate =2Ec and .h files, so that we need to compile them together with non-crypto *.[ch] if we need crypto telnet. I now see that this is nearly impossible; the crypto bits are scattered all around the sources. But I have another important question here: Are the telnet sources really considered crypto sources? Yes, they use crypto functionality if compiled with the corresponding options, but they just USE them, they don't PROVIDE them. As such, should we treat them as restricted? If yes, I'd like to (please) hear why are they treated as such? If not, then the solution is obvious, keep them under src/*/(lib)telnet(d). Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software Ltd, ru@FreeBSD.org FreeBSD committer --PmA2V3Z32TCmWXqI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3zLfUkv4P6juNwoRAo+GAJ9J2Pbib20Q+Tux5ketZKaiTvfbJQCffO5V /WVfkybgu3CbDa7MP+awoMk= =/SAz -----END PGP SIGNATURE----- --PmA2V3Z32TCmWXqI-- From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 05:31:02 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35E2837B401; Thu, 5 Jun 2003 05:31:02 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id A009243F85; Thu, 5 Jun 2003 05:31:01 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfmr7.dialup.mindspring.com ([165.247.219.103] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19NttU-0005N5-00; Thu, 05 Jun 2003 05:31:01 -0700 Message-ID: <3EDF37B9.1F5EF3FD@mindspring.com> Date: Thu, 05 Jun 2003 05:29:45 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Ruslan Ermilov References: <20030605104620.GA47983@sunbay.com> <20030605120903.GB53363@sunbay.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4fa451d01bf32dbc28bebbafd18575535387f7b89c61deb1d350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org cc: Mark Murray Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 12:31:02 -0000 Ruslan Ermilov wrote: > Are the telnet sources really considered crypto sources? > Yes, they use crypto functionality if compiled with the > corresponding options, but they just USE them, they > don't PROVIDE them. As such, should we treat them as > restricted? If yes, I'd like to (please) hear why are > they treated as such? If not, then the solution is > obvious, keep them under src/*/(lib)telnet(d). I think the answer is "the better to deprecate telnet, by making it harder to get working". 8-|. -- Terry From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 05:43:40 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89A7337B405; Thu, 5 Jun 2003 05:43:40 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id C767443FBF; Thu, 5 Jun 2003 05:43:38 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h55ChbuD075164; Thu, 5 Jun 2003 13:43:37 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h55ChbQX075163; Thu, 5 Jun 2003 13:43:37 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h55CUqHh013692; Thu, 5 Jun 2003 13:30:52 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200306051230.h55CUqHh013692@grimreaper.grondar.org> To: Ruslan Ermilov In-Reply-To: Your message of "Thu, 05 Jun 2003 15:09:03 +0300." <20030605120903.GB53363@sunbay.com> Date: Thu, 05 Jun 2003 13:30:52 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: arch@freebsd.org Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 12:43:41 -0000 Ruslan Ermilov writes: > On Thu, Jun 05, 2003 at 12:40:15PM +0100, Mark Murray wrote: > [...] > > > I'm not so sure about this. If it would be possible to extract > > > the crypto bits of the telnet sources to separate source files, > > > and leave them under src/crypto/, I think that would be the best, > > > but if it's too hard, well, the price could be paid. > >=20 > > The point is that src/crypto is the part of the tree that will be > > trimmed if there is a ban on crypto source. Part of the same point > > is to avoid having duplicate sources, resulting in folks editing > > only one and having code divergence between the two. > >=20 > I understand this. I just thought that it maybe possible > to extract the crypto bits out of sources into separate > =2Ec and .h files, so that we need to compile them together > with non-crypto *.[ch] if we need crypto telnet. I now > see that this is nearly impossible; the crypto bits are > scattered all around the sources. But I have another > important question here: > > Are the telnet sources really considered crypto sources? > Yes, they use crypto functionality if compiled with the > corresponding options, but they just USE them, they > don't PROVIDE them. As such, should we treat them as > restricted? If yes, I'd like to (please) hear why are > they treated as such? If not, then the solution is > obvious, keep them under src/*/(lib)telnet(d). Hmm. Good point. Moving them makes good sense. I'd prefer to move them in one block (they are a logical unit like (say) tcp_wrappers). This would imply that we put them in contrib, but they break the contrib methodology in that its ok to edit them. Lemme think about this. M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 08:20:43 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF79637B401 for ; Thu, 5 Jun 2003 08:20:43 -0700 (PDT) Received: from subway.linast.de (linast.blasberg-computer.de [62.67.45.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8802743FCB for ; Thu, 5 Jun 2003 08:20:35 -0700 (PDT) (envelope-from sl@subway.linast.de) Received: from subway.linast.de (sl@localhost.linast.de [127.0.0.1]) by subway.linast.de (8.12.6/8.12.6) with ESMTP id h55FKWqq079663 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 5 Jun 2003 17:20:32 +0200 (CEST) (envelope-from sl@subway.linast.de) Received: (from sl@localhost) by subway.linast.de (8.12.6/8.12.6/Submit) id h55FKWdg079662; Thu, 5 Jun 2003 17:20:32 +0200 (CEST) Date: Thu, 5 Jun 2003 17:20:32 +0200 From: Sebastian Lederer To: Olaf Wagner Message-ID: <20030605152032.GA79575@subway.linast.de> References: <3EDCD0C1.1020300@acm.org> <20030604083801.GA74277@subway.linast.de> <200306041704.h54H43DC044521@luthien.iceflower.in-berlin.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline In-Reply-To: <200306041704.h54H43DC044521@luthien.iceflower.in-berlin.de> User-Agent: Mutt/1.4i cc: freebsd-arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 15:20:44 -0000 --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 04, 2003 at 07:04:03PM +0200, Olaf Wagner wrote: [...]>=20 > I especially like this suggestion. Are there any plans to implement > a lookupd for FreeBSD or is anybody already working on it? If not, > could the MacOS X sources be used (i.e. are they contained in Darwin)? Darwin's lookupd is open source, but I think it would be too much work=20 to adapt it to FreeBSD, since it is tightly integrated with Darwin's=20 libc and probably depends on Mach IPC primitives. I think the best bet is to write something reasonably simple from=20 scratch and implement it as an NSS module, so that it can be installed=20 without any changes to the rest of the system, especially without=20 hacking libc. - Sebastian Lederer --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+31/A3rj1BcWb4ZsRArdAAJ9PwwXqIWIqM8cpgrkTdmPq4zqkEgCdGoiH rqvVadabUlCiN4ztdxd/rDE= =2zEH -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 10:00:07 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D62B837B401 for ; Thu, 5 Jun 2003 10:00:07 -0700 (PDT) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE0DE43FA3 for ; Thu, 5 Jun 2003 10:00:06 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-38lc0tv.dialup.mindspring.com ([209.86.3.191] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19Ny5n-0002Gf-00; Thu, 05 Jun 2003 10:00:02 -0700 Message-ID: <3EDF73DB.CCD31329@mindspring.com> Date: Thu, 05 Jun 2003 09:46:19 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Sebastian Lederer References: <3EDCD0C1.1020300@acm.org> <20030604083801.GA74277@subway.linast.de> <20030605152032.GA79575@subway.linast.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4a12270c019b0896e35287197ed915070350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: freebsd-arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 17:00:08 -0000 Sebastian Lederer wrote: > On Wed, Jun 04, 2003 at 07:04:03PM +0200, Olaf Wagner wrote: > > I especially like this suggestion. Are there any plans to implement > > a lookupd for FreeBSD or is anybody already working on it? If not, > > could the MacOS X sources be used (i.e. are they contained in Darwin)? > > Darwin's lookupd is open source, but I think it would be too much work > to adapt it to FreeBSD, since it is tightly integrated with Darwin's > libc and probably depends on Mach IPC primitives. > > I think the best bet is to write something reasonably simple from > scratch and implement it as an NSS module, so that it can be installed > without any changes to the rest of the system, especially without > hacking libc. You have to hack libc: the lookup calls in a static libc have to resolve to transactions interacting with the lookupd. The entire point of this exercise is to allow access to NSS modules by a statically linked binary! -- Terry From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 15:11:19 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B8ED37B404 for ; Thu, 5 Jun 2003 15:11:19 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 521FB43FE0 for ; Thu, 5 Jun 2003 15:11:18 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-156-172-64.jan.bellsouth.net [66.156.172.64]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id C940E1527E; Thu, 5 Jun 2003 17:11:16 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id B35D220F21; Thu, 5 Jun 2003 17:11:14 -0500 (CDT) Date: Thu, 5 Jun 2003 17:11:14 -0500 From: "Matthew D. Fuller" To: Terry Lambert Message-ID: <20030605221114.GB51432@over-yonder.net> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <3EDF2B1C.6E9C892E@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EDF2B1C.6E9C892E@mindspring.com> User-Agent: Mutt/1.4i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 22:11:19 -0000 On Thu, Jun 05, 2003 at 04:35:56AM -0700 I heard the voice of Terry Lambert, and lo! it spake thus: > > And if init or mount gets hosed? Oh, come on. You're smarter than that. If a static /sbin/init gets hosed, you're screwed. If a dynamic /sbin/init gets hosed, you're screwed. If /lib/libc gets hosed, your dynamic /sbin/init is screwed. Your static /sbin/init still moves along just fine. It's not that static binaries eliminate SPoF's. They just reduce the scope of some failures. Whether that reduction is sizeable or lost in the noise is left as an exercise to the reader (presuming the reader understands the concept of "different strokes"). > You're not so much missing anything as you are ignoring the > examples which are inconvenient to arguing your position. A reasonable statement, but equally true in reverse. Dynamic _everything_ multiplies the number of single failures that can completely screw you by making many more failures able to indirectly b0rk basic things like "getting a shell". For extra points, find the false statement: - Static-linked systems are immune from corruption failures. - Dynamically-linked systems no more failure modes than static. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 15:14:25 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 849E837B401 for ; Thu, 5 Jun 2003 15:14:25 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id D763343FDD for ; Thu, 5 Jun 2003 15:14:24 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-156-172-64.jan.bellsouth.net [66.156.172.64]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id 31F961527E; Thu, 5 Jun 2003 17:14:24 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 715B420F21; Thu, 5 Jun 2003 17:14:22 -0500 (CDT) Date: Thu, 5 Jun 2003 17:14:22 -0500 From: "Matthew D. Fuller" To: Terry Lambert Message-ID: <20030605221422.GC51432@over-yonder.net> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <3EDF2B1C.6E9C892E@mindspring.com> <20030605221114.GB51432@over-yonder.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030605221114.GB51432@over-yonder.net> User-Agent: Mutt/1.4i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 22:14:25 -0000 Blah. > - Dynamically-linked systems no more failure modes than static. ^ have Now, see, if my /sbin/english were statically linked, then my brain.so failure wouldn't have had that effect... -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-arch@FreeBSD.ORG Thu Jun 5 23:31:06 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EB3737B401 for ; Thu, 5 Jun 2003 23:31:06 -0700 (PDT) Received: from canning.wemm.org (canning.wemm.org [192.203.228.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id F12E943FAF for ; Thu, 5 Jun 2003 23:31:05 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by canning.wemm.org (Postfix) with ESMTP id D3B442A8C1; Thu, 5 Jun 2003 23:31:05 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "Matthew D. Fuller" In-Reply-To: <20030605221114.GB51432@over-yonder.net> Date: Thu, 05 Jun 2003 23:31:05 -0700 From: Peter Wemm Message-Id: <20030606063105.D3B442A8C1@canning.wemm.org> cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 06:31:06 -0000 "Matthew D. Fuller" wrote: > On Thu, Jun 05, 2003 at 04:35:56AM -0700 I heard the voice of > Terry Lambert, and lo! it spake thus: > > > > And if init or mount gets hosed? > > Oh, come on. You're smarter than that. > > If a static /sbin/init gets hosed, you're screwed. > If a dynamic /sbin/init gets hosed, you're screwed. > > If /lib/libc gets hosed, your dynamic /sbin/init is screwed. Your static > /sbin/init still moves along just fine. Which is why /rescue/init is on the fallback init path, and can be explicitly entered at the loader prompt. Right now it is: kern.init_path: /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall And nothing would be stopping somebody from typing this at the loader: set kern.init_path=/rescue/init and at the shell path prompt, /rescue/sh Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 00:09:05 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E693D37B404; Fri, 6 Jun 2003 00:09:05 -0700 (PDT) Received: from rwcrmhc11.attbi.com (rwcrmhc11.attbi.com [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7876843F75; Fri, 6 Jun 2003 00:09:05 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23](untrusted sender)) by attbi.com (rwcrmhc11) with SMTP id <2003060607090501300akks2e>; Fri, 6 Jun 2003 07:09:05 +0000 Date: Fri, 6 Jun 2003 00:09:04 -0700 (PDT) From: Doug Barton To: freebsd-arch@freebsd.org, freebsd-current@freebsd.org Message-ID: <20030605235254.W5414@znfgre.qbhto.arg> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-arch@freebsd.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 07:09:06 -0000 [ Please respect followups to -arch, thanks. ] As most of you are probably already aware, there have been two recent releases of BIND 8. Version 8.3.5 is the "bugfix, and new minor features" release on the 8.3.x branch that we've currently got in the tree already. 8.4.0 is (more or less) the "all the bug fixes from 8.3.5, plus support for IPv6 transport" version. Because there are over 14k lines of diff between the source for 8.3.5 and 8.4.0, I'm hesitant to import the latter right away. Instead, as the nominal BIND maintainer, I'm proposing the following plan: 1. Import 8.3.5 into HEAD, and upgrade the bind8 port. At the same time, create a bind84 port for the 8.4.x branch. The port will include the PORT_REPLACES_BASE functionality that we already have. 2. At some suitable point in the near future (definitely before the next 4.x release), MFC 8.3.5. 3. At some suitable point in the future, probably after the BIND 8.4.1 release, import 8.4.x into HEAD. I'm definitely in favor of improving support for IPv6, and BIND 8.4.x is going to be a big step in this direction. I'm just not sure that we should be adopting it in the base right away. My personal feeling is that having it in the ports for the convenience of early adopters is sufficient. However, my purpose in writing is to poll the community... I'm willing to be persuaded if folks have strong feelings about adopting 8.4.x in the base sooner rather than later, speak up now. FYI, for those wondering why I'm not considering BIND 9 for import, please see http://people.freebsd.org/~dougb/whybind8.html Doug From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 00:29:15 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30CA237B401 for ; Fri, 6 Jun 2003 00:29:15 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 648F743F3F for ; Fri, 6 Jun 2003 00:29:14 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-156-172-64.jan.bellsouth.net [66.156.172.64]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id EB14B15225; Fri, 6 Jun 2003 02:29:12 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 6405F20F21; Fri, 6 Jun 2003 02:29:10 -0500 (CDT) Date: Fri, 6 Jun 2003 02:29:10 -0500 From: "Matthew D. Fuller" To: Peter Wemm Message-ID: <20030606072909.GA26354@over-yonder.net> References: <20030605221114.GB51432@over-yonder.net> <20030606063105.D3B442A8C1@canning.wemm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606063105.D3B442A8C1@canning.wemm.org> User-Agent: Mutt/1.4i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 07:29:15 -0000 On Thu, Jun 05, 2003 at 11:31:05PM -0700 I heard the voice of Peter Wemm, and lo! it spake thus: > > Which is why /rescue/init is on the fallback init path, and can be explicitly > entered at the loader prompt. Right now it is: > kern.init_path: /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall > > And nothing would be stopping somebody from typing this at the loader: > set kern.init_path=/rescue/init > and at the shell path prompt, /rescue/sh Oh, absolutely. Given a good /rescue, you can still recover from at least most[0] problems that a static / would let you recover from. And all else being equal, I'm fully of the belief that the increase in potential minor calamities (which some manual /rescue/* intervention can recover) is a small price to pay for some of the gains that a dynamic / gives. I think the downside is minor and full work-around-able (there's a better word for that, I'm just losing my language processing skills); I just don't agree that it's nonexistent. Yes, get the support for a Big Static/Dynamic Switch (tm) in and tested so we can flip it however we want. More generally, yes, I'd agree with get a roadmap for changing the default "sometime", whether that's 5.2 or 5.3 or 6.0. It's a good change; it's just not an entirely side-effect--free change. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 00:45:28 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19A0937B401 for ; Fri, 6 Jun 2003 00:45:28 -0700 (PDT) Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5819043F3F for ; Fri, 6 Jun 2003 00:45:27 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-38lc0sj.dialup.mindspring.com ([209.86.3.147] helo=mindspring.com) by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19OBuY-0002JN-00; Fri, 06 Jun 2003 00:45:19 -0700 Message-ID: <3EE04642.602DA5EF@mindspring.com> Date: Fri, 06 Jun 2003 00:44:02 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Matthew D. Fuller" References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <3EDF2B1C.6E9C892E@mindspring.com> <20030605221114.GB51432@over-yonder.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4bdb2088eb72a59f3167b61d5b7674ca8350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 07:45:28 -0000 "Matthew D. Fuller" wrote: > On Thu, Jun 05, 2003 at 04:35:56AM -0700 I heard the voice of > Terry Lambert, and lo! it spake thus: > > > > And if init or mount gets hosed? > > Oh, come on. You're smarter than that. > > If a static /sbin/init gets hosed, you're screwed. > If a dynamic /sbin/init gets hosed, you're screwed. > > If /lib/libc gets hosed, your dynamic /sbin/init is screwed. Your static > /sbin/init still moves along just fine. > > It's not that static binaries eliminate SPoF's. They just reduce the > scope of some failures. Whether that reduction is sizeable or lost in > the noise is left as an exercise to the reader (presuming the reader > understands the concept of "different strokes"). I'd argue that it's lost in the noise. You can divide the world into two types of installations: those that you can readily get to the physical hardware, including a console, and those where you can't. In the case where you can get to the console, there is no real additional hardship with dynamic libraries: a recovery CD or floppy boot is equally applicable as going through the obstacle course of trying to find the set of commands that are non-corrupt which will allow you to perform a recovery operation on the remainder of the commands. The smart admin simply boots an install of the version they had installed before the corruption, selects "upgrade" from the sysinstall menu, and lets it automatically recover everything except the sources, which sysinstall refuses to install over. In the case where you have to access the system remotely, there are basically two default choices: serial console and ssh. For the serial console, there are a much larger number of single points of failure between you and your statically linked shell, in /boot: boot0, boot1, boot2, kernel/kernel.ko, loader, loader.4th, loader.rc, defaults/loader.conf, and any user installed configuration files (there's at least one, to drop the "-P" in so the serial console is active). Minimally, this means that at most, adding another point of failure only increases your odds of failure by 1 in 10, if you have to do anything, and you include only "mount -u -o rw /" and "/bin/sh". The actual number is much lower than that: you have to include the terminal server, etc.., and the minimum subset of software needed to get the system back to a functioning state. If this needs a "make install" or a compile of any kind, then the additional risk is comparatively infinitesimal, since most of the tools between you and the system being alive again are dynamically linked ("install", etc.). In the ssh case, well, there's even more stuff between you and your statically linked shell, since you can't get in until the system is fully up; even then, dynamic linking doesn't increase your risk at all: # ldd /usr/sbin/sshd /usr/sbin/sshd: libopie.so.2 => /usr/lib/libopie.so.2 (0x2808b000) libmd.so.2 => /usr/lib/libmd.so.2 (0x28095000) libssh.so.2 => /usr/lib/libssh.so.2 (0x280a0000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280d4000) libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280ee000) libutil.so.3 => /usr/lib/libutil.so.3 (0x281b8000) libz.so.2 => /usr/lib/libz.so.2 (0x281c4000) libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281d2000) libpam.so.2 => /usr/lib/libpam.so.2 (0x281db000) libc.so.5 => /usr/lib/libc.so.5 (0x281e3000) The telnetd, rshd, rlogind, and rexecd are all in the same boat. > > You're not so much missing anything as you are ignoring the > > examples which are inconvenient to arguing your position. > > A reasonable statement, but equally true in reverse. > > Dynamic _everything_ multiplies the number of single failures that can > completely screw you by making many more failures able to indirectly b0rk > basic things like "getting a shell". I admit that the current shells have a much larger library footprint than the former (a)sh or csh. But sshd requires a lot of those which are required by csh (at least), if not "sh". In the absolute worst case, the old shells could be installed as "oldreliablecsh" or "oldreliablesh", if you wanted to make a big deal about the other libraries being somehow more sensitive than the libraries sshd already depends upon. Note: $HOME mounts would also need to work, unless you went out of your way to change the default config files to permit root logins directly via ssh, instead of making people use user logins which could fail for lack of a home directory. > For extra points, find the false statement: > - Static-linked systems are immune from corruption failures. False. > - Dynamically-linked systems no more failure modes than static. "True", for those situations where you can't get at the console except via ssh, and "False to a small degree, but you don't care" for those situations where you can physically access the console, since you can reboot from and recover using standard install media. -- Terry From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 00:52:10 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91F0737B401 for ; Fri, 6 Jun 2003 00:52:10 -0700 (PDT) Received: from puffin.mail.pas.earthlink.net (puffin.mail.pas.earthlink.net [207.217.120.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id 112F043F85 for ; Fri, 6 Jun 2003 00:52:10 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-38lc0sj.dialup.mindspring.com ([209.86.3.147] helo=mindspring.com) by puffin.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19OC15-0002p4-00; Fri, 06 Jun 2003 00:52:03 -0700 Message-ID: <3EE047DA.850261F0@mindspring.com> Date: Fri, 06 Jun 2003 00:50:50 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Wemm References: <20030606063105.D3B442A8C1@canning.wemm.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4bdb2088eb72a59f3be7bfb38bb357ad13ca473d225a0f487350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org cc: "Matthew D. Fuller" Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 07:52:10 -0000 Peter Wemm wrote: > "Matthew D. Fuller" wrote: > > If a static /sbin/init gets hosed, you're screwed. > > If a dynamic /sbin/init gets hosed, you're screwed. > > > > If /lib/libc gets hosed, your dynamic /sbin/init is screwed. Your static > > /sbin/init still moves along just fine. > > Which is why /rescue/init is on the fallback init path, and can be explicitly > entered at the loader prompt. Right now it is: > kern.init_path: /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall > > And nothing would be stopping somebody from typing this at the loader: > set kern.init_path=/rescue/init > and at the shell path prompt, /rescue/sh The /rescue, to my mind, is just a gratuitous renaming of /stand. It also fails to make the dynamic linking argument strongly enough, IMO. That's why I'm trying to avoid invoking the "and then a statically linked miracle happens"... 8-). -- Terry From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 01:02:37 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2ADD37B401 for ; Fri, 6 Jun 2003 01:02:37 -0700 (PDT) Received: from praetor.linc-it.com (hardtime.linuxman.net [66.147.26.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED44143FA3 for ; Fri, 6 Jun 2003 01:02:36 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from mortis.over-yonder.net (adsl-156-172-64.jan.bellsouth.net [66.156.172.64]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id D7F5615225; Fri, 6 Jun 2003 03:02:35 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 2975120F21; Fri, 6 Jun 2003 03:02:33 -0500 (CDT) Date: Fri, 6 Jun 2003 03:02:32 -0500 From: "Matthew D. Fuller" To: Terry Lambert Message-ID: <20030606080232.GE51432@over-yonder.net> References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <3EDF2B1C.6E9C892E@mindspring.com> <20030605221114.GB51432@over-yonder.net> <3EE04642.602DA5EF@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EE04642.602DA5EF@mindspring.com> User-Agent: Mutt/1.4i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 08:02:37 -0000 On Fri, Jun 06, 2003 at 12:44:02AM -0700 I heard the voice of Terry Lambert, and lo! it spake thus: > > I'd argue that it's lost in the noise. I'd agree. I think what you're meaning (though it's not quite coming across) is that for most people and most situations, the downside is either nonexistent, or so small as to be so for all practical purposes. On the other hand, there are people and situations who believe that the [potential] downsides are much larger. We differ in that I don't believe that all such claims are bogus. Sure, many of the examples put forth are rather arbitrary and contrived, but I've found that I literally can't come up with a scenario so arbitrary and contrived that SOMEBODY isn't dealing with pow(it,N) every day. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 01:18:15 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6928E37B401 for ; Fri, 6 Jun 2003 01:18:15 -0700 (PDT) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id B559F43F75 for ; Fri, 6 Jun 2003 01:18:14 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-38lc0sj.dialup.mindspring.com ([209.86.3.147] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19OCQF-0000kN-00; Fri, 06 Jun 2003 01:18:04 -0700 Message-ID: <3EE04DED.DCC1E637@mindspring.com> Date: Fri, 06 Jun 2003 01:16:45 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Matthew D. Fuller" References: <20030603113927.I71313@cvs.imp.ch> <16092.35144.948752.554975@grasshopper.cs.duke.edu> <20030603115432.EGLB13328.out002.verizon.net@kokeb.ambesa.net> <20030603122226.BGPM11703.pop018.verizon.net@kokeb.ambesa.net> <3EDD81A4.B6F83135@mindspring.com> <3EDDF732.1060606@tcoip.com.br> <3EDF2B1C.6E9C892E@mindspring.com> <20030605221114.GB51432@over-yonder.net> <3EE04642.602DA5EF@mindspring.com> <20030606080232.GE51432@over-yonder.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4ea13283ba1596f44faee608d9462e0bc350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 08:18:15 -0000 "Matthew D. Fuller" wrote: > On Fri, Jun 06, 2003 at 12:44:02AM -0700 I heard the voice of > Terry Lambert, and lo! it spake thus: > > > > I'd argue that it's lost in the noise. > > I'd agree. > > I think what you're meaning (though it's not quite coming across) is that > for most people and most situations, the downside is either nonexistent, > or so small as to be so for all practical purposes. I'm more or less trying to play "devil's advocate" on this. There are so many commercial systems that dynamically link everything, that I have to believe that their highly paid engineering resources thought it through before flipping the switch. > On the other hand, there are people and situations who believe that the > [potential] downsides are much larger. We differ in that I don't believe > that all such claims are bogus. Sure, many of the examples put forth are > rather arbitrary and contrived, but I've found that I literally can't > come up with a scenario so arbitrary and contrived that SOMEBODY isn't > dealing with pow(it,N) every day. And I'd agree with this. I'm sure Peter Wemm, who posted earlier, is dealing with a large number of serial console based systems, and occasionally has a system that doesn't have a hot spare, or has data on it that the normal approach of reinstalling on new hardware and replacing it won't work for him. With the number of machines he has, it's potentially a big deal. I also know that a former employer didn't have any local boot media available on their devices, and only a serial console; you either were very careful, or you took out a zillion screws to get at the only media it had and/or the floppy radial connector. I would class these systems as "fragile", but I have no doubt other people have followed the same model. At a former former employer (Whistle), the fragility problem was resolved using two boot partitions and "bootnext"; this same thing is available to those people with fragile systems, though it's not completely convenient, mostly because FreeBSD / and /usr partitions aren't easily rearrangeable to be mounted read-only. I think after you last posting, though, that at least you and I are at a consensus: set it up to work both ways, for now, and flip a big red switch on the default in the 5.3/5.4/6.0 time frame, with plenty of advance warning. If people want it the other way, then they can flip the switch the other way, and do a "make world" and burn their own ISOs (or hack the install and build code to be able to install either way). Frankly, I think that no one is going to miss the static linkages, when the switch is finally thrown. -- Terry From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 01:36:56 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18AEE37B401 for ; Fri, 6 Jun 2003 01:36:56 -0700 (PDT) Received: from comp.chem.msu.su (comp-ext.chem.msu.su [158.250.32.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5C4443F3F for ; Fri, 6 Jun 2003 01:36:53 -0700 (PDT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.12.3p2/8.12.3) with ESMTP id h568aiSH055570; Fri, 6 Jun 2003 12:36:45 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.12.3p2/8.12.3/Submit) id h568aZRa055569; Fri, 6 Jun 2003 12:36:35 +0400 (MSD) (envelope-from yar) Date: Fri, 6 Jun 2003 12:36:35 +0400 From: Yar Tikhiy To: Alexey Neyman Message-ID: <20030606083635.GA54892@comp.chem.msu.su> References: <200305292144.37793.alex.neyman@auriga.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200305292144.37793.alex.neyman@auriga.ru> User-Agent: Mutt/1.5.3i cc: freebsd-arch@freebsd.org Subject: Re: different users for NNTP server X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 08:36:56 -0000 On Thu, May 29, 2003 at 09:44:37PM +0400, Alexey Neyman wrote: > > I just stumbled over this: while /etc/master.passwd includes the 'news' > user, the /etc/inetd.conf suggests running NNTP server as 'usenet' user > (missing from /etc/master.passwd). Shouldn't both these files refer to > the same user, e.g. 'news'? While this is not exactly an architectural issue, your point seems correct. Moreover, we have never had a stock nntpd(8), so I'll move the nntpd line within inetd.conf down to the section of optional services as well. Thanks for pointing out. -- Yar From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 01:41:15 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A21C37B401 for ; Fri, 6 Jun 2003 01:41:15 -0700 (PDT) Received: from subway.linast.de (linast.blasberg-computer.de [62.67.45.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C76543F3F for ; Fri, 6 Jun 2003 01:41:14 -0700 (PDT) (envelope-from sl@linast.de) Received: from linast.de (p508563AF.dip0.t-ipconnect.de [80.133.99.175]) (authenticated bits=0) by subway.linast.de (8.12.6/8.12.6) with ESMTP id h568fAqq082498 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Fri, 6 Jun 2003 10:41:11 +0200 (CEST) (envelope-from sl@linast.de) Date: Fri, 6 Jun 2003 10:41:02 +0200 Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) To: Terry Lambert From: Sebastian Lederer In-Reply-To: <3EDF73DB.CCD31329@mindspring.com> Message-Id: <9A9E2868-97FA-11D7-B525-003065B639BC@linast.de> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.552) cc: freebsd-arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 08:41:15 -0000 Am Donnerstag, 05.06.03, um 18:46 Uhr (Europe/Berlin) schrieb Terry Lambert: > Sebastian Lederer wrote: [...] >> I think the best bet is to write something reasonably simple from >> scratch and implement it as an NSS module, so that it can be installed >> without any changes to the rest of the system, especially without >> hacking libc. > > You have to hack libc: the lookup calls in a static libc have > to resolve to transactions interacting with the lookupd. The > entire point of this exercise is to allow access to NSS modules > by a statically linked binary! Of course. What I meant was that writing an NSS module and putting it into the default set of static NSS modules is much easier than hacking support of a new protocol into each getXbyY function. I believe the irs/irp stuff from bind8 worked that way (anybody ever used it?). If you wanted to use the irpd daemon (equivalent to nscd), you put an "irp" keyword into the irs.conf file (equivalent to nsswitch.conf), just like any other name service module. The irpd daemon then had his own, different irs.conf file to avoid endless recursion. - Sebastian Lederer From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 02:42:59 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C64B837B405; Fri, 6 Jun 2003 02:42:59 -0700 (PDT) Received: from vhost109.his.com (vhost109.his.com [216.194.225.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C78E43FA3; Fri, 6 Jun 2003 02:42:57 -0700 (PDT) (envelope-from brad.knowles@skynet.be) Received: from [10.0.1.2] (localhost.his.com [127.0.0.1]) by vhost109.his.com (8.12.6p2/8.12.3) with ESMTP id h569gstS042486; Fri, 6 Jun 2003 05:42:55 -0400 (EDT) (envelope-from brad.knowles@skynet.be) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20030605235254.W5414@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> Date: Fri, 6 Jun 2003 11:32:56 +0200 To: freebsd-arch@freebsd.org From: Brad Knowles Content-Type: text/plain; charset="us-ascii" ; format="flowed" cc: Doug Barton cc: freebsd-current@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 09:43:00 -0000 At 12:09 AM -0700 2003/06/06, Doug Barton wrote: > FYI, for those wondering why I'm not considering BIND 9 for import, please > see http://people.freebsd.org/~dougb/whybind8.html I might be able to buy your arguments for supporting BIND 8 instead of BIND 9 in -STABLE, but not in -CURRENT. BIND 9 is the future. BIND 8 is ancient spaghetti code that only kinda-semi-sorta holds together, and there is only one guy working on maintaining it during the turn-down phase to EOL. BIND 9 uses new secure programming techniques that cause it to apply near-paranoid checks to data inputs and intentionally crash if it finds anything amiss. This helps ensure that almost all major input bugs are found and fixed before the code ever leaves the ISC. There's no sense re-hashing all these issues in e-mail -- I've got a whole host of reasons why BIND 8 is bad, and why BIND 9 is better. See slides 66-72 of my talk _Domain Name Server Comparison: BIND 8 vs. BIND 9 vs. djbdns vs. ???_, as presented at RIPE 44 in Amsterdam (at ). Also note that if you're going to flame someone for development on BIND 9, you shouldn't be flaming Nominum. They no longer do any work on BIND 9, and some of the people who were doing that work have been transferred to work directly for the ISC (as opposed to doing the work as Nominum employees under contract to the ISC). Indeed, even when Nominum was doing development on BIND 9 under contract to the ISC, the ISC still controlled the direction of the development and the overall manner in which the code would be written, with Nominum handling the implementation details. Therefore, even if you had these complaints years ago, you should still have addressed them to the ISC, not Nominum. Anyway, the argument for having separate -STABLE and -CURRENT branches is so that development on new code can progress, and adventurous types can give the new stuff a try (and help debug it), while less adventurous types can stick with tried-n-true. If you believe this argument at all, you cannot possibly justify keeping BIND 8 in -CURRENT. Virtually everything negative you have to say about BIND 9 is something that could also be said of -CURRENT. How do you expect that we can ever arrive at a -STABLE without first having a -CURRENT? Well, the same is true for BIND 9. Indeed, I'd say that BIND 9 is much more mature and production-ready than -CURRENT is most of the time (situations such as the current transition where we're just about to make 5.x the new -STABLE being the one exception I can think of). -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 03:01:10 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1779A37B401; Fri, 6 Jun 2003 03:01:10 -0700 (PDT) Received: from sccrmhc12.attbi.com (sccrmhc12.attbi.com [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45B8343F85; Fri, 6 Jun 2003 03:01:09 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23](untrusted sender)) by attbi.com (sccrmhc12) with SMTP id <200306061001080120096q1je>; Fri, 6 Jun 2003 10:01:08 +0000 Date: Fri, 6 Jun 2003 03:01:02 -0700 (PDT) From: Doug Barton To: Brad Knowles In-Reply-To: Message-ID: <20030606024813.Y5414@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 10:01:10 -0000 On Fri, 6 Jun 2003, Brad Knowles wrote: > At 12:09 AM -0700 2003/06/06, Doug Barton wrote: > > > FYI, for those wondering why I'm not considering BIND 9 for import, please > > see http://people.freebsd.org/~dougb/whybind8.html > > I might be able to buy your arguments for supporting BIND 8 > instead of BIND 9 in -STABLE, but not in -CURRENT. Regardless of whether I agree with the points you make here or not, the FreeBSD development model requires that what we import in -current, for the most part, be what we plan to eventually MFC. That factor alone eliminates the possibility of importing BIND 9 at this time. > There's no sense re-hashing all these issues in e-mail .... and yet you felt the need to do so. > Also note that if you're going to flame someone for development > on BIND 9, Nothing I've had to say on this issue should be (or I think reasonably can be) interpreted as a flame. I've simply stated the reasons I think that BIND 9 isn't suitable for one particular purpose. > Anyway, the argument for having separate -STABLE and -CURRENT > branches is so that development on new code can progress, and > adventurous types can give the new stuff a try (and help debug it), > while less adventurous types can stick with tried-n-true. Correct, however historically the project has chosen what it wants to be "adventurous" about. Using the "tried and true" versions of things in src/contrib gives us more flexibility to be "adventurous" in the parts of the tree that are generated by the project. However, those who really want to embark on the adventure of testing bind 9 in production can do so using the port. Using the combination of NO_BIND in /etc/make.conf and PORT_REPLACES_BASE_BIND9 in ports/net/bind9, you can even have exactly what you're asking for. Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 05:18:12 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 289EB37B401 for ; Fri, 6 Jun 2003 05:18:12 -0700 (PDT) Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B56843FBD for ; Fri, 6 Jun 2003 05:18:11 -0700 (PDT) (envelope-from david@catwhisker.org) Received: from bunrab.catwhisker.org (localhost [127.0.0.1]) by bunrab.catwhisker.org (8.12.9/8.12.9) with ESMTP id h56CIBab045446 for ; Fri, 6 Jun 2003 05:18:11 -0700 (PDT) (envelope-from david@bunrab.catwhisker.org) Received: (from david@localhost) by bunrab.catwhisker.org (8.12.9/8.12.9/Submit) id h56CIBij045445 for freebsd-arch@freebsd.org; Fri, 6 Jun 2003 05:18:11 -0700 (PDT) Date: Fri, 6 Jun 2003 05:18:11 -0700 (PDT) From: David Wolfskill Message-Id: <200306061218.h56CIBij045445@bunrab.catwhisker.org> To: freebsd-arch@freebsd.org In-Reply-To: <20030605235254.W5414@znfgre.qbhto.arg> Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 12:18:12 -0000 >Date: Fri, 6 Jun 2003 00:09:04 -0700 (PDT) >From: Doug Barton >To: freebsd-arch@freebsd.org, freebsd-current@freebsd.org >Subject: Way forward with BIND 8 >Reply-To: freebsd-arch@freebsd.org >... >Because there are over 14k lines of diff between the source for 8.3.5 and >8.4.0, I'm hesitant to import the latter right away. Instead, as the >nominal BIND maintainer, I'm proposing the following plan: [Plan itself elided; it's in the archives....] As someone who tends to be fairly conservative about deploying new software -- especially software that is as critical as name resolution -- the plan Works For Me (tm). Peace, david -- David H. Wolfskill david@catwhisker.org Based on what I have seen to date, the use of Microsoft products is not consistent with reliability. I recommend FreeBSD for reliable systems. From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 06:09:59 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1070937B401 for ; Fri, 6 Jun 2003 06:09:59 -0700 (PDT) Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F12743FAF for ; Fri, 6 Jun 2003 06:09:58 -0700 (PDT) (envelope-from mwlucas@blackhelicopters.org) Received: from blackhelicopters.org (mwlucas@localhost [127.0.0.1]) by blackhelicopters.org (8.12.8/8.12.8) with ESMTP id h56D9tSW085618 for ; Fri, 6 Jun 2003 09:09:55 -0400 (EDT) (envelope-from mwlucas@blackhelicopters.org) Received: (from mwlucas@localhost) by blackhelicopters.org (8.12.8/8.12.8/Submit) id h56D9tq9085617 for freebsd-arch@freebsd.org; Fri, 6 Jun 2003 09:09:55 -0400 (EDT) Date: Fri, 6 Jun 2003 09:09:55 -0400 From: "Michael W . Lucas" To: freebsd-arch@freebsd.org Message-ID: <20030606090955.A85597@blackhelicopters.org> References: <20030605235254.W5414@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20030605235254.W5414@znfgre.qbhto.arg>; from DougB@freebsd.org on Fri, Jun 06, 2003 at 12:09:04AM -0700 Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 13:09:59 -0000 As a sysadmin who rolls out many FreeBSD nameservers: Please do as you suggest. On Fri, Jun 06, 2003 at 12:09:04AM -0700, Doug Barton wrote: > [ Please respect followups to -arch, thanks. ] > > As most of you are probably already aware, there have been two recent > releases of BIND 8. Version 8.3.5 is the "bugfix, and new minor features" > release on the 8.3.x branch that we've currently got in the tree already. > 8.4.0 is (more or less) the "all the bug fixes from 8.3.5, plus support > for IPv6 transport" version. > > Because there are over 14k lines of diff between the source for 8.3.5 and > 8.4.0, I'm hesitant to import the latter right away. Instead, as the > nominal BIND maintainer, I'm proposing the following plan: > > 1. Import 8.3.5 into HEAD, and upgrade the bind8 port. At the same time, > create a bind84 port for the 8.4.x branch. The port will include the > PORT_REPLACES_BASE functionality that we already have. > > 2. At some suitable point in the near future (definitely before the next > 4.x release), MFC 8.3.5. > > 3. At some suitable point in the future, probably after the BIND 8.4.1 > release, import 8.4.x into HEAD. > > I'm definitely in favor of improving support for IPv6, and BIND 8.4.x is > going to be a big step in this direction. I'm just not sure that we should > be adopting it in the base right away. My personal feeling is that having > it in the ports for the convenience of early adopters is sufficient. > However, my purpose in writing is to poll the community... I'm willing to > be persuaded if folks have strong feelings about adopting 8.4.x in the > base sooner rather than later, speak up now. > > FYI, for those wondering why I'm not considering BIND 9 for import, please > see http://people.freebsd.org/~dougb/whybind8.html > > Doug > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org http://www.BlackHelicopters.org/~mwlucas/ Absolute OpenBSD: http://www.AbsoluteOpenBSD.com/ From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 06:28:00 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A8EE37B478; Fri, 6 Jun 2003 06:28:00 -0700 (PDT) Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC68D43FCB; Fri, 6 Jun 2003 06:27:56 -0700 (PDT) (envelope-from netch@lucky.net) Received: from netch@localhost [127.0.0.1] (netch@localhost [127.0.0.1]) by burka.carrier.kiev.ua with ESMTP id h56DRlY2028063; Fri, 6 Jun 2003 16:27:48 +0300 (EEST) (envelope-from netch@burka.carrier.kiev.ua) Received: (from netch@localhost) by burka.carrier.kiev.ua (8.12.8p1/8.12.8/Submit) id h56DRl6Z028060; Fri, 6 Jun 2003 16:27:47 +0300 (EEST) (envelope-from netch) Date: Fri, 6 Jun 2003 16:27:47 +0300 From: Valentin Nechayev To: Terry Lambert Message-ID: <20030606132747.GM83663@lucky.net> References: <20030605104620.GA47983@sunbay.com> <20030605120903.GB53363@sunbay.com> <3EDF37B9.1F5EF3FD@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EDF37B9.1F5EF3FD@mindspring.com> X-42: On X-Verify-Sender: verified cc: arch@freebsd.org cc: Mark Murray Subject: Re: A proposed drastic cleanup of the telnet build. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: netch@lucky.net List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 13:28:01 -0000 Thu, Jun 05, 2003 at 05:29:45, tlambert2 wrote about "Re: A proposed drastic cleanup of the telnet build.": >> restricted? If yes, I'd like to (please) hear why are >> they treated as such? If not, then the solution is >> obvious, keep them under src/*/(lib)telnet(d). > I think the answer is "the better to deprecate telnet, by > making it harder to get working". 8-|. If deprecate, please give another simple text protocol client. Or don't deprecate. (Also see PR 52032.) -netch- From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 06:36:39 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8951C37B401; Fri, 6 Jun 2003 06:36:39 -0700 (PDT) Received: from hannibal.servitor.co.uk (hannibal.servitor.co.uk [195.188.15.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF7E643F93; Fri, 6 Jun 2003 06:36:38 -0700 (PDT) (envelope-from paul@hannibal.servitor.co.uk) Received: from paul by hannibal.servitor.co.uk with local (Exim 4.14) id 19OHOe-000GQq-1r; Fri, 06 Jun 2003 14:36:44 +0100 Date: Fri, 6 Jun 2003 14:36:44 +0100 From: Paul Robinson To: Doug Barton Message-ID: <20030606133644.GB49662@iconoplex.co.uk> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606024813.Y5414@znfgre.qbhto.arg> Sender: Paul Robinson cc: Brad Knowles cc: freebsd-current@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 13:36:39 -0000 On Fri, Jun 06, 2003 at 03:01:02AM -0700, Doug Barton wrote: > FreeBSD development model requires that what we import in -current, for > the most part, be what we plan to eventually MFC. That factor alone > eliminates the possibility of importing BIND 9 at this time. Sorry to wade in here - let me just ask for clarification on something. Are you stating as the BIND maintainer around these parts that FreeBSD will never have BIND 9? That even though BIND 8 is no longer a "current release" according to the ISC webpage, and they're only carrying it as it is "still in wide usage" - i.e. everybody should be upgrading to 9 - you don't plan to drop 9 in as the standard, default resolver? Not just now, but you have no plans to do so currently at all? It's your use of the word "eventually" which is pricking my ears up here.. This is almost as bad as OpenBSD sticking with BIND 4... > Correct, however historically the project has chosen what it wants to be > "adventurous" about. Using the "tried and true" versions of things in > src/contrib gives us more flexibility to be "adventurous" in the parts of > the tree that are generated by the project. ISC claim BIND 9 to be the current release. 9.2.2 was released on March 3rd. I've been running it on one box here since March 5th. I have no issues. It is stable. It *will* act as a drop-in replacement for BIND 8 if you wish, except it's more secure, development is continuing on it, and in my experience, it performs better. I'm sure you have your reasons, I'm just not sure what they are. Can you spell out the objections? Perhaps off list? I'm just curious... not even you, anybody here who can explain why 9 is evil and 8 is great... > 9 in production can do so using the port. Using the combination of NO_BIND > in /etc/make.conf and PORT_REPLACES_BASE_BIND9 in ports/net/bind9, you can > even have exactly what you're asking for. But why make users jump through hoops to run the most secure, stable and supported version of BIND? Sorry, just don't get it... -- Paul Robinson From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 06:46:16 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE7F137B401; Fri, 6 Jun 2003 06:46:16 -0700 (PDT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1552F43FBD; Fri, 6 Jun 2003 06:46:16 -0700 (PDT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id A94FF10BF8C; Fri, 6 Jun 2003 15:46:14 +0200 (CEST) Date: Fri, 6 Jun 2003 15:46:14 +0200 From: "Simon L. Nielsen" To: Paul Robinson Message-ID: <20030606134612.GA963@nitro.dk> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline In-Reply-To: <20030606133644.GB49662@iconoplex.co.uk> User-Agent: Mutt/1.5.4i cc: freebsd-arch@freebsd.org cc: Doug Barton cc: freebsd-current@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 13:46:17 -0000 --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.06.06 14:36:44 +0100, Paul Robinson wrote: > This is almost as bad as OpenBSD sticking with BIND 4... OpenBSD has actually uses BIND 9 now... --=20 Simon L. Nielsen --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+4Jsk8kocFXgPTRwRAs5UAJ9q9jo9w3sI4K8vje2Vl6UgYUDXDgCgyHXe ks50/MDPKkXAGF9nxt7yTmU= =PL58 -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP-- From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 07:23:50 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A223E37B401; Fri, 6 Jun 2003 07:23:50 -0700 (PDT) Received: from mx0.freebsd-services.com (survey.codeburst.net [195.149.39.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5127943F85; Fri, 6 Jun 2003 07:23:47 -0700 (PDT) (envelope-from paul@freebsd-services.com) Received: by mx0.freebsd-services.com (Postfix, from userid 1002) id DC7E51B214; Fri, 6 Jun 2003 15:23:45 +0100 (BST) Date: Fri, 6 Jun 2003 15:23:45 +0100 From: Paul Richards To: Doug Barton Message-ID: <20030606142345.GE6086@survey.codeburst.net> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606024813.Y5414@znfgre.qbhto.arg> User-Agent: Mutt/1.5.4i cc: Brad Knowles cc: freebsd-current@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 14:23:51 -0000 On Fri, Jun 06, 2003 at 03:01:02AM -0700, Doug Barton wrote: > On Fri, 6 Jun 2003, Brad Knowles wrote: > > > At 12:09 AM -0700 2003/06/06, Doug Barton wrote: > > > > > FYI, for those wondering why I'm not considering BIND 9 for import, please > > > see http://people.freebsd.org/~dougb/whybind8.html > > > > I might be able to buy your arguments for supporting BIND 8 > > instead of BIND 9 in -STABLE, but not in -CURRENT. > > Regardless of whether I agree with the points you make here or not, the > FreeBSD development model requires that what we import in -current, for > the most part, be what we plan to eventually MFC. That factor alone > eliminates the possibility of importing BIND 9 at this time. Why? There's no basis for assuming that everything that goes into -current must be MFCd. The -current branch is for our next generation version of the OS with all the new whizzy features we might want and BIND9 is therefore exactly the sort of thing to add to -current, with no intention of ever MFCing it. The requirement is that nothing goes direct into -stable, that it must all go through -current first. that doesn't however imply that everything going into -current must be suitable for MFCing. -- Tis a wise thing to know what is wanted, wiser still to know when it has been achieved and wisest of all to know when it is unachievable for then striving is folly. [Magician] From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 07:28:16 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D951B37B401; Fri, 6 Jun 2003 07:28:16 -0700 (PDT) Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-138.pit.adelphia.net [24.53.161.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F16F43F75; Fri, 6 Jun 2003 07:28:16 -0700 (PDT) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com (working [172.16.0.95]) h56ES6p7006516; Fri, 6 Jun 2003 10:28:15 -0400 (EDT) (envelope-from wmoran@potentialtech.com) Message-ID: <3EE0A4F6.6020201@potentialtech.com> Date: Fri, 06 Jun 2003 10:28:06 -0400 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Paul Robinson References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> In-Reply-To: <20030606133644.GB49662@iconoplex.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-current@FreeBSD.org cc: Doug Barton cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 14:28:17 -0000 Paul Robinson wrote: > On Fri, Jun 06, 2003 at 03:01:02AM -0700, Doug Barton wrote: > >>FreeBSD development model requires that what we import in -current, for >>the most part, be what we plan to eventually MFC. That factor alone >>eliminates the possibility of importing BIND 9 at this time. > > Sorry to wade in here - let me just ask for clarification on something. Are > you stating as the BIND maintainer around these parts that FreeBSD will > never have BIND 9? That even though BIND 8 is no longer a "current release" > according to the ISC webpage, and they're only carrying it as it is "still > in wide usage" - i.e. everybody should be upgrading to 9 - you don't plan > to drop 9 in as the standard, default resolver? Not just now, but you have > no plans to do so currently at all? It's your use of the word "eventually" > which is pricking my ears up here.. Just to jump in and help out. The "at this time" part of his response says to me that the current "mixed" status of 5 as -CURRENT as well as -RELEASE and the current effort to get 5 -STABLE is what's preventing the import of BIND 9. Once 5 is branched to a 6-CURRENT, I'm sure the possibility will open up to import BIND 9 again. At that time ... >>Correct, however historically the project has chosen what it wants to be >>"adventurous" about. Using the "tried and true" versions of things in >>src/contrib gives us more flexibility to be "adventurous" in the parts of >>the tree that are generated by the project. > > ISC claim BIND 9 to be the current release. 9.2.2 was released on March 3rd. > I've been running it on one box here since March 5th. I have no issues. It > is stable. It *will* act as a drop-in replacement for BIND 8 if you wish, > except it's more secure, development is continuing on it, and in my > experience, it performs better. > > I'm sure you have your reasons, I'm just not sure what they are. Can you > spell out the objections? Perhaps off list? I'm just curious... not even > you, anybody here who can explain why 9 is evil and 8 is great... I don't know details. But my experience with the FreeBSD folks is that they don't jump on a new version just because the vendor says, "everyone should move to this new version." Apache, as a related example, is pushing hard to have everyone on 2.x. But if Apache were a part of the base FreeBSD and it moved to 2.x, it would have major stability problems with things like PHP (who is recommending that people do NOT use Apache 2 with PHP) So, as I see it, the FreeBSD developers carefully evaluate claims of "newer, better" and make decisions based on internal testing and experience - not marketing hype. Of course, the BIND folks don't want to continue to maintain BIND 8, so it's only natural for them to push BIND 9. >>9 in production can do so using the port. Using the combination of NO_BIND >>in /etc/make.conf and PORT_REPLACES_BASE_BIND9 in ports/net/bind9, you can >>even have exactly what you're asking for. > > But why make users jump through hoops to run the most secure, stable and > supported version of BIND? Sorry, just don't get it... Because, in the conservative opinion of the FreeBSD developers, it's not that proven yet. Also, the current development status of the source tree makes it a PITA to do at this time. Personally, I don't consider installing a port "jumping through hoops", but that's just me. -- Bill Moran Potential Technologies http://www.potentialtech.com From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 08:57:12 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70E3637B401 for ; Fri, 6 Jun 2003 08:57:12 -0700 (PDT) Received: from smtp1.server.rpi.edu (smtp1.server.rpi.edu [128.113.2.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAFF843F3F for ; Fri, 6 Jun 2003 08:57:11 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp1.server.rpi.edu (8.12.9/8.12.9) with ESMTP id h56FvACS021115 for ; Fri, 6 Jun 2003 11:57:10 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20030605235254.W5414@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> Date: Fri, 6 Jun 2003 11:57:09 -0400 To: freebsd-arch@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 15:57:12 -0000 At 12:09 AM -0700 6/6/03, Doug Barton wrote: >2. At some suitable point in the near future (definitely > before the next 4.x release), MFC 8.3.5. > >3. At some suitable point in the future, probably after > the BIND 8.4.1 release, import 8.4.x into HEAD. This seems reasonable. >FYI, for those wondering why I'm not considering BIND 9 for >import, please see > http://people.freebsd.org/~dougb/whybind8.html One hopes this will be re-evaluated sometime after 6.x starts, and before *that* becomes the stable branch. Given that we're almost at the point of having 5.x become freebsd-stable, it is probably best that we not jump to bind 9 at this point. However, I don't think we can stay at bind 9 forever... -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 09:04:31 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 977D437B401; Fri, 6 Jun 2003 09:04:31 -0700 (PDT) Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87FEE43F3F; Fri, 6 Jun 2003 09:04:30 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1]) by dragon.nuxi.com (8.12.9/8.12.9) with ESMTP id h56G4NVm031037; Fri, 6 Jun 2003 09:04:28 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.12.9/8.12.9/Submit) id h56G4NXB031036; Fri, 6 Jun 2003 09:04:23 -0700 (PDT) Date: Fri, 6 Jun 2003 09:04:22 -0700 From: "David O'Brien" To: Doug Barton Message-ID: <20030606160422.GB82589@dragon.nuxi.com> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606024813.Y5414@znfgre.qbhto.arg> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 5.1-BETA Organization: The NUXI BSD Group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 cc: Brad Knowles cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-arch@FreeBSD.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 16:04:31 -0000 On Fri, Jun 06, 2003 at 03:01:02AM -0700, Doug Barton wrote: > On Fri, 6 Jun 2003, Brad Knowles wrote: > > > At 12:09 AM -0700 2003/06/06, Doug Barton wrote: > > > > > FYI, for those wondering why I'm not considering BIND 9 for import, please > > > see http://people.freebsd.org/~dougb/whybind8.html > > > > I might be able to buy your arguments for supporting BIND 8 > > instead of BIND 9 in -STABLE, but not in -CURRENT. > > Regardless of whether I agree with the points you make here or not, the > FreeBSD development model requires that what we import in -current, for > the most part, be what we plan to eventually MFC. That factor alone > eliminates the possibility of importing BIND 9 at this time. We do not have to strickly ahear to this. Once I upgraded the -CURRENT compiler with a major revision change, I certainly didn't later commit a new minor rev of the previous compiler to -current before committing it to -stable. We certainly can't import BIND9 to -STABLE w/o a trip thru -CURRENT. But you can certainly upgrade the BIND8 in -STABLE to a newer minor revision release. I agree with Brad that we should have BIND9 in -CURRENT. It is the latest release, it is the future, we should get it in now while -CURRENT is still for early adopters to get experience with BIND9. > Correct, however historically the project has chosen what it wants to be > "adventurous" about. Using the "tried and true" versions of things in > src/contrib gives us more flexibility to be "adventurous" in the parts of > the tree that are generated by the project. Uh... we've imported early alpha versions of compilers and assemblers/linkers into -CURRENT before. We are more adventurous in -CURRENT. > However, those who really want to embark on the adventure of testing bind > 9 in production can do so using the port. At what point will you finally feel BIND9 is ready for normal use? -- -- David (obrien@FreeBSD.org) From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 09:10:19 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6F5337B401; Fri, 6 Jun 2003 09:10:19 -0700 (PDT) Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BA9D43FA3; Fri, 6 Jun 2003 09:10:19 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1]) by dragon.nuxi.com (8.12.9/8.12.9) with ESMTP id h56GA4Vm031082; Fri, 6 Jun 2003 09:10:04 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.12.9/8.12.9/Submit) id h56GA3uT031081; Fri, 6 Jun 2003 09:10:03 -0700 (PDT) Date: Fri, 6 Jun 2003 09:10:02 -0700 From: "David O'Brien" To: Bill Moran Message-ID: <20030606161002.GC82589@dragon.nuxi.com> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> <3EE0A4F6.6020201@potentialtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EE0A4F6.6020201@potentialtech.com> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 5.1-BETA Organization: The NUXI BSD Group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 cc: Doug Barton cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-arch@FreeBSD.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 16:10:20 -0000 On Fri, Jun 06, 2003 at 10:28:06AM -0400, Bill Moran wrote: > The "at this time" part of his response says to me that the current "mixed" > status of 5 as -CURRENT as well as -RELEASE and the current effort to get > 5 -STABLE is what's preventing the import of BIND 9. Once 5 is branched > to a 6-CURRENT, I'm sure the possibility will open up to import BIND 9 > again. At that time ... The problem is that means that all throughout the 5-STABLE branch (I'd figure 2 years), we have BIND8 in the tree and FreeBSD will get less and less support from the vendor for security problems that creap up. It also means the normal world will wait another 2 years until the wind up with BIND9. If we're going to forever stick with anchient versions of stuff in src/contrib; we might as well kick BIND out and require the use of a port. I use FreeBSD because I want fresh userland software (when it is ready, and surely by X.2.2 it is) that is easily installable and upgradeable via 'make world'. Otherwise I'd use NetBSD. -- -- David (obrien@FreeBSD.org) From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 10:26:31 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83E1A37B401 for ; Fri, 6 Jun 2003 10:26:31 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0837A43FBF for ; Fri, 6 Jun 2003 10:26:31 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h56HQUVI026474; Fri, 6 Jun 2003 10:26:30 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h56HQUiw026473; Fri, 6 Jun 2003 10:26:30 -0700 (PDT) Date: Fri, 6 Jun 2003 10:26:30 -0700 (PDT) From: Matthew Dillon Message-Id: <200306061726.h56HQUiw026473@apollo.backplane.com> To: Bill Moran References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <3EE0A4F6.6020201@potentialtech.com> cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 17:26:31 -0000 Bind-9 should be the default in both -current and -stable. Bind-8 has some serious, unfixable issues with it the biggest of which being that NS glue and additional-record returns are not properly separated out from official glue and official record data in internal structures and can poison the DNS cache. The second biggest problem has to do with the way Bind-8 forwards responses from servers to clients without regenerating them, leaving a path potentially open for hacked DNS sites to directly corrupt programs. Nobody with any serious DNS needs should be using bind-8 any more. There are two issues with a changeover to bind-9. First, the bind-9 port does not properly install the new encrypted command/management system (the equivalent to ndc in bind-8), and, second, there are some differences in named.conf and zone file operation. That said it only took me an hour to convert my moderate DNS setup (serving four or five domains) over to bind-9 a year or so ago. But it is something I think needs to be done. Using the whole -release/-stable mess as an excuse to not do it is a cop-out, especially considering that there is still a huge amount of kernel work currently being done that has nothing to do with the stabilization of critical subsystems, and nobody is stopping that. Another alternative is to make a clean break between 4.x and 5.x. The point when the FreeBSD project goes to 6-current/5-stable is the point when I have stated that I am going to make a decision whether to take the 4.* branch series under my wing or not. -Matt From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 10:59:55 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37DB137B401 for ; Fri, 6 Jun 2003 10:59:55 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB13043F75 for ; Fri, 6 Jun 2003 10:59:54 -0700 (PDT) (envelope-from sean@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id 3E30B20F00; Fri, 6 Jun 2003 10:59:54 -0700 (PDT) Date: Fri, 6 Jun 2003 10:59:54 -0700 From: Sean Chittenden To: freebsd-arch@freebsd.org Message-ID: <20030606175954.GQ65470@perrin.int.nxad.com> References: <20030605235254.W5414@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="b8GWCKCLzrXbuNet" Content-Disposition: inline In-Reply-To: <20030605235254.W5414@znfgre.qbhto.arg> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 17:59:55 -0000 --b8GWCKCLzrXbuNet Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > As most of you are probably already aware, there have been two > recent releases of BIND 8. Version 8.3.5 is the "bugfix, and new > minor features" release on the 8.3.x branch that we've currently got > in the tree already. 8.4.0 is (more or less) the "all the bug fixes > from 8.3.5, plus support for IPv6 transport" version. >=20 > Because there are over 14k lines of diff between the source for 8.3.5 and > 8.4.0, I'm hesitant to import the latter right away. Instead, as the > nominal BIND maintainer, I'm proposing the following plan: Ummm... I hate to beg the question, but why have a nameserver in the default installation? All we need is the client resolver libraries and basic CLI programs. Using DHCP or HTTP as examples: we don't need dhcpd in the base, just dhclient, and with HTTP, we don't need apache in our base, but we do have/need fetch. The only reason I can think of that that would justify us having the nameserver in our base was if our /etc/resolv.conf shipped with 127.0.0.1 as the default nameserver... which it doesn't (there is no default resolv.conf, it's generated based off of user input!). If someone is running a dns cache or a dns server, then let them install from the ports and let us be done with our support nightmare of updating nameserver code or dictating policy for what nameserver our users should use by default. Updating server software via the ports is going to happen much more routinely for system administrators than software that is in the base. Removing the nameservers from our base also alleviates the project from future bikesheds regarding what to do when bind10 comes out midway through a major FreeBSD release or bind 9.43 fixes a bug, but isn't backwards compatible in some way (config file perhaps). This gives people a chance to install what they want and _maintain_ what they want, when they want ala the ports. Kill off most of the bind server bits and hold onto the client programs/libs in -CURRENT. Let 8.3/8.4 run its course in -STABLE, and urge people to use the ports if they're interested in newer DNS software. Having sysinstall install a bind[\d] package as an install option would likely result in more current bind installations than FreeBSD currently offers as most people stick with the defaults in the base system. Let's liberate our user base from using or feeling obligated to use out dated software by giving them a choice. -sc PS It'd probably be wise of us to create a new ports major category called "dns" that why all options are easily identified. --=20 Sean Chittenden --b8GWCKCLzrXbuNet Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iD8DBQE+4NaZ3ZnjH7yEs0ERAkjTAKCfBbAM3HsdqZX74fbgbxsozpCvlQCeIa+D DTJVLOwxg70GBq5h0Ck0mg4= =4huX -----END PGP SIGNATURE----- --b8GWCKCLzrXbuNet-- From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 11:24:16 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B65FC37B401 for ; Fri, 6 Jun 2003 11:24:16 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id E257843F93 for ; Fri, 6 Jun 2003 11:24:14 -0700 (PDT) (envelope-from oppermann@pipeline.ch) Received: (qmail 97425 invoked from network); 6 Jun 2003 18:24:23 -0000 Received: from unknown (HELO pipeline.ch) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 6 Jun 2003 18:24:23 -0000 Message-ID: <3EE0DBEC.F32AF559@pipeline.ch> Date: Fri, 06 Jun 2003 20:22:36 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Sean Chittenden References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 18:24:17 -0000 Sean Chittenden wrote: > > > As most of you are probably already aware, there have been two > > recent releases of BIND 8. Version 8.3.5 is the "bugfix, and new > > minor features" release on the 8.3.x branch that we've currently got > > in the tree already. 8.4.0 is (more or less) the "all the bug fixes > > from 8.3.5, plus support for IPv6 transport" version. > > > > Because there are over 14k lines of diff between the source for 8.3.5 and > > 8.4.0, I'm hesitant to import the latter right away. Instead, as the > > nominal BIND maintainer, I'm proposing the following plan: > > Ummm... I hate to beg the question, but why have a nameserver in the > default installation? All we need is the client resolver libraries > and basic CLI programs. Using DHCP or HTTP as examples: we don't need > dhcpd in the base, just dhclient, and with HTTP, we don't need apache > in our base, but we do have/need fetch. The only reason I can think > of that that would justify us having the nameserver in our base was if > our /etc/resolv.conf shipped with 127.0.0.1 as the default > nameserver... which it doesn't (there is no default resolv.conf, it's > generated based off of user input!). I can only support Sean with his proposal. Very wise. That would make: -STABLE and 4.9R stay at whatever official update de jour of BIND8.3. -CURRENT and 5.1R remove BIND8 from contrib. User will have to install from ports whatever pleases him/her (bind8.3, bind8.4, bind9, djbdns, maradns, ...). -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware if you wish). > PS It'd probably be wise of us to create a new ports major category > called "dns" that why all options are easily identified. Agreed. Such an category has recently, with all these new DNS servers to choose from, become very useful. -- Andre From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 11:29:06 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D876C37B401; Fri, 6 Jun 2003 11:29:06 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C22843FA3; Fri, 6 Jun 2003 11:29:06 -0700 (PDT) (envelope-from bmah@employees.org) Received: from bmah.dyndns.org (12-240-204-110.client.attbi.com[12.240.204.110]) by attbi.com (rwcrmhc51) with ESMTP id <2003060618290505100850nle>; Fri, 6 Jun 2003 18:29:05 +0000 Received: from intruder.bmah.org (localhost [127.0.0.1]) by bmah.dyndns.org (8.12.9/8.12.9) with ESMTP id h56IT59c048678; Fri, 6 Jun 2003 11:29:05 -0700 (PDT) (envelope-from bmah@intruder.bmah.org) Message-Id: <200306061829.h56IT59c048678@bmah.dyndns.org> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: Andre Oppermann In-Reply-To: <3EE0DBEC.F32AF559@pipeline.ch> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> <3EE0DBEC.F32AF559@pipeline.ch> Comments: In-reply-to Andre Oppermann message dated "Fri, 06 Jun 2003 20:22:36 +0200." From: "Bruce A. Mah" X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-353657514P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 06 Jun 2003 11:29:05 -0700 Sender: bmah@employees.org cc: Sean Chittenden cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bmah@freebsd.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 18:29:07 -0000 --==_Exmh_-353657514P Content-Type: text/plain; charset=us-ascii If memory serves me right, Andre Oppermann wrote: > -CURRENT and 5.1R remove BIND8 from contrib. User will have to > install from ports whatever pleases him/her (bind8.3, bind8.4, bind9, > djbdns, maradns, ...). > > -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware if you wish). It is way too late to make changes of this sort for 5.1-RELEASE. Bruce. --==_Exmh_-353657514P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) Comment: Exmh version 2.5+ 20020506 iD8DBQE+4N1x2MoxcVugUsMRAtnTAKCQwIeM6PZsMUqyX214XhsjLrZDsACdHJST PGyB6SrxSY32naOKqVOoRa8= =xIdC -----END PGP SIGNATURE----- --==_Exmh_-353657514P-- From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 11:58:27 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A5DA37B401 for ; Fri, 6 Jun 2003 11:58:27 -0700 (PDT) Received: from w250.z064001178.sjc-ca.dsl.cnc.net (adsl-66.218.45.239.dslextreme.com [66.218.45.239]) by mx1.FreeBSD.org (Postfix) with SMTP id B906143FBD for ; Fri, 6 Jun 2003 11:58:26 -0700 (PDT) (envelope-from jos@catnook.com) Received: (qmail 25799 invoked by uid 1000); 6 Jun 2003 18:58:48 -0000 Date: Fri, 6 Jun 2003 11:58:26 -0700 From: Jos Backus To: freebsd-arch@freebsd.org Message-ID: <20030606185848.GB19583@lizzy.catnook.com> Mail-Followup-To: freebsd-arch@freebsd.org References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606175954.GQ65470@perrin.int.nxad.com> User-Agent: Mutt/1.5.4i Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jos@catnook.com List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 18:58:27 -0000 On Fri, Jun 06, 2003 at 10:59:54AM -0700, Sean Chittenden wrote: > Ummm... I hate to beg the question, but why have a nameserver in the > default installation? All we need is the client resolver libraries > and basic CLI programs. I agree. Sean makes some very good points here. -- Jos Backus _/ _/_/_/ Sunnyvale, CA _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ jos at catnook.com _/_/ _/_/_/ require 'std/disclaimer' From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 12:24:20 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 358EF37B401; Fri, 6 Jun 2003 12:24:20 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1EB3343FA3; Fri, 6 Jun 2003 12:24:19 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.8/8.12.3) with ESMTP id h56JOIkA041533; Fri, 6 Jun 2003 13:24:18 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Fri, 06 Jun 2003 13:24:04 -0600 (MDT) Message-Id: <20030606.132404.126768734.imp@bsdimp.com> To: bmah@freebsd.org From: "M. Warner Losh" In-Reply-To: <200306061829.h56IT59c048678@bmah.dyndns.org> References: <20030606175954.GQ65470@perrin.int.nxad.com> <3EE0DBEC.F32AF559@pipeline.ch> <200306061829.h56IT59c048678@bmah.dyndns.org> X-Mailer: Mew version 2.1 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: seanc@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 19:24:20 -0000 In message: <200306061829.h56IT59c048678@bmah.dyndns.org> "Bruce A. Mah" writes: : If memory serves me right, Andre Oppermann wrote: : : > -CURRENT and 5.1R remove BIND8 from contrib. User will have to : > install from ports whatever pleases him/her (bind8.3, bind8.4, bind9, : > djbdns, maradns, ...). : > : > -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware if you wish). : : It is way too late to make changes of this sort for 5.1-RELEASE. s/of this sort/of any sort/g Warner From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 12:24:32 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3438637B401; Fri, 6 Jun 2003 12:24:32 -0700 (PDT) Received: from mail.allcaps.org (allcaps.org [216.240.173.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4BCF43FB1; Fri, 6 Jun 2003 12:24:31 -0700 (PDT) (envelope-from bsder@allcaps.org) Received: from mail.allcaps.org (localhost [127.0.0.1]) by mail.allcaps.org (Postfix) with ESMTP id 68222930D6; Fri, 6 Jun 2003 15:24:31 -0400 (EDT) Received: from localhost (bsder@localhost)h56JOSgI026568; Fri, 6 Jun 2003 12:24:28 -0700 X-Authentication-Warning: mail.allcaps.org: bsder owned process doing -bs Date: Fri, 6 Jun 2003 12:24:28 -0700 (PDT) From: "Andrew P. Lentvorski, Jr." To: Bill Moran In-Reply-To: <3EE0A4F6.6020201@potentialtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@FreeBSD.org cc: Doug Barton cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 19:24:32 -0000 On Fri, 6 Jun 2003, Bill Moran wrote: > So, as I see it, the FreeBSD developers carefully evaluate claims of "newer, > better" and make decisions based on internal testing and experience - not > marketing hype. Of course, the BIND folks don't want to continue to maintain > BIND 8, so it's only natural for them to push BIND 9. I seem to remember that part of the issue is that FreeBSD pulls in the resolver libraries from BIND. Consequently, if you pull BIND 9 in, you also get stuck with its resolver libraries. And there were some issues with the BIND 9 libraries ... I actually would like to see BIND completely excised from the base system. However, every time I look at the amount of work required to break the dependence between the resolver library and BIND, I generally realize that there is something else I'd much rather be doing. ;) -a From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 12:30:03 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC98B37B401; Fri, 6 Jun 2003 12:30:03 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C97543FDD; Fri, 6 Jun 2003 12:29:47 -0700 (PDT) (envelope-from sean@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id 2B87E20F00; Fri, 6 Jun 2003 12:29:46 -0700 (PDT) Date: Fri, 6 Jun 2003 12:29:46 -0700 From: Sean Chittenden To: "M. Warner Losh" Message-ID: <20030606192946.GR65470@perrin.int.nxad.com> References: <20030606175954.GQ65470@perrin.int.nxad.com> <3EE0DBEC.F32AF559@pipeline.ch> <200306061829.h56IT59c048678@bmah.dyndns.org> <20030606.132404.126768734.imp@bsdimp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606.132404.126768734.imp@bsdimp.com> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 19:30:04 -0000 > : > -CURRENT and 5.1R remove BIND8 from contrib. User will have to > : > install from ports whatever pleases him/her (bind8.3, bind8.4, bind9, > : > djbdns, maradns, ...). > : > > : > -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware if you wish). > : > : It is way too late to make changes of this sort for 5.1-RELEASE. > > s/of this sort/of any sort/g For 5.1 I absolutely agree, do nothing (I don't think the poster knew how close 5.1 is to being released.. <72hrs and counting). Let's not let this semantic error derail the point at hand. -sc -- Sean Chittenden From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 13:52:24 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7534137B401; Fri, 6 Jun 2003 13:52:24 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id C63A043FBD; Fri, 6 Jun 2003 13:52:23 -0700 (PDT) (envelope-from bmah@employees.org) Received: from bmah.dyndns.org (12-240-204-110.client.attbi.com[12.240.204.110]) by attbi.com (rwcrmhc52) with ESMTP id <2003060620522305200mvdv2e>; Fri, 6 Jun 2003 20:52:23 +0000 Received: from intruder.bmah.org (localhost [127.0.0.1]) by bmah.dyndns.org (8.12.9/8.12.9) with ESMTP id h56KqM9c049650; Fri, 6 Jun 2003 13:52:22 -0700 (PDT) (envelope-from bmah@intruder.bmah.org) Received: (from bmah@localhost) by intruder.bmah.org (8.12.9/8.12.9/Submit) id h56KqMAd049649; Fri, 6 Jun 2003 13:52:22 -0700 (PDT) Date: Fri, 6 Jun 2003 13:52:22 -0700 From: "Bruce A. Mah" To: Sean Chittenden Message-ID: <20030606205222.GA49614@intruder.bmah.org> References: <20030606175954.GQ65470@perrin.int.nxad.com> <3EE0DBEC.F32AF559@pipeline.ch> <200306061829.h56IT59c048678@bmah.dyndns.org> <20030606.132404.126768734.imp@bsdimp.com> <20030606192946.GR65470@perrin.int.nxad.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR" Content-Disposition: inline In-Reply-To: <20030606192946.GR65470@perrin.int.nxad.com> User-Agent: Mutt/1.4.1i X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-url: http://www.employees.org/~bmah/ cc: "M. Warner Losh" cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 20:52:24 -0000 --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable If memory serves me right, Sean Chittenden wrote: > > : > -CURRENT and 5.1R remove BIND8 from contrib. User will have to > > : > install from ports whatever pleases him/her (bind8.3, bind8.4, bi= nd9, > > : > djbdns, maradns, ...). > > : >=20 > > : > -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware if you wish). > > :=20 > > : It is way too late to make changes of this sort for 5.1-RELEASE. > >=20 > > s/of this sort/of any sort/g Not quite true. We have delayed releases for security vulnerabilities before. But I digress. > For 5.1 I absolutely agree, do nothing (I don't think the poster knew > how close 5.1 is to being released.. <72hrs and counting). Let's not > let this semantic error derail the point at hand. I actually don't have an informed opinion on what BIND we should be shipping (or not shipping) in the base system. I'm hoping to learn more as the discussion progresses. I just wanted to speak up to make sure the idea of a last-minute change to 5.1-RELEASE died early. :-p Please continue... Bruce. --T4sUOijqQbZv57TR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+4P8G2MoxcVugUsMRAuVDAJ9B0MMyb7o04N+7+inPMFBHCZQcNgCgp5pa d6NSYRi8bP4xBAM9rBQAbyU= =VgXx -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR-- From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 14:23:35 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB75237B401 for ; Fri, 6 Jun 2003 14:23:35 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CF0E43FAF for ; Fri, 6 Jun 2003 14:23:35 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h56LNYVI027576; Fri, 6 Jun 2003 14:23:34 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h56LNXev027573; Fri, 6 Jun 2003 14:23:33 -0700 (PDT) Date: Fri, 6 Jun 2003 14:23:33 -0700 (PDT) From: Matthew Dillon Message-Id: <200306062123.h56LNXev027573@apollo.backplane.com> To: Terry Lambert References: <3EDCD0C1.1020300@acm.org> <20030604083801.GA74277@subway.linast.de> <3EDF73DB.CCD31329@mindspring.com> cc: freebsd-arch@freebsd.org cc: Sebastian Lederer Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 21:23:36 -0000 :> :> I think the best bet is to write something reasonably simple from :> scratch and implement it as an NSS module, so that it can be installed :> without any changes to the rest of the system, especially without :> hacking libc. : :You have to hack libc: the lookup calls in a static libc have :to resolve to transactions interacting with the lookupd. The :entire point of this exercise is to allow access to NSS modules :by a statically linked binary! : :-- Terry I really like the idea of Darwin's lookupd. I'd like to see something like that not only for authentication, but for hostname lookups as well (at least for standard libc calls, which currently require most of the resolver's packet code to do even the simplest of operations). -Matt Matthew Dillon From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 15:54:14 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0CF837B401; Fri, 6 Jun 2003 15:54:14 -0700 (PDT) Received: from vhost109.his.com (vhost109.his.com [216.194.225.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6491843FB1; Fri, 6 Jun 2003 15:54:13 -0700 (PDT) (envelope-from brad.knowles@skynet.be) Received: from [10.0.1.2] (localhost.his.com [127.0.0.1]) by vhost109.his.com (8.12.6p2/8.12.3) with ESMTP id h56MsAtS004941; Fri, 6 Jun 2003 18:54:11 -0400 (EDT) (envelope-from brad.knowles@skynet.be) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20030606024813.Y5414@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> Date: Fri, 6 Jun 2003 22:30:16 +0200 To: Doug Barton From: Brad Knowles Content-Type: text/plain; charset="us-ascii" ; format="flowed" cc: Brad Knowles cc: freebsd-current@FreeBSD.org cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 22:54:15 -0000 At 3:01 AM -0700 2003/06/06, Doug Barton wrote: > Regardless of whether I agree with the points you make here or not, the > FreeBSD development model requires that what we import in -current, for > the most part, be what we plan to eventually MFC. That factor alone > eliminates the possibility of importing BIND 9 at this time. I'm sorry, plenty of things have been done in -CURRENT that could not possibly be MFC'ed to -STABLE. Yes, once the leap to the next version is done and the particular RELENG tree that used to be -CURRENT becomes the new -STABLE, things would migrate down. Are you saying that the new SMP code could not have been done, because it could not be MFC'ed to -STABLE? I'm sorry, this is a completely false argument. >> There's no sense re-hashing all these issues in e-mail > > .... and yet you felt the need to do so. No, I didn't. If I had, I would have cut-n-pasted all those specific points into my e-mail message. As it was, I mentioned one or two points on either side, and referred people to the rest. > Nothing I've had to say on this issue should be (or I think reasonably can > be) interpreted as a flame. I've simply stated the reasons I think that > BIND 9 isn't suitable for one particular purpose. In which case, I would submit that you should be more involved in the development of BIND, so that (in your mind) it can become suitable for this purpose. Are you a member of the BIND Forum (see )? Are you on the bind-workers mailing list? IMO, if you want to claim that BIND 9 isn't suitable for production use, then I believe you should be prepared to help change that situation. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 16:06:49 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B77BE37B401 for ; Fri, 6 Jun 2003 16:06:49 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED68843FA3 for ; Fri, 6 Jun 2003 16:06:48 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h56N5TOn019391; Fri, 6 Jun 2003 19:05:29 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h56N5SGV019388; Fri, 6 Jun 2003 19:05:29 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Fri, 6 Jun 2003 19:05:28 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Matthew Dillon In-Reply-To: <200306062123.h56LNXev027573@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Sebastian Lederer cc: freebsd-arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 23:06:50 -0000 On Fri, 6 Jun 2003, Matthew Dillon wrote: > I really like the idea of Darwin's lookupd. I'd like to see something > like that not only for authentication, but for hostname lookups as well > (at least for standard libc calls, which currently require most of the > resolver's packet code to do even the simplest of operations). I think that would be quite neat; as discussed, irs from the BIND distribution does the DNS elements of this, although not in our current framework. An idea I've also been interested in looking at, now that we have NSS to indirect many of the database operations, is how easy it would be to indirect new configuration data through NSS. For example, although we can share account information via directory services such as NIS, LDAP, etc, we cannot currently share login.conf user class data. Some other configuration files might also lend themselves quite well to this sort of configuration -- perhaps even files such as inetd.conf, ftpusers, login.access, opiekies, etc. One of the important goals of elements like NSS is to improve our ability to centrally manage many FreeBSD systems in a scalable manner; another is the ability to support more reliable and more easily managed backends, such as configuration databases originating in local SQL, etc. Experimenting with ways to take this a few steps further might be quite interesting, and could have some nice payoffs. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 16:44:57 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D1BB37B401; Fri, 6 Jun 2003 16:44:57 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E344843F75; Fri, 6 Jun 2003 16:44:56 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h56NiuVI028256; Fri, 6 Jun 2003 16:44:56 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h56NiuNb028255; Fri, 6 Jun 2003 16:44:56 -0700 (PDT) Date: Fri, 6 Jun 2003 16:44:56 -0700 (PDT) From: Matthew Dillon Message-Id: <200306062344.h56NiuNb028255@apollo.backplane.com> To: Robert Watson References: cc: freebsd-arch@freebsd.org Subject: Re: Making a dynamically-linked root X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2003 23:44:57 -0000 It would be fairly easy to create a unix-domain or localhost socketed port service and messaging primitives to access just about any configuration data that you would typically store in a file. Initially such a service would simply access the appropriate file and relay the information to the client but ultimately it could incorporate more sophisticated features on its backend without any modifications having to be done on the client side or to the client protocol. Something like this: * client connects to sevice * client sends message with creds (SCM_CREDS) containing request. The message would include a serial id to allow the client side to multi-thread or stream requests, configuration file id or path name, command, and data. * client gets reply (and optionally caches result, default to off). (done) Frontend primitives could be as simple as 'get record N', and 'lookup record with key', plus a timeout/failure and possibly a failsafe feature. The entire implementation in libc would be very small and record data would always be returned in text form (key/data) for maximum portability. Backend sophisitication could include loadable modules to integrate remote services for particular configuration file classes, like NIS, multiple resolver sources, logging/auditing, security restrictions, different backend storage mechanisms such as databases, backend forking and/or multi-threading to handle parallel blockable requests (e.g. DNS lookups), automatic DBM management (no need to run pwd_mkdb and friends), security partitioning (fork/jail) to prevent bugs from corrupting other users using the service, and so forth. It would be nice to be able to get rid of the necessity of running all the *_mkdb commands and to remove PAM, locale, and the resolver from client binaries, and to have a mechanism that anyone can write a simple DLL to support their own special circumstances. -Matt Matthew Dillon :I think that would be quite neat; as discussed, irs from the BIND :distribution does the DNS elements of this, although not in our current :framework. An idea I've also been interested in looking at, now that we :have NSS to indirect many of the database operations, is how easy it would :be to indirect new configuration data through NSS. For example, although :we can share account information via directory services such as NIS, LDAP, :etc, we cannot currently share login.conf user class data. Some other :configuration files might also lend themselves quite well to this sort of :configuration -- perhaps even files such as inetd.conf, ftpusers, :login.access, opiekies, etc. : :One of the important goals of elements like NSS is to improve our ability :to centrally manage many FreeBSD systems in a scalable manner; another is :the ability to support more reliable and more easily managed backends, :such as configuration databases originating in local SQL, etc. :Experimenting with ways to take this a few steps further might be quite :interesting, and could have some nice payoffs. : :Robert N M Watson FreeBSD Core Team, TrustedBSD Projects :robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 17:31:43 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07AAC37B401; Fri, 6 Jun 2003 17:31:43 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22CB143F93; Fri, 6 Jun 2003 17:31:42 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (sccrmhc02) with SMTP id <2003060700314000200dnlr6e>; Sat, 7 Jun 2003 00:31:41 +0000 Date: Fri, 6 Jun 2003 17:31:40 -0700 (PDT) From: Doug Barton To: Paul Robinson In-Reply-To: <20030606133644.GB49662@iconoplex.co.uk> Message-ID: <20030606171720.H15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Brad Knowles cc: freebsd-current@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 00:31:43 -0000 On Fri, 6 Jun 2003, Paul Robinson wrote: > On Fri, Jun 06, 2003 at 03:01:02AM -0700, Doug Barton wrote: > > > FreeBSD development model requires that what we import in -current, for > > the most part, be what we plan to eventually MFC. That factor alone > > eliminates the possibility of importing BIND 9 at this time. > > Sorry to wade in here - No need to apologize, I asked for feedback. > let me just ask for clarification on something. Are you stating as the > BIND maintainer around these parts that FreeBSD will never have BIND 9? No, that's not what I'm saying at all. Someone else already pointed out that I said "at this time" above. I plan to look at this issue again for 6-current, but right now, it's not a suitable choice, in my opinion. > > Correct, however historically the project has chosen what it wants to be > > "adventurous" about. Using the "tried and true" versions of things in > > src/contrib gives us more flexibility to be "adventurous" in the parts of > > the tree that are generated by the project. > > ISC claim BIND 9 to be the current release. Goody for ISC. :) Seriously though, I understand what the ISC web page says quite well. I also meet with Paul Vixie and folks from Nominum on a very regular basis. However, regardless of whatever purposes they may have for stating that 9.2.2 is "the current release," from a technology standpoint it's still not suitable for us to import, at this time. > 9.2.2 was released on March 3rd. I've been running it on one box here > since March 5th. I have no issues. It is stable. Please add, "in my environment" to each of the statements above. I use bind 9 too, and for certain things, it's great. I just don't think it's suitable for a general purpose replacement yet. > It *will* act as a drop-in replacement for BIND 8 if you wish, This is not accurate. There are some things that named in bind 8 can do that named in bind 9 won't (and won't ever). There is also the fact that output from dig and host are different, which can cause problems with scripts. For these reasons alone, we can't even consider MFC'ing bind 9 to RELENG_4, it's too big of a POLA violation. > except it's more secure, This has yet to be proven. As I state in point 1 on my web page, "BIND 8 has many orders of magnitude more hours of use in production, and hours of blackhats poking at it." So far, cracking BIND 9 has been a low-interest occupation since so many more sites are running old, vulnerable versions of BIND 8. > development is continuing on it, Development is continuing on BIND 8 as well, thus the 8.4.x branch, which includes IPv6 transport. > and in my experience, it performs better. Well at least you qualfied your statement this time. :) > I'm sure you have your reasons, I'm just not sure what they are. Ummm... then you haven't really been paying attention, since I posted the http://people.freebsd.org/~dougb/whybind8.html URL in my original post, and gave more details in my response to Brad. Hopefully this will further clarify things though. Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 17:48:45 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 043A237B401 for ; Fri, 6 Jun 2003 17:48:45 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BA6043FA3 for ; Fri, 6 Jun 2003 17:48:44 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (sccrmhc02) with SMTP id <2003060700484300200dn5mce>; Sat, 7 Jun 2003 00:48:43 +0000 Date: Fri, 6 Jun 2003 17:48:42 -0700 (PDT) From: Doug Barton To: freebsd-arch@FreeBSD.org In-Reply-To: <20030606161002.GC82589@dragon.nuxi.com> Message-ID: <20030606173304.T15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> <20030606161002.GC82589@dragon.nuxi.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Bill Moran Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 00:48:45 -0000 On Fri, 6 Jun 2003, David O'Brien wrote: > On Fri, Jun 06, 2003 at 10:28:06AM -0400, Bill Moran wrote: > > The "at this time" part of his response says to me that the current "mixed" > > status of 5 as -CURRENT as well as -RELEASE and the current effort to get > > 5 -STABLE is what's preventing the import of BIND 9. Once 5 is branched > > to a 6-CURRENT, I'm sure the possibility will open up to import BIND 9 > > again. At that time ... > > The problem is that means that all throughout the 5-STABLE branch (I'd > figure 2 years), we have BIND8 in the tree I don't think that's a valid conclusion. I have in mind at some point in the future to import bind 9 into 6-current, and I don't think it would be totally unreasonable to mfc it to 5-stable, assuming that the bind 9 code stabilizes early enough in the 5-stable lifecycle to justify this. > If we're going to forever stick with anchient versions of stuff in > src/contrib; BIND 8 isn't ancient.... it's still being actively developed, and bug fixes for urgent security issues are released in a timely manner. It's not the newest, shiniest toy, but in this case I think it's worthwhile to stick with the older, more reliable model. > we might as well kick BIND out and require the use of a port. I've seriously considered that. The problem is, out of the 3 parts of BIND, the named stuff is the only one we can seriously live without. We have: 1. named, and related stuff like named-xfer 2. resolver libraries 3. userland stuff, like dig, host, nslookup (gag), etc. Now we can definitely do without 1 in the base, and I'd love to make the library stuff more modular, but every time we start to talk about that, the discussion degenerates into people mumbling with glassy expressions on their faces. As for 3, I don't think we can seriously ship FreeBSD without basic dns diagnostic tools and still call it Unix-like. As I mentioned in my previous post, there is also the issue of the output formats for the userland stuff having changed dramatically in bind 9, which is going to cause problems for people who've scripted stuff using those tools. > I use FreeBSD because I want fresh userland software (when it is > ready, and surely by X.2.2 it is) David, come on. You of all people should know better than to base technology decisions on version numbers. :) Here is the problem, in more detail for those who don't follow BIND development. 9.2.2 has actually reached a certain level of maturity and stability. The problem is that with 9.3, they are starting from scratch on large portions of the codebase, especially those related to dnssec. Thus, if we import 9.2.2 now, we're going to be faced with a decision down the road of whether or not to import 9.3.0, and all those shiny new bugs. Virtually all of the vulnerabilities discovered in the 8.x codebase over the last several years have been related to just this area... dnssec and tsig. Therefore, I'm very much of the opinion that we should put off considering import of bind 9 until the 9.3.x branch, and then wait a version or two for the code to stabilize. This should coincide nicely with our timing for 6-current. > that is easily installable and upgradeable via 'make world'. Otherwise > I'd use NetBSD. So put 'NO_BIND' and 'PORT_REPLACES_BASE_BIND9' in /etc/make.conf, and you're done. :) In fact, I'd like to encourage all those who are promoting this change to do just that... I'd be interested in feedback from people on this too. Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 17:49:57 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E031637B401; Fri, 6 Jun 2003 17:49:56 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D13A43F3F; Fri, 6 Jun 2003 17:49:56 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (rwcrmhc51) with SMTP id <200306070049550510084o3re>; Sat, 7 Jun 2003 00:49:55 +0000 Date: Fri, 6 Jun 2003 17:49:55 -0700 (PDT) From: Doug Barton To: "Andrew P. Lentvorski, Jr." In-Reply-To: Message-ID: <20030606174848.R15459@znfgre.qbhto.arg> References: Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@FreeBSD.org cc: Bill Moran cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 00:49:57 -0000 On Fri, 6 Jun 2003, Andrew P. Lentvorski, Jr. wrote: > I seem to remember that part of the issue is that FreeBSD pulls in the > resolver libraries from BIND. Only indirectly. The resolver code actually hasn't been updated in a while, unfortunately. > I actually would like to see BIND completely excised from the base system. > However, every time I look at the amount of work required to break the > dependence between the resolver library and BIND, I generally realize that > there is something else I'd much rather be doing. ;) Yes, you have a lot of company in your "looking the other way'edness." :) -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 18:02:33 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5517537B401; Fri, 6 Jun 2003 18:02:33 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82B6043F3F; Fri, 6 Jun 2003 18:02:32 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (sccrmhc02) with SMTP id <2003060701023100200dmp18e>; Sat, 7 Jun 2003 01:02:31 +0000 Date: Fri, 6 Jun 2003 18:02:30 -0700 (PDT) From: Doug Barton To: Brad Knowles In-Reply-To: Message-ID: <20030606175012.M15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@FreeBSD.org cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 01:02:33 -0000 Wow.... you've so completely missed the point that I hesitate to respond to this, but I suppose I should try. On Fri, 6 Jun 2003, Brad Knowles wrote: > At 3:01 AM -0700 2003/06/06, Doug Barton wrote: > > > Regardless of whether I agree with the points you make here or not, the > > FreeBSD development model requires that what we import in -current, for > > the most part, be what we plan to eventually MFC. That factor alone > > eliminates the possibility of importing BIND 9 at this time. > > I'm sorry, plenty of things have been done in -CURRENT that could > not possibly be MFC'ed to -STABLE. Yes, once the leap to the next > version is done and the particular RELENG tree that used to be > -CURRENT becomes the new -STABLE, things would migrate down. > > Are you saying that the new SMP code could not have been done, > because it could not be MFC'ed to -STABLE? You've failed to grasp the distinction I made between "adventursome bits in contrib" vs. "adventursome bits in the rest of src/." Also, SMPng is a really good example of my point... it's a major API change IN FREEBSD CODE that definitely belongs in HEAD, for eventual -stable'ification of that branch. If we decide to do the same thing with BIND, it should be in the next major development branch. There is already enough excitement in what will be RELENG_5. > > Nothing I've had to say on this issue should be (or I think reasonably can > > be) interpreted as a flame. I've simply stated the reasons I think that > > BIND 9 isn't suitable for one particular purpose. > > In which case, I would submit that you should be more involved in > the development of BIND, A) My level of involvement in BIND development is none of your business. B) My level of involvement in BIND development is not even a little bit related to whether bind 9 is suitable to import into FreeBSD yet. You've confused the thing we're trying to prove, "Is bind 9 ready for freebsd?" with a premise in your own absurd logic, "Because bind 9 is the best thing ever, dougb should fix it so he can put it in freebsd." > IMO, if you want to claim that BIND 9 isn't suitable for > production use, then I believe you should be prepared to help change > that situation. Thank you for sharing. You're totally wrong, but I appreciate your feedback. You've also completely ignored the part of my post where I pointed out that everyone who wants what you're advocating (no bind 8 in the base, and/or having bind 9 in the base) can have it, right now, no waiting. The fact that it requires to extra, extremely painless configuration steps is, arguably, unfortunate, however I don't think it's too much to ask, at least in the near term. Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 19:40:36 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC2DC37B401; Fri, 6 Jun 2003 19:40:36 -0700 (PDT) Received: from vhost109.his.com (vhost109.his.com [216.194.225.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8588F43F93; Fri, 6 Jun 2003 19:40:35 -0700 (PDT) (envelope-from brad.knowles@skynet.be) Received: from [10.0.1.2] (localhost.his.com [127.0.0.1]) by vhost109.his.com (8.12.6p2/8.12.3) with ESMTP id h572eVtS018616; Fri, 6 Jun 2003 22:40:32 -0400 (EDT) (envelope-from brad.knowles@skynet.be) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20030606171720.H15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> <20030606171720.H15459@znfgre.qbhto.arg> Date: Sat, 7 Jun 2003 04:10:22 +0200 To: Doug Barton From: Brad Knowles Content-Type: text/plain; charset="us-ascii" ; format="flowed" cc: freebsd-current@FreeBSD.org cc: freebsd-arch@FreeBSD.org cc: Brad Knowles Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 02:40:37 -0000 At 5:31 PM -0700 2003/06/06, Doug Barton wrote: > On Fri, 6 Jun 2003, Paul Robinson wrote: >> let me just ask for clarification on something. Are you stating as the >> BIND maintainer around these parts that FreeBSD will never have BIND 9? > > No, that's not what I'm saying at all. Someone else already pointed out > that I said "at this time" above. I plan to look at this issue again for > 6-current, but right now, it's not a suitable choice, in my opinion. This is a rather different statement than you previously gave. I understand the current state of 5.x, and if you want to hold off on importing BIND 9 into the tree until after this has become the new -STABLE branch and a new -CURRENT branch has been created for 6.x, I don't have a problem with that. But this is not at all how I interpreted your previous statements -- they were much more of an absolute "It's not ready" nature, and had nothing to do with the situation that FreeBSD finds itself in at the moment with regards to the 5.x tree. > This is not accurate. There are some things that named in bind 8 can do > that named in bind 9 won't (and won't ever). There is also the fact that > output from dig and host are different, which can cause problems with > scripts. Yes, there are differences in the output of dig, etc.... Those are known. I've had to adapt scripts that I maintain which use these tools, and which are included in the BIND contrib/ directory. This is a done deal, and with respect to the ISC version of BIND, it's not going to change -- they've made the cutover, these changes have happened, people have adjusted their code, and it would be too painful to change it all back again. Unless you want to permanently fork off your own version of BIND where none of these things happen, you're just plain out of luck. > For these reasons alone, we can't even consider MFC'ing bind 9 to > RELENG_4, it's too big of a POLA violation. I did not ask for that. I would not have asked for that. I do want to see BIND 9 brought into the FreeBSD code base for -CURRENT. If now is not the right time to do that because of the transition underway, then I would not mind a relatively short delay while the FreeBSD project makes the necessary changes so that it can import BIND 9. However, IMO these issues have more to do with the status of -CURRENT at the moment than it does with BIND 9. > Development is continuing on BIND 8 as well, thus the 8.4.x branch, which > includes IPv6 transport. Very limited development. All primary development is being done for BIND 9, and occasionally things are back-ported. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 19:40:43 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8983C37B401; Fri, 6 Jun 2003 19:40:43 -0700 (PDT) Received: from vhost109.his.com (vhost109.his.com [216.194.225.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AE1A43F75; Fri, 6 Jun 2003 19:40:40 -0700 (PDT) (envelope-from brad.knowles@skynet.be) Received: from [10.0.1.2] (localhost.his.com [127.0.0.1]) by vhost109.his.com (8.12.6p2/8.12.3) with ESMTP id h572eVtU018616; Fri, 6 Jun 2003 22:40:38 -0400 (EDT) (envelope-from brad.knowles@skynet.be) Mime-Version: 1.0 X-Sender: bs663385@pop.skynet.be Message-Id: In-Reply-To: <20030606175012.M15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606175012.M15459@znfgre.qbhto.arg> Date: Sat, 7 Jun 2003 04:20:45 +0200 To: Doug Barton From: Brad Knowles Content-Type: text/plain; charset="us-ascii" ; format="flowed" cc: Brad Knowles cc: freebsd-current@FreeBSD.org cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 02:40:44 -0000 At 6:02 PM -0700 2003/06/06, Doug Barton wrote: > You've failed to grasp the distinction I made between "adventursome bits > in contrib" vs. "adventursome bits in the rest of src/." Also, SMPng is a > really good example of my point... it's a major API change IN FREEBSD CODE > that definitely belongs in HEAD, for eventual -stable'ification of that > branch. If we decide to do the same thing with BIND, it should be in the > next major development branch. There is already enough excitement in what > will be RELENG_5. IMO, that's okay. However, I find this to be a rather different statement than you made on the website, and that you have previously stated within this thread. If you care to update the website to reflect this new position, I would be happy to let this thread drop. See my other message for more. > A) My level of involvement in BIND development is none of your business. > B) My level of involvement in BIND development is not even a little bit > related to whether bind 9 is suitable to import into FreeBSD yet. You've > confused the thing we're trying to prove, "Is bind 9 ready for freebsd?" > with a premise in your own absurd logic, "Because bind 9 is the best thing > ever, dougb should fix it so he can put it in freebsd." You're the maintainer of the BIND code within FreeBSD. You should be feeding changes back to the ISC based on your work, to make FreeBSD a better home for BIND and BIND a better client for FreeBSD. If you're not doing that, then, IMO, you're not doing your job. In that case, perhaps it would be better if we got someone from the ISC to take over, in somewhat the same way that we have Gregory Neil Shapiro supporting sendmail within FreeBSD. > You've also completely ignored the part of my post where I pointed out > that everyone who wants what you're advocating (no bind 8 in the base, > and/or having bind 9 in the base) can have it, right now, no waiting. The > fact that it requires to extra, extremely painless configuration steps is, > arguably, unfortunate, however I don't think it's too much to ask, at > least in the near term. For me, this subject has nothing to do with what people are capable of doing, if they so choose. At issue is what is the default software installed out-of-the-box. As I said above, if you want to hold off on importing BIND 9 until after the looming CURRENT/STABLE transition, I have no problems with that. However, I would like to see you update the web page you previously mentioned. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 21:46:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD2F437B401; Fri, 6 Jun 2003 21:46:21 -0700 (PDT) Received: from smtp3.server.rpi.edu (smtp3.server.rpi.edu [128.113.2.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id E65C443F93; Fri, 6 Jun 2003 21:46:20 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp3.server.rpi.edu (8.12.9/8.12.9) with ESMTP id h574kHiJ001058; Sat, 7 Jun 2003 00:46:17 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20030606.132404.126768734.imp@bsdimp.com> References: <20030606175954.GQ65470@perrin.int.nxad.com> <3EE0DBEC.F32AF559@pipeline.ch> <200306061829.h56IT59c048678@bmah.dyndns.org> <20030606.132404.126768734.imp@bsdimp.com> Date: Sat, 7 Jun 2003 00:46:16 -0400 To: "M. Warner Losh" , bmah@freebsd.org From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.28 cc: seanc@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 04:46:22 -0000 At 1:24 PM -0600 6/6/03, M. Warner Losh wrote: >In message: <200306061829.h56IT59c048678@bmah.dyndns.org> > "Bruce A. Mah" writes: >: If memory serves me right, Andre Oppermann wrote: >: >: > -CURRENT and 5.1R remove BIND8 from contrib. User >: > will have to install from ports whatever pleases >: > him/her (bind8.3, bind8.4, bind9, djbdns, maradns, ...). >: > >: > -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware >: > if you wish). >: >: It is way too late to make changes of this sort for >: 5.1-RELEASE. > >s/of this sort/of any sort/g > >Warner I would like to suggest that it is too late for any more particularly disruptive changes in 5.x. We'll soon have 5.1-release out the door, and I think we should really concentrate on having the 6.0-current branch happen after 5.2-release is done. We can not keep adding "just one more major change", or 5.x will never become freebsd-stable. It would be pretty painful if we come to 5.2-release, and find that we can't make the 6.0 branch until after 5.3. I would rather live with bind8 in 5.x-stable, than delay the 6.0 branch another four or five months. If we were to make this change, we first have to take the time to implement it, and then we would have to "let it sit" for at least a month or two before we would be comfortable calling it "stable" for the wide variety of users that we have. The benefit is not worth the delay, IMO. I think the project needs to avoid introducing any more disruptive changes in this branch. Just my 2 cents... -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 23:03:31 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C32437B401; Fri, 6 Jun 2003 23:03:31 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 063A443F75; Fri, 6 Jun 2003 23:03:31 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (rwcrmhc51) with SMTP id <200306070603300510084i27e>; Sat, 7 Jun 2003 06:03:30 +0000 Date: Fri, 6 Jun 2003 23:03:29 -0700 (PDT) From: Doug Barton To: Brad Knowles In-Reply-To: Message-ID: <20030606230108.U15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-current@FreeBSD.org cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 06:03:31 -0000 On Sat, 7 Jun 2003, Brad Knowles wrote: > This is a rather different statement than you previously gave. I've been extremely consistent in saying that I'm talking about the right thing to do _now_. I purposely tried to avoid confusing the issue with detailed plans for the future, however now that I know how much interest there is in this topic, I'll give more information to start with. > But this is not at all how I interpreted your previous statements I can't be responsible for your perceptions. -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 23:25:25 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D55C37B401; Fri, 6 Jun 2003 23:25:25 -0700 (PDT) Received: from HAL9000.homeunix.com (ip114.bella-vista.sfo.interquest.net [66.199.86.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2E3243FB1; Fri, 6 Jun 2003 23:25:24 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.9/8.12.9) with ESMTP id h576PE8W061182; Fri, 6 Jun 2003 23:25:14 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.9/8.12.9/Submit) id h576PD5T061181; Fri, 6 Jun 2003 23:25:13 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Date: Fri, 6 Jun 2003 23:25:13 -0700 From: David Schultz To: "Bruce A. Mah" Message-ID: <20030607062513.GA61094@HAL9000.homeunix.com> Mail-Followup-To: "Bruce A. Mah" , Sean Chittenden , "M. Warner Losh" , freebsd-arch@freebsd.org References: <20030606175954.GQ65470@perrin.int.nxad.com> <3EE0DBEC.F32AF559@pipeline.ch> <200306061829.h56IT59c048678@bmah.dyndns.org> <20030606.132404.126768734.imp@bsdimp.com> <20030606192946.GR65470@perrin.int.nxad.com> <20030606205222.GA49614@intruder.bmah.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606205222.GA49614@intruder.bmah.org> cc: "M. Warner Losh" cc: freebsd-arch@FreeBSD.ORG Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 06:25:25 -0000 On Fri, Jun 06, 2003, Bruce A. Mah wrote: > If memory serves me right, Sean Chittenden wrote: > > > : > -CURRENT and 5.1R remove BIND8 from contrib. User will have to > > > : > install from ports whatever pleases him/her (bind8.3, bind8.4, bind9, > > > : > djbdns, maradns, ...). > > > : > > > > : > -CURRENT and 5.1R import BIND9 Resolver (IPv6 aware if you wish). > > > : > > > : It is way too late to make changes of this sort for 5.1-RELEASE. > > > > > > s/of this sort/of any sort/g > > Not quite true. We have delayed releases for security vulnerabilities > before. But I digress. It had better be a digression... From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 23:33:41 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A99A737B401; Fri, 6 Jun 2003 23:33:41 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BFC943F3F; Fri, 6 Jun 2003 23:33:41 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (rwcrmhc52) with SMTP id <2003060706334005200mudhte>; Sat, 7 Jun 2003 06:33:41 +0000 Date: Fri, 6 Jun 2003 23:33:40 -0700 (PDT) From: Doug Barton To: Sean Chittenden In-Reply-To: <20030606175954.GQ65470@perrin.int.nxad.com> Message-ID: <20030606231209.F15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 06:33:41 -0000 On Fri, 6 Jun 2003, Sean Chittenden wrote: > Ummm... I hate to beg the question, Hey, I like to hear begging... wait, wrong list, sorry. > but why have a nameserver in the default installation? All we need is > the client resolver libraries and basic CLI programs. Using DHCP or > HTTP as examples: we don't need dhcpd in the base, just dhclient, and > with HTTP, we don't need apache in our base, but we do have/need fetch. As I've said, I have a great deal of sympathy with this position. But before we could consider it, we'd have to give it thorough testing. I'm particularly nervous about the libraries and headers. Has anyone actually run a system without any BIND bits installed? Particularly a desktop system, which compiles stuff from ports. If we can get enough consensus, and most importantly, people to test it, I'd be very interested in the idea of removing BIND from 6-Current altogether, with the exception of whatever libs/headers are deemed essential, and the userland binaries dig and host. Since I can already hear the whining about not having nslookup, we should probably include that too, although I'd dearly love to nuke it. Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 23:38:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28CA037B401 for ; Fri, 6 Jun 2003 23:38:21 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id B470643F3F for ; Fri, 6 Jun 2003 23:38:20 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (rwcrmhc52) with SMTP id <2003060706382005200mtpqve>; Sat, 7 Jun 2003 06:38:20 +0000 Date: Fri, 6 Jun 2003 23:38:19 -0700 (PDT) From: Doug Barton To: Matthew Dillon In-Reply-To: <200306061726.h56HQUiw026473@apollo.backplane.com> Message-ID: <20030606233358.Y15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <200306061726.h56HQUiw026473@apollo.backplane.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 06:38:21 -0000 On Fri, 6 Jun 2003, Matthew Dillon wrote: > There are two issues with a changeover to bind-9. First, the bind-9 > port does not properly install the new encrypted command/management > system (the equivalent to ndc in bind-8), Can you elaborate on this? What does the port do wrong, or what should it do differently? Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Fri Jun 6 23:44:50 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B0D737B401; Fri, 6 Jun 2003 23:44:50 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC07043FAF; Fri, 6 Jun 2003 23:44:49 -0700 (PDT) (envelope-from sean@nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id 30F7F20F00; Fri, 6 Jun 2003 23:44:49 -0700 (PDT) Date: Fri, 6 Jun 2003 23:44:49 -0700 From: Sean Chittenden To: Doug Barton Message-ID: <20030607064449.GW65470@perrin.int.nxad.com> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> <20030606231209.F15459@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606231209.F15459@znfgre.qbhto.arg> X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ User-Agent: Mutt/1.5.4i cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 06:44:50 -0000 > > but why have a nameserver in the default installation? All we > > need is the client resolver libraries and basic CLI programs. > > Using DHCP or HTTP as examples: we don't need dhcpd in the base, > > just dhclient, and with HTTP, we don't need apache in our base, > > but we do have/need fetch. > > As I've said, I have a great deal of sympathy with this > position. But before we could consider it, we'd have to give it > thorough testing. I'm particularly nervous about the libraries and > headers. Been running NO_BIND=YES for two years on servers and desktops alike with zero problems. Now, I haven't checked to see what NO_BIND really does, but I've had it defined for what feels like eons and had no problems thus far. > Has anyone actually run a system without any BIND bits installed? > Particularly a desktop system, which compiles stuff from ports. *waves hand* I think we could enlist bento here to validate the theory of being able to nuke name server bits and confirm the above position. The only thing that I do worry about is ports like net/openreg that depend on bind headers and such to build. Removing bind from the base installation may turn up a few ports that require bits like these, but they should properly depend on bind9 as a BUILD_DEPENDS anyway, but I digress... > If we can get enough consensus, and most importantly, people to test > it, I'd be very interested in the idea of removing BIND from > 6-Current altogether, with the exception of whatever libs/headers > are deemed essential, and the userland binaries dig and host. Since > I can already hear the whining about not having nslookup, we should > probably include that too, although I'd dearly love to nuke it. :( You had me going for this until I saw you jump to 6-current. Can we first conclude that removing the server bits and leaving the client libs/bins would be a good idea? At that point, then we can determine if it'd be a good when to make such a decision. 6 isn't but a twinkle in folks' eyes at this point so I just assume keep the discussion centered around what's practical. -sc -- Sean Chittenden From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 00:13:02 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD9FB37B401; Sat, 7 Jun 2003 00:13:02 -0700 (PDT) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id E62B943F75; Sat, 7 Jun 2003 00:13:01 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (sccrmhc01) with SMTP id <2003060707130000100567s9e>; Sat, 7 Jun 2003 07:13:01 +0000 Date: Sat, 7 Jun 2003 00:13:00 -0700 (PDT) From: Doug Barton To: Sean Chittenden In-Reply-To: <20030607064449.GW65470@perrin.int.nxad.com> Message-ID: <20030606235658.X15459@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> <20030607064449.GW65470@perrin.int.nxad.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 07:13:03 -0000 On Fri, 6 Jun 2003, Sean Chittenden wrote: > Been running NO_BIND=YES for two years on servers and desktops alike > with zero problems. Have you actually _removed_ all the stuff that was installed originally? Minimally, we're talking about deleting /usr/include before installworld, and cleaning out /usr/lib, and /usr/[s]bin after. > Now, I haven't checked to see what NO_BIND really does, Heh... that's encouraging. :) > > Has anyone actually run a system without any BIND bits installed? > > Particularly a desktop system, which compiles stuff from ports. > > *waves hand* I think we could enlist bento here to validate the theory > of being able to nuke name server bits and confirm the above position. Yes of course... we'd have to test that, and a bunch of other stuff before we could seriously consider this. > :( You had me going for this until I saw you jump to 6-current. I've had numerous posts (most of which have already been posted here), asking not to stir the 5.x pot any more than it already is. I have to respect that. If we can get a solid minimal configuration in 6-current then we can consider bringing it back to 5-stable, perhaps by making NO_BIND the default. I would vigorously oppose any movement to twiddle RELENG_4. > Can we first conclude that removing the server bits and leaving the > client libs/bins would be a good idea? Like I said, I'm very interested in this idea, and if you can divorce it from the timing, that's cool, but we've already seen how intense people get about this issue, so I want to be sure that people know what I'm thinking. The other thing I'd really like to do for 6-current is to split the resolver stuff out of libc. I think that would be the ideal time for such a radical change, but I'm sure there are probably lots of people more qualified to comment on this issue than I. Please keep in mind that for those who really want to adopt the no bind concept, the make.conf option is already available. Doug -- This .signature sanitized for your protection From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 02:09:17 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 536B837B401; Sat, 7 Jun 2003 02:09:17 -0700 (PDT) Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1F2143FA3; Sat, 7 Jun 2003 02:09:16 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1]) by dragon.nuxi.com (8.12.9/8.12.9) with ESMTP id h57991Vm074793; Sat, 7 Jun 2003 02:09:01 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.12.9/8.12.9/Submit) id h57991qa074792; Sat, 7 Jun 2003 02:09:01 -0700 (PDT) Date: Sat, 7 Jun 2003 02:09:00 -0700 From: "David O'Brien" To: Doug Barton Message-ID: <20030607090900.GA74648@dragon.nuxi.com> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606133644.GB49662@iconoplex.co.uk> <20030606161002.GC82589@dragon.nuxi.com> <20030606173304.T15459@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606173304.T15459@znfgre.qbhto.arg> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 5.1-BETA Organization: The NUXI BSD Group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 cc: Bill Moran cc: freebsd-arch@FreeBSD.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-arch@FreeBSD.org List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 09:09:17 -0000 On Fri, Jun 06, 2003 at 05:48:42PM -0700, Doug Barton wrote: > > that is easily installable and upgradeable via 'make world'. Otherwise > > I'd use NetBSD. > > So put 'NO_BIND' and 'PORT_REPLACES_BASE_BIND9' in /etc/make.conf, and > you're done. :) In fact, I'd like to encourage all those who are promoting > this change to do just that... I'd be interested in feedback from people > on this too. Unforunately there is no easy way to include the rebuilding of a set of ports with 'make world' so you always have a consistent world. :-( -- -- David (obrien@FreeBSD.org) From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 03:32:15 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E1F337B401 for ; Sat, 7 Jun 2003 03:32:15 -0700 (PDT) Received: from smtp1.netcologne.de (smtp1.netcologne.de [194.8.194.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5BB043F93 for ; Sat, 7 Jun 2003 03:32:12 -0700 (PDT) (envelope-from tmseck-usenet@netcologne.de) Received: from laurel.tmseck.homedns.org (xdsl-213-168-110-124.netcologne.de [213.168.110.124]) by smtp1.netcologne.de (Postfix) with SMTP id 0745C389C8 for ; Sat, 7 Jun 2003 12:32:10 +0200 (MEST) Received: (qmail 9895 invoked by uid 1001); 7 Jun 2003 10:32:19 -0000 Date: 7 Jun 2003 10:32:19 -0000 Message-ID: <20030607103219.9894.qmail@laurel.tmseck.homedns.org> From: tmseck-lists@netcologne.de (Thomas Seck) To: freebsd-arch@freebsd.org Organization: private site In-Reply-To: <20030606231209.F15459@znfgre.qbhto.arg> X-Newsgroups: gmane.os.freebsd.architechture X-Attribution: tms Mail-Copies-To: nobody Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 10:32:15 -0000 * Doug Barton (DougB@freebsd.org): > As I've said, I have a great deal of sympathy with this position. But > before we could consider it, we'd have to give it thorough testing. I'm > particularly nervous about the libraries and headers. > > Has anyone actually run a system without any BIND bits installed? > Particularly a desktop system, which compiles stuff from ports. I use Bernstein's DNS server and client programs on my systems. I do a normal install, chmod 0 all BIND-related server and client programs and use NO_BIND from then on. This works for me but -- as you already mentioned -- things probably break in interesting ways for third party scripts that rely on the presence of dig or nslookup and a particular output format. > If we can get enough consensus, and most importantly, people to test it, > I'd be very interested in the idea of removing BIND from 6-Current > altogether, with the exception of whatever libs/headers are deemed > essential, and the userland binaries dig and host. Since I can already > hear the whining about not having nslookup, we should probably include > that too, although I'd dearly love to nuke it. I am all for it and would participate in testing. --Thomas From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 04:08:21 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 300F237B40D; Sat, 7 Jun 2003 04:08:21 -0700 (PDT) Received: from shrike.submonkey.net (pc1-cdif2-5-cust38.cdif.cable.ntl.com [81.101.150.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3555F43F85; Sat, 7 Jun 2003 04:08:20 -0700 (PDT) (envelope-from setantae@submonkey.net) Received: from setantae by shrike.submonkey.net with local (Exim 4.20) id 19ObYY-0000Zf-S3; Sat, 07 Jun 2003 12:08:18 +0100 Date: Sat, 7 Jun 2003 12:08:18 +0100 From: Ceri Davies To: Doug Barton Message-ID: <20030607110818.GA1895@submonkey.net> Mail-Followup-To: Ceri Davies , Doug Barton , Sean Chittenden , freebsd-arch@freebsd.org References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606175954.GQ65470@perrin.int.nxad.com> <20030606231209.F15459@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606231209.F15459@znfgre.qbhto.arg> User-Agent: Mutt/1.5.4i Sender: Ceri Davies cc: Sean Chittenden cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 11:08:21 -0000 On Fri, Jun 06, 2003 at 11:33:40PM -0700, Doug Barton wrote: > If we can get enough consensus, and most importantly, people to test it, > I'd be very interested in the idea of removing BIND from 6-Current > altogether, with the exception of whatever libs/headers are deemed > essential, and the userland binaries dig and host. Since I can already > hear the whining about not having nslookup, we should probably include > that too, although I'd dearly love to nuke it. I'd say nuke nslookup as well if this route gets taken. It doesn't exist in the BIND9 world anyway, so at best including it would only delay the whining. Ceri -- From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 11:05:53 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2BDD37B40E; Sat, 7 Jun 2003 11:05:53 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13C6F43FA3; Sat, 7 Jun 2003 11:05:53 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h57I5qVI036170; Sat, 7 Jun 2003 11:05:52 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h57I5q6Y036169; Sat, 7 Jun 2003 11:05:52 -0700 (PDT) Date: Sat, 7 Jun 2003 11:05:52 -0700 (PDT) From: Matthew Dillon Message-Id: <200306071805.h57I5q6Y036169@apollo.backplane.com> To: Doug Barton References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606233358.Y15459@znfgre.qbhto.arg> cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 18:05:54 -0000 : :On Fri, 6 Jun 2003, Matthew Dillon wrote: : :> There are two issues with a changeover to bind-9. First, the bind-9 :> port does not properly install the new encrypted command/management :> system (the equivalent to ndc in bind-8), : :Can you elaborate on this? What does the port do wrong, or what should it :do differently? : :Doug If you install the bind9 port, and try to run rndc, you get this: apollo:/home/dillon# rndc reload rndc: neither /usr/local/etc/rndc.conf nor /usr/local/etc/rndc.key was found To make rndc work properly you have rename rndc.conf.sample to rndc.conf, and you have to read the rndc.conf manual page to generate a new secret key since the one in rndc.conf.sample is simply copied out of the distribution and not actually secure (which is really a bad idea, even for a sample file). This is regardless of the fact that it's stupid to even require a secret key for a local control program, but we can't do anything about that :-). Additionally, the rndc.conf.sample file is globally readable by default, and most sysops are likely to install an rndc.conf file that is also globally readable by default... a real bad idea. Additionally, the rndc-confgen program does not even appear to work, at least not on my system. If I run 'rndc-confgen -a' it just stays stuck in a select() somewhere and does nothing. All of these operations should be performed by the port installation process. There is no need to force the sysop to copy and cleanup the rndc.conf file if the file did not previously exist on the machine, and certainly no need to force the sysop to generate a random key just to make rndc work. -Matt Matthew Dillon From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 11:27:15 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DEE437B401; Sat, 7 Jun 2003 11:27:15 -0700 (PDT) Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C83D343FB1; Sat, 7 Jun 2003 11:27:10 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h57IR9VI036685; Sat, 7 Jun 2003 11:27:10 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.9/8.12.6/Submit) id h57IR9ik036684; Sat, 7 Jun 2003 11:27:09 -0700 (PDT) Date: Sat, 7 Jun 2003 11:27:09 -0700 (PDT) From: Matthew Dillon Message-Id: <200306071827.h57IR9ik036684@apollo.backplane.com> To: Doug Barton References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606233358.Y15459@znfgre.qbhto.arg> cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 18:27:15 -0000 Oh, plus the controls statement and include line has to be added to named.conf to install the key in named (I'm doing this from scratch again since the first time was a long time ago). I had forgotten how much of a bitch it was to make rndc work. Sometimes I want to throttle Paul Vixie for making such a mess of things that ought to just work by default. -Matt Matthew Dillon From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 13:31:22 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC06B37B401; Sat, 7 Jun 2003 13:31:22 -0700 (PDT) Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00BAA43F93; Sat, 7 Jun 2003 13:31:20 -0700 (PDT) (envelope-from netch@lucky.net) Received: from netch@localhost [127.0.0.1] (netch@localhost [127.0.0.1]) by burka.carrier.kiev.ua with ESMTP id h57KVDY2024211; Sat, 7 Jun 2003 23:31:14 +0300 (EEST) (envelope-from netch@burka.carrier.kiev.ua) Received: (from netch@localhost) by burka.carrier.kiev.ua (8.12.8p1/8.12.8/Submit) id h57KVBCk024208; Sat, 7 Jun 2003 23:31:11 +0300 (EEST) (envelope-from netch) Date: Sat, 7 Jun 2003 23:31:11 +0300 From: Valentin Nechayev To: Doug Barton Message-ID: <20030607203111.GN83663@lucky.net> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030606024813.Y5414@znfgre.qbhto.arg> X-42: On X-Verify-Sender: verified cc: Brad Knowles cc: freebsd-current@freebsd.org cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: netch@lucky.net List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 20:31:23 -0000 Fri, Jun 06, 2003 at 03:01:02, DougB wrote about "Re: Way forward with BIND 8": > >> FYI, for those wondering why I'm not considering BIND 9 for import, please > >> see http://people.freebsd.org/~dougb/whybind8.html Among other things: standard resolver is waaay(tm) old. Even keeping with BIND8, it is old. At least, it isn't thread-safe; this is too ugly for 5.*. Unlike IRS code (gethostby*()), its upgrading to thread safe version is conceptually easy. I've created and successfully tested patch to upgrade it to 8.3.4 version, losing only res_*update() and RES_INSECURE*; it was very simple, and a person more informed in its specifics including KAME hacks can do it better. (ftp://segfault.kiev.ua/pub/freebsd/newresolv for someone wanting to see it. I should repeast that this attempt may be too lame and forgetting some principal moments, but it was successfully tested on real load for a long time.) -netch- From owner-freebsd-arch@FreeBSD.ORG Sat Jun 7 15:51:07 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 219E737B401 for ; Sat, 7 Jun 2003 15:51:07 -0700 (PDT) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99AAF43FE1 for ; Sat, 7 Jun 2003 15:51:04 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.dougb.net (12-234-22-23.client.attbi.com[12.234.22.23]) by attbi.com (rwcrmhc51) with SMTP id <200306072251030510085qo8e>; Sat, 7 Jun 2003 22:51:03 +0000 Date: Sat, 7 Jun 2003 15:51:03 -0700 (PDT) From: Doug Barton To: Matthew Dillon In-Reply-To: <200306071805.h57I5q6Y036169@apollo.backplane.com> Message-ID: <20030607150857.S81111@znfgre.qbhto.arg> References: <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606233358.Y15459@znfgre.qbhto.arg> <200306071805.h57I5q6Y036169@apollo.backplane.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-arch@freebsd.org Subject: Re: Way forward with BIND 8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2003 22:51:07 -0000 On Sat, 7 Jun 2003, Matthew Dillon wrote: > If you install the bind9 port, and try to run rndc, you get this: > > apollo:/home/dillon# rndc reload > rndc: neither /usr/local/etc/rndc.conf nor /usr/local/etc/rndc.key was found > > To make rndc work properly you have rename rndc.conf.sample torndc.conf, > and you have to read the rndc.conf manual page to generate a new secret key That's one way to do it, the other way to do it is to run rndc-confgen -a as you described below. This is actually a better solution, since this handles configuration, a new secret key, and proper file permissions all in one. As for not doing any of this by default, we don't install a named.conf file by default either. There is a lot of stuff the sysadmin has to do in order to get named working, this is just one of them. > since the one in rndc.conf.sample is simply copied out of the distribution > and not actually secure (which is really a bad idea, even for a sample > file). This is regardless of the fact that it's stupid to even require > a secret key for a local control program, but we can't do anything about > that :-). Well, rndc can be configured for remote control too. Since by default it's configured locally though, I decided that the easiest way to deal with it would just be to copy the sample file. However, based on your feedback here, I just added a pkg-message that gives some information about this topic. > Additionally, the rndc-confgen program does not even appear to work, > at least not on my system. If I run 'rndc-confgen -a' it just stays > stuck in a select() somewhere and does nothing. http://people.freebsd.org/~dougb/randomness.html :) Thanks for the feedback, Doug -- This .signature sanitized for your protection