Date: Thu, 11 Jul 2002 18:37:08 +0300 From: Peter Pentchev <roam@ringlet.net> To: Gareth Hopkins <gareth@za.uu.net> Cc: freebsd-security@freebsd.org Subject: Re: Not installing openssh Message-ID: <20020711153708.GF25321@straylight.oblivion.bg> In-Reply-To: <20020711170957.U318-100000@gabba.so.cpt1.za.uu.net> References: <20020711170957.U318-100000@gabba.so.cpt1.za.uu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--M/SuVGWktc5uNpra Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 11, 2002 at 05:14:00PM +0200, Gareth Hopkins wrote: > Hi >=20 > Is there a way of not compiling openssh when installing FreeBSD. > I want to run the ssh that is in /usr/ports/security/ssh as I cannot get > openssh to work with Kerberos 5. >=20 > I have set NO_OPENSSH and NO_OPENSSL to true and have made world > but ssh* is still in /usr/bin and sshd is still in /usr/local/sbin >=20 > Do I need to manually remove these? In a word, yes. There is a way to get a FreeBSD system where OpenSSH and OpenSSL are never installed in the first place: make a custom release, and either use LOCAL_PATCHES to modify the src/etc/make.conf file, so it contains NO_OPENSSH=3Dyes and NO_OPENSSL=3Dyes, or use WORLD_FLAGS containing NO_OPENSSH=3Dyes and NO_OPENSSL=3Dyes. However, if you do not want to go to the trouble of building a release (it is not all that hard, really - especially if you set NODOC=3Dyes and NOPORTS=3Dyes, so only the FreeBSD base system is built), and you want to remove most traces of an installation after an installworld, something like the following may help (all on one line): # find /bin /sbin /usr/bin /usr/sbin /usr/libexec -type f \! -newer /kernel= \! -name 'ld-elf.so*' | xargs ls -lt | less This is assuming that your kernel was installed immediately before the beginning of the installworld stage, as things are supposed to work (at least that's the way I always do it, 'make buildworld buildkernel', then 'sudo make installkernel installworld'). After that, pick and choose from the displayed list of files to remove. If you find out that ALL the listed files are indeed obsolete, re-run the 'find' command, adding -delete *at the end* (after the 'ld-elf.so*' part). If you find that all but several of the files are obsolete, again, re-run the 'find' command, adding more \! -name 'foo' options, and tacking a -delete at the end. Wish I could say it was that simple with /usr/lib, /usr/include, and /usr/share; however, it is not. Most of the files there are way older than your last build/install date, since most of them are put in place using install(1)'s -C option - compare the files and only overwrite them if they have changed. You can fix that by setting 'INSTALL=3Dinstall' in your /etc/make.conf file before the next installworld; this will override the default value of 'install -C', and cause all files to be overwritten with ones with a current timestamp. Hope this helps. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am not the subject of this sentence. --M/SuVGWktc5uNpra Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9LaYk7Ri2jRYZRVMRAhMbAJ0WmmuYm3tM1XILBBrR0GkjkgOABACcCwtE b4Smj80wDTk8gxT5wYS3J+Y= =THEe -----END PGP SIGNATURE----- --M/SuVGWktc5uNpra-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020711153708.GF25321>